- update to 2.4.17

- add support for HTTP/2 (RFC 7540)
- remove obsolate libressl patches [1]

In this release are some exciting new features including:

 *) HTTP/2 support via mod_http2 module
 *) Support for SO_REUSEPORT in MPMs for significant scalability

Changes with Apache 2.4.17

 *) mod_http2: added donated HTTP/2 implementation via core module. Similar
    configuration options to mod_ssl. [Stefan Eissing]

 *) mod_proxy: don't recyle backend announced "Connection: close" connections
    to avoid reusing it should the close be effective after some new request
    is ready to be sent.  [Yann Ylavic]

 *) mod_substitute: Allow to configure the patterns merge order with the new
    SubstituteInheritBefore on|off directive.  PR 57641
    [Marc.Stern <Marc.Stern approach.be>, Yann Ylavic, William Rowe]

 *) mod_proxy: Fix ProxySourceAddress binding failure with AH00938.
    PR 56687.  [Arne de Bruijn <apache arbruijn.dds.nl>

 *) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3,
    and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3",
    in accordance with RFC 7568. PR 58349, PR 57120. [Kaspar Brand]

 *) mod_ssl: append :!aNULL:!eNULL:!EXP to the cipher string settings,
    instead of prepending !aNULL:!eNULL:!EXP: (as was the case in 2.4.7
    and later). Enables support for configuring the SUITEB* cipher
    strings introduced in OpenSSL 1.0.2. PR 58213. [Kaspar Brand]

 *) mod_ssl: Add support for extracting the msUPN and dnsSRV forms
    of subjectAltName entries of type "otherName" into
    SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment
    variables. Addresses PR 58020. [Jan Pazdziora <jpazdziora redhat.com>,
    Kaspar Brand]

 *) mod_logio: Fix logging of %^FB (time to first byte) on the first request on
    an SSL connection.  PR 58454.
    [Konstantin J. Chernov <k.j.chernov gmail.com>]

 *) mod_cache: r->err_headers_out is not merged into
    r->headers when mod_cache is enabled and the response
    is cached for the first time. [Edward Lu]

 *) mod_slotmem_shm: Fix slots/SHM files names on restart for systems that
    can't create new (clear) slots while previous children gracefully stopping
    still use the old ones (e.g. Windows, OS2). mod_proxy_balancer failed to
    restart whenever the number of configured balancers/members changed during
    restart.  PR 58024.  [Yann Ylavic]

 *) core/util_script: make REDIRECT_URL a full URL.  PR 57785. [Nick Kew]

 *) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
    records for scalability. [Yingqi Lu <yingqi.lu@intel.com>,
    Jeff Trawick, Jim Jagielski, Yann Ylavic]

 *) mod_proxy: Fix a race condition that caused a failed worker to be retried
    before the retry period is over. [Ruediger Pluem]

 *) mod_autoindex: Allow autoindexes when neither mod_dir nor mod_mime are
    loaded. [Eric Covener]

 *) mod_rewrite:  Allow cookies set by mod_rewrite to contain ':' by accepting
    ';' as an alternate separator.  PR47241.
    [<bugzilla schermesser com>, Eric Covener]

 *) apxs: Add HTTPD_VERSION and HTTPD_MMN to the variables available with
    apxs -q. PR58202. [Daniel Shahaf <danielsh apache.org>]

 *) mod_rewrite: Avoid a crash when lacking correct DB access permissions
    when using RewriteMap with MapType dbd or fastdbd.  [Christophe Jaillet]

 *) mod_authz_dbd: Avoid a crash when lacking correct DB access permissions.
    PR 57868. [Jose Kahan <jose w3.org>, Yann Ylavic]

 *) mod_socache_memcache: Add the 'MemcacheConnTTL' directive to control how
    long to keep idle connections with the memcache server(s).
    Change default value from 600 usec (!) to 15 sec. PR 58091
    [Christophe Jaillet]

 *) mod_dir: Prevent the internal identifier "httpd/unix-directory" from
    appearing as a Content-Type response header when requests for a directory
    are rewritten by mod_rewrite. [Eric Covener]

[1] tested by brnrd@

www/apache24/Makefile

@@ -1,8 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	apache24
-PORTVERSION=	2.4.16
-PORTREVISION=	1
+PORTVERSION=	2.4.17
 CATEGORIES=	www ipv6
 MASTER_SITES=	APACHE_HTTPD
 DISTNAME=	httpd-${PORTVERSION}
@@ -30,6 +29,10 @@ CPE_PRODUCT=	http_server
 PORTDOCS=	*
 SUB_FILES=	pkg-install pkg-deinstall
 
+# XXX: before running makepatch please run the command
+# `$SED -e 's/PATCH_PATH_SEPARATOR=/PATCH_PATH_SEPARATOR?=/' Mk/bsd.port.mk
+PATCH_PATH_SEPARATOR=	__
+
 # Fallback MPM after switching from static to modular MPM
 SUB_LIST+=	MPMF="000_mpm_prefork_fallback.conf"
 
@@ -56,6 +59,7 @@ IPV4_MAPPED_CONFIGURE_ENABLE=	v4-mapped
 
 LDAP_CONFIGURE_ON=		--enable-ldap=shared
 
+HTTP2_LIB_DEPENDS=		libnghttp2.so:${PORTSDIR}/www/nghttp2
 LUAJIT_LIB_DEPENDS=		libluajit-5.1.so:${PORTSDIR}/lang/luajit
 LUA_CONFIGURE_WITH=		lua
 LUA_USES=			lua
@@ -101,7 +105,8 @@ CONFIGURE_ARGS+=--prefix=${PREFIX_RELDEST} \
 		--with-apr=${APR_CONFIG} \
 		--with-apr-util=${APU_CONFIG}
 
-CONFIGURE_ENV=	LOCALBASE="${LOCALBASE}"
+CONFIGURE_ENV=	LOCALBASE="${LOCALBASE}" \
+		CONFIG_SHELL="${SH}"
 
 MAKE_ENV+=	EXPR_COMPAT=yes \
 		INSTALL_MAN="${INSTALL_MAN}" \
@@ -123,11 +128,6 @@ USE_GNOME=	libxml2
 .include <bsd.port.pre.mk>
 .include "${APACHEDIR}/Makefile.modules"
 
-pre-configure::
-	@${ECHO_MSG}	""
-	@${ECHO_MSG}	"  You can check your modules configuration by using make show-modules"
-	@${ECHO_MSG}	""
-
 post-extract:
 # remove possible leftover .svn directories in the sources
 	@${FIND} ${WRKSRC} -type d -name .svn -print | ${XARGS} ${RM} -rf
@@ -151,6 +151,13 @@ post-patch:
 	${RM} -f ${WRKSRC}/docs/docroot/*.bak
 	${INSTALL_DATA} ${WRKSRC}/NOTICE ${WRKSRC}/docs/manual
 
+pre-configure::
+	@${ECHO_MSG}	""
+	@${ECHO_MSG}	"  You can check your modules configuration by using make show-modules"
+	@${ECHO_MSG}	""
+# silence autotools
+	-${MV} -v ${WRKSRC}/configure.in ${WRKSRC}/configure.ac
+
 post-configure:
 	@FTPUSERS=`${EGREP} -v '^#' /etc/ftpusers| ${TR} -s "\n" " "` ;\
 		${REINPLACE_CMD} -e "s,%%FTPUSERS%%,$${FTPUSERS}," \

www/apache24/Makefile.options

@@ -55,7 +55,7 @@ MOST_ENABLED_MODULES= \
 	WATCHDOG 
 
 MOST_DISABLED_MODULES:= \
-	AUTHNZ_LDAP IDENT LDAP LUA SOCACHE_DC SUEXEC XML2ENC
+	AUTHNZ_LDAP IDENT LDAP LUA SOCACHE_DC SUEXEC XML2ENC HTTP2
 
 # XXX PROXY and SESSION are modules but also used to
 #     enable/disable additional PROXY/SESSION modules

www/apache24/Makefile.options.desc

@@ -99,6 +99,7 @@ FILTER_DESC=			Smart Filtering
 HEADERS_DESC=			HTTP header control
 HEARTBEAT_DESC=			Generates Heartbeats
 HEARTMONITOR_DESC=		Collects Heartbeats
+HTTP2_DESC=			HTTP/2 (RFC 7540) support (experimental)
 
 IDENT_DESC=			RFC 1413 ident lookups
 IMAGEMAP_DESC=			Server-side imagemaps

www/apache24/distinfo

@@ -1,2 +1,2 @@
-SHA256 (apache24/httpd-2.4.16.tar.bz2) = ac660b47aaa7887779a6430404dcb40c0b04f90ea69e7bd49a40552e9ff13743
-SIZE (apache24/httpd-2.4.16.tar.bz2) = 5101005
+SHA256 (apache24/httpd-2.4.17.tar.bz2) = 331e035dec81d3db95b048f036f4d7b1a97ec8daa5b377bde42d4ccf1f2eb798
+SIZE (apache24/httpd-2.4.17.tar.bz2) = 5157721

www/apache24/files/patch-modules__ssl__ssl_util_ssl.c

@@ -1,18 +0,0 @@
-# libressl support
-# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139
-# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375
-
---- modules/ssl/ssl_util_ssl.c.orig	2015-01-12 13:31:16 UTC
-+++ modules/ssl/ssl_util_ssl.c
-@@ -473,7 +473,11 @@ EC_GROUP *ssl_ec_GetParamFromFile(const 
-  * format, possibly followed by a sequence of CA certificates that
-  * should be sent to the peer in the SSL Certificate message.
-  */
-+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
- int SSL_CTX_use_certificate_chain(
-+#else
-+int _SSL_CTX_use_certificate_chain(
-+#endif
-     SSL_CTX *ctx, char *file, int skipfirst, pem_password_cb *cb)
- {
-     BIO *bio;

www/apache24/files/patch-modules__ssl__ssl_util_ssl.h

@@ -1,18 +0,0 @@
-# libressl support
-# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139
-# https://issues.apache.org/bugzilla/show_bug.cgi?id=57375
-
---- modules/ssl/ssl_util_ssl.h.orig	2014-03-02 20:20:14 UTC
-+++ modules/ssl/ssl_util_ssl.h
-@@ -69,7 +69,11 @@ BOOL        SSL_X509_getIDs(apr_pool_t *
- BOOL        SSL_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL, server_rec *);
- BOOL        SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
- BOOL        SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
-+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
- int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *);
-+#else
-+int         _SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *);
-+#endif
- char       *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
- 
- #endif /* __SSL_UTIL_SSL_H__ */

www/apache24/pkg-plist

@@ -139,6 +139,7 @@ libexec/apache24/httpd.exp
 %%MOD_HEADERS%%libexec/apache24/mod_headers.so
 %%MOD_HEARTBEAT%%libexec/apache24/mod_heartbeat.so
 %%MOD_HEARTMONITOR%%libexec/apache24/mod_heartmonitor.so
+%%MOD_HTTP2%%libexec/apache24/mod_http2.so
 %%MOD_IDENT%%libexec/apache24/mod_ident.so
 %%MOD_IMAGEMAP%%libexec/apache24/mod_imagemap.so
 %%MOD_INCLUDE%%libexec/apache24/mod_include.so