svn commit: r392171 - in branches/2015Q3/www/apache24: . files
Philip M. Gollucci
pgollucci at FreeBSD.org
Wed Jul 15 17:18:03 UTC 2015
Author: pgollucci
Date: Wed Jul 15 17:18:00 2015
New Revision: 392171
URL: https://svnweb.freebsd.org/changeset/ports/392171
Log:
OBMFH: r392170
www/apache24: fix CVEs, update 2.4.12 -> 2.4.16
- Convet to USES=autoreconf
- Sort USES
- Remove now empty patch files
Security: https://vuxml.freebsd.org/freebsd/a12494c1-2af4-11e5-86ff-14dae9d210b8.html
Differential Revision: https://reviews.freebsd.org/D3101
Submitted by: feld
Reviewed by: pgollucci (myself)
With Hat: apache@
Approved by: ports-secteam (feld)
Deleted:
branches/2015Q3/www/apache24/files/patch-acinclude.m4
branches/2015Q3/www/apache24/files/patch-include__ap_config_auto.h.in
branches/2015Q3/www/apache24/files/patch-modules__ssl__ssl_engine_init.c
branches/2015Q3/www/apache24/files/patch-modules__ssl__ssl_engine_rand.c
Modified:
branches/2015Q3/www/apache24/Makefile
branches/2015Q3/www/apache24/distinfo
branches/2015Q3/www/apache24/files/patch-Makefile.in
branches/2015Q3/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in
Directory Properties:
branches/2015Q3/ (props changed)
Modified: branches/2015Q3/www/apache24/Makefile
==============================================================================
--- branches/2015Q3/www/apache24/Makefile Wed Jul 15 17:16:05 2015 (r392170)
+++ branches/2015Q3/www/apache24/Makefile Wed Jul 15 17:18:00 2015 (r392171)
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= apache24
-PORTVERSION= 2.4.12
+PORTVERSION= 2.4.16
CATEGORIES= www ipv6
MASTER_SITES= APACHE_HTTPD
DISTNAME= httpd-${PORTVERSION}
@@ -18,10 +18,10 @@ CONFLICTS_INSTALL= caudium14-1.* \
apache-*-2.2.* apache22-*
USE_APACHE= common24
-USES= tar:bzip2 iconv perl5 libtool cpe
+USES= autoreconf cpe iconv libtool perl5 tar:bzip2
USE_PERL5= run
-USE_AUTOTOOLS= autoconf
USE_RC_SUBR= apache24 htcacheclean
+GNU_CONFIGURE= yes
CPE_VENDOR= apache
CPE_PRODUCT= http_server
Modified: branches/2015Q3/www/apache24/distinfo
==============================================================================
--- branches/2015Q3/www/apache24/distinfo Wed Jul 15 17:16:05 2015 (r392170)
+++ branches/2015Q3/www/apache24/distinfo Wed Jul 15 17:18:00 2015 (r392171)
@@ -1,2 +1,2 @@
-SHA256 (apache24/httpd-2.4.12.tar.bz2) = ad6d39edfe4621d8cc9a2791f6f8d6876943a9da41ac8533d77407a2e630eae4
-SIZE (apache24/httpd-2.4.12.tar.bz2) = 5054838
+SHA256 (apache24/httpd-2.4.16.tar.bz2) = ac660b47aaa7887779a6430404dcb40c0b04f90ea69e7bd49a40552e9ff13743
+SIZE (apache24/httpd-2.4.16.tar.bz2) = 5101005
Modified: branches/2015Q3/www/apache24/files/patch-Makefile.in
==============================================================================
--- branches/2015Q3/www/apache24/files/patch-Makefile.in Wed Jul 15 17:16:05 2015 (r392170)
+++ branches/2015Q3/www/apache24/files/patch-Makefile.in Wed Jul 15 17:18:00 2015 (r392171)
@@ -1,4 +1,4 @@
---- Makefile.in.orig 2012-12-17 11:50:41 UTC
+--- Makefile.in.orig 2015-04-15 18:06:04 UTC
+++ Makefile.in
@@ -32,12 +32,9 @@ include $(top_srcdir)/build/program.mk
install-conf:
@@ -14,45 +14,7 @@
done; \
for j in $(top_srcdir)/docs/conf $(top_builddir)/docs/conf ; do \
cd $$j ; \
-@@ -58,6 +55,16 @@ install-conf:
- -e 's#@@SSLPort@@#$(SSLPORT)#g' \
- -e 'p' \
- < $$i; \
-+ if echo " $(DSO_MODULES) "|$(EGREP) " cgi " > /dev/null ; then \
-+ have_cgi="1"; \
-+ else \
-+ have_cgi="0"; \
-+ fi; \
-+ if echo " $(DSO_MODULES) "|$(EGREP) " cgid " > /dev/null ; then \
-+ have_cgid="1"; \
-+ else \
-+ have_cgid="0"; \
-+ fi; \
- for j in $(DSO_MODULES) "^EOL^"; do \
- if test $$j != "^EOL^"; then \
- if echo ",$(ENABLED_DSO_MODULES),"|$(EGREP) ",$$j," > /dev/null ; then \
-@@ -68,8 +75,18 @@ install-conf:
- if test "$(LOAD_ALL_MODULES)" = "yes"; then \
- loading_disabled=""; \
- fi; \
-- echo "$${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
-- fi; \
-+ if test $$j = "cgid" -a "$$have_cgi" = "1"; then \
-+ echo "<IfModule !mpm_prefork_module>"; \
-+ echo " $${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
-+ echo "</IfModule>"; \
-+ elif test $$j = "cgi" -a "$$have_cgid" = "1"; then \
-+ echo "<IfModule mpm_prefork_module>"; \
-+ echo " $${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
-+ echo "</IfModule>"; \
-+ else \
-+ echo "$${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \
-+ fi; \
-+ fi; \
- done; \
- sed -e '1,/@@LoadModule@@/d' \
- -e '/@@LoadModule@@/d' \
-@@ -78,15 +95,12 @@ install-conf:
+@@ -98,15 +95,12 @@ install-conf:
-e 's#@@SSLPort@@#$(SSLPORT)#g' \
< $$i; \
fi \
@@ -70,7 +32,7 @@
fi; \
done ; \
done ; \
-@@ -137,48 +151,25 @@ dox:
+@@ -157,48 +151,25 @@ dox:
doxygen $(top_srcdir)/docs/doxygen.conf
install-htdocs:
@@ -128,7 +90,7 @@
install-other:
@test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir)
-@@ -231,12 +222,7 @@ install-man:
+@@ -251,12 +222,7 @@ install-man:
@test -d $(DESTDIR)$(manualdir) || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir)
@cp -p $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1
@cp -p $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8
Modified: branches/2015Q3/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in
==============================================================================
--- branches/2015Q3/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in Wed Jul 15 17:16:05 2015 (r392170)
+++ branches/2015Q3/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in Wed Jul 15 17:18:00 2015 (r392171)
@@ -1,37 +1,6 @@
---- docs/conf/extra/httpd-ssl.conf.in.orig 2015-01-31 12:20:34 UTC
-+++ docs/conf/extra/httpd-ssl.conf.in
-@@ -42,11 +42,30 @@ Listen @@SSLPort@@
- ## the main server and all SSL-enabled virtual hosts.
- ##
-
-+## disable unsecure SSL protocols
-+SSLProtocol ALL -SSLv2 -SSLv3
-+
- # SSL Cipher Suite:
- # List the ciphers that the client is permitted to negotiate.
- # See the mod_ssl documentation for a complete list.
- SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
-
-+## The following entries can be used as suggestions,
-+## for more information see:
-+## - http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite
-+## - http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
-+##
-+## To test your SSL implementation use for example security/sslscan or for public reachable systems https://www.ssllabs.com/
-+
-+## sample for OpenSSL >= 1.0.x (with RC4)
-+# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
-+
-+## sample for OpenSSL >= 1.0.x (keep support for IE8 on XP)
-+# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4"
-+
-+## sample for OpenSSL >= 1.0.x (no RC4 support)
-+# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
-+
- # Speed-optimized SSL Cipher configuration:
- # If speed is your main concern (on busy HTTPS servers e.g.),
- # you might want to force clients to specific, performance
-@@ -105,8 +124,8 @@ SSLSessionCacheTimeout 300
+--- docs/conf/extra/httpd-ssl.conf.in.orig 2015-05-27 13:59:59.000000000 -0500
++++ docs/conf/extra/httpd-ssl.conf.in 2015-07-15 09:50:31.369623000 -0500
+@@ -124,8 +124,8 @@
DocumentRoot "@exp_htdocsdir@"
ServerName www.example.com:@@SSLPort@@
ServerAdmin you at example.com
@@ -42,7 +11,7 @@
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
-@@ -265,7 +284,7 @@ BrowserMatch "MSIE [2-5]" \
+@@ -284,7 +284,7 @@
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
More information about the svn-ports-all
mailing list