mirror of
https://git.FreeBSD.org/ports.git
synced 2025-01-16 07:58:04 +00:00
0dc351b6a4
- move mpm itk patches to itk-mpm/files dir
- add sshd to REQUIRE line in the rc script to prevent boot
issues in case a SSL cert is password protected [1]
Changes with Apache 2.2.24
SECURITY: CVE-2012-3499 (cve.mitre.org) Various XSS flaws due to
unescaped hostnames and URIs HTML output in mod_info, mod_status,
mod_imagemap, mod_ldap, and mod_proxy_ftp. [Jim Jagielski, Stefan
Fritsch, Niels Heinen <heinenn google com>]
SECURITY: CVE-2012-4558 (cve.mitre.org)
XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
Niels Heinen <heinenn google com>]
mod_rewrite: Stop merging RewriteBase down to subdirectories
unless new option 'RewriteOptions MergeBase' is configured.
Merging RewriteBase was unconditionally turned on in 2.2.23.
PR 53963. [Eric Covener]
mod_ssl: Send the error message for speaking http to an https port using
HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
using SNI. PR 50823. [Stefan Fritsch]
mod_ssl: log revoked certificates at level INFO
instead of DEBUG. PR 52162. [Stefan Fritsch]
mod_proxy_ajp: Support unknown HTTP methods. PR 54416.
[Rainer Jung]
mod_dir: Add support for the value 'disabled' in FallbackResource.
[Vincent Deffontaines]
mod_ldap: Fix regression in handling "server unavailable" errors on
Windows. PR 54140. [Eric Covener]
mod_ssl: fix a regression with the string rendering of the "UID" RDN
introduced in 2.2.15. PR 54510. [Kaspar Brand]
ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
to more accurately report the negotiated protocol. PR 53916.
[Nicolás Pernas Maradei <nico emutex com>, Kaspar Brand]
mod_cache: Explicitly allow cache implementations to cache a 206 Partial
Response if they so choose to do so. Previously an attempt to cache a 206
was arbitrarily allowed if the response contained an Expires or
Cache-Control header, and arbitrarily denied if both headers were missing
Currently the disk and memory cache providers do not cache 206 Partial
Responses. [Graham Leggett]
core: Remove unintentional APR 1.3 dependency introduced with
Apache 2.2.22. [Eric Covener]
core: Use a TLS 1.0 close_notify alert for internal dummy connection if
the chosen listener is configured for https. [Joe Orton]
mod_ssl: Add new directive SSLCompression to disable TLS-level
compression. PR 53219.
[1] requested by Andrew Filonov
(freebsd-apache/2012-September/002962.html)
with head apache@
147 lines
4.2 KiB
Makefile
147 lines
4.2 KiB
Makefile
# $FreeBSD$
|
|
#
|
|
# Note by Clement Laforet: (to generate PLIST_SUB entries for modules)
|
|
# gsed 's/^\(.*\)mod\(.*\)\.so/%%\MOD\U\2%%\L\1mod\2\.so/' pkg-plist > tmp
|
|
# mv tmp pkg-plist
|
|
#
|
|
|
|
# =============================================
|
|
# Maintainer note for OPTION handling:
|
|
# To set additional option use
|
|
# PORT_OPTIONS+=
|
|
# To unset an OPTION, even the OPTION is set in OPTIONSFILE use
|
|
# WITHOUT_MODULES+=
|
|
# Using OPTIONS_EXCLUDE and OPTIONS_OVERRIDE do not work as expected
|
|
# if the OPTION is enabled by the user, therefore we calculate
|
|
# them in bsd.apache.mk with help of WITHOUT_MODULES
|
|
# The other methode is to set IGNORE's and force the user to adjust OPTIONS
|
|
|
|
.if defined(_PREMKINCLUDED)
|
|
|
|
# check if APR was build with thread support
|
|
.if exists(${APR_CONFIG})
|
|
APR_LIBS!= ${SH} ${APR_CONFIG} --libs | ${SED} -e 's/-//g'
|
|
. if defined(APR_LIBS) && !empty(APR_LIBS)
|
|
_T=pthread
|
|
. for lib in ${APR_LIBS}
|
|
. if ${_T:M${lib}}
|
|
APR_HAS_THREADS= yes
|
|
. endif
|
|
. endfor
|
|
. endif
|
|
.endif # exists APR_CONFIG
|
|
|
|
# check if APR-util module exists
|
|
.if exists(${APU_CONFIG})
|
|
. if ${PORT_OPTIONS:MLDAP} || ${PORT_OPTIONS:MAUTHNZ_LDAP}
|
|
. if !exists(${APU_LDAP})
|
|
IGNORE= LDAP and AUTHNZ_LDAP requires APR-util to have LDAP support built in.\
|
|
Please rebuild APR with LDAP support
|
|
. endif
|
|
. endif
|
|
|
|
. if ${PORT_OPTIONS:MDBD} || ${PORT_OPTIONS:MAUTHN_DBD}
|
|
. if !exists(${APU_DBD_MYSQL}) && !exists(${APU_DBD_PGSQL}) && !exists(${APU_DBD_SQLITE3})
|
|
IGNORE= AUTHN_DBD and DBD requires APR-util to have DBD support build in.\
|
|
Please rebuild APR at last with one DBD backend (MYSQL, PGSQL or SQLITE)
|
|
. endif
|
|
. endif
|
|
.endif # exists APU_CONFIG
|
|
|
|
# =============================================
|
|
# MPM's: prefork worker event itk peruser
|
|
.if ${WITH_MPM} == "prefork"
|
|
PLIST_SUB+= WORKER="@comment " EVENT="@comment "
|
|
.elif ${WITH_MPM} == "worker"
|
|
PLIST_SUB+= WORKER="" EVENT="@comment "
|
|
.elif ${WITH_MPM} == "event"
|
|
PLIST_SUB+= WORKER="@comment " EVENT=""
|
|
.elif ${WITH_MPM} == "peruser"
|
|
PLIST_SUB+= WORKER="@comment " EVENT="@comment "
|
|
.elif ${WITH_MPM} == "itk"
|
|
PLIST_SUB+= WORKER="@comment " EVENT="@comment "
|
|
.else
|
|
IGNORE= Unknown MPM: ${WITH_MPM}
|
|
.endif # MPM prefork
|
|
|
|
.if ${WITH_MPM} != "prefork"
|
|
PKGNAMESUFFIX= -${WITH_MPM}-mpm
|
|
LATEST_LINK= apache22-${WITH_MPM}-mpm
|
|
.endif
|
|
|
|
.if ${WITH_MPM} == "worker" || ${WITH_MPM} == "event"
|
|
PORT_OPTIONS+= CGID
|
|
.if ${PORT_OPTIONS:MCGI}
|
|
IGNORE= When using a multi-threaded MPM, the module CGID should be used in place CGI. \
|
|
Please de-select CGI and select CGID instead. \
|
|
See http://httpd.apache.org/docs/2.2/mod/mod_cgi.html
|
|
.endif
|
|
.if exists(${APR_CONFIG}) && !defined(APR_HAS_THREADS)
|
|
IGNORE= requires APR threads. Please rebuild APR with THREAD support
|
|
. endif
|
|
.endif
|
|
# =============================================
|
|
|
|
# The next three params are not converted to an option,
|
|
# they should be used only for special builds.
|
|
.if defined(WITH_STATIC_SUPPORT)
|
|
CONFIGURE_ARGS+= --enable-static-support
|
|
.endif
|
|
|
|
# debug overrides CFLAGS
|
|
.if defined(WITH_DEBUG)
|
|
DEBUG_FLAGS?= -O0 -g -ggdb3
|
|
CFLAGS= ${DEBUG_FLAGS}
|
|
CONFIGURE_ARGS+= --enable-maintainer-mode
|
|
WITH_EXCEPTION_HOOK= yes
|
|
.endif
|
|
|
|
.if defined(WITH_EXCEPTION_HOOK)
|
|
CONFIGURE_ARGS+= --enable-exception-hook
|
|
.endif
|
|
|
|
.if ${PORT_OPTIONS:MSSL}
|
|
CFLAGS+= -I${OPENSSLINC}
|
|
LDFLAGS+= -L${OPENSSLLIB}
|
|
CONFIGURE_ARGS+= --with-ssl=${OPENSSLBASE}
|
|
.endif
|
|
|
|
.if ${PORT_OPTIONS:MAUTHNZ_LDAP}
|
|
CONFIGURE_ARGS+= --enable-authnz-ldap
|
|
.endif
|
|
|
|
.if ${PORT_OPTIONS:MLDAP}
|
|
CONFIGURE_ARGS+= --enable-ldap=shared
|
|
.endif
|
|
|
|
.if ${PORT_OPTIONS:MAUTH_BASIC} || ${PORT_OPTIONS:MAUTH_DIGEST}
|
|
. if !${APACHE_MODULES:MAUTHN*}
|
|
IGNORE= AUTH_BASIC and AUTH_DIGEST need at last one AUTHN provider
|
|
. endif
|
|
.endif
|
|
|
|
.if ${PORT_OPTIONS:MAUTH_BASIC}
|
|
. if !${APACHE_MODULES:MAUTHZ*}
|
|
IGNORE= AUTH_BASIC need at last one AUTHZ provider
|
|
. endif
|
|
.endif
|
|
|
|
.if defined(APR_HAS_THREADS)
|
|
LDFLAGS+= -pthread
|
|
.else
|
|
. if exists(${APR_CONFIG}) && ${PORT_OPTIONS:MMEM_CACHE}
|
|
IGNORE= MEM_CACHE requires APR threads. Please rebuild APR with THREAD support
|
|
. endif
|
|
.endif
|
|
|
|
# http://httpd.apache.org/docs/2.2/bind.html
|
|
.if ${PORT_OPTIONS:MIPV4_MAPPED}
|
|
CONFIGURE_ARGS+= --enable-v4-mapped
|
|
.else
|
|
CONFIGURE_ARGS+= --disable-v4-mapped
|
|
.endif
|
|
|
|
CONFIGURE_ARGS+= --with-mpm=${WITH_MPM}
|
|
|
|
.endif # _PREMKINCLUDED
|