---
- branch: MAIN
  date: Fri Oct  6 06:22:05 UTC 2017
  files:
  - new: '1.62'
    old: '1.61'
    path: pkgsrc/www/apache24/Makefile
    pathrev: pkgsrc/www/apache24/Makefile@1.62
    type: modified
  - new: '1.33'
    old: '1.32'
    path: pkgsrc/www/apache24/distinfo
    pathrev: pkgsrc/www/apache24/distinfo@1.33
    type: modified
  - new: '0'
    old: '1.2'
    path: pkgsrc/www/apache24/patches/patch-server_core.c
    pathrev: pkgsrc/www/apache24/patches/patch-server_core.c@0
    type: deleted
  id: 20171006T062205Z.1b4d7e652fb71e54ffc0abfddbd8387e6ed94ebe
  log: |
    apache24: update to 2.4.28

    Changes with Apache 2.4.28

    *) SECURITY: CVE-2017-9798 (cve.mitre.org)
       Corrupted or freed memory access. <Limit[Except]> must now be used in the
       main configuration file (httpd.conf) to register HTTP methods before the
       .htaccess files.

    *) event: Avoid possible blocking in the listener thread when shutting down
       connections.

    *) mod_speling: Don't embed referer data in a link in error page.

    *) htdigest: prevent a buffer overflow when a string exceeds the allowed max
       length in a password file.

    *) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25).

    *) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically.

    *) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified
       down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond),
       's' (second) and 'hr' (hour!) time suffixes.

    *) mod_http2: Fix for stalling when more than 32KB are written to a
       suspended stream.

    *) build: allow configuration without APR sources.

    *) mod_ssl, ab: Fix compatibility with LibreSSL.

    *) core/log: Support use of optional "tag" in syslog entries.

    *) mod_proxy: Fix ProxyAddHeaders merging.

    *) core: Disallow multiple Listen on the same IP:port when listener buckets
       are configured (ListenCoresBucketsRatio > 0), consistently with the single
       bucket case (default), thus avoiding the leak of the corresponding socket
       descriptors on graceful restart.

    *) event: Avoid listener periodic wake ups by using the pollset wake-ability
       when available.

    *) mod_proxy_wstunnel: Fix detection of unresponded request which could have
       led to spurious HTTP 502 error messages sent on upgrade connections.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/apache24'
  unixtime: '1507270925'
  user: adam