notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Ukraine
Some details on the 2023-01-16 website outage.
We just rebooted with several updates: * new HMTLify code * no port maintainer is now highly visible (e.g. https://freshports.org/security/sssd/) * fixed search logic error when using plain/ text details at https://github.com/FreshPorts/freshports/releases/tag/2.2.34
non port: www/apache24/distinfo
SVNWeb

Number of commits found: 31

Tue, 17 Jan 2023
[ 21:12 Cy Schubert (cy) search for other commits by this committer ]    commit hash:57ca2ea50da81d0223f6c3660a704f7098cac282  commit hash:57ca2ea50da81d0223f6c3660a704f7098cac282  commit hash:57ca2ea50da81d0223f6c3660a704f7098cac282  57ca2ea 
www/apache24: Update to 2.4.55

Fixes multiple vulnerabilities.

PR:		269015
MFH:		2023Q1
Security:	00919005-96a3-11ed-86e9-d4c9ef517024
		CVE-2022-37436, CVE-2022-36760, CVE-2006-20001
Thu, 9 Jun 2022
[ 11:06 Bernard Spil (brnrd) search for other commits by this committer ]    commit hash:096bce036f68c82978511a3c5cb950f39d6352c7  commit hash:096bce036f68c82978511a3c5cb950f39d6352c7  commit hash:096bce036f68c82978511a3c5cb950f39d6352c7  096bce0 
www/apache24: Security update to 2.5.54

With hat:	apache
Security:	49adfbe5-e7d1-11ec-8fbd-d4c9ef517024
MFH:		2022Q2
Tue, 15 Mar 2022
[ 14:48 Bernard Spil (brnrd) search for other commits by this committer ]    commit hash:2f6e31015256b03b53ae2890fc427e6355256028  commit hash:2f6e31015256b03b53ae2890fc427e6355256028  commit hash:2f6e31015256b03b53ae2890fc427e6355256028  2f6e310 
www/apache24: Security update to 2.4.53

Security:	6601c08d-a46c-11ec-8be6-d4c9ef517024
MFH:		2022Q1
Mon, 20 Dec 2021
[ 17:23 Bernard Spil (brnrd) search for other commits by this committer ]    commit hash:e721e5aeffbd529fb28aeae0bf0b90b128a965e8  commit hash:e721e5aeffbd529fb28aeae0bf0b90b128a965e8  commit hash:e721e5aeffbd529fb28aeae0bf0b90b128a965e8  e721e5a 
www/apache24: Update to 2.4.52

Security:	ca982e2d-61a9-11ec-8be6-d4c9ef517024
MFH:		2021Q4
Thu, 7 Oct 2021
[ 17:05 Cy Schubert (cy) search for other commits by this committer ]    commit hash:e721865a668c739dc5be7f15790024682bbc1dda  commit hash:e721865a668c739dc5be7f15790024682bbc1dda  commit hash:e721865a668c739dc5be7f15790024682bbc1dda  e721865 
www/apache24: Update to 2.4.51

Fixes: critical: Path Traversal and Remote Code Execution in Apache
HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
(CVE-2021-42013)

PR:		258988
MFH:		2021Q4
Security:	CVE-2021-41773, CVE-2021-42013
Tue, 5 Oct 2021
[ 07:26 Bernard Spil (brnrd) search for other commits by this committer ]    commit hash:17acc171db1e4fd164df884e49072c91178b4831  commit hash:17acc171db1e4fd164df884e49072c91178b4831  commit hash:17acc171db1e4fd164df884e49072c91178b4831  17acc17 
www/apache24: Bugfix update to 2.4.50

 * Fixes hang with event MPM

PR:		258767
Fri, 17 Sep 2021
[ 17:41 Bernard Spil (brnrd) search for other commits by this committer ]    commit hash:c6420e9593b40649d04dbe20868f25046cdfccac  commit hash:c6420e9593b40649d04dbe20868f25046cdfccac  commit hash:c6420e9593b40649d04dbe20868f25046cdfccac  c6420e9 
www/apache24: Security update to 2.4.49

Security:	38f9-17dd-11ec-b335-d4c9ef517024
MFH:		2021Q3
Thu, 27 May 2021
[ 08:31 Bernard Spil (brnrd) search for other commits by this committer ]    commit hash:1085fbd715563d82bb1eb5598a4448bce0de505d  commit hash:1085fbd715563d82bb1eb5598a4448bce0de505d  commit hash:1085fbd715563d82bb1eb5598a4448bce0de505d  1085fbd 
www/apache24: Update to 2.4.48

Approved by:	apache (with hat)
Wed, 5 Aug 2020
[ 18:29 brnrd search for other commits by this committer ] Original commit   Revision:544237
www/apache24: Update to 2.4.46
Thu, 2 Apr 2020
[ 14:05 joneum search for other commits by this committer ] Original commit   Revision:530372
Update to 2.4.43

Changelog: https://downloads.apache.org/httpd/CHANGES_2.4.43

MFH:		2020Q2
Security:	b360b120-74b1-11ea-a84a-4c72b94353b5
Sponsored by:	Netzkommune GmbH
Wed, 14 Aug 2019
[ 19:25 joneum search for other commits by this committer ] Original commit   Revision:508964
Update to 2.4.41

Changelog: http://www.apache.org/dist/httpd/CHANGES_2.4.41

Sponsored by:	Netzkommune GmbH
Tue, 2 Apr 2019
[ 08:00 brnrd search for other commits by this committer ] Original commit   Revision:497554
www/apache24: Security update to 2.4.39

 - Adds mod_socache_redis feature

Changes: https://www.apache.org/dist/httpd/CHANGES_2.4.39

MFH:		2019Q2
Security:	cf2105c6-551b-11e9-b95c-b499baebfeaf
Wed, 23 Jan 2019
[ 14:40 joneum search for other commits by this committer ] Original commit   Revision:491041
Update to 2.4.38

Changelog:
  *) SECURITY: CVE-2018-17199 (cve.mitre.org)
     mod_session: mod_session_cookie does not respect expiry time allowing
     sessions to be reused.  [Hank Ibell]

  *) SECURITY: CVE-2018-17189 (cve.mitre.org)
     mod_http2: fixes a DoS attack vector. By sending slow request bodies
     to resources not consuming them, httpd cleanup code occupies a server
     thread unnecessarily. This was changed to an immediate stream reset
     which discards all stream state and incoming data.  [Stefan Eissing]

  *) SECURITY: CVE-2019-0190 (cve.mitre.org)
     mod_ssl: Fix infinite loop triggered by a client-initiated
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Sat, 27 Oct 2018
[ 14:36 brnrd search for other commits by this committer ] Original commit   Revision:483139
www/apache24: Update to 2.4.37

 - Adds TLSv1.3 support with security/openssl111

PR:		232687
Submitted by:	Pascal Christen <pascal christen hostpoint.ch>
Reported by:	Markus Kohlmeyer <rootservice gmail com>
Reviewed by:	ohauer
Approved by:	joneum
Differential Revision:	https://reviews.freebsd.org/D17668
Tue, 25 Sep 2018
[ 18:40 joneum search for other commits by this committer ] Original commit   Revision:480688
www/apache24: Update to 2.4.35

Changelog:

  *) http: Enforce consistently no response body with both 204 and 304
     statuses.  [Yann Ylavic]

  *) mod_status: Cumulate CPU time of exited child processes in the
     "cu" and "cs" values. Add CPU time of the parent process to the
     "c" and "s" values.
     [Rainer Jung]

  *) mod_proxy: Improve the balancer member data shown in mod_status when
     "ProxyStatus" is "On": add "busy" count and show byte counts in
     auto mode always in units of kilobytes.  [Rainer Jung]
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Fri, 20 Jul 2018
[ 14:26 joneum search for other commits by this committer ] Original commit   Revision:475018
www/apache24: Update to 2.4.34

 - fixes vulns in mod_http2 and mod_md
 - include SSL_* options in alphabetic ordering
 - Remove unneeded SSL_CFLAGS and _LDFLAGS
 - Remove WITH_HTTP_PORT and WITH_SSL_PORT
 - Remove trailing whitespace
 - Fix build with HTTP2 but without SSL [1]

PR:		229802, 227944 [1]
With hat:	apache
Approved by:	brnrd (apache)
MFH:		2018Q3
Security:	8b1a50ab-8a8e-11e8-add2-b499baebfeaf
Differential Revision:	https://reviews.freebsd.org/D16294
Sat, 24 Mar 2018
[ 18:26 joneum search for other commits by this committer ] Original commit   Revision:465461
www/apache24: Update to 2.4.33

 - Add new uwsgi and md modules
 - Fix LibreSSL 2.7.x builds
 - Remove conflicts for non-existent ports
 - There are no slave-ports
 - Coalesce .if WITH_DEBUG blocks
 - Use OPTIONS where possible
 - Remove dead code
 - Actually enable/disable modules in ALL_MODULES loop
 - Add suexec warning
 - Move Makefile.options to Makefile (too small)

PR:		226647
With hat:	apache
Approved by:	brnrd (apache)
MFH:		MFH2018Q1
Security:	f38187e7-2f6e-11e8-8f07-b499baebfeaf
Mon, 23 Oct 2017
[ 18:49 brnrd search for other commits by this committer ] Original commit   Revision:452732 (Only the first 10 of 15 ports in this commit are shown above. View all ports for this commit)
www/apache24: Update to 2.4.29

 - Remove patch for CVE-2017-9798 (included upstream)
 - Remove mod_ssl LibreSSL patches (included upstream)
 - Fix SSL stapling patch for LibreSSL
 - mod_http2 no longer experimental

PR:		222814
With hat:	apache
Wed, 12 Jul 2017
[ 19:31 brnrd search for other commits by this committer ] Original commit   Revision:445603 (Only the first 10 of 16 ports in this commit are shown above. View all ports for this commit)
www/apache24: Update to 2.4.27

 - Bugfix update to 2.4.27
 - Fix build with LibreSSL [1]
 - Add brotli compression option
 - Add pkg-message for 10.3 base-ssl users
 - HTTP/2 is production ready, default enable
   - warn users of 10.3 for mod_http2/OpenSSL 1.0.1

[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61184

PR:             220160 [1]
Reported by:    Markus Kohlmeyer <rootservice@gmail.com>
Reviewed by:    ohauer (hat)
Approved by:    ohauer (hat)
Differential Revision:  https://reviews.freebsd.org/D11285
Thu, 22 Jun 2017
[ 11:04 mat search for other commits by this committer ] Original commit   Revision:444108
Update to 2.4.26.

MFH:		2017Q2
Security:	CVE-2017-3167
Security:	CVE-2017-3169
Security:	CVE-2017-7659
Security:	CVE-2017-7668
Security:	CVE-2017-7679
With hat:	portmgr
Sponsored by:	Absolight
Wed, 21 Dec 2016
[ 10:41 ohauer search for other commits by this committer ] Original commit   Revision:429063
- update to 2.4.25

PR:		215457
Reported by:	Apache Software Foundation
MFH:		2016Q4
Security:	vid 862d6ab3-c75e-11e6-9f98-20cf30e32f6d
		CVE-2016-8743
		CVE-2016-2161
		CVE-2016-0736
		CVE-2016-8740
		CVE-2016-5387
Tue, 5 Jul 2016
[ 15:35 ohauer search for other commits by this committer ] Original commit   Revision:418091
o update to 2.4.23
o disable build time stamp in favor of reproducible build
o remove obsolate scoreboard/status patch
o s/USE_OPENSSL=yes/USES=ssl/
o add OPTION for two new modules:
   mod_proxy_hcheck (default=on)
   mod_http2_proxy (experimental => default=off)

Changelog:
 http://www.apache.org/dist/httpd/CHANGES_2.4.23

MFH:		2016Q3
Mon, 11 Apr 2016
[ 14:46 ohauer search for other commits by this committer ] Original commit   Revision:413035
- update to 2.4.20
- use ${OPTION}_IMPLIES and remove some IGNORES
- turn on proxy_html and xml2enc as default [1]

[1] Often requested by users. The modules are not enabled in
    the default configuration.

Full changelog for apache version 2.4.19/2.4.20:
 http://www.apache.org/dist/httpd/CHANGES_2.4.20

Note: Apache httpd 2.4.19 was not released.

MFH:	2016Q2
Mon, 14 Dec 2015
[ 20:53 ohauer search for other commits by this committer ] Original commit   Revision:403736
- update to 2.4.18
- backport r1719967
  mod_ssl: fix build with openssl < 0.9.8m (missing semicolon).

This release also contains the patch for FreeBSD PR 204304
 Make the fix for fully qualifying REDIRECT_URL from PR#57785 opt-in.
 http://svn.apache.org/viewvc?view=revision&revision=1712268

Changes with Apache 2.4.18

  *) mod_ssl: for all ssl_engine_vars.c lookups, fall back to master connection
     if conn_rec itself holds no valid SSLConnRec*. Fixes PR58666.
     [Stefan Eissing]

  *) mod_http2: connection level window for flow control is set to protocol
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Tue, 13 Oct 2015
[ 18:17 ohauer search for other commits by this committer ] Original commit   Revision:399207
- update to 2.4.17
- add support for HTTP/2 (RFC 7540)
- remove obsolate libressl patches [1]

In this release are some exciting new features including:

 *) HTTP/2 support via mod_http2 module
 *) Support for SO_REUSEPORT in MPMs for significant scalability

Changes with Apache 2.4.17

 *) mod_http2: added donated HTTP/2 implementation via core module. Similar
    configuration options to mod_ssl. [Stefan Eissing]

 *) mod_proxy: don't recyle backend announced "Connection: close" connections
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Wed, 15 Jul 2015
[ 17:16 pgollucci search for other commits by this committer ] Original commit   Revision:392170
www/apache24: fix CVEs, update 2.4.12 -> 2.4.16

- Convet to USES=autoreconf
- Sort USES
- Remove now empty patch files

Security:              
https://vuxml.freebsd.org/freebsd/a12494c1-2af4-11e5-86ff-14dae9d210b8.html
Differential Revision:  https://reviews.freebsd.org/D3101

Submitted by:           feld
Reviewed by:            pgollucci (myself)
With Hat:               apache@
MFH:                    2015Q3
Sat, 31 Jan 2015
[ 15:22 ohauer search for other commits by this committer ] Original commit   Revision:378215 (Only the first 10 of 29 ports in this commit are shown above. View all ports for this commit)
- update to 2.4.12

- change MPM backend from static to dynamic,
  but keep mpm_prefork for compatiblity with e.g. php modules
- install dedicated MPM load file in case httpd was build with modular MPM
  (modules.d/000_mpm_prefork_fallback.conf)
- disable SSLv3 and SSLv2 fallback in sample httpd-ssl-conf
- use @sample macro instead EXAMPLESDIR
- add some SSLCipherSuite examples for OpenSSL >= 1.0.x
- add libressl support [1]
- add pkg-install script (to handle new modular MPM build)
- build now most all modules, so users using packages don't have
  to run a custom build for missing modules
- fix suexec mode

PR:		196139 [1]
MFH:		2015Q1
Sun, 20 Jul 2014
[ 20:49 ohauer search for other commits by this committer ] Original commit   Revision:362371
- security update to release 2.4.10

- add OPTION for new mod_authnz_fcgi module

- s/libluajit.so/libluajit-5.1.so/ (there is no libluajit.so)

- backport for mod_lua: Don't quote values in cookies
   Make IE happy again [#56734]
   http://svn.apache.org/viewvc?view=revision&revision=1611744

- disable sanity check on demand [1]

Release Notes:
 http://www.apache.org/dist/httpd/CHANGES_2.4.10

PR:		191398 [1]
Submitted by:	Robert Schulze <rs@bytecamp.net>
MFH:		2014Q3
Security:	4364e1f1-0f44-11e4-b090-20cf30e32f6d
		CVE-2014-0117
		CVE-2014-3523
		CVE-2014-0226
		CVE-2014-0118
		CVE-2014-0231
Sat, 22 Mar 2014
[ 21:18 ohauer search for other commits by this committer ] Original commit   Revision:348808
- update to 2.4.9
- enforcing use libapr-1.so.5 (apr-1.5.0 instead apr-1.4.8)

Changes with Apache 2.4.9

  *) mod_ssl: Work around a bug in some older versions of OpenSSL that
     would cause a crash in SSL_get_certificate for servers where the
     certificate hadn't been sent. [Stephen Henson]

   *) mod_lua: Add a fixups hook that checks if the original request is intended
      for LuaMapHandler. This fixes a bug where FallbackResource invalidates the
      LuaMapHandler directive in certain cases by changing the URI before the
map
      handler code executes [Daniel Gruno, Daniel Ferradal <dferradal gmail
com>].

Changes with Apache 2.4.8
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Sat, 20 Jul 2013
[ 17:11 ohauer search for other commits by this committer ] Original commit   Revision:323351
- update to apache24-2.4.6
 - new modules: mod_cache_socache, mod_macro and mod_proxy_wstunnel

- add enty to vuxml

SECURITY: CVE-2013-1896 (cve.mitre.org)
 mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
 the source href (sent as part of the request body as XML) pointing to a
 URI that is not configured for DAV will trigger a segfault.

SECURITY: CVE-2013-2249 (cve.mitre.org)
 mod_session_dbd: Make sure that dirty flag is respected when saving
 sessions, and ensure the session ID is changed each time the session
 changes. This changes the format of the updatesession SQL statement.
 Existing configurations must be changed.

Changelog:
http://www.apache.org/dist/httpd/CHANGES_2.4.6

with hat apache@

Security:	ca4d63fb-f15c-11e2-b183-20cf30e32f6d
Tue, 26 Mar 2013
[ 21:35 ohauer search for other commits by this committer ] Original commit   Revision:315335 (Only the first 10 of 27 ports in this commit are shown above. View all ports for this commit)
- new port www/apache24

The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.
The 2.x branch of Apache Web Server includes several improvements like
threading, use of APR, native IPv6 and SSL support, and many more.

WWW: http://httpd.apache.org/

Note:
 Since apache24 does not enable every module by default in httpd.conf the
 list of modules to build was preselected to match build param
(Only the first 15 lines of the commit message are shown above View all of this commit message)

Number of commits found: 31