[PATCH] apache: Update to 2.4.63

[Matthias Fischer <matthias.fischer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 6083 bytes --]

For details see:
https://dlcdn.apache.org/httpd/CHANGES_2.4.63

"Changes with Apache 2.4.63

  *) mod_dav: Update redirect-carefully example BrowserMatch config
     to match more recent client versions.  PR 66148, 67039.
     [Michal Maloszewski <michal.maloszewski canonical.com>,
      Romain Tartière <romain blogreen.org>]

  *) mod_cache_socache: Fix possible crash on error path. PR 69358.
     [Ruediger Pluem]

  *) mod_ssl: Fail cleanly at startup if OpenSSL initialization fails.
     [StephenWall]

  *) mod_md: update to version 2.4.31
     - Improved error reporting when waiting for ACME server to verify domains
       or finalizing the order fails, e.g. times out.
     - Increasing the timeouts to wait for ACME server to verify domain names
       and issue the certificate from 30 seconds to 5 minutes.
     - Change a log level from error to debug when Stapling is enabled but a
       certificate carries no OCSP responder URL.

  *) mod_proxy_balancer: Fix the handling of the stickysession configuration
     parameter by the balancer manager. PR 69510
     [Yutaka Tokunou <tokunou.yutaka(a)fujitsu.com>]

  *) Add the ldap-search option to mod_authnz_ldap, allowing authorization
     to be based on arbitrary expressions that do not include the username.
     Make sure that when ldap searches are too long, we explicitly log the
     error. [Graham Leggett]

  *) mod_proxy: Honor parameters of ProxyPassMatch workers with substitution
     in the host name or port. PR 69233. [Yann Ylavic]

  *) mod_log_config: Fix merging for the "LogFormat" directive.
     PR 65222. [Michael Kaufmann <mail michael-kaufmann.ch>]

  *) mod_lua: Make r.ap_auth_type writable.  PR 62497.
     [Michael Osipov <michaelo apache.org>]

  *) mod_md: update to version 2.4.29
     - Fixed HTTP-01 challenges to not carry a final newline, as some ACME
       server fail to ignore it. [Michael Kaufmann (@mkauf)]
     - Fixed missing label+newline in server-status plain text output when
       MDStapling is enabled.

  *) mod_ssl: Restore support for loading PKCS#11 keys via ENGINE
     without "SSLCryptoDevice" configured.  [Joe Orton]

  *) mod_authnz_ldap: Fix possible memory corruption if the
     AuthLDAPSubGroupAttribute directive is configured.  [Joe Orton]

  *) mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME when set via SetHandler.
     PR 69203. [Yann Ylavic]

  *) mod_rewrite, mod_proxy: mod_proxy to canonicalize rewritten [P] URLs,
     including "unix:" ones.  PR 69235, PR 69260.  [Yann Ylavic, Ruediger Pluem]

  *) mod_rewrite: Error out in case a RewriteRule in directory context uses the
     proxy, but mod_proxy is not loaded. PR 56264.
     [Christophe Jaillet, Michael Streeter <mstreeter1(a)gmail.com>]

  *) http: Remove support for Request-Range header sent by Navigator 2-3 and
     MSIE 3. [Stefan Fritsch]

  *) mod_rewrite: Don't require [UNC] flag to preserve a leading //
     added by applying the perdir prefix to the substitution.
     [Ruediger Pluem, Eric Covener]

  *) Windows: Restore the ability to "Include" configuration files on UNC
     paths. PR 69313 [Eric Covener]

  *) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs
     in <Location> (incomplete fix in 2.4.62). PR 69160. [Yann Ylavic]

  *) mod_md: update to version 2.4.28
     - When the server starts, it looks for new, staged certificates to
       activate. If the staged set of files in 'md/staging/<domain>' is messed
       up, this could prevent further renewals to happen. Now, when the staging
       set is present, but could not be activated due to an error, purge the
       whole directory. [icing]
     - Fix certificate retrieval on ACME renewal to not require a 'Location:'
       header returned by the ACME CA. This was the way it was done in ACME
       before it became an IETF standard. Let's Encrypt still supports this,
       but other CAs do not. [icing]
     - Restore compatibility with OpenSSL < 1.1. [ylavic]

  *) mod_tls: removed the experimental module. It now is availble standalone
     from https://github.com/icing/mod_tls. The rustls provided API is not
     stable and does not align with the httpd release cycle.
     [Stefan Eissing]

  *) mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F.
     PR 69197. [Yann Ylavic, Eric Covener]

  *) mod_http2: Return connection monitoring to the event MPM when blocking
     on client updates. [Stefan Eissing, Yann Ylavic]"

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/apache2 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/apache2 b/lfs/apache2
index 428ef3419..4abf21793 100644
--- a/lfs/apache2
+++ b/lfs/apache2
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2025  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,7 +25,7 @@
 
 include Config
 
-VER        = 2.4.62
+VER        = 2.4.63
 
 THISAPP    = httpd-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 0e5c3b05819771e6ff72933ad715695199a32c384f63de6598e179ff5803580f04639437829305150305c9a2b7d309178552d8c9a2d7248a034c98f445193b95
+$(DL_FILE)_BLAKE2 = adc4b3ad640919a2df1eaae9a4a7d004f60b2d59a6fa4a624c7e97758c0e244378cb06f11d69a54e789dd216f8f3fb8e967b2e01fd3bdab10ce1ae332d2a4d07
 
 install : $(TARGET)
 
-- 
2.43.0