/apache24, Apache HTTP (Web) server, version 2.4
2.4.25nb1, Package name:
apache-2.4.25nb1, Maintainer: ryoon
The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.
This package tracks 2.4.x release.
Required to run:
] Required to build:
] Package options
: apache-mpm-event, apache-mpm-prefork, apache-mpm-worker
Master sites: (Expand) SHA1:
Version history: (Expand)
- (2017-01-01) Updated to version: apache-2.4.25nb1
- (2016-12-21) Updated to version: apache-2.4.25
- (2016-12-12) Updated to version: apache-2.4.23nb4
- (2016-10-08) Updated to version: apache-2.4.23nb3
- (2016-07-29) Updated to version: apache-2.4.23nb2
- (2016-07-09) Updated to version: apache-2.4.23nb1
CVS history: (Expand)
| 2017-01-19 19:52:30 by Alistair G. Crooks | Files touched by this commit (352) |
Convert all occurrences (353 by my count) of
MASTER_SITES= site1 \
style continuation lines to be simple repeated
lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
| 2017-01-01 17:06:40 by Adam Ciarcinski | Files touched by this commit (616) | |
Revbump after boost update
| 2016-12-20 22:06:35 by Takahiro Kambe | Files touched by this commit (4) | |
Update apache24 to 2.4.25 (Apache HTTPD 2.4.25). 2.4.24 was not released.
This release fixes several security problems, some of them are already
handled in pkgsrc. Please refer CHANGES file in detail.
*) SECURITY: CVE-2016-8740 (cve.mitre.org)
mod_http2: Mitigate DoS memory exhaustion via endless
[Naveen Tiwari <firstname.lastname@example.org> and CDF/SEFCOM at Arizona State
University, Stefan Eissing]
*) SECURITY: CVE-2016-5387 (cve.mitre.org)
core: Mitigate [f]cgi "httpoxy" issues.
[Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
*) SECURITY: CVE-2016-2161 (cve.mitre.org)
mod_auth_digest: Prevent segfaults during client entry allocation when
the shared memory space is exhausted.
[Maksim Malyutin <m.malyutin dsec.ru>, Eric Covener, Jacob Champion]
*) SECURITY: CVE-2016-0736 (cve.mitre.org)
mod_session_crypto: Authenticate the session data/cookie with a
MAC (SipHash) to prevent deciphering or tampering with a padding
oracle attack. [Yann Ylavic, Colm MacCarthaigh]
*) SECURITY: CVE-2016-8743 (cve.mitre.org)
Enforce HTTP request grammar corresponding to RFC7230 for request lines
and request headers, to prevent response splitting and cache pollution by
malicious clients or downstream proxies. [William Rowe, Stefan Fritsch]
| 2016-12-12 00:52:56 by Takahiro Kambe | Files touched by this commit (3) | |
Add patch for CVE-2016-8740.
| 2016-10-07 20:26:14 by Adam Ciarcinski | Files touched by this commit (611) | |
Revbump post boost update
| 2016-07-29 13:11:25 by Thomas Klausner | Files touched by this commit (3) | |
Fix httpoxy vulnerability.
| 2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) | |
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
| 2016-07-05 18:13:53 by Takahiro Kambe | Files touched by this commit (3) | |
Update apache24 to 2.4.23.
(NOTE: Versions 2.4.22 and 2.4.21 were not released.)
Changes from 2.4.20 are too many to write here, please refer CHANGES file.
And Apache 2.4.23 fixes CVE-2016-4979; X509 Client certificate based
authentication can be bypassed when HTTP/2 is used.