Next | Query returned 1 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2018-08-18 11:11:00 by Benny Siegert | Files touched by this commit (3) | Package updated
Log message:
Pullup ticket #5802 - requested by taca
www/apache24: security fix

Revisions pulled up:
- www/apache24/Makefile                                         1.69-1.70
- www/apache24/distinfo                                         1.36
- www/apache24/patches/patch-aa                                 1.2

---
   Module Name:	pkgsrc
   Committed By:	jperkin
   Date:		Wed Jul  4 13:40:45 UTC 2018

   Modified Files:
   	pkgsrc/www/apache24: Makefile

   Log message:
   *: Move SUBST_STAGE from post-patch to pre-configure

   Performing substitutions during post-patch breaks tools such as mkpatches,
   making it very difficult to regenerate correct patches after making changes,
   and often leading to substituted string replacements being committed.

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Thu Jul 19 08:53:58 UTC 2018

   Modified Files:
   	pkgsrc/www/apache24: Makefile distinfo
   	pkgsrc/www/apache24/patches: patch-aa

   Log message:
   apache24: updated to 2.4.34

   Apache 2.4.34
   *) SECURITY: CVE-2018-8011 (cve.mitre.org)
      mod_md: DoS via Coredumps on specially crafted requests
   *) SECURITY: CVE-2018-1333 (cve.mitre.org)
      mod_http2: DoS for HTTP/2 connections by specially crafted requests
   *) Introduce zh-cn and zh-tw (simplified and traditional Chinese) error
      document translations.
   *) event: avoid possible race conditions with modules on the child pool.
   *) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or
      ProxyPassReverseCookiePath directive could fail to update correctly
      'domain=' or 'path=' in the 'Set-Cookie' header.
   *) mod_ratelimit: fix behavior when proxing content.
   *) core: Re-allow '_' (underscore) in hostnames.
   *) mod_authz_core: If several parameters are used in a AuthzProviderAlias
      directive, if these parameters are not enclosed in quotation mark, only
      the first one is handled. The other ones are silently ignored.
      Add a message to warn about such a spurious configuration.
   *) mod_md: improvements and bugfixes
      - MDNotifyCmd now takes additional parameter that are passed on to the \ 
called command.
      - ACME challenges have better checks for interference with other modules
      - ACME challenges are only handled for domains managed by the module, allowing
        other ACME clients to operate for other domains in the server.
      - better libressl integration
   *) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'.
   *) logging: Some early logging-related startup messages could be lost
      when using syslog for the global ErrorLog.
   *) mod_cache: Handle case of an invalid Expires header value RFC compliant
      like the case of an Expires time in the past: allow to overwrite the
      non-caching decision using CacheStoreExpired and respect Cache-Control
      "max-age" and "s-maxage".
   *) mod_xml2enc: Fix forwarding of error metadata/responses.
   *) mod_proxy_http: Fix response header thrown away after the previous one
      was considered too large and truncated.
   *) core: Add and handle AP_GETLINE_NOSPC_EOL flag for ap_getline() family
      of functions to consume the end of line when the buffer is exhausted.
   *) mod_proxy_http: Add new worker parameter 'responsefieldsize' to
      allow maximum HTTP response header size to be increased past 8192
      bytes.
   *) mod_ssl: Extend SSLOCSPEnable with mode 'leaf' that only checks the leaf
      of a certificate chain.
   *) http: Fix small memory leak per request when handling persistent
      connections.
   *) mod_proxy_html: Fix variable interpolation and memory allocation failure
      in ProxyHTMLURLMap.
   *) mod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30.
   *) mod_remoteip: When overriding the useragent address from X-Forwarded-For,
      zero out what had been initialized as the connection-level port.
   *) core: In ONE_PROCESS/debug mode, cleanup everything when exiting.
   *) mod_proxy_balancer: Add hot spare member type and corresponding flag (R).
      Hot spare members are used as drop-in replacements for unusable workers
      in the same load balancer set. This differs from hot standbys which are
      only used when all workers in a set are unusable.
   *) suexec: Add --enable-suexec-capabilites support on Linux, to use
      setuid/setgid capability bits rather than a setuid root binary.
   *) suexec: Add support for logging to syslog as an alternative to
      logging to a file; use --without-suexec-logfile --with-suexec-syslog.
   *) mod_ssl: Restore 2.4.29 behaviour in SSL vhost merging/enabling
      which broke some rare but previously-working configs.
   *) core, log: improve sanity checks for the ErrorLog's syslog config, and
      explicitly allow only lowercase 'syslog' settings.
   *) mod_http2: accurate reporting of h2 data input/output per request via
      mod_logio. Fixes an issue where output sizes where counted n-times on
      reused slave connections.
   *) mod_http2: Fix unnecessary timeout waits in case streams are aborted.
   *) mod_http2: restoring the v1.10.16 keepalive timeout behaviour of mod_http2.
   *) mod_proxy: Do not restrict the maximum pool size for backend connections
      any longer by the maximum number of threads per process and use a better
      default if mod_http2 is loaded.
   *) mod_slotmem_shm: Add generation number to shm filename to fix races
      with graceful restarts.
   *) core: Preserve the original HTTP request method in the '%<m' LogFormat
      when an path-based ErrorDocument is used.
   *) mod_remoteip: make proxy-protocol work on slave connections, e.g. in
      HTTP/2 requests.
   *) mod_ssl: Fix merging of proxy SSL context outside <Proxy> sections,
      regression introduced in 2.4.30.
   *) mod_md: Fix compilation with OpenSSL before version 1.0.2.
   *) mod_dumpio: do nothing below log level TRACE7.
   *) mod_remoteip: Restore compatibility with APR 1.4 (apr_sockaddr_is_wildcard).
   *) core: On ECBDIC platforms, some errors related to oversized headers
      may be misreported or be logged as ASCII escapes.
   *) mod_ssl: Fix cmake-based build.
   *) core: Add <IfFile>, <IfDirective> and <IfSection> conditional
      section containers.

Next | Query returned 1 messages, browsing 1 to 10 | previous