FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us

I am looking for an LTO tape library. Do you have one to spare?
Commit found by message id
Sat, 22 Mar 2014
[ 21:18:21 ohauer ] Original commit   Revision:348808
apache24 www files touched by this commit  An older version of this port was marked as vulnerable. Version 2.4.x of Apache web server
- update to 2.4.9
- enforcing use (apr-1.5.0 instead apr-1.4.8)

Changes with Apache 2.4.9

  *) mod_ssl: Work around a bug in some older versions of OpenSSL that
     would cause a crash in SSL_get_certificate for servers where the
     certificate hadn't been sent. [Stephen Henson]

   *) mod_lua: Add a fixups hook that checks if the original request is intended
      for LuaMapHandler. This fixes a bug where FallbackResource invalidates the
      LuaMapHandler directive in certain cases by changing the URI before the
      handler code executes [Daniel Gruno, Daniel Ferradal <dferradal gmail

Changes with Apache 2.4.8

  *) SECURITY: CVE-2014-0098 (
     Clean up cookie logging with fewer redundant string parsing passes.
     Log only cookies with a value assignment. Prevents segfaults when
     logging truncated cookies.
     [William Rowe, Ruediger Pluem, Jim Jagielski]

  *) SECURITY: CVE-2013-6438 (
     mod_dav: Keep track of length of cdata properly when removing
     leading spaces. Eliminates a potential denial of service from
     specifically crafted DAV WRITE requests
     [Amin Tora <Amin.Tora>]

  *) core: Support named groups and backreferences within the LocationMatch,
     DirectoryMatch, FilesMatch and ProxyMatch directives. (Requires
     non-ancient PCRE library) [Graham Leggett]

  *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
     TE/CL conflicts. [Yann Ylavic < gmail com>, Jim Jagielski]

  *) mod_dir: Add DirectoryCheckHandler to allow a 2.2-like behavior, skipping
     execution when a handler is already set. PR53929. [Eric Covener]

  *) mod_ssl: Do not perform SNI / Host header comparison in case of a
     forward proxy request. [Ruediger Pluem]

  *) mod_ssl: Remove the hardcoded algorithm-type dependency for the
     SSLCertificateFile and SSLCertificateKeyFile directives, to enable
     future algorithm agility, and deprecate the SSLCertificateChainFile
     directive (obsoleted by SSLCertificateFile). [Kaspar Brand]

  *) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
     and IgnoreInherit to allow RewriteRules to be pushed from parent scopes
     to child scopes without explicitly configuring each child scope.
     PR56153.  [Edward Lu <Chaosed0 gmail com>]

  *) prefork: Fix long delays when doing a graceful restart.
     PR 54852 [Jim Jagielski, Arkadiusz Miskiewicz <arekm maven pl>]

  *) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
     5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick]

  *) mod_proxy_wstunnel: Avoid busy loop on client errors, drop message
     IDs 02445, 02446, and 02448 to TRACE1 from DEBUG. PR 56145.
     [Joffroy Christen <joffroy.christen solvaxis com>, Eric Covener]

  *) mod_remoteip: Correct the trusted proxy match test. PR 54651.
     [Yoshinori Ehara <yoshinori ehara gmail com>, Eugene L <eugenel amazon

  *) mod_proxy_fcgi: Fix error message when an unexpected protocol version
     number is received from the application.  PR 56110.  [Jeff Trawick]

  *) mod_remoteip: Use the correct IP addresses to populate the proxy_ips field.
     PR 55972. [Mike Rumph]

  *) mod_lua: Update r:setcookie() to accept a table of options and add domain,
     path and httponly to the list of options available to set.
     PR 56128 [Edward Lu <Chaosed0 gmail com>, Daniel Gruno]

  *) mod_lua: Fix r:setcookie() to add, rather than replace,
     the Set-Cookie header. PR56105
     [Kevin J Walters <kjw ms com>, Edward Lu <Chaosed0 gmail com>]

  *) mod_lua: Allow for database results to be returned as a hash with
     row-name/value pairs instead of just row-number/value. [Daniel Gruno]

  *) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to
     %{REMOTE_ADDR}. PR 56094. [Edward Lu <Chaosed0 gmail com>]

  *) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
     save the socket for reuse by the next worker as if it were an
     APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]

  *) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a URL
     that was just rewritten by mod_rewrite. PR53929. [Eric Covener]

  *) mod_session: When we have a session we were unable to decode,
     behave as if there was no session at all. [Thomas Eckert
     <thomas.r.w.eckert gmail com>]

  *) mod_session: Fix problems interpreting the SessionInclude and
     SessionExclude configuration. PR 56038. [Erik Pearson

  *) mod_authn_core: Allow <AuthnProviderAlias>'es to be seen from auth
     stanzas under virtual hosts. PR 55622. [Eric Covener]

  *) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
     30 seconds timeout. [Jan Kaluza]

  *) mod_proxy: Added support for unix domain sockets as the
     backend server endpoint [Jim Jagielski, Blaise Tarr
     <blaise tarr gmail com>]

  *) build: only search for modules (config*.m4) in known subdirectories, see
     build/config-stubs. [Stefan Fritsch]

  *) mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk.
     PR 55833. [Eric Covener]

  *) mod_ssl: Add support for OpenSSL configuration commands by introducing
     the SSLOpenSSLConfCmd directive. [Stephen Henson, Kaspar Brand]

  *) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
     is equivalent to <ProxyMatch wildcard-url>. [Christophe Jaillet]

  *) mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
     mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
     require directives. [Graham Leggett]

  *) mod_proxy_http: Core dumped under high load. PR 50335.
     [Jan Kaluza <jkaluza>]

  *) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
     previously limited to 64MB. [Jens LAY=AY=s <jelaas>]

  *) mod_lua: Use binary copy when dealing with uploads through r:parsebody()
     to prevent truncating files. [Daniel Gruno]

Changes with Apache 2.4.7

  *) APR 1.5.0 or later is now required for the event MPM.

  *) slotmem_shm: Error detection. [Jim Jagielski]

  *) event: Use skiplist data structure. [Jim Jagielski]

  *) event: Fail at startup with message AP02405 if the APR atomic
     implementation is not compatible with the MPM.  [Jim Jagielski]

  *) mpm_unix: Add ap_mpm_podx_* implementation to avoid code duplication
     and align w/ trunk. [Jim Jagielski]

  *) Fix potential rejection of valid MaxMemFree and ThreadStackSize
     directives.  [Mike Rumph <mike.rumph>]

  *) mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
     An individual envvar with an encoded length of more than 16K will be
     omitted.  [Jeff Trawick]

  *) mod_proxy_fcgi: Handle reading protocol data that is split between
     packets.  [Jeff Trawick]

  *) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
     allowing custom parameters to be configured via SSLCertificateFile,
     and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
     Unless custom parameters are configured, the standardized parameters
     are applied based on the certificate's RSA/DSA key size. [Kaspar Brand]

  *) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand]

  *) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
     keys, and unconditionally disable aNULL, eNULL and EXP ciphers
     (not overridable via SSLCipherSuite). [Kaspar Brand]

  *) mod_proxy: Added support for unix domain sockets as the
     backend server endpoint [Jim Jagielski, Blaise Tarr
     <blaise tarr gmail com>]

  *) Add experimental cmake-based build system for Windows.  [Jeff Trawick,
     Tom Donovan]

  *) event MPM: Fix possible crashes (third party modules accessing c->sbh)
     or occasional missed mod_status updates for some keepalive requests
     under load. [Eric Covener]

  *) mod_authn_socache: Support optional initialization arguments for
     socache providers.  [Chris Darroch]

  *) mod_session: Reset the max-age on session save. PR 47476. [Alexey
     Varlamov <alexey.v.varlamov gmail com>]

  *) mod_session: After parsing the value of the header specified by the
     SessionHeader directive, remove the value from the response. PR 55279.
     [Graham Leggett]

  *) mod_headers: Allow for format specifiers in the substitution string
     when using Header edit. [Daniel Ruggeri]

  *) mod_dav: dav_resource->uri is treated as unencoded. This was an
     unnecessary ABI changed introduced in 2.4.6. PR 55397.

  *) mod_dav: Don't require lock tokens for COPY source. PR 55306.

  *) core: Don't truncate output when sending is interrupted by a signal,
     such as from an exiting CGI process. PR 55643. [Jeff Trawick]

  *) WinNT MPM: Exit the child if the parent process crashes or is terminated.
     [Oracle Corporation]

  *) Windows: Correct failure to discard stderr in some error log
     configurations.  (Error message AH00093)  [Jeff Trawick]

  *) mod_session_crypto: Allow using exec: calls to obtain session
     encryption key.  [Daniel Ruggeri]

  *) core: Add missing Reason-Phrase in HTTP response headers.
     PR 54946. [Rainer Jung]

  *) mod_rewrite: Make rewrite websocket-aware to allow proxying.
     PR 55598. [Chris Harris <chris.harris kitware com>]

  *) mod_ldap: When looking up sub-groups, use an implicit objectClass=*
     instead of an explicit cn=* filter. [David Hawes <dhawes>]

  *) ab: Add wait time, fix processing time, and output write errors only if
     they occured. [Christophe Jaillet]

  *) worker MPM: Don't forcibly kill worker threads if the child process is
     exiting gracefully.  [Oracle Corporation]

  *) core: apachectl -S prints wildcard name-based virtual hosts twice.
     PR54948 [Eric Covener]

  *) mod_auth_basic: Add AuthBasicUseDigestAlgorithm directive to
     allow migration of passwords from digest to basic authentication.
     [Chris Darroch]

  *) ab: Add a new -l parameter in order not to check the length of the
     This can be usefull with dynamic pages.
     PR9945, PR27888, PR42040 [<ccikrs1 cranbrook edu>]

  *) Suppress formatting of startup messages written to the console when
     ErrorLogFormat is used.  [Jeff Trawick]

  *) mod_auth_digest: Be more specific when the realm mismatches because the
     realm has not been specified. [Graham Leggett]

  *) mod_proxy: Add a note in the balancer manager stating whether changes
     will or will not be persisted and whether settings are inherited.
     [Daniel Ruggeri, Jim Jagielski]

  *) mod_cache: Avoid a crash with strcmp() when the hostname is not provided.
     [Graham Leggett]

  *) core: Add util_fcgi.h and associated definitions and support
     routines for FastCGI, based largely on mod_proxy_fcgi.
     [Jeff Trawick]

  *) mod_headers: Add 'Header note header-name note-name' for copying a response
     headers value into a note. [Eric Covener]

  *) mod_headers: Add 'setifempty' command to Header and RequestHeader.
     [Eric Covener]

  *) mod_logio: new format-specifier %S (sum) which is the sum of received
     and sent byte counts.
     PR54015 [Christophe Jaillet]

  *) mod_deflate: Improve error detection when decompressing request bodies
     with trailing garbage: handle case where trailing bytes are in
     the same bucket. [Rainer Jung]

  *) mod_authz_groupfile, mod_authz_user: Reduce severity of AH01671 and AH01663
     from ERROR to DEBUG, since these modules do not know what mod_authz_core
     is doing with their AUTHZ_DENIED return value. [Eric Covener]

  *) mod_ldap: add TRACE5 for LDAP retries. [Eric Covener]

  *) mod_ldap: retry on an LDAP timeout during authn. [Eric Covener]

  *) mod_ldap: Change "LDAPReferrals off" to actually set the underlying LDAP
     SDK option to OFF, and introduce "LDAPReferrals default" to take the SDK
     default, sans rebind authentication callback.
     [Jan Kaluza <kaluze AT>]

  *) core: Log a message at TRACE1 when the client aborts a connection.
     [Eric Covener]

  *) WinNT MPM: Don't crash during child process initialization if the
     Listen protocol is unrecognized.  [Jeff Trawick]

  *) modules: Fix some compiler warnings. [Guenter Knauf]

  *) Sync 2.4 and trunk
       - Avoid some memory allocation and work when TRACE1 is not activated
       - fix typo in include guard
       - indent
       - No need to lower the string before removing the path, it is just a
waste of time...
       - Save a few cycles
     [Christophe Jaillet <christophe.jaillet>]

  *) mod_filter: Add "change=no" as a proto-flag to FilterProtocol
     to remove a providers initial flags set at registration time.
     [Eric Covener]

  *) core, mod_ssl: Enable the ability for a module to reverse the sense of
     a poll event from a read to a write or vice versa. This is a step on
     the way to allow mod_ssl taking full advantage of the event MPM.
     [Graham Leggett]

  *) Install proper pcre DLL file during debug build install.
     PR 55235.  [Ben Reser <ben reser org>]

  *) mod_ldap: Fix a potential memory leak or corruption.  PR 54936.
     [Zhenbo Xu <zhenbo1987 gmail com>]

  *) ab: Fix potential buffer overflows when processing the T and X
     command-line options.  PR 55360.
     [Mike Rumph <mike.rumph>]

  *) fcgistarter: Specify SO_REUSEADDR to allow starting a server
     with old connections in TIME_WAIT.  [Jeff Trawick]

  *) core: Add open_htaccess hook which, in conjunction with dirwalk_stat
     and post_perdir_config (introduced in 2.4.5), allows mpm-itk to be
     used without patches to httpd core. [Stefan Fritsch]

  *) support/htdbm: fix processing of -t command line switch. Regression
     introduced in 2.4.4
     PR 55264 [Jo Rhett <jrhett netconsonance com>]

  *) mod_lua: add websocket support via r:wsupgrade, r:wswrite, r:wsread
     and r:wsping. [Daniel Gruno]

  *) mod_lua: add support for writing/reading cookies via r:getcookie and
     r:setcookie. [Daniel Gruno]

  *) mod_lua: If the first yield() of a LuaOutputFilter returns a string, it
     be prefixed to the response as documented. [Eric Covener]
     Note: Not present in 2.4.7 CHANGES

  *) mod_lua: Remove ETAG, Content-Length, and Content-MD5 when a
     is configured without mod_filter. [Eric Covener]
     Note: Not present in 2.4.7 CHANGES

  *) mod_lua: Register LuaOutputFilter scripts as changing the content and
     content-length by default, when run my mod_filter.  Previously,
     growing or shrinking a response that started with Content-Length set
     would require mod_filter and FilterProtocol change=yes. [Eric Covener]
     Note: Not present in 2.4.7 CHANGES

  *) mod_lua: Return a 500 error if a LuaHook* script doesn't return a
     numeric return code. [Eric Covener]
     Note: Not present in 2.4.7 CHANGES

Number of ports [& non-ports] in this commit: 1

show all files

User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
How big is it?
The latest upgrade!

Enter Keywords:

Latest Vulnerabilities
asterisk11Sep 18
squidSep 18
squid33Sep 18
dbusSep 17
nginxSep 16
nginx-develSep 16
phpmyadminSep 13
ossec-hids-clientSep 11
ossec-hids-localSep 11
ossec-hids-serverSep 11
chromiumSep 09
trafficserverSep 05
apache22*Sep 03
apache22-event-mpm*Sep 03
apache22-itk-mpm*Sep 03

8 vulnerabilities affecting 19 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Deleted ports
Sanity Test Failures

NEW Graphs (Javascript)

Calculated hourly:
Port count 24132
Broken 116
Deprecated 46
Ignore 370
Forbidden 3
Restricted 205
Vulnerable 20
Expired 1
Set to expire 41
Interactive 0
new 24 hours 72
new 48 hours78
new 7 days93
new fortnight144
new month302

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.