./www/apache24, Apache HTTP (Web) server, version 2.4

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.4.29nb1, Package name: apache-2.4.29nb1, Maintainer: ryoon

The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.

This package tracks 2.4.x release.


Required to run:
[devel/apr] [devel/apr-util] [devel/pcre] [devel/readline] [www/nghttp2]

Required to build:
[pkgtools/cwrappers]

Package options: apache-mpm-event, apache-mpm-prefork, apache-mpm-worker, http2

Master sites: (Expand)

SHA1: d99137fe45c6267653350f888bf745a3d242ddbe
RMD160: f4fad8391f88574b576336bb02c2f40373aa4d28
Filesize: 6413.99 KB

Version history: (Expand)


CVS history: (Expand)


   2018-01-25 15:01:28 by Jonathan Perkin | Files touched by this commit (1)
Log message:
apache24: Extend _XOPEN_SOURCE workaround to clang.
   2018-01-07 14:04:44 by Roland Illig | Files touched by this commit (583)
Log message:
Fix indentation in buildlink3.mk files.

The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.

There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
   2018-01-01 22:18:57 by Adam Ciarcinski | Files touched by this commit (629) | Package updated
Log message:
Revbump after boost update
   2017-10-23 23:12:44 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
apache24: updated to 2.4.29

Changes with Apache 2.4.29

  *) mod_unique_id: Use output of the PRNG rather than IP address and
     pid, avoiding sleep() call and possible DNS issues at startup,
     plus improving randomness for IPv6-only hosts.

  *) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST
     is used in a condition that evaluates to true.

  *) mod_http2: v0.10.12, removed optimization for mutex handling in bucket
     beams that could lead to assertion failure in edge cases.

  *) mod_proxy: Fix regression for non decimal loadfactor parameter introduced
     in 2.4.28.

  *) mod_authz_dbd: fix a segmentation fault if AuthzDBDQuery is not set.

  *) mod_rewrite: Add support for starting External Rewriting Programs
     as non-root user on UNIX systems by specifying username and group
     name as third argument of RewriteMap directive.

  *) core: Rewrite the Content-Length filter to avoid excessive memory
     consumption. Chunked responses will be generated in more cases
     than in previous releases.

  *) mod_ssl: Fix SessionTicket callback return value, which does seem to
     matter with OpenSSL 1.1.
   2017-10-16 20:55:59 by Jonathan Perkin | Files touched by this commit (1)
Log message:
apache24: Extend SunOS workaround to GCC 6.x.
   2017-10-06 08:22:05 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
apache24: update to 2.4.28

Changes with Apache 2.4.28

*) SECURITY: CVE-2017-9798 (cve.mitre.org)
   Corrupted or freed memory access. <Limit[Except]> must now be used in the
   main configuration file (httpd.conf) to register HTTP methods before the
   .htaccess files.

*) event: Avoid possible blocking in the listener thread when shutting down
   connections.

*) mod_speling: Don't embed referer data in a link in error page.

*) htdigest: prevent a buffer overflow when a string exceeds the allowed max
   length in a password file.

*) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25).

*) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically.

*) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified
   down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond),
   's' (second) and 'hr' (hour!) time suffixes.

*) mod_http2: Fix for stalling when more than 32KB are written to a
   suspended stream.

*) build: allow configuration without APR sources.

*) mod_ssl, ab: Fix compatibility with LibreSSL.

*) core/log: Support use of optional "tag" in syslog entries.

*) mod_proxy: Fix ProxyAddHeaders merging.

*) core: Disallow multiple Listen on the same IP:port when listener buckets
   are configured (ListenCoresBucketsRatio > 0), consistently with the single
   bucket case (default), thus avoiding the leak of the corresponding socket
   descriptors on graceful restart.

*) event: Avoid listener periodic wake ups by using the pollset wake-ability
   when available.

*) mod_proxy_wstunnel: Fix detection of unresponded request which could have
   led to spurious HTTP 502 error messages sent on upgrade connections.
   2017-09-18 15:34:51 by Thomas Klausner | Files touched by this commit (2)
Log message:
Fix URL in comment.
   2017-09-18 15:24:05 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
apache24: fix "Optionsbleed" security bug

See \ 
https://blog.fuzzing-project.org/60-Opt … emory.html

Bump PKGREVISION.