./www/apache24, Apache HTTP (Web) server, version 2.4

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.4.17, Package name: apache-2.4.17, Maintainer: ryoon

The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.

This package tracks 2.4.x release.

Required to run:
[devel/apr] [devel/apr-util] [devel/pcre] [devel/readline]

Package options: apache-mpm-event, apache-mpm-prefork, apache-mpm-worker

Master sites: (Expand)

SHA1: 3a1b0db8b6c71b9c9ac507ba8723b95a8d3da1df
RMD160: e237dc50782e9ab7c82afd96195af4115d3a2f96
Filesize: 5036.837 KB

Version history: (Expand)

CVS history: (Expand)

   2015-11-25 13:54:07 by Jonathan Perkin | Files touched by this commit (8)
Log message:
Remove mk/find-prefix.mk usage from the www category.

The find-prefix infrastructure was required in a pkgviews world where
packages installed from pkgsrc could have different installation
prefixes, and this was a way for a dependency prefix to be determined.

Now that pkgviews has been removed there is no longer any need for the
overhead of this infrastructure.  Instead we use BUILDLINK_PREFIX.pkg
for dependencies pulled in via buildlink, or LOCALBASE/PREFIX where the
dependency is coming from pkgsrc.

Provides a reasonable performance win due to the reduction of `pkg_info
-qp` calls, some of which were redundant anyway as they were duplicating
the same information provided by BUILDLINK_PREFIX.pkg.
   2015-10-17 12:16:35 by Adam Ciarcinski | Files touched by this commit (4)
Log message:
Changes with Apache 2.4.17

  *) mod_http2: added donated HTTP/2 implementation via core module. Similar
     configuration options to mod_ssl.

  *) mod_proxy: don't recyle backend announced "Connection: close" \ 
     to avoid reusing it should the close be effective after some new request
     is ready to be sent.

  *) mod_substitute: Allow to configure the patterns merge order with the new
     SubstituteInheritBefore on|off directive.

  *) mod_proxy: Fix ProxySourceAddress binding failure with AH00938.

  *) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3,
     and change the compiled-in default for SSL[Proxy]Protocol to "all \ 
     in accordance with RFC 7568.

  *) mod_ssl: append :!aNULL:!eNULL:!EXP to the cipher string settings,
     instead of prepending !aNULL:!eNULL:!EXP: (as was the case in 2.4.7
     and later). Enables support for configuring the SUITEB* cipher
     strings introduced in OpenSSL 1.0.2.

  *) mod_ssl: Add support for extracting the msUPN and dnsSRV forms
     of subjectAltName entries of type "otherName" into
     SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment

  *) mod_logio: Fix logging of %^FB (time to first byte) on the first request on
     an SSL connection.

  *) mod_cache: r->err_headers_out is not merged into
     r->headers when mod_cache is enabled and the response
     is cached for the first time.

  *) mod_slotmem_shm: Fix slots/SHM files names on restart for systems that
     can't create new (clear) slots while previous children gracefully stopping
     still use the old ones (e.g. Windows, OS2). mod_proxy_balancer failed to
     restart whenever the number of configured balancers/members changed during

  *) core/util_script: make REDIRECT_URL a full URL.

  *) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
     records for scalability.

  *) mod_proxy: Fix a race condition that caused a failed worker to be retried
     before the retry period is over.

  *) mod_autoindex: Allow autoindexes when neither mod_dir nor mod_mime are

  *) mod_rewrite:  Allow cookies set by mod_rewrite to contain ':' by accepting
     ';' as an alternate separator.

  *) apxs: Add HTTPD_VERSION and HTTPD_MMN to the variables available with
     apxs -q.

  *) mod_rewrite: Avoid a crash when lacking correct DB access permissions
     when using RewriteMap with MapType dbd or fastdbd.

  *) mod_authz_dbd: Avoid a crash when lacking correct DB access permissions.

  *) mod_socache_memcache: Add the 'MemcacheConnTTL' directive to control how
     long to keep idle connections with the memcache server(s).
     Change default value from 600 usec (!) to 15 sec.

  *) mod_dir: Prevent the internal identifier "httpd/unix-directory" from
     appearing as a Content-Type response header when requests for a directory
     are rewritten by mod_rewrite.
   2015-09-01 10:26:05 by Jonathan Perkin | Files touched by this commit (2)
Log message:
Add mod_session_crypto if apr-util is built with ssl.
   2015-07-20 02:08:35 by Takahiro Kambe | Files touched by this commit (5) | Package removed
Log message:
Update apache24 to 2.4.16 (Apache HTTP Server 2.4.16).

        Apache HTTP Server 2.4.16 Released

The Apache Software Foundation and the Apache HTTP Server Project
are pleased to announce the release of version 2.4.16 of the Apache
HTTP Server ("Apache").  This version of Apache is our latest GA
release of the new generation 2.4.x branch of Apache HTTPD and
represents fifteen years of innovation by the project, and is
recommended over all previous releases. This release of Apache is
principally a security, feature and bug fix release. NOTE: versions
2.4.13, 2.4.14 and 2.4.15 were not released.

CVE-2015-3183 (cve.mitre.org)
core: Fix chunk header parsing defect.
Remove apr_brigade_flatten(), buffering and duplicated code from
the HTTP_IN filter, parse chunks in a single pass with zero copy.
Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext
authorized characters.

CVE-2015-3185 (cve.mitre.org)
Replacement of ap_some_auth_required (unusable in Apache httpd 2.4)
with new ap_some_authn_required and ap_force_authn hook.

CVE-2015-0253 (cve.mitre.org)
core: Fix a crash with ErrorDocument 400 pointing to a local URL-path
with the INCLUDES filter active, introduced in 2.4.11. PR 57531.

CVE-2015-0228 (cve.mitre.org)
mod_lua: A maliciously crafted websockets PING after a script
calls r:wsupgrade() can cause a child process crash.

Also in this release are some exciting new features including:

*) Better default recommended SSLCipherSuite and SSLProxyCipherSuite
*) mod_proxy_scgi: ProxySCGIInternalRedirect now allows an alternate
response header to be used by the application
*) Event MPM improvements
*) Various mod_proxy_* improvements
*) mod_log_config: Add "%{UNIT}T" format to output request duration in
seconds, milliseconds or microseconds depending on UNIT ("s", \ 
   2015-06-26 21:25:12 by Ryo ONODERA | Files touched by this commit (2)
Log message:
Fix configure stage error when both of -apache-mpm-event and
-apache-mpm-worker is set.
And fix PLIST mismatch error.
   2015-06-12 12:52:19 by Thomas Klausner | Files touched by this commit (3152)
Log message:
Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
   2015-06-11 17:38:48 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Add fix for CVE-2015-0253.

   2015-03-28 07:28:04 by Ryo ONODERA | Files touched by this commit (2)
Log message:
Fix CVE-2015-0228 (lua module) with upstream patch.
lua module is not enabled by default.