Number of commits found: 42

 - Update to 2.2.9
 - Add a note to UPDATING about the forced build of subversion
   because of apr/apu bumped version.

- Update to 2.2.8
- Update documentation
- Use BDB from bsd.databases.mk instead of homebrew [1]

PR:             ports/119711 [1]
Submitted by:   mm [1]

- Fix slave ports [1]
- Fix plist [2]
- Fix CONFLICTS with devel/apr-svn [3]
- Fix install when index.html is modified
- Bump PORT_REVISION

PR:             ports/118348 [1], ports/118338 [2],ports/117097 [2]
                ports/90088 [3], ports/118349 [3]
Submitted by:   Andrey Beresovsky <and at sfedu dot ru> [1],
                Dimitry Andric <dimitry at andric dot com> [2],
                YAMAMOTO Takao <yamamoto at computec dot co dot jp>
                Melvyn Sopacua <melvyn atmelvyn dot homeunix dot org> [3],
                Dominic Fandrey <lon_kamikaze at gmx dot de> [3]

Switch autoconf dependencies from 2.53 or 2.59 to 2.61.

PR:             ports/116639
Submitted by:   aDe

- Make port more OPTIONS compliant (more OPTIONS workarounds)
- Add some IGNORE entries to warn users when the choose conflicting options

- Fix PCRE_FROM_PORTS. it wasn't processed by OPTIONS stff [1]
  (I forgot to re-apply the patch locally)

Reminded by:    bland@

- Fix PCRE_FROM_PORTS. it wasn't processed by OPTIONS stff [1]
- Preserve index.html
- We no longer install images in default DocumentRoot (there're still in icons/)
- Various plist cleanup
- bump PORTREVISION since we are now safe with index.html

Reminded by:    bland@

- remove duplicate entry of mod_charset_lite [1]
- add PCRE_FROM_PORTS to OPTIONS
- use @dirrmtry for include/apache22
- workaround plist issues when upgrading, but it's not as safe as I
  would expect, it requires more work.

Spotted by:     bland@ [1]

- Add experimental support of OPTIONS.
  From UPDATING:

  By popular request, OPTIONS support has been added. When actived
  (default), these knobs are ignored:
          * WITH_<CATEGORY>_MODULES
          * WITHOUT_<CATEGORY>_MODULES
          * WITH_CUSTOM_<CATEGORY>
          * WITH_MODULES
          * WITHOUT_MODULES
          * WITH_STATIC_MODULES
  However, you can disable OPTIONS by defining WITHOUT_APACHE_OPTIONS.

- move envvars support to the beginning of apache22_checkconfig() to be
  sure we're using envvars during configtest [1]

PR:             ports/116329 [1]
Submitted by:   Ruud Althuizen <ruud@il.fontys.nl> [1]

- Import MySQL DBD backend
  This will definitively fix checksum mismatches. Time to investigate...

Reported by:    many

\

- Cleanup MPM selection
- Update mpm itk to 20070425-00

- Update to 2.2.6
- Fix restart when profiles are used [1]

Submitted by:   Jarrod Sayers <jarrod at netleader dot com dot au>

- Remove the DESTDIR modifications from individual ports as we have a new,
  fully chrooted DESTDIR, which does not need such any more.

Sponsored by:   Google Summer of Code 2007
Approved by:    portmgr (pav)

- Add htcacheclean startup script [1]
- Add support for PCRE from ports (WITH_PCRE_FROM_PORTS) [2]
- Install split-logfile [3]

Submitted by:   Christopher Shumway <cshumway at titan-project dot org> [1]
Requested by:   Gergely CZUCZY <phoemix at harmless dot hu>, [2]
                many [3]

Remove thttpd from conflicts list, it has a different name for its
passwd program now.

Approved by:    maintainers/erwin

- backout OpenSSL part of previous commit.
  Forcing -rpath can lead to strange side effects when using apxs

- Ensure we use correct OpenSSL libs [1]
- Fix multiprofiles support in rc script [2]

PR:             ports/100315 [1],
                ports/109536 [2]
Submitted by:   Jo Rhett <jrhett@svcolo.com> [1]
                Eygene Ryabinkin <rea-fbsd@codelabs.ru> [2]

- Update to 2.2.4
- Add dumpio module
- Fix rcorder [1]

PR:             ports/106429 [1]
Submitted by:   Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> [1]

- Install correct apr_mysql_dbd revision

Spotted by:     Tigran Azaryantz <tigercost@yahoo.com>

- Update MySQL apr_dbd to rev 57
- Add support for itk mpm
- Update doc [1]

Reported by:    Volodymyr Kostyrko <arcade@synergetica.dn.ua> [1]

- House keeping (update to current standards: USE_RC_SUBR, USE_LDCONFIG,etc.)
- Remove python dependency unless apr_dbd_mysql is built [1]

Required by:            many [1]

- Fix apr_dbd_mysql stuff.

Pointyhat to:   clement
Spotted by:     Sean McNeil <sean@mcneil.com>

- Update to 2.2.3
- Update apr_dbd to latest version [1]
- Add forgotten mod_authn_alias [2]

Spotted by:     Jim Riggs <freebsd-lists@jimandlissa.com> [1]
                Alexander Wittig <alexander@wittig.name> [2

- Fix security issue in mod_rewrite.
All people using mod_rewrite are strongly encouraged to update.

An off-by-one flaw exists in the Rewrite module, mod_rewrite.
Depending on the manner in which Apache httpd was compiled, this
software defect may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration
files, could be triggered remotely.  For vulnerable builds, the nature
of the vulnerability can be denial of service (crashing of web server
processes) or potentially allow arbitrary code execution.
This issue has been rated as having important security impact
by the Apache HTTP Server Security Team

Updates to latest versions will follow soon.

Notified by:    so@ (simon)
Obtained from:  Apache Security Team
Security:       CVE-2006-3747

Remove USE_REINPLACE from categories starting with W

- Remove obsolete patch which add support to Windows Update Service when
  apache acts as a proxy.

Reported by:    Bjoern Voigt <bjoern@cs.tu-berlin.de>

- Update to 2.2.2
- Enable mod_version by default

Conversion to a single libtool environment.

Approved by:    portmgr (kris)

Chase shlib bump of libexpat.

- Finish cleanups and fix build with threads enables.

Cleanups and fixes
- remove useless options (and fix thread stuff) [1]
- move print-closest-mirror to bsd.apache.mk
- move threads configure options out of Makefile.modules
- Fix stupid logic to disable v4mapped address [2]
- and more...

Submitted/spotted by:   many, Hirohisa Yamaguchi <umq@ueo.co.jp> [1]
                        ume[2]
PR:                     ports/91813 [1]

- Moving Makefile.modules before b.p.pre.mk leads to weird results.

First problem spotted by:       leafy <leafy@leafy.idv.tw>

- SECURITY: CVE-2005-3357 (cve.mitre.org)
   mod_ssl: Fix a possible crash during access control checks if a
   non-SSL request is processed for an SSL vhost (such as the
   "HTTP request received on SSL port" error message when an 400
   ErrorDocument is configured, or if using "SSLEngine optional").
   [1]
- reintroduce support of multiple instances of apache in startup
  script [2]
- Add configtest command to apache22.sh [2]
- rewrite detection of accf_http filter to make it works on all
  supported branches.
- fix rcorder [3]
- fix startup at boot time when profiles are used [4]

Spotted by:     simon [1], flz[3]
Submitted by:   Jarrod Sayers <jarrod@netleader.com.au> [2],
                Joe Horn <joehorn@mi.chu.edu.tw> [4]
PR:             ports/91154 [2], ports/90708 [4]

- Fix some suexec CONFIGURE_ARGS for 1.3.x
- add show-categories and show-modules targets, for server ports.
  Remove these targets from www/apache22/Makefile

- remove useless powerlogo.gif

- Fix plist and improve dbd /mem_cache logic

- Fix envvars.d [1]
- Add apache22_http_accept_enable to load accf_http kernel module [2]
  Additionnally, if it's not defined, we drop accept filter support
- Drop obsolete apache22ssl_enable rc.conf option
- Sync apache22.sh behavior with apachectl
  Add graceful and graceful-stop targets
- Rework categories (add CACHE_MODULES)
- Add support for apr_dbd: MySQL, PostgrSQL and SQLite3 backends are supported
  It adds mod_auth_dbd and mod_dbd automatically

more fixes to come soon...

PR:             ports/90309 [1],
                ports/90103 [2]
Submitted by:   Simun Mikecin <sime@data.home.hr> [1],
                Melvyn Sopacua <melvyn@melvyn.homeunix.net> [2]

SECURITY: CVE-2005-3352 (cve.mitre.org)
     mod_imap: Escape untrusted referer header before outputting in HTML
     to avoid potential cross-site scripting.  Change also made to
     ap_escape_html so we escape quotes.  Reported by JPCERT.
     [Mark Cox]

Reported by:    simon

- Don't forget to add USE_BUNDLED_APR to CONFIGURE_ENV

- Fix plist (forgot when I add mod_filter) [1]
- workaround apr detection. Now apache22 build his own apr, even if apr
  is installed, unless you define WITH_APR_FROM_PORTS.

Reported by:    pointyhat via kris [1]

- Various package fixes
- Bump PORTREVISION

- Add apache 2.2.0
  It's a temporary layout, I need more time to find the best.
  note that ${PREFIX}/www/(data|errors|cgi)(-dist) disappeared in favor of
  ${PREFIX}/www/apache22

Number of commits found: 42

10 vulnerabilities affecting 29 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities