./www/apache24, Apache HTTP (Web) server, version 2.4

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.4.25nb2, Package name: apache-2.4.25nb2, Maintainer: ryoon

The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.

This package tracks 2.4.x release.


Required to run:
[devel/apr] [devel/apr-util] [devel/pcre] [devel/readline] [www/nghttp2]

Required to build:
[pkgtools/cwrappers]

Package options: apache-mpm-event, apache-mpm-prefork, apache-mpm-worker, http2

Master sites: (Expand)

SHA1: bd6d138c31c109297da2346c6e7b93b9283993d2
RMD160: 6dd0e159f8ff4bb0112476bbee038bd855057c10
Filesize: 6248.26 KB

Version history: (Expand)


CVS history: (Expand)


   2017-04-14 20:18:24 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
Removed these two substituions:
SUBST_SED.confs+=	-e "s|logs/|${VARBASE}/log/httpd/|g"
SUBST_SED.confs+=	-e 's|/var/log/httpd/foo\.log|logs/foo.log/|g'
The first one only applied to an instrucion in the comment at the top of
the configuration file and made it meaningless.
The second one has been useless.
   2017-01-28 05:57:57 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Enable http2 option by default. Bump PKGREVISION
Requestd by Jesus Cea on pkgsrc-users@NetBSD.org maling list.
   2017-01-19 19:52:30 by Alistair G. Crooks | Files touched by this commit (352)
Log message:
Convert all occurrences (353 by my count) of

	MASTER_SITES= 	site1 \
			site2

style continuation lines to be simple repeated

	MASTER_SITES+= site1
	MASTER_SITES+= site2

lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
   2017-01-01 17:06:40 by Adam Ciarcinski | Files touched by this commit (616) | Package updated
Log message:
Revbump after boost update
   2016-12-20 22:06:35 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
Update apache24 to 2.4.25 (Apache HTTPD 2.4.25).  2.4.24 was not released.

This release fixes several security problems, some of them are already
handled in pkgsrc.  Please refer CHANGES file in detail.

  *) SECURITY: CVE-2016-8740 (cve.mitre.org)
     mod_http2: Mitigate DoS memory exhaustion via endless
     CONTINUATION frames.
     [Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State
     University, Stefan Eissing]

  *) SECURITY: CVE-2016-5387 (cve.mitre.org)
     core: Mitigate [f]cgi "httpoxy" issues.
     [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]

  *) SECURITY: CVE-2016-2161 (cve.mitre.org)
     mod_auth_digest: Prevent segfaults during client entry allocation when
     the shared memory space is exhausted.
     [Maksim Malyutin <m.malyutin dsec.ru>, Eric Covener, Jacob Champion]

  *) SECURITY: CVE-2016-0736 (cve.mitre.org)
     mod_session_crypto: Authenticate the session data/cookie with a
     MAC (SipHash) to prevent deciphering or tampering with a padding
     oracle attack.  [Yann Ylavic, Colm MacCarthaigh]

  *) SECURITY: CVE-2016-8743 (cve.mitre.org)
     Enforce HTTP request grammar corresponding to RFC7230 for request lines
     and request headers, to prevent response splitting and cache pollution by
     malicious clients or downstream proxies. [William Rowe, Stefan Fritsch]
   2016-12-12 00:52:56 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Add patch for CVE-2016-8740.

Bump PKGREVISION.
   2016-10-07 20:26:14 by Adam Ciarcinski | Files touched by this commit (611) | Package updated
Log message:
Revbump post boost update
   2016-07-29 13:11:25 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Fix httpoxy vulnerability.

Bump PKGREVISION.