GNU bug report logs

#66641 [PATCH 0/2] httpd: Update to 2.4.58. [security fixes]

PackageSource(s)Maintainer(s)
guix-patches PTS Buildd Popcon
Reply or subscribe to this bug. View this bug as an mbox, status mbox, or maintainer mbox

Report forwarded to guix-patches@gnu.org:
bug#66641; Package guix-patches. (Thu, 19 Oct 2023 14:55:02 GMT) (full text, mbox, link).

Acknowledgement sent to Bruno Victal <mirai@makinata.eu>:
New bug report received and forwarded. Copy sent to guix-patches@gnu.org. (Thu, 19 Oct 2023 14:55:02 GMT) (full text, mbox, link).

Message #5 received at submit@debbugs.gnu.org (full text, mbox, reply):

From: Bruno Victal <mirai@makinata.eu>
To: guix-patches@gnu.org
Cc: Bruno Victal <mirai@makinata.eu>
Subject: [PATCH 0/2] httpd: Update to 2.4.58. [security fixes]
Date: Thu, 19 Oct 2023 15:53:20 +0100
Tested with `make check-system TESTS=httpd'.

Bruno Victal (2):
  gnu: httpd: Rewrite using G-Expressions.
  gnu: httpd: Update to 2.4.58. [security fixes]

 gnu/packages/web.scm | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)


base-commit: c065da01ff956d3c2bdfc45a33d910e509a211d9
-- 
2.41.0

Information forwarded to guix-patches@gnu.org:
bug#66641; Package guix-patches. (Thu, 19 Oct 2023 14:57:02 GMT) (full text, mbox, link).

Message #8 received at 66641@debbugs.gnu.org (full text, mbox, reply):

From: Bruno Victal <mirai@makinata.eu>
To: 66641@debbugs.gnu.org
Cc: Bruno Victal <mirai@makinata.eu>
Subject: [PATCH 2/2] gnu: httpd: Update to 2.4.58. [security fixes]
Date: Thu, 19 Oct 2023 15:55:31 +0100
Includes fixes for CVE-2023-45802, CVE-2023-43622 and CVE-2023-31122.

References:
  * <https://dlcdn.apache.org/httpd/CHANGES_2.4.58>

* gnu/packages/web.scm (httpd): Update to 2.4.58.
---
 gnu/packages/web.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 95a4d75261..e6bd7d0fed 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -278,14 +278,14 @@ (define-public qhttp
 (define-public httpd
   (package
     (name "httpd")
-    (version "2.4.57")
+    (version "2.4.58")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://apache/httpd/httpd-"
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "0ajdz5f2w9nbmqydip2mv9m4xlnc4swmw7mqzgnrbq4mxr5bik6v"))))
+               "1id45r2ccgkbjm9i998997ch32lvicpyynyx8x6aa4420wmdf5ps"))))
     (build-system gnu-build-system)
     (native-inputs (list `(,pcre "bin")))       ;for 'pcre-config'
     (inputs (list apr apr-util openssl perl)) ; needed to run bin/apxs
-- 
2.41.0

Information forwarded to guix-patches@gnu.org:
bug#66641; Package guix-patches. (Thu, 19 Oct 2023 14:57:02 GMT) (full text, mbox, link).

Message #11 received at 66641@debbugs.gnu.org (full text, mbox, reply):

From: Bruno Victal <mirai@makinata.eu>
To: 66641@debbugs.gnu.org
Cc: Bruno Victal <mirai@makinata.eu>
Subject: [PATCH 1/2] gnu: httpd: Rewrite using G-Expressions.
Date: Thu, 19 Oct 2023 15:55:30 +0100
* gnu/packages/web.scm (httpd): Rewrite using G-Expressions.
---
 gnu/packages/web.scm | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index b46286c690..95a4d75261 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -290,15 +290,16 @@ (define-public httpd
     (native-inputs (list `(,pcre "bin")))       ;for 'pcre-config'
     (inputs (list apr apr-util openssl perl)) ; needed to run bin/apxs
     (arguments
-     `(#:test-target "test"
-       #:configure-flags (list "--enable-rewrite"
-                               "--enable-userdir"
-                               "--enable-vhost-alias"
-                               "--enable-ssl"
-                               "--enable-mime-magic"
-                               (string-append "--sysconfdir="
-                                              (assoc-ref %outputs "out")
-                                              "/etc/httpd"))))
+     (list
+      #:test-target "test"
+      #:configure-flags #~(list "--enable-rewrite"
+                                "--enable-userdir"
+                                "--enable-vhost-alias"
+                                "--enable-ssl"
+                                "--enable-mime-magic"
+                                (string-append "--sysconfdir="
+                                               #$output
+                                               "/etc/httpd"))))
     (synopsis "Featureful HTTP server")
     (description
      "The Apache HTTP Server Project is a collaborative software development
-- 
2.41.0

Added tag(s) security. Request was from Bruno Victal <mirai@makinata.eu> to control@debbugs.gnu.org. (Thu, 19 Oct 2023 15:51:02 GMT) (full text, mbox, link).

Reply sent to Efraim Flashner <efraim@flashner.co.il>:
You have taken responsibility. (Tue, 24 Oct 2023 12:02:02 GMT) (full text, mbox, link).

Notification sent to Bruno Victal <mirai@makinata.eu>:
bug acknowledged by developer. (Tue, 24 Oct 2023 12:02:02 GMT) (full text, mbox, link).

Message #18 received at 66641-done@debbugs.gnu.org (full text, mbox, reply):

From: Efraim Flashner <efraim@flashner.co.il>
To: Bruno Victal <mirai@makinata.eu>
Cc: 66641-done@debbugs.gnu.org
Subject: Re: [bug#66641] [PATCH 0/2] httpd: Update to 2.4.58. [security fixes]
Date: Tue, 24 Oct 2023 15:01:04 +0300
[Message part 1 (text/plain, inline)]
On Thu, Oct 19, 2023 at 03:53:20PM +0100, Bruno Victal wrote:
> Tested with `make check-system TESTS=httpd'.
> 
> Bruno Victal (2):
>   gnu: httpd: Rewrite using G-Expressions.

I wasn't able to push this commit, it changed the derivation of
httpd/pinned which isn't something we want.

>   gnu: httpd: Update to 2.4.58. [security fixes]

This I pushed. Thanks!

>  gnu/packages/web.scm | 23 ++++++++++++-----------
>  1 file changed, 12 insertions(+), 11 deletions(-)
> 
> 
> base-commit: c065da01ff956d3c2bdfc45a33d910e509a211d9
> -- 
> 2.41.0
> 
> 
> 
> 

-- 
Efraim Flashner   <efraim@flashner.co.il>   רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[signature.asc (application/pgp-signature, inline)]

bug archived. Request was from Debbugs Internal Request <help-debbugs@gnu.org> to internal_control@debbugs.gnu.org. (Tue, 21 Nov 2023 12:24:12 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Mon Dec 30 16:31:59 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.