| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
testing it.
|
|
|
|
|
|
Major changes since 1.3.28:
Security vulnerabilities
* CAN-2003-0542 (cve.mitre.org)
Fix buffer overflows in mod_alias and mod_rewrite which occurred if
one configured a regular expression with more than 9 captures.
Bugs fixed
The following noteworthy bugs were found in Apache 1.3.28 (or earlier)
and have been fixed in Apache 1.3.29:
* Within ap_bclose(), ap_pclosesocket() is now called
* consistently
for sockets and ap_pclosef() for files. Also, closesocket()
is used consistenly to close socket fd's. The previous
confusion between socket and file fd's would cause problems
with some applications now that we proactively close fd's to
prevent leakage.
* Fixed mod_usertrack to not get false positive matches on the
user-tracking cookie's name.
* Prevent creation of subprocess Zombies when using CGI wrappers
such as suEXEC and cgiwrap.
|
|
mod_rewrite and mod_alias, referenced CAN-2003-0542. Bump PKGREVISION.
|
|
|
|
|
|
|
|
USE_PKGSRC_GCC as appropriate, as this is handled by compiler.mk now.
|
|
|
|
This version of Apache is principally a security and bug fix release.
Of particular note is that 1.3.28 addresses and fixes the following
issues: CAN-2003-0460 (cve.mitre.org) (rotatelogs bug), VU#379828
(infinite loop potential), and file descriptor leakage .
|
|
|
|
|
|
${LINK_ALL_LIBGCC_HACK}
|
|
Should anybody feel like they could be the maintainer for any of thewe packages,
please adjust.
|
|
|
|
-Wl,--whole-archive.
|
|
|
|
can resolve the required symbols.
|
|
|
|
Makefiles simply need to use this value often, for better or for
worse.
(2) Create a new variable FIX_RPATH that lists variables that should
be cleansed of -R or -rpath values if ${_USE_RPATH} is "no". By
default, FIX_RPATH contains LIBS, X11_LDFLAGS, and LDFLAGS, and
additional variables may be appended from package Makefiles.
|
|
|
|
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
|
|
present, rather than installing databases/db (affects NetBSD, Linux,
Darwin and possibly others).
As suggested by Kimmo Suominen.
|
|
- Add libmm support as per apache pkg.
Bump PKGREVISION.
|
|
|
|
the precedence of the contents of this file changes depending on whether
it's started at boot time or started manually, and it's not really
necessary to add the extra complexity since it's valid (and easier) to just
set apache_start in /etc/rc.conf.
|
|
Use "${NONBINMODE}" instead of mode "0" so that "pkg_admin check" still
works for a normal user. Also invoke "chmod" only once because fork()
and exec() is expensive on certain platforms.
|
|
|
|
chmod 0 libexec/cgi-bin/{printenv,test-cgi} (to make nessus happy).
|
|
|
|
Previously, if apache_start was set in /etc/rc.conf and /etc/rc.d/apache was
loaded as part of the /etc/rc start sequence, apache_start's value would
be overridden by "apache_start=start" in this script, because /etc/rc.conf
would have already been loaded and load_rc_config() would not reload it again.
This problem would not have been seen if /etc/rc.d/apache was started
manually, or /etc/rc.conf.d/apache or @PKG_SYSCONFDIR@/apache_start.conf
was used to set apache_start.
(I am using /etc/rc.conf, and was wondering why apache wasn't starting
with ssl support at boot, but worked after a manual restart...)
|
|
discovered in version 1.3.26 including these security fixes:
- SECURITY: CAN-2002-0840 (cve.mitre.org)
Prevent a cross-site scripting vulnerability in the default
error page. The issue could only be exploited if the directive
UseCanonicalName is set to Off and a server is being run at
a domain that allows wildcard DNS. [Matthew Murphy]
- SECURITY CAN-2002-0843 (cve.mitre.org)
Fix some possible overflows in ab.c that could be exploited by
a malicious server. Reported by David Wagner. [Jim Jagielski]
- SECURITY CAN-2002-0839 (cve.mitre.org)
Add the new directive 'ShmemUIDisUser'. By default, Apache
will no longer set the uid/gid of SysV shared memory scoreboard
to User/Group, and it will therefore stay the uid/gid of
the parent Apache process. This is actually the way it should
be, however, some implementations may still require this, which
can be enabled by 'ShmemUIDisUser On'. Reported by iDefense.
[Jim Jagielski]
|
|
problems when it is not enabled, notably mod_perl. Fixes pkg/18070
from myself, ok'd by wiz.
Bump PKGREVISION.
|
|
script handling and using @RCD_SCRIPTS_SHELL@.
as discussed with jlam.
|
|
|
|
have been converted to USE_BUILDLINK2.
|
|
|
|
Give Apache a user and group by default, not only with suexec.
The variables for this have changed from APACHE_SUEXEC_USER and
APACHE_SUEXEC_GROUP to APACHE_USER and APACHE_GROUP.
Mention 'Apache' in COMMENT.
Use variables for the version number instead of copying it around.
Bump PKGREVISION.
For apache{,6}:
Change paths to /var/httpd instead of /var/spool/httpd.
Honour STRIPFLAG.
Add --without-confadjust as configure argument.
Enable the 'define' module.
For apache:
Enable proxy module on NOPIC platforms.
Some of these changes are based on pkg/17469 by Greg A. Woods, some on
comments by Johnny Lam.
Reviewed by Johnny Lam.
|
|
which reloads the server without killing transfers in progress.
|
|
From: Dawid Szymanski <dawszy@tgr.lubin.edu.pl>
|
|
|
|
|
|
proxy module was disabled as the IPv6 patch for the module is broken.
|
|
that was lost in the previous commit.
"${apache_start}" is the subcommand sent to apachectl to control how
httpd is started. It's value may be overridden in:
@PKG_SYSCONFDIR@/apache_start.conf
/etc/rc.conf
/etc/rc.conf.d/apache,
in order of increasing precedence. Its possible values are "start"
and "startssl", and defaults to "start".
|
|
Noted by Stoned Elipot <seb@netbsd.org> in private email.
|
|
from source instead of installing from a binary package (problem noted in
private email by George Coulouris <george@coulouris.org>.
|
|
functionality on pre-1.5 platforms, as apachectl may always be used instead
for the full control interface.
|
|
--suexec-* configure options that are passed directly to the Apache
configure script. This may be used to tune the suEXEC configuration
in more restrictive ways, e.g. --suexec-uidmin=1000. This solution
is more open-ended than the fix proposed in pkg/14973. Also, we
don't duplicate all of the options from the Apache configure script
in pkgsrc bsd.pkg.defaults.mk. This closes pkg/14973 by Eric
Schnoebelen <eric@cirr.com>
(2) For namespace consistency, deprecate APACHE_USER in favor of
APACHE_SUEXEC_USER. Move APACHE_USER into bsd.pkg.obsolete.mk.
(3) Create the suEXEC user when the functionality is enabled in the server
so that CGI scripts will work properly. This closes pkg/14903 by
Wojciech Puchar <wojtek@3miasto.net>
|
|
automatically, so no need to do it ourselves.
|
