A ports freeze means that commits will be few and far between and only by approval.

Number of commits found: 26

- retire www/apache2

- Update to 2.0.55

- Update to 2.0.54

- Update to 2.0.53
- Download bz2'd tarball [1]
- Add print-closest-mirrors target.
  It allows you to find the 6 (3 http/3 ftp) closest mirror,
  base on http://www.apache.org/dyn/closer.cgi/httpd/
  make print-closest-mirrors >> /etc/make.conf automatically add
  the six closest mirror to the head of ${MASTER_SITE_APACHE_HTTPD}.

Requested by:   delphij

- Update to 2.0.52
- Use "PORTDOCS= #" and get rid of docs entry in plist.
- Support for FreeBSD 6 in apr
- Move of cache modules from THREADS to EXPERIMENTAL category and make
  sure we enable THREADS modules (cgid only) when a threaded MPM is
  selected.
- Resurect WITH_EXTRA_MODULES knob
- powerlogo.gif is now hosted by FreeBSD mirrors
- WITH_<category> is definitively no longer supported.
- Add Includes dir when installed via a package [1]

PR:             ports/72309 [1]
Submitted by:   Christian Kratzer <ck at cksoft dot de> [1]

- Update to 2.0.50
  Important changes:
  *) SECURITY: CAN-2004-0493 (cve.mitre.org)
     Close a denial of service vulnerability identified by Georgi
     Guninski which could lead to memory exhaustion with certain
     input data.  [Jeff Trawick]
  *) SECURITY: CAN-2004-0488 (cve.mitre.org)
     mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
     (trusted) client certificate subject DN which exceeds 6K in length.
     [Joe Orton]
  Details can be found here:
        http://www.apache.org/dist/httpd/CHANGES_2.0
- Use autoconf 2.59
- Add add SUEXEC_LOGFILE tunable to set suexec logfile [1]
- Silently ignore removal of libexec/apache2 directory

(Only the first 15 lines of the commit message are shown above )

- import buildconf patch in ports tree.
  It has been living out the tree for historical reason.

Update to 2.0.49

Full ChangeLogand announcement:
http://www.apache.org/dist/httpd/Announcement2.html

Port changes:
- buildconf patches improvement
- Fix typo [1]

PR:             64297 [1]
Submitted by:   TSUMAI Yasuyuki <ral@ta-ko.jp> [1]

- Add windowsupdate.com mod_proxy fix. [1]
  you must define WITH_WINDOWSUPDATEFIX
- Fix typo/reword Makefile.doc [2]

PR:             62610 [1], 62757 [2]
Submitted by:   leafy <leafy@leafy.idv.tw> [1],
                Linh Pham <question+freebsdpr@closedsrc.org> [2]

- Fix typo in SLAVE_DESIGNED_FOR check [1]
- Make ldap fix optional, since it may break LDAP auth [2]
  Please use WITH_LDAPFIX if you need the fix.
- Improve pthreads support
- SIZEify distinfo

Submitted by:           mharo [1]
Discussed with:         Robin P. Blanchard <robin.blanchard@gactr.uga.edu> [2]

Apache2 PORTREVISION 2:
- Move docs-related stuff to Makefile.doc
- Better MPM handling (for slave ports)
- Fix HTTP_PORT behaviour
- Make suExec more configurable [1]
- Now config script are regenerated by buildconfig, to improve slave
  ports support and minimize apr/apache2 ports conflict [2]
- Fix typo in AUTH_MODULES routine [3] [4]
- apr threaded support [5]
- Fix Segmentation fault with LDAP [6]
- Add db42 support. [7] (just uncomment related lines
  if you installed it from shar)
- add SLAVE_DESIGNED_FOR variable for slave ports to
  automaticaly mark them as BROKEN, if they are out of sync with
  apache2

(Only the first 15 lines of the commit message are shown above )

Update to 2.0.48, which has corrections for two security bugs:
- CAN-2003-0789:  information leak in mod_cgid
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789>
- CAN-2003-0542:  buffer overflow in mod_alias and mod_rewrite
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542>

Use a DIST_SUBDIR.  Use the DOCSDIR macro.

Add options: HTTP_PORT, IPV6_V6ONLY, NO_CGI, NO_ERROR, NO_ICONS,
NO_WWW, NO_WWWDATA, WITHOUT_AUTH, WITHOUT_DAV, WITHOUT_MODULES,
WITHOUT_MODULES, WITHOUT_PROXY, WITH_ALL_STATIC_APACHE, WITH_BERKELEYDB,
WITH_CUSTOM_AUTH, WITH_CUSTOM_PROXY, WITH_DBM, WITH_EXTRA_MODULES,
WITH_MODULES, WITH_MPM, WITH_STATIC_APACHE, WITH_STATIC_MODULES and
WITH_STATIC_SUPPORT

PR:             58654
Submitted by:   Clement Laforet (maintainer)

Update 2.0.46 --> 2.0.47

Approved by:    MAINTAINER (dominic.marks@btinternet.com)
Notified by:    striker@apache.org on announce@apache.org

[SECURITY FIX]
Update to 2.0.46

See vulnerability details at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0189

PR:             52768 [1]
Submitted by:   Xin Li <delphij@freebsdchina.org> [1],
                Miguel Mendez <flynn@energyhq.es.eu.org>,
                Trevor Johnson <trevor@FreeBSD.org>,
                Mark Gooderum <mark@verniernetworks.com>,
                John Walsh <zed@maths.tcd.ie>

Update to 2.0.45. This update fixes a DDOS vulnerability.

PR:             50564 [1]
Submitted by:   Cy Schubert <cy@FreeBSD.org>, delphij@hotmail.com [1]
Requested by:   many

Update to 2.0.44

New knob IPV6_V6ONLY=yes disables accepting v4 connection via v4-mapped
v6 socket.

Update to apache 1.3.27 and 2.0.43.  This fixes a security vulnerability.
Mark apache13-ssl FORBIDDEN because the new version does not yet exist.

Partially based on patches submitted by below authors.

Submitted by:   "Sergey A. Osokin" <osa@freebsd.org.ru>,
                Udo Schweigert <udo.schweigert@siemens.com>,
                Lev A. Serebryakov <lev@serebryakov.spb.ru>
PR:             ports/43682, ports/43688, ports/43666, ports/43681

Update to 2.0.42

Approved by:    will (portmgr)

Update to 2.0.40

- Update to 2.0.39, the emergency security update.
- Unmark FORBIDDEN

PR:             ports/39477
Submitted by:   maintainer

1.  Upgrade 2.0.35 --> 2.0.36

2.  Port printed message to "pw userdel www" if port removed permanently.
    However master.passwd 1.25.2.5 has user www by default, so this is no
    longer correct advice.  Removed pkg-deinstall to correct this.

PR:             37849 and 36907
Approved by:    MAINTAINER:  Hye-Shik Chang <perky@fallin.lv>

Update to 2.0.35 (first GA release!)

PR:             36834
Submitted by:   maintainer

Update to 2.0.32

PR:             36040
Submitted by:   maintainer

Fix a problem that apache release can't detach from launcher's   terminal    

Update to 2.0.28    

Bring in Apache 2.0.16-beta.  Just in time for the release...    

Number of commits found: 26

12 vulnerabilities affecting 20 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities