non port: www/apache24/Makefile |
Number of commits found: 108 (showing only 100 on this page) |
Friday, 11 Jul 2025
|
21:26 Bernard Spil (brnrd)
www/apache24: Security update to 2.4.64
MFH: 2025Q3
Security: 342f2a0a-5e9b-11f0-8baa-8447094a420f
7d9b8f0 |
Wednesday, 9 Jul 2025
|
03:05 Sergey A. Osokin (osa)
lang/luajit: update to v2.1
Disconnect lang/luajit-devel from the build, will be removed soon.
Bump PORTREVISIONs for the consumers.
Discussed with: adamw
PR: 225342
0af0578 |
Monday, 30 Jun 2025
|
09:04 Baptiste Daroussin (bapt)
libxml2: chase libxml soversion bump
3068854d |
Friday, 27 Jun 2025
|
14:10 Xavier Beaudouin (kiwi)
www/apache24: Allow overriding USERS and GROUPS via make.conf
It is a welcome addition for those building their own apache24 package
with custom UID/GID.
PR: 284194
Sponsored by: Klara, Inc.
Approved By: 0mp (mentor)
Approved By: maintainer timeout
Differential Revision: https://reviews.freebsd.org/D48522
8fdc28d |
Saturday, 25 Jan 2025
|
12:10 Bernard Spil (brnrd)
www/apache24: Update to 2.4.63
* This removes the experimental mod_tls module,
use www/mod_tls instead.
Differential Revision: https://reviews.freebsd.org/D48514
4a23cca |
Wednesday, 17 Jul 2024
|
18:52 Bernard Spil (brnrd)
www/apache24: Security update to 2.4.62
Security: 088b8b7d-446c-11ef-b611-84a93843eb75
MFH: 2024Q3
134b1a5 |
Saturday, 6 Jul 2024
|
22:52 Bernard Spil (brnrd)
www/apache24: Dynamically link rustls-ffi
* And typo
Reported by: diizzy
cef9311 |
18:19 Bernard Spil (brnrd)
www/apache24: Add option for mod_tls module
* Note: mod_tls is marked Expirimental.
1173f17 |
Thursday, 4 Jul 2024
|
20:40 Bernard Spil (brnrd)
www/apache24: Security update to 2.4.61
Security: 5d921a8c-3a43-11ef-b611-84a93843eb75
MFH: 2024Q3
With hat: apache@
3d98a45 |
Monday, 1 Jul 2024
|
14:06 Bernard Spil (brnrd)
www/apache24: Security update to 2.4.60
Security: d7efc2ad-37af-11ef-b611-84a93843eb75
MFH: 2024Q3
With hat: apache
5cb90ef |
Friday, 5 Apr 2024
|
10:19 Bernard Spil (brnrd)
www/apache24: Security update to 2.4.59
Security: 8e6f684b-f333-11ee-a573-84a93843eb75
With hat: apache
MFH: 2024Q2
8168945 |
Saturday, 27 Jan 2024
|
16:27 Muhammad Moinur Rahman (bofh)
www/apache24: Moved man to share/man
Approved by: portmgr (blanket)
4ac41c3 |
Thursday, 26 Oct 2023
|
10:55 Vladimir Druzenko (vvd)
www/apache24: workaround for bug "opcache + ASLR turned on crashes Apache if
used www/mod_php8{0,1,2,3}"
PR: 268318
Approved by: joneum (apache@), tcberner (mentor)
MFH: 2023Q4
688bfd0 |
Thursday, 19 Oct 2023
|
17:27 Bernard Spil (brnrd)
www/apache24: Security update to 2.4.58
Security: f923205f-6e66-11ee-85eb-84a93843eb75
MFH: 2023Q4
a4d3066 |
Saturday, 3 Jun 2023
|
18:40 Daniel Engberg (diizzy) Author: Tatsuki Makino
www/apache24: htcacheclean rc.d script appears too early in rcorder
Because htcacheclean has no dependencies set, it runs before the
file system is ready, even though it makes changes to the file system.
Define FILESYSTEMS as requirement to fix this race condition.
PR: 268216
Approved by: portmgr (maintainer timeout, 5+ months)
8c00446 |
Friday, 7 Apr 2023
|
08:35 Bernard Spil (brnrd)
www/apache24: Update to 2.4.57
With hat: apache
0fc7992 |
Sunday, 12 Mar 2023
|
16:39 Jochen Neumeister (joneum) Author: Vincent Jancso
www/apache24: Update to 2.4.56
Changes with Apache 2.4.56
*) SECURITY: CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi
HTTP response splitting (cve.mitre.org)
HTTP Response Smuggling vulnerability in Apache HTTP Server via
mod_proxy_uwsgi. This issue affects Apache HTTP Server: from
2.4.30 through 2.4.55.
Special characters in the origin response header can
truncate/split the response forwarded to the client.
Credits: Dimas Fariski Setyawan Putra (nyxsorcerer)
*) SECURITY: CVE-2023-25690: HTTP request splitting with
mod_rewrite and mod_proxy (cve.mitre.org)
Some mod_proxy configurations on Apache HTTP Server versions
2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along with
some form of RewriteRule
or ProxyPassMatch in which a non-specific pattern matches
some portion of the user-supplied request-target (URL) data and
is then
re-inserted into the proxied request-target using variable
substitution. For example, something like:
RewriteEngine on
RewriteRule "^/here/(.*)" "
http://example.com:8080/elsewhere?$1"
http://example.com:8080/elsewhere ; [P]
ProxyPassReverse /here/ http://example.com:8080/
http://example.com:8080/
Request splitting/smuggling could result in bypass of access
controls in the proxy server, proxying unintended URLs to
existing origin servers, and cache poisoning.
Credits: Lars Krapf of Adobe
*) rotatelogs: Add -T flag to allow subsequent rotated logfiles to be
truncated without the initial logfile being truncated. [Eric Covener]
*) mod_ldap: LDAPConnectionPoolTTL should accept negative values in order to
allow connections of any age to be reused. Up to now, a negative value
was handled as an error when parsing the configuration file. PR 66421.
[nailyk <bzapache nailyk.fr>, Christophe Jaillet]
*) mod_proxy_ajp: Report an error if the AJP backend sends an invalid number
of headers. [Ruediger Pluem]
*) mod_md:
- Enabling ED25519 support and certificate transparency information when
building with libressl v3.5.0 and newer. Thanks to Giovanni Bechis.
- MDChallengeDns01 can now be configured for individual domains.
Thanks to Jérôme Billiras (@bilhackmac) for the initial PR.
- Fixed a bug found by Jérôme Billiras (@bilhackmac) that caused the
challenge
teardown not being invoked as it should.
[Stefan Eissing]
*) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
reported in access logs and error documents. The processing of the
reset was correct, only unneccesary reporting was caused.
[Stefan Eissing]
*) mod_proxy_uwsgi: Stricter backend HTTP response parsing/validation.
[Yann Ylavic]
PR: 270037
Reported by: Fabian Wenk <fabian@wenks.ch>
Sponsored by: Netzkommune GmbH
8ec7b35 |
Tuesday, 17 Jan 2023
|
21:12 Cy Schubert (cy)
www/apache24: Update to 2.4.55
Fixes multiple vulnerabilities.
PR: 269015
MFH: 2023Q1
Security: 00919005-96a3-11ed-86e9-d4c9ef517024
CVE-2022-37436, CVE-2022-36760, CVE-2006-20001
57ca2ea |
Wednesday, 7 Sep 2022
|
21:10 Stefan Eßer (se)
Add WWW entries to port Makefiles
It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.
Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.
There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
This commit implements such a proposal and moves one of the WWW: entries
of each pkg-descr file into the respective port's Makefile. A heuristic
attempts to identify the most relevant URL in case there is more than
one WWW: entry in some pkg-descr file. URLs that are not moved into the
Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr
files in order to preserve them.
There are 1256 ports that had no WWW: entries in pkg-descr files. These
ports will not be touched in this commit.
The portlint port has been adjusted to expect a WWW entry in each port
Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as
deprecated.
Approved by: portmgr (tcberner)
b7f0544 |
Thursday, 9 Jun 2022
|
11:06 Bernard Spil (brnrd)
www/apache24: Security update to 2.5.54
With hat: apache
Security: 49adfbe5-e7d1-11ec-8fbd-d4c9ef517024
MFH: 2022Q2
096bce0 |
Sunday, 29 May 2022
|
19:14 Jochen Neumeister (joneum)
www/apache24: switch to pcre2
PR: 262603
Sponsored by: Netzkommune GmbH
a36d341 |
Sunday, 10 Apr 2022
|
19:11 Charlie Li (vishwin)
textproc/libxml2: bump all LIB_DEPENDS consumers
This is a separate commit to facilitate easier cherry-picking for
quarterly.
PR: 262853, 262940, 262877, 263126
Approved by: fluffy (mentor)
d63665f |
Tuesday, 15 Mar 2022
|
14:48 Bernard Spil (brnrd)
www/apache24: Security update to 2.4.53
Security: 6601c08d-a46c-11ec-8be6-d4c9ef517024
MFH: 2022Q1
2f6e310 |
Monday, 10 Jan 2022
|
15:15 Stefan Eßer (se)
Fix CONFLICTS entries of multiple ports
There have been lots of missing CONFLICTS_INSTALL entries, either
because conflicting ports were added without updating existing ports,
due to name changes of generated packages, due to mis-understanding
the format and semantics of the conflicts entries, or just due to
typoes in package names.
This patch is the result of a comparison of all files contained in
the official packages with each other. This comparison was based on
packages built with default options and may therefore have missed
further conflicts with optionally installed files.
Where possible, version numbers in conflicts entries have been
generalized, some times taking advantage of the fact that a port
cannot conflict with itself (due to logic in bsd.port.mk that
supresses the pattern match result in that case).
A few ports that set the conflicts variables depending on complex
conditions (e.g. port options), have been left unmodified, despite
probably containing outdated package names.
These changes should only affect the installation of locally built
ports, not the package building with poudriere. They should give an
early indication of the install conflict in cases where currently
the pkg command aborts an installation when it detects that an
existing file would be overwritten,
Approved by: portmgr (implicit)
bcaf25a |
Monday, 20 Dec 2021
|
17:23 Bernard Spil (brnrd)
www/apache24: Update to 2.4.52
Security: ca982e2d-61a9-11ec-8be6-d4c9ef517024
MFH: 2021Q4
e721e5a |
Thursday, 7 Oct 2021
|
17:05 Cy Schubert (cy)
www/apache24: Update to 2.4.51
Fixes: critical: Path Traversal and Remote Code Execution in Apache
HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
(CVE-2021-42013)
PR: 258988
MFH: 2021Q4
Security: CVE-2021-41773, CVE-2021-42013
e721865 |
Tuesday, 5 Oct 2021
|
07:26 Bernard Spil (brnrd)
www/apache24: Bugfix update to 2.4.50
* Fixes hang with event MPM
PR: 258767
17acc17 |
Friday, 17 Sep 2021
|
17:41 Bernard Spil (brnrd)
www/apache24: Security update to 2.4.49
Security: 38f9-17dd-11ec-b335-d4c9ef517024
MFH: 2021Q3
c6420e9 |
Thursday, 27 May 2021
|
08:31 Bernard Spil (brnrd)
www/apache24: Update to 2.4.48
Approved by: apache (with hat)
1085fbd |
Wednesday, 7 Apr 2021
|
08:09 Mathieu Arnold (mat)
One more small cleanup, forgotten yesterday.
Reported by: lwhsu
cf118cc |
Tuesday, 6 Apr 2021
|
14:31 Mathieu Arnold (mat)
Remove # $FreeBSD$ from Makefiles.
305f148 |
Saturday, 13 Mar 2021
|
16:12 joneum
fix OpenSSL KTLS causes regression: SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
PR: 253394
Reported by: many
Approved by: apache (with hat)
MFH: 2021Q1
Sponsored by: Netzkommune GmbH
Differential Revision: https://reviews.freebsd.org/D28932
 |
Friday, 19 Feb 2021
|
11:49 brnrd
www/apache24: Change strip behavior
* Use the dists build/rules.mk method
* cleanup of left-over files from strip
PR: 252792
Submitted by: meta
Approved by: joneum (apache)
Differential Revision: https://reviews.freebsd.org/D28217
 |
Wednesday, 5 Aug 2020
|
18:29 brnrd
www/apache24: Update to 2.4.46
 |
Sunday, 12 Jul 2020
|
10:33 joneum
www/apache24: enable syslog for suexec
This adds another knob to configure apache with syslog-enabled suexec
PR: 239264
Submitted by: Robert Schulze <rs@bytecamp.net>
Approved by: apache (with hat)
Sponsored by: Netzkommune GmbH
 |
Thursday, 2 Apr 2020
|
14:05 joneum
Update to 2.4.43
Changelog: https://downloads.apache.org/httpd/CHANGES_2.4.43
MFH: 2020Q2
Security: b360b120-74b1-11ea-a84a-4c72b94353b5
Sponsored by: Netzkommune GmbH
 |
Wednesday, 9 Oct 2019
|
12:23 bapt
Drop the ipv6 virtual category for w* category as it is not relevant anymore
 |
Wednesday, 14 Aug 2019
|
19:25 joneum
Update to 2.4.41
Changelog: http://www.apache.org/dist/httpd/CHANGES_2.4.41
Sponsored by: Netzkommune GmbH
 |
Friday, 26 Jul 2019
|
20:46 gerald
Bump PORTREVISION for ports depending on the canonical version of GCC
as defined in Mk/bsd.default-versions.mk which has moved from GCC 8.3
to GCC 9.1 under most circumstances now after revision 507371.
This includes ports
- with USE_GCC=yes or USE_GCC=any,
- with USES=fortran,
- using Mk/bsd.octave.mk which in turn features USES=fortran, and
- with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, everything INDEX-11 shows with a dependency on lang/gcc9 now.
PR: 238330
 |
Tuesday, 11 Jun 2019
|
14:13 joneum
meout: fix default_[stage]_rate_factor initializations.
PR: 238488
Reported by: girgen
Sponsored by: Netzkommune GmbH
 |
Thursday, 2 May 2019
|
11:00 pkubaj
www/apache24: add USES=compiler:c11
This is needed to fix build of www/mod_maxminddb.
Approved by: mentors (implicit approval)
 |
Tuesday, 2 Apr 2019
|
08:00 brnrd
www/apache24: Security update to 2.4.39
- Adds mod_socache_redis feature
Changes: https://www.apache.org/dist/httpd/CHANGES_2.4.39
MFH: 2019Q2
Security: cf2105c6-551b-11e9-b95c-b499baebfeaf
 |
Wednesday, 23 Jan 2019
|
14:40 joneum
Update to 2.4.38
Changelog:
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused. [Hank Ibell]
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data. [Stefan Eissing]
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later. PR 63052. [Joe Orton]
*) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
PR 63052 [Joe Orton]
*) mod_negotiation: Treat LanguagePriority as case-insensitive to match
AddLanguage behavior and HTTP specification. PR 39730 [Christophe Jaillet]
*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
have been fixed. [Michael Kaufmann, Stefan Eissing]
*) mod_setenvif: We can have expressions that become true if a regex pattern
in the expression does NOT match. In this case val is NULL
and we should just set the value for the environment variable
like in the pattern case. [Ruediger Pluem]
*) mod_session: Always decode session attributes early. [Hank Ibell]
*) core: Incorrect values for environment variables are substituted when
multiple environment variables are specified in a directive. [Hank Ibell]
*) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
this type of map is present in the configuration. PR62311.
[Hank Ibell <hwibell gmail.com>]
*) mod_dav: Fix invalid Location header when a resource is created by
passing an absolute URI on the request line [Jim Jagielski]
*) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
[Emmanuel Dreyfus <manu@netbsd.org>, Luca Toscano]
*) mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play. Fixes PR 62880. [Michael Kaufmann]
*) mod_ssl: Fix the error code returned in an error path of
'ssl_io_filter_handshake()'. This messes-up error handling performed
in 'ssl_io_filter_error()' [Yann Ylavic]
*) mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
authz provider so "Require ssl" works correctly in HTTP/2.
PR 61519, 62654. [Joe Orton, Stefan Eissing]
*) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
redirects, subsequent ProxyPassReverse statements, whether they are
relative or absolute, may fail. PR 60408. [Peter Haworth <pmh1wheel
gmail.com>]
*) mod_lua: Now marked as a stable module [https://s.apache.org/Xnh1]
MFH: 2019Q1
Security: eb888ce5-1f19-11e9-be05-4c72b94353b5
Sponsored by: Netzkommune GmbH
 |
Friday, 2 Nov 2018
|
13:32 rene
Remove compatibility code for FreeBSD < 11.2 from all ports.
Simplify some ports where DragonFlyBSD no longer needs to be special-cased.
Submitted by: rene
Reviewed by: bapt, jbeich
Differential Revision: https://reviews.freebsd.org/D17724
 |
Saturday, 27 Oct 2018
|
14:36 brnrd
www/apache24: Update to 2.4.37
- Adds TLSv1.3 support with security/openssl111
PR: 232687
Submitted by: Pascal Christen <pascal christen hostpoint.ch>
Reported by: Markus Kohlmeyer <rootservice gmail com>
Reviewed by: ohauer
Approved by: joneum
Differential Revision: https://reviews.freebsd.org/D17668
 |
Tuesday, 25 Sep 2018
|
18:40 joneum
www/apache24: Update to 2.4.35
Changelog:
*) http: Enforce consistently no response body with both 204 and 304
statuses. [Yann Ylavic]
*) mod_status: Cumulate CPU time of exited child processes in the
"cu" and "cs" values. Add CPU time of the parent process to the
"c" and "s" values.
[Rainer Jung]
*) mod_proxy: Improve the balancer member data shown in mod_status when
"ProxyStatus" is "On": add "busy" count and show byte counts in
auto mode always in units of kilobytes. [Rainer Jung]
*) mod_status: Add cumulated response duration time in milliseconds.
[Rainer Jung]
*) mod_status: Complete the data shown for async MPMs in "auto" mode.
Added number of processes, number of stopping processes and number
of busy and idle workers. [Rainer Jung]
*) mod_ratelimit: Don't interfere with "chunked" encoding, fixing regression
introduced in 2.4.34. PR 62568. [Yann Ylavic]
*) mod_proxy: Remove load order and link dependency between mod_lbmethod_*
modules and mod_proxy. PR 62557. [Ruediger Pluem, William Rowe]
*) Allow the argument to <IfFile>, <IfDefine>, <IfSection>, <IfDirective>,
and <IfModule> to be quoted. This is primarily for the benefit of
<IfFile>. [Eric Covener]
*) mod_watchdog: Correct some log messages. [Rainer Jung]
*) mod_md: When the last domain name from an MD is moved to another one,
that now empty MD gets moved to the store archive. PR 62572.
[Stefan Eissing]
*) mod_ssl: Fix merging of SSLOCSPOverrideResponder. [Jeff Trawick,
[Frank Meier <frank meier ergon.ch>]
*) mod_proxy_balancer: Restore compatibility with APR 1.4. [Joe Orton]
With hat: apache
 |
Friday, 20 Jul 2018
|
14:26 joneum
www/apache24: Update to 2.4.34
- fixes vulns in mod_http2 and mod_md
- include SSL_* options in alphabetic ordering
- Remove unneeded SSL_CFLAGS and _LDFLAGS
- Remove WITH_HTTP_PORT and WITH_SSL_PORT
- Remove trailing whitespace
- Fix build with HTTP2 but without SSL [1]
PR: 229802, 227944 [1]
With hat: apache
Approved by: brnrd (apache)
MFH: 2018Q3
Security: 8b1a50ab-8a8e-11e8-add2-b499baebfeaf
Differential Revision: https://reviews.freebsd.org/D16294
 |
Monday, 16 Jul 2018
|
12:49 joneum
Remove CONFLICTS_INSTALL with apache22. Apache 2.2 is EoL since 16.04.2018
 |
Wednesday, 2 May 2018
|
19:03 brnrd
www/apache24: Fix runtime failure with LibreSSL 2.7
- Fix LOG_FORENSIC in plist while here
PR: 227868
Reported by: Jens K. Loewe <mozilla tuxproject de>
Approved by: hat (apache@)
 |
Friday, 30 Mar 2018
|
16:44 brnrd
www/apache24: Really unbreak make index
 |
16:44 brnrd
www/apache24: Unbreak make index
- While here, fix a regression with mod_session
 |
15:04 brnrd
www/apache24: Fix ssl linking issues
- Remove -L/usr/lib from LDFLAGS [1]
- Remove non-working show-modules target
- Use new style patch filenames
PR: 227108 [1]
With hat: apache
Submitted by: mat [1]
Reported by: eugen [1]
MFH: 2018Q1
 |
Saturday, 24 Mar 2018
|
18:26 joneum
www/apache24: Update to 2.4.33
- Add new uwsgi and md modules
- Fix LibreSSL 2.7.x builds
- Remove conflicts for non-existent ports
- There are no slave-ports
- Coalesce .if WITH_DEBUG blocks
- Use OPTIONS where possible
- Remove dead code
- Actually enable/disable modules in ALL_MODULES loop
- Add suexec warning
- Move Makefile.options to Makefile (too small)
PR: 226647
With hat: apache
Approved by: brnrd (apache)
MFH: MFH2018Q1
Security: f38187e7-2f6e-11e8-8f07-b499baebfeaf
 |
Wednesday, 21 Mar 2018
|
21:24 brnrd
devel/apr1: Bump portrevision
- Repair my rookie mistake of earlier today
- Bump revision of dependent ports (again)
Reported by: antoine
 |
19:50 brnrd
devel/apr1: Fix runtime issues of dependent port
- iconv is in base in all supported FreeBSD versions
- Fix build with MariaDB 10.2 [2]
- Bump portrevision in dependencies
PR: 226705 [1], 226026 [2]
With hat: apache
Approved by: joneum (apache)
 |
Sunday, 11 Mar 2018
|
14:23 brnrd
Mk/Uses/apache.mk: Migrate Mk/bsd.apache.mk to Uses
- Chase required changes in framework (bsd.sanity.mk, bsd.port.mk)
- Chase required changes in ports (version checks)
- Chase required changes in PHP ports (include bsd.apache.mk)
- exp-run by antoine, brnrd, joneum
PR: 223691 (exp-run)
Reviewed by: joneum (hat apache), mat (portmgr), antoine (portmgr)
Approved by: joneum (hat apache)
Approved by: portmgr
With hat: apache
 |
Monday, 23 Oct 2017
|
18:49 brnrd
www/apache24: Update to 2.4.29
- Remove patch for CVE-2017-9798 (included upstream)
- Remove mod_ssl LibreSSL patches (included upstream)
- Fix SSL stapling patch for LibreSSL
- mod_http2 no longer experimental
PR: 222814
With hat: apache
 |
Tuesday, 19 Sep 2017
|
12:21 zi
- Add upstream commit for CVE-2017-9798
- Bump PORTREVISION
Security: 76b085e2-9d33-11e7-9260-000c292ee6b8
 |
Wednesday, 12 Jul 2017
|
19:31 brnrd
www/apache24: Update to 2.4.27
- Bugfix update to 2.4.27
- Fix build with LibreSSL [1]
- Add brotli compression option
- Add pkg-message for 10.3 base-ssl users
- HTTP/2 is production ready, default enable
- warn users of 10.3 for mod_http2/OpenSSL 1.0.1
[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61184
PR: 220160 [1]
Reported by: Markus Kohlmeyer <rootservice@gmail.com>
Reviewed by: ohauer (hat)
Approved by: ohauer (hat)
Differential Revision: https://reviews.freebsd.org/D11285
 |
Thursday, 22 Jun 2017
|
11:04 mat
Update to 2.4.26.
MFH: 2017Q2
Security: CVE-2017-3167
Security: CVE-2017-3169
Security: CVE-2017-7659
Security: CVE-2017-7668
Security: CVE-2017-7679
With hat: portmgr
Sponsored by: Absolight
 |
Tuesday, 27 Dec 2016
|
09:52 ohauer
- fix third party module build e.g. mod_mpm_itk by removing -Werror from
configure.in
- bump PORTREVISON (fix changes config_vars.mk that is used to build third party
modules)
PR: 215594
Submitted by: Marcelo Araujo
MFH: 2016Q4
Sponsored by: iXsystems
 |
Wednesday, 21 Dec 2016
|
10:41 ohauer
- update to 2.4.25
PR: 215457
Reported by: Apache Software Foundation
MFH: 2016Q4
Security: vid 862d6ab3-c75e-11e6-9f98-20cf30e32f6d
CVE-2016-8743
CVE-2016-2161
CVE-2016-0736
CVE-2016-8740
CVE-2016-5387
 |
Sunday, 18 Dec 2016
|
15:20 sunpoet
- Change *_DEPENDS from www/nghttp2 to www/libnghttp2
- Bump PORTREVISION for dependency change
 |
Tuesday, 6 Dec 2016
|
12:43 brnrd
www/apache24: Fix HTTP/2 DoS vulnerability
- Add patch from upstream security advisory
- Bump PORTREVISION
PR: 215096
MFH: 2016Q4
Security: cb0bf1ec-bb92-11e6-a9a5-b499baebfeaf
Security: CVE-2016-8740
 |
Saturday, 5 Nov 2016
|
18:01 sunpoet
- Add LICENSE
Approved by: portmgr (blanket)
 |
Friday, 21 Oct 2016
|
12:51 mat
${RM} already has -f.
PR: 213570
Submitted by: mat
Exp-run by: antoine
Sponsored by: Absolight
 |
Monday, 18 Jul 2016
|
20:14 brnrd
www/apache24: Fix httpoxy vulnerability (+2.2)
- Add upstream patch to www/apache24
- Add upstream patch to www/apache22
- Bump PORTREVISION
Approved by: feld (ports-secteam)
MFH: 2016Q3
Security: cf0b5668-4d1b-11e6-b2ec-b499baebfeaf
Security: CVE-2016-5387
 |
Tuesday, 5 Jul 2016
|
15:35 ohauer
o update to 2.4.23
o disable build time stamp in favor of reproducible build
o remove obsolate scoreboard/status patch
o s/USE_OPENSSL=yes/USES=ssl/
o add OPTION for two new modules:
mod_proxy_hcheck (default=on)
mod_http2_proxy (experimental => default=off)
Changelog:
http://www.apache.org/dist/httpd/CHANGES_2.4.23
MFH: 2016Q3
 |
Saturday, 16 Apr 2016
|
19:02 ohauer
- fix scoreboard, backport fix from [1]
- bump PORTREVISION
For details see discussion:
http://mail-archives.apache.org/mod_mbox/httpd-dev/201604.mbox/browser
Thanks to Ken J. for reporting the issue and testing the patch!
Reported by: Ken J. (on apache@ list)
Obtained from: http://home.apache.org/~ylavic/patches/scoreboard-2.4.18.diff
[1]
MFH: 2016Q2
 |
Monday, 11 Apr 2016
|
14:46 ohauer
- update to 2.4.20
- use ${OPTION}_IMPLIES and remove some IGNORES
- turn on proxy_html and xml2enc as default [1]
[1] Often requested by users. The modules are not enabled in
the default configuration.
Full changelog for apache version 2.4.19/2.4.20:
http://www.apache.org/dist/httpd/CHANGES_2.4.20
Note: Apache httpd 2.4.19 was not released.
MFH: 2016Q2
 |
Friday, 1 Apr 2016
|
14:33 mat
Remove ${PORTSDIR}/ from dependencies, categories v, w, x, y, and z.
With hat: portmgr
Sponsored by: Absolight
 |
Monday, 18 Jan 2016
|
19:44 ohauer
- use new $opt-target
- improve kldstat check
- use new defined postexec, preunexec in pkg-plist
with hat apache@
 |
Monday, 14 Dec 2015
|
20:53 ohauer
- update to 2.4.18
- backport r1719967
mod_ssl: fix build with openssl < 0.9.8m (missing semicolon).
This release also contains the patch for FreeBSD PR 204304
Make the fix for fully qualifying REDIRECT_URL from PR#57785 opt-in.
http://svn.apache.org/viewvc?view=revision&revision=1712268
Changes with Apache 2.4.18
*) mod_ssl: for all ssl_engine_vars.c lookups, fall back to master connection
if conn_rec itself holds no valid SSLConnRec*. Fixes PR58666.
[Stefan Eissing]
*) mod_http2: connection level window for flow control is set to protocol
maximum of 2GB-1, preventing window exhaustion when sending data on many
streams with higher cumulative window size.
Reducing write frequency unless push promises need to be flushed.
[Stefan Eissing]
*) mod_http2: required minimum version of libnghttp2 is 1.2.1
[Stefan Eissing]
*) mod_proxy_fdpass: Fix AH01153 error when using the default configuration.
In earlier version of httpd, you can explicitelly set the 'flusher'
parameter
to 'flush' as a workaround. (i.e. flusher=flush)
Add documentation for the 'flusher' parameter when defining a proxy worker.
[Christophe Jaillet]
*) mod_ssl: For the "SSLStaplingReturnResponderErrors off" case, make sure
to only staple responses with certificate status "good". [Kaspar Brand]
*) mod_http2: new directive 'H2PushPriority' to allow priority specifications
on server pushed streams according to their content-type.
[Stefan Eissing]
*) mod_http2: fixes crash on connection abort for a busy connection.
fixes crash on a request that did not produce any response.
[Stefan Eissing]
*) mod_http2: trailers are sent after reponse body if set in request_rec
trailers_out before the end-of-request bucket is sent through the
output filters. [Stefan Eissing]
*) mod_http2: incoming trailers (headers after request body) are properly
forwarded to the processing engine. [Stefan Eissing]
*) mod_http2: new directive 'H2Push' to en-/disable HTTP/2 server
pushes a server/virtual host. Pushes are initiated by the presence
of 'Link:' headers with relation 'preload' on a response. [Stefan Eissing]
*) mod_http2: write performance of http2 improved for larger resources,
especially static files. [Stefan Eissing]
*) core: if the first HTTP/1.1 request on a connection goes to a server that
prefers different protocols, these protocols are announced in a Upgrade:
header on the response, mentioning the preferred protocols.
[Stefan Eissing]
*) mod_http2: new directives 'H2TLSWarmUpSize' and 'H2TLSCoolDownSecs'
to control TLS record sizes during connection lifetime.
[Stefan Eissing]
*) mod_http2: new directive 'H2ModernTLSOnly' to enforce security
requirements of RFC 7540 on TLS connections. [Stefan Eissing]
*) core: add ap_get_protocol_upgrades() to retrieve the list of protocols
that a client could possibly upgrade to. Use in first request on a
connection to announce protocol choices. [Stefan Eissing]
*) mod_http2: reworked deallocation on connection shutdown and worker
abort. Separate parent pool for all workers. worker threads are joined
on planned worker shutdown. [Yann Ylavic, Stefan Eissing]
*) mod_ssl: when receiving requests for other virtual hosts than the handshake
server, the SSL parameters are checked for equality. With equal
configuration, requests are passed for processing. Any change will trigger
the old behaviour of "421 Misdirected Request".
SSL now remembers the cipher suite that was used for the last handshake.
This is compared against for any vhost/directory cipher specification.
Detailed examination of renegotiation is only done when these do not
match.
Renegotiation is 403ed when a master connection is present. Exact reason
is given additionally in a request note. [Stefan Eissing]
*) core: Fix scoreboard crash (SIGBUS) on hardware requiring strict 64bit
alignment (SPARC64, PPC64). [Yann Ylavic]
*) mod_cache: Accept HT (Horizontal Tab) when parsing cache related header
fields as described in RFC7230. [Christophe Jaillet]
*) core/util_script: making REDIRECT_URL a full URL is now opt-in
via new 'QualifyRedirectURL' directive.
*) core: Limit to ten the number of tolerated empty lines between request,
and consume them before the pipelining check to avoid possible response
delay when reading the next request without flushing. [Yann Ylavic]
*) mod_ssl: Extend expression parser registration to support ssl variables
in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function
syntax "ssl(VARNAME)". [Rainer Jung]
PR: 204304
with head apache@
 |
Wednesday, 4 Nov 2015
|
18:38 ohauer
- fix build with nghttp2
no version bump as OPTION is off by default
PR: 204293
Submitted by: <idefix_at_fechner.net>
 |
Tuesday, 13 Oct 2015
|
18:17 ohauer
- update to 2.4.17
- add support for HTTP/2 (RFC 7540)
- remove obsolate libressl patches [1]
In this release are some exciting new features including:
*) HTTP/2 support via mod_http2 module
*) Support for SO_REUSEPORT in MPMs for significant scalability
Changes with Apache 2.4.17
*) mod_http2: added donated HTTP/2 implementation via core module. Similar
configuration options to mod_ssl. [Stefan Eissing]
*) mod_proxy: don't recyle backend announced "Connection: close" connections
to avoid reusing it should the close be effective after some new request
is ready to be sent. [Yann Ylavic]
*) mod_substitute: Allow to configure the patterns merge order with the new
SubstituteInheritBefore on|off directive. PR 57641
[Marc.Stern <Marc.Stern approach.be>, Yann Ylavic, William Rowe]
*) mod_proxy: Fix ProxySourceAddress binding failure with AH00938.
PR 56687. [Arne de Bruijn <apache arbruijn.dds.nl>
*) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3,
and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3",
in accordance with RFC 7568. PR 58349, PR 57120. [Kaspar Brand]
*) mod_ssl: append :!aNULL:!eNULL:!EXP to the cipher string settings,
instead of prepending !aNULL:!eNULL:!EXP: (as was the case in 2.4.7
and later). Enables support for configuring the SUITEB* cipher
strings introduced in OpenSSL 1.0.2. PR 58213. [Kaspar Brand]
*) mod_ssl: Add support for extracting the msUPN and dnsSRV forms
of subjectAltName entries of type "otherName" into
SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment
variables. Addresses PR 58020. [Jan Pazdziora <jpazdziora redhat.com>,
Kaspar Brand]
*) mod_logio: Fix logging of %^FB (time to first byte) on the first request on
an SSL connection. PR 58454.
[Konstantin J. Chernov <k.j.chernov gmail.com>]
*) mod_cache: r->err_headers_out is not merged into
r->headers when mod_cache is enabled and the response
is cached for the first time. [Edward Lu]
*) mod_slotmem_shm: Fix slots/SHM files names on restart for systems that
can't create new (clear) slots while previous children gracefully stopping
still use the old ones (e.g. Windows, OS2). mod_proxy_balancer failed to
restart whenever the number of configured balancers/members changed during
restart. PR 58024. [Yann Ylavic]
*) core/util_script: make REDIRECT_URL a full URL. PR 57785. [Nick Kew]
*) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
records for scalability. [Yingqi Lu <yingqi.lu@intel.com>,
Jeff Trawick, Jim Jagielski, Yann Ylavic]
*) mod_proxy: Fix a race condition that caused a failed worker to be retried
before the retry period is over. [Ruediger Pluem]
*) mod_autoindex: Allow autoindexes when neither mod_dir nor mod_mime are
loaded. [Eric Covener]
*) mod_rewrite: Allow cookies set by mod_rewrite to contain ':' by accepting
';' as an alternate separator. PR47241.
[<bugzilla schermesser com>, Eric Covener]
*) apxs: Add HTTPD_VERSION and HTTPD_MMN to the variables available with
apxs -q. PR58202. [Daniel Shahaf <danielsh apache.org>]
*) mod_rewrite: Avoid a crash when lacking correct DB access permissions
when using RewriteMap with MapType dbd or fastdbd. [Christophe Jaillet]
*) mod_authz_dbd: Avoid a crash when lacking correct DB access permissions.
PR 57868. [Jose Kahan <jose w3.org>, Yann Ylavic]
*) mod_socache_memcache: Add the 'MemcacheConnTTL' directive to control how
long to keep idle connections with the memcache server(s).
Change default value from 600 usec (!) to 15 sec. PR 58091
[Christophe Jaillet]
*) mod_dir: Prevent the internal identifier "httpd/unix-directory" from
appearing as a Content-Type response header when requests for a directory
are rewritten by mod_rewrite. [Eric Covener]
[1] tested by brnrd@
 |
Sunday, 2 Aug 2015
|
15:03 tijl
By default libtool replaces -export-symbols <file> with -retain-symbols-file
<file> on ELF systems, but this doesn't really do what -export-symbols is
meant to do. On GNU ELF systems it converts <file> to a simple version
script first and then uses -version-script instead of -retain-symbols-file.
Let USES=libtool patch libtool scripts to do this on all systems with GNU
ld(1).
Bump PORTREVISION on all ports where the build log contains -export-symbols.
audio/calf: This port builds a module that now exports only one function,
but it also builds a number of executables that link to this module and
expect to see other functions. Because it's already a bit dodgy to link to
a module (libtool warns about this) let the module continue to export only
one function and instead build an ordinary library from the same source that
the executables can link to. Fix a number of other issues in the same
Makefile.am and clean up the port Makefile.
japanese/scim-honoka: Tries to hide all symbols that start with an
underscore, but because this library is written in C++ all symbols start
with _Z so it ends up hiding everything. Just don't hide anything at all
like the textproc/scim configure script does.
multimedia/schroedinger: Apply an upstream patch.
textproc/scim-input-pad: Same as japanese/scim-honoka.
PR: 201922
Approved by: portmgr (antoine)
Exp-run by: antoine
 |
Wednesday, 15 Jul 2015
|
17:16 pgollucci
www/apache24: fix CVEs, update 2.4.12 -> 2.4.16
- Convet to USES=autoreconf
- Sort USES
- Remove now empty patch files
Security:
https://vuxml.freebsd.org/freebsd/a12494c1-2af4-11e5-86ff-14dae9d210b8.html
Differential Revision: https://reviews.freebsd.org/D3101
Submitted by: feld
Reviewed by: pgollucci (myself)
With Hat: apache@
MFH: 2015Q3
 |
Thursday, 14 May 2015
|
10:15 mat
MASTER_SITES cleanup.
- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.
While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.
Also, replace some EXTRACT_SUFX occurences with USES=tar:*.
Checked by: make fetch-urlall-list
With hat: portmgr
Sponsored by: Absolight
 |
Saturday, 18 Apr 2015
|
09:47 tijl
- Remove libtool hacks and patches that are now handled by USES=libtool
- Remove CONFIG_SHELL from CONFIGURE_ENV because bsd.port.mk handles that
 |
Saturday, 31 Jan 2015
|
15:22 ohauer
- update to 2.4.12
- change MPM backend from static to dynamic,
but keep mpm_prefork for compatiblity with e.g. php modules
- install dedicated MPM load file in case httpd was build with modular MPM
(modules.d/000_mpm_prefork_fallback.conf)
- disable SSLv3 and SSLv2 fallback in sample httpd-ssl-conf
- use @sample macro instead EXAMPLESDIR
- add some SSLCipherSuite examples for OpenSSL >= 1.0.x
- add libressl support [1]
- add pkg-install script (to handle new modular MPM build)
- build now most all modules, so users using packages don't have
to run a custom build for missing modules
- fix suexec mode
PR: 196139 [1]
MFH: 2015Q1
 |
Monday, 1 Dec 2014
|
22:50 ohauer
- make QA script happy and RMDIR empty folder below $PORTDOCS
the script complans on them even PORTDOCS=* is set
- do not slence INSTALL commands
 |
Monday, 22 Sep 2014
|
18:50 ohauer
apache24
- remove check if apr is build with threads
- bump PORTREVISION
- adopt new pkg-plist @dir
@with hat apache@
 |
Saturday, 13 Sep 2014
|
19:24 tijl
Remove unused LIBTOOLFILES
 |
Saturday, 9 Aug 2014
|
21:43 ohauer
- adjust default modules, changed during the last revisions
+ SESSION_DBD
+ SLOTMEM_SHM (e.g neeed for mod_ajp)
- CERN_META
- Use OPTION desc. from modules/config.m4 to match upstream
- bump PORTREVISION
with hat apache@
MFH: 2014Q3
 |
Sunday, 20 Jul 2014
|
20:49 ohauer
- security update to release 2.4.10
- add OPTION for new mod_authnz_fcgi module
- s/libluajit.so/libluajit-5.1.so/ (there is no libluajit.so)
- backport for mod_lua: Don't quote values in cookies
Make IE happy again [#56734]
http://svn.apache.org/viewvc?view=revision&revision=1611744
- disable sanity check on demand [1]
Release Notes:
http://www.apache.org/dist/httpd/CHANGES_2.4.10
PR: 191398 [1]
Submitted by: Robert Schulze <rs@bytecamp.net>
MFH: 2014Q3
Security: 4364e1f1-0f44-11e4-b090-20cf30e32f6d
CVE-2014-0117
CVE-2014-3523
CVE-2014-0226
CVE-2014-0118
CVE-2014-0231
 |
Wednesday, 16 Jul 2014
|
06:48 bapt
Use modern LIB_DEPENDS on non default options
Submitted by: ohauer
 |
Tuesday, 8 Jul 2014
|
22:44 ohauer
- revert conflict (apache22 has MPM sub ports)
 |
22:38 ohauer
- strip
- remove obsolete apache-*-2.2.* conflict
- add modules.d to EXAMPLESDIR
- always install DOC (remove Makefile hack)
- bump PORREVISION
- sort pkg-plist
 |
Saturday, 21 Jun 2014
|
13:54 ohauer
- fix build with lua51 / lua52
- strip trailing white space
- no PORTREVISION bump (LUA is not a default OPTION)
Lua build issue reported on apache@ and lua@
by Peter Olsson and Jason Hellenthal
 |
Wednesday, 11 Jun 2014
|
13:49 ohauer
- fix LIB_DEPENDS (after adding libtool:keepla to devel/apr1)
- bump PORTREVISION
Submitted by: David Cecchin <dcecchin@gmail.com>
 |
Wednesday, 4 Jun 2014
|
16:54 des
Add CPE information.
With hat: ports-secteam
 |
Friday, 30 May 2014
|
21:55 ohauer
- /USE_AUTOTOOLS=libtool/USES=libtool/
with hat apache@
 |
Monday, 26 May 2014
|
15:28 bapt
Replace lang/lua with the new lang/lua51
lang/lua51 is working the same way lang/lua52, chase ports using lua 5.1
Make the default lua lua52
Make all lua ports using USES=lua
Approved by: portmgr (implicit)
 |
Wednesday, 16 Apr 2014
|
18:28 zeising
The FreeBSD x11@ and graphics team proudly presents
a zeising, kwm production, with help from dumbbell, bdrewery:
NEW XORG ON FREEBSD 9-STABLE AND 10-STABLE
This update switches over to use the new xorg stack by default on FreeBSD 9
and 10 stable, on osversions where vt(9) is available.
It is still possible to use the old stack by specifying WITHOUT_NEW_XORG in
/etc/make.conf .
FreeBSD 8-STABLE and released versions of FreeBSD still use
the old version.
A package repository with binary packages for new xorg will
be available soon.
This patch also contains updates of libxcb and related ports, pixman, as well
as some drivers and utilities.
Bump portrevisions for xf86-* ports, as well as virtualbox-ose-additions due
to xserver version change.
Apart from these updates, the way shared libraries are handled has been
changed for all xorg ports, as well as libxml2 and freetype, which means
ltverhack is gone and as a consequence shared libraries have been bumped.
The plan is that this change will make library bumps less likely in the
future.
All affected ports have had their portrevisions bumped as a consequence of
this.
Fix some issues where WITH_NEW_XORG weren't detected properly on CURRENT.
Update instructions, hardware support, and more notes can be found on
https://wiki.freebsd.org/Graphics
Thanks to: all testers, bdrewery and the FreeBSD x11@ team
exp-run by: bdrewery [1]
PR: ports/187602 [1]
Approved by: portmgr (bdrewery), core (jhb)
 |
Tuesday, 8 Apr 2014
|
21:41 ohauer
- mod_authn_socache.c: fix creation of default socache_instance.
- add Note how the OpenSSL version used to build httpd is found (apr-1-config)
Upstream r1576233 commit message
================================
In pre_config, default socache_provider is created, but socache_instance
initialization is missing. This leads to crash on startup if default
socache_provider is used (AuthnCacheSOCache is not called) and
AuthnCacheEnable or AuthnCacheProvideFor is used.
Submitted by: Michael Bennett (per PM)
Obtained from: http://svn.apache.org/viewvc?view=revision&revision=1576233
 |
Saturday, 22 Mar 2014
|
21:18 ohauer
- update to 2.4.9
- enforcing use libapr-1.so.5 (apr-1.5.0 instead apr-1.4.8)
Changes with Apache 2.4.9
*) mod_ssl: Work around a bug in some older versions of OpenSSL that
would cause a crash in SSL_get_certificate for servers where the
certificate hadn't been sent. [Stephen Henson]
*) mod_lua: Add a fixups hook that checks if the original request is intended
for LuaMapHandler. This fixes a bug where FallbackResource invalidates the
LuaMapHandler directive in certain cases by changing the URI before the
map
handler code executes [Daniel Gruno, Daniel Ferradal <dferradal gmail
com>].
Changes with Apache 2.4.8
*) SECURITY: CVE-2014-0098 (cve.mitre.org)
Clean up cookie logging with fewer redundant string parsing passes.
Log only cookies with a value assignment. Prevents segfaults when
logging truncated cookies.
[William Rowe, Ruediger Pluem, Jim Jagielski]
*) SECURITY: CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests
[Amin Tora <Amin.Tora neustar.biz>]
*) core: Support named groups and backreferences within the LocationMatch,
DirectoryMatch, FilesMatch and ProxyMatch directives. (Requires
non-ancient PCRE library) [Graham Leggett]
*) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]
*) mod_dir: Add DirectoryCheckHandler to allow a 2.2-like behavior, skipping
execution when a handler is already set. PR53929. [Eric Covener]
*) mod_ssl: Do not perform SNI / Host header comparison in case of a
forward proxy request. [Ruediger Pluem]
*) mod_ssl: Remove the hardcoded algorithm-type dependency for the
SSLCertificateFile and SSLCertificateKeyFile directives, to enable
future algorithm agility, and deprecate the SSLCertificateChainFile
directive (obsoleted by SSLCertificateFile). [Kaspar Brand]
*) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
and IgnoreInherit to allow RewriteRules to be pushed from parent scopes
to child scopes without explicitly configuring each child scope.
PR56153. [Edward Lu <Chaosed0 gmail com>]
*) prefork: Fix long delays when doing a graceful restart.
PR 54852 [Jim Jagielski, Arkadiusz Miskiewicz <arekm maven pl>]
*) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick]
*) mod_proxy_wstunnel: Avoid busy loop on client errors, drop message
IDs 02445, 02446, and 02448 to TRACE1 from DEBUG. PR 56145.
[Joffroy Christen <joffroy.christen solvaxis com>, Eric Covener]
*) mod_remoteip: Correct the trusted proxy match test. PR 54651.
[Yoshinori Ehara <yoshinori ehara gmail com>, Eugene L <eugenel amazon
com>]
*) mod_proxy_fcgi: Fix error message when an unexpected protocol version
number is received from the application. PR 56110. [Jeff Trawick]
*) mod_remoteip: Use the correct IP addresses to populate the proxy_ips field.
PR 55972. [Mike Rumph]
*) mod_lua: Update r:setcookie() to accept a table of options and add domain,
path and httponly to the list of options available to set.
PR 56128 [Edward Lu <Chaosed0 gmail com>, Daniel Gruno]
*) mod_lua: Fix r:setcookie() to add, rather than replace,
the Set-Cookie header. PR56105
[Kevin J Walters <kjw ms com>, Edward Lu <Chaosed0 gmail com>]
*) mod_lua: Allow for database results to be returned as a hash with
row-name/value pairs instead of just row-number/value. [Daniel Gruno]
*) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to
%{REMOTE_ADDR}. PR 56094. [Edward Lu <Chaosed0 gmail com>]
*) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
save the socket for reuse by the next worker as if it were an
APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]
*) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a URL
that was just rewritten by mod_rewrite. PR53929. [Eric Covener]
*) mod_session: When we have a session we were unable to decode,
behave as if there was no session at all. [Thomas Eckert
<thomas.r.w.eckert gmail com>]
*) mod_session: Fix problems interpreting the SessionInclude and
SessionExclude configuration. PR 56038. [Erik Pearson
<erik adaptations.com>]
*) mod_authn_core: Allow <AuthnProviderAlias>'es to be seen from auth
stanzas under virtual hosts. PR 55622. [Eric Covener]
*) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
30 seconds timeout. [Jan Kaluza]
*) mod_proxy: Added support for unix domain sockets as the
backend server endpoint [Jim Jagielski, Blaise Tarr
<blaise tarr gmail com>]
*) build: only search for modules (config*.m4) in known subdirectories, see
build/config-stubs. [Stefan Fritsch]
*) mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk.
PR 55833. [Eric Covener]
*) mod_ssl: Add support for OpenSSL configuration commands by introducing
the SSLOpenSSLConfCmd directive. [Stephen Henson, Kaspar Brand]
*) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
is equivalent to <ProxyMatch wildcard-url>. [Christophe Jaillet]
*) mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
require directives. [Graham Leggett]
*) mod_proxy_http: Core dumped under high load. PR 50335.
[Jan Kaluza <jkaluza redhat.com>]
*) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
previously limited to 64MB. [Jens LAY=AY=s <jelaas gmail.com>]
*) mod_lua: Use binary copy when dealing with uploads through r:parsebody()
to prevent truncating files. [Daniel Gruno]
Changes with Apache 2.4.7
*) APR 1.5.0 or later is now required for the event MPM.
*) slotmem_shm: Error detection. [Jim Jagielski]
*) event: Use skiplist data structure. [Jim Jagielski]
*) event: Fail at startup with message AP02405 if the APR atomic
implementation is not compatible with the MPM. [Jim Jagielski]
*) mpm_unix: Add ap_mpm_podx_* implementation to avoid code duplication
and align w/ trunk. [Jim Jagielski]
*) Fix potential rejection of valid MaxMemFree and ThreadStackSize
directives. [Mike Rumph <mike.rumph oracle.com>]
*) mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
An individual envvar with an encoded length of more than 16K will be
omitted. [Jeff Trawick]
*) mod_proxy_fcgi: Handle reading protocol data that is split between
packets. [Jeff Trawick]
*) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
allowing custom parameters to be configured via SSLCertificateFile,
and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
Unless custom parameters are configured, the standardized parameters
are applied based on the certificate's RSA/DSA key size. [Kaspar Brand]
*) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand]
*) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
keys, and unconditionally disable aNULL, eNULL and EXP ciphers
(not overridable via SSLCipherSuite). [Kaspar Brand]
*) mod_proxy: Added support for unix domain sockets as the
backend server endpoint [Jim Jagielski, Blaise Tarr
<blaise tarr gmail com>]
*) Add experimental cmake-based build system for Windows. [Jeff Trawick,
Tom Donovan]
*) event MPM: Fix possible crashes (third party modules accessing c->sbh)
or occasional missed mod_status updates for some keepalive requests
under load. [Eric Covener]
*) mod_authn_socache: Support optional initialization arguments for
socache providers. [Chris Darroch]
*) mod_session: Reset the max-age on session save. PR 47476. [Alexey
Varlamov <alexey.v.varlamov gmail com>]
*) mod_session: After parsing the value of the header specified by the
SessionHeader directive, remove the value from the response. PR 55279.
[Graham Leggett]
*) mod_headers: Allow for format specifiers in the substitution string
when using Header edit. [Daniel Ruggeri]
*) mod_dav: dav_resource->uri is treated as unencoded. This was an
unnecessary ABI changed introduced in 2.4.6. PR 55397.
*) mod_dav: Don't require lock tokens for COPY source. PR 55306.
*) core: Don't truncate output when sending is interrupted by a signal,
such as from an exiting CGI process. PR 55643. [Jeff Trawick]
*) WinNT MPM: Exit the child if the parent process crashes or is terminated.
[Oracle Corporation]
*) Windows: Correct failure to discard stderr in some error log
configurations. (Error message AH00093) [Jeff Trawick]
*) mod_session_crypto: Allow using exec: calls to obtain session
encryption key. [Daniel Ruggeri]
*) core: Add missing Reason-Phrase in HTTP response headers.
PR 54946. [Rainer Jung]
*) mod_rewrite: Make rewrite websocket-aware to allow proxying.
PR 55598. [Chris Harris <chris.harris kitware com>]
*) mod_ldap: When looking up sub-groups, use an implicit objectClass=*
instead of an explicit cn=* filter. [David Hawes <dhawes vt.edu>]
*) ab: Add wait time, fix processing time, and output write errors only if
they occured. [Christophe Jaillet]
*) worker MPM: Don't forcibly kill worker threads if the child process is
exiting gracefully. [Oracle Corporation]
*) core: apachectl -S prints wildcard name-based virtual hosts twice.
PR54948 [Eric Covener]
*) mod_auth_basic: Add AuthBasicUseDigestAlgorithm directive to
allow migration of passwords from digest to basic authentication.
[Chris Darroch]
*) ab: Add a new -l parameter in order not to check the length of the
responses.
This can be usefull with dynamic pages.
PR9945, PR27888, PR42040 [<ccikrs1 cranbrook edu>]
*) Suppress formatting of startup messages written to the console when
ErrorLogFormat is used. [Jeff Trawick]
*) mod_auth_digest: Be more specific when the realm mismatches because the
realm has not been specified. [Graham Leggett]
*) mod_proxy: Add a note in the balancer manager stating whether changes
will or will not be persisted and whether settings are inherited.
[Daniel Ruggeri, Jim Jagielski]
*) mod_cache: Avoid a crash with strcmp() when the hostname is not provided.
[Graham Leggett]
*) core: Add util_fcgi.h and associated definitions and support
routines for FastCGI, based largely on mod_proxy_fcgi.
[Jeff Trawick]
*) mod_headers: Add 'Header note header-name note-name' for copying a response
headers value into a note. [Eric Covener]
*) mod_headers: Add 'setifempty' command to Header and RequestHeader.
[Eric Covener]
*) mod_logio: new format-specifier %S (sum) which is the sum of received
and sent byte counts.
PR54015 [Christophe Jaillet]
*) mod_deflate: Improve error detection when decompressing request bodies
with trailing garbage: handle case where trailing bytes are in
the same bucket. [Rainer Jung]
*) mod_authz_groupfile, mod_authz_user: Reduce severity of AH01671 and AH01663
from ERROR to DEBUG, since these modules do not know what mod_authz_core
is doing with their AUTHZ_DENIED return value. [Eric Covener]
*) mod_ldap: add TRACE5 for LDAP retries. [Eric Covener]
*) mod_ldap: retry on an LDAP timeout during authn. [Eric Covener]
*) mod_ldap: Change "LDAPReferrals off" to actually set the underlying LDAP
SDK option to OFF, and introduce "LDAPReferrals default" to take the SDK
default, sans rebind authentication callback.
[Jan Kaluza <kaluze AT redhat.com>]
*) core: Log a message at TRACE1 when the client aborts a connection.
[Eric Covener]
*) WinNT MPM: Don't crash during child process initialization if the
Listen protocol is unrecognized. [Jeff Trawick]
*) modules: Fix some compiler warnings. [Guenter Knauf]
*) Sync 2.4 and trunk
- Avoid some memory allocation and work when TRACE1 is not activated
- fix typo in include guard
- indent
- No need to lower the string before removing the path, it is just a
waste of time...
- Save a few cycles
[Christophe Jaillet <christophe.jaillet wanadoo.fr>]
*) mod_filter: Add "change=no" as a proto-flag to FilterProtocol
to remove a providers initial flags set at registration time.
[Eric Covener]
*) core, mod_ssl: Enable the ability for a module to reverse the sense of
a poll event from a read to a write or vice versa. This is a step on
the way to allow mod_ssl taking full advantage of the event MPM.
[Graham Leggett]
*) Makefile.win: Install proper pcre DLL file during debug build install.
PR 55235. [Ben Reser <ben reser org>]
*) mod_ldap: Fix a potential memory leak or corruption. PR 54936.
[Zhenbo Xu <zhenbo1987 gmail com>]
*) ab: Fix potential buffer overflows when processing the T and X
command-line options. PR 55360.
[Mike Rumph <mike.rumph oracle.com>]
*) fcgistarter: Specify SO_REUSEADDR to allow starting a server
with old connections in TIME_WAIT. [Jeff Trawick]
*) core: Add open_htaccess hook which, in conjunction with dirwalk_stat
and post_perdir_config (introduced in 2.4.5), allows mpm-itk to be
used without patches to httpd core. [Stefan Fritsch]
*) support/htdbm: fix processing of -t command line switch. Regression
introduced in 2.4.4
PR 55264 [Jo Rhett <jrhett netconsonance com>]
*) mod_lua: add websocket support via r:wsupgrade, r:wswrite, r:wsread
and r:wsping. [Daniel Gruno]
*) mod_lua: add support for writing/reading cookies via r:getcookie and
r:setcookie. [Daniel Gruno]
*) mod_lua: If the first yield() of a LuaOutputFilter returns a string, it
should
be prefixed to the response as documented. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
*) mod_lua: Remove ETAG, Content-Length, and Content-MD5 when a
LuaOutputFilter
is configured without mod_filter. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
*) mod_lua: Register LuaOutputFilter scripts as changing the content and
content-length by default, when run my mod_filter. Previously,
growing or shrinking a response that started with Content-Length set
would require mod_filter and FilterProtocol change=yes. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
*) mod_lua: Return a 500 error if a LuaHook* script doesn't return a
numeric return code. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
 |
Sunday, 24 Nov 2013
|
20:51 ohauer
- add patch for apache bug-id 55306
- bump PORTREVISION
There is an subversion update on the way and we will see the new
subversion before apache24-2.4.7 so adopt the mod_dav patches
from upstrem.
 |
20:09 ohauer
- add new directory for modules (APACHEETCDIR/modules.d)
New modules can be registered here with a simple
file that contains the LoadModule directives.
Additonal Maintaines can write instructions to the
conf file and keep pkg-message short.
As bonus the config file can be installed like every
other config file with a .sample extention so modules
are not disabled during pkg upgrades.
Module config files should begin with three digits
followed by '_' e.g. 100_php5.conf.
The load order can be controlled via the three digits.
Please wait some time before adopting the new directory
so users have time to update and adjust axisting configs
- no revision bump, devel/apr was updated and we will see
apache 2.2.7 in the next days (I only want to have the
modules.d directory adopted)
 |
Sunday, 27 Oct 2013
|
17:54 ohauer
- support staging
- partitial adopt new ${opt}_ notation
 |
Friday, 20 Sep 2013
|
23:36 bapt
Add NO_STAGE all over the place in preparation for the staging support (cat:
www)
 |
Number of commits found: 108 (showing only 100 on this page) |