/apache22, Apache HTTP (Web) server, version 2.2
2.2.27, Package name:
apache-2.2.27, Maintainer: pkgsrc-users
The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.
Required to run:
] Package options
: apache-mpm-prefork, apache-shared-modules
Master sites: (Expand) SHA1:
Version history: (Expand)
- (2014-03-28) Updated to version: apache-2.2.27
- (2014-02-17) Updated to version: apache-2.2.26
- (2014-02-12) Updated to version: apache-2.2.25nb3
- (2014-01-22) Updated to version: apache-2.2.25nb2
- (2013-12-01) Updated to version: apache-2.2.25nb1
- (2013-07-16) Updated to version: apache-2.2.25
CVS history: (Expand)
| 2014-03-28 12:25:43 by Adam Ciarcinski | Files touched by this commit (3) |
*) SECURITY: CVE-2014-0098 (cve.mitre.org)
Clean up cookie logging with fewer redundant string parsing passes.
Log only cookies with a value assignment. Prevents segfaults when
logging truncated cookies.
*) SECURITY: CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests
*) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
*) mod_proxy_http: Core dumped under high load. PR 50335.
*) proxy_util: NULL terminate the right buffer in 'send_http_connect'.
*) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
is equivalent to <ProxyMatch wildcard-url>.
*) mod_ldap: Fix a potential memory leak or corruption.
*) mod_ssl: Do not perform SNI / Host header comparison in case of a
forward proxy request.
*) mod_rewrite: Add mod_rewrite.h to the headers installed on Windows.
| 2014-03-11 15:34:41 by Jonathan Perkin | Files touched by this commit (99) |
Import initial SMF support for individual packages.
| 2014-03-11 15:05:19 by Jonathan Perkin | Files touched by this commit (350) |
Remove example rc.d scripts from PLISTs.
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
| 2014-02-17 18:32:56 by Adam Ciarcinski | Files touched by this commit (6) |
Changes with Apache 2.2.26
*) mod_dav: dav_resource->uri treated as unencoded. This was an
unnecessary ABI changed introduced in 2.2.25.
*) mod_dav: Do not validate locks against parent collection of COPY
*) mod_ssl: Check SNI hostname against Host header case-insensitively.
*) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
*) mod_ssl: Change default for SSLCompression to off, as compression
causes security issues in most setups. (The so called "CRIME" attack).
*) mod_ssl: Fix compilation error when OpenSSL does not contain
support for SSLv2. Problem was introduced in 2.2.25.
*) mod_dav: Fix double encoding of URIs in XML and Location header (caused
by unintential ABI change in 2.2.25).
| 2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568) |
Recursive PKGREVISION bump for OpenSSL API version bump.
| 2014-01-22 00:28:46 by Matthias Scheler | Files touched by this commit (2) |
Enable "ecc" option (support for ECC cipher suites) by default. It is
the fastest and most widely support way to get Perfect Forward Secrecy
with modern web browsers if your server uses an RSA key.
Bump package revision because of this change.
| 2013-12-12 13:24:48 by Jonathan Perkin | Files touched by this commit (3) |
When recursively chowning, ensure the -P flag is specified. This is default
on BSD but not on strict POSIX implementations, leading to failures when
building as an unprivileged user in the presence of symlinks.
Fixes recent breakage on SunOS when the '-h' flag was removed for MirBSD.
| 2013-12-03 22:18:36 by Benny Siegert | Files touched by this commit (3) |
Remove -h from the chown commands in post-install. The chown manpage (on
MirBSD) says: "The -R and -h options are mutually exclusive."