diff options
| author | Olli Hauer <ohauer@FreeBSD.org> | 2015-01-31 15:22:51 +0000 |
|---|---|---|
| committer | Olli Hauer <ohauer@FreeBSD.org> | 2015-01-31 15:22:51 +0000 |
| commit | 5391a9beb25ff182889d175356652b09d50248ac (patch) | |
| tree | dcd30bc82233b25763d1750b23d08afd11943175 /www/apache24/files | |
| parent | Update WWW. Old URL no longer exists. (diff) | |
- update to 2.4.12
- change MPM backend from static to dynamic,
but keep mpm_prefork for compatiblity with e.g. php modules
- install dedicated MPM load file in case httpd was build with modular MPM
(modules.d/000_mpm_prefork_fallback.conf)
- disable SSLv3 and SSLv2 fallback in sample httpd-ssl-conf
- use @sample macro instead EXAMPLESDIR
- add some SSLCipherSuite examples for OpenSSL >= 1.0.x
- add libressl support [1]
- add pkg-install script (to handle new modular MPM build)
- build now most all modules, so users using packages don't have
to run a custom build for missing modules
- fix suexec mode
PR: 196139 [1]
MFH: 2015Q1
Diffstat (limited to 'www/apache24/files')
21 files changed, 346 insertions, 77 deletions
diff --git a/www/apache24/files/patch-Makefile.in b/www/apache24/files/patch-Makefile.in index 532ee840ef9f..3f275064fb9b 100644 --- a/www/apache24/files/patch-Makefile.in +++ b/www/apache24/files/patch-Makefile.in @@ -1,28 +1,65 @@ ---- ./Makefile.in.orig 2012-12-17 12:50:41.000000000 +0100 -+++ ./Makefile.in 2014-07-08 06:27:38.000000000 +0200 -@@ -32,12 +32,10 @@ +--- Makefile.in.orig 2012-12-17 11:50:41 UTC ++++ Makefile.in +@@ -32,12 +32,9 @@ include $(top_srcdir)/build/program.mk install-conf: @echo Installing configuration files @$(MKINSTALLDIRS) $(DESTDIR)$(sysconfdir) $(DESTDIR)$(sysconfdir)/extra - @$(MKINSTALLDIRS) $(DESTDIR)$(sysconfdir)/original/extra -+ @$(MKINSTALLDIRS) $(DESTDIR)$(EXAMPLESDIR) $(DESTDIR)$(EXAMPLESDIR)/extra @cd $(top_srcdir)/docs/conf; \ for i in mime.types magic; do \ - if test ! -f $(DESTDIR)$(sysconfdir)/$$i; then \ - $(INSTALL_DATA) $$i $(DESTDIR)$(sysconfdir); \ - fi; \ -+ $(INSTALL_DATA) $$i $(DESTDIR)$(EXAMPLESDIR); \ ++ $(INSTALL_DATA) $$i $(DESTDIR)$(sysconfdir)/$${i}.sample; \ done; \ for j in $(top_srcdir)/docs/conf $(top_builddir)/docs/conf ; do \ cd $$j ; \ -@@ -78,15 +76,12 @@ +@@ -58,6 +55,16 @@ install-conf: + -e 's#@@SSLPort@@#$(SSLPORT)#g' \ + -e 'p' \ + < $$i; \ ++ if echo " $(DSO_MODULES) "|$(EGREP) " cgi " > /dev/null ; then \ ++ have_cgi="1"; \ ++ else \ ++ have_cgi="0"; \ ++ fi; \ ++ if echo " $(DSO_MODULES) "|$(EGREP) " cgid " > /dev/null ; then \ ++ have_cgid="1"; \ ++ else \ ++ have_cgid="0"; \ ++ fi; \ + for j in $(DSO_MODULES) "^EOL^"; do \ + if test $$j != "^EOL^"; then \ + if echo ",$(ENABLED_DSO_MODULES),"|$(EGREP) ",$$j," > /dev/null ; then \ +@@ -68,8 +75,18 @@ install-conf: + if test "$(LOAD_ALL_MODULES)" = "yes"; then \ + loading_disabled=""; \ + fi; \ +- echo "$${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ +- fi; \ ++ if test $$j = "cgid" -a "$$have_cgi" = "1"; then \ ++ echo "<IfModule !mpm_prefork_module>"; \ ++ echo " $${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ ++ echo "</IfModule>"; \ ++ elif test $$j = "cgi" -a "$$have_cgid" = "1"; then \ ++ echo "<IfModule mpm_prefork_module>"; \ ++ echo " $${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ ++ echo "</IfModule>"; \ ++ else \ ++ echo "$${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ ++ fi; \ ++ fi; \ + done; \ + sed -e '1,/@@LoadModule@@/d' \ + -e '/@@LoadModule@@/d' \ +@@ -78,15 +95,12 @@ install-conf: -e 's#@@SSLPort@@#$(SSLPORT)#g' \ < $$i; \ fi \ - ) > $(DESTDIR)$(sysconfdir)/original/$$i; \ - chmod 0644 $(DESTDIR)$(sysconfdir)/original/$$i; \ -+ ) > $(DESTDIR)$(EXAMPLESDIR)/$$i; \ -+ chmod 0644 $(DESTDIR)$(EXAMPLESDIR)/$$i; \ ++ ) > $(DESTDIR)$(sysconfdir)/$${i}.sample; \ ++ chmod 0644 $(DESTDIR)$(sysconfdir)/$${i}.sample; \ file=$$i; \ if [ "$$i" = "httpd.conf" ]; then \ file=`echo $$i|sed s/.*.conf/$(PROGRAM_NAME).conf/`; \ @@ -33,7 +70,7 @@ fi; \ done ; \ done ; \ -@@ -137,48 +132,25 @@ +@@ -137,48 +151,25 @@ dox: doxygen $(top_srcdir)/docs/doxygen.conf install-htdocs: @@ -50,8 +87,8 @@ - cd $(DESTDIR)$(htdocsdir) && find . -name ".svn" -type d -print | xargs rm -rf 2>/dev/null || true; \ - fi; \ - fi -+ $(MKINSTALLDIRS) $(DESTDIR)$(EXAMPLESDIR) ; \ -+ test -d $(htdocs-srcdir) && (cd $(htdocs-srcdir) && cp -rp index.html $(DESTDIR)$(EXAMPLESDIR)) || true ++ $(MKINSTALLDIRS) $(DESTDIR)$(DATADIR)/misc ; \ ++ test -d $(htdocs-srcdir) && (cd $(htdocs-srcdir) && cp -rp index.html $(DESTDIR)$(DATADIR)/misc) || true install-error: - -@if [ -d $(DESTDIR)$(errordir) ]; then \ @@ -91,7 +128,7 @@ install-other: @test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir) -@@ -231,12 +203,7 @@ +@@ -231,12 +222,7 @@ install-man: @test -d $(DESTDIR)$(manualdir) || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir) @cp -p $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1 @cp -p $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8 diff --git a/www/apache24/files/patch-acinclude.m4 b/www/apache24/files/patch-acinclude.m4 new file mode 100644 index 000000000000..676c8fefeb8e --- /dev/null +++ b/www/apache24/files/patch-acinclude.m4 @@ -0,0 +1,24 @@ +--- acinclude.m4.orig 2014-01-05 08:37:21 UTC ++++ acinclude.m4 +@@ -267,9 +267,10 @@ DISTCLEAN_TARGETS = modules.mk + static = + shared = $libname + EOF ++ dnl https://issues.apache.org/bugzilla/show_bug.cgi?id=53882 ++ DSO_MODULES="$DSO_MODULES mpm_$1" + # add default MPM to LoadModule list + if test $1 = $default_mpm; then +- DSO_MODULES="$DSO_MODULES mpm_$1" + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mpm_$1" + fi + fi +@@ -576,7 +577,8 @@ AC_DEFUN(APACHE_CHECK_OPENSSL,[ + liberrors="" + AC_CHECK_HEADERS([openssl/engine.h]) + AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"]) +- AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines]) ++ dnl PR 196139, https://issues.apache.org/bugzilla/show_bug.cgi?id=57375 ++ AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines SSL_CTX_use_certificate_chain RAND_egd]) + if test "x$liberrors" != "x"; then + AC_MSG_WARN([OpenSSL libraries are unusable]) + fi diff --git a/www/apache24/files/patch-config.layout b/www/apache24/files/patch-config.layout index 98b93ecfd161..919134c4d59f 100644 --- a/www/apache24/files/patch-config.layout +++ b/www/apache24/files/patch-config.layout @@ -1,5 +1,5 @@ ---- ./config.layout.orig 2012-04-17 16:01:41.000000000 +0200 -+++ ./config.layout 2013-03-22 18:55:53.000000000 +0100 +--- config.layout.orig 2012-04-17 14:01:41 UTC ++++ config.layout @@ -257,17 +257,17 @@ bindir: ${exec_prefix}/bin sbindir: ${exec_prefix}/sbin diff --git a/www/apache24/files/patch-configure.in b/www/apache24/files/patch-configure.in index 3c495005e6b3..ee496f0b8eb7 100644 --- a/www/apache24/files/patch-configure.in +++ b/www/apache24/files/patch-configure.in @@ -1,6 +1,6 @@ ---- ./configure.in.orig 2013-01-09 17:39:05.000000000 +0100 -+++ ./configure.in 2013-03-22 18:55:53.000000000 +0100 -@@ -111,7 +111,7 @@ +--- configure.in.orig 2015-01-22 17:33:07 UTC ++++ configure.in +@@ -111,7 +111,7 @@ fi if test "$apr_found" = "reconfig"; then APR_SUBDIR_CONFIG(srclib/apr, @@ -9,7 +9,7 @@ [--enable-layout=*|\'--enable-layout=*]) dnl We must be the first to build and the last to be cleaned AP_BUILD_SRCLIB_DIRS="apr $AP_BUILD_SRCLIB_DIRS" -@@ -177,7 +177,7 @@ +@@ -177,7 +177,7 @@ esac if test "$apu_found" = "reconfig"; then APR_SUBDIR_CONFIG(srclib/apr-util, @@ -18,7 +18,7 @@ [--enable-layout=*|\'--enable-layout=*]) dnl We must be the last to build and the first to be cleaned AP_BUILD_SRCLIB_DIRS="$AP_BUILD_SRCLIB_DIRS apr-util" -@@ -822,8 +822,14 @@ +@@ -830,8 +830,14 @@ AC_DEFINE_UNQUOTED(HTTPD_ROOT, "${ap_pre [Root directory of the Apache install area]) AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf", [Location of the config file, relative to the Apache root directory]) diff --git a/www/apache24/files/patch-docs__conf__extra__httpd-autoindex.conf.in b/www/apache24/files/patch-docs__conf__extra__httpd-autoindex.conf.in index 79d4f20790e9..120c05f0c9ef 100644 --- a/www/apache24/files/patch-docs__conf__extra__httpd-autoindex.conf.in +++ b/www/apache24/files/patch-docs__conf__extra__httpd-autoindex.conf.in @@ -1,6 +1,6 @@ ---- ./docs/conf/extra/httpd-autoindex.conf.in.orig 2010-06-15 13:05:13.000000000 +0200 -+++ ./docs/conf/extra/httpd-autoindex.conf.in 2013-03-22 18:55:53.000000000 +0100 -@@ -89,5 +89,5 @@ +--- docs/conf/extra/httpd-autoindex.conf.in.orig 2010-06-15 11:05:13 UTC ++++ docs/conf/extra/httpd-autoindex.conf.in +@@ -89,5 +89,5 @@ HeaderName HEADER.html # IndexIgnore is a set of filenames which directory indexing should ignore # and not include in the listing. Shell-style wildcarding is permitted. # diff --git a/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in b/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in index 8382aa1a1b81..f8804d61eada 100644 --- a/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in +++ b/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in @@ -1,6 +1,37 @@ ---- ./docs/conf/extra/httpd-ssl.conf.in.orig 2012-12-11 10:55:03.000000000 +0100 -+++ ./docs/conf/extra/httpd-ssl.conf.in 2013-03-22 18:55:53.000000000 +0100 -@@ -86,8 +86,8 @@ +--- docs/conf/extra/httpd-ssl.conf.in.orig 2015-01-31 12:20:34 UTC ++++ docs/conf/extra/httpd-ssl.conf.in +@@ -42,11 +42,30 @@ Listen @@SSLPort@@ + ## the main server and all SSL-enabled virtual hosts. + ## + ++## disable unsecure SSL protocols ++SSLProtocol ALL -SSLv2 -SSLv3 ++ + # SSL Cipher Suite: + # List the ciphers that the client is permitted to negotiate. + # See the mod_ssl documentation for a complete list. + SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 + ++## The following entries can be used as suggestions, ++## for more information see: ++## - http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite ++## - http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html ++## ++## To test your SSL implementation use for example security/sslscan or for public reachable systems https://www.ssllabs.com/ ++ ++## sample for OpenSSL >= 1.0.x (with RC4) ++# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" ++ ++## sample for OpenSSL >= 1.0.x (keep support for IE8 on XP) ++# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4" ++ ++## sample for OpenSSL >= 1.0.x (no RC4 support) ++# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" ++ + # Speed-optimized SSL Cipher configuration: + # If speed is your main concern (on busy HTTPS servers e.g.), + # you might want to force clients to specific, performance +@@ -105,8 +124,8 @@ SSLSessionCacheTimeout 300 DocumentRoot "@exp_htdocsdir@" ServerName www.example.com:@@SSLPort@@ ServerAdmin you@example.com @@ -11,7 +42,7 @@ # SSL Engine Switch: # Enable/Disable SSL for this virtual host. -@@ -246,7 +246,7 @@ +@@ -265,7 +284,7 @@ BrowserMatch "MSIE [2-5]" \ # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. diff --git a/www/apache24/files/patch-docs__conf__extra__httpd-userdir.conf.in b/www/apache24/files/patch-docs__conf__extra__httpd-userdir.conf.in index d071f5388568..67eef7beffe2 100644 --- a/www/apache24/files/patch-docs__conf__extra__httpd-userdir.conf.in +++ b/www/apache24/files/patch-docs__conf__extra__httpd-userdir.conf.in @@ -1,5 +1,5 @@ ---- ./docs/conf/extra/httpd-userdir.conf.in.orig 2011-06-06 23:40:41.000000000 +0200 -+++ ./docs/conf/extra/httpd-userdir.conf.in 2013-03-22 18:55:53.000000000 +0100 +--- docs/conf/extra/httpd-userdir.conf.in.orig 2011-06-06 21:40:41 UTC ++++ docs/conf/extra/httpd-userdir.conf.in @@ -9,6 +9,8 @@ # UserDir public_html diff --git a/www/apache24/files/patch-docs__conf__httpd.conf.in b/www/apache24/files/patch-docs__conf__httpd.conf.in index a9da848ba486..35f81ccb0c65 100644 --- a/www/apache24/files/patch-docs__conf__httpd.conf.in +++ b/www/apache24/files/patch-docs__conf__httpd.conf.in @@ -1,6 +1,6 @@ ---- ./docs/conf/httpd.conf.in.orig 2012-11-08 04:05:38.000000000 +0100 -+++ ./docs/conf/httpd.conf.in 2013-10-26 19:29:20.000000000 +0200 -@@ -65,6 +65,9 @@ +--- docs/conf/httpd.conf.in.orig 2012-11-08 03:05:38 UTC ++++ docs/conf/httpd.conf.in +@@ -65,6 +65,9 @@ Listen @@Port@@ # @@LoadModule@@ @@ -10,7 +10,7 @@ <IfModule unixd_module> # # If you wish httpd to run as a different user or group, you must run -@@ -74,8 +77,8 @@ +@@ -74,8 +77,8 @@ Listen @@Port@@ # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # @@ -21,7 +21,7 @@ </IfModule> -@@ -181,7 +184,7 @@ +@@ -181,7 +184,7 @@ DocumentRoot "@exp_htdocsdir@" # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # @@ -30,7 +30,7 @@ # # LogLevel: Control the number of messages logged to the error_log. -@@ -210,13 +213,13 @@ +@@ -210,13 +213,13 @@ LogLevel warn # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # @@ -46,7 +46,7 @@ </IfModule> <IfModule alias_module> -@@ -418,3 +421,5 @@ +@@ -418,3 +421,5 @@ SSLRandomSeed connect builtin #RequestHeader unset DNT env=bad_DNT #</IfModule> diff --git a/www/apache24/files/patch-include__ap_config_auto.h.in b/www/apache24/files/patch-include__ap_config_auto.h.in new file mode 100644 index 000000000000..3d4b123f510c --- /dev/null +++ b/www/apache24/files/patch-include__ap_config_auto.h.in @@ -0,0 +1,26 @@ +# libressl support +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139 +# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375 + +--- include/ap_config_auto.h.in.orig 2015-01-15 19:59:13 UTC ++++ include/ap_config_auto.h.in +@@ -130,6 +130,9 @@ + /* Define to 1 if you have the <pwd.h> header file. */ + #undef HAVE_PWD_H + ++/* Define to 1 if you have the `RAND_egd' function. */ ++#undef HAVE_RAND_EGD ++ + /* Define to 1 if you have the `setsid' function. */ + #undef HAVE_SETSID + +@@ -139,6 +142,9 @@ + /* Define to 1 if you have the `SSL_CTX_new' function. */ + #undef HAVE_SSL_CTX_NEW + ++/* Define to 1 if you have the `SSL_CTX_use_certificate_chain' function. */ ++#undef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN ++ + /* Define to 1 if you have the <stdint.h> header file. */ + #undef HAVE_STDINT_H + diff --git a/www/apache24/files/patch-modules__ssl__ssl_engine_init.c b/www/apache24/files/patch-modules__ssl__ssl_engine_init.c new file mode 100644 index 000000000000..a82cbdc6df5a --- /dev/null +++ b/www/apache24/files/patch-modules__ssl__ssl_engine_init.c @@ -0,0 +1,31 @@ +# libressl support +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139 +# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375 + +--- modules/ssl/ssl_engine_init.c.orig 2015-01-15 12:20:33 UTC ++++ modules/ssl/ssl_engine_init.c +@@ -353,9 +353,11 @@ apr_status_t ssl_init_Engine(server_rec + return ssl_die(s); + } + ++#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK + if (strEQ(mc->szCryptoDevice, "chil")) { + ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); + } ++#endif + + if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01889) +@@ -838,7 +840,11 @@ static apr_status_t ssl_init_ctx_cert_ch + } + } + +- n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx, ++#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN ++ n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx, ++#else ++ n = _SSL_CTX_use_certificate_chain(mctx->ssl_ctx, ++#endif + (char *)chain, + skip_first, NULL); + if (n < 0) { diff --git a/www/apache24/files/patch-modules__ssl__ssl_engine_rand.c b/www/apache24/files/patch-modules__ssl__ssl_engine_rand.c new file mode 100644 index 000000000000..e6b98e42b6a9 --- /dev/null +++ b/www/apache24/files/patch-modules__ssl__ssl_engine_rand.c @@ -0,0 +1,22 @@ +# libressl support +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139 +# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375 + +--- modules/ssl/ssl_engine_rand.c.orig 2011-12-05 00:08:01 UTC ++++ modules/ssl/ssl_engine_rand.c +@@ -81,6 +81,7 @@ int ssl_rand_seed(server_rec *s, apr_poo + nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes); + ssl_util_ppclose(s, p, fp); + } ++#ifdef HAVE_RAND_EGD + else if (pRandSeed->nSrc == SSL_RSSRC_EGD) { + /* + * seed in contents provided by the external +@@ -90,6 +91,7 @@ int ssl_rand_seed(server_rec *s, apr_poo + continue; + nDone += n; + } ++#endif + else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) { + struct { + time_t t; diff --git a/www/apache24/files/patch-modules__ssl__ssl_util_ssl.c b/www/apache24/files/patch-modules__ssl__ssl_util_ssl.c new file mode 100644 index 000000000000..5fdf78c7a3b5 --- /dev/null +++ b/www/apache24/files/patch-modules__ssl__ssl_util_ssl.c @@ -0,0 +1,18 @@ +# libressl support +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139 +# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375 + +--- modules/ssl/ssl_util_ssl.c.orig 2015-01-12 13:31:16 UTC ++++ modules/ssl/ssl_util_ssl.c +@@ -473,7 +473,11 @@ EC_GROUP *ssl_ec_GetParamFromFile(const + * format, possibly followed by a sequence of CA certificates that + * should be sent to the peer in the SSL Certificate message. + */ ++#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN + int SSL_CTX_use_certificate_chain( ++#else ++int _SSL_CTX_use_certificate_chain( ++#endif + SSL_CTX *ctx, char *file, int skipfirst, pem_password_cb *cb) + { + BIO *bio; diff --git a/www/apache24/files/patch-modules__ssl__ssl_util_ssl.h b/www/apache24/files/patch-modules__ssl__ssl_util_ssl.h new file mode 100644 index 000000000000..6ff277270e71 --- /dev/null +++ b/www/apache24/files/patch-modules__ssl__ssl_util_ssl.h @@ -0,0 +1,18 @@ +# libressl support +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139 +# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375 + +--- modules/ssl/ssl_util_ssl.h.orig 2014-03-02 20:20:14 UTC ++++ modules/ssl/ssl_util_ssl.h +@@ -69,7 +69,11 @@ BOOL SSL_X509_getIDs(apr_pool_t * + BOOL SSL_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL, server_rec *); + BOOL SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); + BOOL SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); ++#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN + int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *); ++#else ++int _SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *); ++#endif + char *SSL_SESSION_id2sz(unsigned char *, int, char *, int); + + #endif /* __SSL_UTIL_SSL_H__ */ diff --git a/www/apache24/files/patch-r1611744-modules__lua__lua_request.c b/www/apache24/files/patch-r1611744-modules__lua__lua_request.c deleted file mode 100644 index 15b0e05cb33f..000000000000 --- a/www/apache24/files/patch-r1611744-modules__lua__lua_request.c +++ /dev/null @@ -1,22 +0,0 @@ -backport for mod_lua: Don't quote values in cookies; Make IE happy again [#56734] -http://svn.apache.org/viewvc?view=revision&revision=1611744 - - ---- ./modules/lua/lua_request.c.orig 2014-07-20 10:48:19.000000000 +0200 -+++ ./modules/lua/lua_request.c 2014-07-20 10:48:46.000000000 +0200 -@@ -2086,13 +2086,13 @@ - if (expires > 0) { - rv = apr_rfc822_date(cdate, apr_time_from_sec(expires)); - if (rv == APR_SUCCESS) { -- strexpires = apr_psprintf(r->pool, "Expires=\"%s\";", cdate); -+ strexpires = apr_psprintf(r->pool, "Expires=%s;", cdate); - } - } - - /* Create path segment */ - if (path != NULL && strlen(path) > 0) { -- strpath = apr_psprintf(r->pool, "Path=\"%s\";", path); -+ strpath = apr_psprintf(r->pool, "Path=%s;", path); - } - - /* Create domain segment */ diff --git a/www/apache24/files/patch-support__Makefile.in b/www/apache24/files/patch-support__Makefile.in index f92ad75abff9..8dca75c35700 100644 --- a/www/apache24/files/patch-support__Makefile.in +++ b/www/apache24/files/patch-support__Makefile.in @@ -1,6 +1,6 @@ ---- ./support/Makefile.in.orig 2012-12-11 11:37:25.000000000 +0100 -+++ ./support/Makefile.in 2013-10-26 19:29:20.000000000 +0200 -@@ -17,10 +17,10 @@ +--- support/Makefile.in.orig 2012-12-11 10:37:25 UTC ++++ support/Makefile.in +@@ -17,10 +17,10 @@ install: @test -d $(DESTDIR)$(sbindir) || $(MKINSTALLDIRS) $(DESTDIR)$(sbindir) @test -d $(DESTDIR)$(libexecdir) || $(MKINSTALLDIRS) $(DESTDIR)$(libexecdir) @cp -p $(top_builddir)/server/httpd.exp $(DESTDIR)$(libexecdir) @@ -14,7 +14,7 @@ fi ; \ done @for i in apachectl; do \ -@@ -30,10 +30,7 @@ +@@ -30,10 +30,7 @@ install: fi ; \ done @if test -f "$(builddir)/envvars-std"; then \ diff --git a/www/apache24/files/patch-support__apachectl.in b/www/apache24/files/patch-support__apachectl.in index bd23406991e5..b093f49ae438 100644 --- a/www/apache24/files/patch-support__apachectl.in +++ b/www/apache24/files/patch-support__apachectl.in @@ -1,6 +1,6 @@ ---- ./support/apachectl.in.orig 2012-02-01 04:47:28.000000000 +0100 -+++ ./support/apachectl.in 2013-03-22 18:55:53.000000000 +0100 -@@ -43,6 +43,7 @@ +--- support/apachectl.in.orig 2012-02-01 03:47:28 UTC ++++ support/apachectl.in +@@ -43,6 +43,7 @@ ARGV="$@" # # the path to your httpd binary, including options if necessary HTTPD='@exp_sbindir@/@progname@' @@ -8,7 +8,7 @@ # # pick up any necessary environment variables if test -f @exp_sbindir@/envvars; then -@@ -66,19 +67,21 @@ +@@ -66,19 +67,21 @@ ULIMIT_MAX_FILES="@APACHECTL_ULIMIT@" # -------------------- -------------------- # |||||||||||||||||||| END CONFIGURATION SECTION |||||||||||||||||||| @@ -34,7 +34,7 @@ ERROR=$? ;; startssl|sslstart|start-SSL) -@@ -88,11 +91,13 @@ +@@ -88,11 +91,13 @@ startssl|sslstart|start-SSL) ERROR=2 ;; configtest) diff --git a/www/apache24/files/patch-support__apxs.in b/www/apache24/files/patch-support__apxs.in index ab8f38f159eb..65f2f5b4be71 100644 --- a/www/apache24/files/patch-support__apxs.in +++ b/www/apache24/files/patch-support__apxs.in @@ -1,6 +1,6 @@ ---- ./support/apxs.in.orig 2012-07-25 13:42:40.000000000 +0200 -+++ ./support/apxs.in 2013-03-22 18:55:53.000000000 +0100 -@@ -636,7 +636,13 @@ +--- support/apxs.in.orig 2013-12-26 18:01:53 UTC ++++ support/apxs.in +@@ -636,7 +636,13 @@ if ($opt_i or $opt_e) { } } else { # replace already existing LoadModule line @@ -15,7 +15,7 @@ } $lmd =~ m|LoadModule\s+(.+?)_module.*|; notice("[$what module `$1' in $CFG_SYSCONFDIR/$CFG_TARGET.conf]"); -@@ -645,8 +651,7 @@ +@@ -645,8 +651,7 @@ if ($opt_i or $opt_e) { if (open(FP, ">$CFG_SYSCONFDIR/$CFG_TARGET.conf.new")) { print FP $content; close(FP); diff --git a/www/apache24/files/patch-support__envvars-std.in b/www/apache24/files/patch-support__envvars-std.in index 9f428b238547..305650cc661c 100644 --- a/www/apache24/files/patch-support__envvars-std.in +++ b/www/apache24/files/patch-support__envvars-std.in @@ -1,6 +1,6 @@ ---- ./support/envvars-std.in.orig 2012-03-08 17:10:51.000000000 +0100 -+++ ./support/envvars-std.in 2013-03-22 18:55:53.000000000 +0100 -@@ -26,3 +26,10 @@ +--- support/envvars-std.in.orig 2012-03-08 16:10:51 UTC ++++ support/envvars-std.in +@@ -26,3 +26,10 @@ fi export @SHLIBPATH_VAR@ # @OS_SPECIFIC_VARS@ diff --git a/www/apache24/files/patch-support__log_server_status.in b/www/apache24/files/patch-support__log_server_status.in index 3d3ba66f7128..9853c52a3fd4 100644 --- a/www/apache24/files/patch-support__log_server_status.in +++ b/www/apache24/files/patch-support__log_server_status.in @@ -1,6 +1,6 @@ ---- ./support/log_server_status.in.orig 2012-04-29 01:08:09.000000000 +0200 -+++ ./support/log_server_status.in 2013-03-22 18:55:53.000000000 +0100 -@@ -29,7 +29,7 @@ +--- support/log_server_status.in.orig 2012-04-28 23:08:09 UTC ++++ support/log_server_status.in +@@ -29,7 +29,7 @@ use IO::Socket; use strict; use warnings; @@ -9,7 +9,7 @@ my $server = "localhost"; # Name of server, could be "www.foo.com" my $port = "@PORT@"; # Port on server my $request = "/server-status/?auto"; # Request to send -@@ -46,7 +46,7 @@ +@@ -46,7 +46,7 @@ my $time = . sprintf( "%02d", $ltime[1] ) . sprintf( "%02d", $ltime[0] ); diff --git a/www/apache24/files/pkg-deinstall.in b/www/apache24/files/pkg-deinstall.in new file mode 100644 index 000000000000..587643fc2eb0 --- /dev/null +++ b/www/apache24/files/pkg-deinstall.in @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +MPM_FALLBACK="%%ETCDIR%%/modules.d/%%MPMF%%" + +_cleanup(){ + if [ -f ${MPM_FALLBACK} ]; then + echo -n "remove fallback MPM : " + /bin/rm -vf ${MPM_FALLBACK} + fi +} + +# run only if build with modular MPM +if [ "x$2" = "xDEINSTALL" ]; then + %%MPM_FALLBACK_CHECK%%_cleanup +fi + diff --git a/www/apache24/files/pkg-install.in b/www/apache24/files/pkg-install.in new file mode 100644 index 000000000000..4bd2b15dfaad --- /dev/null +++ b/www/apache24/files/pkg-install.in @@ -0,0 +1,65 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# Note: +# We have to use grep or wc after awk, else +# there is no usable ret value that can be +# used for further processing + +HTTPD_CONF="%%ETCDIR%%/httpd.conf" +MPM_FALLBACK="%%ETCDIR%%/modules.d/%%MPMF%%" + +_log_msg(){ + /usr/bin/logger -p local0.notice -s -t apache24 "$1" +} + +_check_deprecated(){ +if [ -r ${HTTPD_CONF} ]; then + /usr/bin/awk '/^LoadModule[[:blank:]]+mpm_(event|prefork|worker)_module/ {print $2}' ${HTTPD_CONF} | /usr/bin/grep -q '^mpm_' + if [ $? -ne 0 ]; then + _log_msg "===================================================" + _log_msg "WARNING!" + _log_msg " No apache MPM module is activated in httpd.conf," + _log_msg " mpm_prefork will be activated as fall back" + _log_msg "" + _log_msg " Please follow the instructions in" + _log_msg " ${MPM_FALLBACK}" + _log_msg "===================================================" + +cat > ${MPM_FALLBACK} << _EOF +# ================================================================== +# Note: +# www/apache24 build changed from static MPM to modular MPM loading! +# +# This file was installed as fall back, since no activated MPM +# was detected in the existing httpd.conf. +# +# Please merge additions from httpd.conf.sample into your httpd.conf! +# +# After activating one of the mpm_modules in httpd.conf it is save +# to deactivate the "LoadModule" line in this file. +# +# In case mod_(php|perl|python|...) modules from the official FreeBSD +# package repo are installed please use the mpm_prefork module, else +# feel free to test mpm_event (preferred) or mpm_worker. +# +# For more information see: +# http://httpd.apache.org/docs/2.4/mod/ +# ================================================================== + +LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so +_EOF + + fi # $? -ne 0 +else + echo ${HTTPD_CONF} not readable +fi +} + +# run only if build with modular MPM +if [ "$2" = "POST-INSTALL" ]; then + %%MPM_FALLBACK_CHECK%%_check_deprecated +fi + |