Apache HTTP Server 2.4.33 Released, with libressl compatibility?

Mon Mar 26 16:43:09 UTC 2018

Port is up-to-date, thanks!

Anyone know if a libressl patch is in the works, or have a patch to not
build ab?

  > ...
  > --- ab ---
  > /usr/local/share/apr/build-1/libtool --silent --mode=link cc    -O2 -pipe 
-I/usr/local/include -DLIBICONV_PLUG
  > -fstack-protector -fno-strict-aliasing     -L/usr/local/lib/db5 -L/usr/lib 
-L/usr/local/lib -Wl,-rpath,/usr/local/lib
  > -fstack-protector -o ab  ab.lo      -L/usr/local/lib -R/usr/local/lib 
-laprutil-1 -ldb-5.3 -lexpat -L/usr/local/lib
  > -R/usr/local/lib -lapr-1 -lcrypt -lpthread -lm -L/usr/local/lib -lssl 
-lcrypto -lcrypt -lpthread
  > ab.o: In function `main':
  > ab.c:(.text+0x442): undefined reference to `TLS_client_method'
  > ab.c:(.text+0xbe6): undefined reference to `SSL_CTX_set_max_proto_version'
  > ab.c:(.text+0xbf6): undefined reference to `SSL_CTX_set_min_proto_version'
  > cc: error: linker command failed with exit code 1 (use -v to see invocation)
  > *** [ab] Error code 1
  >
  > make[4]: stopped in /usr/ports/www/apache24/work/httpd-2.4.33/support
  > 1 error

Roger

>                Apache HTTP Server 2.4.33 Released
>
>   March 26, 2018
>
>   The Apache Software Foundation and the Apache HTTP Server Project
>   are pleased to announce the release of version 2.4.33 of the Apache
>   HTTP Server ("Apache").  This version of Apache is our latest GA
>   release of the new generation 2.4.x branch of Apache HTTPD and
>   represents fifteen years of innovation by the project, and is
>   recommended over all previous releases. This release of Apache is
>   a security release.
>
>   We consider this release to be the best version of Apache available, and
>   encourage users of all prior versions to upgrade.
>
>   Apache HTTP Server 2.4.33 is available for download from:
>
>     http://httpd.apache.org/download.cgi
>
>   Apache 2.4 offers numerous enhancements, improvements, and performance
>   boosts over the 2.2 codebase.  For an overview of new features
>   introduced since 2.4 please see:
>
>     http://httpd.apache.org/docs/trunk/new_features_2_4.html
>
>   Please see the CHANGES_2.4 file, linked from the download page, for a
>   full list of changes. A condensed list, CHANGES_2.4.33 includes only
>   those changes introduced since the prior 2.4 release.  A summary of all
>   of the security vulnerabilities addressed in this and earlier releases
>   is available:
>
>     http://httpd.apache.org/security/vulnerabilities_24.html
>
>   This release requires the Apache Portable Runtime (APR), minimum
>   version 1.5.x, and APR-Util, minimum version 1.5.x. Some features may
>   require the 1.6.x version of both APR and APR-Util. The APR libraries
>   must be upgraded for all features of httpd to operate correctly.
>
>   This release builds on and extends the Apache 2.2 API.  Modules written
>   for Apache 2.2 will need to be recompiled in order to run with Apache
>   2.4, and require minimal or no source code changes.
>
>     http://svn.apache.org/repos/asf/httpd/httpd/trunk/VERSIONING
>
>   When upgrading or installing this version of Apache, please bear in mind
>   that if you intend to use Apache with one of the threaded MPMs (other
>   than the Prefork MPM), you must ensure that any modules you will be
>   using (and the libraries they depend on) are thread-safe.
>
>   Please note the 2.2.x branch has now passed the end of life at the Apache
>   HTTP Server project and no further activity will occur including security
>   patches.  Users must promptly complete their transitions to this 2.4.x
>   release of httpd to benefit from further bug fixes or new features.
>