your hostname must be resolvable via at least
1 mechanism configured in /etc/nsswitch.conf
or depending on the modules you hae loaded
apache might not be able to start.
PRs: ports/131563, ports/131564, ports/131565
Submitted by: Glen Barber <glen.j.barber@gmail.com>
Discussed with: me
due to the Master/Slave relationship
(Needs LATEST_LINK et al)
Discussed on: apache@
Reported by: John Hay <jhay@meraka.org.za>
Approved by: Jille Timmermans <jille@quis.cx>
With hat: apache
on FreeBSD)
- Move mpm-itk patch to EXTRA_PATCHES to avoid conflicts with
alternative mpm patches [1]
- update PLIST_SUBS when SLAVE_PORT_MPM is defined
Requested by: Jille Timmermans [1]
- Completely shut up rc.d script when no profiles are enabled
(add add support to disable profiles) [2]
- Fix CVE-2008-2939 for mod_proxy_ftp
(XSS attacks when using wildcards in the path of the FTP URL)
- Add "apache22_fib" to start apache22 prefixed by
"setfib -F ${apache22_fib}", so apache can use an alternate
network view (not carefully tested yet)
- Revert previous patch to "fix" missing rc.d scripts. It
actually breaks profiles.
- Bump PORTREVISION
PR: ports/126670 [1],
ports/116627 [2]
Submitted by: Joseph S. Atkinson [1],
Eygene Ryabinkin [2]
Security: CVE-2008-2939
Special thanks to: pgollucci@
- Add WITH_SVN knob. It enables BDB for apache22 port and
force dependency on dev/apr-svn when WITH_APR_FROM_PORTS is
defined. (should help fixing [2]).
Introduce APR_PORT.
- Add support for db-4.7 [3]
- Add mod_ldap OPTIONS fixup [4]
- Sometimes, rc scripts aren't included in package
Try to fix this. [5]
PR: ports/126053 [2], ports/125520 [3]
ports/124651 [4], ports/126670 [5] (partially)
Reported by: QA Tindy [1],
Crazig Leres [2],
Larry Rosenman [4]
Kirk Strauser [3],
Joseph S. Atkinson [5]
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.
To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.
To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.
Changes to Mk/*:
- Add runtime detection magic in bsd.port.mk
- Remove CONFIGURE_TARGET hack in various bsd.*.mk
- USE_GNOME=gnometarget is now an no-op
Changes to individual ports, other than removing the CONFIGURE_TARGET hack:
= pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables)
- comms/gnuradio
- science/abinit
- science/elmer-fem
- science/elmer-matc
- science/elmer-meshgen2d
- science/elmerfront
- science/elmerpost
= use x86_64 as ARCH
- devel/g-wrap
= other changes
- print/magicfilter
GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf
Total # of ports modified: 1,027
Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes)
PR: 126524 (obsoletes 52917)
Submitted by: rafan
Tested on: two pointyhat 7-amd64 exp runs (by pav)
Approved by: portmgr (pav)
- Preserve index.html
- We no longer install images in default DocumentRoot (there're still in icons/)
- Various plist cleanup
- bump PORTREVISION since we are now safe with index.html
Reminded by: bland@
- add PCRE_FROM_PORTS to OPTIONS
- use @dirrmtry for include/apache22
- workaround plist issues when upgrading, but it's not as safe as I
would expect, it requires more work.
Spotted by: bland@ [1]
From UPDATING:
By popular request, OPTIONS support has been added. When actived
(default), these knobs are ignored:
* WITH_<CATEGORY>_MODULES
* WITHOUT_<CATEGORY>_MODULES
* WITH_CUSTOM_<CATEGORY>
* WITH_MODULES
* WITHOUT_MODULES
* WITH_STATIC_MODULES
However, you can disable OPTIONS by defining WITHOUT_APACHE_OPTIONS.
- move envvars support to the beginning of apache22_checkconfig() to be
sure we're using envvars during configtest [1]
PR: ports/116329 [1]
Submitted by: Ruud Althuizen <ruud@il.fontys.nl> [1]
- Add support for PCRE from ports (WITH_PCRE_FROM_PORTS) [2]
- Install split-logfile [3]
Submitted by: Christopher Shumway <cshumway at titan-project dot org> [1]
Requested by: Gergely CZUCZY <phoemix at harmless dot hu>, [2]
many [3]
All people using mod_rewrite are strongly encouraged to update.
An off-by-one flaw exists in the Rewrite module, mod_rewrite.
Depending on the manner in which Apache httpd was compiled, this
software defect may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration
files, could be triggered remotely. For vulnerable builds, the nature
of the vulnerability can be denial of service (crashing of web server
processes) or potentially allow arbitrary code execution.
This issue has been rated as having important security impact
by the Apache HTTP Server Security Team
Updates to latest versions will follow soon.
Notified by: so@ (simon)
Obtained from: Apache Security Team
Security: CVE-2006-3747
We have not checked for this KEYWORD for a long time now, so this
is a complete noop, and thus no PORTREVISION bump. Removing it at
this point is mostly for pedantic reasons, and partly to avoid
perpetuating this anachronism by copy and paste to future scripts.
mod_ssl: Fix a possible crash during access control checks if a
non-SSL request is processed for an SSL vhost (such as the
"HTTP request received on SSL port" error message when an 400
ErrorDocument is configured, or if using "SSLEngine optional").
[1]
- reintroduce support of multiple instances of apache in startup
script [2]
- Add configtest command to apache22.sh [2]
- rewrite detection of accf_http filter to make it works on all
supported branches.
- fix rcorder [3]
- fix startup at boot time when profiles are used [4]
Spotted by: simon [1], flz[3]
Submitted by: Jarrod Sayers <jarrod@netleader.com.au> [2],
Joe Horn <joehorn@mi.chu.edu.tw> [4]
PR: ports/91154 [2], ports/90708 [4]
- Add apache22_http_accept_enable to load accf_http kernel module [2]
Additionnally, if it's not defined, we drop accept filter support
- Drop obsolete apache22ssl_enable rc.conf option
- Sync apache22.sh behavior with apachectl
Add graceful and graceful-stop targets
- Rework categories (add CACHE_MODULES)
- Add support for apr_dbd: MySQL, PostgrSQL and SQLite3 backends are supported
It adds mod_auth_dbd and mod_dbd automatically
more fixes to come soon...
PR: ports/90309 [1],
ports/90103 [2]
Submitted by: Simun Mikecin <sime@data.home.hr> [1],
Melvyn Sopacua <melvyn@melvyn.homeunix.net> [2]
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
Reported by: simon
- workaround apr detection. Now apache22 build his own apr, even if apr
is installed, unless you define WITH_APR_FROM_PORTS.
Reported by: pointyhat via kris [1]
It's a temporary layout, I need more time to find the best.
note that ${PREFIX}/www/(data|errors|cgi)(-dist) disappeared in favor of
${PREFIX}/www/apache22
in bsd.autotools.mk essentially makes this a no-op given that all the
old variables set a USE_AUTOTOOLS_COMPAT variable, which is parsed in
exactly the same way as USE_AUTOTOOLS itself.
Moreover, USE_AUTOTOOLS has already been extensively tested by the GNOME
team -- all GNOME 2.12.x ports use it.
Preliminary documentation can be found at:
http://people.FreeBSD.org/~ade/autotools.txt
which is in the process of being SGMLized before introduction into the
Porters Handbook.
Light blue touch-paper. Run.
- Use apache{2,21}flags variable in apache{2,21}_checkconfig().
It fixes restart when apache2ssl_enable is set to YES in rc.conf
and httpd.conf is "old" (i.e. non -DSSL safe) [1]
o Makefile
- split post-install target to add install-startup-script:
User can now upgrade startup script without reinstalling apache2.
NOTE: this is NOT package-safe and NOT supported, even if in most of
cases they're no risk.
Noticed by: many [1]
dist config files installed in ${PREFIX}/etc/apache21
- Add support for Event MPM and add backport from apr to support
APR_POLLSET_THREADSAFE (needed by Event MPM and forgotten @ release
time) [1]
- misc cleanups
- Bump PORTREVISION to reflect all cool changes which occured today ;)
Obtained from: apr svn repository
