- update to 2.4.17
- add support for HTTP/2 (RFC 7540)
- remove obsolate libressl patches [1]
In this release are some exciting new features including:
*) HTTP/2 support via mod_http2 module
*) Support for SO_REUSEPORT in MPMs for significant scalability
Changes with Apache 2.4.17
*) mod_http2: added donated HTTP/2 implementation via core module. Similar
configuration options to mod_ssl. [Stefan Eissing]
*) mod_proxy: don't recyle backend announced "Connection: close" connections
to avoid reusing it should the close be effective after some new request is ready to be sent. [Yann Ylavic]
*) mod_substitute: Allow to configure the patterns merge order with the new
SubstituteInheritBefore on|off directive. PR 57641 [Marc.Stern <Marc.Stern approach.be>, Yann Ylavic, William Rowe]
*) mod_proxy: Fix ProxySourceAddress binding failure with AH00938.
PR 56687. [Arne de Bruijn <apache arbruijn.dds.nl>
*) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3,
and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3", in accordance with RFC 7568. PR 58349, PR 57120. [Kaspar Brand]
*) mod_ssl: append :!aNULL:!eNULL:!EXP to the cipher string settings,
instead of prepending !aNULL:!eNULL:!EXP: (as was the case in 2.4.7 and later). Enables support for configuring the SUITEB* cipher strings introduced in OpenSSL 1.0.2. PR 58213. [Kaspar Brand]
*) mod_ssl: Add support for extracting the msUPN and dnsSRV forms
of subjectAltName entries of type "otherName" into
SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment
variables. Addresses PR 58020. [Jan Pazdziora <jpazdziora redhat.com>,
Kaspar Brand]*) mod_logio: Fix logging of %^FB (time to first byte) on the first request on
an SSL connection. PR 58454. [Konstantin J. Chernov <k.j.chernov gmail.com>]
*) mod_cache: r->err_headers_out is not merged into
r->headers when mod_cache is enabled and the response is cached for the first time. [Edward Lu]
*) mod_slotmem_shm: Fix slots/SHM files names on restart for systems that
can't create new (clear) slots while previous children gracefully stopping still use the old ones (e.g. Windows, OS2). mod_proxy_balancer failed to restart whenever the number of configured balancers/members changed during restart. PR 58024. [Yann Ylavic]
*) core/util_script: make REDIRECT_URL a full URL. PR 57785. [Nick Kew]
*) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
records for scalability. [Yingqi Lu <yingqi.lu@intel.com>, Jeff Trawick, Jim Jagielski, Yann Ylavic]
*) mod_proxy: Fix a race condition that caused a failed worker to be retried
before the retry period is over. [Ruediger Pluem]
*) mod_autoindex: Allow autoindexes when neither mod_dir nor mod_mime are
loaded. [Eric Covener]
*) mod_rewrite: Allow cookies set by mod_rewrite to contain ':' by accepting
';' as an alternate separator. PR47241. [<bugzilla schermesser com>, Eric Covener]
*) apxs: Add HTTPD_VERSION and HTTPD_MMN to the variables available with
apxs -q. PR58202. [Daniel Shahaf <danielsh apache.org>]
*) mod_rewrite: Avoid a crash when lacking correct DB access permissions
when using RewriteMap with MapType dbd or fastdbd. [Christophe Jaillet]
*) mod_authz_dbd: Avoid a crash when lacking correct DB access permissions.
PR 57868. [Jose Kahan <jose w3.org>, Yann Ylavic]
*) mod_socache_memcache: Add the 'MemcacheConnTTL' directive to control how
long to keep idle connections with the memcache server(s). Change default value from 600 usec (!) to 15 sec. PR 58091 [Christophe Jaillet]
*) mod_dir: Prevent the internal identifier "httpd/unix-directory" from
appearing as a Content-Type response header when requests for a directory are rewritten by mod_rewrite. [Eric Covener]
[1] tested by brnrd@