Navigation:
Home |
Browse by maintainer |
Search |
RSS |
News |
Info |
Contact |
Statistics |
Ports tracker |
Help
www apache-h..
CVSweb ] [ 
Homepage ] [ 
RSS feed ]| Version: 2.4.41, Package name: apache-httpd-2.4.41 |
| Maintained by: The OpenBSD ports mailing-list |
Master sites:
|
Flavors (export FLAVOR=xyz, setenv FLAVOR xyz):
|
| Description The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Flavors: ldap - Enable LDAP authentication and caching support |
| Filesize: 9050.7 KB |
| Version History (View Complete History) |
|
| 2019-08-21 02:31:25 by Stuart Henderson | Files touched by this commit (1) |
Log message: rm old patch to unbreak -stable; from Ian McWilliam |
| 2019-08-19 09:21:34 by Stuart Henderson | Files touched by this commit (3) |
Log message: MFC update to apache-httpd 2.4.41; CVE-2019-10081: mod_http2, memory corruption on early pushes CVE-2019-10082: mod_http2, read-after-free in h2 connection shutdown CVE-2019-10092: Limited cross-site scripting in mod_proxy CVE-2019-10097: mod_remoteip stack buffer overflow and NULL pointer dereference CVE-2019-10098: mod_rewrite configurations vulnerable to open redirect CVE-2019-9517: mod_http2, DoS attack by exhausting h2 workers |
| 2019-08-13 15:14:11 by Stuart Henderson | Files touched by this commit (16) |
Log message: update to apache-httpd 2.4.41 |
| 2019-07-12 14:50:18 by Stuart Henderson | Files touched by this commit (845) |
Log message: replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes |
| 2019-06-16 15:08:56 by Stuart Henderson | Files touched by this commit (2) |
Log message: enable mod_authnz_fcgi in Apache httpd, requested by Bartosz Ku??ma |
| 2019-04-11 17:02:23 by Stuart Henderson | Files touched by this commit (2) |
Log message: move apache-httpd in -stable back to MODSSL_USE_OPENSSL_PRE_1_1_API codepaths, in the 2.4.35->37 timeframe they switched to newer-API codepaths which seem to be working in -current but fall over easily on 6.4/-stable, at least with the event mpm. problem reported by Frank Groeneveld. |
| 2019-04-08 17:26:40 by Stuart Henderson | Files touched by this commit (2) |
Log message: MFC: backport Apache httpd fix affecting file uploads, they were broken in 2.4.39 unless the admin specifies an explicit RequestReadTimeout. https://bz.apache.org/bugzilla/show_bug.cgi?id=63325 https://svn.apache.org/viewvc?view=revision&revision=1857129 |
| 2019-04-08 17:25:23 by Stuart Henderson | Files touched by this commit (2) |
Log message: backport Apache httpd fix affecting file uploads, they were broken in 2.4.39 unless the admin specifies an explicit RequestReadTimeout. ok naddy@ https://bz.apache.org/bugzilla/show_bug.cgi?id=63325 https://svn.apache.org/viewvc?view=revision&revision=1857129 |
| 2019-04-02 03:27:46 by Stuart Henderson | Files touched by this commit (1) |
Log message: bump REVISION in -current apache-httpd to ensure that the packages for 6.5 (which have a subpackage restructuring) have higher version numbers than -stable |
| 2019-04-02 03:26:50 by Stuart Henderson | Files touched by this commit (3) |
Log message: update -stable to apache httpd 2.4.39 - important security fixes https://httpd.apache.org/security/vulnerabilities_24.html#2.4.39 |
| 2019-04-02 02:17:09 by Stuart Henderson | Files touched by this commit (5) |
Log message: uodate to apache httpd 2.4.39 - important security fixes https://httpd.apache.org/security/vulnerabilities_24.html#2.4.39 |
| 2019-03-28 06:38:15 by Stuart Henderson | Files touched by this commit (9) |
Log message: merge apache-httpd-common and apache-httpd, there is no need to split the files now that the openbsd-patched apache-httpd is no more |
| 2019-03-28 05:46:55 by Stuart Henderson | Files touched by this commit (1) |
Log message: move the REVISION line where it's more likely to be seen next time |
| 2019-03-28 05:10:23 by Solene Rapenne | Files touched by this commit (2) |
Log message: Update to apache-httpd-2.4.38 ok giovanni@ |
| 2018-11-01 12:05:01 by Stuart Henderson | Files touched by this commit (2) |
Log message: - add libressl patch needed to unbreak startup with ssl enabled (SSL_CTX_set_post_handshake_auth), problem reported by Helmut Kiessling - remove no-longer-needed chunk of the patch |
| 2018-10-24 07:23:59 by Stuart Henderson | Files touched by this commit (4) |
Log message: update to apache-httpd-2.4.37 |
| 2018-10-01 09:21:24 by Stuart Henderson | Files touched by this commit (18) |
Log message: security update to apache httpd 2.4.35, ok giovanni@ Since we no longer have Apache 1.x there's no point renaming most of the installed files any more, only the ones that conflict with base (httpd and htpasswd), which avoids some tiresome hand merges that are needed in the manpages for most updates. Courtesy symlinks added for now so that the 'xxx2' variants still work. |
| 2018-03-29 13:30:53 by Stuart Henderson | Files touched by this commit (8) |
Log message: security update to apache-httpd 2.4.33 |
| 2018-02-18 14:02:45 by Stuart Henderson | Files touched by this commit (2) |
Log message: fix, now we havef DH_set0_pqg, BIO_set_init, BIO_get_data, BIO_set_data (code in same ifdef also wants #define BN_get_*_prime_*, BIO_get_shutdown, BIO_set_shutdown, DH_bits) |
| 2018-02-18 13:38:15 by Stuart Henderson | Files touched by this commit (2) |
Log message: regen patches, no change |
| 2018-02-14 09:06:54 by Joel Sing | Files touched by this commit (2) |
Log message:
LibreSSL has had SSL_CTX_set_{min,max}_proto_version() for a while now,
so we do not gain much from carrying this diff in ports.
ok sthen@
|
| 2018-01-12 15:11:41 by Stuart Henderson | Files touched by this commit (11) |
Log message: update to apache-httpd 2.4.29, from David CARLIER (slightly overdue commit!) |
| 2018-01-11 12:27:12 by Robert Peichaer | Files touched by this commit (624) |
Log message: Change the shebang line from /bin/sh to /bin/ksh in all ports rc.d daemon scripts and bump subpackages that contain the *.rc scripts. discussed with and OK aja@ OK tb |
| 2017-07-14 12:32:13 by Stuart Henderson | Files touched by this commit (1) |
Log message: MFC security update to Apache httpd-2.4.27 fixed in 2.4.26: ap_get_basic_auth_pw() Authentication Bypass CVE-2017-3167 mod_ssl Null Pointer Dereference CVE-2017-3169 mod_http2 Null Pointer Dereference CVE-2017-7659 ap_find_token() Buffer Overread CVE-2017-7668 mod_mime Buffer Overread CVE-2017-7679 fixed in 2.4.27: Read after free in mod_http2 CVE-2017-9789 Uninitialized memory reflection in mod_auth_digest CVE-2017-9788 |
| 2017-07-14 11:14:33 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to httpd-2.4.27 |
| 2017-07-14 11:10:46 by Stuart Henderson | Files touched by this commit (1) |
Log message: additional patch for ab with earlier libressl (SSL_CTX_set_*_proto_version), not needed for -current, but easier to keep in sync for -stable if it's here |
| 2017-07-14 11:06:51 by Stuart Henderson | Files touched by this commit (1) |
Log message: oops, reinstate a line i dropped by mistake |
| 2017-07-14 11:04:12 by Stuart Henderson | Files touched by this commit (12) |
Log message: security update to apache-httpd-2.4.26, from David CARLIER with minor tweaks from me (2.4.27 to follow) |
| 2017-03-27 09:04:24 by Paul Irofti | Files touched by this commit (2) |
Log message: Backport Apache CVE fixes from sthen@. %-------------------------------------------------------------------- [PATCH] update to apache-httpd-2.4.25 CVE-2016-8740 CVE-2016-5387 CVE-2016-2161 CVE-2016-0736 CVE-2016-8743 %-------------------------------------------------------------------- OK robert@ |
| 2017-03-17 01:36:35 by Stuart Henderson | Files touched by this commit (5) |
Log message: update to apache-httpd-2.4.25 CVE-2016-8740 CVE-2016-5387 CVE-2016-2161 CVE-2016-0736 CVE-2016-8743 |
| 2016-07-05 08:32:16 by Stuart Henderson | Files touched by this commit (3) |
Log message: update to apache-httpd 2.4.23, ok ajacoutot |
| 2016-06-22 12:52:16 by Antoine Jacoutot | Files touched by this commit (1) |
Log message: Properly bump REVISION. spotted by Markus Lude |
| 2016-06-22 02:27:07 by Antoine Jacoutot | Files touched by this commit (2) |
Log message: So, mod_perl will reset $0 to argv[0] which will break the rc.d script functionality. So let's use apachectl2 for start and stop, disable rc_reload (which should have been done anyway) and relax the default pexp (workaround). breakage reported by Michael Lechtermann ok sthen@ |
| 2016-04-28 12:22:17 by Stuart Henderson | Files touched by this commit (2) |
Log message: replace apache-httpd-openbsd, keeping -common separate for now to avoid pain with PLISTs |
| 2016-04-28 02:51:35 by Stuart Henderson | Files touched by this commit (2) |
Log message: http2 works here now, so enable it |
| 2016-04-28 02:40:42 by Antoine Jacoutot | Files touched by this commit (3) |
Log message: Update to apache-httpd-2.4.20. |
| 2016-03-18 15:38:26 by Christian Weisgerber | Files touched by this commit (82) |
Log message: remove SHARED_ONLY from simple ports that use the gettext or libiconv module |
| 2016-01-15 16:40:03 by Stuart Henderson | Files touched by this commit (2) |
Log message: Disable Apache httpd's mod_http2.so for now, as reported by Pedro de Oliveira it isn't working on OpenBSD yet. |
| 2015-12-30 02:59:31 by Antoine Jacoutot | Files touched by this commit (3) |
Log message: Don't sample /var/www/conf/modules.samples/, let webapps do that. Optionaly include /var/www/conf/modules/*.conf instead of /etc/apache2/modules/*.conf, this allows the usual MESSAGE linking from modules.samples/ to modules/ to work out-of-the-box. ok sthen@ |
| 2015-12-23 07:51:55 by Antoine Jacoutot | Files touched by this commit (3) |
Log message: Update to apache-httpd-2.4.18. |
| 2015-12-01 09:45:30 by Stuart Henderson | Files touched by this commit (2) |
Log message: As found by ajacoutot, nghttp2 was getting picked up by httpd's autoconf; make it an explicit dependency and package mod_http2. |
| 2015-10-27 12:18:17 by Stuart Henderson | Files touched by this commit (11) |
Log message: update to apache-httpd-2.4.17, and add scaffolding to use the same type of modules.sample mechanism as apache-httpd-openbsd |
| 2015-10-24 10:41:37 by Stuart Henderson | Files touched by this commit (4) |
Log message: sync Apache httpd in 5.8-stable with -current: - build mod_cgi.so, for CGI use with the default prefork mpm - install mod_cgid.so (it was already built but not installed), for CGI use with optional multi-threaded mpm - add patches to guard SSLv3 (not required for 5.8 but doesn't hurt, and simplifies any future syncs) |
| 2015-10-24 06:17:50 by Claudio Jeker | Files touched by this commit (2) |
Log message: Make sure mod_cgi and mod_cgid are built and installed. Depending if apache is prefork or threaded one or the other needs to be used to allow CGI handling. For fast cgi mod_proxy_fcgi should be used. OK sthen@ tested by Alessandro DE LAURENZIS |
| 2015-09-13 06:37:49 by Stuart Henderson | Files touched by this commit (2) |
Log message: fix miscommit that removed @rcscript (thanks, update-plist!) |
| 2015-09-13 06:31:46 by Stuart Henderson | Files touched by this commit (8) |
Log message: Move to improved version of no_ssl3 patch for apache-httpd, thanks to Kaspar Brand (https://bz.apache.org/bugzilla/show_bug.cgi?id=58349) - small tweak from Kaspar's patch for 2.4 backport. |
| 2015-09-10 04:30:04 by Antoine Jacoutot | Files touched by this commit (1) |
Log message: Do not pick up gawk. |
| 2015-09-07 00:32:04 by Jeremie Courreges-Anglas | Files touched by this commit (2) |
Log message: Guard use of SSLv3*method. Die if SSLv3 forced in conf but unavail. Fixes "undefined symbol" errors at dlopen time. Reported by Pedro de Oliveira, ok sthen@ |
| 2015-07-18 14:01:13 by Antoine Jacoutot | Files touched by this commit (2) |
Log message: Don't own /var/www/htdocs/, it's part of mtree. Don't ship the empty example logs directory. |
| 2015-07-17 22:59:42 by Stuart Henderson | Files touched by this commit (2) |
Log message: cope with sslv3 being disabled |
| 2015-07-17 19:11:40 by Stuart Henderson | Files touched by this commit (2) |
Log message: adjust @pkgpath depending on flavour, so updates for apache-httpd--ldap work correctly. (in reality this wasn't a big problem as we don't build the ldap flavoured version in bulk builds anyway, due to dependence on conflicting versions of apr-util). |
| 2015-07-17 18:55:09 by Antoine Jacoutot | Files touched by this commit (6) |
Log message: Update to apache-httpd-2.4.16. ok sthen@ |
| 2015-07-17 18:33:53 by Antoine Jacoutot | Files touched by this commit (4) |
Log message: Cleanup. |
| 2015-07-17 17:57:58 by Antoine Jacoutot | Files touched by this commit (11) |
Log message: Move default document root to /var/www to be able to switch between web servers easily; idea from stsp@ Split the package into -main and -common (which holds common files for apache 1 and 2). discussed with stsp@ sthen@ ok stsp@ |
| 2015-07-17 13:52:06 by Antoine Jacoutot | Files touched by this commit (2) |
Log message: Change the default user to "www". This makes it easier to switch from one web server to the other. discussed with stsp@ sthen@ ok sthen@ |
| 2015-05-15 02:08:04 by Stefan Sperling | Files touched by this commit (27) |
Log message: Update www/apache-httpd to 2.4.12. Manual configuration updates might be required, see http://httpd.apache.org/docs/2.4/upgrading.html MPMs can now be loaded at runtime. The default config keeps using 'prefork'. Based on an initial diff by claudio@ ok sthen@ ajacoutot@ |
| 2015-02-16 15:57:14 by Christian Weisgerber | Files touched by this commit (213) |
Log message: Drop USE_GROFF from ports where the formatting differences are acceptable or mandoc provides the more useful output. |
| 2015-02-06 08:19:01 by Stuart Henderson | Files touched by this commit (4) |
Log message: Drop some patches; libressl renamed SSL_CTX_use_certificate_chain to SSL_CTX_use_certificate_chain_mem (libssl/src/ssl/ssl.h r1.79 et al) so this no longer conflicts. |
| 2014-11-04 14:46:55 by Stuart Henderson | Files touched by this commit (1) |
Log message: sync WANTLIB to fix the -ldap flavour, as found by Joe Price (missed during the heimdal removal because this isn't linked to the build to avoid conflicting dependencies on apr-util and apr-util--ldap by different ports in the tree). |
| 2011-02-12 14:05:38 by Pierre-Emmanuel Andre | Files touched by this commit (3) |
Log message: Fix CVE-2010-1452 ok sthen@, landry@ |
| 2010-11-22 01:37:07 by Marc Espie | Files touched by this commit (859) |
Log message: new depends |
| 2010-11-11 05:35:09 by Stuart Henderson | Files touched by this commit (38) |
Log message: new-style LIB_DEPENDS/REVISION/WANTLIB |
| 2010-10-19 02:02:58 by Marc Espie | Files touched by this commit (243) |
Log message: USE_GROFF=Yes |
| 2010-06-27 11:27:03 by Robert Nagy | Files touched by this commit (3) |
Log message: update to 2.2.15 |
| 2009-12-08 18:01:55 by William Yodlowsky | Files touched by this commit (3) |
Log message: MFC: Security update to apache-httpd-2.2.14. (CVE-2009-3095, CVE-2009-3094) ok jasper@ bernd@ |
| 2009-12-01 06:38:23 by Bernd Ahlers | Files touched by this commit (4) |
Log message: Security update to apache-httpd-2.2.14. (CVE-2009-3095, CVE-2009-3094) |
| 2009-10-24 21:34:26 by William Yodlowsky | Files touched by this commit (3) |
Log message: MFC: SECURITY FIX Update to 2.2.13 SECURITY: CVE-2009-2412, CVE-2009-1891, CVE-2009-1195, CVE-2009-1890, CVE-2009-1191, CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 Update the Makefile to properly depend on the mt version of apr-util in ldap flavour. (from bernd@) |
| 2009-09-14 20:27:53 by William Yodlowsky | Files touched by this commit (3) |
Log message: MFC: SECURITY FIX Update to 2.2.13 SECURITY: CVE-2009-2412, CVE-2009-1891, CVE-2009-1195, CVE-2009-1890, CVE-2009-1191, CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 Update the Makefile to properly depend on the mt version of apr-util in ldap flavour. (from bernd@) ok jasper@ |
| 2009-08-30 12:06:07 by Felix Kronlage | Files touched by this commit (4) |
Log message: Update to 2.2.13 SECURITY: CVE-2009-2412, CVE-2009-1891, CVE-2009-1195, CVE-2009-1890, CVE-2009-1191, CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 Update the Makefile to properly depend on the mt version of apr-util in ldap flavour. (from bernd@) ok jasper@, ajacoutot@ |
| 2009-06-27 21:03:09 by William Yodlowsky | Files touched by this commit (2) |
Log message: SECURITY FIX MFC: Update to apache-httpd-2.2.11. Lots of bugfixes and a security fix for CVE-2008-2939. ok robert@ |
| 2009-05-15 09:46:58 by Claudio Jeker | Files touched by this commit (2) |
Log message:
Enable suexec for apache2 with these config changes:
- install the binary under ${TRUEPREFIX}/sbin/suexec2
- change suexec-caller to _apache2
- log to /var/log/suexec2_log similar to the suexec in base
Inputs and OK sthen@, simon@
|
| 2009-04-09 12:36:00 by Bernd Ahlers | Files touched by this commit (4) |
Log message: Update to apache-httpd-2.2.11. Lots of bugfixes and a security fix for CVE-2008-2939. Enable usage of the threaded apr which is needed for an upcoming port. ok simon@ |
| 2008-09-02 16:05:23 by Bernd Ahlers | Files touched by this commit (7) |
Log message: Security update to apache-httpd-2.2.9. (CVE-2008-2364 and CVE-2007-6420) http://www.apache.org/dist/httpd/CHANGES_2.2.9 Also fix LIB_DEPENDS and use the external pcre library instead of the shipped one. ok dlg@, simon@, merdely@ (pre-lock) |
| 2008-01-28 12:48:47 by Bernd Ahlers | Files touched by this commit (7) |
Log message: Security update to apache2 2.2.8. (CVE-2007-6420, CVE-2007-6421, CVE-2007-6422, CVE-2007-6423, CVE-2008-0005, CVE-2007-6388) http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059626.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059560.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059561.html ok dlg@ |
| 2007-09-18 23:47:36 by Steven Mestdagh | Files touched by this commit (8) |
Log message: SECURITY update to 2.2.6 fixes various vulnerabilities: CVE-2007-3847, CVE-2007-1863, CVE-2007-3304, CVE-2006-5752, CVE-2007-1862 more details can be found at: http://www.apache.org/dist/httpd/CHANGES_2.2.6 ok merdely@ |
| 2007-09-06 01:33:53 by Michael Erdely | Files touched by this commit (4) |
Log message: Added ldap flavor which includes mod_authnz_ldap + mod_ldap Removed quotes around COMMENT while here. From Peter Hessler with tweaks by me. Advice from Brad. Help from deanna@, simon@. ok dlg@, simon@ |
| 2007-04-05 11:26:27 by Marc Espie | Files touched by this commit (815) |
Log message: more base64 checksums |
| 2007-03-25 11:40:55 by Deanna Phillips | Files touched by this commit (14) |
Log message: Update to 2.2.4. This is principally a bugfix release. See Changelog: http://www.apache.org/dist/httpd/CHANGES_2.2 While here, regen patches with the new diff. ok dlg |
| 2007-01-15 18:12:26 by Deanna Phillips | Files touched by this commit (13) |
Log message: Append a 2 to every mention of anything that exists in both the base httpd and this port. Hopefully we got them all. Requested by robert@, ok dlg@. |
| 2007-01-09 04:18:13 by David Gwynne | Files touched by this commit (2) |
Log message: enable the cache, disk_cache, and all the proxy modules. mem_cache wont build since we arent using a threaded worker. requested by ssehic |
| 2007-01-09 03:47:37 by David Gwynne | Files touched by this commit (3) |
Log message: enable all the modules, and build them as shared objects. mark the port SHARED_ONLY. ok robert@ |
| 2007-01-09 02:56:57 by David Gwynne | Files touched by this commit (3) |
Log message: switch apache2 from a gnu style configure to a simple one so we can define prefix the way apache likes it. this is because apache2 has a different understanding of what the prefix means, and our understanding and application of it on this port leads to extremely confused paths in a lot of its generated files. our understanding of prefix is to mean the path at which the binaries, libs, manpages, and so on are stored, ie, /usr/local. apache2 understands prefix to mean "install architecture-independent files", or in real terms the ServerRoot. obviously using /usr/local as the server root when we want to use /var/apache2 for that purpose is uncomfortable for it, and it leads to things like broken paths in the default config files and builds of modules. ok robert@ |
| 2007-01-05 15:57:11 by David Gwynne | Files touched by this commit (3) |
Log message: move the dir with the build files out of /var/apache2 and into /usr/local/share/apache2. based on a suggestion from robert@ |
| 2007-01-05 15:22:04 by David Gwynne | Files touched by this commit (3) |
Log message: revert the part of the previous commit that removed the install of the build dir. you can build apache 2 modules again now. |
| 2006-12-25 13:40:02 by Deanna Phillips | Files touched by this commit (7) |
Log message: - stop setting SYSCONFDIR - put config files in /etc/apache2 instead of /var since this is not chrooted - make a couple of comments that refer to 'httpd' refer to 'httpd2' instead - don't install the build makefiles ideas from bernd@ and steven@, ok steven@ |
| 2006-12-15 17:41:56 by Deanna Phillips | Files touched by this commit (2) |
Log message: To avoid name clashes with the system httpd, configure with program name httpd2. Rename the support programs and their manual pages accordingly. bump pkgname. ok steven@, bernd@. |
| 2006-12-14 04:20:22 by Steven Mestdagh | Files touched by this commit (1) |
Log message: use MASTER_SITE_APACHE, pointed out by dlg |