./www/apache24, Apache HTTP (Web) server, version 2.4

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.4.39nb2, Package name: apache-2.4.39nb2, Maintainer: ryoon

The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.

This package tracks 2.4.x release.


Required to run:
[textproc/libxml2] [devel/apr] [devel/apr-util] [devel/pcre] [devel/readline] [www/nghttp2] [archivers/brotli]

Required to build:
[pkgtools/cwrappers]

Package options: apache-mpm-event, apache-mpm-prefork, apache-mpm-worker, brotli, http2, xml

Master sites: (Expand)

SHA1: 75695bb7bb589c308755bf496de8b34522133865
RMD160: 4ab6b73efdb326bd34e352ac34fd337f3fb5f60e
Filesize: 6865.761 KB

Version history: (Expand)


CVS history: (Expand)


   2019-06-07 13:26:20 by Thomas Merkel | Files touched by this commit (3)
Log message:
apache24: Add mod_brotli option

The mod_brotli module provides the BROTLI_COMPRESS output filter that
allows output from your server to be compressed using the brotli
compression format before being sent to the client over the network.
   2019-05-23 21:23:24 by Roland Illig | Files touched by this commit (242)
Log message:
all: replace SUBST_SED with the simpler SUBST_VARS

pkglint -Wall -r --only "substitution command" -F

With manual review and indentation fixes since pkglint doesn't get that
part correct in every case.
   2019-04-05 15:48:39 by Jonathan Perkin | Files touched by this commit (3)
Log message:
apache24: Make xml support optional, defaulting to on.

Allows mod_proxy_html to be supported again.  Based on a pull request from
vec4f in joyent/pkgsrc#169.
   2019-04-02 09:25:38 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
apache24: updated to 2.4.39

Changes with Apache 2.4.39

*) mod_proxy/ssl: Cleanup per-request SSL configuration anytime a backend
   connection is recycled/reused to avoid a possible crash with some SSLProxy
   configurations in <Location> or <Proxy> context.

*) mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA failure.

*) mod_log_config: Support %{c}h for conn-hostname, %h for useragent_host

*) mod_socache_redis: Support for Redis as socache storage provider.

*) core: new configuration option 'MergeSlashes on|off' that controls handling of
   multiple, consecutive slash ('/') characters in the path component of the \ 
request URL.

*) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is
   in play, the proper HTTP/2 stream reset did not trigger with \ 
H2_ERR_HTTP_1_1_REQUIRED.

*) mod_http2: new configuration directive: `H2Padding numbits` to control
   padding of HTTP/2 payload frames. 'numbits' is a number from 0-8,
   controlling the range of padding bytes added to a frame. The actual number
   added is chosen randomly per frame. This applies to HEADERS, DATA and PUSH_PROMISE
   frames equally. The default continues to be 0, e.g. no padding.

*) mod_http2: ripping out all the h2_req_engine internal features now that \ 
mod_proxy_http2
   has no more need for it. Optional functions are still declared but no longer \ 
implemented.
   While previous mod_proxy_http2 will work with this, it is recommeneded to run \ 
the matching
   versions of both modules.

*) mod_proxy_http2: changed mod_proxy_http2 implementation and fixed several \ 
bugs which
   resolve bug 63170. The proxy module does now a single h2 request on the (reused)
   connection and returns.

*) mod_http2/mod_proxy_http2: proxy_http2 checks correct master connection \ 
aborted status
   to trigger immediate shutdown of backend connections. This is now always signalled
   by mod_http2 when the the session is being released.
   proxy_http2 now only sends a PING frame to the backend when there is not \ 
already one
   in flight.

*) mod_proxy_http2: fixed an issue where a proxy_http2 handler entered an infinite
   loop when encountering certain errors on the backend connection.

*) mod_http2: Configuration directives H2Push and H2Upgrade can now be specified per
   Location/Directory, e.g. disabling PUSH for a specific set of resources.

*) mod_http2: HEAD requests to some module such as mod_cgid caused the stream to
   terminate improperly and cause a HTTP/2 PROTOCOL_ERROR.

*) http: Fix possible empty response with mod_ratelimit for HEAD requests.

*) mod_cache_socache: Avoid reallocations and be safe with outgoing data
   lifetime.

*) MPMs unix: bind the bucket number of each child to its slot number, for a
   more efficient per bucket maintenance.

*) mod_auth_digest: Fix a race condition. Authentication with valid
   credentials could be refused in case of concurrent accesses from
   different users.

*) mod_http2: enable re-use of slave connections again. Fixed slave connection
   keepalives counter.

*) mod_reqtimeout: Allow to configure (TLS-)handshake timeouts.

*) mod_proxy_wstunnel: Fix websocket proxy over UDS.

*) mod_ssl: Don't unset FIPS mode on restart unless it's forced by
   configuration (SSLFIPS on) and not active by default in OpenSSL.
   2019-01-23 13:04:18 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
apache24: updated to 2.4.38

Changes with Apache 2.4.38
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
   mod_session: mod_session_cookie does not respect expiry time allowing
   sessions to be reused.
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
   mod_http2: fixes a DoS attack vector. By sending slow request bodies
   to resources not consuming them, httpd cleanup code occupies a server
   thread unnecessarily. This was changed to an immediate stream reset
   which discards all stream state and incoming data.
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
   mod_ssl: Fix infinite loop triggered by a client-initiated
   renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
   later.
*) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
*) mod_negotiation: Treat LanguagePriority as case-insensitive to match
   AddLanguage behavior and HTTP specification.
*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
   have been fixed.
*) mod_setenvif: We can have expressions that become true if a regex pattern
   in the expression does NOT match. In this case val is NULL
   and we should just set the value for the environment variable
   like in the pattern case.
*) mod_session: Always decode session attributes early.
*) core: Incorrect values for environment variables are substituted when
   multiple environment variables are specified in a directive.
*) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
   this type of map is present in the configuration.
*) mod_dav: Fix invalid Location header when a resource is created by
   passing an absolute URI on the request line
*) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
*) mod_ssl: clear *SSL errors before loading certificates and checking
   afterwards. Otherwise errors are reported when other SSL using modules
   are in play.
*) mod_ssl: Fix the error code returned in an error path of
   'ssl_io_filter_handshake()'. This messes-up error handling performed
   in 'ssl_io_filter_error()'
*) mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
   authz provider so "Require ssl" works correctly in HTTP/2.
*) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
   redirects, subsequent ProxyPassReverse statements, whether they are
   relative or absolute, may fail.
*) mod_lua: Now marked as a stable module
   2018-12-13 20:52:27 by Adam Ciarcinski | Files touched by this commit (668)
Log message:
revbump for boost 1.69.0
   2018-10-24 12:08:00 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
apache24: updated to 2.4.37

Changes with Apache 2.4.37

  *) mod_ssl: Fix HTTP/2 failures when using OpenSSL 1.1.1.

  *) mod_ssl: Fix crash during SSL renegotiation with OptRenegotiate set,
     when client certificates are available from the original handshake
     but were originally not verified and should get verified now.
     This is a regression in 2.4.36 (unreleased).

  *) mod_ssl: Correctly merge configurations that have client certificates set
     by SSLProxyMachineCertificate{File|Path}.

Changes with Apache 2.4.36

  *) mod_brotli, mod_deflate: Restore the separate handling of 304 Not Modified
     responses. Regression introduced in 2.4.35.

  *) mod_proxy_scgi, mod_proxy_uwsgi: improve error handling when sending the
     body of the response.

  *) mod_http2: adding defensive code for stream EOS handling, in case the \ 
request handler
     missed to signal it the normal way (eos buckets).

  *) ab: Add client certificate support.

  *) ab: Disable printing temp key for OpenSSL before
     version 1.0.2. SSL_get_server_tmp_key is not available
     there.

  *) mod_ssl: Fix a regression that the configuration settings for verify mode
     and verify depth were taken from the frontend connection in case of
     connections by the proxy to the backend.

  *) MPMs: Initialize all runtime/asynchronous objects on a dedicated pool and
     before signals handling to avoid lifetime issues on restart or shutdown.

  *) mod_ssl: Add support for OpenSSL 1.1.1 and TLSv1.3.  TLSv1.3 has
     behavioural changes compared to v1.2 and earlier; client and
     configuration changes should be expected.  SSLCipherSuite is
     enhanced for TLSv1.3 ciphers, but applies at vhost level only.

  *) mod_auth_basic: Be less tolerant when parsing the credencial. Only spaces
     should be accepted after the authorization scheme. \t are also tolerated.

  *) mod_proxy_hcheck: Fix issues with interval determination.

  *) mod_proxy_hcheck: Fix issues with TCP health checks.

  *) mod_proxy_hcheck: take balancer's SSLProxy* directives into account.

  *) mod_status, mod_echo: Fix the display of client addresses.
    They were truncated to 31 characters which is not enough for IPv6 addresses.
    This is done by deprecating the use of the 'client' field and using
    the new 'client64' field in worker_score.
   2018-09-24 09:37:47 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
apache24: updated to 2.4.35

Changes with Apache 2.4.35

*) http: Enforce consistently no response body with both 204 and 304
   statuses.

*) mod_status: Cumulate CPU time of exited child processes in the
   "cu" and "cs" values. Add CPU time of the parent process \ 
to the
   "c" and "s" values.

*) mod_proxy: Improve the balancer member data shown in mod_status when
   "ProxyStatus" is "On": add "busy" count and \ 
show byte counts in
   auto mode always in units of kilobytes.

*) mod_status: Add cumulated response duration time in milliseconds.

*) mod_status: Complete the data shown for async MPMs in "auto" mode.
   Added number of processes, number of stopping processes and number
   of busy and idle workers.

*) mod_ratelimit: Don't interfere with "chunked" encoding, fixing \ 
regression
   introduced in 2.4.34.

*) mod_proxy: Remove load order and link dependency between mod_lbmethod_*
   modules and mod_proxy.

*) Allow the argument to <IfFile>, <IfDefine>, <IfSection>, \ 
<IfDirective>,
   and <IfModule> to be quoted.  This is primarily for the benefit of
   <IfFile>.

*) mod_watchdog: Correct some log messages.

*) mod_md: When the last domain name from an MD is moved to another one,
   that now empty MD gets moved to the store archive.

*) mod_ssl: Fix merging of SSLOCSPOverrideResponder.

*) mod_proxy_balancer: Restore compatibility with APR 1.4.