21485757 Upgrade Apache Web Server to version 2.4.16
authorPetr Sumbera <petr.sumbera@oracle.com>
Wed, 22 Jul 2015 05:12:12 -0700
changeset 4697 2be298b79293
parent 4696 96b9957387bf
child 4698 4e27e549b58d
21485757 Upgrade Apache Web Server to version 2.4.16 21479241 problem in UTILITY/APACHE
components/apache24/Makefile
components/apache24/patches/Makefile.in.patch
components/apache24/patches/bug56753.patch
components/apache24/patches/no_ssl3.patch
components/apache24/patches/ssl.conf.patch
--- a/components/apache24/Makefile	Tue Jul 21 08:35:55 2015 -0700
+++ b/components/apache24/Makefile	Wed Jul 22 05:12:12 2015 -0700
@@ -23,17 +23,17 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		apache2
-COMPONENT_VERSION=	2.4.12
+COMPONENT_VERSION=	2.4.16
 COMPONENT_PROJECT_URL=	http://httpd.apache.org/
 COMPONENT_SRC_NAME=	httpd
 COMPONENT_SRC=		$(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:ee1e6901485feab7384371dbdd91c40fcb1b5e3f75583bb0d387b90d8c4176c8
+    sha256:2fc18017801944cfcfde76a24f16c1276c866c2a6e512ee895f566bef9368fae
 COMPONENT_ARCHIVE_URL=	http://archive.apache.org/dist/httpd/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	utility/apache
 
-TPNO=	21402
+TPNO=	23618
 	
 CONFIGURE_DEFAULT_DIRS=no
 
--- a/components/apache24/patches/Makefile.in.patch	Tue Jul 21 08:35:55 2015 -0700
+++ b/components/apache24/patches/Makefile.in.patch	Wed Jul 22 05:12:12 2015 -0700
@@ -13,7 +13,7 @@
  	    				< $$i; \
  	    		else \
  	    			sed -n -e '/@@[email protected]@/q' \
[email protected]@ -96,6 +99,19 @@
[email protected]@ -116,6 +119,19 @@
  	        cp -p envvars-std $(DESTDIR)$(sbindir)/envvars ; \
  	    fi ; \
  	fi
@@ -33,7 +33,7 @@
  
  # Create a sanitized config_vars.mk
  build/config_vars.out: build/config_vars.mk
[email protected]@ -182,7 +198,6 @@
[email protected]@ -202,7 +218,6 @@
  
  install-other:
  	@test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir)
--- a/components/apache24/patches/bug56753.patch	Tue Jul 21 08:35:55 2015 -0700
+++ b/components/apache24/patches/bug56753.patch	Wed Jul 22 05:12:12 2015 -0700
@@ -34,7 +34,7 @@
  }
 --- modules/lua/lua_request.c
 +++ modules/lua/lua_request.c
[email protected]@ -2878,7 +2878,7 @@
[email protected]@ -2889,7 +2889,7 @@
      lua_pushvalue(L, -1);
  
      lua_setfield(L, -2, "__index");
@@ -43,7 +43,7 @@
  
      lua_pop(L, 2);
  
[email protected]@ -2886,7 +2886,7 @@
[email protected]@ -2897,7 +2897,7 @@
      lua_pushvalue(L, -1);
  
      lua_setfield(L, -2, "__index");
@@ -52,7 +52,7 @@
  
      lua_pop(L, 2);
  
[email protected]@ -2894,7 +2894,7 @@
[email protected]@ -2905,7 +2905,7 @@
      lua_pushvalue(L, -1);
  
      lua_setfield(L, -2, "__index");
--- a/components/apache24/patches/no_ssl3.patch	Tue Jul 21 08:35:55 2015 -0700
+++ b/components/apache24/patches/no_ssl3.patch	Wed Jul 22 05:12:12 2015 -0700
@@ -1,5 +1,7 @@
 Patch origin: in-house
-Patch status: will be submitted to upstream
+Patch status: unclear; so far they disable it just in configuration file
+
+https://bz.apache.org/bugzilla/show_bug.cgi?id=57120
 
 --- modules/ssl/ssl_private.h
 +++ modules/ssl/ssl_private.h
@@ -18,7 +20,7 @@
  
 --- docs/manual/mod/mod_ssl.html.en
 +++ docs/manual/mod/mod_ssl.html.en
[email protected]@ -1348,9 +1348,7 @@
[email protected]@ -1369,9 +1361,7 @@
  
  <li><code>all</code>
      <p>
@@ -31,7 +33,7 @@
  </div>
 --- docs/manual/mod/mod_ssl.html.fr
 +++ docs/manual/mod/mod_ssl.html.fr
[email protected]@ -1518,8 +1518,7 @@
[email protected]@ -1548,8 +1545,7 @@
  
  <li><code>all</code>
      <p>
--- a/components/apache24/patches/ssl.conf.patch	Tue Jul 21 08:35:55 2015 -0700
+++ b/components/apache24/patches/ssl.conf.patch	Wed Jul 22 05:12:12 2015 -0700
@@ -1,5 +1,8 @@
 Patch origin: in-house
 Patch status: Solaris-specific; not suitable for upstream
+Patch status: SSLProtocol part submitted to upstream
+
+https://bz.apache.org/bugzilla/show_bug.cgi?id=57120
 
 --- docs/conf/extra/httpd-ssl.conf.in
 +++ docs/conf/extra/httpd-ssl.conf.in
@@ -24,9 +27,24 @@
 +#SSLFIPS on 
 +
  #   SSL Cipher Suite:
- #   List the ciphers that the client is permitted to negotiate.
- #   See the mod_ssl documentation for a complete list.
[email protected]@ -103,7 +107,7 @@
+ #   List the ciphers that the client is permitted to negotiate,
+ #   and that httpd will negotiate as the client of a proxied server.
[email protected]@ -73,11 +77,11 @@
+ 
+ #   SSL Protocol support:
+ #   List the protocol versions which clients are allowed to connect with.
+-#   Disable SSLv3 by default (cf. RFC 7525 3.1.1).  TLSv1 (1.0) should be
++#   SSLv3 is disabled by default (cf. RFC 7525 3.1.1).  TLSv1 (1.0) should be
+ #   disabled as quickly as practical.  By the end of 2016, only the TLSv1.2
+ #   protocol or later should remain in use.
+-SSLProtocol all -SSLv3
+-SSLProxyProtocol all -SSLv3
++SSLProtocol all
++SSLProxyProtocol all
+ 
+ #   Pass Phrase Dialog:
+ #   Configure the pass phrase gathering process.
[email protected]@ -122,7 +126,7 @@
  
  #   General setup for the virtual host
  DocumentRoot "@[email protected]"