diff options
author | ohauer <ohauer@FreeBSD.org> | 2015-01-31 23:22:51 +0800 |
---|---|---|
committer | ohauer <ohauer@FreeBSD.org> | 2015-01-31 23:22:51 +0800 |
commit | 85ee94e8267951e7ad32ebf7931e8772fa45641c (patch) | |
tree | dcd30bc82233b25763d1750b23d08afd11943175 /www | |
parent | e88d385e37845b5b65a9f928e6ca0eed4f0bb3eb (diff) | |
download | freebsd-ports-gnome-85ee94e8267951e7ad32ebf7931e8772fa45641c.tar.gz freebsd-ports-gnome-85ee94e8267951e7ad32ebf7931e8772fa45641c.tar.zst freebsd-ports-gnome-85ee94e8267951e7ad32ebf7931e8772fa45641c.zip |
- update to 2.4.12
- change MPM backend from static to dynamic,
but keep mpm_prefork for compatiblity with e.g. php modules
- install dedicated MPM load file in case httpd was build with modular MPM
(modules.d/000_mpm_prefork_fallback.conf)
- disable SSLv3 and SSLv2 fallback in sample httpd-ssl-conf
- use @sample macro instead EXAMPLESDIR
- add some SSLCipherSuite examples for OpenSSL >= 1.0.x
- add libressl support [1]
- add pkg-install script (to handle new modular MPM build)
- build now most all modules, so users using packages don't have
to run a custom build for missing modules
- fix suexec mode
PR: 196139 [1]
MFH: 2015Q1
Diffstat (limited to 'www')
29 files changed, 451 insertions, 202 deletions
diff --git a/www/apache24/Makefile b/www/apache24/Makefile index ea1e977b3cbd..766baa11fe7e 100644 --- a/www/apache24/Makefile +++ b/www/apache24/Makefile @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= apache24 -PORTVERSION= 2.4.10 -PORTREVISION= 2 +PORTVERSION= 2.4.12 CATEGORIES= www ipv6 MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} DISTNAME= httpd-${PORTVERSION} @@ -28,6 +27,10 @@ CPE_VENDOR= apache CPE_PRODUCT= http_server PORTDOCS= * +SUB_FILES= pkg-install pkg-deinstall + +# Fallback MPM after switching from static to modular MPM +SUB_LIST+= MPMF="000_mpm_prefork_fallback.conf" USERS= www GROUPS= www @@ -102,7 +105,7 @@ CONFIGURE_ENV= CONFIG_SHELL="${SH}" \ MAKE_ENV+= EXPR_COMPAT=yes \ INSTALL_MAN="${INSTALL_MAN}" \ - EXAMPLESDIR=${EXAMPLESDIR} + DATADIR=${DATADIR} #===================================================== # CONFIGURE_ARGS will be handled in Makefile.modules, @@ -129,36 +132,38 @@ post-extract: # remove possible leftover .svn directories in the sources @${FIND} ${WRKSRC} -type d -name .svn -print | ${XARGS} ${RM} -rf # limit grep results ... - @${FIND} ${WRKSRC} -type f \( -name 'NWGNU*' -o -name '*.ds?' -o -name '*.dep' -o -name '*.mak' -o -name '*.win' \) -delete + @${FIND} ${WRKSRC} -type f \( -name 'NWGNU*' -o -name '*.ds?' -o -name '*.dep' -o -name '*.mak' -o -name '*.win' -o -name '*.vbs' -o -name '*.wsf' \) -delete +# make sure the configure script contains our patches, preserve the original script for comparsion + -${MV} -v ${WRKSRC}/configure ${WRKSRC}/configure.upstream -# make qa script happy, it complains on empty dirs even 'PORTDOCS=*' is set -# use RMDIR in case upstream ever place some files into this dirs +# make stage-qa script happy, it complains on empty dirs even 'PORTDOCS=*' is set +# use RMDIR in case upstream ever place some files into this directories .for d in xsl/util xsl lang -${RMDIR} ${WRKSRC}/docs/manual/style/${d} .endfor post-patch: - @${REINPLACE_CMD} -e 's," PLATFORM ",FreeBSD,' ${WRKSRC}/server/core.c -# IPv4_mapping fix: https://issues.apache.org/bugzilla/show_bug.cgi?id=53824 - @${REINPLACE_CMD} -e 's|freebsd5|freebsd|' \ - -e 's|^perlbin=.*|perlbin=${PERL}|' \ - ${WRKSRC}/configure.in ${WRKSRC}/configure - @${RM} -f ${WRKSRC}/docs/docroot/*.bak + ${REINPLACE_CMD} -e 's," PLATFORM ",FreeBSD,' ${WRKSRC}/server/core.c + ${REINPLACE_CMD} -e 's|logs/error_log|/var/log/httpd-error.log|' \ + ${WRKSRC}/include/httpd.h + ${REINPLACE_CMD} -e 's|perlbin=.*|perlbin=${PERL}|' \ + ${WRKSRC}/configure.in + ${RM} -f ${WRKSRC}/docs/docroot/*.bak ${INSTALL_DATA} ${WRKSRC}/NOTICE ${WRKSRC}/docs/manual post-configure: @FTPUSERS=`${EGREP} -v '^#' /etc/ftpusers| ${TR} -s "\n" " "` ;\ - ${REINPLACE_CMD} -e "s,%%FTPUSERS%%,$${FTPUSERS}," ${WRKSRC}/docs/conf/extra/httpd-userdir.conf - @${REINPLACE_CMD} -e "s,%%WWWOWN%%,${WWWOWN}," -e "s,%%WWWGRP%%,${WWWGRP}," ${WRKSRC}/docs/conf/httpd.conf - @${REINPLACE_CMD} -e "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/support/envvars-std + ${REINPLACE_CMD} -e "s,%%FTPUSERS%%,$${FTPUSERS}," \ + ${WRKSRC}/docs/conf/extra/httpd-userdir.conf + ${REINPLACE_CMD} -e "s,%%WWWOWN%%,${WWWOWN}," -e "s,%%WWWGRP%%,${WWWGRP}," \ + ${WRKSRC}/docs/conf/httpd.conf + ${REINPLACE_CMD} -e "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/support/envvars-std post-install: @${MKDIR} ${ETC_SUBDIRS:S|^|${STAGEDIR}${ETCDIR}/|} ${INSTALL_DATA} ${FILESDIR}/no-accf.conf ${STAGEDIR}${ETCDIR}/Includes/ # place for 3rd party module configuration ${INSTALL_DATA} ${FILESDIR}/README_modules.d ${STAGEDIR}${ETCDIR}/modules.d/ - @${MKDIR} ${STAGEDIR}/${EXAMPLESDIR}/modules.d - ${INSTALL_DATA} ${FILESDIR}/README_modules.d ${STAGEDIR}${EXAMPLESDIR}/modules.d # strip returns an error for non binary files, but we have a big mix -${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/* 2>/dev/null -${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/* diff --git a/www/apache24/Makefile.modules b/www/apache24/Makefile.modules index 4383e000795a..d6a7484618a9 100644 --- a/www/apache24/Makefile.modules +++ b/www/apache24/Makefile.modules @@ -43,9 +43,11 @@ IGNORE= SESSION_CRYPTO requires APR-util to have crypto openssl support build in # XXX in case we use OPTIONS for MPM # we do not have a WITH_MPM variable .if ${PORT_OPTIONS:MMPM_SHARED} +SUB_LIST+= MPM_FALLBACK_CHECK="" PLIST_SUB+= MPM_SHARED="" CONFIGURE_ARGS+= --enable-mpms-shared=all .else +SUB_LIST+= MPM_FALLBACK_CHECK="\#" PLIST_SUB+= MPM_SHARED="@comment " .endif diff --git a/www/apache24/Makefile.options b/www/apache24/Makefile.options index 95e9b5f029e6..e3dea742058d 100644 --- a/www/apache24/Makefile.options +++ b/www/apache24/Makefile.options @@ -1,9 +1,9 @@ # $FreeBSD$ # =========================================================== -# The list of modules are no longer classified in CATEGORIES. -# We use for enabled/disabled now the resulting modules from -# configure --enable-modules=most +# Only the most important modules are enabled per default in +# httpd.conf, therfore build all modules not depending on other +# ports, marked as example or developer module. # # Required modules without OPTION: # UNIXD LOG_CONFIG @@ -11,10 +11,11 @@ PROXY_ENABLED_MODULES= \ PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_EXPRESS PROXY_FCGI \ - PROXY_FTP PROXY_HTTP PROXY_SCGI PROXY_WSTUNNEL + PROXY_FDPASS PROXY_FTP PROXY_HTTP PROXY_SCGI PROXY_WSTUNNEL +# mod_proxy_html depends on libxml2 PROXY_DISABLED_MODULES= \ - PROXY_FDPASS PROXY_HTML + PROXY_HTML # SESSION_CRYPTO need APR build with crypto (EVP support in APR) SESSION_ENABLED_MODULES= \ @@ -22,45 +23,39 @@ SESSION_ENABLED_MODULES= \ SESSION_DISABLED_MODULES= -HEARTBEAT_MODULES= \ - HEARTBEAT HEARTMONITOR LBMETHOD_HEARTBEAT - EXAMPLE_MODULES= \ - CASE_FILTER CASE_FILTER_IN ECHO EXAMPLE_HOOKS EXAMPLE_IPC \ + BUCKETEER CASE_FILTER CASE_FILTER_IN ECHO EXAMPLE_HOOKS EXAMPLE_IPC \ OPTIONAL_FN_EXPORT OPTIONAL_FN_IMPORT OPTIONAL_HOOK_EXPORT \ OPTIONAL_HOOK_IMPORT -DEV_MODULES= BUCKETEER - MOST_ENABLED_MODULES= \ ACCESS_COMPAT ACTIONS ALIAS ALLOWMETHODS ASIS \ AUTHN_ANON AUTHN_CORE AUTHN_DBD AUTHN_DBM AUTHN_FILE AUTHN_SOCACHE \ - AUTHZ_CORE AUTHZ_DBD AUTHZ_DBM AUTHZ_GROUPFILE AUTHZ_HOST \ + AUTHZ_CORE AUTHZ_DBD AUTHZ_DBM AUTHNZ_FCGI AUTHZ_GROUPFILE AUTHZ_HOST \ AUTHZ_OWNER AUTHZ_USER \ AUTH_BASIC AUTH_DIGEST AUTH_FORM AUTOINDEX \ BUFFER \ - CACHE CACHE_DISK CACHE_SOCACHE CGI CGID \ - DAV DAV_FS DBD DEFLATE DIR DUMPIO \ + CACHE CACHE_DISK CACHE_SOCACHE CERN_META CGI CGID \ + CHARSET_LITE \ + DATA DAV DAV_FS DAV_LOCK DBD DEFLATE DIALUP DIR DUMPIO \ ENV EXPIRES EXT_FILTER \ FILE_CACHE FILTER \ - HEADERS \ + HEADERS HEARTBEAT HEARTMONITOR \ IMAGEMAP INCLUDE INFO \ LBMETHOD_BYBUSYNESS LBMETHOD_BYREQUESTS LBMETHOD_BYTRAFFIC \ - LOGIO LOG_DEBUG \ + LBMETHOD_HEARTBEAT LOGIO LOG_DEBUG LOG_FORENSIC \ MACRO MIME MIME_MAGIC \ NEGOTIATION \ - RATELIMIT REMOTEIP REQTIMEOUT REQUEST REWRITE \ - SED SETENVIF SLOTMEM_SHM SOCACHE_DBM SOCACHE_MEMCACHE SOCACHE_SHMCB SPELING \ - SSL STATUS SUBSTITUTE \ - UNIQUE_ID USERDIR \ - VERSION VHOST_ALIAS + RATELIMIT REFLECTOR REMOTEIP REQTIMEOUT REQUEST REWRITE \ + SED SETENVIF \ + SLOTMEM_PLAIN SLOTMEM_SHM SOCACHE_DBM SOCACHE_MEMCACHE SOCACHE_SHMCB \ + SPELING SSL STATUS SUBSTITUTE \ + UNIQUE_ID USERDIR USERTRACK \ + VERSION VHOST_ALIAS \ + WATCHDOG MOST_DISABLED_MODULES:= \ - AUTHNZ_LDAP AUTHNZ_FCGI LDAP CERN_META CHARSET_LITE DATA DAV_LOCK DIALUP IDENT \ - LOG_FORENSIC LUA REFLECTOR SLOTMEM_PLAIN SOCACHE_DC SUEXEC USERTRACK \ - XML2ENC WATCHDOG ${HEARTBEAT_MODULES} ${EXAMPLE_MODULES} ${DEV_MODULES} - -#MULTI_MODULES:= ${OPTIONS_MULTI} + AUTHNZ_LDAP IDENT LDAP LUA SOCACHE_DC SUEXEC XML2ENC # XXX PROXY and SESSION are modules but also used to # enable/disable additional PROXY/SESSION modules @@ -70,21 +65,20 @@ ALL_MODULES_CATEGORIES= \ MOST_ENABLED MOST_DISABLED MULTI \ PROXY_ENABLED PROXY_DISABLED \ SESSION_ENABLED SESSION_DISABLED \ - META - -#STATIC= STATIC_AB STATIC_CHECKGID STATIC_FCGISTARTER STATIC_HTCACHECLEAN \ -# STATIC_HTDBM STATIC_HTDIGEST STATIC_HTPASSWD STATIC_HTTXT2DBM \ -# STATIC_LOGRESOLVE STATIC_ROTATELOGS STATIC_SUPPORT + META EXAMPLE ADDITIONAL_OPT= LUAJIT IPV4_MAPPED # =================================================================================== -NO_OPTIONS_SORT= yes +#NO_OPTIONS_SORT= yes -OPTIONS_MULTI= ${META_MODULES} +OPTIONS_MULTI:= ${META_MODULES} OPTIONS_MULTI_PROXY:= ${PROXY_ENABLED_MODULES} ${PROXY_DISABLED_MODULES} OPTIONS_MULTI_SESSION:= ${SESSION_ENABLED_MODULES} ${SESSION_DISABLED_MODULES} +OPTIONS_GROUP= EXAMPLE +OPTIONS_GROUP_EXAMPLE:= ${EXAMPLE_MODULES} + OPTIONS_RADIO= SHARED_MPM OPTIONS_RADIO_SHARED_MPM= MPM_SHARED @@ -104,5 +98,6 @@ OPTIONS_DEFAULT:= \ ${OPTIONS_MULTI} \ ${SESSION_ENABLED_MODULES} \ ${PROXY_ENABLED_MODULES} \ + MPM_SHARED \ MPM_PREFORK diff --git a/www/apache24/Makefile.options.desc b/www/apache24/Makefile.options.desc index 63e603be9ea1..77b98c4a532e 100644 --- a/www/apache24/Makefile.options.desc +++ b/www/apache24/Makefile.options.desc @@ -7,6 +7,7 @@ PROXY_DESC= Build enabled PROXY modules SESSION_DESC= Build enabled SESSION modules DEFAULT_MPM_DESC= The default MPM module SHARED_MPM_DESC= Build all MPMs as shared Module +EXAMPLE_DESC= Example and devel modules (do not use in prod) # ===================================== # MPMs @@ -88,7 +89,7 @@ DUMPIO_DESC= I/O dump filter ECHO_DESC= (dev) example echo server ENV_DESC= Clearing/setting of ENV vars EXAMPLE_HOOKS_DESC= (dev) example hook callback handler module -EXAMPLE_IPC_DESC= (dev) Example of shared memory and mutex usage +EXAMPLE_IPC_DESC= (dev) example of shared memory and mutex usage EXPIRES_DESC= Expires header control EXT_FILTER_DESC= External filter module diff --git a/www/apache24/distinfo b/www/apache24/distinfo index c671eb1c9ace..d34c15e93309 100644 --- a/www/apache24/distinfo +++ b/www/apache24/distinfo @@ -1,2 +1,2 @@ -SHA256 (apache24/httpd-2.4.10.tar.bz2) = 176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a -SIZE (apache24/httpd-2.4.10.tar.bz2) = 5031834 +SHA256 (apache24/httpd-2.4.12.tar.bz2) = ad6d39edfe4621d8cc9a2791f6f8d6876943a9da41ac8533d77407a2e630eae4 +SIZE (apache24/httpd-2.4.12.tar.bz2) = 5054838 diff --git a/www/apache24/files/patch-Makefile.in b/www/apache24/files/patch-Makefile.in index 532ee840ef9f..3f275064fb9b 100644 --- a/www/apache24/files/patch-Makefile.in +++ b/www/apache24/files/patch-Makefile.in @@ -1,28 +1,65 @@ ---- ./Makefile.in.orig 2012-12-17 12:50:41.000000000 +0100 -+++ ./Makefile.in 2014-07-08 06:27:38.000000000 +0200 -@@ -32,12 +32,10 @@ +--- Makefile.in.orig 2012-12-17 11:50:41 UTC ++++ Makefile.in +@@ -32,12 +32,9 @@ include $(top_srcdir)/build/program.mk install-conf: @echo Installing configuration files @$(MKINSTALLDIRS) $(DESTDIR)$(sysconfdir) $(DESTDIR)$(sysconfdir)/extra - @$(MKINSTALLDIRS) $(DESTDIR)$(sysconfdir)/original/extra -+ @$(MKINSTALLDIRS) $(DESTDIR)$(EXAMPLESDIR) $(DESTDIR)$(EXAMPLESDIR)/extra @cd $(top_srcdir)/docs/conf; \ for i in mime.types magic; do \ - if test ! -f $(DESTDIR)$(sysconfdir)/$$i; then \ - $(INSTALL_DATA) $$i $(DESTDIR)$(sysconfdir); \ - fi; \ -+ $(INSTALL_DATA) $$i $(DESTDIR)$(EXAMPLESDIR); \ ++ $(INSTALL_DATA) $$i $(DESTDIR)$(sysconfdir)/$${i}.sample; \ done; \ for j in $(top_srcdir)/docs/conf $(top_builddir)/docs/conf ; do \ cd $$j ; \ -@@ -78,15 +76,12 @@ +@@ -58,6 +55,16 @@ install-conf: + -e 's#@@SSLPort@@#$(SSLPORT)#g' \ + -e 'p' \ + < $$i; \ ++ if echo " $(DSO_MODULES) "|$(EGREP) " cgi " > /dev/null ; then \ ++ have_cgi="1"; \ ++ else \ ++ have_cgi="0"; \ ++ fi; \ ++ if echo " $(DSO_MODULES) "|$(EGREP) " cgid " > /dev/null ; then \ ++ have_cgid="1"; \ ++ else \ ++ have_cgid="0"; \ ++ fi; \ + for j in $(DSO_MODULES) "^EOL^"; do \ + if test $$j != "^EOL^"; then \ + if echo ",$(ENABLED_DSO_MODULES),"|$(EGREP) ",$$j," > /dev/null ; then \ +@@ -68,8 +75,18 @@ install-conf: + if test "$(LOAD_ALL_MODULES)" = "yes"; then \ + loading_disabled=""; \ + fi; \ +- echo "$${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ +- fi; \ ++ if test $$j = "cgid" -a "$$have_cgi" = "1"; then \ ++ echo "<IfModule !mpm_prefork_module>"; \ ++ echo " $${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ ++ echo "</IfModule>"; \ ++ elif test $$j = "cgi" -a "$$have_cgid" = "1"; then \ ++ echo "<IfModule mpm_prefork_module>"; \ ++ echo " $${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ ++ echo "</IfModule>"; \ ++ else \ ++ echo "$${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ ++ fi; \ ++ fi; \ + done; \ + sed -e '1,/@@LoadModule@@/d' \ + -e '/@@LoadModule@@/d' \ +@@ -78,15 +95,12 @@ install-conf: -e 's#@@SSLPort@@#$(SSLPORT)#g' \ < $$i; \ fi \ - ) > $(DESTDIR)$(sysconfdir)/original/$$i; \ - chmod 0644 $(DESTDIR)$(sysconfdir)/original/$$i; \ -+ ) > $(DESTDIR)$(EXAMPLESDIR)/$$i; \ -+ chmod 0644 $(DESTDIR)$(EXAMPLESDIR)/$$i; \ ++ ) > $(DESTDIR)$(sysconfdir)/$${i}.sample; \ ++ chmod 0644 $(DESTDIR)$(sysconfdir)/$${i}.sample; \ file=$$i; \ if [ "$$i" = "httpd.conf" ]; then \ file=`echo $$i|sed s/.*.conf/$(PROGRAM_NAME).conf/`; \ @@ -33,7 +70,7 @@ fi; \ done ; \ done ; \ -@@ -137,48 +132,25 @@ +@@ -137,48 +151,25 @@ dox: doxygen $(top_srcdir)/docs/doxygen.conf install-htdocs: @@ -50,8 +87,8 @@ - cd $(DESTDIR)$(htdocsdir) && find . -name ".svn" -type d -print | xargs rm -rf 2>/dev/null || true; \ - fi; \ - fi -+ $(MKINSTALLDIRS) $(DESTDIR)$(EXAMPLESDIR) ; \ -+ test -d $(htdocs-srcdir) && (cd $(htdocs-srcdir) && cp -rp index.html $(DESTDIR)$(EXAMPLESDIR)) || true ++ $(MKINSTALLDIRS) $(DESTDIR)$(DATADIR)/misc ; \ ++ test -d $(htdocs-srcdir) && (cd $(htdocs-srcdir) && cp -rp index.html $(DESTDIR)$(DATADIR)/misc) || true install-error: - -@if [ -d $(DESTDIR)$(errordir) ]; then \ @@ -91,7 +128,7 @@ install-other: @test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir) -@@ -231,12 +203,7 @@ +@@ -231,12 +222,7 @@ install-man: @test -d $(DESTDIR)$(manualdir) || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir) @cp -p $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1 @cp -p $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8 diff --git a/www/apache24/files/patch-acinclude.m4 b/www/apache24/files/patch-acinclude.m4 new file mode 100644 index 000000000000..676c8fefeb8e --- /dev/null +++ b/www/apache24/files/patch-acinclude.m4 @@ -0,0 +1,24 @@ +--- acinclude.m4.orig 2014-01-05 08:37:21 UTC ++++ acinclude.m4 +@@ -267,9 +267,10 @@ DISTCLEAN_TARGETS = modules.mk + static = + shared = $libname + EOF ++ dnl https://issues.apache.org/bugzilla/show_bug.cgi?id=53882 ++ DSO_MODULES="$DSO_MODULES mpm_$1" + # add default MPM to LoadModule list + if test $1 = $default_mpm; then +- DSO_MODULES="$DSO_MODULES mpm_$1" + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mpm_$1" + fi + fi +@@ -576,7 +577,8 @@ AC_DEFUN(APACHE_CHECK_OPENSSL,[ + liberrors="" + AC_CHECK_HEADERS([openssl/engine.h]) + AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"]) +- AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines]) ++ dnl PR 196139, https://issues.apache.org/bugzilla/show_bug.cgi?id=57375 ++ AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines SSL_CTX_use_certificate_chain RAND_egd]) + if test "x$liberrors" != "x"; then + AC_MSG_WARN([OpenSSL libraries are unusable]) + fi diff --git a/www/apache24/files/patch-config.layout b/www/apache24/files/patch-config.layout index 98b93ecfd161..919134c4d59f 100644 --- a/www/apache24/files/patch-config.layout +++ b/www/apache24/files/patch-config.layout @@ -1,5 +1,5 @@ ---- ./config.layout.orig 2012-04-17 16:01:41.000000000 +0200 -+++ ./config.layout 2013-03-22 18:55:53.000000000 +0100 +--- config.layout.orig 2012-04-17 14:01:41 UTC ++++ config.layout @@ -257,17 +257,17 @@ bindir: ${exec_prefix}/bin sbindir: ${exec_prefix}/sbin diff --git a/www/apache24/files/patch-configure.in b/www/apache24/files/patch-configure.in index 3c495005e6b3..ee496f0b8eb7 100644 --- a/www/apache24/files/patch-configure.in +++ b/www/apache24/files/patch-configure.in @@ -1,6 +1,6 @@ ---- ./configure.in.orig 2013-01-09 17:39:05.000000000 +0100 -+++ ./configure.in 2013-03-22 18:55:53.000000000 +0100 -@@ -111,7 +111,7 @@ +--- configure.in.orig 2015-01-22 17:33:07 UTC ++++ configure.in +@@ -111,7 +111,7 @@ fi if test "$apr_found" = "reconfig"; then APR_SUBDIR_CONFIG(srclib/apr, @@ -9,7 +9,7 @@ [--enable-layout=*|\'--enable-layout=*]) dnl We must be the first to build and the last to be cleaned AP_BUILD_SRCLIB_DIRS="apr $AP_BUILD_SRCLIB_DIRS" -@@ -177,7 +177,7 @@ +@@ -177,7 +177,7 @@ esac if test "$apu_found" = "reconfig"; then APR_SUBDIR_CONFIG(srclib/apr-util, @@ -18,7 +18,7 @@ [--enable-layout=*|\'--enable-layout=*]) dnl We must be the last to build and the first to be cleaned AP_BUILD_SRCLIB_DIRS="$AP_BUILD_SRCLIB_DIRS apr-util" -@@ -822,8 +822,14 @@ +@@ -830,8 +830,14 @@ AC_DEFINE_UNQUOTED(HTTPD_ROOT, "${ap_pre [Root directory of the Apache install area]) AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf", [Location of the config file, relative to the Apache root directory]) diff --git a/www/apache24/files/patch-docs__conf__extra__httpd-autoindex.conf.in b/www/apache24/files/patch-docs__conf__extra__httpd-autoindex.conf.in index 79d4f20790e9..120c05f0c9ef 100644 --- a/www/apache24/files/patch-docs__conf__extra__httpd-autoindex.conf.in +++ b/www/apache24/files/patch-docs__conf__extra__httpd-autoindex.conf.in @@ -1,6 +1,6 @@ ---- ./docs/conf/extra/httpd-autoindex.conf.in.orig 2010-06-15 13:05:13.000000000 +0200 -+++ ./docs/conf/extra/httpd-autoindex.conf.in 2013-03-22 18:55:53.000000000 +0100 -@@ -89,5 +89,5 @@ +--- docs/conf/extra/httpd-autoindex.conf.in.orig 2010-06-15 11:05:13 UTC ++++ docs/conf/extra/httpd-autoindex.conf.in +@@ -89,5 +89,5 @@ HeaderName HEADER.html # IndexIgnore is a set of filenames which directory indexing should ignore # and not include in the listing. Shell-style wildcarding is permitted. # diff --git a/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in b/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in index 8382aa1a1b81..f8804d61eada 100644 --- a/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in +++ b/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in @@ -1,6 +1,37 @@ ---- ./docs/conf/extra/httpd-ssl.conf.in.orig 2012-12-11 10:55:03.000000000 +0100 -+++ ./docs/conf/extra/httpd-ssl.conf.in 2013-03-22 18:55:53.000000000 +0100 -@@ -86,8 +86,8 @@ +--- docs/conf/extra/httpd-ssl.conf.in.orig 2015-01-31 12:20:34 UTC ++++ docs/conf/extra/httpd-ssl.conf.in +@@ -42,11 +42,30 @@ Listen @@SSLPort@@ + ## the main server and all SSL-enabled virtual hosts. + ## + ++## disable unsecure SSL protocols ++SSLProtocol ALL -SSLv2 -SSLv3 ++ + # SSL Cipher Suite: + # List the ciphers that the client is permitted to negotiate. + # See the mod_ssl documentation for a complete list. + SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 + ++## The following entries can be used as suggestions, ++## for more information see: ++## - http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite ++## - http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html ++## ++## To test your SSL implementation use for example security/sslscan or for public reachable systems https://www.ssllabs.com/ ++ ++## sample for OpenSSL >= 1.0.x (with RC4) ++# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" ++ ++## sample for OpenSSL >= 1.0.x (keep support for IE8 on XP) ++# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4" ++ ++## sample for OpenSSL >= 1.0.x (no RC4 support) ++# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" ++ + # Speed-optimized SSL Cipher configuration: + # If speed is your main concern (on busy HTTPS servers e.g.), + # you might want to force clients to specific, performance +@@ -105,8 +124,8 @@ SSLSessionCacheTimeout 300 DocumentRoot "@exp_htdocsdir@" ServerName www.example.com:@@SSLPort@@ ServerAdmin you@example.com @@ -11,7 +42,7 @@ # SSL Engine Switch: # Enable/Disable SSL for this virtual host. -@@ -246,7 +246,7 @@ +@@ -265,7 +284,7 @@ BrowserMatch "MSIE [2-5]" \ # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. diff --git a/www/apache24/files/patch-docs__conf__extra__httpd-userdir.conf.in b/www/apache24/files/patch-docs__conf__extra__httpd-userdir.conf.in index d071f5388568..67eef7beffe2 100644 --- a/www/apache24/files/patch-docs__conf__extra__httpd-userdir.conf.in +++ b/www/apache24/files/patch-docs__conf__extra__httpd-userdir.conf.in @@ -1,5 +1,5 @@ ---- ./docs/conf/extra/httpd-userdir.conf.in.orig 2011-06-06 23:40:41.000000000 +0200 -+++ ./docs/conf/extra/httpd-userdir.conf.in 2013-03-22 18:55:53.000000000 +0100 +--- docs/conf/extra/httpd-userdir.conf.in.orig 2011-06-06 21:40:41 UTC ++++ docs/conf/extra/httpd-userdir.conf.in @@ -9,6 +9,8 @@ # UserDir public_html diff --git a/www/apache24/files/patch-docs__conf__httpd.conf.in b/www/apache24/files/patch-docs__conf__httpd.conf.in index a9da848ba486..35f81ccb0c65 100644 --- a/www/apache24/files/patch-docs__conf__httpd.conf.in +++ b/www/apache24/files/patch-docs__conf__httpd.conf.in @@ -1,6 +1,6 @@ ---- ./docs/conf/httpd.conf.in.orig 2012-11-08 04:05:38.000000000 +0100 -+++ ./docs/conf/httpd.conf.in 2013-10-26 19:29:20.000000000 +0200 -@@ -65,6 +65,9 @@ +--- docs/conf/httpd.conf.in.orig 2012-11-08 03:05:38 UTC ++++ docs/conf/httpd.conf.in +@@ -65,6 +65,9 @@ Listen @@Port@@ # @@LoadModule@@ @@ -10,7 +10,7 @@ <IfModule unixd_module> # # If you wish httpd to run as a different user or group, you must run -@@ -74,8 +77,8 @@ +@@ -74,8 +77,8 @@ Listen @@Port@@ # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # @@ -21,7 +21,7 @@ </IfModule> -@@ -181,7 +184,7 @@ +@@ -181,7 +184,7 @@ DocumentRoot "@exp_htdocsdir@" # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # @@ -30,7 +30,7 @@ # # LogLevel: Control the number of messages logged to the error_log. -@@ -210,13 +213,13 @@ +@@ -210,13 +213,13 @@ LogLevel warn # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # @@ -46,7 +46,7 @@ </IfModule> <IfModule alias_module> -@@ -418,3 +421,5 @@ +@@ -418,3 +421,5 @@ SSLRandomSeed connect builtin #RequestHeader unset DNT env=bad_DNT #</IfModule> diff --git a/www/apache24/files/patch-include__ap_config_auto.h.in b/www/apache24/files/patch-include__ap_config_auto.h.in new file mode 100644 index 000000000000..3d4b123f510c --- /dev/null +++ b/www/apache24/files/patch-include__ap_config_auto.h.in @@ -0,0 +1,26 @@ +# libressl support +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139 +# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375 + +--- include/ap_config_auto.h.in.orig 2015-01-15 19:59:13 UTC ++++ include/ap_config_auto.h.in +@@ -130,6 +130,9 @@ + /* Define to 1 if you have the <pwd.h> header file. */ + #undef HAVE_PWD_H + ++/* Define to 1 if you have the `RAND_egd' function. */ ++#undef HAVE_RAND_EGD ++ + /* Define to 1 if you have the `setsid' function. */ + #undef HAVE_SETSID + +@@ -139,6 +142,9 @@ + /* Define to 1 if you have the `SSL_CTX_new' function. */ + #undef HAVE_SSL_CTX_NEW + ++/* Define to 1 if you have the `SSL_CTX_use_certificate_chain' function. */ ++#undef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN ++ + /* Define to 1 if you have the <stdint.h> header file. */ + #undef HAVE_STDINT_H + diff --git a/www/apache24/files/patch-modules__ssl__ssl_engine_init.c b/www/apache24/files/patch-modules__ssl__ssl_engine_init.c new file mode 100644 index 000000000000..a82cbdc6df5a --- /dev/null +++ b/www/apache24/files/patch-modules__ssl__ssl_engine_init.c @@ -0,0 +1,31 @@ +# libressl support +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139 +# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375 + +--- modules/ssl/ssl_engine_init.c.orig 2015-01-15 12:20:33 UTC ++++ modules/ssl/ssl_engine_init.c +@@ -353,9 +353,11 @@ apr_status_t ssl_init_Engine(server_rec + return ssl_die(s); + } + ++#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK + if (strEQ(mc->szCryptoDevice, "chil")) { + ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); + } ++#endif + + if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01889) +@@ -838,7 +840,11 @@ static apr_status_t ssl_init_ctx_cert_ch + } + } + +- n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx, ++#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN ++ n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx, ++#else ++ n = _SSL_CTX_use_certificate_chain(mctx->ssl_ctx, ++#endif + (char *)chain, + skip_first, NULL); + if (n < 0) { diff --git a/www/apache24/files/patch-modules__ssl__ssl_engine_rand.c b/www/apache24/files/patch-modules__ssl__ssl_engine_rand.c new file mode 100644 index 000000000000..e6b98e42b6a9 --- /dev/null +++ b/www/apache24/files/patch-modules__ssl__ssl_engine_rand.c @@ -0,0 +1,22 @@ +# libressl support +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139 +# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375 + +--- modules/ssl/ssl_engine_rand.c.orig 2011-12-05 00:08:01 UTC ++++ modules/ssl/ssl_engine_rand.c +@@ -81,6 +81,7 @@ int ssl_rand_seed(server_rec *s, apr_poo + nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes); + ssl_util_ppclose(s, p, fp); + } ++#ifdef HAVE_RAND_EGD + else if (pRandSeed->nSrc == SSL_RSSRC_EGD) { + /* + * seed in contents provided by the external +@@ -90,6 +91,7 @@ int ssl_rand_seed(server_rec *s, apr_poo + continue; + nDone += n; + } ++#endif + else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) { + struct { + time_t t; diff --git a/www/apache24/files/patch-modules__ssl__ssl_util_ssl.c b/www/apache24/files/patch-modules__ssl__ssl_util_ssl.c new file mode 100644 index 000000000000..5fdf78c7a3b5 --- /dev/null +++ b/www/apache24/files/patch-modules__ssl__ssl_util_ssl.c @@ -0,0 +1,18 @@ +# libressl support +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139 +# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375 + +--- modules/ssl/ssl_util_ssl.c.orig 2015-01-12 13:31:16 UTC ++++ modules/ssl/ssl_util_ssl.c +@@ -473,7 +473,11 @@ EC_GROUP *ssl_ec_GetParamFromFile(const + * format, possibly followed by a sequence of CA certificates that + * should be sent to the peer in the SSL Certificate message. + */ ++#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN + int SSL_CTX_use_certificate_chain( ++#else ++int _SSL_CTX_use_certificate_chain( ++#endif + SSL_CTX *ctx, char *file, int skipfirst, pem_password_cb *cb) + { + BIO *bio; diff --git a/www/apache24/files/patch-modules__ssl__ssl_util_ssl.h b/www/apache24/files/patch-modules__ssl__ssl_util_ssl.h new file mode 100644 index 000000000000..6ff277270e71 --- /dev/null +++ b/www/apache24/files/patch-modules__ssl__ssl_util_ssl.h @@ -0,0 +1,18 @@ +# libressl support +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139 +# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375 + +--- modules/ssl/ssl_util_ssl.h.orig 2014-03-02 20:20:14 UTC ++++ modules/ssl/ssl_util_ssl.h +@@ -69,7 +69,11 @@ BOOL SSL_X509_getIDs(apr_pool_t * + BOOL SSL_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL, server_rec *); + BOOL SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); + BOOL SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); ++#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN + int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *); ++#else ++int _SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *); ++#endif + char *SSL_SESSION_id2sz(unsigned char *, int, char *, int); + + #endif /* __SSL_UTIL_SSL_H__ */ diff --git a/www/apache24/files/patch-r1611744-modules__lua__lua_request.c b/www/apache24/files/patch-r1611744-modules__lua__lua_request.c deleted file mode 100644 index 15b0e05cb33f..000000000000 --- a/www/apache24/files/patch-r1611744-modules__lua__lua_request.c +++ /dev/null @@ -1,22 +0,0 @@ -backport for mod_lua: Don't quote values in cookies; Make IE happy again [#56734] -http://svn.apache.org/viewvc?view=revision&revision=1611744 - - ---- ./modules/lua/lua_request.c.orig 2014-07-20 10:48:19.000000000 +0200 -+++ ./modules/lua/lua_request.c 2014-07-20 10:48:46.000000000 +0200 -@@ -2086,13 +2086,13 @@ - if (expires > 0) { - rv = apr_rfc822_date(cdate, apr_time_from_sec(expires)); - if (rv == APR_SUCCESS) { -- strexpires = apr_psprintf(r->pool, "Expires=\"%s\";", cdate); -+ strexpires = apr_psprintf(r->pool, "Expires=%s;", cdate); - } - } - - /* Create path segment */ - if (path != NULL && strlen(path) > 0) { -- strpath = apr_psprintf(r->pool, "Path=\"%s\";", path); -+ strpath = apr_psprintf(r->pool, "Path=%s;", path); - } - - /* Create domain segment */ diff --git a/www/apache24/files/patch-support__Makefile.in b/www/apache24/files/patch-support__Makefile.in index f92ad75abff9..8dca75c35700 100644 --- a/www/apache24/files/patch-support__Makefile.in +++ b/www/apache24/files/patch-support__Makefile.in @@ -1,6 +1,6 @@ ---- ./support/Makefile.in.orig 2012-12-11 11:37:25.000000000 +0100 -+++ ./support/Makefile.in 2013-10-26 19:29:20.000000000 +0200 -@@ -17,10 +17,10 @@ +--- support/Makefile.in.orig 2012-12-11 10:37:25 UTC ++++ support/Makefile.in +@@ -17,10 +17,10 @@ install: @test -d $(DESTDIR)$(sbindir) || $(MKINSTALLDIRS) $(DESTDIR)$(sbindir) @test -d $(DESTDIR)$(libexecdir) || $(MKINSTALLDIRS) $(DESTDIR)$(libexecdir) @cp -p $(top_builddir)/server/httpd.exp $(DESTDIR)$(libexecdir) @@ -14,7 +14,7 @@ fi ; \ done @for i in apachectl; do \ -@@ -30,10 +30,7 @@ +@@ -30,10 +30,7 @@ install: fi ; \ done @if test -f "$(builddir)/envvars-std"; then \ diff --git a/www/apache24/files/patch-support__apachectl.in b/www/apache24/files/patch-support__apachectl.in index bd23406991e5..b093f49ae438 100644 --- a/www/apache24/files/patch-support__apachectl.in +++ b/www/apache24/files/patch-support__apachectl.in @@ -1,6 +1,6 @@ ---- ./support/apachectl.in.orig 2012-02-01 04:47:28.000000000 +0100 -+++ ./support/apachectl.in 2013-03-22 18:55:53.000000000 +0100 -@@ -43,6 +43,7 @@ +--- support/apachectl.in.orig 2012-02-01 03:47:28 UTC ++++ support/apachectl.in +@@ -43,6 +43,7 @@ ARGV="$@" # # the path to your httpd binary, including options if necessary HTTPD='@exp_sbindir@/@progname@' @@ -8,7 +8,7 @@ # # pick up any necessary environment variables if test -f @exp_sbindir@/envvars; then -@@ -66,19 +67,21 @@ +@@ -66,19 +67,21 @@ ULIMIT_MAX_FILES="@APACHECTL_ULIMIT@" # -------------------- -------------------- # |||||||||||||||||||| END CONFIGURATION SECTION |||||||||||||||||||| @@ -34,7 +34,7 @@ ERROR=$? ;; startssl|sslstart|start-SSL) -@@ -88,11 +91,13 @@ +@@ -88,11 +91,13 @@ startssl|sslstart|start-SSL) ERROR=2 ;; configtest) diff --git a/www/apache24/files/patch-support__apxs.in b/www/apache24/files/patch-support__apxs.in index ab8f38f159eb..65f2f5b4be71 100644 --- a/www/apache24/files/patch-support__apxs.in +++ b/www/apache24/files/patch-support__apxs.in @@ -1,6 +1,6 @@ ---- ./support/apxs.in.orig 2012-07-25 13:42:40.000000000 +0200 -+++ ./support/apxs.in 2013-03-22 18:55:53.000000000 +0100 -@@ -636,7 +636,13 @@ +--- support/apxs.in.orig 2013-12-26 18:01:53 UTC ++++ support/apxs.in +@@ -636,7 +636,13 @@ if ($opt_i or $opt_e) { } } else { # replace already existing LoadModule line @@ -15,7 +15,7 @@ } $lmd =~ m|LoadModule\s+(.+?)_module.*|; notice("[$what module `$1' in $CFG_SYSCONFDIR/$CFG_TARGET.conf]"); -@@ -645,8 +651,7 @@ +@@ -645,8 +651,7 @@ if ($opt_i or $opt_e) { if (open(FP, ">$CFG_SYSCONFDIR/$CFG_TARGET.conf.new")) { print FP $content; close(FP); diff --git a/www/apache24/files/patch-support__envvars-std.in b/www/apache24/files/patch-support__envvars-std.in index 9f428b238547..305650cc661c 100644 --- a/www/apache24/files/patch-support__envvars-std.in +++ b/www/apache24/files/patch-support__envvars-std.in @@ -1,6 +1,6 @@ ---- ./support/envvars-std.in.orig 2012-03-08 17:10:51.000000000 +0100 -+++ ./support/envvars-std.in 2013-03-22 18:55:53.000000000 +0100 -@@ -26,3 +26,10 @@ +--- support/envvars-std.in.orig 2012-03-08 16:10:51 UTC ++++ support/envvars-std.in +@@ -26,3 +26,10 @@ fi export @SHLIBPATH_VAR@ # @OS_SPECIFIC_VARS@ diff --git a/www/apache24/files/patch-support__log_server_status.in b/www/apache24/files/patch-support__log_server_status.in index 3d3ba66f7128..9853c52a3fd4 100644 --- a/www/apache24/files/patch-support__log_server_status.in +++ b/www/apache24/files/patch-support__log_server_status.in @@ -1,6 +1,6 @@ ---- ./support/log_server_status.in.orig 2012-04-29 01:08:09.000000000 +0200 -+++ ./support/log_server_status.in 2013-03-22 18:55:53.000000000 +0100 -@@ -29,7 +29,7 @@ +--- support/log_server_status.in.orig 2012-04-28 23:08:09 UTC ++++ support/log_server_status.in +@@ -29,7 +29,7 @@ use IO::Socket; use strict; use warnings; @@ -9,7 +9,7 @@ my $server = "localhost"; # Name of server, could be "www.foo.com" my $port = "@PORT@"; # Port on server my $request = "/server-status/?auto"; # Request to send -@@ -46,7 +46,7 @@ +@@ -46,7 +46,7 @@ my $time = . sprintf( "%02d", $ltime[1] ) . sprintf( "%02d", $ltime[0] ); diff --git a/www/apache24/files/pkg-deinstall.in b/www/apache24/files/pkg-deinstall.in new file mode 100644 index 000000000000..587643fc2eb0 --- /dev/null +++ b/www/apache24/files/pkg-deinstall.in @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +MPM_FALLBACK="%%ETCDIR%%/modules.d/%%MPMF%%" + +_cleanup(){ + if [ -f ${MPM_FALLBACK} ]; then + echo -n "remove fallback MPM : " + /bin/rm -vf ${MPM_FALLBACK} + fi +} + +# run only if build with modular MPM +if [ "x$2" = "xDEINSTALL" ]; then + %%MPM_FALLBACK_CHECK%%_cleanup +fi + diff --git a/www/apache24/files/pkg-install.in b/www/apache24/files/pkg-install.in new file mode 100644 index 000000000000..4bd2b15dfaad --- /dev/null +++ b/www/apache24/files/pkg-install.in @@ -0,0 +1,65 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# Note: +# We have to use grep or wc after awk, else +# there is no usable ret value that can be +# used for further processing + +HTTPD_CONF="%%ETCDIR%%/httpd.conf" +MPM_FALLBACK="%%ETCDIR%%/modules.d/%%MPMF%%" + +_log_msg(){ + /usr/bin/logger -p local0.notice -s -t apache24 "$1" +} + +_check_deprecated(){ +if [ -r ${HTTPD_CONF} ]; then + /usr/bin/awk '/^LoadModule[[:blank:]]+mpm_(event|prefork|worker)_module/ {print $2}' ${HTTPD_CONF} | /usr/bin/grep -q '^mpm_' + if [ $? -ne 0 ]; then + _log_msg "===================================================" + _log_msg "WARNING!" + _log_msg " No apache MPM module is activated in httpd.conf," + _log_msg " mpm_prefork will be activated as fall back" + _log_msg "" + _log_msg " Please follow the instructions in" + _log_msg " ${MPM_FALLBACK}" + _log_msg "===================================================" + +cat > ${MPM_FALLBACK} << _EOF +# ================================================================== +# Note: +# www/apache24 build changed from static MPM to modular MPM loading! +# +# This file was installed as fall back, since no activated MPM +# was detected in the existing httpd.conf. +# +# Please merge additions from httpd.conf.sample into your httpd.conf! +# +# After activating one of the mpm_modules in httpd.conf it is save +# to deactivate the "LoadModule" line in this file. +# +# In case mod_(php|perl|python|...) modules from the official FreeBSD +# package repo are installed please use the mpm_prefork module, else +# feel free to test mpm_event (preferred) or mpm_worker. +# +# For more information see: +# http://httpd.apache.org/docs/2.4/mod/ +# ================================================================== + +LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so +_EOF + + fi # $? -ne 0 +else + echo ${HTTPD_CONF} not readable +fi +} + +# run only if build with modular MPM +if [ "$2" = "POST-INSTALL" ]; then + %%MPM_FALLBACK_CHECK%%_check_deprecated +fi + diff --git a/www/apache24/pkg-help b/www/apache24/pkg-help index 54a3adbb4789..5991afe835c3 100644 --- a/www/apache24/pkg-help +++ b/www/apache24/pkg-help @@ -1,25 +1,21 @@ Hints: -- only a subset from the selected modules are enabled by default in - httpd.conf. + - only a subset from the selected modules are activated by default in + httpd.conf. -- by default apache24 builds with static prefork MPM + - by default apache24 builds mpm_prefork, mpm_event and mpm_worker + as dynamically loadable module. Even mpm_event is the preferred + MPM, mpm_prefork will be activated to keep compatibility with + pre-build php/perl/python/... modules (used by apache22/apache24). -- if MPM_SHARED is selected then all MPM modules will be build, but - only the selected DEFAULT MPM module will be registered and enabled - in httpd.conf. For more information see: - https://issues.apache.org/bugzilla/show_bug.cgi?id=53882 Note: - Shared MPM loading is at the moment not supported by most additional - modules (php/perl/python) because they need to know the apache - threading model during build time To build the develop/example modules specify additional the parameter - -DIAMADEVELOPER (I am a developer) + -DIAMADEVELOPER (I am a developer) -For detailed module description visit - http://httpd.apache.org/docs/2.4/mod/ + For detailed module description visit + http://httpd.apache.org/docs/2.4/mod/ -and for the develop/example modules - http://httpd.apache.org/docs/2.2/programs/configure.html + and for the develop/example modules + http://httpd.apache.org/docs/2.2/programs/configure.html#developermodules diff --git a/www/apache24/pkg-message b/www/apache24/pkg-message index d0a71923108c..854857ae82e0 100644 --- a/www/apache24/pkg-message +++ b/www/apache24/pkg-message @@ -4,3 +4,20 @@ in your /etc/rc.conf. Extra options can be found in startup script. Your hostname must be resolvable using at least 1 mechanism in /etc/nsswitch.conf typically DNS or /etc/hosts or apache might have issues starting depending on the modules you are using. + +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +- apache24 default build changed from static MPM to modular MPM +- more modules are now enabled per default in the port +- icons and error pages moved from WWWDIR to DATADIR + + If build with modular MPM and no MPM is activated in + httpd.conf, then mpm_prefork will be activated as default + MPM in etc/apache24/modules.d to keep compatibility with + existing php/perl/python modules! + +Please compare the existing httpd.conf with httpd.conf.sample +and merge missing modules/instructions into httpd.conf! + +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + diff --git a/www/apache24/pkg-plist b/www/apache24/pkg-plist index a4fe1a22e5df..f0c21cc42556 100644 --- a/www/apache24/pkg-plist +++ b/www/apache24/pkg-plist @@ -5,6 +5,21 @@ bin/htpasswd bin/httxt2dbm bin/logresolve %%ETCDIR%%/Includes/no-accf.conf +@sample %%ETCDIR%%/extra/httpd-autoindex.conf.sample +@sample %%ETCDIR%%/extra/httpd-dav.conf.sample +@sample %%ETCDIR%%/extra/httpd-default.conf.sample +@sample %%ETCDIR%%/extra/httpd-info.conf.sample +@sample %%ETCDIR%%/extra/httpd-languages.conf.sample +@sample %%ETCDIR%%/extra/httpd-manual.conf.sample +@sample %%ETCDIR%%/extra/httpd-mpm.conf.sample +@sample %%ETCDIR%%/extra/httpd-multilang-errordoc.conf.sample +@sample %%ETCDIR%%/extra/httpd-ssl.conf.sample +@sample %%ETCDIR%%/extra/httpd-userdir.conf.sample +@sample %%ETCDIR%%/extra/httpd-vhosts.conf.sample +@sample %%ETCDIR%%/extra/proxy-html.conf.sample +@sample %%ETCDIR%%/httpd.conf.sample +@sample %%ETCDIR%%/magic.sample +@sample %%ETCDIR%%/mime.types.sample %%ETCDIR%%/modules.d/README_modules.d include/apache24/ap_compat.h include/apache24/ap_config.h @@ -217,7 +232,7 @@ sbin/htcacheclean sbin/httpd sbin/rotatelogs sbin/split-logfile -%%SUEXEC%%sbin/suexec +%%SUEXEC%%@(,,4755) sbin/suexec %%DATADIR%%/build/config.nice %%DATADIR%%/build/config_vars.mk %%DATADIR%%/build/instdso.sh @@ -227,60 +242,11 @@ sbin/split-logfile %%DATADIR%%/build/program.mk %%DATADIR%%/build/rules.mk %%DATADIR%%/build/special.mk -@unexec if cmp -s %D/%%ETCDIR%%/extra/httpd-autoindex.conf %D/%%EXAMPLESDIR%%/extra/httpd-autoindex.conf; then rm -f %D/%%ETCDIR%%/extra/httpd-autoindex.conf; fi -%%EXAMPLESDIR%%/extra/httpd-autoindex.conf -@exec [ -f %D/%%ETCDIR%%/extra/httpd-autoindex.conf ] || cp %D/%%EXAMPLESDIR%%/extra/httpd-autoindex.conf %D/%%ETCDIR%%/extra/httpd-autoindex.conf -@unexec if cmp -s %D/%%ETCDIR%%/extra/httpd-dav.conf %D/%%EXAMPLESDIR%%/extra/httpd-dav.conf; then rm -f %D/%%ETCDIR%%/extra/httpd-dav.conf; fi -%%EXAMPLESDIR%%/extra/httpd-dav.conf -@exec [ -f %D/%%ETCDIR%%/extra/httpd-dav.conf ] || cp %D/%%EXAMPLESDIR%%/extra/httpd-dav.conf %D/%%ETCDIR%%/extra/httpd-dav.conf -@unexec if cmp -s %D/%%ETCDIR%%/extra/httpd-default.conf %D/%%EXAMPLESDIR%%/extra/httpd-default.conf; then rm -f %D/%%ETCDIR%%/extra/httpd-default.conf; fi -%%EXAMPLESDIR%%/extra/httpd-default.conf -@exec [ -f %D/%%ETCDIR%%/extra/httpd-default.conf ] || cp %D/%%EXAMPLESDIR%%/extra/httpd-default.conf %D/%%ETCDIR%%/extra/httpd-default.conf -@unexec if cmp -s %D/%%ETCDIR%%/extra/httpd-info.conf %D/%%EXAMPLESDIR%%/extra/httpd-info.conf; then rm -f %D/%%ETCDIR%%/extra/httpd-info.conf; fi -%%EXAMPLESDIR%%/extra/httpd-info.conf -@exec [ -f %D/%%ETCDIR%%/extra/httpd-info.conf ] || cp %D/%%EXAMPLESDIR%%/extra/httpd-info.conf %D/%%ETCDIR%%/extra/httpd-info.conf -@unexec if cmp -s %D/%%ETCDIR%%/extra/httpd-languages.conf %D/%%EXAMPLESDIR%%/extra/httpd-languages.conf; then rm -f %D/%%ETCDIR%%/extra/httpd-languages.conf; fi -%%EXAMPLESDIR%%/extra/httpd-languages.conf -@exec [ -f %D/%%ETCDIR%%/extra/httpd-languages.conf ] || cp %D/%%EXAMPLESDIR%%/extra/httpd-languages.conf %D/%%ETCDIR%%/extra/httpd-languages.conf -@unexec if cmp -s %D/%%ETCDIR%%/extra/httpd-manual.conf %D/%%EXAMPLESDIR%%/extra/httpd-manual.conf; then rm -f %D/%%ETCDIR%%/extra/httpd-manual.conf; fi -%%EXAMPLESDIR%%/extra/httpd-manual.conf -@exec [ -f %D/%%ETCDIR%%/extra/httpd-manual.conf ] || cp %D/%%EXAMPLESDIR%%/extra/httpd-manual.conf %D/%%ETCDIR%%/extra/httpd-manual.conf -@unexec if cmp -s %D/%%ETCDIR%%/extra/httpd-mpm.conf %D/%%EXAMPLESDIR%%/extra/httpd-mpm.conf; then rm -f %D/%%ETCDIR%%/extra/httpd-mpm.conf; fi -%%EXAMPLESDIR%%/extra/httpd-mpm.conf -@exec [ -f %D/%%ETCDIR%%/extra/httpd-mpm.conf ] || cp %D/%%EXAMPLESDIR%%/extra/httpd-mpm.conf %D/%%ETCDIR%%/extra/httpd-mpm.conf -@unexec if cmp -s %D/%%ETCDIR%%/extra/httpd-multilang-errordoc.conf %D/%%EXAMPLESDIR%%/extra/httpd-multilang-errordoc.conf; then rm -f %D/%%ETCDIR%%/extra/httpd-multilang-errordoc.conf; fi -%%EXAMPLESDIR%%/extra/httpd-multilang-errordoc.conf -@exec [ -f %D/%%ETCDIR%%/extra/httpd-multilang-errordoc.conf ] || cp %D/%%EXAMPLESDIR%%/extra/httpd-multilang-errordoc.conf %D/%%ETCDIR%%/extra/httpd-multilang-errordoc.conf -@unexec if cmp -s %D/%%ETCDIR%%/extra/httpd-ssl.conf %D/%%EXAMPLESDIR%%/extra/httpd-ssl.conf; then rm -f %D/%%ETCDIR%%/extra/httpd-ssl.conf; fi -%%EXAMPLESDIR%%/extra/httpd-ssl.conf -@exec [ -f %D/%%ETCDIR%%/extra/httpd-ssl.conf ] || cp %D/%%EXAMPLESDIR%%/extra/httpd-ssl.conf %D/%%ETCDIR%%/extra/httpd-ssl.conf -@unexec if cmp -s %D/%%ETCDIR%%/extra/httpd-userdir.conf %D/%%EXAMPLESDIR%%/extra/httpd-userdir.conf; then rm -f %D/%%ETCDIR%%/extra/httpd-userdir.conf; fi -%%EXAMPLESDIR%%/extra/httpd-userdir.conf -@exec [ -f %D/%%ETCDIR%%/extra/httpd-userdir.conf ] || cp %D/%%EXAMPLESDIR%%/extra/httpd-userdir.conf %D/%%ETCDIR%%/extra/httpd-userdir.conf -@unexec if cmp -s %D/%%ETCDIR%%/extra/httpd-vhosts.conf %D/%%EXAMPLESDIR%%/extra/httpd-vhosts.conf; then rm -f %D/%%ETCDIR%%/extra/httpd-vhosts.conf; fi -%%EXAMPLESDIR%%/extra/httpd-vhosts.conf -@exec [ -f %D/%%ETCDIR%%/extra/httpd-vhosts.conf ] || cp %D/%%EXAMPLESDIR%%/extra/httpd-vhosts.conf %D/%%ETCDIR%%/extra/httpd-vhosts.conf -@unexec if cmp -s %D/%%ETCDIR%%/extra/proxy-html.conf %D/%%EXAMPLESDIR%%/extra/proxy-html.conf; then rm -f %D/%%ETCDIR%%/extra/proxy-html.conf; fi -%%EXAMPLESDIR%%/extra/proxy-html.conf -@exec [ -f %D/%%ETCDIR%%/extra/proxy-html.conf ] || cp %D/%%EXAMPLESDIR%%/extra/proxy-html.conf %D/%%ETCDIR%%/extra/proxy-html.conf -@unexec if cmp %D/%%ETCDIR%%/httpd.conf %D/%%EXAMPLESDIR%%/httpd.conf; then rm -vf %D/%%ETCDIR%%/httpd.conf; fi -%%EXAMPLESDIR%%/httpd.conf -@exec [ -f %D/%%ETCDIR%%/httpd.conf ] || cp -v %D/%%EXAMPLESDIR%%/httpd.conf %D/%%ETCDIR%%/httpd.conf -@unexec if cmp -s %D/%%WWWDIR%%/data/index.html %D/%%EXAMPLESDIR%%/index.html; then rm -f %D/%%WWWDIR%%/data/index.html; fi -%%EXAMPLESDIR%%/index.html -@exec [ -d %D/%%WWWDIR%%/data ] || mkdir -p %D/%%WWWDIR%%/data -@exec [ -f %D/%%WWWDIR%%/data/index.html ] || cp %D/%%EXAMPLESDIR%%/index.html %D/%%WWWDIR%%/data/index.html -@unexec if cmp -s %D/%%ETCDIR%%/magic %D/%%EXAMPLESDIR%%/magic; then rm -f %D/%%ETCDIR%%/magic; fi -%%EXAMPLESDIR%%/magic -@exec [ -f %D/%%ETCDIR%%/magic ] || cp %D/%%EXAMPLESDIR%%/magic %D/%%ETCDIR%%/magic -@unexec if cmp -s %D/%%ETCDIR%%/mime.types %D/%%EXAMPLESDIR%%/mime.types; then rm -f %D/%%ETCDIR%%/mime.types; fi -%%EXAMPLESDIR%%/mime.types -@exec [ -f %D/%%ETCDIR%%/mime.types ] || cp %D/%%EXAMPLESDIR%%/mime.types %D/%%ETCDIR%%/mime.types -%%EXAMPLESDIR%%/modules.d/README_modules.d -%%WWWDIR%%/cgi-bin/printenv -%%WWWDIR%%/cgi-bin/printenv.vbs -%%WWWDIR%%/cgi-bin/printenv.wsf -%%WWWDIR%%/cgi-bin/test-cgi +@unexec if cmp -s %D/%%WWWDIR%%/data/index.html %D/%%DATADIR%%/misc/index.html; then rm -f %D/%%WWWDIR%%/data/index.html; fi +%%DATADIR%%/misc/index.html +@exec [ -f %D/%%WWWDIR%%/data/index.html ] || cp %D/%%DATADIR%%/misc/index.html %D/%%WWWDIR%%/data/index.html +@(,,0400) %%WWWDIR%%/cgi-bin/printenv +@(,,0400) %%WWWDIR%%/cgi-bin/test-cgi %%WWWDIR%%/error/HTTP_BAD_GATEWAY.html.var %%WWWDIR%%/error/HTTP_BAD_REQUEST.html.var %%WWWDIR%%/error/HTTP_FORBIDDEN.html.var @@ -544,7 +510,5 @@ sbin/split-logfile %%WWWDIR%%/icons/world2.png %%WWWDIR%%/icons/xml.png @unexec rm -f %D/%%ETCDIR%%/httpd.conf.bak 2> /dev/null || true -@dir %%ETCDIR%%/Includes @dir %%ETCDIR%%/envvars.d -@dir %%ETCDIR%%/extra @dir %%WWWDIR%%/data |