www/apache24: Update to 2.4.34

- fixes vulns in mod_http2 and mod_md
 - include SSL_* options in alphabetic ordering
 - Remove unneeded SSL_CFLAGS and _LDFLAGS
 - Remove WITH_HTTP_PORT and WITH_SSL_PORT
 - Remove trailing whitespace
 - Fix build with HTTP2 but without SSL [1]

PR:		229802, 227944 [1]
With hat:	apache
Approved by:	brnrd (apache)
MFH:		2018Q3
Security:	8b1a50ab-8a8e-11e8-add2-b499baebfeaf
Differential Revision:	https://reviews.freebsd.org/D16294

www/apache24/Makefile

@@ -1,8 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	apache24
-PORTVERSION=	2.4.33
-PORTREVISION=	1
+PORTVERSION=	2.4.34
 CATEGORIES=	www ipv6
 MASTER_SITES=	APACHE_HTTPD
 DISTNAME=	httpd-${PORTVERSION}
@@ -35,9 +34,6 @@ SUB_LIST+=	MPMF="000_mpm_prefork_fallback.conf"
 USERS=		www
 GROUPS=		www
 
-WITH_HTTP_PORT?=	80
-WITH_SSL_PORT?=		443
-
 .include "${.CURDIR}/Makefile.options"
 .include "${.CURDIR}/Makefile.options.desc"
 OPTIONS_SUB=	yes
@@ -67,8 +63,10 @@ MPM_SHARED_SUB_LIST_OFF=	MPM_FALLBACK_CHECK="\#"
 AUTHNZ_LDAP_CONFIGURE_ON=	--enable-authnz-ldap
 BROTLI_CONFIGURE_WITH=		brotli=${LOCALBASE}
 BROTLI_LIB_DEPENDS=		libbrotlicommon.so:archivers/brotli
-HTTP2_CONFIGURE_ON=		--with-nghttp2=${LOCALBASE}
+HTTP2_CONFIGURE_ON=		--with-nghttp2=${LOCALBASE} \
+				--with-ssl=${OPENSSLBASE}
 HTTP2_LIB_DEPENDS=		libnghttp2.so:www/libnghttp2
+HTTP2_USES=			ssl
 IPV4_MAPPED_CONFIGURE_ENABLE=	v4-mapped
 LDAP_CONFIGURE_ON=		--enable-ldap=shared
 LUAJIT_LIB_DEPENDS=		libluajit-5.1.so:lang/luajit
@@ -78,7 +76,7 @@ LUA_CONFIGURE_WITH=		lua=${LOCALBASE}
 LUA_USES=			lua
 MD_CONFIGURE_ON=		--with-curl=${LOCALBASE} \
 				--with-jansson=${LOCALBASE} \
-				--with-openssl=${OPENSSLBASE}
+				--with-ssl=${OPENSSLBASE}
 MD_LIB_DEPENDS=			libcurl.so:ftp/curl \
 				libjansson.so:devel/jansson
 MD_USES=			ssl
@@ -87,14 +85,11 @@ PROXY_HTTP2_CONFIGURE_ON=	--with-nghttp2=${LOCALBASE}
 PROXY_HTTP2_LIB_DEPENDS=	libnghttp2.so:www/libnghttp2
 SOCACHE_DC_CONFIGURE_ON=	--with-distcache=${LOCALBASE}
 SOCACHE_DC_LIB_DEPENDS=		libdistcache.so:security/distcache
-XML2ENC_USE=			GNOME=libxml2
-
 # Note: OpenSSL version (base/ports) depends how devel/apr1 was built
 #  apu-1-config --(includes|ldflags) and apr_rules.mk
-SSL_CFLAGS=			-I${OPENSSLINC}
 SSL_CONFIGURE_ON=		--with-ssl=${OPENSSLBASE}
-SSL_LDFLAGS=			-L${OPENSSLLIB}
 SSL_USES=			ssl
+XML2ENC_USE=			GNOME=libxml2
 
 ETC_SUBDIRS=		Includes envvars.d extra modules.d
 
@@ -110,9 +105,6 @@ PREFIX_RELDEST=	${PREFIX:S,^${DESTDIR},,}
 
 CONFIGURE_ARGS+=--prefix=${PREFIX_RELDEST} \
 		--enable-layout=FreeBSD \
-		--with-port=${WITH_HTTP_PORT} \
-		--with-sslport=${WITH_SSL_PORT} \
-		--with-expat=${LOCALBASE} \
 		--enable-http \
 		--with-pcre=${LOCALBASE} \
 		--with-apr=${APR_CONFIG} \
@@ -155,7 +147,7 @@ IGNORE=	AUTH_BASIC and AUTH_DIGEST need at least one AUTHN provider
 .endif
 
 .if ${PORT_OPTIONS:MAUTH_BASIC} && empty(PORT_OPTIONS:MAUTHZ*)
-IGNORE=	AUTH_BASIC need at least one AUTHZ provider
+IGNORE=	AUTH_BASIC needs at least one AUTHZ provider
 .endif
 
 # Non options-NG option handling
@@ -165,7 +157,7 @@ CONFIGURE_ARGS+=	--with-libxml2=${LOCALBASE}/include/libxml2
 CONFIGURE_ARGS+=	--without-libxml2
 .endif
 
-# WITH_STATIC_SUPPORT, WITH_DEBUG, WITH_EXCEPTION_HOOK 
+# WITH_STATIC_SUPPORT, WITH_DEBUG, WITH_EXCEPTION_HOOK
 # Only to be used for special builds
 .if defined(WITH_STATIC_SUPPORT)
 CONFIGURE_ARGS+=	--enable-static-support

www/apache24/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1521377807
-SHA256 (apache24/httpd-2.4.33.tar.bz2) = de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05
-SIZE (apache24/httpd-2.4.33.tar.bz2) = 6934765
+TIMESTAMP = 1531769087
+SHA256 (apache24/httpd-2.4.34.tar.bz2) = fa53c95631febb08a9de41fd2864cfff815cf62d9306723ab0d4b8d7aa1638f0
+SIZE (apache24/httpd-2.4.34.tar.bz2) = 6942969

www/apache24/files/patch-modules_md_md__crypt.c

@@ -1,11 +1,19 @@
---- modules/md/md_crypt.c.orig	2018-01-30 10:20:50 UTC
+Upstream https://svn.apache.org/viewvc?view=revision&revision=1836096
+
+On the 2.4.x branch:
+
+merge r1836095 from trunk:
+* using the, hopefully correct, ever elusive libressl version numbering check
+  for the new openssl API calls, fixes PR 62548.
+
+--- modules/md/md_crypt.c.orig	2018-06-29 11:53:50 UTC
 +++ modules/md/md_crypt.c
-@@ -471,7 +471,7 @@ apr_status_t md_pkey_gen(md_pkey_t **ppk
-     }
- }
+@@ -52,7 +52,7 @@
  
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
- 
- #ifndef NID_tlsfeature
- #define NID_tlsfeature          1020
+ #if defined(LIBRESSL_VERSION_NUMBER)
+ /* Missing from LibreSSL */
+-#define MD_USE_OPENSSL_PRE_1_1_API (LIBRESSL_VERSION_NUMBER < 0x2080000f)
++#define MD_USE_OPENSSL_PRE_1_1_API (LIBRESSL_VERSION_NUMBER < 0x2070000f)
+ #else /* defined(LIBRESSL_VERSION_NUMBER) */
+ #define MD_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ #endif

www/apache24/pkg-descr

@@ -6,4 +6,4 @@ services in sync with the current HTTP standards.
 The 2.x branch of Apache Web Server includes several improvements like
 threading, use of APR, native IPv6 and SSL support, and many more.
 
-WWW: http://httpd.apache.org/
+WWW: https://httpd.apache.org/

www/apache24/pkg-message

@@ -20,4 +20,3 @@ Please compare the existing httpd.conf with httpd.conf.sample
 and merge missing modules/instructions into httpd.conf!
 
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-

www/apache24/pkg-plist

@@ -253,7 +253,7 @@ sbin/split-logfile
 %%DATADIR%%/misc/index.html
 @postexec [ -f %D/%%WWWDIR%%/data/index.html ] || cp %D/%%DATADIR%%/misc/index.html %D/%%WWWDIR%%/data/index.html
 @(,,0400) %%WWWDIR%%/cgi-bin/printenv
-@comment %%WWWDIR%%/cgi-bin/printenv.vbs 
+@comment %%WWWDIR%%/cgi-bin/printenv.vbs
 @comment %%WWWDIR%%/cgi-bin/printenv.wsf
 @(,,0400) %%WWWDIR%%/cgi-bin/test-cgi
 %%WWWDIR%%/error/HTTP_BAD_GATEWAY.html.var