Makefile.modules:
- Export rewritten modules selection from Makefile.modules
to Makefile.modules.3rd
- Remove proxy support by default.
Makefile.modules.3rd:
- Add support for WANT_APACHE common13/common2 to share
code/functionalities between apache13 and apache2 server ports.
Rewrite of modules selection:
- WITH_MODULES and WITHOUT_MODULES are no more conflicting
WITHOUT_MODULES can be safely used internally to remove conflicting
modules
- Selection is based on modules categories to improve flexibility
- WITH_${category}[_MODULES]
- WITHOUT_${category}
- WITH_CUSTOM_${category}
- Support apache13, apache2{0,1}
This is EXPERIMENTAL. I'll test it IRL with www/apache13-ssl,
and it should be easily usuable in future bsd.apache.mk
o Changes in httpd.conf
- mod_userdir:
. set Userdir if mod_userdir is loaded [1]
. Userdir is denied for users from /etc/ftpusers
- set more "secure" permissions.
By default, policy is to deny access to filesystem.
You HAVE to _ENABLE_ access to your filesystem in httpd.conf.
- Add an "Includes" directory to ${PREFIX}/etc/apache2/
to make configuration more flexible
${PREFIX}/etc/apache2/*.conf files are now automatically loaded.
o apache.sh
- be closer to apachectl, apache.sh need envvars [2]
It should restore subversion behavior.
Partially submitted by:
kuriyama [1],
Gregory (Grisha) Trubetskoy <grisha at apache dot org> [2]
Future changes are mostly written, they should be committed during the
week-end.
If you're interrested in changes, feel free contact me.
- Add WITHOUT_V4MAPPED knob and explicitly set --disable-v4-mapped
if WITHOUT_V4MAPPED or WITH_IPV6_V6ONLY
Also submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> [1]
when --enable-v4-mapped is used (default).
Use WITHOUT_IPV6 knob if you have problem with "HostnameLookup On" on
IPv4-only server(s).
I hope I can provide a real fix soon.
Important changes:
*) SECURITY: CAN-2004-0493 (cve.mitre.org)
Close a denial of service vulnerability identified by Georgi
Guninski which could lead to memory exhaustion with certain
input data. [Jeff Trawick]
*) SECURITY: CAN-2004-0488 (cve.mitre.org)
mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
(trusted) client certificate subject DN which exceeds 6K in length.
[Joe Orton]
Details can be found here:
http://www.apache.org/dist/httpd/CHANGES_2.0
- Use autoconf 2.59
- Add add SUEXEC_LOGFILE tunable to set suexec logfile [1]
- Silently ignore removal of libexec/apache2 directory
- Import latest version of apr_reslit.c from apr CVS which
adds timeout feature to apr_reslist_acquire().
This is required for future mod_logio-st.
- Add explicit dependency on libiconv (so nowwe support libiconv)
- Move Windows Update fix from MASTER_SITE_LOCAL to ports tree
- add WITH_EXPERIMENTAL_PATCHES knobs:
These patches are backports from apache CVS HEAD or apr CVS HEAD.
They have positive impacts on apache responsiveness but can be
instable
and are NOT currently supported by apache/apr teams.
* exp-http-ready.patch: add "httpready" support for ACCEPT_FILTER
(currently apache 2 only support "dataready")
* exp-apr-kqueue.patch: add support for kqueue in apr_poll().
This patch greatly improves apache network performance (up to
18% according to the author, on my test box, between 13% and 21%)
Test and feedback on -STABLE are welcome ;)
For more details, please see:
http://marc.theaimsgroup.com/?t=108650227500001&r=1&w=2
Submitted by: knu [1]
NOTE:
Please set MASTER_SITE_APACHE_HTTPD to closest mirrors.
you can easily find them from:
http://www.apache.org/dyn/closer.cgi/httpd/
Thanks :
Begin autotools sanitization sequence by requiring ports to explicitly
specify which version of {libtool,autoconf,automake} they need, erasing
the concept of a "system default".
For ports-in-waiting:
USE_LIBTOOL=YES -> USE_LIBTOOL_VER=13
USE_AUTOCONF=YES -> USE_AUTOCONF_VER=213
USE_AUTOMAKE=YES -> USE_AUTOMAKE_VER=14
Ports attempting to use the old style system after June 1st 2004 will be
sorely disappointed.
the USE_<x> equivalents. In the current scheme of things, the WANT_
variables in this case are synonymous with the USE_ ones, and thus need
to be exterminated.
First in a series of major autotools cleanups.
- Make ldap fix optional, since it may break LDAP auth [2]
Please use WITH_LDAPFIX if you need the fix.
- Improve pthreads support
- SIZEify distinfo
Submitted by: mharo [1]
Discussed with: Robin P. Blanchard <robin.blanchard@gactr.uga.edu> [2]
These options are for people who want to directly link
apache against libkse and libthr.
Usage:
WITH_EXPERIMENTAL_THREADS=YES
Overrides default pthread detection behaviour.
WITH_PTHREAD_LIBS={kse;thr}
Lets you choose your pthread lib.
Don't even try to use "c_r"...
*** These options are unsupported ***
But all gdb backtraces are welcome :-)
AFAIK, apache works well, but mod_php4 (worker MPM) behavior
is quite funny.
All modules which use apr mutexes may crash with KSE.
Since I'm working on it, if you have coredumps, feel free
to send me the backtrace (you must compile libkse, apache
and modules with debugging symbols).
Don't forget to set kern.sugid_coredump to 1.
(using CoreDumpDirectory in httpd.conf can help too)
This is due to partial revert of apr improvment.
setting LIBS=${PTHREAD_LIBS} conflicts with libtool.
All should be OK now...
If someone can explain me why libtool impose using
-pthread (ltshmain), I'm all ears...
Note:
You CAN NOT override -lc_r (i.e. setting -lkse) at compile time.
I must fix it...
- Move patchset to MASTER_SITE_LOCAL
Noticed by: Martin Nilsson <martin@gneto.com>
Approved by: erwin (mentor) (implicitly)
on > 4.8-STABLE (from september 2003) system because apache2 used
libc_r instead of libc.
Compiling with -lkse (on -CURRENT) was broken too.
- bump PORTREVISION to force users to upgrade.
NOTE: on -STABLE DO NOT DEFINE WITH_THREADS.
(unless you use a threaded MPM)
Thanks to Fritz Heinrichmeyer <fritz.heinrichmeyer@fernuni-hagen.de>
who helped me to track the problem.
Noticed by: Fritz Heinrichmeyer <fritz.heinrichmeyer@fernuni-hagen.de>
HAYASHI, "Lef" Tatsuya <lef@st.rim.or.jp> [1]
PR: 61317 [1]
Approved by: erwin (mentor) (implicitly)
message option in pre-everything:: target.
- Change OpenSSL fix. (specially when WITH_BERKELEYDB=FreeBSD is defined)
There are too many cases of failure (at leat 3), so I can't force -STABLE
users to use SSL_EXPERIMENT_ENGINE [1]
- Add WITH_SSL_EXPERIMENTAL_ENGINE knob [2]
- Better db42 apr-util detection [3]
- Add fastest mirror to PATCH_SITES
- Add db42 to "make show-options"
Note to users:
Unless you have a *really* good request, no more features will be added.
Please send me with your bug reports:
- uname -a output
- all config.log files
- pkg_info output
- your make command line
Noticed by: apache2-test-ng.sh script [1]
Barry Pederson <bp@barryp.org> [3]
Requested by: jb@perso-web.com [2]
is not defined.
This workaround should avoid weird apache behaviours when apache is
linked against the wrong apr* libraries.
Time to add CONFLICTS_BUILD option to bsd.port.mk ?
Approved by: erwin (mentor) (implicity)
Force the use of SSL_EXPERIMENTAL_ENGINE *only* if the user uses
-STABLE and base OpenSSL.
This is an *apache* problem. It's not the port.
I strongly encourage users to use OpenSSL from ports.
From httpd-2.0 Status:
* mod_ssl: fix a link failure when the openssl-engine libraries are
present but the engine headers are missing.
- fix a typo in WITH_DBM, should be bdb and not db [1]
I keep db for backward compatibility
- Add WITH_APR_FROM_PORTS to use devel/apr with apache2.
!!! WARNING !!! apache-2.0.48 is designed to work with apr 0.9.5.
Noticed by: Fritz Heinrichmeyer <Fritz.Heinrichmeyer@Fernuni-Hagen.de> [1]
Approved by: erwin (mentor)
- Move docs-related stuff to Makefile.doc
- Better MPM handling (for slave ports)
- Fix HTTP_PORT behaviour
- Make suExec more configurable [1]
- Now config script are regenerated by buildconfig, to improve slave
ports support and minimize apr/apache2 ports conflict [2]
- Fix typo in AUTH_MODULES routine [3] [4]
- apr threaded support [5]
- Fix Segmentation fault with LDAP [6]
- Add db42 support. [7] (just uncomment related lines
if you installed it from shar)
- add SLAVE_DESIGNED_FOR variable for slave ports to
automaticaly mark them as BROKEN, if they are out of sync with
apache2
PRs: 60444 [1], 61030 [4]
Requested by: Matthias Andree <matthias.andree@gmx.de> [7]
Suggested by: kuriyama [2] [5]
Submitted by: Daniel Tasov <danielt@pilgerer.org> [1],
kuriyama [5],
motoyuki [3],
Scott Michel <scottm@cs.ucla.edu> [4]
Obtained from: Apache CVS [6]
Reviewed by: erwin, linimon
Approved by: erwin (mentor)
- fix nasty typo in DBM code (missing + in LIB_DEPENDS=)
- remove NO_{ERROR;WWWDATE;CGI;ICONS;WWW} and utilize WITHOUT_WWW and
WITH_CUSTOM_WWW [2]
- HTTP_PORT => WITH_HTTP_PORT and IPV6_ONLY => WITH_IPV6_ONLY [3]
- add support for FreeBSD libc db [4]
- add db41 support [5]
- more typos and a few things...
Notified by: Oliver Eikemeier <eikemeier@fillmore-labs.com> [1]
Discussed with: Oliver Eikemeier <eikemeier@fillmore-labs.com> [2] [3]
Requested by: Fritz Heinrichmeyer <fritz.heinrichmeyer@fernuni-hagen.de> [4]
Submitted by: <swp@uni-altai.ru> [5]
PR: 58739
Submitted by: Clement Laforet <sheepkiller@cultdeadsheep.org>
I don't have the time to give to many of the ports I maintain at
the moment. I wasn't expecting to be so busy this summer ...
Please set all my ports back to ports@freebsd.org.
PR: ports/56935
Submitted by: Dominic Marks <dom@wirespeed.org.uk>,Clement Laforet <sheepkiller@cultdeadsheep.org>,Oliver Eikemeier <eikemeier@fillmore-labs.com>
