diff options
| author | ryoon <ryoon@pkgsrc.org> | 2012-08-26 12:37:34 +0000 |
|---|---|---|
| committer | ryoon <ryoon@pkgsrc.org> | 2012-08-26 12:37:34 +0000 |
| commit | 06333ae776b9d9a9c54c9770da7d43e23916f053 (patch) | |
| tree | 03fd17dae39831efeaee3b4fcb0f635f3f9b3971 /www/apache24 | |
| parent | 328295e5705425ddb1850b4580245c420533be75 (diff) | |
| download | pkgsrc-06333ae776b9d9a9c54c9770da7d43e23916f053.tar.gz | |
Update to 2.4.3
* Fix security problems.
* Build three Multi-Processing Model shared libraries,
and select default model with option
* Retire mod_cgi.so module, use mod_cgid.so; Add MESSAGE
Changelog:
Changes with Apache 2.4.3
*) SECURITY: CVE-2012-3502 (cve.mitre.org)
mod_proxy_ajp, mod_proxy_http: Fix an issue in back end
connection closing which could lead to privacy issues due
to a response mixup. PR 53727. [Rainer Jung]
*) SECURITY: CVE-2012-2687 (cve.mitre.org)
mod_negotiation: Escape filenames in variant list to prevent an
possible XSS for a site where untrusted users can upload files to
a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
*) mod_authnz_ldap: Don't try a potentially expensive nested groups
search before exhausting all AuthLDAPGroupAttribute checks on the
current group. PR 52464 [Eric Covener]
*) mod_lua: Add new directive LuaAuthzProvider to allow implementing an
authorization provider in lua. [Stefan Fritsch]
*) core: Be less strict when checking whether Content-Type is set to
"application/x-www-form-urlencoded" when parsing POST data,
or we risk losing data with an appended charset. PR 53698
[Petter Berntsen <petterb gmail.com>]
*) httpd.conf: Added configuration directives to set a bad_DNT environment
variable based on User-Agent and to remove the DNT header field from
incoming requests when a match occurs. This currently has the effect of
removing DNT from requests by MSIE 10.0 because it deliberately violates
the current specification of DNT semantics for HTTP. [Roy T. Fielding]
*) mod_socache_shmcb: Fix bus error due to a misalignment
in some 32 bit builds, especially on Solaris Sparc.
PR 53040. [Rainer Jung]
*) mod_cache: Set content type in case we return stale content.
[Ruediger Pluem]
*) Windows: Fix SSL failures on windows with AcceptFilter https none.
PR 52476. [Jeff Trawick]
*) ab: Fix read failure when targeting SSL server. [Jeff Trawick]
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
- mod_auth_digest: shared memory file
[Jeff Trawick]
*) htpasswd: Use correct file mode for checking if file is writable.
PR 45923. [Stefan Fritsch]
*) mod_rewrite: Fix crash with dbd RewriteMaps. PR 53663. [Mikhail T.
<mi apache aldan algebra com>]
*) mod_ssl: Add new directive SSLCompression to disable TLS-level
compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
*) mod_lua: Add a few missing request_rec fields. Rename remote_ip to
client_ip to match conn_rec. [Stefan Fritsch]
*) mod_lua: Change prototype of vm_construct, to work around gcc bug which
causes a segfault. PR 52779. [Dick Snippe <Dick Snippe tech omroep nl>]
*) mpm_event: Don't count connections in lingering close state when
calculating how many additional connections may be accepted.
[Stefan Fritsch]
*) mod_ssl: If exiting during initialization because of a fatal error,
log a message to the main error log pointing to the appropriate
virtual host error log. [Stefan Fritsch]
*) mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on
one connection. PR 52275. [Naohiro Ooiwa <naohiro ooiwa miraclelinux com>]
*) mod_proxy_balancer: Restore balancing after a failed worker has
recovered when using lbmethod_bybusyness. PR 48735. [Jeff Trawick]
*) mod_setenvif: Compile some global regex only once during startup.
This should save some memory, especially with .htaccess.
[Stefan Fritsch]
*) core: Add the port number to the vhost's name in the scoreboard.
[Stefan Fritsch]
*) mod_proxy: Fix ProxyPassReverse for balancer configurations.
PR 45434. [Joe Orton]
*) mod_lua: Add the parsebody function for parsing POST data. PR 53064.
[Daniel Gruno]
*) apxs: Use LDFLAGS from config_vars.mk in addition to CFLAGS and CPPFLAGS.
[Stefan Fritsch]
*) mod_proxy: Fix memory leak or possible corruption in ProxyBlock
implementation. [Ruediger Pluem, Joe Orton]
*) mod_proxy: Check hostname from request URI against ProxyBlock list,
not forward proxy, if ProxyRemote* is configured. [Joe Orton]
*) mod_proxy_connect: Avoid DNS lookup on hostname from request URI
if ProxyRemote* is configured. PR 43697. [Joe Orton]
*) mpm_event, mpm_worker: Remain active amidst prevalent child process
resource shortages. [Jeff Trawick]
*) Add "strict" and "warnings" pragmas to Perl scripts. [Rich Bowen]
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
- core: the scoreboard (ScoreBoardFile), pid file (PidFile), and
mutexes (Mutex)
[Jim Jagielski]
*) ab: Fix bind() errors. [Joe Orton]
*) mpm_event: Don't do a blocking write when starting a lingering close
from the listener thread. PR 52229. [Stefan Fritsch]
*) mod_so: If a filename without slashes is specified for LoadFile or
LoadModule and the file cannot be found in the server root directory,
try to use the standard dlopen() search path. [Stefan Fritsch]
*) mpm_event, mpm_worker: Fix cases where the spawn rate wasn't reduced
after child process resource shortages. [Jeff Trawick]
*) mpm_prefork: Reduce spawn rate after a child process exits due to
unexpected poll or accept failure. [Jeff Trawick]
*) core: Log value of Status header line in script responses rather
than the fixed header name. [Chris Darroch]
*) mpm_ssl: Fix handling of empty response from OCSP server.
[Jim Meyering <meyering redhat.com>, Joe Orton]
*) mpm_event: Fix handling of MaxConnectionsPerChild. [Stefan Fritsch]
*) mod_authz_core: If an expression in "Require expr" returns denied and
references %{REMOTE_USER}, trigger authentication and retry. PR 52892.
[Stefan Fritsch]
*) core: Always log if LimitRequestFieldSize triggers. [Stefan Fritsch]
*) mod_deflate: Skip compression if compression is enabled at SSL level.
[Stefan Fritsch]
*) core: Add missing HTTP status codes registered with IANA.
[Julian Reschke <julian.reschke gmx.de>, Rainer Jung]
*) mod_ldap: Treat the "server unavailable" condition as a transient
error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]
*) core: Fix spurious "not allowed here" error returned when the Options
directive is used in .htaccess and "AllowOverride Options" (with no
specific options restricted) is configured. PR 53444. [Eric Covener]
*) mod_authz_core: Fix parsing of Require arguments in <AuthzProviderAlias>.
PR 53048. [Stefan Fritsch]
*) mod_log_config: Fix %{abc}C truncating cookie values at first "=".
PR 53104. [Greg Ames]
*) mod_ext_filter: Fix error_log spam when input filters are configured.
[Joe Orton]
*) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]
*) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
[Paul Wouters <pwouters redhat.com>, Joe Orton]
*) core: Use a TLS 1.0 close_notify alert for internal dummy connection if
the chosen listener is configured for https. [Joe Orton]
*) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
forwarding to SSL backends. PR 53134.
[Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
*) mod_info: Display all registered providers. [Stefan Fritsch]
*) mod_ssl: Send the error message for speaking http to an https port using
HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
using SNI. PR 50823. [Stefan Fritsch]
*) core: Fix segfault in logging if r->useragent_addr or c->client_addr is
unset. PR 53265. [Stefan Fritsch]
*) log_server_status: Bring Perl style forward to the present, use
standard modules, update for new format of server-status output.
PR 45424. [Richard Bowen, Dave Brondsema, and others]
*) mod_sed, mod_log_debug, mod_rewrite: Symbol namespace cleanups.
[Joe Orton, André Malo]
*) core: Prevent "httpd -k restart" from killing server in presence of
config error. [Joe Orton]
*) mod_proxy_fcgi: If there is an error reading the headers from the
backend, send an error to the client. PR 52879. [Stefan Fritsch]
Diffstat (limited to 'www/apache24')
| -rw-r--r-- | www/apache24/MESSAGE | 11 | ||||
| -rw-r--r-- | www/apache24/Makefile | 5 | ||||
| -rw-r--r-- | www/apache24/PLIST | 31 | ||||
| -rw-r--r-- | www/apache24/distinfo | 8 | ||||
| -rw-r--r-- | www/apache24/options.mk | 29 |
5 files changed, 54 insertions, 30 deletions
diff --git a/www/apache24/MESSAGE b/www/apache24/MESSAGE new file mode 100644 index 00000000000..de839c10fb7 --- /dev/null +++ b/www/apache24/MESSAGE @@ -0,0 +1,11 @@ +=========================================================================== +$NetBSD: MESSAGE,v 1.1 2012/08/26 12:37:34 ryoon Exp $ + +After apache-2.4.3, --enable-mpms-shared='event prefork worker' is +passed to configure script, then three multi-process model is built +and you can select the model in configuraton file. + +The mod_cgi.so module conflicts with non-prefork multi-process model, +and mod_cgi.so module is not built anymore. +You can use mod_cgid.so module instead. +=========================================================================== diff --git a/www/apache24/Makefile b/www/apache24/Makefile index ab740fd29a6..fbcd2390d75 100644 --- a/www/apache24/Makefile +++ b/www/apache24/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.9 2012/07/11 19:09:18 ryoon Exp $ +# $NetBSD: Makefile,v 1.10 2012/08/26 12:37:34 ryoon Exp $ -DISTNAME= httpd-2.4.2 +DISTNAME= httpd-2.4.3 PKGNAME= ${DISTNAME:S/httpd/apache/} -PKGREVISION= 3 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ http://archive.apache.org/dist/httpd/ \ diff --git a/www/apache24/PLIST b/www/apache24/PLIST index d928bb39945..43b76389435 100644 --- a/www/apache24/PLIST +++ b/www/apache24/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.7 2012/08/20 14:14:16 fhajny Exp $ +@comment $NetBSD: PLIST,v 1.8 2012/08/26 12:37:34 ryoon Exp $ bin/ab bin/apxs bin/dbmmanage @@ -94,8 +94,7 @@ lib/httpd/mod_autoindex.so lib/httpd/mod_buffer.so lib/httpd/mod_cache.so lib/httpd/mod_cache_disk.so -${PLIST.prefork}lib/httpd/mod_cgi.so -${PLIST.worker}lib/httpd/mod_cgid.so +lib/httpd/mod_cgid.so lib/httpd/mod_charset_lite.so lib/httpd/mod_data.so lib/httpd/mod_dav.so @@ -129,9 +128,9 @@ lib/httpd/mod_logio.so ${PLIST.lua}lib/httpd/mod_lua.so lib/httpd/mod_mime.so lib/httpd/mod_mime_magic.so -${PLIST.mpm-shared}lib/httpd/mod_mpm_event.so -${PLIST.mpm-shared}lib/httpd/mod_mpm_prefork.so -${PLIST.mpm-shared}lib/httpd/mod_mpm_worker.so +lib/httpd/mod_mpm_event.so +lib/httpd/mod_mpm_prefork.so +lib/httpd/mod_mpm_worker.so lib/httpd/mod_negotiation.so lib/httpd/mod_proxy.so lib/httpd/mod_proxy_ajp.so @@ -176,13 +175,13 @@ libexec/cgi-bin/test-cgi man/man1/ab.1 man/man1/apxs.1 man/man1/dbmmanage.1 -man/man8/fcgistarter.8 man/man1/htdbm.1 man/man1/htdigest.1 man/man1/htpasswd.1 man/man1/httxt2dbm.1 man/man1/logresolve.1 man/man8/apachectl.8 +man/man8/fcgistarter.8 man/man8/htcacheclean.8 man/man8/httpd.8 man/man8/rotatelogs.8 @@ -533,6 +532,8 @@ share/httpd/manual/developer/hooks.html.en share/httpd/manual/developer/index.html share/httpd/manual/developer/index.html.en share/httpd/manual/developer/index.html.zh-cn +share/httpd/manual/developer/modguide.html +share/httpd/manual/developer/modguide.html.en share/httpd/manual/developer/modules.html share/httpd/manual/developer/modules.html.en share/httpd/manual/developer/modules.html.ja.utf8 @@ -629,6 +630,9 @@ share/httpd/manual/howto/ssi.html.fr share/httpd/manual/howto/ssi.html.ja.utf8 share/httpd/manual/howto/ssi.html.ko.euc-kr share/httpd/manual/images/apache_header.gif +share/httpd/manual/images/build_a_mod_2.png +share/httpd/manual/images/build_a_mod_3.png +share/httpd/manual/images/build_a_mod_4.png share/httpd/manual/images/caching_fig1.gif share/httpd/manual/images/caching_fig1.png share/httpd/manual/images/caching_fig1.tr.png @@ -651,6 +655,8 @@ share/httpd/manual/images/mod_rewrite_fig1.png share/httpd/manual/images/mod_rewrite_fig2.gif share/httpd/manual/images/mod_rewrite_fig2.png share/httpd/manual/images/pixel.gif +share/httpd/manual/images/rewrite_backreferences.png +share/httpd/manual/images/rewrite_process_uri.png share/httpd/manual/images/rewrite_rule_flow.png share/httpd/manual/images/right.gif share/httpd/manual/images/ssl_intro_fig1.gif @@ -895,6 +901,7 @@ share/httpd/manual/mod/mod_dir.html.ko.euc-kr share/httpd/manual/mod/mod_dir.html.tr.utf8 share/httpd/manual/mod/mod_dumpio.html share/httpd/manual/mod/mod_dumpio.html.en +share/httpd/manual/mod/mod_dumpio.html.fr share/httpd/manual/mod/mod_dumpio.html.ja.utf8 share/httpd/manual/mod/mod_echo.html share/httpd/manual/mod/mod_echo.html.en @@ -972,6 +979,7 @@ share/httpd/manual/mod/mod_log_debug.html share/httpd/manual/mod/mod_log_debug.html.en share/httpd/manual/mod/mod_log_forensic.html share/httpd/manual/mod/mod_log_forensic.html.en +share/httpd/manual/mod/mod_log_forensic.html.fr share/httpd/manual/mod/mod_log_forensic.html.ja.utf8 share/httpd/manual/mod/mod_log_forensic.html.tr.utf8 share/httpd/manual/mod/mod_logio.html @@ -1012,12 +1020,14 @@ share/httpd/manual/mod/mod_proxy_express.html share/httpd/manual/mod/mod_proxy_express.html.en share/httpd/manual/mod/mod_proxy_fcgi.html share/httpd/manual/mod/mod_proxy_fcgi.html.en +share/httpd/manual/mod/mod_proxy_fcgi.html.fr share/httpd/manual/mod/mod_proxy_fdpass.html share/httpd/manual/mod/mod_proxy_fdpass.html.en share/httpd/manual/mod/mod_proxy_ftp.html share/httpd/manual/mod/mod_proxy_ftp.html.en share/httpd/manual/mod/mod_proxy_html.html share/httpd/manual/mod/mod_proxy_html.html.en +share/httpd/manual/mod/mod_proxy_html.html.fr share/httpd/manual/mod/mod_proxy_http.html share/httpd/manual/mod/mod_proxy_http.html.en share/httpd/manual/mod/mod_proxy_http.html.fr @@ -1043,6 +1053,7 @@ share/httpd/manual/mod/mod_sed.html.en share/httpd/manual/mod/mod_sed.html.fr share/httpd/manual/mod/mod_session.html share/httpd/manual/mod/mod_session.html.en +share/httpd/manual/mod/mod_session.html.fr share/httpd/manual/mod/mod_session_cookie.html share/httpd/manual/mod/mod_session_cookie.html.en share/httpd/manual/mod/mod_session_crypto.html @@ -1254,6 +1265,8 @@ share/httpd/manual/programs/index.html.es share/httpd/manual/programs/index.html.ko.euc-kr share/httpd/manual/programs/index.html.tr.utf8 share/httpd/manual/programs/index.html.zh-cn +share/httpd/manual/programs/log_server_status.html +share/httpd/manual/programs/log_server_status.html.en share/httpd/manual/programs/logresolve.html share/httpd/manual/programs/logresolve.html.en share/httpd/manual/programs/logresolve.html.ko.euc-kr @@ -1266,6 +1279,8 @@ share/httpd/manual/programs/rotatelogs.html share/httpd/manual/programs/rotatelogs.html.en share/httpd/manual/programs/rotatelogs.html.ko.euc-kr share/httpd/manual/programs/rotatelogs.html.tr.utf8 +share/httpd/manual/programs/split-logfile.html +share/httpd/manual/programs/split-logfile.html.en share/httpd/manual/programs/suexec.html share/httpd/manual/programs/suexec.html.en share/httpd/manual/programs/suexec.html.ko.euc-kr @@ -1364,11 +1379,13 @@ share/httpd/manual/style/css/manual-print.css share/httpd/manual/style/css/manual-zip-100pc.css share/httpd/manual/style/css/manual-zip.css share/httpd/manual/style/css/manual.css +share/httpd/manual/style/css/prettify.css share/httpd/manual/style/faq.dtd share/httpd/manual/style/lang.dtd share/httpd/manual/style/latex/atbeginend.sty share/httpd/manual/style/manualpage.dtd share/httpd/manual/style/modulesynopsis.dtd +share/httpd/manual/style/scripts/prettify.js share/httpd/manual/style/sitemap.dtd share/httpd/manual/style/version.ent share/httpd/manual/suexec.html diff --git a/www/apache24/distinfo b/www/apache24/distinfo index faf330eec84..9b8a698f422 100644 --- a/www/apache24/distinfo +++ b/www/apache24/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.5 2012/07/05 13:11:24 ryoon Exp $ +$NetBSD: distinfo,v 1.6 2012/08/26 12:37:34 ryoon Exp $ -SHA1 (httpd-2.4.2.tar.bz2) = 8d391db515edfb6623c0c7c6ce5c1b2e1f7c64c2 -RMD160 (httpd-2.4.2.tar.bz2) = 1b97ab44075bea0f398f507dacb5f719a87b720b -Size (httpd-2.4.2.tar.bz2) = 4132105 bytes +SHA1 (httpd-2.4.3.tar.bz2) = 0ef1281bb758add937efe61c345287be2f27f662 +RMD160 (httpd-2.4.3.tar.bz2) = 56f18ab27b3a8f27207144fa6d51fd6cdfff473e +Size (httpd-2.4.3.tar.bz2) = 4559279 bytes SHA1 (patch-aa) = 2d92b1340aaae40289421f164346348c6d7fe839 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324 SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d diff --git a/www/apache24/options.mk b/www/apache24/options.mk index 6de5ca76f5f..dfb4653f954 100644 --- a/www/apache24/options.mk +++ b/www/apache24/options.mk @@ -1,9 +1,7 @@ -# $NetBSD: options.mk,v 1.5 2012/08/20 14:14:16 fhajny Exp $ +# $NetBSD: options.mk,v 1.6 2012/08/26 12:37:34 ryoon Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.apache -PKG_OPTIONS_REQUIRED_GROUPS= mpm -PKG_OPTIONS_GROUP.mpm= apache-mpm-event apache-mpm-prefork apache-mpm-worker -PKG_SUPPORTED_OPTIONS= lua suexec apache-mpm-shared +PKG_SUPPORTED_OPTIONS= lua suexec apache-mpm-event apache-mpm-prefork apache-mpm-worker PKG_SUGGESTED_OPTIONS= apache-mpm-prefork .include "../../mk/bsd.options.mk" @@ -18,24 +16,23 @@ PKG_SUGGESTED_OPTIONS= apache-mpm-prefork # prefork non-threaded, pre-forking web server # worker hybrid multi-threaded multi-process web server # -PLIST_VARS+= worker prefork mpm-shared +PLIST_VARS+= worker prefork event + +CONFIGURE_ARGS+= --enable-mpms-shared='event prefork worker' + .if !empty(PKG_OPTIONS:Mapache-mpm-event) CONFIGURE_ARGS+= --with-mpm=event -PLIST.worker= yes -.elif !empty(PKG_OPTIONS:Mapache-mpm-worker) +PLIST.event= yes +.endif + +.if !empty(PKG_OPTIONS:Mapache-mpm-worker) CONFIGURE_ARGS+= --with-mpm=worker PLIST.worker= yes -.else -CONFIGURE_ARGS+= --with-mpm=prefork -. if empty(PKG_OPTIONS:Mapache-mpm-shared) -PLIST.prefork= yes -. endif .endif -.if !empty(PKG_OPTIONS:Mapache-mpm-shared) -CONFIGURE_ARGS+= --enable-mpms-shared='prefork worker event' -PLIST.mpm-shared= yes -PLIST.worker= yes +.if !empty(PKG_OPTIONS:Mapache-mpm-prefork) +CONFIGURE_ARGS+= --with-mpm=prefork +PLIST.prefork= yes .endif BUILD_DEFS+= APACHE_MODULES |