19:36 ohauer 

- fix ab buid with OpenSSL from ports and SSL3 disabled [1]
  (backport ab.c r1706008 from apache24)
- use new $opt-target
- improve kldstat check
- use new defined postexec, preunexec in pkg-plist

with hat apache@

PR:		206369
Submitted by:	matthew@ [1]

 

05:28 ohauer 

- update to version 2.2.27
- fix apache-mpm-peruser graceful reload [1]

Changes with Apache 2.2.27

  *) SECURITY: CVE-2014-0098 (cve.mitre.org)
     Clean up cookie logging with fewer redundant string parsing passes.
     Log only cookies with a value assignment. Prevents segfaults when
     logging truncated cookies.
     [William Rowe, Ruediger Pluem, Jim Jagielski]

  *) SECURITY: CVE-2013-6438 (cve.mitre.org)
     mod_dav: Keep track of length of cdata properly when removing
     leading spaces. Eliminates a potential denial of service from
     specifically crafted DAV WRITE requests
     [Amin Tora <Amin.Tora neustar.biz>]

  *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
     TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]

  *) mod_proxy_http: Core dumped under high load. PR 50335.
     [Jan Kaluza <jkaluza redhat.com>]

  *) proxy_util: NULL terminate the right buffer in 'send_http_connect'.
     [Christophe Jaillet]

  *) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
     is equivalent to <ProxyMatch wildcard-url>. [Christophe Jaillet]

  *) mod_ldap: Fix a potential memory leak or corruption.  PR 54936.
     [Zhenbo Xu <zhenbo1987 gmail com>]

  *) mod_ssl: Do not perform SNI / Host header comparison in case of a
     forward proxy request. [Ruediger Pluem]

  *) mod_rewrite: Add mod_rewrite.h to the headers installed on Windows.
     PR46679 [Bob Ionescu]

PR:		ports/182947 [1]
Submitted by:	Andrew Azarov <andrew@azar-a.net> [1]

 

19:31 ohauer 

- update to version 2.2.24
- move mpm itk patches to itk-mpm/files dir
- add sshd to REQUIRE line in the rc script to prevent boot
  issues in case a SSL cert is password protected [1]

Changes with Apache 2.2.24
 SECURITY: CVE-2012-3499 (cve.mitre.org) Various XSS flaws due to
 unescaped hostnames and URIs HTML output in mod_info, mod_status,
 mod_imagemap, mod_ldap, and mod_proxy_ftp.  [Jim Jagielski, Stefan
 Fritsch, Niels Heinen <heinenn google com>]

 SECURITY: CVE-2012-4558 (cve.mitre.org)
 XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
 Niels Heinen <heinenn google com>]

 mod_rewrite: Stop merging RewriteBase down to subdirectories
 unless new option 'RewriteOptions MergeBase' is configured.
 Merging RewriteBase was unconditionally turned on in 2.2.23.
 PR 53963. [Eric Covener]

 mod_ssl: Send the error message for speaking http to an https port using
 HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
 using SNI. PR 50823. [Stefan Fritsch]

 mod_ssl: log revoked certificates at level INFO
 instead of DEBUG. PR 52162. [Stefan Fritsch]

 mod_proxy_ajp: Support unknown HTTP methods. PR 54416.
 [Rainer Jung]

 mod_dir: Add support for the value 'disabled' in FallbackResource.
 [Vincent Deffontaines]

 mod_ldap: Fix regression in handling "server unavailable" errors on
 Windows.  PR 54140.  [Eric Covener]

 mod_ssl: fix a regression with the string rendering of the "UID" RDN
 introduced in 2.2.15. PR 54510. [Kaspar Brand]

 ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
 to more accurately report the negotiated protocol. PR 53916.
 [Nicolás Pernas Maradei <nico emutex com>, Kaspar Brand]

 mod_cache: Explicitly allow cache implementations to cache a 206 Partial
 Response if they so choose to do so. Previously an attempt to cache a 206
 was arbitrarily allowed if the response contained an Expires or
 Cache-Control header, and arbitrarily denied if both headers were missing
 Currently the disk and memory cache providers do not cache 206 Partial
 Responses. [Graham Leggett]

 core: Remove unintentional APR 1.3 dependency introduced with
 Apache 2.2.22. [Eric Covener]

 core: Use a TLS 1.0 close_notify alert for internal dummy connection if
 the chosen listener is configured for https. [Joe Orton]

 mod_ssl: Add new directive SSLCompression to disable TLS-level
   compression. PR 53219.

[1] requested by Andrew Filonov
    (freebsd-apache/2012-September/002962.html)

with head apache@

 

18:48 hrs 

Fix a typo.

Spotted by:	ume
Pointy hat to:	hrs
Feature safe:	yes

 

16:33 hrs 

Fix rc.d script to support systems before and after ${name}_fib is introduced
into rc.subr.  Bump PORTREVISION.

Feature safe:	yes

 

02:49 pgollucci 

- use $SYSCTL
- use full path setfib

PR:             ports/153264
Submitted by:   Jeremy Chadwick <freebsd@jdc.parodius.com>
With Hat:       apache@
Sponsored by:   Apache Software Foundation (ASF)

08:57 dougb 

In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.

18:00 pgollucci 

- The previous update to the rc.d script didn't quite maintain the old behavior
  correctly.  This fixes the pid file name

PR:                             ports/151623
Submitted by:   Vivek Khera <vivek@khera.org>
With Hat:               apache@
Point hat to:   myself (pgollucci)

20:20 pgollucci 

- s,/usr/local,%%PREFIX%%,'

Reported by:    stas

19:53 pgollucci 

- Allow overriding of the following on a profile basis.
    pidfile
    command
    envvars

Without profiles, the old defaults remain unchanged.  With profiles the old
defaults
remain unchanged.

Sponsored by:           RideCharge Inc. / TaxiMagic
Tested by:                      RideCharge Inc. / TaxiMagic (> 1 yr in
production)
With Hat:                       apache@

00:15 dougb 

Begin the process of deprecating sysutils/rc_subr by
s#. %%RC_SUBR%%#. /etc/rc.subr#

23:43 pgollucci 

- envvars needs to be sourced before _all_ commands if it exists

PR:             ports/138466 (based on)
Submitted by:   Dmitry Pryanishnikov <lynx.ripe@gmail.com>

23:37 pgollucci 

- Fix handling of apache22_http_accept_enable="YES|NO"
  o Note, don't use required_modules you can not check the return value
    to conditionalize the -DNOHTTPACCEPT flag

PR:             ports/138373
Submitted by:   Helmut Schneider <jumper99@gmx.de>

19:36 mezz 

-Repocopy devel/libtool15 -> libtool22 and libltdl15 -> libltdl22.
-Update libtool and libltdl to 2.2.6a.
-Remove devel/libtool15 and devel/libltdl15.
-Fix ports build with libtool22/libltdl22.
-Bump ports that depend on libltdl22 due to shared library version change.
-Explain what to do update in the UPDATING.

It has been tested with GNOME2, XFCE4, KDE3, KDE4 and other many wm/desktop
and applications in the runtime.

With help:      marcus and kwm
Pointyhat-exp:  a few times by pav
Tested by:      pgollucci, "Romain Tartière" <romain@blogreen.org>, and
                a few MarcusCom CVS users. Also, I might have missed a few.
Repocopy by:    marcus
Approved by:    portmgr

16:56 dougb 

Fix a few "bad example" problems in the rc.d scripts that have been
propogated by copy and paste.

1. Primarily the "empty variable" default assignment, which is mostly
${name}_flags="", but fix a few others as well.
2. Where they are not already documented, add the existence of the _flags
(or other deleted empties) option to the comments, and in some cases add
comments from scratch.
3. Replace things that look like:
prefix=%%PREFIX%%
command=${prefix}/sbin/foo
to just use %%PREFIX%%. In many cases the $prefix variable is only used
once, and in some cases it is not used at all.
4. In a few cases remove ${name}_flags from command_args
5. Remove a long-stale comment about putting the port's rc.d script in
/etc/rc.d (which is no longer necessary).

No PORTREVISION bumps because all of these changes are noops.

00:37 pgollucci 

crap, that was supposed to be in the previous commit

00:33 pgollucci 

- Drop .sh suffices on rc.d scripts, add note to UPDATING
- Commit the final part of the bdb patch improving the value passed
  to --with-berkely-db [1]
- Silence the blasted warnings about accf [2]
  (Will send this upstream)
- Address httpd issue 42829* -  graceful restart with multiple listeners
   using prefork MPM can result in hung processes [3]
- Address httpd issue 29744+ - CONNECT does not work over existing
   SSL connection [4]
- Drop .sh suffices on rc.d scripts, add note to UPDATING [5]
- Bump PORTREVISION

PRs:                ports/110651 [1], ports/132528 [2], ports/134457 [3]
                    ports/135478
Submitted by:       "Timur I. Bakeyev" <timur@gnu.org> [1]
                    bz@ [2]
                    Alexander <freebsd@nagilum.org> [4]
                    myself (pgollucci@) [5]
Requested by:       apache@ (several) [3]

Tested by:          P6 TB (running live > 5 days)
                    RideCharge TB (running live > 3 days)
                    Apache Software Foundation (ASF) TB (running live > 1 day)

Sponosored by:      RideCharge Inc.