[PATCH 0/2] httpd: Update to 2.4.58. [security fixes]

  • Done
  • quality assurance status badge
Details
2 participants
  • Efraim Flashner
  • Bruno Victal
Owner
unassigned
Submitted by
Bruno Victal
Severity
normal
B
B
Bruno Victal wrote on 19 Oct 2023 16:53
(address . guix-patches@gnu.org)(name . Bruno Victal)(address . mirai@makinata.eu)
cover.1697727127.git.mirai@makinata.eu
Tested with `make check-system TESTS=httpd'.

Bruno Victal (2):
gnu: httpd: Rewrite using G-Expressions.
gnu: httpd: Update to 2.4.58. [security fixes]

gnu/packages/web.scm | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)


base-commit: c065da01ff956d3c2bdfc45a33d910e509a211d9
--
2.41.0
B
B
Bruno Victal wrote on 19 Oct 2023 16:55
[PATCH 2/2] gnu: httpd: Update to 2.4.58. [security fixes]
(address . 66641@debbugs.gnu.org)(name . Bruno Victal)(address . mirai@makinata.eu)
13299eec47ad5ab3589db5be22bd5599f325d5dd.1697727127.git.mirai@makinata.eu
Includes fixes for CVE-2023-45802, CVE-2023-43622 and CVE-2023-31122.

References:

* gnu/packages/web.scm (httpd): Update to 2.4.58.
---
gnu/packages/web.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 95a4d75261..e6bd7d0fed 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -278,14 +278,14 @@ (define-public qhttp
(define-public httpd
(package
(name "httpd")
- (version "2.4.57")
+ (version "2.4.58")
(source (origin
(method url-fetch)
(uri (string-append "mirror://apache/httpd/httpd-"
version ".tar.bz2"))
(sha256
(base32
- "0ajdz5f2w9nbmqydip2mv9m4xlnc4swmw7mqzgnrbq4mxr5bik6v"))))
+ "1id45r2ccgkbjm9i998997ch32lvicpyynyx8x6aa4420wmdf5ps"))))
(build-system gnu-build-system)
(native-inputs (list `(,pcre "bin"))) ;for 'pcre-config'
(inputs (list apr apr-util openssl perl)) ; needed to run bin/apxs
--
2.41.0
B
B
Bruno Victal wrote on 19 Oct 2023 16:55
[PATCH 1/2] gnu: httpd: Rewrite using G-Expressions.
(address . 66641@debbugs.gnu.org)(name . Bruno Victal)(address . mirai@makinata.eu)
bc07ad64af7a7f2291a8932c22fbdc748e386d87.1697727127.git.mirai@makinata.eu
* gnu/packages/web.scm (httpd): Rewrite using G-Expressions.
---
gnu/packages/web.scm | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)

Toggle diff (32 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index b46286c690..95a4d75261 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -290,15 +290,16 @@ (define-public httpd
(native-inputs (list `(,pcre "bin"))) ;for 'pcre-config'
(inputs (list apr apr-util openssl perl)) ; needed to run bin/apxs
(arguments
- `(#:test-target "test"
- #:configure-flags (list "--enable-rewrite"
- "--enable-userdir"
- "--enable-vhost-alias"
- "--enable-ssl"
- "--enable-mime-magic"
- (string-append "--sysconfdir="
- (assoc-ref %outputs "out")
- "/etc/httpd"))))
+ (list
+ #:test-target "test"
+ #:configure-flags #~(list "--enable-rewrite"
+ "--enable-userdir"
+ "--enable-vhost-alias"
+ "--enable-ssl"
+ "--enable-mime-magic"
+ (string-append "--sysconfdir="
+ #$output
+ "/etc/httpd"))))
(synopsis "Featureful HTTP server")
(description
"The Apache HTTP Server Project is a collaborative software development
--
2.41.0
B
B
Bruno Victal wrote on 19 Oct 2023 17:50
control-msg
(address . control@debbugs.gnu.org)
87il72has7.fsf@makinata.eu
tags 66641 + security
quit

--
Thanks,
Bruno.
E
E
Efraim Flashner wrote on 24 Oct 2023 14:01
Re: [bug#66641] [PATCH 0/2] httpd: Update to 2.4.58. [security fixes]
(name . Bruno Victal)(address . mirai@makinata.eu)(address . 66641-done@debbugs.gnu.org)
ZTeyABc7LyW6miq1@3900XT
On Thu, Oct 19, 2023 at 03:53:20PM +0100, Bruno Victal wrote:
Toggle quote (5 lines)
> Tested with `make check-system TESTS=httpd'.
>
> Bruno Victal (2):
> gnu: httpd: Rewrite using G-Expressions.

I wasn't able to push this commit, it changed the derivation of
httpd/pinned which isn't something we want.

Toggle quote (2 lines)
> gnu: httpd: Update to 2.4.58. [security fixes]

This I pushed. Thanks!

Toggle quote (12 lines)
> gnu/packages/web.scm | 23 ++++++++++++-----------
> 1 file changed, 12 insertions(+), 11 deletions(-)
>
>
> base-commit: c065da01ff956d3c2bdfc45a33d910e509a211d9
> --
> 2.41.0
>
>
>
>

--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmU3sgAACgkQQarn3Mo9
g1GV7hAAgSufKdGxFcyQoHmumscHb+8TrDTaI1wClYIBmtftDbTAlMdcYnHeYJiX
7+dgo+V1tHZdX2hBM6wwfUnhfEq0X6nPg6k1NT5omibUHisT4vwu4kFwp++s14mS
V9CDj41tOUUGKfdPY9RMgKBlcyFZ9UTslMD8apwNEtBD989FzGVrpjwalUQ72L/C
nimcwHMgO9hcwBGfTLmZ5v9iz7kQpxdKg+LqOn4qjRRZcRihjcEOUe+vwHVi+6iR
j0hVYmaf47EmmdDHJptJmF2bO9KWzGfYE0WWyHeyONZyRykYIrnIq0UXw2p5xkeB
yzrYfwEvW0aK6c4vLUa2WXSmhkScHRU+3XVbkFKVHVqEv5W6+diJrJULACDHT/Y5
VZ13U7iea3iCpLjDJMu1KOsmxclPCRFV35E6bATIn/eQbwvRkMMLimF8/tnCMSZA
uGAl0xs3JdEZSNxdrmVcCGypgj5MnZN471liJyyC7HJQTUMKMtakUci5SxBuIzwS
x7kdj+JU81JE0MymegmPu35LpbEr0l1XZxZQ8sJ2c+sv/UK6GejGSw/RFRshEbRL
4Zlnv/9wvVnmkE5eTMKB+AHgS00KGtD6G9KbUQhxhc9kJDOVVZSIwAqZ/p4r/GLk
A32j/mmP84+L02hNu3HZo+AEOA8LLAFZnG22HBO0y3y85XG5ZA0=
=5JjP
-----END PGP SIGNATURE-----


Closed
?