- update to version 2.2.24

- move mpm itk patches to itk-mpm/files dir
- add sshd to REQUIRE line in the rc script to prevent boot
  issues in case a SSL cert is password protected [1]

Changes with Apache 2.2.24
 SECURITY: CVE-2012-3499 (cve.mitre.org) Various XSS flaws due to
 unescaped hostnames and URIs HTML output in mod_info, mod_status,
 mod_imagemap, mod_ldap, and mod_proxy_ftp.  [Jim Jagielski, Stefan
 Fritsch, Niels Heinen <heinenn google com>]

 SECURITY: CVE-2012-4558 (cve.mitre.org)
 XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
 Niels Heinen <heinenn google com>]

 mod_rewrite: Stop merging RewriteBase down to subdirectories
 unless new option 'RewriteOptions MergeBase' is configured.
 Merging RewriteBase was unconditionally turned on in 2.2.23.
 PR 53963. [Eric Covener]

 mod_ssl: Send the error message for speaking http to an https port using
 HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
 using SNI. PR 50823. [Stefan Fritsch]

 mod_ssl: log revoked certificates at level INFO
 instead of DEBUG. PR 52162. [Stefan Fritsch]

 mod_proxy_ajp: Support unknown HTTP methods. PR 54416.
 [Rainer Jung]

 mod_dir: Add support for the value 'disabled' in FallbackResource.
 [Vincent Deffontaines]

 mod_ldap: Fix regression in handling "server unavailable" errors on
 Windows.  PR 54140.  [Eric Covener]

 mod_ssl: fix a regression with the string rendering of the "UID" RDN
 introduced in 2.2.15. PR 54510. [Kaspar Brand]

 ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
 to more accurately report the negotiated protocol. PR 53916.
 [Nicolás Pernas Maradei <nico emutex com>, Kaspar Brand]

 mod_cache: Explicitly allow cache implementations to cache a 206 Partial
 Response if they so choose to do so. Previously an attempt to cache a 206
 was arbitrarily allowed if the response contained an Expires or
 Cache-Control header, and arbitrarily denied if both headers were missing
 Currently the disk and memory cache providers do not cache 206 Partial
 Responses. [Graham Leggett]

 core: Remove unintentional APR 1.3 dependency introduced with
 Apache 2.2.22. [Eric Covener]

 core: Use a TLS 1.0 close_notify alert for internal dummy connection if
 the chosen listener is configured for https. [Joe Orton]

 mod_ssl: Add new directive SSLCompression to disable TLS-level
   compression. PR 53219.

[1] requested by Andrew Filonov
    (freebsd-apache/2012-September/002962.html)

with head apache@

8 files changed, 30 insertions, 23 deletions

diff --git a/www/apache22-itk-mpm/Makefile b/www/apache22-itk-mpm/Makefile
index bc35985f8dcd..66826b3726c6 100644
--- a/www/apache22-itk-mpm/Makefile
+++ b/www/apache22-itk-mpm/Makefile
@@ -1,5 +1,5 @@
 # $FreeBSD$
-#
+
 # To build this port with the additional mpm-itk-perdir-regex
 # patch use -DWITH_ITK_PERDIR_REGEX
 #
@@ -8,7 +8,7 @@
 #
 # Note:
 # It's not possible to use both patches together
-#´
+#
 # For a quick description take a look into the mpm-itk* patches
 # in the apache22/files directory
 
@@ -21,4 +21,20 @@ WITH_MPM=		itk
 LATEST_LINK=		apache22-${WITH_MPM}-mpm
 DESCR=			${.CURDIR}/pkg-descr
 
+MPM_ITK_VERSION?=	20110321-01
+
+EXTRA_PATCHES+=		${.CURDIR}/files/mpm-itk-${MPM_ITK_VERSION}
+
+.if defined (WITH_ITK_PERDIR_REGEX) && defined (WITH_ITK_LIMITS)
+IGNORE=	use only one patch option not both (WITH_ITK_PERDIR_REGEX or WITH_ITK_LIMITS)
+.endif
+
+.if defined (WITH_ITK_PERDIR_REGEX)
+EXTRA_PATCHES+=		${.CURDIR}/files/mpm-itk-perdir-regex
+.endif
+
+.if defined (WITH_ITK_LIMITS)
+EXTRA_PATCHES+=		${.CURDIR}/files/mpm-itk-limits
+.endif
+
 .include "${MASTERDIR}/Makefile"
diff --git a/www/apache22/files/mpm-itk-20110321-01 b/www/apache22-itk-mpm/files/mpm-itk-20110321-01
index 45f79a492eda..45f79a492eda 100644
--- a/www/apache22/files/mpm-itk-20110321-01
+++ b/www/apache22-itk-mpm/files/mpm-itk-20110321-01
diff --git a/www/apache22/files/mpm-itk-limits b/www/apache22-itk-mpm/files/mpm-itk-limits
index b8a8c5b85e38..b8a8c5b85e38 100644
--- a/www/apache22/files/mpm-itk-limits
+++ b/www/apache22-itk-mpm/files/mpm-itk-limits
diff --git a/www/apache22/files/mpm-itk-perdir-regex b/www/apache22-itk-mpm/files/mpm-itk-perdir-regex
index cbe5d2cd6a8b..cbe5d2cd6a8b 100644
--- a/www/apache22/files/mpm-itk-perdir-regex
+++ b/www/apache22-itk-mpm/files/mpm-itk-perdir-regex
diff --git a/www/apache22/Makefile b/www/apache22/Makefile
index 012b136eaeb9..d4ccb77c8e9b 100644
--- a/www/apache22/Makefile
+++ b/www/apache22/Makefile
@@ -1,8 +1,8 @@
 # $FreeBSD$
 
 PORTNAME=	apache22
-PORTVERSION=	2.2.23
-PORTREVISION=	4
+PORTVERSION=	2.2.24
+#PORTREVISION?=	1
 CATEGORIES=	www ipv6
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD}
 DISTNAME=	httpd-${PORTVERSION}
@@ -41,11 +41,9 @@ APACHEDIR=	${.CURDIR}
 APACHEDIR=	${MASTERDIR}
 .endif
 
-WITH_MPM?=		prefork # or worker, event, itk
+WITH_MPM?=		prefork # or worker, event, itk, peruser
 WITH_HTTP_PORT?=	80
 
-MPM_ITK_VERSION?=	20110321-01
-
 .include "${APACHEDIR}/Makefile.options"
 
 # stop users from using old WITH/WITHOUT parameters
@@ -57,8 +55,8 @@ BROKEN=	WITH/WITHOUT parameters are obsolete. \
 .  endif
 .endfor
 
-.for cat in ${ALL_MODULES_CATEGORIES}
-.  if defined(WITH_${cat}_MODULES)
+.for category in ${ALL_MODULES_CATEGORIES}
+.  if defined(WITH_${category}_MODULES)
 BROKEN=	WITH/WITHOUT_..._MODULES parameters are obsolete. \
 	The port use the new options NG framework. Please read\
 	http://wiki.freebsd.org/Ports/Options/OptionsNG
@@ -77,6 +75,9 @@ APU_DBD_PGSQL?=		${LOCALBASE}/lib/apr-util-1/apr_dbd_pgsql.so
 APU_DBD_SQLITE3?=	${LOCALBASE}/lib/apr-util-1/apr_dbd_sqlite3.so
 # APU module used by AUTHNZ_LDAP LDAP
 APU_LDAP?=		${LOCALBASE}/lib/apr-util-1/apr_ldap.so
+# APU crypto
+APU_CRYPTO_SSL?=	${LOCALBASE}/lib/apr-util-1/apr_crypto_openssl.so
+APU_CRYPTO_NSS?=	${LOCALBASE}/lib/apr-util-1/apr_crypto_nss.so
 
 CONFIGURE_ARGS=	--prefix=${PREFIX_RELDEST} \
 		--enable-layout=FreeBSD \
@@ -99,7 +100,7 @@ MAKE_ENV+=	EXPR_COMPAT=yes \
 		INSTALL_MAN="${INSTALL_MAN}"
 
 #=====================================================
-# CONFIGURE_ARGS willl be handled in Makefile.modules,
+# CONFIGURE_ARGS will be handled in Makefile.modules,
 # here we do only OPTIONS fixups
 
 .if ${PORT_OPTIONS:MSSL}
diff --git a/www/apache22/Makefile.modules b/www/apache22/Makefile.modules
index 6f6d2f6423c8..69e04a7ad3a9 100644
--- a/www/apache22/Makefile.modules
+++ b/www/apache22/Makefile.modules
@@ -60,16 +60,6 @@ PLIST_SUB+=		WORKER="@comment " EVENT=""
 PLIST_SUB+=		WORKER="@comment " EVENT="@comment "
 .elif ${WITH_MPM} == "itk"
 PLIST_SUB+=		WORKER="@comment " EVENT="@comment "
-EXTRA_PATCHES+=		${PATCHDIR}/mpm-itk-${MPM_ITK_VERSION}
-.  if defined (WITH_ITK_PERDIR_REGEX) && defined (WITH_ITK_LIMITS)
-IGNORE=	Use only one patch option not both (WITH_ITK_PERDIR_REGEX or WITH_ITK_LIMITS)
-.  endif
-.  if defined (WITH_ITK_PERDIR_REGEX)
-EXTRA_PATCHES+=		${PATCHDIR}/mpm-itk-perdir-regex
-.  endif
-.  if defined (WITH_ITK_LIMITS)
-EXTRA_PATCHES+=		${PATCHDIR}/mpm-itk-limits
-.  endif
 .else
 IGNORE=	Unknown MPM: ${WITH_MPM}
 .endif	# MPM prefork
diff --git a/www/apache22/distinfo b/www/apache22/distinfo
index d8b6232d01d9..d9122d8a3189 100644
--- a/www/apache22/distinfo
+++ b/www/apache22/distinfo
@@ -1,2 +1,2 @@
-SHA256 (apache22/httpd-2.2.23.tar.bz2) = 14fe79bd6edd957c02cb41f4175e132c08e6ff74a7d08dc1858dd8224e351c34
-SIZE (apache22/httpd-2.2.23.tar.bz2) = 5485205
+SHA256 (apache22/httpd-2.2.24.tar.bz2) = 0453f5d2d7e3b1975a1c6a8a22b6d6ff768715a3b0a89b51e5f7b5851628fad7
+SIZE (apache22/httpd-2.2.24.tar.bz2) = 5490439
diff --git a/www/apache22/files/apache22.in b/www/apache22/files/apache22.in
index 94374fbfd867..eab30e2a7ac0 100644
--- a/www/apache22/files/apache22.in
+++ b/www/apache22/files/apache22.in
@@ -4,7 +4,7 @@
 #
 
 # PROVIDE: apache22
-# REQUIRE: LOGIN cleanvar
+# REQUIRE: LOGIN cleanvar sshd
 # KEYWORD: shutdown
 
 #