1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-05 01:55:52 +00:00
Commit Graph

379 Commits

Author SHA1 Message Date
Olli Hauer
6cd848448f - notice the users that old WITH/WITHOUT parameters are obsolete.
Point them to the wiki

Thanks to crees@ for this suggestion to
implement this direct in the port

PR:		171509
2012-09-09 17:01:30 +00:00
Olli Hauer
0578f91ad7 - add a note about devel/apr1 and apache22 updates
- adjust DBD IGNORE message
2012-09-08 16:35:31 +00:00
Olli Hauer
2b025867ef - fix build on IPv4 only systems
Thanks to John Marshall to identify the issue!
2012-09-05 07:40:26 +00:00
Olli Hauer
b1d80f7131 - Simplify options with the removal of the last APR only related parameter [1]
- disallow IPv6 sockets to handle IPv4 requests per default. [2]

- move extra-patch-server__config.c
    -> patch-server__config.c
    https://issues.apache.org/bugzilla/show_bug.cgi?id=53823

- bump PORTREVISION

[1] Credits to Hajimu UMEMOTO (ume@) for finding the last APR related parameter
[2] http://httpd.apache.org/docs/2.2/bind.html

with hat apache@
2012-09-04 21:17:06 +00:00
Olli Hauer
2a91c25f5f devel/apr1 [1]
- update APR to 1.4.6
- update APR-util to 1.4.1
- remove PKGNAMESUFFIX'es

www/apache-(event|itk|peruser|worker)-mpm
- adopt new Makefile header, adjust
  PKGNAMESUFFIX in apache22 masterport
  PKGNAME match now LATEST_LINK

www/apache22 [2]-[6]
- rewrite for options NG
- PORTNAME s|apache|apache22|
- remove APR APR-util specific otions,
  will be checked now with help of apr/u-1-config

Mk/bsd.apache.mk
- rewrite for options NG
- remove no longer needet make targets
  (show-categories, make-options-list)

[1]
PR: 165143

[2]-[6]
PR: 130479
PR: 153406
PR: 158565
PR: 168769
PR: 167965

with hat apache@
2012-09-02 14:31:58 +00:00
Olli Hauer
fea05a23b6 - rewite apache port
- remove all apr/apu related parts (leftovers from bundled apr)
 - remove invalid parts from Makefile.doc
 - move MODULES to Makefile.options

- remove apache20 parts
- remove category handling

with hat apache@
2012-08-23 04:49:36 +00:00
Olli Hauer
7ea5219979 - rewrite bsd.apache.mk (prepare for options NG support)
keep full backward support until apache20 is removed from the tree
   comment code to remove with MFC TODO:

- adjust apache20 and apache22 ports
   changes are transparent for users (no PORTREVISION bump)

 Users who are using special build instructions in make.conf, such as
  - WITH_STATIC_MODULES= alias dir log_config mime rewrite setenvif vhost_alias

 should convert the values to UPPERCASE
  - WITH_STATIC_MODULES= ALIAS DIR LOG_CONFIG MIME REWRITE SETENVIF VHOST_ALIAS

 At the moment code to support old lowercase style is in place, but
 target to remove in favor for options NG.

with hat apache@
2012-08-13 19:51:11 +00:00
Wesley Shields
15b1814bf5 Document Apache 2.2.x insecure handling of LD_LIBRARY_PATH.
Add patch[1] to address problem to apache port.

[1]: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/envvars-std.in?view=log&pathrev=1296428

Approved by:	apache@ (pgollucci@)
Obtained from:	Apache SVN
2012-08-02 03:17:26 +00:00
Olli Hauer
2a3105aff0 apache22
- centralise OPTIONS in Makefile.options
- s/Enable// in OPTIONS
- rewrite Makefile.modules (last defined SLAVE_PORT_MPM port use now WITH_MPM var)
- no REVISION bump, nothing changed in the logic / functionality

apache22-peruser-mpm
- use WITH_MPM instead SLAVE_PORT_MPM
2012-07-22 21:13:34 +00:00
Olli Hauer
57cb74375e - cleanup conflicts (remove no longer existent ports)
- remove explicit ABI version number from LIB_DEPENDS
2012-07-08 21:32:23 +00:00
Martin Matuska
205f1ac23d Bump pcre library dependency due to 8.30 update
Add (vendor) patch for deprecated pcre_info()
2012-02-14 12:44:23 +00:00
Philip M. Gollucci
3ca1d8b46d - use $SYSCTL
- use full path setfib

PR:             ports/153264
Submitted by:   Jeremy Chadwick <freebsd@jdc.parodius.com>
With Hat:       apache@
Sponsored by:   Apache Software Foundation (ASF)
2012-02-09 02:49:55 +00:00
Philip M. Gollucci
bc1033f57f - Remove 0 length file breaking pkg
Reported by:    glarkin
2012-02-08 22:49:54 +00:00
Philip M. Gollucci
8f547039c4 - Convert to USERS/GROUPS [1]
- Resync proxy connect patch [2]
- Bump PORTREVISION since the proxy patch is unconditionally applied
  which means we can remove that OPTION too

PR:             ports/164698 [1], ports/164711 [2]
Submitted by:   jgh@ [1], freebsd@nagilum.org [2]
With Hat:       apache@
Sponsored by:   RideCharge Inc. / TaxiMagic
2012-02-08 04:35:31 +00:00
Jason Helfman
09c57f862b - Update to 2.2.22
Addresses:
* SECURITY: CVE-2011-3607 (cve.mitre.org)
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP
Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif
module is enabled, allows local users to gain privileges via a .htaccess file
with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request
header, leading to a heap-based buffer overflow.

* SECURITY: CVE-2012-0021 (cve.mitre.org)
The log_cookie function in mod_log_config.c in the mod_log_config module in the
Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not
properly handle a %{}C format string, which allows remote attackers to cause a
denial of service (daemon crash) via a cookie that lacks both a name and a
value.

* SECURITY: CVE-2012-0031 (cve.mitre.org)
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local
users to cause a denial of service (daemon crash during shutdown) or possibly
have unspecified other impact by modifying a certain type field within a
scoreboard shared memory segment, leading to an invalid call to the free
function.

* SECURITY: CVE-2011-4317 (cve.mitre.org)
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x
through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in
place, does not properly interact with use of (1) RewriteRule and (2)
ProxyPassMatch pattern matches for configuration of a reverse proxy, which
allows remote attackers to send requests to intranet servers via a malformed URI
containing an @ (at sign) character and a : (colon) character in invalid
positions. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2011-3368.

* SECURITY: CVE-2012-0053 (cve.mitre.org)
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly
restrict header information during construction of Bad Request (aka 400) error
documents, which allows remote attackers to obtain the values of HTTPOnly
cookies via vectors involving a (1) long or (2) malformed header in conjunction
with crafted web script.

* SECURITY: CVE-2011-3368 (cve.mitre.org)
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x
through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of
(1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a
reverse proxy, which allows remote attackers to send requests to intranet
servers via a malformed URI containing an initial @ (at sign) character.

PR: ports/164675
Reviewed by: pgollucci
Approved by: pgollucci, crees, rene (mentors, implicit)
With Hat: apache@
2012-02-01 18:56:08 +00:00
Philip M. Gollucci
bccdbf2387 - Restore inadvertently removed log renames from previous commit
Noticed by:	sunpoet@
Pointy Hat:	pgollucci@
2012-01-23 23:24:38 +00:00
Philip M. Gollucci
91fae18456 - Pull r1227293 from httpd svn
Note, you have to actually uncomment the include for this to take affect
- No PORTREVISION bump since nothing changes by default

PR:		ports/156987
Reported by:	Adrian Dimcev <adimcev@carbonwind.net>
With Hat:	apache@
2012-01-18 03:44:39 +00:00
Doug Barton
83eb2c3700 In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.
2012-01-14 08:57:23 +00:00
Dmitry Marakasov
6f6fbe4bdf - Add LDFLAGS to CONFIGURE_ENV and MAKE_ENV (as it was done with LDFLAGS)
- Fix all ports that add {CPP,LD}FLAGS to *_ENV to modify flags instead

PR:		157936
Submitted by:	myself
Exp-runs by:	pav
Approved by:	pav
2011-09-23 22:26:39 +00:00
Olli Hauer
7f37b18a66 - update to version 2.2.21
Addresses:
* SECURITY: CVE-2011-3348 (cve.mitre.org)
 mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
 unrecognized HTTP methods from marking ajp: balancer members
 in an error state, avoiding denial of service.

* SECURITY: CVE-2011-3192 (cve.mitre.org)
 core: Further fixes to the handling of byte-range requests to use
 less memory, to avoid denial of service. This patch includes fixes
 to the patch introduced in release 2.2.20 for protocol compliance,
 as well as the MaxRanges directive.

PR:		ports/160743
Submitted by:	Jason Helfman <jhelfman@experts-exchange.com>
2011-09-15 05:00:28 +00:00
Gabor Kovesdan
d6753a0164 - Track dependencies after databases/gdbm update 2011-09-12 23:17:32 +00:00
Gabor Kovesdan
2fc6a06a9b - Track dependencies after databases/gdbm update 2011-09-12 13:46:58 +00:00
Ade Lovett
b61f0076de Emergency upgrade to 2.2.20 - CVE-2011-3192. Any complaints, talk to me.
PR:		160381
2011-09-02 06:18:02 +00:00
Olli Hauer
3381c15ff3 - Close a race condition that sometimes resulted in configure.in
patches being ignored
2011-06-29 17:28:44 +00:00
Olli Hauer
42c28c2891 - update to httpd-2.2.19
Changes with Apache 2.2.19

  *) Revert ABI breakage in 2.2.18 caused by the function signature change
     of ap_unescape_url_keep2f().  This release restores the signature from
     2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex().
     [Eric Covener]

commit with hat apache@
2011-05-22 21:33:31 +00:00
Olli Hauer
26894a3437 - unbreak mpm-itk-20110321-01 patch
PR:		ports/157041
Submitted by:	zlopi.ru <zlopi.ru _at gmail.com>
2011-05-14 21:53:21 +00:00
Olli Hauer
92dcc59c86 - update to version 2.2.18
Changes:
http://www.apache.org/dist/httpd/CHANGES_2.2.18

Changes with Apache 2.2.18

  *) Log an error for failures to read a chunk-size, and return 408 instead
     413 when this is due to a read timeout.  This change also fixes some cases
     of two error documents being sent in the response for the same scenario.
     [Eric Covener] PR49167

  *) core: Only log a 408 if it is no keepalive timeout. PR 39785
     [Ruediger Pluem,  Mark Montague <markmont umich.edu>]

  *) core: Treat timeout reading request as 408 error, not 400.
     Log 408 errors in access log as was done in Apache 1.3.x.
     PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>, Stefan Fritsch,
     Dan Poirier]

  *) Core HTTP: disable keepalive when the Client has sent
     Expect: 100-continue
     but we respond directly with a non-100 response.  Keepalive here led
     to data from clients continuing being treated as a new request.
     PR 47087.  [Nick Kew]

  *) htpasswd: Change the default algorithm for htpasswd to MD5 on all
     platforms. Crypt with its 8 character limit is not useful anymore;
     improve out of disk space handling (PR 30877); print a warning if
     a password is truncated by crypt. [Stefan Fritsch]

  *) mod_win32: Added shebang check for '! so that .vbs scripts work as CGI.
     Win32's cscript interpreter can only use a single quote as comment char.
     [Guenter Knauf]

  *) configure: Fix htpasswd/htdbm libcrypt link errors with some newer
     linkers. [Stefan Fritsch]

  *) MinGW build improvements.  PR 49535.  [John Vandenberg
     <jayvdb gmail.com>, Jeff Trawick]

  *) mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
     [Stefan Fritsch]

  *) core: AllowEncodedSlashes new option NoDecode to allow encoded slashes
     in request URL path info but not decode them. PR 35256,
     PR 46830.  [Dan Poirier]

  *) mod_rewrite: Allow to unset environment variables. PR 50746.
     [Rainer Jung]

  *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
     binary (Suexec Off), or force startup failure if suEXEC is required
     but not supported (Suexec On).  [Jeff Trawick]

  *) mod_proxy: Put the worker in error state if the SSL handshake with the
     backend fails. PR 50332.
     [Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]

  *) prefork: Update MPM state in children during a graceful restart.
     Allow the HTTP connection handling loop to terminate early
     during a graceful restart.  PR 41743.
     [Andrew Punch <andrew.punch 247realmedia.com>]

  *) mod_ssl: Correctly read full lines in input filter when the line is
     incomplete during first read. PR 50481. [Ruediger Pluem]

  *) mod_autoindex: Merge IndexOptions from server to directory context when
     the directory has no mod_autoindex directives. PR 47766. [Eric Covener]

  *) mod_cache: Make sure that we never allow a 304 Not Modified response
     that we asked for to leak to the client should the 304 response be
     uncacheable. PR45341 [Graham Leggett]

  *) mod_dav: Send 400 error if malformed Content-Range header is received for
     a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]

  *) mod_userdir: Add merging of enable, disable, and filename arguments
     to UserDir directive, leaving enable/disable of userlists unmerged.
     PR 44076 [Eric Covener]

  *) core: Honor 'AcceptPathInfo OFF' during internal redirects,
     such as per-directory mod_rewrite substitutions.  PR 50349.
     [Eric Covener]

  *) mod_cache: Check the request to determine whether we are allowed
     to return cached content at all, and respect a "Cache-Control:
     no-cache" header from a client. Previously, "no-cache" would
     behave like "max-age=0". [Graham Leggett]

  *) mod_mem_cache: Add a debug msg when a streaming response exceeds
     MCacheMaxStreamingBuffer, since mod_cache will follow up with a scary
     'memory allocation failed' debug message. PR 49604. [Eric Covener]

  *) proxy_connect: Don't give up in the middle of a CONNECT tunnel
     when the child process is starting to exit.  PR50220. [Eric Covener]

PR:		156997
Submitted by:	Tsurutani Naoki <turutani _at_ scphys.kyoto-u.ac.jp>
2011-05-13 23:02:38 +00:00
Olli Hauer
83546441a9 - fix Ports with version numbers going backwards for www/apache22-peruser-mpm
- by changing PORTREVISION= to ?=

   Issue reported by erwin@
2011-04-18 20:32:33 +00:00
Olli Hauer
611bdd4c01 - update Apache 2 ITK MPM patch to version 20110321-01 [1]
- add additional patch for mpm-itk [2]
 - add mod_substitute to apache22 [3]
 - add some documentation into the mpm-itk* patches
 - bump portrevision

 Changes:
 [1] apache2.2-mpm-itk 2.2.17-01, released 2011-03-21:
  * Fixed CVE-2011-1176: If NiceValue was set, the default with no
    AssignUserID was to run as root:root instead of the default Apache user
    and group, due to the configuration merger having an incorrect default
    configuration.
  * Rebase against Apache 2.2.17.
  * Fix an issue where users can sometimes get spurious 403s on persistent
    connections, if the .htaccess files are not world readable.
  * In the config merger, don't reallocate the username, since it's already
    in the correct pool. (This is not a memory leak, only a small inefficiency.)

 [2] http://httpd.apache.org/docs/2.2/mod/mod_substitute.html

 Source:
  http://mpm-itk.sesse.net/ [1]
  http://www.pvv.ntnu.no/~knuta/mpm-itk/ [2]
  http://lists.freebsd.org/pipermail/freebsd-apache/2011-March/002184.html [3]

 With Hat:  apache@

PR:		ports/156024 [1][2]
Submitted by:	Lukasz Wasikowski <lukasz _at_ wasikowski.net> [1][2]
		Nick Gieczewski <sorongo _at_ gmail.com> [3]
2011-03-31 17:00:37 +00:00
Martin Wilke
a9481afc8a - Get Rid MD5 support 2011-03-19 12:38:54 +00:00
Philip M. Gollucci
811824fc15 - update conflicts 2010-12-07 20:38:17 +00:00
Ade Lovett
4a8684e352 Sync to new bsd.autotools.mk 2010-12-04 07:34:27 +00:00
Philip M. Gollucci
96fa3156a8 - The previous update to the rc.d script didn't quite maintain the old behavior
correctly.  This fixes the pid file name

PR:				ports/151623
Submitted by:	Vivek Khera <vivek@khera.org>
With Hat:		apache@
Point hat to:	myself (pgollucci)
2010-10-21 18:00:15 +00:00
Philip M. Gollucci
12bfc2c01b - Update to 2.2.17
**
* Note, no CVE affects the FREEBSD port.  devel/apr1 was updated to
* apr-util 1.3.10 on 2010/10/06 05:32:24.
**

Changes:        http://www.apache.org/dist/httpd/CHANGES_2.2
PR:             ports/151594
Submitted by:   Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
With Hat:       apache@

<ChangeLog>
  *) prefork MPM: Run cleanups for final request when process exits gracefully
     to work around a flaw in apr-util.  PR 43857.  [Tom Donovan]

  *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
     connections and other protocol handlers (like mod_ftp). Enforce the
     timeout for AP_MODE_GETLINE. If there is a timeout, shorten the lingering
     close time from 30 to 2 seconds. [Stefan Fritsch]

  *) Proxy balancer: support setting error status according to HTTP response
     code from a backend.  PR 48939.  [Daniel Ruggeri <DRuggeri primary.net>]

  *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
     password to UTF-8. PR 45318.
     [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]

  *) core: check symlink ownership if both FollowSymlinks and
     SymlinksIfOwnerMatch are set [Nick Kew]

  *) core: fix origin checking in SymlinksIfOwnerMatch
     PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]

  *) mod_headers: Enable multi-match-and-replace edit option
     PR 46594 [Nick Kew]

  *) mod_log_config: Make ${cookie}C correctly match whole cookie names
     instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
     Stefan Fritsch]

  *) mod_dir, mod_negotiation: Pass the output filter information
     to newly created sub requests; as these are later on used
     as true requests with an internal redirect. This allows for
     mod_cache et.al. to trap the results of the redirect.
     PR 17629, 43939
     [Dirk-Willem van Gulik, Jim Jagielski, Joe Orton, Ruediger Pluem]

  *) rotatelogs: Fix possible buffer overflow if admin configures a
     mongo log file path. [Jeff Trawick]

  *) mod_ssl: Do not do overlapping memcpy. PR 45444 [Joe Orton]

  *) vhost: A purely-numeric Host: header should not be treated as a port.
     PR 44979 [Nick Kew]

  *) core: (re)-introduce -T commandline option to suppress documentroot
     check at startup.
     PR 41887 [Jan van den Berg <janvdberg gmail.com>]
</ChangeLog>
2010-10-20 21:04:58 +00:00
Ade Lovett
6abd00a86b Punt autoconf267->autoconf268 2010-10-16 11:52:47 +00:00
Philip M. Gollucci
a47922410b - s,/usr/local,%%PREFIX%%,'
Reported by:	stas
2010-10-14 20:20:06 +00:00
Philip M. Gollucci
e5d53ce9b2 - Allow overriding of the following on a profile basis.
pidfile
    command
    envvars

Without profiles, the old defaults remain unchanged.  With profiles the old defaults
remain unchanged.

Sponsored by:		RideCharge Inc. / TaxiMagic
Tested by:			RideCharge Inc. / TaxiMagic (> 1 yr in production)
With Hat:			apache@
2010-10-14 19:53:25 +00:00
Ade Lovett
8262a7b51d Autotools update. Read ports/UPDATING 20100915 for details.
Approved by:	portmgr (for Mk/bsd.port.mk part)
Tested by:	Multiple -exp runs
2010-09-15 18:35:24 +00:00
Jun Kuriyama
4766daabfe - Upgrade to 2.2.16.
Security:	CVE-2010-1452 (mod_{cache,dev} remote DoS),
		CVE-2010-2068 (mod_{proxy_{ajp,http},reqtimeout} related on some platforms)
2010-07-26 01:28:40 +00:00
Philip M. Gollucci
e5cd151434 Bump PORTREVISION forgotten in last commit, by /home/ncvs lied to me.
- Fix misnamed patch that was unconditionally applied.

PR:             ports/146789
Submitted by:   Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net>
With Hat:       apache@
2010-05-21 16:28:25 +00:00
Philip M. Gollucci
4ec4974de3 - Fix misnamed patch that was unconditionally applied.
PR:             ports/146789
Submitted by:   Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net>
With Hat:       apache@
2010-05-21 16:27:10 +00:00
Philip M. Gollucci
99d3f4c2b0 - Enable,build, and install mod_reqtimeout.so which mitigates solaris attacks.
- Default on, so bump PORTREVISION

Reuested by:        Jonas Eckerman <jonas@fsdb.org> (via apache@)
With Hat:           apache@
2010-05-20 21:43:47 +00:00
Philip M. Gollucci
291d2c2963 - Bump PORTREVISION
With Hat:   apache@
2010-05-18 04:58:08 +00:00
Philip M. Gollucci
b7a56df6ee - Whitespace only
With Hat:   apache@
2010-05-18 04:57:46 +00:00
Philip M. Gollucci
5afcb1b1e9 - only need to set grandfather deps
the dbm maze is a bit harder so is left alone for now

With Hat:   apache@
2010-05-18 04:57:10 +00:00
Philip M. Gollucci
ce9159739d - file is only in devel/apr[01] now.
With Hat:   apache@
2010-05-18 04:55:44 +00:00
Philip M. Gollucci
61a0dda84e - remove apr/apr-util vestiges
- fullbuild not needed anymore
- buildconf not needed anymore
- scripts_env not needed anymore

With Hat:   apache@
2010-05-18 04:55:15 +00:00
Philip M. Gollucci
9d17de2112 - Remove WITH_APR_FROM_PORTS option. Always use devel/apr1 port now.
Bundled srclib/apr is never used now.

With Hat:   apache@
2010-05-18 04:53:40 +00:00
Philip M. Gollucci
61bcae45bc - Chase devel/apr -> devel/apr1 shuffling
PR:             ports/146553
Submitted by:   myself (pgollucci@)
With Hat:       apache@
2010-05-18 04:08:05 +00:00
Philip M. Gollucci
55544fc2be - Convert ports/ to devel/apr1
PR:             ports/146553
Submitted by:   myself (pgollucci@)
With Hat:       apache@
2010-05-18 04:05:05 +00:00