Path to this page:
Subject: CVS commit: pkgsrc/www/apache24
From: Adam Ciarcinski
Date: 2015-02-02 15:45:51
Message id: 20150202144551.3A7B198@cvs.netbsd.org
Log Message:
Changes 2.4.12:
* CVE-2014-3583 mod_proxy_fcgi: Fix a potential crash due to buffer over-read, \
with response headers' size above 8K.
* CVE-2014-3581 mod_cache: Avoid a crash when Content-Type has an empty value. \
PR 56924.
* CVE-2014-8109 mod_lua: Fix handling of the Require line when a \
LuaAuthzProvider is used in multiple Require directives with different \
arguments.
* CVE-2013-5704 core: HTTP trailers could be used to replace HTTP headers late \
during request processing, potentially undoing or otherwise confusing modules \
that examined or modified request headers earlier. Adds \
"MergeTrailers" directive to restore legacy behavior.
* Proxy FGI and websockets improvements
* Proxy capability via handler
* Finer control over scoping of RewriteRules
* Unix Domain Socket (UDS) support for mod_proxy backends.
* Support for larger shared memory sizes for mod_socache_shmcb
* mod_lua and mod_ssl enhancements
* Support named groups and backreferences within the LocationMatch, \
DirectoryMatch, FilesMatch and ProxyMatch directives.
Files: