| non port: www/apache22/distinfo |
|
SVNWeb
|
Number of commits found: 32 |
|
Wed, 12 Jul 2017
|
[ 19:26 brnrd  ]  
www/apache22: Update to 2.2.34
- Security update to 2.2.34
MFH: 2017Q3
Security: 0c2db2aa-5584-11e7-9a7d-b499baebfeaf
Differential Revision: https://reviews.freebsd.org/D11285
|
|
Fri, 9 Jun 2017
|
[ 19:39 feld ]
www/apache22: Update to 2.2.32
Does not build with OpenSSL 1.1.x or LibreSSL 2.5.x which is a known issue.
Changelog: http://www.apache.org/dist/httpd/CHANGES_2.2.32
PR: 219720
MFH: 2017Q2
Security: CVE-2016-8743
|
|
Sun, 2 Aug 2015
|
[ 19:39 ohauer ] (Only the first 10 of 12 ports in this commit are shown above.  )
- update to 2.2.31
- remove backports
- minor cleanups
- always rebuild configure script
- add patch for acinclude.m4 [1]
Changes with Apache 2.2.31 [2]
*) Correct win32 build issues for mod_proxy exports, OpenSSL 1.0.x headers.
[Yann Ylavic, Gregg Smith]
Changes with Apache 2.2.30 (not released)
*) SECURITY: CVE-2015-3183 (cve.mitre.org)
core: Fix chunk header parsing defect.(Only the first 15 lines of the commit message are shown above )
|
|
Wed, 3 Sep 2014
|
[ 20:20 ohauer ]
- update to 2.2.29
- use PTHREAD_LIBS/CFLAGS instead -pthread
Changes with Apache 2.2.29
http://www.apache.org/dist/httpd/CHANGES_2.2.29
*) Corrected docs/manual pages for new MergeTrailers directive and other
out of date documentation. [William Rowe]
Changes with Apache 2.2.28
*) SECURITY: CVE-2014-0118 (cve.mitre.org) [1]
mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to avoid
denial of service via highly compressed bodies. See directives(Only the first 15 lines of the commit message are shown above )
|
|
Thu, 27 Mar 2014
|
[ 05:28 ohauer ]
- update to version 2.2.27
- fix apache-mpm-peruser graceful reload [1]
Changes with Apache 2.2.27
*) SECURITY: CVE-2014-0098 (cve.mitre.org)
Clean up cookie logging with fewer redundant string parsing passes.
Log only cookies with a value assignment. Prevents segfaults when
logging truncated cookies.
[William Rowe, Ruediger Pluem, Jim Jagielski]
*) SECURITY: CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests(Only the first 15 lines of the commit message are shown above )
|
|
Sun, 24 Nov 2013
|
[ 19:56 ohauer ]
- update to 2.2.26
- add new directory for modules (APACHEETCDIR/modules.d)
New modules can be registered here with a simple
file that contains the LoadModule directives.
Additonal Maintaines can write instructions to the
conf file and keep pkg-message short.
As bonus the config file can be installed like every
other config file with a .sample extention so modules
are not disabled during pkg upgrades.
Module config files should begin with three digits
followed by '_' e.g. 100_php5.conf.
The load order can be controlled via the three digits. (Only the first 15 lines of the commit message are shown above )
|
|
Wed, 10 Jul 2013
|
[ 19:01 ohauer ]
- update to apache-2.2.25
- update vuxml with additional CVE-2013-1896 entry
Changes with Apache 2.2.25
http://www.apache.org/dist/httpd/CHANGES_2.2.25
*) SECURITY: CVE-2013-1896 (cve.mitre.org)
mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault. [Ben Reser
<ben reser.org>]
*) SECURITY: CVE-2013-1862 (cve.mitre.org)
mod_rewrite: Ensure that client data written to the RewriteLog is
escaped to prevent terminal escape sequences from entering the(Only the first 15 lines of the commit message are shown above )
|
|
Sat, 2 Mar 2013
|
[ 19:31 ohauer ] (Only the first 10 of 12 ports in this commit are shown above. )
- update to version 2.2.24
- move mpm itk patches to itk-mpm/files dir
- add sshd to REQUIRE line in the rc script to prevent boot
issues in case a SSL cert is password protected [1]
Changes with Apache 2.2.24
SECURITY: CVE-2012-3499 (cve.mitre.org) Various XSS flaws due to
unescaped hostnames and URIs HTML output in mod_info, mod_status,
mod_imagemap, mod_ldap, and mod_proxy_ftp. [Jim Jagielski, Stefan
Fritsch, Niels Heinen <heinenn google com>]
SECURITY: CVE-2012-4558 (cve.mitre.org)
XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
Niels Heinen <heinenn google com>]
(Only the first 15 lines of the commit message are shown above )
|
|
Fri, 2 Nov 2012
|
[ 18:45 ohauer ]
- update apache22 to version 2.22.23
- trim vuxml/Makefile header
with hat apache@
Feature safe: yes
Security: CVE-2012-2687
|
|
Wed, 1 Feb 2012
|
[ 18:56 jgh ]
- Update to 2.2.22
Addresses:
* SECURITY: CVE-2011-3607 (cve.mitre.org)
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP
Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif
module is enabled, allows local users to gain privileges via a .htaccess file
with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request
header, leading to a heap-based buffer overflow.
* SECURITY: CVE-2012-0021 (cve.mitre.org)
The log_cookie function in mod_log_config.c in the mod_log_config module in the
Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not
properly handle a %{}C format string, which allows remote attackers to cause a
denial of service (daemon crash) via a cookie that lacks both a name and a(Only the first 15 lines of the commit message are shown above )
|
|
Thu, 15 Sep 2011
|
[ 05:00 ohauer ]
- update to version 2.2.21
Addresses:
* SECURITY: CVE-2011-3348 (cve.mitre.org)
mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
unrecognized HTTP methods from marking ajp: balancer members
in an error state, avoiding denial of service.
* SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Further fixes to the handling of byte-range requests to use
less memory, to avoid denial of service. This patch includes fixes
to the patch introduced in release 2.2.20 for protocol compliance,
as well as the MaxRanges directive.
PR: ports/160743
Submitted by: Jason Helfman <jhelfman@experts-exchange.com>
|
|
Fri, 2 Sep 2011
|
[ 06:18 ade ]
Emergency upgrade to 2.2.20 - CVE-2011-3192. Any complaints, talk to me.
PR: 160381
|
|
Sun, 22 May 2011
|
[ 21:33 ohauer ]
- update to httpd-2.2.19
Changes with Apache 2.2.19
*) Revert ABI breakage in 2.2.18 caused by the function signature change
of ap_unescape_url_keep2f(). This release restores the signature from
2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex().
[Eric Covener]
commit with hat apache@
|
|
Fri, 13 May 2011
|
[ 23:02 ohauer ]
- update to version 2.2.18
Changes:
http://www.apache.org/dist/httpd/CHANGES_2.2.18
Changes with Apache 2.2.18
*) Log an error for failures to read a chunk-size, and return 408 instead
413 when this is due to a read timeout. This change also fixes some cases
of two error documents being sent in the response for the same scenario.
[Eric Covener] PR49167
*) core: Only log a 408 if it is no keepalive timeout. PR 39785
[Ruediger Pluem, Mark Montague <markmont umich.edu>]
(Only the first 15 lines of the commit message are shown above )
|
|
Sat, 19 Mar 2011
|
[ 12:38 miwi ] (Only the first 10 of 4601 ports in this commit are shown above. )
- Get Rid MD5 support
|
|
Wed, 20 Oct 2010
|
[ 21:04 pgollucci ]
- Update to 2.2.17
**
* Note, no CVE affects the FREEBSD port. devel/apr1 was updated to
* apr-util 1.3.10 on 2010/10/06 05:32:24.
**
Changes: http://www.apache.org/dist/httpd/CHANGES_2.2
PR: ports/151594
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
With Hat: apache@
<ChangeLog>
*) prefork MPM: Run cleanups for final request when process exits gracefully
to work around a flaw in apr-util. PR 43857. [Tom Donovan](Only the first 15 lines of the commit message are shown above )
|
|
Mon, 26 Jul 2010
|
[ 01:28 kuriyama ]
- Upgrade to 2.2.16.
Security: CVE-2010-1452 (mod_{cache,dev} remote DoS),
CVE-2010-2068 (mod_{proxy_{ajp,http},reqtimeout} related on some
platforms)
|
|
Wed, 5 May 2010
|
[ 21:43 pgollucci ]
2/5: Update to httpd 2.2.15, default to using devel/apr instead of bundled apr
PR: ports/146130
Approved by: portmgr (pav)
Tested by: -exp run (pav)
With Hat: apache@
|
|
Wed, 9 Dec 2009
|
[ 23:48 pgollucci ]
- Update to 2.2.14
- With hat apache@
Note: The 3 CVE's are a no-op for the FreeBSD port --
date: 2009/08/25 05:33:03; author: kuriyama; state: Exp; lines: +0 -0
(Forced commit)
- 2.2.13 (acutally 2.2.12) includes fixes for several CVEs. [1]
but in our ports tree, APR related ones (CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956) were already backported in 2.2.11_5.
References: http://www.apache.org/dist/httpd/CHANGES_2.2.12 [1]
Changes: (Only the first 15 lines of the commit message are shown above )
|
|
Tue, 25 Aug 2009
|
[ 04:58 kuriyama ]
- Upgrade to 2.2.13.
PR: ports/137651
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
|
|
Mon, 15 Dec 2008
|
[ 22:05 clement ]
- Update to 2.2.11
- Always depend on pcre from ports [1]
- Fix plist with LDAP/without apr-util DSO
- source envvars as late as possible [2]
Requested by: ale
Eygene Ryabinkin <rea-fbsd at codelabs dot ru> [2]
PR: ports/127418 [2]
|
|
Mon, 23 Jun 2008
|
[ 21:11 clement ]
- Update to 2.2.9
- Add a note to UPDATING about the forced build of subversion
because of apr/apu bumped version.
|
|
Sun, 20 Jan 2008
|
[ 11:29 clement ]
- Update to 2.2.8
- Update documentation
- Use BDB from bsd.databases.mk instead of homebrew [1]
PR: ports/119711 [1]
Submitted by: mm [1]
|
|
Sun, 9 Sep 2007
|
[ 14:55 clement ]
- Update to 2.2.6
- Fix restart when profiles are used [1]
Submitted by: Jarrod Sayers <jarrod at netleader dot com dot au>
|
|
Sat, 13 Jan 2007
|
[ 12:13 clement ]
- Update to 2.2.4
- Add dumpio module
- Fix rcorder [1]
PR: ports/106429 [1]
Submitted by: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> [1]
|
|
Sun, 5 Nov 2006
|
[ 10:49 clement ]
- Update MySQL apr_dbd to rev 57
- Add support for itk mpm
- Update doc [1]
Reported by: Volodymyr Kostyrko <arcade@synergetica.dn.ua> [1]
|
|
Mon, 7 Aug 2006
|
[ 17:10 clement ]
- Fix apr_dbd_mysql stuff.
Pointyhat to: clement
Spotted by: Sean McNeil <sean@mcneil.com>
|
|
Sat, 5 Aug 2006
|
[ 20:37 clement ]
- Update to 2.2.3
- Update apr_dbd to latest version [1]
- Add forgotten mod_authn_alias [2]
Spotted by: Jim Riggs <freebsd-lists@jimandlissa.com> [1]
Alexander Wittig <alexander@wittig.name> [2
|
|
Mon, 1 May 2006
|
[ 09:07 clement ]
- Update to 2.2.2
- Enable mod_version by default
|
|
Sun, 25 Dec 2005
|
[ 18:58 clement ]
- remove useless powerlogo.gif
|
|
Tue, 13 Dec 2005
|
[ 22:26 clement ]
- Fix envvars.d [1]
- Add apache22_http_accept_enable to load accf_http kernel module [2]
Additionnally, if it's not defined, we drop accept filter support
- Drop obsolete apache22ssl_enable rc.conf option
- Sync apache22.sh behavior with apachectl
Add graceful and graceful-stop targets
- Rework categories (add CACHE_MODULES)
- Add support for apr_dbd: MySQL, PostgrSQL and SQLite3 backends are supported
It adds mod_auth_dbd and mod_dbd automatically
more fixes to come soon...
PR: ports/90309 [1],
ports/90103 [2]
Submitted by: Simun Mikecin <sime@data.home.hr> [1],
Melvyn Sopacua <melvyn@melvyn.homeunix.net> [2]
|
|
Sat, 3 Dec 2005
|
[ 22:02 clement ]
- Add apache 2.2.0
It's a temporary layout, I need more time to find the best.
note that ${PREFIX}/www/(data|errors|cgi)(-dist) disappeared in favor of
${PREFIX}/www/apache22
|
Number of commits found: 32 |
As an Amazon Associate I earn from qualifying purchases.