1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-28 01:06:17 +00:00
Commit Graph

267 Commits

Author SHA1 Message Date
Clement Laforet
c5d3398e2f - minor cleanups. 2004-11-13 18:23:34 +00:00
Clement Laforet
791aa3191a - Fix memory consumption DoS, CVE CAN-2004-0942
Reported by:    josef
Obtained from:  Apache CVS
2004-11-10 18:24:44 +00:00
Clement Laforet
eec92b731c - ldconfig'ify ${PREFIX}/lib/apache2 at install time.
PR:             ports/73566
Submitted by:   lev
2004-11-08 20:50:48 +00:00
Clement Laforet
3a52300e23 - Fix previous patch :-)
Huge pointy hat to: me
Noticed by:	Meno Abels <meno.abels@adviser.com>
2004-11-04 11:53:41 +00:00
Clement Laforet
3f55b3b4ac Makefile was errornously committed. Revert the changes 2004-10-31 09:22:21 +00:00
Clement Laforet
d189d69fdd - Fix apache2 build, I hope...
Noticed by:  many
Committed from: EuroBSDcon Hotel's bar.
Pointy hat to:	me
Under supervision from: mat, thierry, erwin (former mentor)
2004-10-30 19:44:41 +00:00
Clement Laforet
fa4c5a2a41 util_ald_cache_purge() fails to relink the cache entries during a cache purge.
So apply the official patch
2004-10-30 15:32:53 +00:00
Clement Laforet
c6d89630a7 - sync with real life 2004-10-21 07:08:46 +00:00
Clement Laforet
f247651bb8 - Fix shared module building when WITH_STATIC_MODULES is defined.
Noticed by:	Nicola Tiling <nti at w4w dot net>
2004-10-19 20:06:59 +00:00
Clement Laforet
3b4c9025f9 - Remove WITH_APR_FROM_PORTS knob
- Add a note to UPDATING, to warn users they won't be able to build apache2
  if they keep apr 0.9.x

Discussed with: Craig Rodrigues (apr maintainer), kuriyama
2004-10-16 14:45:40 +00:00
Clement Laforet
0a1a2dddcd - Fix apr detection
WARNING: apache2 + apr 1.0 is BROKEN
  I'm working on a small compat hack. But don't dream too much.
  apache 2.0.x is not designed to work with apr 1.x.

Forgotten by:	kuriyama
2004-10-16 09:15:52 +00:00
Jun Kuriyama
26dfd8e73d - Chase apr shlib version bump.
Pointy Hat Autumn Collection 2004 to:	kuriyama
2004-10-16 05:03:07 +00:00
Clement Laforet
17deeb0cd6 - Use ${WWWOWN} and ${WWWGRP} for apache's user. (instead of harcoded
www/www).
  It should help to keep consistancy in www-related ports.
2004-10-13 14:03:06 +00:00
Clement Laforet
310abe64ef - Yet Another Security Fix
Fix CAN-2004-0885:

  * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that a
  correct cipher suite has been negotiated, else deny access.

  * modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): With OpenSSL
  0.9.7, prevent session resumption during a renegotiation to force the
  client to negotiate a new (and acceptable) cipher suite.

Credits:	Hartmut Keil, Joe Orton
2004-10-13 09:17:38 +00:00
Clement Laforet
ee5d3c413a - Update to 2.0.52
- Use "PORTDOCS= #" and get rid of docs entry in plist.
- Support for FreeBSD 6 in apr
- Move of cache modules from THREADS to EXPERIMENTAL category and make
  sure we enable THREADS modules (cgid only) when a threaded MPM is
  selected.
- Resurect WITH_EXTRA_MODULES knob
- powerlogo.gif is now hosted by FreeBSD mirrors
- WITH_<category> is definitively no longer supported.
- Add Includes dir when installed via a package [1]

PR:             ports/72309 [1]
Submitted by:   Christian Kratzer <ck at cksoft dot de> [1]
2004-10-12 08:27:40 +00:00
Clement Laforet
8ffe568cee - Fix compilation with threads enabled on 5.x (due to PTHREAD_LIBS changes)
Approved by:	portmgr (krion)
2004-10-10 08:17:59 +00:00
Clement Laforet
222ecfdf5d Security fixes [1]:
*) SECURITY: CAN-2004-0786 (cve.mitre.org)
     Fix an input validation issue in apr-util which could be
     triggered by malformed IPv6 literal addresses.  [Joe Orton]

  *) SECURITY: CAN-2004-0747 (cve.mitre.org)
     Fix buffer overflow in expansion of environment variables in
     configuration file parsing.  [Andr<E9> Malo]

  *) SECURITY: CAN-2004-0809 (cve.mitre.org)
     mod_dav_fs: Fix a segfault in the handling of an indirect lock
     refresh.  PR 31183.  [Joe Orton]

- Update documentation (finally!) and fix WITH_<CATEGORY>_MODULES
  for special modules like LDAP or SSL [2]

Noticed by:     nectar [1]
Requested by:   Emile Heitor <imil at home dot imil dot net> [2]
Approved by:    portmgr (marcus)
2004-09-15 16:54:37 +00:00
Clement Laforet
6369afd447 - make AP_GENPLIST pseudo PREFFIX-safe until I find a correct fix.
Discussed with:	eik (long time ago)
2004-09-03 12:41:17 +00:00
Clement Laforet
83d8251d79 - Add a sanity check on apache2 configuration files before reloading or
restarting apache2 (to avoid an expected failure on restart)
2004-08-23 15:44:51 +00:00
Clement Laforet
ee18234277 - Add support for exception hook:
* WITH_EXCEPTION_HOOK now exists
  * Automatically add if WITH_DEBUG is set
  * Update still-outdated-documentation
- Remove automatic debuf mode if DEBUG_FLAGS is set

Exception hook is very useful for debugging (upcoming www/mod_backtrace
and www/mod_whatkilledus modules)

Makefile.modules.3rd:
- Fix CONFIGURE_ARGS for dynamic module selection.
  It's now fully usuable for apache13 ports
- Remove an useless WANT_APACHE check
- Move apxs detection at the beginning of the file, to use APXS_PREFIX
  for apache major version detection [1]
  The main advantage of this patch is to provide a nice way to
  have multiple apache versions, without altering ${LOCALBASE}.

Submitted by:    "ports/c0decafe.net" <ports at c0decafe dot net> [1]
2004-08-19 14:38:36 +00:00
Clement Laforet
a4dd64d032 - Backport security fixes in ssl_engine_io.c
* [SECURITY] mod_ssl: Fix potential input filter segfaults in
  SPECULATIVE mode. (rollback handling for AP_MODE_SPECULATIVE)
  "This issue has possible security implications; it's been assigned CVE
  CAN-2004-0751 (cve.mitre.org)."
  http://issues.apache.org/bugzilla/show_bug.cgi?id=30134

* [SECURITY] mod_ssl: Fix potential infinite loop.
  (potential infinite loop in ssl_io_input_getline if connection is
  aborted without inctx->rc being set.)
  http://issues.apache.org/bugzilla/show_bug.cgi?id=27945
  http://issues.apache.org/bugzilla/show_bug.cgi?id=29690

Obtained from:  Apache CVS (httpd-2.0 HEAD)
2004-08-18 19:40:07 +00:00
Clement Laforet
696614c16d - Bump PORTREVISION for all previous changes
- Allow access to /home if mod_userdir is loaded
- We don't need apache2libs.sh if apr is installed from ports.
- Add recent changes to UPGRADING
2004-08-17 12:41:26 +00:00
Clement Laforet
9e23477bc7 Remove our config.layout support. FreeBSD layout is in apache2's one
since 2.0.48
2004-08-07 20:25:02 +00:00
Clement Laforet
7ee53773d5 We don't need -DFREEBSD_THREAD_HACK when using kse or thr as threading
library.
2004-08-07 19:47:16 +00:00
Clement Laforet
7d02c7c2aa - Add ldconfig -m to apache2's apr libs (install time and boot time)
Requested by, discussed with: lev
2004-08-05 21:46:17 +00:00
Clement Laforet
89b5fc4b1b - Fix brainless typo.
Noticed by: Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl>
2004-08-02 13:21:36 +00:00
Clement Laforet
63581d9287 apache2 NG patch 2/5.
Makefile.modules:
   - Export rewritten modules selection from Makefile.modules
     to Makefile.modules.3rd
   - Remove proxy support by default.

Makefile.modules.3rd:
   - Add support for WANT_APACHE common13/common2 to share
     code/functionalities between apache13 and apache2 server ports.

Rewrite of modules selection:
   - WITH_MODULES and WITHOUT_MODULES are no more conflicting
     WITHOUT_MODULES can be safely used internally to remove conflicting
     modules
   - Selection is based on modules categories to improve flexibility
        - WITH_${category}[_MODULES]
        - WITHOUT_${category}
        - WITH_CUSTOM_${category}
   -  Support apache13, apache2{0,1}
        This is EXPERIMENTAL. I'll test it IRL with www/apache13-ssl,
        and it should be easily usuable in future bsd.apache.mk
2004-08-02 08:40:05 +00:00
Clement Laforet
b26a90a102 apache2 NG patch 1/5.
o Changes in httpd.conf
  - mod_userdir:
        . set Userdir if mod_userdir is loaded [1]
        . Userdir is denied for users from /etc/ftpusers
  - set more "secure" permissions.
    By default, policy is to deny access to filesystem.
    You HAVE to _ENABLE_ access to your filesystem in httpd.conf.
  - Add an "Includes" directory to ${PREFIX}/etc/apache2/
    to make configuration more flexible
    ${PREFIX}/etc/apache2/*.conf files are now automatically loaded.

o apache.sh
  - be closer to apachectl, apache.sh need envvars [2]
    It should restore subversion behavior.

Partially submitted by:
                kuriyama [1],
                Gregory (Grisha) Trubetskoy <grisha at apache dot org> [2]

Future changes are mostly written, they should be committed during the
week-end.
If you're interrested in changes, feel free contact me.
2004-07-30 17:04:47 +00:00
Clement Laforet
82c002d610 - Disable mod_cgi if MPM is threaded. 2004-07-13 13:32:42 +00:00
Clement Laforet
c6f9f34532 - Update experimental apr/kqueue patch
Obtained from:	apr CVS
2004-07-13 09:53:43 +00:00
Clement Laforet
be548a19b6 - Fix hostname resolution if IPv4 are mapped. [1]
- Add WITHOUT_V4MAPPED knob and explicitly set --disable-v4-mapped
  if WITHOUT_V4MAPPED or WITH_IPV6_V6ONLY

Also submitted by:	Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> [1]
2004-07-13 09:32:44 +00:00
Clement Laforet
c36c607e27 - Improve plist generation.
It fixes problems when you deinstall a port with $PREFIX != $(apxs -q
  prefix). Now plist is aware of real location of apache module.
2004-07-11 09:43:17 +00:00
Clement Laforet
fcd42c3e27 - Add WITHOUT_IPV6 knob to workaround problem with IP resolution
when --enable-v4-mapped is used (default).
  Use WITHOUT_IPV6 knob if you have problem with "HostnameLookup On" on
  IPv4-only server(s).
  I hope I can provide a real fix soon.
2004-07-09 16:41:38 +00:00
Clement Laforet
ddee6b6038 - remove from plist reference to share/nls/en_US.US-ASCII
and share/nls/POSIX

Noticed by:	thierry
2004-07-03 21:57:52 +00:00
Clement Laforet
35843182ff - Make configure script define DEFAULT_SCOREBOARD.
- Add NOTICE file to respect Apache 2.0 license
2004-07-02 13:47:41 +00:00
Clement Laforet
1356695910 - revert ade's commit, since it breaks the ports due to something
looking like a reverse patching.
2004-07-01 18:06:35 +00:00
Ade Lovett
328b757bf2 Autotools cleanup. Remove autoconf257 (259), automake17 (18), and
libtool14 (13/15).

PR:		67768
Submitted by:	ade
Approved by:	4-exp bento runs (thanks, kris!)
2004-07-01 17:06:41 +00:00
Clement Laforet
d84ad3cbde - Update to 2.0.50
Important changes:
  *) SECURITY: CAN-2004-0493 (cve.mitre.org)
     Close a denial of service vulnerability identified by Georgi
     Guninski which could lead to memory exhaustion with certain
     input data.  [Jeff Trawick]
  *) SECURITY: CAN-2004-0488 (cve.mitre.org)
     mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
     (trusted) client certificate subject DN which exceeds 6K in length.
     [Joe Orton]
  Details can be found here:
        http://www.apache.org/dist/httpd/CHANGES_2.0
- Use autoconf 2.59
- Add add SUEXEC_LOGFILE tunable to set suexec logfile [1]
- Silently ignore removal of libexec/apache2 directory
- Import latest version of apr_reslit.c from apr CVS which
  adds timeout feature to apr_reslist_acquire().
  This is required for future mod_logio-st.
- Add explicit dependency on libiconv (so nowwe support libiconv)
- Move Windows Update fix from MASTER_SITE_LOCAL to ports tree
- add WITH_EXPERIMENTAL_PATCHES knobs:
  These patches are backports from apache CVS HEAD or apr CVS HEAD.
  They have positive impacts on apache responsiveness but can be
instable
  and are NOT currently supported by apache/apr teams.
  * exp-http-ready.patch: add "httpready" support for ACCEPT_FILTER
    (currently apache 2 only support "dataready")
  * exp-apr-kqueue.patch: add support for kqueue in apr_poll().
    This patch greatly improves apache network performance (up to
    18% according to the author, on my test box, between 13% and 21%)
    Test and feedback on -STABLE are welcome ;)
    For more details, please see:
    http://marc.theaimsgroup.com/?t=108650227500001&r=1&w=2

Submitted by:   knu [1]

NOTE:
Please set MASTER_SITE_APACHE_HTTPD to closest mirrors.
you can easily find them from:
http://www.apache.org/dyn/closer.cgi/httpd/
Thanks :
2004-07-01 05:54:56 +00:00
Clement Laforet
3f4b32767a - Security fix.
CAN-2004-0493 - memory exhaustion denial of service
  http://www.freebsd.org/ports/portaudit/81a8c9c2-c94f-11d8-8898-000d6111a684.html

Noticed by:	eik
Obtained from:	apache CVS
2004-06-29 08:06:20 +00:00
Kris Kennaway
af18d6b419 Don't remove www/ now that it is created by the system. 2004-06-09 06:16:06 +00:00
Clement Laforet
f7130fadbb - change limits from user www to daemon class to be in sync with
apachectl
- fix limits (missing eval)
2004-06-07 14:56:53 +00:00
Clement Laforet
f67f96c948 - Clarify pkg-message
Noticed by:	Hutterer Robert <robert.hutterer@univie.ac.at>
2004-06-06 21:53:18 +00:00
Clement Laforet
57ed01ffdf - Sync pkg-descr with reality. 2004-06-05 13:52:20 +00:00
Clement Laforet
70fd25d3a0 -1- make show-options readable from a vt100 ;-)
-2- add WITH_DEBUG knob (supports DEBUG_FLAGS)
-3- convert start script to RCng [1]
    - add possibility to run limits(1) before apache starts
    - apache2.sh reload = apachectl graceful
-4- Add threadpool MPM
-5- Adapt COMMENT to fit MPM.
-6- Bump PORTREVISION

PR:             ports/66955 [1]
Submitted by:   nork [1] (partially)
Requested by:   ume [1]
2004-06-05 11:14:18 +00:00
Clement Laforet
36102d1706 - remove quotes from "bogus" IGNORE string
Noticed by:	kris
2004-06-02 08:15:58 +00:00
Clement Laforet
2864efb22d - Fix IGNORE s,(,\(, 2004-05-29 22:17:16 +00:00
Clement Laforet
e4bf8af6bd - s/BROKEN/IGNORE/ 2004-05-29 22:07:37 +00:00
Clement Laforet
96f28baafc - Fix build if WITH_APR_FROM_PORTS is defined.
- Advertise ServerToken i.e.:
Apache/2.0.49 (FreeBSD) Server at satan.cultdeadsheep.org Port 80
2004-05-29 21:37:38 +00:00
Clement Laforet
858b6c8e39 - Import security fix from Apache CVS...
* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix buffer
overflow in FakeBasicAuth code if client's subject DN exceeds 6K in
length (CVE CAN-2004-0488); switch to using apr-util base64 encoder
functions.
- ... and of course bump PORTREVISION.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
http://secunia.com/advisories/11534/

Reported by:    Charles-Damien Orbello <tazma@cultdeadsheep.org>
2004-05-28 15:27:02 +00:00
Clement Laforet
6897c4721f - Fix plist after upgrading libtool to 1.5
Notice by:	 Fritz Heinrichmeyer <fritz.heinrichmeyer@fernuni-hagen.de>
2004-05-18 13:43:19 +00:00