Number of commits found: 34

- Workaround a sh segfault on 6-STABLE

Reported by:    many

- Update to 2.0.63
- Use BDB from bsd.database.mk instead of homebrew [1]

PR:             ports/119712 [1]
Submitted by:   mm [1]

Switch autoconf dependencies from 2.53 or 2.59 to 2.61.

PR:             ports/116639
Submitted by:   aDe

- Fix profiles support in startup script [1]
- move envvars support to the beginning of apache2_checkconfig() to be
  sure we're using envvars during configtest [2]

PR:             ports/116401 [1],
                ports/116329 [2]
Submitted by:   kevin brintnall <kbrint@rufus.net> [1],
                Ruud Althuizen <ruud@il.fontys.nl>

- Re-add apache2ssl_enable support

Noticed by:      Oliver Brandmueller <ob at e-Gitt dot NET>

- Update to 2.0.61
- sync' startup script with www/apache22

- Remove the DESTDIR modifications from individual ports as we have a new,
  fully chrooted DESTDIR, which does not need such any more.

Sponsored by:   Google Summer of Code 2007
Approved by:    portmgr (pav)

Remove thttpd from conflicts list, it has a different name for its
passwd program now.

Approved by:    maintainers/erwin

- Fix typo

- Add itk MPM
  mpm-itk allows you to run each of your vhost under a separate UID and GID
  WWW: http://home.samfundet.no/~sesse/mpm-itk/
- use LD_CONFIG

- Update to 2.0.59

- Fix security issue in mod_rewrite.
All people using mod_rewrite are strongly encouraged to update.

An off-by-one flaw exists in the Rewrite module, mod_rewrite.
Depending on the manner in which Apache httpd was compiled, this
software defect may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration
files, could be triggered remotely.  For vulnerable builds, the nature
of the vulnerability can be denial of service (crashing of web server
processes) or potentially allow arbitrary code execution.
This issue has been rated as having important security impact
by the Apache HTTP Server Security Team

Updates to latest versions will follow soon.

Notified by:    so@ (simon)
Obtained from:  Apache Security Team
Security:       CVE-2006-3747

Remove USE_REINPLACE from categories starting with W

- Remove obsolete patch which add support to Windows Update Service when
  apache acts as a proxy.

Reported by:    Bjoern Voigt <bjoern@cs.tu-berlin.de>

- Fix plist

Spotted by:     mnag
Pointy hat to:  clement

- Update to 2.0.58

Conversion to a single libtool environment.

Approved by:    portmgr (kris)

Chase shlib bump of libexpat.

- Finish cleanups and fix build with threads enables.

- remove print-closest-mirror target from apache20 Makefile

Noticed by:     erwin, pav,  KOMATSU Shinichiro <koma2@lovepeers.org> [1]
PR:             ports/91849 [1]
Pointy hat to:  clement

Cleanups and fixes
- remove useless options (and fix thread stuff) [1]
- move print-closest-mirror to bsd.apache.mk
- move threads configure options out of Makefile.modules
- Fix stupid logic to disable v4mapped address [2]
- and more...

Submitted/spotted by:   many, Hirohisa Yamaguchi <umq@ueo.co.jp> [1]
                        ume[2]
PR:                     ports/91813 [1]

SECURITY: CVE-2005-3352 (cve.mitre.org)
     mod_imap: Escape untrusted referer header before outputting in HTML
     to avoid potential cross-site scripting.  Change also made to
     ap_escape_html so we escape quotes.  Reported by JPCERT.
     [Mark Cox]

Reported by:    simon

- Various package fixes
- Bump PORTREVISION

- resync' with www/apache2

Mass-conversion to the USE_AUTOTOOLS New World Order.  The code present
in bsd.autotools.mk essentially makes this a no-op given that all the
old variables set a USE_AUTOTOOLS_COMPAT variable, which is parsed in
exactly the same way as USE_AUTOTOOLS itself.

Moreover, USE_AUTOTOOLS has already been extensively tested by the GNOME
team -- all GNOME 2.12.x ports use it.

Preliminary documentation can be found at:
        http://people.FreeBSD.org/~ade/autotools.txt

which is in the process of being SGMLized before introduction into the
Porters Handbook.

Light blue touch-paper.  Run.

Use the proper syntax for groups when using ${MASTER_SITE_foo}

Approved by:    MAINTAINER timeout (2 weeks)

- Update to 2.0.55

- Apply openssl 0.9.8 fix by default. OpenSSL 0.9.8 is now the default
  from ports

Reported by:    erwin

- Hook www/apache20 to the build. It fixes some errors in INDEX build with
  exp build

Reported by:    kris

- Sync with www/apache2

- make sure SSL dependency doesn't exists if WITHOUT_MODULES_SSL is defined

- Add fix for CAN-2005-2088
From Changelog:
  *) SECURITY: CAN-2005-2088
     core: If a request contains both Transfer-Encoding and Content-Length
     headers, remove the Content-Length, mitigating some HTTP Request
     Splitting/Spoofing attacks.  [Paul Querna, Joe Orton]

- Rename previous patch to CVE ID
- bump PORTREVISION

Security:       CAN-2005-2088
Obtained From: Apache repository

Security: fix a buffer overrun in ssl_callback_SSLVerify_CRL()
Reported by:    thierry

- Sync with www/apache2

Number of commits found: 34

10 vulnerabilities affecting 29 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities