Received: from mail.netbsd.org (mail.NetBSD.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 0D41E7A217
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Sun, 27 Dec 2015 12:50:56 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 605)
	id B4D3385F3E; Sun, 27 Dec 2015 12:50:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 437CB85ECF
	for <pkgsrc-changes@NetBSD.org>; Sun, 27 Dec 2015 12:50:55 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id GOKc7MBl-WYu for <pkgsrc-changes@netbsd.org>;
	Sun, 27 Dec 2015 12:50:54 +0000 (UTC)
Received: from cvs.NetBSD.org (cvs.NetBSD.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id AD57184CED
	for <pkgsrc-changes@NetBSD.org>; Sun, 27 Dec 2015 12:50:54 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id A84E2FBA4; Sun, 27 Dec 2015 12:50:54 +0000 (UTC)
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
MIME-Version: 1.0
Date: Sun, 27 Dec 2015 12:50:54 +0000
From: "Adam Ciarcinski" <adam@netbsd.org>
Subject: CVS commit: pkgsrc/www/apache24
To: pkgsrc-changes@NetBSD.org
Reply-To: adam@netbsd.org
X-Mailer: log_accum
Message-Id: <20151227125054.A84E2FBA4@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk

Module Name:	pkgsrc
Committed By:	adam
Date:		Sun Dec 27 12:50:54 UTC 2015

Modified Files:
	pkgsrc/www/apache24: Makefile distinfo

Log Message:
Changes with Apache 2.4.18

*) mod_ssl: for all ssl_engine_vars.c lookups, fall back to master connection
   if conn_rec itself holds no valid SSLConnRec*. Fixes 58666.

*) mod_http2: connection level window for flow control is set to protocol
   maximum of 2GB-1, preventing window exhaustion when sending data on many
   streams with higher cumulative window size.
   Reducing write frequency unless push promises need to be flushed.

*) mod_http2: required minimum version of libnghttp2 is 1.2.1

*) mod_proxy_fdpass: Fix AH01153 error when using the default configuration.
   In earlier version of httpd, you can explicitelly set the 'flusher' parameter
   to 'flush' as a workaround. (i.e. flusher=flush)
   Add documentation for the 'flusher' parameter when defining a proxy worker.

*) mod_ssl: For the "SSLStaplingReturnResponderErrors off" case, make sure
   to only staple responses with certificate status "good".

*) mod_http2: new directive 'H2PushPriority' to allow priority specifications
   on server pushed streams according to their content-type.

*) mod_http2: fixes crash on connection abort for a busy connection.
   fixes crash on a request that did not produce any response.

*) mod_http2: trailers are sent after reponse body if set in request_rec
   trailers_out before the end-of-request bucket is sent through the
   output filters.

*) mod_http2: incoming trailers (headers after request body) are properly
   forwarded to the processing engine.

*) mod_http2: new directive 'H2Push' to en-/disable HTTP/2 server
   pushes a server/virtual host. Pushes are initiated by the presence
   of 'Link:' headers with relation 'preload' on a response.

*) mod_http2: write performance of http2 improved for larger resources,
   especially static files.

*) core: if the first HTTP/1.1 request on a connection goes to a server that
   prefers different protocols, these protocols are announced in a Upgrade:
   header on the response, mentioning the preferred protocols.

*) mod_http2: new directives 'H2TLSWarmUpSize' and 'H2TLSCoolDownSecs'
   to control TLS record sizes during connection lifetime.

*) mod_http2: new directive 'H2ModernTLSOnly' to enforce security
   requirements of RFC 7540 on TLS connections.

*) core: add ap_get_protocol_upgrades() to retrieve the list of protocols
   that a client could possibly upgrade to. Use in first request on a
   connection to announce protocol choices.

*) mod_http2: reworked deallocation on connection shutdown and worker
   abort. Separate parent pool for all workers. worker threads are joined
   on planned worker shutdown.

*) mod_ssl: when receiving requests for other virtual hosts than the handshake
   server, the SSL parameters are checked for equality. With equal
   configuration, requests are passed for processing. Any change will trigger
   the old behaviour of "421 Misdirected Request".
   SSL now remembers the cipher suite that was used for the last handshake.
   This is compared against for any vhost/directory cipher specification.
   Detailed examination of renegotiation is only done when these do not
   match.
   Renegotiation is 403ed when a master connection is present. Exact reason
   is given additionally in a request note.

*) core: Fix scoreboard crash (SIGBUS) on hardware requiring strict 64bit
   alignment (SPARC64, PPC64).

*) mod_cache: Accept HT (Horizontal Tab) when parsing cache related header
   fields as described in RFC7230.

*) core/util_script: making REDIRECT_URL a full URL is now opt-in
   via new 'QualifyRedirectURL' directive.

*) core: Limit to ten the number of tolerated empty lines between request,
   and consume them before the pipelining check to avoid possible response
   delay when reading the next request without flushing.

*) mod_ssl: Extend expression parser registration to support ssl variables
   in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function
   syntax "ssl(VARNAME)".


To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.41 pkgsrc/www/apache24/Makefile
cvs rdiff -u -r1.22 -r1.23 pkgsrc/www/apache24/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.