From owner-svn-ports-all@freebsd.org Fri Jul 20 14:34:25 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0B0631047BAE; Fri, 20 Jul 2018 14:34:25 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AC3ED7F8A1; Fri, 20 Jul 2018 14:34:24 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8D403117A9; Fri, 20 Jul 2018 14:34:24 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w6KEYOeP008110; Fri, 20 Jul 2018 14:34:24 GMT (envelope-from joneum@FreeBSD.org) Received: (from joneum@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w6KEYNZI008101; Fri, 20 Jul 2018 14:34:23 GMT (envelope-from joneum@FreeBSD.org) Message-Id: <201807201434.w6KEYNZI008101@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: joneum set sender to joneum@FreeBSD.org using -f From: Jochen Neumeister Date: Fri, 20 Jul 2018 14:34:23 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r475020 - in branches/2018Q3/www/apache24: . files X-SVN-Group: ports-branches X-SVN-Commit-Author: joneum X-SVN-Commit-Paths: in branches/2018Q3/www/apache24: . files X-SVN-Commit-Revision: 475020 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jul 2018 14:34:25 -0000 Author: joneum Date: Fri Jul 20 14:34:23 2018 New Revision: 475020 URL: https://svnweb.freebsd.org/changeset/ports/475020 Log: MFH: r475018 www/apache24: Update to 2.4.34 - fixes vulns in mod_http2 and mod_md - include SSL_* options in alphabetic ordering - Remove unneeded SSL_CFLAGS and _LDFLAGS - Remove WITH_HTTP_PORT and WITH_SSL_PORT - Remove trailing whitespace - Fix build with HTTP2 but without SSL [1] PR: 229802, 227944 [1] With hat: apache Approved by: brnrd (apache) Security: 8b1a50ab-8a8e-11e8-add2-b499baebfeaf Differential Revision: https://reviews.freebsd.org/D16294 Approved by: ports-secteam (miwi) Modified: branches/2018Q3/www/apache24/Makefile branches/2018Q3/www/apache24/distinfo branches/2018Q3/www/apache24/files/patch-modules_md_md__crypt.c branches/2018Q3/www/apache24/pkg-descr branches/2018Q3/www/apache24/pkg-message branches/2018Q3/www/apache24/pkg-plist Directory Properties: branches/2018Q3/ (props changed) Modified: branches/2018Q3/www/apache24/Makefile ============================================================================== --- branches/2018Q3/www/apache24/Makefile Fri Jul 20 14:30:50 2018 (r475019) +++ branches/2018Q3/www/apache24/Makefile Fri Jul 20 14:34:23 2018 (r475020) @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= apache24 -PORTVERSION= 2.4.33 -PORTREVISION= 1 +PORTVERSION= 2.4.34 CATEGORIES= www ipv6 MASTER_SITES= APACHE_HTTPD DISTNAME= httpd-${PORTVERSION} @@ -37,9 +36,6 @@ SUB_LIST+= MPMF="000_mpm_prefork_fallback.conf" USERS= www GROUPS= www -WITH_HTTP_PORT?= 80 -WITH_SSL_PORT?= 443 - .include "${.CURDIR}/Makefile.options" .include "${.CURDIR}/Makefile.options.desc" OPTIONS_SUB= yes @@ -69,8 +65,10 @@ MPM_SHARED_SUB_LIST_OFF= MPM_FALLBACK_CHECK="\#" AUTHNZ_LDAP_CONFIGURE_ON= --enable-authnz-ldap BROTLI_CONFIGURE_WITH= brotli=${LOCALBASE} BROTLI_LIB_DEPENDS= libbrotlicommon.so:archivers/brotli -HTTP2_CONFIGURE_ON= --with-nghttp2=${LOCALBASE} +HTTP2_CONFIGURE_ON= --with-nghttp2=${LOCALBASE} \ + --with-ssl=${OPENSSLBASE} HTTP2_LIB_DEPENDS= libnghttp2.so:www/libnghttp2 +HTTP2_USES= ssl IPV4_MAPPED_CONFIGURE_ENABLE= v4-mapped LDAP_CONFIGURE_ON= --enable-ldap=shared LUAJIT_LIB_DEPENDS= libluajit-5.1.so:lang/luajit @@ -80,7 +78,7 @@ LUA_CONFIGURE_WITH= lua=${LOCALBASE} LUA_USES= lua MD_CONFIGURE_ON= --with-curl=${LOCALBASE} \ --with-jansson=${LOCALBASE} \ - --with-openssl=${OPENSSLBASE} + --with-ssl=${OPENSSLBASE} MD_LIB_DEPENDS= libcurl.so:ftp/curl \ libjansson.so:devel/jansson MD_USES= ssl @@ -89,14 +87,11 @@ PROXY_HTTP2_CONFIGURE_ON= --with-nghttp2=${LOCALBASE} PROXY_HTTP2_LIB_DEPENDS= libnghttp2.so:www/libnghttp2 SOCACHE_DC_CONFIGURE_ON= --with-distcache=${LOCALBASE} SOCACHE_DC_LIB_DEPENDS= libdistcache.so:security/distcache -XML2ENC_USE= GNOME=libxml2 - # Note: OpenSSL version (base/ports) depends how devel/apr1 was built # apu-1-config --(includes|ldflags) and apr_rules.mk -SSL_CFLAGS= -I${OPENSSLINC} SSL_CONFIGURE_ON= --with-ssl=${OPENSSLBASE} -SSL_LDFLAGS= -L${OPENSSLLIB} SSL_USES= ssl +XML2ENC_USE= GNOME=libxml2 ETC_SUBDIRS= Includes envvars.d extra modules.d @@ -112,9 +107,6 @@ PREFIX_RELDEST= ${PREFIX:S,^${DESTDIR},,} CONFIGURE_ARGS+=--prefix=${PREFIX_RELDEST} \ --enable-layout=FreeBSD \ - --with-port=${WITH_HTTP_PORT} \ - --with-sslport=${WITH_SSL_PORT} \ - --with-expat=${LOCALBASE} \ --enable-http \ --with-pcre=${LOCALBASE} \ --with-apr=${APR_CONFIG} \ @@ -157,7 +149,7 @@ IGNORE= AUTH_BASIC and AUTH_DIGEST need at least one A .endif .if ${PORT_OPTIONS:MAUTH_BASIC} && empty(PORT_OPTIONS:MAUTHZ*) -IGNORE= AUTH_BASIC need at least one AUTHZ provider +IGNORE= AUTH_BASIC needs at least one AUTHZ provider .endif # Non options-NG option handling @@ -167,7 +159,7 @@ CONFIGURE_ARGS+= --with-libxml2=${LOCALBASE}/include/l CONFIGURE_ARGS+= --without-libxml2 .endif -# WITH_STATIC_SUPPORT, WITH_DEBUG, WITH_EXCEPTION_HOOK +# WITH_STATIC_SUPPORT, WITH_DEBUG, WITH_EXCEPTION_HOOK # Only to be used for special builds .if defined(WITH_STATIC_SUPPORT) CONFIGURE_ARGS+= --enable-static-support Modified: branches/2018Q3/www/apache24/distinfo ============================================================================== --- branches/2018Q3/www/apache24/distinfo Fri Jul 20 14:30:50 2018 (r475019) +++ branches/2018Q3/www/apache24/distinfo Fri Jul 20 14:34:23 2018 (r475020) @@ -1,3 +1,3 @@ -TIMESTAMP = 1521377807 -SHA256 (apache24/httpd-2.4.33.tar.bz2) = de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05 -SIZE (apache24/httpd-2.4.33.tar.bz2) = 6934765 +TIMESTAMP = 1531769087 +SHA256 (apache24/httpd-2.4.34.tar.bz2) = fa53c95631febb08a9de41fd2864cfff815cf62d9306723ab0d4b8d7aa1638f0 +SIZE (apache24/httpd-2.4.34.tar.bz2) = 6942969 Modified: branches/2018Q3/www/apache24/files/patch-modules_md_md__crypt.c ============================================================================== --- branches/2018Q3/www/apache24/files/patch-modules_md_md__crypt.c Fri Jul 20 14:30:50 2018 (r475019) +++ branches/2018Q3/www/apache24/files/patch-modules_md_md__crypt.c Fri Jul 20 14:34:23 2018 (r475020) @@ -1,11 +1,19 @@ ---- modules/md/md_crypt.c.orig 2018-01-30 10:20:50 UTC +Upstream https://svn.apache.org/viewvc?view=revision&revision=1836096 + +On the 2.4.x branch: + +merge r1836095 from trunk: +* using the, hopefully correct, ever elusive libressl version numbering check + for the new openssl API calls, fixes PR 62548. + +--- modules/md/md_crypt.c.orig 2018-06-29 11:53:50 UTC +++ modules/md/md_crypt.c -@@ -471,7 +471,7 @@ apr_status_t md_pkey_gen(md_pkey_t **ppk - } - } +@@ -52,7 +52,7 @@ --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) - - #ifndef NID_tlsfeature - #define NID_tlsfeature 1020 + #if defined(LIBRESSL_VERSION_NUMBER) + /* Missing from LibreSSL */ +-#define MD_USE_OPENSSL_PRE_1_1_API (LIBRESSL_VERSION_NUMBER < 0x2080000f) ++#define MD_USE_OPENSSL_PRE_1_1_API (LIBRESSL_VERSION_NUMBER < 0x2070000f) + #else /* defined(LIBRESSL_VERSION_NUMBER) */ + #define MD_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L) + #endif Modified: branches/2018Q3/www/apache24/pkg-descr ============================================================================== --- branches/2018Q3/www/apache24/pkg-descr Fri Jul 20 14:30:50 2018 (r475019) +++ branches/2018Q3/www/apache24/pkg-descr Fri Jul 20 14:34:23 2018 (r475020) @@ -6,4 +6,4 @@ services in sync with the current HTTP standards. The 2.x branch of Apache Web Server includes several improvements like threading, use of APR, native IPv6 and SSL support, and many more. -WWW: http://httpd.apache.org/ +WWW: https://httpd.apache.org/ Modified: branches/2018Q3/www/apache24/pkg-message ============================================================================== --- branches/2018Q3/www/apache24/pkg-message Fri Jul 20 14:30:50 2018 (r475019) +++ branches/2018Q3/www/apache24/pkg-message Fri Jul 20 14:34:23 2018 (r475020) @@ -20,4 +20,3 @@ Please compare the existing httpd.conf with httpd.conf and merge missing modules/instructions into httpd.conf! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - Modified: branches/2018Q3/www/apache24/pkg-plist ============================================================================== --- branches/2018Q3/www/apache24/pkg-plist Fri Jul 20 14:30:50 2018 (r475019) +++ branches/2018Q3/www/apache24/pkg-plist Fri Jul 20 14:34:23 2018 (r475020) @@ -253,7 +253,7 @@ sbin/split-logfile %%DATADIR%%/misc/index.html @postexec [ -f %D/%%WWWDIR%%/data/index.html ] || cp %D/%%DATADIR%%/misc/index.html %D/%%WWWDIR%%/data/index.html @(,,0400) %%WWWDIR%%/cgi-bin/printenv -@comment %%WWWDIR%%/cgi-bin/printenv.vbs +@comment %%WWWDIR%%/cgi-bin/printenv.vbs @comment %%WWWDIR%%/cgi-bin/printenv.wsf @(,,0400) %%WWWDIR%%/cgi-bin/test-cgi %%WWWDIR%%/error/HTTP_BAD_GATEWAY.html.var