From owner-svn-ports-head@FreeBSD.ORG Sun Jul 20 20:49:34 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 88397A69; Sun, 20 Jul 2014 20:49:34 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 68EDC2A4F; Sun, 20 Jul 2014 20:49:34 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s6KKnYgc064764; Sun, 20 Jul 2014 20:49:34 GMT (envelope-from ohauer@svn.freebsd.org) Received: (from ohauer@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s6KKnXpj064754; Sun, 20 Jul 2014 20:49:33 GMT (envelope-from ohauer@svn.freebsd.org) Message-Id: <201407202049.s6KKnXpj064754@svn.freebsd.org> From: Olli Hauer Date: Sun, 20 Jul 2014 20:49:33 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r362371 - in head/www/apache24: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2014 20:49:34 -0000 Author: ohauer Date: Sun Jul 20 20:49:32 2014 New Revision: 362371 URL: http://svnweb.freebsd.org/changeset/ports/362371 QAT: https://qat.redports.org/buildarchive/r362371/ Log: - security update to release 2.4.10 - add OPTION for new mod_authnz_fcgi module - s/libluajit.so/libluajit-5.1.so/ (there is no libluajit.so) - backport for mod_lua: Don't quote values in cookies Make IE happy again [#56734] http://svn.apache.org/viewvc?view=revision&revision=1611744 - disable sanity check on demand [1] Release Notes: http://www.apache.org/dist/httpd/CHANGES_2.4.10 PR: 191398 [1] Submitted by: Robert Schulze MFH: 2014Q3 Security: 4364e1f1-0f44-11e4-b090-20cf30e32f6d CVE-2014-0117 CVE-2014-3523 CVE-2014-0226 CVE-2014-0118 CVE-2014-0231 Added: head/www/apache24/files/patch-r1611744-modules__lua__lua_request.c (contents, props changed) Deleted: head/www/apache24/files/patch-mod_authn_socache.c Modified: head/www/apache24/Makefile head/www/apache24/Makefile.options head/www/apache24/Makefile.options.desc head/www/apache24/distinfo head/www/apache24/files/apache24.in head/www/apache24/pkg-plist Modified: head/www/apache24/Makefile ============================================================================== --- head/www/apache24/Makefile Sun Jul 20 20:42:31 2014 (r362370) +++ head/www/apache24/Makefile Sun Jul 20 20:49:32 2014 (r362371) @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= apache24 -PORTVERSION= 2.4.9 -PORTREVISION= 4 +PORTVERSION= 2.4.10 CATEGORIES= www ipv6 MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} DISTNAME= httpd-${PORTVERSION} @@ -53,7 +52,7 @@ IPV4_MAPPED_CONFIGURE_ENABLE= v4-mapped LDAP_CONFIGURE_ON= --enable-ldap=shared -LUAJIT_LIB_DEPENDS= libluajit.so:${PORTSDIR}/lang/luajit +LUAJIT_LIB_DEPENDS= libluajit-5.1.so:${PORTSDIR}/lang/luajit LUA_CONFIGURE_WITH= lua LUA_USES= lua @@ -156,7 +155,7 @@ post-install: @${MKDIR} ${STAGEDIR}/${EXAMPLESDIR}/modules.d ${INSTALL_DATA} ${FILESDIR}/README_modules.d ${STAGEDIR}/${EXAMPLESDIR}/modules.d -# supress warnings about all the non binary files +# suppress warning for non binary files -@${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/* \ ${STAGEDIR}${PREFIX}/bin/* \ ${STAGEDIR}${PREFIX}/libexec/apache24/*.so 2>/dev/null Modified: head/www/apache24/Makefile.options ============================================================================== --- head/www/apache24/Makefile.options Sun Jul 20 20:42:31 2014 (r362370) +++ head/www/apache24/Makefile.options Sun Jul 20 20:49:32 2014 (r362371) @@ -57,7 +57,7 @@ MOST_ENABLED_MODULES= \ VERSION VHOST_ALIAS MOST_DISABLED_MODULES:= \ - AUTHNZ_LDAP LDAP CHARSET_LITE DATA DAV_LOCK DIALUP IDENT LOG_FORENSIC \ + AUTHNZ_LDAP AUTHNZ_FCGI LDAP CHARSET_LITE DATA DAV_LOCK DIALUP IDENT LOG_FORENSIC \ LUA REFLECTOR SLOTMEM_PLAIN SLOTMEM_SHM SOCACHE_DC SUEXEC USERTRACK \ XML2ENC WATCHDOG ${HEARTBEAT_MODULES} ${EXAMPLE_MODULES} ${DEV_MODULES} Modified: head/www/apache24/Makefile.options.desc ============================================================================== --- head/www/apache24/Makefile.options.desc Sun Jul 20 20:42:31 2014 (r362370) +++ head/www/apache24/Makefile.options.desc Sun Jul 20 20:49:32 2014 (r362371) @@ -42,6 +42,7 @@ ACTIONS_DESC= Action triggering on req ALIAS_DESC= Mapping of requests to different filesystem parts ALLOWMETHODS_DESC= Easily restrict what HTTP methods can be used on the server ASIS_DESC= Sends files that contain their own HTTP headers +AUTHNZ_FCGI_DESC= Allows a FastCGI authorizer to handle the check_authn hook AUTHNZ_LDAP_DESC= LDAP based authentication AUTHN_ANON_DESC= Anonymous user authentication control AUTHN_CORE_DESC= Core authentication module Modified: head/www/apache24/distinfo ============================================================================== --- head/www/apache24/distinfo Sun Jul 20 20:42:31 2014 (r362370) +++ head/www/apache24/distinfo Sun Jul 20 20:49:32 2014 (r362371) @@ -1,2 +1,2 @@ -SHA256 (apache24/httpd-2.4.9.tar.bz2) = f78cc90dfa47caf3d83ad18fd6b4e85f237777c1733fc9088594b70ce2847603 -SIZE (apache24/httpd-2.4.9.tar.bz2) = 4994460 +SHA256 (apache24/httpd-2.4.10.tar.bz2) = 176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a +SIZE (apache24/httpd-2.4.10.tar.bz2) = 5031834 Modified: head/www/apache24/files/apache24.in ============================================================================== --- head/www/apache24/files/apache24.in Sun Jul 20 20:42:31 2014 (r362370) +++ head/www/apache24/files/apache24.in Sun Jul 20 20:49:32 2014 (r362371) @@ -23,6 +23,7 @@ # Set to yes to check for accf_http kernel # module on start up and load if not loaded. # apache24_fib (str): Set an altered default network view for apache +# apache24_configcheck_disable (bool): Set to "YES" to disable sanity check on startup . /etc/rc.subr @@ -46,6 +47,7 @@ envvars="%%PREFIX%%/sbin/envvars" [ -z "$apache24limits_enable" ] && apache24limits_enable="NO" [ -z "$apache24limits_args" ] && apache24limits_args="-e -C daemon" [ -z "$apache24_http_accept_enable" ] && apache24_http_accept_enable="NO" +[ -z "$apache24_configcheck_disable" ] && apache24_configcheck_disable="NO" apache24_accf() { @@ -75,6 +77,7 @@ if [ -n "$2" ]; then eval apache24limits_enable="\${apache24limits_${profile}_enable:-${apache24limits_enable}}" eval apache24limits_args="\${apache24limits_${profile}_args:-${apache24limits_args}}" eval apache24_fib="\${apache24_${profile}_fib:-${apache24_fib}}" + eval apache24_configcheck_disable="\${apache24_${profile}_configcheck_disable:-${apache24_configcheck_disable}}" eval command="\${apache24_${profile}_command:-${command}}" eval pidfile="\${apache24_${profile}_pidfile:-${pidfile}}" eval apache24_envvars="\${apache24_${profile}_envvars:-${envvars}}" @@ -123,10 +126,14 @@ if [ "${1}" != "stop" ] ; then \ apache24_accf fi +if checkyesno apache24_configcheck_disable +then + unset restart_precmd + unset reload_precmd +fi + apache24_requirepidfile() { - apache24_checkconfig - if [ ! "0`check_pidfile ${pidfile} ${command}`" -gt 1 ]; then echo "${name} not running? (check $pidfile)." exit 1 @@ -147,6 +154,11 @@ apache24_checkconfig() apache24_graceful() { apache24_requirepidfile + if ! checkyesno apache24_configcheck_disable + then + apache24_checkconfig + fi + echo "Performing a graceful restart" eval ${command} ${apache24_flags} -k graceful } @@ -154,13 +166,21 @@ apache24_graceful() { apache24_gracefulstop() { apache24_requirepidfile + if ! checkyesno apache24_configcheck_disable + then + apache24_checkconfig + fi + echo "Performing a graceful stop" eval ${command} ${apache24_flags} -k graceful-stop } apache24_precmd() { - apache24_checkconfig + if ! checkyesno apache24_configcheck_disable + then + apache24_checkconfig + fi if checkyesno apache24limits_enable then Added: head/www/apache24/files/patch-r1611744-modules__lua__lua_request.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/apache24/files/patch-r1611744-modules__lua__lua_request.c Sun Jul 20 20:49:32 2014 (r362371) @@ -0,0 +1,22 @@ +backport for mod_lua: Don't quote values in cookies; Make IE happy again [#56734] +http://svn.apache.org/viewvc?view=revision&revision=1611744 + + +--- ./modules/lua/lua_request.c.orig 2014-07-20 10:48:19.000000000 +0200 ++++ ./modules/lua/lua_request.c 2014-07-20 10:48:46.000000000 +0200 +@@ -2086,13 +2086,13 @@ + if (expires > 0) { + rv = apr_rfc822_date(cdate, apr_time_from_sec(expires)); + if (rv == APR_SUCCESS) { +- strexpires = apr_psprintf(r->pool, "Expires=\"%s\";", cdate); ++ strexpires = apr_psprintf(r->pool, "Expires=%s;", cdate); + } + } + + /* Create path segment */ + if (path != NULL && strlen(path) > 0) { +- strpath = apr_psprintf(r->pool, "Path=\"%s\";", path); ++ strpath = apr_psprintf(r->pool, "Path=%s;", path); + } + + /* Create domain segment */ Modified: head/www/apache24/pkg-plist ============================================================================== --- head/www/apache24/pkg-plist Sun Jul 20 20:42:31 2014 (r362370) +++ head/www/apache24/pkg-plist Sun Jul 20 20:49:32 2014 (r362371) @@ -78,6 +78,7 @@ libexec/apache24/httpd.exp %%MOD_ALIAS%%libexec/apache24/mod_alias.so %%MOD_ALLOWMETHODS%%libexec/apache24/mod_allowmethods.so %%MOD_ASIS%%libexec/apache24/mod_asis.so +%%MOD_AUTHNZ_FCGI%%libexec/apache24/mod_authnz_fcgi.so %%MOD_AUTHNZ_LDAP%%libexec/apache24/mod_authnz_ldap.so %%MOD_AUTHN_ANON%%libexec/apache24/mod_authn_anon.so %%MOD_AUTHN_CORE%%libexec/apache24/mod_authn_core.so