Path to this page:
Subject: CVS commit: [pkgsrc-2019Q1] pkgsrc/www/apache24
From: Benny Siegert
Date: 2019-04-10 11:31:27
Message id: 20190410093128.0EAF3FB16@cvs.NetBSD.org
Log Message:
Pullup ticket #5930 - requested by taca
www/apache24: security fix
Revisions pulled up:
- www/apache24/Makefile 1.77
- www/apache24/PLIST 1.28
- www/apache24/distinfo 1.40
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Apr 2 07:25:38 UTC 2019
Modified Files:
pkgsrc/www/apache24: Makefile PLIST distinfo
Log Message:
apache24: updated to 2.4.39
Changes with Apache 2.4.39
*) mod_proxy/ssl: Cleanup per-request SSL configuration anytime a backend
connection is recycled/reused to avoid a possible crash with some SSLProxy
configurations in <Location> or <Proxy> context.
*) mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA failure.
*) mod_log_config: Support %{c}h for conn-hostname, %h for useragent_host
*) mod_socache_redis: Support for Redis as socache storage provider.
*) core: new configuration option 'MergeSlashes on|off' that controls handling of
multiple, consecutive slash ('/') characters in the path component of the \
request URL.
*) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is
in play, the proper HTTP/2 stream reset did not trigger with \
H2_ERR_HTTP_1_1_REQUIRED.
*) mod_http2: new configuration directive: `H2Padding numbits` to control
padding of HTTP/2 payload frames. 'numbits' is a number from 0-8,
controlling the range of padding bytes added to a frame. The actual number
added is chosen randomly per frame. This applies to HEADERS, DATA and \
PUSH_PROMISE
frames equally. The default continues to be 0, e.g. no padding.
*) mod_http2: ripping out all the h2_req_engine internal features now that \
mod_proxy_http2
has no more need for it. Optional functions are still declared but no \
longer implemented.
While previous mod_proxy_http2 will work with this, it is recommeneded to \
run the matching
versions of both modules.
*) mod_proxy_http2: changed mod_proxy_http2 implementation and fixed several \
bugs which
resolve bug 63170. The proxy module does now a single h2 request on the \
(reused)
connection and returns.
*) mod_http2/mod_proxy_http2: proxy_http2 checks correct master connection \
aborted status
to trigger immediate shutdown of backend connections. This is now always \
signalled
by mod_http2 when the the session is being released.
proxy_http2 now only sends a PING frame to the backend when there is not \
already one
in flight.
*) mod_proxy_http2: fixed an issue where a proxy_http2 handler entered an infinite
loop when encountering certain errors on the backend connection.
*) mod_http2: Configuration directives H2Push and H2Upgrade can now be \
specified per
Location/Directory, e.g. disabling PUSH for a specific set of resources.
*) mod_http2: HEAD requests to some module such as mod_cgid caused the stream to
terminate improperly and cause a HTTP/2 PROTOCOL_ERROR.
*) http: Fix possible empty response with mod_ratelimit for HEAD requests.
*) mod_cache_socache: Avoid reallocations and be safe with outgoing data
lifetime.
*) MPMs unix: bind the bucket number of each child to its slot number, for a
more efficient per bucket maintenance.
*) mod_auth_digest: Fix a race condition. Authentication with valid
credentials could be refused in case of concurrent accesses from
different users.
*) mod_http2: enable re-use of slave connections again. Fixed slave connection
keepalives counter.
*) mod_reqtimeout: Allow to configure (TLS-)handshake timeouts.
*) mod_proxy_wstunnel: Fix websocket proxy over UDS.
*) mod_ssl: Don't unset FIPS mode on restart unless it's forced by
configuration (SSLFIPS on) and not active by default in OpenSSL.
Files: