pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

PR/45923 CVS commit: pkgsrc/www/apache24



The following reply was made to PR pkg/45923; it has been noted by GNATS.

From: "Ryo ONODERA" <ryoon%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/45923 CVS commit: pkgsrc/www/apache24
Date: Sun, 26 Aug 2012 12:37:34 +0000

 Module Name:   pkgsrc
 Committed By:  ryoon
 Date:          Sun Aug 26 12:37:34 UTC 2012
 
 Modified Files:
        pkgsrc/www/apache24: Makefile PLIST distinfo options.mk
 Added Files:
        pkgsrc/www/apache24: MESSAGE
 
 Log Message:
 Update to 2.4.3
 
 * Fix security problems.
 * Build three Multi-Processing Model shared libraries,
   and select default model with option
 * Retire mod_cgi.so module, use mod_cgid.so; Add MESSAGE
 
 Changelog:
 
 Changes with Apache 2.4.3
 
   *) SECURITY: CVE-2012-3502  (cve.mitre.org)
      mod_proxy_ajp, mod_proxy_http: Fix an issue in back end
      connection closing which could lead to privacy issues due
      to a response mixup. PR 53727. [Rainer Jung]
 
   *) SECURITY: CVE-2012-2687 (cve.mitre.org)
      mod_negotiation: Escape filenames in variant list to prevent an
      possible XSS for a site where untrusted users can upload files to
      a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
 
   *) mod_authnz_ldap: Don't try a potentially expensive nested groups
      search before exhausting all AuthLDAPGroupAttribute checks on the
      current group. PR 52464 [Eric Covener]
 
   *) mod_lua: Add new directive LuaAuthzProvider to allow implementing an
      authorization provider in lua. [Stefan Fritsch]
 
   *) core: Be less strict when checking whether Content-Type is set to
      "application/x-www-form-urlencoded" when parsing POST data,
      or we risk losing data with an appended charset. PR 53698
      [Petter Berntsen <petterb gmail.com>]
 
   *) httpd.conf: Added configuration directives to set a bad_DNT environment
      variable based on User-Agent and to remove the DNT header field from
      incoming requests when a match occurs. This currently has the effect of
      removing DNT from requests by MSIE 10.0 because it deliberately violates
      the current specification of DNT semantics for HTTP. [Roy T. Fielding]
 
   *) mod_socache_shmcb: Fix bus error due to a misalignment
      in some 32 bit builds, especially on Solaris Sparc.
      PR 53040.  [Rainer Jung]
 
   *) mod_cache: Set content type in case we return stale content.
      [Ruediger Pluem]
 
   *) Windows: Fix SSL failures on windows with AcceptFilter https none.
      PR 52476.  [Jeff Trawick]
 
   *) ab: Fix read failure when targeting SSL server.  [Jeff Trawick]
 
   *) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
      - mod_auth_digest: shared memory file
      [Jeff Trawick]
 
   *) htpasswd: Use correct file mode for checking if file is writable.
      PR 45923. [Stefan Fritsch]
 
   *) mod_rewrite: Fix crash with dbd RewriteMaps. PR 53663. [Mikhail T.
      <mi apache aldan algebra com>]
 
   *) mod_ssl: Add new directive SSLCompression to disable TLS-level
      compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
 
   *) mod_lua: Add a few missing request_rec fields. Rename remote_ip to
      client_ip to match conn_rec. [Stefan Fritsch]
 
   *) mod_lua: Change prototype of vm_construct, to work around gcc bug which
      causes a segfault. PR 52779. [Dick Snippe <Dick Snippe tech omroep nl>]
 
   *) mpm_event: Don't count connections in lingering close state when
      calculating how many additional connections may be accepted.
      [Stefan Fritsch]
 
   *) mod_ssl: If exiting during initialization because of a fatal error,
      log a message to the main error log pointing to the appropriate
      virtual host error log. [Stefan Fritsch]
 
   *) mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on
      one connection. PR 52275. [Naohiro Ooiwa <naohiro ooiwa miraclelinux com>]
 
   *) mod_proxy_balancer: Restore balancing after a failed worker has
      recovered when using lbmethod_bybusyness.  PR 48735.  [Jeff Trawick]
 
   *) mod_setenvif: Compile some global regex only once during startup.
      This should save some memory, especially with .htaccess.
      [Stefan Fritsch]
 
   *) core: Add the port number to the vhost's name in the scoreboard.
      [Stefan Fritsch]
 
   *) mod_proxy: Fix ProxyPassReverse for balancer configurations.
      PR 45434.  [Joe Orton]
 
   *) mod_lua: Add the parsebody function for parsing POST data. PR 53064.
      [Daniel Gruno]
 
   *) apxs: Use LDFLAGS from config_vars.mk in addition to CFLAGS and CPPFLAGS.
      [Stefan Fritsch]
 
   *) mod_proxy: Fix memory leak or possible corruption in ProxyBlock
      implementation.  [Ruediger Pluem, Joe Orton]
 
   *) mod_proxy: Check hostname from request URI against ProxyBlock list,
      not forward proxy, if ProxyRemote* is configured.  [Joe Orton]
 
   *) mod_proxy_connect: Avoid DNS lookup on hostname from request URI
      if ProxyRemote* is configured.  PR 43697.  [Joe Orton]
 
   *) mpm_event, mpm_worker: Remain active amidst prevalent child process
      resource shortages.  [Jeff Trawick]
 
   *) Add "strict" and "warnings" pragmas to Perl scripts.  [Rich Bowen]
 
   *) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
      - core: the scoreboard (ScoreBoardFile), pid file (PidFile), and
        mutexes (Mutex)
      [Jim Jagielski]
 
   *) ab: Fix bind() errors.  [Joe Orton]
 
   *) mpm_event: Don't do a blocking write when starting a lingering close
      from the listener thread. PR 52229. [Stefan Fritsch]
 
   *) mod_so: If a filename without slashes is specified for LoadFile or
      LoadModule and the file cannot be found in the server root directory,
      try to use the standard dlopen() search path. [Stefan Fritsch]
 
   *) mpm_event, mpm_worker: Fix cases where the spawn rate wasn't reduced
      after child process resource shortages.  [Jeff Trawick]
 
   *) mpm_prefork: Reduce spawn rate after a child process exits due to
      unexpected poll or accept failure.  [Jeff Trawick]
 
   *) core: Log value of Status header line in script responses rather
      than the fixed header name.  [Chris Darroch]
 
   *) mpm_ssl: Fix handling of empty response from OCSP server.
      [Jim Meyering <meyering redhat.com>, Joe Orton]
 
   *) mpm_event: Fix handling of MaxConnectionsPerChild. [Stefan Fritsch]
 
   *) mod_authz_core: If an expression in "Require expr" returns denied and
      references %{REMOTE_USER}, trigger authentication and retry. PR 52892.
      [Stefan Fritsch]
 
   *) core: Always log if LimitRequestFieldSize triggers.  [Stefan Fritsch]
 
   *) mod_deflate: Skip compression if compression is enabled at SSL level.
      [Stefan Fritsch]
 
   *) core: Add missing HTTP status codes registered with IANA.
      [Julian Reschke <julian.reschke gmx.de>, Rainer Jung]
 
   *) mod_ldap: Treat the "server unavailable" condition as a transient
      error with all LDAP SDKs.  [Filip Valder <filip.valder vsb.cz>]
 
   *) core: Fix spurious "not allowed here" error returned when the Options
      directive is used in .htaccess and "AllowOverride Options" (with no
      specific options restricted) is configured.  PR 53444. [Eric Covener]
 
   *) mod_authz_core: Fix parsing of Require arguments in <AuthzProviderAlias>.
      PR 53048. [Stefan Fritsch]
 
   *) mod_log_config: Fix %{abc}C truncating cookie values at first "=".
      PR 53104. [Greg Ames]
 
   *) mod_ext_filter: Fix error_log spam when input filters are configured.
      [Joe Orton]
 
   *) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]
 
   *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
      [Paul Wouters <pwouters redhat.com>, Joe Orton]
 
   *) core: Use a TLS 1.0 close_notify alert for internal dummy connection if
      the chosen listener is configured for https. [Joe Orton]
 
   *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
      forwarding to SSL backends. PR 53134.
      [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
 
   *) mod_info: Display all registered providers. [Stefan Fritsch]
 
   *) mod_ssl: Send the error message for speaking http to an https port using
      HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
      using SNI. PR 50823. [Stefan Fritsch]
 
   *) core: Fix segfault in logging if r->useragent_addr or c->client_addr is
      unset. PR 53265. [Stefan Fritsch]
 
   *) log_server_status: Bring Perl style forward to the present, use
      standard modules, update for new format of server-status output.
      PR 45424. [Richard Bowen, Dave Brondsema, and others]
 
   *) mod_sed, mod_log_debug, mod_rewrite: Symbol namespace cleanups.
      [Joe Orton, André Malo]
 
   *) core: Prevent "httpd -k restart" from killing server in presence of
      config error. [Joe Orton]
 
   *) mod_proxy_fcgi: If there is an error reading the headers from the
      backend, send an error to the client. PR 52879. [Stefan Fritsch]
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r0 -r1.1 pkgsrc/www/apache24/MESSAGE
 cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/apache24/Makefile
 cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/apache24/PLIST
 cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/apache24/distinfo \
     pkgsrc/www/apache24/options.mk
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
 


Home | Main Index | Thread Index | Old Index