1
0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-28 10:08:24 +00:00
freebsd-ports/www/apache22/Makefile.doc
Jason Helfman 09c57f862b - Update to 2.2.22
Addresses:
* SECURITY: CVE-2011-3607 (cve.mitre.org)
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP
Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif
module is enabled, allows local users to gain privileges via a .htaccess file
with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request
header, leading to a heap-based buffer overflow.

* SECURITY: CVE-2012-0021 (cve.mitre.org)
The log_cookie function in mod_log_config.c in the mod_log_config module in the
Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not
properly handle a %{}C format string, which allows remote attackers to cause a
denial of service (daemon crash) via a cookie that lacks both a name and a
value.

* SECURITY: CVE-2012-0031 (cve.mitre.org)
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local
users to cause a denial of service (daemon crash during shutdown) or possibly
have unspecified other impact by modifying a certain type field within a
scoreboard shared memory segment, leading to an invalid call to the free
function.

* SECURITY: CVE-2011-4317 (cve.mitre.org)
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x
through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in
place, does not properly interact with use of (1) RewriteRule and (2)
ProxyPassMatch pattern matches for configuration of a reverse proxy, which
allows remote attackers to send requests to intranet servers via a malformed URI
containing an @ (at sign) character and a : (colon) character in invalid
positions. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2011-3368.

* SECURITY: CVE-2012-0053 (cve.mitre.org)
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly
restrict header information during construction of Bad Request (aka 400) error
documents, which allows remote attackers to obtain the values of HTTPOnly
cookies via vectors involving a (1) long or (2) malformed header in conjunction
with crafted web script.

* SECURITY: CVE-2011-3368 (cve.mitre.org)
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x
through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of
(1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a
reverse proxy, which allows remote attackers to send requests to intranet
servers via a malformed URI containing an initial @ (at sign) character.

PR: ports/164675
Reviewed by: pgollucci
Approved by: pgollucci, crees, rene (mentors, implicit)
With Hat: apache@
2012-02-01 18:56:08 +00:00

109 lines
5.3 KiB
Makefile

# Makefile.doc
# Author: Clement Laforet <clement@FreeBSD.org>
#
# This files contains:
# - make options output
# - apache22 man/docs routines
#
# $FreeBSD$
#
## Available knobs:
## WITHOUT_APACHE_OPTIONS: Don't use OPTIONS and will allow you to use
## those knobs directly to select modules.
## Knobs with (*) are working only if
## WITHOUT_APACHE_OPTIONS is defined.
##
## By default, modules are compiled as dynamically loadable modules (DSO).
##
## Modules knobs philosophy:
## Modules are split in categories, "make show-categories" shows you
## which modules they contain. You can enable/disable/customize a category (*):
## - To enable a category: WITH_<CATEGORY>_MODULES=yes
## [WITH_PROXY_MODULES=yes]
## - To disable a category: WITHOUT_<CATEGORY>_MODULES=yes
## [WITHOUT_DAV_MODULES=yes]
## - To customize a category: WITH_CUSTOM_<CATEGORY>
## [WITH_CUSTOM_PROXY="proxy proxy_http"]
##
## Apache-related
## WITH_MPM: prefork (default)
## worker
## event
## itk
## WITH_HTTP_PORT: default: 80
## WITH_LDAP: Enable LDAP support (mod_auth_ldap) (implies WITH_LDAP_MODULES)
## WITH_(MYSQL|PGSQL|SQLITE): Enable SQL backend for dbd and apr_dbd.
## When MySQL is chosen, threads are enabled.
## WITHOUT_V4MAPPED
## WITH_IPV6_V6ONLY: Don't allow IPv6 sockets to handle IPv4
## connections
## WITHOUT_SSL: Disable SSL support
## WITH_THREADS: Enable threads support
## WITH_DBM: Choose your DBM: bdb (Berkeley DB), gdbm or
## ndbm (default)
## WITH_BDB: Define to select bdb via bsd.database.mk
## desired version may be set with
## WITH_BDB_VER or APACHE22_WITH_BDB_VER
## WITH_BDB_BASE: Define to use bdb from base (1.85)
## WITH_STATIC_SUPPORT: Build statically linked support binaries
## WITH_STATIC_APACHE: Build a static version of httpd (implies
## WITH_STATIC_MODULES)
## WITH_ALL_STATIC_MODULES: All modules will be statically linked.
## WITH_STATIC_MODULES (*): List of modules to build modules statics
## (usefull for slave ports)
## (They must be already enabled (i.e.
## WITH_MODULES or with default configuration
## use 'make show-modules', to check if they are
## enabled)
## WITH_MODULES (*): List of modules you choose
## WITHOUT_MODULES (*): Disable selected modules
## WITH_SUEXEC: Enable suExec support
## SUEXEC_DOCROOT: SuExec root directory
## SUEXEC_USERDIR: User subdirectory (default public_html)
## SUEXEC_SAFEPATH: Set the safepath
## SUEXEC_LOGFILE: Set log file for suexec (default: /var/log/httpd-suexec.log)
## SUEXEC_UIDMIN: Minimal allowed UID (default 1000)
## SUEXEC_GIDMIN: Minimal allowed GID (default 1000)
## SUEXEC_CALLER: User allowed to call SuExec (default
## ${WWWOWN} (www))
## SUEXEC_UMASK: Defines umask for suexec'd process(default:
## unset)
## WITH_DEBUG: Build a debug versoin of apache (set CFLAGS
## to "-O0 -g -ggdb3" or ${DEBUG_FLAGS} and
## defines WITH_EXCEPTION_HOOK too)
## WITH_EXCEPTION_HOOK: Enable fatal exception hook
##
## Optional patches:
## WITH_EXPERIMENTAL_PATCHES Add performance patches (generally backported
## from apr/httpd SVN repositories)
## WITH_ITK_PERDIR_REGEX Add the per-directory setting AssignUserFromPath for mpm-itk
## as described on http://www.pvv.ntnu.no/~knuta/mpm-itk/
##
## Available make targets:
## show-options: prints this message
## show-modules: prints list of available modules
## show-categories: prints list of modules sorted by category
##
## Examples (*):
## make WITH_STATIC_MODULES="ssl rewrite include" WITH_EXPERIMENTAL_MODULES=yes \
## WITH_CUSTOM_AUTH="auth auth_dbm"
## make WITHOUT_MODULES="access speling status" WITH_PROXY_MODULES=yes
## make WITH_MODULES="include rewrite auth"
## Note: If you define your custom options in /etc/make.conf, don't forget
## to do not use quotes.
##
DOCSDIR= ${PREFIX}/share/doc/apache22
EXAMPLESDIR= ${PREFIX}/share/examples/apache22
MAKE_ENV+= EXAMPLESDIR=${EXAMPLESDIR}
.if defined(NOPORTDOCS)
MAKE_ENV+= NOPORTDOCS=yes
.endif
MAN1= ab.1 apxs.1 dbmmanage.1 htdbm.1 htdigest.1 htpasswd.1 httxt2dbm.1 logresolve.1
MAN8= apachectl.8 htcacheclean.8 httpd.8 rotatelogs.8 suexec.8
PORTDOCS= * #don't blame me ;-)