kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/www/apache22/Makefile.modules
Olli Hauer 5183b40651 - update to apache-2.2.25 
- update vuxml with additional CVE-2013-1896 entry

Changes with Apache 2.2.25
  http://www.apache.org/dist/httpd/CHANGES_2.2.25

  *) SECURITY: CVE-2013-1896 (cve.mitre.org)
     mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
     the source href (sent as part of the request body as XML) pointing to a
     URI that is not configured for DAV will trigger a segfault. [Ben Reser
     <ben reser.org>]

  *) SECURITY: CVE-2013-1862 (cve.mitre.org)
     mod_rewrite: Ensure that client data written to the RewriteLog is
     escaped to prevent terminal escape sequences from entering the
     log file.  [Eric Covener, Jeff Trawick, Joe Orton]

  *) core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer
     strings.  The default limit for ap_pregsub() can be adjusted at compile
      time by defining AP_PREGSUB_MAXLEN.  [Stefan Fritsch, Jeff Trawick]

  *) core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization
     on Linux kernel versions 3.x and above.  PR 55121.  [Bradley Heilbrun
     <apache heilbrun.org>]

  *) mod_setenvif: Log error on substitution overflow.
     [Stefan Fritsch]

  *) mod_ssl/proxy: enable the SNI extension for backend TLS connections
     [Kaspar Brand]

  *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
     forwarding to SSL backends. PR 53134.
     [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]

  *) mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
     in the error log to debug level.  [William Rowe]

  *) mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
     with SSLProxyMachineCertificateFile/Path directives. PR 52212, PR 54698.
     [Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]

  *) mod_proxy_balancer: Added balancer parameter failontimeout to allow server
     admin to configure an IO timeout as an error in the balancer.
     [Daniel Ruggeri]

  *) mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind
     password.  [Daniel Ruggeri]

  *) htdigest: Fix buffer overflow when reading digest password file
     with very long lines. PR 54893. [Rainer Jung]

  *) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
     [Timothy Wood <tjw omnigroup.com>]

  *) mod_dav: Make sure that when we prepare an If URL for Etag comparison,
     we compare unencoded paths. PR 53910 [Timothy Wood <tjw omnigroup.com>]

  *) mod_dav: Sending an If or If-Match header with an invalid ETag doesn't
     result in a 412 Precondition Failed for a COPY operation. PR54610
     [Timothy Wood <tjw omnigroup.com>]

  *) mod_dav: When a PROPPATCH attempts to remove a non-existent dead
     property on a resource for which there is no dead property in the same
     namespace httpd segfaults. PR 52559 [Diego Santa Cruz
     <diego.santaCruz spinetix.com>]

  *) mod_dav: Do not fail PROPPATCH when prop namespace is not known.
     PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]

  *) mod_dav: Do not segfault on PROPFIND with a zero length DBM.
     PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]

PR:		ports/180248
Submitted by:	Jason Helfman jgh@
2013-07-10 19:01:44 +00:00

146 lines
4.2 KiB
Text
Raw Blame History

# $FreeBSD$
#
# Note by Clement Laforet: (to generate PLIST_SUB entries for modules)
# gsed 's/^\(.*\)mod\(.*\)\.so/%%\MOD\U\2%%\L\1mod\2\.so/' pkg-plist > tmp
# mv tmp pkg-plist
#
# =============================================
# Maintainer note for OPTION handling:
# To set additional option use
# PORT_OPTIONS+=
# To unset an OPTION, even the OPTION is set in OPTIONSFILE use
# WITHOUT_MODULES+=
# Using OPTIONS_EXCLUDE and OPTIONS_OVERRIDE do not work as expected
# if the OPTION is enabled by the user, therefore we calculate
# them in bsd.apache.mk with help of WITHOUT_MODULES
# The other methode is to set IGNORE's and force the user to adjust OPTIONS
.if defined(_PREMKINCLUDED)
# check if APR was build with thread support
.if exists(${APR_CONFIG})
APR_LIBS!= ${SH} ${APR_CONFIG} --libs | ${SED} -e 's/-//g'
. if defined(APR_LIBS) && !empty(APR_LIBS)
_T=pthread
. for lib in ${APR_LIBS}
. if ${_T:M${lib}}
APR_HAS_THREADS= yes
. endif
. endfor
. endif
.endif # exists APR_CONFIG
# check if APR-util module exists
.if exists(${APU_CONFIG})
. if ${PORT_OPTIONS:MLDAP} || ${PORT_OPTIONS:MAUTHNZ_LDAP}
. if !exists(${APU_LDAP})
IGNORE= LDAP and AUTHNZ_LDAP requires APR-util to have LDAP support built in.\
Please rebuild APR with LDAP support
. endif
. endif
. if ${PORT_OPTIONS:MDBD} || ${PORT_OPTIONS:MAUTHN_DBD}
. if !exists(${APU_DBD_MYSQL}) && !exists(${APU_DBD_PGSQL}) && !exists(${APU_DBD_SQLITE3})
IGNORE= AUTHN_DBD and DBD requires APR-util to have DBD support build in.\
Please rebuild APR at last with one DBD backend (MYSQL, PGSQL or SQLITE)
. endif
. endif
.endif # exists APU_CONFIG
# =============================================
# MPM's: prefork worker event itk peruser
.if ${WITH_MPM} == "prefork"
PLIST_SUB+= WORKER="@comment " EVENT="@comment "
.elif ${WITH_MPM} == "worker"
PLIST_SUB+= WORKER="" EVENT="@comment "
.elif ${WITH_MPM} == "event"
PLIST_SUB+= WORKER="@comment " EVENT=""
.elif ${WITH_MPM} == "peruser"
PLIST_SUB+= WORKER="@comment " EVENT="@comment "
.elif ${WITH_MPM} == "itk"
PLIST_SUB+= WORKER="@comment " EVENT="@comment "
.else
IGNORE= Unknown MPM: ${WITH_MPM}
.endif # MPM prefork
.if ${WITH_MPM} != "prefork"
PKGNAMESUFFIX= -${WITH_MPM}-mpm
LATEST_LINK= apache22-${WITH_MPM}-mpm
.endif
.if ${WITH_MPM} == "worker" || ${WITH_MPM} == "event"
PORT_OPTIONS+= CGID
.if ${PORT_OPTIONS:MCGI}
IGNORE= When using a multi-threaded MPM, the module CGID should be used in place CGI. \
Please de-select CGI and select CGID instead. \
See http://httpd.apache.org/docs/2.2/mod/mod_cgi.html
.endif
.if exists(${APR_CONFIG}) && !defined(APR_HAS_THREADS)
IGNORE= requires APR threads. Please rebuild APR with THREAD support
. endif
.endif
# =============================================
# The next three params are not converted to an option,
# they should be used only for special builds.
.if defined(WITH_STATIC_SUPPORT)
CONFIGURE_ARGS+= --enable-static-support
.endif
# debug overrides CFLAGS
.if defined(WITH_DEBUG)
DEBUG_FLAGS?= -O0 -g -ggdb3
CFLAGS= ${DEBUG_FLAGS}
CONFIGURE_ARGS+= --enable-maintainer-mode
WITH_EXCEPTION_HOOK= yes
.endif
.if defined(WITH_EXCEPTION_HOOK)
CONFIGURE_ARGS+= --enable-exception-hook
.endif
.if ${PORT_OPTIONS:MSSL}
CFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -L${OPENSSLLIB}
CONFIGURE_ARGS+= --with-ssl=${OPENSSLBASE}
.endif
.if ${PORT_OPTIONS:MAUTHNZ_LDAP}
CONFIGURE_ARGS+= --enable-authnz-ldap
.endif
.if ${PORT_OPTIONS:MLDAP}
CONFIGURE_ARGS+= --enable-ldap=shared
.endif
.if ${PORT_OPTIONS:MAUTH_BASIC} || ${PORT_OPTIONS:MAUTH_DIGEST}
. if !${APACHE_MODULES:MAUTHN*}
IGNORE= AUTH_BASIC and AUTH_DIGEST need at last one AUTHN provider
. endif
.endif
.if ${PORT_OPTIONS:MAUTH_BASIC}
. if !${APACHE_MODULES:MAUTHZ*}
IGNORE= AUTH_BASIC need at last one AUTHZ provider
. endif
.endif
.if defined(APR_HAS_THREADS)
LDFLAGS+= -pthread
.else
. if exists(${APR_CONFIG}) && ${PORT_OPTIONS:MMEM_CACHE}
IGNORE= MEM_CACHE requires APR threads. Please rebuild APR with THREAD support
. endif
.endif
# http://httpd.apache.org/docs/2.2/bind.html
.if ${PORT_OPTIONS:MIPV4_MAPPED}
CONFIGURE_ARGS+= --enable-v4-mapped
.else
CONFIGURE_ARGS+= --disable-v4-mapped
.endif
CONFIGURE_ARGS+= --with-mpm=${WITH_MPM}
.endif # _PREMKINCLUDED
Reference in a new issue View git blame Copy permalink