From owner-svn-ports-branches@FreeBSD.ORG Wed Sep 3 20:51:08 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 98C8F449; Wed, 3 Sep 2014 20:51:08 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 83340139E; Wed, 3 Sep 2014 20:51:08 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s83Kp8Do056559; Wed, 3 Sep 2014 20:51:08 GMT (envelope-from ohauer@FreeBSD.org) Received: (from ohauer@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s83Kp7YN056555; Wed, 3 Sep 2014 20:51:07 GMT (envelope-from ohauer@FreeBSD.org) Message-Id: <201409032051.s83Kp7YN056555@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: ohauer set sender to ohauer@FreeBSD.org using -f From: Olli Hauer Date: Wed, 3 Sep 2014 20:51:07 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r367234 - in branches/2014Q3/www/apache22: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Sep 2014 20:51:08 -0000 Author: ohauer Date: Wed Sep 3 20:51:07 2014 New Revision: 367234 URL: http://svnweb.freebsd.org/changeset/ports/367234 QAT: https://qat.redports.org/buildarchive/r367234/ Log: MFH: r367227 - update to 2.2.29 - use PTHREAD_LIBS/CFLAGS instead -pthread Changes with Apache 2.2.29 http://www.apache.org/dist/httpd/CHANGES_2.2.29 *) Corrected docs/manual pages for new MergeTrailers directive and other out of date documentation. [William Rowe] Changes with Apache 2.2.28 *) SECURITY: CVE-2014-0118 (cve.mitre.org) [1] mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst. [Yann Ylavic, Eric Covener] *) SECURITY: CVE-2014-0231 (cve.mitre.org) [1] mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. By default, the client I/O timeout (Timeout directive) now applies to communication with scripts. The CGIDScriptTimeout directive can be used to set a different timeout for communication with scripts. [Rainer Jung, Eric Covener, Yann Ylavic] *) SECURITY: CVE-2014-0226 (cve.mitre.org) [1] Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. [Joe Orton, Eric Covener, Jeff Trawick] *) SECURITY: CVE-2013-5704 (cve.mitre.org) [2] core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener] *) core: Detect incomplete request and response bodies, log an error and forward it to the underlying filters. PR 55475. [Yann Ylavic] *) mod_deflate: Handle Zlib header and validation bytes received in multiple chunks. PR 46146. [Yann Ylavic] *) mod_proxy: Don't reuse a SSL backend connection whose requested SNI differs. PR 55782. [Yann Ylavic] *) mod_deflate: Fix inflation of files larger than 4GB. PR 56062. [Lukas Bezdicka ] *) mod_dav: Fix improper encoding in PROPFIND responses. PR 56480. [Ben Reser] *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions resumed by TLS session resumption (RFC 5077). [Rainer Jung] *) mod_proxy_ajp: Forward local IP address as a custom request attribute like we already do for the remote port. [Rainer Jung] *) mod_deflate: Don't fail when flushing inflated data to the user-agent and that coincides with the end of stream ("Zlib error flushing inflate buffer"). PR 56196. [Christoph Fausak ] *) mod_cache, mod_disk_cache: With CacheLock enabled, responses with a Vary header might not get the benefit of the thundering herd protection due to an incorrect internal cache key. PR 50317. [Ruediger Pluem, Jan Kaluza, Yann Ylavic] *) mod_rewrite: Support session cookies with the CO= flag when later parameters are used. The doc for this implied the feature had been backported for quite some time. PR56014 [Eric Covener] *) mod_cache: Don't remove stale cache entries that cannot be conditionally revalidated. This prevents the thundering herd protection from serving stale responses during a revalidation. PR 50317. [Eric Covener, Jan Kaluza, Ruediger Pluem] *) core: Increase TCP_DEFER_ACCEPT socket option to from 1 to 30 seconds. PR 41270. [Dean Gaudet ] [1] CVE issues already fixed since FreeBSD-ports r362845 [2] new CVE-2013-5704 issue fixed in 2.2.29 Approved by: portmgr (erwin@) Security: f927e06c-1109-11e4-b090-20cf30e32f6d Security: CVE-2013-5704 Deleted: branches/2014Q3/www/apache22/files/patch-CVE-2014-0118__mod_deflate.c branches/2014Q3/www/apache22/files/patch-CVE-2014-0226__scoreboard.c branches/2014Q3/www/apache22/files/patch-CVE-2014-0231__mod_cgid.c Modified: branches/2014Q3/www/apache22/Makefile branches/2014Q3/www/apache22/Makefile.modules branches/2014Q3/www/apache22/distinfo Directory Properties: branches/2014Q3/ (props changed) Modified: branches/2014Q3/www/apache22/Makefile ============================================================================== --- branches/2014Q3/www/apache22/Makefile Wed Sep 3 20:49:19 2014 (r367233) +++ branches/2014Q3/www/apache22/Makefile Wed Sep 3 20:51:07 2014 (r367234) @@ -1,8 +1,8 @@ # $FreeBSD$ PORTNAME= apache22 -PORTVERSION= 2.2.27 -PORTREVISION?= 6 +PORTVERSION= 2.2.29 +PORTREVISION?= 0 CATEGORIES= www ipv6 MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} DISTNAME= httpd-${PORTVERSION} Modified: branches/2014Q3/www/apache22/Makefile.modules ============================================================================== --- branches/2014Q3/www/apache22/Makefile.modules Wed Sep 3 20:49:19 2014 (r367233) +++ branches/2014Q3/www/apache22/Makefile.modules Wed Sep 3 20:51:07 2014 (r367234) @@ -101,18 +101,19 @@ CONFIGURE_ARGS+= --enable-exception-hook .if ${PORT_OPTIONS:MAUTH_BASIC} || ${PORT_OPTIONS:MAUTH_DIGEST} . if !${APACHE_MODULES:MAUTHN*} -IGNORE= AUTH_BASIC and AUTH_DIGEST need at last one AUTHN provider -. endif +IGNORE= AUTH_BASIC and AUTH_DIGEST need at least one AUTHN provider +. endif .endif .if ${PORT_OPTIONS:MAUTH_BASIC} . if !${APACHE_MODULES:MAUTHZ*} -IGNORE= AUTH_BASIC need at last one AUTHZ provider -. endif +IGNORE= AUTH_BASIC need at least one AUTHZ provider +. endif .endif .if defined(APR_HAS_THREADS) -LDFLAGS+= -pthread +CFLAGS+= ${PTHREAD_CFLAGS} +LDFLAGS+= ${PTHREAD_LIBS} .else . if exists(${APR_CONFIG}) && ${PORT_OPTIONS:MMEM_CACHE} IGNORE= MEM_CACHE requires APR threads. Please rebuild APR with THREAD support Modified: branches/2014Q3/www/apache22/distinfo ============================================================================== --- branches/2014Q3/www/apache22/distinfo Wed Sep 3 20:49:19 2014 (r367233) +++ branches/2014Q3/www/apache22/distinfo Wed Sep 3 20:51:07 2014 (r367234) @@ -1,2 +1,2 @@ -SHA256 (apache22/httpd-2.2.27.tar.bz2) = 205973ded6ca55c056ce9c84d73ab708f7829f330193bd39b651463b8d4f8147 -SIZE (apache22/httpd-2.2.27.tar.bz2) = 5616798 +SHA256 (apache22/httpd-2.2.29.tar.bz2) = 574b4f994b99178dfd5160bcb14025402e2ce381be9889b83e4be0ffbf5839a4 +SIZE (apache22/httpd-2.2.29.tar.bz2) = 5625498