Sun May 24 11:41:00 2015 UTC ()
Pullup ticket #4733 - requested by sborrill
www/apache22: security patch

Revisions pulled up:
- www/apache22/Makefile                                         1.103
- www/apache22/distinfo                                         1.61
- www/apache22/patches/patch-modules_ssl_ssl__engine__dh.c      1.1

---
   Module Name:	pkgsrc
   Committed By:	sborrill
   Date:		Fri May 22 09:20:20 UTC 2015

   Modified Files:
   	pkgsrc/www/apache22: Makefile distinfo
   Added Files:
   	pkgsrc/www/apache22/patches: patch-modules_ssl_ssl__engine__dh.c

   Log Message:
   Add patch to mitigate Logjam TLS vulnerabilities (CVE-2015-4000).
   Based on FreeBSD ports.


(tron)
diff -r1.102 -r1.102.6.1 pkgsrc/www/apache22/Makefile
diff -r1.60 -r1.60.6.1 pkgsrc/www/apache22/distinfo
diff -r0 -r1.1.2.2 pkgsrc/www/apache22/patches/patch-modules_ssl_ssl__engine__dh.c
cvs diff -r1.102 -r1.102.6.1 pkgsrc/www/apache22/Attic/Makefile (switch to unified diff)

--- pkgsrc/www/apache22/Attic/Makefile 2014/09/09 08:11:48 1.102
+++ pkgsrc/www/apache22/Attic/Makefile 2015/05/24 11:41:00 1.102.6.1
@@ -1,244 +1,249 @@ @@ -1,244 +1,249 @@
1# $NetBSD: Makefile,v 1.102 2014/09/09 08:11:48 adam Exp $ 1# $NetBSD: Makefile,v 1.102.6.1 2015/05/24 11:41:00 tron Exp $
2 2
3DISTNAME= httpd-2.2.29 3DISTNAME= httpd-2.2.29
4PKGNAME= ${DISTNAME:S/httpd/apache/} 4PKGNAME= ${DISTNAME:S/httpd/apache/}
 5PKGREVISION= 1
5CATEGORIES= www 6CATEGORIES= www
6MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ 7MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
7 http://archive.apache.org/dist/httpd/ \ 8 http://archive.apache.org/dist/httpd/ \
8 http://archive.eu.apache.org/dist/httpd/ 9 http://archive.eu.apache.org/dist/httpd/
9EXTRACT_SUFX= .tar.bz2 10EXTRACT_SUFX= .tar.bz2
10 11
11MAINTAINER= pkgsrc-users@NetBSD.org 12MAINTAINER= pkgsrc-users@NetBSD.org
12HOMEPAGE= http://httpd.apache.org/ 13HOMEPAGE= http://httpd.apache.org/
13COMMENT= Apache HTTP (Web) server, version 2.2 14COMMENT= Apache HTTP (Web) server, version 2.2
14LICENSE= apache-2.0 15LICENSE= apache-2.0
15 16
16BUILD_DEFS+= IPV6_READY 17BUILD_DEFS+= IPV6_READY
17BUILD_DEFS+= VARBASE 18BUILD_DEFS+= VARBASE
18 19
19USE_TOOLS+= pax perl perl:run pkg-config 20USE_TOOLS+= pax perl perl:run pkg-config
20USE_LIBTOOL= yes 21USE_LIBTOOL= yes
21GNU_CONFIGURE= yes 22GNU_CONFIGURE= yes
22CONFIGURE_ARGS+= --enable-layout=NetBSD 23CONFIGURE_ARGS+= --enable-layout=NetBSD
23CONFIGURE_ARGS+= --with-port=80 24CONFIGURE_ARGS+= --with-port=80
24CONFIGURE_ARGS+= --enable-so 25CONFIGURE_ARGS+= --enable-so
25CONFIGURE_ENV+= perlbin=${PERL5:Q} 26CONFIGURE_ENV+= perlbin=${PERL5:Q}
26CONFIGURE_ENV+= ac_cv_path_RSYNC=/nonexistent 27CONFIGURE_ENV+= ac_cv_path_RSYNC=/nonexistent
27CONFIGURE_ARGS+= CFLAGS=${APACHE_CUSTOM_CFLAGS:M*:Q} 28CONFIGURE_ARGS+= CFLAGS=${APACHE_CUSTOM_CFLAGS:M*:Q}
28 29
29BUILD_DEFS+= APACHE_CUSTOM_CFLAGS 30BUILD_DEFS+= APACHE_CUSTOM_CFLAGS
30 31
31# Apache Portable Runtime library configure options 32# Apache Portable Runtime library configure options
32CONFIGURE_ARGS+= --with-apr=${BUILDLINK_PREFIX.apr} 33CONFIGURE_ARGS+= --with-apr=${BUILDLINK_PREFIX.apr}
33CONFIGURE_ARGS+= --with-apr-util=${BUILDLINK_PREFIX.apr-util} 34CONFIGURE_ARGS+= --with-apr-util=${BUILDLINK_PREFIX.apr-util}
34 35
35CHECK_INTERPRETER_SKIP+= lib/httpd/httpd.exp 36CHECK_INTERPRETER_SKIP+= lib/httpd/httpd.exp
36CHECK_PORTABILITY_SKIP+= srclib/pcre/* \ 37CHECK_PORTABILITY_SKIP+= srclib/pcre/* \
37 srclib/apr-util/* \ 38 srclib/apr-util/* \
38 srclib/apr/* 39 srclib/apr/*
39 40
40# the following must be set before bsd.prefs.mk in order to make += work 41# the following must be set before bsd.prefs.mk in order to make += work
41# in mk.conf; however, it isn't expanded until referenced, so we can 42# in mk.conf; however, it isn't expanded until referenced, so we can
42# define DFLT_APACHE_MODULES later 43# define DFLT_APACHE_MODULES later
43# 44#
44APACHE_MODULES?= ${DFLT_APACHE_MODULES} 45APACHE_MODULES?= ${DFLT_APACHE_MODULES}
45 46
46.include "../../mk/bsd.prefs.mk" 47.include "../../mk/bsd.prefs.mk"
47.include "../../devel/apr/buildlink3.mk" 48.include "../../devel/apr/buildlink3.mk"
48.include "../../devel/apr-util/buildlink3.mk" 49.include "../../devel/apr-util/buildlink3.mk"
49.include "../../textproc/expat/buildlink3.mk" 50.include "../../textproc/expat/buildlink3.mk"
50.include "../../mk/dlopen.buildlink3.mk" 51.include "../../mk/dlopen.buildlink3.mk"
51.include "../../mk/pthread.buildlink3.mk" 52.include "../../mk/pthread.buildlink3.mk"
52 53
53CONFIGURE_ARGS+= --disable-include 54CONFIGURE_ARGS+= --disable-include
54CONFIGURE_ARGS+= --disable-log-config 55CONFIGURE_ARGS+= --disable-log-config
55CONFIGURE_ARGS+= --disable-env 56CONFIGURE_ARGS+= --disable-env
56CONFIGURE_ARGS+= --disable-mime 57CONFIGURE_ARGS+= --disable-mime
57CONFIGURE_ARGS+= --disable-setenvif 58CONFIGURE_ARGS+= --disable-setenvif
58CONFIGURE_ARGS+= --disable-status 59CONFIGURE_ARGS+= --disable-status
59CONFIGURE_ARGS+= --disable-autoindex 60CONFIGURE_ARGS+= --disable-autoindex
60CONFIGURE_ARGS+= --disable-asis 61CONFIGURE_ARGS+= --disable-asis
61CONFIGURE_ARGS+= --disable-cgi 62CONFIGURE_ARGS+= --disable-cgi
62CONFIGURE_ARGS+= --disable-negotiation 63CONFIGURE_ARGS+= --disable-negotiation
63CONFIGURE_ARGS+= --disable-dir 64CONFIGURE_ARGS+= --disable-dir
64CONFIGURE_ARGS+= --disable-actions 65CONFIGURE_ARGS+= --disable-actions
65CONFIGURE_ARGS+= --disable-userdir 66CONFIGURE_ARGS+= --disable-userdir
66CONFIGURE_ARGS+= --disable-alias 67CONFIGURE_ARGS+= --disable-alias
67 68
68DFLT_APACHE_MODULES= all 69DFLT_APACHE_MODULES= all
69DFLT_APACHE_MODULES+= proxy proxy_connect proxy_ftp proxy_http 70DFLT_APACHE_MODULES+= proxy proxy_connect proxy_ftp proxy_http
70DFLT_APACHE_MODULES+= ssl deflate access auth authn_alias 71DFLT_APACHE_MODULES+= ssl deflate access auth authn_alias
71DFLT_APACHE_MODULES+= include log_config env mime setenvif 72DFLT_APACHE_MODULES+= include log_config env mime setenvif
72DFLT_APACHE_MODULES+= status autoindex asis cgi negotiation dir imap 73DFLT_APACHE_MODULES+= status autoindex asis cgi negotiation dir imap
73DFLT_APACHE_MODULES+= actions userdir alias isapi file_cache 74DFLT_APACHE_MODULES+= actions userdir alias isapi file_cache
74DFLT_APACHE_MODULES+= cache disk_cache mem_cache bucketeer echo 75DFLT_APACHE_MODULES+= cache disk_cache mem_cache bucketeer echo
75DFLT_APACHE_MODULES+= example case_filter case_filter_in 76DFLT_APACHE_MODULES+= example case_filter case_filter_in
76DFLT_APACHE_MODULES+= charset_lite 77DFLT_APACHE_MODULES+= charset_lite
77DFLT_APACHE_MODULES+= cgid dav_lock proxy_ajp proxy_balancer 78DFLT_APACHE_MODULES+= cgid dav_lock proxy_ajp proxy_balancer
78 79
79PLIST_SRC+= ${PKGDIR}/PLIST 80PLIST_SRC+= ${PKGDIR}/PLIST
80 81
81.include "options.mk" 82.include "options.mk"
82 83
83# LDAP support 84# LDAP support
84PLIST_VARS+= ldap 85PLIST_VARS+= ldap
85.if !empty(PKG_BUILD_OPTIONS.apr-util:Mldap) 86.if !empty(PKG_BUILD_OPTIONS.apr-util:Mldap)
86DFLT_APACHE_MODULES+= ldap authnz_ldap 87DFLT_APACHE_MODULES+= ldap authnz_ldap
87. if !empty(PKG_OPTIONS:Mapache-shared-modules) 88. if !empty(PKG_OPTIONS:Mapache-shared-modules)
88PLIST.ldap= yes 89PLIST.ldap= yes
89. endif 90. endif
90.endif 91.endif
91 92
92APACHE_USER?= www 93APACHE_USER?= www
93APACHE_GROUP?= www 94APACHE_GROUP?= www
94PKG_GROUPS= ${APACHE_GROUP} 95PKG_GROUPS= ${APACHE_GROUP}
95PKG_USERS= ${APACHE_USER}:${APACHE_GROUP} 96PKG_USERS= ${APACHE_USER}:${APACHE_GROUP}
96PKG_GROUPS_VARS+= APACHE_GROUP 97PKG_GROUPS_VARS+= APACHE_GROUP
97PKG_USERS_VARS+= APACHE_USER 98PKG_USERS_VARS+= APACHE_USER
98 99
99PKG_SYSCONFVAR= apache 100PKG_SYSCONFVAR= apache
100PKG_SYSCONFSUBDIR?= httpd 101PKG_SYSCONFSUBDIR?= httpd
101EGDIR= ${PREFIX}/share/examples/httpd 102EGDIR= ${PREFIX}/share/examples/httpd
102SBINDIR= ${PREFIX}/sbin 103SBINDIR= ${PREFIX}/sbin
103CONF_FILES+= ${EGDIR}/httpd.conf ${PKG_SYSCONFDIR}/httpd.conf 104CONF_FILES+= ${EGDIR}/httpd.conf ${PKG_SYSCONFDIR}/httpd.conf
104.for f in autoindex dav default info languages manual mpm \ 105.for f in autoindex dav default info languages manual mpm \
105 multilang-errordoc ssl userdir vhosts 106 multilang-errordoc ssl userdir vhosts
106CONF_FILES+= ${EGDIR}/extra/httpd-${f}.conf \ 107CONF_FILES+= ${EGDIR}/extra/httpd-${f}.conf \
107 ${PKG_SYSCONFDIR}/httpd-${f}.conf 108 ${PKG_SYSCONFDIR}/httpd-${f}.conf
108.endfor 109.endfor
109CONF_FILES+= ${EGDIR}/magic ${PKG_SYSCONFDIR}/magic 110CONF_FILES+= ${EGDIR}/magic ${PKG_SYSCONFDIR}/magic
110CONF_FILES+= ${EGDIR}/mime.types ${PKG_SYSCONFDIR}/mime.types 111CONF_FILES+= ${EGDIR}/mime.types ${PKG_SYSCONFDIR}/mime.types
111RCD_SCRIPTS= apache 112RCD_SCRIPTS= apache
112 113
113REQD_DIRS= ${PREFIX}/share/httpd 114REQD_DIRS= ${PREFIX}/share/httpd
114REQD_DIRS+= ${PREFIX}/share/httpd/htdocs 115REQD_DIRS+= ${PREFIX}/share/httpd/htdocs
115OWN_DIRS= ${VARBASE}/log/httpd 116OWN_DIRS= ${VARBASE}/log/httpd
116OWN_DIRS+= ${VARBASE}/db/httpd 117OWN_DIRS+= ${VARBASE}/db/httpd
117OWN_DIRS_PERMS+= ${VARBASE}/db/httpd/proxy ${APACHE_USER} ${APACHE_GROUP} 0755 118OWN_DIRS_PERMS+= ${VARBASE}/db/httpd/proxy ${APACHE_USER} ${APACHE_GROUP} 0755
118FIX_PERMS= apachectl apxs dbmmanage envvars-std mkcert 119FIX_PERMS= apachectl apxs dbmmanage envvars-std mkcert
119FIX_MAN_PERMS= man1/htdbm.1 man1/htpasswd.1 man1/htdigest.1 120FIX_MAN_PERMS= man1/htdbm.1 man1/htpasswd.1 man1/htdigest.1
120FIX_MAN_PERMS+= man1/dbmmanage.1 man8/httpd.8 man8/suexec.8 121FIX_MAN_PERMS+= man1/dbmmanage.1 man8/httpd.8 man8/suexec.8
121FIX_MAN_PERMS+= man8/rotatelogs.8 man1/logresolve.1 man1/apxs.1 122FIX_MAN_PERMS+= man8/rotatelogs.8 man1/logresolve.1 man1/apxs.1
122FIX_MAN_PERMS+= man8/apachectl.8 man1/ab.1 man1/httxt2dbm.1 123FIX_MAN_PERMS+= man8/apachectl.8 man1/ab.1 man1/httxt2dbm.1
123 124
124# Fix paths in the apache manpages. 125# Fix paths in the apache manpages.
125SUBST_CLASSES+= man 126SUBST_CLASSES+= man
126SUBST_STAGE.man= post-patch 127SUBST_STAGE.man= post-patch
127SUBST_FILES.man= docs/man/*.1 docs/man/*.8 128SUBST_FILES.man= docs/man/*.1 docs/man/*.8
128SUBST_SED.man= -e 's,/usr/local/etc/apache,${PKG_SYSCONFDIR},' 129SUBST_SED.man= -e 's,/usr/local/etc/apache,${PKG_SYSCONFDIR},'
129SUBST_SED.man+= -e 's,/path/to/apache/etc,${PKG_SYSCONFDIR},' 130SUBST_SED.man+= -e 's,/path/to/apache/etc,${PKG_SYSCONFDIR},'
130SUBST_SED.man+= -e 's,/usr/local/apache2,${PREFIX}/share/httpd/htdocs,' 131SUBST_SED.man+= -e 's,/usr/local/apache2,${PREFIX}/share/httpd/htdocs,'
131SUBST_SED.man+= -e 's,/usr/web,${PREFIX}/share/httpd/htdocs,' 132SUBST_SED.man+= -e 's,/usr/web,${PREFIX}/share/httpd/htdocs,'
132 133
133SUBST_CLASSES+= paths 134SUBST_CLASSES+= paths
134SUBST_STAGE.paths= pre-configure 135SUBST_STAGE.paths= pre-configure
135SUBST_FILES.paths= config.layout Makefile.in support/apxs.in 136SUBST_FILES.paths= config.layout Makefile.in support/apxs.in
136SUBST_SED.paths= -e "s|@PREFIX@|${PREFIX}|g" 137SUBST_SED.paths= -e "s|@PREFIX@|${PREFIX}|g"
137SUBST_SED.paths+= -e "s|@VARBASE@|${VARBASE}|g" 138SUBST_SED.paths+= -e "s|@VARBASE@|${VARBASE}|g"
138SUBST_SED.paths+= -e "s|@SYSCONFDIR@|${PKG_SYSCONFDIR}|g" 139SUBST_SED.paths+= -e "s|@SYSCONFDIR@|${PKG_SYSCONFDIR}|g"
139SUBST_SED.paths+= -e "s|@PAX@|${PAX}|g" 140SUBST_SED.paths+= -e "s|@PAX@|${PAX}|g"
140SUBST_SED.paths+= -e "s|@LOCALBASE@|${LOCALBASE}|g" 141SUBST_SED.paths+= -e "s|@LOCALBASE@|${LOCALBASE}|g"
141SUBST_MESSAGE.paths= Fixing paths. 142SUBST_MESSAGE.paths= Fixing paths.
142 143
143SUBST_CLASSES+= apr-lt 144SUBST_CLASSES+= apr-lt
144SUBST_STAGE.apr-lt= post-configure 145SUBST_STAGE.apr-lt= post-configure
145SUBST_FILES.apr-lt= build/config_vars.mk 146SUBST_FILES.apr-lt= build/config_vars.mk
146SUBST_SED.apr-lt= -e 's|^\(LIBTOOL =\) [^ ]*|\1 $$(SHELL) $$(top_builddir)/build/libtool|g' 147SUBST_SED.apr-lt= -e 's|^\(LIBTOOL =\) [^ ]*|\1 $$(SHELL) $$(top_builddir)/build/libtool|g'
147SUBST_MESSAGE.apr-lt= Fixing libtool references. 148SUBST_MESSAGE.apr-lt= Fixing libtool references.
148 149
149SUBST_CLASSES+= confs 150SUBST_CLASSES+= confs
150SUBST_STAGE.confs= post-configure 151SUBST_STAGE.confs= post-configure
151SUBST_MESSAGE.confs= Fixing configuration files. 152SUBST_MESSAGE.confs= Fixing configuration files.
152SUBST_FILES.confs= docs/conf/httpd.conf 153SUBST_FILES.confs= docs/conf/httpd.conf
153SUBST_FILES.confs+= docs/conf/extra/httpd-ssl.conf 154SUBST_FILES.confs+= docs/conf/extra/httpd-ssl.conf
154SUBST_SED.confs= -e "s|${EGDIR}|${PKG_SYSCONFDIR}|g" 155SUBST_SED.confs= -e "s|${EGDIR}|${PKG_SYSCONFDIR}|g"
155SUBST_SED.confs+= -e "s|${PREFIX}/htdocs|${PREFIX}/share/httpd/htdocs|g" 156SUBST_SED.confs+= -e "s|${PREFIX}/htdocs|${PREFIX}/share/httpd/htdocs|g"
156SUBST_SED.confs+= -e "s|${PREFIX}/conf|${PKG_SYSCONFDIR}|g" 157SUBST_SED.confs+= -e "s|${PREFIX}/conf|${PKG_SYSCONFDIR}|g"
157SUBST_SED.confs+= -e "s|logs/|${VARBASE}/log/httpd/|g" 158SUBST_SED.confs+= -e "s|logs/|${VARBASE}/log/httpd/|g"
158SUBST_SED.confs+= -e 's|/var/log/httpd/foo\.log|logs/foo.log/|g' 159SUBST_SED.confs+= -e 's|/var/log/httpd/foo\.log|logs/foo.log/|g'
159SUBST_SED.confs+= -e 's|^\(User[ ]\).*|\1${APACHE_USER}|g' 160SUBST_SED.confs+= -e 's|^\(User[ ]\).*|\1${APACHE_USER}|g'
160SUBST_SED.confs+= -e 's|^\(Group[ ]\).*|\1${APACHE_GROUP}|g' 161SUBST_SED.confs+= -e 's|^\(Group[ ]\).*|\1${APACHE_GROUP}|g'
161SUBST_SED.confs+= -e 's|^Listen \(.*\)|Listen 0.0.0.0:\1|g' 162SUBST_SED.confs+= -e 's|^Listen \(.*\)|Listen 0.0.0.0:\1|g'
162 163
163# abs_srcdir in config_vars.mk is used during install so needs to reference 164# abs_srcdir in config_vars.mk is used during install so needs to reference
164# the work dir path, and by other packages such as ap2-fastcgi after install, 165# the work dir path, and by other packages such as ap2-fastcgi after install,
165# so we fix after install to reference the installed path 166# so we fix after install to reference the installed path
166SUBST_CLASSES+= abs_srcdir 167SUBST_CLASSES+= abs_srcdir
167SUBST_STAGE.abs_srcdir= post-install 168SUBST_STAGE.abs_srcdir= post-install
168SUBST_FILES.abs_srcdir= ${DESTDIR}${PREFIX}/share/httpd/build/config_vars.mk 169SUBST_FILES.abs_srcdir= ${DESTDIR}${PREFIX}/share/httpd/build/config_vars.mk
169SUBST_SED.abs_srcdir= -e 's|^\(abs_srcdir =\) .*|\1 ${PREFIX}/share/httpd|' 170SUBST_SED.abs_srcdir= -e 's|^\(abs_srcdir =\) .*|\1 ${PREFIX}/share/httpd|'
170SUBST_MESSAGE.abs_srcdir= Fixing abs_srcdir 171SUBST_MESSAGE.abs_srcdir= Fixing abs_srcdir
171 172
172REPLACE_PERL= docs/cgi-examples/printenv 173REPLACE_PERL= docs/cgi-examples/printenv
173 174
174# Add dependencies for the modules that will be built. For each module 175# Add dependencies for the modules that will be built. For each module
175# ap_mod listed in ${APACHE_MODULES}, _AP_DEPENDS.ap_mod is a whitespace 176# ap_mod listed in ${APACHE_MODULES}, _AP_DEPENDS.ap_mod is a whitespace
176# separated list of dependencies or buildlink3.mk files needed to build 177# separated list of dependencies or buildlink3.mk files needed to build
177# ap_mod, and _AP_CFG_ARGS.ap_mod is a whitespace separated list of 178# ap_mod, and _AP_CFG_ARGS.ap_mod is a whitespace separated list of
178# configure script options for ap_mod. 179# configure script options for ap_mod.
179# 180#
180AP_DEPENDS.ssl= ../../security/openssl/buildlink3.mk 181AP_DEPENDS.ssl= ../../security/openssl/buildlink3.mk
181AP_DEPENDS.deflate= ../../devel/zlib/buildlink3.mk 182AP_DEPENDS.deflate= ../../devel/zlib/buildlink3.mk
182 183
183AP_CFG_ARGS.ssl= --with-ssl=${BUILDLINK_PREFIX.openssl} 184AP_CFG_ARGS.ssl= --with-ssl=${BUILDLINK_PREFIX.openssl}
184AP_CFG_ARGS.deflate= --with-z=${BUILDLINK_PREFIX.zlib} 185AP_CFG_ARGS.deflate= --with-z=${BUILDLINK_PREFIX.zlib}
185 186
186#.if ${APACHE_MODULES} == "all-shared" 187#.if ${APACHE_MODULES} == "all-shared"
187.if !empty(PKG_OPTIONS:Mapache-shared-modules) 188.if !empty(PKG_OPTIONS:Mapache-shared-modules)
188. include "${AP_DEPENDS.ssl}" 189. include "${AP_DEPENDS.ssl}"
189. include "${AP_DEPENDS.deflate}" 190. include "${AP_DEPENDS.deflate}"
190CONFIGURE_ARGS+= ${AP_CFG_ARGS.ssl} ${AP_CFG_ARGS.deflate} 191CONFIGURE_ARGS+= ${AP_CFG_ARGS.ssl} ${AP_CFG_ARGS.deflate}
191.else 192.else
192. for ap_mod in ${APACHE_MODULES} 193. for ap_mod in ${APACHE_MODULES}
193. if defined(AP_DEPENDS.${ap_mod}) && !empty(AP_DEPENDS.${ap_mod}) 194. if defined(AP_DEPENDS.${ap_mod}) && !empty(AP_DEPENDS.${ap_mod})
194. for ap_depend in ${AP_DEPENDS.${ap_mod}} 195. for ap_depend in ${AP_DEPENDS.${ap_mod}}
195. if exists(${ap_depend}) 196. if exists(${ap_depend})
196. include "${ap_depend}" 197. include "${ap_depend}"
197. else 198. else
198DEPENDS+= ${ap_depend} 199DEPENDS+= ${ap_depend}
199. endif 200. endif
200. endfor 201. endfor
201. endif 202. endif
202. if defined(AP_CFG_ARGS.${ap_mod}) && !empty(AP_CFG_ARGS.${ap_mod}) 203. if defined(AP_CFG_ARGS.${ap_mod}) && !empty(AP_CFG_ARGS.${ap_mod})
203CONFIGURE_ARGS+= ${AP_CFG_ARGS.${ap_mod}} 204CONFIGURE_ARGS+= ${AP_CFG_ARGS.${ap_mod}}
204. endif 205. endif
205. endfor 206. endfor
206.endif 207.endif
207 208
208post-extract: 209post-extract:
209 ${TOUCH} ${WRKSRC}/build/libtool 210 ${TOUCH} ${WRKSRC}/build/libtool
210 ${ECHO} "" >> ${WRKSRC}/docs/conf/extra/httpd-languages.conf.in 211 ${ECHO} "" >> ${WRKSRC}/docs/conf/extra/httpd-languages.conf.in
211 212
 213pre-build:
 214 ${ECHO} "===> Generating unique DH group to mitigate Logjam attack (this will take a while)"
 215 (cd ${WRKSRC}/modules/ssl && ${PERL5} ssl_engine_dh.c)
 216
212post-build: 217post-build:
213 ${SED} "s#@PKG_SYSCONFDIR@#${PKG_SYSCONFDIR}#g" \ 218 ${SED} "s#@PKG_SYSCONFDIR@#${PKG_SYSCONFDIR}#g" \
214 < ${FILESDIR}/mkcert.sh > ${WRKDIR}/mkcert 219 < ${FILESDIR}/mkcert.sh > ${WRKDIR}/mkcert
215 220
216INSTALL_TARGET= install-conf install 221INSTALL_TARGET= install-conf install
217INSTALL_MAKE_FLAGS+= sysconfdir="${EGDIR}" 222INSTALL_MAKE_FLAGS+= sysconfdir="${EGDIR}"
218 223
219post-install: 224post-install:
220 ${LN} -sf ${LOCALBASE}/libexec/apr/libtool ${DESTDIR}${PREFIX}/share/httpd/build 225 ${LN} -sf ${LOCALBASE}/libexec/apr/libtool ${DESTDIR}${PREFIX}/share/httpd/build
221 ${LN} -sf ${SBINDIR}/envvars-std ${DESTDIR}${SBINDIR}/envvars 226 ${LN} -sf ${SBINDIR}/envvars-std ${DESTDIR}${SBINDIR}/envvars
222 227
223 ${INSTALL_SCRIPT} ${WRKDIR}/mkcert ${DESTDIR}${PREFIX}/sbin 228 ${INSTALL_SCRIPT} ${WRKDIR}/mkcert ${DESTDIR}${PREFIX}/sbin
224 229
225 for file in ${FIX_PERMS}; do \ 230 for file in ${FIX_PERMS}; do \
226 ${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/sbin/$$file && \ 231 ${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/sbin/$$file && \
227 ${CHMOD} ${BINMODE} ${DESTDIR}${PREFIX}/sbin/$$file; \ 232 ${CHMOD} ${BINMODE} ${DESTDIR}${PREFIX}/sbin/$$file; \
228 done 233 done
229 234
230 ${CHOWN} -RP ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/share/httpd 235 ${CHOWN} -RP ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/share/httpd
231 ${CHOWN} -RP ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/include/httpd 236 ${CHOWN} -RP ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/include/httpd
232 ${CHOWN} -RP ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/lib/httpd 237 ${CHOWN} -RP ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/lib/httpd
233 ${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/libexec/cgi-bin/test-cgi 238 ${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/libexec/cgi-bin/test-cgi
234 ${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/libexec/cgi-bin/printenv 239 ${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/libexec/cgi-bin/printenv
235 240
236 for file in ${FIX_MAN_PERMS}; do \ 241 for file in ${FIX_MAN_PERMS}; do \
237 ${CHOWN} ${MANOWN}:${MANGRP} ${DESTDIR}${PREFIX}/${PKGMANDIR}/$$file; \ 242 ${CHOWN} ${MANOWN}:${MANGRP} ${DESTDIR}${PREFIX}/${PKGMANDIR}/$$file; \
238 done 243 done
239 244
240 ${CHMOD} -x ${DESTDIR}${PREFIX}/sbin/envvars-std 245 ${CHMOD} -x ${DESTDIR}${PREFIX}/sbin/envvars-std
241 ${TEST} ! -f ${DESTDIR}${PREFIX}/sbin/suexec || ${CHMOD} -w ${DESTDIR}${PREFIX}/sbin/suexec 246 ${TEST} ! -f ${DESTDIR}${PREFIX}/sbin/suexec || ${CHMOD} -w ${DESTDIR}${PREFIX}/sbin/suexec
242 247
243.include "../../mk/pthread.buildlink3.mk" 248.include "../../mk/pthread.buildlink3.mk"
244.include "../../mk/bsd.pkg.mk" 249.include "../../mk/bsd.pkg.mk"
cvs diff -r1.60 -r1.60.6.1 pkgsrc/www/apache22/Attic/distinfo (switch to unified diff)

--- pkgsrc/www/apache22/Attic/distinfo 2014/09/09 08:11:48 1.60
+++ pkgsrc/www/apache22/Attic/distinfo 2015/05/24 11:41:00 1.60.6.1
@@ -1,19 +1,20 @@ @@ -1,19 +1,20 @@
1$NetBSD: distinfo,v 1.60 2014/09/09 08:11:48 adam Exp $ 1$NetBSD: distinfo,v 1.60.6.1 2015/05/24 11:41:00 tron Exp $
2 2
3SHA1 (httpd-2.2.29.tar.bz2) = 1d6a8fbc1391d358cc6fe430edc16222b97258d5 3SHA1 (httpd-2.2.29.tar.bz2) = 1d6a8fbc1391d358cc6fe430edc16222b97258d5
4RMD160 (httpd-2.2.29.tar.bz2) = c9a823f038a6a1cbfd94cd9bdd067edd26cf7a3b 4RMD160 (httpd-2.2.29.tar.bz2) = c9a823f038a6a1cbfd94cd9bdd067edd26cf7a3b
5Size (httpd-2.2.29.tar.bz2) = 5625498 bytes 5Size (httpd-2.2.29.tar.bz2) = 5625498 bytes
6SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7 6SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7
7SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150 7SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150
8SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad 8SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
9SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 9SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13
10SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 10SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913
11SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 11SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01
12SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 12SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312
13SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 13SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1
14SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 14SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
15SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 15SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4
16SHA1 (patch-docs_man_apxs.8) = 70797ea73ae6379492971bec1106a8427ae7fdaa 16SHA1 (patch-docs_man_apxs.8) = 70797ea73ae6379492971bec1106a8427ae7fdaa
17SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1 17SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1
18SHA1 (patch-modules_proxy_mod_proxy_connect.c) = b2b5d0242a92c7bf20b14c16d8cd3abae42f3746 18SHA1 (patch-modules_proxy_mod_proxy_connect.c) = b2b5d0242a92c7bf20b14c16d8cd3abae42f3746
 19SHA1 (patch-modules_ssl_ssl__engine__dh.c) = fc37a639ecfbade0cf8a4fc684d7ec3b92949897
19SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1 20SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1
File Added: pkgsrc/www/apache22/patches/Attic/patch-modules_ssl_ssl__engine__dh.c
--- modules/ssl/ssl_engine_dh.c.orig	2006-07-12 03:38:44 UTC
+++ modules/ssl/ssl_engine_dh.c
@@ -102,12 +102,12 @@ DH *ssl_dh_GetTmpParam(int nKeyLen)
 {
     DH *dh;
 
-    if (nKeyLen == 512)
-        dh = get_dh512();
-    else if (nKeyLen == 1024)
-        dh = get_dh1024();
+    if (nKeyLen == 2048)
+        dh = get_dh2048();
+    else if (nKeyLen == 3072)
+        dh = get_dh3072();
     else
-        dh = get_dh1024();
+        dh = get_dh3072();
     return dh;
 }
 
@@ -151,7 +151,7 @@ print FP $source;
 close(FP);
 
 #   generate the DH parameters
-print "1. Generate 512 and 1024 bit Diffie-Hellman parameters (p, g)\n";
+print "1. Generate 2048 and 3072 bit Diffie-Hellman parameters (p, g)\n";
 my $rand = '';
 foreach $file (qw(/var/log/messages /var/adm/messages
                   /kernel /vmunix /vmlinuz /etc/hosts /etc/resolv.conf)) {
@@ -161,15 +161,15 @@ foreach $file (qw(/var/log/messages /var
     }
 }
 $rand = "-rand $rand" if ($rand ne '');
-system("openssl gendh $rand -out dh512.pem 512");
-system("openssl gendh $rand -out dh1024.pem 1024");
+system("openssl gendh $rand -out dh2048.pem 2048");
+system("openssl gendh $rand -out dh3072.pem 3072");
 
 #   generate DH param info
 my $dhinfo = '';
-open(FP, "openssl dh -noout -text -in dh512.pem |") || die;
+open(FP, "openssl dh -noout -text -in dh2048.pem |") || die;
 $dhinfo .= $_ while (<FP>);
 close(FP);
-open(FP, "openssl dh -noout -text -in dh1024.pem |") || die;
+open(FP, "openssl dh -noout -text -in dh3072.pem |") || die;
 $dhinfo .= $_ while (<FP>);
 close(FP);
 $dhinfo =~ s|^|** |mg;
@@ -177,10 +177,10 @@ $dhinfo = "\n\/\*\n$dhinfo\*\/\n\n";
 
 #   generate C source from DH params
 my $dhsource = '';
-open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand |") || die;
+open(FP, "openssl dh -noout -C -in dh2048.pem | indent | expand |") || die;
 $dhsource .= $_ while (<FP>);
 close(FP);
-open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand |") || die;
+open(FP, "openssl dh -noout -C -in dh3072.pem | indent | expand |") || die;
 $dhsource .= $_ while (<FP>);
 close(FP);
 $dhsource =~ s|(DH\s+\*get_dh)(\d+)[^}]*\n}|static $1$2(void)
@@ -203,8 +203,8 @@ print FP $source;
 close(FP);
 
 #   cleanup
-unlink("dh512.pem");
-unlink("dh1024.pem");
+unlink("dh2048.pem");
+unlink("dh3072.pem");
 
 =pod
 */