FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

I am looking for an LTO tape library. Do you have one to spare?
Commit found by message id
Sat, 2 Mar 2013
[ 19:31:50 ohauer ] Original commit   Revision:313287
apache22 www files touched by this commit  An older version of this port was marked as vulnerable. Version 2.2.x of Apache web server with prefork MPM.
apache22-itk-mpm www files touched by this commit  An older version of this port was marked as vulnerable. Version 2.2.x of Apache web server with itk MPM.
- update to version 2.2.24
- move mpm itk patches to itk-mpm/files dir
- add sshd to REQUIRE line in the rc script to prevent boot
  issues in case a SSL cert is password protected [1]

Changes with Apache 2.2.24
 SECURITY: CVE-2012-3499 (cve.mitre.org) Various XSS flaws due to
 unescaped hostnames and URIs HTML output in mod_info, mod_status,
 mod_imagemap, mod_ldap, and mod_proxy_ftp.  [Jim Jagielski, Stefan
 Fritsch, Niels Heinen <heinenn google com>]

 SECURITY: CVE-2012-4558 (cve.mitre.org)
 XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
 Niels Heinen <heinenn google com>]

 mod_rewrite: Stop merging RewriteBase down to subdirectories
 unless new option 'RewriteOptions MergeBase' is configured.
 Merging RewriteBase was unconditionally turned on in 2.2.23.
 PR 53963. [Eric Covener]

 mod_ssl: Send the error message for speaking http to an https port using
 HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
 using SNI. PR 50823. [Stefan Fritsch]

 mod_ssl: log revoked certificates at level INFO
 instead of DEBUG. PR 52162. [Stefan Fritsch]

 mod_proxy_ajp: Support unknown HTTP methods. PR 54416.
 [Rainer Jung]

 mod_dir: Add support for the value 'disabled' in FallbackResource.
 [Vincent Deffontaines]

 mod_ldap: Fix regression in handling "server unavailable" errors on
 Windows.  PR 54140.  [Eric Covener]

 mod_ssl: fix a regression with the string rendering of the "UID" RDN
 introduced in 2.2.15. PR 54510. [Kaspar Brand]

 ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
 to more accurately report the negotiated protocol. PR 53916.
 [Nicolás Pernas Maradei <nico emutex com>, Kaspar Brand]

 mod_cache: Explicitly allow cache implementations to cache a 206 Partial
 Response if they so choose to do so. Previously an attempt to cache a 206
 was arbitrarily allowed if the response contained an Expires or
 Cache-Control header, and arbitrarily denied if both headers were missing
 Currently the disk and memory cache providers do not cache 206 Partial
 Responses. [Graham Leggett]

 core: Remove unintentional APR 1.3 dependency introduced with
 Apache 2.2.22. [Eric Covener]

 core: Use a TLS 1.0 close_notify alert for internal dummy connection if
 the chosen listener is configured for https. [Joe Orton]

 mod_ssl: Add new directive SSLCompression to disable TLS-level
   compression. PR 53219.

[1] requested by Andrew Filonov
    (freebsd-apache/2012-September/002962.html)

with head apache@

Number of ports [& non-ports] in this commit: 2

Showing files for just one port: www/apache22

show all files

hide all files


12 files found
ActionRevisionLinksFile
modify 313287 View diff View revision /ports/head/www/apache22-itk-mpm/Makefile
import 313287 View revision /ports/head/www/apache22-itk-mpm/files
import 313287 View revision /ports/head/www/apache22-itk-mpm/files/mpm-itk-20110321-01
import 313287 View revision /ports/head/www/apache22-itk-mpm/files/mpm-itk-limits
import 313287 View revision /ports/head/www/apache22-itk-mpm/files/mpm-itk-perdir-regex
modify 313287 View diff View revision /ports/head/www/apache22/Makefile
modify 313287 View diff View revision /ports/head/www/apache22/Makefile.modules
modify 313287 View diff View revision /ports/head/www/apache22/distinfo
modify 313287 View diff View revision /ports/head/www/apache22/files/apache22.in
remove 313287 View revision /ports/head/www/apache22/files/mpm-itk-20110321-01
remove 313287 View revision /ports/head/www/apache22/files/mpm-itk-limits
remove 313287 View revision /ports/head/www/apache22/files/mpm-itk-perdir-regex
Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
asterisk11Sep 18
squidSep 18
squid33Sep 18
dbusSep 17
nginxSep 16
nginx-develSep 16
phpmyadminSep 13
ossec-hids-clientSep 11
ossec-hids-localSep 11
ossec-hids-serverSep 11
chromiumSep 09
trafficserverSep 05
apache22*Sep 03
apache22-event-mpm*Sep 03
apache22-itk-mpm*Sep 03

8 vulnerabilities affecting 19 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds


Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 24131
Broken 116
Deprecated 45
Ignore 370
Forbidden 3
Restricted 205
No CDROM 94
Vulnerable 20
Expired 1
Set to expire 40
Interactive 0
new 24 hours 0
new 48 hours74
new 7 days93
new fortnight142
new month300


Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.