From jgh@FreeBSD.org  Thu Jul  4 06:40:12 2013
Return-Path: <jgh@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	by hub.freebsd.org (Postfix) with ESMTP id 85445639;
	Thu,  4 Jul 2013 06:40:12 +0000 (UTC)
	(envelope-from jgh@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87])
	by mx1.freebsd.org (Postfix) with ESMTP id 5E7351100;
	Thu,  4 Jul 2013 06:40:12 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r646eCwV070508;
	Thu, 4 Jul 2013 06:40:12 GMT
	(envelope-from jgh@freefall.freebsd.org)
Received: (from jgh@localhost)
	by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r646eCk3070507;
	Thu, 4 Jul 2013 06:40:12 GMT
	(envelope-from jgh)
Message-Id: <201307040640.r646eCk3070507@freefall.freebsd.org>
Date: Thu, 4 Jul 2013 06:40:12 GMT
From: Jason Helfman <jgh@FreeBSD.org>
Reply-To: Jason Helfman <jgh@FreeBSD.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: apache@FreeBSD.org
Subject: [patch] www/apache22: update to 2.2.25, drop warnings on WITH/WITHOUT
X-Send-Pr-Version: 3.114
X-GNATS-Notify:

>Number:         180248
>Category:       ports
>Synopsis:       [patch] www/apache22: update to 2.2.25, drop warnings on WITH/WITHOUT
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    apache
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 04 06:50:00 UTC 2013
>Closed-Date:    Wed Jul 10 19:12:30 UTC 2013
>Last-Modified:  Wed Jul 10 19:12:30 UTC 2013
>Originator:     Jason Helfman
>Release:        FreeBSD 10.0-CURRENT amd64
>Organization:
>Environment:
System: FreeBSD freefall.freebsd.org 10.0-CURRENT FreeBSD 10.0-CURRENT #0 r252008: Wed Jun 19 21:39:58 UTC 2013 peter@freefall.freebsd.org:/usr/obj/usr/src/sys/FREEFALL amd64


	
>Description:
update to 2.2.25
drop warnings on WITH/WITHOUT for old options framework
pet portlint space -> tab

>How-To-Repeat:
	
>Fix:
Index: www/apache22/Makefile
===================================================================
--- www/apache22/Makefile	(revision 322263)
+++ www/apache22/Makefile	(working copy)
@@ -1,8 +1,8 @@
 # $FreeBSD$
 
 PORTNAME=	apache22
-PORTVERSION=	2.2.24
-#PORTREVISION?=	1
+PORTVERSION=	2.2.25
+PORTREVISION?=	0
 CATEGORIES=	www ipv6
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD}
 DISTNAME=	httpd-${PORTVERSION}
@@ -46,15 +46,6 @@
 
 .include "${APACHEDIR}/Makefile.options"
 
-# stop users from using old WITH/WITHOUT parameters
-.for opt in ${OPTIONS_DEFINE}
-.  if defined(WITH_${opt}) || defined(WITHOUT_${opt})
-BROKEN=	WITH/WITHOUT parameters are obsolete. \
-	The port use the new options NG framework. Please read\
-	http://wiki.freebsd.org/Ports/Options/OptionsNG
-.  endif
-.endfor
-
 .for category in ${ALL_MODULES_CATEGORIES}
 .  if defined(WITH_${category}_MODULES)
 BROKEN=	WITH/WITHOUT_..._MODULES parameters are obsolete. \
@@ -116,7 +107,7 @@
 .endif
 
 .if ${PORT_OPTIONS:MSUEXEC_USERDIR}
-EXTRA_PATCHES+= ${FILESDIR}/extra-patch-suexec_userdir
+EXTRA_PATCHES+=	${FILESDIR}/extra-patch-suexec_userdir
 .  if empty(PORT_OPTIONS:MSUEXEC)
 IGNORE=		suEXEC UserDir patch requires mod_suexec.\
 		Please (re)run 'make config' and choose SUEXEC option also
Index: www/apache22/distinfo
===================================================================
--- www/apache22/distinfo	(revision 322263)
+++ www/apache22/distinfo	(working copy)
@@ -1,2 +1,2 @@
-SHA256 (apache22/httpd-2.2.24.tar.bz2) = 0453f5d2d7e3b1975a1c6a8a22b6d6ff768715a3b0a89b51e5f7b5851628fad7
-SIZE (apache22/httpd-2.2.24.tar.bz2) = 5490439
+SHA256 (apache22/httpd-2.2.25.tar.bz2) = 4bcaf3524796a514b31aa5c64ce80b0cdb484bab5735416de29d00f6d50fa65a
+SIZE (apache22/httpd-2.2.25.tar.bz2) = 5524905
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->apache 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Thu Jul 4 06:50:08 UTC 2013 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=180248 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/180248: commit references a PR
Date: Wed, 10 Jul 2013 19:01:53 +0000 (UTC)

 Author: ohauer
 Date: Wed Jul 10 19:01:44 2013
 New Revision: 322728
 URL: http://svnweb.freebsd.org/changeset/ports/322728
 
 Log:
   - update to apache-2.2.25
   - update vuxml with additional CVE-2013-1896 entry
   
   Changes with Apache 2.2.25
     http://www.apache.org/dist/httpd/CHANGES_2.2.25
   
     *) SECURITY: CVE-2013-1896 (cve.mitre.org)
        mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
        the source href (sent as part of the request body as XML) pointing to a
        URI that is not configured for DAV will trigger a segfault. [Ben Reser
        <ben reser.org>]
   
     *) SECURITY: CVE-2013-1862 (cve.mitre.org)
        mod_rewrite: Ensure that client data written to the RewriteLog is
        escaped to prevent terminal escape sequences from entering the
        log file.  [Eric Covener, Jeff Trawick, Joe Orton]
   
     *) core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer
        strings.  The default limit for ap_pregsub() can be adjusted at compile
         time by defining AP_PREGSUB_MAXLEN.  [Stefan Fritsch, Jeff Trawick]
   
     *) core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization
        on Linux kernel versions 3.x and above.  PR 55121.  [Bradley Heilbrun
        <apache heilbrun.org>]
   
     *) mod_setenvif: Log error on substitution overflow.
        [Stefan Fritsch]
   
     *) mod_ssl/proxy: enable the SNI extension for backend TLS connections
        [Kaspar Brand]
   
     *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
        forwarding to SSL backends. PR 53134.
        [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
   
     *) mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
        in the error log to debug level.  [William Rowe]
   
     *) mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
        with SSLProxyMachineCertificateFile/Path directives. PR 52212, PR 54698.
        [Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]
   
     *) mod_proxy_balancer: Added balancer parameter failontimeout to allow server
        admin to configure an IO timeout as an error in the balancer.
        [Daniel Ruggeri]
   
     *) mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind
        password.  [Daniel Ruggeri]
   
     *) htdigest: Fix buffer overflow when reading digest password file
        with very long lines. PR 54893. [Rainer Jung]
   
     *) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
        [Timothy Wood <tjw omnigroup.com>]
   
     *) mod_dav: Make sure that when we prepare an If URL for Etag comparison,
        we compare unencoded paths. PR 53910 [Timothy Wood <tjw omnigroup.com>]
   
     *) mod_dav: Sending an If or If-Match header with an invalid ETag doesn't
        result in a 412 Precondition Failed for a COPY operation. PR54610
        [Timothy Wood <tjw omnigroup.com>]
   
     *) mod_dav: When a PROPPATCH attempts to remove a non-existent dead
        property on a resource for which there is no dead property in the same
        namespace httpd segfaults. PR 52559 [Diego Santa Cruz
        <diego.santaCruz spinetix.com>]
   
     *) mod_dav: Do not fail PROPPATCH when prop namespace is not known.
        PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
   
     *) mod_dav: Do not segfault on PROPFIND with a zero length DBM.
        PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
   
   PR:		ports/180248
   Submitted by:	Jason Helfman jgh@
 
 Deleted:
   head/www/apache22/files/patch-modules__mappers__mod_rewrite.c
 Modified:
   head/security/vuxml/vuln.xml
   head/www/apache22/Makefile
   head/www/apache22/Makefile.modules
   head/www/apache22/distinfo
 
 Modified: head/security/vuxml/vuln.xml
 ==============================================================================
 --- head/security/vuxml/vuln.xml	Wed Jul 10 17:57:38 2013	(r322727)
 +++ head/security/vuxml/vuln.xml	Wed Jul 10 19:01:44 2013	(r322728)
 @@ -121,27 +121,27 @@ Note:  Please add new entries to the beg
    </vuln>
  
    <vuln vid="f3d24aee-e5ad-11e2-b183-20cf30e32f6d">
 -    <topic>apache22 -- mod_rewrite vulnerability</topic>
 +    <topic>apache22 -- several vulnerabilities</topic>
      <affects>
        <package>
  	<name>apache22</name>
 -	<range><gt>2.2.0</gt><lt>2.2.24_1</lt></range>
 +	<range><gt>2.2.0</gt><lt>2.2.25</lt></range>
        </package>
        <package>
  	<name>apache22-event-mpm</name>
 -	<range><gt>2.2.0</gt><lt>2.2.24_1</lt></range>
 +	<range><gt>2.2.0</gt><lt>2.2.25</lt></range>
        </package>
        <package>
  	<name>apache22-itk-mpm</name>
 -	<range><gt>2.2.0</gt><lt>2.2.24_1</lt></range>
 +	<range><gt>2.2.0</gt><lt>2.2.25</lt></range>
        </package>
        <package>
  	<name>apache22-peruser-mpm</name>
 -	<range><gt>2.2.0</gt><lt>2.2.24_1</lt></range>
 +	<range><gt>2.2.0</gt><lt>2.2.25</lt></range>
        </package>
        <package>
  	<name>apache22-worker-mpm</name>
 -	<range><gt>2.2.0</gt><lt>2.2.24_1</lt></range>
 +	<range><gt>2.2.0</gt><lt>2.2.25</lt></range>
        </package>
      </affects>
      <description>
 @@ -153,16 +153,21 @@ Note:  Please add new entries to the beg
  	    non-printable characters, which might allow remote attackers to
  	    execute arbitrary commands via an HTTP request containing an
  	    escape sequence for a terminal emulator.</p>
 +	  <p>mod_dav: Sending a MERGE request against a URI handled by
 +	    mod_dav_svn with the source href (sent as part of the request
 +	    body as XML) pointing to a URI that is not configured for DAV
 +	    will trigger a segfault.</p>
  	</blockquote>
        </body>
      </description>
      <references>
        <cvename>CVE-2013-1862</cvename>
 +      <cvename>CVE-2013-1896</cvename>
      </references>
      <dates>
        <discovery>2013-06-21</discovery>
        <entry>2013-07-05</entry>
 -      <modified>2013-07-06</modified>
 +      <modified>2013-07-10</modified>
      </dates>
    </vuln>
  
 
 Modified: head/www/apache22/Makefile
 ==============================================================================
 --- head/www/apache22/Makefile	Wed Jul 10 17:57:38 2013	(r322727)
 +++ head/www/apache22/Makefile	Wed Jul 10 19:01:44 2013	(r322728)
 @@ -1,8 +1,8 @@
  # $FreeBSD$
  
  PORTNAME=	apache22
 -PORTVERSION=	2.2.24
 -PORTREVISION?=	1
 +PORTVERSION=	2.2.25
 +#PORTREVISION?=	1
  CATEGORIES=	www ipv6
  MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD}
  DISTNAME=	httpd-${PORTVERSION}
 @@ -98,7 +98,7 @@ IGNORE=		suEXEC resource limit patch req
  .endif
  
  .if ${PORT_OPTIONS:MSUEXEC_USERDIR}
 -EXTRA_PATCHES+= ${FILESDIR}/extra-patch-suexec_userdir
 +EXTRA_PATCHES+=	${FILESDIR}/extra-patch-suexec_userdir
  .  if empty(PORT_OPTIONS:MSUEXEC)
  IGNORE=		suEXEC UserDir patch requires mod_suexec.\
  		Please (re)run 'make config' and choose SUEXEC option also
 
 Modified: head/www/apache22/Makefile.modules
 ==============================================================================
 --- head/www/apache22/Makefile.modules	Wed Jul 10 17:57:38 2013	(r322727)
 +++ head/www/apache22/Makefile.modules	Wed Jul 10 19:01:44 2013	(r322728)
 @@ -72,7 +72,7 @@ LATEST_LINK=		apache22-${WITH_MPM}-mpm
  .if ${WITH_MPM} == "worker" || ${WITH_MPM} == "event"
  PORT_OPTIONS+=		CGID
  .if ${PORT_OPTIONS:MCGI}
 -IGNORE= When using a multi-threaded MPM, the module CGID should be used in place CGI. \
 +IGNORE=	When using a multi-threaded MPM, the module CGID should be used in place CGI. \
  	Please de-select CGI and select CGID instead. \
  	See http://httpd.apache.org/docs/2.2/mod/mod_cgi.html
  .endif
 
 Modified: head/www/apache22/distinfo
 ==============================================================================
 --- head/www/apache22/distinfo	Wed Jul 10 17:57:38 2013	(r322727)
 +++ head/www/apache22/distinfo	Wed Jul 10 19:01:44 2013	(r322728)
 @@ -1,2 +1,2 @@
 -SHA256 (apache22/httpd-2.2.24.tar.bz2) = 0453f5d2d7e3b1975a1c6a8a22b6d6ff768715a3b0a89b51e5f7b5851628fad7
 -SIZE (apache22/httpd-2.2.24.tar.bz2) = 5490439
 +SHA256 (apache22/httpd-2.2.25.tar.bz2) = 4bcaf3524796a514b31aa5c64ce80b0cdb484bab5735416de29d00f6d50fa65a
 +SIZE (apache22/httpd-2.2.25.tar.bz2) = 5524905
 _______________________________________________
 svn-ports-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-ports-all
 To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: ohauer 
State-Changed-When: Wed Jul 10 19:12:08 UTC 2013 
State-Changed-Why:  
Committed, 
Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=180248 
>Unformatted:
