UPDATE: www/apache-httpd

Bugfix update to 2.4.57 follows, this is a bugfix release. Comments ? Cheers Giovanni Index: Makefile === RCS file: /cvs/ports/www/apache-httpd/Makefile,v retrieving revision 1.121 diff -u -p -r1.121 Makefile --- Makefile7

7.2 update: www/apache-httpd

Hi, update to Apache httpd 2.4.56 for OpenBSD 7.2 follows. Fixes CVE-2023-27522 and CVE-2023-25690. ok ? Cheers Giovanni Index: Makefile === RCS file: /cvs/ports/www/apache-httpd/Makefile,v retrieving revision 1.118.2.1 diff

Re: UPDATE: www/apache-httpd

On Wed, Jan 18, 2023 at 09:12:41AM +0100, Giovanni Bechis wrote: > Hi, > update to 2.4.55, fixes CVE-2022-37436, CVE-2022-36760 and > CVE-2006-20001. > ok for current and 7.2 ? > Cheers >Giovanni > second diff with a mod_http2 fix added. Cheers Giovanni Index: Makefile

UPDATE: www/apache-httpd

Hi, update to 2.4.55, fixes CVE-2022-37436, CVE-2022-36760 and CVE-2006-20001. ok for current and 7.2 ? Cheers Giovanni Index: Makefile === RCS file: /cvs/ports/www/apache-httpd/Makefile,v retrieving revision 1.119 diff -u -p

[UPDATE] www/apache-httpd - enable mod_authnz_fcgi

Hello, since 2.4.10 Apache HTTPD provides module authnz_fcgi which allows to create own authentication scripts. Documentation is already installed with www/apache-www, however module requires to be explicitly enabled. Tested with OpenBSD 6.5. Index: Makefile

Re: update www/apache-httpd

On 3/25/19 9:27 AM, Solene Rapenne wrote: > This updates to latest version released 22 january. > > Changelog: https://www.apache.org/dist/httpd/CHANGES_2.4.38 > > apache works fine but I did not test it extensively. > works fine, tested with mod_perl and php. ok giovanni@ Cheers Giovanni >

update www/apache-httpd

This updates to latest version released 22 january. Changelog: https://www.apache.org/dist/httpd/CHANGES_2.4.38 apache works fine but I did not test it extensively. Index: Makefile === RCS file:

Re: [update] www/apache-httpd

I did make package and started one time. On Sun, 15 Jul 2018 at 12:55, Marc Espie wrote: > > On Sun, Jul 15, 2018 at 11:17:36AM +0100, David CARLIER wrote: > > Hi, > > > > Here a proposal to update to the last version. > > Comes with one less libressl related patch. > > > > Regards. > > There are

Re: [update] www/apache-httpd

On Sun, Jul 15, 2018 at 11:17:36AM +0100, David CARLIER wrote: > Hi, > > Here a proposal to update to the last version. > Comes with one less libressl related patch. > > Regards. There are more than 65 direct consumers of apache-httpd. I haven't even looked at indirect consumers. Did you test

[update] www/apache-httpd

Hi, Here a proposal to update to the last version. Comes with one less libressl related patch. Regards. www-apache-httpd.diff Description: Binary data

UPDATE: www/apache-httpd

Would any apache-httpd users like to test this? Index: Makefile === RCS file: /cvs/ports/www/apache-httpd/Makefile,v retrieving revision 1.88 diff -u -p -r1.88 Makefile --- Makefile14 Feb 2018 16:06:54 - 1.88 +++

Re: update www/apache-httpd 2.4.29

ping ? :-) On 23 November 2017 at 08:33, Stuart Henderson wrote: > On 2017/11/23 08:43, Giovanni Bechis wrote: > > On Wed, Nov 22, 2017 at 07:24:08PM +, David CARLIER wrote: > > > On 22 November 2017 at 16:28, Giovanni Bechis > wrote: > > > > > > >

Re: update www/apache-httpd 2.4.29

On 2017/11/23 08:43, Giovanni Bechis wrote: > On Wed, Nov 22, 2017 at 07:24:08PM +, David CARLIER wrote: > > On 22 November 2017 at 16:28, Giovanni Bechis wrote: > > > > > On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote: > > > > Hi, > > > > > > > > here a

Re: update www/apache-httpd 2.4.29

On Wed, Nov 22, 2017 at 07:24:08PM +, David CARLIER wrote: > On 22 November 2017 at 16:28, Giovanni Bechis wrote: > > > On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote: > > > Hi, > > > > > > here a proposal to update to 2.4.29, removing some patches

Re: update www/apache-httpd 2.4.29

On 22 November 2017 at 16:28, Giovanni Bechis wrote: > On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote: > > Hi, > > > > here a proposal to update to 2.4.29, removing some patches LIBRESSL's > > related pushed upstream in the process. > > > not all of them has

Re: update www/apache-httpd 2.4.29

On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote: > Hi, > > here a proposal to update to 2.4.29, removing some patches LIBRESSL's > related pushed upstream in the process. > not all of them has been pushed, ad least mod_ssl.c is missing one, I haven't looked at all patches yet. >

Re: update www/apache-httpd 2.4.29

ping :-) On 4 November 2017 at 09:13, David CARLIER wrote: > Hi, > > here a proposal to update to 2.4.29, removing some patches LIBRESSL's > related pushed upstream in the process. > > Hope it is good. > > Kind regards. >

update www/apache-httpd 2.4.29

Hi, here a proposal to update to 2.4.29, removing some patches LIBRESSL's related pushed upstream in the process. Hope it is good. Kind regards. Index: Makefile === RCS file: /cvs/ports/www/apache-httpd/Makefile,v retrieving

Re: UPDATE www/apache-httpd

Hi On 13 July 2017 at 15:25, Stuart Henderson wrote: > On 2017/06/24 16:29, David CARLIER wrote: > > Oops I forgot the patch. > > > > On 24 June 2017 at 16:21, Stuart Henderson wrote: > > > > > On 2017/06/24 15:54, David CARLIER wrote: > > > > Hi, >

Re: UPDATE www/apache-httpd

Hi, In my side I have "only" the two first missing symbols which I m fixing. odd for the other three ... I m running current. On 13 July 2017 at 15:25, Stuart Henderson wrote: > On 2017/06/24 16:29, David CARLIER wrote: > > Oops I forgot the patch. > > > > On 24 June 2017

Re: UPDATE www/apache-httpd

On 2017/06/24 16:29, David CARLIER wrote: > Oops I forgot the patch. > > On 24 June 2017 at 16:21, Stuart Henderson wrote: > > > On 2017/06/24 15:54, David CARLIER wrote: > > > Hi, > > > > > > Here a diff for apache-httpd to address these CVE > > > CVE-2017-3167

Re: UPDATE www/apache-httpd

Oops I forgot the patch. On 24 June 2017 at 16:21, Stuart Henderson wrote: > On 2017/06/24 15:54, David CARLIER wrote: > > Hi, > > > > Here a diff for apache-httpd to address these CVE > > CVE-2017-3167 cvename.cgi?name=CVE-2017-3167> > >

Re: UPDATE www/apache-httpd

On 2017/06/24 15:54, David CARLIER wrote: > Hi, > > Here a diff for apache-httpd to address these CVE > CVE-2017-3167 > CVE-2017-3169 > CVE-2017-7659

UPDATE www/apache-httpd

Hi, Here a diff for apache-httpd to address these CVE CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668

UPDATE: www/apache-httpd

Update to 2.4.17, and provide modules.sample / modules directories for use with a pending diff for PHP to install the conf fragment in the right place (as already done for apache-httpd-openbsd). Amongst other changes, this adds http2 support. Working for me here (only lightly tested though)...

update: www/apache-httpd

This update fixes several vulnerabilities. It also contains a fix for mod_dav which unbreaks non-ASCII characters with Subversion. http://www.apache.org/dist/httpd/CHANGES_2.2.29 ok? Index: Makefile === RCS file:

update: www/apache-httpd 2.2.27

This updates apache-httpd to the latest 2.2 release. Changelog: http://mirrors.sonic.net/apache//httpd/CHANGES_2.2.27 There's a Subversion-related fix in there (CVE-2013-6438). Some documentation files were renamed. This change doesn't seem to be mentioned in the changelog. ok? Index: Makefile

Re: update: www/apache-httpd-2.2.25

On 07/12/13 03:36, Stefan Sperling wrote: Maintenance update of the Apache HTTPD 2 port to version 2.2.25. Fixes CVE-2013-1896, a DoS attack which affects Subversion servers. Full changelog: http://www.apache.org/dist/httpd/CHANGES_2.2.25 ok? Plist updated, with this one ok giovanni@

update: www/apache-httpd-2.2.25

Maintenance update of the Apache HTTPD 2 port to version 2.2.25. Fixes CVE-2013-1896, a DoS attack which affects Subversion servers. Full changelog: http://www.apache.org/dist/httpd/CHANGES_2.2.25 ok? Index: Makefile === RCS file:

Update www/apache-httpd to 2.2.20

Hi, the following diff updates www/apache-httpd to version 2.2.20 released couple days ago. Foremost this version includes a security fix for CVE-2011-3192. url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 comments and tests more than welcome. felix Index: Makefile

Re: Update www/apache-httpd to 2.2.20

On Thu, Sep 01, 2011 at 09:38:23 +0200, Felix Kronlage wrote: Hi, the following diff updates www/apache-httpd to version 2.2.20 [...] http://marc.info/?l=openbsd-portsm=131478580411769w=2 Daniel -- LÉVAI Dániel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B

Re: Update www/apache-httpd to 2.2.20

On Thu, 1 Sep 2011, Felix Kronlage wrote: Hi, the following diff updates www/apache-httpd to version 2.2.20 released couple days ago. Foremost this version includes a security fix for CVE-2011-3192. url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 comments and tests more

Re: Update www/apache-httpd to 2.2.20

On Thu, Sep 01, 2011 at 09:50:03AM +0200, Antoine Jacoutot wrote: comments and tests more than welcome. Didn't giovanni@ send a similar update yesterday? that what I get for not reading my mail backlog ;) sorry for the noise. felix signature.asc Description: Digital signature

UPDATE: www/apache-httpd

Update to latest version, fixes CVE-2011-3192, ok ? Cheers Giovanni Index: Makefile === RCS file: /cvs/ports/www/apache-httpd/Makefile,v retrieving revision 1.27 diff -u -p -r1.27 Makefile --- Makefile12 Feb 2011 21:05:38 -

Update www/apache-httpd 2.2.18

Attached is an update for apache 2.2.18. http://www.apache.org/dist/httpd/CHANGES_2.2.18 Ian McWilliam www_apache_2.2.18.diff Description: Binary data

UPDATE: www/apache-httpd 2.2.15

Security update for Apache 2.2 http://www.apache.org/dist/httpd/CHANGES_2.2.15 *) SECURITY: CVE-2009-3555 (cve.mitre.org) mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection attack when compiled against OpenSSL version 0.9.8m or later. Introduces the

UPDATE: www/apache-httpd

Hi, just out of boredom and after a discussion on silc I made this update for www/apache-httpd to version 2.2.9 It built fine on amd64 here. Hope I got the patch updates right. Perhaps someone wants to test it. It fixes http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364

Re: UPDATE: www/apache-httpd

On Wed, Jun 25, 2008 at 12:41:10PM +0200, Simon Kuhnle wrote: Hi, just out of boredom and after a discussion on silc I made this update for www/apache-httpd to version 2.2.9 It built fine on amd64 here. Hope I got the patch updates right. Perhaps someone wants to test it. It fixes