---
- branch: MAIN
  date: Sun Aug  9 15:01:55 UTC 2020
  files:
  - new: '1.94'
    old: '1.93'
    path: pkgsrc/www/apache24/Makefile
    pathrev: pkgsrc/www/apache24/Makefile@1.94
    type: modified
  - new: '1.44'
    old: '1.43'
    path: pkgsrc/www/apache24/distinfo
    pathrev: pkgsrc/www/apache24/distinfo@1.44
    type: modified
  id: 20200809T150155Z.074ab977d0c5819f033e0de9761c1d0cdef4e20d
  log: "www/apache24: update to 2.4.46\n\nUpdate apache24 to 2.4.46 (Apache HTTPD
    2.4.46).  It fixes several\nsecurity problems:\n\nCVE-2020-9490: Push Diary Crash
    on Specifically Crafted HTTP/2 Header\nCVE-2020-11984: mod_uwsgi buffer overlow\nCVE-2020-11985:
    CWE-345: Insufficient verification of data authenticity\nCVE-2020-11993: Push
    Diary Crash on Specifically Crafted HTTP/2 Header\n\npkgsrc changes: reduce warnings
    by SUBST_* processing.\n\nChanges with Apache 2.4.46\n  *) mod_proxy_fcgi: Fix
    build warnings for Windows platform\n     [Eric Covener, Christophe Jaillet]\n\nChanges
    with Apache 2.4.45\n\n  *) mod_http2: remove support for abandoned http-wg draft\n
    \    <https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/>.\n     [Stefan
    Eissing]\n\nChanges with Apache 2.4.44\n\n  *) mod_proxy_uwsgi: Error out on HTTP
    header larger than 16K (hard\n     protocol limit).  [Yann Ylavic]\n\n  *) mod_http2:\n
    \    Fixes <https://github.com/icing/mod_h2/issues/200>:\n     \"LimitRequestFields
    0\" now disables the limit, as documented.\n     Fixes <https://github.com/icing/mod_h2/issues/201>:\n
    \    Do not count repeated headers with same name against the field\n     count
    limit. The are merged internally, as if sent in a single HTTP/1 line.\n     [Stefan
    Eissing]\n\n  *) mod_http2: Avoid segfaults in case of handling certain responses
    for\n     already aborted connections.  [Stefan Eissing, Ruediger Pluem]\n\n  *)
    mod_http2: The module now handles master/secondary connections and has marked\n
    \    methods according to use. [Stefan Eissing]\n\n  *) core: Drop an invalid
    Last-Modified header value coming\n     from a FCGI/CGI script instead of replacing
    it with Unix epoch.\n     [Yann Ylavic, Luca Toscano]\n\n  *) Add support for
    strict content-length parsing through addition of\n     ap_parse_strict_length()
    [Yann Ylavic]\n\n  *) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when
    expression\n     evaluates to false.  PR64365. [Michael Kæ\x97¦nig <mail ikoenig.net>]\n\n
    \ *) mod_proxy_http: flush spooled request body in one go to avoid\n     leaking
    (or long lived) temporary file. PR 64452. [Yann Ylavic]\n\n  *) mod_ssl: Fix a
    race condition and possible crash when using a proxy client\n     certificate
    (SSLProxyMachineCertificateFile).\n     [Armin Abfalterer <a.abfalterer gmail.com>]\n\n
    \ *) mod_ssl: Fix memory leak in stapling code. PR63687. [Stefan Eissing]\n\n
    \ *) mod_http2: Fixed regression that no longer set H2_STREAM_ID and H2_STREAM_TAG.\n
    \    PR64330 [Stefan Eissing]\n\n  *) mod_http2: Fixed regression that caused
    connections to close when mod_reqtimeout\n     was configured with a handshake
    timeout. Fixes gitub issue #196.\n     [Stefan Eissing]\n\n  *) mod_proxy_http2:
    the \"ping\" proxy parameter\n     (see <https://httpd.apache.org/docs/2.4/mod/mod_proxy.html>)
    is now used\n     when checking the liveliness of a new or reused h2 connection
    to the backend.\n     With short durations, this makes load-balancing more responsive.
    The module\n     will hold back requests until ping conditions are met, using
    features of the\n     HTTP/2 protocol alone. [Ruediger Pluem, Stefan Eissing]\n\n
    \ *) core: httpd is no longer linked against -lsystemd if mod_systemd\n     is
    enabled (and built as a DSO).  [Rainer Jung]\n\n  *) mod_proxy_http2: respect
    ProxyTimeout settings on backend connections\n     while waiting on incoming data.
    [Ruediger Pluem, Stefan Eissing]\n"
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/apache24'
  unixtime: '1596985315'
  user: taca