Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 3 Sep 2014 20:51:07 +0000 (UTC)
From:      Olli Hauer <ohauer@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r367234 - in branches/2014Q3/www/apache22: . files
Message-ID:  <201409032051.s83Kp7YN056555@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: ohauer
Date: Wed Sep  3 20:51:07 2014
New Revision: 367234
URL: http://svnweb.freebsd.org/changeset/ports/367234
QAT: https://qat.redports.org/buildarchive/r367234/

Log:
  MFH: r367227
  
  - update to 2.2.29
  - use PTHREAD_LIBS/CFLAGS instead -pthread
  
  Changes with Apache 2.2.29
  http://www.apache.org/dist/httpd/CHANGES_2.2.29
  
    *) Corrected docs/manual pages for new MergeTrailers directive and other
       out of date documentation. [William Rowe]
  
  Changes with Apache 2.2.28
  
    *) SECURITY: CVE-2014-0118 (cve.mitre.org) [1]
       mod_deflate: The DEFLATE input filter (inflates request bodies) now
       limits the length and compression ratio of inflated request bodies to avoid
       denial of service via highly compressed bodies.  See directives
       DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
       and DeflateInflateRatioBurst. [Yann Ylavic, Eric Covener]
  
    *) SECURITY: CVE-2014-0231 (cve.mitre.org) [1]
       mod_cgid: Fix a denial of service against CGI scripts that do
       not consume stdin that could lead to lingering HTTPD child processes
       filling up the scoreboard and eventually hanging the server.  By
       default, the client I/O timeout (Timeout directive) now applies to
       communication with scripts.  The CGIDScriptTimeout directive can be
       used to set a different timeout for communication with scripts.
       [Rainer Jung, Eric Covener, Yann Ylavic]
  
    *) SECURITY: CVE-2014-0226 (cve.mitre.org) [1]
       Fix a race condition in scoreboard handling, which could lead to
       a heap buffer overflow.  [Joe Orton, Eric Covener, Jeff Trawick]
  
    *) SECURITY: CVE-2013-5704 (cve.mitre.org) [2]
       core: HTTP trailers could be used to replace HTTP headers
       late during request processing, potentially undoing or
       otherwise confusing modules that examined or modified
       request headers earlier.  Adds "MergeTrailers" directive to restore
       legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
  
    *) core: Detect incomplete request and response bodies, log an error and
       forward it to the underlying filters. PR 55475.  [Yann Ylavic]
  
    *) mod_deflate: Handle Zlib header and validation bytes received in multiple
       chunks. PR 46146. [Yann Ylavic]
  
    *) mod_proxy: Don't reuse a SSL backend connection whose requested SNI
       differs. PR 55782.  [Yann Ylavic]
  
    *) mod_deflate: Fix inflation of files larger than 4GB. PR 56062.
       [Lukas Bezdicka <social v3.sk>]
  
    *) mod_dav: Fix improper encoding in PROPFIND responses.  PR 56480.
       [Ben Reser]
  
    *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
       resumed by TLS session resumption (RFC 5077). [Rainer Jung]
  
    *) mod_proxy_ajp: Forward local IP address as a custom request attribute
       like we already do for the remote port. [Rainer Jung]
  
    *) mod_deflate: Don't fail when flushing inflated data to the user-agent
       and that coincides with the end of stream ("Zlib error flushing inflate
       buffer"). PR 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]
  
    *) mod_cache, mod_disk_cache: With CacheLock enabled, responses with a Vary
       header might not get the benefit of the thundering herd protection due to
       an incorrect internal cache key.  PR 50317.
       [Ruediger Pluem, Jan Kaluza, Yann Ylavic]
  
    *) mod_rewrite: Support session cookies with the CO= flag when later
       parameters are used.  The doc for this implied the feature had been
       backported for quite some time.  PR56014 [Eric Covener]
  
    *) mod_cache: Don't remove stale cache entries that cannot be conditionally
       revalidated. This prevents the thundering herd protection from serving
       stale responses during a revalidation. PR 50317.
       [Eric Covener, Jan Kaluza,  Ruediger Pluem]
  
    *) core: Increase TCP_DEFER_ACCEPT socket option to from 1 to 30 seconds.
       PR 41270. [Dean Gaudet <dean arctic org>]
  
  [1] CVE issues already fixed since FreeBSD-ports r362845
  [2] new CVE-2013-5704 issue fixed in 2.2.29
  
  Approved by:    portmgr (erwin@)
  Security:	f927e06c-1109-11e4-b090-20cf30e32f6d
  Security:	CVE-2013-5704

Deleted:
  branches/2014Q3/www/apache22/files/patch-CVE-2014-0118__mod_deflate.c
  branches/2014Q3/www/apache22/files/patch-CVE-2014-0226__scoreboard.c
  branches/2014Q3/www/apache22/files/patch-CVE-2014-0231__mod_cgid.c
Modified:
  branches/2014Q3/www/apache22/Makefile
  branches/2014Q3/www/apache22/Makefile.modules
  branches/2014Q3/www/apache22/distinfo
Directory Properties:
  branches/2014Q3/   (props changed)

Modified: branches/2014Q3/www/apache22/Makefile
==============================================================================
--- branches/2014Q3/www/apache22/Makefile	Wed Sep  3 20:49:19 2014	(r367233)
+++ branches/2014Q3/www/apache22/Makefile	Wed Sep  3 20:51:07 2014	(r367234)
@@ -1,8 +1,8 @@
 # $FreeBSD$
 
 PORTNAME=	apache22
-PORTVERSION=	2.2.27
-PORTREVISION?=	6
+PORTVERSION=	2.2.29
+PORTREVISION?=	0
 CATEGORIES=	www ipv6
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD}
 DISTNAME=	httpd-${PORTVERSION}

Modified: branches/2014Q3/www/apache22/Makefile.modules
==============================================================================
--- branches/2014Q3/www/apache22/Makefile.modules	Wed Sep  3 20:49:19 2014	(r367233)
+++ branches/2014Q3/www/apache22/Makefile.modules	Wed Sep  3 20:51:07 2014	(r367234)
@@ -101,18 +101,19 @@ CONFIGURE_ARGS+=	--enable-exception-hook
 
 .if ${PORT_OPTIONS:MAUTH_BASIC} || ${PORT_OPTIONS:MAUTH_DIGEST}
 .  if !${APACHE_MODULES:MAUTHN*}
-IGNORE=	AUTH_BASIC and AUTH_DIGEST need at last one AUTHN provider	
-.  endif	
+IGNORE=	AUTH_BASIC and AUTH_DIGEST need at least one AUTHN provider
+.  endif
 .endif
 
 .if ${PORT_OPTIONS:MAUTH_BASIC}
 .  if !${APACHE_MODULES:MAUTHZ*}
-IGNORE=	AUTH_BASIC need at last one AUTHZ provider	
-.  endif	
+IGNORE=	AUTH_BASIC need at least one AUTHZ provider
+.  endif
 .endif
 
 .if defined(APR_HAS_THREADS)
-LDFLAGS+=	-pthread
+CFLAGS+=	${PTHREAD_CFLAGS}
+LDFLAGS+=	${PTHREAD_LIBS}
 .else
 .  if exists(${APR_CONFIG}) && ${PORT_OPTIONS:MMEM_CACHE}
 IGNORE=	MEM_CACHE requires APR threads. Please rebuild APR with THREAD support

Modified: branches/2014Q3/www/apache22/distinfo
==============================================================================
--- branches/2014Q3/www/apache22/distinfo	Wed Sep  3 20:49:19 2014	(r367233)
+++ branches/2014Q3/www/apache22/distinfo	Wed Sep  3 20:51:07 2014	(r367234)
@@ -1,2 +1,2 @@
-SHA256 (apache22/httpd-2.2.27.tar.bz2) = 205973ded6ca55c056ce9c84d73ab708f7829f330193bd39b651463b8d4f8147
-SIZE (apache22/httpd-2.2.27.tar.bz2) = 5616798
+SHA256 (apache22/httpd-2.2.29.tar.bz2) = 574b4f994b99178dfd5160bcb14025402e2ce381be9889b83e4be0ffbf5839a4
+SIZE (apache22/httpd-2.2.29.tar.bz2) = 5625498



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409032051.s83Kp7YN056555>