Nabble - freebsd-apache

Upgrade www/apache22

2009-11-18T23:13:44Z

Hi, maintainer,

Please, upgrade, if possible, www/apache22 to apache-2.2.14
(2009-10-05).

"Apache HTTP Server 2.2.14 is the best available version"
http://httpd.apache.org/download.cgi

Best regards,
Michael
mailto:Michael.Galapchuk@...

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Upgrade www/apache22

2009-11-17T01:53:23Z

Current problem reports assigned to apache@FreeBSD.org

2009-11-16T03:06:15Z

Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.

S Tracker Resp. Description
--------------------------------------------------------------------------------
o ports/140380 apache [patch] www/apache22: Add support for inclusion of pro
o ports/140357 apache [patch] www/apache22 and www/apache20: fix CVE-2009-35
o ports/140137 apache [patch] port www/apache22 update to 2.2.14
o ports/140092 apache www/mod_hosts_access: update to 1.1.0 to allow compat
o ports/138846 apache www/apache22 mod_proxy optional patch is not applied b
o ports/138466 apache [patch] www/apache22: 'rc.d/apache22 graceful' fails (
o ports/138373 apache www/apache22 accf_data required at apache startup
o ports/137729 apache www/mod_auth_kerb2 port broken on 8.0-BETA2
o ports/136928 apache [PATCH] www/apache20 - suexec resource limits patch
o ports/136598 apache [PATCH] www/mod_fastcgi: Fix non-threadsafe function
o ports/136432 apache www/mod_auth_kerb does not build with MIT Kerberos (se
a ports/134577 apache www/apache22: build faild with mod_auth_digest
a ports/133773 apache net/keepalived port update request
o ports/130479 apache www/apache20 and www/apache22 configure_args busted
o ports/128952 apache [NEW PORT] java/javadb: Sun's supported distribution o
o ports/128078 apache www/apache20 -- LDAP support is broken
o ports/125183 apache www/apache22 wrong SUEXEC_DOCROOT
o ports/124375 apache www/mod_auth_kerb doesn't compile against heimdal
o ports/121134 apache www/mod_log_sql2-dtc scoreboard problem
o ports/120229 apache www/apache20 does not pick up usernames from NIS [regr
o ports/118003 apache www/apache22: with PgSQL option require only libpq.so.
p ports/116984 apache [patch] www/apache13-modssl missing perl5.8 as RUN_DEP
o ports/108169 apache www/apache20 wrong AP_SAFE_PATH for suEXEC
a ports/101566 apache www/apache20 All .svn subdirectories in $(htdocsdir) g
a ports/96953 apache www/apache22 port uses its own directories
a ports/83644 apache www/apache20 add support for ndbm

26 problems total.

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Re: apache 2.2.14 missing in ports

2009-11-12T17:38:14Z

Chris wrote:
> Hi
>
> release 2.2.14 has been out for over a month now and fixed some security
> problems, can you please update the port in FreeBSD, thanks.
At this point 2.2.15 is immiment and will include the recent ssl
fix/work around.

--
------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci@...) c: 703.336.9354
VP Apache Infrastructure; Member, Apache Software Foundation
Committer, FreeBSD Foundation
Sr. System Admin, Ridecharge Inc.
Consultant, P6M7G8 Inc.

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

apache 2.2.14 missing in ports

2009-11-10T19:47:14Z

Hi

release 2.2.14 has been out for over a month now and fixed some security
problems, can you please update the port in FreeBSD, thanks.

Regards

Chris

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Current problem reports assigned to apache@FreeBSD.org

2009-11-09T03:06:14Z

Re: ports/140380: [patch] www/apache22: Add support for inclusion of profile_* directive

2009-11-07T19:30:13Z

Synopsis: [patch] www/apache22: Add support for inclusion of profile_* directive

Responsible-Changed-From-To: freebsd-ports-bugs->apache
Responsible-Changed-By: edwin
Responsible-Changed-When: Sun Nov 8 03:30:13 UTC 2009
Responsible-Changed-Why:
Over to maintainer (via the GNATS Auto Assign Tool)

http://www.freebsd.org/cgi/query-pr.cgi?pr=140380
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Re: ports/140357: [patch] www/apache22 and www/apache20: fix CVE-2009-3555

2009-11-07T06:00:21Z

Synopsis: [patch] www/apache22 and www/apache20: fix CVE-2009-3555

Responsible-Changed-From-To: freebsd-ports-bugs->apache
Responsible-Changed-By: edwin
Responsible-Changed-When: Sat Nov 7 14:00:21 UTC 2009
Responsible-Changed-Why:
Over to maintainer (via the GNATS Auto Assign Tool)

http://www.freebsd.org/cgi/query-pr.cgi?pr=140357
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

error "ssl_onceonlyinit" prevents apache startup

2009-11-07T05:56:52Z

From error log:

[Sat Nov 07 13:17:37 2009] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[Sat Nov 07 13:17:38 2009] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
/libexec/ld-elf.so.1: /usr/local/lib/php/20060613/imap.so: Undefined symbol
"ssl_onceonlyinit"

Got this error after
#apachectl stop
#apachectl start

and following dialogue:
In order to read them you have to provide the pass phrases.

Server www.vizion2000.net:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.

Any ideas what may be causing this? I notice that all files in
/usr/local/lib/php/20060613/
are dated 4th Nov so I assume they must have been recompiled during a
portupgrade -a on that date.

David

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

[patch] www/apache22 and www/apache20: fix CVE-2009-3555

2009-11-07T05:51:57Z

>Submitter-Id: current-users
>Originator: Eygene Ryabinkin
>Organization: Code Labs
>Confidential: no
>Synopsis: [patch] www/apache22 and www/apache20: fix CVE-2009-3555
>Severity: critical
>Priority: high
>Category: ports
>Class: sw-bug
>Release: FreeBSD 8.0-BETA2 amd64
>Environment:

System: FreeBSD 8.0-BETA2 amd64

>Description:

See [1].

>How-To-Repeat:

[1] http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2

>Fix:

I had applied the upstream fix for the Apache 2.2 and backported it
to Apache 2.0. Since OpenSSL port was already upgraded to 0.9.8k
that disables renegotiation, the only missing piece is the system
OpenSSL, so the patch is applied only when system OpenSSL is used.

I had verified this with www/apache22 -- renegotiation turns the
connection down and error is logged to the Apache error log.

Hadn't yet tested www/apache20 in the real world -- only compilability.

--- apache-fix.diff begins here ---
>From 7ab29b62ed92d86bc7c593a762f888a0482a0bcc Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea-fbsd@...>
Date: Sat, 7 Nov 2009 15:29:59 +0300

Signed-off-by: Eygene Ryabinkin <rea-fbsd@...>
---
www/apache20/Makefile | 3 +-
www/apache20/files/fix-cve-2009-3555 | 279 +++++++++++++++++++++++++++++++
www/apache22/Makefile | 5 +
www/apache22/files/fix-cve-2009-3555 | 303 ++++++++++++++++++++++++++++++++++
4 files changed, 589 insertions(+), 1 deletions(-)
create mode 100644 www/apache20/files/fix-cve-2009-3555
create mode 100644 www/apache22/files/fix-cve-2009-3555

diff --git a/www/apache20/Makefile b/www/apache20/Makefile
index 14a06c5..23011bd 100644
--- a/www/apache20/Makefile
+++ b/www/apache20/Makefile
@@ -9,7 +9,7 @@

PORTNAME= apache
PORTVERSION= 2.0.63
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \
${MASTER_SITE_LOCAL:S/$/:powerlogo/}
@@ -37,6 +37,7 @@ CONFLICTS= apache+mod_ssl-1.* apache+mod_ssl+ipv6-1.* apache+mod_ssl+modsnmp-1.*

# patch files
EXTRA_PATCHES+= ${FILESDIR}/build-fix-openssl_beta
+EXTRA_PATCHES+= ${FILESDIR}/fix-cve-2009-3555

.if defined(WITH_EXPERIMENTAL_PATCHES)
IGNORE= : Please define WITH_KQUEUE_SUPPORT instead
diff --git a/www/apache20/files/fix-cve-2009-3555 b/www/apache20/files/fix-cve-2009-3555
new file mode 100644
index 0000000..c6a7265
--- /dev/null
+++ b/www/apache20/files/fix-cve-2009-3555
@@ -0,0 +1,279 @@
+Modified patch from http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/CVE-2009-3555-2.2.patch
+
+--- modules/ssl/mod_ssl.h.orig 2009-11-07 14:55:25.000000000 +0300
++++ modules/ssl/mod_ssl.h 2009-11-07 14:56:40.000000000 +0300
+@@ -389,6 +389,19 @@
+ int is_proxy;
+ int disabled;
+ int non_ssl_request;
++
++ /* Track the handshake/renegotiation state for the connection so
++ * that all client-initiated renegotiations can be rejected, as a
++ * partial fix for CVE-2009-3555. */
++ enum {
++ RENEG_INIT = 0, /* Before initial handshake */
++ RENEG_REJECT, /* After initial handshake; any client-initiated
++ * renegotiation should be rejected */
++ RENEG_ALLOW, /* A server-initated renegotiation is taking
++ * place (as dictated by configuration) */
++ RENEG_ABORT /* Renegotiation initiated by client, abort the
++ * connection */
++ } reneg_state;
+ } SSLConnRec;
+
+ typedef struct {
+@@ -585,7 +598,7 @@
+ int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
+ SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
+ void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
+-void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE, int, int);
++void ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE, int, int);
+
+ /* Session Cache Support */
+ void ssl_scache_init(server_rec *, apr_pool_t *);
+--- modules/ssl/ssl_engine_init.c.orig 2009-11-07 14:57:31.000000000 +0300
++++ modules/ssl/ssl_engine_init.c 2009-11-07 14:58:00.000000000 +0300
+@@ -464,10 +464,7 @@
+ SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
+ SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH);
+
+- if (s->loglevel >= APLOG_DEBUG) {
+- /* this callback only logs if LogLevel >= info */
+- SSL_CTX_set_info_callback(ctx, ssl_callback_LogTracingState);
+- }
++ SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
+ }
+
+ static void ssl_init_ctx_verify(server_rec *s,
+--- modules/ssl/ssl_engine_io.c.orig 2009-11-07 14:58:35.000000000 +0300
++++ modules/ssl/ssl_engine_io.c 2009-11-07 15:01:05.000000000 +0300
+@@ -102,6 +102,7 @@
+ ap_filter_t *pInputFilter;
+ ap_filter_t *pOutputFilter;
+ int nobuffer; /* non-zero to prevent buffering */
++ SSLConnRec *config;
+ } ssl_filter_ctx_t;
+
+ typedef struct {
+@@ -193,6 +194,12 @@
+ {
+ bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio->ptr);
+
++ /* Abort early if the client has initiated a renegotiation. */
++ if (outctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
++ outctx->rc = APR_ECONNABORTED;
++ return -1;
++ }
++
+ /* when handshaking we'll have a small number of bytes.
+ * max size SSL will pass us here is about 16k.
+ * (16413 bytes to be exact)
+@@ -465,6 +472,12 @@
+ if (!in)
+ return 0;
+
++ /* Abort early if the client has initiated a renegotiation. */
++ if (inctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
++ inctx->rc = APR_ECONNABORTED;
++ return -1;
++ }
++
+ /* XXX: flush here only required for SSLv2;
+ * OpenSSL calls BIO_flush() at the appropriate times for
+ * the other protocols.
+@@ -1585,6 +1598,8 @@
+
+ filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t));
+
++ filter_ctx->config = myConnConfig(c);
++
+ filter_ctx->nobuffer = 0;
+ filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter,
+ filter_ctx, NULL, c);
+--- modules/ssl/ssl_engine_kernel.c.orig 2009-11-07 15:01:41.000000000 +0300
++++ modules/ssl/ssl_engine_kernel.c 2009-11-07 15:09:49.000000000 +0300
+@@ -611,6 +611,10 @@
+ (unsigned char *)&id,
+ sizeof(id));
+
++ /* Toggle the renegotiation state to allow the new
++ * handshake to proceed. */
++ sslconn->reneg_state = RENEG_ALLOW;
++
+ SSL_renegotiate(ssl);
+ SSL_do_handshake(ssl);
+
+@@ -628,6 +632,8 @@
+ SSL_set_state(ssl, SSL_ST_ACCEPT);
+ SSL_do_handshake(ssl);
+
++ sslconn->reneg_state = RENEG_REJECT;
++
+ if (SSL_get_state(ssl) != SSL_ST_OK) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+ "Re-negotiation handshake failed: "
+@@ -1700,76 +1706,56 @@
+ return;
+ }
+
+-/*
+- * This callback function is executed while OpenSSL processes the
+- * SSL handshake and does SSL record layer stuff. We use it to
+- * trace OpenSSL's processing in out SSL logfile.
+- */
+-void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc)
+-{
+- conn_rec *c;
+- server_rec *s;
+- SSLSrvConfigRec *sc;
++/* Dump debugginfo trace to the log file. */
++static void log_tracing_state(MODSSL_INFO_CB_ARG_TYPE ssl, conn_rec *c,
++ server_rec *s, int where, int rc)
+
++{
+ /*
+- * find corresponding server
++ * create the various trace messages
+ */
+- if (!(c = (conn_rec *)SSL_get_app_data((SSL *)ssl))) {
+- return;
++ if (where & SSL_CB_HANDSHAKE_START) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Handshake: start", SSL_LIBRARY_NAME);
+ }
+-
+- s = c->base_server;
+- if (!(sc = mySrvConfig(s))) {
+- return;
++ else if (where & SSL_CB_HANDSHAKE_DONE) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Handshake: done", SSL_LIBRARY_NAME);
+ }
+-
+- /*
+- * create the various trace messages
+- */
+- if (s->loglevel >= APLOG_DEBUG) {
+- if (where & SSL_CB_HANDSHAKE_START) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Handshake: start", SSL_LIBRARY_NAME);
+- }
+- else if (where & SSL_CB_HANDSHAKE_DONE) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Handshake: done", SSL_LIBRARY_NAME);
+- }
+- else if (where & SSL_CB_LOOP) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Loop: %s",
+- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+- }
+- else if (where & SSL_CB_READ) {
++ else if (where & SSL_CB_LOOP) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Loop: %s",
++ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
++ }
++ else if (where & SSL_CB_READ) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Read: %s",
++ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
++ }
++ else if (where & SSL_CB_WRITE) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Write: %s",
++ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
++ }
++ else if (where & SSL_CB_ALERT) {
++ char *str = (where & SSL_CB_READ) ? "read" : "write";
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Alert: %s:%s:%s",
++ SSL_LIBRARY_NAME, str,
++ SSL_alert_type_string_long(rc),
++ SSL_alert_desc_string_long(rc));
++ }
++ else if (where & SSL_CB_EXIT) {
++ if (rc == 0) {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Read: %s",
++ "%s: Exit: failed in %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ }
+- else if (where & SSL_CB_WRITE) {
++ else if (rc < 0) {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Write: %s",
++ "%s: Exit: error in %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ }
+- else if (where & SSL_CB_ALERT) {
+- char *str = (where & SSL_CB_READ) ? "read" : "write";
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Alert: %s:%s:%s",
+- SSL_LIBRARY_NAME, str,
+- SSL_alert_type_string_long(rc),
+- SSL_alert_desc_string_long(rc));
+- }
+- else if (where & SSL_CB_EXIT) {
+- if (rc == 0) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Exit: failed in %s",
+- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+- }
+- else if (rc < 0) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Exit: error in %s",
+- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+- }
+- }
+ }
+
+ /*
+@@ -1789,3 +1775,48 @@
+ }
+ }
+
++/*
++ * This callback function is executed while OpenSSL processes the SSL
++ * handshake and does SSL record layer stuff. It's used to trap
++ * client-initiated renegotiations, and for dumping everything to the
++ * log.
++ */
++void ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc)
++{
++ conn_rec *c;
++ server_rec *s;
++ SSLConnRec *scr;
++
++ /* Retrieve the conn_rec and the associated SSLConnRec. */
++ if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL) {
++ return;
++ }
++
++ if ((scr = myConnConfig(c)) == NULL) {
++ return;
++ }
++
++ /* If the reneg state is to reject renegotiations, check the SSL
++ * state machine and move to ABORT if a Client Hello is being
++ * read. */
++ if ((where & SSL_CB_ACCEPT_LOOP) && scr->reneg_state == RENEG_REJECT) {
++ int state = SSL_get_state(ssl);
++
++ if (state == SSL3_ST_SR_CLNT_HELLO_A
++ || state == SSL23_ST_SR_CLNT_HELLO_A) {
++ scr->reneg_state = RENEG_ABORT;
++ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
++ "rejecting client initiated renegotiation");
++ }
++ }
++ /* If the first handshake is complete, change state to reject any
++ * subsequent client-initated renegotiation. */
++ else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_INIT) {
++ scr->reneg_state = RENEG_REJECT;
++ }
++
++ s = mySrvFromConn(c);
++ if (s && s->loglevel >= APLOG_DEBUG) {
++ log_tracing_state(ssl, c, s, where, rc);
++ }
++}
diff --git a/www/apache22/Makefile b/www/apache22/Makefile
index 4eb1f0c..cb9bcd4 100644
--- a/www/apache22/Makefile
+++ b/www/apache22/Makefile
@@ -9,6 +9,7 @@

PORTNAME= apache
PORTVERSION= 2.2.13
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD}
DISTNAME= httpd-${PORTVERSION}
@@ -121,6 +122,10 @@ WITH_LDAP= yes
CFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -L${OPENSSLLIB}

+.if defined(WITH_OPENSSL_BASE)
+EXTRA_PATCHES+= ${FILESDIR}/fix-cve-2009-3555
+.endif
+
.endif

.if defined(WITH_APR_FROM_PORTS)
diff --git a/www/apache22/files/fix-cve-2009-3555 b/www/apache22/files/fix-cve-2009-3555
new file mode 100644
index 0000000..f2253e6
--- /dev/null
+++ b/www/apache22/files/fix-cve-2009-3555
@@ -0,0 +1,303 @@
+
+ SECURITY: CVE-2009-3555 (cve.mitre.org)
+
+ A partial fix for the TLS renegotiation prefix injection attack by
+ rejecting any client-initiated renegotiations. Any configuration
+ which requires renegotiation for per-directory/location access
+ control is still vulnerable, unless using OpenSSL >= 0.9.8l.
+ [Joe Orton, Ruediger Pluem]
+
+Obtained-From: http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/CVE-2009-3555-2.2.patch
+Notes: should be discarded when OpenSSL will be upgraded to 0.9.8l.
+
+Index: modules/ssl/ssl_private.h
+===================================================================
+--- modules/ssl/ssl_private.h (revision 833621)
++++ modules/ssl/ssl_private.h (revision 833622)
+@@ -356,6 +356,20 @@
+ int is_proxy;
+ int disabled;
+ int non_ssl_request;
++
++ /* Track the handshake/renegotiation state for the connection so
++ * that all client-initiated renegotiations can be rejected, as a
++ * partial fix for CVE-2009-3555. */
++ enum {
++ RENEG_INIT = 0, /* Before initial handshake */
++ RENEG_REJECT, /* After initial handshake; any client-initiated
++ * renegotiation should be rejected */
++ RENEG_ALLOW, /* A server-initated renegotiation is taking
++ * place (as dictated by configuration) */
++ RENEG_ABORT /* Renegotiation initiated by client, abort the
++ * connection */
++ } reneg_state;
++
+ server_rec *server;
+ } SSLConnRec;
+
+@@ -574,7 +588,7 @@
+ int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
+ SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
+ void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
+-void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE, int, int);
++void ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE, int, int);
+ #ifndef OPENSSL_NO_TLSEXT
+ int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
+ #endif
+Index: modules/ssl/ssl_engine_init.c
+===================================================================
+--- modules/ssl/ssl_engine_init.c (revision 833621)
++++ modules/ssl/ssl_engine_init.c (revision 833622)
+@@ -501,10 +501,7 @@
+ SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
+ SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH);
+
+- if (s->loglevel >= APLOG_DEBUG) {
+- /* this callback only logs if LogLevel >= info */
+- SSL_CTX_set_info_callback(ctx, ssl_callback_LogTracingState);
+- }
++ SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
+ }
+
+ static void ssl_init_ctx_verify(server_rec *s,
+Index: modules/ssl/ssl_engine_io.c
+===================================================================
+--- modules/ssl/ssl_engine_io.c (revision 833621)
++++ modules/ssl/ssl_engine_io.c (revision 833622)
+@@ -103,6 +103,7 @@
+ ap_filter_t *pInputFilter;
+ ap_filter_t *pOutputFilter;
+ int nobuffer; /* non-zero to prevent buffering */
++ SSLConnRec *config;
+ } ssl_filter_ctx_t;
+
+ typedef struct {
+@@ -193,7 +194,13 @@
+ static int bio_filter_out_write(BIO *bio, const char *in, int inl)
+ {
+ bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio->ptr);
+-
++
++ /* Abort early if the client has initiated a renegotiation. */
++ if (outctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
++ outctx->rc = APR_ECONNABORTED;
++ return -1;
++ }
++
+ /* when handshaking we'll have a small number of bytes.
+ * max size SSL will pass us here is about 16k.
+ * (16413 bytes to be exact)
+@@ -466,6 +473,12 @@
+ if (!in)
+ return 0;
+
++ /* Abort early if the client has initiated a renegotiation. */
++ if (inctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
++ inctx->rc = APR_ECONNABORTED;
++ return -1;
++ }
++
+ /* XXX: flush here only required for SSLv2;
+ * OpenSSL calls BIO_flush() at the appropriate times for
+ * the other protocols.
+@@ -1724,6 +1737,8 @@
+
+ filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t));
+
++ filter_ctx->config = myConnConfig(c);
++
+ filter_ctx->nobuffer = 0;
+ filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter,
+ filter_ctx, NULL, c);
+Index: modules/ssl/ssl_engine_kernel.c
+===================================================================
+--- modules/ssl/ssl_engine_kernel.c (revision 833621)
++++ modules/ssl/ssl_engine_kernel.c (revision 833622)
+@@ -729,6 +729,10 @@
+ (unsigned char *)&id,
+ sizeof(id));
+
++ /* Toggle the renegotiation state to allow the new
++ * handshake to proceed. */
++ sslconn->reneg_state = RENEG_ALLOW;
++
+ SSL_renegotiate(ssl);
+ SSL_do_handshake(ssl);
+
+@@ -750,6 +754,8 @@
+ SSL_set_state(ssl, SSL_ST_ACCEPT);
+ SSL_do_handshake(ssl);
+
++ sslconn->reneg_state = RENEG_REJECT;
++
+ if (SSL_get_state(ssl) != SSL_ST_OK) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Re-negotiation handshake failed: "
+@@ -1844,76 +1850,55 @@
+ return;
+ }
+
+-/*
+- * This callback function is executed while OpenSSL processes the
+- * SSL handshake and does SSL record layer stuff. We use it to
+- * trace OpenSSL's processing in out SSL logfile.
+- */
+-void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc)
++/* Dump debugginfo trace to the log file. */
++static void log_tracing_state(MODSSL_INFO_CB_ARG_TYPE ssl, conn_rec *c,
++ server_rec *s, int where, int rc)
+ {
+- conn_rec *c;
+- server_rec *s;
+- SSLSrvConfigRec *sc;
+-
+ /*
+- * find corresponding server
++ * create the various trace messages
+ */
+- if (!(c = (conn_rec *)SSL_get_app_data((SSL *)ssl))) {
+- return;
++ if (where & SSL_CB_HANDSHAKE_START) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Handshake: start", SSL_LIBRARY_NAME);
+ }
+-
+- s = mySrvFromConn(c);
+- if (!(sc = mySrvConfig(s))) {
+- return;
++ else if (where & SSL_CB_HANDSHAKE_DONE) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Handshake: done", SSL_LIBRARY_NAME);
+ }
+-
+- /*
+- * create the various trace messages
+- */
+- if (s->loglevel >= APLOG_DEBUG) {
+- if (where & SSL_CB_HANDSHAKE_START) {
++ else if (where & SSL_CB_LOOP) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Loop: %s",
++ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
++ }
++ else if (where & SSL_CB_READ) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Read: %s",
++ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
++ }
++ else if (where & SSL_CB_WRITE) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Write: %s",
++ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
++ }
++ else if (where & SSL_CB_ALERT) {
++ char *str = (where & SSL_CB_READ) ? "read" : "write";
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Alert: %s:%s:%s",
++ SSL_LIBRARY_NAME, str,
++ SSL_alert_type_string_long(rc),
++ SSL_alert_desc_string_long(rc));
++ }
++ else if (where & SSL_CB_EXIT) {
++ if (rc == 0) {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Handshake: start", SSL_LIBRARY_NAME);
+- }
+- else if (where & SSL_CB_HANDSHAKE_DONE) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Handshake: done", SSL_LIBRARY_NAME);
+- }
+- else if (where & SSL_CB_LOOP) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Loop: %s",
++ "%s: Exit: failed in %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ }
+- else if (where & SSL_CB_READ) {
++ else if (rc < 0) {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Read: %s",
++ "%s: Exit: error in %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ }
+- else if (where & SSL_CB_WRITE) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Write: %s",
+- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+- }
+- else if (where & SSL_CB_ALERT) {
+- char *str = (where & SSL_CB_READ) ? "read" : "write";
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Alert: %s:%s:%s",
+- SSL_LIBRARY_NAME, str,
+- SSL_alert_type_string_long(rc),
+- SSL_alert_desc_string_long(rc));
+- }
+- else if (where & SSL_CB_EXIT) {
+- if (rc == 0) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Exit: failed in %s",
+- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+- }
+- else if (rc < 0) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Exit: error in %s",
+- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+- }
+- }
+ }
+
+ /*
+@@ -1933,6 +1918,52 @@
+ }
+ }
+
++/*
++ * This callback function is executed while OpenSSL processes the SSL
++ * handshake and does SSL record layer stuff. It's used to trap
++ * client-initiated renegotiations, and for dumping everything to the
++ * log.
++ */
++void ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc)
++{
++ conn_rec *c;
++ server_rec *s;
++ SSLConnRec *scr;
++
++ /* Retrieve the conn_rec and the associated SSLConnRec. */
++ if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL) {
++ return;
++ }
++
++ if ((scr = myConnConfig(c)) == NULL) {
++ return;
++ }
++
++ /* If the reneg state is to reject renegotiations, check the SSL
++ * state machine and move to ABORT if a Client Hello is being
++ * read. */
++ if ((where & SSL_CB_ACCEPT_LOOP) && scr->reneg_state == RENEG_REJECT) {
++ int state = SSL_get_state(ssl);
++
++ if (state == SSL3_ST_SR_CLNT_HELLO_A
++ || state == SSL23_ST_SR_CLNT_HELLO_A) {
++ scr->reneg_state = RENEG_ABORT;
++ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
++ "rejecting client initiated renegotiation");
++ }
++ }
++ /* If the first handshake is complete, change state to reject any
++ * subsequent client-initated renegotiation. */
++ else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_INIT) {
++ scr->reneg_state = RENEG_REJECT;
++ }
++
++ s = mySrvFromConn(c);
++ if (s && s->loglevel >= APLOG_DEBUG) {
++ log_tracing_state(ssl, c, s, where, rc);
++ }
++}
++
+ #ifndef OPENSSL_NO_TLSEXT
+ /*
+ * This callback function is executed when OpenSSL encounters an extended
--
1.6.3.1
--- apache-fix.diff ends here ---

VuXML entry will follow, probably today.
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Current problem reports assigned to apache@FreeBSD.org

2009-11-02T03:06:14Z

Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.

S Tracker Resp. Description
--------------------------------------------------------------------------------
o ports/140137 apache [patch] port www/apache22 update to 2.2.14
o ports/140092 apache www/mod_hosts_access: update to 1.1.0 to allow compat
o ports/138846 apache www/apache22 mod_proxy optional patch is not applied b
o ports/138466 apache [patch] www/apache22: 'rc.d/apache22 graceful' fails (
o ports/138373 apache www/apache22 accf_data required at apache startup
o ports/137729 apache www/mod_auth_kerb2 port broken on 8.0-BETA2
o ports/136928 apache [PATCH] www/apache20 - suexec resource limits patch
o ports/136598 apache [PATCH] www/mod_fastcgi: Fix non-threadsafe function
o ports/136432 apache www/mod_auth_kerb does not build with MIT Kerberos (se
a ports/134577 apache www/apache22: build faild with mod_auth_digest
a ports/133773 apache net/keepalived port update request
o ports/130479 apache www/apache20 and www/apache22 configure_args busted
o ports/128952 apache [NEW PORT] java/javadb: Sun's supported distribution o
o ports/128078 apache www/apache20 -- LDAP support is broken
o ports/125183 apache www/apache22 wrong SUEXEC_DOCROOT
o ports/124375 apache www/mod_auth_kerb doesn't compile against heimdal
o ports/121134 apache www/mod_log_sql2-dtc scoreboard problem
o ports/120229 apache www/apache20 does not pick up usernames from NIS [regr
o ports/118003 apache www/apache22: with PgSQL option require only libpq.so.
p ports/116984 apache [patch] www/apache13-modssl missing perl5.8 as RUN_DEP
o ports/108169 apache www/apache20 wrong AP_SAFE_PATH for suEXEC
a ports/101566 apache www/apache20 All .svn subdirectories in $(htdocsdir) g
a ports/96953 apache www/apache22 port uses its own directories
a ports/83644 apache www/apache20 add support for ndbm

24 problems total.

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

About www/apache22 port update to apache-2.2.14

2009-11-02T02:32:01Z

Hi, maintainer,

How about update port www/apache22 to apache-2.2.14 (2009-10-05)?

"Apache HTTP Server 2.2.14 is the best available version"
http://httpd.apache.org/download.cgi

Best regards,
Michael
mailto:Michael.Galapchuk@...

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Re: freebsd-apache Digest, Vol 261, Issue 3

2009-10-31T05:02:52Z

Sure
------Original Message------
From: freebsd-apache-request@...
Sender: owner-freebsd-apache@...
To: freebsd-apache@...
ReplyTo: freebsd-apache@...
Subject: freebsd-apache Digest, Vol 261, Issue 3
Sent: Oct 31, 2009 20:00

Send freebsd-apache mailing list submissions to
freebsd-apache@...

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
or, via email, send a message with subject or body 'help' to
freebsd-apache-request@...

You can reach the person managing the list at
freebsd-apache-owner@...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of freebsd-apache digest..."

Today's Topics:

1. Re: ports/140137: [patch] port www/apache22 update to 2.2.14
(edwin@...)

----------------------------------------------------------------------

Message: 1
Date: Sat, 31 Oct 2009 11:10:16 GMT
From: edwin@...
Subject: Re: ports/140137: [patch] port www/apache22 update to 2.2.14
To: edwin@..., freebsd-ports-bugs@...,
apache@...
Message-ID: <200910311110.n9VBAG9v070689@...>

Synopsis: [patch] port www/apache22 update to 2.2.14

Responsible-Changed-From-To: freebsd-ports-bugs->apache
Responsible-Changed-By: edwin
Responsible-Changed-When: Sat Oct 31 11:10:16 UTC 2009
Responsible-Changed-Why:
Over to maintainer (via the GNATS Auto Assign Tool)

http://www.freebsd.org/cgi/query-pr.cgi?pr=140137

------------------------------

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

End of freebsd-apache Digest, Vol 261, Issue 3
**********************************************

Sent from my BlackBerry® wireless device via Vodafone-Celcom Mobile.
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Re: ports/140137: [patch] port www/apache22 update to 2.2.14

2009-10-31T04:10:16Z

Synopsis: [patch] port www/apache22 update to 2.2.14

Responsible-Changed-From-To: freebsd-ports-bugs->apache
Responsible-Changed-By: edwin
Responsible-Changed-When: Sat Oct 31 11:10:16 UTC 2009
Responsible-Changed-Why:
Over to maintainer (via the GNATS Auto Assign Tool)

http://www.freebsd.org/cgi/query-pr.cgi?pr=140137
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Re: ports/140092: www/mod_hosts_access: update to 1.1.0 to allow compat with apache2

2009-10-29T13:50:18Z

Synopsis: www/mod_hosts_access: update to 1.1.0 to allow compat with apache2

Responsible-Changed-From-To: freebsd-ports-bugs->apache
Responsible-Changed-By: edwin
Responsible-Changed-When: Thu Oct 29 20:50:17 UTC 2009
Responsible-Changed-Why:
Over to maintainer (via the GNATS Auto Assign Tool)

http://www.freebsd.org/cgi/query-pr.cgi?pr=140092
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Current problem reports assigned to apache@FreeBSD.org

2009-10-26T04:06:19Z

Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.

S Tracker Resp. Description
--------------------------------------------------------------------------------
o ports/138846 apache www/apache22 mod_proxy optional patch is not applied b
o ports/138466 apache [patch] www/apache22: 'rc.d/apache22 graceful' fails (
o ports/138373 apache www/apache22 accf_data required at apache startup
o ports/137729 apache www/mod_auth_kerb2 port broken on 8.0-BETA2
o ports/136928 apache [PATCH] www/apache20 - suexec resource limits patch
o ports/136598 apache [PATCH] www/mod_fastcgi: Fix non-threadsafe function
o ports/136432 apache www/mod_auth_kerb does not build with MIT Kerberos (se
a ports/134577 apache www/apache22: build faild with mod_auth_digest
a ports/133773 apache net/keepalived port update request
o ports/130479 apache www/apache20 and www/apache22 configure_args busted
o ports/128952 apache [NEW PORT] java/javadb: Sun's supported distribution o
o ports/128078 apache www/apache20 -- LDAP support is broken
o ports/125183 apache www/apache22 wrong SUEXEC_DOCROOT
o ports/124375 apache www/mod_auth_kerb doesn't compile against heimdal
o ports/121134 apache www/mod_log_sql2-dtc scoreboard problem
o ports/120229 apache www/apache20 does not pick up usernames from NIS [regr
o ports/118003 apache www/apache22: with PgSQL option require only libpq.so.
p ports/116984 apache [patch] www/apache13-modssl missing perl5.8 as RUN_DEP
o ports/108169 apache www/apache20 wrong AP_SAFE_PATH for suEXEC
a ports/101566 apache www/apache20 All .svn subdirectories in $(htdocsdir) g
a ports/96953 apache www/apache22 port uses its own directories
a ports/83644 apache www/apache20 add support for ndbm

22 problems total.

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

RE: [PATCH] FreeBSD Port: www/mod_authenticache

2009-10-25T08:41:29Z

On Sat Oct 24 10:50 PM, Philip M. Gollucci wrote:
> Jonathan Bond-Caron wrote:
> > I had some issues with this apache module say if I had the following
> config:
>
> you should send this upstream to the module author rather then the
> FreeBSD port. If the module is unmaintained, we can include it in the
> tree directly
>

Thanks, wasn't sure if someone else was maintaining it, the author is
Copyright (c) 2002 Anthony D. Urso. (anthonyu)

After googling, I e-mailed him at anthonyu@...

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Re: [PATCH] FreeBSD Port: www/mod_authenticache

2009-10-24T19:50:59Z

Jonathan Bond-Caron wrote:
> I had some issues with this apache module say if I had the following config:

you should send this upstream to the module author rather then the
FreeBSD port. If the module is unmaintained, we can include it in the
tree directly

--
------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci@...) c: 703.336.9354
Consultant - P6M7G8 Inc. http://p6m7g8.net
Senior Sys Admin - RideCharge, Inc. http://ridecharge.com
ASF Member - Apache Software Foundation http://apache.org
FreeBSD Committer - FreeBSD Foundation http://freebsd.org

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

[PATCH] FreeBSD Port: www/mod_authenticache

2009-10-24T13:19:48Z

I had some issues with this apache module say if I had the following config:

<Location />

Require user jbondc

</Location>

<Location /MADOLAINE >

Require user mado

</Location>

When going over to /MADOLAINE, the module would re-use cached information.
The patch checks if new auth info is provided.

# Behavior without patch (credentials re-used)

[Sat Oct 24 15:58:21 2009] [info] [client xxxxxx] mod_authenticache: valid
ticket from jbondc for /

[Sat Oct 24 15:59:54 2009] [info] [client xxxxxx] mod_authenticache: valid
ticket from jbondc for /MADOLAINE

[Sat Oct 24 15:59:54 2009] [error] [client xxxxxx] access to /MADOLAINE
failed, reason: user jbondc not allowed access

# With patch (if new username/password provided, don't use cookie)

[Sat Oct 24 15:58:21 2009] [info] [client xxxxxx] mod_authenticache: valid
ticket from jbondc for /

[Sat Oct 24 16:00:06 2009] [error] [client xxxxxx] PAM: user 'mado' - not
authenticated: authentication error

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

check_user.patch (1K) Download Attachment

Re: FreeBSD Port: apache-2.2.14

2009-10-24T12:49:32Z

Jack Gavin wrote:
> I see that Apache 2.2.14 was very recently released (about 2 weeks ago):
> http://httpd.apache.org/#2.2.14
>
>
>
> Is there any estimate of when the FreeBSD port of Apache
> (/usr/ports/www/apache22) will be upticked from 2.2.13 to 2.2.14?

Within a month or less.
--
------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci@...) c: 703.336.9354
Consultant - P6M7G8 Inc. http://p6m7g8.net
Senior Sys Admin - RideCharge, Inc. http://ridecharge.com
ASF Member - Apache Software Foundation http://apache.org
FreeBSD Committer - FreeBSD Foundation http://freebsd.org

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

FreeBSD Port: apache-2.2.14

2009-10-23T12:27:22Z

I see that Apache 2.2.14 was very recently released (about 2 weeks ago):
http://httpd.apache.org/#2.2.14

Is there any estimate of when the FreeBSD port of Apache
(/usr/ports/www/apache22) will be upticked from 2.2.13 to 2.2.14?

Thanks very much.

Jack Gavin

--
Jack Gavin
Lead Software Engineer

Lumeta - Securing the Network in the Face of Change

jgavin@... <mailto:jgavin@...>
732.357.3526 (office)
732.564.0731 (fax)
220 Davidson Avenue
Somerset, NJ 08873-4146
www.lumeta.com <http://www.lumeta.com>

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Bad file descriptor: apr_socket_accept

2009-10-19T07:55:04Z

Hi,
I got following error in log after upgrade of Apache to version 2.2.13.

[error] (9)Bad file descriptor: apr_socket_accept: (client socket)

The error appeared after each graceful restart (reload / SIGUSR1). I can
see it on more then one machine. Some machines are using APR from ports,
some don't.

The full log follows:

[Mon Oct 19 16:42:30 2009] [notice] Graceful restart requested, doing
restart
[Mon Oct 19 16:42:30 2009] [error] (9)Bad file descriptor:
apr_socket_accept: (client socket)
[Mon Oct 19 16:42:30 2009] [warn] (22)Invalid argument: Failed to enable
the 'httpready' Accept Filter
[Mon Oct 19 16:42:30 2009] [warn] (22)Invalid argument: Failed to enable
the 'httpready' Accept Filter
[Mon Oct 19 16:42:30 2009] [warn] (22)Invalid argument: Failed to enable
the 'httpready' Accept Filter
[Mon Oct 19 16:42:30 2009] [warn] (22)Invalid argument: Failed to enable
the 'httpready' Accept Filter
[Mon Oct 19 16:42:30 2009] [warn] (22)Invalid argument: Failed to enable
the 'httpready' Accept Filter
[Mon Oct 19 16:42:30 2009] [warn] (22)Invalid argument: Failed to enable
the 'dataready' Accept Filter
[Mon Oct 19 16:42:30 2009] [warn] (22)Invalid argument: Failed to enable
the 'httpready' Accept Filter
[Mon Oct 19 16:42:30 2009] [warn] (22)Invalid argument: Failed to enable
the 'httpready' Accept Filter
[Mon Oct 19 16:42:31 2009] [notice] Digest: generating secret for digest
authentication ...
[Mon Oct 19 16:42:31 2009] [notice] Digest: done
[Mon Oct 19 16:42:31 2009] [notice] Apache/2.2.13 (FreeBSD)
mod_ssl/2.2.13 OpenSSL/0.9.8e configured -- resuming normal operations

The Apache is compiled with these options:

root@lite enabled/# grep WITH_ /var/db/ports/apache22/options
WITH_AUTH_BASIC=true
WITH_AUTH_DIGEST=true
WITH_AUTHN_FILE=true
WITH_AUTHN_DEFAULT=true
WITH_AUTHZ_HOST=true
WITH_AUTHZ_USER=true
WITH_AUTHZ_DBM=true
WITH_AUTHZ_DEFAULT=true
WITH_ALIAS=true
WITH_AUTOINDEX=true
WITH_DEFLATE=true
WITH_DIR=true
WITH_EXPIRES=true
WITH_HEADERS=true
WITH_INCLUDE=true
WITH_LOG_CONFIG=true
WITH_MIME=true
WITH_NEGOTIATION=true
WITH_REWRITE=true
WITH_SETENVIF=true
WITH_STATUS=true
WITH_PATCH_PROXY_CONNECT=true
WITH_SSL=true

System is FreeBSD 7.2-RELEASE i386 with GENERIC kernel.

Am I the only one with this error logged with Apache 2.2.13?

As I found on the web, this error message is reported / fixed for years
from version to version, but I never seen it before on my machines.

Miroslav Lachman
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Current problem reports assigned to apache@FreeBSD.org

2009-10-19T04:06:14Z

Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.

S Tracker Resp. Description
--------------------------------------------------------------------------------
o ports/138846 apache www/apache22 mod_proxy optional patch is not applied b
o ports/138466 apache [patch] www/apache22: 'rc.d/apache22 graceful' fails (
o ports/138373 apache www/apache22 accf_data required at apache startup
o ports/137729 apache www/mod_auth_kerb2 port broken on 8.0-BETA2
o ports/136928 apache [PATCH] www/apache20 - suexec resource limits patch
o ports/136598 apache [PATCH] www/mod_fastcgi: Fix non-threadsafe function
o ports/136432 apache www/mod_auth_kerb does not build with MIT Kerberos (se
a ports/134577 apache www/apache22: build faild with mod_auth_digest
a ports/133773 apache net/keepalived port update request
o ports/130479 apache www/apache20 and www/apache22 configure_args busted
o ports/128952 apache [NEW PORT] java/javadb: Sun's supported distribution o
o ports/128078 apache www/apache20 -- LDAP support is broken
o ports/125183 apache www/apache22 wrong SUEXEC_DOCROOT
o ports/124375 apache www/mod_auth_kerb doesn't compile against heimdal
o ports/121134 apache www/mod_log_sql2-dtc scoreboard problem
o ports/120229 apache www/apache20 does not pick up usernames from NIS [regr
o ports/118003 apache www/apache22: with PgSQL option require only libpq.so.
p ports/116984 apache [patch] www/apache13-modssl missing perl5.8 as RUN_DEP
o ports/108169 apache www/apache20 wrong AP_SAFE_PATH for suEXEC
a ports/101566 apache www/apache20 All .svn subdirectories in $(htdocsdir) g
a ports/96953 apache www/apache22 port uses its own directories
a ports/83644 apache www/apache20 add support for ndbm

22 problems total.

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Re: [apache22] startup script error for graceful restart?

2009-10-13T09:49:49Z

system: apache22, FreeBSD 7.2/amd64.

I have exactly the same problem with graceful and reload commands.

For a short time i loaded modules http_ready, http_data by kldload, then
i compiled them into the kernel thouth this will solve the problem, but it
doesn't change anything. Althrough when i do

apachectl stop
apachectl start

there is no warning message in the httpd-error.log.

Regards
--
hexabit

Ports with duplicate LATEST_LINKS

2009-10-12T06:22:51Z

Dear port maintainers,

The following list includes ports maintained by you that have duplicate
LATEST_LINK values. They should either be modified to use a unique
LATEST_LINK or suppressed using NO_LATEST_LINK, to avoid overwriting
each other in the packages/Latest directory. If your ports conflict with
ports maintained by another person, please coordinate your efforts with
them.

Thanks,
Erwin "Annoying Reminder Guy III" Lansing

LATEST_LINK PORTNAME MAINTAINER
==========================================================================
mediawiki www/mediawiki gerrit.beine@...
mediawiki www/mediawiki113 gerrit.beine@...
mediawiki www/mediawiki114 gerrit.beine@...
mod_extract_forwarded www/mod_extract_forwarded_ap13 apache@...
mod_extract_forwarded www/mod_extract_forwarded kuriyama@...
wmii x11-wm/wmii danfe@...
wmii x11-wm/wmii-devel danfe@...

Total: 7 ports
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Current problem reports assigned to apache@FreeBSD.org

2009-10-12T04:06:15Z

Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.

S Tracker Resp. Description
--------------------------------------------------------------------------------
o ports/138846 apache www/apache22 mod_proxy optional patch is not applied b
o ports/138466 apache [patch] www/apache22: 'rc.d/apache22 graceful' fails (
o ports/138373 apache www/apache22 accf_data required at apache startup
o ports/137729 apache www/mod_auth_kerb2 port broken on 8.0-BETA2
o ports/136928 apache [PATCH] www/apache20 - suexec resource limits patch
o ports/136598 apache [PATCH] www/mod_fastcgi: Fix non-threadsafe function
o ports/136432 apache www/mod_auth_kerb does not build with MIT Kerberos (se
a ports/134577 apache www/apache22: build faild with mod_auth_digest
a ports/133773 apache net/keepalived port update request
o ports/130479 apache www/apache20 and www/apache22 configure_args busted
o ports/128952 apache [NEW PORT] java/javadb: Sun's supported distribution o
o ports/128078 apache www/apache20 -- LDAP support is broken
o ports/125183 apache www/apache22 wrong SUEXEC_DOCROOT
o ports/124375 apache www/mod_auth_kerb doesn't compile against heimdal
o ports/121134 apache www/mod_log_sql2-dtc scoreboard problem
o ports/120229 apache www/apache20 does not pick up usernames from NIS [regr
o ports/118003 apache www/apache22: with PgSQL option require only libpq.so.
p ports/116984 apache [patch] www/apache13-modssl missing perl5.8 as RUN_DEP
o ports/108169 apache www/apache20 wrong AP_SAFE_PATH for suEXEC
a ports/101566 apache www/apache20 All .svn subdirectories in $(htdocsdir) g
a ports/96953 apache www/apache22 port uses its own directories
a ports/83644 apache www/apache20 add support for ndbm

22 problems total.

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Re: ssl onceonlyinit problem

2009-10-07T16:33:38Z

David Southwell wrote:

> Hi
>
> NOt used to this one.
>
> Can anyone tell me how to fix this error?
>
> [Wed Oct 07 16:03:17 2009] [warn] RSA server certificate is a CA certificate
> (BasicConstraints: CA == TRUE !?)
> [Wed Oct 07 16:03:18 2009] [warn] RSA server certificate is a CA certificate
> (BasicConstraints: CA == TRUE !?)
> /libexec/ld-elf.so.1: /usr/local/lib/php/20060613/imap.so: Undefined symbol
> "ssl_onceonlyinit"

This is actually a common one, but I forget what causes it off the top
of my head. Some things to check, I'm sure google will know this one.

1) Do you have the following configs -- at the vhost level ?
### SSL (PCI-compliant)
SSLEngine On
# SSLProxyEngine on

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

<IfDefine VERISIGN>
SSLCACertificateFile %%CERTS%%/vs_intermediate_bundle.crt
</IfDefine>
<IfDefine GODADDY>
SSLCertificateChainFile %%CERTS%%/gd_intermediate_bundle.crt
</IfDefine>

SSLCertificateFile %%CERTS%%/%%H%%.crt
SSLCertificateKeyFile %%CERTS%%/%%H%%.key

2) httpd -l |grep ssl
its there

3) you started the server with -DSSL if you used the <IfDefine SSL>

4) the key files exist, are readable, don't have ^Ms in them

5) you're using http 2.2.1[34]

6) The certificates are not expired

--
------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci@...) c: 703.336.9354
Consultant - P6M7G8 Inc. http://p6m7g8.net
Senior Sys Admin - RideCharge, Inc. http://ridecharge.com
ASF Member - Apache Software Foundation http://apache.org
FreeBSD Committer - FreeBSD Foundation http://freebsd.org

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

ssl onceonlyinit problem

2009-10-07T08:07:15Z

Hi

NOt used to this one.

Can anyone tell me how to fix this error?

[Wed Oct 07 16:03:17 2009] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[Wed Oct 07 16:03:18 2009] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
/libexec/ld-elf.so.1: /usr/local/lib/php/20060613/imap.so: Undefined symbol
"ssl_onceonlyinit"

Thanks

David
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Current problem reports assigned to apache@FreeBSD.org

2009-10-05T04:06:15Z

Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.

S Tracker Resp. Description
--------------------------------------------------------------------------------
o ports/138846 apache www/apache22 mod_proxy optional patch is not applied b
o ports/138466 apache [patch] www/apache22: 'rc.d/apache22 graceful' fails (
o ports/138373 apache www/apache22 accf_data required at apache startup
o ports/137729 apache www/mod_auth_kerb2 port broken on 8.0-BETA2
o ports/136928 apache [PATCH] www/apache20 - suexec resource limits patch
o ports/136598 apache [PATCH] www/mod_fastcgi: Fix non-threadsafe function
o ports/136432 apache www/mod_auth_kerb does not build with MIT Kerberos (se
a ports/134577 apache www/apache22: build faild with mod_auth_digest
a ports/133773 apache net/keepalived port update request
o ports/130479 apache www/apache20 and www/apache22 configure_args busted
o ports/128952 apache [NEW PORT] java/javadb: Sun's supported distribution o
o ports/128078 apache www/apache20 -- LDAP support is broken
o ports/125183 apache www/apache22 wrong SUEXEC_DOCROOT
o ports/124375 apache www/mod_auth_kerb doesn't compile against heimdal
o ports/121134 apache www/mod_log_sql2-dtc scoreboard problem
o ports/120229 apache www/apache20 does not pick up usernames from NIS [regr
o ports/118003 apache www/apache22: with PgSQL option require only libpq.so.
p ports/116984 apache [patch] www/apache13-modssl missing perl5.8 as RUN_DEP
o ports/108169 apache www/apache20 wrong AP_SAFE_PATH for suEXEC
a ports/101566 apache www/apache20 All .svn subdirectories in $(htdocsdir) g
a ports/96953 apache www/apache22 port uses its own directories
a ports/83644 apache www/apache20 add support for ndbm

22 problems total.

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Current problem reports assigned to apache@FreeBSD.org

2009-09-28T04:06:15Z

Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.

S Tracker Resp. Description
--------------------------------------------------------------------------------
o ports/138846 apache www/apache22 mod_proxy optional patch is not applied b
o ports/138466 apache [patch] www/apache22: 'rc.d/apache22 graceful' fails (
o ports/138373 apache www/apache22 accf_data required at apache startup
o ports/137729 apache www/mod_auth_kerb2 port broken on 8.0-BETA2
o ports/136928 apache [PATCH] www/apache20 - suexec resource limits patch
o ports/136598 apache [PATCH] www/mod_fastcgi: Fix non-threadsafe function
o ports/136432 apache www/mod_auth_kerb does not build with MIT Kerberos (se
a ports/134577 apache www/apache22: build faild with mod_auth_digest
a ports/133773 apache net/keepalived port update request
o ports/130479 apache www/apache20 and www/apache22 configure_args busted
o ports/128952 apache [NEW PORT] java/javadb: Sun's supported distribution o
o ports/128078 apache www/apache20 -- LDAP support is broken
o ports/125183 apache www/apache22 wrong SUEXEC_DOCROOT
o ports/124375 apache www/mod_auth_kerb doesn't compile against heimdal
o ports/121134 apache www/mod_log_sql2-dtc scoreboard problem
o ports/120229 apache www/apache20 does not pick up usernames from NIS [regr
o ports/118003 apache www/apache22: with PgSQL option require only libpq.so.
p ports/116984 apache [patch] www/apache13-modssl missing perl5.8 as RUN_DEP
o ports/108169 apache www/apache20 wrong AP_SAFE_PATH for suEXEC
a ports/101566 apache www/apache20 All .svn subdirectories in $(htdocsdir) g
a ports/96953 apache www/apache22 port uses its own directories
a ports/83644 apache www/apache20 add support for ndbm

22 problems total.

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

[apache22] startup script error for graceful restart?

2009-09-24T06:47:49Z

Hello

I have apache22 instalation in jail on 7.2/amd64 boxes. Here is relevant
part of rc.conf for it:
apache22_enable="YES"
apache22_http_accept_enable="YES"

I have such options in my kernel:
options ACCEPT_FILTER_HTTP
options ACCEPT_FILTER_DATA

kldstat confirms:
# kldstat -v | grep accf_http
120 accf_http

Normal apache22 start - no problems, everything works as expected:

root 72596 0.0 0.4 149168 16648 ?? SsJ 3:41PM 0:00.20
/usr/local/sbin/httpd
www 72623 0.0 0.4 150192 18388 ?? SJ 3:42PM 0:00.03
/usr/local/sbin/httpd
www 72626 0.0 0.4 150192 18032 ?? SJ 3:42PM 0:00.02
/usr/local/sbin/httpd
www 72635 0.0 0.4 150192 18384 ?? SJ 3:42PM 0:00.03
/usr/local/sbin/httpd
www 72646 0.0 0.4 150192 18436 ?? SJ 3:42PM 0:00.03
/usr/local/sbin/httpd
www 72653 0.0 0.4 150192 18384 ?? SJ 3:42PM 0:00.02
/usr/local/sbin/httpd
www 72654 0.0 0.4 150192 18384 ?? SJ 3:42PM 0:00.02
/usr/local/sbin/httpd
www 72657 0.0 0.4 150192 18384 ?? SJ 3:42PM 0:00.02
/usr/local/sbin/httpd
www 72668 0.0 0.4 150192 18200 ?? SJ 3:43PM 0:00.01
/usr/local/sbin/httpd
[...]

However, graceful restart produces two wrong log warnlines:

[Thu Sep 24 15:40:55 2009] [notice] Graceful restart requested, doing
restart
[Thu Sep 24 15:40:55 2009] [warn] (22)Invalid argument: Failed to enable
the 'dataready' Accept Filter
[Thu Sep 24 15:40:55 2009] [warn] (22)Invalid argument: Failed to enable
the 'httpready' Accept Filter
[Thu Sep 24 15:40:55 2009] [notice] Digest: generating secret for digest
authentication ...
[Thu Sep 24 15:40:55 2009] [notice] Digest: done
[Thu Sep 24 15:40:56 2009] [notice] Apache/2.2.13 (FreeBSD)
mod_ssl/2.2.13 OpenSSL/0.9.8e PHP/5.2.10 mod_auth_pgsql/2.0.3 configured
-- resuming normal operations

These warns about failing to enable httpready/dataready accept filters -
could be that its just a problem with apachectl/httpd -k graceful? If
yes, how to fix, to NOT get these warns to errorlog?

Regards
--
* Maciej Wierzbicki * At paranoia's poison door *
* VOO1-RIPE *
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Current problem reports assigned to apache@FreeBSD.org

2009-09-21T04:06:15Z

Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.

S Tracker Resp. Description
--------------------------------------------------------------------------------
o ports/138846 apache www/apache22 mod_proxy optional patch is not applied b
o ports/138466 apache [patch] www/apache22: 'rc.d/apache22 graceful' fails (
o ports/138373 apache www/apache22 accf_data required at apache startup
o ports/137729 apache www/mod_auth_kerb2 port broken on 8.0-BETA2
o ports/136928 apache [PATCH] www/apache20 - suexec resource limits patch
o ports/136598 apache [PATCH] www/mod_fastcgi: Fix non-threadsafe function
o ports/136432 apache www/mod_auth_kerb does not build with MIT Kerberos (se
a ports/134577 apache www/apache22: build faild with mod_auth_digest
a ports/133773 apache net/keepalived port update request
o ports/130479 apache www/apache20 and www/apache22 configure_args busted
o ports/128952 apache [NEW PORT] java/javadb: Sun's supported distribution o
o ports/128078 apache www/apache20 -- LDAP support is broken
o ports/125183 apache www/apache22 wrong SUEXEC_DOCROOT
o ports/124375 apache www/mod_auth_kerb doesn't compile against heimdal
o ports/121134 apache www/mod_log_sql2-dtc scoreboard problem
o ports/120229 apache www/apache20 does not pick up usernames from NIS [regr
o ports/118003 apache www/apache22: with PgSQL option require only libpq.so.
p ports/116984 apache [patch] www/apache13-modssl missing perl5.8 as RUN_DEP
o ports/108169 apache www/apache20 wrong AP_SAFE_PATH for suEXEC
a ports/101566 apache www/apache20 All .svn subdirectories in $(htdocsdir) g
a ports/96953 apache www/apache22 port uses its own directories
a ports/83644 apache www/apache20 add support for ndbm

22 problems total.

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Re: ports/136928: [PATCH] www/apache20 - suexec resource limits patch

2009-09-17T02:20:04Z

The following reply was made to PR ports/136928; it has been noted by GNATS.

From: Alex Keda <admin@...>
To: bug-followup@...
Cc:
Subject: Re: ports/136928: [PATCH] www/apache20 - suexec resource limits patch
Date: Thu, 17 Sep 2009 13:19:00 +0400

may be somebody commit this?
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Re: ports/137953: commit references a PR

2009-09-16T07:20:02Z

The following reply was made to PR ports/137953; it has been noted by GNATS.

From: dfilter@... (dfilter service)
To: bug-followup@...
Cc:
Subject: Re: ports/137953: commit references a PR
Date: Wed, 16 Sep 2009 14:18:08 +0000 (UTC)

pav 2009-09-16 14:17:57 UTC

FreeBSD ports repository

Modified files:
www/apache22 Makefile
Added files:
www/apache22/files mpm-itk-20090414-00
Removed files:
www/apache22/files mpm-itk-20080727-00
Log:
- Update MPM-ITK patch to 20090414-00

PR: ports/137953
Submitted by: Emil Mikulic <emikulic@...>
Feature safe: yes

Revision Changes Path
1.243 +1 -1 ports/www/apache22/Makefile
1.2 +0 -1907 ports/www/apache22/files/mpm-itk-20080727-00 (dead)
1.1 +2039 -0 ports/www/apache22/files/mpm-itk-20090414-00 (new)
_______________________________________________
cvs-all@... mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@..."

_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."

Re: ports/137953: [patch] update www/apache22 mpm-itk patch to 20090414-00

2009-09-16T07:18:09Z

Synopsis: [patch] update www/apache22 mpm-itk patch to 20090414-00

State-Changed-From-To: open->closed
State-Changed-By: pav
State-Changed-When: Wed Sep 16 12:23:52 UTC 2009
State-Changed-Why:
Committed, thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=137953
_______________________________________________
freebsd-apache@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-apache
To unsubscribe, send any mail to "freebsd-apache-unsubscribe@..."