2012-09-02 16:31:58 +02:00
|
|
|
# $FreeBSD$
|
2004-12-11 19:06:04 +01:00
|
|
|
#
|
2012-09-02 16:31:58 +02:00
|
|
|
# Note by Clement Laforet: (to generate PLIST_SUB entries for modules)
|
2004-12-11 19:06:04 +01:00
|
|
|
# gsed 's/^\(.*\)mod\(.*\)\.so/%%\MOD\U\2%%\L\1mod\2\.so/' pkg-plist > tmp
|
|
|
|
|
# mv tmp pkg-plist
|
|
|
|
|
#
|
2012-09-02 16:31:58 +02:00
|
|
|
|
|
|
|
|
# =============================================
|
|
|
|
|
# Maintainer note for OPTION handling:
|
|
|
|
|
# To set additional option use
|
|
|
|
|
# PORT_OPTIONS+=
|
|
|
|
|
# To unset an OPTION, even the OPTION is set in OPTIONSFILE use
|
|
|
|
|
# WITHOUT_MODULES+=
|
|
|
|
|
# Using OPTIONS_EXCLUDE and OPTIONS_OVERRIDE do not work as expected
|
|
|
|
|
# if the OPTION is enabled by the user, therefore we calculate
|
|
|
|
|
# them in bsd.apache.mk with help of WITHOUT_MODULES
|
|
|
|
|
# The other methode is to set IGNORE's and force the user to adjust OPTIONS
|
2004-12-11 19:06:04 +01:00
|
|
|
|
2007-09-23 12:22:07 +02:00
|
|
|
.if defined(_PREMKINCLUDED)
|
2012-09-02 16:31:58 +02:00
|
|
|
|
|
|
|
|
# check if APR-util module exists
|
|
|
|
|
.if exists(${APU_CONFIG})
|
|
|
|
|
. if ${PORT_OPTIONS:MLDAP} || ${PORT_OPTIONS:MAUTHNZ_LDAP}
|
|
|
|
|
. if !exists(${APU_LDAP})
|
|
|
|
|
IGNORE= LDAP and AUTHNZ_LDAP requires APR-util to have LDAP support built in.\
|
|
|
|
|
Please rebuild APR with LDAP support
|
|
|
|
|
. endif
|
|
|
|
|
. endif
|
|
|
|
|
|
|
|
|
|
. if ${PORT_OPTIONS:MDBD} || ${PORT_OPTIONS:MAUTHN_DBD}
|
|
|
|
|
. if !exists(${APU_DBD_MYSQL}) && !exists(${APU_DBD_PGSQL}) && !exists(${APU_DBD_SQLITE3})
|
|
|
|
|
IGNORE= AUTHN_DBD and DBD requires APR-util to have DBD support build in.\
|
2012-09-08 18:35:31 +02:00
|
|
|
Please rebuild APR at last with one DBD backend (MYSQL, PGSQL or SQLITE)
|
2012-09-02 16:31:58 +02:00
|
|
|
. endif
|
|
|
|
|
. endif
|
|
|
|
|
.endif # exists APU_CONFIG
|
|
|
|
|
|
2012-08-23 06:49:36 +02:00
|
|
|
# =============================================
|
2012-07-22 23:13:34 +02:00
|
|
|
# MPM's: prefork worker event itk peruser
|
2012-09-02 16:31:58 +02:00
|
|
|
.if ${WITH_MPM} == "prefork"
|
2012-07-22 23:13:34 +02:00
|
|
|
PLIST_SUB+= WORKER="@comment " EVENT="@comment "
|
2012-09-02 16:31:58 +02:00
|
|
|
.elif ${WITH_MPM} == "worker"
|
|
|
|
|
PLIST_SUB+= WORKER="" EVENT="@comment "
|
|
|
|
|
.elif ${WITH_MPM} == "event"
|
2012-07-22 23:13:34 +02:00
|
|
|
PLIST_SUB+= WORKER="@comment " EVENT=""
|
2012-09-02 16:31:58 +02:00
|
|
|
.elif ${WITH_MPM} == "peruser"
|
2012-07-22 23:13:34 +02:00
|
|
|
PLIST_SUB+= WORKER="@comment " EVENT="@comment "
|
2012-09-02 16:31:58 +02:00
|
|
|
.elif ${WITH_MPM} == "itk"
|
2012-07-22 23:13:34 +02:00
|
|
|
PLIST_SUB+= WORKER="@comment " EVENT="@comment "
|
2004-12-11 19:06:04 +01:00
|
|
|
.else
|
2012-09-02 16:31:58 +02:00
|
|
|
IGNORE= Unknown MPM: ${WITH_MPM}
|
2012-07-22 23:13:34 +02:00
|
|
|
.endif # MPM prefork
|
|
|
|
|
|
2012-09-02 16:31:58 +02:00
|
|
|
.if ${WITH_MPM} != "prefork"
|
|
|
|
|
PKGNAMESUFFIX= -${WITH_MPM}-mpm
|
2012-07-22 23:13:34 +02:00
|
|
|
.endif
|
|
|
|
|
|
2012-09-02 16:31:58 +02:00
|
|
|
.if ${WITH_MPM} == "worker" || ${WITH_MPM} == "event"
|
|
|
|
|
PORT_OPTIONS+= CGID
|
2014-09-22 20:50:18 +02:00
|
|
|
. if ${PORT_OPTIONS:MCGI}
|
2013-07-10 21:01:44 +02:00
|
|
|
IGNORE= When using a multi-threaded MPM, the module CGID should be used in place CGI. \
|
2012-09-04 23:17:06 +02:00
|
|
|
Please de-select CGI and select CGID instead. \
|
|
|
|
|
See http://httpd.apache.org/docs/2.2/mod/mod_cgi.html
|
2012-09-02 16:31:58 +02:00
|
|
|
. endif
|
2004-12-11 19:06:04 +01:00
|
|
|
.endif
|
2012-08-23 06:49:36 +02:00
|
|
|
# =============================================
|
2004-12-11 19:06:04 +01:00
|
|
|
|
2012-09-02 16:31:58 +02:00
|
|
|
# The next three params are not converted to an option,
|
|
|
|
|
# they should be used only for special builds.
|
2012-08-23 06:49:36 +02:00
|
|
|
.if defined(WITH_STATIC_SUPPORT)
|
|
|
|
|
CONFIGURE_ARGS+= --enable-static-support
|
2004-12-11 19:06:04 +01:00
|
|
|
.endif
|
2008-01-20 12:29:31 +01:00
|
|
|
|
2012-08-23 06:49:36 +02:00
|
|
|
# debug overrides CFLAGS
|
|
|
|
|
.if defined(WITH_DEBUG)
|
|
|
|
|
DEBUG_FLAGS?= -O0 -g -ggdb3
|
|
|
|
|
CFLAGS= ${DEBUG_FLAGS}
|
|
|
|
|
CONFIGURE_ARGS+= --enable-maintainer-mode
|
|
|
|
|
WITH_EXCEPTION_HOOK= yes
|
2004-12-11 19:06:04 +01:00
|
|
|
.endif
|
|
|
|
|
|
2012-08-23 06:49:36 +02:00
|
|
|
.if defined(WITH_EXCEPTION_HOOK)
|
|
|
|
|
CONFIGURE_ARGS+= --enable-exception-hook
|
2005-12-13 23:26:57 +01:00
|
|
|
.endif
|
|
|
|
|
|
2012-09-02 16:31:58 +02:00
|
|
|
.if ${PORT_OPTIONS:MAUTH_BASIC} || ${PORT_OPTIONS:MAUTH_DIGEST}
|
|
|
|
|
. if !${APACHE_MODULES:MAUTHN*}
|
- update to 2.2.29
- use PTHREAD_LIBS/CFLAGS instead -pthread
Changes with Apache 2.2.29
http://www.apache.org/dist/httpd/CHANGES_2.2.29
*) Corrected docs/manual pages for new MergeTrailers directive and other
out of date documentation. [William Rowe]
Changes with Apache 2.2.28
*) SECURITY: CVE-2014-0118 (cve.mitre.org) [1]
mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to avoid
denial of service via highly compressed bodies. See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
and DeflateInflateRatioBurst. [Yann Ylavic, Eric Covener]
*) SECURITY: CVE-2014-0231 (cve.mitre.org) [1]
mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
filling up the scoreboard and eventually hanging the server. By
default, the client I/O timeout (Timeout directive) now applies to
communication with scripts. The CGIDScriptTimeout directive can be
used to set a different timeout for communication with scripts.
[Rainer Jung, Eric Covener, Yann Ylavic]
*) SECURITY: CVE-2014-0226 (cve.mitre.org) [1]
Fix a race condition in scoreboard handling, which could lead to
a heap buffer overflow. [Joe Orton, Eric Covener, Jeff Trawick]
*) SECURITY: CVE-2013-5704 (cve.mitre.org) [2]
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
otherwise confusing modules that examined or modified
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
*) core: Detect incomplete request and response bodies, log an error and
forward it to the underlying filters. PR 55475. [Yann Ylavic]
*) mod_deflate: Handle Zlib header and validation bytes received in multiple
chunks. PR 46146. [Yann Ylavic]
*) mod_proxy: Don't reuse a SSL backend connection whose requested SNI
differs. PR 55782. [Yann Ylavic]
*) mod_deflate: Fix inflation of files larger than 4GB. PR 56062.
[Lukas Bezdicka <social v3.sk>]
*) mod_dav: Fix improper encoding in PROPFIND responses. PR 56480.
[Ben Reser]
*) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
resumed by TLS session resumption (RFC 5077). [Rainer Jung]
*) mod_proxy_ajp: Forward local IP address as a custom request attribute
like we already do for the remote port. [Rainer Jung]
*) mod_deflate: Don't fail when flushing inflated data to the user-agent
and that coincides with the end of stream ("Zlib error flushing inflate
buffer"). PR 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]
*) mod_cache, mod_disk_cache: With CacheLock enabled, responses with a Vary
header might not get the benefit of the thundering herd protection due to
an incorrect internal cache key. PR 50317.
[Ruediger Pluem, Jan Kaluza, Yann Ylavic]
*) mod_rewrite: Support session cookies with the CO= flag when later
parameters are used. The doc for this implied the feature had been
backported for quite some time. PR56014 [Eric Covener]
*) mod_cache: Don't remove stale cache entries that cannot be conditionally
revalidated. This prevents the thundering herd protection from serving
stale responses during a revalidation. PR 50317.
[Eric Covener, Jan Kaluza, Ruediger Pluem]
*) core: Increase TCP_DEFER_ACCEPT socket option to from 1 to 30 seconds.
PR 41270. [Dean Gaudet <dean arctic org>]
[1] CVE issues already fixed since FreeBSD-ports r362845
[2] new CVE-2013-5704 issue fixed in 2.2.29
MFH: 2014Q3
Security: f927e06c-1109-11e4-b090-20cf30e32f6d
Security: CVE-2013-5704
2014-09-03 22:20:48 +02:00
|
|
|
IGNORE= AUTH_BASIC and AUTH_DIGEST need at least one AUTHN provider
|
|
|
|
|
. endif
|
2005-12-17 16:51:16 +01:00
|
|
|
.endif
|
|
|
|
|
|
2012-09-02 16:31:58 +02:00
|
|
|
.if ${PORT_OPTIONS:MAUTH_BASIC}
|
|
|
|
|
. if !${APACHE_MODULES:MAUTHZ*}
|
- update to 2.2.29
- use PTHREAD_LIBS/CFLAGS instead -pthread
Changes with Apache 2.2.29
http://www.apache.org/dist/httpd/CHANGES_2.2.29
*) Corrected docs/manual pages for new MergeTrailers directive and other
out of date documentation. [William Rowe]
Changes with Apache 2.2.28
*) SECURITY: CVE-2014-0118 (cve.mitre.org) [1]
mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to avoid
denial of service via highly compressed bodies. See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
and DeflateInflateRatioBurst. [Yann Ylavic, Eric Covener]
*) SECURITY: CVE-2014-0231 (cve.mitre.org) [1]
mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
filling up the scoreboard and eventually hanging the server. By
default, the client I/O timeout (Timeout directive) now applies to
communication with scripts. The CGIDScriptTimeout directive can be
used to set a different timeout for communication with scripts.
[Rainer Jung, Eric Covener, Yann Ylavic]
*) SECURITY: CVE-2014-0226 (cve.mitre.org) [1]
Fix a race condition in scoreboard handling, which could lead to
a heap buffer overflow. [Joe Orton, Eric Covener, Jeff Trawick]
*) SECURITY: CVE-2013-5704 (cve.mitre.org) [2]
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
otherwise confusing modules that examined or modified
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
*) core: Detect incomplete request and response bodies, log an error and
forward it to the underlying filters. PR 55475. [Yann Ylavic]
*) mod_deflate: Handle Zlib header and validation bytes received in multiple
chunks. PR 46146. [Yann Ylavic]
*) mod_proxy: Don't reuse a SSL backend connection whose requested SNI
differs. PR 55782. [Yann Ylavic]
*) mod_deflate: Fix inflation of files larger than 4GB. PR 56062.
[Lukas Bezdicka <social v3.sk>]
*) mod_dav: Fix improper encoding in PROPFIND responses. PR 56480.
[Ben Reser]
*) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
resumed by TLS session resumption (RFC 5077). [Rainer Jung]
*) mod_proxy_ajp: Forward local IP address as a custom request attribute
like we already do for the remote port. [Rainer Jung]
*) mod_deflate: Don't fail when flushing inflated data to the user-agent
and that coincides with the end of stream ("Zlib error flushing inflate
buffer"). PR 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]
*) mod_cache, mod_disk_cache: With CacheLock enabled, responses with a Vary
header might not get the benefit of the thundering herd protection due to
an incorrect internal cache key. PR 50317.
[Ruediger Pluem, Jan Kaluza, Yann Ylavic]
*) mod_rewrite: Support session cookies with the CO= flag when later
parameters are used. The doc for this implied the feature had been
backported for quite some time. PR56014 [Eric Covener]
*) mod_cache: Don't remove stale cache entries that cannot be conditionally
revalidated. This prevents the thundering herd protection from serving
stale responses during a revalidation. PR 50317.
[Eric Covener, Jan Kaluza, Ruediger Pluem]
*) core: Increase TCP_DEFER_ACCEPT socket option to from 1 to 30 seconds.
PR 41270. [Dean Gaudet <dean arctic org>]
[1] CVE issues already fixed since FreeBSD-ports r362845
[2] new CVE-2013-5704 issue fixed in 2.2.29
MFH: 2014Q3
Security: f927e06c-1109-11e4-b090-20cf30e32f6d
Security: CVE-2013-5704
2014-09-03 22:20:48 +02:00
|
|
|
IGNORE= AUTH_BASIC need at least one AUTHZ provider
|
|
|
|
|
. endif
|
2012-09-02 16:31:58 +02:00
|
|
|
.endif
|
|
|
|
|
|
|
|
|
|
CONFIGURE_ARGS+= --with-mpm=${WITH_MPM}
|
2012-08-23 06:49:36 +02:00
|
|
|
|
2012-07-22 23:13:34 +02:00
|
|
|
.endif # _PREMKINCLUDED
|
