./www/apache24, Apache HTTP (Web) server, version 2.4

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.4.34nb1, Package name: apache-2.4.34nb1, Maintainer: ryoon

The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.

This package tracks 2.4.x release.


Required to run:
[devel/apr] [devel/apr-util] [devel/pcre] [devel/readline] [www/nghttp2]

Required to build:
[pkgtools/cwrappers]

Package options: apache-mpm-event, apache-mpm-prefork, apache-mpm-worker, http2

Master sites: (Expand)

SHA1: 94d6e274273903ed153479c7701fa03761abf93d
RMD160: 80470d5ad344eba9b0260a9ff901c4a78def0abd
Filesize: 6780.243 KB

Version history: (Expand)


CVS history: (Expand)


   2018-08-16 20:55:17 by Adam Ciarcinski | Files touched by this commit (653) | Package updated
Log message:
revbump after boost-libs update
   2018-07-19 10:53:58 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
apache24: updated to 2.4.34

Apache 2.4.34
*) SECURITY: CVE-2018-8011 (cve.mitre.org)
   mod_md: DoS via Coredumps on specially crafted requests
*) SECURITY: CVE-2018-1333 (cve.mitre.org)
   mod_http2: DoS for HTTP/2 connections by specially crafted requests
*) Introduce zh-cn and zh-tw (simplified and traditional Chinese) error
   document translations.
*) event: avoid possible race conditions with modules on the child pool.
*) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or
   ProxyPassReverseCookiePath directive could fail to update correctly
   'domain=' or 'path=' in the 'Set-Cookie' header.
*) mod_ratelimit: fix behavior when proxing content.
*) core: Re-allow '_' (underscore) in hostnames.
*) mod_authz_core: If several parameters are used in a AuthzProviderAlias
   directive, if these parameters are not enclosed in quotation mark, only
   the first one is handled. The other ones are silently ignored.
   Add a message to warn about such a spurious configuration.
*) mod_md: improvements and bugfixes
   - MDNotifyCmd now takes additional parameter that are passed on to the called \ 
command.
   - ACME challenges have better checks for interference with other modules
   - ACME challenges are only handled for domains managed by the module, allowing
     other ACME clients to operate for other domains in the server.
   - better libressl integration
*) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'.
*) logging: Some early logging-related startup messages could be lost
   when using syslog for the global ErrorLog.
*) mod_cache: Handle case of an invalid Expires header value RFC compliant
   like the case of an Expires time in the past: allow to overwrite the
   non-caching decision using CacheStoreExpired and respect Cache-Control
   "max-age" and "s-maxage".
*) mod_xml2enc: Fix forwarding of error metadata/responses.
*) mod_proxy_http: Fix response header thrown away after the previous one
   was considered too large and truncated.
*) core: Add and handle AP_GETLINE_NOSPC_EOL flag for ap_getline() family
   of functions to consume the end of line when the buffer is exhausted.
*) mod_proxy_http: Add new worker parameter 'responsefieldsize' to
   allow maximum HTTP response header size to be increased past 8192
   bytes.
*) mod_ssl: Extend SSLOCSPEnable with mode 'leaf' that only checks the leaf
   of a certificate chain.
*) http: Fix small memory leak per request when handling persistent
   connections.
*) mod_proxy_html: Fix variable interpolation and memory allocation failure
   in ProxyHTMLURLMap.
*) mod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30.
*) mod_remoteip: When overriding the useragent address from X-Forwarded-For,
   zero out what had been initialized as the connection-level port.
*) core: In ONE_PROCESS/debug mode, cleanup everything when exiting.
*) mod_proxy_balancer: Add hot spare member type and corresponding flag (R).
   Hot spare members are used as drop-in replacements for unusable workers
   in the same load balancer set. This differs from hot standbys which are
   only used when all workers in a set are unusable.
*) suexec: Add --enable-suexec-capabilites support on Linux, to use
   setuid/setgid capability bits rather than a setuid root binary.
*) suexec: Add support for logging to syslog as an alternative to
   logging to a file; use --without-suexec-logfile --with-suexec-syslog.
*) mod_ssl: Restore 2.4.29 behaviour in SSL vhost merging/enabling
   which broke some rare but previously-working configs.
*) core, log: improve sanity checks for the ErrorLog's syslog config, and
   explicitly allow only lowercase 'syslog' settings.
*) mod_http2: accurate reporting of h2 data input/output per request via
   mod_logio. Fixes an issue where output sizes where counted n-times on
   reused slave connections.
*) mod_http2: Fix unnecessary timeout waits in case streams are aborted.
*) mod_http2: restoring the v1.10.16 keepalive timeout behaviour of mod_http2.
*) mod_proxy: Do not restrict the maximum pool size for backend connections
   any longer by the maximum number of threads per process and use a better
   default if mod_http2 is loaded.
*) mod_slotmem_shm: Add generation number to shm filename to fix races
   with graceful restarts.
*) core: Preserve the original HTTP request method in the '%<m' LogFormat
   when an path-based ErrorDocument is used.
*) mod_remoteip: make proxy-protocol work on slave connections, e.g. in
   HTTP/2 requests.
*) mod_ssl: Fix merging of proxy SSL context outside <Proxy> sections,
   regression introduced in 2.4.30.
*) mod_md: Fix compilation with OpenSSL before version 1.0.2.
*) mod_dumpio: do nothing below log level TRACE7.
*) mod_remoteip: Restore compatibility with APR 1.4 (apr_sockaddr_is_wildcard).
*) core: On ECBDIC platforms, some errors related to oversized headers
   may be misreported or be logged as ASCII escapes.
*) mod_ssl: Fix cmake-based build.
*) core: Add <IfFile>, <IfDirective> and <IfSection> conditional
   section containers.
   2018-07-04 15:40:45 by Jonathan Perkin | Files touched by this commit (423)
Log message:
*: Move SUBST_STAGE from post-patch to pre-configure

Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
   2018-04-29 23:32:09 by Adam Ciarcinski | Files touched by this commit (629) | Package updated
Log message:
revbump for boost-libs update
   2018-03-26 11:30:23 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
apache24: updated to 2.4.33

Changes with Apache 2.4.33

  *) core: Fix request timeout logging and possible crash for error_log hooks.

  *) mod_slomem_shm: Fix failure to create balancers's slotmems in Windows MPM,
     where children processes need to attach them instead since they are owned
     by the parent process already.

  *) ab: try all destination socket addresses returned by
     apr_sockaddr_info_get instead of failing on first one when not available.
     Needed for instance if localhost resolves to both ::1 and 127.0.0.1
     e.g. if both are in /etc/hosts.

  *) ab: Use only one connection to determine working destination socket
     address.

  *) ab: LibreSSL doesn't have or require Windows applink.c.

  *) htpasswd/htdigest: Disable support for bcrypt on EBCDIC platforms.
     apr-util's bcrypt implementation doesn't tolerate EBCDIC.

  *) htpasswd/htdbm: report the right limit when get_password() overflows.

  *) htpasswd: Don't fail in -v mode if password file is unwritable.

  *) htpasswd: don't point to (unused) stack memory on output
     to make static analysers happy.

Changes with Apache 2.4.32

  *) mod_access_compat: Fail if a comment is found in an Allow or Deny
     directive.

  *) mod_authz_host: Ignore comments after "Require host", logging a
     warning, or logging an error if the line is otherwise empty.

  *) rotatelogs: Fix expansion of %Z in localtime (-l) mode, and fix
     Y2K38 bug.

  *) mod_ssl: Support SSL DN raw variable extraction without conversion
     to UTF-8, using _RAW suffix on variable names.

  *) ab: Fix https:// connection failures (regression in 2.4.30); fix
     crash generating CSV output for large -n.

Changes with Apache 2.4.31

  *) mod_proxy_fcgi: Add the support for mod_proxy's flushpackets and flushwait
     parameters.

  *) mod_ldap: Avoid possible crashes, hangs, and busy loops due to
     improper merging of the cache lock in vhost config.

  *) mpm_event: Do lingering close in worker(s).

  *) mpm_queue: Put fdqueue code in common for MPMs event and worker.

Changes with Apache 2.4.30

  *) SECURITY: CVE-2017-15710 (cve.mitre.org)
     Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled

  *) CVE-2018-1283 (cve.mitre.org)
     mod_session: CGI-like applications that intend to read from mod_session's
     'SessionEnv ON' could be fooled into reading user-supplied data instead.

  *) SECURITY: CVE-2018-1303 (cve.mitre.org)
     mod_cache_socache: Fix request headers parsing to avoid a possible crash
     with specially crafted input data.

  *) CVE-2018-1301 (cve.mitre.org)
     core: Possible crash with excessively long HTTP request headers.
     Impractical to exploit with a production build and production LogLevel.

  *) mod_authnz_ldap: Fix language long names detection as short name.

  *) mod_proxy: Worker schemes and hostnames which are too large are no
     longer fatal errors; it is logged and the truncated values are stored.

  *) CVE-2017-15715 (cve.mitre.org)
     core: Configure the regular expression engine to match '$' to the end of
     the input string only, excluding matching the end of any embedded
     newline characters. Behavior can be changed with new directive
     'RegexDefaultOptions'.

  *) SECURITY: CVE-2018-1312 (cve.mitre.org)
     mod_auth_digest: Fix generation of nonce values to prevent replay
     attacks across servers using a common Digest domain. This change
     may cause problems if used with round robin load balancers.

  *) mod_proxy: Allow setting options to globally defined balancer from
     ProxyPass used in VirtualHost. Balancers are now merged using the new
     merge_balancers method which merges the balancers options.

  *) logresolve: Fix incorrect behavior or segfault if -c flag is used
     Fixes: https://bugs.debian.org/cgi-bin/bugrepo … bug=823259

  *) mod_remoteip: Add support for PROXY protocol (code donated by Cloudzilla).
     Add ability for PROXY protocol processing to be optional to donated code.
     See also: http://www.haproxy.org/download/1.5/doc … otocol.txt

  *) mod_proxy, mod_ssl: Handle SSLProxy* directives in <Proxy> sections,
     allowing per backend TLS configuration.

  *) mod_proxy_uwsgi: Add in UWSGI proxy (sub)module.

  *) mod_proxy_balancer,mod_slotmem_shm: Rework SHM reuse/deletion to not
     depend on the number of restarts (non-Unix systems) and preserve shared
  *) CVE-2018-1302 (cve.mitre.org)
     mod_http2: Potential crash w/ mod_http2.

     names as much as possible on configuration changes for SHMs and persisted
     files.

  *) mod_http2: obsolete code removed, no more events on beam pool destruction,
     discourage content encoders on http2-status response (where they do not work).

  *) mpm_event: Let the listener thread do its maintenance job on resources
     shortage.

  *) mpm_event: Wakeup the listener to re-enable listening sockets.

  *) mod_ssl: The SSLCompression directive will now give an error if used
     with an OpenSSL build which does not support any compression methods.

  *) mpm_event,worker: Mask signals for threads created by modules in child
     init, so that they don't receive (implicitely) the ones meant for the MPM.

  *) mod_md: new experimental, module for managing domains across virtual hosts,
     implementing the Let's Encrypt ACMEv1 protocol to signup and renew
     certificates. Please read the modules documentation for further instructions
     on how to use it.

  *) mod_proxy_html: skip documents shorter than 4 bytes

  *) core, mpm_event: Avoid a small memory leak of the scoreboard handle, for
     the lifetime of the connection, each time it is processed by MPM event.

  *) mpm_event: Update scoreboard status for KeepAlive state.

  *) mod_ldap: Fix a case where a full LDAP cache would continually fail to
     purge old entries and log AH01323.

  *) mpm_event: close connections not reported as handled by any module to
     avoid losing track of them and leaking scoreboard entries.

  *) core: A signal received while stopping could have crashed the main
     process.

  *) mod_ssl: support for mod_md added.

  *) mod_proxy_html: process parsed comments immediately.
     Fixes bug (seen in the wild when used with IBM's HTTPD bundle)
     where parsed comments may be lost.

  *) mod_proxy_html: introduce doctype for HTML 5

  *) mod_proxy_html: fix typo-bug processing "strict" vs \ 
"transitional"
     HTML/XHTML.

  *) mpm_event: avoid a very unlikely race condition between the listener and
     the workers when the latter fails to add a connection to the pollset.

  *) core: silently ignore a not existent file path when IncludeOptional
     is used.

  *) mod_macro: fix usability of globally defined macros in .htaccess files.

  *) mod_rewrite, core: add the Vary header when a condition evaluates to true
     and the related RewriteRule is used in a Directory context
     (triggering an internal redirect).

  *) ab: Make the TLS layer aware that the underlying socket is nonblocking,
     and use/handle POLLOUT where needed to avoid busy IOs and recover write
     errors when appropriate.

  *) ab: Keep reading nonblocking to exhaust TCP or SSL buffers when previous
     read was incomplete (the SSL case can cause the next poll() to timeout
     since data are buffered already).

  *) mod_http2: avoid unnecessary data retrieval for a trace log. Allow certain
     information retrievals on null bucket beams where it makes sense.
   2018-01-25 15:01:28 by Jonathan Perkin | Files touched by this commit (1)
Log message:
apache24: Extend _XOPEN_SOURCE workaround to clang.
   2018-01-07 14:04:44 by Roland Illig | Files touched by this commit (583)
Log message:
Fix indentation in buildlink3.mk files.

The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.

There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
   2018-01-01 22:18:57 by Adam Ciarcinski | Files touched by this commit (629) | Package updated
Log message:
Revbump after boost update