non port: www/apache22/files/apache22.in |
Number of commits found: 17 |
Monday, 18 Jan 2016
|
19:36 ohauer
- fix ab buid with OpenSSL from ports and SSL3 disabled [1]
(backport ab.c r1706008 from apache24)
- use new $opt-target
- improve kldstat check
- use new defined postexec, preunexec in pkg-plist
with hat apache@
PR: 206369
Submitted by: matthew@ [1]
|
Thursday, 27 Mar 2014
|
05:28 ohauer
- update to version 2.2.27
- fix apache-mpm-peruser graceful reload [1]
Changes with Apache 2.2.27
*) SECURITY: CVE-2014-0098 (cve.mitre.org)
Clean up cookie logging with fewer redundant string parsing passes.
Log only cookies with a value assignment. Prevents segfaults when
logging truncated cookies.
[William Rowe, Ruediger Pluem, Jim Jagielski]
*) SECURITY: CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests
[Amin Tora <Amin.Tora neustar.biz>]
*) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]
*) mod_proxy_http: Core dumped under high load. PR 50335.
[Jan Kaluza <jkaluza redhat.com>]
*) proxy_util: NULL terminate the right buffer in 'send_http_connect'.
[Christophe Jaillet]
*) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
is equivalent to <ProxyMatch wildcard-url>. [Christophe Jaillet]
*) mod_ldap: Fix a potential memory leak or corruption. PR 54936.
[Zhenbo Xu <zhenbo1987 gmail com>]
*) mod_ssl: Do not perform SNI / Host header comparison in case of a
forward proxy request. [Ruediger Pluem]
*) mod_rewrite: Add mod_rewrite.h to the headers installed on Windows.
PR46679 [Bob Ionescu]
PR: ports/182947 [1]
Submitted by: Andrew Azarov <andrew@azar-a.net> [1]
|
Saturday, 2 Mar 2013
|
19:31 ohauer
- update to version 2.2.24
- move mpm itk patches to itk-mpm/files dir
- add sshd to REQUIRE line in the rc script to prevent boot
issues in case a SSL cert is password protected [1]
Changes with Apache 2.2.24
SECURITY: CVE-2012-3499 (cve.mitre.org) Various XSS flaws due to
unescaped hostnames and URIs HTML output in mod_info, mod_status,
mod_imagemap, mod_ldap, and mod_proxy_ftp. [Jim Jagielski, Stefan
Fritsch, Niels Heinen <heinenn google com>]
SECURITY: CVE-2012-4558 (cve.mitre.org)
XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
Niels Heinen <heinenn google com>]
mod_rewrite: Stop merging RewriteBase down to subdirectories
unless new option 'RewriteOptions MergeBase' is configured.
Merging RewriteBase was unconditionally turned on in 2.2.23.
PR 53963. [Eric Covener]
mod_ssl: Send the error message for speaking http to an https port using
HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
using SNI. PR 50823. [Stefan Fritsch]
mod_ssl: log revoked certificates at level INFO
instead of DEBUG. PR 52162. [Stefan Fritsch]
mod_proxy_ajp: Support unknown HTTP methods. PR 54416.
[Rainer Jung]
mod_dir: Add support for the value 'disabled' in FallbackResource.
[Vincent Deffontaines]
mod_ldap: Fix regression in handling "server unavailable" errors on
Windows. PR 54140. [Eric Covener]
mod_ssl: fix a regression with the string rendering of the "UID" RDN
introduced in 2.2.15. PR 54510. [Kaspar Brand]
ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
to more accurately report the negotiated protocol. PR 53916.
[Nicolás Pernas Maradei <nico emutex com>, Kaspar Brand]
mod_cache: Explicitly allow cache implementations to cache a 206 Partial
Response if they so choose to do so. Previously an attempt to cache a 206
was arbitrarily allowed if the response contained an Expires or
Cache-Control header, and arbitrarily denied if both headers were missing
Currently the disk and memory cache providers do not cache 206 Partial
Responses. [Graham Leggett]
core: Remove unintentional APR 1.3 dependency introduced with
Apache 2.2.22. [Eric Covener]
core: Use a TLS 1.0 close_notify alert for internal dummy connection if
the chosen listener is configured for https. [Joe Orton]
mod_ssl: Add new directive SSLCompression to disable TLS-level
compression. PR 53219.
[1] requested by Andrew Filonov
(freebsd-apache/2012-September/002962.html)
with head apache@
|
Sunday, 18 Nov 2012
|
18:48 hrs
Fix a typo.
Spotted by: ume
Pointy hat to: hrs
Feature safe: yes
|
16:33 hrs
Fix rc.d script to support systems before and after ${name}_fib is introduced
into rc.subr. Bump PORTREVISION.
Feature safe: yes
|
Thursday, 9 Feb 2012
|
02:49 pgollucci
- use $SYSCTL
- use full path setfib
PR: ports/153264
Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com>
With Hat: apache@
Sponsored by: Apache Software Foundation (ASF)
|
Saturday, 14 Jan 2012
|
08:57 dougb
In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().
In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.
|
Thursday, 21 Oct 2010
|
18:00 pgollucci
- The previous update to the rc.d script didn't quite maintain the old behavior
correctly. This fixes the pid file name
PR: ports/151623
Submitted by: Vivek Khera <vivek@khera.org>
With Hat: apache@
Point hat to: myself (pgollucci)
|
Thursday, 14 Oct 2010
|
20:20 pgollucci
- s,/usr/local,%%PREFIX%%,'
Reported by: stas
|
19:53 pgollucci
- Allow overriding of the following on a profile basis.
pidfile
command
envvars
Without profiles, the old defaults remain unchanged. With profiles the old
defaults
remain unchanged.
Sponsored by: RideCharge Inc. / TaxiMagic
Tested by: RideCharge Inc. / TaxiMagic (> 1 yr in
production)
With Hat: apache@
|
Saturday, 27 Mar 2010
|
00:15 dougb
Begin the process of deprecating sysutils/rc_subr by
s#. %%RC_SUBR%%#. /etc/rc.subr#
|
Friday, 11 Dec 2009
|
23:43 pgollucci
- envvars needs to be sourced before _all_ commands if it exists
PR: ports/138466 (based on)
Submitted by: Dmitry Pryanishnikov <lynx.ripe@gmail.com>
|
23:37 pgollucci
- Fix handling of apache22_http_accept_enable="YES|NO"
o Note, don't use required_modules you can not check the return value
to conditionalize the -DNOHTTPACCEPT flag
PR: ports/138373
Submitted by: Helmut Schneider <jumper99@gmx.de>
|
Sunday, 2 Aug 2009
|
19:36 mezz
-Repocopy devel/libtool15 -> libtool22 and libltdl15 -> libltdl22.
-Update libtool and libltdl to 2.2.6a.
-Remove devel/libtool15 and devel/libltdl15.
-Fix ports build with libtool22/libltdl22.
-Bump ports that depend on libltdl22 due to shared library version change.
-Explain what to do update in the UPDATING.
It has been tested with GNOME2, XFCE4, KDE3, KDE4 and other many wm/desktop
and applications in the runtime.
With help: marcus and kwm
Pointyhat-exp: a few times by pav
Tested by: pgollucci, "Romain Tartière" <romain@blogreen.org>, and
a few MarcusCom CVS users. Also, I might have missed a few.
Repocopy by: marcus
Approved by: portmgr
|
Wednesday, 15 Jul 2009
|
16:56 dougb
Fix a few "bad example" problems in the rc.d scripts that have been
propogated by copy and paste.
1. Primarily the "empty variable" default assignment, which is mostly
${name}_flags="", but fix a few others as well.
2. Where they are not already documented, add the existence of the _flags
(or other deleted empties) option to the comments, and in some cases add
comments from scratch.
3. Replace things that look like:
prefix=%%PREFIX%%
command=${prefix}/sbin/foo
to just use %%PREFIX%%. In many cases the $prefix variable is only used
once, and in some cases it is not used at all.
4. In a few cases remove ${name}_flags from command_args
5. Remove a long-stale comment about putting the port's rc.d script in
/etc/rc.d (which is no longer necessary).
No PORTREVISION bumps because all of these changes are noops.
|
Friday, 12 Jun 2009
|
00:37 pgollucci
crap, that was supposed to be in the previous commit
|
00:33 pgollucci
- Drop .sh suffices on rc.d scripts, add note to UPDATING
- Commit the final part of the bdb patch improving the value passed
to --with-berkely-db [1]
- Silence the blasted warnings about accf [2]
(Will send this upstream)
- Address httpd issue 42829* - graceful restart with multiple listeners
using prefork MPM can result in hung processes [3]
- Address httpd issue 29744+ - CONNECT does not work over existing
SSL connection [4]
- Drop .sh suffices on rc.d scripts, add note to UPDATING [5]
- Bump PORTREVISION
PRs: ports/110651 [1], ports/132528 [2], ports/134457 [3]
ports/135478
Submitted by: "Timur I. Bakeyev" <timur@gnu.org> [1]
bz@ [2]
Alexander <freebsd@nagilum.org> [4]
myself (pgollucci@) [5]
Requested by: apache@ (several) [3]
Tested by: P6 TB (running live > 5 days)
RideCharge TB (running live > 3 days)
Apache Software Foundation (ASF) TB (running live > 1 day)
Sponosored by: RideCharge Inc.
|
Number of commits found: 17 |