Makefile.modules:
- Export rewritten modules selection from Makefile.modules
to Makefile.modules.3rd
- Remove proxy support by default.
Makefile.modules.3rd:
- Add support for WANT_APACHE common13/common2 to share
code/functionalities between apache13 and apache2 server ports.
Rewrite of modules selection:
- WITH_MODULES and WITHOUT_MODULES are no more conflicting
WITHOUT_MODULES can be safely used internally to remove conflicting
modules
- Selection is based on modules categories to improve flexibility
- WITH_${category}[_MODULES]
- WITHOUT_${category}
- WITH_CUSTOM_${category}
- Support apache13, apache2{0,1}
This is EXPERIMENTAL. I'll test it IRL with www/apache13-ssl,
and it should be easily usuable in future bsd.apache.mk
Important changes:
*) SECURITY: CAN-2004-0493 (cve.mitre.org)
Close a denial of service vulnerability identified by Georgi
Guninski which could lead to memory exhaustion with certain
input data. [Jeff Trawick]
*) SECURITY: CAN-2004-0488 (cve.mitre.org)
mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
(trusted) client certificate subject DN which exceeds 6K in length.
[Joe Orton]
Details can be found here:
http://www.apache.org/dist/httpd/CHANGES_2.0
- Use autoconf 2.59
- Add add SUEXEC_LOGFILE tunable to set suexec logfile [1]
- Silently ignore removal of libexec/apache2 directory
- Import latest version of apr_reslit.c from apr CVS which
adds timeout feature to apr_reslist_acquire().
This is required for future mod_logio-st.
- Add explicit dependency on libiconv (so nowwe support libiconv)
- Move Windows Update fix from MASTER_SITE_LOCAL to ports tree
- add WITH_EXPERIMENTAL_PATCHES knobs:
These patches are backports from apache CVS HEAD or apr CVS HEAD.
They have positive impacts on apache responsiveness but can be
instable
and are NOT currently supported by apache/apr teams.
* exp-http-ready.patch: add "httpready" support for ACCEPT_FILTER
(currently apache 2 only support "dataready")
* exp-apr-kqueue.patch: add support for kqueue in apr_poll().
This patch greatly improves apache network performance (up to
18% according to the author, on my test box, between 13% and 21%)
Test and feedback on -STABLE are welcome ;)
For more details, please see:
http://marc.theaimsgroup.com/?t=108650227500001&r=1&w=2
Submitted by: knu [1]
NOTE:
Please set MASTER_SITE_APACHE_HTTPD to closest mirrors.
you can easily find them from:
http://www.apache.org/dyn/closer.cgi/httpd/
Thanks :
WITH_PTHREAD_LIBS and WITH_PTHREAD_CFLAGS are now working again
WARNING: This option is still NOT offically supported.
You can't flame me,but you still cansend me some backtrace ;-)
- Make ldap fix optional, since it may break LDAP auth [2]
Please use WITH_LDAPFIX if you need the fix.
- Improve pthreads support
- SIZEify distinfo
Submitted by: mharo [1]
Discussed with: Robin P. Blanchard <robin.blanchard@gactr.uga.edu> [2]
These options are for people who want to directly link
apache against libkse and libthr.
Usage:
WITH_EXPERIMENTAL_THREADS=YES
Overrides default pthread detection behaviour.
WITH_PTHREAD_LIBS={kse;thr}
Lets you choose your pthread lib.
Don't even try to use "c_r"...
*** These options are unsupported ***
But all gdb backtraces are welcome :-)
AFAIK, apache works well, but mod_php4 (worker MPM) behavior
is quite funny.
All modules which use apr mutexes may crash with KSE.
Since I'm working on it, if you have coredumps, feel free
to send me the backtrace (you must compile libkse, apache
and modules with debugging symbols).
Don't forget to set kern.sugid_coredump to 1.
(using CoreDumpDirectory in httpd.conf can help too)
message option in pre-everything:: target.
- Change OpenSSL fix. (specially when WITH_BERKELEYDB=FreeBSD is defined)
There are too many cases of failure (at leat 3), so I can't force -STABLE
users to use SSL_EXPERIMENT_ENGINE [1]
- Add WITH_SSL_EXPERIMENTAL_ENGINE knob [2]
- Better db42 apr-util detection [3]
- Add fastest mirror to PATCH_SITES
- Add db42 to "make show-options"
Note to users:
Unless you have a *really* good request, no more features will be added.
Please send me with your bug reports:
- uname -a output
- all config.log files
- pkg_info output
- your make command line
Noticed by: apache2-test-ng.sh script [1]
Barry Pederson <bp@barryp.org> [3]
Requested by: jb@perso-web.com [2]
I don't use APACHE_USER, so SUEXEC_CALLER is set to "".
Since apache only produce error at run time, I didn't catch it.
BTW, SUEXEC_CALLER is now correctly set.
Noticed by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Pointy hat to: me
Approved by: erwin (mentor) (implicity)
Force the use of SSL_EXPERIMENTAL_ENGINE *only* if the user uses
-STABLE and base OpenSSL.
This is an *apache* problem. It's not the port.
I strongly encourage users to use OpenSSL from ports.
From httpd-2.0 Status:
* mod_ssl: fix a link failure when the openssl-engine libraries are
present but the engine headers are missing.
- fix a typo in WITH_DBM, should be bdb and not db [1]
I keep db for backward compatibility
- Add WITH_APR_FROM_PORTS to use devel/apr with apache2.
!!! WARNING !!! apache-2.0.48 is designed to work with apr 0.9.5.
Noticed by: Fritz Heinrichmeyer <Fritz.Heinrichmeyer@Fernuni-Hagen.de> [1]
Approved by: erwin (mentor)
- Move docs-related stuff to Makefile.doc
- Better MPM handling (for slave ports)
- Fix HTTP_PORT behaviour
- Make suExec more configurable [1]
- Now config script are regenerated by buildconfig, to improve slave
ports support and minimize apr/apache2 ports conflict [2]
- Fix typo in AUTH_MODULES routine [3] [4]
- apr threaded support [5]
- Fix Segmentation fault with LDAP [6]
- Add db42 support. [7] (just uncomment related lines
if you installed it from shar)
- add SLAVE_DESIGNED_FOR variable for slave ports to
automaticaly mark them as BROKEN, if they are out of sync with
apache2
PRs: 60444 [1], 61030 [4]
Requested by: Matthias Andree <matthias.andree@gmx.de> [7]
Suggested by: kuriyama [2] [5]
Submitted by: Daniel Tasov <danielt@pilgerer.org> [1],
kuriyama [5],
motoyuki [3],
Scott Michel <scottm@cs.ucla.edu> [4]
Obtained from: Apache CVS [6]
Reviewed by: erwin, linimon
Approved by: erwin (mentor)
- fix nasty typo in DBM code (missing + in LIB_DEPENDS=)
- remove NO_{ERROR;WWWDATE;CGI;ICONS;WWW} and utilize WITHOUT_WWW and
WITH_CUSTOM_WWW [2]
- HTTP_PORT => WITH_HTTP_PORT and IPV6_ONLY => WITH_IPV6_ONLY [3]
- add support for FreeBSD libc db [4]
- add db41 support [5]
- more typos and a few things...
Notified by: Oliver Eikemeier <eikemeier@fillmore-labs.com> [1]
Discussed with: Oliver Eikemeier <eikemeier@fillmore-labs.com> [2] [3]
Requested by: Fritz Heinrichmeyer <fritz.heinrichmeyer@fernuni-hagen.de> [4]
Submitted by: <swp@uni-altai.ru> [5]
PR: 58739
Submitted by: Clement Laforet <sheepkiller@cultdeadsheep.org>
