From b132b94c6be5586e974c3435955fcf1e318fd7c8 Mon Sep 17 00:00:00 2001
From: Olli Hauer <ohauer@FreeBSD.org>
Date: Sat, 20 Jul 2013 17:11:54 +0000
Subject: [PATCH] - update to apache24-2.4.6  - new modules: mod_cache_socache,
 mod_macro and mod_proxy_wstunnel

- add enty to vuxml

SECURITY: CVE-2013-1896 (cve.mitre.org)
 mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
 the source href (sent as part of the request body as XML) pointing to a
 URI that is not configured for DAV will trigger a segfault.

SECURITY: CVE-2013-2249 (cve.mitre.org)
 mod_session_dbd: Make sure that dirty flag is respected when saving
 sessions, and ensure the session ID is changed each time the session
 changes. This changes the format of the updatesession SQL statement.
 Existing configurations must be changed.

Changelog:
http://www.apache.org/dist/httpd/CHANGES_2.4.6

with hat apache@

Security:	ca4d63fb-f15c-11e2-b183-20cf30e32f6d
---
 security/vuxml/vuln.xml                 | 32 +++++++++++++++++++++++++
 www/apache24/Makefile                   |  3 +--
 www/apache24/Makefile.options           | 30 +++++++++++++++--------
 www/apache24/Makefile.options.desc      |  3 +++
 www/apache24/distinfo                   |  4 ++--
 www/apache24/files/patch-server__core.c | 27 ---------------------
 www/apache24/pkg-plist                  |  3 +++
 7 files changed, 61 insertions(+), 41 deletions(-)
 delete mode 100644 www/apache24/files/patch-server__core.c

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 3be36b756f8f..13fbe2d95056 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -51,6 +51,38 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="ca4d63fb-f15c-11e2-b183-20cf30e32f6d">
+    <topic>apache24 -- several vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>apache24</name>
+	<range><lt>2.4.5</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Apache HTTP SERVER PROJECT reports:</p>
+	<blockquote cite="http://www.apache.org/dist/httpd/Announcement2.4.html">
+	  <p>mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn
+	    with the source href (sent as part of the request body as XML) pointing
+	    to a URI that is not configured for DAV will trigger a segfault.</p>
+	  <p>mod_session_dbd: Make sure that dirty flag is respected when saving
+	    sessions, and ensure the session ID is changed each time the session
+	    changes. This changes the format of the updatesession SQL statement.
+	    Existing configurations must be changed.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-1896</cvename>
+      <cvename>CVE-2013-2249</cvename>
+    </references>
+    <dates>
+      <discovery>2013-07-11</discovery>
+      <entry>2013-07-20</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="9b037a0d-ef2c-11e2-b4a0-8c705af55518">
     <topic>gallery -- multiple vulnerabilities</topic>
     <affects>
diff --git a/www/apache24/Makefile b/www/apache24/Makefile
index 79248f8b3785..fa40dc1ce208 100644
--- a/www/apache24/Makefile
+++ b/www/apache24/Makefile
@@ -1,8 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	apache24
-PORTVERSION=	2.4.4
-PORTREVISION=	2
+PORTVERSION=	2.4.6
 CATEGORIES=	www ipv6
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD}
 DISTNAME=	httpd-${PORTVERSION}
diff --git a/www/apache24/Makefile.options b/www/apache24/Makefile.options
index 3a9dc91b54f5..10a85c14759c 100644
--- a/www/apache24/Makefile.options
+++ b/www/apache24/Makefile.options
@@ -11,7 +11,7 @@
 
 PROXY_ENABLED_MODULES= \
 	PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_EXPRESS PROXY_FCGI \
-	PROXY_FTP PROXY_HTTP PROXY_SCGI
+	PROXY_FTP PROXY_HTTP PROXY_SCGI PROXY_WSTUNNEL
 
 PROXY_DISABLED_MODULES= \
 	PROXY_FDPASS PROXY_HTML
@@ -34,16 +34,26 @@ EXAMPLE_MODULES= \
 DEV_MODULES=	BUCKETEER
 
 MOST_ENABLED_MODULES= \
-	ACCESS_COMPAT ACTIONS ALIAS ALLOWMETHODS ASIS AUTHN_ANON AUTHN_CORE \
-	AUTHN_DBD AUTHN_DBM AUTHN_FILE AUTHN_SOCACHE AUTHZ_CORE AUTHZ_DBD \
-	AUTHZ_DBM AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER \
-	AUTH_BASIC AUTH_DIGEST AUTH_FORM AUTOINDEX BUFFER CACHE CACHE_DISK \
-	CERN_META CGI CGID DAV DAV_FS DBD DEFLATE DIR DUMPIO ENV EXPIRES \
-	EXT_FILTER FILE_CACHE FILTER HEADERS IMAGEMAP INCLUDE INFO \
+	ACCESS_COMPAT ACTIONS ALIAS ALLOWMETHODS ASIS \
+	AUTHN_ANON AUTHN_CORE AUTHN_DBD AUTHN_DBM AUTHN_FILE AUTHN_SOCACHE \
+	AUTHZ_CORE AUTHZ_DBD AUTHZ_DBM AUTHZ_GROUPFILE AUTHZ_HOST \
+	AUTHZ_OWNER AUTHZ_USER \
+	AUTH_BASIC AUTH_DIGEST AUTH_FORM AUTOINDEX \
+	BUFFER \
+	CACHE CACHE_DISK CACHE_SOCACHE CERN_META CGI CGID \
+	DAV DAV_FS DBD DEFLATE DIR DUMPIO \
+	ENV EXPIRES EXT_FILTER \
+	FILE_CACHE FILTER \
+	HEADERS \
+	IMAGEMAP INCLUDE INFO \
 	LBMETHOD_BYBUSYNESS LBMETHOD_BYREQUESTS LBMETHOD_BYTRAFFIC \
-	LOGIO LOG_DEBUG MIME MIME_MAGIC NEGOTIATION RATELIMIT REMOTEIP \
-	REQTIMEOUT REQUEST REWRITE SED SETENVIF SOCACHE_DBM SOCACHE_MEMCACHE \
-	SOCACHE_SHMCB SPELING SSL STATUS SUBSTITUTE UNIQUE_ID USERDIR \
+	LOGIO LOG_DEBUG \
+	MACRO MIME MIME_MAGIC \
+	NEGOTIATION \
+	RATELIMIT REMOTEIP REQTIMEOUT REQUEST REWRITE \
+	SED SETENVIF SOCACHE_DBM SOCACHE_MEMCACHE SOCACHE_SHMCB SPELING \
+	SSL STATUS SUBSTITUTE \
+	UNIQUE_ID USERDIR \
 	VERSION VHOST_ALIAS
 
 MOST_DISABLED_MODULES:= \
diff --git a/www/apache24/Makefile.options.desc b/www/apache24/Makefile.options.desc
index c854e0211c5c..428484e7b524 100644
--- a/www/apache24/Makefile.options.desc
+++ b/www/apache24/Makefile.options.desc
@@ -66,6 +66,7 @@ BUFFER_DESC=			Filter Buffering
 
 CACHE_DESC=			Dynamic file caching
 CACHE_DISK_DESC=		Disk caching module
+CACHE_SOCACHE_DESC=		Shared object cache (socache) based storage module for the HTTP caching filter
 CASE_FILTER_DESC=		(dev) example uppercase conversion filter
 CASE_FILTER_IN_DESC=		(dev) example uppercase conversion input filter
 CERN_META_DESC=			CERN-type meta files
@@ -113,6 +114,7 @@ LOG_DEBUG_DESC=			Configurable debug logging
 LOG_FORENSIC_DESC=		Forensic logging
 LUA_DESC=			Apache Lua Framework
 
+MACRO_DESC=			Provides usage of macros within apache runtime configuration files
 MIME_DESC=			Mapp file-ext. to MIME (recommended)
 MIME_MAGIC_DESC=		Automagically determining MIME type
 
@@ -134,6 +136,7 @@ PROXY_FTP_DESC=			FTP support module for mod_proxy
 PROXY_HTML_DESC=		Fix HTML Links in a Reverse Proxy
 PROXY_HTTP_DESC=		HTTP support module for mod_proxy
 PROXY_SCGI_DESC=		SCGI gateway module for mod_proxy
+PROXY_WSTUNNEL_DESC=		Websockets support module for mod_proxy
 
 RATELIMIT_DESC=			Output Bandwidth Limiting
 REFLECTOR_DESC=			Reflect request through the output filter stack
diff --git a/www/apache24/distinfo b/www/apache24/distinfo
index e8b4807b9298..30c15d79eb35 100644
--- a/www/apache24/distinfo
+++ b/www/apache24/distinfo
@@ -1,2 +1,2 @@
-SHA256 (apache24/httpd-2.4.4.tar.gz) = aec9f0b92021b7f67d1f0a2221afcb26ee6469d861b6d0168d8d8c51d710ef79
-SIZE (apache24/httpd-2.4.4.tar.gz) = 6451189
+SHA256 (apache24/httpd-2.4.6.tar.gz) = b704d6ae3d17f7c56dd49d617f7fde0ade34fa913e78dd14ebaab0992efbc9cf
+SIZE (apache24/httpd-2.4.6.tar.gz) = 6700153
diff --git a/www/apache24/files/patch-server__core.c b/www/apache24/files/patch-server__core.c
deleted file mode 100644
index 7d69fb7564f5..000000000000
--- a/www/apache24/files/patch-server__core.c
+++ /dev/null
@@ -1,27 +0,0 @@
-Apache issue: https://issues.apache.org/bugzilla/show_bug.cgi?id=52900
-
-Obtained from:
-http://svn.apache.org/viewvc?view=revision&revision=1470183
-============================================================
---- ./server/core.c.orig	2013-02-06 18:15:16.000000000 +0100
-+++ ./server/core.c	2013-04-20 19:11:17.000000000 +0200
-@@ -4768,13 +4768,18 @@
- AP_DECLARE(apr_uint32_t) ap_random_pick(apr_uint32_t min, apr_uint32_t max)
- {
-     apr_uint32_t number;
-+#if (!__GNUC__ || __GNUC__ >= 5 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 8) || \
-+     !__sparc__ || APR_SIZEOF_VOIDP != 8)
-+    /* This triggers a gcc bug on sparc/64bit with gcc < 4.8, PR 52900 */
-     if (max < 16384) {
-         apr_uint16_t num16;
-         ap_random_insecure_bytes(&num16, sizeof(num16));
-         RAND_RANGE(num16, min, max, APR_UINT16_MAX);
-         number = num16;
-     }
--    else {
-+    else
-+#endif
-+    {
-         ap_random_insecure_bytes(&number, sizeof(number));
-         RAND_RANGE(number, min, max, APR_UINT32_MAX);
-     }
diff --git a/www/apache24/pkg-plist b/www/apache24/pkg-plist
index 652051279cb9..41db1ba50c57 100644
--- a/www/apache24/pkg-plist
+++ b/www/apache24/pkg-plist
@@ -93,6 +93,7 @@ libexec/apache24/httpd.exp
 %%MOD_BUFFER%%libexec/apache24/mod_buffer.so
 %%MOD_CACHE%%libexec/apache24/mod_cache.so
 %%MOD_CACHE_DISK%%libexec/apache24/mod_cache_disk.so
+%%MOD_CACHE_SOCACHE%%libexec/apache24/mod_cache_socache.so
 %%MOD_CASE_FILTER%%libexec/apache24/mod_case_filter.so
 %%MOD_CASE_FILTER_IN%%libexec/apache24/mod_case_filter_in.so
 %%MOD_CERN_META%%libexec/apache24/mod_cern_meta.so
@@ -133,6 +134,7 @@ libexec/apache24/mod_log_config.so
 %%MOD_LOG_DEBUG%%libexec/apache24/mod_log_debug.so
 %%MOD_LOG_FORENSIC%%libexec/apache24/mod_log_forensic.so
 %%MOD_LUA%%libexec/apache24/mod_lua.so
+%%MOD_MACRO%%libexec/apache24/mod_macro.so
 %%MOD_MIME%%libexec/apache24/mod_mime.so
 %%MOD_MIME_MAGIC%%libexec/apache24/mod_mime_magic.so
 %%MPM_SHARED%%libexec/apache24/mod_mpm_event.so
@@ -154,6 +156,7 @@ libexec/apache24/mod_log_config.so
 %%MOD_PROXY_HTML%%libexec/apache24/mod_proxy_html.so
 %%MOD_PROXY_HTTP%%libexec/apache24/mod_proxy_http.so
 %%MOD_PROXY_SCGI%%libexec/apache24/mod_proxy_scgi.so
+%%MOD_PROXY_WSTUNNEL%%libexec/apache24/mod_proxy_wstunnel.so
 %%MOD_RATELIMIT%%libexec/apache24/mod_ratelimit.so
 %%MOD_REFLECTOR%%libexec/apache24/mod_reflector.so
 %%MOD_REMOTEIP%%libexec/apache24/mod_remoteip.so