From owner-svn-ports-all@freebsd.org Mon Dec 14 20:53:30 2015 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0CD86A446A8; Mon, 14 Dec 2015 20:53:30 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D85EE1531; Mon, 14 Dec 2015 20:53:29 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tBEKrSHa028601; Mon, 14 Dec 2015 20:53:28 GMT (envelope-from ohauer@FreeBSD.org) Received: (from ohauer@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tBEKrSpN028594; Mon, 14 Dec 2015 20:53:28 GMT (envelope-from ohauer@FreeBSD.org) Message-Id: <201512142053.tBEKrSpN028594@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ohauer set sender to ohauer@FreeBSD.org using -f From: Olli Hauer Date: Mon, 14 Dec 2015 20:53:28 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r403736 - in head/www/apache24: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Dec 2015 20:53:30 -0000 Author: ohauer Date: Mon Dec 14 20:53:28 2015 New Revision: 403736 URL: https://svnweb.freebsd.org/changeset/ports/403736 Log: - update to 2.4.18 - backport r1719967 mod_ssl: fix build with openssl < 0.9.8m (missing semicolon). This release also contains the patch for FreeBSD PR 204304 Make the fix for fully qualifying REDIRECT_URL from PR#57785 opt-in. http://svn.apache.org/viewvc?view=revision&revision=1712268 Changes with Apache 2.4.18 *) mod_ssl: for all ssl_engine_vars.c lookups, fall back to master connection if conn_rec itself holds no valid SSLConnRec*. Fixes PR58666. [Stefan Eissing] *) mod_http2: connection level window for flow control is set to protocol maximum of 2GB-1, preventing window exhaustion when sending data on many streams with higher cumulative window size. Reducing write frequency unless push promises need to be flushed. [Stefan Eissing] *) mod_http2: required minimum version of libnghttp2 is 1.2.1 [Stefan Eissing] *) mod_proxy_fdpass: Fix AH01153 error when using the default configuration. In earlier version of httpd, you can explicitelly set the 'flusher' parameter to 'flush' as a workaround. (i.e. flusher=flush) Add documentation for the 'flusher' parameter when defining a proxy worker. [Christophe Jaillet] *) mod_ssl: For the "SSLStaplingReturnResponderErrors off" case, make sure to only staple responses with certificate status "good". [Kaspar Brand] *) mod_http2: new directive 'H2PushPriority' to allow priority specifications on server pushed streams according to their content-type. [Stefan Eissing] *) mod_http2: fixes crash on connection abort for a busy connection. fixes crash on a request that did not produce any response. [Stefan Eissing] *) mod_http2: trailers are sent after reponse body if set in request_rec trailers_out before the end-of-request bucket is sent through the output filters. [Stefan Eissing] *) mod_http2: incoming trailers (headers after request body) are properly forwarded to the processing engine. [Stefan Eissing] *) mod_http2: new directive 'H2Push' to en-/disable HTTP/2 server pushes a server/virtual host. Pushes are initiated by the presence of 'Link:' headers with relation 'preload' on a response. [Stefan Eissing] *) mod_http2: write performance of http2 improved for larger resources, especially static files. [Stefan Eissing] *) core: if the first HTTP/1.1 request on a connection goes to a server that prefers different protocols, these protocols are announced in a Upgrade: header on the response, mentioning the preferred protocols. [Stefan Eissing] *) mod_http2: new directives 'H2TLSWarmUpSize' and 'H2TLSCoolDownSecs' to control TLS record sizes during connection lifetime. [Stefan Eissing] *) mod_http2: new directive 'H2ModernTLSOnly' to enforce security requirements of RFC 7540 on TLS connections. [Stefan Eissing] *) core: add ap_get_protocol_upgrades() to retrieve the list of protocols that a client could possibly upgrade to. Use in first request on a connection to announce protocol choices. [Stefan Eissing] *) mod_http2: reworked deallocation on connection shutdown and worker abort. Separate parent pool for all workers. worker threads are joined on planned worker shutdown. [Yann Ylavic, Stefan Eissing] *) mod_ssl: when receiving requests for other virtual hosts than the handshake server, the SSL parameters are checked for equality. With equal configuration, requests are passed for processing. Any change will trigger the old behaviour of "421 Misdirected Request". SSL now remembers the cipher suite that was used for the last handshake. This is compared against for any vhost/directory cipher specification. Detailed examination of renegotiation is only done when these do not match. Renegotiation is 403ed when a master connection is present. Exact reason is given additionally in a request note. [Stefan Eissing] *) core: Fix scoreboard crash (SIGBUS) on hardware requiring strict 64bit alignment (SPARC64, PPC64). [Yann Ylavic] *) mod_cache: Accept HT (Horizontal Tab) when parsing cache related header fields as described in RFC7230. [Christophe Jaillet] *) core/util_script: making REDIRECT_URL a full URL is now opt-in via new 'QualifyRedirectURL' directive. *) core: Limit to ten the number of tolerated empty lines between request, and consume them before the pipelining check to avoid possible response delay when reading the next request without flushing. [Yann Ylavic] *) mod_ssl: Extend expression parser registration to support ssl variables in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function syntax "ssl(VARNAME)". [Rainer Jung] PR: 204304 with head apache@ Added: head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c (contents, props changed) Modified: head/www/apache24/Makefile head/www/apache24/distinfo head/www/apache24/files/patch-configure.in head/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in head/www/apache24/files/patch-docs__conf__httpd.conf.in Modified: head/www/apache24/Makefile ============================================================================== --- head/www/apache24/Makefile Mon Dec 14 20:29:46 2015 (r403735) +++ head/www/apache24/Makefile Mon Dec 14 20:53:28 2015 (r403736) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= apache24 -PORTVERSION= 2.4.17 +PORTVERSION= 2.4.18 CATEGORIES= www ipv6 MASTER_SITES= APACHE_HTTPD DISTNAME= httpd-${PORTVERSION} Modified: head/www/apache24/distinfo ============================================================================== --- head/www/apache24/distinfo Mon Dec 14 20:29:46 2015 (r403735) +++ head/www/apache24/distinfo Mon Dec 14 20:53:28 2015 (r403736) @@ -1,2 +1,2 @@ -SHA256 (apache24/httpd-2.4.17.tar.bz2) = 331e035dec81d3db95b048f036f4d7b1a97ec8daa5b377bde42d4ccf1f2eb798 -SIZE (apache24/httpd-2.4.17.tar.bz2) = 5157721 +SHA256 (apache24/httpd-2.4.18.tar.bz2) = 0644b050de41f5c9f67c825285049b144690421acb709b06fe53eddfa8a9fd4c +SIZE (apache24/httpd-2.4.18.tar.bz2) = 5181291 Modified: head/www/apache24/files/patch-configure.in ============================================================================== --- head/www/apache24/files/patch-configure.in Mon Dec 14 20:29:46 2015 (r403735) +++ head/www/apache24/files/patch-configure.in Mon Dec 14 20:53:28 2015 (r403736) @@ -1,4 +1,4 @@ ---- configure.in.orig 2015-01-22 17:33:07 UTC +--- configure.in.orig 2015-09-05 17:02:03 UTC +++ configure.in @@ -111,7 +111,7 @@ fi Modified: head/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in ============================================================================== --- head/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in Mon Dec 14 20:29:46 2015 (r403735) +++ head/www/apache24/files/patch-docs__conf__extra__httpd-ssl.conf.in Mon Dec 14 20:53:28 2015 (r403736) @@ -1,6 +1,6 @@ ---- docs/conf/extra/httpd-ssl.conf.in.orig 2015-05-27 13:59:59.000000000 -0500 -+++ docs/conf/extra/httpd-ssl.conf.in 2015-07-15 09:50:31.369623000 -0500 -@@ -124,8 +124,8 @@ +--- docs/conf/extra/httpd-ssl.conf.in.orig 2015-05-27 18:59:59 UTC ++++ docs/conf/extra/httpd-ssl.conf.in +@@ -124,8 +124,8 @@ SSLSessionCacheTimeout 300 DocumentRoot "@exp_htdocsdir@" ServerName www.example.com:@@SSLPort@@ ServerAdmin you@example.com @@ -11,7 +11,7 @@ # SSL Engine Switch: # Enable/Disable SSL for this virtual host. -@@ -284,7 +284,7 @@ +@@ -284,7 +284,7 @@ BrowserMatch "MSIE [2-5]" \ # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. Modified: head/www/apache24/files/patch-docs__conf__httpd.conf.in ============================================================================== --- head/www/apache24/files/patch-docs__conf__httpd.conf.in Mon Dec 14 20:29:46 2015 (r403735) +++ head/www/apache24/files/patch-docs__conf__httpd.conf.in Mon Dec 14 20:53:28 2015 (r403736) @@ -1,4 +1,4 @@ ---- docs/conf/httpd.conf.in.orig 2012-11-08 03:05:38 UTC +--- docs/conf/httpd.conf.in.orig 2015-11-03 11:58:58 UTC +++ docs/conf/httpd.conf.in @@ -65,6 +65,9 @@ Listen @@Port@@ # @@ -46,9 +46,9 @@ -@@ -418,3 +421,5 @@ SSLRandomSeed connect builtin - #RequestHeader unset DNT env=bad_DNT - # +@@ -407,3 +410,5 @@ SSLRandomSeed startup builtin + SSLRandomSeed connect builtin + +Include @rel_sysconfdir@/Includes/*.conf + Added: head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c Mon Dec 14 20:53:28 2015 (r403736) @@ -0,0 +1,17 @@ +Backport openssl 0.9.8x patch: +http://svn.apache.org/r1719967 + +For discussion see: +http://marc.info/?t=145011265700003&r=1&w=2 +=============================================================== +--- modules/ssl/ssl_engine_io.c.orig 2015-11-19 19:55:25 UTC ++++ modules/ssl/ssl_engine_io.c +@@ -217,7 +217,7 @@ static int bio_filter_out_write(BIO *bio + * so limit the performance impact to handshake time. + */ + #if OPENSSL_VERSION_NUMBER < 0x0009080df +- need_flush = !SSL_is_init_finished(outctx->filter_ctx->pssl) ++ need_flush = !SSL_is_init_finished(outctx->filter_ctx->pssl); + #else + need_flush = SSL_in_connect_init(outctx->filter_ctx->pssl); + #endif