Index: branches/2015Q2/www/apache22/Makefile =================================================================== --- branches/2015Q2/www/apache22/Makefile (revision 389213) +++ branches/2015Q2/www/apache22/Makefile (revision 389214) @@ -1,200 +1,206 @@ # $FreeBSD$ PORTNAME= apache22 PORTVERSION= 2.2.29 -PORTREVISION?= 2 +PORTREVISION?= 3 CATEGORIES= www ipv6 MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} DISTNAME= httpd-${PORTVERSION} DIST_SUBDIR= apache22 MAINTAINER?= apache@FreeBSD.org COMMENT?= Version 2.2.x of Apache web server with ${WITH_MPM} MPM. LIB_DEPENDS= libexpat.so:${PORTSDIR}/textproc/expat2 \ libapr-1.so:${PORTSDIR}/devel/apr1 \ libpcre.so:${PORTSDIR}/devel/pcre CONFLICTS_INSTALL= caudium14-1.* \ apache-*-2.2.* apache22-*-2.2.* \ apache-*-2.4.* apache24-*-2.4.* USE_APACHE= common22 USES= tar:bzip2 iconv perl5 libtool cpe USE_PERL5= run USE_AUTOTOOLS= autoconf USE_RC_SUBR= apache22 htcacheclean CPE_VENDOR= apache CPE_PRODUCT= http_server PORTDOCS= * USERS= www GROUPS= www # for slave ports .if !defined(MASTERDIR) APACHEDIR= ${.CURDIR} .else APACHEDIR= ${MASTERDIR} .endif WITH_MPM?= prefork # or worker, event, itk, peruser WITH_HTTP_PORT?= 80 WITH_SSL_PORT?= 443 .include "${APACHEDIR}/Makefile.options" AUTHNZ_LDAP_CONFIGURE_ON= --enable-authnz-ldap # http://httpd.apache.org/docs/2.2/bind.html IPV4_MAPPED_CONFIGURE_ENABLE= v4-mapped LDAP_CONFIGURE_ON= --enable-ldap=shared SSL_CFLAGS= -I${OPENSSLINC} SSL_CONFIGURE_ON= --with-ssl=${OPENSSLBASE} SSL_LDFLAGS= -L${OPENSSLLIB} SSL_USE= OPENSSL=yes SUEXEC_RSRCLIMIT_EXTRA_PATCHES= ${FILESDIR}/extra-patch-suexec_rsrclimit SUEXEC_USERDIR_EXTRA_PATCHES= ${FILESDIR}/extra-patch-suexec_userdir .include ETC_SUBDIRS= Includes envvars.d extra modules.d # PR: 182947 .if ${WITH_MPM} != "peruser" SUB_LIST+= RELOAD_CMD=graceful .else SUB_LIST+= RELOAD_CMD=hrestart .endif APR_CONFIG?= ${LOCALBASE}/bin/apr-1-config APU_CONFIG?= ${LOCALBASE}/bin/apu-1-config # APU modules used by AUTHN_DBD DBD APU_DBD_MYSQL?= ${LOCALBASE}/lib/apr-util-1/apr_dbd_mysql.so APU_DBD_PGSQL?= ${LOCALBASE}/lib/apr-util-1/apr_dbd_pgsql.so APU_DBD_SQLITE3?= ${LOCALBASE}/lib/apr-util-1/apr_dbd_sqlite3.so # APU module used by AUTHNZ_LDAP LDAP APU_LDAP?= ${LOCALBASE}/lib/apr-util-1/apr_ldap.so # APU module used by SESSION_CRYPTO APU_CRYPTO_OPENSSL?= ${LOCALBASE}/lib/apr-util-1/apr_crypto_openssl.so APU_CRYPTO_NSS?= ${LOCALBASE}/lib/apr-util-1/apr_crypto_nss.so CONFIGURE_ARGS+=--prefix=${PREFIX} \ --enable-layout=FreeBSD \ --with-port=${WITH_HTTP_PORT} \ --with-sslport=${WITH_SSL_PORT} \ --with-expat=${LOCALBASE} \ --with-iconv=${ICONV_PREFIX} \ --enable-http \ --with-pcre=${LOCALBASE} \ --with-apr=${APR_CONFIG} \ --with-apr-util=${APU_CONFIG} CONFIGURE_ENV= CONFIG_SHELL="${SH}" \ LOCALBASE="${LOCALBASE}" MAKE_ENV+= EXPR_COMPAT=yes \ INSTALL_MAN="${INSTALL_MAN}" \ EXAMPLESDIR=${EXAMPLESDIR} #===================================================== # CONFIGURE_ARGS will be handled in Makefile.modules, # here we do only OPTIONS fixups .if ${PORT_OPTIONS:MSUEXEC_RSRCLIMIT} && !${PORT_OPTIONS:MSUEXEC} IGNORE= suEXEC resource limit patch requires mod_suexec.\ Please (re)run 'make config' and choose SUEXEC option also .endif .if ${PORT_OPTIONS:MSUEXEC_USERDIR} && !${PORT_OPTIONS:MSUEXEC} IGNORE= suEXEC UserDir patch requires mod_suexec.\ Please (re)run 'make config' and choose SUEXEC option also .endif .include .include "${APACHEDIR}/Makefile.modules" show-options: @${SED} -ne 's/^##//p' ${APACHEDIR}/Makefile.doc pre-everything:: @${CAT} ${FILESDIR}/HEADS_UP .if !defined(BATCH) || !defined(PORT_BUILDING) @/bin/sleep 5 .endif post-extract: # remove possible leftover .svn directories in the sources @${FIND} ${WRKSRC} -type d -name .svn -print | ${XARGS} ${RM} -rf # limit grep results ... @${FIND} ${WRKSRC} -type f \( -name 'NWGNU*' -o -name '*.ds?' -o -name '*.dep' -o -name '*.mak' -o -name '*.win' \) -delete # make qa script happy, it complains on empty dirs even 'PORTDOCS=*' is set # use RMDIR in case upstream ever place some files into this dirs .for d in xsl/util xsl lang -${RMDIR} ${WRKSRC}/docs/manual/style/${d} .endfor post-patch: @${REINPLACE_CMD} -e 's," PLATFORM ",FreeBSD,' ${WRKSRC}/server/core.c # IPv4_mapping fix: https://issues.apache.org/bugzilla/show_bug.cgi?id=53824 @${REINPLACE_CMD} -e 's|freebsd5|freebsd|' \ -e 's|^perlbin=.*|perlbin=${PERL}|' \ ${WRKSRC}/configure.in ${WRKSRC}/configure @${RM} -f ${WRKSRC}/docs/docroot/*.bak ${INSTALL_DATA} ${WRKSRC}/NOTICE ${WRKSRC}/docs/manual # we use devel/apr and devel/pcre @${RM} -rf ${WRKSRC}/srclib @${REINPLACE_CMD} -e 's/srclib//' ${WRKSRC}/Makefile.in pre-configure:: @${ECHO_MSG} "" @${ECHO_MSG} " You can check your modules configuration by using make show-modules" @${ECHO_MSG} "" # Fix build with OpenSSL from ports .if ${PORT_OPTIONS:MSSL} . if ${OPSYS} == FreeBSD . if defined(OPENSSL_INSTALLED) && ${OPENSSL_INSTALLED} != "" @${ECHO_MSG} "===> apply fix for FreeBSD-${OSREL} (${OSVERSION}) for usage with ${OPENSSL_INSTALLED}" @${ECHO_MSG} "" ${REINPLACE_CMD} -e "s|(ALL_CFLAGS)|(ALL_CFLAGS) -L${OPENSSLLIB}|" ${WRKSRC}/build/rules.mk.in . endif . endif .endif post-configure: @FTPUSERS=`${EGREP} -v '^#' /etc/ftpusers| ${TR} -s "\n" " "` ;\ ${REINPLACE_CMD} -e "s,%%FTPUSERS%%,$${FTPUSERS}," ${WRKSRC}/docs/conf/extra/httpd-userdir.conf @${REINPLACE_CMD} -e "s,%%WWWOWN%%,${WWWOWN}," -e "s,%%WWWGRP%%,${WWWGRP}," ${WRKSRC}/docs/conf/httpd.conf @${REINPLACE_CMD} -e "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/support/envvars-std + +pre-build: +.if ${PORT_OPTIONS:MSSL} + @${ECHO_MSG} "===> Generating unique DH group to mitigate Logjam attack (this will take a while)" + (cd ${WRKSRC}/modules/ssl && ${SETENV} HOME=${WRKDIR} ${PERL} ssl_engine_dh.c) +.endif post-install: @${MKDIR} ${ETC_SUBDIRS:S|^|${STAGEDIR}${ETCDIR}/|} ${INSTALL_DATA} ${FILESDIR}/no-accf.conf ${STAGEDIR}${ETCDIR}/Includes/ # place for 3rd party module configuration ${INSTALL_DATA} ${FILESDIR}/README_modules.d ${STAGEDIR}${ETCDIR}/modules.d/ @${MKDIR} ${STAGEDIR}/${EXAMPLESDIR}/modules.d ${INSTALL_DATA} ${FILESDIR}/README_modules.d ${STAGEDIR}${EXAMPLESDIR}/modules.d # strip returns an error for non binary files, but we have a big mix -${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/* 2>/dev/null -${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/apache22/mod_*.so .if ${PORT_OPTIONS:MLOG_FORENSIC} ${INSTALL_SCRIPT} ${WRKSRC}/support/check_forensic ${STAGEDIR}${PREFIX}/sbin .endif # maintainer only, check for new modules modlist: extract @${AWK} '/: checking whether to enable mod_/ \ {printf "%%%%%s%%%%libexec/apache22/%s.so\n", \ toupper($$8), $$8}' ${WRKSRC}/configure \ | ${TR} -d '"' \ | ${SORT} -u \ | ${GREP} -E -v '^%%MOD_(ECHO|EXAMPLE|HTTP|IDENT|ISAPI|SO)%%' .include Index: branches/2015Q2/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c =================================================================== --- branches/2015Q2/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c (nonexistent) +++ branches/2015Q2/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c (revision 389214) @@ -0,0 +1,142 @@ +--- modules/ssl/ssl_engine_dh.c.orig 2006-07-12 03:38:44 UTC ++++ modules/ssl/ssl_engine_dh.c +@@ -33,7 +33,7 @@ + /* ----BEGIN GENERATED SECTION-------- */ + + /* +-** Diffie-Hellman-Parameters: (512 bit) ++** Diffie-Hellman-Parameters: (2048 bit) + ** prime: + ** 00:9f:db:8b:8a:00:45:44:f0:04:5f:17:37:d0:ba: + ** 2e:0b:27:4c:df:1a:9f:58:82:18:fb:43:53:16:a1: +@@ -41,7 +41,7 @@ + ** 0e:3e:30:06:80:a3:03:0c:6e:4c:37:57:d0:8f:70: + ** e6:aa:87:10:33 + ** generator: 2 (0x2) +-** Diffie-Hellman-Parameters: (1024 bit) ++** Diffie-Hellman-Parameters: (3072 bit) + ** prime: + ** 00:d6:7d:e4:40:cb:bb:dc:19:36:d6:93:d3:4a:fd: + ** 0a:d5:0c:84:d2:39:a4:5f:52:0b:b8:81:74:cb:98: +@@ -55,7 +55,7 @@ + ** generator: 2 (0x2) + */ + +-static unsigned char dh512_p[] = { ++static unsigned char dh2048_p[] = { + 0x9F, 0xDB, 0x8B, 0x8A, 0x00, 0x45, 0x44, 0xF0, 0x04, 0x5F, 0x17, 0x37, + 0xD0, 0xBA, 0x2E, 0x0B, 0x27, 0x4C, 0xDF, 0x1A, 0x9F, 0x58, 0x82, 0x18, + 0xFB, 0x43, 0x53, 0x16, 0xA1, 0x6E, 0x37, 0x41, 0x71, 0xFD, 0x19, 0xD8, +@@ -63,17 +63,17 @@ static unsigned char dh512_p[] = { + 0x80, 0xA3, 0x03, 0x0C, 0x6E, 0x4C, 0x37, 0x57, 0xD0, 0x8F, 0x70, 0xE6, + 0xAA, 0x87, 0x10, 0x33, + }; +-static unsigned char dh512_g[] = { ++static unsigned char dh2048_g[] = { + 0x02, + }; + +-static DH *get_dh512(void) ++static DH *get_dh2048(void) + { +- return modssl_dh_configure(dh512_p, sizeof(dh512_p), +- dh512_g, sizeof(dh512_g)); ++ return modssl_dh_configure(dh2048_p, sizeof(dh2048_p), ++ dh2048_g, sizeof(dh2048_g)); + } + +-static unsigned char dh1024_p[] = { ++static unsigned char dh3072_p[] = { + 0xD6, 0x7D, 0xE4, 0x40, 0xCB, 0xBB, 0xDC, 0x19, 0x36, 0xD6, 0x93, 0xD3, + 0x4A, 0xFD, 0x0A, 0xD5, 0x0C, 0x84, 0xD2, 0x39, 0xA4, 0x5F, 0x52, 0x0B, + 0xB8, 0x81, 0x74, 0xCB, 0x98, 0xBC, 0xE9, 0x51, 0x84, 0x9F, 0x91, 0x2E, +@@ -86,14 +86,14 @@ static unsigned char dh1024_p[] = { + 0x88, 0xAE, 0xAA, 0x74, 0x7D, 0xE0, 0xF4, 0xD6, 0xE2, 0xBD, 0x68, 0xB0, + 0xE7, 0x39, 0x3E, 0x0F, 0x24, 0x21, 0x8E, 0xB3, + }; +-static unsigned char dh1024_g[] = { ++static unsigned char dh3072_g[] = { + 0x02, + }; + +-static DH *get_dh1024(void) ++static DH *get_dh3072(void) + { +- return modssl_dh_configure(dh1024_p, sizeof(dh1024_p), +- dh1024_g, sizeof(dh1024_g)); ++ return modssl_dh_configure(dh3072_p, sizeof(dh3072_p), ++ dh3072_g, sizeof(dh3072_g)); + } + + /* ----END GENERATED SECTION---------- */ +@@ -102,12 +102,12 @@ DH *ssl_dh_GetTmpParam(int nKeyLen) + { + DH *dh; + +- if (nKeyLen == 512) +- dh = get_dh512(); +- else if (nKeyLen == 1024) +- dh = get_dh1024(); ++ if (nKeyLen == 2048) ++ dh = get_dh2048(); ++ else if (nKeyLen == 3072) ++ dh = get_dh3072(); + else +- dh = get_dh1024(); ++ dh = get_dh3072(); + return dh; + } + +@@ -151,7 +151,7 @@ print FP $source; + close(FP); + + # generate the DH parameters +-print "1. Generate 512 and 1024 bit Diffie-Hellman parameters (p, g)\n"; ++print "1. Generate 2048 and 3072 bit Diffie-Hellman parameters (p, g)\n"; + my $rand = ''; + foreach $file (qw(/var/log/messages /var/adm/messages + /kernel /vmunix /vmlinuz /etc/hosts /etc/resolv.conf)) { +@@ -161,15 +161,15 @@ foreach $file (qw(/var/log/messages /var + } + } + $rand = "-rand $rand" if ($rand ne ''); +-system("openssl gendh $rand -out dh512.pem 512"); +-system("openssl gendh $rand -out dh1024.pem 1024"); ++system("openssl gendh -out dh2048.pem 2048"); ++system("openssl gendh -out dh3072.pem 3072"); + + # generate DH param info + my $dhinfo = ''; +-open(FP, "openssl dh -noout -text -in dh512.pem |") || die; ++open(FP, "openssl dh -noout -text -in dh2048.pem |") || die; + $dhinfo .= $_ while (); + close(FP); +-open(FP, "openssl dh -noout -text -in dh1024.pem |") || die; ++open(FP, "openssl dh -noout -text -in dh3072.pem |") || die; + $dhinfo .= $_ while (); + close(FP); + $dhinfo =~ s|^|** |mg; +@@ -177,10 +177,10 @@ $dhinfo = "\n\/\*\n$dhinfo\*\/\n\n"; + + # generate C source from DH params + my $dhsource = ''; +-open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand |") || die; ++open(FP, "openssl dh -noout -C -in dh2048.pem | indent | expand |") || die; + $dhsource .= $_ while (); + close(FP); +-open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand |") || die; ++open(FP, "openssl dh -noout -C -in dh3072.pem | indent | expand |") || die; + $dhsource .= $_ while (); + close(FP); + $dhsource =~ s|(DH\s+\*get_dh)(\d+)[^}]*\n}|static $1$2(void) +@@ -203,8 +203,8 @@ print FP $source; + close(FP); + + # cleanup +-unlink("dh512.pem"); +-unlink("dh1024.pem"); ++unlink("dh2048.pem"); ++unlink("dh3072.pem"); + + =pod + */ Property changes on: branches/2015Q2/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2015Q2 =================================================================== --- branches/2015Q2 (revision 389213) +++ branches/2015Q2 (revision 389214) Property changes on: branches/2015Q2 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r386904,388386