./www/apache22, Apache HTTP (Web) server, version 2.2

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.2.27, Package name: apache-2.2.27, Maintainer: pkgsrc-users

The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.


Required to run:
[lang/perl5] [devel/apr] [devel/apr-util]


Package options: apache-mpm-prefork, apache-shared-modules

Master sites: (Expand)

SHA1: fd4bf18dd1b3e0d9be9e85ff7e033b2eb8aa4976
RMD160: bda89eb8d39c73ace7a0de6804b8831cab9e2476
Filesize: 5485.154 KB

Version history: (Expand)


CVS history: (Expand)


   2014-03-28 12:25:43 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
Changes 2.2.27:

  *) SECURITY: CVE-2014-0098 (cve.mitre.org)
     Clean up cookie logging with fewer redundant string parsing passes.
     Log only cookies with a value assignment. Prevents segfaults when
     logging truncated cookies.

  *) SECURITY: CVE-2013-6438 (cve.mitre.org)
     mod_dav: Keep track of length of cdata properly when removing
     leading spaces. Eliminates a potential denial of service from
     specifically crafted DAV WRITE requests

  *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
     TE/CL conflicts.

  *) mod_proxy_http: Core dumped under high load. PR 50335.

  *) proxy_util: NULL terminate the right buffer in 'send_http_connect'.

  *) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
     is equivalent to <ProxyMatch wildcard-url>.

  *) mod_ldap: Fix a potential memory leak or corruption.

  *) mod_ssl: Do not perform SNI / Host header comparison in case of a
     forward proxy request.

  *) mod_rewrite: Add mod_rewrite.h to the headers installed on Windows.
   2014-03-11 15:34:41 by Jonathan Perkin | Files touched by this commit (99)
Log message:
Import initial SMF support for individual packages.
   2014-03-11 15:05:19 by Jonathan Perkin | Files touched by this commit (350)
Log message:
Remove example rc.d scripts from PLISTs.

These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
   2014-02-17 18:32:56 by Adam Ciarcinski | Files touched by this commit (6)
Log message:
Changes with Apache 2.2.26

  *) mod_dav: dav_resource->uri treated as unencoded. This was an
     unnecessary ABI changed introduced in 2.2.25.

  *) mod_dav: Do not validate locks against parent collection of COPY
     source URI.

  *) mod_ssl: Check SNI hostname against Host header case-insensitively.

  *) mod_ssl: enable support for ECC keys and ECDH ciphers.  Tested against
     OpenSSL 1.0.0b3.

  *) mod_ssl: Change default for SSLCompression to off, as compression
     causes security issues in most setups. (The so called "CRIME" attack).

  *) mod_ssl: Fix compilation error when OpenSSL does not contain
     support for SSLv2. Problem was introduced in 2.2.25.

  *) mod_dav: Fix double encoding of URIs in XML and Location header (caused
     by unintential ABI change in 2.2.25).
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2014-01-22 00:28:46 by Matthias Scheler | Files touched by this commit (2)
Log message:
Enable "ecc" option (support for ECC cipher suites) by default. It is
the fastest and most widely support way to get Perfect Forward Secrecy
with modern web browsers if your server uses an RSA key.

Bump package revision because of this change.
   2013-12-12 13:24:48 by Jonathan Perkin | Files touched by this commit (3)
Log message:
When recursively chowning, ensure the -P flag is specified.  This is default
on BSD but not on strict POSIX implementations, leading to failures when
building as an unprivileged user in the presence of symlinks.

Fixes recent breakage on SunOS when the '-h' flag was removed for MirBSD.
   2013-12-03 22:18:36 by Benny Siegert | Files touched by this commit (3)
Log message:
Remove -h from the chown commands in post-install. The chown manpage (on
MirBSD) says: "The -R and -h options are mutually exclusive."