Commit Graph

28 Commits

Author SHA1 Message Date
pea
9b749c36f3 Fix CVE-2010-1452
ok sthen@, landry@
2011-02-12 21:05:38 +00:00
espie
e50b98837f new depends 2010-11-22 08:36:47 +00:00
sthen
89d5cdea52 new-style LIB_DEPENDS/REVISION/WANTLIB 2010-11-11 12:35:09 +00:00
espie
c82c4422b0 USE_GROFF=Yes 2010-10-19 08:02:53 +00:00
robert
0be52ed9fc update to 2.2.15 2010-06-27 17:27:03 +00:00
bernd
a9f214f6ce Security update to apache-httpd-2.2.14. (CVE-2009-3095, CVE-2009-3094) 2009-12-01 13:38:23 +00:00
fkr
8d5431b8ad Update to 2.2.13
SECURITY: CVE-2009-2412, CVE-2009-1891, CVE-2009-1195, CVE-2009-1890,
CVE-2009-1191, CVE-2009-0023, CVE-2009-1955, CVE-2009-1956

Update the Makefile to properly depend on the mt version of apr-util
in ldap flavour. (from bernd@)

ok jasper@, ajacoutot@
2009-08-30 18:06:07 +00:00
claudio
2783510601 Enable suexec for apache2 with these config changes:
- install the binary under ${TRUEPREFIX}/sbin/suexec2
- change suexec-caller to _apache2
- log to /var/log/suexec2_log similar to the suexec in base
Inputs and OK sthen@, simon@
2009-05-15 15:46:58 +00:00
bernd
6ce3f0a929 Update to apache-httpd-2.2.11.
Lots of bugfixes and a security fix for CVE-2008-2939.

Enable usage of the threaded apr which is needed for
an upcoming port.

ok simon@
2009-04-09 18:36:00 +00:00
bernd
8ce0f5af89 Security update to apache-httpd-2.2.9. (CVE-2008-2364 and CVE-2007-6420)
http://www.apache.org/dist/httpd/CHANGES_2.2.9

Also fix LIB_DEPENDS and use the external pcre library instead of the shipped
one.

ok dlg@, simon@, merdely@ (pre-lock)
2008-09-02 22:05:23 +00:00
bernd
9573f43ea2 Security update to apache2 2.2.8.
(CVE-2007-6420, CVE-2007-6421, CVE-2007-6422, CVE-2007-6423,
CVE-2008-0005, CVE-2007-6388)

http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059626.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059560.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059561.html

ok dlg@
2008-01-28 19:48:47 +00:00
steven
4daf2ccd25 SECURITY update to 2.2.6
fixes various vulnerabilities:
CVE-2007-3847, CVE-2007-1863, CVE-2007-3304, CVE-2006-5752, CVE-2007-1862

more details can be found at:
http://www.apache.org/dist/httpd/CHANGES_2.2.6

ok merdely@
2007-09-19 05:47:36 +00:00
merdely
bbe11aa1ab Added ldap flavor which includes mod_authnz_ldap + mod_ldap
Removed quotes around COMMENT while here.

From Peter Hessler with tweaks by me.
Advice from Brad.  Help from deanna@, simon@.
ok dlg@, simon@
2007-09-06 07:33:53 +00:00
espie
d4ebcd974d more base64 checksums 2007-04-05 17:26:05 +00:00
deanna
57d706b321 Update to 2.2.4. This is principally a bugfix release. See
Changelog: http://www.apache.org/dist/httpd/CHANGES_2.2

While here, regen patches with the new diff.

ok dlg
2007-03-25 17:40:55 +00:00
deanna
27566592b4 Append a 2 to every mention of anything that exists in both the base
httpd and this port.  Hopefully we got them all.

Requested by robert@, ok dlg@.
2007-01-16 01:12:26 +00:00
dlg
7dd9c0c081 enable the cache, disk_cache, and all the proxy modules. mem_cache wont
build since we arent using a threaded worker.

requested by ssehic
2007-01-09 11:18:13 +00:00
dlg
5c49bbc66e enable all the modules, and build them as shared objects. mark the port
SHARED_ONLY.

ok robert@
2007-01-09 10:47:37 +00:00
dlg
10d98a6ab0 switch apache2 from a gnu style configure to a simple one so we can
define prefix the way apache likes it.

this is because apache2 has a different understanding of what the prefix
means, and our understanding and application of it on this port leads to
extremely confused paths in a lot of its generated files.

our understanding of prefix is to mean the path at which the binaries,
libs, manpages, and so on are stored, ie, /usr/local. apache2 understands
prefix to mean "install architecture-independent files", or in real terms
the ServerRoot. obviously using /usr/local as the server root when we want
to use /var/apache2 for that purpose is uncomfortable for it, and it leads
to things like broken paths in the default config files and builds of
modules.

ok robert@
2007-01-09 09:56:57 +00:00
dlg
03c4a75eba move the dir with the build files out of /var/apache2 and into
/usr/local/share/apache2.

based on a suggestion from robert@
2007-01-05 22:57:11 +00:00
dlg
25265ec03a revert the part of the previous commit that removed the install of the
build dir. you can build apache 2 modules again now.
2007-01-05 22:22:04 +00:00
deanna
9e2f1377c6 - stop setting SYSCONFDIR
- put config files in /etc/apache2 instead of /var since this is not
chrooted

- make a couple of comments that refer to 'httpd' refer to 'httpd2'
instead

- don't install the build makefiles

ideas from bernd@ and steven@, ok steven@
2006-12-25 20:40:02 +00:00
deanna
772c69e01d To avoid name clashes with the system httpd, configure with program
name httpd2. Rename the support programs and their manual pages
accordingly.

bump pkgname.

ok steven@, bernd@.
2006-12-16 00:41:56 +00:00
steven
bf8b6a685c use MASTER_SITE_APACHE, pointed out by dlg 2006-12-14 11:20:22 +00:00
steven
d8e1b2d90e remove indirect dependency, add libiconv module, adjust WANTLIB, sync plist 2006-12-14 10:22:03 +00:00
steven
2d75bce663 add a few master sites 2006-12-14 09:50:25 +00:00
espie
a7f18bd243 this is wrong. You do not *ever* use @exec for trivial purposes that
can be achieved otherwise.

This probably broke the install, I don't care!

Learn how to use @owner and friends.
2006-12-14 09:31:56 +00:00
deanna
6a36f66820 Bringing this in now so that we can work on it here. Batting tarballs
back and forth in email messages doesn't make any sense when we have a
cvs tree to work in.

So, not hooked into the package builds yet.

Original work and port name from dlg.

ok robert@, dlg@
2006-12-14 07:14:20 +00:00