From e0375de323e06c97669ffcca2033f414e460c413 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Thu, 4 Apr 2024 20:49:23 +0000
Subject: Thu Apr  4 20:49:23 UTC 2024

a/hwdata-0.381-noarch-1.txz:  Upgraded.
a/kernel-generic-6.6.25-x86_64-1.txz:  Upgraded.
a/kernel-huge-6.6.25-x86_64-1.txz:  Upgraded.
a/kernel-modules-6.6.25-x86_64-1.txz:  Upgraded.
d/cmake-3.29.1-x86_64-1.txz:  Upgraded.
d/kernel-headers-6.6.25-x86-1.txz:  Upgraded.
d/llvm-18.1.3-x86_64-1.txz:  Upgraded.
k/kernel-source-6.6.25-noarch-1.txz:  Upgraded.
kde/kstars-3.7.0-x86_64-1.txz:  Upgraded.
l/enchant-2.6.9-x86_64-1.txz:  Upgraded.
l/libclc-18.1.3-x86_64-1.txz:  Upgraded.
l/sof-firmware-2024.03-noarch-1.txz:  Upgraded.
n/gnutls-3.8.5-x86_64-1.txz:  Upgraded.
n/httpd-2.4.59-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  HTTP/2 DoS by memory exhaustion on endless continuation frames.
  HTTP Response Splitting in multiple modules.
  HTTP response splitting.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.59
    https://www.cve.org/CVERecord?id=CVE-2024-27316
    https://www.cve.org/CVERecord?id=CVE-2024-24795
    https://www.cve.org/CVERecord?id=CVE-2023-38709
  (* Security fix *)
n/nghttp2-1.61.0-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
  frames even after a stream is reset to keep HPACK context in sync. This
  causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
  this vulnerability by limiting the number of CONTINUATION frames it can
  accept after a HEADERS frame.
  For more information, see:
    https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
    https://www.kb.cert.org/vuls/id/421644
    https://www.cve.org/CVERecord?id=CVE-2024-28182
  (* Security fix *)
x/xdg-desktop-portal-1.18.3-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
---
 source/n/httpd/httpd-2.4.58-r1914013.patch | 14 --------------
 source/n/httpd/httpd.SlackBuild            |  3 ---
 source/n/httpd/httpd.url                   |  4 ++--
 3 files changed, 2 insertions(+), 19 deletions(-)
 delete mode 100644 source/n/httpd/httpd-2.4.58-r1914013.patch

(limited to 'source/n/httpd')

diff --git a/source/n/httpd/httpd-2.4.58-r1914013.patch b/source/n/httpd/httpd-2.4.58-r1914013.patch
deleted file mode 100644
index f9e078632..000000000
--- a/source/n/httpd/httpd-2.4.58-r1914013.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-# ./pullrev.sh 1914013
-http://svn.apache.org/viewvc?view=revision&revision=1914013
-
---- httpd-2.4.58/modules/filters/mod_xml2enc.c
-+++ httpd-2.4.58/modules/filters/mod_xml2enc.c
-@@ -209,7 +209,7 @@
-   
-     /* to sniff, first we look for BOM */
-     if (ctx->xml2enc == XML_CHAR_ENCODING_NONE) {
--        ctx->xml2enc = xmlDetectCharEncoding((const xmlChar*)ctx->buf,
-+        ctx->xml2enc = xmlDetectCharEncoding((const unsigned char*)ctx->buf,
-                                              ctx->bytes); 
-         if (HAVE_ENCODING(ctx->xml2enc)) {
-             ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01432)
diff --git a/source/n/httpd/httpd.SlackBuild b/source/n/httpd/httpd.SlackBuild
index 904450cfb..ccd121e91 100755
--- a/source/n/httpd/httpd.SlackBuild
+++ b/source/n/httpd/httpd.SlackBuild
@@ -114,9 +114,6 @@ sed -i -e "s#lib/httpd#lib${LIBDIRSUFFIX}/httpd#" config.layout
 # Just use /var/run rather than /var/run/httpd.
 sed -i -e "s#/run/httpd#/run#" config.layout
 
-# Fix FTBFS with recent libxml2:
-cat $CWD/httpd-2.4.58-r1914013.patch | patch -p1 --verbose || exit 1
-
 # Configure:
 CFLAGS="$SLKCFLAGS" \
 CXXFLAGS="$SLKCFLAGS" \
diff --git a/source/n/httpd/httpd.url b/source/n/httpd/httpd.url
index fdbabad99..c60672025 100644
--- a/source/n/httpd/httpd.url
+++ b/source/n/httpd/httpd.url
@@ -1,2 +1,2 @@
-http://www.apache.org/dist/httpd/httpd-2.4.58.tar.bz2
-http://www.apache.org/dist/httpd/httpd-2.4.58.tar.bz2.asc
+http://www.apache.org/dist/httpd/httpd-2.4.59.tar.bz2
+http://www.apache.org/dist/httpd/httpd-2.4.59.tar.bz2.asc
-- 
cgit v1.2.3