On OS X 10.9, the find command to repair directory modes fails,
apparently because the directory is 600, without even the owner x bit.
Add an extra chmod to fix that before the find. (No PKGREVISION++,
because the binary package will be unchanged if it built before.)
*) mod_ssl: Work around a bug in some older versions of OpenSSL that
would cause a crash in SSL_get_certificate for servers where the
certificate hadn't been sent.
*) mod_lua: Add a fixups hook that checks if the original request is intended
for LuaMapHandler. This fixes a bug where FallbackResource invalidates the
LuaMapHandler directive in certain cases by changing the URI before the map
handler code executes
Changes 2.4.8:
*) SECURITY: CVE-2014-0098 (cve.mitre.org)
Clean up cookie logging with fewer redundant string parsing passes.
Log only cookies with a value assignment. Prevents segfaults when
logging truncated cookies.
*) SECURITY: CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests
*) core: Support named groups and backreferences within the LocationMatch,
DirectoryMatch, FilesMatch and ProxyMatch directives. (Requires
non-ancient PCRE library)
*) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
TE/CL conflicts.
*) mod_dir: Add DirectoryCheckHandler to allow a 2.2-like behavior, skipping
execution when a handler is already set.
*) mod_ssl: Do not perform SNI / Host header comparison in case of a
forward proxy request.
*) mod_ssl: Remove the hardcoded algorithm-type dependency for the
SSLCertificateFile and SSLCertificateKeyFile directives, to enable
future algorithm agility, and deprecate the SSLCertificateChainFile
directive (obsoleted by SSLCertificateFile).
*) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
and IgnoreInherit to allow RewriteRules to be pushed from parent scopes
to child scopes without explicitly configuring each child scope.
*) prefork: Fix long delays when doing a graceful restart.
*) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
5+ instead of just for FreeBSD 5.
*) mod_proxy_wstunnel: Avoid busy loop on client errors, drop message
IDs 02445, 02446, and 02448 to TRACE1 from DEBUG.
*) mod_remoteip: Correct the trusted proxy match test.
*) mod_proxy_fcgi: Fix error message when an unexpected protocol version
number is received from the application.
*) mod_remoteip: Use the correct IP addresses to populate the proxy_ips field.
*) mod_lua: Update r:setcookie() to accept a table of options and add domain,
path and httponly to the list of options available to set.
*) mod_lua: Fix r:setcookie() to add, rather than replace,
the Set-Cookie header.
*) mod_lua: Allow for database results to be returned as a hash with
row-name/value pairs instead of just row-number/value.
*) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to
%{REMOTE_ADDR}.
*) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
save the socket for reuse by the next worker as if it were an
APR_SO_DISCONNECTED socket. Restores 2.2 behavior.
*) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a URL
that was just rewritten by mod_rewrite.
*) mod_session: When we have a session we were unable to decode,
behave as if there was no session at all.
*) mod_session: Fix problems interpreting the SessionInclude and
SessionExclude configuration.
*) mod_authn_core: Allow <AuthnProviderAlias>'es to be seen from auth
stanzas under virtual hosts.
*) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
30 seconds timeout.
*) mod_proxy: Added support for unix domain sockets as the
backend server endpoint
*) build: only search for modules (config*.m4) in known subdirectories, see
build/config-stubs.
*) mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk.
*) mod_ssl: Add support for OpenSSL configuration commands by introducing
the SSLOpenSSLConfCmd directive.
*) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
is equivalent to <ProxyMatch wildcard-url>.
*) mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
require directives.
*) mod_proxy_http: Core dumped under high load.
*) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
previously limited to 64MB.
*) mod_lua: Use binary copy when dealing with uploads through r:parsebody()
to prevent truncating files.
This commit restores the ABI_DEPENDS line that was there until
yesterday, 0.10.4nb1. It's unclear what the right answer is for
fribidi and ABI_DEPENDS, and if revbumping is needed - so for now
avoid the issue.
In particular, it comes with a curl library, which needs libidn.
libidn is not provided though.
Since libidn is in suse121_base but a separate package in suse131
(suse131_libidn), depend on curl so that it is pulled in correctly.
Bump PKGREVISION.
Basically: 10.9's sed is broken, bootstrap works around this via nbsed
on 10.9, and therefore while a 10.6 boostrap's binaries will *run* on
10.9, one can't reliably build new packages.
(Thanks to jperkin@ for pointing this out.)
Based on a report from Bob Bernstein, m17n-lib does not build with
0.10.9. According to
http://upstream-tracker.org/versions/fribidi.html
there was an API and ABI break at 0.19.1, and then it has been
essentially stable.
opensc upstream has removed the use of ltdl. Thus, it is not longer
reasonable to expect it to be able to dlopen a .la file. So pass the
.so, not the .la, to configure, when using the pcsc-lite (default)
option. Resolves a failure of pkcs15-init to load modules.
sbin/pcscd is linked with libusb1, but the installed libraries and
headers do not reference libusb at all. Not including libusb1 avoids
having pcsc-lite's bl3 pull in pthreads to depending packages.
