The NetBSD Project

CVS log for pkgsrc/www/apache24/distinfo

[BACK] Up to [] / pkgsrc / www / apache24

Request diff between arbitrary revisions

Default branch: MAIN
Current tag: pkgsrc-2013Q4

Revision / (download) - annotate - [select for diffs], Fri Mar 21 08:02:35 2014 UTC (5 years, 6 months ago) by spz
Branch: pkgsrc-2013Q4
Changes since 1.11: +4 -4 lines
Diff to previous 1.11 (colored) next main 1.12 (colored)

Pullup ticket #4349 - requested by tron
www/apache24: security update

Revisions pulled up:
- www/apache24/Makefile                                         1.26
- www/apache24/PLIST                                            1.15
- www/apache24/distinfo                                         1.13

   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Tue Mar 18 20:09:08 UTC 2014

   Modified Files:
   	pkgsrc/www/apache24: Makefile PLIST distinfo

   Log Message:
   Changes 2.4.9:
   *) mod_ssl: Work around a bug in some older versions of OpenSSL that
      would cause a crash in SSL_get_certificate for servers where the
      certificate hadn't been sent.
   *) mod_lua: Add a fixups hook that checks if the original request is intend=
      for LuaMapHandler. This fixes a bug where FallbackResource invalidates t=
      LuaMapHandler directive in certain cases by changing the URI before the =
      handler code executes

   Changes 2.4.8:
   *) SECURITY: CVE-2014-0098 (
      Clean up cookie logging with fewer redundant string parsing passes.
      Log only cookies with a value assignment. Prevents segfaults when
      logging truncated cookies.
   *) SECURITY: CVE-2013-6438 (
      mod_dav: Keep track of length of cdata properly when removing
      leading spaces. Eliminates a potential denial of service from
      specifically crafted DAV WRITE requests
   *) core: Support named groups and backreferences within the LocationMatch,
      DirectoryMatch, FilesMatch and ProxyMatch directives. (Requires
      non-ancient PCRE library)
   *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
      TE/CL conflicts.
   *) mod_dir: Add DirectoryCheckHandler to allow a 2.2-like behavior, skipping
      execution when a handler is already set.
   *) mod_ssl: Do not perform SNI / Host header comparison in case of a
      forward proxy request.
   *) mod_ssl: Remove the hardcoded algorithm-type dependency for the
      SSLCertificateFile and SSLCertificateKeyFile directives, to enable
      future algorithm agility, and deprecate the SSLCertificateChainFile
      directive (obsoleted by SSLCertificateFile).
   *) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
      and IgnoreInherit to allow RewriteRules to be pushed from parent scopes
      to child scopes without explicitly configuring each child scope.
   *) prefork: Fix long delays when doing a graceful restart.
   *) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
      5+ instead of just for FreeBSD 5.
   *) mod_proxy_wstunnel: Avoid busy loop on client errors, drop message
      IDs 02445, 02446, and 02448 to TRACE1 from DEBUG.
   *) mod_remoteip: Correct the trusted proxy match test.
   *) mod_proxy_fcgi: Fix error message when an unexpected protocol version
      number is received from the application.
   *) mod_remoteip: Use the correct IP addresses to populate the proxy_ips fie=
   *) mod_lua: Update r:setcookie() to accept a table of options and add domai=
      path and httponly to the list of options available to set.
   *) mod_lua: Fix r:setcookie() to add, rather than replace,
      the Set-Cookie header.
   *) mod_lua: Allow for database results to be returned as a hash with
      row-name/value pairs instead of just row-number/value.
   *) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to
   *) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
      save the socket for reuse by the next worker as if it were an
      APR_SO_DISCONNECTED socket. Restores 2.2 behavior.
   *) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a URL
      that was just rewritten by mod_rewrite.
   *) mod_session: When we have a session we were unable to decode,
      behave as if there was no session at all.
   *) mod_session: Fix problems interpreting the SessionInclude and
      SessionExclude configuration.
   *) mod_authn_core: Allow <AuthnProviderAlias>'es to be seen from auth
      stanzas under virtual hosts.
   *) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
      30 seconds timeout.
   *) mod_proxy: Added support for unix domain sockets as the
      backend server endpoint
   *) build: only search for modules (config*.m4) in known subdirectories, see
   *) mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk.
   *) mod_ssl: Add support for OpenSSL configuration commands by introducing
      the SSLOpenSSLConfCmd directive.
   *) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
      is equivalent to <ProxyMatch wildcard-url>.
   *) mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
      mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
      require directives.
   *) mod_proxy_http: Core dumped under high load.
   *) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
      previously limited to 64MB.
   *) mod_lua: Use binary copy when dealing with uploads through r:parsebody()
      to prevent truncating files.

   To generate a diff of this commit:
   cvs rdiff -u -r1.25 -r1.26 pkgsrc/www/apache24/Makefile
   cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/apache24/PLIST
   cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/apache24/distinfo

Revision 1.11 / (download) - annotate - [select for diffs], Sun Dec 1 10:02:34 2013 UTC (5 years, 10 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base
Branch point for: pkgsrc-2013Q4
Changes since 1.10: +4 -4 lines
Diff to previous 1.10 (colored)

Update to 2.4.7

Changes with Apache 2.4.7

  *) APR 1.5.0 or later is now required for the event MPM.

  *) slotmem_shm: Error detection. [Jim Jagielski]

  *) event: Use skiplist data structure. [Jim Jagielski]

  *) mpm_unix: Add ap_mpm_podx_* implementation to avoid code duplication
     and align w/ trunk. [Jim Jagielski]

  *) Fix potential rejection of valid MaxMemFree and ThreadStackSize
     directives.  [Mike Rumph <mike.rumph>]

  *) mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
     An individual envvar with an encoded length of more than 16K will be
     omitted.  [Jeff Trawick]

  *) mod_proxy_fcgi: Handle reading protocol data that is split between
     packets.  [Jeff Trawick]

  *) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
     allowing custom parameters to be configured via SSLCertificateFile,
     and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
     Unless custom parameters are configured, the standardized parameters
     are applied based on the certificate's RSA/DSA key size. [Kaspar Brand]

  *) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand]

  *) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
     keys, and unconditionally disable aNULL, eNULL and EXP ciphers
     (not overridable via SSLCipherSuite). [Kaspar Brand]

  *) Add experimental cmake-based build system for Windows.  [Jeff Trawick,
     Tom Donovan]

  *) event MPM: Fix possible crashes (third party modules accessing c->sbh)
     or occasional missed mod_status updates for some keepalive requests
     under load. [Eric Covener]

  *) mod_authn_socache: Support optional initialization arguments for
     socache providers.  [Chris Darroch]

  *) mod_session: Reset the max-age on session save. Bug 47476. [Alexey
     Varlamov <alexey.v.varlamov gmail com>]

  *) mod_session: After parsing the value of the header specified by the
     SessionHeader directive, remove the value from the response. Bug 55279.
     [Graham Leggett]

  *) mod_headers: Allow for format specifiers in the substitution string
     when using Header edit. [Daniel Ruggeri]

  *) mod_dav: dav_resource->uri is treated as unencoded. This was an
     unnecessary ABI changed introduced in 2.4.6. Bug 55397.

  *) mod_dav: Don't require lock tokens for COPY source. Bug 55306.

  *) core: Don't truncate output when sending is interrupted by a signal,
     such as from an exiting CGI process. Bug 55643. [Jeff Trawick]

  *) WinNT MPM: Exit the child if the parent process crashes or is terminated.
     [Oracle Corporation]

  *) Windows: Correct failure to discard stderr in some error log
     configurations.  (Error message AH00093)  [Jeff Trawick]

  *) mod_session_crypto: Allow using exec: calls to obtain session
     encryption key.  [Daniel Ruggeri]

  *) core: Add missing Reason-Phrase in HTTP response headers.
     Bug 54946. [Rainer Jung]

  *) mod_rewrite: Make rewrite websocket-aware to allow proxying.
     Bug 55598. [Chris Harris <chris.harris kitware com>]

  *) mod_ldap: When looking up sub-groups, use an implicit objectClass=*
     instead of an explicit cn=* filter. [David Hawes <dhawes>]

  *) ab: Add wait time, fix processing time, and output write errors only if
     they occured. [Christophe Jaillet]

  *) worker MPM: Don't forcibly kill worker threads if the child process is
     exiting gracefully.  [Oracle Corporation]

  *) core: apachectl -S prints wildcard name-based virtual hosts twice.
     Bug 54948 [Eric Covener]

  *) mod_auth_basic: Add AuthBasicUseDigestAlgorithm directive to
     allow migration of passwords from digest to basic authentication.
     [Chris Darroch]

  *) ab: Add a new -l parameter in order not to check the length of the responses.
     This can be usefull with dynamic pages.
     Bug 9945, Bug 27888, Bug 42040 [<ccikrs1 cranbrook edu>]

  *) Suppress formatting of startup messages written to the console when
     ErrorLogFormat is used.  [Jeff Trawick]

  *) mod_auth_digest: Be more specific when the realm mismatches because the
     realm has not been specified. [Graham Leggett]

  *) mod_proxy: Add a note in the balancer manager stating whether changes
     will or will not be persisted and whether settings are inherited.
     [Daniel Ruggeri, Jim Jagielski]

  *) mod_cache: Avoid a crash with strcmp() when the hostname is not provided.
     [Graham Leggett]

  *) core: Add util_fcgi.h and associated definitions and support
     routines for FastCGI, based largely on mod_proxy_fcgi.
     [Jeff Trawick]

  *) mod_headers: Add 'Header note header-name note-name' for copying a response
     headers value into a note. [Eric Covener]

  *) mod_headers: Add 'setifempty' command to Header and RequestHeader.
     [Eric Covener]

  *) mod_logio: new format-specifier %S (sum) which is the sum of received
     and sent byte counts.
     Bug 54015 [Christophe Jaillet]

  *) mod_deflate: Improve error detection when decompressing request bodies
     with trailing garbage: handle case where trailing bytes are in
     the same bucket. [Rainer Jung]

  *) mod_authz_groupfile, mod_authz_user: Reduce severity of AH01671 and AH01663
     from ERROR to DEBUG, since these modules do not know what mod_authz_core
     is doing with their AUTHZ_DENIED return value. [Eric Covener]

  *) mod_ldap: add TRACE5 for LDAP retries. [Eric Covener]

  *) mod_ldap: retry on an LDAP timeout during authn. [Eric Covener]

  *) mod_ldap: Change "LDAPReferrals off" to actually set the underlying LDAP
     SDK option to OFF, and introduce "LDAPReferrals default" to take the SDK
     default, sans rebind authentication callback.
     [Jan Kaluza <kaluze AT>]

  *) core: Log a message at TRACE1 when the client aborts a connection.
     [Eric Covener]

  *) WinNT MPM: Don't crash during child process initialization if the
     Listen protocol is unrecognized.  [Jeff Trawick]

  *) modules: Fix some compiler warnings. [Guenter Knauf]

  *) Sync 2.4 and trunk
       - Avoid some memory allocation and work when TRACE1 is not activated
       - fix typo in include guard
       - indent
       - No need to lower the string before removing the path, it is just a waste of time...
       - Save a few cycles
     [Christophe Jaillet <christophe.jaillet>]

  *) mod_filter: Add "change=no" as a proto-flag to FilterProtocol
     to remove a providers initial flags set at registration time.
     [Eric Covener]

  *) core, mod_ssl: Enable the ability for a module to reverse the sense of
     a poll event from a read to a write or vice versa. This is a step on
     the way to allow mod_ssl taking full advantage of the event MPM.
     [Graham Leggett]

  *) Install proper pcre DLL file during debug build install.
     Bug 55235.  [Ben Reser <ben reser org>]

  *) mod_ldap: Fix a potential memory leak or corruption.  Bug 54936.
     [Zhenbo Xu <zhenbo1987 gmail com>]

  *) ab: Fix potential buffer overflows when processing the T and X
     command-line options.  Bug 55360.
     [Mike Rumph <mike.rumph>]

  *) fcgistarter: Specify SO_REUSEADDR to allow starting a server
     with old connections in TIME_WAIT.  [Jeff Trawick]

  *) core: Add open_htaccess hook which, in conjunction with dirwalk_stat
     and post_perdir_config (introduced in 2.4.5), allows mpm-itk to be
     used without patches to httpd core. [Stefan Fritsch]

  *) support/htdbm: fix processing of -t command line switch. Regression
     introduced in 2.4.4
     Bug 55264 [Jo Rhett <jrhett netconsonance com>]

  [Apache 2.3.0-dev includes those bug fixes and changes with the
   Apache 2.2.xx tree as documented, and except as noted, below.]

Changes with Apache 2.2.x and later:


Changes with Apache 2.0.x and later:


This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

CVSweb <>