Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) by www.NetBSD.org (Postfix) with ESMTP id 3E42463BA8B for ; Sun, 26 Aug 2012 12:38:14 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 190CA14A33C; Sun, 26 Aug 2012 12:38:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id B79A114A36B for ; Sun, 26 Aug 2012 12:37:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id XOC4OAiGSg_A for ; Sun, 26 Aug 2012 12:37:34 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 9DF6314A332 for ; Sun, 26 Aug 2012 12:37:34 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 79398175DD; Sun, 26 Aug 2012 12:37:34 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Date: Sun, 26 Aug 2012 12:37:34 +0000 From: "Ryo ONODERA" Subject: CVS commit: pkgsrc/www/apache24 To: pkgsrc-changes@NetBSD.org Reply-To: ryoon@netbsd.org X-Mailer: log_accum Message-Id: <20120826123734.79398175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: ryoon Date: Sun Aug 26 12:37:34 UTC 2012 Modified Files: pkgsrc/www/apache24: Makefile PLIST distinfo options.mk Added Files: pkgsrc/www/apache24: MESSAGE Log Message: Update to 2.4.3 * Fix security problems. * Build three Multi-Processing Model shared libraries, and select default model with option * Retire mod_cgi.so module, use mod_cgid.so; Add MESSAGE Changelog: Changes with Apache 2.4.3 *) SECURITY: CVE-2012-3502 (cve.mitre.org) mod_proxy_ajp, mod_proxy_http: Fix an issue in back end connection closing which could lead to privacy issues due to a response mixup. PR 53727. [Rainer Jung] *) SECURITY: CVE-2012-2687 (cve.mitre.org) mod_negotiation: Escape filenames in variant list to prevent an possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled. [Niels Heinen ] *) mod_authnz_ldap: Don't try a potentially expensive nested groups search before exhausting all AuthLDAPGroupAttribute checks on the current group. PR 52464 [Eric Covener] *) mod_lua: Add new directive LuaAuthzProvider to allow implementing an authorization provider in lua. [Stefan Fritsch] *) core: Be less strict when checking whether Content-Type is set to "application/x-www-form-urlencoded" when parsing POST data, or we risk losing data with an appended charset. PR 53698 [Petter Berntsen ] *) httpd.conf: Added configuration directives to set a bad_DNT environment variable based on User-Agent and to remove the DNT header field from incoming requests when a match occurs. This currently has the effect of removing DNT from requests by MSIE 10.0 because it deliberately violates the current specification of DNT semantics for HTTP. [Roy T. Fielding] *) mod_socache_shmcb: Fix bus error due to a misalignment in some 32 bit builds, especially on Solaris Sparc. PR 53040. [Rainer Jung] *) mod_cache: Set content type in case we return stale content. [Ruediger Pluem] *) Windows: Fix SSL failures on windows with AcceptFilter https none. PR 52476. [Jeff Trawick] *) ab: Fix read failure when targeting SSL server. [Jeff Trawick] *) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR: - mod_auth_digest: shared memory file [Jeff Trawick] *) htpasswd: Use correct file mode for checking if file is writable. PR 45923. [Stefan Fritsch] *) mod_rewrite: Fix crash with dbd RewriteMaps. PR 53663. [Mikhail T. ] *) mod_ssl: Add new directive SSLCompression to disable TLS-level compression. PR 53219. [Björn Jacke , Stefan Fritsch] *) mod_lua: Add a few missing request_rec fields. Rename remote_ip to client_ip to match conn_rec. [Stefan Fritsch] *) mod_lua: Change prototype of vm_construct, to work around gcc bug which causes a segfault. PR 52779. [Dick Snippe ] *) mpm_event: Don't count connections in lingering close state when calculating how many additional connections may be accepted. [Stefan Fritsch] *) mod_ssl: If exiting during initialization because of a fatal error, log a message to the main error log pointing to the appropriate virtual host error log. [Stefan Fritsch] *) mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on one connection. PR 52275. [Naohiro Ooiwa ] *) mod_proxy_balancer: Restore balancing after a failed worker has recovered when using lbmethod_bybusyness. PR 48735. [Jeff Trawick] *) mod_setenvif: Compile some global regex only once during startup. This should save some memory, especially with .htaccess. [Stefan Fritsch] *) core: Add the port number to the vhost's name in the scoreboard. [Stefan Fritsch] *) mod_proxy: Fix ProxyPassReverse for balancer configurations. PR 45434. [Joe Orton] *) mod_lua: Add the parsebody function for parsing POST data. PR 53064. [Daniel Gruno] *) apxs: Use LDFLAGS from config_vars.mk in addition to CFLAGS and CPPFLAGS. [Stefan Fritsch] *) mod_proxy: Fix memory leak or possible corruption in ProxyBlock implementation. [Ruediger Pluem, Joe Orton] *) mod_proxy: Check hostname from request URI against ProxyBlock list, not forward proxy, if ProxyRemote* is configured. [Joe Orton] *) mod_proxy_connect: Avoid DNS lookup on hostname from request URI if ProxyRemote* is configured. PR 43697. [Joe Orton] *) mpm_event, mpm_worker: Remain active amidst prevalent child process resource shortages. [Jeff Trawick] *) Add "strict" and "warnings" pragmas to Perl scripts. [Rich Bowen] *) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR: - core: the scoreboard (ScoreBoardFile), pid file (PidFile), and mutexes (Mutex) [Jim Jagielski] *) ab: Fix bind() errors. [Joe Orton] *) mpm_event: Don't do a blocking write when starting a lingering close from the listener thread. PR 52229. [Stefan Fritsch] *) mod_so: If a filename without slashes is specified for LoadFile or LoadModule and the file cannot be found in the server root directory, try to use the standard dlopen() search path. [Stefan Fritsch] *) mpm_event, mpm_worker: Fix cases where the spawn rate wasn't reduced after child process resource shortages. [Jeff Trawick] *) mpm_prefork: Reduce spawn rate after a child process exits due to unexpected poll or accept failure. [Jeff Trawick] *) core: Log value of Status header line in script responses rather than the fixed header name. [Chris Darroch] *) mpm_ssl: Fix handling of empty response from OCSP server. [Jim Meyering , Joe Orton] *) mpm_event: Fix handling of MaxConnectionsPerChild. [Stefan Fritsch] *) mod_authz_core: If an expression in "Require expr" returns denied and references %{REMOTE_USER}, trigger authentication and retry. PR 52892. [Stefan Fritsch] *) core: Always log if LimitRequestFieldSize triggers. [Stefan Fritsch] *) mod_deflate: Skip compression if compression is enabled at SSL level. [Stefan Fritsch] *) core: Add missing HTTP status codes registered with IANA. [Julian Reschke , Rainer Jung] *) mod_ldap: Treat the "server unavailable" condition as a transient error with all LDAP SDKs. [Filip Valder ] *) core: Fix spurious "not allowed here" error returned when the Options directive is used in .htaccess and "AllowOverride Options" (with no specific options restricted) is configured. PR 53444. [Eric Covener] *) mod_authz_core: Fix parsing of Require arguments in . PR 53048. [Stefan Fritsch] *) mod_log_config: Fix %{abc}C truncating cookie values at first "=". PR 53104. [Greg Ames] *) mod_ext_filter: Fix error_log spam when input filters are configured. [Joe Orton] *) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton] *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled). [Paul Wouters , Joe Orton] *) core: Use a TLS 1.0 close_notify alert for internal dummy connection if the chosen listener is configured for https. [Joe Orton] *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when forwarding to SSL backends. PR 53134. [Michael Weiser , Ruediger Pluem] *) mod_info: Display all registered providers. [Stefan Fritsch] *) mod_ssl: Send the error message for speaking http to an https port using HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when using SNI. PR 50823. [Stefan Fritsch] *) core: Fix segfault in logging if r->useragent_addr or c->client_addr is unset. PR 53265. [Stefan Fritsch] *) log_server_status: Bring Perl style forward to the present, use standard modules, update for new format of server-status output. PR 45424. [Richard Bowen, Dave Brondsema, and others] *) mod_sed, mod_log_debug, mod_rewrite: Symbol namespace cleanups. [Joe Orton, André Malo] *) core: Prevent "httpd -k restart" from killing server in presence of config error. [Joe Orton] *) mod_proxy_fcgi: If there is an error reading the headers from the backend, send an error to the client. PR 52879. [Stefan Fritsch] To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 pkgsrc/www/apache24/MESSAGE cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/apache24/Makefile cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/apache24/PLIST cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/apache24/distinfo \ pkgsrc/www/apache24/options.mk Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.