notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
All times are UTC
non port: www/apache22/Makefile.modules

Number of commits found: 47

Sunday, 11 Mar 2018
14:23 brnrd search for other commits by this committer
Mk/Uses/ Migrate Mk/ to Uses

 - Chase required changes in framework (,
 - Chase required changes in ports (version checks)
 - Chase required changes in PHP ports (include
 - exp-run by antoine, brnrd, joneum

PR:             223691 (exp-run)
Reviewed by:    joneum (hat apache), mat (portmgr), antoine (portmgr)
Approved by:    joneum (hat apache)
Approved by:	portmgr
With hat:       apache
Original commitRevision:464175 
Monday, 17 Aug 2015
14:20 mat search for other commits by this committer

UNIQUENAME was never unique, it was only used by USE_LDCONFIG and now,
we won't have conflicts there.

Use PKGBASE instead of LATEST_LINK in PKGLATESTFILE, the *only* consumer
is pkg-devel, and it works just fine without LATEST_LINK as pkg-devel
has the correct PKGNAME anyway.

Now that UNIQUENAME is gone, OPTIONSFILE is too. (it's been called

Reviewed by:	antoine, bapt
Exp-run by:	antoine
Sponsored by:	Absolight
Differential Revision:
Original commitRevision:394508 
Monday, 22 Sep 2014
18:50 ohauer search for other commits by this committer

- remove check if apr is build with threads
- adopt new pkg-plist @dir

@with hat apache@
Original commitRevision:368986 
Wednesday, 3 Sep 2014
20:20 ohauer search for other commits by this committer
- update to 2.2.29
- use PTHREAD_LIBS/CFLAGS instead -pthread

Changes with Apache 2.2.29

  *) Corrected docs/manual pages for new MergeTrailers directive and other
     out of date documentation. [William Rowe]

Changes with Apache 2.2.28

  *) SECURITY: CVE-2014-0118 ( [1]
     mod_deflate: The DEFLATE input filter (inflates request bodies) now
     limits the length and compression ratio of inflated request bodies to avoid
     denial of service via highly compressed bodies.  See directives
     DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
     and DeflateInflateRatioBurst. [Yann Ylavic, Eric Covener]

  *) SECURITY: CVE-2014-0231 ( [1]
     mod_cgid: Fix a denial of service against CGI scripts that do
     not consume stdin that could lead to lingering HTTPD child processes
     filling up the scoreboard and eventually hanging the server.  By
     default, the client I/O timeout (Timeout directive) now applies to
     communication with scripts.  The CGIDScriptTimeout directive can be
     used to set a different timeout for communication with scripts.
     [Rainer Jung, Eric Covener, Yann Ylavic]

  *) SECURITY: CVE-2014-0226 ( [1]
     Fix a race condition in scoreboard handling, which could lead to
     a heap buffer overflow.  [Joe Orton, Eric Covener, Jeff Trawick]

  *) SECURITY: CVE-2013-5704 ( [2]
     core: HTTP trailers could be used to replace HTTP headers
     late during request processing, potentially undoing or
     otherwise confusing modules that examined or modified
     request headers earlier.  Adds "MergeTrailers" directive to restore
     legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]

  *) core: Detect incomplete request and response bodies, log an error and
     forward it to the underlying filters. PR 55475.  [Yann Ylavic]

  *) mod_deflate: Handle Zlib header and validation bytes received in multiple
     chunks. PR 46146. [Yann Ylavic]

  *) mod_proxy: Don't reuse a SSL backend connection whose requested SNI
     differs. PR 55782.  [Yann Ylavic]

  *) mod_deflate: Fix inflation of files larger than 4GB. PR 56062.
     [Lukas Bezdicka <social>]

  *) mod_dav: Fix improper encoding in PROPFIND responses.  PR 56480.
     [Ben Reser]

  *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
     resumed by TLS session resumption (RFC 5077). [Rainer Jung]

  *) mod_proxy_ajp: Forward local IP address as a custom request attribute
     like we already do for the remote port. [Rainer Jung]

  *) mod_deflate: Don't fail when flushing inflated data to the user-agent
     and that coincides with the end of stream ("Zlib error flushing inflate
     buffer"). PR 56196. [Christoph Fausak <christoph fausak>]

  *) mod_cache, mod_disk_cache: With CacheLock enabled, responses with a Vary
     header might not get the benefit of the thundering herd protection due to
     an incorrect internal cache key.  PR 50317.
     [Ruediger Pluem, Jan Kaluza, Yann Ylavic]

  *) mod_rewrite: Support session cookies with the CO= flag when later
     parameters are used.  The doc for this implied the feature had been
     backported for quite some time.  PR56014 [Eric Covener]

  *) mod_cache: Don't remove stale cache entries that cannot be conditionally
     revalidated. This prevents the thundering herd protection from serving
     stale responses during a revalidation. PR 50317.
     [Eric Covener, Jan Kaluza,  Ruediger Pluem]

  *) core: Increase TCP_DEFER_ACCEPT socket option to from 1 to 30 seconds.
     PR 41270. [Dean Gaudet <dean arctic org>]

[1] CVE issues already fixed since FreeBSD-ports r362845
[2] new CVE-2013-5704 issue fixed in 2.2.29

MFH:		2014Q3
Security:	f927e06c-1109-11e4-b090-20cf30e32f6d
Security:	CVE-2013-5704
Original commitRevision:367227 
Sunday, 27 Oct 2013
17:40 ohauer search for other commits by this committer
- support staging
- partitial adopt new ${opt}_ notation
Original commitRevision:331788 
Wednesday, 10 Jul 2013
19:01 ohauer search for other commits by this committer
- update to apache-2.2.25
- update vuxml with additional CVE-2013-1896 entry

Changes with Apache 2.2.25

  *) SECURITY: CVE-2013-1896 (
     mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
     the source href (sent as part of the request body as XML) pointing to a
     URI that is not configured for DAV will trigger a segfault. [Ben Reser

  *) SECURITY: CVE-2013-1862 (
     mod_rewrite: Ensure that client data written to the RewriteLog is
     escaped to prevent terminal escape sequences from entering the
     log file.  [Eric Covener, Jeff Trawick, Joe Orton]

  *) core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer
     strings.  The default limit for ap_pregsub() can be adjusted at compile
      time by defining AP_PREGSUB_MAXLEN.  [Stefan Fritsch, Jeff Trawick]

  *) core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization
     on Linux kernel versions 3.x and above.  PR 55121.  [Bradley Heilbrun

  *) mod_setenvif: Log error on substitution overflow.
     [Stefan Fritsch]

  *) mod_ssl/proxy: enable the SNI extension for backend TLS connections
     [Kaspar Brand]

  *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
     forwarding to SSL backends. PR 53134.
     [Michael Weiser <michael>, Ruediger Pluem]

  *) mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
     in the error log to debug level.  [William Rowe]

  *) mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
     with SSLProxyMachineCertificateFile/Path directives. PR 52212, PR 54698.
     [Keith Burdis <keith>, Joe Orton, Kaspar Brand]

  *) mod_proxy_balancer: Added balancer parameter failontimeout to allow server
     admin to configure an IO timeout as an error in the balancer.
     [Daniel Ruggeri]

  *) mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind
     password.  [Daniel Ruggeri]

  *) htdigest: Fix buffer overflow when reading digest password file
     with very long lines. PR 54893. [Rainer Jung]

  *) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
     [Timothy Wood <tjw>]

  *) mod_dav: Make sure that when we prepare an If URL for Etag comparison,
     we compare unencoded paths. PR 53910 [Timothy Wood <tjw>]

  *) mod_dav: Sending an If or If-Match header with an invalid ETag doesn't
     result in a 412 Precondition Failed for a COPY operation. PR54610
     [Timothy Wood <tjw>]

  *) mod_dav: When a PROPPATCH attempts to remove a non-existent dead
     property on a resource for which there is no dead property in the same
     namespace httpd segfaults. PR 52559 [Diego Santa Cruz

  *) mod_dav: Do not fail PROPPATCH when prop namespace is not known.
     PR 52559 [Diego Santa Cruz <diego.santaCruz>]

  *) mod_dav: Do not segfault on PROPFIND with a zero length DBM.
     PR 52559 [Diego Santa Cruz <diego.santaCruz>]

PR:		ports/180248
Submitted by:	Jason Helfman jgh@
Original commitRevision:322728 
Saturday, 2 Mar 2013
19:31 ohauer search for other commits by this committer
- update to version 2.2.24
- move mpm itk patches to itk-mpm/files dir
- add sshd to REQUIRE line in the rc script to prevent boot
  issues in case a SSL cert is password protected [1]

Changes with Apache 2.2.24
 SECURITY: CVE-2012-3499 ( Various XSS flaws due to
 unescaped hostnames and URIs HTML output in mod_info, mod_status,
 mod_imagemap, mod_ldap, and mod_proxy_ftp.  [Jim Jagielski, Stefan
 Fritsch, Niels Heinen <heinenn google com>]

 SECURITY: CVE-2012-4558 (
 XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
 Niels Heinen <heinenn google com>]

 mod_rewrite: Stop merging RewriteBase down to subdirectories
 unless new option 'RewriteOptions MergeBase' is configured.
 Merging RewriteBase was unconditionally turned on in 2.2.23.
 PR 53963. [Eric Covener]

 mod_ssl: Send the error message for speaking http to an https port using
 HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
 using SNI. PR 50823. [Stefan Fritsch]

 mod_ssl: log revoked certificates at level INFO
 instead of DEBUG. PR 52162. [Stefan Fritsch]

 mod_proxy_ajp: Support unknown HTTP methods. PR 54416.
 [Rainer Jung]

 mod_dir: Add support for the value 'disabled' in FallbackResource.
 [Vincent Deffontaines]

 mod_ldap: Fix regression in handling "server unavailable" errors on
 Windows.  PR 54140.  [Eric Covener]

 mod_ssl: fix a regression with the string rendering of the "UID" RDN
 introduced in 2.2.15. PR 54510. [Kaspar Brand]

 ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
 to more accurately report the negotiated protocol. PR 53916.
 [Nicolás Pernas Maradei <nico emutex com>, Kaspar Brand]

 mod_cache: Explicitly allow cache implementations to cache a 206 Partial
 Response if they so choose to do so. Previously an attempt to cache a 206
 was arbitrarily allowed if the response contained an Expires or
 Cache-Control header, and arbitrarily denied if both headers were missing
 Currently the disk and memory cache providers do not cache 206 Partial
 Responses. [Graham Leggett]

 core: Remove unintentional APR 1.3 dependency introduced with
 Apache 2.2.22. [Eric Covener]

 core: Use a TLS 1.0 close_notify alert for internal dummy connection if
 the chosen listener is configured for https. [Joe Orton]

 mod_ssl: Add new directive SSLCompression to disable TLS-level
   compression. PR 53219.

[1] requested by Andrew Filonov

with head apache@
Original commitRevision:313287 
Thursday, 7 Feb 2013
12:37 gahr search for other commits by this committer
- Get rid of PTHREAD_CFLAGS and PTHREAD_LIBS (category: www)

Approved by:	portmgr
Original commitRevision:311829 
Saturday, 8 Sep 2012
16:35 ohauer search for other commits by this committer
- add a note about devel/apr1 and apache22 updates
- adjust DBD IGNORE message
Original commitRevision:303916 
Tuesday, 4 Sep 2012
21:17 ohauer search for other commits by this committer
- Simplify options with the removal of the last APR only related parameter [1]

- disallow IPv6 sockets to handle IPv4 requests per default. [2]

- move extra-patch-server__config.c
    -> patch-server__config.c


[1] Credits to Hajimu UMEMOTO (ume@) for finding the last APR related parameter

with hat apache@
Original commitRevision:303674 
Sunday, 2 Sep 2012
14:31 ohauer search for other commits by this committer
devel/apr1 [1]
- update APR to 1.4.6
- update APR-util to 1.4.1

- adopt new Makefile header, adjust
  PKGNAMESUFFIX in apache22 masterport

www/apache22 [2]-[6]
- rewrite for options NG
- PORTNAME s|apache|apache22|
- remove APR APR-util specific otions,
  will be checked now with help of apr/u-1-config

- rewrite for options NG
- remove no longer needet make targets
  (show-categories, make-options-list)

PR: 165143

PR: 130479
PR: 153406
PR: 158565
PR: 168769
PR: 167965

with hat apache@
Original commitRevision:303550 
Thursday, 23 Aug 2012
04:49 ohauer search for other commits by this committer
- rewite apache port
 - remove all apr/apu related parts (leftovers from bundled apr)
 - remove invalid parts from Makefile.doc
 - move MODULES to Makefile.options

- remove apache20 parts
- remove category handling

with hat apache@
Original commit
Monday, 13 Aug 2012
19:51 ohauer search for other commits by this committer
- rewrite  (prepare for options NG support)
   keep full backward support until apache20 is removed from the tree
   comment code to remove with MFC TODO:

- adjust apache20 and apache22 ports
   changes are transparent for users (no PORTREVISION bump)

 Users who are using special build instructions in make.conf, such as
  - WITH_STATIC_MODULES= alias dir log_config mime rewrite setenvif vhost_alias

 should convert the values to UPPERCASE

 At the moment code to support old lowercase style is in place, but
 target to remove in favor for options NG.

with hat apache@
Original commit
Sunday, 22 Jul 2012
21:13 ohauer search for other commits by this committer
- centralise OPTIONS in Makefile.options
- s/Enable// in OPTIONS
- rewrite Makefile.modules (last defined SLAVE_PORT_MPM port use now WITH_MPM
- no REVISION bump, nothing changed in the logic / functionality

Original commit
Sunday, 8 Jul 2012
21:32 ohauer search for other commits by this committer
- cleanup conflicts (remove no longer existent ports)
- remove explicit ABI version number from LIB_DEPENDS
Original commit
Monday, 12 Sep 2011
13:46 gabor search for other commits by this committer
- Track dependencies after databases/gdbm update
Original commit
Thursday, 31 Mar 2011
17:00 ohauer search for other commits by this committer
 - update Apache 2 ITK MPM patch to version 20110321-01 [1]
 - add additional patch for mpm-itk [2]
 - add mod_substitute to apache22 [3]
 - add some documentation into the mpm-itk* patches
 - bump portrevision

 [1] apache2.2-mpm-itk 2.2.17-01, released 2011-03-21:
  * Fixed CVE-2011-1176: If NiceValue was set, the default with no
    AssignUserID was to run as root:root instead of the default Apache user
    and group, due to the configuration merger having an incorrect default
  * Rebase against Apache 2.2.17.
  * Fix an issue where users can sometimes get spurious 403s on persistent
    connections, if the .htaccess files are not world readable.
  * In the config merger, don't reallocate the username, since it's already
    in the correct pool. (This is not a memory leak, only a small inefficiency.)


 Source: [1] [2] [3]

 With Hat:  apache@

PR:             ports/156024 [1][2]
Submitted by:   Lukasz Wasikowski <lukasz _at_> [1][2]
                Nick Gieczewski <sorongo _at_> [3]
Original commit
Thursday, 20 May 2010
21:43 pgollucci search for other commits by this committer
- Enable,build, and install which mitigates solaris attacks.
- Default on, so bump PORTREVISION

Reuested by:        Jonas Eckerman <> (via apache@)
With Hat:           apache@
Original commit
Tuesday, 18 May 2010
04:57 pgollucci search for other commits by this committer
-  only need to set grandfather deps
   the dbm maze is a bit harder so is left alone for now

With Hat:   apache@
Original commit
Saturday, 12 Dec 2009
13:44 kuriyama search for other commits by this committer
- Fix plist with WITH_BDB case.
Original commit
Thursday, 10 Dec 2009
08:09 pgollucci search for other commits by this committer

PR:             ports/140137
Submitted by:   olli hauer <>
Original commit
Sunday, 2 Aug 2009
19:36 mezz search for other commits by this committer
-Repocopy devel/libtool15 -> libtool22 and libltdl15 -> libltdl22.
-Update libtool and libltdl to 2.2.6a.
-Remove devel/libtool15 and devel/libltdl15.
-Fix ports build with libtool22/libltdl22.
-Bump ports that depend on libltdl22 due to shared library version change.
-Explain what to do update in the UPDATING.

It has been tested with GNOME2, XFCE4, KDE3, KDE4 and other many wm/desktop
and applications in the runtime.

With help:      marcus and kwm
Pointyhat-exp:  a few times by pav
Tested by:      pgollucci, "Romain Tartière" <>, and
                a few MarcusCom CVS users. Also, I might have missed a few.
Repocopy by:    marcus
Approved by:    portmgr
Original commit
Friday, 12 Jun 2009
17:24 pgollucci search for other commits by this committer
- Revert the bdb change in the last batch

- Reported by: Serveral

With Hat:   apache@
Original commit
00:33 pgollucci search for other commits by this committer
- Drop .sh suffices on rc.d scripts, add note to UPDATING
- Commit the final part of the bdb patch improving the value passed
  to --with-berkely-db [1]
- Silence the blasted warnings about accf [2]
  (Will send this upstream)
- Address httpd issue 42829* -  graceful restart with multiple listeners
   using prefork MPM can result in hung processes [3]
- Address httpd issue 29744+ - CONNECT does not work over existing
   SSL connection [4]
- Drop .sh suffices on rc.d scripts, add note to UPDATING [5]

PRs:                ports/110651 [1], ports/132528 [2], ports/134457 [3]
Submitted by:       "Timur I. Bakeyev" <> [1]
                    bz@ [2]
                    Alexander <> [4]
                    myself (pgollucci@) [5]
Requested by:       apache@ (several) [3]

Tested by:          P6 TB (running live > 5 days)
                    RideCharge TB (running live > 3 days)
                    Apache Software Foundation (ASF) TB (running live > 1 day)

Sponosored by:      RideCharge Inc.
Original commit
Wednesday, 3 Sep 2008
19:08 clement search for other commits by this committer
- Fix @comment string

Pointy hat to:  clement
Reported by:    Christer Solskogen
Original commit
13:19 clement search for other commits by this committer
- Fix plist where apr_dbd is used
- Fix Postgresql build, don't trust pg_config
- Don't overwrite apr_dbd_mysql.c

No cookie for:  clement
Original commit
Tuesday, 2 Sep 2008
12:26 clement search for other commits by this committer
- Update MPM itk patch to 20080727-00 (it is actually a no op
  on FreeBSD)
- Move mpm-itk patch to EXTRA_PATCHES to avoid conflicts with
  alternative mpm patches [1]
- update PLIST_SUBS when SLAVE_PORT_MPM is defined

Requested by:           Jille Timmermans [1]
Original commit
Monday, 28 Jan 2008
20:42 clement search for other commits by this committer
- Fix recursive use of WITH_BDB_VER when WITH_BERKELEYDB and WITH_BDB_VER
  are both defined.

Reported by:    Vivek Khera <VIVEK@KHERA.ORG>
Original commit
Sunday, 20 Jan 2008
11:29 clement search for other commits by this committer
- Update to 2.2.8
- Update documentation
- Use BDB from instead of homebrew [1]

PR:             ports/119711 [1]
Submitted by:   mm [1]
Original commit
Wednesday, 16 Jan 2008
09:33 mm search for other commits by this committer
- Add support for db45 and db46

PR:             ports/117937
Submitted by:   mm
Approved by:    maintainer timeout
Original commit
Sunday, 23 Sep 2007
10:22 clement search for other commits by this committer
- Make port more OPTIONS compliant (more OPTIONS workarounds)
- Add some IGNORE entries to warn users when the choose conflicting options
Original commit
Wednesday, 19 Sep 2007
21:05 clement search for other commits by this committer
- remove duplicate entry of mod_charset_lite [1]
- use @dirrmtry for include/apache22
- workaround plist issues when upgrading, but it's not as safe as I
  would expect, it requires more work.

Spotted by:     bland@ [1]
Original commit
Monday, 10 Sep 2007
19:15 clement search for other commits by this committer

- Cleanup MPM selection
- Update mpm itk to 20070425-00
Original commit
Saturday, 13 Jan 2007
13:18 clement search for other commits by this committer
- Ensure configure script won't force us to use an unwanted apr dbd backend.
Original commit
12:13 clement search for other commits by this committer
- Update to 2.2.4
- Add dumpio module
- Fix rcorder [1]

PR:             ports/106429 [1]
Submitted by:   Dmitry Pryanishnikov <> [1]
Original commit
Sunday, 5 Nov 2006
10:49 clement search for other commits by this committer
- Update MySQL apr_dbd to rev 57
- Add support for itk mpm
- Update doc [1]

Reported by:    Volodymyr Kostyrko <> [1]
Original commit
Wednesday, 13 Sep 2006
12:29 mr search for other commits by this committer
Add support for setting WITH_BERKELEYDB to db44
Original commit
Saturday, 12 Aug 2006
09:05 clement search for other commits by this committer
- Fix apr_dbd_mysql build
Original commit
Saturday, 5 Aug 2006
20:46 clement search for other commits by this committer
- Force to add ${PTHREAD_CFLAGS} and ${PTHREAD_LIBS} to force detection
  of pthread_kill(3).
Original commit
20:37 clement search for other commits by this committer
- Update to 2.2.3
- Update apr_dbd to latest version [1]
- Add forgotten mod_authn_alias [2]

Spotted by:     Jim Riggs <> [1]
                Alexander Wittig <> [2
Original commit
Monday, 1 May 2006
09:07 clement search for other commits by this committer
- Update to 2.2.2
- Enable mod_version by default
Original commit
Sunday, 15 Jan 2006
18:58 clement search for other commits by this committer
Cleanups and fixes
- remove useless options (and fix thread stuff) [1]
- move print-closest-mirror to
- move threads configure options out of Makefile.modules
- Fix stupid logic to disable v4mapped address [2]
- and more...

Submitted/spotted by:   many, Hirohisa Yamaguchi <> [1]
PR:                     ports/91813 [1]
Original commit
Saturday, 17 Dec 2005
15:51 clement search for other commits by this committer
- Fix plist and improve dbd /mem_cache logic
Original commit
Thursday, 15 Dec 2005
21:38 clement search for other commits by this committer
- Grrrrr. mod_mem_cache needs threads-capable APR

Reported by:            pointyhat via kris
Original commit
Tuesday, 13 Dec 2005
22:26 clement search for other commits by this committer
- Fix envvars.d [1]
- Add apache22_http_accept_enable to load accf_http kernel module [2]
  Additionnally, if it's not defined, we drop accept filter support
- Drop obsolete apache22ssl_enable rc.conf option
- Sync behavior with apachectl
  Add graceful and graceful-stop targets
- Rework categories (add CACHE_MODULES)
- Add support for apr_dbd: MySQL, PostgrSQL and SQLite3 backends are supported
  It adds mod_auth_dbd and mod_dbd automatically

more fixes to come soon...

PR:             ports/90309 [1],
                ports/90103 [2]
Submitted by:   Simun Mikecin <> [1],
                Melvyn Sopacua <> [2]
Original commit
Wednesday, 7 Dec 2005
20:54 clement search for other commits by this committer
- Add forgotten mod_filter

Spotted by:             Cheese Lottery <>
Original commit
Sunday, 4 Dec 2005
11:10 clement search for other commits by this committer
- Fix duplicated modules
Original commit

Number of commits found: 47