diff options
author | clement <clement@FreeBSD.org> | 2006-01-14 13:59:20 +0000 |
---|---|---|
committer | clement <clement@FreeBSD.org> | 2006-01-14 13:59:20 +0000 |
commit | fd7dbf2a01800cc0db7d0619df81bfb2b6e5cfa5 (patch) | |
tree | 4d0cd5bfc11f5a3b75db587282061df8815cde91 /www/apache13-ssl | |
parent | 593de09b0a30df55ccbc5dec28d0479a2cfef2b9 (diff) | |
download | FreeBSD-ports-fd7dbf2a01800cc0db7d0619df81bfb2b6e5cfa5.zip FreeBSD-ports-fd7dbf2a01800cc0db7d0619df81bfb2b6e5cfa5.tar.gz |
- Update to 1.3.34+1.37
- Use new apache framework.
Diffstat (limited to 'www/apache13-ssl')
-rw-r--r-- | www/apache13-ssl/Makefile | 62 | ||||
-rw-r--r-- | www/apache13-ssl/Makefile.modules | 28 | ||||
-rw-r--r-- | www/apache13-ssl/distinfo | 10 | ||||
-rw-r--r-- | www/apache13-ssl/files/patch-SSLpatch | 18 | ||||
-rw-r--r-- | www/apache13-ssl/files/patch-secfix-CAN-2005-2088 | 87 | ||||
-rw-r--r-- | www/apache13-ssl/pkg-plist | 54 |
6 files changed, 99 insertions, 160 deletions
diff --git a/www/apache13-ssl/Makefile b/www/apache13-ssl/Makefile index a8a03f0..f066eca 100644 --- a/www/apache13-ssl/Makefile +++ b/www/apache13-ssl/Makefile @@ -9,7 +9,6 @@ PORTNAME= apache+ssl PORTVERSION= ${APACHE_VERSION}.${APACHE_SSL_VERSION} -PORTREVISION= 2 CATEGORIES= www security MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \ ${MASTER_SITES_APACHE_SSL:S/$/:ssl/} @@ -32,14 +31,17 @@ CONFLICTS= apache+mod_ssl-1.* apache+mod_ssl+ipv6-1.* apache+mod_ssl+modsnmp-1.* caudium-devel-1.* caudium10-1.* caudium12-* \ ru-apache+mod_ssl-1.* ru-apache-1.* thttpd-2.* -APACHE_VERSION= 1.3.33 -APACHE_SSL_VERSION= 1.55 +APACHE_VERSION= 1.3.34 +APACHE_SSL_VERSION= 1.57 USE_OPENSSL= yes USE_PERL5= yes HAS_CONFIGURE= yes USE_RC_SUBR= yes RC_SCRIPTS_SUB= PREFIX=${PREFIX} RC_SUBR=${RC_SUBR} WWWOWN=${WWWOWN} MAKE_ENV+= EXAMPLESDIR=${EXAMPLESDIR} +USE_APACHE= common13 + +.include "${.CURDIR}/Makefile.modules" MASTER_SITES_APACHE_SSL= \ ftp://ftp.ox.ac.uk/pub/crypto/SSL/Apache-SSL/ \ @@ -48,54 +50,14 @@ MASTER_SITES_APACHE_SSL= \ APACHE_HARD_SERVER_LIMIT?= 512 -.if defined(WITH_APACHE_SUEXEC) - -APACHE_SUEXEC_DOCROOT?= ${DOCUMENT_ROOT} -APACHE_SUEXEC_LOG?= /var/log/httpsd-suexec.log -APACHE_SUEXEC_USERDIR?= public_html -APACHE_SUEXEC_UIDMIN?= 1000 -APACHE_SUEXEC_GIDMIN?= 1000 -APACHE_SUEXEC_CALLER?= www - -SUEXEC_CONF=\ - --enable-suexec \ - --suexec-docroot=${APACHE_SUEXEC_DOCROOT} \ - --suexec-caller=${APACHE_SUEXEC_CALLER} \ - --suexec-uidmin=${APACHE_SUEXEC_UIDMIN} \ - --suexec-gidmin=${APACHE_SUEXEC_GIDMIN} \ - --suexec-logfile=${APACHE_SUEXEC_LOG} \ - --suexec-userdir=${APACHE_SUEXEC_USERDIR} \ - --suexec-safepath=${DEFAULT_PATH} - -.if defined(APACHE_SUEXEC_UMASK) -SUEXEC_CONF+= --suexec-umask=${APACHE_SUEXEC_UMASK} -.endif - -PLIST_SUB+= SUB_SUEXEC="" -SUEXEC_MAN= suexec.8 - -.else # !SUEXEC - -SUEXEC_CONF= -PLIST_SUB+= SUB_SUEXEC="@comment " -SUEXEC_MAN= - -.endif # !SUEXEC - -# -# Set APACHE_PERF_TUNING env. variable to YES to get maximum performance -# CFLAGS+= -I${OPENSSLINC}/openssl -CONFIGURE_ARGS= \ +CONFIGURE_ARGS+= \ --prefix=${PREFIX} \ --server-uid=www \ --server-gid=www \ --with-perl=${PERL} \ --with-layout=FreeBSD \ --without-confadjust \ - --enable-shared=remain \ - --enable-module=most \ - --enable-module=auth_db \ --disable-module=auth_dbm \ --sysconfdir=${PREFIX}/etc/apache \ --includedir=${PREFIX}/include/apache \ @@ -103,8 +65,9 @@ CONFIGURE_ARGS= \ --datadir=${PREFIX}/www \ --proxycachedir=${PREFIX}/www/proxy \ --libexecdir=${PREFIX}/libexec/apache \ - --target=httpsd \ - ${SUEXEC_CONF} + --target=httpsd + +# --enable-shared=remain \ OPTIM= -DHARD_SERVER_LIMIT=${APACHE_HARD_SERVER_LIMIT} \ -DDOCUMENT_LOCATION=\\"${PREFIX}/www/data/\\" \ @@ -120,6 +83,13 @@ CFLAGS+= -O6 -fomit-frame-pointer CONFIGURE_ENV+= OPTIM='${OPTIM}' CONFIGURE_ENV+= EXTRA_SSL_LIBS="-L${OPENSSLLIB} -L${LOCALBASE}/lib" +.if defined(WITH_SUEXEC) +SUEXEC_MAN= suexec.8 +PLIST_SUB+= SUB_SUEXEC="" +.else +PLIST_SUB+= SUB_SUEXEC="@comment " +.endif + MAN1= dbmmanage.1 htdigest.1 htpasswd.1 MAN8= ab.8 httpsdctl.8 apxs.8 httpsd.8 logresolve.8 rotatelogs.8 \ ${SUEXEC_MAN} diff --git a/www/apache13-ssl/Makefile.modules b/www/apache13-ssl/Makefile.modules new file mode 100644 index 0000000..ab882c6 --- /dev/null +++ b/www/apache13-ssl/Makefile.modules @@ -0,0 +1,28 @@ +# Makefile.modules +# Author: Clement Laforet <clement@FreeBSD.org> +# +# This file is used to build modules list, DBM dependencies and MPM selection. +# I hope it can easily handle external modules (such as mod_perl) or MPMs, like +# muxmpm. +# +# Note to myself: (to generate PLIST_SUB entries for modules) +# gsed 's/^\(.*\)mod\(.*\)\.so/%%\MOD\U\2%%\L\1mod\2\.so/' pkg-plist > tmp +# mv tmp pkg-plist +# +# $FreeBSD$ +# + +AUTH_MODULES= access auth auth_anon auth_dbm auth_db auth_digest +LOG_MODULES= log_forensic log_referer log_agent +MMAP_MODULES= mmap_static +MISC_MODULES= actions alias asis autoindex cern_meta cgi digest \ + dir env expires dir headers imap include \ + info log_config mime mime_magic negotiation rewrite \ + speling status unique_id userdir usertrack vhost_alias +PROXY_MODULES= proxy +SSL_MODULES= apache_ssl + +DEFAULT_MODULES_CATEGORIES= \ + AUTH LOG MMAP MISC SSL + +ALL_MODULES_CATEGORIES= AUTH LOG MMAP MISC PROXY SSL diff --git a/www/apache13-ssl/distinfo b/www/apache13-ssl/distinfo index 9702044..0a1046d 100644 --- a/www/apache13-ssl/distinfo +++ b/www/apache13-ssl/distinfo @@ -1,4 +1,6 @@ -MD5 (apache_1.3.33.tar.gz) = 3dfd2c3778f37a2dfc22b97417a61407 -SIZE (apache_1.3.33.tar.gz) = 2468567 -MD5 (apache_1.3.33+ssl_1.55.tar.gz) = 69a51a7002508f3d77c3c73724263d41 -SIZE (apache_1.3.33+ssl_1.55.tar.gz) = 58556 +MD5 (apache_1.3.34.tar.gz) = 9978cc552b423f0015c1052d23ab619e +SHA256 (apache_1.3.34.tar.gz) = ceed243f4f98e4323b48e5f7f80e306d1abb00c592e18de5575983db42d6f8d4 +SIZE (apache_1.3.34.tar.gz) = 2468056 +MD5 (apache_1.3.34+ssl_1.57.tar.gz) = 4c4f51af630fd128ce696c58a70797a3 +SHA256 (apache_1.3.34+ssl_1.57.tar.gz) = 7a0d984b6d0c78e81c4bbae5d51913c53272c07b3de2344ee3e0eecc1fba5f70 +SIZE (apache_1.3.34+ssl_1.57.tar.gz) = 57626 diff --git a/www/apache13-ssl/files/patch-SSLpatch b/www/apache13-ssl/files/patch-SSLpatch index db93d4c..188e59f 100644 --- a/www/apache13-ssl/files/patch-SSLpatch +++ b/www/apache13-ssl/files/patch-SSLpatch @@ -1,15 +1,17 @@ ---- SSLpatch.orig Thu Jun 20 13:00:27 2002 -+++ SSLpatch Sun Sep 15 14:18:42 2002 -@@ -60,9 +60,9 @@ - +SSL_BASE=/usr/local/ssl +--- SSLpatch.orig Sat Jan 14 13:45:38 2006 ++++ SSLpatch Sat Jan 14 13:47:30 2006 +@@ -60,10 +60,10 @@ + +SSL_BASE=/usr +SSL_INCLUDE= -I$(SSL_BASE)/include +SSL_CFLAGS= -DAPACHE_SSL --+SSL_LIB_DIR=/usr/local/ssl/lib +-+SSL_LIB_DIR=/usr/lib -+SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto --+SSL_APP_DIR=/usr/local/ssl/bin +-+SSL_APP_DIR=/usr/bin +-+SSL_APP=/usr/bin/openssl ++SSL_LIB_DIR=$(SSL_BASE) ++SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto $(EXTRA_SSL_LIBS) -++SSL_APP_DIR=$(SSL_BASE)/apps - +SSL_APP=/usr/local/ssl/bin/openssl +++SSL_APP_DIR=$(SSL_BASE)/bin +++SSL_APP=$(SSL_APP_DIR)/openssl + ################################################################ + # Name of the installed Apache HTTP webserver. diff --git a/www/apache13-ssl/files/patch-secfix-CAN-2005-2088 b/www/apache13-ssl/files/patch-secfix-CAN-2005-2088 deleted file mode 100644 index c431540..0000000 --- a/www/apache13-ssl/files/patch-secfix-CAN-2005-2088 +++ /dev/null @@ -1,87 +0,0 @@ ---- src/modules/proxy/proxy_http.c 2005/07/14 05:09:17 218987 -+++ src/modules/proxy/proxy_http.c 2005/07/14 05:19:15 218988 -@@ -121,7 +121,7 @@ - char portstr[32]; - pool *p = r->pool; - int destport = 0; -- int chunked = 0; -+ const char *chunked = NULL; - char *destportstr = NULL; - const char *urlptr = NULL; - const char *datestr, *urlstr; -@@ -338,7 +338,12 @@ - ap_table_mergen(req_hdrs, "X-Forwarded-Server", r->server->server_hostname); - } - -- /* we don't yet support keepalives - but we will soon, I promise! */ -+ /* we don't yet support keepalives - but we will soon, I promise! -+ * XXX: This introduces various HTTP Request vulnerabilies if not -+ * properly implemented. Before changing this .. be certain to -+ * add a hard-close of the connection if the T-E and C-L headers -+ * are both present, or the C-L header is malformed. -+ */ - ap_table_set(req_hdrs, "Connection", "close"); - - reqhdrs_arr = ap_table_elts(req_hdrs); -@@ -475,25 +480,40 @@ - } - - /* is this content chunked? */ -- chunked = ap_find_last_token(r->pool, -- ap_table_get(resp_hdrs, "Transfer-Encoding"), -- "chunked"); -+ chunked = ap_table_get(resp_hdrs, "Transfer-Encoding"); -+ if (chunked && (strcasecmp(chunked, "chunked") != 0)) { -+ ap_kill_timeout(r); -+ return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool, -+ "Unsupported Transfer-Encoding ", chunked, -+ " from remote server", NULL)); -+ } - - /* strip hop-by-hop headers defined by Connection and RFC2616 */ - ap_proxy_clear_connection(p, resp_hdrs); - - content_length = ap_table_get(resp_hdrs, "Content-Length"); - if (content_length != NULL) { -- c->len = ap_strtol(content_length, NULL, 10); -- -- if (c->len < 0) { -- ap_kill_timeout(r); -- return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool, -- "Invalid Content-Length from remote server", -- NULL)); -+ if (chunked) { -+ /* XXX: We would unset keep-alive here, to the proxy -+ * origin server, for safety's sake but we aren't using -+ * keep-alives (we force Connection: close above) -+ */ -+ nocache = 1; /* do not cache this suspect file */ -+ ap_table_unset(resp_hdrs, "Content-Length"); -+ } -+ else { -+ char *len_end; -+ errno = 0; -+ c->len = ap_strtol(content_length, &len_end, 10); -+ -+ if (errno || (c->len < 0) || (len_end && *len_end)) { -+ ap_kill_timeout(r); -+ return ap_proxyerror(r, HTTP_BAD_GATEWAY, -+ "Invalid Content-Length from remote" -+ " server"); -+ } - } - } -- - } - else { - /* an http/0.9 response */ -@@ -612,7 +632,8 @@ - * content length is not known. We need to make 100% sure c->len is always - * set correctly before we get here to correctly do keepalive. - */ -- ap_proxy_send_fb(f, r, c, c->len, 0, chunked, conf->io_buffer_size); -+ ap_proxy_send_fb(f, r, c, c->len, 0, chunked != NULL, -+ conf->io_buffer_size); - } - - /* ap_proxy_send_fb() closes the socket f for us */ diff --git a/www/apache13-ssl/pkg-plist b/www/apache13-ssl/pkg-plist index 3090e36..bebdab4 100644 --- a/www/apache13-ssl/pkg-plist +++ b/www/apache13-ssl/pkg-plist @@ -67,21 +67,44 @@ include/apache/xml/xmlrole.h include/apache/xml/xmltok.h include/apache/xml/xmltok_impl.h libexec/apache/httpd.exp -libexec/apache/libproxy.so -libexec/apache/mod_auth_anon.so -libexec/apache/mod_auth_db.so -libexec/apache/mod_cern_meta.so -libexec/apache/mod_digest.so -libexec/apache/mod_expires.so -libexec/apache/mod_log_forensic.so -libexec/apache/mod_headers.so -libexec/apache/mod_info.so -libexec/apache/mod_mime_magic.so -libexec/apache/mod_rewrite.so -libexec/apache/mod_speling.so -libexec/apache/mod_unique_id.so -libexec/apache/mod_usertrack.so -libexec/apache/mod_vhost_alias.so +%%MOD_ACCESS%%libexec/apache/mod_access.so +%%MOD_ACTIONS%%libexec/apache/mod_actions.so +%%MOD_ALIAS%%libexec/apache/mod_alias.so +@comment %%MOD_APACHE_SSL%%libexec/apache/mod_apache_ssl.so +%%MOD_ASIS%%libexec/apache/mod_asis.so +%%MOD_AUTH%%libexec/apache/mod_auth.so +%%MOD_AUTH_ANON%%libexec/apache/mod_auth_anon.so +%%MOD_AUTH_DB%%libexec/apache/mod_auth_db.so +%%MOD_AUTH_DBM%%libexec/apache/mod_auth_dbm.so +%%MOD_AUTH_DIGEST%%libexec/apache/mod_auth_digest.so +%%MOD_AUTOINDEX%%libexec/apache/mod_autoindex.so +%%MOD_CERN_META%%libexec/apache/mod_cern_meta.so +%%MOD_CGI%%libexec/apache/mod_cgi.so +%%MOD_DIGEST%%libexec/apache/mod_digest.so +@comment %%MOD_DIR%%libexec/apache/mod_dir.so +%%MOD_DIR%%libexec/apache/mod_dir.so +%%MOD_ENV%%libexec/apache/mod_env.so +%%MOD_EXPIRES%%libexec/apache/mod_expires.so +%%MOD_HEADERS%%libexec/apache/mod_headers.so +%%MOD_IMAP%%libexec/apache/mod_imap.so +%%MOD_INCLUDE%%libexec/apache/mod_include.so +%%MOD_INFO%%libexec/apache/mod_info.so +%%MOD_LOG_AGENT%%libexec/apache/mod_log_agent.so +%%MOD_LOG_CONFIG%%libexec/apache/mod_log_config.so +%%MOD_LOG_FORENSIC%%libexec/apache/mod_log_forensic.so +%%MOD_LOG_REFERER%%libexec/apache/mod_log_referer.so +%%MOD_MIME%%libexec/apache/mod_mime.so +%%MOD_MIME_MAGIC%%libexec/apache/mod_mime_magic.so +%%MOD_MMAP_STATIC%%libexec/apache/mod_mmap_static.so +%%MOD_NEGOTIATION%%libexec/apache/mod_negotiation.so +%%MOD_PROXY%%libexec/apache/libproxy.so +%%MOD_REWRITE%%libexec/apache/mod_rewrite.so +%%MOD_SPELING%%libexec/apache/mod_speling.so +%%MOD_STATUS%%libexec/apache/mod_status.so +%%MOD_UNIQUE_ID%%libexec/apache/mod_unique_id.so +%%MOD_USERDIR%%libexec/apache/mod_userdir.so +%%MOD_USERTRACK%%libexec/apache/mod_usertrack.so +%%MOD_VHOST_ALIAS%%libexec/apache/mod_vhost_alias.so sbin/ab sbin/apxs sbin/gcache @@ -185,6 +208,7 @@ www/data-dist/index.html.zh-tw.big5 %%PORTDOCS%%%%DOCSDIR%%/install.html.fr %%PORTDOCS%%%%DOCSDIR%%/install.html.html %%PORTDOCS%%%%DOCSDIR%%/install.html.ja.jis +%%PORTDOCS%%%%DOCSDIR%%/install-ztpf.html %%PORTDOCS%%%%DOCSDIR%%/invoking.html.en %%PORTDOCS%%%%DOCSDIR%%/invoking.html.fr %%PORTDOCS%%%%DOCSDIR%%/invoking.html.ja.jis |