- backport r1719967
mod_ssl: fix build with openssl < 0.9.8m (missing semicolon).
This release also contains the patch for FreeBSD PR 204304
Make the fix for fully qualifying REDIRECT_URL from PR#57785 opt-in.
http://svn.apache.org/viewvc?view=revision&revision=1712268
Changes with Apache 2.4.18
*) mod_ssl: for all ssl_engine_vars.c lookups, fall back to master connection
if conn_rec itself holds no valid SSLConnRec*. Fixes PR58666.
[Stefan Eissing]
*) mod_http2: connection level window for flow control is set to protocol
maximum of 2GB-1, preventing window exhaustion when sending data on many
streams with higher cumulative window size.
Reducing write frequency unless push promises need to be flushed.
[Stefan Eissing]
*) mod_http2: required minimum version of libnghttp2 is 1.2.1
[Stefan Eissing]
*) mod_proxy_fdpass: Fix AH01153 error when using the default configuration.
In earlier version of httpd, you can explicitelly set the 'flusher' parameter
to 'flush' as a workaround. (i.e. flusher=flush)
Add documentation for the 'flusher' parameter when defining a proxy worker.
[Christophe Jaillet]
*) mod_ssl: For the "SSLStaplingReturnResponderErrors off" case, make sure
to only staple responses with certificate status "good". [Kaspar Brand]
*) mod_http2: new directive 'H2PushPriority' to allow priority specifications
on server pushed streams according to their content-type.
[Stefan Eissing]
*) mod_http2: fixes crash on connection abort for a busy connection.
fixes crash on a request that did not produce any response.
[Stefan Eissing]
*) mod_http2: trailers are sent after reponse body if set in request_rec
trailers_out before the end-of-request bucket is sent through the
output filters. [Stefan Eissing]
*) mod_http2: incoming trailers (headers after request body) are properly
forwarded to the processing engine. [Stefan Eissing]
*) mod_http2: new directive 'H2Push' to en-/disable HTTP/2 server
pushes a server/virtual host. Pushes are initiated by the presence
of 'Link:' headers with relation 'preload' on a response. [Stefan Eissing]
*) mod_http2: write performance of http2 improved for larger resources,
especially static files. [Stefan Eissing]
*) core: if the first HTTP/1.1 request on a connection goes to a server that
prefers different protocols, these protocols are announced in a Upgrade:
header on the response, mentioning the preferred protocols.
[Stefan Eissing]
*) mod_http2: new directives 'H2TLSWarmUpSize' and 'H2TLSCoolDownSecs'
to control TLS record sizes during connection lifetime.
[Stefan Eissing]
*) mod_http2: new directive 'H2ModernTLSOnly' to enforce security
requirements of RFC 7540 on TLS connections. [Stefan Eissing]
*) core: add ap_get_protocol_upgrades() to retrieve the list of protocols
that a client could possibly upgrade to. Use in first request on a
connection to announce protocol choices. [Stefan Eissing]
*) mod_http2: reworked deallocation on connection shutdown and worker
abort. Separate parent pool for all workers. worker threads are joined
on planned worker shutdown. [Yann Ylavic, Stefan Eissing]
*) mod_ssl: when receiving requests for other virtual hosts than the handshake
server, the SSL parameters are checked for equality. With equal
configuration, requests are passed for processing. Any change will trigger
the old behaviour of "421 Misdirected Request".
SSL now remembers the cipher suite that was used for the last handshake.
This is compared against for any vhost/directory cipher specification.
Detailed examination of renegotiation is only done when these do not
match.
Renegotiation is 403ed when a master connection is present. Exact reason
is given additionally in a request note. [Stefan Eissing]
*) core: Fix scoreboard crash (SIGBUS) on hardware requiring strict 64bit
alignment (SPARC64, PPC64). [Yann Ylavic]
*) mod_cache: Accept HT (Horizontal Tab) when parsing cache related header
fields as described in RFC7230. [Christophe Jaillet]
*) core/util_script: making REDIRECT_URL a full URL is now opt-in
via new 'QualifyRedirectURL' directive.
*) core: Limit to ten the number of tolerated empty lines between request,
and consume them before the pipelining check to avoid possible response
delay when reading the next request without flushing. [Yann Ylavic]
*) mod_ssl: Extend expression parser registration to support ssl variables
in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function
syntax "ssl(VARNAME)". [Rainer Jung]
PR: 204304
with head apache@
- add support for HTTP/2 (RFC 7540)
- remove obsolate libressl patches [1]
In this release are some exciting new features including:
*) HTTP/2 support via mod_http2 module
*) Support for SO_REUSEPORT in MPMs for significant scalability
Changes with Apache 2.4.17
*) mod_http2: added donated HTTP/2 implementation via core module. Similar
configuration options to mod_ssl. [Stefan Eissing]
*) mod_proxy: don't recyle backend announced "Connection: close" connections
to avoid reusing it should the close be effective after some new request
is ready to be sent. [Yann Ylavic]
*) mod_substitute: Allow to configure the patterns merge order with the new
SubstituteInheritBefore on|off directive. PR 57641
[Marc.Stern <Marc.Stern approach.be>, Yann Ylavic, William Rowe]
*) mod_proxy: Fix ProxySourceAddress binding failure with AH00938.
PR 56687. [Arne de Bruijn <apache arbruijn.dds.nl>
*) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3,
and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3",
in accordance with RFC 7568. PR 58349, PR 57120. [Kaspar Brand]
*) mod_ssl: append :!aNULL:!eNULL:!EXP to the cipher string settings,
instead of prepending !aNULL:!eNULL:!EXP: (as was the case in 2.4.7
and later). Enables support for configuring the SUITEB* cipher
strings introduced in OpenSSL 1.0.2. PR 58213. [Kaspar Brand]
*) mod_ssl: Add support for extracting the msUPN and dnsSRV forms
of subjectAltName entries of type "otherName" into
SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment
variables. Addresses PR 58020. [Jan Pazdziora <jpazdziora redhat.com>,
Kaspar Brand]
*) mod_logio: Fix logging of %^FB (time to first byte) on the first request on
an SSL connection. PR 58454.
[Konstantin J. Chernov <k.j.chernov gmail.com>]
*) mod_cache: r->err_headers_out is not merged into
r->headers when mod_cache is enabled and the response
is cached for the first time. [Edward Lu]
*) mod_slotmem_shm: Fix slots/SHM files names on restart for systems that
can't create new (clear) slots while previous children gracefully stopping
still use the old ones (e.g. Windows, OS2). mod_proxy_balancer failed to
restart whenever the number of configured balancers/members changed during
restart. PR 58024. [Yann Ylavic]
*) core/util_script: make REDIRECT_URL a full URL. PR 57785. [Nick Kew]
*) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
records for scalability. [Yingqi Lu <yingqi.lu@intel.com>,
Jeff Trawick, Jim Jagielski, Yann Ylavic]
*) mod_proxy: Fix a race condition that caused a failed worker to be retried
before the retry period is over. [Ruediger Pluem]
*) mod_autoindex: Allow autoindexes when neither mod_dir nor mod_mime are
loaded. [Eric Covener]
*) mod_rewrite: Allow cookies set by mod_rewrite to contain ':' by accepting
';' as an alternate separator. PR47241.
[<bugzilla schermesser com>, Eric Covener]
*) apxs: Add HTTPD_VERSION and HTTPD_MMN to the variables available with
apxs -q. PR58202. [Daniel Shahaf <danielsh apache.org>]
*) mod_rewrite: Avoid a crash when lacking correct DB access permissions
when using RewriteMap with MapType dbd or fastdbd. [Christophe Jaillet]
*) mod_authz_dbd: Avoid a crash when lacking correct DB access permissions.
PR 57868. [Jose Kahan <jose w3.org>, Yann Ylavic]
*) mod_socache_memcache: Add the 'MemcacheConnTTL' directive to control how
long to keep idle connections with the memcache server(s).
Change default value from 600 usec (!) to 15 sec. PR 58091
[Christophe Jaillet]
*) mod_dir: Prevent the internal identifier "httpd/unix-directory" from
appearing as a Content-Type response header when requests for a directory
are rewritten by mod_rewrite. [Eric Covener]
[1] tested by brnrd@
UNIQUENAME was never unique, it was only used by USE_LDCONFIG and now,
we won't have conflicts there.
Use PKGBASE instead of LATEST_LINK in PKGLATESTFILE, the *only* consumer
is pkg-devel, and it works just fine without LATEST_LINK as pkg-devel
has the correct PKGNAME anyway.
Now that UNIQUENAME is gone, OPTIONSFILE is too. (it's been called
OPTIONS_FILE now.)
Reviewed by: antoine, bapt
Exp-run by: antoine
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D3336
<file> on ELF systems, but this doesn't really do what -export-symbols is
meant to do. On GNU ELF systems it converts <file> to a simple version
script first and then uses -version-script instead of -retain-symbols-file.
Let USES=libtool patch libtool scripts to do this on all systems with GNU
ld(1).
Bump PORTREVISION on all ports where the build log contains -export-symbols.
audio/calf: This port builds a module that now exports only one function,
but it also builds a number of executables that link to this module and
expect to see other functions. Because it's already a bit dodgy to link to
a module (libtool warns about this) let the module continue to export only
one function and instead build an ordinary library from the same source that
the executables can link to. Fix a number of other issues in the same
Makefile.am and clean up the port Makefile.
japanese/scim-honoka: Tries to hide all symbols that start with an
underscore, but because this library is written in C++ all symbols start
with _Z so it ends up hiding everything. Just don't hide anything at all
like the textproc/scim configure script does.
multimedia/schroedinger: Apply an upstream patch.
textproc/scim-input-pad: Same as japanese/scim-honoka.
PR: 201922
Approved by: portmgr (antoine)
Exp-run by: antoine
- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.
While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.
Also, replace some EXTRACT_SUFX occurences with USES=tar:*.
Checked by: make fetch-urlall-list
With hat: portmgr
Sponsored by: Absolight
- change MPM backend from static to dynamic,
but keep mpm_prefork for compatiblity with e.g. php modules
- install dedicated MPM load file in case httpd was build with modular MPM
(modules.d/000_mpm_prefork_fallback.conf)
- disable SSLv3 and SSLv2 fallback in sample httpd-ssl-conf
- use @sample macro instead EXAMPLESDIR
- add some SSLCipherSuite examples for OpenSSL >= 1.0.x
- add libressl support [1]
- add pkg-install script (to handle new modular MPM build)
- build now most all modules, so users using packages don't have
to run a custom build for missing modules
- fix suexec mode
PR: 196139 [1]
MFH: 2015Q1
+ SESSION_DBD
+ SLOTMEM_SHM (e.g neeed for mod_ajp)
- CERN_META
- Use OPTION desc. from modules/config.m4 to match upstream
- bump PORTREVISION
with hat apache@
MFH: 2014Q3
- add OPTION for new mod_authnz_fcgi module
- s/libluajit.so/libluajit-5.1.so/ (there is no libluajit.so)
- backport for mod_lua: Don't quote values in cookies
Make IE happy again [#56734]
http://svn.apache.org/viewvc?view=revision&revision=1611744
- disable sanity check on demand [1]
Release Notes:
http://www.apache.org/dist/httpd/CHANGES_2.4.10
PR: 191398 [1]
Submitted by: Robert Schulze <rs@bytecamp.net>
MFH: 2014Q3
Security: 4364e1f1-0f44-11e4-b090-20cf30e32f6d
CVE-2014-0117
CVE-2014-3523
CVE-2014-0226
CVE-2014-0118
CVE-2014-0231
- strip trailing white space
- no PORTREVISION bump (LUA is not a default OPTION)
Lua build issue reported on apache@ and lua@
by Peter Olsson and Jason Hellenthal
lang/lua51 is working the same way lang/lua52, chase ports using lua 5.1
Make the default lua lua52
Make all lua ports using USES=lua
Approved by: portmgr (implicit)
a zeising, kwm production, with help from dumbbell, bdrewery:
NEW XORG ON FREEBSD 9-STABLE AND 10-STABLE
This update switches over to use the new xorg stack by default on FreeBSD 9
and 10 stable, on osversions where vt(9) is available.
It is still possible to use the old stack by specifying WITHOUT_NEW_XORG in
/etc/make.conf .
FreeBSD 8-STABLE and released versions of FreeBSD still use
the old version.
A package repository with binary packages for new xorg will
be available soon.
This patch also contains updates of libxcb and related ports, pixman, as well
as some drivers and utilities.
Bump portrevisions for xf86-* ports, as well as virtualbox-ose-additions due
to xserver version change.
Apart from these updates, the way shared libraries are handled has been
changed for all xorg ports, as well as libxml2 and freetype, which means
ltverhack is gone and as a consequence shared libraries have been bumped.
The plan is that this change will make library bumps less likely in the
future.
All affected ports have had their portrevisions bumped as a consequence of
this.
Fix some issues where WITH_NEW_XORG weren't detected properly on CURRENT.
Update instructions, hardware support, and more notes can be found on
https://wiki.freebsd.org/Graphics
Thanks to: all testers, bdrewery and the FreeBSD x11@ team
exp-run by: bdrewery [1]
PR: ports/187602 [1]
Approved by: portmgr (bdrewery), core (jhb)
- add Note how the OpenSSL version used to build httpd is found (apr-1-config)
Upstream r1576233 commit message
================================
In pre_config, default socache_provider is created, but socache_instance
initialization is missing. This leads to crash on startup if default
socache_provider is used (AuthnCacheSOCache is not called) and
AuthnCacheEnable or AuthnCacheProvideFor is used.
Submitted by: Michael Bennett (per PM)
Obtained from: http://svn.apache.org/viewvc?view=revision&revision=1576233
- enforcing use libapr-1.so.5 (apr-1.5.0 instead apr-1.4.8)
Changes with Apache 2.4.9
*) mod_ssl: Work around a bug in some older versions of OpenSSL that
would cause a crash in SSL_get_certificate for servers where the
certificate hadn't been sent. [Stephen Henson]
*) mod_lua: Add a fixups hook that checks if the original request is intended
for LuaMapHandler. This fixes a bug where FallbackResource invalidates the
LuaMapHandler directive in certain cases by changing the URI before the map
handler code executes [Daniel Gruno, Daniel Ferradal <dferradal gmail com>].
Changes with Apache 2.4.8
*) SECURITY: CVE-2014-0098 (cve.mitre.org)
Clean up cookie logging with fewer redundant string parsing passes.
Log only cookies with a value assignment. Prevents segfaults when
logging truncated cookies.
[William Rowe, Ruediger Pluem, Jim Jagielski]
*) SECURITY: CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests
[Amin Tora <Amin.Tora neustar.biz>]
*) core: Support named groups and backreferences within the LocationMatch,
DirectoryMatch, FilesMatch and ProxyMatch directives. (Requires
non-ancient PCRE library) [Graham Leggett]
*) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]
*) mod_dir: Add DirectoryCheckHandler to allow a 2.2-like behavior, skipping
execution when a handler is already set. PR53929. [Eric Covener]
*) mod_ssl: Do not perform SNI / Host header comparison in case of a
forward proxy request. [Ruediger Pluem]
*) mod_ssl: Remove the hardcoded algorithm-type dependency for the
SSLCertificateFile and SSLCertificateKeyFile directives, to enable
future algorithm agility, and deprecate the SSLCertificateChainFile
directive (obsoleted by SSLCertificateFile). [Kaspar Brand]
*) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
and IgnoreInherit to allow RewriteRules to be pushed from parent scopes
to child scopes without explicitly configuring each child scope.
PR56153. [Edward Lu <Chaosed0 gmail com>]
*) prefork: Fix long delays when doing a graceful restart.
PR 54852 [Jim Jagielski, Arkadiusz Miskiewicz <arekm maven pl>]
*) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick]
*) mod_proxy_wstunnel: Avoid busy loop on client errors, drop message
IDs 02445, 02446, and 02448 to TRACE1 from DEBUG. PR 56145.
[Joffroy Christen <joffroy.christen solvaxis com>, Eric Covener]
*) mod_remoteip: Correct the trusted proxy match test. PR 54651.
[Yoshinori Ehara <yoshinori ehara gmail com>, Eugene L <eugenel amazon com>]
*) mod_proxy_fcgi: Fix error message when an unexpected protocol version
number is received from the application. PR 56110. [Jeff Trawick]
*) mod_remoteip: Use the correct IP addresses to populate the proxy_ips field.
PR 55972. [Mike Rumph]
*) mod_lua: Update r:setcookie() to accept a table of options and add domain,
path and httponly to the list of options available to set.
PR 56128 [Edward Lu <Chaosed0 gmail com>, Daniel Gruno]
*) mod_lua: Fix r:setcookie() to add, rather than replace,
the Set-Cookie header. PR56105
[Kevin J Walters <kjw ms com>, Edward Lu <Chaosed0 gmail com>]
*) mod_lua: Allow for database results to be returned as a hash with
row-name/value pairs instead of just row-number/value. [Daniel Gruno]
*) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to
%{REMOTE_ADDR}. PR 56094. [Edward Lu <Chaosed0 gmail com>]
*) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
save the socket for reuse by the next worker as if it were an
APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]
*) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a URL
that was just rewritten by mod_rewrite. PR53929. [Eric Covener]
*) mod_session: When we have a session we were unable to decode,
behave as if there was no session at all. [Thomas Eckert
<thomas.r.w.eckert gmail com>]
*) mod_session: Fix problems interpreting the SessionInclude and
SessionExclude configuration. PR 56038. [Erik Pearson
<erik adaptations.com>]
*) mod_authn_core: Allow <AuthnProviderAlias>'es to be seen from auth
stanzas under virtual hosts. PR 55622. [Eric Covener]
*) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
30 seconds timeout. [Jan Kaluza]
*) mod_proxy: Added support for unix domain sockets as the
backend server endpoint [Jim Jagielski, Blaise Tarr
<blaise tarr gmail com>]
*) build: only search for modules (config*.m4) in known subdirectories, see
build/config-stubs. [Stefan Fritsch]
*) mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk.
PR 55833. [Eric Covener]
*) mod_ssl: Add support for OpenSSL configuration commands by introducing
the SSLOpenSSLConfCmd directive. [Stephen Henson, Kaspar Brand]
*) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
is equivalent to <ProxyMatch wildcard-url>. [Christophe Jaillet]
*) mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
require directives. [Graham Leggett]
*) mod_proxy_http: Core dumped under high load. PR 50335.
[Jan Kaluza <jkaluza redhat.com>]
*) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
previously limited to 64MB. [Jens Låås <jelaas gmail.com>]
*) mod_lua: Use binary copy when dealing with uploads through r:parsebody()
to prevent truncating files. [Daniel Gruno]
Changes with Apache 2.4.7
*) APR 1.5.0 or later is now required for the event MPM.
*) slotmem_shm: Error detection. [Jim Jagielski]
*) event: Use skiplist data structure. [Jim Jagielski]
*) event: Fail at startup with message AP02405 if the APR atomic
implementation is not compatible with the MPM. [Jim Jagielski]
*) mpm_unix: Add ap_mpm_podx_* implementation to avoid code duplication
and align w/ trunk. [Jim Jagielski]
*) Fix potential rejection of valid MaxMemFree and ThreadStackSize
directives. [Mike Rumph <mike.rumph oracle.com>]
*) mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
An individual envvar with an encoded length of more than 16K will be
omitted. [Jeff Trawick]
*) mod_proxy_fcgi: Handle reading protocol data that is split between
packets. [Jeff Trawick]
*) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
allowing custom parameters to be configured via SSLCertificateFile,
and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
Unless custom parameters are configured, the standardized parameters
are applied based on the certificate's RSA/DSA key size. [Kaspar Brand]
*) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand]
*) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
keys, and unconditionally disable aNULL, eNULL and EXP ciphers
(not overridable via SSLCipherSuite). [Kaspar Brand]
*) mod_proxy: Added support for unix domain sockets as the
backend server endpoint [Jim Jagielski, Blaise Tarr
<blaise tarr gmail com>]
*) Add experimental cmake-based build system for Windows. [Jeff Trawick,
Tom Donovan]
*) event MPM: Fix possible crashes (third party modules accessing c->sbh)
or occasional missed mod_status updates for some keepalive requests
under load. [Eric Covener]
*) mod_authn_socache: Support optional initialization arguments for
socache providers. [Chris Darroch]
*) mod_session: Reset the max-age on session save. PR 47476. [Alexey
Varlamov <alexey.v.varlamov gmail com>]
*) mod_session: After parsing the value of the header specified by the
SessionHeader directive, remove the value from the response. PR 55279.
[Graham Leggett]
*) mod_headers: Allow for format specifiers in the substitution string
when using Header edit. [Daniel Ruggeri]
*) mod_dav: dav_resource->uri is treated as unencoded. This was an
unnecessary ABI changed introduced in 2.4.6. PR 55397.
*) mod_dav: Don't require lock tokens for COPY source. PR 55306.
*) core: Don't truncate output when sending is interrupted by a signal,
such as from an exiting CGI process. PR 55643. [Jeff Trawick]
*) WinNT MPM: Exit the child if the parent process crashes or is terminated.
[Oracle Corporation]
*) Windows: Correct failure to discard stderr in some error log
configurations. (Error message AH00093) [Jeff Trawick]
*) mod_session_crypto: Allow using exec: calls to obtain session
encryption key. [Daniel Ruggeri]
*) core: Add missing Reason-Phrase in HTTP response headers.
PR 54946. [Rainer Jung]
*) mod_rewrite: Make rewrite websocket-aware to allow proxying.
PR 55598. [Chris Harris <chris.harris kitware com>]
*) mod_ldap: When looking up sub-groups, use an implicit objectClass=*
instead of an explicit cn=* filter. [David Hawes <dhawes vt.edu>]
*) ab: Add wait time, fix processing time, and output write errors only if
they occured. [Christophe Jaillet]
*) worker MPM: Don't forcibly kill worker threads if the child process is
exiting gracefully. [Oracle Corporation]
*) core: apachectl -S prints wildcard name-based virtual hosts twice.
PR54948 [Eric Covener]
*) mod_auth_basic: Add AuthBasicUseDigestAlgorithm directive to
allow migration of passwords from digest to basic authentication.
[Chris Darroch]
*) ab: Add a new -l parameter in order not to check the length of the responses.
This can be usefull with dynamic pages.
PR9945, PR27888, PR42040 [<ccikrs1 cranbrook edu>]
*) Suppress formatting of startup messages written to the console when
ErrorLogFormat is used. [Jeff Trawick]
*) mod_auth_digest: Be more specific when the realm mismatches because the
realm has not been specified. [Graham Leggett]
*) mod_proxy: Add a note in the balancer manager stating whether changes
will or will not be persisted and whether settings are inherited.
[Daniel Ruggeri, Jim Jagielski]
*) mod_cache: Avoid a crash with strcmp() when the hostname is not provided.
[Graham Leggett]
*) core: Add util_fcgi.h and associated definitions and support
routines for FastCGI, based largely on mod_proxy_fcgi.
[Jeff Trawick]
*) mod_headers: Add 'Header note header-name note-name' for copying a response
headers value into a note. [Eric Covener]
*) mod_headers: Add 'setifempty' command to Header and RequestHeader.
[Eric Covener]
*) mod_logio: new format-specifier %S (sum) which is the sum of received
and sent byte counts.
PR54015 [Christophe Jaillet]
*) mod_deflate: Improve error detection when decompressing request bodies
with trailing garbage: handle case where trailing bytes are in
the same bucket. [Rainer Jung]
*) mod_authz_groupfile, mod_authz_user: Reduce severity of AH01671 and AH01663
from ERROR to DEBUG, since these modules do not know what mod_authz_core
is doing with their AUTHZ_DENIED return value. [Eric Covener]
*) mod_ldap: add TRACE5 for LDAP retries. [Eric Covener]
*) mod_ldap: retry on an LDAP timeout during authn. [Eric Covener]
*) mod_ldap: Change "LDAPReferrals off" to actually set the underlying LDAP
SDK option to OFF, and introduce "LDAPReferrals default" to take the SDK
default, sans rebind authentication callback.
[Jan Kaluza <kaluze AT redhat.com>]
*) core: Log a message at TRACE1 when the client aborts a connection.
[Eric Covener]
*) WinNT MPM: Don't crash during child process initialization if the
Listen protocol is unrecognized. [Jeff Trawick]
*) modules: Fix some compiler warnings. [Guenter Knauf]
*) Sync 2.4 and trunk
- Avoid some memory allocation and work when TRACE1 is not activated
- fix typo in include guard
- indent
- No need to lower the string before removing the path, it is just a waste of time...
- Save a few cycles
[Christophe Jaillet <christophe.jaillet wanadoo.fr>]
*) mod_filter: Add "change=no" as a proto-flag to FilterProtocol
to remove a providers initial flags set at registration time.
[Eric Covener]
*) core, mod_ssl: Enable the ability for a module to reverse the sense of
a poll event from a read to a write or vice versa. This is a step on
the way to allow mod_ssl taking full advantage of the event MPM.
[Graham Leggett]
*) Makefile.win: Install proper pcre DLL file during debug build install.
PR 55235. [Ben Reser <ben reser org>]
*) mod_ldap: Fix a potential memory leak or corruption. PR 54936.
[Zhenbo Xu <zhenbo1987 gmail com>]
*) ab: Fix potential buffer overflows when processing the T and X
command-line options. PR 55360.
[Mike Rumph <mike.rumph oracle.com>]
*) fcgistarter: Specify SO_REUSEADDR to allow starting a server
with old connections in TIME_WAIT. [Jeff Trawick]
*) core: Add open_htaccess hook which, in conjunction with dirwalk_stat
and post_perdir_config (introduced in 2.4.5), allows mpm-itk to be
used without patches to httpd core. [Stefan Fritsch]
*) support/htdbm: fix processing of -t command line switch. Regression
introduced in 2.4.4
PR 55264 [Jo Rhett <jrhett netconsonance com>]
*) mod_lua: add websocket support via r:wsupgrade, r:wswrite, r:wsread
and r:wsping. [Daniel Gruno]
*) mod_lua: add support for writing/reading cookies via r:getcookie and
r:setcookie. [Daniel Gruno]
*) mod_lua: If the first yield() of a LuaOutputFilter returns a string, it should
be prefixed to the response as documented. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
*) mod_lua: Remove ETAG, Content-Length, and Content-MD5 when a LuaOutputFilter
is configured without mod_filter. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
*) mod_lua: Register LuaOutputFilter scripts as changing the content and
content-length by default, when run my mod_filter. Previously,
growing or shrinking a response that started with Content-Length set
would require mod_filter and FilterProtocol change=yes. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
*) mod_lua: Return a 500 error if a LuaHook* script doesn't return a
numeric return code. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
- bump PORTREVISION
There is an subversion update on the way and we will see the new
subversion before apache24-2.4.7 so adopt the mod_dav patches
from upstrem.
New modules can be registered here with a simple
file that contains the LoadModule directives.
Additonal Maintaines can write instructions to the
conf file and keep pkg-message short.
As bonus the config file can be installed like every
other config file with a .sample extention so modules
are not disabled during pkg upgrades.
Module config files should begin with three digits
followed by '_' e.g. 100_php5.conf.
The load order can be controlled via the three digits.
Please wait some time before adopting the new directory
so users have time to update and adjust axisting configs
- no revision bump, devel/apr was updated and we will see
apache 2.2.7 in the next days (I only want to have the
modules.d directory adopted)
- new modules: mod_cache_socache, mod_macro and mod_proxy_wstunnel
- add enty to vuxml
SECURITY: CVE-2013-1896 (cve.mitre.org)
mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault.
SECURITY: CVE-2013-2249 (cve.mitre.org)
mod_session_dbd: Make sure that dirty flag is respected when saving
sessions, and ensure the session ID is changed each time the session
changes. This changes the format of the updatesession SQL statement.
Existing configurations must be changed.
Changelog:
http://www.apache.org/dist/httpd/CHANGES_2.4.6
with hat apache@
Security: ca4d63fb-f15c-11e2-b183-20cf30e32f6d
The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.
The 2.x branch of Apache Web Server includes several improvements like
threading, use of APR, native IPv6 and SSL support, and many more.
WWW: http://httpd.apache.org/
Note:
Since apache24 does not enable every module by default in httpd.conf the
list of modules to build was preselected to match build param
--enable-modules=most
MPM selection is now an OPTION also if the MPM is build statically or
dynamically. In the later case all modules are build/installed but only
the selected MPM has an entry in httpd.conf (see apache issue 53882)
Per default the MPM prefork (static) will be build, to get the best
compatibility.
Custom variants like itk/peruser are not supported at the moment.
Port based on my work prototype from the apache@ list and patch from
PR 174617
with hat apache@
PR: 174617
Submitted by: <swall@redcom.com>
