[PATCH 0/2] httpd: Update to 2.4.58. [security fixes]

  • Done
  • quality assurance status badge
Details
2 participants
  • Efraim Flashner
  • Bruno Victal
Owner
unassigned
Submitted by
Bruno Victal
Severity
normal
B
B
Bruno Victal wrote on 19 Oct 2023 16:53
(address . guix-patches@gnu.org)(name . Bruno Victal)(address . mirai@makinata.eu)
cover.1697727127.git.mirai@makinata.eu
Tested with `make check-system TESTS=httpd'.

Bruno Victal (2):
gnu: httpd: Rewrite using G-Expressions.
gnu: httpd: Update to 2.4.58. [security fixes]

gnu/packages/web.scm | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)


base-commit: c065da01ff956d3c2bdfc45a33d910e509a211d9
--
2.41.0
B
B
Bruno Victal wrote on 19 Oct 2023 16:55
[PATCH 2/2] gnu: httpd: Update to 2.4.58. [security fixes]
(address . 66641@debbugs.gnu.org)(name . Bruno Victal)(address . mirai@makinata.eu)
13299eec47ad5ab3589db5be22bd5599f325d5dd.1697727127.git.mirai@makinata.eu
Includes fixes for CVE-2023-45802, CVE-2023-43622 and CVE-2023-31122.

References:

* gnu/packages/web.scm (httpd): Update to 2.4.58.
---
gnu/packages/web.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 95a4d75261..e6bd7d0fed 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -278,14 +278,14 @@ (define-public qhttp
(define-public httpd
(package
(name "httpd")
- (version "2.4.57")
+ (version "2.4.58")
(source (origin
(method url-fetch)
(uri (string-append "mirror://apache/httpd/httpd-"
version ".tar.bz2"))
(sha256
(base32
- "0ajdz5f2w9nbmqydip2mv9m4xlnc4swmw7mqzgnrbq4mxr5bik6v"))))
+ "1id45r2ccgkbjm9i998997ch32lvicpyynyx8x6aa4420wmdf5ps"))))
(build-system gnu-build-system)
(native-inputs (list `(,pcre "bin"))) ;for 'pcre-config'
(inputs (list apr apr-util openssl perl)) ; needed to run bin/apxs
--
2.41.0
B
B
Bruno Victal wrote on 19 Oct 2023 16:55
[PATCH 1/2] gnu: httpd: Rewrite using G-Expressions.
(address . 66641@debbugs.gnu.org)(name . Bruno Victal)(address . mirai@makinata.eu)
bc07ad64af7a7f2291a8932c22fbdc748e386d87.1697727127.git.mirai@makinata.eu
* gnu/packages/web.scm (httpd): Rewrite using G-Expressions.
---
gnu/packages/web.scm | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)

Toggle diff (32 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index b46286c690..95a4d75261 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -290,15 +290,16 @@ (define-public httpd
(native-inputs (list `(,pcre "bin"))) ;for 'pcre-config'
(inputs (list apr apr-util openssl perl)) ; needed to run bin/apxs
(arguments
- `(#:test-target "test"
- #:configure-flags (list "--enable-rewrite"
- "--enable-userdir"
- "--enable-vhost-alias"
- "--enable-ssl"
- "--enable-mime-magic"
- (string-append "--sysconfdir="
- (assoc-ref %outputs "out")
- "/etc/httpd"))))
+ (list
+ #:test-target "test"
+ #:configure-flags #~(list "--enable-rewrite"
+ "--enable-userdir"
+ "--enable-vhost-alias"
+ "--enable-ssl"
+ "--enable-mime-magic"
+ (string-append "--sysconfdir="
+ #$output
+ "/etc/httpd"))))
(synopsis "Featureful HTTP server")
(description
"The Apache HTTP Server Project is a collaborative software development
--
2.41.0
B
B
Bruno Victal wrote on 19 Oct 2023 17:50
control-msg
(address . control@debbugs.gnu.org)
87il72has7.fsf@makinata.eu
tags 66641 + security
quit

--
Thanks,
Bruno.
E
E
Efraim Flashner wrote on 24 Oct 2023 14:01
Re: [bug#66641] [PATCH 0/2] httpd: Update to 2.4.58. [security fixes]
(name . Bruno Victal)(address . mirai@makinata.eu)(address . 66641-done@debbugs.gnu.org)
ZTeyABc7LyW6miq1@3900XT
On Thu, Oct 19, 2023 at 03:53:20PM +0100, Bruno Victal wrote:
Toggle quote (5 lines)
> Tested with `make check-system TESTS=httpd'.
>
> Bruno Victal (2):
> gnu: httpd: Rewrite using G-Expressions.

I wasn't able to push this commit, it changed the derivation of
httpd/pinned which isn't something we want.

Toggle quote (2 lines)
> gnu: httpd: Update to 2.4.58. [security fixes]

This I pushed. Thanks!

Toggle quote (12 lines)
> gnu/packages/web.scm | 23 ++++++++++++-----------
> 1 file changed, 12 insertions(+), 11 deletions(-)
>
>
> base-commit: c065da01ff956d3c2bdfc45a33d910e509a211d9
> --
> 2.41.0
>
>
>
>

--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmU3sgAACgkQQarn3Mo9
g1GV7hAAgSufKdGxFcyQoHmumscHb+8TrDTaI1wClYIBmtftDbTAlMdcYnHeYJiX
7+dgo+V1tHZdX2hBM6wwfUnhfEq0X6nPg6k1NT5omibUHisT4vwu4kFwp++s14mS
V9CDj41tOUUGKfdPY9RMgKBlcyFZ9UTslMD8apwNEtBD989FzGVrpjwalUQ72L/C
nimcwHMgO9hcwBGfTLmZ5v9iz7kQpxdKg+LqOn4qjRRZcRihjcEOUe+vwHVi+6iR
j0hVYmaf47EmmdDHJptJmF2bO9KWzGfYE0WWyHeyONZyRykYIrnIq0UXw2p5xkeB
yzrYfwEvW0aK6c4vLUa2WXSmhkScHRU+3XVbkFKVHVqEv5W6+diJrJULACDHT/Y5
VZ13U7iea3iCpLjDJMu1KOsmxclPCRFV35E6bATIn/eQbwvRkMMLimF8/tnCMSZA
uGAl0xs3JdEZSNxdrmVcCGypgj5MnZN471liJyyC7HJQTUMKMtakUci5SxBuIzwS
x7kdj+JU81JE0MymegmPu35LpbEr0l1XZxZQ8sJ2c+sv/UK6GejGSw/RFRshEbRL
4Zlnv/9wvVnmkE5eTMKB+AHgS00KGtD6G9KbUQhxhc9kJDOVVZSIwAqZ/p4r/GLk
A32j/mmP84+L02hNu3HZo+AEOA8LLAFZnG22HBO0y3y85XG5ZA0=
=5JjP
-----END PGP SIGNATURE-----


Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 66641@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 66641
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch