From owner-svn-ports-all@FreeBSD.ORG Sun May 31 12:52:07 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 34479D2D; Sun, 31 May 2015 12:52:07 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 20ED51534; Sun, 31 May 2015 12:52:07 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t4VCq7A0025947; Sun, 31 May 2015 12:52:07 GMT (envelope-from ohauer@FreeBSD.org) Received: (from ohauer@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t4VCq1AA025911; Sun, 31 May 2015 12:52:01 GMT (envelope-from ohauer@FreeBSD.org) Message-Id: <201505311252.t4VCq1AA025911@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: ohauer set sender to ohauer@FreeBSD.org using -f From: Olli Hauer Date: Sun, 31 May 2015 12:52:01 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r388056 - in head/www/apache22: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 May 2015 12:52:07 -0000 Author: ohauer Date: Sun May 31 12:52:00 2015 New Revision: 388056 URL: https://svnweb.freebsd.org/changeset/ports/388056 Log: - use @sample for conf files - backport ab from 2.4.x - fix mode for suexec, cgi test files - adopt http-ssl.conf.in from upstream trunk - rebuild some patches Modified: head/www/apache22/Makefile head/www/apache22/files/patch-Makefile.in head/www/apache22/files/patch-acinclude.m4 head/www/apache22/files/patch-config.layout head/www/apache22/files/patch-configure.in head/www/apache22/files/patch-docs__conf__extra__httpd-mpm.conf.in head/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in head/www/apache22/files/patch-docs__conf__extra__httpd-userdir.conf.in head/www/apache22/files/patch-docs__conf__httpd.conf.in head/www/apache22/files/patch-include__ap_config_auto.h.in head/www/apache22/files/patch-include__httpd.h head/www/apache22/files/patch-modules__proxy__mod_proxy_connect.c head/www/apache22/files/patch-modules__ssl__ssl_engine_init.c head/www/apache22/files/patch-modules__ssl__ssl_engine_rand.c head/www/apache22/files/patch-modules__ssl__ssl_engine_vars.c head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.c head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.h head/www/apache22/files/patch-server__config.c head/www/apache22/files/patch-server__core.c head/www/apache22/files/patch-support__Makefile.in head/www/apache22/files/patch-support__ab.c head/www/apache22/files/patch-support__apachectl.in head/www/apache22/files/patch-support__apxs.in head/www/apache22/files/patch-support__envvars-std.in head/www/apache22/files/patch-support__log_server_status.in head/www/apache22/pkg-plist Modified: head/www/apache22/Makefile ============================================================================== --- head/www/apache22/Makefile Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/Makefile Sun May 31 12:52:00 2015 (r388056) @@ -2,7 +2,7 @@ PORTNAME= apache22 PORTVERSION= 2.2.29 -PORTREVISION?= 3 +PORTREVISION?= 4 CATEGORIES= www ipv6 MASTER_SITES= APACHE_HTTPD DISTNAME= httpd-${PORTVERSION} @@ -95,11 +95,12 @@ CONFIGURE_ARGS+=--prefix=${PREFIX} \ --with-apr=${APR_CONFIG} \ --with-apr-util=${APU_CONFIG} -CONFIGURE_ENV= LOCALBASE="${LOCALBASE}" +CONFIGURE_ENV= CONFIG_SHELL="${SH}" \ + LOCALBASE="${LOCALBASE}" MAKE_ENV+= EXPR_COMPAT=yes \ INSTALL_MAN="${INSTALL_MAN}" \ - EXAMPLESDIR=${EXAMPLESDIR} + DATADIR=${DATADIR} #===================================================== # CONFIGURE_ARGS will be handled in Makefile.modules, @@ -131,7 +132,7 @@ post-extract: # remove possible leftover .svn directories in the sources @${FIND} ${WRKSRC} -type d -name .svn -print | ${XARGS} ${RM} -rf # limit grep results ... - @${FIND} ${WRKSRC} -type f \( -name 'NWGNU*' -o -name '*.ds?' -o -name '*.dep' -o -name '*.mak' -o -name '*.win' \) -delete + ${FIND} ${WRKSRC} -type f \( -name 'NWGNU*' -o -name '*.ds?' -o -name '*.dep' -o -name '*.mak' -o -name '*.win' -o -name '*.vbs' -o -name '*.wsf' \) -delete # make qa script happy, it complains on empty dirs even 'PORTDOCS=*' is set # use RMDIR in case upstream ever place some files into this dirs @@ -184,8 +185,6 @@ post-install: ${INSTALL_DATA} ${FILESDIR}/no-accf.conf ${STAGEDIR}${ETCDIR}/Includes/ # place for 3rd party module configuration ${INSTALL_DATA} ${FILESDIR}/README_modules.d ${STAGEDIR}${ETCDIR}/modules.d/ - @${MKDIR} ${STAGEDIR}/${EXAMPLESDIR}/modules.d - ${INSTALL_DATA} ${FILESDIR}/README_modules.d ${STAGEDIR}${EXAMPLESDIR}/modules.d # strip returns an error for non binary files, but we have a big mix -${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/* 2>/dev/null -${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/apache22/mod_*.so Modified: head/www/apache22/files/patch-Makefile.in ============================================================================== --- head/www/apache22/files/patch-Makefile.in Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-Makefile.in Sun May 31 12:52:00 2015 (r388056) @@ -1,28 +1,46 @@ ---- ./Makefile.in.orig 2008-11-25 21:24:49.000000000 +0100 -+++ ./Makefile.in 2014-07-08 06:12:16.000000000 +0200 -@@ -31,12 +31,10 @@ +--- Makefile.in.orig 2008-11-25 20:24:49 UTC ++++ Makefile.in +@@ -31,12 +31,9 @@ include $(top_srcdir)/build/program.mk install-conf: @echo Installing configuration files @$(MKINSTALLDIRS) $(DESTDIR)$(sysconfdir) $(DESTDIR)$(sysconfdir)/extra - @$(MKINSTALLDIRS) $(DESTDIR)$(sysconfdir)/original/extra -+ @$(MKINSTALLDIRS) $(DESTDIR)$(EXAMPLESDIR) $(DESTDIR)$(EXAMPLESDIR)/extra @cd $(top_srcdir)/docs/conf; \ for i in mime.types magic; do \ - if test ! -f $(DESTDIR)$(sysconfdir)/$$i; then \ - $(INSTALL_DATA) $$i $(DESTDIR)$(sysconfdir); \ - fi; \ -+ $(INSTALL_DATA) $$i $(DESTDIR)$(EXAMPLESDIR); \ ++ $(INSTALL_DATA) $$i $(DESTDIR)$(sysconfdir)/$${i}.sample; \ done; \ for j in $(top_srcdir)/docs/conf $(top_builddir)/docs/conf ; do \ cd $$j ; \ -@@ -69,15 +67,12 @@ +@@ -59,7 +56,17 @@ install-conf: + < $$i; \ + for j in $(DSO_MODULES) "^EOL^"; do \ + if test $$j != "^EOL^"; then \ +- echo "LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ ++ if test $$j == "cgid"; then \ ++ echo ""; \ ++ echo "LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ ++ echo ""; \ ++ elif test $$j == "cgi"; then \ ++ echo ""; \ ++ echo "LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ ++ echo ""; \ ++ else \ ++ echo "LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ ++ fi; \ + fi; \ + done; \ + sed -e '1,/@@LoadModule@@/d' \ +@@ -69,15 +76,12 @@ install-conf: -e 's#@@SSLPort@@#$(SSLPORT)#g' \ < $$i; \ fi \ - ) > $(DESTDIR)$(sysconfdir)/original/$$i; \ - chmod 0644 $(DESTDIR)$(sysconfdir)/original/$$i; \ -+ ) > $(DESTDIR)$(EXAMPLESDIR)/$$i; \ -+ chmod 0644 $(DESTDIR)$(EXAMPLESDIR)/$$i; \ ++ ) > $(DESTDIR)$(sysconfdir)/$${i}.sample; \ ++ chmod 0644 $(DESTDIR)$(sysconfdir)/$${i}.sample; \ file=$$i; \ if [ "$$i" = "httpd.conf" ]; then \ file=`echo $$i|sed s/.*.conf/$(PROGRAM_NAME).conf/`; \ @@ -33,7 +51,7 @@ fi; \ done ; \ done ; \ -@@ -120,48 +115,25 @@ +@@ -120,48 +124,25 @@ dox: doxygen $(top_srcdir)/docs/doxygen.conf install-htdocs: @@ -50,8 +68,8 @@ - cd $(DESTDIR)$(htdocsdir) && find . -name ".svn" -type d -print | xargs rm -rf 2>/dev/null || true; \ - fi; \ - fi -+ $(MKINSTALLDIRS) $(DESTDIR)$(EXAMPLESDIR) ; \ -+ test -d $(htdocs-srcdir) && (cd $(htdocs-srcdir) && cp -rp index.html $(DESTDIR)$(EXAMPLESDIR)) || true ++ $(MKINSTALLDIRS) $(DESTDIR)$(DATADIR)/misc ; \ ++ test -d $(htdocs-srcdir) && (cd $(htdocs-srcdir) && cp -rp index.html $(DESTDIR)$(DATADIR)/misc) || true install-error: - -@if [ -d $(DESTDIR)$(errordir) ]; then \ @@ -91,7 +109,7 @@ install-other: @test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir) -@@ -210,12 +182,7 @@ +@@ -210,12 +191,7 @@ install-man: @test -d $(DESTDIR)$(manualdir) || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir) @cp -p $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1 @cp -p $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8 Modified: head/www/apache22/files/patch-acinclude.m4 ============================================================================== --- head/www/apache22/files/patch-acinclude.m4 Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-acinclude.m4 Sun May 31 12:52:00 2015 (r388056) @@ -1,9 +1,10 @@ ---- acinclude.m4.orig 2012-07-06 17:23:21.000000000 +0200 -+++ acinclude.m4 2015-02-28 10:22:26.577650967 +0100 -@@ -455,6 +455,8 @@ +--- acinclude.m4.orig 2012-07-06 15:23:21 UTC ++++ acinclude.m4 +@@ -455,6 +455,9 @@ if test "x$ap_ssltk_configured" = "x"; t AC_CHECK_HEADERS([openssl/engine.h]) AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"]) AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines]) ++ dnl PR 196256, https://issues.apache.org/bugzilla/show_bug.cgi?id=57395 + AC_CHECK_FUNCS([SSL_CTX_use_certificate_chain]) + AC_CHECK_LIB(crypto, RAND_egd, AC_DEFINE(HAVE_SSL_RAND_EGD, 1, [Define if the libcrypto has RAND_egd])) else Modified: head/www/apache22/files/patch-config.layout ============================================================================== --- head/www/apache22/files/patch-config.layout Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-config.layout Sun May 31 12:52:00 2015 (r388056) @@ -1,5 +1,5 @@ ---- ./config.layout.orig 2004-11-21 13:50:36.000000000 -0500 -+++ ./config.layout 2010-05-06 19:37:54.214731918 -0400 +--- config.layout.orig 2012-02-27 22:57:18 UTC ++++ config.layout @@ -281,17 +281,17 @@ bindir: ${exec_prefix}/bin sbindir: ${exec_prefix}/sbin Modified: head/www/apache22/files/patch-configure.in ============================================================================== --- head/www/apache22/files/patch-configure.in Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-configure.in Sun May 31 12:52:00 2015 (r388056) @@ -1,6 +1,6 @@ ---- ./configure.in.orig 2008-12-01 15:32:43.000000000 -0500 -+++ ./configure.in 2010-05-06 19:37:54.216730223 -0400 -@@ -87,9 +87,14 @@ +--- configure.in.orig 2013-06-27 16:59:04 UTC ++++ configure.in +@@ -87,9 +87,14 @@ if test "$apr_found" = "no"; then AC_MSG_ERROR([APR not found. Please read the documentation.]) fi @@ -16,7 +16,7 @@ [--enable-layout=*|\'--enable-layout=*]) dnl We must be the first to build and the last to be cleaned AP_BUILD_SRCLIB_DIRS="apr $AP_BUILD_SRCLIB_DIRS" -@@ -123,6 +128,11 @@ +@@ -123,6 +128,11 @@ if test "$apu_found" = "no"; then AC_MSG_ERROR([APR-util not found. Please read the documentation.]) fi @@ -28,7 +28,7 @@ # Catch some misconfigurations: case ${apr_found}.${apu_found} in reconfig.yes) -@@ -135,7 +145,7 @@ +@@ -135,7 +145,7 @@ esac if test "$apu_found" = "reconfig"; then APR_SUBDIR_CONFIG(srclib/apr-util, @@ -37,7 +37,19 @@ [--enable-layout=*|\'--enable-layout=*]) dnl We must be the last to build and the first to be cleaned AP_BUILD_SRCLIB_DIRS="$AP_BUILD_SRCLIB_DIRS apr-util" -@@ -653,8 +663,14 @@ +@@ -480,7 +490,10 @@ AC_ARG_ENABLE(v4-mapped,APACHE_HELP_STRI + ], + [ + case $host in +- *freebsd5*|*netbsd*|*openbsd*) ++ *freebsd[[1234]].*) ++ v4mapped=yes ++ ;; ++ *freebsd*|*netbsd*|*openbsd*) + v4mapped=no + ;; + *mingw*) +@@ -678,8 +691,14 @@ AC_DEFINE_UNQUOTED(HTTPD_ROOT, "${ap_pre [Root directory of the Apache install area]) AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf", [Location of the config file, relative to the Apache root directory]) Modified: head/www/apache22/files/patch-docs__conf__extra__httpd-mpm.conf.in ============================================================================== --- head/www/apache22/files/patch-docs__conf__extra__httpd-mpm.conf.in Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-docs__conf__extra__httpd-mpm.conf.in Sun May 31 12:52:00 2015 (r388056) @@ -1,5 +1,5 @@ ---- docs/conf/extra/httpd-mpm.conf.in.bak 2007-12-29 06:08:28.000000000 +0300 -+++ docs/conf/extra/httpd-mpm.conf.in 2013-01-02 05:58:13.000000000 +0400 +--- docs/conf/extra/httpd-mpm.conf.in.orig 2007-12-29 03:08:28 UTC ++++ docs/conf/extra/httpd-mpm.conf.in @@ -17,7 +17,7 @@ # Modified: head/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in ============================================================================== --- head/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in Sun May 31 12:52:00 2015 (r388056) @@ -1,6 +1,50 @@ ---- ./docs/conf/extra/httpd-ssl.conf.in.orig 2012-02-01 08:25:55.000000000 -0800 -+++ ./docs/conf/extra/httpd-ssl.conf.in 2012-02-01 08:27:23.000000000 -0800 -@@ -77,8 +77,8 @@ +--- docs/conf/extra/httpd-ssl.conf.in.orig 2013-11-11 14:00:57 UTC ++++ docs/conf/extra/httpd-ssl.conf.in +@@ -49,6 +49,43 @@ Listen @@SSLPort@@ + AddType application/x-x509-ca-cert .crt + AddType application/x-pkcs7-crl .crl + ++# SSL Cipher Suite: ++# List the ciphers that the client is permitted to negotiate, ++# and that httpd will negotiate as the client of a proxied server. ++# See the OpenSSL documentation for a complete list of ciphers, and ++# ensure these follow appropriate best practices for this deployment. ++# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers, ++# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a. ++SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 ++SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 ++ ++# By the end of 2016, only TLSv1.2 ciphers should remain in use. ++# Older ciphers should be disallowed as soon as possible, while the ++# kRSA ciphers do not offer forward secrecy. These changes inhibit ++# older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy ++# non-browser tooling) from successfully connecting. ++# ++# To restrict mod_ssl to use only TLSv1.2 ciphers, and disable ++# those protocols which do not support forward secrecy, replace ++# the SSLCipherSuite and SSLProxyCipherSuite directives above with ++# the following two directives, as soon as practical. ++# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA ++# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA ++ ++# User agents such as web browsers are not configured for the user's ++# own preference of either security or performance, therefore this ++# must be the prerogative of the web server administrator who manages ++# cpu load versus confidentiality, so enforce the server's cipher order. ++SSLHonorCipherOrder on ++ ++# SSL Protocol support: ++# List the protocol versions which clients are allowed to connect with. ++# Disable SSLv2 and SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) ++# should be disabled as quickly as practical. By the end of 2016, only ++# the TLSv1.2 protocol or later should remain in use. ++SSLProtocol all -SSLv2 -SSLv3 ++SSLProxyProtocol all -SSLv2 -SSLv3 ++ + # Pass Phrase Dialog: + # Configure the pass phrase gathering process. + # The filtering dialog program (`builtin' is a internal +@@ -77,36 +114,13 @@ SSLMutex "file:@exp_runtimedir@/ssl_mut DocumentRoot "@exp_htdocsdir@" ServerName www.example.com:@@SSLPort@@ ServerAdmin you@example.com @@ -11,7 +55,35 @@ # SSL Engine Switch: # Enable/Disable SSL for this virtual host. -@@ -243,7 +243,7 @@ + SSLEngine on + +-# SSL Protocol support: +-# List the protocol versions which clients are allowed to +-# connect with. Disable SSLv2 by default (cf. RFC 6176). +-SSLProtocol all -SSLv2 +- +-# SSL Cipher Suite: +-# List the ciphers that the client is permitted to negotiate. +-# See the mod_ssl documentation for a complete list. +-SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 +- +-# Speed-optimized SSL Cipher configuration: +-# If speed is your main concern (on busy HTTPS servers e.g.), +-# you might want to force clients to specific, performance +-# optimized ciphers. In this case, prepend those ciphers +-# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. +-# Caveat: by giving precedence to RC4-SHA and AES128-SHA +-# (as in the example below), most connections will no longer +-# have perfect forward secrecy - if the server's key is +-# compromised, captures of past or future traffic must be +-# considered compromised, too. +-#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 +-#SSLHonorCipherOrder on +- + # Server Certificate: + # Point SSLCertificateFile at a PEM encoded certificate. If + # the certificate is encrypted, then you will be prompted for a +@@ -249,7 +263,7 @@ BrowserMatch "MSIE [2-5]" \ # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. Modified: head/www/apache22/files/patch-docs__conf__extra__httpd-userdir.conf.in ============================================================================== --- head/www/apache22/files/patch-docs__conf__extra__httpd-userdir.conf.in Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-docs__conf__extra__httpd-userdir.conf.in Sun May 31 12:52:00 2015 (r388056) @@ -1,5 +1,5 @@ ---- ./docs/conf/extra/httpd-userdir.conf.in.orig 2007-03-07 02:33:58.000000000 -0500 -+++ ./docs/conf/extra/httpd-userdir.conf.in 2010-05-06 19:37:54.222730166 -0400 +--- docs/conf/extra/httpd-userdir.conf.in.orig 2007-03-07 07:33:58 UTC ++++ docs/conf/extra/httpd-userdir.conf.in @@ -8,7 +8,7 @@ # the default access control for these directories, as in the example below. # @@ -9,7 +9,7 @@ # # Control access to UserDir directories. The following is an example # for a site where these directories are restricted to read-only. -@@ -25,4 +25,3 @@ +@@ -25,4 +25,3 @@ UserDir public_html Deny from all Modified: head/www/apache22/files/patch-docs__conf__httpd.conf.in ============================================================================== --- head/www/apache22/files/patch-docs__conf__httpd.conf.in Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-docs__conf__httpd.conf.in Sun May 31 12:52:00 2015 (r388056) @@ -1,6 +1,6 @@ ---- ./docs/conf/httpd.conf.in.orig 2007-12-21 06:43:00.000000000 -0500 -+++ ./docs/conf/httpd.conf.in 2010-05-06 19:37:54.224731824 -0400 -@@ -54,6 +54,9 @@ +--- docs/conf/httpd.conf.in.orig 2012-02-06 16:54:24 UTC ++++ docs/conf/httpd.conf.in +@@ -54,6 +54,9 @@ Listen @@Port@@ # @@LoadModule@@ @@ -10,7 +10,7 @@ # -@@ -63,8 +63,8 @@ +@@ -64,8 +67,8 @@ Listen @@Port@@ # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # @@ -21,7 +21,7 @@ -@@ -113,7 +113,6 @@ +@@ -114,7 +117,6 @@ DocumentRoot "@exp_htdocsdir@" # features. # @@ -29,7 +29,7 @@ AllowOverride None Order deny,allow Deny from all -@@ -184,7 +183,7 @@ +@@ -185,7 +187,7 @@ DocumentRoot "@exp_htdocsdir@" # logged here. If you *do* define an error logfile for a # container, that host's errors will be logged there and not here. # @@ -38,7 +38,7 @@ # # LogLevel: Control the number of messages logged to the error_log. -@@ -213,13 +212,13 @@ +@@ -214,13 +216,13 @@ LogLevel warn # define per- access logfiles, transactions will be # logged therein and *not* in this file. # @@ -54,7 +54,7 @@ -@@ -408,3 +407,5 @@ +@@ -416,3 +418,5 @@ DefaultType text/plain SSLRandomSeed startup builtin SSLRandomSeed connect builtin Modified: head/www/apache22/files/patch-include__ap_config_auto.h.in ============================================================================== --- head/www/apache22/files/patch-include__ap_config_auto.h.in Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-include__ap_config_auto.h.in Sun May 31 12:52:00 2015 (r388056) @@ -1,5 +1,5 @@ ---- include/ap_config_auto.h.in.orig 2014-08-22 19:54:18.000000000 +0200 -+++ include/ap_config_auto.h.in 2015-02-28 10:25:55.191842645 +0100 +--- include/ap_config_auto.h.in.orig 2014-08-22 17:54:18 UTC ++++ include/ap_config_auto.h.in @@ -127,6 +127,12 @@ /* Define to 1 if you have the `SSL_CTX_new' function. */ #undef HAVE_SSL_CTX_NEW Modified: head/www/apache22/files/patch-include__httpd.h ============================================================================== --- head/www/apache22/files/patch-include__httpd.h Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-include__httpd.h Sun May 31 12:52:00 2015 (r388056) @@ -1,6 +1,6 @@ --- include/httpd.h.orig 2014-08-21 17:33:48 UTC +++ include/httpd.h -@@ -1905,12 +1905,6 @@ +@@ -1905,12 +1905,6 @@ AP_DECLARE(char *) ap_get_exec_line(apr_ const char *cmd, const char * const *argv); Modified: head/www/apache22/files/patch-modules__proxy__mod_proxy_connect.c ============================================================================== --- head/www/apache22/files/patch-modules__proxy__mod_proxy_connect.c Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-modules__proxy__mod_proxy_connect.c Sun May 31 12:52:00 2015 (r388056) @@ -1,5 +1,5 @@ ---- ./modules/proxy/mod_proxy_connect.c.orig 2010-12-08 20:31:34.000000000 +0100 -+++ ./modules/proxy/mod_proxy_connect.c 2012-02-02 17:12:20.000000000 +0100 +--- modules/proxy/mod_proxy_connect.c.orig 2010-12-08 19:31:34 UTC ++++ modules/proxy/mod_proxy_connect.c @@ -21,6 +21,8 @@ #include "mod_proxy.h" #include "apr_poll.h" @@ -9,7 +9,7 @@ module AP_MODULE_DECLARE_DATA proxy_connect_module; /* -@@ -71,6 +73,50 @@ +@@ -71,6 +73,50 @@ static int proxy_connect_canon(request_r return OK; } @@ -60,7 +60,7 @@ /* CONNECT handler */ static int proxy_connect_handler(request_rec *r, proxy_worker *worker, proxy_server_conf *conf, -@@ -79,11 +125,15 @@ +@@ -79,11 +125,15 @@ static int proxy_connect_handler(request { apr_pool_t *p = r->pool; apr_socket_t *sock; @@ -78,7 +78,7 @@ apr_pollset_t *pollset; apr_pollfd_t pollfd; const apr_pollfd_t *signalled; -@@ -158,12 +208,10 @@ +@@ -158,12 +208,10 @@ static int proxy_connect_handler(request case APR_URI_SNEWS_DEFAULT_PORT: break; default: @@ -93,7 +93,7 @@ } /* -@@ -205,19 +253,57 @@ +@@ -205,19 +253,57 @@ static int proxy_connect_handler(request } } @@ -158,7 +158,7 @@ /* If we are connecting through a remote proxy, we need to pass * the CONNECT request on to it. -@@ -227,12 +313,11 @@ +@@ -227,12 +313,11 @@ static int proxy_connect_handler(request */ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: CONNECT: sending the CONNECT request to the remote proxy"); @@ -175,7 +175,7 @@ } else { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, -@@ -240,11 +325,12 @@ +@@ -240,11 +325,12 @@ static int proxy_connect_handler(request nbytes = apr_snprintf(buffer, sizeof(buffer), "HTTP/1.0 200 Connection Established" CRLF); ap_xlate_proto_to_ascii(buffer, nbytes); @@ -190,7 +190,7 @@ #if 0 /* This is safer code, but it doesn't work yet. I'm leaving it * here so that I can fix it later. -@@ -264,28 +350,16 @@ +@@ -264,28 +350,16 @@ static int proxy_connect_handler(request * * Handle two way transfer of data over the socket (this is a tunnel). */ @@ -226,7 +226,7 @@ while (1) { /* Infinite loop until error (one side closes the connection) */ if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled)) != APR_SUCCESS) { if (APR_STATUS_IS_EINTR(rv)) { -@@ -297,7 +371,7 @@ +@@ -297,7 +371,7 @@ static int proxy_connect_handler(request } #ifdef DEBUGGING ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, @@ -235,7 +235,7 @@ #endif for (pi = 0; pi < pollcnt; pi++) { -@@ -307,72 +381,31 @@ +@@ -307,72 +381,31 @@ static int proxy_connect_handler(request pollevent = cur->rtnevents; if (pollevent & APR_POLLIN) { #ifdef DEBUGGING @@ -321,7 +321,7 @@ } if (rv != APR_SUCCESS) { break; -@@ -388,7 +421,9 @@ +@@ -388,7 +421,9 @@ static int proxy_connect_handler(request * Close the socket and clean up */ Modified: head/www/apache22/files/patch-modules__ssl__ssl_engine_init.c ============================================================================== --- head/www/apache22/files/patch-modules__ssl__ssl_engine_init.c Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-modules__ssl__ssl_engine_init.c Sun May 31 12:52:00 2015 (r388056) @@ -1,6 +1,6 @@ ---- modules/ssl/ssl_engine_init.c.orig 2014-07-16 08:04:38.000000000 +0200 -+++ modules/ssl/ssl_engine_init.c 2015-02-28 10:52:11.571641334 +0100 -@@ -406,9 +406,11 @@ +--- modules/ssl/ssl_engine_init.c.orig 2014-07-16 06:04:38 UTC ++++ modules/ssl/ssl_engine_init.c +@@ -406,9 +406,11 @@ void ssl_init_Engine(server_rec *s, apr_ ssl_die(); } @@ -12,7 +12,7 @@ if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, -@@ -584,6 +586,10 @@ +@@ -584,6 +586,10 @@ static void ssl_init_ctx_protocol(server #endif @@ -23,7 +23,7 @@ #ifndef OPENSSL_NO_COMP if (sc->compression != TRUE) { #ifdef SSL_OP_NO_COMPRESSION -@@ -831,7 +837,11 @@ +@@ -831,7 +837,11 @@ static void ssl_init_ctx_cert_chain(serv } } Modified: head/www/apache22/files/patch-modules__ssl__ssl_engine_rand.c ============================================================================== --- head/www/apache22/files/patch-modules__ssl__ssl_engine_rand.c Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-modules__ssl__ssl_engine_rand.c Sun May 31 12:52:00 2015 (r388056) @@ -1,6 +1,6 @@ ---- modules/ssl/ssl_engine_rand.c.orig 2006-07-12 05:38:44.000000000 +0200 -+++ modules/ssl/ssl_engine_rand.c 2015-02-28 10:47:35.481607754 +0100 -@@ -83,17 +83,6 @@ +--- modules/ssl/ssl_engine_rand.c.orig 2006-07-12 03:38:44 UTC ++++ modules/ssl/ssl_engine_rand.c +@@ -83,17 +83,6 @@ int ssl_rand_seed(server_rec *s, apr_poo nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes); ssl_util_ppclose(s, p, fp); } Modified: head/www/apache22/files/patch-modules__ssl__ssl_engine_vars.c ============================================================================== --- head/www/apache22/files/patch-modules__ssl__ssl_engine_vars.c Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-modules__ssl__ssl_engine_vars.c Sun May 31 12:52:00 2015 (r388056) @@ -1,6 +1,6 @@ ---- modules/ssl/ssl_engine_vars.c.orig 2013-02-12 12:51:17.000000000 +0100 -+++ modules/ssl/ssl_engine_vars.c 2015-02-28 10:54:21.257798164 +0100 -@@ -832,7 +832,7 @@ +--- modules/ssl/ssl_engine_vars.c.orig 2013-02-12 11:51:17 UTC ++++ modules/ssl/ssl_engine_vars.c +@@ -832,7 +832,7 @@ static char *ssl_var_lookup_ssl_compress { char *result = "NULL"; #ifdef OPENSSL_VERSION_NUMBER Modified: head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.c ============================================================================== --- head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.c Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.c Sun May 31 12:52:00 2015 (r388056) @@ -1,6 +1,6 @@ ---- modules/ssl/ssl_util_ssl.c.orig 2012-08-17 19:30:46.000000000 +0200 -+++ modules/ssl/ssl_util_ssl.c 2015-02-28 10:30:48.557501618 +0100 -@@ -492,7 +492,11 @@ +--- modules/ssl/ssl_util_ssl.c.orig 2012-08-17 17:30:46 UTC ++++ modules/ssl/ssl_util_ssl.c +@@ -492,7 +492,11 @@ BOOL SSL_X509_INFO_load_path(apr_pool_t * format, possibly followed by a sequence of CA certificates that * should be sent to the peer in the SSL Certificate message. */ Modified: head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.h ============================================================================== --- head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.h Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.h Sun May 31 12:52:00 2015 (r388056) @@ -1,6 +1,6 @@ ---- modules/ssl/ssl_util_ssl.h.orig 2012-08-17 19:30:46.000000000 +0200 -+++ modules/ssl/ssl_util_ssl.h 2015-02-28 10:33:07.042671521 +0100 -@@ -89,7 +89,11 @@ +--- modules/ssl/ssl_util_ssl.h.orig 2012-08-17 17:30:46 UTC ++++ modules/ssl/ssl_util_ssl.h +@@ -89,7 +89,11 @@ char *SSL_X509_NAME_to_string(apr_ BOOL SSL_X509_getCN(apr_pool_t *, X509 *, char **); BOOL SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); BOOL SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); Modified: head/www/apache22/files/patch-server__config.c ============================================================================== --- head/www/apache22/files/patch-server__config.c Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-server__config.c Sun May 31 12:52:00 2015 (r388056) @@ -3,9 +3,9 @@ http://lists.freebsd.org/pipermail/freeb https://issues.apache.org/bugzilla/show_bug.cgi?id=53823 ================================================================== ---- ./server/config.c.orig 2010-10-07 18:56:54.000000000 +0200 -+++ ./server/config.c 2012-09-05 08:39:18.000000000 +0200 -@@ -1979,6 +1979,11 @@ +--- server/config.c.orig 2010-10-07 16:56:54 UTC ++++ server/config.c +@@ -1979,6 +1979,11 @@ static server_rec *init_server_config(pr /* NOT virtual host; don't match any real network interface */ rv = apr_sockaddr_info_get(&s->addrs->host_addr, NULL, APR_INET, 0, 0, p); Modified: head/www/apache22/files/patch-server__core.c ============================================================================== --- head/www/apache22/files/patch-server__core.c Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-server__core.c Sun May 31 12:52:00 2015 (r388056) @@ -1,6 +1,6 @@ ---- ./server/core.c.orig 2009-07-02 17:30:36.000000000 -0400 -+++ ./server/core.c 2010-05-06 19:37:54.278731038 -0400 -@@ -500,6 +500,7 @@ +--- server/core.c.orig 2014-08-21 17:33:48 UTC ++++ server/core.c +@@ -512,6 +512,7 @@ static void *merge_core_server_configs(a core_server_config *base = (core_server_config *)basev; core_server_config *virt = (core_server_config *)virtv; core_server_config *conf; @@ -8,7 +8,7 @@ conf = (core_server_config *)apr_pmemdup(p, virt, sizeof(core_server_config)); -@@ -515,6 +516,25 @@ +@@ -527,6 +528,25 @@ static void *merge_core_server_configs(a conf->protocol = base->protocol; } @@ -34,7 +34,7 @@ conf->sec_dir = apr_array_append(p, base->sec_dir, virt->sec_dir); conf->sec_url = apr_array_append(p, base->sec_url, virt->sec_url); -@@ -2750,7 +2770,7 @@ +@@ -2778,7 +2798,7 @@ AP_DECLARE(void) ap_get_server_revision( AP_DECLARE(const char *) ap_get_server_description(void) { return server_description ? server_description : @@ -43,7 +43,7 @@ } AP_DECLARE(const char *) ap_get_server_banner(void) -@@ -2811,7 +2831,7 @@ +@@ -2839,7 +2859,7 @@ static void set_banner(apr_pool_t *pconf ap_add_version_component(pconf, AP_SERVER_BASEPRODUCT "/" AP_SERVER_MAJORVERSION); } else { @@ -52,7 +52,7 @@ } /* -@@ -2821,7 +2841,7 @@ +@@ -2849,7 +2869,7 @@ static void set_banner(apr_pool_t *pconf if (ap_server_tokens != SrvTk_FULL) { banner_locked++; } Modified: head/www/apache22/files/patch-support__Makefile.in ============================================================================== --- head/www/apache22/files/patch-support__Makefile.in Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-support__Makefile.in Sun May 31 12:52:00 2015 (r388056) @@ -1,6 +1,6 @@ ---- ./support/Makefile.in.orig 2011-04-16 21:09:47.000000000 +0200 -+++ ./support/Makefile.in 2013-09-25 21:02:44.000000000 +0200 -@@ -16,17 +16,14 @@ +--- support/Makefile.in.orig 2011-04-16 19:09:47 UTC ++++ support/Makefile.in +@@ -16,17 +16,14 @@ install: @test -d $(DESTDIR)$(sbindir) || $(MKINSTALLDIRS) $(DESTDIR)$(sbindir) @test -d $(DESTDIR)$(libexecdir) || $(MKINSTALLDIRS) $(DESTDIR)$(libexecdir) @cp -p $(top_builddir)/server/httpd.exp $(DESTDIR)$(libexecdir) Modified: head/www/apache22/files/patch-support__ab.c ============================================================================== --- head/www/apache22/files/patch-support__ab.c Sun May 31 10:59:38 2015 (r388055) +++ head/www/apache22/files/patch-support__ab.c Sun May 31 12:52:00 2015 (r388056) @@ -1,18 +1,35 @@ ---- ./support/ab.c.orig 2010-01-07 10:11:53.000000000 -0500 -+++ ./support/ab.c 2010-05-06 19:37:54.262732305 -0400 -@@ -200,9 +200,11 @@ - #else - #define AB_SSL_CIPHER_CONST - #endif -+/* prevent build issues with openssl from ports - #ifdef SSL_OP_NO_TLSv1_2 - #define HAVE_TLSV1_X - #endif -+*/ +Backport ab from apache 2.4.x (r1663405) +============================================================= +--- support/ab.c.orig 2014-03-12 11:53:12 UTC ++++ support/ab.c +@@ -156,25 +156,8 @@ + #include "ap_config_auto.h" #endif - #include -@@ -221,13 +221,18 @@ +-#if defined(HAVE_SSLC) +- +-/* Libraries for RSA SSL-C */ +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#define USE_SSL +-#define RSAREF +-#define SK_NUM(x) sk_num(x) +-#define SK_VALUE(x,y) sk_value(x,y) +-typedef STACK X509_STACK_TYPE; +- +-#elif defined(HAVE_OPENSSL) ++#if defined(HAVE_OPENSSL) + +-/* Libraries on most systems.. */ + #include + #include + #include +@@ -224,19 +207,25 @@ typedef STACK_OF(X509) X509_STACK_TYPE; /* maximum number of requests on a time limited test */ #define MAX_REQUESTS (INT_MAX > 50000 ? 50000 : INT_MAX) @@ -34,50 +51,180 @@ + STATE_READ +} connect_state_e; - #define CBUFFSIZE (2048) +-#define CBUFFSIZE (2048) ++#define CBUFFSIZE (8192) -@@ -252,6 +257,7 @@ - done; /* Connection closed */ + struct connection { + apr_pool_t *ctx; + apr_socket_t *aprsock; ++ apr_pollfd_t pollfd; + int state; + apr_size_t read; /* amount of bytes read */ + apr_size_t bread; /* amount of body read */ +@@ -267,8 +256,8 @@ struct data { + apr_interval_time_t time; /* time for connection */ + }; - int socknum; -+ apr_int16_t reqevents; /* current poll events for this socket */ - #ifdef USE_SSL - SSL *ssl; - #endif -@@ -396,6 +402,56 @@ +-#define ap_min(a,b) ((a)<(b))?(a):(b) +-#define ap_max(a,b) ((a)>(b))?(a):(b) ++#define ap_min(a,b) (((a)<(b))?(a):(b)) ++#define ap_max(a,b) (((a)>(b))?(a):(b)) + #define ap_round_ms(a) ((apr_time_t)((a) + 500)/1000) + #define ap_double_ms(a) ((double)(a)/1000.0) + #define MAX_CONCURRENCY 20000 +@@ -277,35 +266,38 @@ struct data { + + int verbosity = 0; /* no verbosity by default */ + int recverrok = 0; /* ok to proceed after socket receive errors */ +-int posting = 0; /* GET by default */ ++enum {NO_METH = 0, GET, HEAD, PUT, POST, CUSTOM_METHOD} method = NO_METH; ++const char *method_str[] = {"bug", "GET", "HEAD", "PUT", "POST", ""}; ++int send_body = 0; /* non-zero if sending body with request */ + int requests = 1; /* Number of requests to make */ + int heartbeatres = 100; /* How often do we say we're alive */ + int concurrency = 1; /* Number of multiple requests to make */ + int percentile = 1; /* Show percentile served */ ++int nolength = 0; /* Accept variable document length */ + int confidence = 1; /* Show confidence estimator and warnings */ + int tlimit = 0; /* time limit in secs */ + int keepalive = 0; /* try and do keepalive connections */ + int windowsize = 0; /* we use the OS default window size */ + char servername[1024]; /* name that server reports */ + char *hostname; /* host name from URL */ +-char *host_field; /* value of "Host:" header field */ +-char *path; /* path name */ +-char postfile[1024]; /* name of file containing post data */ ++const char *host_field; /* value of "Host:" header field */ ++const char *path; /* path name */ + char *postdata; /* *buffer containing data from postfile */ + apr_size_t postlen = 0; /* length of data to be POSTed */ +-char content_type[1024];/* content type to put in POST header */ +-char *cookie, /* optional cookie line */ +- *auth, /* optional (basic/uuencoded) auhentication */ +- *hdrs; /* optional arbitrary headers */ ++char *content_type = NULL; /* content type to put in POST header */ ++const char *cookie, /* optional cookie line */ ++ *auth, /* optional (basic/uuencoded) auhentication */ ++ *hdrs; /* optional arbitrary headers */ + apr_port_t port; /* port number */ +-char proxyhost[1024]; /* proxy host name */ ++char *proxyhost = NULL; /* proxy host name */ + int proxyport = 0; /* proxy port */ +-char *connecthost; ++const char *connecthost; ++const char *myhost; + apr_port_t connectport; +-char *gnuplot; /* GNUplot file */ +-char *csvperc; /* CSV Percentile file */ +-char url[1024]; +-char * fullurl, * colonhost; ++const char *gnuplot; /* GNUplot file */ ++const char *csvperc; /* CSV Percentile file */ ++const char *fullurl; ++const char *colonhost; + int isproxy = 0; + apr_interval_time_t aprtimeout = apr_time_from_sec(30); /* timeout value */ + +@@ -348,7 +340,7 @@ BIO *bio_out,*bio_err; + apr_time_t start, lasttime, stoptime; + + /* global request (and its length) */ +-char _request[2048]; ++char _request[8192]; + char *request = _request; + apr_size_t reqlen; + +@@ -364,6 +356,7 @@ apr_pool_t *cntxt; + + apr_pollset_t *readbits; + ++apr_sockaddr_t *mysa; + apr_sockaddr_t *destsa; + + #ifdef NOT_ASCII +@@ -377,7 +370,7 @@ static void close_connection(struct conn + + /* simple little function to write an error string and exit */ + +-static void err(char *s) ++static void err(const char *s) + { + fprintf(stderr, "%s\n", s); + if (done) +@@ -387,7 +380,7 @@ static void err(char *s) + + /* simple little function to write an APR error string and exit */ + +-static void apr_err(char *s, apr_status_t rv) ++static void apr_err(const char *s, apr_status_t rv) + { + char buf[120]; + +@@ -399,6 +392,87 @@ static void apr_err(char *s, apr_status_ exit(rv); } ++static void *xmalloc(size_t size) ++{ ++ void *ret = malloc(size); ++ if (ret == NULL) { ++ fprintf(stderr, "Could not allocate memory (%" ++ APR_SIZE_T_FMT" bytes)\n", size); ++ exit(1); ++ } ++ return ret; ++} ++ ++static void *xcalloc(size_t num, size_t size) ++{ ++ void *ret = calloc(num, size); ++ if (ret == NULL) { ++ fprintf(stderr, "Could not allocate memory (%" ++ APR_SIZE_T_FMT" bytes)\n", size*num); ++ exit(1); ++ } ++ return ret; ++} ++ ++static char *xstrdup(const char *s) ++{ ++ char *ret = strdup(s); ++ if (ret == NULL) { ++ fprintf(stderr, "Could not allocate memory (%" ++ APR_SIZE_T_FMT " bytes)\n", strlen(s)); ++ exit(1); ++ } ++ return ret; ++} ++ ++/* pool abort function */ ++static int abort_on_oom(int retcode) ++{ ++ fprintf(stderr, "Could not allocate memory\n"); ++ exit(1); ++ /* not reached */ ++ return retcode; ++} ++ +static void set_polled_events(struct connection *c, apr_int16_t new_reqevents) +{ -+ apr_int16_t old_reqevents = c->reqevents; -+ apr_pollfd_t pfd; + apr_status_t rv; -+ char buf[120]; + -+ if (old_reqevents != new_reqevents) { -+ pfd.desc_type = APR_POLL_SOCKET; -+ pfd.desc.s = c->aprsock; -+ pfd.client_data = c; -+ -+ if (old_reqevents != 0) { -+ pfd.reqevents = old_reqevents; -+ rv = apr_pollset_remove(readbits, &pfd); ++ if (c->pollfd.reqevents != new_reqevents) { ++ if (c->pollfd.reqevents != 0) { ++ rv = apr_pollset_remove(readbits, &c->pollfd); + if (rv != APR_SUCCESS) { + apr_err("apr_pollset_remove()", rv); + } + } + + if (new_reqevents != 0) { -+ pfd.reqevents = new_reqevents; -+ rv = apr_pollset_add(readbits, &pfd); ++ c->pollfd.reqevents = new_reqevents; ++ rv = apr_pollset_add(readbits, &c->pollfd); + if (rv != APR_SUCCESS) { + apr_err("apr_pollset_add()", rv); -+ exit(1); + } + } -+ -+ c->reqevents = new_reqevents; + } +} + @@ -101,7 +248,66 @@ /* --------------------------------------------------------- */ /* write out request to a connection - assumes we can write * (small) request out in one go into our new socket buffer -@@ -569,7 +625,6 @@ +@@ -464,7 +538,6 @@ static int ssl_rand_choosenum(int l, int + + static void ssl_rand_seed(void) + { +- int nDone = 0; + int n, l; + time_t t; + pid_t pid; +@@ -476,7 +549,6 @@ static void ssl_rand_seed(void) + t = time(NULL); + l = sizeof(time_t); + RAND_seed((unsigned char *)&t, l); +- nDone += l; + + /* + * seed in the current process id (usually just 4 bytes) +@@ -484,14 +556,12 @@ static void ssl_rand_seed(void) + pid = getpid(); + l = sizeof(pid_t); + RAND_seed((unsigned char *)&pid, l); +- nDone += l; + + /* + * seed in some current state of the run-time stack (128 bytes) + */ + n = ssl_rand_choosenum(0, sizeof(stackdata)-128-1); + RAND_seed(stackdata+n, 128); +- nDone += 128; + } + + static int ssl_print_connection_info(BIO *bio, SSL *ssl) +@@ -514,6 +584,7 @@ static int ssl_print_connection_info(BIO + static void ssl_print_cert_info(BIO *bio, X509 *cert) + { + X509_NAME *dn; ++ EVP_PKEY *pk; + char buf[1024]; + + BIO_printf(bio, "Certificate version: %ld\n", X509_get_version(cert)+1); +@@ -525,8 +596,10 @@ static void ssl_print_cert_info(BIO *bio + ASN1_UTCTIME_print(bio, X509_get_notAfter(cert)); + BIO_printf(bio,"\n"); + ++ pk = X509_get_pubkey(cert); + BIO_printf(bio,"Public key is %d bits\n", +- EVP_PKEY_bits(X509_get_pubkey(cert))); ++ EVP_PKEY_bits(pk)); ++ EVP_PKEY_free(pk); + + dn = X509_get_issuer_name(cert); + X509_NAME_oneline(dn, buf, sizeof(buf)); +@@ -553,7 +626,6 @@ static void ssl_print_info(struct connec + for (i=1; issl); +@@ -574,7 +646,6 @@ static void ssl_proceed_handshake(struct while (do_next) { int ret, ecode; @@ -109,7 +315,16 @@ ret = SSL_do_handshake(c->ssl); ecode = SSL_get_error(c->ssl, ret); -@@ -601,11 +656,7 @@ +@@ -596,7 +667,7 @@ static void ssl_proceed_handshake(struct + else + pk_bits = 0; /* Anon DH */ + +- ssl_info = malloc(128); ++ ssl_info = xmalloc(128); + apr_snprintf(ssl_info, 128, "%s,%s,%d,%d", + SSL_get_version(c->ssl), + SSL_CIPHER_get_name(ci), +@@ -606,11 +677,7 @@ static void ssl_proceed_handshake(struct do_next = 0; *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***