kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/apache22
History
tron bd18add136 Update "apache" package to version 2.2.24. Changes since 2.2.23: 
- SECURITY: CVE-2012-3499 (cve.mitre.org)
  Various XSS flaws due to unescaped hostnames and URIs HTML output in
  mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
  [Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>]
- SECURITY: CVE-2012-4558 (cve.mitre.org)
  XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
  Niels Heinen <heinenn google com>]
- mod_rewrite: Stop merging RewriteBase down to subdirectories
  unless new option 'RewriteOptions MergeBase' is configured.
  Merging RewriteBase was unconditionally turned on in 2.2.23.
  Bug Report 53963. [Eric Covener]
- mod_ssl: Send the error message for speaking http to an https port using
  HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
  using SNI. Bug Report 50823. [Stefan Fritsch]
- mod_ssl: log revoked certificates at level INFO
  instead of DEBUG. Bug Report 52162. [Stefan Fritsch]
- mod_proxy_ajp: Support unknown HTTP methods. Bug Report 54416.
  [Rainer Jung]
- mod_dir: Add support for the value 'disabled' in FallbackResource.
  [Vincent Deffontaines]
- mod_ldap: Fix regression in handling "server unavailable" errors on
  Windows.  Bug Report 54140.  [Eric Covener]
- mod_ssl: fix a regression with the string rendering of the "UID" RDN
  introduced in 2.2.15. Bug Report 54510. [Kaspar Brand]
- ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
  to more accurately report the negotiated protocol. Bug Report 53916.
  [Nicolás Pernas Maradei <nico emutex com>, Kaspar Brand]
- mod_cache: Explicitly allow cache implementations to cache a 206 Partial
  Response if they so choose to do so. Previously an attempt to cache a 206
  was arbitrarily allowed if the response contained an Expires or
  Cache-Control header, and arbitrarily denied if both headers were missing.
  Currently the disk and memory cache providers do not cache 206 Partial
  Responses. [Graham Leggett]
- core: Remove unintentional APR dependency introduced with
  Apache 2.2.22. [Eric Covener]
- core: Use a TLS 1.0 close_notify alert for internal dummy connection if
  the chosen listener is configured for https. [Joe Orton]
- mod_ssl: Add new directive SSLCompression to disable TLS-level
  compression. Bug Report 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
2013-03-03 20:05:03 +00:00
..
files
patches Apply patch https://issues.apache.org/bugzilla/show_bug.cgi?id=49491 2012-12-23 21:32:41 +00:00
buildlink3.mk Add apxs to buildlink3, so that packages that use apxs will build properly 2013-02-20 12:14:42 +00:00
DESCR
distinfo Update "apache" package to version 2.2.24. Changes since 2.2.23: 2013-03-03 20:05:03 +00:00
Makefile Update "apache" package to version 2.2.24. Changes since 2.2.23: 2013-03-03 20:05:03 +00:00
MESSAGE
options.mk
PLIST Update "apache" package to version 2.2.24. Changes since 2.2.23: 2013-03-03 20:05:03 +00:00