notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.
New feature planned: get notified when the package is available. Now is the time to contribute ideas/suggestions.
non port: www/apache22/Makefile

Number of commits found: 188 (showing only 100 on this page)

1 | 2  »  

Wednesday, 21 Mar 2018
21:24 brnrd search for other commits by this committer
devel/apr1: Bump portrevision

 - Repair my rookie mistake of earlier today
 - Bump revision of dependent ports (again)

Reported by:	antoine
Original commitRevision:465240 
19:50 brnrd search for other commits by this committer
devel/apr1: Fix runtime issues of dependent port

 - iconv is in base in all supported FreeBSD versions
 - Fix build with MariaDB 10.2 [2]
 - Bump portrevision in dependencies

PR:		226705 [1], 226026 [2]
With hat:	apache
Approved by:	joneum (apache)
Original commitRevision:465232 
Sunday, 11 Mar 2018
14:23 brnrd search for other commits by this committer
Mk/Uses/apache.mk: Migrate Mk/bsd.apache.mk to Uses

 - Chase required changes in framework (bsd.sanity.mk, bsd.port.mk)
 - Chase required changes in ports (version checks)
 - Chase required changes in PHP ports (include bsd.apache.mk)
 - exp-run by antoine, brnrd, joneum

PR:             223691 (exp-run)
Reviewed by:    joneum (hat apache), mat (portmgr), antoine (portmgr)
Approved by:    joneum (hat apache)
Approved by:	portmgr
With hat:       apache
Original commitRevision:464175 
Saturday, 24 Feb 2018
10:33 brnrd search for other commits by this committer
www/apache22: Add upstream fix

 - Upstream fixes no longer released as point versions
 - Register BROKEN with various libssl providers
Original commitRevision:462786 
Tuesday, 19 Sep 2017
12:29 zi search for other commits by this committer
- Add backport of patch for CVE-2017-9798
- Bump PORTREVISION

Approved by:	ports-secteam (with hat)
Security:	76b085e2-9d33-11e7-9260-000c292ee6b8
Original commitRevision:450118 
Wednesday, 12 Jul 2017
19:26 brnrd search for other commits by this committer
www/apache22: Update to 2.2.34

 - Security update to 2.2.34

MFH:		2017Q3
Security:	0c2db2aa-5584-11e7-9a7d-b499baebfeaf
Differential Revision:	https://reviews.freebsd.org/D11285
Original commitRevision:445602 
Friday, 9 Jun 2017
19:39 feld search for other commits by this committer
www/apache22: Update to 2.2.32

Does not build with OpenSSL 1.1.x or LibreSSL 2.5.x which is a known issue.

Changelog:	http://www.apache.org/dist/httpd/CHANGES_2.2.32

PR:		219720
MFH:		2017Q2
Security:	CVE-2016-8743
Original commitRevision:443037 
Saturday, 5 Nov 2016
18:01 sunpoet search for other commits by this committer
- Add LICENSE

Approved by:	portmgr (blanket)
Original commitRevision:425420 
Friday, 28 Oct 2016
16:00 danfe search for other commits by this committer
- Remove trailing dot in COMMENT and/or reword it accordingly
- Prefer standard option descriptions, and trim one long line
Original commitRevision:424861 
Monday, 18 Jul 2016
20:42 ohauer search for other commits by this committer
- add lost condition to apply the extra patch
  for reproducible build

MFH:		2016Q3
Original commitRevision:418748 
20:26 ohauer search for other commits by this committer
- allow reproducible build
- set EXPIRATION_DATE to 2017-07-01 [1]

[1] Upstream propose EoL of apache 2.2.x during the next 12 months
    See discussion on dev@apache list.
Original commitRevision:418746 
20:14 brnrd search for other commits by this committer
www/apache24: Fix httpoxy vulnerability (+2.2)

  - Add upstream patch to www/apache24
  - Add upstream patch to www/apache22
  - Bump PORTREVISION

Approved by:    feld (ports-secteam)
MFH:            2016Q3
Security:       cf0b5668-4d1b-11e6-b2ec-b499baebfeaf
Security:       CVE-2016-5387
Original commitRevision:418743 
Tuesday, 5 Jul 2016
16:01 ohauer search for other commits by this committer
- s/USE_OPENSSL=yes/USES=ssl/
Original commitRevision:418092 
Friday, 1 Apr 2016
14:33 mat search for other commits by this committer
Remove ${PORTSDIR}/ from dependencies, categories v, w, x, y, and z.

With hat:	portmgr
Sponsored by:	Absolight
Original commitRevision:412351 
Monday, 18 Jan 2016
19:36 ohauer search for other commits by this committer
- fix ab buid with OpenSSL from ports and SSL3 disabled [1]
  (backport ab.c r1706008 from apache24)
- use new $opt-target
- improve kldstat check
- use new defined postexec, preunexec in pkg-plist

with hat apache@

PR:		206369
Submitted by:	matthew@ [1]
Original commitRevision:406606 
Sunday, 27 Sep 2015
10:44 ohauer search for other commits by this committer
- fix poudriere build on FreeBSD >= 10.x with OpenSSL from ports

I haven't found the exact culprit but it seems build in poudriere behaves
different.

Fix build in poudriere by inspecting MAKE_ENV, else WITH_OPENSSL_PORT is not
honored.

Noted by: Philip Jocks <pj @ netzkommune.de>
Original commitRevision:398034 
Sunday, 2 Aug 2015
19:39 ohauer search for other commits by this committer
- update to 2.2.31
- remove backports
- minor cleanups
- always rebuild configure script
- add patch for acinclude.m4 [1]

Changes with Apache 2.2.31 [2]

  *) Correct win32 build issues for mod_proxy exports, OpenSSL 1.0.x headers.
     [Yann Ylavic, Gregg Smith]

Changes with Apache 2.2.30 (not released)

  *) SECURITY: CVE-2015-3183 (cve.mitre.org)
     core: Fix chunk header parsing defect.
     Remove apr_brigade_flatten(), buffering and duplicated code from
     the HTTP_IN filter, parse chunks in a single pass with zero copy.
     Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext
     authorized characters.  [Graham Leggett, Yann Ylavic]

  *) http: Fix LimitRequestBody checks when there is no more bytes to read.
     [Michael Kaufmann <mail michael-kaufmann.ch>]

  *) core: Allow spaces after chunk-size for compatibility with implementations
     using a pre-filled buffer.  [Yann Ylavic, Jeff Trawick]

  *) mod_ssl: bring SNI behavior into better conformance with RFC 6066:
     no longer send warning-level unrecognized_name(112) alerts. PR 56241.
     [Kaspar Brand]

  *) http: Make ap_die() robust against any HTTP error code and not modify
     response status (finally logged) when nothing is to be done. PR 56035.
     [Yann Ylavic]

  *) core, modules: Avoid error response/document handling by the core if some
     handler or input filter already did it while reading the request (causing
     a double response body).  [Yann Ylavic]

  *) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
     5+ instead of just for FreeBSD 5. PR 53824.  [Jeff Trawick,
     Olli Hauer <ohauer gmx de>]

  *) mod_proxy: use the original (non absolute) form of the request-line's URI
     for requests embedded in CONNECT payloads used to connect SSL backends via
     a ProxyRemote forward-proxy.  PR 55892.  [Hendrik Harms <hendrik.harms
     gmail com>, William Rowe, Yann Ylavic]

  *) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for
     internationalization.  [William Rowe]

  *) mod_log_config: Implement logging for sub second timestamps and
     request end time.  [Rainer Jung]

  *) mod_log_config: Ensure that time data is consistent if multiple
     duration patterns are used in combination, e.g. %D and %{ms}T.
     [Rainer Jung]

  *) mod_log_config: Add "%{UNIT}T" format to output request duration in
     seconds, milliseconds or microseconds depending on UNIT ("s", "ms", "us").
     [Ben Reser, Rainer Jung]

  *) In alignment with RFC 7525, the default recommended SSLCipherSuite
     and SSLProxyCipherSuite now exclude RC4 as well as MD5. Also, the
     default recommended SSLProtocol and SSLProxyProtocol directives now
     exclude SSLv3. Existing configurations must be adjusted by the
     administrator. [William Rowe]

  *) core: Avoid potential use of uninitialized (NULL) request data in
     request line error path. [Yann Ylavic]

  *) mod_proxy_http: Use the "Connection: close" header for requests to
     backends not recycling connections (disablereuse), including the default
     reverse and forward proxies.  [Yann Ylavic]

  *) mod_proxy: Add ap_connection_reusable() for checking if a connection
     is reusable as of this point in processing.  [Jeff Trawick]

  *) mod_proxy: Reuse proxy/balancer workers' parameters and scores across
     graceful restarts, even if new workers are added, old ones removed, or
     the order changes.  [Jan Kaluza, Yann Ylavic]

  *) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context.
     PR 57100.  [Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>,
     Yann Ylavic]

  *) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
     allowing custom parameters to be configured via SSLCertificateFile,
     and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
     Unless custom parameters are configured, the standardized parameters
     are applied based on the certificate's RSA/DSA key size. [Kaspar Brand]

  *) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
     keys, and unconditionally disable aNULL, eNULL and EXP ciphers
     (not overridable via SSLCipherSuite). [Kaspar Brand]

  *) mod_ssl: Add support for configuring persistent TLS session ticket
     encryption/decryption keys (useful for clustered environments).
     [Paul Querna, Kaspar Brand]

  *) SSLProtocol and SSLCipherSuite recommendations in the example/default
     conf/extra/httpd-ssl.conf file are now global in scope, affecting all
     VirtualHosts (matching 2.4 default configuration). [William Rowe]

  *) mod_authn_dbd: Fix lifetime of DB lookup entries independently of the
     selected DB engine.  PR 46421.  [Jan Kaluza].

  *) Turn static function get_server_name_for_url() into public
     ap_get_server_name_for_url() and use it where appropriate. This
     fixes mod_rewrite generating invalid URLs for redirects to IPv6
     literal addresses. PR 52831 [Stefan Fritsch]

  *) dav_validate_request: avoid validating locks and ETags when there are
     no If headers providing them on a resource we aren't modifying.
     [Ben Reser]

  *) mod_ssl: New directive SSLSessionTickets (On|Off).
     The directive controls the use of TLS session tickets (RFC 5077),
     default value is "On" (unchanged behavior).
     Session ticket creation uses a random key created during web
     server startup and recreated during restarts. No other key
     recreation mechanism is available currently. Therefore using session
     tickets without restarting the web server with an appropriate frequency
     (e.g. daily) compromises perfect forward secrecy. [Rainer Jung]

  *) mod_deflate: Define APR_INT32_MAX when it is missing so to be able to
     compile against APR-1.2.x (minimum required version). [Yann Ylavic]

  *) mod_reqtimeout: Don't let pipelining checks interfere with the timeouts
     computed for subsequent requests.  PR 56729.  [Eric Covener]

[1]	https://issues.apache.org/bugzilla/show_bug.cgi?id=58126
[2]	http://www.apache.org/dist/httpd/CHANGES_2.2.31

With Head apache@

MFH:		2015Q3 ( in case no new issues are reported during the next 7 days )
Original commitRevision:393440 
15:03 tijl search for other commits by this committer
By default libtool replaces -export-symbols <file> with -retain-symbols-file
<file> on ELF systems, but this doesn't really do what -export-symbols is
meant to do.  On GNU ELF systems it converts <file> to a simple version
script first and then uses -version-script instead of -retain-symbols-file.
Let USES=libtool patch libtool scripts to do this on all systems with GNU
ld(1).

Bump PORTREVISION on all ports where the build log contains -export-symbols.

audio/calf: This port builds a module that now exports only one function,
but it also builds a number of executables that link to this module and
expect to see other functions.  Because it's already a bit dodgy to link to
a module (libtool warns about this) let the module continue to export only
one function and instead build an ordinary library from the same source that
the executables can link to.  Fix a number of other issues in the same
Makefile.am and clean up the port Makefile.

japanese/scim-honoka: Tries to hide all symbols that start with an
underscore, but because this library is written in C++ all symbols start
with _Z so it ends up hiding everything.  Just don't hide anything at all
like the textproc/scim configure script does.

multimedia/schroedinger: Apply an upstream patch.

textproc/scim-input-pad: Same as japanese/scim-honoka.

PR:		201922
Approved by:	portmgr (antoine)
Exp-run by:	antoine
Original commitRevision:393429 
Monday, 20 Jul 2015
16:37 feld search for other commits by this committer
Backport patch for CVE and bump PORTREVISION

Approved by:	pgollucci
MFH:		2015Q3
Security:	CVE-2015-3183
Security:	29083f8e-2ca8-11e5-86ff-14dae9d210b8
Original commitRevision:392591 
Tuesday, 2 Jun 2015
19:55 zi search for other commits by this committer
- Cleanup logjam patch (remove -rand call to openssl to fix build for libressl
users)
- Cleanup logjam patch (ensure perl can find/replace the correct bits when
re-rengerating)
- Bump PORTREVISION

With hat:	ports-secteam
Original commitRevision:388386 
Sunday, 31 May 2015
12:52 ohauer search for other commits by this committer
- use @sample for conf files
- backport ab from 2.4.x
- fix mode for suexec, cgi test files
- adopt http-ssl.conf.in from upstream trunk
- rebuild some patches
Original commitRevision:388056 
Thursday, 21 May 2015
02:13 zi search for other commits by this committer
- Generate new DH params during build to mitigate Logjam attack
- Fix deprecated USE_AUTOTOOLS
- Bump PORTREVISION

With hat:	ports-secteam
Obtained from:	Winni Neessen
Original commitRevision:386904 
Thursday, 14 May 2015
10:15 mat search for other commits by this committer
MASTER_SITES cleanup.

- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
  of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
  no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.

While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.

Also, replace some EXTRACT_SUFX occurences with USES=tar:*.

Checked by:	make fetch-urlall-list
With hat:	portmgr
Sponsored by:	Absolight
Original commitRevision:386312 
Saturday, 18 Apr 2015
09:47 tijl search for other commits by this committer
- Remove libtool hacks and patches that are now handled by USES=libtool
- Remove CONFIG_SHELL from CONFIGURE_ENV because bsd.port.mk handles that
Original commitRevision:384215 
Monday, 1 Dec 2014
22:50 ohauer search for other commits by this committer
- make QA script happy and RMDIR empty folder below $PORTDOCS
  the script complans on them even PORTDOCS=* is set
- do not slence INSTALL commands
Original commitRevision:373726 
Tuesday, 14 Oct 2014
13:23 mat search for other commits by this committer
Remove a #define strtoul that is messing up with c++.

Differential Revision:	https://reviews.freebsd.org/D945
Approved by:	ohauer
Sponsored by:	Absolight
Original commitRevision:370851 
Monday, 22 Sep 2014
18:50 ohauer search for other commits by this committer
apache24

- remove check if apr is build with threads
- bump PORTREVISION
- adopt new pkg-plist @dir

@with hat apache@
Original commitRevision:368986 
Saturday, 13 Sep 2014
19:24 tijl search for other commits by this committer
Remove unused LIBTOOLFILES
Original commitRevision:368131 
Wednesday, 3 Sep 2014
20:20 ohauer search for other commits by this committer
- update to 2.2.29
- use PTHREAD_LIBS/CFLAGS instead -pthread

Changes with Apache 2.2.29
http://www.apache.org/dist/httpd/CHANGES_2.2.29

  *) Corrected docs/manual pages for new MergeTrailers directive and other
     out of date documentation. [William Rowe]

Changes with Apache 2.2.28

  *) SECURITY: CVE-2014-0118 (cve.mitre.org) [1]
     mod_deflate: The DEFLATE input filter (inflates request bodies) now
     limits the length and compression ratio of inflated request bodies to avoid
     denial of service via highly compressed bodies.  See directives
     DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
     and DeflateInflateRatioBurst. [Yann Ylavic, Eric Covener]

  *) SECURITY: CVE-2014-0231 (cve.mitre.org) [1]
     mod_cgid: Fix a denial of service against CGI scripts that do
     not consume stdin that could lead to lingering HTTPD child processes
     filling up the scoreboard and eventually hanging the server.  By
     default, the client I/O timeout (Timeout directive) now applies to
     communication with scripts.  The CGIDScriptTimeout directive can be
     used to set a different timeout for communication with scripts.
     [Rainer Jung, Eric Covener, Yann Ylavic]

  *) SECURITY: CVE-2014-0226 (cve.mitre.org) [1]
     Fix a race condition in scoreboard handling, which could lead to
     a heap buffer overflow.  [Joe Orton, Eric Covener, Jeff Trawick]

  *) SECURITY: CVE-2013-5704 (cve.mitre.org) [2]
     core: HTTP trailers could be used to replace HTTP headers
     late during request processing, potentially undoing or
     otherwise confusing modules that examined or modified
     request headers earlier.  Adds "MergeTrailers" directive to restore
     legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]

  *) core: Detect incomplete request and response bodies, log an error and
     forward it to the underlying filters. PR 55475.  [Yann Ylavic]

  *) mod_deflate: Handle Zlib header and validation bytes received in multiple
     chunks. PR 46146. [Yann Ylavic]

  *) mod_proxy: Don't reuse a SSL backend connection whose requested SNI
     differs. PR 55782.  [Yann Ylavic]

  *) mod_deflate: Fix inflation of files larger than 4GB. PR 56062.
     [Lukas Bezdicka <social v3.sk>]

  *) mod_dav: Fix improper encoding in PROPFIND responses.  PR 56480.
     [Ben Reser]

  *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
     resumed by TLS session resumption (RFC 5077). [Rainer Jung]

  *) mod_proxy_ajp: Forward local IP address as a custom request attribute
     like we already do for the remote port. [Rainer Jung]

  *) mod_deflate: Don't fail when flushing inflated data to the user-agent
     and that coincides with the end of stream ("Zlib error flushing inflate
     buffer"). PR 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]

  *) mod_cache, mod_disk_cache: With CacheLock enabled, responses with a Vary
     header might not get the benefit of the thundering herd protection due to
     an incorrect internal cache key.  PR 50317.
     [Ruediger Pluem, Jan Kaluza, Yann Ylavic]

  *) mod_rewrite: Support session cookies with the CO= flag when later
     parameters are used.  The doc for this implied the feature had been
     backported for quite some time.  PR56014 [Eric Covener]

  *) mod_cache: Don't remove stale cache entries that cannot be conditionally
     revalidated. This prevents the thundering herd protection from serving
     stale responses during a revalidation. PR 50317.
     [Eric Covener, Jan Kaluza,  Ruediger Pluem]

  *) core: Increase TCP_DEFER_ACCEPT socket option to from 1 to 30 seconds.
     PR 41270. [Dean Gaudet <dean arctic org>]

[1] CVE issues already fixed since FreeBSD-ports r362845
[2] new CVE-2013-5704 issue fixed in 2.2.29

MFH:		2014Q3
Security:	f927e06c-1109-11e4-b090-20cf30e32f6d
Security:	CVE-2013-5704
Original commitRevision:367227 
Thursday, 24 Jul 2014
20:22 ohauer search for other commits by this committer
- backport upstream security fixes
- fix build with SSL from ports [1]

SECURITY: CVE-2014-0118 (cve.mitre.org)

mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to
avoid denial of sevice via highly compressed bodies.  See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and
DeflateInflateRatioBurst.

http://svn.apache.org/viewvc?view=revision&revision=1611426

SECURITY: CVE-2014-0226 (cve.mitre.org)

Fix a race condition in scoreboard handling,
which could lead to a heap buffer overflow.  Thanks to Marek Kroemeke
working with HP's Zero Day Initiative for reporting this.
* include/scoreboard.h: Add ap_copy_scoreboard_worker.
* server/scoreboard.c (ap_copy_scoreboard_worker): New function.
* modules/generators/mod_status.c (status_handler): Use it.

http://svn.apache.org/viewvc?view=revision&revision=1610515

SECURITY: CVE-2014-0231 (cve.mitre.org)

mod_cgid: Fix a denial of service against CGI scripts that do not consume
stdin that could lead to lingering HTTPD child processes filling up the
scoreboard and eventually hanging the server.

http://svn.apache.org/viewvc?view=revision&revision=1611185

[1] noted and testd by mat@

MFH:		2014Q3
Security:	f927e06c-1109-11e4-b090-20cf30e32f6d
		CVE-2014-0118
		CVE-2014-0231
		CVE-2014-0226
Original commitRevision:362845 
Sunday, 13 Jul 2014
15:58 ohauer search for other commits by this committer
- reflect new preferred apache version
Original commitRevision:361691 
Tuesday, 8 Jul 2014
22:46 ohauer search for other commits by this committer
- fix strip command (use ${PREFIX} instead real path)
Original commitRevision:361317 
21:31 ohauer search for other commits by this committer
- strip files
- sort pkg-plist
- always install DOCS (remove Makefile hack)
- reflect modules.d in EXAMPLESDIR, next target
  will be a new keyword for pkg-plist to handle
  module installation.
- bump PORTREVISION

- add warning about default version change (2014-07-11)
  (pkg-message, files/HEADS_UP)
Original commitRevision:361294 
Thursday, 12 Jun 2014
09:17 tijl search for other commits by this committer
Bump PORTREVISION on everything that depends on devel/apr1 due to the
library version change.

Approved by:	portmgr (implicit)
Original commitRevision:357574 
Wednesday, 4 Jun 2014
16:54 des search for other commits by this committer
Add CPE information.

With hat:	ports-secteam
Original commitRevision:356512 
Friday, 30 May 2014
21:55 ohauer search for other commits by this committer
- /USE_AUTOTOOLS=libtool/USES=libtool/

with hat apache@
Original commitRevision:355919 
Thursday, 10 Apr 2014
20:57 ohauer search for other commits by this committer
- fix build against security/openssl on FreeBSD-10
  in case port is build with tinderbox or poudriere.

  openssl is registered as BUILD/RUN dependency not
  as LIB dependency, therefore the check for openssl
  fails since it will be installed in a later stage
  by tinderbox / poudriere.

Thanks to Katsuya Higuchi who noted this issue on
the apache@ mailing list.
http://lists.freebsd.org/pipermail/freebsd-apache/2014-April/003490.html

MFH: 2014Q2

Submitted by:	Katsuya Higuchi <higuchi@jt-sys.co.jp>
Original commitRevision:350852 
Tuesday, 8 Apr 2014
23:33 ohauer search for other commits by this committer
- fix build on FreeBSD-10+ with OpenSSL from ports
- bump PORTVERSION because of CVE-2014-0076 / CVE-2014-0160

Special Thanks to Philip Jocks for reporting and testing!
http://lists.freebsd.org/pipermail/freebsd-apache/2014-April/003483.html

with hat apache@
Original commitRevision:350649 
Thursday, 27 Mar 2014
05:28 ohauer search for other commits by this committer
- update to version 2.2.27
- fix apache-mpm-peruser graceful reload [1]

Changes with Apache 2.2.27

  *) SECURITY: CVE-2014-0098 (cve.mitre.org)
     Clean up cookie logging with fewer redundant string parsing passes.
     Log only cookies with a value assignment. Prevents segfaults when
     logging truncated cookies.
     [William Rowe, Ruediger Pluem, Jim Jagielski]

  *) SECURITY: CVE-2013-6438 (cve.mitre.org)
     mod_dav: Keep track of length of cdata properly when removing
     leading spaces. Eliminates a potential denial of service from
     specifically crafted DAV WRITE requests
     [Amin Tora <Amin.Tora neustar.biz>]

  *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
     TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]

  *) mod_proxy_http: Core dumped under high load. PR 50335.
     [Jan Kaluza <jkaluza redhat.com>]

  *) proxy_util: NULL terminate the right buffer in 'send_http_connect'.
     [Christophe Jaillet]

  *) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
     is equivalent to <ProxyMatch wildcard-url>. [Christophe Jaillet]

  *) mod_ldap: Fix a potential memory leak or corruption.  PR 54936.
     [Zhenbo Xu <zhenbo1987 gmail com>]

  *) mod_ssl: Do not perform SNI / Host header comparison in case of a
     forward proxy request. [Ruediger Pluem]

  *) mod_rewrite: Add mod_rewrite.h to the headers installed on Windows.
     PR46679 [Bob Ionescu]

PR:		ports/182947 [1]
Submitted by:	Andrew Azarov <andrew@azar-a.net> [1]
Original commitRevision:349319 
Sunday, 16 Mar 2014
16:07 ohauer search for other commits by this committer
ports in cat www where MAINTAINER=ports

- USE_BZIP2 -> USES= tar:bzip2
- LICENSE=BSD -> BSD[n]CLAUSE
Original commitRevision:348417 
Sunday, 24 Nov 2013
19:56 ohauer search for other commits by this committer
- update to 2.2.26

- add new directory for modules (APACHEETCDIR/modules.d)

  New modules can be registered here with a simple
  file that contains the LoadModule directives.
  Additonal Maintaines can write instructions to the
  conf file and keep pkg-message short.
  As bonus the config file can be installed like every
  other config file with a .sample extention so modules
  are not disabled during pkg upgrades.

  Module config files should begin with three digits
  followed by '_' e.g. 100_php5.conf.
  The load order can be controlled via the three digits.

  Please wait some time before adopting the new directory
  so users have time to update and adjust axisting configs

Changes with Apache 2.2.26

  *) mod_dav: dav_resource->uri treated as unencoded. This was an
     unnecessary ABI changed introduced in 2.2.25  PR 55397.  [Ben Reser]

  *) mod_dav: Do not validate locks against parent collection of COPY
     source URI.  PR 55304.  [Ben Reser]

  *) mod_ssl: Check SNI hostname against Host header case-insensitively.
     PR 49491.  [Mayank Agrawal <magrawal.08 gmail.com>]

  *) mod_ssl: enable support for ECC keys and ECDH ciphers.  Tested against
     OpenSSL 1.0.0b3.  [Vipul Gupta vipul.gupta sun.com, Sander Temme,
     Stefan Fritsch]

  *) mod_ssl: Change default for SSLCompression to off, as compression
     causes security issues in most setups. (The so called "CRIME" attack).
     [Stefan Fritsch]

  *) mod_ssl: Fix compilation error when OpenSSL does not contain
     support for SSLv2. Problem was introduced in 2.2.25. PR 55194.
     [Rainer Jung, Kaspar Brand]

  *) mod_dav: Fix double encoding of URIs in XML and Location header (caused
     by unintential ABI change in 2.2.25).  PR 55397.  [Ben Reser]
Original commitRevision:334783 
Tuesday, 5 Nov 2013
22:00 ohauer search for other commits by this committer
- backport upstream commit r1528718 into mod_dav [1].
  This is needed because of a bug [2] due to an incorrect
  implementation of RFC 4918.
  The symptoms are a failure to copy a svn tree via DAV:

- fix package installation with old pkg tools (create empty
  folders in pkg-plist even staging is enabled)

[1] http://svn.apache.org/viewvc?view=revision&revision=1528718
[2] https://issues.apache.org/bugzilla/show_bug.cgi?id=55306

PR:		ports/183685
Submitted by:	Pietro Cerutti <gahr@FreeBSD.org>
Original commitRevision:332914 
Sunday, 27 Oct 2013
17:40 ohauer search for other commits by this committer
- support staging
- partitial adopt new ${opt}_ notation
Original commitRevision:331788 
Friday, 20 Sep 2013
23:36 bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
www)
Original commitRevision:327776 
Saturday, 14 Sep 2013
13:38 az search for other commits by this committer
- convert to the new perl5 framework
- convert USE_GMAKE to Uses

Approved by:	portmgr (bapt@, blanket)
Original commitRevision:327283 
Saturday, 7 Sep 2013
19:49 bsam search for other commits by this committer
Introduce variable ICONV_PREFIX at Mk/Uses/iconv.mk. The default for
pre 100043 is ${LOCALBASE} and /usr otherwise. Convert all ports to
new variable usage.

Approved by:	portmgr (bapt, implicit)
Original commitRevision:326683 
Wednesday, 14 Aug 2013
22:35 ak search for other commits by this committer
- Remove MAKE_JOBS_SAFE variable

Approved by:	portmgr (bdrewery)
Original commitRevision:324744 
Wednesday, 10 Jul 2013
19:01 ohauer search for other commits by this committer
- update to apache-2.2.25
- update vuxml with additional CVE-2013-1896 entry

Changes with Apache 2.2.25
  http://www.apache.org/dist/httpd/CHANGES_2.2.25

  *) SECURITY: CVE-2013-1896 (cve.mitre.org)
     mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
     the source href (sent as part of the request body as XML) pointing to a
     URI that is not configured for DAV will trigger a segfault. [Ben Reser
     <ben reser.org>]

  *) SECURITY: CVE-2013-1862 (cve.mitre.org)
     mod_rewrite: Ensure that client data written to the RewriteLog is
     escaped to prevent terminal escape sequences from entering the
     log file.  [Eric Covener, Jeff Trawick, Joe Orton]

  *) core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer
     strings.  The default limit for ap_pregsub() can be adjusted at compile
      time by defining AP_PREGSUB_MAXLEN.  [Stefan Fritsch, Jeff Trawick]

  *) core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization
     on Linux kernel versions 3.x and above.  PR 55121.  [Bradley Heilbrun
     <apache heilbrun.org>]

  *) mod_setenvif: Log error on substitution overflow.
     [Stefan Fritsch]

  *) mod_ssl/proxy: enable the SNI extension for backend TLS connections
     [Kaspar Brand]

  *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
     forwarding to SSL backends. PR 53134.
     [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]

  *) mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
     in the error log to debug level.  [William Rowe]

  *) mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
     with SSLProxyMachineCertificateFile/Path directives. PR 52212, PR 54698.
     [Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]

  *) mod_proxy_balancer: Added balancer parameter failontimeout to allow server
     admin to configure an IO timeout as an error in the balancer.
     [Daniel Ruggeri]

  *) mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind
     password.  [Daniel Ruggeri]

  *) htdigest: Fix buffer overflow when reading digest password file
     with very long lines. PR 54893. [Rainer Jung]

  *) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
     [Timothy Wood <tjw omnigroup.com>]

  *) mod_dav: Make sure that when we prepare an If URL for Etag comparison,
     we compare unencoded paths. PR 53910 [Timothy Wood <tjw omnigroup.com>]

  *) mod_dav: Sending an If or If-Match header with an invalid ETag doesn't
     result in a 412 Precondition Failed for a COPY operation. PR54610
     [Timothy Wood <tjw omnigroup.com>]

  *) mod_dav: When a PROPPATCH attempts to remove a non-existent dead
     property on a resource for which there is no dead property in the same
     namespace httpd segfaults. PR 52559 [Diego Santa Cruz
     <diego.santaCruz spinetix.com>]

  *) mod_dav: Do not fail PROPPATCH when prop namespace is not known.
     PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]

  *) mod_dav: Do not segfault on PROPFIND with a zero length DBM.
     PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]

PR:		ports/180248
Submitted by:	Jason Helfman jgh@
Original commitRevision:322728 
Saturday, 6 Jul 2013
08:46 ohauer search for other commits by this committer
- add fix for CVE-2013-1862
- adjust vuxml
Original commitRevision:322368 
Saturday, 27 Apr 2013
18:25 mva search for other commits by this committer
- Convert USE_ICONV=yes to USES=iconv
- Change USE_GNOME=pkgconfig|gnomehack to USES=pathfix|pkgconfig and
  USE_GETTEXT=yes to USES=gettext while here
Original commitRevision:316683 
Tuesday, 26 Mar 2013
21:31 ohauer search for other commits by this committer
- prepare for apache24
Original commitRevision:315333 
Saturday, 2 Mar 2013
19:31 ohauer search for other commits by this committer
- update to version 2.2.24
- move mpm itk patches to itk-mpm/files dir
- add sshd to REQUIRE line in the rc script to prevent boot
  issues in case a SSL cert is password protected [1]

Changes with Apache 2.2.24
 SECURITY: CVE-2012-3499 (cve.mitre.org) Various XSS flaws due to
 unescaped hostnames and URIs HTML output in mod_info, mod_status,
 mod_imagemap, mod_ldap, and mod_proxy_ftp.  [Jim Jagielski, Stefan
 Fritsch, Niels Heinen <heinenn google com>]

 SECURITY: CVE-2012-4558 (cve.mitre.org)
 XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
 Niels Heinen <heinenn google com>]

 mod_rewrite: Stop merging RewriteBase down to subdirectories
 unless new option 'RewriteOptions MergeBase' is configured.
 Merging RewriteBase was unconditionally turned on in 2.2.23.
 PR 53963. [Eric Covener]

 mod_ssl: Send the error message for speaking http to an https port using
 HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
 using SNI. PR 50823. [Stefan Fritsch]

 mod_ssl: log revoked certificates at level INFO
 instead of DEBUG. PR 52162. [Stefan Fritsch]

 mod_proxy_ajp: Support unknown HTTP methods. PR 54416.
 [Rainer Jung]

 mod_dir: Add support for the value 'disabled' in FallbackResource.
 [Vincent Deffontaines]

 mod_ldap: Fix regression in handling "server unavailable" errors on
 Windows.  PR 54140.  [Eric Covener]

 mod_ssl: fix a regression with the string rendering of the "UID" RDN
 introduced in 2.2.15. PR 54510. [Kaspar Brand]

 ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
 to more accurately report the negotiated protocol. PR 53916.
 [Nicolás Pernas Maradei <nico emutex com>, Kaspar Brand]

 mod_cache: Explicitly allow cache implementations to cache a 206 Partial
 Response if they so choose to do so. Previously an attempt to cache a 206
 was arbitrarily allowed if the response contained an Expires or
 Cache-Control header, and arbitrarily denied if both headers were missing
 Currently the disk and memory cache providers do not cache 206 Partial
 Responses. [Graham Leggett]

 core: Remove unintentional APR 1.3 dependency introduced with
 Apache 2.2.22. [Eric Covener]

 core: Use a TLS 1.0 close_notify alert for internal dummy connection if
 the chosen listener is configured for https. [Joe Orton]

 mod_ssl: Add new directive SSLCompression to disable TLS-level
   compression. PR 53219.

[1] requested by Andrew Filonov
    (freebsd-apache/2012-September/002962.html)

with head apache@
Original commitRevision:313287 
Wednesday, 2 Jan 2013
02:12 ache search for other commits by this committer
Use
LockFile "/var/run/accept.lock"
instead of previous
LockFile "/var/log/accept.lock"

If system is crashed and rebooted, Apache refuses to start in case
/var/log/accept.lock.<pid> is found. That <pid> is almost always the same
due to minimum pid variance right after boot.
So use /var/run instead, which is cleaned on each boot.
Original commitRevision:309798 
Monday, 10 Dec 2012
19:11 mm search for other commits by this committer
Update PCRE to 8.32
Introduces the UTF-32 library pcre32
Bump PORTREVISION in dependent ports
Original commitRevision:308630 
Sunday, 18 Nov 2012
18:48 hrs search for other commits by this committer
Fix a typo.

Spotted by:	ume
Pointy hat to:	hrs
Feature safe:	yes
Original commitRevision:307544 
16:33 hrs search for other commits by this committer
Fix rc.d script to support systems before and after ${name}_fib is introduced
into rc.subr.  Bump PORTREVISION.

Feature safe:	yes
Original commitRevision:307542 
Friday, 2 Nov 2012
18:45 ohauer search for other commits by this committer
- update apache22 to version 2.22.23
- trim vuxml/Makefile header

with hat apache@

Feature safe: yes

Security:       CVE-2012-2687
Original commitRevision:306878 
Sunday, 9 Sep 2012
17:01 ohauer search for other commits by this committer
- notice the users that old WITH/WITHOUT parameters are obsolete.
  Point them to the wiki

Thanks to crees@ for this suggestion to
implement this direct in the port

PR:		171509
Original commitRevision:303982 
Tuesday, 4 Sep 2012
21:17 ohauer search for other commits by this committer
- Simplify options with the removal of the last APR only related parameter [1]

- disallow IPv6 sockets to handle IPv4 requests per default. [2]

- move extra-patch-server__config.c
    -> patch-server__config.c
    https://issues.apache.org/bugzilla/show_bug.cgi?id=53823

- bump PORTREVISION

[1] Credits to Hajimu UMEMOTO (ume@) for finding the last APR related parameter
[2] http://httpd.apache.org/docs/2.2/bind.html

with hat apache@
Original commitRevision:303674 
Sunday, 2 Sep 2012
14:31 ohauer search for other commits by this committer
devel/apr1 [1]
- update APR to 1.4.6
- update APR-util to 1.4.1
- remove PKGNAMESUFFIX'es

www/apache-(event|itk|peruser|worker)-mpm
- adopt new Makefile header, adjust
  PKGNAMESUFFIX in apache22 masterport
  PKGNAME match now LATEST_LINK

www/apache22 [2]-[6]
- rewrite for options NG
- PORTNAME s|apache|apache22|
- remove APR APR-util specific otions,
  will be checked now with help of apr/u-1-config

Mk/bsd.apache.mk
- rewrite for options NG
- remove no longer needet make targets
  (show-categories, make-options-list)

[1]
PR: 165143

[2]-[6]
PR: 130479
PR: 153406
PR: 158565
PR: 168769
PR: 167965

with hat apache@
Original commitRevision:303550 
Thursday, 23 Aug 2012
04:49 ohauer search for other commits by this committer
- rewite apache port
 - remove all apr/apu related parts (leftovers from bundled apr)
 - remove invalid parts from Makefile.doc
 - move MODULES to Makefile.options

- remove apache20 parts
- remove category handling

with hat apache@
Original commit
Monday, 13 Aug 2012
19:51 ohauer search for other commits by this committer
- rewrite bsd.apache.mk  (prepare for options NG support)
   keep full backward support until apache20 is removed from the tree
   comment code to remove with MFC TODO:

- adjust apache20 and apache22 ports
   changes are transparent for users (no PORTREVISION bump)

 Users who are using special build instructions in make.conf, such as
  - WITH_STATIC_MODULES= alias dir log_config mime rewrite setenvif vhost_alias

 should convert the values to UPPERCASE
  - WITH_STATIC_MODULES= ALIAS DIR LOG_CONFIG MIME REWRITE SETENVIF VHOST_ALIAS

 At the moment code to support old lowercase style is in place, but
 target to remove in favor for options NG.

with hat apache@
Original commit
Thursday, 2 Aug 2012
03:17 wxs search for other commits by this committer
Document Apache 2.2.x insecure handling of LD_LIBRARY_PATH.
Add patch[1] to address problem to apache port.

[1]:
http://svn.apache.org/viewvc/httpd/httpd/trunk/support/envvars-std.in?view=log&pathrev=1296428

Approved by:	apache@ (pgollucci@)
Obtained from:	Apache SVN
Original commit
Sunday, 22 Jul 2012
21:13 ohauer search for other commits by this committer
apache22
- centralise OPTIONS in Makefile.options
- s/Enable// in OPTIONS
- rewrite Makefile.modules (last defined SLAVE_PORT_MPM port use now WITH_MPM
var)
- no REVISION bump, nothing changed in the logic / functionality

apache22-peruser-mpm
- use WITH_MPM instead SLAVE_PORT_MPM
Original commit
Sunday, 8 Jul 2012
21:32 ohauer search for other commits by this committer
- cleanup conflicts (remove no longer existent ports)
- remove explicit ABI version number from LIB_DEPENDS
Original commit
Tuesday, 14 Feb 2012
12:44 mm search for other commits by this committer
Bump pcre library dependency due to 8.30 update
Add (vendor) patch for deprecated pcre_info()
Original commit
Thursday, 9 Feb 2012
02:49 pgollucci search for other commits by this committer
- use $SYSCTL
- use full path setfib

PR:             ports/153264
Submitted by:   Jeremy Chadwick <freebsd@jdc.parodius.com>
With Hat:       apache@
Sponsored by:   Apache Software Foundation (ASF)
Original commit
Wednesday, 8 Feb 2012
22:49 pgollucci search for other commits by this committer
- Remove 0 length file breaking pkg

Reported by:    glarkin
Original commit
04:35 pgollucci search for other commits by this committer
- Convert to USERS/GROUPS [1]
- Resync proxy connect patch [2]
- Bump PORTREVISION since the proxy patch is unconditionally applied
  which means we can remove that OPTION too

PR:             ports/164698 [1], ports/164711 [2]
Submitted by:   jgh@ [1], freebsd@nagilum.org [2]
With Hat:       apache@
Sponsored by:   RideCharge Inc. / TaxiMagic
Original commit
Wednesday, 1 Feb 2012
18:56 jgh search for other commits by this committer
- Update to 2.2.22

Addresses:
* SECURITY: CVE-2011-3607 (cve.mitre.org)
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP
Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif
module is enabled, allows local users to gain privileges via a .htaccess file
with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request
header, leading to a heap-based buffer overflow.

* SECURITY: CVE-2012-0021 (cve.mitre.org)
The log_cookie function in mod_log_config.c in the mod_log_config module in the
Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not
properly handle a %{}C format string, which allows remote attackers to cause a
denial of service (daemon crash) via a cookie that lacks both a name and a
value.

* SECURITY: CVE-2012-0031 (cve.mitre.org)
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local
users to cause a denial of service (daemon crash during shutdown) or possibly
have unspecified other impact by modifying a certain type field within a
scoreboard shared memory segment, leading to an invalid call to the free
function.

* SECURITY: CVE-2011-4317 (cve.mitre.org)
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x
through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in
place, does not properly interact with use of (1) RewriteRule and (2)
ProxyPassMatch pattern matches for configuration of a reverse proxy, which
allows remote attackers to send requests to intranet servers via a malformed URI
containing an @ (at sign) character and a : (colon) character in invalid
positions. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2011-3368.

* SECURITY: CVE-2012-0053 (cve.mitre.org)
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly
restrict header information during construction of Bad Request (aka 400) error
documents, which allows remote attackers to obtain the values of HTTPOnly
cookies via vectors involving a (1) long or (2) malformed header in conjunction
with crafted web script.

* SECURITY: CVE-2011-3368 (cve.mitre.org)
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x
through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of
(1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a
reverse proxy, which allows remote attackers to send requests to intranet
servers via a malformed URI containing an initial @ (at sign) character.

PR: ports/164675
Reviewed by: pgollucci
Approved by: pgollucci, crees, rene (mentors, implicit)
With Hat: apache@
Original commit
Friday, 23 Sep 2011
22:26 amdmi3 search for other commits by this committer
- Add LDFLAGS to CONFIGURE_ENV and MAKE_ENV (as it was done with LDFLAGS)
- Fix all ports that add {CPP,LD}FLAGS to *_ENV to modify flags instead

PR:             157936
Submitted by:   myself
Exp-runs by:    pav
Approved by:    pav
Original commit
Thursday, 15 Sep 2011
05:00 ohauer search for other commits by this committer
- update to version 2.2.21

Addresses:
* SECURITY: CVE-2011-3348 (cve.mitre.org)
 mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
 unrecognized HTTP methods from marking ajp: balancer members
 in an error state, avoiding denial of service.

* SECURITY: CVE-2011-3192 (cve.mitre.org)
 core: Further fixes to the handling of byte-range requests to use
 less memory, to avoid denial of service. This patch includes fixes
 to the patch introduced in release 2.2.20 for protocol compliance,
 as well as the MaxRanges directive.

PR:             ports/160743
Submitted by:   Jason Helfman <jhelfman@experts-exchange.com>
Original commit
Monday, 12 Sep 2011
23:17 gabor search for other commits by this committer
- Track dependencies after databases/gdbm update
Original commit
Friday, 2 Sep 2011
06:18 ade search for other commits by this committer
Emergency upgrade to 2.2.20 - CVE-2011-3192.  Any complaints, talk to me.

PR:             160381
Original commit
Wednesday, 29 Jun 2011
17:28 ohauer search for other commits by this committer
- Close a race condition that sometimes resulted in configure.in
  patches being ignored
Original commit
Sunday, 22 May 2011
21:33 ohauer search for other commits by this committer
- update to httpd-2.2.19

Changes with Apache 2.2.19

  *) Revert ABI breakage in 2.2.18 caused by the function signature change
     of ap_unescape_url_keep2f().  This release restores the signature from
     2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex().
     [Eric Covener]

commit with hat apache@
Original commit
Friday, 13 May 2011
23:02 ohauer search for other commits by this committer
- update to version 2.2.18

Changes:
http://www.apache.org/dist/httpd/CHANGES_2.2.18

Changes with Apache 2.2.18

  *) Log an error for failures to read a chunk-size, and return 408 instead
     413 when this is due to a read timeout.  This change also fixes some cases
     of two error documents being sent in the response for the same scenario.
     [Eric Covener] PR49167

  *) core: Only log a 408 if it is no keepalive timeout. PR 39785
     [Ruediger Pluem,  Mark Montague <markmont umich.edu>]

  *) core: Treat timeout reading request as 408 error, not 400.
     Log 408 errors in access log as was done in Apache 1.3.x.
     PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>, Stefan Fritsch,
     Dan Poirier]

  *) Core HTTP: disable keepalive when the Client has sent
     Expect: 100-continue
     but we respond directly with a non-100 response.  Keepalive here led
     to data from clients continuing being treated as a new request.
     PR 47087.  [Nick Kew]

  *) htpasswd: Change the default algorithm for htpasswd to MD5 on all
     platforms. Crypt with its 8 character limit is not useful anymore;
     improve out of disk space handling (PR 30877); print a warning if
     a password is truncated by crypt. [Stefan Fritsch]

  *) mod_win32: Added shebang check for '! so that .vbs scripts work as CGI.
     Win32's cscript interpreter can only use a single quote as comment char.
     [Guenter Knauf]

  *) configure: Fix htpasswd/htdbm libcrypt link errors with some newer
     linkers. [Stefan Fritsch]

  *) MinGW build improvements.  PR 49535.  [John Vandenberg
     <jayvdb gmail.com>, Jeff Trawick]

  *) mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
     [Stefan Fritsch]

  *) core: AllowEncodedSlashes new option NoDecode to allow encoded slashes
     in request URL path info but not decode them. PR 35256,
     PR 46830.  [Dan Poirier]

  *) mod_rewrite: Allow to unset environment variables. PR 50746.
     [Rainer Jung]

  *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
     binary (Suexec Off), or force startup failure if suEXEC is required
     but not supported (Suexec On).  [Jeff Trawick]

  *) mod_proxy: Put the worker in error state if the SSL handshake with the
     backend fails. PR 50332.
     [Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]

  *) prefork: Update MPM state in children during a graceful restart.
     Allow the HTTP connection handling loop to terminate early
     during a graceful restart.  PR 41743.
     [Andrew Punch <andrew.punch 247realmedia.com>]

  *) mod_ssl: Correctly read full lines in input filter when the line is
     incomplete during first read. PR 50481. [Ruediger Pluem]

  *) mod_autoindex: Merge IndexOptions from server to directory context when
     the directory has no mod_autoindex directives. PR 47766. [Eric Covener]

  *) mod_cache: Make sure that we never allow a 304 Not Modified response
     that we asked for to leak to the client should the 304 response be
     uncacheable. PR45341 [Graham Leggett]

  *) mod_dav: Send 400 error if malformed Content-Range header is received for
     a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]

  *) mod_userdir: Add merging of enable, disable, and filename arguments
     to UserDir directive, leaving enable/disable of userlists unmerged.
     PR 44076 [Eric Covener]

  *) core: Honor 'AcceptPathInfo OFF' during internal redirects,
     such as per-directory mod_rewrite substitutions.  PR 50349.
     [Eric Covener]

  *) mod_cache: Check the request to determine whether we are allowed
     to return cached content at all, and respect a "Cache-Control:
     no-cache" header from a client. Previously, "no-cache" would
     behave like "max-age=0". [Graham Leggett]

  *) mod_mem_cache: Add a debug msg when a streaming response exceeds
     MCacheMaxStreamingBuffer, since mod_cache will follow up with a scary
     'memory allocation failed' debug message. PR 49604. [Eric Covener]

  *) proxy_connect: Don't give up in the middle of a CONNECT tunnel
     when the child process is starting to exit.  PR50220. [Eric Covener]

PR:             156997
Submitted by:   Tsurutani Naoki <turutani _at_ scphys.kyoto-u.ac.jp>
Original commit
Monday, 18 Apr 2011
20:32 ohauer search for other commits by this committer
 - fix Ports with version numbers going backwards for www/apache22-peruser-mpm
 - by changing PORTREVISION= to ?=

   Issue reported by erwin@
Original commit
Thursday, 31 Mar 2011
17:00 ohauer search for other commits by this committer
 - update Apache 2 ITK MPM patch to version 20110321-01 [1]
 - add additional patch for mpm-itk [2]
 - add mod_substitute to apache22 [3]
 - add some documentation into the mpm-itk* patches
 - bump portrevision

 Changes:
 [1] apache2.2-mpm-itk 2.2.17-01, released 2011-03-21:
  * Fixed CVE-2011-1176: If NiceValue was set, the default with no
    AssignUserID was to run as root:root instead of the default Apache user
    and group, due to the configuration merger having an incorrect default
    configuration.
  * Rebase against Apache 2.2.17.
  * Fix an issue where users can sometimes get spurious 403s on persistent
    connections, if the .htaccess files are not world readable.
  * In the config merger, don't reallocate the username, since it's already
    in the correct pool. (This is not a memory leak, only a small inefficiency.)

 [2] http://httpd.apache.org/docs/2.2/mod/mod_substitute.html

 Source:
  http://mpm-itk.sesse.net/ [1]
  http://www.pvv.ntnu.no/~knuta/mpm-itk/ [2]
  http://lists.freebsd.org/pipermail/freebsd-apache/2011-March/002184.html [3]

 With Hat:  apache@

PR:             ports/156024 [1][2]
Submitted by:   Lukasz Wasikowski <lukasz _at_ wasikowski.net> [1][2]
                Nick Gieczewski <sorongo _at_ gmail.com> [3]
Original commit
Tuesday, 7 Dec 2010
20:38 pgollucci search for other commits by this committer
- update conflicts
Original commit
Saturday, 4 Dec 2010
07:34 ade search for other commits by this committer
Sync to new bsd.autotools.mk
Original commit
Thursday, 21 Oct 2010
18:00 pgollucci search for other commits by this committer
- The previous update to the rc.d script didn't quite maintain the old behavior
  correctly.  This fixes the pid file name

PR:                             ports/151623
Submitted by:   Vivek Khera <vivek@khera.org>
With Hat:               apache@
Point hat to:   myself (pgollucci)
Original commit
Wednesday, 20 Oct 2010
21:04 pgollucci search for other commits by this committer
- Update to 2.2.17

**
* Note, no CVE affects the FREEBSD port.  devel/apr1 was updated to
* apr-util 1.3.10 on 2010/10/06 05:32:24.
**

Changes:        http://www.apache.org/dist/httpd/CHANGES_2.2
PR:             ports/151594
Submitted by:   Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
With Hat:       apache@

<ChangeLog>
  *) prefork MPM: Run cleanups for final request when process exits gracefully
     to work around a flaw in apr-util.  PR 43857.  [Tom Donovan]

  *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
     connections and other protocol handlers (like mod_ftp). Enforce the
     timeout for AP_MODE_GETLINE. If there is a timeout, shorten the lingering
     close time from 30 to 2 seconds. [Stefan Fritsch]

  *) Proxy balancer: support setting error status according to HTTP response
     code from a backend.  PR 48939.  [Daniel Ruggeri <DRuggeri primary.net>]

  *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
     password to UTF-8. PR 45318.
     [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]

  *) core: check symlink ownership if both FollowSymlinks and
     SymlinksIfOwnerMatch are set [Nick Kew]

  *) core: fix origin checking in SymlinksIfOwnerMatch
     PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]

  *) mod_headers: Enable multi-match-and-replace edit option
     PR 46594 [Nick Kew]

  *) mod_log_config: Make ${cookie}C correctly match whole cookie names
     instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
     Stefan Fritsch]

  *) mod_dir, mod_negotiation: Pass the output filter information
     to newly created sub requests; as these are later on used
     as true requests with an internal redirect. This allows for
     mod_cache et.al. to trap the results of the redirect.
     PR 17629, 43939
     [Dirk-Willem van Gulik, Jim Jagielski, Joe Orton, Ruediger Pluem]

  *) rotatelogs: Fix possible buffer overflow if admin configures a
     mongo log file path. [Jeff Trawick]

  *) mod_ssl: Do not do overlapping memcpy. PR 45444 [Joe Orton]

  *) vhost: A purely-numeric Host: header should not be treated as a port.
     PR 44979 [Nick Kew]

  *) core: (re)-introduce -T commandline option to suppress documentroot
     check at startup.
     PR 41887 [Jan van den Berg <janvdberg gmail.com>]
</ChangeLog>
Original commit
Saturday, 16 Oct 2010
11:52 ade search for other commits by this committer
Punt autoconf267->autoconf268
Original commit
Thursday, 14 Oct 2010
19:53 pgollucci search for other commits by this committer
- Allow overriding of the following on a profile basis.
    pidfile
    command
    envvars

Without profiles, the old defaults remain unchanged.  With profiles the old
defaults
remain unchanged.

Sponsored by:           RideCharge Inc. / TaxiMagic
Tested by:                      RideCharge Inc. / TaxiMagic (> 1 yr in
production)
With Hat:                       apache@
Original commit
Wednesday, 15 Sep 2010
18:35 ade search for other commits by this committer
Autotools update.   Read ports/UPDATING 20100915 for details.

Approved by:    portmgr (for Mk/bsd.port.mk part)
Tested by:      Multiple -exp runs
Original commit
Monday, 26 Jul 2010
01:28 kuriyama search for other commits by this committer
- Upgrade to 2.2.16.

Security:       CVE-2010-1452 (mod_{cache,dev} remote DoS),
                CVE-2010-2068 (mod_{proxy_{ajp,http},reqtimeout} related on some
platforms)
Original commit
Friday, 21 May 2010
16:28 pgollucci search for other commits by this committer
Bump PORTREVISION forgotten in last commit, by /home/ncvs lied to me.

- Fix misnamed patch that was unconditionally applied.

PR:             ports/146789
Submitted by:   Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net>
With Hat:       apache@
Original commit
Thursday, 20 May 2010
21:43 pgollucci search for other commits by this committer
- Enable,build, and install mod_reqtimeout.so which mitigates solaris attacks.
- Default on, so bump PORTREVISION

Reuested by:        Jonas Eckerman <jonas@fsdb.org> (via apache@)
With Hat:           apache@
Original commit
Tuesday, 18 May 2010
04:58 pgollucci search for other commits by this committer
- Bump PORTREVISION

With Hat:   apache@
Original commit
04:57 pgollucci search for other commits by this committer
- Whitespace only

With Hat:   apache@
Original commit
04:55 pgollucci search for other commits by this committer
- file is only in devel/apr[01] now.

With Hat:   apache@
Original commit
04:55 pgollucci search for other commits by this committer
- remove apr/apr-util vestiges
- fullbuild not needed anymore
- buildconf not needed anymore
- scripts_env not needed anymore

With Hat:   apache@
Original commit
04:53 pgollucci search for other commits by this committer
- Remove WITH_APR_FROM_PORTS option. Always use devel/apr1 port now.
  Bundled srclib/apr is never used now.

With Hat:   apache@
Original commit
04:08 pgollucci search for other commits by this committer
- Chase devel/apr -> devel/apr1 shuffling

PR:             ports/146553
Submitted by:   myself (pgollucci@)
With Hat:       apache@
Original commit
04:05 pgollucci search for other commits by this committer
- Convert ports/ to devel/apr1

PR:             ports/146553
Submitted by:   myself (pgollucci@)
With Hat:       apache@
Original commit
Friday, 14 May 2010
05:03 pgollucci search for other commits by this committer
By default suexec doesn't enforces different resource limitations configured in
login.conf(5). This is probably because resource limitations are handled
differently on various different platforms.

This modifies suexec behaviour to set resource limits for CGI's
from /etc/login.conf before execing the customers CGI script.

Doesn't affect default package, so no PORTREVISION bumps.

I will follow up at dev@httpd.apache.org to see about adding this
with #ifdefs.

PR:             ports/136091
Submitted by:   Alexey V.Degtyarev <alexey@renatasystems.org>
With Hat:       apache@
Original commit
Thursday, 13 May 2010
00:59 pgollucci search for other commits by this committer
- Remove use of $] which is deprecated in perl and gone in perl 5.12
  This is already being discussed at dev@httpd and will be committed upstream

Reported by:    brad clawsie <clawsie@fastmail.fm> (on apache@ list)
With Hat:       apache@
Original commit
Friday, 7 May 2010
21:46 pgollucci search for other commits by this committer
- Continuation of ports/133704
  apxs -A comments out the LoadModule line
  This adds custom FreeBSD mod to 'DELETE' the line so that it works with
  our pkg-plists in packages.
- Remove -s form the cmp httpd.conf in pkg-plist to be blatant about why
  it didn't get removed
- Tested with lang/php5
- Bump PORTREVISION

PR:             ports/133704
With Hat:       apache@
Original commit
20:53 pgollucci search for other commits by this committer
- Fix -A and -a options for apxs to correctly ignore whitespace.
  This will fix about 100 pkg-plist left overs for httpd.conf
- Bump PORTREVISION
-  This will be in 2.2.16.

PR:             ports/133704
Obtained from:  http://svn.apache.org/viewvc?rev=942210&view=rev
Reported by:    olli hauer <ohauer@gmx.de> (and very good pr!)
With Hat:       apache@
Original commit

Number of commits found: 188 (showing only 100 on this page)

1 | 2  »