[Midnightbsd-cvs] mports [22218] trunk/www/apache24: apache 2.4.25
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Fri Jan 20 21:55:00 EST 2017
Revision: 22218
http://svnweb.midnightbsd.org/mports/?rev=22218
Author: laffer1
Date: 2017-01-20 21:55:00 -0500 (Fri, 20 Jan 2017)
Log Message:
-----------
apache 2.4.25
Modified Paths:
--------------
trunk/www/apache24/Makefile
trunk/www/apache24/distinfo
trunk/www/apache24/files/apache24.in
trunk/www/apache24/files/patch-Makefile.in
trunk/www/apache24/files/patch-configure.in
Removed Paths:
-------------
trunk/www/apache24/files/patch-httpoxy
Modified: trunk/www/apache24/Makefile
===================================================================
--- trunk/www/apache24/Makefile 2017-01-21 01:06:44 UTC (rev 22217)
+++ trunk/www/apache24/Makefile 2017-01-21 02:55:00 UTC (rev 22218)
@@ -1,7 +1,7 @@
# $MidnightBSD$
PORTNAME= apache24
-PORTVERSION= 2.4.23
+PORTVERSION= 2.4.25
PORTREVISION= 0
CATEGORIES= www ipv6
MASTER_SITES= APACHE_HTTPD
Modified: trunk/www/apache24/distinfo
===================================================================
--- trunk/www/apache24/distinfo 2017-01-21 01:06:44 UTC (rev 22217)
+++ trunk/www/apache24/distinfo 2017-01-21 02:55:00 UTC (rev 22218)
@@ -1,3 +1,2 @@
-TIMESTAMP = 1467307196
-SHA256 (apache24/httpd-2.4.23.tar.bz2) = 0c1694b2aad7765896faf92843452ee2555b9591ae10d4f19b245f2adfe85e58
-SIZE (apache24/httpd-2.4.23.tar.bz2) = 6351875
+SHA256 (apache24/httpd-2.4.25.tar.bz2) = f87ec2df1c9fee3e6bfde3c8b855a3ddb7ca1ab20ca877bd0e2b6bf3f05c80b2
+SIZE (apache24/httpd-2.4.25.tar.bz2) = 6398218
Modified: trunk/www/apache24/files/apache24.in
===================================================================
--- trunk/www/apache24/files/apache24.in 2017-01-21 01:06:44 UTC (rev 22217)
+++ trunk/www/apache24/files/apache24.in 2017-01-21 02:55:00 UTC (rev 22218)
@@ -52,8 +52,8 @@
apache24_accf()
{
if checkyesno apache24_http_accept_enable; then
- /sbin/kldstat -v | grep accf_http > /dev/null 2>&1 || /sbin/kldload accf_http || return ${?}
- /sbin/kldstat -v | grep accf_data > /dev/null 2>&1 || /sbin/kldload accf_data || return ${?}
+ /sbin/kldstat -qm accf_http || /sbin/kldload accf_http || return ${?}
+ /sbin/kldstat -qm accf_data || /sbin/kldload accf_data || return ${?}
else
apache24_flags="${apache24_flags} -DNOHTTPACCEPT"
fi
Modified: trunk/www/apache24/files/patch-Makefile.in
===================================================================
--- trunk/www/apache24/files/patch-Makefile.in 2017-01-21 01:06:44 UTC (rev 22217)
+++ trunk/www/apache24/files/patch-Makefile.in 2017-01-21 02:55:00 UTC (rev 22218)
@@ -1,4 +1,4 @@
---- Makefile.in.orig 2015-04-15 18:06:04 UTC
+--- Makefile.in.orig 2016-03-20 15:51:49 UTC
+++ Makefile.in
@@ -32,12 +32,9 @@ include $(top_srcdir)/build/program.mk
install-conf:
@@ -90,7 +90,7 @@
install-other:
@test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir)
-@@ -251,12 +222,7 @@ install-man:
+@@ -252,12 +223,7 @@ install-man:
@test -d $(DESTDIR)$(manualdir) || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir)
@cp -p $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1
@cp -p $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8
Modified: trunk/www/apache24/files/patch-configure.in
===================================================================
--- trunk/www/apache24/files/patch-configure.in 2017-01-21 01:06:44 UTC (rev 22217)
+++ trunk/www/apache24/files/patch-configure.in 2017-01-21 02:55:00 UTC (rev 22218)
@@ -1,4 +1,4 @@
---- configure.in.orig 2015-09-05 17:02:03 UTC
+--- configure.in.orig 2016-12-02 11:36:06 UTC
+++ configure.in
@@ -111,7 +111,7 @@ fi
@@ -18,7 +18,15 @@
[--enable-layout=*|\'--enable-layout=*])
dnl We must be the last to build and the first to be cleaned
AP_BUILD_SRCLIB_DIRS="$AP_BUILD_SRCLIB_DIRS apr-util"
-@@ -830,8 +830,14 @@ AC_DEFINE_UNQUOTED(HTTPD_ROOT, "${ap_pre
+@@ -597,7 +597,6 @@ AC_ARG_ENABLE(maintainer-mode,APACHE_HEL
+ if test "$GCC" = "yes"; then
+ APR_ADDTO(CFLAGS,[-Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wpointer-arith])
+ APACHE_ADD_GCC_CFLAG([-std=c89])
+- APACHE_ADD_GCC_CFLAG([-Werror])
+ APACHE_ADD_GCC_CFLAG([-Wdeclaration-after-statement])
+ APACHE_ADD_GCC_CFLAG([-Wformat])
+ APACHE_ADD_GCC_CFLAG([-Wformat-security])
+@@ -838,8 +837,14 @@ AC_DEFINE_UNQUOTED(HTTPD_ROOT, "${ap_pre
[Root directory of the Apache install area])
AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf",
[Location of the config file, relative to the Apache root directory])
Deleted: trunk/www/apache24/files/patch-httpoxy
===================================================================
--- trunk/www/apache24/files/patch-httpoxy 2017-01-21 01:06:44 UTC (rev 22217)
+++ trunk/www/apache24/files/patch-httpoxy 2017-01-21 02:55:00 UTC (rev 22218)
@@ -1,63 +0,0 @@
-https://www.apache.org/security/asf-httpoxy-response.txt
-
-Apache HTTP Server may be configured to proxy HTTP requests as a forward
-or reverse (gateway) proxy server, can proxy requests to a FastCGI service
-using mod_proxy_fcgi, can directly serve CGI applications using mod_cgi
-or mod_cgid or the related mod_isapi service. The project's mod_fcgid
-subproject (available as a separate add-in module) directly manages CGI
-scripts using the FastCGI protocol.
-
-It may also be configured to directly host a number of external modules
-which run CGI-style applications in-process. The server itself does not
-modify the CGI environment in this case, however, these external modules
-may perform such modifications of their environment variables in-process.
-Such examples include mod_php, mod_perl and mod_wsgi.
-
-To mitigate "httpoxy" issues across all of the above mechanisms, the most
-direct solution is to drop any "Proxy:" header arriving from an upstream
-proxy server or the origin user-agent. this will mitigate the issue for any
-vulnerable back-end server or CGI across all traffic through this server.
-
-The two lines below enabled in the httpd.conf file will remove the "Proxy:"
-header from all incoming requests, before further processing;
-
- LoadModule headers_module {path-to}/mod_headers.so
-
- RequestHeader unset Proxy early
-
-(Users who have mod_headers compiled-in to the httpd binary must omit
-the LoadModule directive above, others must adjust the {path-to} to point
-to the mod_headers.so file.)
-
-If the administrator wishes to preserve the value of the "Proxy:" header
-for most traffic, and only eliminate it from the CGI environment variable
-HTTP_PROXY, a second mitigation is offered. This patch will address this
-behavior in mod_cgi, mod_cgid, mod_isapi, mod_proxy_fcgi and mod_fcgid,
-along with all other consumers of httpd's built-in environment handling.
-
-The bundled httpd modules all rely on ap_add_common_vars() to set up the
-target CGI environment. The project will include the recommended patch
-below in all subsequent releases of httpd, including 2.4.24 and 2.2.32.
-Users who build httpd 2.2.x or 2.4.x from source may apply the patch below,
-recompile and re-install httpd to obtain this mitigation. This migitation
-has been assigned the identifier CVE-2016-5387 <http://cve.mitre.org>.
-
-======= Patch to httpd sources 2.4.x and 2.2.x =======
-
---- server/util_script.c (revision 1752426)
-+++ server/util_script.c (working copy)
-@@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r
- else if (!strcasecmp(hdrs[i].key, "Content-length")) {
- apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
- }
-+ /* HTTP_PROXY collides with a popular envvar used to configure
-+ * proxies, don't let clients set/override it. But, if you must...
-+ */
-+#ifndef SECURITY_HOLE_PASS_PROXY
-+ else if (!strcasecmp(hdrs[i].key, "Proxy")) {
-+ ;
-+ }
-+#endif
- /*
- * You really don't want to disable this check, since it leaves you
- * wide open to CGIs stealing passwords and people viewing them
More information about the Midnightbsd-cvs
mailing list