kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/apache24
History
adam e3a1b10231 apache24: updated to 2.4.38 
Changes with Apache 2.4.38
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
   mod_session: mod_session_cookie does not respect expiry time allowing
   sessions to be reused.
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
   mod_http2: fixes a DoS attack vector. By sending slow request bodies
   to resources not consuming them, httpd cleanup code occupies a server
   thread unnecessarily. This was changed to an immediate stream reset
   which discards all stream state and incoming data.
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
   mod_ssl: Fix infinite loop triggered by a client-initiated
   renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
   later.
*) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
*) mod_negotiation: Treat LanguagePriority as case-insensitive to match
   AddLanguage behavior and HTTP specification.
*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
   have been fixed.
*) mod_setenvif: We can have expressions that become true if a regex pattern
   in the expression does NOT match. In this case val is NULL
   and we should just set the value for the environment variable
   like in the pattern case.
*) mod_session: Always decode session attributes early.
*) core: Incorrect values for environment variables are substituted when
   multiple environment variables are specified in a directive.
*) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
   this type of map is present in the configuration.
*) mod_dav: Fix invalid Location header when a resource is created by
   passing an absolute URI on the request line
*) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
*) mod_ssl: clear *SSL errors before loading certificates and checking
   afterwards. Otherwise errors are reported when other SSL using modules
   are in play.
*) mod_ssl: Fix the error code returned in an error path of
   'ssl_io_filter_handshake()'. This messes-up error handling performed
   in 'ssl_io_filter_error()'
*) mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
   authz provider so "Require ssl" works correctly in HTTP/2.
*) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
   redirects, subsequent ProxyPassReverse statements, whether they are
   relative or absolute, may fail.
*) mod_lua: Now marked as a stable module
2019-01-23 12:04:18 +00:00
..
files
patches apache24: updated to 2.4.35 2018-09-24 07:37:47 +00:00
buildlink3.mk Recursive bump for perl5-5.28.0 2018-08-22 09:42:51 +00:00
DESCR
distinfo apache24: updated to 2.4.38 2019-01-23 12:04:18 +00:00
Makefile apache24: updated to 2.4.38 2019-01-23 12:04:18 +00:00
MESSAGE
options.mk Enable http2 option by default. Bump PKGREVISION 2017-01-28 04:57:57 +00:00
PLIST apache24: updated to 2.4.37 2018-10-24 10:08:00 +00:00