./www/apache22, Apache HTTP (Web) server, version 2.2

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2013Q1, Version: 2.2.24nb1, Package name: apache-2.2.24nb1, Maintainer: tron

The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.


Required to run:
[lang/perl5] [devel/apr-util] [devel/apr]

Required to build:
[devel/libtool-base] [devel/pkg-config]

Package options: apache-mpm-prefork, apache-shared-modules

Master sites: (Expand)

SHA1: f73bce14832ec40c1aae68f4f8c367cab2266241
RMD160: 4c31b23615236c407779a23cbfcc8e05ba011224
Filesize: 5361.757 KB

Version history: (Expand)


CVS history: (Expand)


   2013-07-15 22:19:16 by S.P.Zeidler | Files touched by this commit (3) | Package updated
Log message:
Pullup ticket #4184 - requested by tron
www/apache22: security update

Revisions pulled up:
- www/apache22/Makefile                                         1.92
- www/apache22/distinfo                                         1.57
- www/apache22/patches/patch-modules_mappers_mod_rewrite.c      deleted

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Mon Jul 15 18:15:49 UTC 2013

   Modified Files:
   	pkgsrc/www/apache22: Makefile distinfo
   Removed Files:
   	pkgsrc/www/apache22/patches: patch-modules_mappers_mod_rewrite.c

   Log message:
   Update "apache22" package to version 2.2.25. Changes since 2.2.24:
   - SECURITY: CVE-2013-1862 (cve.mitre.org)
     mod_rewrite: Ensure that client data written to the RewriteLog is
     escaped to prevent terminal escape sequences from entering the
     log file.  [Eric Covener, Jeff Trawick, Joe Orton]
   - core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer
     strings.  The default limit for ap_pregsub() can be adjusted at compile
      time by defining AP_PREGSUB_MAXLEN.  [Stefan Fritsch, Jeff Trawick]
   - core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization
     on Linux kernel versions 3.x and above.  Bug#55121.  [Bradley Heilbrun
     <apache heilbrun.org>]
   - mod_setenvif: Log error on substitution overflow.
     [Stefan Fritsch]
   - mod_ssl/proxy: enable the SNI extension for backend TLS connections
     [Kaspar Brand]
   - mod_proxy: Use the the same hostname for SNI as for the HTTP request when
     forwarding to SSL backends. Bug#53134.
     [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
   - mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
     in the error log to debug level.  [William Rowe]
   - mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
     with SSLProxyMachineCertificateFile/Path directives. Bug#52212, Bug#54698.
     [Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]
   - mod_proxy_balancer: Added balancer parameter failontimeout to allow server
     admin to configure an IO timeout as an error in the balancer.
     [Daniel Ruggeri]
   - mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind
     password.  [Daniel Ruggeri]
   - htdigest: Fix buffer overflow when reading digest password file
     with very long lines. Bug#54893. [Rainer Jung]
   - mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
     the source href (sent as part of the request body as XML) pointing to a
     URI that is not configured for DAV will trigger a segfault. [Ben Reser
     <ben reser.org>]
   - mod_dav: Ensure URI is correctly uriencoded on return. Bug#54611
     [Timothy Wood <tjw omnigroup.com>]
   - mod_dav: Make sure that when we prepare an If URL for Etag comparison,
     we compare unencoded paths. Bug#53910 [Timothy Wood <tjw omnigroup.com>]
   - mod_dav: Sending an If or If-Match header with an invalid ETag doesn't
     result in a 412 Precondition Failed for a COPY operation. PR54610
     [Timothy Wood <tjw omnigroup.com>]
   - mod_dav: When a PROPPATCH attempts to remove a non-existent dead
     property on a resource for which there is no dead property in the same
     namespace httpd segfaults. Bug#52559 [Diego Santa Cruz
     <diego.santaCruz spinetix.com>]
   - mod_dav: Do not fail PROPPATCH when prop namespace is not known.
     Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
   - mod_dav: Do not segfault on PROPFIND with a zero length DBM.
     Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]

   To generate a diff of this commit:
   cvs rdiff -u -r1.91 -r1.92 pkgsrc/www/apache22/Makefile
   cvs rdiff -u -r1.56 -r1.57 pkgsrc/www/apache22/distinfo
   cvs rdiff -u -r1.3 -r0 \
       pkgsrc/www/apache22/patches/patch-modules_mappers_mod_rewrite.c
   2013-06-02 13:07:36 by S.P.Zeidler | Files touched by this commit (3)
Log message:
Pullup ticket #4148 - requested by tron
www/apache22: security patch

Revisions pulled up:
- www/apache22/Makefile                                         1.88
- www/apache22/distinfo                                         1.55
- www/apache22/patches/patch-modules_mappers_mod_rewrite.c      1.3

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Thu May 30 22:58:15 UTC 2013

   Modified Files:
   	pkgsrc/www/apache22: Makefile distinfo
   Added Files:
   	pkgsrc/www/apache22/patches: patch-modules_mappers_mod_rewrite.c

   Log message:
   Add Apache developer fix for security vulnerability reported
   in CVE-2013-1862.

   To generate a diff of this commit:
   cvs rdiff -u -r1.87 -r1.88 pkgsrc/www/apache22/Makefile
   cvs rdiff -u -r1.54 -r1.55 pkgsrc/www/apache22/distinfo
   cvs rdiff -u -r0 -r1.3 \
       pkgsrc/www/apache22/patches/patch-modules_mappers_mod_rewrite.c