Index: head/www/apache24/Makefile =================================================================== --- head/www/apache24/Makefile (revision 452731) +++ head/www/apache24/Makefile (revision 452732) @@ -1,219 +1,218 @@ # $FreeBSD$ PORTNAME= apache24 -PORTVERSION= 2.4.27 -PORTREVISION= 1 +PORTVERSION= 2.4.29 CATEGORIES= www ipv6 MASTER_SITES= APACHE_HTTPD DISTNAME= httpd-${PORTVERSION} DIST_SUBDIR= apache24 MAINTAINER= apache@FreeBSD.org COMMENT= Version 2.4.x of Apache web server LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE LIB_DEPENDS= libexpat.so:textproc/expat2 \ libapr-1.so:devel/apr1 \ libpcre.so:devel/pcre CONFLICTS_INSTALL= caudium14-1.* \ apache-*-2.2.* apache22-* USE_APACHE= common24 USES= autoreconf cpe iconv libtool perl5 tar:bzip2 USE_PERL5= run USE_RC_SUBR= apache24 htcacheclean GNU_CONFIGURE= yes CPE_VENDOR= apache CPE_PRODUCT= http_server PORTDOCS= * SUB_FILES= pkg-install pkg-deinstall # XXX: before running makepatch please run the command # `$SED -e 's/PATCH_PATH_SEPARATOR=/PATCH_PATH_SEPARATOR?=/' Mk/bsd.port.mk PATCH_PATH_SEPARATOR= __ # Fallback MPM after switching from static to modular MPM SUB_LIST+= MPMF="000_mpm_prefork_fallback.conf" USERS= www GROUPS= www # for slave ports .if !defined(MASTERDIR) APACHEDIR= ${.CURDIR} .else APACHEDIR= ${MASTERDIR} .endif WITH_HTTP_PORT?= 80 WITH_SSL_PORT?= 443 .if !defined(WITH_DEBUG) EXTRA_PATCHES+= ${FILESDIR}/extra-patch-server_buildmark.c .endif .include "${APACHEDIR}/Makefile.options" .include "${APACHEDIR}/Makefile.options.desc" # IMPLIES AUTHN_DBD_IMPLIES= DBD HEARTBEAT_IMPLIES= WATCHDOG STATUS HEARTMONITOR_IMPLIES= WATCHDOG STATUS LBMETHOD_HEARTBEAT_IMPLIES= WATCHDOG STATUS HEARTMONITOR PROXY_HCHECK_IMPLIES= WATCHDOG # MPM MPM_PREFORK_CONFIGURE_ON= --with-mpm=prefork MPM_WORKER_CONFIGURE_ON= --with-mpm=worker MPM_EVENT_CONFIGURE_ON= --with-mpm=event AUTHNZ_LDAP_CONFIGURE_ON= --enable-authnz-ldap # http://httpd.apache.org/docs/2.4/bind.html IPV4_MAPPED_CONFIGURE_ENABLE= v4-mapped LDAP_CONFIGURE_ON= --enable-ldap=shared BROTLI_CONFIGURE_ON= --with-brotli=${LOCALBASE} BROTLI_LIB_DEPENDS= libbrotlicommon.so:archivers/brotli HTTP2_CONFIGURE_ON= --with-nghttp2=${LOCALBASE} HTTP2_LIB_DEPENDS= libnghttp2.so:www/libnghttp2 LUAJIT_LIB_DEPENDS= libluajit-5.1.so:lang/luajit LUA_CONFIGURE_WITH= lua LUA_USES= lua PROXY_HTTP2_CONFIGURE_ON= --with-nghttp2=${LOCALBASE} PROXY_HTTP2_LIB_DEPENDS= libnghttp2.so:www/libnghttp2 SOCACHE_DC_CONFIGURE_ON= --with-distcache=${LOCALBASE} SOCACHE_DC_LIB_DEPENDS= libdistcache.so:security/distcache # Note: # OpenSSL version (base/ports) depends how devel/apr1 was build # apu-1-config --(includes|ldflags) and apr_rules.mk SSL_CFLAGS= -I${OPENSSLINC} SSL_CONFIGURE_ON= --with-ssl=${OPENSSLBASE} SSL_LDFLAGS= -L${OPENSSLLIB} SSL_USES= ssl .include ETC_SUBDIRS= Includes envvars.d extra modules.d APR_CONFIG?= ${LOCALBASE}/bin/apr-1-config APU_CONFIG?= ${LOCALBASE}/bin/apu-1-config # APU modules used by AUTHN_DBD DBD APU_DBD_MYSQL?= ${LOCALBASE}/lib/apr-util-1/apr_dbd_mysql.so APU_DBD_PGSQL?= ${LOCALBASE}/lib/apr-util-1/apr_dbd_pgsql.so APU_DBD_SQLITE3?= ${LOCALBASE}/lib/apr-util-1/apr_dbd_sqlite3.so # APU module used by AUTHNZ_LDAP LDAP APU_LDAP?= ${LOCALBASE}/lib/apr-util-1/apr_ldap.so # APU module used by SESSION_CRYPTO APU_CRYPTO_OPENSSL?= ${LOCALBASE}/lib/apr-util-1/apr_crypto_openssl.so APU_CRYPTO_NSS?= ${LOCALBASE}/lib/apr-util-1/apr_crypto_nss.so PREFIX_RELDEST= ${PREFIX:S,^${DESTDIR},,} CONFIGURE_ARGS+=--prefix=${PREFIX_RELDEST} \ --enable-layout=FreeBSD \ --with-port=${WITH_HTTP_PORT} \ --with-sslport=${WITH_SSL_PORT} \ --with-expat=${LOCALBASE} \ --with-iconv=${ICONV_PREFIX} \ --enable-http \ --with-pcre=${LOCALBASE} \ --with-apr=${APR_CONFIG} \ --with-apr-util=${APU_CONFIG} CONFIGURE_ENV= LOCALBASE="${LOCALBASE}" \ CONFIG_SHELL="${SH}" MAKE_ENV+= EXPR_COMPAT=yes \ INSTALL_MAN="${INSTALL_MAN}" \ DATADIR=${DATADIR} #===================================================== # CONFIGURE_ARGS will be handled in Makefile.modules, # here we do only OPTIONS fixups .if ${PORT_OPTIONS:MLUA} CONFIGURE_ENV+= LUA_CFLAGS="-I${LUA_INCDIR}" \ LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}" .endif .if ${PORT_OPTIONS:MPROXY_HTML} || ${PORT_OPTIONS:MXML2ENC} USE_GNOME= libxml2 .endif .include .include "${APACHEDIR}/Makefile.modules" .if ${OPSYS} == FreeBSD && ${OSVERSION} < 1100085 &&\ ${PORT_OPTIONS:MHTTP2} && ${OPENSSLBASE} == /usr SUB_FILES+= pkg-message .endif post-extract: # remove possible leftover .svn directories in the sources @${FIND} ${WRKSRC} -type d -name .svn -print | ${XARGS} ${RM} -r # limit grep results ... @${FIND} ${WRKSRC} -type f \( -name 'NWGNU*' -o -name '*.ds?' -o -name '*.dep' -o -name '*.mak' -o -name '*.win' -o -name '*.vbs' -o -name '*.wsf' \) -delete # make sure the configure script contains our patches, preserve the original script for comparsion -${MV} -v ${WRKSRC}/configure ${WRKSRC}/configure.upstream # make stage-qa script happy, it complains on empty dirs even 'PORTDOCS=*' is set # use RMDIR in case upstream ever place some files into this directories .for d in xsl/util xsl lang -${RMDIR} ${WRKSRC}/docs/manual/style/${d} .endfor post-patch: ${REINPLACE_CMD} -e 's," PLATFORM ",FreeBSD,' ${WRKSRC}/server/core.c ${REINPLACE_CMD} -e 's|logs/error_log|/var/log/httpd-error.log|' \ ${WRKSRC}/include/httpd.h ${REINPLACE_CMD} -e 's|perlbin=.*|perlbin=${PERL}|' \ ${WRKSRC}/configure.in ${RM} ${WRKSRC}/docs/docroot/*.bak ${INSTALL_DATA} ${WRKSRC}/NOTICE ${WRKSRC}/docs/manual pre-configure:: @${ECHO_MSG} "" @${ECHO_MSG} " You can check your modules configuration by using make show-modules" @${ECHO_MSG} "" # silence autotools -${MV} -v ${WRKSRC}/configure.in ${WRKSRC}/configure.ac post-configure: @FTPUSERS=`${EGREP} -v '^#' /etc/ftpusers| ${TR} -s "\n" " "` ;\ ${REINPLACE_CMD} -e "s,%%FTPUSERS%%,$${FTPUSERS}," \ ${WRKSRC}/docs/conf/extra/httpd-userdir.conf ${REINPLACE_CMD} -e "s,%%WWWOWN%%,${WWWOWN}," -e "s,%%WWWGRP%%,${WWWGRP}," \ ${WRKSRC}/docs/conf/httpd.conf ${REINPLACE_CMD} -e "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/support/envvars-std post-install: @${MKDIR} ${ETC_SUBDIRS:S|^|${STAGEDIR}${ETCDIR}/|} ${INSTALL_DATA} ${FILESDIR}/no-accf.conf ${STAGEDIR}${ETCDIR}/Includes/ # place for 3rd party module configuration ${INSTALL_DATA} ${FILESDIR}/README_modules.d ${STAGEDIR}${ETCDIR}/modules.d/ # strip returns an error for non binary files, but we have a big mix -${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/* 2>/dev/null -${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/* -${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/apache24/mod_*.so post-install-LOG_FORENSIC-on: ${INSTALL_SCRIPT} ${WRKSRC}/support/check_forensic ${STAGEDIR}${PREFIX}/sbin # maintainer only, check for new modules modlist: extract @${AWK} '/: checking whether to enable mod_/ \ {printf "%%%%%s%%%%libexec/apache24/%s.so\n", \ toupper($$8), $$8}' ${WRKSRC}/configure.upstream \ | ${TR} -d '"' \ | ${SORT} -u \ | ${GREP} -E -v '^%%MOD_(HTTP|ISAPI|LOG_CONFIG|PRIVILEGES|SO|UNIXD)%%' .include Index: head/www/apache24/Makefile.modules =================================================================== --- head/www/apache24/Makefile.modules (revision 452731) +++ head/www/apache24/Makefile.modules (revision 452732) @@ -1,93 +1,93 @@ # $FreeBSD$ # # ============================================= # Maintainer note for OPTION handling: # To set additional option use # PORT_OPTIONS+= # To set / unset an OPTION, even the OPTION is set / unset in OPTIONS_FILE use # WITH="MODULE1 MODULE2 ..." or WITHOUT="MODULE1 MODULE2 ..." .if defined(_PREMKINCLUDED) # check if APR-util module exists .if exists(${APU_CONFIG}) . if ${PORT_OPTIONS:MLDAP} || ${PORT_OPTIONS:MAUTHNZ_LDAP} . if !exists(${APU_LDAP}) IGNORE= LDAP and AUTHNZ_LDAP requires APR-util to have LDAP support built in.\ Please rebuild APR with LDAP support . endif . endif . if ${PORT_OPTIONS:MSESSION_CRYPTO} . if !exists(${APU_CRYPTO_OPENSSL}) && !exists(${APU_CRYPTO_NSS}) IGNORE= SESSION_CRYPTO requires APR-util to have crypto openssl support build in.\ Please rebuild APR with crypto openssl support . endif . endif .endif # exists APU_CONFIG # ============================================= .if ${PORT_OPTIONS:MMPM_SHARED} SUB_LIST+= MPM_FALLBACK_CHECK="" PLIST_SUB+= MPM_SHARED="" CONFIGURE_ARGS+= --enable-mpms-shared=all .else SUB_LIST+= MPM_FALLBACK_CHECK="\#" PLIST_SUB+= MPM_SHARED="@comment " .endif # ============================================= # build develop/example modules only with additional confirmation .for DEVMOD in ${EXAMPLE_MODULES} . if ${PORT_OPTIONS:M${DEVMOD}} WITH_DEVMODS= yes . endif .endfor .if defined(WITH_DEVMODS) && !defined(IAMADEVELOPER ) IGNORE= to build the develop/example modules specify -DIAMADEVELOPER on the command line.\ Do not use the this modules in production environment .endif # The next three params are not converted to an option, # they should be used only for special builds. .if defined(WITH_STATIC_SUPPORT) CONFIGURE_ARGS+= --enable-static-support .endif # debug overrides CFLAGS .if defined(WITH_DEBUG) DEBUG_FLAGS?= -O0 -g -ggdb3 CFLAGS= ${DEBUG_FLAGS} CONFIGURE_ARGS+= --enable-maintainer-mode WITH_EXCEPTION_HOOK= yes .endif .if defined(WITH_EXCEPTION_HOOK) CONFIGURE_ARGS+= --enable-exception-hook .endif .if ${PORT_OPTIONS:MAUTH_BASIC} || ${PORT_OPTIONS:MAUTH_DIGEST} . if !${APACHE_MODULES:MAUTHN*} IGNORE= AUTH_BASIC and AUTH_DIGEST need at least one AUTHN provider . endif .endif .if ${PORT_OPTIONS:MAUTH_BASIC} . if !${APACHE_MODULES:MAUTHZ*} IGNORE= AUTH_BASIC need at least one AUTHZ provider . endif .endif .if ${PORT_OPTIONS:MXML2ENC} || ${PORT_OPTIONS:MPROXY_HTML} CONFIGURE_ARGS+= --with-libxml2=${LOCALBASE}/include/libxml2 .else CONFIGURE_ARGS+= --without-libxml2 .endif .if ${PORT_OPTIONS:MPROXY_HTTP2} && !${PORT_OPTIONS:MPROXY_BALANCER} -IGNORE= PROXY_HTTP2 needs PROXY_BALANCER +IGNORE= PROXY_HTTP2 requires PROXY_BALANCER .endif .endif # _PREMKINCLUDED Index: head/www/apache24/Makefile.options.desc =================================================================== --- head/www/apache24/Makefile.options.desc (revision 452731) +++ head/www/apache24/Makefile.options.desc (revision 452732) @@ -1,182 +1,182 @@ # $FreeBSD$ # vim: syntax=make ts=8 noet # ===================================== # OPTIONS HEADING PROXY_DESC= Build enabled PROXY modules SESSION_DESC= Build enabled SESSION modules DEFAULT_MPM_DESC= The default MPM module SHARED_MPM_DESC= Build all MPMs as shared Module EXAMPLE_DESC= Example and devel modules (do not use in prod) # ===================================== # MPMs MPM_SHARED_DESC= all MPMs as loadable module MPM_PREFORK_DESC= non-threaded, pre-forking web server MPM_WORKER_DESC= hybrid multi-threaded multi-process web server MPM_EVENT_DESC= MPM worker variant with the goal of consuming threads only for connections with active processing # ===================================== # additional (no modules) IPV4_MAPPED_DESC= Allow IPv6 sockets to handle IPv4 connections LUAJIT_DESC= LuaJit Support # ===================================== # static support (tbd) STATIC_AB_DESC= static linked ab STATIC_CHECKGID_DESC= static linked checkgid STATIC_FCGISTARTER_DESC= static linked fcgistarter STATIC_HTCACHECLEAN_DESC= static linked htcacheclean STATIC_HTDBM_DESC= static linked htdbm STATIC_HTDIGEST_DESC= static linked htdigest STATIC_HTPASSWD_DESC= static linked htpasswd STATIC_HTTXT2DBM_DESC= static linked httxt2dbm STATIC_LOGRESOLVE_DESC= static linked logresolve STATIC_ROTATELOGS_DESC= static linked rotatelogs STATIC_SUPPORT_DESC= static linked support binaries # ===================================== # modules # DESC from modules/*/config.m4 files ACCESS_COMPAT_DESC= mod_access compatibility ACTIONS_DESC= Action triggering on requests ALIAS_DESC= Mapping of requests to different filesystem parts ALLOWMETHODS_DESC= Restrict allowed HTTP methods ASIS_DESC= Sends files that contain their own HTTP headers AUTHNZ_FCGI_DESC= FastCGI authorizer-based authentication and authorization AUTHNZ_LDAP_DESC= LDAP based authentication AUTHN_ANON_DESC= Anonymous user authentication control AUTHN_CORE_DESC= Core authentication module AUTHN_DBD_DESC= SQL-based authentication control AUTHN_DBM_DESC= DBM-based authentication control AUTHN_FILE_DESC= File-based authentication control AUTHN_SOCACHE_DESC= Cached authentication control AUTHZ_CORE_DESC= Core authorization provider vector module AUTHZ_DBD_DESC= SQL based authorization and Login/Session support AUTHZ_DBM_DESC= DBM-based authorization control AUTHZ_GROUPFILE_DESC= "require group" authorization control AUTHZ_HOST_DESC= Host-based authorization control AUTHZ_OWNER_DESC= "require file-owner" authorization control AUTHZ_USER_DESC= "require user" authorization control AUTH_BASIC_DESC= Basic authentication AUTH_DIGEST_DESC= RFC2617 Digest authentication AUTH_FORM_DESC= Form authentication AUTOINDEX_DESC= Directory listing BROTLI_DESC= Brotli compression support BUCKETEER_DESC= (dev) buckets manipulation filter BUFFER_DESC= Filter Buffering CACHE_DESC= Dynamic file caching CACHE_DISK_DESC= Disk caching module CACHE_SOCACHE_DESC= Shared object cacheing module CASE_FILTER_DESC= (dev) example uppercase conversion filter CASE_FILTER_IN_DESC= (dev) example uppercase conversion input filter CERN_META_DESC= CERN-type meta files CGID_DESC= CGI scripts (threaded MPMs) CGI_DESC= CGI scripts (non-threaded MPMs) CHARSET_LITE_DESC= Character set translation. Enabled by default only on EBCDIC systems DATA_DESC= RFC2397 data encoder DAV_DESC= WebDAV protocol handling. --enable-dav also enables mod_dav_fs DAV_FS_DESC= DAV provider for the filesystem. --enable-dav also enables mod_dav_fs DAV_LOCK_DESC= DAV provider for generic locking DBD_DESC= Apache DBD Framework DEFLATE_DESC= Deflate transfer encoding support DIALUP_DESC= Rate limits static files to dialup modem speeds DIR_DESC= Directory request handling DUMPIO_DESC= I/O dump filter ECHO_DESC= (dev) example echo server ENV_DESC= Clearing/setting of ENV vars EXAMPLE_HOOKS_DESC= (dev) example hook callback handler module EXAMPLE_IPC_DESC= (dev) example of shared memory and mutex usage EXPIRES_DESC= Expires header control EXT_FILTER_DESC= External filter module FILE_CACHE_DESC= File cache FILTER_DESC= Smart Filtering HEADERS_DESC= HTTP header control HEARTBEAT_DESC= Generates Heartbeats HEARTMONITOR_DESC= Collects Heartbeats HTTP2_DESC= HTTP/2 (RFC 7540) support IDENT_DESC= RFC 1413 ident lookups IMAGEMAP_DESC= Server-side imagemaps INCLUDE_DESC= Server-side includes INFO_DESC= Server information LBMETHOD_BYBUSYNESS_DESC= Apache proxy Load balancing by busyness LBMETHOD_BYREQUESTS_DESC= Apache proxy Load balancing by request counting LBMETHOD_BYTRAFFIC_DESC= Apache proxy Load balancing by traffic counting LBMETHOD_HEARTBEAT_DESC= Apache proxy Load balancing from Heartbeats LDAP_DESC= LDAP caching and connection pooling services LOGIO_DESC= Input and output logging LOG_CONFIG_DESC= logging configuration LOG_DEBUG_DESC= Configurable debug logging LOG_FORENSIC_DESC= Forensic logging LUA_DESC= Apache Lua Framework MACRO_DESC= Define and use macros in configuration files MIME_DESC= Mapp file-ext. to MIME (recommended) MIME_MAGIC_DESC= Automagically determining MIME type NEGOTIATION_DESC= Content negotiation OPTIONAL_FN_EXPORT_DESC= (dev) example optional function exporter OPTIONAL_FN_IMPORT_DESC= (dev) example optional function importer OPTIONAL_HOOK_EXPORT_DESC= (dev) example optional hook exporter OPTIONAL_HOOK_IMPORT_DESC= (dev) example optional hook importer #PRIVILEGES_DESC= Per-virtualhost Unix UserIDs and enhanced security for Solaris PROXY_AJP_DESC= AJP support module for mod_proxy PROXY_BALANCER_DESC= mod_proxy extension for load balancing PROXY_CONNECT_DESC= mod_proxy extension for CONNECT request handling PROXY_EXPRESS_DESC= Dynamic mass reverse proxy extension for mod_proxy PROXY_FCGI_DESC= FastCGI support module for mod_proxy PROXY_FDPASS_DESC= fdpass external process support module for mod_proxy PROXY_FTP_DESC= FTP support module for mod_proxy PROXY_HCHECK_DESC= Dynamic health check of Balancer members (workers) for mod_proxy PROXY_HTML_DESC= Fix HTML Links in a Reverse Proxy PROXY_HTTP_DESC= HTTP support module for mod_proxy -PROXY_HTTP2_DESC= Experimental http2 proxy module for h2 and h2c +PROXY_HTTP2_DESC= HTTP/2 support module for h2 and h2c PROXY_SCGI_DESC= SCGI gateway module for mod_proxy PROXY_WSTUNNEL_DESC= Websockets Tunnel module for mod_proxy RATELIMIT_DESC= Output Bandwidth Limiting REFLECTOR_DESC= Reflect request through the output filter stack REMOTEIP_DESC= Translate header contents to an apparent client remote_ip REQTIMEOUT_DESC= Limit time waiting for request from client REQUEST_DESC= Request Body Filtering REWRITE_DESC= Rule based URL manipulation SED_DESC= Filter request and/or response bodies through sed SESSION_COOKIE_DESC= Session cookie module SESSION_CRYPTO_DESC= Session crypto module SESSION_DBD_DESC= Session dbd module SETENVIF_DESC= Modify ENV vars based on characteristics of the request SLOTMEM_PLAIN_DESC= Slotmem provider that uses plain memory SLOTMEM_SHM_DESC= Slotmem provider that uses shared memory SOCACHE_DBM_DESC= dbm small object cache provider SOCACHE_DC_DESC= distcache small object cache provider SOCACHE_MEMCACHE_DESC= memcache small object cache provider SOCACHE_SHMCB_DESC= shmcb small object cache provider SPELING_DESC= Correct common URL misspellings SSL_DESC= SSL/TLS support (mod_ssl) STATUS_DESC= Process/thread monitoring SUBSTITUTE_DESC= Response content rewrite-like filtering SUEXEC_DESC= Set uid and gid for spawned processes UNIQUE_ID_DESC= Per-request unique ids UNIXD_DESC= (required) security for Unix-family platforms USERDIR_DESC= Mapping of requests to user-specific directories USERTRACK_DESC= User-session tracking VERSION_DESC= Determining httpd version in config files VHOST_ALIAS_DESC= Mass virtual hosting WATCHDOG_DESC= Watchdog module XML2ENC_DESC= i18n support for markup filters Index: head/www/apache24/distinfo =================================================================== --- head/www/apache24/distinfo (revision 452731) +++ head/www/apache24/distinfo (revision 452732) @@ -1,3 +1,3 @@ -TIMESTAMP = 1499686775 -SHA256 (apache24/httpd-2.4.27.tar.bz2) = 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a -SIZE (apache24/httpd-2.4.27.tar.bz2) = 6527394 +TIMESTAMP = 1508321657 +SHA256 (apache24/httpd-2.4.29.tar.bz2) = 777753a5a25568a2a27428b2214980564bc1c38c1abf9ccc7630b639991f7f00 +SIZE (apache24/httpd-2.4.29.tar.bz2) = 6567926 Index: head/www/apache24/files/patch-CVE-2017-9798 =================================================================== --- head/www/apache24/files/patch-CVE-2017-9798 (revision 452731) +++ head/www/apache24/files/patch-CVE-2017-9798 (nonexistent) @@ -1,15 +0,0 @@ ---- server/core.c 2017/08/16 16:50:29 1805223 -+++ server/core.c 2017/09/08 13:13:11 1807754 -@@ -2266,6 +2266,12 @@ - /* method has not been registered yet, but resource restriction - * is always checked before method handling, so register it. - */ -+ if (cmd->pool == cmd->temp_pool) { -+ /* In .htaccess, we can't globally register new methods. */ -+ return apr_psprintf(cmd->pool, "Could not register method '%s' " -+ "for %s from .htaccess configuration", -+ method, cmd->cmd->name); -+ } - methnum = ap_method_register(cmd->pool, - apr_pstrdup(cmd->pool, method)); - } Property changes on: head/www/apache24/files/patch-CVE-2017-9798 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c =================================================================== --- head/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c (revision 452731) +++ head/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c (nonexistent) @@ -1,11 +0,0 @@ ---- modules/ssl/ssl_engine_vars.c.orig 2017-03-20 12:01:16 UTC -+++ modules/ssl/ssl_engine_vars.c -@@ -529,7 +529,7 @@ static char *ssl_var_lookup_ssl_cert(apr - resdup = FALSE; - } - else if (strcEQ(var, "A_SIG")) { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->signature->algorithm)); - #else - const ASN1_OBJECT *paobj; Property changes on: head/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c =================================================================== --- head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c (revision 452731) +++ head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c (nonexistent) @@ -1,38 +0,0 @@ ---- modules/ssl/ssl_engine_io.c.orig 2017-05-30 12:26:05 UTC -+++ modules/ssl/ssl_engine_io.c -@@ -164,7 +164,7 @@ static int bio_filter_create(BIO *bio) - { - BIO_set_shutdown(bio, 1); - BIO_set_init(bio, 1); --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - /* No setter method for OpenSSL 1.1.0 available, - * but I can't find any functional use of the - * "num" field there either. -@@ -549,7 +549,7 @@ static long bio_filter_in_ctrl(BIO *bio, - return -1; - } - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - - static BIO_METHOD bio_filter_out_method = { - BIO_TYPE_MEM, -@@ -2024,7 +2024,7 @@ static void ssl_io_input_add_filter(ssl_ - - filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, r, c); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - filter_ctx->pbioRead = BIO_new(&bio_filter_in_method); - #else - filter_ctx->pbioRead = BIO_new(bio_filter_in_method); -@@ -2059,7 +2059,7 @@ void ssl_io_filter_init(conn_rec *c, req - filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter, - filter_ctx, r, c); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method); - #else - filter_ctx->pbioWrite = BIO_new(bio_filter_out_method); Property changes on: head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/www/apache24/files/patch-modules_ssl_ssl__private.h =================================================================== --- head/www/apache24/files/patch-modules_ssl_ssl__private.h (revision 452731) +++ head/www/apache24/files/patch-modules_ssl_ssl__private.h (nonexistent) @@ -1,55 +0,0 @@ ---- modules/ssl/ssl_private.h.orig 2017-04-03 11:39:20 UTC -+++ modules/ssl/ssl_private.h -@@ -123,6 +123,16 @@ - #define MODSSL_SSL_METHOD_CONST - #endif - -+#if defined(LIBRESSL_VERSION_NUMBER) -+/* Missing from LibreSSL */ -+#define SSL_CTRL_SET_MIN_PROTO_VERSION 123 -+#define SSL_CTRL_SET_MAX_PROTO_VERSION 124 -+#define SSL_CTX_set_min_proto_version(ctx, version) \ -+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) -+#define SSL_CTX_set_max_proto_version(ctx, version) \ -+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) -+#endif -+ - #if defined(OPENSSL_FIPS) - #define HAVE_FIPS - #endif -@@ -136,7 +146,7 @@ - #endif - - /* session id constness */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #define IDCONST - #else - #define IDCONST const -@@ -199,7 +209,7 @@ - - #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */ - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #define BN_get_rfc2409_prime_768 get_rfc2409_prime_768 - #define BN_get_rfc2409_prime_1024 get_rfc2409_prime_1024 - #define BN_get_rfc3526_prime_1536 get_rfc3526_prime_1536 -@@ -219,7 +229,7 @@ void init_bio_methods(void); - void free_bio_methods(void); - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10002000L -+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) - #define X509_STORE_CTX_get0_store(x) (x->ctx) - #endif - -@@ -934,7 +944,7 @@ char *ssl_util_readfilter(server_ - const char * const *); - BOOL ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *); - #if APR_HAS_THREADS --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - void ssl_util_thread_setup(apr_pool_t *); - #endif - void ssl_util_thread_id_setup(apr_pool_t *); Property changes on: head/www/apache24/files/patch-modules_ssl_ssl__private.h ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h =================================================================== --- head/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h (revision 452731) +++ head/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h (nonexistent) @@ -1,11 +0,0 @@ ---- modules/ssl/ssl_util_ssl.h.orig 2017-03-20 12:01:16 UTC -+++ modules/ssl/ssl_util_ssl.h -@@ -41,7 +41,7 @@ - #define MODSSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER - #define MODSSL_LIBRARY_NAME "OpenSSL" - #define MODSSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #define MODSSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION) - #else - #define MODSSL_LIBRARY_DYNTEXT OpenSSL_version(OPENSSL_VERSION) Property changes on: head/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/www/apache24/files/patch-modules_ssl_mod__ssl.c =================================================================== --- head/www/apache24/files/patch-modules_ssl_mod__ssl.c (revision 452731) +++ head/www/apache24/files/patch-modules_ssl_mod__ssl.c (nonexistent) @@ -1,34 +0,0 @@ ---- modules/ssl/mod_ssl.c.orig 2017-04-03 11:39:20 UTC -+++ modules/ssl/mod_ssl.c -@@ -337,12 +337,12 @@ static apr_status_t ssl_cleanup_pre_conf - #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES - ENGINE_cleanup(); - #endif --#if OPENSSL_VERSION_NUMBER >= 0x1000200fL -+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_COMP) - SSL_COMP_free_compression_methods(); - #endif - - /* Usually needed per thread, but this parent process is single-threaded */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #if OPENSSL_VERSION_NUMBER >= 0x1000000fL - ERR_remove_thread_state(NULL); - #else -@@ -383,14 +383,14 @@ static int ssl_hook_pre_config(apr_pool_ - /* Some OpenSSL internals are allocated per-thread, make sure they - * are associated to the/our same thread-id until cleaned up. - */ --#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L -+#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - ssl_util_thread_id_setup(pconf); - #endif - - /* We must register the library in full, to ensure our configuration - * code can successfully test the SSL environment. - */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - CRYPTO_malloc_init(); - #else - OPENSSL_malloc_init(); Property changes on: head/www/apache24/files/patch-modules_ssl_mod__ssl.c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c =================================================================== --- head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c (revision 452731) +++ head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c (nonexistent) @@ -1,47 +0,0 @@ ---- modules/ssl/ssl_engine_init.c.orig 2017-04-03 11:39:20 UTC -+++ modules/ssl/ssl_engine_init.c -@@ -47,7 +47,7 @@ APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, - #define KEYTYPES "RSA or DSA" - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - /* OpenSSL Pre-1.1.0 compatibility */ - /* Taken from OpenSSL 1.1.0 snapshot 20160410 */ - static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) -@@ -257,7 +257,7 @@ apr_status_t ssl_init_Module(apr_pool_t - #endif - } - --#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L -+#if APR_HAS_THREADS && ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ) - ssl_util_thread_setup(p); - #endif - -@@ -380,7 +380,7 @@ apr_status_t ssl_init_Module(apr_pool_t - modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */ - - init_dh_params(); --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - init_bio_methods(); - #endif - -@@ -1301,7 +1301,7 @@ static apr_status_t ssl_init_server_cert - * or configure NIST P-256 (required to enable ECDHE for earlier versions) - * ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList - */ --#if (OPENSSL_VERSION_NUMBER < 0x10100000L) -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) - else { - #if defined(SSL_CTX_set_ecdh_auto) - SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1); -@@ -2011,7 +2011,7 @@ apr_status_t ssl_init_ModuleKill(void *d - - } - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - free_bio_methods(); - #endif - free_dh_params(); Property changes on: head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/www/apache24/files/patch-modules_ssl_ssl__util.c =================================================================== --- head/www/apache24/files/patch-modules_ssl_ssl__util.c (revision 452731) +++ head/www/apache24/files/patch-modules_ssl_ssl__util.c (nonexistent) @@ -1,11 +0,0 @@ ---- modules/ssl/ssl_util.c.orig 2017-03-24 13:31:03 UTC -+++ modules/ssl/ssl_util.c -@@ -247,7 +247,7 @@ void ssl_asn1_table_unset(apr_hash_t *ta - } - - #if APR_HAS_THREADS --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - /* - * To ensure thread-safetyness in OpenSSL - work in progress - */ Property changes on: head/www/apache24/files/patch-modules_ssl_ssl__util.c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c =================================================================== --- head/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c (revision 452731) +++ head/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c (nonexistent) @@ -1,11 +0,0 @@ ---- modules/ssl/ssl_engine_kernel.c.orig 2017-05-02 11:01:17 UTC -+++ modules/ssl/ssl_engine_kernel.c -@@ -1733,7 +1733,7 @@ static void modssl_proxy_info_log(conn_r - * so we need to increment here to prevent them from - * being freed. - */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #define modssl_set_cert_info(info, cert, pkey) \ - *cert = info->x509; \ - CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \ Property changes on: head/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/www/apache24/files/patch-configure.in =================================================================== --- head/www/apache24/files/patch-configure.in (revision 452731) +++ head/www/apache24/files/patch-configure.in (revision 452732) @@ -1,43 +1,35 @@ --- configure.in.orig 2016-12-02 11:36:06 UTC +++ configure.in @@ -111,7 +111,7 @@ fi if test "$apr_found" = "reconfig"; then APR_SUBDIR_CONFIG(srclib/apr, - [$apache_apr_flags --prefix=$prefix --exec-prefix=$exec_prefix --libdir=$libdir --includedir=$includedir --bindir=$bindir --datadir=$datadir --with-installbuilddir=$installbuilddir], + [$apache_apr_flags --prefix=$prefix], [--enable-layout=*|\'--enable-layout=*]) dnl We must be the first to build and the last to be cleaned AP_BUILD_SRCLIB_DIRS="apr $AP_BUILD_SRCLIB_DIRS" @@ -177,7 +177,7 @@ esac if test "$apu_found" = "reconfig"; then APR_SUBDIR_CONFIG(srclib/apr-util, - [--with-apr=../apr --prefix=$prefix --exec-prefix=$exec_prefix --libdir=$libdir --includedir=$includedir --bindir=$bindir], + [--with-apr=../apr --prefix=$prefix], [--enable-layout=*|\'--enable-layout=*]) dnl We must be the last to build and the first to be cleaned AP_BUILD_SRCLIB_DIRS="$AP_BUILD_SRCLIB_DIRS apr-util" -@@ -597,7 +597,6 @@ AC_ARG_ENABLE(maintainer-mode,APACHE_HEL - if test "$GCC" = "yes"; then - APR_ADDTO(CFLAGS,[-Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wpointer-arith]) - APACHE_ADD_GCC_CFLAG([-std=c89]) -- APACHE_ADD_GCC_CFLAG([-Werror]) - APACHE_ADD_GCC_CFLAG([-Wdeclaration-after-statement]) - APACHE_ADD_GCC_CFLAG([-Wformat]) - APACHE_ADD_GCC_CFLAG([-Wformat-security]) @@ -838,8 +837,14 @@ AC_DEFINE_UNQUOTED(HTTPD_ROOT, "${ap_pre [Root directory of the Apache install area]) AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf", [Location of the config file, relative to the Apache root directory]) +AC_DEFINE_UNQUOTED(DEFAULT_ERRORLOG, "${rel_logfiledir}/httpd-error.log", + [Location of error log file]) +AC_DEFINE_UNQUOTED(DEFAULT_SCOREBOARD, "${rel_runtimedir}/apache_runtime_status", + [Location of ScoreBoard file]) AC_DEFINE_UNQUOTED(AP_TYPES_CONFIG_FILE, "${rel_sysconfdir}/mime.types", [Location of the MIME types config file, relative to the Apache root directory]) +AC_DEFINE_UNQUOTED(DOCUMENT_LOCATION, "${rel_htdocsdir}", + [Location of document root]) perlbin=`$ac_aux_dir/PrintPath perl` if test "x$perlbin" = "x"; then Index: head/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c =================================================================== --- head/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c (revision 452731) +++ head/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c (revision 452732) @@ -1,11 +1,11 @@ --- modules/ssl/ssl_util_stapling.c.orig 2017-07-06 21:11:28 UTC +++ modules/ssl/ssl_util_stapling.c @@ -91,7 +91,7 @@ static X509 *stapling_get_issuer(modssl_ for (i = 0; i < sk_X509_num(extra_certs); i++) { issuer = sk_X509_value(extra_certs, i); if (X509_check_issued(issuer, x) == X509_V_OK) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER < 0x2050000fL ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2050000fL) CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509); #else X509_up_ref(issuer);