non port: www/apache22/Makefile.doc |
Number of commits found: 17 |
Sunday, 27 Oct 2013
|
17:40 ohauer
- support staging
- partitial adopt new ${opt}_ notation
|
Friday, 2 Nov 2012
|
18:45 ohauer
- update apache22 to version 2.22.23
- trim vuxml/Makefile header
with hat apache@
Feature safe: yes
Security: CVE-2012-2687
|
Tuesday, 4 Sep 2012
|
21:17 ohauer
- Simplify options with the removal of the last APR only related parameter [1]
- disallow IPv6 sockets to handle IPv4 requests per default. [2]
- move extra-patch-server__config.c
-> patch-server__config.c
https://issues.apache.org/bugzilla/show_bug.cgi?id=53823
- bump PORTREVISION
[1] Credits to Hajimu UMEMOTO (ume@) for finding the last APR related parameter
[2] http://httpd.apache.org/docs/2.2/bind.html
with hat apache@
|
Sunday, 2 Sep 2012
|
14:31 ohauer
devel/apr1 [1]
- update APR to 1.4.6
- update APR-util to 1.4.1
- remove PKGNAMESUFFIX'es
www/apache-(event|itk|peruser|worker)-mpm
- adopt new Makefile header, adjust
PKGNAMESUFFIX in apache22 masterport
PKGNAME match now LATEST_LINK
www/apache22 [2]-[6]
- rewrite for options NG
- PORTNAME s|apache|apache22|
- remove APR APR-util specific otions,
will be checked now with help of apr/u-1-config
Mk/bsd.apache.mk
- rewrite for options NG
- remove no longer needet make targets
(show-categories, make-options-list)
[1]
PR: 165143
[2]-[6]
PR: 130479
PR: 153406
PR: 158565
PR: 168769
PR: 167965
with hat apache@
|
Thursday, 23 Aug 2012
|
04:49 ohauer
- rewite apache port
- remove all apr/apu related parts (leftovers from bundled apr)
- remove invalid parts from Makefile.doc
- move MODULES to Makefile.options
- remove apache20 parts
- remove category handling
with hat apache@
|
Monday, 13 Aug 2012
|
19:51 ohauer
- rewrite bsd.apache.mk (prepare for options NG support)
keep full backward support until apache20 is removed from the tree
comment code to remove with MFC TODO:
- adjust apache20 and apache22 ports
changes are transparent for users (no PORTREVISION bump)
Users who are using special build instructions in make.conf, such as
- WITH_STATIC_MODULES= alias dir log_config mime rewrite setenvif vhost_alias
should convert the values to UPPERCASE
- WITH_STATIC_MODULES= ALIAS DIR LOG_CONFIG MIME REWRITE SETENVIF VHOST_ALIAS
At the moment code to support old lowercase style is in place, but
target to remove in favor for options NG.
with hat apache@
|
Wednesday, 1 Feb 2012
|
18:56 jgh
- Update to 2.2.22
Addresses:
* SECURITY: CVE-2011-3607 (cve.mitre.org)
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP
Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif
module is enabled, allows local users to gain privileges via a .htaccess file
with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request
header, leading to a heap-based buffer overflow.
* SECURITY: CVE-2012-0021 (cve.mitre.org)
The log_cookie function in mod_log_config.c in the mod_log_config module in the
Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not
properly handle a %{}C format string, which allows remote attackers to cause a
denial of service (daemon crash) via a cookie that lacks both a name and a
value.
* SECURITY: CVE-2012-0031 (cve.mitre.org)
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local
users to cause a denial of service (daemon crash during shutdown) or possibly
have unspecified other impact by modifying a certain type field within a
scoreboard shared memory segment, leading to an invalid call to the free
function.
* SECURITY: CVE-2011-4317 (cve.mitre.org)
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x
through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in
place, does not properly interact with use of (1) RewriteRule and (2)
ProxyPassMatch pattern matches for configuration of a reverse proxy, which
allows remote attackers to send requests to intranet servers via a malformed URI
containing an @ (at sign) character and a : (colon) character in invalid
positions. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2011-3368.
* SECURITY: CVE-2012-0053 (cve.mitre.org)
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly
restrict header information during construction of Bad Request (aka 400) error
documents, which allows remote attackers to obtain the values of HTTPOnly
cookies via vectors involving a (1) long or (2) malformed header in conjunction
with crafted web script.
* SECURITY: CVE-2011-3368 (cve.mitre.org)
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x
through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of
(1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a
reverse proxy, which allows remote attackers to send requests to intranet
servers via a malformed URI containing an initial @ (at sign) character.
PR: ports/164675
Reviewed by: pgollucci
Approved by: pgollucci, crees, rene (mentors, implicit)
With Hat: apache@
|
Thursday, 31 Mar 2011
|
17:00 ohauer
- update Apache 2 ITK MPM patch to version 20110321-01 [1]
- add additional patch for mpm-itk [2]
- add mod_substitute to apache22 [3]
- add some documentation into the mpm-itk* patches
- bump portrevision
Changes:
[1] apache2.2-mpm-itk 2.2.17-01, released 2011-03-21:
* Fixed CVE-2011-1176: If NiceValue was set, the default with no
AssignUserID was to run as root:root instead of the default Apache user
and group, due to the configuration merger having an incorrect default
configuration.
* Rebase against Apache 2.2.17.
* Fix an issue where users can sometimes get spurious 403s on persistent
connections, if the .htaccess files are not world readable.
* In the config merger, don't reallocate the username, since it's already
in the correct pool. (This is not a memory leak, only a small inefficiency.)
[2] http://httpd.apache.org/docs/2.2/mod/mod_substitute.html
Source:
http://mpm-itk.sesse.net/ [1]
http://www.pvv.ntnu.no/~knuta/mpm-itk/ [2]
http://lists.freebsd.org/pipermail/freebsd-apache/2011-March/002184.html [3]
With Hat: apache@
PR: ports/156024 [1][2]
Submitted by: Lukasz Wasikowski <lukasz _at_ wasikowski.net> [1][2]
Nick Gieczewski <sorongo _at_ gmail.com> [3]
|
Sunday, 2 Aug 2009
|
19:36 mezz
-Repocopy devel/libtool15 -> libtool22 and libltdl15 -> libltdl22.
-Update libtool and libltdl to 2.2.6a.
-Remove devel/libtool15 and devel/libltdl15.
-Fix ports build with libtool22/libltdl22.
-Bump ports that depend on libltdl22 due to shared library version change.
-Explain what to do update in the UPDATING.
It has been tested with GNOME2, XFCE4, KDE3, KDE4 and other many wm/desktop
and applications in the runtime.
With help: marcus and kwm
Pointyhat-exp: a few times by pav
Tested by: pgollucci, "Romain Tartière" <romain@blogreen.org>, and
a few MarcusCom CVS users. Also, I might have missed a few.
Repocopy by: marcus
Approved by: portmgr
|
Sunday, 20 Jan 2008
|
14:00 clement
- s/bsd.databases.mk/bsd.database.mk/
PR: ports/119823
Submitted by: mm
|
11:29 clement
- Update to 2.2.8
- Update documentation
- Use BDB from bsd.databases.mk instead of homebrew [1]
PR: ports/119711 [1]
Submitted by: mm [1]
|
Wednesday, 16 Jan 2008
|
09:33 mm
- Add support for db45 and db46
PR: ports/117937
Submitted by: mm
Approved by: maintainer timeout
|
Sunday, 5 Nov 2006
|
10:49 clement
- Update MySQL apr_dbd to rev 57
- Add support for itk mpm
- Update doc [1]
Reported by: Volodymyr Kostyrko <arcade@synergetica.dn.ua> [1]
|
Wednesday, 10 May 2006
|
19:47 clement
- Remove obsolete patch which add support to Windows Update Service when
apache acts as a proxy.
Reported by: Bjoern Voigt <bjoern@cs.tu-berlin.de>
|
Tuesday, 13 Dec 2005
|
22:26 clement
- Fix envvars.d [1]
- Add apache22_http_accept_enable to load accf_http kernel module [2]
Additionnally, if it's not defined, we drop accept filter support
- Drop obsolete apache22ssl_enable rc.conf option
- Sync apache22.sh behavior with apachectl
Add graceful and graceful-stop targets
- Rework categories (add CACHE_MODULES)
- Add support for apr_dbd: MySQL, PostgrSQL and SQLite3 backends are supported
It adds mod_auth_dbd and mod_dbd automatically
more fixes to come soon...
PR: ports/90309 [1],
ports/90103 [2]
Submitted by: Simun Mikecin <sime@data.home.hr> [1],
Melvyn Sopacua <melvyn@melvyn.homeunix.net> [2]
|
Sunday, 4 Dec 2005
|
10:57 clement
- Update documentation.
We no longer support for WWW_* knobs
|
Saturday, 3 Dec 2005
|
22:02 clement
- Add apache 2.2.0
It's a temporary layout, I need more time to find the best.
note that ${PREFIX}/www/(data|errors|cgi)(-dist) disappeared in favor of
${PREFIX}/www/apache22
|
Number of commits found: 17 |