- update to apache24-2.4.6

- new modules: mod_cache_socache, mod_macro and mod_proxy_wstunnel

- add enty to vuxml

SECURITY: CVE-2013-1896 (cve.mitre.org)
 mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
 the source href (sent as part of the request body as XML) pointing to a
 URI that is not configured for DAV will trigger a segfault.

SECURITY: CVE-2013-2249 (cve.mitre.org)
 mod_session_dbd: Make sure that dirty flag is respected when saving
 sessions, and ensure the session ID is changed each time the session
 changes. This changes the format of the updatesession SQL statement.
 Existing configurations must be changed.

Changelog:
http://www.apache.org/dist/httpd/CHANGES_2.4.6

with hat apache@

Security:	ca4d63fb-f15c-11e2-b183-20cf30e32f6d

security/vuxml/vuln.xml

@@ -51,6 +51,38 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="ca4d63fb-f15c-11e2-b183-20cf30e32f6d">
+    <topic>apache24 -- several vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>apache24</name>
+	<range><lt>2.4.5</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Apache HTTP SERVER PROJECT reports:</p>
+	<blockquote cite="http://www.apache.org/dist/httpd/Announcement2.4.html">
+	  <p>mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn
+	    with the source href (sent as part of the request body as XML) pointing
+	    to a URI that is not configured for DAV will trigger a segfault.</p>
+	  <p>mod_session_dbd: Make sure that dirty flag is respected when saving
+	    sessions, and ensure the session ID is changed each time the session
+	    changes. This changes the format of the updatesession SQL statement.
+	    Existing configurations must be changed.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-1896</cvename>
+      <cvename>CVE-2013-2249</cvename>
+    </references>
+    <dates>
+      <discovery>2013-07-11</discovery>
+      <entry>2013-07-20</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="9b037a0d-ef2c-11e2-b4a0-8c705af55518">
     <topic>gallery -- multiple vulnerabilities</topic>
     <affects>

www/apache24/Makefile

@@ -1,8 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	apache24
-PORTVERSION=	2.4.4
-PORTREVISION=	2
+PORTVERSION=	2.4.6
 CATEGORIES=	www ipv6
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD}
 DISTNAME=	httpd-${PORTVERSION}

www/apache24/Makefile.options

@@ -11,7 +11,7 @@
 
 PROXY_ENABLED_MODULES= \
 	PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_EXPRESS PROXY_FCGI \
-	PROXY_FTP PROXY_HTTP PROXY_SCGI
+	PROXY_FTP PROXY_HTTP PROXY_SCGI PROXY_WSTUNNEL
 
 PROXY_DISABLED_MODULES= \
 	PROXY_FDPASS PROXY_HTML
@@ -34,16 +34,26 @@ EXAMPLE_MODULES= \
 DEV_MODULES=	BUCKETEER
 
 MOST_ENABLED_MODULES= \
-	ACCESS_COMPAT ACTIONS ALIAS ALLOWMETHODS ASIS AUTHN_ANON AUTHN_CORE \
-	AUTHN_DBD AUTHN_DBM AUTHN_FILE AUTHN_SOCACHE AUTHZ_CORE AUTHZ_DBD \
-	AUTHZ_DBM AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER \
-	AUTH_BASIC AUTH_DIGEST AUTH_FORM AUTOINDEX BUFFER CACHE CACHE_DISK \
-	CERN_META CGI CGID DAV DAV_FS DBD DEFLATE DIR DUMPIO ENV EXPIRES \
-	EXT_FILTER FILE_CACHE FILTER HEADERS IMAGEMAP INCLUDE INFO \
+	ACCESS_COMPAT ACTIONS ALIAS ALLOWMETHODS ASIS \
+	AUTHN_ANON AUTHN_CORE AUTHN_DBD AUTHN_DBM AUTHN_FILE AUTHN_SOCACHE \
+	AUTHZ_CORE AUTHZ_DBD AUTHZ_DBM AUTHZ_GROUPFILE AUTHZ_HOST \
+	AUTHZ_OWNER AUTHZ_USER \
+	AUTH_BASIC AUTH_DIGEST AUTH_FORM AUTOINDEX \
+	BUFFER \
+	CACHE CACHE_DISK CACHE_SOCACHE CERN_META CGI CGID \
+	DAV DAV_FS DBD DEFLATE DIR DUMPIO \
+	ENV EXPIRES EXT_FILTER \
+	FILE_CACHE FILTER \
+	HEADERS \
+	IMAGEMAP INCLUDE INFO \
 	LBMETHOD_BYBUSYNESS LBMETHOD_BYREQUESTS LBMETHOD_BYTRAFFIC \
-	LOGIO LOG_DEBUG MIME MIME_MAGIC NEGOTIATION RATELIMIT REMOTEIP \
-	REQTIMEOUT REQUEST REWRITE SED SETENVIF SOCACHE_DBM SOCACHE_MEMCACHE \
-	SOCACHE_SHMCB SPELING SSL STATUS SUBSTITUTE UNIQUE_ID USERDIR \
+	LOGIO LOG_DEBUG \
+	MACRO MIME MIME_MAGIC \
+	NEGOTIATION \
+	RATELIMIT REMOTEIP REQTIMEOUT REQUEST REWRITE \
+	SED SETENVIF SOCACHE_DBM SOCACHE_MEMCACHE SOCACHE_SHMCB SPELING \
+	SSL STATUS SUBSTITUTE \
+	UNIQUE_ID USERDIR \
 	VERSION VHOST_ALIAS
 
 MOST_DISABLED_MODULES:= \

www/apache24/Makefile.options.desc

@@ -66,6 +66,7 @@ BUFFER_DESC=			Filter Buffering
 
 CACHE_DESC=			Dynamic file caching
 CACHE_DISK_DESC=		Disk caching module
+CACHE_SOCACHE_DESC=		Shared object cache (socache) based storage module for the HTTP caching filter
 CASE_FILTER_DESC=		(dev) example uppercase conversion filter
 CASE_FILTER_IN_DESC=		(dev) example uppercase conversion input filter
 CERN_META_DESC=			CERN-type meta files
@@ -113,6 +114,7 @@ LOG_DEBUG_DESC=			Configurable debug logging
 LOG_FORENSIC_DESC=		Forensic logging
 LUA_DESC=			Apache Lua Framework
 
+MACRO_DESC=			Provides usage of macros within apache runtime configuration files
 MIME_DESC=			Mapp file-ext. to MIME (recommended)
 MIME_MAGIC_DESC=		Automagically determining MIME type
 
@@ -134,6 +136,7 @@ PROXY_FTP_DESC=			FTP support module for mod_proxy
 PROXY_HTML_DESC=		Fix HTML Links in a Reverse Proxy
 PROXY_HTTP_DESC=		HTTP support module for mod_proxy
 PROXY_SCGI_DESC=		SCGI gateway module for mod_proxy
+PROXY_WSTUNNEL_DESC=		Websockets support module for mod_proxy
 
 RATELIMIT_DESC=			Output Bandwidth Limiting
 REFLECTOR_DESC=			Reflect request through the output filter stack

www/apache24/distinfo

@@ -1,2 +1,2 @@
-SHA256 (apache24/httpd-2.4.4.tar.gz) = aec9f0b92021b7f67d1f0a2221afcb26ee6469d861b6d0168d8d8c51d710ef79
-SIZE (apache24/httpd-2.4.4.tar.gz) = 6451189
+SHA256 (apache24/httpd-2.4.6.tar.gz) = b704d6ae3d17f7c56dd49d617f7fde0ade34fa913e78dd14ebaab0992efbc9cf
+SIZE (apache24/httpd-2.4.6.tar.gz) = 6700153

www/apache24/files/patch-server__core.c

@@ -1,27 +0,0 @@
-Apache issue: https://issues.apache.org/bugzilla/show_bug.cgi?id=52900
-
-Obtained from:
-http://svn.apache.org/viewvc?view=revision&revision=1470183
-============================================================
---- ./server/core.c.orig	2013-02-06 18:15:16.000000000 +0100
-+++ ./server/core.c	2013-04-20 19:11:17.000000000 +0200
-@@ -4768,13 +4768,18 @@
- AP_DECLARE(apr_uint32_t) ap_random_pick(apr_uint32_t min, apr_uint32_t max)
- {
-     apr_uint32_t number;
-+#if (!__GNUC__ || __GNUC__ >= 5 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 8) || \
-+     !__sparc__ || APR_SIZEOF_VOIDP != 8)
-+    /* This triggers a gcc bug on sparc/64bit with gcc < 4.8, PR 52900 */
-     if (max < 16384) {
-         apr_uint16_t num16;
-         ap_random_insecure_bytes(&num16, sizeof(num16));
-         RAND_RANGE(num16, min, max, APR_UINT16_MAX);
-         number = num16;
-     }
--    else {
-+    else
-+#endif
-+    {
-         ap_random_insecure_bytes(&number, sizeof(number));
-         RAND_RANGE(number, min, max, APR_UINT32_MAX);
-     }

www/apache24/pkg-plist

@@ -93,6 +93,7 @@ libexec/apache24/httpd.exp
 %%MOD_BUFFER%%libexec/apache24/mod_buffer.so
 %%MOD_CACHE%%libexec/apache24/mod_cache.so
 %%MOD_CACHE_DISK%%libexec/apache24/mod_cache_disk.so
+%%MOD_CACHE_SOCACHE%%libexec/apache24/mod_cache_socache.so
 %%MOD_CASE_FILTER%%libexec/apache24/mod_case_filter.so
 %%MOD_CASE_FILTER_IN%%libexec/apache24/mod_case_filter_in.so
 %%MOD_CERN_META%%libexec/apache24/mod_cern_meta.so
@@ -133,6 +134,7 @@ libexec/apache24/mod_log_config.so
 %%MOD_LOG_DEBUG%%libexec/apache24/mod_log_debug.so
 %%MOD_LOG_FORENSIC%%libexec/apache24/mod_log_forensic.so
 %%MOD_LUA%%libexec/apache24/mod_lua.so
+%%MOD_MACRO%%libexec/apache24/mod_macro.so
 %%MOD_MIME%%libexec/apache24/mod_mime.so
 %%MOD_MIME_MAGIC%%libexec/apache24/mod_mime_magic.so
 %%MPM_SHARED%%libexec/apache24/mod_mpm_event.so
@@ -154,6 +156,7 @@ libexec/apache24/mod_log_config.so
 %%MOD_PROXY_HTML%%libexec/apache24/mod_proxy_html.so
 %%MOD_PROXY_HTTP%%libexec/apache24/mod_proxy_http.so
 %%MOD_PROXY_SCGI%%libexec/apache24/mod_proxy_scgi.so
+%%MOD_PROXY_WSTUNNEL%%libexec/apache24/mod_proxy_wstunnel.so
 %%MOD_RATELIMIT%%libexec/apache24/mod_ratelimit.so
 %%MOD_REFLECTOR%%libexec/apache24/mod_reflector.so
 %%MOD_REMOTEIP%%libexec/apache24/mod_remoteip.so