The first fix is a NO-OP for FreeBSD. The clang/optimized flags work-
around is OSVERSION-specific, so let's limit it to FreeBSD only.
The real breakage was caused by the XPI_FILE substitution. The "x86"
part of DragonFly's "x86_64" was getting transformed incorrectly to
"i386_64". This could be prevented by changing the replacement pattern
to "x86$", but "x86" is not a standard ARCH value, so this substitution
isn't made on FreeBSD anyway. The solution is just remove it as the
only effect it has is negative.
Tested on: Redports, all four i386 builders pass
<ChangeLog>
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Feature: the "proxy_protocol" parameters of the "listen" and
"real_ip_header" directives, the $proxy_protocol_addr variable.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Thanks to Lucas Molas.
</ChangeLog>
<ChangeLog>
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Thanks to Lucas Molas.
</ChangeLog>
- enforcing use libapr-1.so.5 (apr-1.5.0 instead apr-1.4.8)
Changes with Apache 2.4.9
*) mod_ssl: Work around a bug in some older versions of OpenSSL that
would cause a crash in SSL_get_certificate for servers where the
certificate hadn't been sent. [Stephen Henson]
*) mod_lua: Add a fixups hook that checks if the original request is intended
for LuaMapHandler. This fixes a bug where FallbackResource invalidates the
LuaMapHandler directive in certain cases by changing the URI before the map
handler code executes [Daniel Gruno, Daniel Ferradal <dferradal gmail com>].
Changes with Apache 2.4.8
*) SECURITY: CVE-2014-0098 (cve.mitre.org)
Clean up cookie logging with fewer redundant string parsing passes.
Log only cookies with a value assignment. Prevents segfaults when
logging truncated cookies.
[William Rowe, Ruediger Pluem, Jim Jagielski]
*) SECURITY: CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests
[Amin Tora <Amin.Tora neustar.biz>]
*) core: Support named groups and backreferences within the LocationMatch,
DirectoryMatch, FilesMatch and ProxyMatch directives. (Requires
non-ancient PCRE library) [Graham Leggett]
*) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]
*) mod_dir: Add DirectoryCheckHandler to allow a 2.2-like behavior, skipping
execution when a handler is already set. PR53929. [Eric Covener]
*) mod_ssl: Do not perform SNI / Host header comparison in case of a
forward proxy request. [Ruediger Pluem]
*) mod_ssl: Remove the hardcoded algorithm-type dependency for the
SSLCertificateFile and SSLCertificateKeyFile directives, to enable
future algorithm agility, and deprecate the SSLCertificateChainFile
directive (obsoleted by SSLCertificateFile). [Kaspar Brand]
*) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
and IgnoreInherit to allow RewriteRules to be pushed from parent scopes
to child scopes without explicitly configuring each child scope.
PR56153. [Edward Lu <Chaosed0 gmail com>]
*) prefork: Fix long delays when doing a graceful restart.
PR 54852 [Jim Jagielski, Arkadiusz Miskiewicz <arekm maven pl>]
*) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick]
*) mod_proxy_wstunnel: Avoid busy loop on client errors, drop message
IDs 02445, 02446, and 02448 to TRACE1 from DEBUG. PR 56145.
[Joffroy Christen <joffroy.christen solvaxis com>, Eric Covener]
*) mod_remoteip: Correct the trusted proxy match test. PR 54651.
[Yoshinori Ehara <yoshinori ehara gmail com>, Eugene L <eugenel amazon com>]
*) mod_proxy_fcgi: Fix error message when an unexpected protocol version
number is received from the application. PR 56110. [Jeff Trawick]
*) mod_remoteip: Use the correct IP addresses to populate the proxy_ips field.
PR 55972. [Mike Rumph]
*) mod_lua: Update r:setcookie() to accept a table of options and add domain,
path and httponly to the list of options available to set.
PR 56128 [Edward Lu <Chaosed0 gmail com>, Daniel Gruno]
*) mod_lua: Fix r:setcookie() to add, rather than replace,
the Set-Cookie header. PR56105
[Kevin J Walters <kjw ms com>, Edward Lu <Chaosed0 gmail com>]
*) mod_lua: Allow for database results to be returned as a hash with
row-name/value pairs instead of just row-number/value. [Daniel Gruno]
*) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to
%{REMOTE_ADDR}. PR 56094. [Edward Lu <Chaosed0 gmail com>]
*) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
save the socket for reuse by the next worker as if it were an
APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]
*) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a URL
that was just rewritten by mod_rewrite. PR53929. [Eric Covener]
*) mod_session: When we have a session we were unable to decode,
behave as if there was no session at all. [Thomas Eckert
<thomas.r.w.eckert gmail com>]
*) mod_session: Fix problems interpreting the SessionInclude and
SessionExclude configuration. PR 56038. [Erik Pearson
<erik adaptations.com>]
*) mod_authn_core: Allow <AuthnProviderAlias>'es to be seen from auth
stanzas under virtual hosts. PR 55622. [Eric Covener]
*) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
30 seconds timeout. [Jan Kaluza]
*) mod_proxy: Added support for unix domain sockets as the
backend server endpoint [Jim Jagielski, Blaise Tarr
<blaise tarr gmail com>]
*) build: only search for modules (config*.m4) in known subdirectories, see
build/config-stubs. [Stefan Fritsch]
*) mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk.
PR 55833. [Eric Covener]
*) mod_ssl: Add support for OpenSSL configuration commands by introducing
the SSLOpenSSLConfCmd directive. [Stephen Henson, Kaspar Brand]
*) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
is equivalent to <ProxyMatch wildcard-url>. [Christophe Jaillet]
*) mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
require directives. [Graham Leggett]
*) mod_proxy_http: Core dumped under high load. PR 50335.
[Jan Kaluza <jkaluza redhat.com>]
*) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
previously limited to 64MB. [Jens Låås <jelaas gmail.com>]
*) mod_lua: Use binary copy when dealing with uploads through r:parsebody()
to prevent truncating files. [Daniel Gruno]
Changes with Apache 2.4.7
*) APR 1.5.0 or later is now required for the event MPM.
*) slotmem_shm: Error detection. [Jim Jagielski]
*) event: Use skiplist data structure. [Jim Jagielski]
*) event: Fail at startup with message AP02405 if the APR atomic
implementation is not compatible with the MPM. [Jim Jagielski]
*) mpm_unix: Add ap_mpm_podx_* implementation to avoid code duplication
and align w/ trunk. [Jim Jagielski]
*) Fix potential rejection of valid MaxMemFree and ThreadStackSize
directives. [Mike Rumph <mike.rumph oracle.com>]
*) mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
An individual envvar with an encoded length of more than 16K will be
omitted. [Jeff Trawick]
*) mod_proxy_fcgi: Handle reading protocol data that is split between
packets. [Jeff Trawick]
*) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
allowing custom parameters to be configured via SSLCertificateFile,
and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
Unless custom parameters are configured, the standardized parameters
are applied based on the certificate's RSA/DSA key size. [Kaspar Brand]
*) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand]
*) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
keys, and unconditionally disable aNULL, eNULL and EXP ciphers
(not overridable via SSLCipherSuite). [Kaspar Brand]
*) mod_proxy: Added support for unix domain sockets as the
backend server endpoint [Jim Jagielski, Blaise Tarr
<blaise tarr gmail com>]
*) Add experimental cmake-based build system for Windows. [Jeff Trawick,
Tom Donovan]
*) event MPM: Fix possible crashes (third party modules accessing c->sbh)
or occasional missed mod_status updates for some keepalive requests
under load. [Eric Covener]
*) mod_authn_socache: Support optional initialization arguments for
socache providers. [Chris Darroch]
*) mod_session: Reset the max-age on session save. PR 47476. [Alexey
Varlamov <alexey.v.varlamov gmail com>]
*) mod_session: After parsing the value of the header specified by the
SessionHeader directive, remove the value from the response. PR 55279.
[Graham Leggett]
*) mod_headers: Allow for format specifiers in the substitution string
when using Header edit. [Daniel Ruggeri]
*) mod_dav: dav_resource->uri is treated as unencoded. This was an
unnecessary ABI changed introduced in 2.4.6. PR 55397.
*) mod_dav: Don't require lock tokens for COPY source. PR 55306.
*) core: Don't truncate output when sending is interrupted by a signal,
such as from an exiting CGI process. PR 55643. [Jeff Trawick]
*) WinNT MPM: Exit the child if the parent process crashes or is terminated.
[Oracle Corporation]
*) Windows: Correct failure to discard stderr in some error log
configurations. (Error message AH00093) [Jeff Trawick]
*) mod_session_crypto: Allow using exec: calls to obtain session
encryption key. [Daniel Ruggeri]
*) core: Add missing Reason-Phrase in HTTP response headers.
PR 54946. [Rainer Jung]
*) mod_rewrite: Make rewrite websocket-aware to allow proxying.
PR 55598. [Chris Harris <chris.harris kitware com>]
*) mod_ldap: When looking up sub-groups, use an implicit objectClass=*
instead of an explicit cn=* filter. [David Hawes <dhawes vt.edu>]
*) ab: Add wait time, fix processing time, and output write errors only if
they occured. [Christophe Jaillet]
*) worker MPM: Don't forcibly kill worker threads if the child process is
exiting gracefully. [Oracle Corporation]
*) core: apachectl -S prints wildcard name-based virtual hosts twice.
PR54948 [Eric Covener]
*) mod_auth_basic: Add AuthBasicUseDigestAlgorithm directive to
allow migration of passwords from digest to basic authentication.
[Chris Darroch]
*) ab: Add a new -l parameter in order not to check the length of the responses.
This can be usefull with dynamic pages.
PR9945, PR27888, PR42040 [<ccikrs1 cranbrook edu>]
*) Suppress formatting of startup messages written to the console when
ErrorLogFormat is used. [Jeff Trawick]
*) mod_auth_digest: Be more specific when the realm mismatches because the
realm has not been specified. [Graham Leggett]
*) mod_proxy: Add a note in the balancer manager stating whether changes
will or will not be persisted and whether settings are inherited.
[Daniel Ruggeri, Jim Jagielski]
*) mod_cache: Avoid a crash with strcmp() when the hostname is not provided.
[Graham Leggett]
*) core: Add util_fcgi.h and associated definitions and support
routines for FastCGI, based largely on mod_proxy_fcgi.
[Jeff Trawick]
*) mod_headers: Add 'Header note header-name note-name' for copying a response
headers value into a note. [Eric Covener]
*) mod_headers: Add 'setifempty' command to Header and RequestHeader.
[Eric Covener]
*) mod_logio: new format-specifier %S (sum) which is the sum of received
and sent byte counts.
PR54015 [Christophe Jaillet]
*) mod_deflate: Improve error detection when decompressing request bodies
with trailing garbage: handle case where trailing bytes are in
the same bucket. [Rainer Jung]
*) mod_authz_groupfile, mod_authz_user: Reduce severity of AH01671 and AH01663
from ERROR to DEBUG, since these modules do not know what mod_authz_core
is doing with their AUTHZ_DENIED return value. [Eric Covener]
*) mod_ldap: add TRACE5 for LDAP retries. [Eric Covener]
*) mod_ldap: retry on an LDAP timeout during authn. [Eric Covener]
*) mod_ldap: Change "LDAPReferrals off" to actually set the underlying LDAP
SDK option to OFF, and introduce "LDAPReferrals default" to take the SDK
default, sans rebind authentication callback.
[Jan Kaluza <kaluze AT redhat.com>]
*) core: Log a message at TRACE1 when the client aborts a connection.
[Eric Covener]
*) WinNT MPM: Don't crash during child process initialization if the
Listen protocol is unrecognized. [Jeff Trawick]
*) modules: Fix some compiler warnings. [Guenter Knauf]
*) Sync 2.4 and trunk
- Avoid some memory allocation and work when TRACE1 is not activated
- fix typo in include guard
- indent
- No need to lower the string before removing the path, it is just a waste of time...
- Save a few cycles
[Christophe Jaillet <christophe.jaillet wanadoo.fr>]
*) mod_filter: Add "change=no" as a proto-flag to FilterProtocol
to remove a providers initial flags set at registration time.
[Eric Covener]
*) core, mod_ssl: Enable the ability for a module to reverse the sense of
a poll event from a read to a write or vice versa. This is a step on
the way to allow mod_ssl taking full advantage of the event MPM.
[Graham Leggett]
*) Makefile.win: Install proper pcre DLL file during debug build install.
PR 55235. [Ben Reser <ben reser org>]
*) mod_ldap: Fix a potential memory leak or corruption. PR 54936.
[Zhenbo Xu <zhenbo1987 gmail com>]
*) ab: Fix potential buffer overflows when processing the T and X
command-line options. PR 55360.
[Mike Rumph <mike.rumph oracle.com>]
*) fcgistarter: Specify SO_REUSEADDR to allow starting a server
with old connections in TIME_WAIT. [Jeff Trawick]
*) core: Add open_htaccess hook which, in conjunction with dirwalk_stat
and post_perdir_config (introduced in 2.4.5), allows mpm-itk to be
used without patches to httpd core. [Stefan Fritsch]
*) support/htdbm: fix processing of -t command line switch. Regression
introduced in 2.4.4
PR 55264 [Jo Rhett <jrhett netconsonance com>]
*) mod_lua: add websocket support via r:wsupgrade, r:wswrite, r:wsread
and r:wsping. [Daniel Gruno]
*) mod_lua: add support for writing/reading cookies via r:getcookie and
r:setcookie. [Daniel Gruno]
*) mod_lua: If the first yield() of a LuaOutputFilter returns a string, it should
be prefixed to the response as documented. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
*) mod_lua: Remove ETAG, Content-Length, and Content-MD5 when a LuaOutputFilter
is configured without mod_filter. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
*) mod_lua: Register LuaOutputFilter scripts as changing the content and
content-length by default, when run my mod_filter. Previously,
growing or shrinking a response that started with Content-Length set
would require mod_filter and FilterProtocol change=yes. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
*) mod_lua: Return a 500 error if a LuaHook* script doesn't return a
numeric return code. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
- Update Firefox ESR to 24.4.0
- Update Thunderbird to 24.4.0
- Update NSPR to 4.10.4
- Update NSS to 3.15.5
- Switch GSTREAMER option for non-esr ports to depend on
multimedia/gstreamer1 [2]
- Switch to Uses/compiler.mk, defaults to lang/gcc47 on 8.x and 9.x
- Use port dependencies for libogg, libvorbis, libopus, harfbuzz, graphite2
- Enable readahead in url-classifier, asmjs, download resume like on Linux
- Build www/firefox and www/seamonkey faster using unified compilation
- Unbreak build on sparc64 [1]
- Workaround OPTIMIZED_CFLAGS startup crash on 8.x and 9.x
- OPTIMIZED_CFLAGS is enabled by default
- A few DEBUG build fixes
- Add clang 3.2/3.3/3.4 workarounds for i386
- Mention known GSTREAMER issue in pkg-message
Submitted by: Jan Beich
PR: ports/186580 [1]
Requested by: kwm [2]
Security: http://www.vuxml.org/freebsd/610de647-af8d-11e3-a25b-b4b52fce4ce8.html
- Add an icon to the desktop entry.
- Use option helpers.
- Respect CFLAGS.
- Remove clang support patch. No longer necessary.
- Add a patch to fix rendering of SVG and BMP images on little-endian
systems and all image formats on big-endian systems. [1]
PR: ports/187466 [1]
Tested by: Craig Butler <craig001@lerwick.hopto.org> [1]
The user can have the variables OWNCLOUD_USERNAME and OWNCLOUD_GROUPNAME
defined in his environment to point to his own username and groupname.
Suggested by: Adam McDougall
Ruby/Rack applications. Puma is intended for use in both development and
production environments. In order to get the best throughput, it is highly
recommended that you use a Ruby implementation with real threads like Rubinius
or JRuby.
WWW: http://puma.io/
Ruby/Rack applications. Puma is intended for use in both development and
production environments. In order to get the best throughput, it is highly
recommended that you use a Ruby implementation with real threads like Rubinius
or JRuby.
This older version will be used by an updated versions of chef.
WWW: http://puma.io/
both CSS and JavaScript concatenation and compression, built-in
JavaScript template support, and optional data-URI image embedding.
This port will be used by an updated www/reviewboard.
WWW: https://github.com/cyberdelia/django-pipeline
GCC 4.6.4 to GCC 4.7.3. This entails updating the lang/gcc port as
well as changing the default in Mk/bsd.default-versions.mk.
Part II, Bump PORTREVISIONs.
PR: 182136
Supported by: Christoph Moench-Tegeder <cmt@burggraben.net> (fixing many ports)
Tested by: bdrewery (two -exp runs)
2014-03-10 deskutils/libopensync-plugin-synce: No more public distfiles
2014-03-10 irc/irchat-pj-xemacs21-mule: No more public distfiles
2014-03-10 irc/pure-xemacs21-mule: No more public distfiles
2014-03-10 lang/dice: No more public distfiles
2014-03-10 irc/dcc: No more public distfiles
2014-03-10 sysutils/backupme: No more public distfiles
2014-03-10 net/freeswitch-curl-devel: No more public distfiles
2014-03-10 misc/freeswitch-pizzademo-devel: No more public distfiles
2014-03-10 emulators/cygne-sdl: No more public distfiles
2014-03-10 mail/newmail: No more public distfiles
2014-03-10 x11-toolkits/xscoop: No more public distfiles
2014-03-10 security/didentd: No more public distfiles
2014-03-10 sysutils/wait_on: No more public distfiles
2014-03-10 net/freeswitch-sbc-devel: No more public distfiles
2014-03-10 multimedia/gxanim: No more public distfiles
2014-03-10 www/nd: No more public distfiles
2014-03-10 lang/fbbi: No more public distfiles
2014-03-10 textproc/csv2xml: No more public distfiles
2014-03-10 www/trac-calendar: No more public distfiles
2014-03-10 misc/stan: No more public distfiles
2014-03-10 japanese/gtkicq: No more public distfiles
2014-03-10 net/nc6: No more public distfiles
2014-03-10 net/jpcap: No more public distfiles
2014-03-10 games/quake-extras: No more public distfiles
2014-03-10 net/asfrecorder: No more public distfiles
2014-03-10 sysutils/pyrenamer: No more public distfiles
2014-03-10 palm/synce-sync-engine: No more public distfiles
2014-03-10 www/linux-mplayer-plugin: No more public distfiles
2014-03-10 net-mgmt/airport: No more public distfiles
2014-03-10 textproc/manued.el: No more public distfiles
2014-03-10 sysutils/jailer: No more public distfiles
2014-03-10 sysutils/blimitd: No more public distfiles
2014-03-10 print/abntex: No more public distfiles
2014-03-10 sysutils/monkeytail: No more public distfiles
2014-03-10 dns/dns_mre: No more public distfiles
2014-03-10 japanese/libjcode: No more public distfiles
2014-03-10 sysutils/jailutils: No more public distfiles
2014-03-10 net/freeswitch-vanilla-devel: No more public distfiles
2014-03-10 sysutils/hdup: No more public distfiles
2014-03-10 print/cups-smb-backend: No more public distfiles
2014-03-10 x11/settitle: No more public distfiles
2014-03-10 sysutils/anteater: No more public distfiles
2014-03-10 www/trac-pendingticket: No more public distfiles
2014-03-10 www/admuser: No more public distfiles
2014-03-10 x11-themes/gnome-icons-snowish: No more public distfiles
2014-03-10 www/metacafe_dl: No more public distfiles
2014-03-10 irc/irchat-pj-emacs21: No more public distfiles
2014-03-10 www/horde3-wicked: No more public distfiles
2014-03-10 java/drexelsnmp: No more public distfiles
2014-03-10 mail/sigit: No more public distfiles
2014-03-10 misc/freeswitch-scripts-devel: No more public distfiles
2014-03-10 www/vtiger-customerportal: No more public distfiles
2014-03-10 irc/pure-emacs21: No more public distfiles
2014-03-10 www/extsm: No more public distfiles
2014-03-10 misc/cwish: No more public distfiles
2014-03-10 www/phpscheduleit: No more public distfiles
2014-03-10 palm/synce-serial: No more public distfiles
2014-03-10 palm/synce-vdccm: No more public distfiles
2014-03-10 net/freeswitch-insideout-devel: No more public distfiles
2014-03-10 sysutils/fusefs-fur: No more public distfiles
2014-03-10 mail/clamfilter: No more public distfiles
2014-03-10 textproc/cost: No more public distfiles
2014-03-10 palm/synce-gvfs: No more public distfiles
2014-03-10 net/nxserver: No more public distfiles
2014-03-10 sysutils/throttle: No more public distfiles
2014-03-10 japanese/aterm: No more public distfiles
2014-03-10 mail/teapop: No more public distfiles
2014-03-10 www/eldav.el: No more public distfiles
2014-03-10 graphics/gsnapshot: No more public distfiles
2014-03-10 japanese/zangband: No more public distfiles
2014-03-10 audio/xmms-wma: No more public distfiles
2014-03-10 misc/projectionlib: No more public distfiles
- add stage support
- add LICENSE
Changes:
* VERSION: 2.0.8
* mod_vhost_ldap.c: Don't copy server struct if we have per request document root
* VERSION: 2.0.7
* mod_vhost_ldap.c: Revert escaping wildcard character as it was
already done before by ldap_bv2escaped_filter_value
* VERSION: 2.0.6
* mod_vhost_ldap.c: Properly escape wildcard string to search
for literal *.hostname
* mod_vhost_ldap.c, vhost_ldap.conf: Add new boolean option VhostLDAPWildcard
to disable wildcard search completely
* mod_vhost_ldap.c: Fix cgi-bin processing (Courtesy of Anders Kaseorg)
* VERSION: 2.0.5
* mod_vhost_ldap.c: Make a private copy of server config to each
request to be thread safe. (Courtesy Anders Kaseorg)
* VERSION: 2.0.3
* mod_vhost_ldap.c: Workaround concurrency issues with ap_document_root
by adding mutex before it is set and release before
handler is run.
* VERSION: 2.0.1
* mod_vhost_ldap.c: Remove cleanup routine, it was causing segfaults.
* VERSION: 2.0.0 release
* mod_vhost_ldap.c: Sleep for (fibonacci numbers) seconds after LDAP failure
* mod_vhost_ldap.c: Add a log WARNING when LDAP is unreachable
* mod_vhost_ldap.c: Don't set r->filename, return DECLINE on success, only
mangle documentroot and others, and let other apache
modules handle real filenames
* mod_vhost_ldap.c: Create and use function set_document_root inspired by apache2.2
* mod_vhost_ldap.c: Return correct error codes on failures and not DECLINED
* mod_vhost_ldap.c: Put translate_name hook at FIRST place
* VERSION: 1.2.0 release
* mod_vhost_ldap.c: release apache-2.2 version as 1.2.0
* VERSION: 1.0.1 release
* mod_vhost_ldap.c: add support for apache-2.2.x
This removes one chain in the link of trust since the tarball is no longer
modified and rerolled locally.
This means the Courgette code is now included, but it is only compiled and
used on Windows platforms to distribute binary updates.
Legal documentation:
http://law.justia.com/cases/federal/district-courts/massachusetts/madce/1:2009cv11813/125212/47/
Discussed with: portmgr/core (tabthorpe), FreeBSD Foundation (gnn)
<ChangeLog>
*) Security: memory corruption might occur in a worker process on 32-bit
platforms while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0088); the bug had appeared in 1.5.10.
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Feature: the $ssl_session_reused variable.
*) Bugfix: the "client_max_body_size" directive might not work when
reading a request body using chunked transfer encoding; the bug had
appeared in 1.3.9.
Thanks to Lucas Molas.
*) Bugfix: a segmentation fault might occur in a worker process when
proxying WebSocket connections.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used on 32-bit platforms; the bug had
appeared in 1.5.10.
*) Bugfix: the $upstream_status variable might contain wrong data if the
"proxy_cache_use_stale" or "proxy_cache_revalidate" directives were
used.
Thanks to Piotr Sikora.
*) Bugfix: a segmentation fault might occur in a worker process if
errors with code 400 were redirected to a named location using the
"error_page" directive.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2013.
</ChangeLog>
<ChangeLog>
*) Bugfix: the "client_max_body_size" directive might not work when
reading a request body using chunked transfer encoding; the bug had
appeared in 1.3.9.
Thanks to Lucas Molas.
*) Bugfix: a segmentation fault might occur in a worker process when
proxying WebSocket connections.
</ChangeLog>
deskutils/kdepim4:
- Add depedency on coreutils, kleopatra needs md5sum and sha1sum programs [1]
misc/kdehier4:
- add tests directory (r343428 commit to Templates/BSD.local.dist)
security/kwallet:
- moved to security/kwalletmanager (renamed upstream)
x11/kdelibs:
- remove workaround, which is not needed after global fix in
Mk/bsd.kde4.mk (r315373)
PR: ports/187259 [1]
Submitted by: Tobias Berner <tcberner@gmail.com>
Instead of removing the -Wno-unknown-warning-option, split this out in a
Clang specific version and a GCC specific version (yay).
Submitted by: George Mitchell via freebsd-ports
Alberto Villa (avilla@) has done all the hard work to create Qt 5 ports.
Trivial update from 5.2.0-beta1 to 5.2.1 by me.
Special thanks for Adriaan de Groot <groot@kde.org> for his assistance for
Qt-5.2.0 update.
Approved by: portmgr (bapt) (for Mk/bsd.port.mk)
- clarify license (BSD3C)
- do not use easy_install for installation and convert to auto-generated packing list
- add staging support
- install examples into staging area uncoditionally and remove EXAMPLES option
- remove inclusion of devel/py-virtualenv/files/py3k-fix-pkg-plist.inc - it's implemented in bsd.python.mk
Approved by: portmgr (blanket)
Changes:
Version 10.29
- Supports IPv6 clients.
Version 10.28
- Fixed: QS_ClientEventLimit did overwrite counters of other
clients if multiple events have been configured.
Version 10.27
- qslog features the option "-pu" and "-puc" used to gather
request information on a per URL basis.
- Fixed: Wrong includes within the support utilities.
- Extends QS_ClientSerialize max. timeout from 1 to 5 minutes.
Version 10.26
- QS_ClientSerialize supports the QS_ClientIpFromHeader directive.
- Refactor method used to determine redirect port (user tracking)
supporting servers not using virtual hosts.
- Fixed: QS_UserTrackingCookieName uses correct server_rec to
retrieve configuration.
- Hook implementing user tracking is now called after mod_unique_id.
- Slightly changed unique-id generator.
- Adds fflush() to qsgrep utility when writing data to stdout.
Version 10.25
- QS_EventLimitCount writes the current value to the process
environment variables.
- Fixed: QS_[Cond]ClientEventLimitCount logs request id and propagtes
message code (067) to the QS_ErrorNotes variable.
- New variable QS_IPConn representing the number of connections
opened from the very same source IP (works in conjunction with
QS_SrvMaxConnPerIP only).
Version 10.24
- New directive QS_CondClientEventLimitCount.
- QS_SrvMinDataRate: limits the max. data rate to the configured
value (prevents invalid rate due to misconfiguration server or
died child process).
Version 10.23
- Fixed: QS_ClientEventLimitCount log message 067 contains now
the IP address of the request header if QS_ClientIpFromHeader
is used.
- QS_SetEnvRes: supports multiple variables with the same name.
Version 10.22
- Process QS_SetEnvResHeader(Match) and QS_SetEnvRes at error
filter too.
Version 10.21
- Fixed: qslogger may had detected the wrong message severity.
- Adds debug message when detecting "NullConnection" events.
- Built-in request header rules: adapt If-Match, If-None-Match,
Cookie, and Cookie2 HTTP header patterns.
Version 10.20
- Fixed: QS_CondLocRequestLimitMatch did work only if other QS_Loc*
directive had been configured.
Version 10.19
- New directive QS_RedirectIf.
Version 10.18
- QS_ClientEventLimitCount may be cleared by environment
variable (suffixed by "_Clear", e.g. QS_Limit_Clear).
Version 10.17
- QS_ClientEventLimitCount supports unlimited number of events.
- Stores the value of the QS_ClientEventLimitCount variables as
environment variables suffixed by "_Counter", e.g. QS_Limit_Counter
for the default QS_Limit variable, in order to be processed by
other rules.
- Add Content-Security-Policy to the default response header
white list.
- qslog features enhanced "-pc" mode providing more information:
* Collects content type information (%{content-type}o).
* Duration between the first and the last request.
* Average response in ms.
* "ci" indicates if we have seen the client at the end or the
beginning of the file (maybe not all requests in the log
due to log rotation).
* Bytes downloaded.
* Writes status characters to stderr.
* HTTP request methods (GET/POST)
- qsgeo features option "-l" and is able to process "qslog -pc" files.
Version 10.16
- qslog adds 'E' (event identifiers) to the format string.
QSEVENTPATH environment variable specifies a file containing
all known event names (comma separated list).
- qslog average counter (a/A) count only if a numeric value
is available.
- qssing does not try to execute invalid program name (space only).
PR: ports/187132
Submitted by: Eero Haenninen <fax@nohik.ee>
Approved by: Andrea Cervesato <andrea@cervesato.it> (maintainer)
DragonFly 64-bit platform is called "x86_64", not "amd64".
Add this option to the variable substition -- and move this
to a separate line for better visibility. No-Op and no bump
for FreeBSD.
- Use new LIB_DEPENDS syntax.
- Change multimedia/vdr-plugins defaults and bump PORTREVISION for it.
(switch from xvdr to vnsiserver and disable plugins depending on ffmpeg0)
on HttpCore NIO and HttpClient components. It is a complementary module
to Apache HttpClient intended for special cases where ability to handle a
great number of concurrent connections is more important than performance
in terms of a raw data throughput.
WWW: http://hc.apache.org/httpcomponents-asyncclient-4.0.x/
2014-02-26 www/trac-hierwiki: Runtime is broken, doesn't support Trac>0.11
2014-02-27 net-p2p/microdc2: Broken for more than 6 month
2014-02-27 www/openvrml: Broken for more than 6 month
2014-02-27 science/peekabot: Broken for more than 6 month
2014-02-27 misc/xbiso: Broken for more than 6 month
2014-02-27 net/hornetq: Broken for more than 6 month
2014-02-27 sysutils/slmon: Broken for more than 6 month
2014-02-27 www/trac-revtree: Broken for more than 6 months
2014-02-27 security/crack: Broken for more than 6 month
2014-02-27 sysutils/graphicboot: Broken for more then 6 month
2014-02-27 graphics/kgraphviewer: Broken for more than 6 month
2014-02-27 sysutils/ckl: Broken for more than 6 month
2014-02-27 japanese/trac: Broken for more than 6 month
2014-02-27 lang/opa: Broken for more than 6 month
2014-02-27 sysutils/mmore: Broken for more than 6 month
2014-02-27 www/trac-announcer: Broken for more than 6 month
- do not use USES=scons [1]
- adjust MASTER_SITES
- adopt new LIB_DEPENDS notation
[1] The upstream Scons script is terrible broken, the ports framework
sets args unknown to the SConstruct script and every unknown arg
breaks the script :( Unluckily I haven't found a way to strip the
breaking args with our shiny USES=scons framework)
Changes:
Serf 1.3.4 [2014-02-08, from /tags/1.3.4, rxxxx]
Fix issue #119: Endless loop during ssl tunnel setup with Negotiate authn
Fix issue #123: Can't setup ssl tunnel which sends Connection close header
Fix a race condition when initializing OpenSSL from multiple threads (r2263)
Fix issue #138: Incorrect pkg-config file when GSSAPI isn't configured
to preserve version 1.x and to update to 3.0
print/py-reportlab:
- Update print/py-reportlab to 3.0 based on print/py-reportlab2
- Support STAGEDIR
- Use PYDISTUTILS_AUTOPLIST
* Remove pkg-plist, accordingly
- Set CONFLICTS
- Add PORTSCOUT
- Replace tab with a single space after WWW: in pkg-descr
print/py-reportlab1:
- Support STAGEDIR
- Add PKGNAMESUFFIX not to duplicate ports with the same name
- Set CONFLICTS
- Use PYDISTUTILS_AUTOPLIST
* Remove pkg-plist, accordingly
- Make use of PORTDOCS
- Set OPTIONS_DEFINE explicitly
- Fix include statement
- Make docs unconditional to stage
- Replace tab with a single space after WWW: in pkg-descr
print/py-reportlab2:
- Update CONFLICTS
- Set PORTSCOUT
dependent ports:
- Switch dependency from print/py-reportlab to print/py-reportlab1
* biology/py-biopython
* deskutils/gourmet
* deskutils/griffith
* games/pythonsudoku
* misc/pdfmap
* print/py-trml2pdf
* www/py-satchmo
PR: ports/186970
Submitted by: tota (myself)
Approved by: Muhammad Moinur Rahman (maintainer)
