notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Ukraine
FreshPorts needs to find a new hosting provide willing to take a 2U chassis and host it free of charge. This is part of the FreshPorts project. Preferably in the Austin area. This is not a primary server, but it used for development.
non port: www/apache22/distinfo
SVNWeb

Number of commits found: 32

Wed, 12 Jul 2017
[ 19:26 brnrd search for other commits by this committer ] Original commit   Revision:445602
www/apache22: Update to 2.2.34

 - Security update to 2.2.34

MFH:		2017Q3
Security:	0c2db2aa-5584-11e7-9a7d-b499baebfeaf
Differential Revision:	https://reviews.freebsd.org/D11285
Fri, 9 Jun 2017
[ 19:39 feld search for other commits by this committer ] Original commit   Revision:443037
www/apache22: Update to 2.2.32

Does not build with OpenSSL 1.1.x or LibreSSL 2.5.x which is a known issue.

Changelog:	http://www.apache.org/dist/httpd/CHANGES_2.2.32

PR:		219720
MFH:		2017Q2
Security:	CVE-2016-8743
Sun, 2 Aug 2015
[ 19:39 ohauer search for other commits by this committer ] Original commit   Revision:393440 (Only the first 10 of 12 ports in this commit are shown above. View all ports for this commit)
- update to 2.2.31
- remove backports
- minor cleanups
- always rebuild configure script
- add patch for acinclude.m4 [1]

Changes with Apache 2.2.31 [2]

  *) Correct win32 build issues for mod_proxy exports, OpenSSL 1.0.x headers.
     [Yann Ylavic, Gregg Smith]

Changes with Apache 2.2.30 (not released)

  *) SECURITY: CVE-2015-3183 (cve.mitre.org)
     core: Fix chunk header parsing defect.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Wed, 3 Sep 2014
[ 20:20 ohauer search for other commits by this committer ] Original commit   Revision:367227
- update to 2.2.29
- use PTHREAD_LIBS/CFLAGS instead -pthread

Changes with Apache 2.2.29
http://www.apache.org/dist/httpd/CHANGES_2.2.29

  *) Corrected docs/manual pages for new MergeTrailers directive and other
     out of date documentation. [William Rowe]

Changes with Apache 2.2.28

  *) SECURITY: CVE-2014-0118 (cve.mitre.org) [1]
     mod_deflate: The DEFLATE input filter (inflates request bodies) now
     limits the length and compression ratio of inflated request bodies to avoid
     denial of service via highly compressed bodies.  See directives
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Thu, 27 Mar 2014
[ 05:28 ohauer search for other commits by this committer ] Original commit   Revision:349319
- update to version 2.2.27
- fix apache-mpm-peruser graceful reload [1]

Changes with Apache 2.2.27

  *) SECURITY: CVE-2014-0098 (cve.mitre.org)
     Clean up cookie logging with fewer redundant string parsing passes.
     Log only cookies with a value assignment. Prevents segfaults when
     logging truncated cookies.
     [William Rowe, Ruediger Pluem, Jim Jagielski]

  *) SECURITY: CVE-2013-6438 (cve.mitre.org)
     mod_dav: Keep track of length of cdata properly when removing
     leading spaces. Eliminates a potential denial of service from
     specifically crafted DAV WRITE requests
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Sun, 24 Nov 2013
[ 19:56 ohauer search for other commits by this committer ] Original commit   Revision:334783
- update to 2.2.26

- add new directory for modules (APACHEETCDIR/modules.d)

  New modules can be registered here with a simple
  file that contains the LoadModule directives.
  Additonal Maintaines can write instructions to the
  conf file and keep pkg-message short.
  As bonus the config file can be installed like every
  other config file with a .sample extention so modules
  are not disabled during pkg upgrades.

  Module config files should begin with three digits
  followed by '_' e.g. 100_php5.conf.
  The load order can be controlled via the three digits.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Wed, 10 Jul 2013
[ 19:01 ohauer search for other commits by this committer ] Original commit   Revision:322728
- update to apache-2.2.25
- update vuxml with additional CVE-2013-1896 entry

Changes with Apache 2.2.25
  http://www.apache.org/dist/httpd/CHANGES_2.2.25

  *) SECURITY: CVE-2013-1896 (cve.mitre.org)
     mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
     the source href (sent as part of the request body as XML) pointing to a
     URI that is not configured for DAV will trigger a segfault. [Ben Reser
     <ben reser.org>]

  *) SECURITY: CVE-2013-1862 (cve.mitre.org)
     mod_rewrite: Ensure that client data written to the RewriteLog is
     escaped to prevent terminal escape sequences from entering the
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Sat, 2 Mar 2013
[ 19:31 ohauer search for other commits by this committer ] Original commit   Revision:313287 (Only the first 10 of 12 ports in this commit are shown above. View all ports for this commit)
- update to version 2.2.24
- move mpm itk patches to itk-mpm/files dir
- add sshd to REQUIRE line in the rc script to prevent boot
  issues in case a SSL cert is password protected [1]

Changes with Apache 2.2.24
 SECURITY: CVE-2012-3499 (cve.mitre.org) Various XSS flaws due to
 unescaped hostnames and URIs HTML output in mod_info, mod_status,
 mod_imagemap, mod_ldap, and mod_proxy_ftp.  [Jim Jagielski, Stefan
 Fritsch, Niels Heinen <heinenn google com>]

 SECURITY: CVE-2012-4558 (cve.mitre.org)
 XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
 Niels Heinen <heinenn google com>]
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Fri, 2 Nov 2012
[ 18:45 ohauer search for other commits by this committer ] Original commit   Revision:306878
- update apache22 to version 2.22.23
- trim vuxml/Makefile header

with hat apache@

Feature safe: yes

Security:       CVE-2012-2687
Wed, 1 Feb 2012
[ 18:56 jgh search for other commits by this committer ] Original commit 
- Update to 2.2.22

Addresses:
* SECURITY: CVE-2011-3607 (cve.mitre.org)
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP
Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif
module is enabled, allows local users to gain privileges via a .htaccess file
with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request
header, leading to a heap-based buffer overflow.

* SECURITY: CVE-2012-0021 (cve.mitre.org)
The log_cookie function in mod_log_config.c in the mod_log_config module in the
Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not
properly handle a %{}C format string, which allows remote attackers to cause a
denial of service (daemon crash) via a cookie that lacks both a name and a
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Thu, 15 Sep 2011
[ 05:00 ohauer search for other commits by this committer ] Original commit 
- update to version 2.2.21

Addresses:
* SECURITY: CVE-2011-3348 (cve.mitre.org)
 mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
 unrecognized HTTP methods from marking ajp: balancer members
 in an error state, avoiding denial of service.

* SECURITY: CVE-2011-3192 (cve.mitre.org)
 core: Further fixes to the handling of byte-range requests to use
 less memory, to avoid denial of service. This patch includes fixes
 to the patch introduced in release 2.2.20 for protocol compliance,
 as well as the MaxRanges directive.

PR:             ports/160743
Submitted by:   Jason Helfman <jhelfman@experts-exchange.com>
Fri, 2 Sep 2011
[ 06:18 ade search for other commits by this committer ] Original commit 
Emergency upgrade to 2.2.20 - CVE-2011-3192.  Any complaints, talk to me.

PR:             160381
Sun, 22 May 2011
[ 21:33 ohauer search for other commits by this committer ] Original commit 
- update to httpd-2.2.19

Changes with Apache 2.2.19

  *) Revert ABI breakage in 2.2.18 caused by the function signature change
     of ap_unescape_url_keep2f().  This release restores the signature from
     2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex().
     [Eric Covener]

commit with hat apache@
Fri, 13 May 2011
[ 23:02 ohauer search for other commits by this committer ] Original commit 
- update to version 2.2.18

Changes:
http://www.apache.org/dist/httpd/CHANGES_2.2.18

Changes with Apache 2.2.18

  *) Log an error for failures to read a chunk-size, and return 408 instead
     413 when this is due to a read timeout.  This change also fixes some cases
     of two error documents being sent in the response for the same scenario.
     [Eric Covener] PR49167

  *) core: Only log a 408 if it is no keepalive timeout. PR 39785
     [Ruediger Pluem,  Mark Montague <markmont umich.edu>]
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Sat, 19 Mar 2011
[ 12:38 miwi search for other commits by this committer ] Original commit  (Only the first 10 of 4601 ports in this commit are shown above. View all ports for this commit)
- Get Rid MD5 support
Wed, 20 Oct 2010
[ 21:04 pgollucci search for other commits by this committer ] Original commit 
- Update to 2.2.17

**
* Note, no CVE affects the FREEBSD port.  devel/apr1 was updated to
* apr-util 1.3.10 on 2010/10/06 05:32:24.
**

Changes:        http://www.apache.org/dist/httpd/CHANGES_2.2
PR:             ports/151594
Submitted by:   Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
With Hat:       apache@

<ChangeLog>
  *) prefork MPM: Run cleanups for final request when process exits gracefully
     to work around a flaw in apr-util.  PR 43857.  [Tom Donovan]
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Mon, 26 Jul 2010
[ 01:28 kuriyama search for other commits by this committer ] Original commit 
- Upgrade to 2.2.16.

Security:       CVE-2010-1452 (mod_{cache,dev} remote DoS),
                CVE-2010-2068 (mod_{proxy_{ajp,http},reqtimeout} related on some
platforms)
Wed, 5 May 2010
[ 21:43 pgollucci search for other commits by this committer ] Original commit 
2/5: Update to httpd 2.2.15, default to using devel/apr instead of bundled apr

PR:             ports/146130
Approved by:    portmgr (pav)
Tested by:      -exp run (pav)
With Hat:       apache@
Wed, 9 Dec 2009
[ 23:48 pgollucci search for other commits by this committer ] Original commit 
- Update to 2.2.14
- With hat apache@

Note: The 3 CVE's are a no-op for the FreeBSD port --

date: 2009/08/25 05:33:03;  author: kuriyama;  state: Exp;  lines: +0 -0
(Forced commit)

- 2.2.13 (acutally 2.2.12) includes fixes for several CVEs. [1]
  but in our ports tree, APR related ones (CVE-2009-0023,
  CVE-2009-1955, CVE-2009-1956) were already backported in 2.2.11_5.

References:     http://www.apache.org/dist/httpd/CHANGES_2.2.12 [1]

Changes:
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Tue, 25 Aug 2009
[ 04:58 kuriyama search for other commits by this committer ] Original commit 
- Upgrade to 2.2.13.

PR:             ports/137651
Submitted by:   Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Mon, 15 Dec 2008
[ 22:05 clement search for other commits by this committer ] Original commit 
- Update to 2.2.11
- Always depend on pcre from ports [1]
- Fix plist with LDAP/without apr-util DSO
- source envvars as late as possible [2]

Requested by:           ale
                        Eygene Ryabinkin <rea-fbsd at codelabs dot ru> [2]
PR:                     ports/127418 [2]
Mon, 23 Jun 2008
[ 21:11 clement search for other commits by this committer ] Original commit 
 - Update to 2.2.9
 - Add a note to UPDATING about the forced build of subversion
   because of apr/apu bumped version.
Sun, 20 Jan 2008
[ 11:29 clement search for other commits by this committer ] Original commit 
- Update to 2.2.8
- Update documentation
- Use BDB from bsd.databases.mk instead of homebrew [1]

PR:             ports/119711 [1]
Submitted by:   mm [1]
Sun, 9 Sep 2007
[ 14:55 clement search for other commits by this committer ] Original commit 
- Update to 2.2.6
- Fix restart when profiles are used [1]

Submitted by:   Jarrod Sayers <jarrod at netleader dot com dot au>
Sat, 13 Jan 2007
[ 12:13 clement search for other commits by this committer ] Original commit 
- Update to 2.2.4
- Add dumpio module
- Fix rcorder [1]

PR:             ports/106429 [1]
Submitted by:   Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> [1]
Sun, 5 Nov 2006
[ 10:49 clement search for other commits by this committer ] Original commit 
- Update MySQL apr_dbd to rev 57
- Add support for itk mpm
- Update doc [1]

Reported by:    Volodymyr Kostyrko <arcade@synergetica.dn.ua> [1]
Mon, 7 Aug 2006
[ 17:10 clement search for other commits by this committer ] Original commit 
- Fix apr_dbd_mysql stuff.

Pointyhat to:   clement
Spotted by:     Sean McNeil <sean@mcneil.com>
Sat, 5 Aug 2006
[ 20:37 clement search for other commits by this committer ] Original commit 
- Update to 2.2.3
- Update apr_dbd to latest version [1]
- Add forgotten mod_authn_alias [2]

Spotted by:     Jim Riggs <freebsd-lists@jimandlissa.com> [1]
                Alexander Wittig <alexander@wittig.name> [2
Mon, 1 May 2006
[ 09:07 clement search for other commits by this committer ] Original commit 
- Update to 2.2.2
- Enable mod_version by default
Sun, 25 Dec 2005
[ 18:58 clement search for other commits by this committer ] Original commit 
- remove useless powerlogo.gif
Tue, 13 Dec 2005
[ 22:26 clement search for other commits by this committer ] Original commit 
- Fix envvars.d [1]
- Add apache22_http_accept_enable to load accf_http kernel module [2]
  Additionnally, if it's not defined, we drop accept filter support
- Drop obsolete apache22ssl_enable rc.conf option
- Sync apache22.sh behavior with apachectl
  Add graceful and graceful-stop targets
- Rework categories (add CACHE_MODULES)
- Add support for apr_dbd: MySQL, PostgrSQL and SQLite3 backends are supported
  It adds mod_auth_dbd and mod_dbd automatically

more fixes to come soon...

PR:             ports/90309 [1],
                ports/90103 [2]
Submitted by:   Simun Mikecin <sime@data.home.hr> [1],
                Melvyn Sopacua <melvyn@melvyn.homeunix.net> [2]
Sat, 3 Dec 2005
[ 22:02 clement search for other commits by this committer ] Original commit 
- Add apache 2.2.0
  It's a temporary layout, I need more time to find the best.
  note that ${PREFIX}/www/(data|errors|cgi)(-dist) disappeared in favor of
  ${PREFIX}/www/apache22

Number of commits found: 32