*) SECURITY: CAN-2004-0786 (cve.mitre.org)
Fix an input validation issue in apr-util which could be
triggered by malformed IPv6 literal addresses. [Joe Orton]
*) SECURITY: CAN-2004-0747 (cve.mitre.org)
Fix buffer overflow in expansion of environment variables in
configuration file parsing. [Andr<E9> Malo]
*) SECURITY: CAN-2004-0809 (cve.mitre.org)
mod_dav_fs: Fix a segfault in the handling of an indirect lock
refresh. PR 31183. [Joe Orton]
- Update documentation (finally!) and fix WITH_<CATEGORY>_MODULES
for special modules like LDAP or SSL [2]
Noticed by: nectar [1]
Requested by: Emile Heitor <imil at home dot imil dot net> [2]
Approved by: portmgr (marcus)
* WITH_EXCEPTION_HOOK now exists
* Automatically add if WITH_DEBUG is set
* Update still-outdated-documentation
- Remove automatic debuf mode if DEBUG_FLAGS is set
Exception hook is very useful for debugging (upcoming www/mod_backtrace
and www/mod_whatkilledus modules)
Makefile.modules.3rd:
- Fix CONFIGURE_ARGS for dynamic module selection.
It's now fully usuable for apache13 ports
- Remove an useless WANT_APACHE check
- Move apxs detection at the beginning of the file, to use APXS_PREFIX
for apache major version detection [1]
The main advantage of this patch is to provide a nice way to
have multiple apache versions, without altering ${LOCALBASE}.
Submitted by: "ports/c0decafe.net" <ports at c0decafe dot net> [1]
Makefile.modules:
- Export rewritten modules selection from Makefile.modules
to Makefile.modules.3rd
- Remove proxy support by default.
Makefile.modules.3rd:
- Add support for WANT_APACHE common13/common2 to share
code/functionalities between apache13 and apache2 server ports.
Rewrite of modules selection:
- WITH_MODULES and WITHOUT_MODULES are no more conflicting
WITHOUT_MODULES can be safely used internally to remove conflicting
modules
- Selection is based on modules categories to improve flexibility
- WITH_${category}[_MODULES]
- WITHOUT_${category}
- WITH_CUSTOM_${category}
- Support apache13, apache2{0,1}
This is EXPERIMENTAL. I'll test it IRL with www/apache13-ssl,
and it should be easily usuable in future bsd.apache.mk
o Changes in httpd.conf
- mod_userdir:
. set Userdir if mod_userdir is loaded [1]
. Userdir is denied for users from /etc/ftpusers
- set more "secure" permissions.
By default, policy is to deny access to filesystem.
You HAVE to _ENABLE_ access to your filesystem in httpd.conf.
- Add an "Includes" directory to ${PREFIX}/etc/apache2/
to make configuration more flexible
${PREFIX}/etc/apache2/*.conf files are now automatically loaded.
o apache.sh
- be closer to apachectl, apache.sh need envvars [2]
It should restore subversion behavior.
Partially submitted by:
kuriyama [1],
Gregory (Grisha) Trubetskoy <grisha at apache dot org> [2]
Future changes are mostly written, they should be committed during the
week-end.
If you're interrested in changes, feel free contact me.
- Add WITHOUT_V4MAPPED knob and explicitly set --disable-v4-mapped
if WITHOUT_V4MAPPED or WITH_IPV6_V6ONLY
Also submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> [1]
when --enable-v4-mapped is used (default).
Use WITHOUT_IPV6 knob if you have problem with "HostnameLookup On" on
IPv4-only server(s).
I hope I can provide a real fix soon.
Important changes:
*) SECURITY: CAN-2004-0493 (cve.mitre.org)
Close a denial of service vulnerability identified by Georgi
Guninski which could lead to memory exhaustion with certain
input data. [Jeff Trawick]
*) SECURITY: CAN-2004-0488 (cve.mitre.org)
mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
(trusted) client certificate subject DN which exceeds 6K in length.
[Joe Orton]
Details can be found here:
http://www.apache.org/dist/httpd/CHANGES_2.0
- Use autoconf 2.59
- Add add SUEXEC_LOGFILE tunable to set suexec logfile [1]
- Silently ignore removal of libexec/apache2 directory
- Import latest version of apr_reslit.c from apr CVS which
adds timeout feature to apr_reslist_acquire().
This is required for future mod_logio-st.
- Add explicit dependency on libiconv (so nowwe support libiconv)
- Move Windows Update fix from MASTER_SITE_LOCAL to ports tree
- add WITH_EXPERIMENTAL_PATCHES knobs:
These patches are backports from apache CVS HEAD or apr CVS HEAD.
They have positive impacts on apache responsiveness but can be
instable
and are NOT currently supported by apache/apr teams.
* exp-http-ready.patch: add "httpready" support for ACCEPT_FILTER
(currently apache 2 only support "dataready")
* exp-apr-kqueue.patch: add support for kqueue in apr_poll().
This patch greatly improves apache network performance (up to
18% according to the author, on my test box, between 13% and 21%)
Test and feedback on -STABLE are welcome ;)
For more details, please see:
http://marc.theaimsgroup.com/?t=108650227500001&r=1&w=2
Submitted by: knu [1]
NOTE:
Please set MASTER_SITE_APACHE_HTTPD to closest mirrors.
you can easily find them from:
http://www.apache.org/dyn/closer.cgi/httpd/
Thanks :
- Cosmectic change in autogenerated plist (run apxs before the removal
of the module file, it can make apxs fail if you change module
name/shortname)
Forgotten by: me [1]
Reminded by: discussion with kris [1]
It can not be used with USE_APACHE knob.
Most important knobs:
WANT_APACHE= {13,2}
Apache version required. if undefined, both apache version
are allowed.
AP_FAST_BUILD
Do ${APXS} -c ${APXS} -i for you
AP_GENPLIST
Autogenerate a _SIMPLE_ plist:
See future commits to know how to use this file.
This shouldn't have been fixed, but I don't like setting UID and GID
variables.
so ${*} -> ${WWW*}
PR: 64032
Noticed by: Patrick Schoenfeld <schoenfeld@in-medias-res.com>
WITH_PTHREAD_LIBS and WITH_PTHREAD_CFLAGS are now working again
WARNING: This option is still NOT offically supported.
You can't flame me,but you still cansend me some backtrace ;-)
Begin autotools sanitization sequence by requiring ports to explicitly
specify which version of {libtool,autoconf,automake} they need, erasing
the concept of a "system default".
For ports-in-waiting:
USE_LIBTOOL=YES -> USE_LIBTOOL_VER=13
USE_AUTOCONF=YES -> USE_AUTOCONF_VER=213
USE_AUTOMAKE=YES -> USE_AUTOMAKE_VER=14
Ports attempting to use the old style system after June 1st 2004 will be
sorely disappointed.
the USE_<x> equivalents. In the current scheme of things, the WANT_
variables in this case are synonymous with the USE_ ones, and thus need
to be exterminated.
First in a series of major autotools cleanups.
