diff options
| author | Bernard Spil <brnrd@FreeBSD.org> | 2017-10-23 18:49:27 +0000 |
|---|---|---|
| committer | Bernard Spil <brnrd@FreeBSD.org> | 2017-10-23 18:49:27 +0000 |
| commit | b1926a29fefea4c83e86e9d6d96ba8ffe7f6b7ae (patch) | |
| tree | 106f0d0f0867a98a53f82264c3fff7c85e1a98d2 /www/apache24 | |
| parent | 6e8e62796ab6240551669c47257065945a52a5e0 (diff) | |
Notes
Diffstat (limited to 'www/apache24')
| -rw-r--r-- | www/apache24/Makefile | 3 | ||||
| -rw-r--r-- | www/apache24/Makefile.modules | 2 | ||||
| -rw-r--r-- | www/apache24/Makefile.options.desc | 2 | ||||
| -rw-r--r-- | www/apache24/distinfo | 6 | ||||
| -rw-r--r-- | www/apache24/files/patch-CVE-2017-9798 | 15 | ||||
| -rw-r--r-- | www/apache24/files/patch-configure.in | 8 | ||||
| -rw-r--r-- | www/apache24/files/patch-modules_ssl_mod__ssl.c | 34 | ||||
| -rw-r--r-- | www/apache24/files/patch-modules_ssl_ssl__engine__init.c | 47 | ||||
| -rw-r--r-- | www/apache24/files/patch-modules_ssl_ssl__engine__io.c | 38 | ||||
| -rw-r--r-- | www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c | 11 | ||||
| -rw-r--r-- | www/apache24/files/patch-modules_ssl_ssl__engine__vars.c | 11 | ||||
| -rw-r--r-- | www/apache24/files/patch-modules_ssl_ssl__private.h | 55 | ||||
| -rw-r--r-- | www/apache24/files/patch-modules_ssl_ssl__util.c | 11 | ||||
| -rw-r--r-- | www/apache24/files/patch-modules_ssl_ssl__util__ssl.h | 11 | ||||
| -rw-r--r-- | www/apache24/files/patch-modules_ssl_ssl__util__stapling.c | 2 |
15 files changed, 7 insertions, 249 deletions
diff --git a/www/apache24/Makefile b/www/apache24/Makefile index 557d8028bf89..581f5256f2ee 100644 --- a/www/apache24/Makefile +++ b/www/apache24/Makefile @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= apache24 -PORTVERSION= 2.4.27 -PORTREVISION= 1 +PORTVERSION= 2.4.29 CATEGORIES= www ipv6 MASTER_SITES= APACHE_HTTPD DISTNAME= httpd-${PORTVERSION} diff --git a/www/apache24/Makefile.modules b/www/apache24/Makefile.modules index a64e67a0d7ec..c2986cc523fc 100644 --- a/www/apache24/Makefile.modules +++ b/www/apache24/Makefile.modules @@ -87,7 +87,7 @@ CONFIGURE_ARGS+= --without-libxml2 .endif .if ${PORT_OPTIONS:MPROXY_HTTP2} && !${PORT_OPTIONS:MPROXY_BALANCER} -IGNORE= PROXY_HTTP2 needs PROXY_BALANCER +IGNORE= PROXY_HTTP2 requires PROXY_BALANCER .endif .endif # _PREMKINCLUDED diff --git a/www/apache24/Makefile.options.desc b/www/apache24/Makefile.options.desc index 8bc7d13942b8..c7bd6f07aa5d 100644 --- a/www/apache24/Makefile.options.desc +++ b/www/apache24/Makefile.options.desc @@ -140,7 +140,7 @@ PROXY_FTP_DESC= FTP support module for mod_proxy PROXY_HCHECK_DESC= Dynamic health check of Balancer members (workers) for mod_proxy PROXY_HTML_DESC= Fix HTML Links in a Reverse Proxy PROXY_HTTP_DESC= HTTP support module for mod_proxy -PROXY_HTTP2_DESC= Experimental http2 proxy module for h2 and h2c +PROXY_HTTP2_DESC= HTTP/2 support module for h2 and h2c PROXY_SCGI_DESC= SCGI gateway module for mod_proxy PROXY_WSTUNNEL_DESC= Websockets Tunnel module for mod_proxy diff --git a/www/apache24/distinfo b/www/apache24/distinfo index aeede2fc479d..4c939fdb50a8 100644 --- a/www/apache24/distinfo +++ b/www/apache24/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1499686775 -SHA256 (apache24/httpd-2.4.27.tar.bz2) = 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a -SIZE (apache24/httpd-2.4.27.tar.bz2) = 6527394 +TIMESTAMP = 1508321657 +SHA256 (apache24/httpd-2.4.29.tar.bz2) = 777753a5a25568a2a27428b2214980564bc1c38c1abf9ccc7630b639991f7f00 +SIZE (apache24/httpd-2.4.29.tar.bz2) = 6567926 diff --git a/www/apache24/files/patch-CVE-2017-9798 b/www/apache24/files/patch-CVE-2017-9798 deleted file mode 100644 index 260012f7277f..000000000000 --- a/www/apache24/files/patch-CVE-2017-9798 +++ /dev/null @@ -1,15 +0,0 @@ ---- server/core.c 2017/08/16 16:50:29 1805223 -+++ server/core.c 2017/09/08 13:13:11 1807754 -@@ -2266,6 +2266,12 @@ - /* method has not been registered yet, but resource restriction - * is always checked before method handling, so register it. - */ -+ if (cmd->pool == cmd->temp_pool) { -+ /* In .htaccess, we can't globally register new methods. */ -+ return apr_psprintf(cmd->pool, "Could not register method '%s' " -+ "for %s from .htaccess configuration", -+ method, cmd->cmd->name); -+ } - methnum = ap_method_register(cmd->pool, - apr_pstrdup(cmd->pool, method)); - } diff --git a/www/apache24/files/patch-configure.in b/www/apache24/files/patch-configure.in index b1728b22ab28..c4ae71082ad9 100644 --- a/www/apache24/files/patch-configure.in +++ b/www/apache24/files/patch-configure.in @@ -18,14 +18,6 @@ [--enable-layout=*|\'--enable-layout=*]) dnl We must be the last to build and the first to be cleaned AP_BUILD_SRCLIB_DIRS="$AP_BUILD_SRCLIB_DIRS apr-util" -@@ -597,7 +597,6 @@ AC_ARG_ENABLE(maintainer-mode,APACHE_HEL - if test "$GCC" = "yes"; then - APR_ADDTO(CFLAGS,[-Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wpointer-arith]) - APACHE_ADD_GCC_CFLAG([-std=c89]) -- APACHE_ADD_GCC_CFLAG([-Werror]) - APACHE_ADD_GCC_CFLAG([-Wdeclaration-after-statement]) - APACHE_ADD_GCC_CFLAG([-Wformat]) - APACHE_ADD_GCC_CFLAG([-Wformat-security]) @@ -838,8 +837,14 @@ AC_DEFINE_UNQUOTED(HTTPD_ROOT, "${ap_pre [Root directory of the Apache install area]) AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf", diff --git a/www/apache24/files/patch-modules_ssl_mod__ssl.c b/www/apache24/files/patch-modules_ssl_mod__ssl.c deleted file mode 100644 index af34e0a1a0e9..000000000000 --- a/www/apache24/files/patch-modules_ssl_mod__ssl.c +++ /dev/null @@ -1,34 +0,0 @@ ---- modules/ssl/mod_ssl.c.orig 2017-04-03 11:39:20 UTC -+++ modules/ssl/mod_ssl.c -@@ -337,12 +337,12 @@ static apr_status_t ssl_cleanup_pre_conf - #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES - ENGINE_cleanup(); - #endif --#if OPENSSL_VERSION_NUMBER >= 0x1000200fL -+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_COMP) - SSL_COMP_free_compression_methods(); - #endif - - /* Usually needed per thread, but this parent process is single-threaded */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #if OPENSSL_VERSION_NUMBER >= 0x1000000fL - ERR_remove_thread_state(NULL); - #else -@@ -383,14 +383,14 @@ static int ssl_hook_pre_config(apr_pool_ - /* Some OpenSSL internals are allocated per-thread, make sure they - * are associated to the/our same thread-id until cleaned up. - */ --#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L -+#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - ssl_util_thread_id_setup(pconf); - #endif - - /* We must register the library in full, to ensure our configuration - * code can successfully test the SSL environment. - */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - CRYPTO_malloc_init(); - #else - OPENSSL_malloc_init(); diff --git a/www/apache24/files/patch-modules_ssl_ssl__engine__init.c b/www/apache24/files/patch-modules_ssl_ssl__engine__init.c deleted file mode 100644 index 31c7f94d6a79..000000000000 --- a/www/apache24/files/patch-modules_ssl_ssl__engine__init.c +++ /dev/null @@ -1,47 +0,0 @@ ---- modules/ssl/ssl_engine_init.c.orig 2017-04-03 11:39:20 UTC -+++ modules/ssl/ssl_engine_init.c -@@ -47,7 +47,7 @@ APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, - #define KEYTYPES "RSA or DSA" - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - /* OpenSSL Pre-1.1.0 compatibility */ - /* Taken from OpenSSL 1.1.0 snapshot 20160410 */ - static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) -@@ -257,7 +257,7 @@ apr_status_t ssl_init_Module(apr_pool_t - #endif - } - --#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L -+#if APR_HAS_THREADS && ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ) - ssl_util_thread_setup(p); - #endif - -@@ -380,7 +380,7 @@ apr_status_t ssl_init_Module(apr_pool_t - modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */ - - init_dh_params(); --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - init_bio_methods(); - #endif - -@@ -1301,7 +1301,7 @@ static apr_status_t ssl_init_server_cert - * or configure NIST P-256 (required to enable ECDHE for earlier versions) - * ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList - */ --#if (OPENSSL_VERSION_NUMBER < 0x10100000L) -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) - else { - #if defined(SSL_CTX_set_ecdh_auto) - SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1); -@@ -2011,7 +2011,7 @@ apr_status_t ssl_init_ModuleKill(void *d - - } - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - free_bio_methods(); - #endif - free_dh_params(); diff --git a/www/apache24/files/patch-modules_ssl_ssl__engine__io.c b/www/apache24/files/patch-modules_ssl_ssl__engine__io.c deleted file mode 100644 index 85787aeb5498..000000000000 --- a/www/apache24/files/patch-modules_ssl_ssl__engine__io.c +++ /dev/null @@ -1,38 +0,0 @@ ---- modules/ssl/ssl_engine_io.c.orig 2017-05-30 12:26:05 UTC -+++ modules/ssl/ssl_engine_io.c -@@ -164,7 +164,7 @@ static int bio_filter_create(BIO *bio) - { - BIO_set_shutdown(bio, 1); - BIO_set_init(bio, 1); --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - /* No setter method for OpenSSL 1.1.0 available, - * but I can't find any functional use of the - * "num" field there either. -@@ -549,7 +549,7 @@ static long bio_filter_in_ctrl(BIO *bio, - return -1; - } - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - - static BIO_METHOD bio_filter_out_method = { - BIO_TYPE_MEM, -@@ -2024,7 +2024,7 @@ static void ssl_io_input_add_filter(ssl_ - - filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, r, c); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - filter_ctx->pbioRead = BIO_new(&bio_filter_in_method); - #else - filter_ctx->pbioRead = BIO_new(bio_filter_in_method); -@@ -2059,7 +2059,7 @@ void ssl_io_filter_init(conn_rec *c, req - filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter, - filter_ctx, r, c); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method); - #else - filter_ctx->pbioWrite = BIO_new(bio_filter_out_method); diff --git a/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c b/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c deleted file mode 100644 index 4c5f19034716..000000000000 --- a/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c +++ /dev/null @@ -1,11 +0,0 @@ ---- modules/ssl/ssl_engine_kernel.c.orig 2017-05-02 11:01:17 UTC -+++ modules/ssl/ssl_engine_kernel.c -@@ -1733,7 +1733,7 @@ static void modssl_proxy_info_log(conn_r - * so we need to increment here to prevent them from - * being freed. - */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #define modssl_set_cert_info(info, cert, pkey) \ - *cert = info->x509; \ - CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \ diff --git a/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c b/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c deleted file mode 100644 index 80ffba08b41c..000000000000 --- a/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c +++ /dev/null @@ -1,11 +0,0 @@ ---- modules/ssl/ssl_engine_vars.c.orig 2017-03-20 12:01:16 UTC -+++ modules/ssl/ssl_engine_vars.c -@@ -529,7 +529,7 @@ static char *ssl_var_lookup_ssl_cert(apr - resdup = FALSE; - } - else if (strcEQ(var, "A_SIG")) { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->signature->algorithm)); - #else - const ASN1_OBJECT *paobj; diff --git a/www/apache24/files/patch-modules_ssl_ssl__private.h b/www/apache24/files/patch-modules_ssl_ssl__private.h deleted file mode 100644 index 0c5a204e7c0b..000000000000 --- a/www/apache24/files/patch-modules_ssl_ssl__private.h +++ /dev/null @@ -1,55 +0,0 @@ ---- modules/ssl/ssl_private.h.orig 2017-04-03 11:39:20 UTC -+++ modules/ssl/ssl_private.h -@@ -123,6 +123,16 @@ - #define MODSSL_SSL_METHOD_CONST - #endif - -+#if defined(LIBRESSL_VERSION_NUMBER) -+/* Missing from LibreSSL */ -+#define SSL_CTRL_SET_MIN_PROTO_VERSION 123 -+#define SSL_CTRL_SET_MAX_PROTO_VERSION 124 -+#define SSL_CTX_set_min_proto_version(ctx, version) \ -+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) -+#define SSL_CTX_set_max_proto_version(ctx, version) \ -+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) -+#endif -+ - #if defined(OPENSSL_FIPS) - #define HAVE_FIPS - #endif -@@ -136,7 +146,7 @@ - #endif - - /* session id constness */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #define IDCONST - #else - #define IDCONST const -@@ -199,7 +209,7 @@ - - #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */ - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #define BN_get_rfc2409_prime_768 get_rfc2409_prime_768 - #define BN_get_rfc2409_prime_1024 get_rfc2409_prime_1024 - #define BN_get_rfc3526_prime_1536 get_rfc3526_prime_1536 -@@ -219,7 +229,7 @@ void init_bio_methods(void); - void free_bio_methods(void); - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10002000L -+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) - #define X509_STORE_CTX_get0_store(x) (x->ctx) - #endif - -@@ -934,7 +944,7 @@ char *ssl_util_readfilter(server_ - const char * const *); - BOOL ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *); - #if APR_HAS_THREADS --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - void ssl_util_thread_setup(apr_pool_t *); - #endif - void ssl_util_thread_id_setup(apr_pool_t *); diff --git a/www/apache24/files/patch-modules_ssl_ssl__util.c b/www/apache24/files/patch-modules_ssl_ssl__util.c deleted file mode 100644 index 2ea1864dd9bc..000000000000 --- a/www/apache24/files/patch-modules_ssl_ssl__util.c +++ /dev/null @@ -1,11 +0,0 @@ ---- modules/ssl/ssl_util.c.orig 2017-03-24 13:31:03 UTC -+++ modules/ssl/ssl_util.c -@@ -247,7 +247,7 @@ void ssl_asn1_table_unset(apr_hash_t *ta - } - - #if APR_HAS_THREADS --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - /* - * To ensure thread-safetyness in OpenSSL - work in progress - */ diff --git a/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h b/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h deleted file mode 100644 index 063492479e51..000000000000 --- a/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h +++ /dev/null @@ -1,11 +0,0 @@ ---- modules/ssl/ssl_util_ssl.h.orig 2017-03-20 12:01:16 UTC -+++ modules/ssl/ssl_util_ssl.h -@@ -41,7 +41,7 @@ - #define MODSSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER - #define MODSSL_LIBRARY_NAME "OpenSSL" - #define MODSSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #define MODSSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION) - #else - #define MODSSL_LIBRARY_DYNTEXT OpenSSL_version(OPENSSL_VERSION) diff --git a/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c b/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c index c2025a9e5e12..5dcf5977ea89 100644 --- a/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c +++ b/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c @@ -5,7 +5,7 @@ issuer = sk_X509_value(extra_certs, i); if (X509_check_issued(issuer, x) == X509_V_OK) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER < 0x2050000fL ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2050000fL) CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509); #else X509_up_ref(issuer); |