kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/apache2/Makefile

254 lines
8.4 KiB
Makefile
Raw Normal View History

Bump for perl-5.20.0. Do it for all packages that * mention perl, or * have a directory name starting with p5-*, or * depend on a package starting with p5- like last time, for 5.18, where this didn't lead to complaints. Let me know if you have any this time.
2014-05-30 01:35:13 +02:00
# $NetBSD: Makefile,v 1.148 2014/05/29 23:37:56 wiz Exp $
We don't need to check for APR_USE_* or generate our own _APR_OPTIONS variable since the apr/buildlink3.mk file does the right thing for us already; we simply need to include it and check the value of PKG_OPTIONS.apr.
2004-11-23 01:37:04 +01:00
.include "Makefile.common"
Reimport pkgsrc/www/apache-current as pkgsrc/www/apache2.
2002-03-06 00:24:06 +01:00
Changes 2.0.54: *) mod_cache: Add CacheIgnoreHeaders directive. *) mod_ldap: Added the directive LDAPConnectionTimeout to configure the ldap socket connection timeout value. *) Correctly export all mod_dav public functions. *) Add a build script to create a solaris package. *) worker MPM: Fix a problem which could cause httpd processes to remain active after shutdown. *) Unix MPMs: Shut down the server more quickly when child processes are slow to exit. *) Remove formatting characters from ap_log_error() calls. These were escaped as fallout from CAN-2003-0020. *) mod_ssl: If SSLUsername is used, set r->user earlier. *) htdigest: Fix permissions of created files. *) core_input_filter: Move buckets to a persistent brigade instead of creating a new brigade. This stop a memory leak when proxying a Streaming Media Server. *) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid hiccups from additional path information passed in non-utf-8 format.
2005-04-25 11:13:02 +02:00
PKGNAME= apache-${APACHE_VERSION}
Bump for perl-5.20.0. Do it for all packages that * mention perl, or * have a directory name starting with p5-*, or * depend on a package starting with p5- like last time, for 5.18, where this didn't lead to complaints. Let me know if you have any this time.
2014-05-30 01:35:13 +02:00
PKGREVISION= 3
Changes 2.0.54: *) mod_cache: Add CacheIgnoreHeaders directive. *) mod_ldap: Added the directive LDAPConnectionTimeout to configure the ldap socket connection timeout value. *) Correctly export all mod_dav public functions. *) Add a build script to create a solaris package. *) worker MPM: Fix a problem which could cause httpd processes to remain active after shutdown. *) Unix MPMs: Shut down the server more quickly when child processes are slow to exit. *) Remove formatting characters from ap_log_error() calls. These were escaped as fallout from CAN-2003-0020. *) mod_ssl: If SSLUsername is used, set r->user earlier. *) htdigest: Fix permissions of created files. *) core_input_filter: Move buckets to a persistent brigade instead of creating a new brigade. This stop a memory leak when proxying a Streaming Media Server. *) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid hiccups from additional path information passed in non-utf-8 format.
2005-04-25 11:13:02 +02:00
CATEGORIES= www
Reimport pkgsrc/www/apache-current as pkgsrc/www/apache2.
2002-03-06 00:24:06 +01:00
Changes 2.0.54: *) mod_cache: Add CacheIgnoreHeaders directive. *) mod_ldap: Added the directive LDAPConnectionTimeout to configure the ldap socket connection timeout value. *) Correctly export all mod_dav public functions. *) Add a build script to create a solaris package. *) worker MPM: Fix a problem which could cause httpd processes to remain active after shutdown. *) Unix MPMs: Shut down the server more quickly when child processes are slow to exit. *) Remove formatting characters from ap_log_error() calls. These were escaped as fallout from CAN-2003-0020. *) mod_ssl: If SSLUsername is used, set r->user earlier. *) htdigest: Fix permissions of created files. *) core_input_filter: Move buckets to a persistent brigade instead of creating a new brigade. This stop a memory leak when proxying a Streaming Media Server. *) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid hiccups from additional path information passed in non-utf-8 format.
2005-04-25 11:13:02 +02:00
HOMEPAGE= http://httpd.apache.org/
COMMENT= Apache HTTP (Web) server, version 2
Update apache2 to 2.0.65. Changes with Apache 2.0.65 *) SECURITY: CVE-2013-1862 (cve.mitre.org) mod_rewrite: Ensure that client data written to the RewriteLog is escaped to prevent terminal escape sequences from entering the log file. [Eric Covener, Jeff Trawick, Joe Orton] *) SECURITY: CVE-2012-0053 (cve.mitre.org) Fix an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400. [Eric Covener] *) SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process to cause the parent to crash at shutdown rather than terminate cleanly. [Joe Orton] *) SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. [Joe Orton] *) SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. bug#51714. [Jeff Trawick, Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener, <lowprio20 gmail.com>] *) SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. [Stefan Fritsch, Greg Ames] NOTE: it remains possible to exhaust all memory using a carefully crafted .htaccess rule, which will not be addressed in 2.0; enabling processing of .htaccess files authored by untrusted users is the root of such security risks. Upgrade to httpd 2.2.25 or later to limit this specific risk. *) core: Add MaxRanges directive to control the number of ranges permitted before returning the entire resource, with a default limit of 200. [Eric Covener, Rainer Jung] *) Set 'Accept-Ranges: none' in the case Ranges are being ignored with MaxRanges none. [Eric Covener, Rainer Jung] *) mod_rewrite: Allow merging RewriteBase down to subdirectories if new option 'RewriteOptions MergeBase' is configured. [Eric Covener] *) mod_rewrite: Fix the RewriteEngine directive to work within a location. Previously, once RewriteEngine was switched on globally, it was impossible to switch off. [Graham Leggett] *) mod_rewrite: Add "AllowAnyURI" option. bug#52774. [Joe Orton] *) htdigest: Fix buffer overflow when reading digest password file with very long lines. bug#54893. [Rainer Jung] *) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the OpenSSL 0.9.7 flag which uses the server's cipher order rather than the client's. bug#28665. [Jim Schneider <jschneid netilla.com>] *) mod_include: Prevent a case of SSI timefmt-smashing with filter chains including multiple INCLUDES filters. bug#39369 [Joe Orton] *) mod_rewrite: When evaluating a proxy rule in directory context, do escape the filename by default. bug#46428 [Joe Orton] *) Improve platform detection for bundled PCRE by updating config.guess and config.sub. [Rainer Jung] *) ssl-std.conf: Disable AECDH ciphers in example config. bug#51363. [Rob Stradling <rob comodo com>] *) ssl-std.conf: Change the SSLCipherSuite default to a shorter, whitelist oriented definition. [Rainer Jung, Kaspar Brand] *) ssl-std.conf: Only select old MSIE browsers for the downgrade in http/https behavior. [Greg Stein, Stefan Fritsch]
2013-08-04 04:45:42 +02:00
LICENSE= apache-2.0
Reimport pkgsrc/www/apache-current as pkgsrc/www/apache2.
2002-03-06 00:24:06 +01:00
There's no need for CONFLICT between apache2 and apache22, cube said so.
2006-12-09 01:51:21 +01:00
CONFLICTS= apache-*ssl-[0-9]* apache6-[0-9]*
Reimport pkgsrc/www/apache-current as pkgsrc/www/apache2.
2002-03-06 00:24:06 +01:00
Convert packages that test and use USE_INET6 to use the options framework and to support the "inet6" option instead. Remaining usage of USE_INET6 was solely for the benefit of the scripts that generate the README.html files. Replace: BUILD_DEFS+= USE_INET6 with BUILD_DEFS+= IPV6_READY and teach the README-generation tools to look for that instead. This nukes USE_INET6 from pkgsrc proper. We leave a tiny bit of code to continue to support USE_INET6 for pkgsrc-wip until it has been nuked from there as well.
2007-09-08 00:12:10 +02:00
BUILD_DEFS+= IPV6_READY
The directories for configuration files and log files are now set in the config.layout file instead of CONFIGURE_ARGS, to avoid defining things twice. No actual change, since the paths are still the same. Added all necessary variables to BUILD_DEFS, as reported by pkglint.
2006-08-30 08:16:27 +02:00
BUILD_DEFS+= VARBASE
Reimport pkgsrc/www/apache-current as pkgsrc/www/apache2.
2002-03-06 00:24:06 +01:00
Second round of explicit pax dependencies. As reminded by tnn@, many packages used to use ${PAX}. Use the common way of directly calling pax, it is created as tool after all.
2008-05-26 04:13:14 +02:00
USE_TOOLS+= pax perl perl:run pkg-config
Changes 2.0.54: *) mod_cache: Add CacheIgnoreHeaders directive. *) mod_ldap: Added the directive LDAPConnectionTimeout to configure the ldap socket connection timeout value. *) Correctly export all mod_dav public functions. *) Add a build script to create a solaris package. *) worker MPM: Fix a problem which could cause httpd processes to remain active after shutdown. *) Unix MPMs: Shut down the server more quickly when child processes are slow to exit. *) Remove formatting characters from ap_log_error() calls. These were escaped as fallout from CAN-2003-0020. *) mod_ssl: If SSLUsername is used, set r->user earlier. *) htdigest: Fix permissions of created files. *) core_input_filter: Move buckets to a persistent brigade instead of creating a new brigade. This stop a memory leak when proxying a Streaming Media Server. *) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid hiccups from additional path information passed in non-utf-8 format.
2005-04-25 11:13:02 +02:00
USE_LIBTOOL= yes
GNU_CONFIGURE= yes
Reimport pkgsrc/www/apache-current as pkgsrc/www/apache2.
2002-03-06 00:24:06 +01:00
CONFIGURE_ARGS+= --enable-layout=NetBSD
CONFIGURE_ARGS+= --with-port=80
Clarify that APACHE_MODULES is the list of modules that are linked statically into the httpd executable.
2004-11-22 20:56:23 +01:00
CONFIGURE_ARGS+= --enable-so
Always use ${PERL5} as a perl path, instead of depending on PrintPath. Bump PKGREVISION.
2005-01-01 18:24:25 +01:00
CONFIGURE_ENV+= perlbin=${PERL5:Q}
Update www/apache2 to 2.0.32 beta. Pkgsrc changes from the previous version include: *) Move the binaries back into ${PREFIX}/sbin to match the locations for www/apache. *) Build the Apache modules (including mod_ssl) so that apache2 has the same functionality as apache. *) Support shared modules on platforms that support them. Otherwise, link the modules statically into the server. *) Support suEXEC in the same way as for www/apache. *) Honor PKG_SYSCONFDIR. *) Add a rc.d-style control script based on www/apache/files/apache.sh. *) Strongly buildlinkify again after previous changes broke it. Relevant changes from version 2.0.28 beta include: *) A ton of bug fixes in both the main server code and the module code (it _is_ a beta release following a previous beta release). *) Several performance and memory optimizations. *) The Location: response header field, used for external redirect, *must* be an absoluteURI. The Redirect directive tested for that, but RedirectMatch didn't -- it would allow almost anything through. Now it will try to turn an abs_path into an absoluteURI, but it will correctly varf like Redirect if the final redirection target isn't an absoluteURI. *) Add several new mod_proxy directives: ProxyTimeout, ProxyPreserveHost, ProxyPass. *) FTP directory listings are now always retrieved in ASCII mode. The FTP proxy properly escapes URI's and HTML in the generated listing, and escapes the path components when talking to the FTP server. *) Add FileETag directive to allow configurable control of what data are used to form ETag values for file-based URIs. *) Introduced the ForceLanguagePriority directive, to prevent returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases, when using Multiviews.
2002-03-06 00:56:22 +01:00
# Apache Portable Runtime library configure options
Use BUILDLINK_PREFIX.apr to refer to the installed location of the apr package. Also, remove the need for a separate SUEXEC_COMMENT variable.
2004-11-22 08:12:53 +01:00
CONFIGURE_ARGS+= --with-apr=${BUILDLINK_PREFIX.apr}
CONFIGURE_ARGS+= --with-apr-util=${BUILDLINK_PREFIX.apr}
Update www/apache2 to 2.0.32 beta. Pkgsrc changes from the previous version include: *) Move the binaries back into ${PREFIX}/sbin to match the locations for www/apache. *) Build the Apache modules (including mod_ssl) so that apache2 has the same functionality as apache. *) Support shared modules on platforms that support them. Otherwise, link the modules statically into the server. *) Support suEXEC in the same way as for www/apache. *) Honor PKG_SYSCONFDIR. *) Add a rc.d-style control script based on www/apache/files/apache.sh. *) Strongly buildlinkify again after previous changes broke it. Relevant changes from version 2.0.28 beta include: *) A ton of bug fixes in both the main server code and the module code (it _is_ a beta release following a previous beta release). *) Several performance and memory optimizations. *) The Location: response header field, used for external redirect, *must* be an absoluteURI. The Redirect directive tested for that, but RedirectMatch didn't -- it would allow almost anything through. Now it will try to turn an abs_path into an absoluteURI, but it will correctly varf like Redirect if the final redirection target isn't an absoluteURI. *) Add several new mod_proxy directives: ProxyTimeout, ProxyPreserveHost, ProxyPass. *) FTP directory listings are now always retrieved in ASCII mode. The FTP proxy properly escapes URI's and HTML in the generated listing, and escapes the path components when talking to the FTP server. *) Add FileETag directive to allow configurable control of what data are used to form ETag values for file-based URIs. *) Introduced the ForceLanguagePriority directive, to prevent returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases, when using Multiviews.
2002-03-06 00:56:22 +01:00
Reorder include of devel/apr0/b3.mk to be before the refining dependency is added, as the wildcard pattern in apr0 is necessary to pick the right version of APR.
2007-06-10 08:14:18 +02:00
.include "../../devel/apr0/buildlink3.mk"
Update "apr" package to version 0.9.12.2.0.58 and "apache" package to version 2.0.58. Change since Apache relase 2.0.55: - Legal: Restored original years in copyright notices. - mod_cgid: run the get_suexec_identity hook within the request-handler instead of within cgid. Apache#36410. - core: Prevent read of unitialized memory in ap_rgetline_core. Apache#39282. - mod_proxy: Report the proxy server name correctly in the "Via:" header, when UseCanonicalName is Off. Apache#11971. - mod_isapi: Various trivial code-fixes to permit mod_isapi to load and run on Unix. - HTML-escape the Expect error message. Not classed as security as an attacker has no way to influence the Expect header a victim will send to a target site. Reported by Thiago Zaninotti <thiango nstalker.com>. - SECURITY: CVE-2005-3357 (cve.mitre.org) mod_ssl: Fix a possible crash during access control checks if a non-SSL request is processed for an SSL vhost (such as the "HTTP request received on SSL port" error message when an 400 ErrorDocument is configured, or if using "SSLEngine optional"). Apache#37791. - SECURITY: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT. - Add APR/APR-Util Compiled and Runtime Version numbers to the output of 'httpd -V'. - Ensure that the proper status line is written to the client, fixing incorrect status lines caused by filters which modify r->status without resetting r->status_line, such as the built-in byterange filter. - Default handler: Don't return output filter apr_status_t values. Apache#31759. - mod_speling: Stop crashing with certain non-file requests. - keep the Content-Length header for a HEAD with no response body. Apache#18757 - Modify apr[util] .h detection to avoid breakage on VPATH builds using Solaris make (amoung others) and avoid breakage in ./buildconf when srclib/apr[-util] are symlinks rather than directories proper. - Avoid server-driven negotiation when a CGI script has emitted an explicit "Status:" header. Apache#38070. - mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o format is used. Apache#27787. - mod_cache: Correctly handle responses with a 301 status. Apache#37347. - mod_proxy_http: Prevent data corruption of POST request bodies when client accesses proxied resources with SSL. Apache#37145. - Elimiated the NET_TIME filter, restructuring the timeout logic. This provides a working mod_echo on all platforms, and ensures any custom protocol module is at least given an initial timeout value based on the <VirtualHost > context's Timeout directive. - mod_ssl: Correct issue where mod_ssl does not pick up the ssl-unclean-shutdown setting when configured. Apache#34452. - Document the ReceiveBufferSize change done in r157583. - mod_deflate: Merge the Vary header, instead of Setting it. Fixes applications that send the Vary Header themselves. Apache#37559. - mod_dav: Fix a null pointer dereference in an error code path during the handling of MKCOL. - mod_mime_magic: Handle CRLF-format magic files so that it works with the default installation on Windows. - Write message to error log if AuthGroupFile cannot be opened. Apache#37566. - Add ReceiveBufferSize directive to control the TCP receive buffer. - mod_cache: Fix 'Vary: *' behavior to be RFC compliant. Apache#16125. - Remove the base href tag from proxy_ftp, as it breaks relative links for clients not using an Authorization header. - http_request.c: Add missing va_end call. - Add httxt2dbm to support/ for creating RewriteMap DBM Files. - support/check_forensic: Fix temp file usage - Chunk filter: Fix chunk filter to create correct chunks in the case that a flush bucket is surrounded by data buckets. - mod_cgi(d): Remove block on OPTIONS method so that scripts can respond to OPTIONS directly rather than via server default. Apache#15242 - Added new module mod_version, which provides version dependent configuration containers. - Add core version query function (ap_get_server_revision) and accompanying ap_version_t structure (minor MMN bump).
2006-05-07 14:35:27 +02:00
BUILDLINK_API_DEPENDS.apr+= apr>=0.9.12.2.0.58
Require at least version 0.9.7.2.0.55 of the "apr" package because Apache 2.0.55 won't work with older versions. Bump package revision because of this dependence change. This fixes PR pkg/31872 by Carl Brewer.
2005-10-21 12:31:18 +02:00
Set APACHE_MODULES with ?= *before* bsd.prefs.mk, because that's the only way that using APACHE_MODULES+= (additive) in mk.conf can work correctly.
2006-04-24 22:10:02 +02:00
# the following must be set before bsd.prefs.mk in order to make += work
# in mk.conf; however, it isn't expanded until referenced, so we can
# define DFLT_APACHE_MODULES later
#
APACHE_MODULES?= ${DFLT_APACHE_MODULES}
Update www/apache2 to 2.0.32 beta. Pkgsrc changes from the previous version include: *) Move the binaries back into ${PREFIX}/sbin to match the locations for www/apache. *) Build the Apache modules (including mod_ssl) so that apache2 has the same functionality as apache. *) Support shared modules on platforms that support them. Otherwise, link the modules statically into the server. *) Support suEXEC in the same way as for www/apache. *) Honor PKG_SYSCONFDIR. *) Add a rc.d-style control script based on www/apache/files/apache.sh. *) Strongly buildlinkify again after previous changes broke it. Relevant changes from version 2.0.28 beta include: *) A ton of bug fixes in both the main server code and the module code (it _is_ a beta release following a previous beta release). *) Several performance and memory optimizations. *) The Location: response header field, used for external redirect, *must* be an absoluteURI. The Redirect directive tested for that, but RedirectMatch didn't -- it would allow almost anything through. Now it will try to turn an abs_path into an absoluteURI, but it will correctly varf like Redirect if the final redirection target isn't an absoluteURI. *) Add several new mod_proxy directives: ProxyTimeout, ProxyPreserveHost, ProxyPass. *) FTP directory listings are now always retrieved in ASCII mode. The FTP proxy properly escapes URI's and HTML in the generated listing, and escapes the path components when talking to the FTP server. *) Add FileETag directive to allow configurable control of what data are used to form ETag values for file-based URIs. *) Introduced the ForceLanguagePriority directive, to prevent returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases, when using Multiviews.
2002-03-06 00:56:22 +01:00
.include "../../mk/bsd.prefs.mk"
We don't need to check for APR_USE_* or generate our own _APR_OPTIONS variable since the apr/buildlink3.mk file does the right thing for us already; we simply need to include it and check the value of PKG_OPTIONS.apr.
2004-11-23 01:37:04 +01:00
.include "../../textproc/expat/buildlink3.mk"
Pass DL_* flags to the compiler when linking httpd since it dlopens shared modules. Bump the PKGREVISION.
2004-11-27 00:07:58 +01:00
.include "../../mk/dlopen.buildlink3.mk"
Update www/apache2 to 2.0.32 beta. Pkgsrc changes from the previous version include: *) Move the binaries back into ${PREFIX}/sbin to match the locations for www/apache. *) Build the Apache modules (including mod_ssl) so that apache2 has the same functionality as apache. *) Support shared modules on platforms that support them. Otherwise, link the modules statically into the server. *) Support suEXEC in the same way as for www/apache. *) Honor PKG_SYSCONFDIR. *) Add a rc.d-style control script based on www/apache/files/apache.sh. *) Strongly buildlinkify again after previous changes broke it. Relevant changes from version 2.0.28 beta include: *) A ton of bug fixes in both the main server code and the module code (it _is_ a beta release following a previous beta release). *) Several performance and memory optimizations. *) The Location: response header field, used for external redirect, *must* be an absoluteURI. The Redirect directive tested for that, but RedirectMatch didn't -- it would allow almost anything through. Now it will try to turn an abs_path into an absoluteURI, but it will correctly varf like Redirect if the final redirection target isn't an absoluteURI. *) Add several new mod_proxy directives: ProxyTimeout, ProxyPreserveHost, ProxyPass. *) FTP directory listings are now always retrieved in ASCII mode. The FTP proxy properly escapes URI's and HTML in the generated listing, and escapes the path components when talking to the FTP server. *) Add FileETag directive to allow configurable control of what data are used to form ETag values for file-based URIs. *) Introduced the ForceLanguagePriority directive, to prevent returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases, when using Multiviews.
2002-03-06 00:56:22 +01:00
* Create APACHE_MPM variable that can be either "prefork" or "worker" (defaulting to "prefork") that chooses the multi-processing model for apache to handle requests. "Prefork" is the method used by Apache-1.3, which is non-threaded. "Worker" uses threads to handle requests. * Fix libtool usage in this package. Apache uses libtool, but is hardcoded to use the libtool installed by devel/apr. Patch the generated makefile fragment to use a local libtool instead, and allow the usual libtool wrapper to take its place.
2004-11-22 23:52:53 +01:00
# Set the "Multi-Processing Model" used by Apache to handle requests.
# Valid values are:
# prefork non-threaded, pre-forking web server
# worker hybrid multi-threaded multi-process web server
#
APACHE_MPM?= prefork
Ran "pkglint --autofix", which corrected some of the quoting issues in CONFIGURE_ARGS.
2005-12-06 00:55:01 +01:00
CONFIGURE_ARGS+= --with-mpm=${APACHE_MPM:Q}
* Create APACHE_MPM variable that can be either "prefork" or "worker" (defaulting to "prefork") that chooses the multi-processing model for apache to handle requests. "Prefork" is the method used by Apache-1.3, which is non-threaded. "Worker" uses threads to handle requests. * Fix libtool usage in this package. Apache uses libtool, but is hardcoded to use the libtool installed by devel/apr. Patch the generated makefile fragment to use a local libtool instead, and allow the usual libtool wrapper to take its place.
2004-11-22 23:52:53 +01:00
BUILD_DEFS+= APACHE_MPM
Convert to use PLIST_VARS instead of manually passing "@comment " through PLIST_SUBST to the plist module.
2008-04-13 00:42:57 +02:00
PLIST_VARS+= mpm-prefork mpm-worker
PLIST.${APACHE_MPM}= yes
* Create APACHE_MPM variable that can be either "prefork" or "worker" (defaulting to "prefork") that chooses the multi-processing model for apache to handle requests. "Prefork" is the method used by Apache-1.3, which is non-threaded. "Worker" uses threads to handle requests. * Fix libtool usage in this package. Apache uses libtool, but is hardcoded to use the libtool installed by devel/apr. Patch the generated makefile fragment to use a local libtool instead, and allow the usual libtool wrapper to take its place.
2004-11-22 23:52:53 +01:00
Fix ownership permissions on installed files Change behaviour of APACHE_MODULES and DFLT_APACHE_MODULES If you do not define APACHE_MODULES this change will not impact you, the default behaviour of the package modules has not been changed. The new functionality is as follows: 1) If you need to add an additional module to be installed with apache you would use: APACHE_MODULES+= spelling This would include mod_spelling as a static module in addition to the default modules installed. 2) If you need a highly customised version of apache and would like to explicitly list which modules are installed by default you would use: APACHE_MODULES= spelling access auth include env autoindex This would install _only_ the listed modules as static modules with apache. If you use APACHE_MODULES= please read the apache documentation at: http://httpd.apache.org/docs/2.0/ To determine which modules you will need to install to get the level of functionality you require. By default when using APACHE_MODULES= apache only includes with the following static modules: core.c prefork.c http_core.c mod_so.c
2006-04-23 13:42:38 +02:00
CONFIGURE_ARGS+= --disable-access
CONFIGURE_ARGS+= --disable-auth
CONFIGURE_ARGS+= --disable-include
CONFIGURE_ARGS+= --disable-log-config
CONFIGURE_ARGS+= --disable-env
CONFIGURE_ARGS+= --disable-mime
CONFIGURE_ARGS+= --disable-setenvif
CONFIGURE_ARGS+= --disable-status
CONFIGURE_ARGS+= --disable-autoindex
CONFIGURE_ARGS+= --disable-asis
CONFIGURE_ARGS+= --disable-cgi
CONFIGURE_ARGS+= --disable-negotiation
CONFIGURE_ARGS+= --disable-dir
CONFIGURE_ARGS+= --disable-imap
CONFIGURE_ARGS+= --disable-actions
CONFIGURE_ARGS+= --disable-userdir
CONFIGURE_ARGS+= --disable-alias
Add the ability to specify the list of Apache modules to link statically into the httpd binary. This may be adjusted by setting APACHE_MODULES in /etc/mk.conf and defaults to ${DFLT_APACHE_MODULES}, which contains: all proxy proxy_connect proxy_ftp proxy_http ssl A complete list of which modules may be built into the Apache httpd server may be found in the Apache documentation either in the distributed tarball or on the Apache website (http://httpd.apache.org). An example for adding mod_deflate is: APACHE_MODULES= ${DFLT_APACHE_MODULES} deflate The implementation of this feature uses two tables, _AP_DEPENDS and _AP_CFG_ARGS, indexed by the module name and that specify respectively any additional dependencies or configure script options needed for building the module.
2002-04-16 19:41:54 +02:00
DFLT_APACHE_MODULES= all
DFLT_APACHE_MODULES+= proxy proxy_connect proxy_ftp proxy_http
Make deflate a default module; bump pkgrevision. This closes PR 26824. Approved by Johnny C. Lam.
2005-02-07 09:37:22 +01:00
DFLT_APACHE_MODULES+= ssl deflate
Fix ownership permissions on installed files Change behaviour of APACHE_MODULES and DFLT_APACHE_MODULES If you do not define APACHE_MODULES this change will not impact you, the default behaviour of the package modules has not been changed. The new functionality is as follows: 1) If you need to add an additional module to be installed with apache you would use: APACHE_MODULES+= spelling This would include mod_spelling as a static module in addition to the default modules installed. 2) If you need a highly customised version of apache and would like to explicitly list which modules are installed by default you would use: APACHE_MODULES= spelling access auth include env autoindex This would install _only_ the listed modules as static modules with apache. If you use APACHE_MODULES= please read the apache documentation at: http://httpd.apache.org/docs/2.0/ To determine which modules you will need to install to get the level of functionality you require. By default when using APACHE_MODULES= apache only includes with the following static modules: core.c prefork.c http_core.c mod_so.c
2006-04-23 13:42:38 +02:00
DFLT_APACHE_MODULES+= access auth include log_config env mime setenvif
DFLT_APACHE_MODULES+= status autoindex asis cgi negotiation dir imap
DFLT_APACHE_MODULES+= actions userdir alias
Enable OpenLDAP support if APR_USE_OPENLDAP == [Yy][Ee][Ss]. (ldap and auth_ldap modules). This closes PR pkg/26166.
2004-07-17 02:18:31 +02:00
Fix OpenLDAP detection after devel/apr was converted to use bsd.options.mk.
2004-11-22 20:54:47 +01:00
# LDAP support
apr/buildlink3.mk defines PKG_BUILD_OPTIONS.apr as the result of the PKG_OPTIONS computation for devel/apr. Check that for the presence of db4 instead.
2005-05-10 02:11:18 +02:00
.if !empty(PKG_BUILD_OPTIONS.apr:Mldap)
Enable OpenLDAP support if APR_USE_OPENLDAP == [Yy][Ee][Ss]. (ldap and auth_ldap modules). This closes PR pkg/26166.
2004-07-17 02:18:31 +02:00
DFLT_APACHE_MODULES+= ldap auth_ldap
.endif
Clarify that APACHE_MODULES is the list of modules that are linked statically into the httpd executable.
2004-11-22 20:56:23 +01:00
# APACHE_MODULES are the modules that are linked statically into the
# apache httpd executable.
#
Ran "pkglint --autofix", which corrected some of the quoting issues in CONFIGURE_ARGS.
2005-12-06 00:55:01 +01:00
CONFIGURE_ARGS+= --enable-modules=${APACHE_MODULES:Q}
Add the ability to specify the list of Apache modules to link statically into the httpd binary. This may be adjusted by setting APACHE_MODULES in /etc/mk.conf and defaults to ${DFLT_APACHE_MODULES}, which contains: all proxy proxy_connect proxy_ftp proxy_http ssl A complete list of which modules may be built into the Apache httpd server may be found in the Apache documentation either in the distributed tarball or on the Apache website (http://httpd.apache.org). An example for adding mod_deflate is: APACHE_MODULES= ${DFLT_APACHE_MODULES} deflate The implementation of this feature uses two tables, _AP_DEPENDS and _AP_CFG_ARGS, indexed by the module name and that specify respectively any additional dependencies or configure script options needed for building the module.
2002-04-16 19:41:54 +02:00
BUILD_DEFS+= APACHE_MODULES
Reimport pkgsrc/www/apache-current as pkgsrc/www/apache2.
2002-03-06 00:24:06 +01:00
Convert to use bsd.options.mk: APACHE_SUEXEC is now the "suexec" option.
2004-11-22 21:25:26 +01:00
APACHE_USER?= www
APACHE_GROUP?= www
Update apache packages with some common changes: Give Apache a user and group by default, not only with suexec. The variables for this have changed from APACHE_SUEXEC_USER and APACHE_SUEXEC_GROUP to APACHE_USER and APACHE_GROUP. Mention 'Apache' in COMMENT. Use variables for the version number instead of copying it around. Bump PKGREVISION. For apache{,6}: Change paths to /var/httpd instead of /var/spool/httpd. Honour STRIPFLAG. Add --without-confadjust as configure argument. Enable the 'define' module. For apache: Enable proxy module on NOPIC platforms. Some of these changes are based on pkg/17469 by Greg A. Woods, some on comments by Johnny Lam. Reviewed by Johnny Lam.
2002-07-30 20:40:14 +02:00
PKG_GROUPS= ${APACHE_GROUP}
Modify packages that set PKG_USERS and PKG_GROUPS to follow the new syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
2006-04-23 02:12:35 +02:00
PKG_USERS= ${APACHE_USER}:${APACHE_GROUP}
Make it easier to build and install packages "unprivileged", where the owner of all installed files is a non-root user. This change affects most packages that require special users or groups by making them use the specified unprivileged user and group instead. (1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to unprivileged.mk. These two variables are lists of other bmake variables that define package-specific users and groups. Packages that have user-settable variables for users and groups, e.g. apache and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP}, etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER} and ${UNPRIVILEGED_GROUP}. (2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
2007-07-04 22:54:31 +02:00
PKG_GROUPS_VARS+= APACHE_GROUP
PKG_USERS_VARS+= APACHE_USER
Update apache packages with some common changes: Give Apache a user and group by default, not only with suexec. The variables for this have changed from APACHE_SUEXEC_USER and APACHE_SUEXEC_GROUP to APACHE_USER and APACHE_GROUP. Mention 'Apache' in COMMENT. Use variables for the version number instead of copying it around. Bump PKGREVISION. For apache{,6}: Change paths to /var/httpd instead of /var/spool/httpd. Honour STRIPFLAG. Add --without-confadjust as configure argument. Enable the 'define' module. For apache: Enable proxy module on NOPIC platforms. Some of these changes are based on pkg/17469 by Greg A. Woods, some on comments by Johnny Lam. Reviewed by Johnny Lam.
2002-07-30 20:40:14 +02:00
Update www/apache2 to 2.0.32 beta. Pkgsrc changes from the previous version include: *) Move the binaries back into ${PREFIX}/sbin to match the locations for www/apache. *) Build the Apache modules (including mod_ssl) so that apache2 has the same functionality as apache. *) Support shared modules on platforms that support them. Otherwise, link the modules statically into the server. *) Support suEXEC in the same way as for www/apache. *) Honor PKG_SYSCONFDIR. *) Add a rc.d-style control script based on www/apache/files/apache.sh. *) Strongly buildlinkify again after previous changes broke it. Relevant changes from version 2.0.28 beta include: *) A ton of bug fixes in both the main server code and the module code (it _is_ a beta release following a previous beta release). *) Several performance and memory optimizations. *) The Location: response header field, used for external redirect, *must* be an absoluteURI. The Redirect directive tested for that, but RedirectMatch didn't -- it would allow almost anything through. Now it will try to turn an abs_path into an absoluteURI, but it will correctly varf like Redirect if the final redirection target isn't an absoluteURI. *) Add several new mod_proxy directives: ProxyTimeout, ProxyPreserveHost, ProxyPass. *) FTP directory listings are now always retrieved in ASCII mode. The FTP proxy properly escapes URI's and HTML in the generated listing, and escapes the path components when talking to the FTP server. *) Add FileETag directive to allow configurable control of what data are used to form ETag values for file-based URIs. *) Introduced the ForceLanguagePriority directive, to prevent returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases, when using Multiviews.
2002-03-06 00:56:22 +01:00
PKG_SYSCONFVAR= apache
PKG_SYSCONFSUBDIR?= httpd
EGDIR= ${PREFIX}/share/examples/httpd
SBINDIR= ${PREFIX}/sbin
CONF_FILES= ${EGDIR}/httpd-std.conf ${PKG_SYSCONFDIR}/httpd.conf
CONF_FILES+= ${EGDIR}/ssl-std.conf ${PKG_SYSCONFDIR}/ssl.conf
Merge CONF_FILES/SUPPORT_FILES and CONF_FILES_PERMS/SUPPORT_FILES_PERMS as the INSTALL and DEINSTALL scripts no longer distinguish between the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the packages in pkgsrc accordingly.
2005-08-19 20:12:36 +02:00
CONF_FILES+= ${SBINDIR}/envvars-std ${SBINDIR}/envvars
CONF_FILES+= ${EGDIR}/magic ${PKG_SYSCONFDIR}/magic
CONF_FILES+= ${EGDIR}/mime.types ${PKG_SYSCONFDIR}/mime.types
Update www/apache2 to 2.0.32 beta. Pkgsrc changes from the previous version include: *) Move the binaries back into ${PREFIX}/sbin to match the locations for www/apache. *) Build the Apache modules (including mod_ssl) so that apache2 has the same functionality as apache. *) Support shared modules on platforms that support them. Otherwise, link the modules statically into the server. *) Support suEXEC in the same way as for www/apache. *) Honor PKG_SYSCONFDIR. *) Add a rc.d-style control script based on www/apache/files/apache.sh. *) Strongly buildlinkify again after previous changes broke it. Relevant changes from version 2.0.28 beta include: *) A ton of bug fixes in both the main server code and the module code (it _is_ a beta release following a previous beta release). *) Several performance and memory optimizations. *) The Location: response header field, used for external redirect, *must* be an absoluteURI. The Redirect directive tested for that, but RedirectMatch didn't -- it would allow almost anything through. Now it will try to turn an abs_path into an absoluteURI, but it will correctly varf like Redirect if the final redirection target isn't an absoluteURI. *) Add several new mod_proxy directives: ProxyTimeout, ProxyPreserveHost, ProxyPass. *) FTP directory listings are now always retrieved in ASCII mode. The FTP proxy properly escapes URI's and HTML in the generated listing, and escapes the path components when talking to the FTP server. *) Add FileETag directive to allow configurable control of what data are used to form ETag values for file-based URIs. *) Introduced the ForceLanguagePriority directive, to prevent returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases, when using Multiviews.
2002-03-06 00:56:22 +01:00
RCD_SCRIPTS= apache
The htdocs directory is under ${PREFIX}, so use REQD_DIRS instead of MAKE_DIRS. This causes the htdocs directory to be conditionally removed every time, regardless of the value of PKG_CONFIG. Bump the PKGREVISION to 3.
2005-08-20 05:36:25 +02:00
REQD_DIRS= ${PREFIX}/share/httpd
REQD_DIRS+= ${PREFIX}/share/httpd/htdocs
Whitespace cleanup, courtesy of pkglint. Patch provided by Sergey Svishchev in private mail.
2007-02-22 20:26:05 +01:00
OWN_DIRS= ${VARBASE}/log/httpd
s,/var,${VARBASE},g
2004-07-14 15:21:37 +02:00
OWN_DIRS+= ${VARBASE}/db/httpd
OWN_DIRS_PERMS+= ${VARBASE}/db/httpd/proxy ${APACHE_USER} ${APACHE_GROUP} 0755
Install mkcert to help with certificate creation. The script was taken from the ap-ssl package (which is for apache 1.3.x).
2005-04-11 20:56:05 +02:00
FIX_PERMS= apachectl apxs dbmmanage envvars-std mkcert
Fix ownership permissions on installed files Change behaviour of APACHE_MODULES and DFLT_APACHE_MODULES If you do not define APACHE_MODULES this change will not impact you, the default behaviour of the package modules has not been changed. The new functionality is as follows: 1) If you need to add an additional module to be installed with apache you would use: APACHE_MODULES+= spelling This would include mod_spelling as a static module in addition to the default modules installed. 2) If you need a highly customised version of apache and would like to explicitly list which modules are installed by default you would use: APACHE_MODULES= spelling access auth include env autoindex This would install _only_ the listed modules as static modules with apache. If you use APACHE_MODULES= please read the apache documentation at: http://httpd.apache.org/docs/2.0/ To determine which modules you will need to install to get the level of functionality you require. By default when using APACHE_MODULES= apache only includes with the following static modules: core.c prefork.c http_core.c mod_so.c
2006-04-23 13:42:38 +02:00
FIX_MAN_PERMS= man1/htdbm.1 man1/htpasswd.1 man1/htdigest.1
FIX_MAN_PERMS+= man1/dbmmanage.1 man8/httpd.8 man8/suexec.8
FIX_MAN_PERMS+= man8/rotatelogs.8 man8/logresolve.8 man8/apxs.8
FIX_MAN_PERMS+= man8/apachectl.8 man8/ab.8
- Update to apache 2.0.50 - Add new build def APACHE_DEFAULT_FILES Changes with Apache 2.0.50 *) SECURITY: CAN-2004-0493 (cve.mitre.org) Close a denial of service vulnerability identified by Georgi Guninski which could lead to memory exhaustion with certain input data. [Jeff Trawick] *) mod_cgi: Handle output on stderr during script execution on Unix platforms; preventing deadlock when stderr output fills pipe buffer. Also fixes case where stderr from nph- scripts could be lost. PR 22030, 18348. [Joe Orton, Jeff Trawick] *) mod_alias now emits a warning if it detects overlapping *Alias* directives. [André Malo] *) mod_rewrite no longer turns forward proxy requests into reverse proxy requests. PR 28125 [ast domdv.de, André Malo] *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now exported on Win32 and Netware as well (minor MMN bump). PR 28523. [Edward Rudd <eddie omegaware.com>, André Malo] *) Restore the ability to disable the use of AcceptEx on Win9x systems automatically (broken in 2.0.49). PR 28529. [André Malo] *) <VirtualHost myhost> now applies to all IP addresses for myhost instead of just the first one reported by the resolver. This corrects a regression since 1.3. [Jeff Trawick] *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved against ServerRoot PR#26602 [Brad Nicholes] *) SECURITY: CAN-2004-0488 (cve.mitre.org) mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length. [Joe Orton] *) mod_dav_fs: Fix MKCOL response for missing parent collections, which caused issues for the Eclipse WebDAV extension. PR 29034. [Joe Orton] *) mod_deflate: Fix memory consumption (which was proportional to the response size). PR 29318. [Joe Orton] *) mod_ssl: Log the errors returned on failure to load or initialize a crypto accelerator engine. [Joe Orton] *) Allow RequestHeader directives to be conditional. PR 27951. [Vincent Deffontaines <vincent gryzor.com>, André Malo] *) Allow LimitRequestBody to be reset to unlimited. PR 29106 [André Malo] *) Fix a bunch of cases where the return code of the regex compiler was not checked properly. This affects: mod_setenvif, mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo] *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>] *) Remove 2Gb log file size restriction on some 32-bit platforms. PR 13511. [Joe Orton] *) mod_logio no longer removes the EOS bucket. PR 27928. [Bojan Smojver <bojan rexursive.com>] *) htpasswd no longer refuses to process files that contain empty lines. [André Malo] *) Regression from 1.3: At startup, suexec now will be checked for availability, the setuid bit and user root. The works only if httpd is compiled with the shipped APR version (0.9.5). PR 28287. [André Malo] *) Unix MPMs: Stop dropping connections when the file descriptor is at least FD_SETSIZE. [Jeff Trawick] *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick] *) mod_isapi: send_response_header() failed to copy status string's last character. PR 20619. [Jesse Pelton <jsp pkc.com>] *) Fix a segfault when requests for shared memory fails and returns NULL. Fix a segfault caused by a lack of bounds checking on the cache. PR 24801. [Graham Leggett] *) Throw an error message if an attempt is made to use the LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost. PR 26390 [Brad Nicholes] *) Fix a potential segfault if the bind password in the LDAP cache is NULL. PR 28250. [Jari Ahonen <jah progress.com>] *) Quotes cannot be used around require group and require dn directives, update the documentation to reflect this. Also add quotes around the dn and group within debug messages, to make it more obvious why authentication is failing if quotes are used in error. PR 19304. [Graham Leggett] *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap from escaping filters twice when the backslash character is used. PR 24437. [Jess Holle <jessh ptc.com>] *) Overhaul handling of LDAP error conditions, so that the util_ldap_* functions leave the connections in a sane state after errors have occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134, 27271 [Graham Leggett] *) mod_ldap calls ldap_simple_bind_s() to validate the user credentials. If the bind fails, the connection is left in an unbound state. Make sure that the ldap connection record is updated to show that the connection is no longer bound. [Brad Nicholes] *) Ensure that lines in the request which are too long are properly terminated before logging. [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>] *) Update the bind credentials for the cached LDAP connection to reflect the last bind. This prevents util_ldap from creating unnecessary connections rather than reusing cached connections. [Brad Nicholes] *) mod_isapi: GetServerVariable returned improperly terminated header fields given "ALL_HTTP" or "ALL_RAW". PR 20656. [Jesse Pelton <jsp pkc.com>] *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer size. PR 20617. [Jesse Pelton <jsp pkc.com>] *) mod_dav: Fix a problem that could cause crashes when manipulating locks on some platforms. [Jeff Trawick] *) mod_headers no longer crashes if an empty header value should be added. [André Malo] *) Fix segfault in mod_expires, which occured under certain circumstances. PR 28047. [André Malo] *) htpasswd: use apr_temp_dir_get() and general cleanup [Guenter Knauf <eflash gmx.net>, Thom May] *) mod_ssl: Fix memory leak in session cache handling. PR 26562 [Madhusudan Mathihalli] *) mod_ssl: Fix potential segfaults when performing SSL shutdown from a pool cleanup. PR 27945. [Joe Orton] *) Add forensic logging module (mod_log_forensic). [Ben Laurie] *) logresolve: Allow size of log line buffer to be overridden at build time (MAXLINE). PR 27793. [Jeff Trawick] *) Fix the comment delimiter in htdbm so that it correctly parses the username comment. Also add a terminate function to allow NetWare to pause the output before the screen is destroyed. [Guenter Knauf <eflash gmx.net>, Brad Nicholes] *) Fix crash when Apache was started with no Listen directives. [Michael Corcoran <mcorcoran warpsolutions.com>] *) core_output_filter: Fix bug that could result in sending garbage over the network when module handlers construct bucket brigades containing multiple file buckets all referencing the same open file descriptor. [Bojan Smojver] *) Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests. [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe] *) Win32: Tweak worker thread accounting routines to eliminate server hang when number of Listen directives in httpd.conf is greater than or equal to the setting of ThreadsPerChild. [Bill Stoddard]
2004-07-14 10:28:51 +02:00
Fix the default config and ServerRoot paths in apache and apache2 manpages, as suggested by PR pkg/32300, bump PKGREVISION. Ok by tron, wiz.
2006-01-05 11:01:20 +01:00
# Fix paths in the apache manpages.
SUBST_CLASSES+= man
SUBST_STAGE.man= post-patch
SUBST_FILES.man= docs/man/*.1 docs/man/*.8
SUBST_SED.man= -e 's,/usr/local/etc/apache,${PKG_SYSCONFDIR},'
SUBST_SED.man+= -e 's,/path/to/apache/etc,${PKG_SYSCONFDIR},'
SUBST_SED.man+= -e 's,/usr/local/apache2,${PREFIX}/share/httpd/htdocs,'
SUBST_SED.man+= -e 's,/usr/web,${PREFIX}/share/httpd/htdocs,'
Classes must be appended to SUBST_CLASSES.
2004-12-07 23:25:50 +01:00
SUBST_CLASSES+= paths
- Update to apache 2.0.50 - Add new build def APACHE_DEFAULT_FILES Changes with Apache 2.0.50 *) SECURITY: CAN-2004-0493 (cve.mitre.org) Close a denial of service vulnerability identified by Georgi Guninski which could lead to memory exhaustion with certain input data. [Jeff Trawick] *) mod_cgi: Handle output on stderr during script execution on Unix platforms; preventing deadlock when stderr output fills pipe buffer. Also fixes case where stderr from nph- scripts could be lost. PR 22030, 18348. [Joe Orton, Jeff Trawick] *) mod_alias now emits a warning if it detects overlapping *Alias* directives. [André Malo] *) mod_rewrite no longer turns forward proxy requests into reverse proxy requests. PR 28125 [ast domdv.de, André Malo] *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now exported on Win32 and Netware as well (minor MMN bump). PR 28523. [Edward Rudd <eddie omegaware.com>, André Malo] *) Restore the ability to disable the use of AcceptEx on Win9x systems automatically (broken in 2.0.49). PR 28529. [André Malo] *) <VirtualHost myhost> now applies to all IP addresses for myhost instead of just the first one reported by the resolver. This corrects a regression since 1.3. [Jeff Trawick] *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved against ServerRoot PR#26602 [Brad Nicholes] *) SECURITY: CAN-2004-0488 (cve.mitre.org) mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length. [Joe Orton] *) mod_dav_fs: Fix MKCOL response for missing parent collections, which caused issues for the Eclipse WebDAV extension. PR 29034. [Joe Orton] *) mod_deflate: Fix memory consumption (which was proportional to the response size). PR 29318. [Joe Orton] *) mod_ssl: Log the errors returned on failure to load or initialize a crypto accelerator engine. [Joe Orton] *) Allow RequestHeader directives to be conditional. PR 27951. [Vincent Deffontaines <vincent gryzor.com>, André Malo] *) Allow LimitRequestBody to be reset to unlimited. PR 29106 [André Malo] *) Fix a bunch of cases where the return code of the regex compiler was not checked properly. This affects: mod_setenvif, mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo] *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>] *) Remove 2Gb log file size restriction on some 32-bit platforms. PR 13511. [Joe Orton] *) mod_logio no longer removes the EOS bucket. PR 27928. [Bojan Smojver <bojan rexursive.com>] *) htpasswd no longer refuses to process files that contain empty lines. [André Malo] *) Regression from 1.3: At startup, suexec now will be checked for availability, the setuid bit and user root. The works only if httpd is compiled with the shipped APR version (0.9.5). PR 28287. [André Malo] *) Unix MPMs: Stop dropping connections when the file descriptor is at least FD_SETSIZE. [Jeff Trawick] *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick] *) mod_isapi: send_response_header() failed to copy status string's last character. PR 20619. [Jesse Pelton <jsp pkc.com>] *) Fix a segfault when requests for shared memory fails and returns NULL. Fix a segfault caused by a lack of bounds checking on the cache. PR 24801. [Graham Leggett] *) Throw an error message if an attempt is made to use the LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost. PR 26390 [Brad Nicholes] *) Fix a potential segfault if the bind password in the LDAP cache is NULL. PR 28250. [Jari Ahonen <jah progress.com>] *) Quotes cannot be used around require group and require dn directives, update the documentation to reflect this. Also add quotes around the dn and group within debug messages, to make it more obvious why authentication is failing if quotes are used in error. PR 19304. [Graham Leggett] *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap from escaping filters twice when the backslash character is used. PR 24437. [Jess Holle <jessh ptc.com>] *) Overhaul handling of LDAP error conditions, so that the util_ldap_* functions leave the connections in a sane state after errors have occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134, 27271 [Graham Leggett] *) mod_ldap calls ldap_simple_bind_s() to validate the user credentials. If the bind fails, the connection is left in an unbound state. Make sure that the ldap connection record is updated to show that the connection is no longer bound. [Brad Nicholes] *) Ensure that lines in the request which are too long are properly terminated before logging. [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>] *) Update the bind credentials for the cached LDAP connection to reflect the last bind. This prevents util_ldap from creating unnecessary connections rather than reusing cached connections. [Brad Nicholes] *) mod_isapi: GetServerVariable returned improperly terminated header fields given "ALL_HTTP" or "ALL_RAW". PR 20656. [Jesse Pelton <jsp pkc.com>] *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer size. PR 20617. [Jesse Pelton <jsp pkc.com>] *) mod_dav: Fix a problem that could cause crashes when manipulating locks on some platforms. [Jeff Trawick] *) mod_headers no longer crashes if an empty header value should be added. [André Malo] *) Fix segfault in mod_expires, which occured under certain circumstances. PR 28047. [André Malo] *) htpasswd: use apr_temp_dir_get() and general cleanup [Guenter Knauf <eflash gmx.net>, Thom May] *) mod_ssl: Fix memory leak in session cache handling. PR 26562 [Madhusudan Mathihalli] *) mod_ssl: Fix potential segfaults when performing SSL shutdown from a pool cleanup. PR 27945. [Joe Orton] *) Add forensic logging module (mod_log_forensic). [Ben Laurie] *) logresolve: Allow size of log line buffer to be overridden at build time (MAXLINE). PR 27793. [Jeff Trawick] *) Fix the comment delimiter in htdbm so that it correctly parses the username comment. Also add a terminate function to allow NetWare to pause the output before the screen is destroyed. [Guenter Knauf <eflash gmx.net>, Brad Nicholes] *) Fix crash when Apache was started with no Listen directives. [Michael Corcoran <mcorcoran warpsolutions.com>] *) core_output_filter: Fix bug that could result in sending garbage over the network when module handlers construct bucket brigades containing multiple file buckets all referencing the same open file descriptor. [Bojan Smojver] *) Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests. [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe] *) Win32: Tweak worker thread accounting routines to eliminate server hang when number of Listen directives in httpd.conf is greater than or equal to the setting of ThreadsPerChild. [Bill Stoddard]
2004-07-14 10:28:51 +02:00
SUBST_STAGE.paths= pre-configure
Changes 2.0.54: *) mod_cache: Add CacheIgnoreHeaders directive. *) mod_ldap: Added the directive LDAPConnectionTimeout to configure the ldap socket connection timeout value. *) Correctly export all mod_dav public functions. *) Add a build script to create a solaris package. *) worker MPM: Fix a problem which could cause httpd processes to remain active after shutdown. *) Unix MPMs: Shut down the server more quickly when child processes are slow to exit. *) Remove formatting characters from ap_log_error() calls. These were escaped as fallout from CAN-2003-0020. *) mod_ssl: If SSLUsername is used, set r->user earlier. *) htdigest: Fix permissions of created files. *) core_input_filter: Move buckets to a persistent brigade instead of creating a new brigade. This stop a memory leak when proxying a Streaming Media Server. *) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid hiccups from additional path information passed in non-utf-8 format.
2005-04-25 11:13:02 +02:00
SUBST_FILES.paths= config.layout
- Update to apache 2.0.50 - Add new build def APACHE_DEFAULT_FILES Changes with Apache 2.0.50 *) SECURITY: CAN-2004-0493 (cve.mitre.org) Close a denial of service vulnerability identified by Georgi Guninski which could lead to memory exhaustion with certain input data. [Jeff Trawick] *) mod_cgi: Handle output on stderr during script execution on Unix platforms; preventing deadlock when stderr output fills pipe buffer. Also fixes case where stderr from nph- scripts could be lost. PR 22030, 18348. [Joe Orton, Jeff Trawick] *) mod_alias now emits a warning if it detects overlapping *Alias* directives. [André Malo] *) mod_rewrite no longer turns forward proxy requests into reverse proxy requests. PR 28125 [ast domdv.de, André Malo] *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now exported on Win32 and Netware as well (minor MMN bump). PR 28523. [Edward Rudd <eddie omegaware.com>, André Malo] *) Restore the ability to disable the use of AcceptEx on Win9x systems automatically (broken in 2.0.49). PR 28529. [André Malo] *) <VirtualHost myhost> now applies to all IP addresses for myhost instead of just the first one reported by the resolver. This corrects a regression since 1.3. [Jeff Trawick] *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved against ServerRoot PR#26602 [Brad Nicholes] *) SECURITY: CAN-2004-0488 (cve.mitre.org) mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length. [Joe Orton] *) mod_dav_fs: Fix MKCOL response for missing parent collections, which caused issues for the Eclipse WebDAV extension. PR 29034. [Joe Orton] *) mod_deflate: Fix memory consumption (which was proportional to the response size). PR 29318. [Joe Orton] *) mod_ssl: Log the errors returned on failure to load or initialize a crypto accelerator engine. [Joe Orton] *) Allow RequestHeader directives to be conditional. PR 27951. [Vincent Deffontaines <vincent gryzor.com>, André Malo] *) Allow LimitRequestBody to be reset to unlimited. PR 29106 [André Malo] *) Fix a bunch of cases where the return code of the regex compiler was not checked properly. This affects: mod_setenvif, mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo] *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>] *) Remove 2Gb log file size restriction on some 32-bit platforms. PR 13511. [Joe Orton] *) mod_logio no longer removes the EOS bucket. PR 27928. [Bojan Smojver <bojan rexursive.com>] *) htpasswd no longer refuses to process files that contain empty lines. [André Malo] *) Regression from 1.3: At startup, suexec now will be checked for availability, the setuid bit and user root. The works only if httpd is compiled with the shipped APR version (0.9.5). PR 28287. [André Malo] *) Unix MPMs: Stop dropping connections when the file descriptor is at least FD_SETSIZE. [Jeff Trawick] *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick] *) mod_isapi: send_response_header() failed to copy status string's last character. PR 20619. [Jesse Pelton <jsp pkc.com>] *) Fix a segfault when requests for shared memory fails and returns NULL. Fix a segfault caused by a lack of bounds checking on the cache. PR 24801. [Graham Leggett] *) Throw an error message if an attempt is made to use the LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost. PR 26390 [Brad Nicholes] *) Fix a potential segfault if the bind password in the LDAP cache is NULL. PR 28250. [Jari Ahonen <jah progress.com>] *) Quotes cannot be used around require group and require dn directives, update the documentation to reflect this. Also add quotes around the dn and group within debug messages, to make it more obvious why authentication is failing if quotes are used in error. PR 19304. [Graham Leggett] *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap from escaping filters twice when the backslash character is used. PR 24437. [Jess Holle <jessh ptc.com>] *) Overhaul handling of LDAP error conditions, so that the util_ldap_* functions leave the connections in a sane state after errors have occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134, 27271 [Graham Leggett] *) mod_ldap calls ldap_simple_bind_s() to validate the user credentials. If the bind fails, the connection is left in an unbound state. Make sure that the ldap connection record is updated to show that the connection is no longer bound. [Brad Nicholes] *) Ensure that lines in the request which are too long are properly terminated before logging. [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>] *) Update the bind credentials for the cached LDAP connection to reflect the last bind. This prevents util_ldap from creating unnecessary connections rather than reusing cached connections. [Brad Nicholes] *) mod_isapi: GetServerVariable returned improperly terminated header fields given "ALL_HTTP" or "ALL_RAW". PR 20656. [Jesse Pelton <jsp pkc.com>] *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer size. PR 20617. [Jesse Pelton <jsp pkc.com>] *) mod_dav: Fix a problem that could cause crashes when manipulating locks on some platforms. [Jeff Trawick] *) mod_headers no longer crashes if an empty header value should be added. [André Malo] *) Fix segfault in mod_expires, which occured under certain circumstances. PR 28047. [André Malo] *) htpasswd: use apr_temp_dir_get() and general cleanup [Guenter Knauf <eflash gmx.net>, Thom May] *) mod_ssl: Fix memory leak in session cache handling. PR 26562 [Madhusudan Mathihalli] *) mod_ssl: Fix potential segfaults when performing SSL shutdown from a pool cleanup. PR 27945. [Joe Orton] *) Add forensic logging module (mod_log_forensic). [Ben Laurie] *) logresolve: Allow size of log line buffer to be overridden at build time (MAXLINE). PR 27793. [Jeff Trawick] *) Fix the comment delimiter in htdbm so that it correctly parses the username comment. Also add a terminate function to allow NetWare to pause the output before the screen is destroyed. [Guenter Knauf <eflash gmx.net>, Brad Nicholes] *) Fix crash when Apache was started with no Listen directives. [Michael Corcoran <mcorcoran warpsolutions.com>] *) core_output_filter: Fix bug that could result in sending garbage over the network when module handlers construct bucket brigades containing multiple file buckets all referencing the same open file descriptor. [Bojan Smojver] *) Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests. [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe] *) Win32: Tweak worker thread accounting routines to eliminate server hang when number of Listen directives in httpd.conf is greater than or equal to the setting of ThreadsPerChild. [Bill Stoddard]
2004-07-14 10:28:51 +02:00
SUBST_SED.paths= -e "s|@PREFIX@|${PREFIX}|g"
The directories for configuration files and log files are now set in the config.layout file instead of CONFIGURE_ARGS, to avoid defining things twice. No actual change, since the paths are still the same. Added all necessary variables to BUILD_DEFS, as reported by pkglint.
2006-08-30 08:16:27 +02:00
SUBST_SED.paths+= -e "s|@VARBASE@|${VARBASE}|g"
SUBST_SED.paths+= -e "s|@SYSCONFDIR@|${PKG_SYSCONFDIR}|g"
Removed the superfluous "quotes" and 'quotes' from variables that don't need them, for example RESTRICTED and SUBST_MESSAGE.*.
2006-04-22 11:22:05 +02:00
SUBST_MESSAGE.paths= Fixing paths.
- Update to apache 2.0.50 - Add new build def APACHE_DEFAULT_FILES Changes with Apache 2.0.50 *) SECURITY: CAN-2004-0493 (cve.mitre.org) Close a denial of service vulnerability identified by Georgi Guninski which could lead to memory exhaustion with certain input data. [Jeff Trawick] *) mod_cgi: Handle output on stderr during script execution on Unix platforms; preventing deadlock when stderr output fills pipe buffer. Also fixes case where stderr from nph- scripts could be lost. PR 22030, 18348. [Joe Orton, Jeff Trawick] *) mod_alias now emits a warning if it detects overlapping *Alias* directives. [André Malo] *) mod_rewrite no longer turns forward proxy requests into reverse proxy requests. PR 28125 [ast domdv.de, André Malo] *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now exported on Win32 and Netware as well (minor MMN bump). PR 28523. [Edward Rudd <eddie omegaware.com>, André Malo] *) Restore the ability to disable the use of AcceptEx on Win9x systems automatically (broken in 2.0.49). PR 28529. [André Malo] *) <VirtualHost myhost> now applies to all IP addresses for myhost instead of just the first one reported by the resolver. This corrects a regression since 1.3. [Jeff Trawick] *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved against ServerRoot PR#26602 [Brad Nicholes] *) SECURITY: CAN-2004-0488 (cve.mitre.org) mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length. [Joe Orton] *) mod_dav_fs: Fix MKCOL response for missing parent collections, which caused issues for the Eclipse WebDAV extension. PR 29034. [Joe Orton] *) mod_deflate: Fix memory consumption (which was proportional to the response size). PR 29318. [Joe Orton] *) mod_ssl: Log the errors returned on failure to load or initialize a crypto accelerator engine. [Joe Orton] *) Allow RequestHeader directives to be conditional. PR 27951. [Vincent Deffontaines <vincent gryzor.com>, André Malo] *) Allow LimitRequestBody to be reset to unlimited. PR 29106 [André Malo] *) Fix a bunch of cases where the return code of the regex compiler was not checked properly. This affects: mod_setenvif, mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo] *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>] *) Remove 2Gb log file size restriction on some 32-bit platforms. PR 13511. [Joe Orton] *) mod_logio no longer removes the EOS bucket. PR 27928. [Bojan Smojver <bojan rexursive.com>] *) htpasswd no longer refuses to process files that contain empty lines. [André Malo] *) Regression from 1.3: At startup, suexec now will be checked for availability, the setuid bit and user root. The works only if httpd is compiled with the shipped APR version (0.9.5). PR 28287. [André Malo] *) Unix MPMs: Stop dropping connections when the file descriptor is at least FD_SETSIZE. [Jeff Trawick] *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick] *) mod_isapi: send_response_header() failed to copy status string's last character. PR 20619. [Jesse Pelton <jsp pkc.com>] *) Fix a segfault when requests for shared memory fails and returns NULL. Fix a segfault caused by a lack of bounds checking on the cache. PR 24801. [Graham Leggett] *) Throw an error message if an attempt is made to use the LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost. PR 26390 [Brad Nicholes] *) Fix a potential segfault if the bind password in the LDAP cache is NULL. PR 28250. [Jari Ahonen <jah progress.com>] *) Quotes cannot be used around require group and require dn directives, update the documentation to reflect this. Also add quotes around the dn and group within debug messages, to make it more obvious why authentication is failing if quotes are used in error. PR 19304. [Graham Leggett] *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap from escaping filters twice when the backslash character is used. PR 24437. [Jess Holle <jessh ptc.com>] *) Overhaul handling of LDAP error conditions, so that the util_ldap_* functions leave the connections in a sane state after errors have occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134, 27271 [Graham Leggett] *) mod_ldap calls ldap_simple_bind_s() to validate the user credentials. If the bind fails, the connection is left in an unbound state. Make sure that the ldap connection record is updated to show that the connection is no longer bound. [Brad Nicholes] *) Ensure that lines in the request which are too long are properly terminated before logging. [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>] *) Update the bind credentials for the cached LDAP connection to reflect the last bind. This prevents util_ldap from creating unnecessary connections rather than reusing cached connections. [Brad Nicholes] *) mod_isapi: GetServerVariable returned improperly terminated header fields given "ALL_HTTP" or "ALL_RAW". PR 20656. [Jesse Pelton <jsp pkc.com>] *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer size. PR 20617. [Jesse Pelton <jsp pkc.com>] *) mod_dav: Fix a problem that could cause crashes when manipulating locks on some platforms. [Jeff Trawick] *) mod_headers no longer crashes if an empty header value should be added. [André Malo] *) Fix segfault in mod_expires, which occured under certain circumstances. PR 28047. [André Malo] *) htpasswd: use apr_temp_dir_get() and general cleanup [Guenter Knauf <eflash gmx.net>, Thom May] *) mod_ssl: Fix memory leak in session cache handling. PR 26562 [Madhusudan Mathihalli] *) mod_ssl: Fix potential segfaults when performing SSL shutdown from a pool cleanup. PR 27945. [Joe Orton] *) Add forensic logging module (mod_log_forensic). [Ben Laurie] *) logresolve: Allow size of log line buffer to be overridden at build time (MAXLINE). PR 27793. [Jeff Trawick] *) Fix the comment delimiter in htdbm so that it correctly parses the username comment. Also add a terminate function to allow NetWare to pause the output before the screen is destroyed. [Guenter Knauf <eflash gmx.net>, Brad Nicholes] *) Fix crash when Apache was started with no Listen directives. [Michael Corcoran <mcorcoran warpsolutions.com>] *) core_output_filter: Fix bug that could result in sending garbage over the network when module handlers construct bucket brigades containing multiple file buckets all referencing the same open file descriptor. [Bojan Smojver] *) Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests. [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe] *) Win32: Tweak worker thread accounting routines to eliminate server hang when number of Listen directives in httpd.conf is greater than or equal to the setting of ThreadsPerChild. [Bill Stoddard]
2004-07-14 10:28:51 +02:00
Classes must be appended to SUBST_CLASSES.
2004-12-07 23:25:50 +01:00
SUBST_CLASSES+= apr-lt
* Create APACHE_MPM variable that can be either "prefork" or "worker" (defaulting to "prefork") that chooses the multi-processing model for apache to handle requests. "Prefork" is the method used by Apache-1.3, which is non-threaded. "Worker" uses threads to handle requests. * Fix libtool usage in this package. Apache uses libtool, but is hardcoded to use the libtool installed by devel/apr. Patch the generated makefile fragment to use a local libtool instead, and allow the usual libtool wrapper to take its place.
2004-11-22 23:52:53 +01:00
SUBST_STAGE.apr-lt= post-configure
SUBST_FILES.apr-lt= build/config_vars.mk
Fix the path to libtool on build so that it gets set correctly in the installed config_vars.mk. Any package pulling in config_vars.mk will now find libtool. PKGREVISION++ ok'ed tron@
2006-11-05 18:52:38 +01:00
SUBST_SED.apr-lt= -e 's|^\(LIBTOOL =\) [^ ]*|\1 $$(SHELL) $$(top_builddir)/build/libtool|g'
Removed the superfluous "quotes" and 'quotes' from variables that don't need them, for example RESTRICTED and SUBST_MESSAGE.*.
2006-04-22 11:22:05 +02:00
SUBST_MESSAGE.apr-lt= Fixing libtool references.
* Create APACHE_MPM variable that can be either "prefork" or "worker" (defaulting to "prefork") that chooses the multi-processing model for apache to handle requests. "Prefork" is the method used by Apache-1.3, which is non-threaded. "Worker" uses threads to handle requests. * Fix libtool usage in this package. Apache uses libtool, but is hardcoded to use the libtool installed by devel/apr. Patch the generated makefile fragment to use a local libtool instead, and allow the usual libtool wrapper to take its place.
2004-11-22 23:52:53 +01:00
- Update to apache 2.0.50 - Add new build def APACHE_DEFAULT_FILES Changes with Apache 2.0.50 *) SECURITY: CAN-2004-0493 (cve.mitre.org) Close a denial of service vulnerability identified by Georgi Guninski which could lead to memory exhaustion with certain input data. [Jeff Trawick] *) mod_cgi: Handle output on stderr during script execution on Unix platforms; preventing deadlock when stderr output fills pipe buffer. Also fixes case where stderr from nph- scripts could be lost. PR 22030, 18348. [Joe Orton, Jeff Trawick] *) mod_alias now emits a warning if it detects overlapping *Alias* directives. [André Malo] *) mod_rewrite no longer turns forward proxy requests into reverse proxy requests. PR 28125 [ast domdv.de, André Malo] *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now exported on Win32 and Netware as well (minor MMN bump). PR 28523. [Edward Rudd <eddie omegaware.com>, André Malo] *) Restore the ability to disable the use of AcceptEx on Win9x systems automatically (broken in 2.0.49). PR 28529. [André Malo] *) <VirtualHost myhost> now applies to all IP addresses for myhost instead of just the first one reported by the resolver. This corrects a regression since 1.3. [Jeff Trawick] *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved against ServerRoot PR#26602 [Brad Nicholes] *) SECURITY: CAN-2004-0488 (cve.mitre.org) mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length. [Joe Orton] *) mod_dav_fs: Fix MKCOL response for missing parent collections, which caused issues for the Eclipse WebDAV extension. PR 29034. [Joe Orton] *) mod_deflate: Fix memory consumption (which was proportional to the response size). PR 29318. [Joe Orton] *) mod_ssl: Log the errors returned on failure to load or initialize a crypto accelerator engine. [Joe Orton] *) Allow RequestHeader directives to be conditional. PR 27951. [Vincent Deffontaines <vincent gryzor.com>, André Malo] *) Allow LimitRequestBody to be reset to unlimited. PR 29106 [André Malo] *) Fix a bunch of cases where the return code of the regex compiler was not checked properly. This affects: mod_setenvif, mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo] *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>] *) Remove 2Gb log file size restriction on some 32-bit platforms. PR 13511. [Joe Orton] *) mod_logio no longer removes the EOS bucket. PR 27928. [Bojan Smojver <bojan rexursive.com>] *) htpasswd no longer refuses to process files that contain empty lines. [André Malo] *) Regression from 1.3: At startup, suexec now will be checked for availability, the setuid bit and user root. The works only if httpd is compiled with the shipped APR version (0.9.5). PR 28287. [André Malo] *) Unix MPMs: Stop dropping connections when the file descriptor is at least FD_SETSIZE. [Jeff Trawick] *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick] *) mod_isapi: send_response_header() failed to copy status string's last character. PR 20619. [Jesse Pelton <jsp pkc.com>] *) Fix a segfault when requests for shared memory fails and returns NULL. Fix a segfault caused by a lack of bounds checking on the cache. PR 24801. [Graham Leggett] *) Throw an error message if an attempt is made to use the LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost. PR 26390 [Brad Nicholes] *) Fix a potential segfault if the bind password in the LDAP cache is NULL. PR 28250. [Jari Ahonen <jah progress.com>] *) Quotes cannot be used around require group and require dn directives, update the documentation to reflect this. Also add quotes around the dn and group within debug messages, to make it more obvious why authentication is failing if quotes are used in error. PR 19304. [Graham Leggett] *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap from escaping filters twice when the backslash character is used. PR 24437. [Jess Holle <jessh ptc.com>] *) Overhaul handling of LDAP error conditions, so that the util_ldap_* functions leave the connections in a sane state after errors have occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134, 27271 [Graham Leggett] *) mod_ldap calls ldap_simple_bind_s() to validate the user credentials. If the bind fails, the connection is left in an unbound state. Make sure that the ldap connection record is updated to show that the connection is no longer bound. [Brad Nicholes] *) Ensure that lines in the request which are too long are properly terminated before logging. [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>] *) Update the bind credentials for the cached LDAP connection to reflect the last bind. This prevents util_ldap from creating unnecessary connections rather than reusing cached connections. [Brad Nicholes] *) mod_isapi: GetServerVariable returned improperly terminated header fields given "ALL_HTTP" or "ALL_RAW". PR 20656. [Jesse Pelton <jsp pkc.com>] *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer size. PR 20617. [Jesse Pelton <jsp pkc.com>] *) mod_dav: Fix a problem that could cause crashes when manipulating locks on some platforms. [Jeff Trawick] *) mod_headers no longer crashes if an empty header value should be added. [André Malo] *) Fix segfault in mod_expires, which occured under certain circumstances. PR 28047. [André Malo] *) htpasswd: use apr_temp_dir_get() and general cleanup [Guenter Knauf <eflash gmx.net>, Thom May] *) mod_ssl: Fix memory leak in session cache handling. PR 26562 [Madhusudan Mathihalli] *) mod_ssl: Fix potential segfaults when performing SSL shutdown from a pool cleanup. PR 27945. [Joe Orton] *) Add forensic logging module (mod_log_forensic). [Ben Laurie] *) logresolve: Allow size of log line buffer to be overridden at build time (MAXLINE). PR 27793. [Jeff Trawick] *) Fix the comment delimiter in htdbm so that it correctly parses the username comment. Also add a terminate function to allow NetWare to pause the output before the screen is destroyed. [Guenter Knauf <eflash gmx.net>, Brad Nicholes] *) Fix crash when Apache was started with no Listen directives. [Michael Corcoran <mcorcoran warpsolutions.com>] *) core_output_filter: Fix bug that could result in sending garbage over the network when module handlers construct bucket brigades containing multiple file buckets all referencing the same open file descriptor. [Bojan Smojver] *) Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests. [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe] *) Win32: Tweak worker thread accounting routines to eliminate server hang when number of Listen directives in httpd.conf is greater than or equal to the setting of ThreadsPerChild. [Bill Stoddard]
2004-07-14 10:28:51 +02:00
SUBST_CLASSES+= confs
SUBST_FILES.* must be relative to ${WRKSRC}.
2005-05-21 06:10:17 +02:00
SUBST_STAGE.confs= post-configure
Removed the superfluous "quotes" and 'quotes' from variables that don't need them, for example RESTRICTED and SUBST_MESSAGE.*.
2006-04-22 11:22:05 +02:00
SUBST_MESSAGE.confs= Fixing configuration files.
Fixed some pkglint warnings.
2006-07-10 10:29:33 +02:00
SUBST_FILES.confs= docs/conf/highperformance-std.conf
SUBST_FILES.confs+= docs/conf/httpd-std.conf
SUBST_FILES.confs+= docs/conf/ssl-std.conf
SUBST_SED.confs= -e "s|${EGDIR}|${PKG_SYSCONFDIR}|g"
SUBST_SED.confs+= -e "s|${PREFIX}/htdocs|${PREFIX}/share/httpd/htdocs|g"
SUBST_SED.confs+= -e "s|${PREFIX}/conf|${PKG_SYSCONFDIR}|g"
SUBST_SED.confs+= -e "s|logs/|${VARBASE}/log/httpd/|g"
SUBST_SED.confs+= -e 's|/var/log/httpd/foo\.log|logs/foo.log/|g'
SUBST_SED.confs+= -e 's|^\(User[ ]\).*|\1${APACHE_USER}|g'
SUBST_SED.confs+= -e 's|^\(Group[ ]\).*|\1${APACHE_GROUP}|g'
Update www/apache2 to 2.0.32 beta. Pkgsrc changes from the previous version include: *) Move the binaries back into ${PREFIX}/sbin to match the locations for www/apache. *) Build the Apache modules (including mod_ssl) so that apache2 has the same functionality as apache. *) Support shared modules on platforms that support them. Otherwise, link the modules statically into the server. *) Support suEXEC in the same way as for www/apache. *) Honor PKG_SYSCONFDIR. *) Add a rc.d-style control script based on www/apache/files/apache.sh. *) Strongly buildlinkify again after previous changes broke it. Relevant changes from version 2.0.28 beta include: *) A ton of bug fixes in both the main server code and the module code (it _is_ a beta release following a previous beta release). *) Several performance and memory optimizations. *) The Location: response header field, used for external redirect, *must* be an absoluteURI. The Redirect directive tested for that, but RedirectMatch didn't -- it would allow almost anything through. Now it will try to turn an abs_path into an absoluteURI, but it will correctly varf like Redirect if the final redirection target isn't an absoluteURI. *) Add several new mod_proxy directives: ProxyTimeout, ProxyPreserveHost, ProxyPass. *) FTP directory listings are now always retrieved in ASCII mode. The FTP proxy properly escapes URI's and HTML in the generated listing, and escapes the path components when talking to the FTP server. *) Add FileETag directive to allow configurable control of what data are used to form ETag values for file-based URIs. *) Introduced the ForceLanguagePriority directive, to prevent returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases, when using Multiviews.
2002-03-06 00:56:22 +01:00
Fix abs_srcdir definition as done in apache22. Also install mkdir.sh as expected e.g. by www/ap2-fcgid. Bump revision.
2008-07-10 17:18:23 +02:00
# abs_srcdir in config_vars.mk is used during install so needs to reference
# the work dir path, and by other packages such as ap2-fastcgi after install,
# so we fix after install to reference the installed path
SUBST_CLASSES+= abs_srcdir
SUBST_STAGE.abs_srcdir= post-install
Make sure abs_srcdir is patched for the DESTDIR case too. Bump revision.
2010-03-18 13:47:56 +01:00
SUBST_FILES.abs_srcdir= ${DESTDIR}${PREFIX}/share/httpd/build/config_vars.mk
Fix abs_srcdir definition as done in apache22. Also install mkdir.sh as expected e.g. by www/ap2-fcgid. Bump revision.
2008-07-10 17:18:23 +02:00
SUBST_SED.abs_srcdir= -e 's|^\(abs_srcdir =\) .*|\1 ${PREFIX}/share/httpd|'
SUBST_MESSAGE.abs_srcdir= Fixing abs_srcdir
Fix perl interpreter path for libexec/cgi-bin/printenv. Bump PKGREVISION for apache, apache2 and apache22.
2007-01-23 16:45:43 +01:00
REPLACE_PERL= docs/cgi-examples/printenv
Convert to use bsd.options.mk: APACHE_SUEXEC is now the "suexec" option.
2004-11-22 21:25:26 +01:00
.include "options.mk"
Add the ability to specify the list of Apache modules to link statically into the httpd binary. This may be adjusted by setting APACHE_MODULES in /etc/mk.conf and defaults to ${DFLT_APACHE_MODULES}, which contains: all proxy proxy_connect proxy_ftp proxy_http ssl A complete list of which modules may be built into the Apache httpd server may be found in the Apache documentation either in the distributed tarball or on the Apache website (http://httpd.apache.org). An example for adding mod_deflate is: APACHE_MODULES= ${DFLT_APACHE_MODULES} deflate The implementation of this feature uses two tables, _AP_DEPENDS and _AP_CFG_ARGS, indexed by the module name and that specify respectively any additional dependencies or configure script options needed for building the module.
2002-04-16 19:41:54 +02:00
# Add dependencies for the modules that will be built. For each module
# ap_mod listed in ${APACHE_MODULES}, _AP_DEPENDS.ap_mod is a whitespace
bl3ify.
2004-03-07 23:43:08 +01:00
# separated list of dependencies or buildlink3.mk files needed to build
Add the ability to specify the list of Apache modules to link statically into the httpd binary. This may be adjusted by setting APACHE_MODULES in /etc/mk.conf and defaults to ${DFLT_APACHE_MODULES}, which contains: all proxy proxy_connect proxy_ftp proxy_http ssl A complete list of which modules may be built into the Apache httpd server may be found in the Apache documentation either in the distributed tarball or on the Apache website (http://httpd.apache.org). An example for adding mod_deflate is: APACHE_MODULES= ${DFLT_APACHE_MODULES} deflate The implementation of this feature uses two tables, _AP_DEPENDS and _AP_CFG_ARGS, indexed by the module name and that specify respectively any additional dependencies or configure script options needed for building the module.
2002-04-16 19:41:54 +02:00
# ap_mod, and _AP_CFG_ARGS.ap_mod is a whitespace separated list of
# configure script options for ap_mod.
#
Update "apr" package to version 0.9.12.2.0.59 and "apache2" package to version 2.0.59. Changes since *2.0.58: - SECURITY: CVE-2006-3747 (cve.mitre.org) mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Reported by Mark Dowd of McAfee.
2006-07-28 12:38:36 +02:00
AP_DEPENDS.ssl= ../../security/openssl/buildlink3.mk
AP_DEPENDS.deflate= ../../devel/zlib/buildlink3.mk
Add the ability to specify the list of Apache modules to link statically into the httpd binary. This may be adjusted by setting APACHE_MODULES in /etc/mk.conf and defaults to ${DFLT_APACHE_MODULES}, which contains: all proxy proxy_connect proxy_ftp proxy_http ssl A complete list of which modules may be built into the Apache httpd server may be found in the Apache documentation either in the distributed tarball or on the Apache website (http://httpd.apache.org). An example for adding mod_deflate is: APACHE_MODULES= ${DFLT_APACHE_MODULES} deflate The implementation of this feature uses two tables, _AP_DEPENDS and _AP_CFG_ARGS, indexed by the module name and that specify respectively any additional dependencies or configure script options needed for building the module.
2002-04-16 19:41:54 +02:00
Update "apr" package to version 0.9.12.2.0.59 and "apache2" package to version 2.0.59. Changes since *2.0.58: - SECURITY: CVE-2006-3747 (cve.mitre.org) mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Reported by Mark Dowd of McAfee.
2006-07-28 12:38:36 +02:00
AP_CFG_ARGS.ssl= --with-ssl=${BUILDLINK_PREFIX.openssl}
AP_CFG_ARGS.deflate= --with-z=${BUILDLINK_PREFIX.zlib}
Add the ability to specify the list of Apache modules to link statically into the httpd binary. This may be adjusted by setting APACHE_MODULES in /etc/mk.conf and defaults to ${DFLT_APACHE_MODULES}, which contains: all proxy proxy_connect proxy_ftp proxy_http ssl A complete list of which modules may be built into the Apache httpd server may be found in the Apache documentation either in the distributed tarball or on the Apache website (http://httpd.apache.org). An example for adding mod_deflate is: APACHE_MODULES= ${DFLT_APACHE_MODULES} deflate The implementation of this feature uses two tables, _AP_DEPENDS and _AP_CFG_ARGS, indexed by the module name and that specify respectively any additional dependencies or configure script options needed for building the module.
2002-04-16 19:41:54 +02:00
Update "apr" package to version 0.9.12.2.0.59 and "apache2" package to version 2.0.59. Changes since *2.0.58: - SECURITY: CVE-2006-3747 (cve.mitre.org) mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Reported by Mark Dowd of McAfee.
2006-07-28 12:38:36 +02:00
.for ap_mod in ${APACHE_MODULES}
. if defined(AP_DEPENDS.${ap_mod}) && !empty(AP_DEPENDS.${ap_mod})
. for ap_depend in ${AP_DEPENDS.${ap_mod}}
. if exists(${ap_depend})
. include "${ap_depend}"
Add the ability to specify the list of Apache modules to link statically into the httpd binary. This may be adjusted by setting APACHE_MODULES in /etc/mk.conf and defaults to ${DFLT_APACHE_MODULES}, which contains: all proxy proxy_connect proxy_ftp proxy_http ssl A complete list of which modules may be built into the Apache httpd server may be found in the Apache documentation either in the distributed tarball or on the Apache website (http://httpd.apache.org). An example for adding mod_deflate is: APACHE_MODULES= ${DFLT_APACHE_MODULES} deflate The implementation of this feature uses two tables, _AP_DEPENDS and _AP_CFG_ARGS, indexed by the module name and that specify respectively any additional dependencies or configure script options needed for building the module.
2002-04-16 19:41:54 +02:00
. else
Update "apr" package to version 0.9.12.2.0.59 and "apache2" package to version 2.0.59. Changes since *2.0.58: - SECURITY: CVE-2006-3747 (cve.mitre.org) mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Reported by Mark Dowd of McAfee.
2006-07-28 12:38:36 +02:00
DEPENDS+= ${ap_depend}
Add the ability to specify the list of Apache modules to link statically into the httpd binary. This may be adjusted by setting APACHE_MODULES in /etc/mk.conf and defaults to ${DFLT_APACHE_MODULES}, which contains: all proxy proxy_connect proxy_ftp proxy_http ssl A complete list of which modules may be built into the Apache httpd server may be found in the Apache documentation either in the distributed tarball or on the Apache website (http://httpd.apache.org). An example for adding mod_deflate is: APACHE_MODULES= ${DFLT_APACHE_MODULES} deflate The implementation of this feature uses two tables, _AP_DEPENDS and _AP_CFG_ARGS, indexed by the module name and that specify respectively any additional dependencies or configure script options needed for building the module.
2002-04-16 19:41:54 +02:00
. endif
. endfor
. endif
Update "apr" package to version 0.9.12.2.0.59 and "apache2" package to version 2.0.59. Changes since *2.0.58: - SECURITY: CVE-2006-3747 (cve.mitre.org) mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Reported by Mark Dowd of McAfee.
2006-07-28 12:38:36 +02:00
. if defined(AP_CFG_ARGS.${ap_mod}) && !empty(AP_CFG_ARGS.${ap_mod})
CONFIGURE_ARGS+= ${AP_CFG_ARGS.${ap_mod}}
Add the ability to specify the list of Apache modules to link statically into the httpd binary. This may be adjusted by setting APACHE_MODULES in /etc/mk.conf and defaults to ${DFLT_APACHE_MODULES}, which contains: all proxy proxy_connect proxy_ftp proxy_http ssl A complete list of which modules may be built into the Apache httpd server may be found in the Apache documentation either in the distributed tarball or on the Apache website (http://httpd.apache.org). An example for adding mod_deflate is: APACHE_MODULES= ${DFLT_APACHE_MODULES} deflate The implementation of this feature uses two tables, _AP_DEPENDS and _AP_CFG_ARGS, indexed by the module name and that specify respectively any additional dependencies or configure script options needed for building the module.
2002-04-16 19:41:54 +02:00
. endif
.endfor
* Create APACHE_MPM variable that can be either "prefork" or "worker" (defaulting to "prefork") that chooses the multi-processing model for apache to handle requests. "Prefork" is the method used by Apache-1.3, which is non-threaded. "Worker" uses threads to handle requests. * Fix libtool usage in this package. Apache uses libtool, but is hardcoded to use the libtool installed by devel/apr. Patch the generated makefile fragment to use a local libtool instead, and allow the usual libtool wrapper to take its place.
2004-11-22 23:52:53 +01:00
post-extract:
Fix the path to libtool on build so that it gets set correctly in the installed config_vars.mk. Any package pulling in config_vars.mk will now find libtool. PKGREVISION++ ok'ed tron@
2006-11-05 18:52:38 +01:00
${TOUCH} ${WRKSRC}/build/libtool
* Create APACHE_MPM variable that can be either "prefork" or "worker" (defaulting to "prefork") that chooses the multi-processing model for apache to handle requests. "Prefork" is the method used by Apache-1.3, which is non-threaded. "Worker" uses threads to handle requests. * Fix libtool usage in this package. Apache uses libtool, but is hardcoded to use the libtool installed by devel/apr. Patch the generated makefile fragment to use a local libtool instead, and allow the usual libtool wrapper to take its place.
2004-11-22 23:52:53 +01:00
Install mkcert to help with certificate creation. The script was taken from the ap-ssl package (which is for apache 1.3.x).
2005-04-11 20:56:05 +02:00
post-build:
Changes 2.0.54: *) mod_cache: Add CacheIgnoreHeaders directive. *) mod_ldap: Added the directive LDAPConnectionTimeout to configure the ldap socket connection timeout value. *) Correctly export all mod_dav public functions. *) Add a build script to create a solaris package. *) worker MPM: Fix a problem which could cause httpd processes to remain active after shutdown. *) Unix MPMs: Shut down the server more quickly when child processes are slow to exit. *) Remove formatting characters from ap_log_error() calls. These were escaped as fallout from CAN-2003-0020. *) mod_ssl: If SSLUsername is used, set r->user earlier. *) htdigest: Fix permissions of created files. *) core_input_filter: Move buckets to a persistent brigade instead of creating a new brigade. This stop a memory leak when proxying a Streaming Media Server. *) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid hiccups from additional path information passed in non-utf-8 format.
2005-04-25 11:13:02 +02:00
${SED} "s#@PKG_SYSCONFDIR@#${PKG_SYSCONFDIR}#g" \
Install mkcert to help with certificate creation. The script was taken from the ap-ssl package (which is for apache 1.3.x).
2005-04-11 20:56:05 +02:00
< ${FILESDIR}/mkcert.sh > ${WRKDIR}/mkcert
DESTDIR support
2010-02-17 16:14:05 +01:00
INSTALLATION_DIRS+= share/httpd/manual
- Update to apache 2.0.50 - Add new build def APACHE_DEFAULT_FILES Changes with Apache 2.0.50 *) SECURITY: CAN-2004-0493 (cve.mitre.org) Close a denial of service vulnerability identified by Georgi Guninski which could lead to memory exhaustion with certain input data. [Jeff Trawick] *) mod_cgi: Handle output on stderr during script execution on Unix platforms; preventing deadlock when stderr output fills pipe buffer. Also fixes case where stderr from nph- scripts could be lost. PR 22030, 18348. [Joe Orton, Jeff Trawick] *) mod_alias now emits a warning if it detects overlapping *Alias* directives. [André Malo] *) mod_rewrite no longer turns forward proxy requests into reverse proxy requests. PR 28125 [ast domdv.de, André Malo] *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now exported on Win32 and Netware as well (minor MMN bump). PR 28523. [Edward Rudd <eddie omegaware.com>, André Malo] *) Restore the ability to disable the use of AcceptEx on Win9x systems automatically (broken in 2.0.49). PR 28529. [André Malo] *) <VirtualHost myhost> now applies to all IP addresses for myhost instead of just the first one reported by the resolver. This corrects a regression since 1.3. [Jeff Trawick] *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved against ServerRoot PR#26602 [Brad Nicholes] *) SECURITY: CAN-2004-0488 (cve.mitre.org) mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length. [Joe Orton] *) mod_dav_fs: Fix MKCOL response for missing parent collections, which caused issues for the Eclipse WebDAV extension. PR 29034. [Joe Orton] *) mod_deflate: Fix memory consumption (which was proportional to the response size). PR 29318. [Joe Orton] *) mod_ssl: Log the errors returned on failure to load or initialize a crypto accelerator engine. [Joe Orton] *) Allow RequestHeader directives to be conditional. PR 27951. [Vincent Deffontaines <vincent gryzor.com>, André Malo] *) Allow LimitRequestBody to be reset to unlimited. PR 29106 [André Malo] *) Fix a bunch of cases where the return code of the regex compiler was not checked properly. This affects: mod_setenvif, mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo] *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>] *) Remove 2Gb log file size restriction on some 32-bit platforms. PR 13511. [Joe Orton] *) mod_logio no longer removes the EOS bucket. PR 27928. [Bojan Smojver <bojan rexursive.com>] *) htpasswd no longer refuses to process files that contain empty lines. [André Malo] *) Regression from 1.3: At startup, suexec now will be checked for availability, the setuid bit and user root. The works only if httpd is compiled with the shipped APR version (0.9.5). PR 28287. [André Malo] *) Unix MPMs: Stop dropping connections when the file descriptor is at least FD_SETSIZE. [Jeff Trawick] *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick] *) mod_isapi: send_response_header() failed to copy status string's last character. PR 20619. [Jesse Pelton <jsp pkc.com>] *) Fix a segfault when requests for shared memory fails and returns NULL. Fix a segfault caused by a lack of bounds checking on the cache. PR 24801. [Graham Leggett] *) Throw an error message if an attempt is made to use the LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost. PR 26390 [Brad Nicholes] *) Fix a potential segfault if the bind password in the LDAP cache is NULL. PR 28250. [Jari Ahonen <jah progress.com>] *) Quotes cannot be used around require group and require dn directives, update the documentation to reflect this. Also add quotes around the dn and group within debug messages, to make it more obvious why authentication is failing if quotes are used in error. PR 19304. [Graham Leggett] *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap from escaping filters twice when the backslash character is used. PR 24437. [Jess Holle <jessh ptc.com>] *) Overhaul handling of LDAP error conditions, so that the util_ldap_* functions leave the connections in a sane state after errors have occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134, 27271 [Graham Leggett] *) mod_ldap calls ldap_simple_bind_s() to validate the user credentials. If the bind fails, the connection is left in an unbound state. Make sure that the ldap connection record is updated to show that the connection is no longer bound. [Brad Nicholes] *) Ensure that lines in the request which are too long are properly terminated before logging. [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>] *) Update the bind credentials for the cached LDAP connection to reflect the last bind. This prevents util_ldap from creating unnecessary connections rather than reusing cached connections. [Brad Nicholes] *) mod_isapi: GetServerVariable returned improperly terminated header fields given "ALL_HTTP" or "ALL_RAW". PR 20656. [Jesse Pelton <jsp pkc.com>] *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer size. PR 20617. [Jesse Pelton <jsp pkc.com>] *) mod_dav: Fix a problem that could cause crashes when manipulating locks on some platforms. [Jeff Trawick] *) mod_headers no longer crashes if an empty header value should be added. [André Malo] *) Fix segfault in mod_expires, which occured under certain circumstances. PR 28047. [André Malo] *) htpasswd: use apr_temp_dir_get() and general cleanup [Guenter Knauf <eflash gmx.net>, Thom May] *) mod_ssl: Fix memory leak in session cache handling. PR 26562 [Madhusudan Mathihalli] *) mod_ssl: Fix potential segfaults when performing SSL shutdown from a pool cleanup. PR 27945. [Joe Orton] *) Add forensic logging module (mod_log_forensic). [Ben Laurie] *) logresolve: Allow size of log line buffer to be overridden at build time (MAXLINE). PR 27793. [Jeff Trawick] *) Fix the comment delimiter in htdbm so that it correctly parses the username comment. Also add a terminate function to allow NetWare to pause the output before the screen is destroyed. [Guenter Knauf <eflash gmx.net>, Brad Nicholes] *) Fix crash when Apache was started with no Listen directives. [Michael Corcoran <mcorcoran warpsolutions.com>] *) core_output_filter: Fix bug that could result in sending garbage over the network when module handlers construct bucket brigades containing multiple file buckets all referencing the same open file descriptor. [Bojan Smojver] *) Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests. [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe] *) Win32: Tweak worker thread accounting routines to eliminate server hang when number of Listen directives in httpd.conf is greater than or equal to the setting of ThreadsPerChild. [Bill Stoddard]
2004-07-14 10:28:51 +02:00
pre-install:
Fixed some pkglint warnings.
2006-07-10 10:29:33 +02:00
cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} \
DESTDIR support
2010-02-17 16:14:05 +01:00
${MAKE_PROGRAM} install-conf sysconfdir="${EGDIR}" \
DESTDIR=${DESTDIR}
Removed trailing white-space.
2005-09-28 16:31:06 +02:00
- Update to apache 2.0.50 - Add new build def APACHE_DEFAULT_FILES Changes with Apache 2.0.50 *) SECURITY: CAN-2004-0493 (cve.mitre.org) Close a denial of service vulnerability identified by Georgi Guninski which could lead to memory exhaustion with certain input data. [Jeff Trawick] *) mod_cgi: Handle output on stderr during script execution on Unix platforms; preventing deadlock when stderr output fills pipe buffer. Also fixes case where stderr from nph- scripts could be lost. PR 22030, 18348. [Joe Orton, Jeff Trawick] *) mod_alias now emits a warning if it detects overlapping *Alias* directives. [André Malo] *) mod_rewrite no longer turns forward proxy requests into reverse proxy requests. PR 28125 [ast domdv.de, André Malo] *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now exported on Win32 and Netware as well (minor MMN bump). PR 28523. [Edward Rudd <eddie omegaware.com>, André Malo] *) Restore the ability to disable the use of AcceptEx on Win9x systems automatically (broken in 2.0.49). PR 28529. [André Malo] *) <VirtualHost myhost> now applies to all IP addresses for myhost instead of just the first one reported by the resolver. This corrects a regression since 1.3. [Jeff Trawick] *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved against ServerRoot PR#26602 [Brad Nicholes] *) SECURITY: CAN-2004-0488 (cve.mitre.org) mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length. [Joe Orton] *) mod_dav_fs: Fix MKCOL response for missing parent collections, which caused issues for the Eclipse WebDAV extension. PR 29034. [Joe Orton] *) mod_deflate: Fix memory consumption (which was proportional to the response size). PR 29318. [Joe Orton] *) mod_ssl: Log the errors returned on failure to load or initialize a crypto accelerator engine. [Joe Orton] *) Allow RequestHeader directives to be conditional. PR 27951. [Vincent Deffontaines <vincent gryzor.com>, André Malo] *) Allow LimitRequestBody to be reset to unlimited. PR 29106 [André Malo] *) Fix a bunch of cases where the return code of the regex compiler was not checked properly. This affects: mod_setenvif, mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo] *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>] *) Remove 2Gb log file size restriction on some 32-bit platforms. PR 13511. [Joe Orton] *) mod_logio no longer removes the EOS bucket. PR 27928. [Bojan Smojver <bojan rexursive.com>] *) htpasswd no longer refuses to process files that contain empty lines. [André Malo] *) Regression from 1.3: At startup, suexec now will be checked for availability, the setuid bit and user root. The works only if httpd is compiled with the shipped APR version (0.9.5). PR 28287. [André Malo] *) Unix MPMs: Stop dropping connections when the file descriptor is at least FD_SETSIZE. [Jeff Trawick] *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick] *) mod_isapi: send_response_header() failed to copy status string's last character. PR 20619. [Jesse Pelton <jsp pkc.com>] *) Fix a segfault when requests for shared memory fails and returns NULL. Fix a segfault caused by a lack of bounds checking on the cache. PR 24801. [Graham Leggett] *) Throw an error message if an attempt is made to use the LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost. PR 26390 [Brad Nicholes] *) Fix a potential segfault if the bind password in the LDAP cache is NULL. PR 28250. [Jari Ahonen <jah progress.com>] *) Quotes cannot be used around require group and require dn directives, update the documentation to reflect this. Also add quotes around the dn and group within debug messages, to make it more obvious why authentication is failing if quotes are used in error. PR 19304. [Graham Leggett] *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap from escaping filters twice when the backslash character is used. PR 24437. [Jess Holle <jessh ptc.com>] *) Overhaul handling of LDAP error conditions, so that the util_ldap_* functions leave the connections in a sane state after errors have occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134, 27271 [Graham Leggett] *) mod_ldap calls ldap_simple_bind_s() to validate the user credentials. If the bind fails, the connection is left in an unbound state. Make sure that the ldap connection record is updated to show that the connection is no longer bound. [Brad Nicholes] *) Ensure that lines in the request which are too long are properly terminated before logging. [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>] *) Update the bind credentials for the cached LDAP connection to reflect the last bind. This prevents util_ldap from creating unnecessary connections rather than reusing cached connections. [Brad Nicholes] *) mod_isapi: GetServerVariable returned improperly terminated header fields given "ALL_HTTP" or "ALL_RAW". PR 20656. [Jesse Pelton <jsp pkc.com>] *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer size. PR 20617. [Jesse Pelton <jsp pkc.com>] *) mod_dav: Fix a problem that could cause crashes when manipulating locks on some platforms. [Jeff Trawick] *) mod_headers no longer crashes if an empty header value should be added. [André Malo] *) Fix segfault in mod_expires, which occured under certain circumstances. PR 28047. [André Malo] *) htpasswd: use apr_temp_dir_get() and general cleanup [Guenter Knauf <eflash gmx.net>, Thom May] *) mod_ssl: Fix memory leak in session cache handling. PR 26562 [Madhusudan Mathihalli] *) mod_ssl: Fix potential segfaults when performing SSL shutdown from a pool cleanup. PR 27945. [Joe Orton] *) Add forensic logging module (mod_log_forensic). [Ben Laurie] *) logresolve: Allow size of log line buffer to be overridden at build time (MAXLINE). PR 27793. [Jeff Trawick] *) Fix the comment delimiter in htdbm so that it correctly parses the username comment. Also add a terminate function to allow NetWare to pause the output before the screen is destroyed. [Guenter Knauf <eflash gmx.net>, Brad Nicholes] *) Fix crash when Apache was started with no Listen directives. [Michael Corcoran <mcorcoran warpsolutions.com>] *) core_output_filter: Fix bug that could result in sending garbage over the network when module handlers construct bucket brigades containing multiple file buckets all referencing the same open file descriptor. [Bojan Smojver] *) Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests. [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe] *) Win32: Tweak worker thread accounting routines to eliminate server hang when number of Listen directives in httpd.conf is greater than or equal to the setting of ThreadsPerChild. [Bill Stoddard]
2004-07-14 10:28:51 +02:00
post-install:
DESTDIR support
2010-02-17 16:14:05 +01:00
${LN} -sf ../../../libexec/apr/libtool ${DESTDIR}${PREFIX}/share/httpd/build
cd ${DESTDIR}${EGDIR} && \
-------------------------------------------------------------------------------- Update www/apache2 to 2.0.35, the first stable release of Apache 2.x. Pkgsrc changes include: *) Compiling the included modules statically. Add-ons will be built dynamically. *) Match improvements to www/apache rc.d script. *) Automatically add "Listen 0.0.0.0:80" to the sample config files as the default install of NetBSD is IPv4/IPv6 and we want the default install of Apache to work out-of-the-box. *) Automatically reset the User and Group directives to match the ones for suEXEC in the config files to ease the use of suEXEC in Apache. Changes from version 2.0.32 beta include: *) Small bug fixes across the board. *) Bug fixes to the various MPMs. *) Performance improvements. *) Fixes for mod_include errors on boundary conditions *) Bug fixes for mod_proxy to prevent hangs and for RFC2616 compliance. *) Improvements to mod_dav for improved API and for RFC 3253 compliance *) Improvemants to mod_ssl to support SSL proxy and RSA SSLC 1.x/2.x *) Greatly improve mod_cache (disk/mem) [this is disabled in pkgsrc] *) New scoreboard file implementation that is readable by 3rd-party apps. *) Allow all Perchild directives to accept either numerical UID/GID or logical user/group names. *) Add support for macro expansion within the variable names in <!--#echo--> and <!--#set--> directives *) Implement SSLSessionCache shmht and shmcb. *) New directive ProxyIOBufferSize. Sets the size of the buffer used when reading from a remote HTTP server in proxy. *) Scrap CacheMaxExpireMin and CacheDefaultExpireMin. Change CacheMaxExpire and CacheDefaultExpire to use seconds rather than hours. *) New Directive SSIUndefinedEcho. to change the '(none)' echoed for a undefined variable. *) Introduce PassPhraseDialog "|/path/to/pipe" mechanism to mod_ssl. *) New Directive for mod_proxy: ProxyRemoteMatch. *) Fix IPv6 name-based virtual hosts. *) Introduce AddOutputFilterByType directive.
2002-04-13 23:35:50 +02:00
for file in \
highperformance-std.conf \
httpd-std.conf \
ssl-std.conf; \
do \
Fixed some pkglint warnings.
2006-07-10 10:29:33 +02:00
${AWK} ' \
Fix up the example config files by replacing the pathnames with hier(7) equivalents, and adding "Listen 0.0.0.0:${port}" for port=80,443. Also move the --with-ssl configure option into the _AP_CFG_ARGS table.
2002-04-16 22:07:09 +02:00
/^Listen[ ]*80/ { \
printf "%s", "Listen 0.0.0.0:80\n"; \
next; \
} \
/^Listen[ ]*443/ { \
printf "%s", "Listen 0.0.0.0:443\n"; \
next; \
} \
{ print; } \
Fixed some pkglint warnings.
2006-07-10 10:29:33 +02:00
' < "$${file}" >> $${file}.new; \
Update www/apache2 to 2.0.32 beta. Pkgsrc changes from the previous version include: *) Move the binaries back into ${PREFIX}/sbin to match the locations for www/apache. *) Build the Apache modules (including mod_ssl) so that apache2 has the same functionality as apache. *) Support shared modules on platforms that support them. Otherwise, link the modules statically into the server. *) Support suEXEC in the same way as for www/apache. *) Honor PKG_SYSCONFDIR. *) Add a rc.d-style control script based on www/apache/files/apache.sh. *) Strongly buildlinkify again after previous changes broke it. Relevant changes from version 2.0.28 beta include: *) A ton of bug fixes in both the main server code and the module code (it _is_ a beta release following a previous beta release). *) Several performance and memory optimizations. *) The Location: response header field, used for external redirect, *must* be an absoluteURI. The Redirect directive tested for that, but RedirectMatch didn't -- it would allow almost anything through. Now it will try to turn an abs_path into an absoluteURI, but it will correctly varf like Redirect if the final redirection target isn't an absoluteURI. *) Add several new mod_proxy directives: ProxyTimeout, ProxyPreserveHost, ProxyPass. *) FTP directory listings are now always retrieved in ASCII mode. The FTP proxy properly escapes URI's and HTML in the generated listing, and escapes the path components when talking to the FTP server. *) Add FileETag directive to allow configurable control of what data are used to form ETag values for file-based URIs. *) Introduced the ForceLanguagePriority directive, to prevent returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases, when using Multiviews.
2002-03-06 00:56:22 +01:00
${MV} -f $${file}.new $${file}; \
done
DESTDIR support
2010-02-17 16:14:05 +01:00
cd ${WRKSRC}/docs/manual && pax -rw . ${DESTDIR}${PREFIX}/share/httpd/manual
- Update to apache 2.0.50 - Add new build def APACHE_DEFAULT_FILES Changes with Apache 2.0.50 *) SECURITY: CAN-2004-0493 (cve.mitre.org) Close a denial of service vulnerability identified by Georgi Guninski which could lead to memory exhaustion with certain input data. [Jeff Trawick] *) mod_cgi: Handle output on stderr during script execution on Unix platforms; preventing deadlock when stderr output fills pipe buffer. Also fixes case where stderr from nph- scripts could be lost. PR 22030, 18348. [Joe Orton, Jeff Trawick] *) mod_alias now emits a warning if it detects overlapping *Alias* directives. [André Malo] *) mod_rewrite no longer turns forward proxy requests into reverse proxy requests. PR 28125 [ast domdv.de, André Malo] *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now exported on Win32 and Netware as well (minor MMN bump). PR 28523. [Edward Rudd <eddie omegaware.com>, André Malo] *) Restore the ability to disable the use of AcceptEx on Win9x systems automatically (broken in 2.0.49). PR 28529. [André Malo] *) <VirtualHost myhost> now applies to all IP addresses for myhost instead of just the first one reported by the resolver. This corrects a regression since 1.3. [Jeff Trawick] *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved against ServerRoot PR#26602 [Brad Nicholes] *) SECURITY: CAN-2004-0488 (cve.mitre.org) mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length. [Joe Orton] *) mod_dav_fs: Fix MKCOL response for missing parent collections, which caused issues for the Eclipse WebDAV extension. PR 29034. [Joe Orton] *) mod_deflate: Fix memory consumption (which was proportional to the response size). PR 29318. [Joe Orton] *) mod_ssl: Log the errors returned on failure to load or initialize a crypto accelerator engine. [Joe Orton] *) Allow RequestHeader directives to be conditional. PR 27951. [Vincent Deffontaines <vincent gryzor.com>, André Malo] *) Allow LimitRequestBody to be reset to unlimited. PR 29106 [André Malo] *) Fix a bunch of cases where the return code of the regex compiler was not checked properly. This affects: mod_setenvif, mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo] *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>] *) Remove 2Gb log file size restriction on some 32-bit platforms. PR 13511. [Joe Orton] *) mod_logio no longer removes the EOS bucket. PR 27928. [Bojan Smojver <bojan rexursive.com>] *) htpasswd no longer refuses to process files that contain empty lines. [André Malo] *) Regression from 1.3: At startup, suexec now will be checked for availability, the setuid bit and user root. The works only if httpd is compiled with the shipped APR version (0.9.5). PR 28287. [André Malo] *) Unix MPMs: Stop dropping connections when the file descriptor is at least FD_SETSIZE. [Jeff Trawick] *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick] *) mod_isapi: send_response_header() failed to copy status string's last character. PR 20619. [Jesse Pelton <jsp pkc.com>] *) Fix a segfault when requests for shared memory fails and returns NULL. Fix a segfault caused by a lack of bounds checking on the cache. PR 24801. [Graham Leggett] *) Throw an error message if an attempt is made to use the LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost. PR 26390 [Brad Nicholes] *) Fix a potential segfault if the bind password in the LDAP cache is NULL. PR 28250. [Jari Ahonen <jah progress.com>] *) Quotes cannot be used around require group and require dn directives, update the documentation to reflect this. Also add quotes around the dn and group within debug messages, to make it more obvious why authentication is failing if quotes are used in error. PR 19304. [Graham Leggett] *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap from escaping filters twice when the backslash character is used. PR 24437. [Jess Holle <jessh ptc.com>] *) Overhaul handling of LDAP error conditions, so that the util_ldap_* functions leave the connections in a sane state after errors have occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134, 27271 [Graham Leggett] *) mod_ldap calls ldap_simple_bind_s() to validate the user credentials. If the bind fails, the connection is left in an unbound state. Make sure that the ldap connection record is updated to show that the connection is no longer bound. [Brad Nicholes] *) Ensure that lines in the request which are too long are properly terminated before logging. [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>] *) Update the bind credentials for the cached LDAP connection to reflect the last bind. This prevents util_ldap from creating unnecessary connections rather than reusing cached connections. [Brad Nicholes] *) mod_isapi: GetServerVariable returned improperly terminated header fields given "ALL_HTTP" or "ALL_RAW". PR 20656. [Jesse Pelton <jsp pkc.com>] *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer size. PR 20617. [Jesse Pelton <jsp pkc.com>] *) mod_dav: Fix a problem that could cause crashes when manipulating locks on some platforms. [Jeff Trawick] *) mod_headers no longer crashes if an empty header value should be added. [André Malo] *) Fix segfault in mod_expires, which occured under certain circumstances. PR 28047. [André Malo] *) htpasswd: use apr_temp_dir_get() and general cleanup [Guenter Knauf <eflash gmx.net>, Thom May] *) mod_ssl: Fix memory leak in session cache handling. PR 26562 [Madhusudan Mathihalli] *) mod_ssl: Fix potential segfaults when performing SSL shutdown from a pool cleanup. PR 27945. [Joe Orton] *) Add forensic logging module (mod_log_forensic). [Ben Laurie] *) logresolve: Allow size of log line buffer to be overridden at build time (MAXLINE). PR 27793. [Jeff Trawick] *) Fix the comment delimiter in htdbm so that it correctly parses the username comment. Also add a terminate function to allow NetWare to pause the output before the screen is destroyed. [Guenter Knauf <eflash gmx.net>, Brad Nicholes] *) Fix crash when Apache was started with no Listen directives. [Michael Corcoran <mcorcoran warpsolutions.com>] *) core_output_filter: Fix bug that could result in sending garbage over the network when module handlers construct bucket brigades containing multiple file buckets all referencing the same open file descriptor. [Bojan Smojver] *) Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests. [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe] *) Win32: Tweak worker thread accounting routines to eliminate server hang when number of Listen directives in httpd.conf is greater than or equal to the setting of ThreadsPerChild. [Bill Stoddard]
2004-07-14 10:28:51 +02:00
DESTDIR support
2010-02-17 16:14:05 +01:00
${INSTALL_SCRIPT} ${WRKDIR}/mkcert ${DESTDIR}${PREFIX}/sbin
Install mkcert to help with certificate creation. The script was taken from the ap-ssl package (which is for apache 1.3.x).
2005-04-11 20:56:05 +02:00
- Update to apache 2.0.50 - Add new build def APACHE_DEFAULT_FILES Changes with Apache 2.0.50 *) SECURITY: CAN-2004-0493 (cve.mitre.org) Close a denial of service vulnerability identified by Georgi Guninski which could lead to memory exhaustion with certain input data. [Jeff Trawick] *) mod_cgi: Handle output on stderr during script execution on Unix platforms; preventing deadlock when stderr output fills pipe buffer. Also fixes case where stderr from nph- scripts could be lost. PR 22030, 18348. [Joe Orton, Jeff Trawick] *) mod_alias now emits a warning if it detects overlapping *Alias* directives. [André Malo] *) mod_rewrite no longer turns forward proxy requests into reverse proxy requests. PR 28125 [ast domdv.de, André Malo] *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now exported on Win32 and Netware as well (minor MMN bump). PR 28523. [Edward Rudd <eddie omegaware.com>, André Malo] *) Restore the ability to disable the use of AcceptEx on Win9x systems automatically (broken in 2.0.49). PR 28529. [André Malo] *) <VirtualHost myhost> now applies to all IP addresses for myhost instead of just the first one reported by the resolver. This corrects a regression since 1.3. [Jeff Trawick] *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved against ServerRoot PR#26602 [Brad Nicholes] *) SECURITY: CAN-2004-0488 (cve.mitre.org) mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length. [Joe Orton] *) mod_dav_fs: Fix MKCOL response for missing parent collections, which caused issues for the Eclipse WebDAV extension. PR 29034. [Joe Orton] *) mod_deflate: Fix memory consumption (which was proportional to the response size). PR 29318. [Joe Orton] *) mod_ssl: Log the errors returned on failure to load or initialize a crypto accelerator engine. [Joe Orton] *) Allow RequestHeader directives to be conditional. PR 27951. [Vincent Deffontaines <vincent gryzor.com>, André Malo] *) Allow LimitRequestBody to be reset to unlimited. PR 29106 [André Malo] *) Fix a bunch of cases where the return code of the regex compiler was not checked properly. This affects: mod_setenvif, mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo] *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>] *) Remove 2Gb log file size restriction on some 32-bit platforms. PR 13511. [Joe Orton] *) mod_logio no longer removes the EOS bucket. PR 27928. [Bojan Smojver <bojan rexursive.com>] *) htpasswd no longer refuses to process files that contain empty lines. [André Malo] *) Regression from 1.3: At startup, suexec now will be checked for availability, the setuid bit and user root. The works only if httpd is compiled with the shipped APR version (0.9.5). PR 28287. [André Malo] *) Unix MPMs: Stop dropping connections when the file descriptor is at least FD_SETSIZE. [Jeff Trawick] *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick] *) mod_isapi: send_response_header() failed to copy status string's last character. PR 20619. [Jesse Pelton <jsp pkc.com>] *) Fix a segfault when requests for shared memory fails and returns NULL. Fix a segfault caused by a lack of bounds checking on the cache. PR 24801. [Graham Leggett] *) Throw an error message if an attempt is made to use the LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost. PR 26390 [Brad Nicholes] *) Fix a potential segfault if the bind password in the LDAP cache is NULL. PR 28250. [Jari Ahonen <jah progress.com>] *) Quotes cannot be used around require group and require dn directives, update the documentation to reflect this. Also add quotes around the dn and group within debug messages, to make it more obvious why authentication is failing if quotes are used in error. PR 19304. [Graham Leggett] *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap from escaping filters twice when the backslash character is used. PR 24437. [Jess Holle <jessh ptc.com>] *) Overhaul handling of LDAP error conditions, so that the util_ldap_* functions leave the connections in a sane state after errors have occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134, 27271 [Graham Leggett] *) mod_ldap calls ldap_simple_bind_s() to validate the user credentials. If the bind fails, the connection is left in an unbound state. Make sure that the ldap connection record is updated to show that the connection is no longer bound. [Brad Nicholes] *) Ensure that lines in the request which are too long are properly terminated before logging. [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>] *) Update the bind credentials for the cached LDAP connection to reflect the last bind. This prevents util_ldap from creating unnecessary connections rather than reusing cached connections. [Brad Nicholes] *) mod_isapi: GetServerVariable returned improperly terminated header fields given "ALL_HTTP" or "ALL_RAW". PR 20656. [Jesse Pelton <jsp pkc.com>] *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer size. PR 20617. [Jesse Pelton <jsp pkc.com>] *) mod_dav: Fix a problem that could cause crashes when manipulating locks on some platforms. [Jeff Trawick] *) mod_headers no longer crashes if an empty header value should be added. [André Malo] *) Fix segfault in mod_expires, which occured under certain circumstances. PR 28047. [André Malo] *) htpasswd: use apr_temp_dir_get() and general cleanup [Guenter Knauf <eflash gmx.net>, Thom May] *) mod_ssl: Fix memory leak in session cache handling. PR 26562 [Madhusudan Mathihalli] *) mod_ssl: Fix potential segfaults when performing SSL shutdown from a pool cleanup. PR 27945. [Joe Orton] *) Add forensic logging module (mod_log_forensic). [Ben Laurie] *) logresolve: Allow size of log line buffer to be overridden at build time (MAXLINE). PR 27793. [Jeff Trawick] *) Fix the comment delimiter in htdbm so that it correctly parses the username comment. Also add a terminate function to allow NetWare to pause the output before the screen is destroyed. [Guenter Knauf <eflash gmx.net>, Brad Nicholes] *) Fix crash when Apache was started with no Listen directives. [Michael Corcoran <mcorcoran warpsolutions.com>] *) core_output_filter: Fix bug that could result in sending garbage over the network when module handlers construct bucket brigades containing multiple file buckets all referencing the same open file descriptor. [Bojan Smojver] *) Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests. [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe] *) Win32: Tweak worker thread accounting routines to eliminate server hang when number of Listen directives in httpd.conf is greater than or equal to the setting of ThreadsPerChild. [Bill Stoddard]
2004-07-14 10:28:51 +02:00
for file in ${FIX_PERMS}; do \
DESTDIR support
2010-02-17 16:14:05 +01:00
${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/sbin/$$file && \
${CHMOD} ${BINMODE} ${DESTDIR}${PREFIX}/sbin/$$file; \
- Update to apache 2.0.50 - Add new build def APACHE_DEFAULT_FILES Changes with Apache 2.0.50 *) SECURITY: CAN-2004-0493 (cve.mitre.org) Close a denial of service vulnerability identified by Georgi Guninski which could lead to memory exhaustion with certain input data. [Jeff Trawick] *) mod_cgi: Handle output on stderr during script execution on Unix platforms; preventing deadlock when stderr output fills pipe buffer. Also fixes case where stderr from nph- scripts could be lost. PR 22030, 18348. [Joe Orton, Jeff Trawick] *) mod_alias now emits a warning if it detects overlapping *Alias* directives. [André Malo] *) mod_rewrite no longer turns forward proxy requests into reverse proxy requests. PR 28125 [ast domdv.de, André Malo] *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now exported on Win32 and Netware as well (minor MMN bump). PR 28523. [Edward Rudd <eddie omegaware.com>, André Malo] *) Restore the ability to disable the use of AcceptEx on Win9x systems automatically (broken in 2.0.49). PR 28529. [André Malo] *) <VirtualHost myhost> now applies to all IP addresses for myhost instead of just the first one reported by the resolver. This corrects a regression since 1.3. [Jeff Trawick] *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved against ServerRoot PR#26602 [Brad Nicholes] *) SECURITY: CAN-2004-0488 (cve.mitre.org) mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length. [Joe Orton] *) mod_dav_fs: Fix MKCOL response for missing parent collections, which caused issues for the Eclipse WebDAV extension. PR 29034. [Joe Orton] *) mod_deflate: Fix memory consumption (which was proportional to the response size). PR 29318. [Joe Orton] *) mod_ssl: Log the errors returned on failure to load or initialize a crypto accelerator engine. [Joe Orton] *) Allow RequestHeader directives to be conditional. PR 27951. [Vincent Deffontaines <vincent gryzor.com>, André Malo] *) Allow LimitRequestBody to be reset to unlimited. PR 29106 [André Malo] *) Fix a bunch of cases where the return code of the regex compiler was not checked properly. This affects: mod_setenvif, mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo] *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>] *) Remove 2Gb log file size restriction on some 32-bit platforms. PR 13511. [Joe Orton] *) mod_logio no longer removes the EOS bucket. PR 27928. [Bojan Smojver <bojan rexursive.com>] *) htpasswd no longer refuses to process files that contain empty lines. [André Malo] *) Regression from 1.3: At startup, suexec now will be checked for availability, the setuid bit and user root. The works only if httpd is compiled with the shipped APR version (0.9.5). PR 28287. [André Malo] *) Unix MPMs: Stop dropping connections when the file descriptor is at least FD_SETSIZE. [Jeff Trawick] *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick] *) mod_isapi: send_response_header() failed to copy status string's last character. PR 20619. [Jesse Pelton <jsp pkc.com>] *) Fix a segfault when requests for shared memory fails and returns NULL. Fix a segfault caused by a lack of bounds checking on the cache. PR 24801. [Graham Leggett] *) Throw an error message if an attempt is made to use the LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost. PR 26390 [Brad Nicholes] *) Fix a potential segfault if the bind password in the LDAP cache is NULL. PR 28250. [Jari Ahonen <jah progress.com>] *) Quotes cannot be used around require group and require dn directives, update the documentation to reflect this. Also add quotes around the dn and group within debug messages, to make it more obvious why authentication is failing if quotes are used in error. PR 19304. [Graham Leggett] *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap from escaping filters twice when the backslash character is used. PR 24437. [Jess Holle <jessh ptc.com>] *) Overhaul handling of LDAP error conditions, so that the util_ldap_* functions leave the connections in a sane state after errors have occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134, 27271 [Graham Leggett] *) mod_ldap calls ldap_simple_bind_s() to validate the user credentials. If the bind fails, the connection is left in an unbound state. Make sure that the ldap connection record is updated to show that the connection is no longer bound. [Brad Nicholes] *) Ensure that lines in the request which are too long are properly terminated before logging. [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>] *) Update the bind credentials for the cached LDAP connection to reflect the last bind. This prevents util_ldap from creating unnecessary connections rather than reusing cached connections. [Brad Nicholes] *) mod_isapi: GetServerVariable returned improperly terminated header fields given "ALL_HTTP" or "ALL_RAW". PR 20656. [Jesse Pelton <jsp pkc.com>] *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer size. PR 20617. [Jesse Pelton <jsp pkc.com>] *) mod_dav: Fix a problem that could cause crashes when manipulating locks on some platforms. [Jeff Trawick] *) mod_headers no longer crashes if an empty header value should be added. [André Malo] *) Fix segfault in mod_expires, which occured under certain circumstances. PR 28047. [André Malo] *) htpasswd: use apr_temp_dir_get() and general cleanup [Guenter Knauf <eflash gmx.net>, Thom May] *) mod_ssl: Fix memory leak in session cache handling. PR 26562 [Madhusudan Mathihalli] *) mod_ssl: Fix potential segfaults when performing SSL shutdown from a pool cleanup. PR 27945. [Joe Orton] *) Add forensic logging module (mod_log_forensic). [Ben Laurie] *) logresolve: Allow size of log line buffer to be overridden at build time (MAXLINE). PR 27793. [Jeff Trawick] *) Fix the comment delimiter in htdbm so that it correctly parses the username comment. Also add a terminate function to allow NetWare to pause the output before the screen is destroyed. [Guenter Knauf <eflash gmx.net>, Brad Nicholes] *) Fix crash when Apache was started with no Listen directives. [Michael Corcoran <mcorcoran warpsolutions.com>] *) core_output_filter: Fix bug that could result in sending garbage over the network when module handlers construct bucket brigades containing multiple file buckets all referencing the same open file descriptor. [Bojan Smojver] *) Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests. [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe] *) Win32: Tweak worker thread accounting routines to eliminate server hang when number of Listen directives in httpd.conf is greater than or equal to the setting of ThreadsPerChild. [Bill Stoddard]
2004-07-14 10:28:51 +02:00
done
When recursively chowning, ensure the -P flag is specified. This is default on BSD but not on strict POSIX implementations, leading to failures when building as an unprivileged user in the presence of symlinks. Fixes recent breakage on SunOS when the '-h' flag was removed for MirBSD.
2013-12-12 13:24:47 +01:00
${CHOWN} -RP ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/share/httpd
${CHOWN} -RP ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/include/httpd
${CHOWN} -RP ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/lib/httpd
DESTDIR support
2010-02-17 16:14:05 +01:00
${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/libexec/cgi-bin/test-cgi
${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/libexec/cgi-bin/printenv
Fix ownership permissions on installed files Change behaviour of APACHE_MODULES and DFLT_APACHE_MODULES If you do not define APACHE_MODULES this change will not impact you, the default behaviour of the package modules has not been changed. The new functionality is as follows: 1) If you need to add an additional module to be installed with apache you would use: APACHE_MODULES+= spelling This would include mod_spelling as a static module in addition to the default modules installed. 2) If you need a highly customised version of apache and would like to explicitly list which modules are installed by default you would use: APACHE_MODULES= spelling access auth include env autoindex This would install _only_ the listed modules as static modules with apache. If you use APACHE_MODULES= please read the apache documentation at: http://httpd.apache.org/docs/2.0/ To determine which modules you will need to install to get the level of functionality you require. By default when using APACHE_MODULES= apache only includes with the following static modules: core.c prefork.c http_core.c mod_so.c
2006-04-23 13:42:38 +02:00
for file in ${FIX_MAN_PERMS}; do \
DESTDIR support
2010-02-17 16:14:05 +01:00
${CHOWN} ${MANOWN}:${MANGRP} ${DESTDIR}${PREFIX}/${PKGMANDIR}/$$file; \
Fix ownership permissions on installed files Change behaviour of APACHE_MODULES and DFLT_APACHE_MODULES If you do not define APACHE_MODULES this change will not impact you, the default behaviour of the package modules has not been changed. The new functionality is as follows: 1) If you need to add an additional module to be installed with apache you would use: APACHE_MODULES+= spelling This would include mod_spelling as a static module in addition to the default modules installed. 2) If you need a highly customised version of apache and would like to explicitly list which modules are installed by default you would use: APACHE_MODULES= spelling access auth include env autoindex This would install _only_ the listed modules as static modules with apache. If you use APACHE_MODULES= please read the apache documentation at: http://httpd.apache.org/docs/2.0/ To determine which modules you will need to install to get the level of functionality you require. By default when using APACHE_MODULES= apache only includes with the following static modules: core.c prefork.c http_core.c mod_so.c
2006-04-23 13:42:38 +02:00
done
DESTDIR support
2010-02-17 16:14:05 +01:00
${INSTALL_SCRIPT} ${WRKSRC}/build/mkdir.sh ${DESTDIR}${PREFIX}/share/httpd/build
Fix abs_srcdir definition as done in apache22. Also install mkdir.sh as expected e.g. by www/ap2-fcgid. Bump revision.
2008-07-10 17:18:23 +02:00
Reimport pkgsrc/www/apache-current as pkgsrc/www/apache2.
2002-03-06 00:24:06 +01:00
.include "../../mk/bsd.pkg.mk"
Reference in a new issue Copy permalink