./www/apache24, Apache HTTP (Web) server, version 2.4

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.4.41nb1, Package name: apache-2.4.41nb1, Maintainer: ryoon

The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.

This package tracks 2.4.x release.

Required to run:
[textproc/libxml2] [devel/apr] [devel/apr-util] [devel/pcre] [devel/readline] [www/nghttp2] [archivers/brotli]

Required to build:

Package options: apache-mpm-event, apache-mpm-prefork, apache-mpm-worker, brotli, http2, xml

Master sites: (Expand)

SHA1: b46a02237f03384fa50ddbde9be62092dc23e684
RMD160: ed572c262222034a699ab55f12eaebbe070cecb7
Filesize: 6906.614 KB

Version history: (Expand)

CVS history: (Expand)

   2019-08-22 14:23:56 by Ryo ONODERA | Files touched by this commit (678)
Log message:
Recursive revbump from boost-1.71.0
   2019-08-15 10:03:39 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
apache24: updated to 2.4.41

Changes with Apache 2.4.41

  *) SECURITY: CVE-2019-10081 (cve.mitre.org)
     mod_http2: HTTP/2 very early pushes, for example configured with \ 
     could lead to an overwrite of memory in the pushing request's pool,
     leading to crashes. The memory copied is that of the configured push
     link header values, not data supplied by the client.

  *) SECURITY: CVE-2019-9517 (cve.mitre.org)
     mod_http2: a malicious client could perform a DoS attack by flooding
     a connection with requests and basically never reading responses
     on the TCP connection. Depending on h2 worker dimensioning, it was
     possible to block those with relatively few connections.

  *) SECURITY: CVE-2019-10098 (cve.mitre.org)
     rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
     matches and substitutions with encoded line break characters.

  *) SECURITY: CVE-2019-10092 (cve.mitre.org)
     Remove HTML-escaped URLs from canned error responses to prevent misleading
     text/links being displayed via crafted links.

  *) SECURITY: CVE-2019-10097 (cve.mitre.org)
     mod_remoteip: Fix stack buffer overflow and NULL pointer deference
     when reading the PROXY protocol header.

  *) SECURITY: CVE-2019-10082 (cve.mitre.org)
     mod_http2: Using fuzzed network input, the http/2 session
     handling could be made to read memory after being freed,
     during connection shutdown.

  *) mod_proxy_balancer: Improve balancer-manager protection against
     XSS/XSRF attacks from trusted users.

  *) mod_session: Introduce SessionExpiryUpdateInterval which allows to
     configure the session/cookie expiry's update interval.

  *) modules/filters: Fix broken compilation when using old GCC (<4.2.x).

  *) mod_ssl: Fix startup failure in 2.4.40 with SSLCertificateChainFile
     configured for a domain managed by mod_md.
   2019-08-11 15:25:21 by Thomas Klausner | Files touched by this commit (3557) | Package updated
Log message:
Bump PKGREVISIONs for perl 5.30.0
   2019-07-22 12:34:22 by Jonathan Perkin | Files touched by this commit (1)
Log message:
apache24: Extend SunOS C99 compilers list to gcc-5.

Should fix PR#54385 from Hiroshi Hakoyama.
   2019-07-01 06:08:55 by Ryo ONODERA | Files touched by this commit (669)
Log message:
Recursive revbump from boost-1.70.0
   2019-06-07 13:26:20 by Thomas Merkel | Files touched by this commit (3)
Log message:
apache24: Add mod_brotli option

The mod_brotli module provides the BROTLI_COMPRESS output filter that
allows output from your server to be compressed using the brotli
compression format before being sent to the client over the network.
   2019-05-23 21:23:24 by Roland Illig | Files touched by this commit (242)
Log message:
all: replace SUBST_SED with the simpler SUBST_VARS

pkglint -Wall -r --only "substitution command" -F

With manual review and indentation fixes since pkglint doesn't get that
part correct in every case.
   2019-04-05 15:48:39 by Jonathan Perkin | Files touched by this commit (3)
Log message:
apache24: Make xml support optional, defaulting to on.

Allows mod_proxy_html to be supported again.  Based on a pull request from
vec4f in joyent/pkgsrc#169.