diff options
| author | ohauer <ohauer@FreeBSD.org> | 2014-03-23 05:18:21 +0800 |
|---|---|---|
| committer | ohauer <ohauer@FreeBSD.org> | 2014-03-23 05:18:21 +0800 |
| commit | 690f5ef236046c0c64d663c3f15c6cb277b1aa3b (patch) | |
| tree | b4fc36bfe6b50c7520d938105da4130428e70696 /www | |
| parent | ace399466f2c0587461fc2bae6a4a91c747a8622 (diff) | |
| download | freebsd-ports-gnome-690f5ef236046c0c64d663c3f15c6cb277b1aa3b.tar.gz freebsd-ports-gnome-690f5ef236046c0c64d663c3f15c6cb277b1aa3b.tar.zst freebsd-ports-gnome-690f5ef236046c0c64d663c3f15c6cb277b1aa3b.zip | |
- update to 2.4.9
- enforcing use libapr-1.so.5 (apr-1.5.0 instead apr-1.4.8)
Changes with Apache 2.4.9
*) mod_ssl: Work around a bug in some older versions of OpenSSL that
would cause a crash in SSL_get_certificate for servers where the
certificate hadn't been sent. [Stephen Henson]
*) mod_lua: Add a fixups hook that checks if the original request is intended
for LuaMapHandler. This fixes a bug where FallbackResource invalidates the
LuaMapHandler directive in certain cases by changing the URI before the map
handler code executes [Daniel Gruno, Daniel Ferradal <dferradal gmail com>].
Changes with Apache 2.4.8
*) SECURITY: CVE-2014-0098 (cve.mitre.org)
Clean up cookie logging with fewer redundant string parsing passes.
Log only cookies with a value assignment. Prevents segfaults when
logging truncated cookies.
[William Rowe, Ruediger Pluem, Jim Jagielski]
*) SECURITY: CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests
[Amin Tora <Amin.Tora neustar.biz>]
*) core: Support named groups and backreferences within the LocationMatch,
DirectoryMatch, FilesMatch and ProxyMatch directives. (Requires
non-ancient PCRE library) [Graham Leggett]
*) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]
*) mod_dir: Add DirectoryCheckHandler to allow a 2.2-like behavior, skipping
execution when a handler is already set. PR53929. [Eric Covener]
*) mod_ssl: Do not perform SNI / Host header comparison in case of a
forward proxy request. [Ruediger Pluem]
*) mod_ssl: Remove the hardcoded algorithm-type dependency for the
SSLCertificateFile and SSLCertificateKeyFile directives, to enable
future algorithm agility, and deprecate the SSLCertificateChainFile
directive (obsoleted by SSLCertificateFile). [Kaspar Brand]
*) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
and IgnoreInherit to allow RewriteRules to be pushed from parent scopes
to child scopes without explicitly configuring each child scope.
PR56153. [Edward Lu <Chaosed0 gmail com>]
*) prefork: Fix long delays when doing a graceful restart.
PR 54852 [Jim Jagielski, Arkadiusz Miskiewicz <arekm maven pl>]
*) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick]
*) mod_proxy_wstunnel: Avoid busy loop on client errors, drop message
IDs 02445, 02446, and 02448 to TRACE1 from DEBUG. PR 56145.
[Joffroy Christen <joffroy.christen solvaxis com>, Eric Covener]
*) mod_remoteip: Correct the trusted proxy match test. PR 54651.
[Yoshinori Ehara <yoshinori ehara gmail com>, Eugene L <eugenel amazon com>]
*) mod_proxy_fcgi: Fix error message when an unexpected protocol version
number is received from the application. PR 56110. [Jeff Trawick]
*) mod_remoteip: Use the correct IP addresses to populate the proxy_ips field.
PR 55972. [Mike Rumph]
*) mod_lua: Update r:setcookie() to accept a table of options and add domain,
path and httponly to the list of options available to set.
PR 56128 [Edward Lu <Chaosed0 gmail com>, Daniel Gruno]
*) mod_lua: Fix r:setcookie() to add, rather than replace,
the Set-Cookie header. PR56105
[Kevin J Walters <kjw ms com>, Edward Lu <Chaosed0 gmail com>]
*) mod_lua: Allow for database results to be returned as a hash with
row-name/value pairs instead of just row-number/value. [Daniel Gruno]
*) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to
%{REMOTE_ADDR}. PR 56094. [Edward Lu <Chaosed0 gmail com>]
*) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
save the socket for reuse by the next worker as if it were an
APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]
*) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a URL
that was just rewritten by mod_rewrite. PR53929. [Eric Covener]
*) mod_session: When we have a session we were unable to decode,
behave as if there was no session at all. [Thomas Eckert
<thomas.r.w.eckert gmail com>]
*) mod_session: Fix problems interpreting the SessionInclude and
SessionExclude configuration. PR 56038. [Erik Pearson
<erik adaptations.com>]
*) mod_authn_core: Allow <AuthnProviderAlias>'es to be seen from auth
stanzas under virtual hosts. PR 55622. [Eric Covener]
*) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
30 seconds timeout. [Jan Kaluza]
*) mod_proxy: Added support for unix domain sockets as the
backend server endpoint [Jim Jagielski, Blaise Tarr
<blaise tarr gmail com>]
*) build: only search for modules (config*.m4) in known subdirectories, see
build/config-stubs. [Stefan Fritsch]
*) mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk.
PR 55833. [Eric Covener]
*) mod_ssl: Add support for OpenSSL configuration commands by introducing
the SSLOpenSSLConfCmd directive. [Stephen Henson, Kaspar Brand]
*) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
is equivalent to <ProxyMatch wildcard-url>. [Christophe Jaillet]
*) mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
require directives. [Graham Leggett]
*) mod_proxy_http: Core dumped under high load. PR 50335.
[Jan Kaluza <jkaluza redhat.com>]
*) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
previously limited to 64MB. [Jens Låås <jelaas gmail.com>]
*) mod_lua: Use binary copy when dealing with uploads through r:parsebody()
to prevent truncating files. [Daniel Gruno]
Changes with Apache 2.4.7
*) APR 1.5.0 or later is now required for the event MPM.
*) slotmem_shm: Error detection. [Jim Jagielski]
*) event: Use skiplist data structure. [Jim Jagielski]
*) event: Fail at startup with message AP02405 if the APR atomic
implementation is not compatible with the MPM. [Jim Jagielski]
*) mpm_unix: Add ap_mpm_podx_* implementation to avoid code duplication
and align w/ trunk. [Jim Jagielski]
*) Fix potential rejection of valid MaxMemFree and ThreadStackSize
directives. [Mike Rumph <mike.rumph oracle.com>]
*) mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
An individual envvar with an encoded length of more than 16K will be
omitted. [Jeff Trawick]
*) mod_proxy_fcgi: Handle reading protocol data that is split between
packets. [Jeff Trawick]
*) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
allowing custom parameters to be configured via SSLCertificateFile,
and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
Unless custom parameters are configured, the standardized parameters
are applied based on the certificate's RSA/DSA key size. [Kaspar Brand]
*) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand]
*) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
keys, and unconditionally disable aNULL, eNULL and EXP ciphers
(not overridable via SSLCipherSuite). [Kaspar Brand]
*) mod_proxy: Added support for unix domain sockets as the
backend server endpoint [Jim Jagielski, Blaise Tarr
<blaise tarr gmail com>]
*) Add experimental cmake-based build system for Windows. [Jeff Trawick,
Tom Donovan]
*) event MPM: Fix possible crashes (third party modules accessing c->sbh)
or occasional missed mod_status updates for some keepalive requests
under load. [Eric Covener]
*) mod_authn_socache: Support optional initialization arguments for
socache providers. [Chris Darroch]
*) mod_session: Reset the max-age on session save. PR 47476. [Alexey
Varlamov <alexey.v.varlamov gmail com>]
*) mod_session: After parsing the value of the header specified by the
SessionHeader directive, remove the value from the response. PR 55279.
[Graham Leggett]
*) mod_headers: Allow for format specifiers in the substitution string
when using Header edit. [Daniel Ruggeri]
*) mod_dav: dav_resource->uri is treated as unencoded. This was an
unnecessary ABI changed introduced in 2.4.6. PR 55397.
*) mod_dav: Don't require lock tokens for COPY source. PR 55306.
*) core: Don't truncate output when sending is interrupted by a signal,
such as from an exiting CGI process. PR 55643. [Jeff Trawick]
*) WinNT MPM: Exit the child if the parent process crashes or is terminated.
[Oracle Corporation]
*) Windows: Correct failure to discard stderr in some error log
configurations. (Error message AH00093) [Jeff Trawick]
*) mod_session_crypto: Allow using exec: calls to obtain session
encryption key. [Daniel Ruggeri]
*) core: Add missing Reason-Phrase in HTTP response headers.
PR 54946. [Rainer Jung]
*) mod_rewrite: Make rewrite websocket-aware to allow proxying.
PR 55598. [Chris Harris <chris.harris kitware com>]
*) mod_ldap: When looking up sub-groups, use an implicit objectClass=*
instead of an explicit cn=* filter. [David Hawes <dhawes vt.edu>]
*) ab: Add wait time, fix processing time, and output write errors only if
they occured. [Christophe Jaillet]
*) worker MPM: Don't forcibly kill worker threads if the child process is
exiting gracefully. [Oracle Corporation]
*) core: apachectl -S prints wildcard name-based virtual hosts twice.
PR54948 [Eric Covener]
*) mod_auth_basic: Add AuthBasicUseDigestAlgorithm directive to
allow migration of passwords from digest to basic authentication.
[Chris Darroch]
*) ab: Add a new -l parameter in order not to check the length of the responses.
This can be usefull with dynamic pages.
PR9945, PR27888, PR42040 [<ccikrs1 cranbrook edu>]
*) Suppress formatting of startup messages written to the console when
ErrorLogFormat is used. [Jeff Trawick]
*) mod_auth_digest: Be more specific when the realm mismatches because the
realm has not been specified. [Graham Leggett]
*) mod_proxy: Add a note in the balancer manager stating whether changes
will or will not be persisted and whether settings are inherited.
[Daniel Ruggeri, Jim Jagielski]
*) mod_cache: Avoid a crash with strcmp() when the hostname is not provided.
[Graham Leggett]
*) core: Add util_fcgi.h and associated definitions and support
routines for FastCGI, based largely on mod_proxy_fcgi.
[Jeff Trawick]
*) mod_headers: Add 'Header note header-name note-name' for copying a response
headers value into a note. [Eric Covener]
*) mod_headers: Add 'setifempty' command to Header and RequestHeader.
[Eric Covener]
*) mod_logio: new format-specifier %S (sum) which is the sum of received
and sent byte counts.
PR54015 [Christophe Jaillet]
*) mod_deflate: Improve error detection when decompressing request bodies
with trailing garbage: handle case where trailing bytes are in
the same bucket. [Rainer Jung]
*) mod_authz_groupfile, mod_authz_user: Reduce severity of AH01671 and AH01663
from ERROR to DEBUG, since these modules do not know what mod_authz_core
is doing with their AUTHZ_DENIED return value. [Eric Covener]
*) mod_ldap: add TRACE5 for LDAP retries. [Eric Covener]
*) mod_ldap: retry on an LDAP timeout during authn. [Eric Covener]
*) mod_ldap: Change "LDAPReferrals off" to actually set the underlying LDAP
SDK option to OFF, and introduce "LDAPReferrals default" to take the SDK
default, sans rebind authentication callback.
[Jan Kaluza <kaluze AT redhat.com>]
*) core: Log a message at TRACE1 when the client aborts a connection.
[Eric Covener]
*) WinNT MPM: Don't crash during child process initialization if the
Listen protocol is unrecognized. [Jeff Trawick]
*) modules: Fix some compiler warnings. [Guenter Knauf]
*) Sync 2.4 and trunk
- Avoid some memory allocation and work when TRACE1 is not activated
- fix typo in include guard
- indent
- No need to lower the string before removing the path, it is just a waste of time...
- Save a few cycles
[Christophe Jaillet <christophe.jaillet wanadoo.fr>]
*) mod_filter: Add "change=no" as a proto-flag to FilterProtocol
to remove a providers initial flags set at registration time.
[Eric Covener]
*) core, mod_ssl: Enable the ability for a module to reverse the sense of
a poll event from a read to a write or vice versa. This is a step on
the way to allow mod_ssl taking full advantage of the event MPM.
[Graham Leggett]
*) Makefile.win: Install proper pcre DLL file during debug build install.
PR 55235. [Ben Reser <ben reser org>]
*) mod_ldap: Fix a potential memory leak or corruption. PR 54936.
[Zhenbo Xu <zhenbo1987 gmail com>]
*) ab: Fix potential buffer overflows when processing the T and X
command-line options. PR 55360.
[Mike Rumph <mike.rumph oracle.com>]
*) fcgistarter: Specify SO_REUSEADDR to allow starting a server
with old connections in TIME_WAIT. [Jeff Trawick]
*) core: Add open_htaccess hook which, in conjunction with dirwalk_stat
and post_perdir_config (introduced in 2.4.5), allows mpm-itk to be
used without patches to httpd core. [Stefan Fritsch]
*) support/htdbm: fix processing of -t command line switch. Regression
introduced in 2.4.4
PR 55264 [Jo Rhett <jrhett netconsonance com>]
*) mod_lua: add websocket support via r:wsupgrade, r:wswrite, r:wsread
and r:wsping. [Daniel Gruno]
*) mod_lua: add support for writing/reading cookies via r:getcookie and
r:setcookie. [Daniel Gruno]
*) mod_lua: If the first yield() of a LuaOutputFilter returns a string, it should
be prefixed to the response as documented. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
*) mod_lua: Remove ETAG, Content-Length, and Content-MD5 when a LuaOutputFilter
is configured without mod_filter. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
*) mod_lua: Register LuaOutputFilter scripts as changing the content and
content-length by default, when run my mod_filter. Previously,
growing or shrinking a response that started with Content-Length set
would require mod_filter and FilterProtocol change=yes. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
*) mod_lua: Return a 500 error if a LuaHook* script doesn't return a
numeric return code. [Eric Covener]
Note: Not present in 2.4.7 CHANGES
Diffstat (limited to 'www')
| -rw-r--r-- | www/apache24/Makefile | 8 | ||||
| -rw-r--r-- | www/apache24/distinfo | 4 | ||||
| -rw-r--r-- | www/apache24/files/patch-bug55306 | 46 | ||||
| -rw-r--r-- | www/apache24/pkg-plist | 1 |
4 files changed, 7 insertions, 52 deletions
diff --git a/www/apache24/Makefile b/www/apache24/Makefile index c3f2fdf81ff6..7c13afede7d3 100644 --- a/www/apache24/Makefile +++ b/www/apache24/Makefile @@ -1,8 +1,8 @@ # $FreeBSD$ PORTNAME= apache24 -PORTVERSION= 2.4.6 -PORTREVISION= 1 +PORTVERSION= 2.4.9 +#PORTREVISION= 1 CATEGORIES= www ipv6 MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} DISTNAME= httpd-${PORTVERSION} @@ -12,14 +12,14 @@ MAINTAINER= apache@FreeBSD.org COMMENT= Version 2.4.x of Apache web server LIB_DEPENDS= libexpat.so:${PORTSDIR}/textproc/expat2 \ - libapr-1.so:${PORTSDIR}/devel/apr1 \ + libapr-1.so.5:${PORTSDIR}/devel/apr1 \ libpcre.so:${PORTSDIR}/devel/pcre CONFLICTS_INSTALL= caudium14-1.* \ apache-*-2.2.* apache22-* USE_APACHE= common24 -USES= iconv perl5 +USES= iconv perl5 tar:bzip2 USE_PERL5= run USE_AUTOTOOLS= autoconf libtool USE_RC_SUBR= apache24 htcacheclean diff --git a/www/apache24/distinfo b/www/apache24/distinfo index 30c15d79eb35..b409cec0853a 100644 --- a/www/apache24/distinfo +++ b/www/apache24/distinfo @@ -1,2 +1,2 @@ -SHA256 (apache24/httpd-2.4.6.tar.gz) = b704d6ae3d17f7c56dd49d617f7fde0ade34fa913e78dd14ebaab0992efbc9cf -SIZE (apache24/httpd-2.4.6.tar.gz) = 6700153 +SHA256 (apache24/httpd-2.4.9.tar.bz2) = f78cc90dfa47caf3d83ad18fd6b4e85f237777c1733fc9088594b70ce2847603 +SIZE (apache24/httpd-2.4.9.tar.bz2) = 4994460 diff --git a/www/apache24/files/patch-bug55306 b/www/apache24/files/patch-bug55306 deleted file mode 100644 index bdacfdf98836..000000000000 --- a/www/apache24/files/patch-bug55306 +++ /dev/null @@ -1,46 +0,0 @@ ---- ./modules/dav/main/util.c.orig 2013-11-24 21:27:34.000000000 +0100 -+++ ./modules/dav/main/util.c 2013-11-24 21:28:13.000000000 +0100 -@@ -954,13 +954,16 @@ - /* - ** For methods other than LOCK: - ** -- ** If we have no locks, then <seen_locktoken> can be set to true -- -+ ** If we have no locks or if the resource is not being modified -+ ** (per RFC 4918 the lock token is not required on resources -+ ** we are not changing), then <seen_locktoken> can be set to true -- - ** pretending that we've already met the requirement of seeing one - ** of the resource's locks in the If: header. - ** - ** Otherwise, it must be cleared and we'll look for one. - */ -- seen_locktoken = (lock_list == NULL); -+ seen_locktoken = (lock_list == NULL -+ || flags & DAV_VALIDATE_NO_MODIFY); - } - - /* ---- ./modules/dav/main/mod_dav.h.orig 2013-11-24 21:28:30.000000000 +0100 -+++ ./modules/dav/main/mod_dav.h 2013-11-24 21:29:00.000000000 +0100 -@@ -1297,6 +1297,9 @@ - the 424 DAV:response */ - #define DAV_VALIDATE_USE_424 0x0080 /* return 424 status, not 207 */ - #define DAV_VALIDATE_IS_PARENT 0x0100 /* for internal use */ -+#define DAV_VALIDATE_NO_MODIFY 0x0200 /* resource is not being modified -+ so allow even if lock token -+ is not provided */ - - /* Lock-null related public lock functions */ - DAV_DECLARE(int) dav_get_resource_state(request_rec *r, ---- ./modules/dav/main/mod_dav.c.orig 2013-11-24 21:29:13.000000000 +0100 -+++ ./modules/dav/main/mod_dav.c 2013-11-24 21:37:17.000000000 +0100 -@@ -2765,7 +2765,9 @@ - */ - if ((err = dav_validate_request(r, resource, depth, NULL, - &multi_response, -- DAV_VALIDATE_PARENT -+ (is_move ? DAV_VALIDATE_PARENT -+ : DAV_VALIDATE_RESOURCE -+ | DAV_VALIDATE_NO_MODIFY) - | DAV_VALIDATE_USE_424, - NULL)) != NULL) { - err = dav_push_error(r->pool, err->status, 0, diff --git a/www/apache24/pkg-plist b/www/apache24/pkg-plist index 8f6e788b1023..3b14da652c6c 100644 --- a/www/apache24/pkg-plist +++ b/www/apache24/pkg-plist @@ -63,6 +63,7 @@ include/apache24/util_cfgtree.h include/apache24/util_charset.h include/apache24/util_cookies.h include/apache24/util_ebcdic.h +include/apache24/util_fcgi.h include/apache24/util_filter.h include/apache24/util_ldap.h include/apache24/util_md5.h |