./www/apache24, Apache HTTP (Web) server, version 2.4

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.4.29, Package name: apache-2.4.29, Maintainer: ryoon

The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.

This package tracks 2.4.x release.


Required to run:
[www/nghttp2]

Required to build:
[pkgtools/cwrappers]

Package options: apache-mpm-event, apache-mpm-prefork, apache-mpm-worker, http2

Master sites: (Expand)

SHA1: d99137fe45c6267653350f888bf745a3d242ddbe
RMD160: f4fad8391f88574b576336bb02c2f40373aa4d28
Filesize: 6413.99 KB

Version history: (Expand)


CVS history: (Expand)


   2017-10-23 23:12:44 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
apache24: updated to 2.4.29

Changes with Apache 2.4.29

  *) mod_unique_id: Use output of the PRNG rather than IP address and
     pid, avoiding sleep() call and possible DNS issues at startup,
     plus improving randomness for IPv6-only hosts.

  *) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST
     is used in a condition that evaluates to true.

  *) mod_http2: v0.10.12, removed optimization for mutex handling in bucket
     beams that could lead to assertion failure in edge cases.

  *) mod_proxy: Fix regression for non decimal loadfactor parameter introduced
     in 2.4.28.

  *) mod_authz_dbd: fix a segmentation fault if AuthzDBDQuery is not set.

  *) mod_rewrite: Add support for starting External Rewriting Programs
     as non-root user on UNIX systems by specifying username and group
     name as third argument of RewriteMap directive.

  *) core: Rewrite the Content-Length filter to avoid excessive memory
     consumption. Chunked responses will be generated in more cases
     than in previous releases.

  *) mod_ssl: Fix SessionTicket callback return value, which does seem to
     matter with OpenSSL 1.1.
   2017-10-16 20:55:59 by Jonathan Perkin | Files touched by this commit (1)
Log message:
apache24: Extend SunOS workaround to GCC 6.x.
   2017-10-06 08:22:05 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
apache24: update to 2.4.28

Changes with Apache 2.4.28

*) SECURITY: CVE-2017-9798 (cve.mitre.org)
   Corrupted or freed memory access. <Limit[Except]> must now be used in the
   main configuration file (httpd.conf) to register HTTP methods before the
   .htaccess files.

*) event: Avoid possible blocking in the listener thread when shutting down
   connections.

*) mod_speling: Don't embed referer data in a link in error page.

*) htdigest: prevent a buffer overflow when a string exceeds the allowed max
   length in a password file.

*) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25).

*) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically.

*) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified
   down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond),
   's' (second) and 'hr' (hour!) time suffixes.

*) mod_http2: Fix for stalling when more than 32KB are written to a
   suspended stream.

*) build: allow configuration without APR sources.

*) mod_ssl, ab: Fix compatibility with LibreSSL.

*) core/log: Support use of optional "tag" in syslog entries.

*) mod_proxy: Fix ProxyAddHeaders merging.

*) core: Disallow multiple Listen on the same IP:port when listener buckets
   are configured (ListenCoresBucketsRatio > 0), consistently with the single
   bucket case (default), thus avoiding the leak of the corresponding socket
   descriptors on graceful restart.

*) event: Avoid listener periodic wake ups by using the pollset wake-ability
   when available.

*) mod_proxy_wstunnel: Fix detection of unresponded request which could have
   led to spurious HTTP 502 error messages sent on upgrade connections.
   2017-09-18 15:34:51 by Thomas Klausner | Files touched by this commit (2)
Log message:
Fix URL in comment.
   2017-09-18 15:24:05 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
apache24: fix "Optionsbleed" security bug

See \ 
https://blog.fuzzing-project.org/60-Opt … emory.html

Bump PKGREVISION.
   2017-08-24 22:03:43 by Adam Ciarcinski | Files touched by this commit (621) | Package updated
Log message:
Revbump for boost update
   2017-07-12 09:01:34 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
Changes with Apache 2.4.27

  *) COMPATIBILITY: mod_lua: Remove the undocumented exported 'apr_table'
     global variable when using Lua 5.2 or later. This was exported as a
     side effect from luaL_register, which is no longer supported as of
     Lua 5.2 which deprecates pollution of the global namespace.

  *) COMPATIBILITY: mod_http2: Disable and give warning when using Prefork.
     The server will continue to run, but HTTP/2 will no longer be negotiated.

  *) COMPATIBILITY: mod_proxy_fcgi: Revert to 2.4.20 FCGI behavior for the
     default ProxyFCGIBackendType, fixing a regression with PHP-FPM.

  *) mod_lua: Improve compatibility with Lua 5.1, 5.2 and 5.3.

  *) mod_http2: Simplify ready queue, less memory and better performance. Update
     mod_http2 version to 1.10.7.

  *) Allow single-char field names inadvertently disallowed in 2.4.25.

  *) htpasswd / htdigest: Do not apply the strict permissions of the temporary
     passwd file to a possibly existing passwd file.

  *) core: Avoid duplicate HEAD in Allow header.
     This is a regression in 2.4.24 (unreleased), 2.4.25 and 2.4.26.
   2017-06-19 22:01:10 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
Changes with Apache 2.4.26

  *) HTTP/2 support no longer tagged as "experimental" but is instead \ 
considered
     fully production ready.

  *) mod_http2: Fix for possible CPU busy loop introduced in v1.10.3 where a \ 
stream may keep
     the session in continuous check for state changes that never happen.

  *) mod_mime: Fix error checking for quoted pairs.

  *) mod_proxy_wstunnel: Add "upgrade" parameter to allow upgrade to other
     protocols.

  *) MPMs unix: Place signals handlers and helpers out of DSOs to avoid
     a possible crash if a signal is caught during (graceful) restart.

  *) core: Deprecate ap_get_basic_auth_pw() and add
     ap_get_basic_auth_components().

  *) mod_rewrite: When a substitution is a fully qualified URL, and the
     scheme/host/port matches the current virtual host, stop interpreting the
     path component as a local path just because the first component of the
     path exists in the filesystem.  Adds RewriteOption \ 
"LegacyPrefixDocRoot"
     to revert to previous behavior.

  *) core: ap_parse_form_data() URL-decoding doesn't work on EBCDIC
     platforms.

  *) ab: enable option processing for setting a custom HTTP method also for
     non-SSL builds.

  *) core: EBCDIC fixes for interim responses with additional headers.

  *) mod_ssl: Consistently pass the expected bio_filter_in_ctx_t
     to ssl_io_filter_error().

  *) mod_env: when processing a 'SetEnv' directive, warn if the environment
     variable name includes a '='. It is likely a configuration error.

  *) Evaluate nested If/ElseIf/Else configuration blocks.

  *) mod_rewrite: Add 'BNP' (backreferences-no-plus) flag to RewriteRule to
     allow spaces in backreferences to be encoded as %20 instead of '+'.

  *) mod_rewrite: Add the possibility to limit the escaping to specific
     characters in backreferences by listing them in the B flag.

  *) mod_substitute: Fix spurious AH01328 (Line too long) errors on EBCDIC
     systems.

  *) mod_http2: fail requests without ERROR log in case we need to read interim
     responses and see only garbage. This can happen if proxied servers send
     data where none should be, e.g. a body for a HEAD request.

more...