summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
authorPhilip M. Gollucci <pgollucci@FreeBSD.org>2015-07-15 17:16:05 +0000
committerPhilip M. Gollucci <pgollucci@FreeBSD.org>2015-07-15 17:16:05 +0000
commit55347a153160a2f54ecf1f0a92fc33babd04e026 (patch)
tree3c17e2bedc0af5990ad620a77efe873cb012b106 /www
parent066f65ca47617b03e5f618605de78a5813151493 (diff)
downloadfreebsd-ports-55347a153160a2f54ecf1f0a92fc33babd04e026.zip
www/apache24: fix CVEs, update 2.4.12 -> 2.4.16
- Convet to USES=autoreconf - Sort USES - Remove now empty patch files Security: https://vuxml.freebsd.org/freebsd/a12494c1-2af4-11e5-86ff-14dae9d210b8.html Differential Revision: https://reviews.freebsd.org/D3101 Submitted by: feld Reviewed by: pgollucci (myself) With Hat: apache@ MFH: 2015Q3
Diffstat (limited to 'www')
-rw-r--r--www/apache24/Makefile6
-rw-r--r--www/apache24/distinfo4
-rw-r--r--www/apache24/files/patch-Makefile.in46
-rw-r--r--www/apache24/files/patch-acinclude.m424
-rw-r--r--www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in39
-rw-r--r--www/apache24/files/patch-include__ap_config_auto.h.in26
-rw-r--r--www/apache24/files/patch-modules__ssl__ssl_engine_init.c31
-rw-r--r--www/apache24/files/patch-modules__ssl__ssl_engine_rand.c22
8 files changed, 13 insertions, 185 deletions
diff --git a/www/apache24/Makefile b/www/apache24/Makefile
index a3dee05da099..16e506e937a7 100644
--- a/www/apache24/Makefile
+++ b/www/apache24/Makefile
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= apache24
-PORTVERSION= 2.4.12
+PORTVERSION= 2.4.16
CATEGORIES= www ipv6
MASTER_SITES= APACHE_HTTPD
DISTNAME= httpd-${PORTVERSION}
@@ -18,10 +18,10 @@ CONFLICTS_INSTALL= caudium14-1.* \
apache-*-2.2.* apache22-*
USE_APACHE= common24
-USES= tar:bzip2 iconv perl5 libtool cpe
+USES= autoreconf cpe iconv libtool perl5 tar:bzip2
USE_PERL5= run
-USE_AUTOTOOLS= autoconf
USE_RC_SUBR= apache24 htcacheclean
+GNU_CONFIGURE= yes
CPE_VENDOR= apache
CPE_PRODUCT= http_server
diff --git a/www/apache24/distinfo b/www/apache24/distinfo
index d34c15e93309..80bf11070bdc 100644
--- a/www/apache24/distinfo
+++ b/www/apache24/distinfo
@@ -1,2 +1,2 @@
-SHA256 (apache24/httpd-2.4.12.tar.bz2) = ad6d39edfe4621d8cc9a2791f6f8d6876943a9da41ac8533d77407a2e630eae4
-SIZE (apache24/httpd-2.4.12.tar.bz2) = 5054838
+SHA256 (apache24/httpd-2.4.16.tar.bz2) = ac660b47aaa7887779a6430404dcb40c0b04f90ea69e7bd49a40552e9ff13743
+SIZE (apache24/httpd-2.4.16.tar.bz2) = 5101005
diff --git a/www/apache24/files/patch-Makefile.in b/www/apache24/files/patch-Makefile.in
index 3f275064fb9b..7dcfab1dab67 100644
--- a/www/apache24/files/patch-Makefile.in
+++ b/www/apache24/files/patch-Makefile.in
@@ -1,4 +1,4 @@
---- Makefile.in.orig 2012-12-17 11:50:41 UTC
+--- Makefile.in.orig 2015-04-15 18:06:04 UTC
+++ Makefile.in
@@ -32,12 +32,9 @@ include $(top_srcdir)/build/program.mk
install-conf:
@@ -14,45 +14,7 @@
done; \
for j in $(top_srcdir)/docs/conf $(top_builddir)/docs/conf ; do \
cd $$j ; \
-@@ -58,6 +55,16 @@ install-conf:
- -e 's#@@SSLPort@@#$(SSLPORT)#g' \
- -e 'p' \
- < $$i; \
-+ if echo " $(DSO_MODULES) "|$(EGREP) " cgi " > /dev/null ; then \
-+ have_cgi="1"; \
-+ else \
-+ have_cgi="0"; \
-+ fi; \
-+ if echo " $(DSO_MODULES) "|$(EGREP) " cgid " > /dev/null ; then \
-+ have_cgid="1"; \
-+ else \
-+ have_cgid="0"; \
-+ fi; \
- for j in $(DSO_MODULES) "^EOL^"; do \
- if test $$j != "^EOL^"; then \
- if echo ",$(ENABLED_DSO_MODULES),"|$(EGREP) ",$$j," > /dev/null ; then \
-@@ -68,8 +75,18 @@ install-conf:
- if test "$(LOAD_ALL_MODULES)" = "yes"; then \
- loading_disabled=""; \
- fi; \
-- echo "$${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
-- fi; \
-+ if test $$j = "cgid" -a "$$have_cgi" = "1"; then \
-+ echo "<IfModule !mpm_prefork_module>"; \
-+ echo " $${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
-+ echo "</IfModule>"; \
-+ elif test $$j = "cgi" -a "$$have_cgid" = "1"; then \
-+ echo "<IfModule mpm_prefork_module>"; \
-+ echo " $${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
-+ echo "</IfModule>"; \
-+ else \
-+ echo "$${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
-+ fi; \
-+ fi; \
- done; \
- sed -e '1,/@@LoadModule@@/d' \
- -e '/@@LoadModule@@/d' \
-@@ -78,15 +95,12 @@ install-conf:
+@@ -98,15 +95,12 @@ install-conf:
-e 's#@@SSLPort@@#$(SSLPORT)#g' \
< $$i; \
fi \
@@ -70,7 +32,7 @@
fi; \
done ; \
done ; \
-@@ -137,48 +151,25 @@ dox:
+@@ -157,48 +151,25 @@ dox:
doxygen $(top_srcdir)/docs/doxygen.conf
install-htdocs:
@@ -128,7 +90,7 @@
install-other:
@test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir)
-@@ -231,12 +222,7 @@ install-man:
+@@ -251,12 +222,7 @@ install-man:
@test -d $(DESTDIR)$(manualdir) || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir)
@cp -p $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1
@cp -p $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8
diff --git a/www/apache24/files/patch-acinclude.m4 b/www/apache24/files/patch-acinclude.m4
deleted file mode 100644
index 676c8fefeb8e..000000000000
--- a/www/apache24/files/patch-acinclude.m4
+++ /dev/null
@@ -1,24 +0,0 @@
---- acinclude.m4.orig 2014-01-05 08:37:21 UTC
-+++ acinclude.m4
-@@ -267,9 +267,10 @@ DISTCLEAN_TARGETS = modules.mk
- static =
- shared = $libname
- EOF
-+ dnl https://issues.apache.org/bugzilla/show_bug.cgi?id=53882
-+ DSO_MODULES="$DSO_MODULES mpm_$1"
- # add default MPM to LoadModule list
- if test $1 = $default_mpm; then
-- DSO_MODULES="$DSO_MODULES mpm_$1"
- ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mpm_$1"
- fi
- fi
-@@ -576,7 +577,8 @@ AC_DEFUN(APACHE_CHECK_OPENSSL,[
- liberrors=""
- AC_CHECK_HEADERS([openssl/engine.h])
- AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"])
-- AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines])
-+ dnl PR 196139, https://issues.apache.org/bugzilla/show_bug.cgi?id=57375
-+ AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines SSL_CTX_use_certificate_chain RAND_egd])
- if test "x$liberrors" != "x"; then
- AC_MSG_WARN([OpenSSL libraries are unusable])
- fi
diff --git a/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in b/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in
index f8804d61eada..a74e8e10edc9 100644
--- a/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in
+++ b/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in
@@ -1,37 +1,6 @@
---- docs/conf/extra/httpd-ssl.conf.in.orig 2015-01-31 12:20:34 UTC
-+++ docs/conf/extra/httpd-ssl.conf.in
-@@ -42,11 +42,30 @@ Listen @@SSLPort@@
- ## the main server and all SSL-enabled virtual hosts.
- ##
-
-+## disable unsecure SSL protocols
-+SSLProtocol ALL -SSLv2 -SSLv3
-+
- # SSL Cipher Suite:
- # List the ciphers that the client is permitted to negotiate.
- # See the mod_ssl documentation for a complete list.
- SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
-
-+## The following entries can be used as suggestions,
-+## for more information see:
-+## - http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite
-+## - http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
-+##
-+## To test your SSL implementation use for example security/sslscan or for public reachable systems https://www.ssllabs.com/
-+
-+## sample for OpenSSL >= 1.0.x (with RC4)
-+# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
-+
-+## sample for OpenSSL >= 1.0.x (keep support for IE8 on XP)
-+# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4"
-+
-+## sample for OpenSSL >= 1.0.x (no RC4 support)
-+# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
-+
- # Speed-optimized SSL Cipher configuration:
- # If speed is your main concern (on busy HTTPS servers e.g.),
- # you might want to force clients to specific, performance
-@@ -105,8 +124,8 @@ SSLSessionCacheTimeout 300
+--- docs/conf/extra/httpd-ssl.conf.in.orig 2015-05-27 13:59:59.000000000 -0500
++++ docs/conf/extra/httpd-ssl.conf.in 2015-07-15 09:50:31.369623000 -0500
+@@ -124,8 +124,8 @@
DocumentRoot "@exp_htdocsdir@"
ServerName www.example.com:@@SSLPort@@
ServerAdmin you@example.com
@@ -42,7 +11,7 @@
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
-@@ -265,7 +284,7 @@ BrowserMatch "MSIE [2-5]" \
+@@ -284,7 +284,7 @@
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
diff --git a/www/apache24/files/patch-include__ap_config_auto.h.in b/www/apache24/files/patch-include__ap_config_auto.h.in
deleted file mode 100644
index 3d4b123f510c..000000000000
--- a/www/apache24/files/patch-include__ap_config_auto.h.in
+++ /dev/null
@@ -1,26 +0,0 @@
-# libressl support
-# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139
-# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375
-
---- include/ap_config_auto.h.in.orig 2015-01-15 19:59:13 UTC
-+++ include/ap_config_auto.h.in
-@@ -130,6 +130,9 @@
- /* Define to 1 if you have the <pwd.h> header file. */
- #undef HAVE_PWD_H
-
-+/* Define to 1 if you have the `RAND_egd' function. */
-+#undef HAVE_RAND_EGD
-+
- /* Define to 1 if you have the `setsid' function. */
- #undef HAVE_SETSID
-
-@@ -139,6 +142,9 @@
- /* Define to 1 if you have the `SSL_CTX_new' function. */
- #undef HAVE_SSL_CTX_NEW
-
-+/* Define to 1 if you have the `SSL_CTX_use_certificate_chain' function. */
-+#undef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
-+
- /* Define to 1 if you have the <stdint.h> header file. */
- #undef HAVE_STDINT_H
-
diff --git a/www/apache24/files/patch-modules__ssl__ssl_engine_init.c b/www/apache24/files/patch-modules__ssl__ssl_engine_init.c
deleted file mode 100644
index a82cbdc6df5a..000000000000
--- a/www/apache24/files/patch-modules__ssl__ssl_engine_init.c
+++ /dev/null
@@ -1,31 +0,0 @@
-# libressl support
-# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139
-# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375
-
---- modules/ssl/ssl_engine_init.c.orig 2015-01-15 12:20:33 UTC
-+++ modules/ssl/ssl_engine_init.c
-@@ -353,9 +353,11 @@ apr_status_t ssl_init_Engine(server_rec
- return ssl_die(s);
- }
-
-+#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK
- if (strEQ(mc->szCryptoDevice, "chil")) {
- ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
- }
-+#endif
-
- if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
- ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01889)
-@@ -838,7 +840,11 @@ static apr_status_t ssl_init_ctx_cert_ch
- }
- }
-
-- n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
-+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
-+ n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
-+#else
-+ n = _SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
-+#endif
- (char *)chain,
- skip_first, NULL);
- if (n < 0) {
diff --git a/www/apache24/files/patch-modules__ssl__ssl_engine_rand.c b/www/apache24/files/patch-modules__ssl__ssl_engine_rand.c
deleted file mode 100644
index e6b98e42b6a9..000000000000
--- a/www/apache24/files/patch-modules__ssl__ssl_engine_rand.c
+++ /dev/null
@@ -1,22 +0,0 @@
-# libressl support
-# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139
-# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375
-
---- modules/ssl/ssl_engine_rand.c.orig 2011-12-05 00:08:01 UTC
-+++ modules/ssl/ssl_engine_rand.c
-@@ -81,6 +81,7 @@ int ssl_rand_seed(server_rec *s, apr_poo
- nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
- ssl_util_ppclose(s, p, fp);
- }
-+#ifdef HAVE_RAND_EGD
- else if (pRandSeed->nSrc == SSL_RSSRC_EGD) {
- /*
- * seed in contents provided by the external
-@@ -90,6 +91,7 @@ int ssl_rand_seed(server_rec *s, apr_poo
- continue;
- nDone += n;
- }
-+#endif
- else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) {
- struct {
- time_t t;