GNU bug report logs -
#66641
[PATCH 0/2] httpd: Update to 2.4.58. [security fixes]
Previous Next
Reported by: Bruno Victal <mirai <at> makinata.eu>
Date: Thu, 19 Oct 2023 14:55:02 UTC
Severity: normal
Tags: patch, security
Done: Efraim Flashner <efraim <at> flashner.co.il>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 66641 in the body.
You can then email your comments to 66641 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#66641; Package
guix-patches.
(Thu, 19 Oct 2023 14:55:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Bruno Victal <mirai <at> makinata.eu>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Thu, 19 Oct 2023 14:55:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Tested with `make check-system TESTS=httpd'.
Bruno Victal (2):
gnu: httpd: Rewrite using G-Expressions.
gnu: httpd: Update to 2.4.58. [security fixes]
gnu/packages/web.scm | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)
base-commit: c065da01ff956d3c2bdfc45a33d910e509a211d9
--
2.41.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#66641; Package
guix-patches.
(Thu, 19 Oct 2023 14:57:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 66641 <at> debbugs.gnu.org (full text, mbox):
Includes fixes for CVE-2023-45802, CVE-2023-43622 and CVE-2023-31122.
References:
* <https://dlcdn.apache.org/httpd/CHANGES_2.4.58>
* gnu/packages/web.scm (httpd): Update to 2.4.58.
---
gnu/packages/web.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 95a4d75261..e6bd7d0fed 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -278,14 +278,14 @@ (define-public qhttp
(define-public httpd
(package
(name "httpd")
- (version "2.4.57")
+ (version "2.4.58")
(source (origin
(method url-fetch)
(uri (string-append "mirror://apache/httpd/httpd-"
version ".tar.bz2"))
(sha256
(base32
- "0ajdz5f2w9nbmqydip2mv9m4xlnc4swmw7mqzgnrbq4mxr5bik6v"))))
+ "1id45r2ccgkbjm9i998997ch32lvicpyynyx8x6aa4420wmdf5ps"))))
(build-system gnu-build-system)
(native-inputs (list `(,pcre "bin"))) ;for 'pcre-config'
(inputs (list apr apr-util openssl perl)) ; needed to run bin/apxs
--
2.41.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#66641; Package
guix-patches.
(Thu, 19 Oct 2023 14:57:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 66641 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/web.scm (httpd): Rewrite using G-Expressions.
---
gnu/packages/web.scm | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index b46286c690..95a4d75261 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -290,15 +290,16 @@ (define-public httpd
(native-inputs (list `(,pcre "bin"))) ;for 'pcre-config'
(inputs (list apr apr-util openssl perl)) ; needed to run bin/apxs
(arguments
- `(#:test-target "test"
- #:configure-flags (list "--enable-rewrite"
- "--enable-userdir"
- "--enable-vhost-alias"
- "--enable-ssl"
- "--enable-mime-magic"
- (string-append "--sysconfdir="
- (assoc-ref %outputs "out")
- "/etc/httpd"))))
+ (list
+ #:test-target "test"
+ #:configure-flags #~(list "--enable-rewrite"
+ "--enable-userdir"
+ "--enable-vhost-alias"
+ "--enable-ssl"
+ "--enable-mime-magic"
+ (string-append "--sysconfdir="
+ #$output
+ "/etc/httpd"))))
(synopsis "Featureful HTTP server")
(description
"The Apache HTTP Server Project is a collaborative software development
--
2.41.0
Added tag(s) security.
Request was from
Bruno Victal <mirai <at> makinata.eu>
to
control <at> debbugs.gnu.org.
(Thu, 19 Oct 2023 15:51:02 GMT)
Full text and
rfc822 format available.
Reply sent
to
Efraim Flashner <efraim <at> flashner.co.il>:
You have taken responsibility.
(Tue, 24 Oct 2023 12:02:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Bruno Victal <mirai <at> makinata.eu>:
bug acknowledged by developer.
(Tue, 24 Oct 2023 12:02:02 GMT)
Full text and
rfc822 format available.
Message #18 received at 66641-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Thu, Oct 19, 2023 at 03:53:20PM +0100, Bruno Victal wrote:
> Tested with `make check-system TESTS=httpd'.
>
> Bruno Victal (2):
> gnu: httpd: Rewrite using G-Expressions.
I wasn't able to push this commit, it changed the derivation of
httpd/pinned which isn't something we want.
> gnu: httpd: Update to 2.4.58. [security fixes]
This I pushed. Thanks!
> gnu/packages/web.scm | 23 ++++++++++++-----------
> 1 file changed, 12 insertions(+), 11 deletions(-)
>
>
> base-commit: c065da01ff956d3c2bdfc45a33d910e509a211d9
> --
> 2.41.0
>
>
>
>
--
Efraim Flashner <efraim <at> flashner.co.il> רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 21 Nov 2023 12:24:12 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 290 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.