Number of commits found: 12

- use @sample for conf files
- backport ab from 2.4.x
- fix mode for suexec, cgi test files
- adopt http-ssl.conf.in from upstream trunk
- rebuild some patches

- strip files
- sort pkg-plist
- always install DOCS (remove Makefile hack)
- reflect modules.d in EXAMPLESDIR, next target
  will be a new keyword for pkg-plist to handle
  module installation.
- bump PORTREVISION

- add warning about default version change (2014-07-11)
  (pkg-message, files/HEADS_UP)

- support staging
- partitial adopt new ${opt}_ notation

- update apache22 to version 2.22.23
- trim vuxml/Makefile header

with hat apache@

Feature safe: yes

Security:       CVE-2012-2687

- Update to 2.2.22

Addresses:
* SECURITY: CVE-2011-3607 (cve.mitre.org)
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP
Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif
module is enabled, allows local users to gain privileges via a .htaccess file
with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request
header, leading to a heap-based buffer overflow.

* SECURITY: CVE-2012-0021 (cve.mitre.org)
The log_cookie function in mod_log_config.c in the mod_log_config module in the
Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not
properly handle a %{}C format string, which allows remote attackers to cause a
denial of service (daemon crash) via a cookie that lacks both a name and a

(Only the first 15 lines of the commit message are shown above )

- Fix the owner to be root:wheel on files* when running sudo make ...
  This doesn't affect the package b/c pointyhat/tb run as root

PR:             ports/134456
With Hat:       apache@

- Regenerate patch files with make makepatch for they have
  piled up and additional patches conflict.
  This also will help when we try to syncronize www/apache20&www/apache22
- Unconditionally apply the mod_proxy_connect patch, you just may or may
  not actually compile the file to save some logic in Makefile

With Hat:   apache@

- Fix slave ports [1]
- Fix plist [2]
- Fix CONFLICTS with devel/apr-svn [3]
- Fix install when index.html is modified
- Bump PORT_REVISION

PR:             ports/118348 [1], ports/118338 [2],ports/117097 [2]
                ports/90088 [3], ports/118349 [3]
Submitted by:   Andrey Beresovsky <and at sfedu dot ru> [1],
                Dimitry Andric <dimitry at andric dot com> [2],
                YAMAMOTO Takao <yamamoto at computec dot co dot jp>
                Melvyn Sopacua <melvyn atmelvyn dot homeunix dot org> [3],
                Dominic Fandrey <lon_kamikaze at gmx dot de> [3]

- Fix PCRE_FROM_PORTS. it wasn't processed by OPTIONS stff [1]
- Preserve index.html
- We no longer install images in default DocumentRoot (there're still in icons/)
- Various plist cleanup
- bump PORTREVISION since we are now safe with index.html

Reminded by:    bland@

- remove duplicate entry of mod_charset_lite [1]
- add PCRE_FROM_PORTS to OPTIONS
- use @dirrmtry for include/apache22
- workaround plist issues when upgrading, but it's not as safe as I
  would expect, it requires more work.

Spotted by:     bland@ [1]

- Update to 2.2.6
- Fix restart when profiles are used [1]

Submitted by:   Jarrod Sayers <jarrod at netleader dot com dot au>

- Add apache 2.2.0
  It's a temporary layout, I need more time to find the best.
  note that ${PREFIX}/www/(data|errors|cgi)(-dist) disappeared in favor of
  ${PREFIX}/www/apache22

Number of commits found: 12

13 vulnerabilities affecting 78 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2019-12-06 20:23:44