NOTICE: This package has been removed from pkgsrc

./www/apache2, Apache HTTP (Web) server, version 2

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ]


Branch: CURRENT, Version: 2.0.65nb3, Package name: apache-2.0.65nb3, Maintainer: pkgsrc-users

The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.


Required to run:
[lang/perl5] [devel/apr0]

Master sites: (Expand)

SHA1: 0183866df73c7877ba9275a075a2ece7a67f6c95
RMD160: 1f0142a843486a53ba184ceb9214dc78f071e17e
Filesize: 4882.619 KB

Version history: (Expand)


CVS history: (Expand)


   2014-06-10 17:22:19 by Joerg Sonnenberger | Files touched by this commit (239) | Package removed
Log message:
Retire Apache 1.3 and 2.0.
   2014-05-30 01:38:20 by Thomas Klausner | Files touched by this commit (3049)
Log message:
Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
   2014-03-11 15:05:19 by Jonathan Perkin | Files touched by this commit (350)
Log message:
Remove example rc.d scripts from PLISTs.

These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2013-12-12 13:24:48 by Jonathan Perkin | Files touched by this commit (3)
Log message:
When recursively chowning, ensure the -P flag is specified.  This is default
on BSD but not on strict POSIX implementations, leading to failures when
building as an unprivileged user in the presence of symlinks.

Fixes recent breakage on SunOS when the '-h' flag was removed for MirBSD.
   2013-12-03 22:18:36 by Benny Siegert | Files touched by this commit (3)
Log message:
Remove -h from the chown commands in post-install. The chown manpage (on
MirBSD) says: "The -R and -h options are mutually exclusive."
   2013-12-01 11:18:04 by Ryo ONODERA | Files touched by this commit (32) | Package updated
Log message:
Revbump from devel/apr update
   2013-08-04 04:45:42 by OBATA Akio | Files touched by this commit (3) | Package updated
Log message:
Update apache2 to 2.0.65.

Changes with Apache 2.0.65

  *) SECURITY: CVE-2013-1862 (cve.mitre.org)
     mod_rewrite: Ensure that client data written to the RewriteLog is
     escaped to prevent terminal escape sequences from entering the
     log file.  [Eric Covener, Jeff Trawick, Joe Orton]

  *) SECURITY: CVE-2012-0053 (cve.mitre.org)
     Fix an issue in error responses that could expose "httpOnly" cookies
     when no custom ErrorDocument is specified for status code 400.
     [Eric Covener]

  *) SECURITY: CVE-2012-0031 (cve.mitre.org)
     Fix scoreboard issue which could allow an unprivileged child process
     to cause the parent to crash at shutdown rather than terminate
     cleanly.  [Joe Orton]

  *) SECURITY: CVE-2011-3368 (cve.mitre.org)
     Reject requests where the request-URI does not match the HTTP
     specification, preventing unexpected expansion of target URLs in
     some reverse proxy configurations.  [Joe Orton]

  *) SECURITY: CVE-2011-3192 (cve.mitre.org)
     core: Fix handling of byte-range requests to use less memory, to avoid
     denial of service. If the sum of all ranges in a request is larger than
     the original file, ignore the ranges and send the complete file.
     bug#51714. [Jeff Trawick, Stefan Fritsch, Jim Jagielski, Ruediger Pluem,
     Eric Covener, <lowprio20 gmail.com>]

  *) SECURITY: CVE-2011-3607 (cve.mitre.org)
     Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
     is enabled, could allow local users to gain privileges via a .htaccess
     file. [Stefan Fritsch, Greg Ames]

       NOTE: it remains possible to exhaust all memory using a carefully
       crafted .htaccess rule, which will not be addressed in 2.0; enabling
       processing of .htaccess files authored by untrusted users is the root
       of such security risks.  Upgrade to httpd 2.2.25 or later to limit
       this specific risk.

  *) core: Add MaxRanges directive to control the number of ranges permitted
     before returning the entire resource, with a default limit of 200.
     [Eric Covener, Rainer Jung]

  *) Set 'Accept-Ranges: none' in the case Ranges are being ignored with
     MaxRanges none.  [Eric Covener, Rainer Jung]

  *) mod_rewrite: Allow merging RewriteBase down to subdirectories
     if new option 'RewriteOptions MergeBase' is configured.
     [Eric Covener]

  *) mod_rewrite: Fix the RewriteEngine directive to work within a
     location. Previously, once RewriteEngine was switched on globally,
     it was impossible to switch off. [Graham Leggett]

  *) mod_rewrite: Add "AllowAnyURI" option. bug#52774. [Joe Orton]

  *) htdigest: Fix buffer overflow when reading digest password file
     with very long lines. bug#54893. [Rainer Jung]

  *) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the
     OpenSSL 0.9.7 flag which uses the server's cipher order rather
     than the client's.  bug#28665.
     [Jim Schneider <jschneid netilla.com>]

  *) mod_include: Prevent a case of SSI timefmt-smashing with filter chains
     including multiple INCLUDES filters. bug#39369 [Joe Orton]

  *) mod_rewrite: When evaluating a proxy rule in directory context, do
     escape the filename by default. bug#46428 [Joe Orton]

  *) Improve platform detection for bundled PCRE by updating config.guess
     and config.sub.  [Rainer Jung]

  *) ssl-std.conf: Disable AECDH ciphers in example config. bug#51363.
     [Rob Stradling <rob comodo com>]

  *) ssl-std.conf: Change the SSLCipherSuite default to a shorter,
     whitelist oriented definition.  [Rainer Jung, Kaspar Brand]

  *) ssl-std.conf: Only select old MSIE browsers for the downgrade
     in http/https behavior.  [Greg Stein, Stefan Fritsch]