www/apache24: fix CVEs, update 2.4.12 -> 2.4.16

- Convet to USES=autoreconf
- Sort USES
- Remove now empty patch files

Security:               https://vuxml.freebsd.org/freebsd/a12494c1-2af4-11e5-86ff-14dae9d210b8.html
Differential Revision:  https://reviews.freebsd.org/D3101

Submitted by:           feld
Reviewed by:            pgollucci (myself)
With Hat:               apache@
MFH:                    2015Q3

8 files changed, 13 insertions, 185 deletions

diff --git a/www/apache24/Makefile b/www/apache24/Makefile
index a3dee05da099..16e506e937a7 100644
--- a/www/apache24/Makefile
+++ b/www/apache24/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	apache24
-PORTVERSION=	2.4.12
+PORTVERSION=	2.4.16
 CATEGORIES=	www ipv6
 MASTER_SITES=	APACHE_HTTPD
 DISTNAME=	httpd-${PORTVERSION}
@@ -18,10 +18,10 @@ CONFLICTS_INSTALL=	caudium14-1.* \
 			apache-*-2.2.* apache22-*
 
 USE_APACHE=	common24
-USES=		tar:bzip2 iconv perl5 libtool cpe
+USES=		autoreconf cpe iconv libtool perl5 tar:bzip2
 USE_PERL5=	run
-USE_AUTOTOOLS=	autoconf
 USE_RC_SUBR=	apache24 htcacheclean
+GNU_CONFIGURE=	yes
 
 CPE_VENDOR=	apache
 CPE_PRODUCT=	http_server
diff --git a/www/apache24/distinfo b/www/apache24/distinfo
index d34c15e93309..80bf11070bdc 100644
--- a/www/apache24/distinfo
+++ b/www/apache24/distinfo
@@ -1,2 +1,2 @@
-SHA256 (apache24/httpd-2.4.12.tar.bz2) = ad6d39edfe4621d8cc9a2791f6f8d6876943a9da41ac8533d77407a2e630eae4
-SIZE (apache24/httpd-2.4.12.tar.bz2) = 5054838
+SHA256 (apache24/httpd-2.4.16.tar.bz2) = ac660b47aaa7887779a6430404dcb40c0b04f90ea69e7bd49a40552e9ff13743
+SIZE (apache24/httpd-2.4.16.tar.bz2) = 5101005
diff --git a/www/apache24/files/patch-Makefile.in b/www/apache24/files/patch-Makefile.in
index 3f275064fb9b..7dcfab1dab67 100644
--- a/www/apache24/files/patch-Makefile.in
+++ b/www/apache24/files/patch-Makefile.in
@@ -1,4 +1,4 @@
---- Makefile.in.orig	2012-12-17 11:50:41 UTC
+--- Makefile.in.orig	2015-04-15 18:06:04 UTC
 +++ Makefile.in
 @@ -32,12 +32,9 @@ include $(top_srcdir)/build/program.mk
  install-conf:
@@ -14,45 +14,7 @@
  	done; \
  	for j in $(top_srcdir)/docs/conf $(top_builddir)/docs/conf ; do \
  	    cd $$j ; \
-@@ -58,6 +55,16 @@ install-conf:
- 	    				-e 's#@@SSLPort@@#$(SSLPORT)#g' \
- 	    				-e 'p' \
- 	    				< $$i; \
-+	    			if echo " $(DSO_MODULES) "|$(EGREP) " cgi " > /dev/null ; then \
-+	    				have_cgi="1"; \
-+	    			else \
-+	    				have_cgi="0"; \
-+	    			fi; \
-+	    			if echo " $(DSO_MODULES) "|$(EGREP) " cgid " > /dev/null ; then \
-+	    				have_cgid="1"; \
-+	    			else \
-+	    				have_cgid="0"; \
-+	    			fi; \
- 	    			for j in $(DSO_MODULES) "^EOL^"; do \
- 	    				if test $$j != "^EOL^"; then \
- 	    					if echo ",$(ENABLED_DSO_MODULES),"|$(EGREP) ",$$j," > /dev/null ; then \
-@@ -68,8 +75,18 @@ install-conf:
- 	    					if test "$(LOAD_ALL_MODULES)" = "yes"; then \
- 	    						loading_disabled=""; \
- 	    					fi; \
--    						echo "$${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
--	    				fi; \
-+							if test $$j = "cgid" -a "$$have_cgi" = "1"; then \
-+								echo "<IfModule !mpm_prefork_module>"; \
-+								echo "	$${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
-+								echo "</IfModule>"; \
-+							elif test $$j = "cgi" -a "$$have_cgid" = "1"; then \
-+								echo "<IfModule mpm_prefork_module>"; \
-+								echo "	$${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
-+								echo "</IfModule>"; \
-+							else \
-+								echo "$${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
-+							fi; \
-+						fi; \
- 	    			done; \
- 	    			sed -e '1,/@@LoadModule@@/d' \
- 	    				-e '/@@LoadModule@@/d' \
-@@ -78,15 +95,12 @@ install-conf:
+@@ -98,15 +95,12 @@ install-conf:
  	    				-e 's#@@SSLPort@@#$(SSLPORT)#g' \
  	    				< $$i; \
  	    		fi \
@@ -70,7 +32,7 @@
  	    	fi; \
  	    done ; \
  	done ; \
-@@ -137,48 +151,25 @@ dox:
+@@ -157,48 +151,25 @@ dox:
  	doxygen $(top_srcdir)/docs/doxygen.conf
  
  install-htdocs:
@@ -128,7 +90,7 @@
  
  install-other:
  	@test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir)
-@@ -231,12 +222,7 @@ install-man:
+@@ -251,12 +222,7 @@ install-man:
  	@test -d $(DESTDIR)$(manualdir)   || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir)
  	@cp -p $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1
  	@cp -p $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8
diff --git a/www/apache24/files/patch-acinclude.m4 b/www/apache24/files/patch-acinclude.m4
deleted file mode 100644
index 676c8fefeb8e..000000000000
--- a/www/apache24/files/patch-acinclude.m4
+++ /dev/null
@@ -1,24 +0,0 @@
---- acinclude.m4.orig	2014-01-05 08:37:21 UTC
-+++ acinclude.m4
-@@ -267,9 +267,10 @@ DISTCLEAN_TARGETS = modules.mk
- static =
- shared = $libname
- EOF
-+            dnl https://issues.apache.org/bugzilla/show_bug.cgi?id=53882
-+            DSO_MODULES="$DSO_MODULES mpm_$1"
-             # add default MPM to LoadModule list
-             if test $1 = $default_mpm; then
--                DSO_MODULES="$DSO_MODULES mpm_$1"
-                 ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mpm_$1"
-             fi
-         fi
-@@ -576,7 +577,8 @@ AC_DEFUN(APACHE_CHECK_OPENSSL,[
-       liberrors=""
-       AC_CHECK_HEADERS([openssl/engine.h])
-       AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"])
--      AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines])
-+      dnl PR 196139, https://issues.apache.org/bugzilla/show_bug.cgi?id=57375
-+      AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines SSL_CTX_use_certificate_chain RAND_egd])
-       if test "x$liberrors" != "x"; then
-         AC_MSG_WARN([OpenSSL libraries are unusable])
-       fi
diff --git a/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in b/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in
index f8804d61eada..a74e8e10edc9 100644
--- a/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in
+++ b/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in
@@ -1,37 +1,6 @@
---- docs/conf/extra/httpd-ssl.conf.in.orig	2015-01-31 12:20:34 UTC
-+++ docs/conf/extra/httpd-ssl.conf.in
-@@ -42,11 +42,30 @@ Listen @@SSLPort@@
- ##  the main server and all SSL-enabled virtual hosts.
- ##
- 
-+## disable unsecure SSL protocols
-+SSLProtocol ALL -SSLv2 -SSLv3
-+
- #   SSL Cipher Suite:
- #   List the ciphers that the client is permitted to negotiate.
- #   See the mod_ssl documentation for a complete list.
- SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
- 
-+## The following entries can be used as suggestions,
-+##  for more information see:
-+##  - http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite
-+##  - http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
-+##
-+## To test your SSL implementation use for example security/sslscan or for public reachable systems https://www.ssllabs.com/
-+
-+## sample for OpenSSL >= 1.0.x (with RC4)
-+# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
-+
-+## sample for OpenSSL >= 1.0.x (keep support for IE8 on XP)
-+# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4"
-+
-+## sample for OpenSSL >= 1.0.x (no RC4 support)
-+# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
-+
- #   Speed-optimized SSL Cipher configuration:
- #   If speed is your main concern (on busy HTTPS servers e.g.),
- #   you might want to force clients to specific, performance
-@@ -105,8 +124,8 @@ SSLSessionCacheTimeout  300
+--- docs/conf/extra/httpd-ssl.conf.in.orig	2015-05-27 13:59:59.000000000 -0500
++++ docs/conf/extra/httpd-ssl.conf.in	2015-07-15 09:50:31.369623000 -0500
+@@ -124,8 +124,8 @@
  DocumentRoot "@exp_htdocsdir@"
  ServerName www.example.com:@@SSLPort@@
  ServerAdmin you@example.com
@@ -42,7 +11,7 @@
  
  #   SSL Engine Switch:
  #   Enable/Disable SSL for this virtual host.
-@@ -265,7 +284,7 @@ BrowserMatch "MSIE [2-5]" \
+@@ -284,7 +284,7 @@
  #   Per-Server Logging:
  #   The home of a custom SSL log file. Use this when you want a
  #   compact non-error SSL logfile on a virtual host basis.
diff --git a/www/apache24/files/patch-include__ap_config_auto.h.in b/www/apache24/files/patch-include__ap_config_auto.h.in
deleted file mode 100644
index 3d4b123f510c..000000000000
--- a/www/apache24/files/patch-include__ap_config_auto.h.in
+++ /dev/null
@@ -1,26 +0,0 @@
-# libressl support
-# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139
-# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375
-
---- include/ap_config_auto.h.in.orig	2015-01-15 19:59:13 UTC
-+++ include/ap_config_auto.h.in
-@@ -130,6 +130,9 @@
- /* Define to 1 if you have the <pwd.h> header file. */
- #undef HAVE_PWD_H
- 
-+/* Define to 1 if you have the `RAND_egd' function. */
-+#undef HAVE_RAND_EGD
-+
- /* Define to 1 if you have the `setsid' function. */
- #undef HAVE_SETSID
- 
-@@ -139,6 +142,9 @@
- /* Define to 1 if you have the `SSL_CTX_new' function. */
- #undef HAVE_SSL_CTX_NEW
- 
-+/* Define to 1 if you have the `SSL_CTX_use_certificate_chain' function. */
-+#undef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
-+
- /* Define to 1 if you have the <stdint.h> header file. */
- #undef HAVE_STDINT_H
- 
diff --git a/www/apache24/files/patch-modules__ssl__ssl_engine_init.c b/www/apache24/files/patch-modules__ssl__ssl_engine_init.c
deleted file mode 100644
index a82cbdc6df5a..000000000000
--- a/www/apache24/files/patch-modules__ssl__ssl_engine_init.c
+++ /dev/null
@@ -1,31 +0,0 @@
-# libressl support
-# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139
-# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375
-
---- modules/ssl/ssl_engine_init.c.orig	2015-01-15 12:20:33 UTC
-+++ modules/ssl/ssl_engine_init.c
-@@ -353,9 +353,11 @@ apr_status_t ssl_init_Engine(server_rec 
-             return ssl_die(s);
-         }
- 
-+#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK
-         if (strEQ(mc->szCryptoDevice, "chil")) {
-             ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
-         }
-+#endif
- 
-         if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
-             ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01889)
-@@ -838,7 +840,11 @@ static apr_status_t ssl_init_ctx_cert_ch
-         }
-     }
- 
--    n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
-+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
-+          n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
-+#else
-+          n = _SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
-+#endif
-                                       (char *)chain,
-                                       skip_first, NULL);
-     if (n < 0) {
diff --git a/www/apache24/files/patch-modules__ssl__ssl_engine_rand.c b/www/apache24/files/patch-modules__ssl__ssl_engine_rand.c
deleted file mode 100644
index e6b98e42b6a9..000000000000
--- a/www/apache24/files/patch-modules__ssl__ssl_engine_rand.c
+++ /dev/null
@@ -1,22 +0,0 @@
-# libressl support
-# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139
-# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375
-
---- modules/ssl/ssl_engine_rand.c.orig	2011-12-05 00:08:01 UTC
-+++ modules/ssl/ssl_engine_rand.c
-@@ -81,6 +81,7 @@ int ssl_rand_seed(server_rec *s, apr_poo
-                 nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
-                 ssl_util_ppclose(s, p, fp);
-             }
-+#ifdef HAVE_RAND_EGD
-             else if (pRandSeed->nSrc == SSL_RSSRC_EGD) {
-                 /*
-                  * seed in contents provided by the external
-@@ -90,6 +91,7 @@ int ssl_rand_seed(server_rec *s, apr_poo
-                     continue;
-                 nDone += n;
-             }
-+#endif
-             else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) {
-                 struct {
-                     time_t t;