Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 31 May 2015 12:52:01 +0000 (UTC)
From:      Olli Hauer <ohauer@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r388056 - in head/www/apache22: . files
Message-ID:  <201505311252.t4VCq1AA025911@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: ohauer
Date: Sun May 31 12:52:00 2015
New Revision: 388056
URL: https://svnweb.freebsd.org/changeset/ports/388056

Log:
  - use @sample for conf files
  - backport ab from 2.4.x
  - fix mode for suexec, cgi test files
  - adopt http-ssl.conf.in from upstream trunk
  - rebuild some patches

Modified:
  head/www/apache22/Makefile
  head/www/apache22/files/patch-Makefile.in
  head/www/apache22/files/patch-acinclude.m4
  head/www/apache22/files/patch-config.layout
  head/www/apache22/files/patch-configure.in
  head/www/apache22/files/patch-docs__conf__extra__httpd-mpm.conf.in
  head/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in
  head/www/apache22/files/patch-docs__conf__extra__httpd-userdir.conf.in
  head/www/apache22/files/patch-docs__conf__httpd.conf.in
  head/www/apache22/files/patch-include__ap_config_auto.h.in
  head/www/apache22/files/patch-include__httpd.h
  head/www/apache22/files/patch-modules__proxy__mod_proxy_connect.c
  head/www/apache22/files/patch-modules__ssl__ssl_engine_init.c
  head/www/apache22/files/patch-modules__ssl__ssl_engine_rand.c
  head/www/apache22/files/patch-modules__ssl__ssl_engine_vars.c
  head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.c
  head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.h
  head/www/apache22/files/patch-server__config.c
  head/www/apache22/files/patch-server__core.c
  head/www/apache22/files/patch-support__Makefile.in
  head/www/apache22/files/patch-support__ab.c
  head/www/apache22/files/patch-support__apachectl.in
  head/www/apache22/files/patch-support__apxs.in
  head/www/apache22/files/patch-support__envvars-std.in
  head/www/apache22/files/patch-support__log_server_status.in
  head/www/apache22/pkg-plist

Modified: head/www/apache22/Makefile
==============================================================================
--- head/www/apache22/Makefile	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/Makefile	Sun May 31 12:52:00 2015	(r388056)
@@ -2,7 +2,7 @@
 
 PORTNAME=	apache22
 PORTVERSION=	2.2.29
-PORTREVISION?=	3
+PORTREVISION?=	4
 CATEGORIES=	www ipv6
 MASTER_SITES=	APACHE_HTTPD
 DISTNAME=	httpd-${PORTVERSION}
@@ -95,11 +95,12 @@ CONFIGURE_ARGS+=--prefix=${PREFIX} \
 		--with-apr=${APR_CONFIG} \
 		--with-apr-util=${APU_CONFIG}
 
-CONFIGURE_ENV=	LOCALBASE="${LOCALBASE}"
+CONFIGURE_ENV=	CONFIG_SHELL="${SH}" \
+		LOCALBASE="${LOCALBASE}"
 
 MAKE_ENV+=	EXPR_COMPAT=yes \
 		INSTALL_MAN="${INSTALL_MAN}" \
-		EXAMPLESDIR=${EXAMPLESDIR}
+		DATADIR=${DATADIR}
 
 #=====================================================
 # CONFIGURE_ARGS will be handled in Makefile.modules,
@@ -131,7 +132,7 @@ post-extract:
 # remove possible leftover .svn directories in the sources
 	@${FIND} ${WRKSRC} -type d -name .svn -print | ${XARGS} ${RM} -rf
 # limit grep results ...
-	@${FIND} ${WRKSRC} -type f \( -name 'NWGNU*' -o -name '*.ds?' -o -name '*.dep' -o -name '*.mak' -o -name '*.win' \) -delete
+	${FIND} ${WRKSRC} -type f \( -name 'NWGNU*' -o -name '*.ds?' -o -name '*.dep' -o -name '*.mak' -o -name '*.win' -o -name '*.vbs' -o -name '*.wsf' \) -delete
 
 # make qa script happy, it complains on empty dirs even 'PORTDOCS=*' is set
 # use RMDIR in case upstream ever place some files into this dirs
@@ -184,8 +185,6 @@ post-install:
 	${INSTALL_DATA} ${FILESDIR}/no-accf.conf ${STAGEDIR}${ETCDIR}/Includes/
 # place for 3rd party module configuration
 	${INSTALL_DATA} ${FILESDIR}/README_modules.d ${STAGEDIR}${ETCDIR}/modules.d/
-	@${MKDIR} ${STAGEDIR}/${EXAMPLESDIR}/modules.d
-	${INSTALL_DATA} ${FILESDIR}/README_modules.d ${STAGEDIR}${EXAMPLESDIR}/modules.d
 # strip returns an error for non binary files, but we have a big mix
 	-${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/* 2>/dev/null
 	-${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/apache22/mod_*.so

Modified: head/www/apache22/files/patch-Makefile.in
==============================================================================
--- head/www/apache22/files/patch-Makefile.in	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-Makefile.in	Sun May 31 12:52:00 2015	(r388056)
@@ -1,28 +1,46 @@
---- ./Makefile.in.orig	2008-11-25 21:24:49.000000000 +0100
-+++ ./Makefile.in	2014-07-08 06:12:16.000000000 +0200
-@@ -31,12 +31,10 @@
+--- Makefile.in.orig	2008-11-25 20:24:49 UTC
++++ Makefile.in
+@@ -31,12 +31,9 @@ include $(top_srcdir)/build/program.mk
  install-conf:
  	@echo Installing configuration files
  	@$(MKINSTALLDIRS) $(DESTDIR)$(sysconfdir) $(DESTDIR)$(sysconfdir)/extra
 -	@$(MKINSTALLDIRS) $(DESTDIR)$(sysconfdir)/original/extra
-+	@$(MKINSTALLDIRS) $(DESTDIR)$(EXAMPLESDIR) $(DESTDIR)$(EXAMPLESDIR)/extra
  	@cd $(top_srcdir)/docs/conf; \
  	for i in mime.types magic; do \
 -	    if test ! -f $(DESTDIR)$(sysconfdir)/$$i; then \
 -	        $(INSTALL_DATA) $$i $(DESTDIR)$(sysconfdir); \
 -	    fi; \
-+	    $(INSTALL_DATA) $$i $(DESTDIR)$(EXAMPLESDIR); \
++	    $(INSTALL_DATA) $$i $(DESTDIR)$(sysconfdir)/$${i}.sample; \
  	done; \
  	for j in $(top_srcdir)/docs/conf $(top_builddir)/docs/conf ; do \
  	    cd $$j ; \
-@@ -69,15 +67,12 @@
+@@ -59,7 +56,17 @@ install-conf:
+ 	    				< $$i; \
+ 	    			for j in $(DSO_MODULES) "^EOL^"; do \
+ 	    				if test $$j != "^EOL^"; then \
+-	    					echo "LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
++						if test $$j == "cgid"; then \
++						echo "<IfModule !mpm_prefork_module>"; \
++						echo "LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
++						echo "</IfModule>"; \
++						elif test $$j == "cgi"; then \
++						echo "<IfModule mpm_prefork_module>"; \
++						echo "LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
++						echo "</IfModule>"; \
++						else \
++						echo "LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
++						fi; \
+ 	    				fi; \
+ 	    			done; \
+ 	    			sed -e '1,/@@LoadModule@@/d' \
+@@ -69,15 +76,12 @@ install-conf:
  	    				-e 's#@@SSLPort@@#$(SSLPORT)#g' \
  	    				< $$i; \
  	    		fi \
 -	    	) > $(DESTDIR)$(sysconfdir)/original/$$i; \
 -	    	chmod 0644 $(DESTDIR)$(sysconfdir)/original/$$i; \
-+	    	) > $(DESTDIR)$(EXAMPLESDIR)/$$i; \
-+	    	chmod 0644 $(DESTDIR)$(EXAMPLESDIR)/$$i; \
++	    	) > $(DESTDIR)$(sysconfdir)/$${i}.sample; \
++	    	chmod 0644 $(DESTDIR)$(sysconfdir)/$${i}.sample; \
  	    	file=$$i; \
  	    	if [ "$$i" = "httpd.conf" ]; then \
  	    		file=`echo $$i|sed s/.*.conf/$(PROGRAM_NAME).conf/`; \
@@ -33,7 +51,7 @@
  	    	fi; \
  	    done ; \
  	done ; \
-@@ -120,48 +115,25 @@
+@@ -120,48 +124,25 @@ dox:
  	doxygen $(top_srcdir)/docs/doxygen.conf
  
  install-htdocs:
@@ -50,8 +68,8 @@
 -		cd $(DESTDIR)$(htdocsdir) && find . -name ".svn" -type d -print | xargs rm -rf 2>/dev/null || true; \
 -	    fi; \
 -	fi
-+	    $(MKINSTALLDIRS) $(DESTDIR)$(EXAMPLESDIR) ; \
-+		test -d $(htdocs-srcdir) && (cd $(htdocs-srcdir) && cp -rp index.html $(DESTDIR)$(EXAMPLESDIR)) || true
++	    $(MKINSTALLDIRS) $(DESTDIR)$(DATADIR)/misc ; \
++		test -d $(htdocs-srcdir) && (cd $(htdocs-srcdir) && cp -rp index.html $(DESTDIR)$(DATADIR)/misc) || true
  
  install-error:
 -	-@if [ -d $(DESTDIR)$(errordir) ]; then \
@@ -91,7 +109,7 @@
  
  install-other:
  	@test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir)
-@@ -210,12 +182,7 @@
+@@ -210,12 +191,7 @@ install-man:
  	@test -d $(DESTDIR)$(manualdir)   || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir)
  	@cp -p $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1
  	@cp -p $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8

Modified: head/www/apache22/files/patch-acinclude.m4
==============================================================================
--- head/www/apache22/files/patch-acinclude.m4	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-acinclude.m4	Sun May 31 12:52:00 2015	(r388056)
@@ -1,9 +1,10 @@
---- acinclude.m4.orig	2012-07-06 17:23:21.000000000 +0200
-+++ acinclude.m4	2015-02-28 10:22:26.577650967 +0100
-@@ -455,6 +455,8 @@
+--- acinclude.m4.orig	2012-07-06 15:23:21 UTC
++++ acinclude.m4
+@@ -455,6 +455,9 @@ if test "x$ap_ssltk_configured" = "x"; t
      AC_CHECK_HEADERS([openssl/engine.h])
      AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"])
      AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines])
++    dnl PR 196256, https://issues.apache.org/bugzilla/show_bug.cgi?id=57395
 +    AC_CHECK_FUNCS([SSL_CTX_use_certificate_chain])
 +    AC_CHECK_LIB(crypto, RAND_egd, AC_DEFINE(HAVE_SSL_RAND_EGD, 1, [Define if the libcrypto has RAND_egd]))
    else

Modified: head/www/apache22/files/patch-config.layout
==============================================================================
--- head/www/apache22/files/patch-config.layout	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-config.layout	Sun May 31 12:52:00 2015	(r388056)
@@ -1,5 +1,5 @@
---- ./config.layout.orig	2004-11-21 13:50:36.000000000 -0500
-+++ ./config.layout	2010-05-06 19:37:54.214731918 -0400
+--- config.layout.orig	2012-02-27 22:57:18 UTC
++++ config.layout
 @@ -281,17 +281,17 @@
    bindir:        ${exec_prefix}/bin
    sbindir:       ${exec_prefix}/sbin

Modified: head/www/apache22/files/patch-configure.in
==============================================================================
--- head/www/apache22/files/patch-configure.in	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-configure.in	Sun May 31 12:52:00 2015	(r388056)
@@ -1,6 +1,6 @@
---- ./configure.in.orig	2008-12-01 15:32:43.000000000 -0500
-+++ ./configure.in	2010-05-06 19:37:54.216730223 -0400
-@@ -87,9 +87,14 @@
+--- configure.in.orig	2013-06-27 16:59:04 UTC
++++ configure.in
+@@ -87,9 +87,14 @@ if test "$apr_found" = "no"; then
    AC_MSG_ERROR([APR not found.  Please read the documentation.])
  fi
  
@@ -16,7 +16,7 @@
                      [--enable-layout=*|\'--enable-layout=*])
    dnl We must be the first to build and the last to be cleaned
    AP_BUILD_SRCLIB_DIRS="apr $AP_BUILD_SRCLIB_DIRS"
-@@ -123,6 +128,11 @@
+@@ -123,6 +128,11 @@ if test "$apu_found" = "no"; then
    AC_MSG_ERROR([APR-util not found.  Please read the documentation.])
  fi
  
@@ -28,7 +28,7 @@
  # Catch some misconfigurations:
  case ${apr_found}.${apu_found} in
  reconfig.yes)
-@@ -135,7 +145,7 @@
+@@ -135,7 +145,7 @@ esac  
  
  if test "$apu_found" = "reconfig"; then
    APR_SUBDIR_CONFIG(srclib/apr-util,
@@ -37,7 +37,19 @@
                      [--enable-layout=*|\'--enable-layout=*])
    dnl We must be the last to build and the first to be cleaned
    AP_BUILD_SRCLIB_DIRS="$AP_BUILD_SRCLIB_DIRS apr-util"
-@@ -653,8 +663,14 @@
+@@ -480,7 +490,10 @@ AC_ARG_ENABLE(v4-mapped,APACHE_HELP_STRI
+ ],
+ [
+     case $host in
+-    *freebsd5*|*netbsd*|*openbsd*)
++    *freebsd[[1234]].*)
++        v4mapped=yes
++        ;;
++    *freebsd*|*netbsd*|*openbsd*)
+         v4mapped=no
+         ;;
+     *mingw*)
+@@ -678,8 +691,14 @@ AC_DEFINE_UNQUOTED(HTTPD_ROOT, "${ap_pre
  	[Root directory of the Apache install area])
  AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf",
  	[Location of the config file, relative to the Apache root directory])

Modified: head/www/apache22/files/patch-docs__conf__extra__httpd-mpm.conf.in
==============================================================================
--- head/www/apache22/files/patch-docs__conf__extra__httpd-mpm.conf.in	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-docs__conf__extra__httpd-mpm.conf.in	Sun May 31 12:52:00 2015	(r388056)
@@ -1,5 +1,5 @@
---- docs/conf/extra/httpd-mpm.conf.in.bak	2007-12-29 06:08:28.000000000 +0300
-+++ docs/conf/extra/httpd-mpm.conf.in	2013-01-02 05:58:13.000000000 +0400
+--- docs/conf/extra/httpd-mpm.conf.in.orig	2007-12-29 03:08:28 UTC
++++ docs/conf/extra/httpd-mpm.conf.in
 @@ -17,7 +17,7 @@
  #
  <IfModule !mpm_winnt_module>

Modified: head/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in
==============================================================================
--- head/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in	Sun May 31 12:52:00 2015	(r388056)
@@ -1,6 +1,50 @@
---- ./docs/conf/extra/httpd-ssl.conf.in.orig	2012-02-01 08:25:55.000000000 -0800
-+++ ./docs/conf/extra/httpd-ssl.conf.in	2012-02-01 08:27:23.000000000 -0800
-@@ -77,8 +77,8 @@
+--- docs/conf/extra/httpd-ssl.conf.in.orig	2013-11-11 14:00:57 UTC
++++ docs/conf/extra/httpd-ssl.conf.in
+@@ -49,6 +49,43 @@ Listen @@SSLPort@@
+ AddType application/x-x509-ca-cert .crt
+ AddType application/x-pkcs7-crl    .crl
+ 
++#   SSL Cipher Suite:
++#   List the ciphers that the client is permitted to negotiate,
++#   and that httpd will negotiate as the client of a proxied server.
++#   See the OpenSSL documentation for a complete list of ciphers, and
++#   ensure these follow appropriate best practices for this deployment.
++#   httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
++#   while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
++SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
++SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
++
++#  By the end of 2016, only TLSv1.2 ciphers should remain in use.
++#  Older ciphers should be disallowed as soon as possible, while the
++#  kRSA ciphers do not offer forward secrecy.  These changes inhibit
++#  older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy
++#  non-browser tooling) from successfully connecting.  
++#
++#  To restrict mod_ssl to use only TLSv1.2 ciphers, and disable
++#  those protocols which do not support forward secrecy, replace
++#  the SSLCipherSuite and SSLProxyCipherSuite directives above with
++#  the following two directives, as soon as practical.
++# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
++# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
++
++#   User agents such as web browsers are not configured for the user's
++#   own preference of either security or performance, therefore this
++#   must be the prerogative of the web server administrator who manages
++#   cpu load versus confidentiality, so enforce the server's cipher order.
++SSLHonorCipherOrder on 
++
++#   SSL Protocol support:
++#   List the protocol versions which clients are allowed to connect with.
++#   Disable SSLv2 and SSLv3 by default (cf. RFC 7525 3.1.1).  TLSv1 (1.0)
++#   should be disabled as quickly as practical.  By the end of 2016, only
++#   the TLSv1.2 protocol or later should remain in use.
++SSLProtocol all -SSLv2 -SSLv3
++SSLProxyProtocol all -SSLv2 -SSLv3
++
+ #   Pass Phrase Dialog:
+ #   Configure the pass phrase gathering process.
+ #   The filtering dialog program (`builtin' is a internal
+@@ -77,36 +114,13 @@ SSLMutex  "file:@exp_runtimedir@/ssl_mut
  DocumentRoot "@exp_htdocsdir@"
  ServerName www.example.com:@@SSLPort@@
  ServerAdmin you@example.com
@@ -11,7 +55,35 @@
  
  #   SSL Engine Switch:
  #   Enable/Disable SSL for this virtual host.
-@@ -243,7 +243,7 @@
+ SSLEngine on
+ 
+-#   SSL Protocol support:
+-#   List the protocol versions which clients are allowed to
+-#   connect with. Disable SSLv2 by default (cf. RFC 6176).
+-SSLProtocol all -SSLv2
+-
+-#   SSL Cipher Suite:
+-#   List the ciphers that the client is permitted to negotiate.
+-#   See the mod_ssl documentation for a complete list.
+-SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
+-
+-#   Speed-optimized SSL Cipher configuration:
+-#   If speed is your main concern (on busy HTTPS servers e.g.),
+-#   you might want to force clients to specific, performance
+-#   optimized ciphers. In this case, prepend those ciphers
+-#   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
+-#   Caveat: by giving precedence to RC4-SHA and AES128-SHA
+-#   (as in the example below), most connections will no longer
+-#   have perfect forward secrecy - if the server's key is
+-#   compromised, captures of past or future traffic must be
+-#   considered compromised, too.
+-#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
+-#SSLHonorCipherOrder on 
+- 
+ #   Server Certificate:
+ #   Point SSLCertificateFile at a PEM encoded certificate.  If
+ #   the certificate is encrypted, then you will be prompted for a
+@@ -249,7 +263,7 @@ BrowserMatch "MSIE [2-5]" \
  #   Per-Server Logging:
  #   The home of a custom SSL log file. Use this when you want a
  #   compact non-error SSL logfile on a virtual host basis.

Modified: head/www/apache22/files/patch-docs__conf__extra__httpd-userdir.conf.in
==============================================================================
--- head/www/apache22/files/patch-docs__conf__extra__httpd-userdir.conf.in	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-docs__conf__extra__httpd-userdir.conf.in	Sun May 31 12:52:00 2015	(r388056)
@@ -1,5 +1,5 @@
---- ./docs/conf/extra/httpd-userdir.conf.in.orig	2007-03-07 02:33:58.000000000 -0500
-+++ ./docs/conf/extra/httpd-userdir.conf.in	2010-05-06 19:37:54.222730166 -0400
+--- docs/conf/extra/httpd-userdir.conf.in.orig	2007-03-07 07:33:58 UTC
++++ docs/conf/extra/httpd-userdir.conf.in
 @@ -8,7 +8,7 @@
  # the default access control for these directories, as in the example below.
  #
@@ -9,7 +9,7 @@
  #
  # Control access to UserDir directories.  The following is an example
  # for a site where these directories are restricted to read-only.
-@@ -25,4 +25,3 @@
+@@ -25,4 +25,3 @@ UserDir public_html
          Deny from all
      </LimitExcept>
  </Directory>

Modified: head/www/apache22/files/patch-docs__conf__httpd.conf.in
==============================================================================
--- head/www/apache22/files/patch-docs__conf__httpd.conf.in	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-docs__conf__httpd.conf.in	Sun May 31 12:52:00 2015	(r388056)
@@ -1,6 +1,6 @@
---- ./docs/conf/httpd.conf.in.orig	2007-12-21 06:43:00.000000000 -0500
-+++ ./docs/conf/httpd.conf.in	2010-05-06 19:37:54.224731824 -0400
-@@ -54,6 +54,9 @@
+--- docs/conf/httpd.conf.in.orig	2012-02-06 16:54:24 UTC
++++ docs/conf/httpd.conf.in
+@@ -54,6 +54,9 @@ Listen @@Port@@
  #
  @@LoadModule@@
  
@@ -10,7 +10,7 @@
  <IfModule !mpm_netware_module>
  <IfModule !mpm_winnt_module>
  #
-@@ -63,8 +63,8 @@
+@@ -64,8 +67,8 @@ Listen @@Port@@
  # It is usually good practice to create a dedicated user and group for
  # running httpd, as with most system services.
  #
@@ -21,7 +21,7 @@
  
  </IfModule>
  </IfModule>
-@@ -113,7 +113,6 @@
+@@ -114,7 +117,6 @@ DocumentRoot "@exp_htdocsdir@"
  # features.  
  #
  <Directory />
@@ -29,7 +29,7 @@
      AllowOverride None
      Order deny,allow
      Deny from all
-@@ -184,7 +183,7 @@
+@@ -185,7 +187,7 @@ DocumentRoot "@exp_htdocsdir@"
  # logged here.  If you *do* define an error logfile for a <VirtualHost>
  # container, that host's errors will be logged there and not here.
  #
@@ -38,7 +38,7 @@
  
  #
  # LogLevel: Control the number of messages logged to the error_log.
-@@ -213,13 +212,13 @@
+@@ -214,13 +216,13 @@ LogLevel warn
      # define per-<VirtualHost> access logfiles, transactions will be
      # logged therein and *not* in this file.
      #
@@ -54,7 +54,7 @@
  </IfModule>
  
  <IfModule alias_module>
-@@ -408,3 +407,5 @@
+@@ -416,3 +418,5 @@ DefaultType text/plain
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  </IfModule>

Modified: head/www/apache22/files/patch-include__ap_config_auto.h.in
==============================================================================
--- head/www/apache22/files/patch-include__ap_config_auto.h.in	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-include__ap_config_auto.h.in	Sun May 31 12:52:00 2015	(r388056)
@@ -1,5 +1,5 @@
---- include/ap_config_auto.h.in.orig	2014-08-22 19:54:18.000000000 +0200
-+++ include/ap_config_auto.h.in	2015-02-28 10:25:55.191842645 +0100
+--- include/ap_config_auto.h.in.orig	2014-08-22 17:54:18 UTC
++++ include/ap_config_auto.h.in
 @@ -127,6 +127,12 @@
  /* Define to 1 if you have the `SSL_CTX_new' function. */
  #undef HAVE_SSL_CTX_NEW

Modified: head/www/apache22/files/patch-include__httpd.h
==============================================================================
--- head/www/apache22/files/patch-include__httpd.h	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-include__httpd.h	Sun May 31 12:52:00 2015	(r388056)
@@ -1,6 +1,6 @@
 --- include/httpd.h.orig	2014-08-21 17:33:48 UTC
 +++ include/httpd.h
-@@ -1905,12 +1905,6 @@
+@@ -1905,12 +1905,6 @@ AP_DECLARE(char *) ap_get_exec_line(apr_
                                      const char *cmd,
                                      const char * const *argv);
  

Modified: head/www/apache22/files/patch-modules__proxy__mod_proxy_connect.c
==============================================================================
--- head/www/apache22/files/patch-modules__proxy__mod_proxy_connect.c	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-modules__proxy__mod_proxy_connect.c	Sun May 31 12:52:00 2015	(r388056)
@@ -1,5 +1,5 @@
---- ./modules/proxy/mod_proxy_connect.c.orig	2010-12-08 20:31:34.000000000 +0100
-+++ ./modules/proxy/mod_proxy_connect.c	2012-02-02 17:12:20.000000000 +0100
+--- modules/proxy/mod_proxy_connect.c.orig	2010-12-08 19:31:34 UTC
++++ modules/proxy/mod_proxy_connect.c
 @@ -21,6 +21,8 @@
  #include "mod_proxy.h"
  #include "apr_poll.h"
@@ -9,7 +9,7 @@
  module AP_MODULE_DECLARE_DATA proxy_connect_module;
  
  /*
-@@ -71,6 +73,50 @@
+@@ -71,6 +73,50 @@ static int proxy_connect_canon(request_r
      return OK;
  }
  
@@ -60,7 +60,7 @@
  /* CONNECT handler */
  static int proxy_connect_handler(request_rec *r, proxy_worker *worker,
                                   proxy_server_conf *conf,
-@@ -79,11 +125,15 @@
+@@ -79,11 +125,15 @@ static int proxy_connect_handler(request
  {
      apr_pool_t *p = r->pool;
      apr_socket_t *sock;
@@ -78,7 +78,7 @@
      apr_pollset_t *pollset;
      apr_pollfd_t pollfd;
      const apr_pollfd_t *signalled;
-@@ -158,12 +208,10 @@
+@@ -158,12 +208,10 @@ static int proxy_connect_handler(request
              case APR_URI_SNEWS_DEFAULT_PORT:
                  break;
              default:
@@ -93,7 +93,7 @@
      }
  
      /*
-@@ -205,19 +253,57 @@
+@@ -205,19 +253,57 @@ static int proxy_connect_handler(request
          }
      }
  
@@ -158,7 +158,7 @@
  
      /* If we are connecting through a remote proxy, we need to pass
       * the CONNECT request on to it.
-@@ -227,12 +313,11 @@
+@@ -227,12 +313,11 @@ static int proxy_connect_handler(request
       */
          ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
               "proxy: CONNECT: sending the CONNECT request to the remote proxy");
@@ -175,7 +175,7 @@
      }
      else {
          ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
-@@ -240,11 +325,12 @@
+@@ -240,11 +325,12 @@ static int proxy_connect_handler(request
          nbytes = apr_snprintf(buffer, sizeof(buffer),
                    "HTTP/1.0 200 Connection Established" CRLF);
          ap_xlate_proto_to_ascii(buffer, nbytes);
@@ -190,7 +190,7 @@
  #if 0
          /* This is safer code, but it doesn't work yet.  I'm leaving it
           * here so that I can fix it later.
-@@ -264,28 +350,16 @@
+@@ -264,28 +350,16 @@ static int proxy_connect_handler(request
       *
       * Handle two way transfer of data over the socket (this is a tunnel).
       */
@@ -226,7 +226,7 @@
      while (1) { /* Infinite loop until error (one side closes the connection) */
          if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled)) != APR_SUCCESS) {
              if (APR_STATUS_IS_EINTR(rv)) { 
-@@ -297,7 +371,7 @@
+@@ -297,7 +371,7 @@ static int proxy_connect_handler(request
          }
  #ifdef DEBUGGING
          ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
@@ -235,7 +235,7 @@
  #endif
  
          for (pi = 0; pi < pollcnt; pi++) {
-@@ -307,72 +381,31 @@
+@@ -307,72 +381,31 @@ static int proxy_connect_handler(request
                  pollevent = cur->rtnevents;
                  if (pollevent & APR_POLLIN) {
  #ifdef DEBUGGING
@@ -321,7 +321,7 @@
          }
          if (rv != APR_SUCCESS) {
              break;
-@@ -388,7 +421,9 @@
+@@ -388,7 +421,9 @@ static int proxy_connect_handler(request
       * Close the socket and clean up
       */
  

Modified: head/www/apache22/files/patch-modules__ssl__ssl_engine_init.c
==============================================================================
--- head/www/apache22/files/patch-modules__ssl__ssl_engine_init.c	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-modules__ssl__ssl_engine_init.c	Sun May 31 12:52:00 2015	(r388056)
@@ -1,6 +1,6 @@
---- modules/ssl/ssl_engine_init.c.orig	2014-07-16 08:04:38.000000000 +0200
-+++ modules/ssl/ssl_engine_init.c	2015-02-28 10:52:11.571641334 +0100
-@@ -406,9 +406,11 @@
+--- modules/ssl/ssl_engine_init.c.orig	2014-07-16 06:04:38 UTC
++++ modules/ssl/ssl_engine_init.c
+@@ -406,9 +406,11 @@ void ssl_init_Engine(server_rec *s, apr_
              ssl_die();
          }
  
@@ -12,7 +12,7 @@
  
          if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
              ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-@@ -584,6 +586,10 @@
+@@ -584,6 +586,10 @@ static void ssl_init_ctx_protocol(server
  #endif
  
  
@@ -23,7 +23,7 @@
  #ifndef OPENSSL_NO_COMP
      if (sc->compression != TRUE) {
  #ifdef SSL_OP_NO_COMPRESSION
-@@ -831,7 +837,11 @@
+@@ -831,7 +837,11 @@ static void ssl_init_ctx_cert_chain(serv
          }
      }
  

Modified: head/www/apache22/files/patch-modules__ssl__ssl_engine_rand.c
==============================================================================
--- head/www/apache22/files/patch-modules__ssl__ssl_engine_rand.c	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-modules__ssl__ssl_engine_rand.c	Sun May 31 12:52:00 2015	(r388056)
@@ -1,6 +1,6 @@
---- modules/ssl/ssl_engine_rand.c.orig	2006-07-12 05:38:44.000000000 +0200
-+++ modules/ssl/ssl_engine_rand.c	2015-02-28 10:47:35.481607754 +0100
-@@ -83,17 +83,6 @@
+--- modules/ssl/ssl_engine_rand.c.orig	2006-07-12 03:38:44 UTC
++++ modules/ssl/ssl_engine_rand.c
+@@ -83,17 +83,6 @@ int ssl_rand_seed(server_rec *s, apr_poo
                  nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
                  ssl_util_ppclose(s, p, fp);
              }

Modified: head/www/apache22/files/patch-modules__ssl__ssl_engine_vars.c
==============================================================================
--- head/www/apache22/files/patch-modules__ssl__ssl_engine_vars.c	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-modules__ssl__ssl_engine_vars.c	Sun May 31 12:52:00 2015	(r388056)
@@ -1,6 +1,6 @@
---- modules/ssl/ssl_engine_vars.c.orig	2013-02-12 12:51:17.000000000 +0100
-+++ modules/ssl/ssl_engine_vars.c	2015-02-28 10:54:21.257798164 +0100
-@@ -832,7 +832,7 @@
+--- modules/ssl/ssl_engine_vars.c.orig	2013-02-12 11:51:17 UTC
++++ modules/ssl/ssl_engine_vars.c
+@@ -832,7 +832,7 @@ static char *ssl_var_lookup_ssl_compress
  {
      char *result = "NULL";
  #ifdef OPENSSL_VERSION_NUMBER

Modified: head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.c
==============================================================================
--- head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.c	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.c	Sun May 31 12:52:00 2015	(r388056)
@@ -1,6 +1,6 @@
---- modules/ssl/ssl_util_ssl.c.orig	2012-08-17 19:30:46.000000000 +0200
-+++ modules/ssl/ssl_util_ssl.c	2015-02-28 10:30:48.557501618 +0100
-@@ -492,7 +492,11 @@
+--- modules/ssl/ssl_util_ssl.c.orig	2012-08-17 17:30:46 UTC
++++ modules/ssl/ssl_util_ssl.c
+@@ -492,7 +492,11 @@ BOOL SSL_X509_INFO_load_path(apr_pool_t 
   * format, possibly followed by a sequence of CA certificates that
   * should be sent to the peer in the SSL Certificate message.
   */

Modified: head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.h
==============================================================================
--- head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.h	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.h	Sun May 31 12:52:00 2015	(r388056)
@@ -1,6 +1,6 @@
---- modules/ssl/ssl_util_ssl.h.orig	2012-08-17 19:30:46.000000000 +0200
-+++ modules/ssl/ssl_util_ssl.h	2015-02-28 10:33:07.042671521 +0100
-@@ -89,7 +89,11 @@
+--- modules/ssl/ssl_util_ssl.h.orig	2012-08-17 17:30:46 UTC
++++ modules/ssl/ssl_util_ssl.h
+@@ -89,7 +89,11 @@ char       *SSL_X509_NAME_to_string(apr_
  BOOL        SSL_X509_getCN(apr_pool_t *, X509 *, char **);
  BOOL        SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
  BOOL        SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);

Modified: head/www/apache22/files/patch-server__config.c
==============================================================================
--- head/www/apache22/files/patch-server__config.c	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-server__config.c	Sun May 31 12:52:00 2015	(r388056)
@@ -3,9 +3,9 @@ http://lists.freebsd.org/pipermail/freeb
 https://issues.apache.org/bugzilla/show_bug.cgi?id=53823
 
 ==================================================================
---- ./server/config.c.orig	2010-10-07 18:56:54.000000000 +0200
-+++ ./server/config.c	2012-09-05 08:39:18.000000000 +0200
-@@ -1979,6 +1979,11 @@
+--- server/config.c.orig	2010-10-07 16:56:54 UTC
++++ server/config.c
+@@ -1979,6 +1979,11 @@ static server_rec *init_server_config(pr
      /* NOT virtual host; don't match any real network interface */
      rv = apr_sockaddr_info_get(&s->addrs->host_addr,
                                 NULL, APR_INET, 0, 0, p);

Modified: head/www/apache22/files/patch-server__core.c
==============================================================================
--- head/www/apache22/files/patch-server__core.c	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-server__core.c	Sun May 31 12:52:00 2015	(r388056)
@@ -1,6 +1,6 @@
---- ./server/core.c.orig	2009-07-02 17:30:36.000000000 -0400
-+++ ./server/core.c	2010-05-06 19:37:54.278731038 -0400
-@@ -500,6 +500,7 @@
+--- server/core.c.orig	2014-08-21 17:33:48 UTC
++++ server/core.c
+@@ -512,6 +512,7 @@ static void *merge_core_server_configs(a
      core_server_config *base = (core_server_config *)basev;
      core_server_config *virt = (core_server_config *)virtv;
      core_server_config *conf;
@@ -8,7 +8,7 @@
  
      conf = (core_server_config *)apr_pmemdup(p, virt, sizeof(core_server_config));
  
-@@ -515,6 +516,25 @@
+@@ -527,6 +528,25 @@ static void *merge_core_server_configs(a
          conf->protocol = base->protocol;
      }
  
@@ -34,7 +34,7 @@
      conf->sec_dir = apr_array_append(p, base->sec_dir, virt->sec_dir);
      conf->sec_url = apr_array_append(p, base->sec_url, virt->sec_url);
  
-@@ -2750,7 +2770,7 @@
+@@ -2778,7 +2798,7 @@ AP_DECLARE(void) ap_get_server_revision(
  AP_DECLARE(const char *) ap_get_server_description(void)
  {
      return server_description ? server_description :
@@ -43,7 +43,7 @@
  }
  
  AP_DECLARE(const char *) ap_get_server_banner(void)
-@@ -2811,7 +2831,7 @@
+@@ -2839,7 +2859,7 @@ static void set_banner(apr_pool_t *pconf
          ap_add_version_component(pconf, AP_SERVER_BASEPRODUCT "/" AP_SERVER_MAJORVERSION);
      }
      else {
@@ -52,7 +52,7 @@
      }
  
      /*
-@@ -2821,7 +2841,7 @@
+@@ -2849,7 +2869,7 @@ static void set_banner(apr_pool_t *pconf
      if (ap_server_tokens != SrvTk_FULL) {
          banner_locked++;
      }

Modified: head/www/apache22/files/patch-support__Makefile.in
==============================================================================
--- head/www/apache22/files/patch-support__Makefile.in	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-support__Makefile.in	Sun May 31 12:52:00 2015	(r388056)
@@ -1,6 +1,6 @@
---- ./support/Makefile.in.orig	2011-04-16 21:09:47.000000000 +0200
-+++ ./support/Makefile.in	2013-09-25 21:02:44.000000000 +0200
-@@ -16,17 +16,14 @@
+--- support/Makefile.in.orig	2011-04-16 19:09:47 UTC
++++ support/Makefile.in
+@@ -16,17 +16,14 @@ install:
  	@test -d $(DESTDIR)$(sbindir) || $(MKINSTALLDIRS) $(DESTDIR)$(sbindir)
  	@test -d $(DESTDIR)$(libexecdir) || $(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
  	@cp -p $(top_builddir)/server/httpd.exp $(DESTDIR)$(libexecdir)

Modified: head/www/apache22/files/patch-support__ab.c
==============================================================================
--- head/www/apache22/files/patch-support__ab.c	Sun May 31 10:59:38 2015	(r388055)
+++ head/www/apache22/files/patch-support__ab.c	Sun May 31 12:52:00 2015	(r388056)
@@ -1,18 +1,35 @@
---- ./support/ab.c.orig	2010-01-07 10:11:53.000000000 -0500
-+++ ./support/ab.c	2010-05-06 19:37:54.262732305 -0400
-@@ -200,9 +200,11 @@
- #else
- #define AB_SSL_CIPHER_CONST
- #endif
-+/* prevent build issues with openssl from ports
- #ifdef SSL_OP_NO_TLSv1_2
- #define HAVE_TLSV1_X
- #endif
-+*/
+Backport ab from apache 2.4.x (r1663405)
+=============================================================
+--- support/ab.c.orig	2014-03-12 11:53:12 UTC
++++ support/ab.c
+@@ -156,25 +156,8 @@
+ #include "ap_config_auto.h"
  #endif
  
- #include <math.h>
-@@ -221,13 +221,18 @@
+-#if defined(HAVE_SSLC)
+-
+-/* Libraries for RSA SSL-C */
+-#include <rsa.h>
+-#include <x509.h>
+-#include <pem.h>
+-#include <err.h>
+-#include <ssl.h>
+-#include <r_rand.h>
+-#include <sslc.h>
+-#define USE_SSL
+-#define RSAREF
+-#define SK_NUM(x) sk_num(x)
+-#define SK_VALUE(x,y) sk_value(x,y)
+-typedef STACK X509_STACK_TYPE;
+-
+-#elif defined(HAVE_OPENSSL)
++#if defined(HAVE_OPENSSL)
+ 
+-/* Libraries on most systems.. */
+ #include <openssl/rsa.h>
+ #include <openssl/crypto.h>
+ #include <openssl/x509.h>
+@@ -224,19 +207,25 @@ typedef STACK_OF(X509) X509_STACK_TYPE;
  /* maximum number of requests on a time limited test */
  #define MAX_REQUESTS (INT_MAX > 50000 ? 50000 : INT_MAX)
  
@@ -34,50 +51,180 @@
 +    STATE_READ
 +} connect_state_e;
  
- #define CBUFFSIZE (2048)
+-#define CBUFFSIZE (2048)
++#define CBUFFSIZE (8192)
  
-@@ -252,6 +257,7 @@
-                done;            /* Connection closed */
+ struct connection {
+     apr_pool_t *ctx;
+     apr_socket_t *aprsock;
++    apr_pollfd_t pollfd;
+     int state;
+     apr_size_t read;            /* amount of bytes read */
+     apr_size_t bread;           /* amount of body read */
+@@ -267,8 +256,8 @@ struct data {
+     apr_interval_time_t time;     /* time for connection */
+ };
  
-     int socknum;
-+    apr_int16_t reqevents;      /* current poll events for this socket */
- #ifdef USE_SSL
-     SSL *ssl;
- #endif
-@@ -396,6 +402,56 @@
+-#define ap_min(a,b) ((a)<(b))?(a):(b)
+-#define ap_max(a,b) ((a)>(b))?(a):(b)
++#define ap_min(a,b) (((a)<(b))?(a):(b))
++#define ap_max(a,b) (((a)>(b))?(a):(b))
+ #define ap_round_ms(a) ((apr_time_t)((a) + 500)/1000)
+ #define ap_double_ms(a) ((double)(a)/1000.0)
+ #define MAX_CONCURRENCY 20000
+@@ -277,35 +266,38 @@ struct data {
+ 
+ int verbosity = 0;      /* no verbosity by default */
+ int recverrok = 0;      /* ok to proceed after socket receive errors */
+-int posting = 0;        /* GET by default */
++enum {NO_METH = 0, GET, HEAD, PUT, POST, CUSTOM_METHOD} method = NO_METH;
++const char *method_str[] = {"bug", "GET", "HEAD", "PUT", "POST", ""};
++int send_body = 0;      /* non-zero if sending body with request */
+ int requests = 1;       /* Number of requests to make */
+ int heartbeatres = 100; /* How often do we say we're alive */
+ int concurrency = 1;    /* Number of multiple requests to make */
+ int percentile = 1;     /* Show percentile served */
++int nolength = 0;       /* Accept variable document length */
+ int confidence = 1;     /* Show confidence estimator and warnings */
+ int tlimit = 0;         /* time limit in secs */
+ int keepalive = 0;      /* try and do keepalive connections */
+ int windowsize = 0;     /* we use the OS default window size */
+ char servername[1024];  /* name that server reports */
+ char *hostname;         /* host name from URL */
+-char *host_field;       /* value of "Host:" header field */
+-char *path;             /* path name */
+-char postfile[1024];    /* name of file containing post data */
++const char *host_field;       /* value of "Host:" header field */
++const char *path;             /* path name */
+ char *postdata;         /* *buffer containing data from postfile */
+ apr_size_t postlen = 0; /* length of data to be POSTed */
+-char content_type[1024];/* content type to put in POST header */
+-char *cookie,           /* optional cookie line */
+-     *auth,             /* optional (basic/uuencoded) auhentication */
+-     *hdrs;             /* optional arbitrary headers */
++char *content_type = NULL;     /* content type to put in POST header */
++const char *cookie,           /* optional cookie line */
++           *auth,             /* optional (basic/uuencoded) auhentication */
++           *hdrs;             /* optional arbitrary headers */
+ apr_port_t port;        /* port number */
+-char proxyhost[1024];   /* proxy host name */
++char *proxyhost = NULL; /* proxy host name */
+ int proxyport = 0;      /* proxy port */
+-char *connecthost;
++const char *connecthost;
++const char *myhost;
+ apr_port_t connectport;
+-char *gnuplot;          /* GNUplot file */
+-char *csvperc;          /* CSV Percentile file */
+-char url[1024];
+-char * fullurl, * colonhost;
++const char *gnuplot;          /* GNUplot file */
++const char *csvperc;          /* CSV Percentile file */
++const char *fullurl;
++const char *colonhost;
+ int isproxy = 0;
+ apr_interval_time_t aprtimeout = apr_time_from_sec(30); /* timeout value */
+ 
+@@ -348,7 +340,7 @@ BIO *bio_out,*bio_err;
+ apr_time_t start, lasttime, stoptime;
+ 
+ /* global request (and its length) */
+-char _request[2048];
++char _request[8192];
+ char *request = _request;
+ apr_size_t reqlen;
+ 
+@@ -364,6 +356,7 @@ apr_pool_t *cntxt;
+ 
+ apr_pollset_t *readbits;
+ 
++apr_sockaddr_t *mysa;
+ apr_sockaddr_t *destsa;
+ 
+ #ifdef NOT_ASCII
+@@ -377,7 +370,7 @@ static void close_connection(struct conn
+ 
+ /* simple little function to write an error string and exit */
+ 
+-static void err(char *s)
++static void err(const char *s)
+ {
+     fprintf(stderr, "%s\n", s);
+     if (done)
+@@ -387,7 +380,7 @@ static void err(char *s)
+ 
+ /* simple little function to write an APR error string and exit */
+ 
+-static void apr_err(char *s, apr_status_t rv)
++static void apr_err(const char *s, apr_status_t rv)
+ {
+     char buf[120];
+ 
+@@ -399,6 +392,87 @@ static void apr_err(char *s, apr_status_
      exit(rv);
  }
  
++static void *xmalloc(size_t size)
++{
++    void *ret = malloc(size);
++    if (ret == NULL) {
++        fprintf(stderr, "Could not allocate memory (%"
++                APR_SIZE_T_FMT" bytes)\n", size);
++        exit(1);
++    }
++    return ret;
++}
++
++static void *xcalloc(size_t num, size_t size)
++{
++    void *ret = calloc(num, size);
++    if (ret == NULL) {
++        fprintf(stderr, "Could not allocate memory (%"
++                APR_SIZE_T_FMT" bytes)\n", size*num);
++        exit(1);
++    }
++    return ret;
++}
++
++static char *xstrdup(const char *s)
++{
++    char *ret = strdup(s);
++    if (ret == NULL) {
++        fprintf(stderr, "Could not allocate memory (%"
++                APR_SIZE_T_FMT " bytes)\n", strlen(s));
++        exit(1);
++    }
++    return ret;
++}
++
++/* pool abort function */
++static int abort_on_oom(int retcode)
++{
++    fprintf(stderr, "Could not allocate memory\n");
++    exit(1);
++    /* not reached */
++    return retcode;
++}
++
 +static void set_polled_events(struct connection *c, apr_int16_t new_reqevents)
 +{
-+    apr_int16_t old_reqevents = c->reqevents;
-+    apr_pollfd_t pfd;
 +    apr_status_t rv;
-+    char buf[120];
 +
-+    if (old_reqevents != new_reqevents) {
-+        pfd.desc_type = APR_POLL_SOCKET;
-+        pfd.desc.s = c->aprsock;
-+        pfd.client_data = c;
-+
-+        if (old_reqevents != 0) {
-+            pfd.reqevents = old_reqevents;
-+            rv = apr_pollset_remove(readbits, &pfd);
++    if (c->pollfd.reqevents != new_reqevents) {
++        if (c->pollfd.reqevents != 0) {
++            rv = apr_pollset_remove(readbits, &c->pollfd);
 +            if (rv != APR_SUCCESS) {
 +                apr_err("apr_pollset_remove()", rv);
 +            }
 +        }
 +
 +        if (new_reqevents != 0) {
-+            pfd.reqevents = new_reqevents;
-+            rv = apr_pollset_add(readbits, &pfd);
++            c->pollfd.reqevents = new_reqevents;
++            rv = apr_pollset_add(readbits, &c->pollfd);
 +            if (rv != APR_SUCCESS) {
 +                apr_err("apr_pollset_add()", rv);
-+                exit(1);
 +            }
 +        }
-+
-+        c->reqevents = new_reqevents;
 +    }
 +}
 +
@@ -101,7 +248,66 @@
  /* --------------------------------------------------------- */
  /* write out request to a connection - assumes we can write
   * (small) request out in one go into our new socket buffer
-@@ -569,7 +625,6 @@
+@@ -464,7 +538,6 @@ static int ssl_rand_choosenum(int l, int
+ 
+ static void ssl_rand_seed(void)
+ {
+-    int nDone = 0;
+     int n, l;
+     time_t t;
+     pid_t pid;
+@@ -476,7 +549,6 @@ static void ssl_rand_seed(void)
+     t = time(NULL);
+     l = sizeof(time_t);
+     RAND_seed((unsigned char *)&t, l);
+-    nDone += l;
+ 
+     /*
+      * seed in the current process id (usually just 4 bytes)
+@@ -484,14 +556,12 @@ static void ssl_rand_seed(void)
+     pid = getpid();
+     l = sizeof(pid_t);
+     RAND_seed((unsigned char *)&pid, l);
+-    nDone += l;
+ 
+     /*
+      * seed in some current state of the run-time stack (128 bytes)
+      */
+     n = ssl_rand_choosenum(0, sizeof(stackdata)-128-1);
+     RAND_seed(stackdata+n, 128);
+-    nDone += 128;
+ }
+ 
+ static int ssl_print_connection_info(BIO *bio, SSL *ssl)
+@@ -514,6 +584,7 @@ static int ssl_print_connection_info(BIO
+ static void ssl_print_cert_info(BIO *bio, X509 *cert)
+ {
+     X509_NAME *dn;
++    EVP_PKEY *pk;
+     char buf[1024];
+ 
+     BIO_printf(bio, "Certificate version: %ld\n", X509_get_version(cert)+1);
+@@ -525,8 +596,10 @@ static void ssl_print_cert_info(BIO *bio
+     ASN1_UTCTIME_print(bio, X509_get_notAfter(cert));
+     BIO_printf(bio,"\n");
+ 
++    pk = X509_get_pubkey(cert);
+     BIO_printf(bio,"Public key is %d bits\n",
+-               EVP_PKEY_bits(X509_get_pubkey(cert)));
++               EVP_PKEY_bits(pk));
++    EVP_PKEY_free(pk);
+ 
+     dn = X509_get_issuer_name(cert);
+     X509_NAME_oneline(dn, buf, sizeof(buf));
+@@ -553,7 +626,6 @@ static void ssl_print_info(struct connec
+         for (i=1; i<count; i++) {
+             cert = (X509 *)SK_VALUE(sk, i);
+             ssl_print_cert_info(bio_out, cert);
+-            X509_free(cert);
+     }
+     }
+     cert = SSL_get_peer_certificate(c->ssl);
+@@ -574,7 +646,6 @@ static void ssl_proceed_handshake(struct
  
      while (do_next) {
          int ret, ecode;
@@ -109,7 +315,16 @@
  
          ret = SSL_do_handshake(c->ssl);
          ecode = SSL_get_error(c->ssl, ret);
-@@ -601,11 +656,7 @@
+@@ -596,7 +667,7 @@ static void ssl_proceed_handshake(struct
+                 else
+                     pk_bits = 0;  /* Anon DH */
+ 
+-                ssl_info = malloc(128);
++                ssl_info = xmalloc(128);
+                 apr_snprintf(ssl_info, 128, "%s,%s,%d,%d",
+                              SSL_get_version(c->ssl),
+                              SSL_CIPHER_get_name(ci),
+@@ -606,11 +677,7 @@ static void ssl_proceed_handshake(struct
              do_next = 0;

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201505311252.t4VCq1AA025911>