- retire www/apache2

- Fix IGNORE quoting in Makefile.modules.3rd; unbreak www/mod_vhsH
While I'm here fix typo

PR:             ports/89125
Submitted by:   Ion-Mihai "IOnut" Tetcu
Pointy hat to:  clement

Mass-conversion to the USE_AUTOTOOLS New World Order.  The code present
in bsd.autotools.mk essentially makes this a no-op given that all the
old variables set a USE_AUTOTOOLS_COMPAT variable, which is parsed in
exactly the same way as USE_AUTOTOOLS itself.

Moreover, USE_AUTOTOOLS has already been extensively tested by the GNOME
team -- all GNOME 2.12.x ports use it.

Preliminary documentation can be found at:
        http://people.FreeBSD.org/~ade/autotools.txt

which is in the process of being SGMLized before introduction into the
Porters Handbook.

Light blue touch-paper.  Run.

- Backport WANT_APACHE= common21 from development version of bsd.apache.mk
  Now module selection in apache21 works properply

- Fix a misuse of .error. Replace it by IGNORE.

PR:             ports/88281
Reported by:    Lowell Gilbert <freebsd-bugs-local@be-well.ilk.org>

- Don't rerun the apache2.sh rc script on restart's, just stop and start
  normally

PR:             ports/86402
Submitted by:   Jarrod Sayers <jarrod@netleader.com.au>

Use the proper syntax for groups when using ${MASTER_SITE_foo}

Approved by:    MAINTAINER timeout (2 weeks)

- Update to 2.0.55

- Apply openssl 0.9.8 fix by default. OpenSSL 0.9.8 is now the default
  from ports

Reported by:    erwin

- remove a whitespace

- Fix build if WITH_OPENSSL_BETA is defined.

PR:             ports/85457
Submitted by:   Daniel Roethlisberger <daniel@roe.ch>

- Fix   CAN-2005-2700

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that
renegotiation is performed for a transition from "SSLVerifyClient
optional" to "SSLVerifyClient require".

- Fix reload/restart when using profiles

Submitted by:   thomas, Jarrod <jarrod@netleader.com.au>

- Fix CAN-2005-2491 (integer overflow in pcre)
- Fix memory leak in byterange stuff, which can lead to DoS.
  http://issues.apache.org/bugzilla/show_bug.cgi?id=29962

Obtained from:  Apache SVN repo
Reported by:    simon
Approved by:    portmgr (self)

- make sure SSL dependency doesn't exists if WITHOUT_MODULES_SSL is defined

- Add fix for CAN-2005-2088
From Changelog:
  *) SECURITY: CAN-2005-2088
     core: If a request contains both Transfer-Encoding and Content-Length
     headers, remove the Content-Length, mitigating some HTTP Request
     Splitting/Spoofing attacks.  [Paul Querna, Joe Orton]

- Rename previous patch to CVE ID
- bump PORTREVISION

Security:       CAN-2005-2088
Obtained From: Apache repository

Security: fix a buffer overrun in ssl_callback_SSLVerify_CRL()
Reported by:    thierry

- Remove debug line.

- Add support for multiple instances of apache2 to startup script.
  It's a little bit experimental, but it works.

- Update to 2.0.54

- Correct misuse of APXS_PREFIX

- Fix memory leak
  *) core_input_filter: Move buckets to a persistent brigade instead of
     creating a new brigade. This stop a memory leak when proxying a
     Streaming Media Server.

Obtained from:  Apache httpd repository

- promote kqueue to not-so-experiemental status.
  Please use WITH_KQUEUE_SUPPORT instead.

Success story reported by:      pav

- Backport PORTDOCS fix from www/apache21.
  Recent changes in bsd.port.mk prevent from using PORTDOCS= #

- backout previous commit.
  I blindly committed a change from my dev tree. Since USE_APACHE design
  is flacky, it had a very annoying impact.

PR:                ports/77391 [1]
Also reported by: pointyhat via kris,
                  Scot Hetzel <swhetzel@gmail.com> [1]
Pointy hat to:    clement

- I want to keep APACHE_PORT overridable even with apache2.

- Update to 2.0.53
- Download bz2'd tarball [1]
- Add print-closest-mirrors target.
  It allows you to find the 6 (3 http/3 ftp) closest mirror,
  base on http://www.apache.org/dyn/closer.cgi/httpd/
  make print-closest-mirrors >> /etc/make.conf automatically add
  the six closest mirror to the head of ${MASTER_SITE_APACHE_HTTPD}.

Requested by:   delphij

- Fix non DSO apache detection

Noticed by:     Xavier Beaudouin <kiwi@oav.net>

Changes in Makefile.modules.3rd
o Major change(s)
   - in some cases, modules are still built as static modules, making
     modules selection useless and generate a non-desired httpd

o Minor change(s)
   - apxs detection is done only if port isn't a server one.
   - Mark modules ports as IGNORED if apaxhe is built statically
   - fix make show-modules when when WITH_ALL_STATIC_MODULES is defined

Most issues discovered by:      Jason Mealins <jason_mealins@bigfix.com>

- make WITHOUT_<CATEGORY>_MODULES really works.
  (it was still stuck with WITHOUT_<CATEGORY>)

Noticed by:     Jason Mealins <jason_mealins@bigfix.com>

- Add support for databases/db43 in apache2[1] and apache21.
- rename files/patch-srclib:apr-utils:build:dbm.m4 to
  files/patch-srclib:apr-util:build:dbm.m4

Based on PR:            ports/76152 [1]
Submitted by:           Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net> [1]

o startup script:
- Use apache{2,21}flags variable in apache{2,21}_checkconfig().
  It fixes restart when apache2ssl_enable is set to YES in rc.conf
  and httpd.conf is "old" (i.e. non -DSSL safe) [1]

o Makefile
- split post-install target to add install-startup-script:
  User can now upgrade startup script without reinstalling apache2.
  NOTE: this is NOT package-safe and NOT supported, even if in most of
  cases they're no risk.

Noticed by:     many [1]

- Add a note about the dangerousness of quotes in make.conf

- Bump PORTREVISION to refect recent changes.
  Since www/mod_python3 needs envvars.d stuff to work.

- Fix a bug in mod_ssl. When client aborts connection, mod_ssl still try
  to send its data, ad vitam eternam.

Noticed by:     Didier Bringer <bringer at echo dot fr>
Patched by:     Bruno Ducrot <ducrot at poupinou dot org>

- Remove useless APR_FROM_PORTS check in post-install
- Add support for modular sbin/envvars
  You can now put your own scripts you want to execute at envvars
  stage in ${PREFIX}/etc/apache2/envvars.d
  Only script ending by *.env are run.

  Example:
        /usr/local/etc/apache2/envvars.d/mod_python3.env

Discussed with: perky on -apache@

- s/INSTALLS_SHILB/INSTALLS_SHLIB/

- Remove installation of unused highperformance*.conf
- Move examples config files to ${EXAMPLESDIR}
- Relax permissions on ${PREFIX}/www instead of ${PREFIX}/www/data

- Rename patch file.

- As discussed on apache@, don't create httpd.conf.bak, and remove stalled
  httpd.conf.bak file at deinstall time.

- minor cleanups.

- Fix memory consumption DoS, CVE CAN-2004-0942

Reported by:    josef
Obtained from:  Apache CVS

- ldconfig'ify ${PREFIX}/lib/apache2 at install time.

PR:             ports/73566
Submitted by:   lev

- Fix previous patch :-)

Huge pointy hat to: me
Noticed by:     Meno Abels <meno.abels@adviser.com>

Makefile was errornously committed. Revert the changes

- Fix apache2 build, I hope...

Noticed by:  many
Committed from: EuroBSDcon Hotel's bar.
Pointy hat to:  me
Under supervision from: mat, thierry, erwin (former mentor)

util_ald_cache_purge() fails to relink the cache entries during a cache purge.
So apply the official patch

- sync with real life

- Fix shared module building when WITH_STATIC_MODULES is defined.

Noticed by:     Nicola Tiling <nti at w4w dot net>

- Remove WITH_APR_FROM_PORTS knob
- Add a note to UPDATING, to warn users they won't be able to build apache2
  if they keep apr 0.9.x

Discussed with: Craig Rodrigues (apr maintainer), kuriyama

- Fix apr detection
  WARNING: apache2 + apr 1.0 is BROKEN
  I'm working on a small compat hack. But don't dream too much.
  apache 2.0.x is not designed to work with apr 1.x.

Forgotten by:   kuriyama

- Chase apr shlib version bump.

Pointy Hat Autumn Collection 2004 to:   kuriyama

- Use ${WWWOWN} and ${WWWGRP} for apache's user. (instead of harcoded
  www/www).
  It should help to keep consistancy in www-related ports.

- Yet Another Security Fix
  Fix CAN-2004-0885:

  * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that a
  correct cipher suite has been negotiated, else deny access.

  * modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): With OpenSSL
  0.9.7, prevent session resumption during a renegotiation to force the
  client to negotiate a new (and acceptable) cipher suite.

Credits:        Hartmut Keil, Joe Orton

- Update to 2.0.52
- Use "PORTDOCS= #" and get rid of docs entry in plist.
- Support for FreeBSD 6 in apr
- Move of cache modules from THREADS to EXPERIMENTAL category and make
  sure we enable THREADS modules (cgid only) when a threaded MPM is
  selected.
- Resurect WITH_EXTRA_MODULES knob
- powerlogo.gif is now hosted by FreeBSD mirrors
- WITH_<category> is definitively no longer supported.
- Add Includes dir when installed via a package [1]

PR:             ports/72309 [1]
Submitted by:   Christian Kratzer <ck at cksoft dot de> [1]

- Fix compilation with threads enabled on 5.x (due to PTHREAD_LIBS changes)

Approved by:    portmgr (krion)

Security fixes [1]:
  *) SECURITY: CAN-2004-0786 (cve.mitre.org)
     Fix an input validation issue in apr-util which could be
     triggered by malformed IPv6 literal addresses.  [Joe Orton]

  *) SECURITY: CAN-2004-0747 (cve.mitre.org)
     Fix buffer overflow in expansion of environment variables in
     configuration file parsing.  [Andr<E9> Malo]

  *) SECURITY: CAN-2004-0809 (cve.mitre.org)
     mod_dav_fs: Fix a segfault in the handling of an indirect lock
     refresh.  PR 31183.  [Joe Orton]

- Update documentation (finally!) and fix WITH_<CATEGORY>_MODULES
  for special modules like LDAP or SSL [2]

Noticed by:     nectar [1]
Requested by:   Emile Heitor <imil at home dot imil dot net> [2]
Approved by:    portmgr (marcus)

- make AP_GENPLIST pseudo PREFFIX-safe until I find a correct fix.

Discussed with: eik (long time ago)

- Add a sanity check on apache2 configuration files before reloading or
  restarting apache2 (to avoid an expected failure on restart)

- Add support for exception hook:
  * WITH_EXCEPTION_HOOK now exists
  * Automatically add if WITH_DEBUG is set
  * Update still-outdated-documentation
- Remove automatic debuf mode if DEBUG_FLAGS is set

Exception hook is very useful for debugging (upcoming www/mod_backtrace
and www/mod_whatkilledus modules)

Makefile.modules.3rd:
- Fix CONFIGURE_ARGS for dynamic module selection.
  It's now fully usuable for apache13 ports
- Remove an useless WANT_APACHE check
- Move apxs detection at the beginning of the file, to use APXS_PREFIX
  for apache major version detection [1]
  The main advantage of this patch is to provide a nice way to
  have multiple apache versions, without altering ${LOCALBASE}.

Submitted by:    "ports/c0decafe.net" <ports at c0decafe dot net> [1]

- Backport security fixes in ssl_engine_io.c

* [SECURITY] mod_ssl: Fix potential input filter segfaults in
  SPECULATIVE mode. (rollback handling for AP_MODE_SPECULATIVE)
  "This issue has possible security implications; it's been assigned CVE
  CAN-2004-0751 (cve.mitre.org)."
  http://issues.apache.org/bugzilla/show_bug.cgi?id=30134

* [SECURITY] mod_ssl: Fix potential infinite loop.
  (potential infinite loop in ssl_io_input_getline if connection is
  aborted without inctx->rc being set.)
  http://issues.apache.org/bugzilla/show_bug.cgi?id=27945
  http://issues.apache.org/bugzilla/show_bug.cgi?id=29690

Obtained from:  Apache CVS (httpd-2.0 HEAD)

- Bump PORTREVISION for all previous changes
- Allow access to /home if mod_userdir is loaded
- We don't need apache2libs.sh if apr is installed from ports.
- Add recent changes to UPGRADING

Remove our config.layout support. FreeBSD layout is in apache2's one
since 2.0.48

We don't need -DFREEBSD_THREAD_HACK when using kse or thr as threading
library.

- Add ldconfig -m to apache2's apr libs (install time and boot time)

Requested by, discussed with: lev

- Fix brainless typo.

Noticed by: Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl>

apache2 NG patch 2/5.
Makefile.modules:
   - Export rewritten modules selection from Makefile.modules
     to Makefile.modules.3rd
   - Remove proxy support by default.

Makefile.modules.3rd:
   - Add support for WANT_APACHE common13/common2 to share
     code/functionalities between apache13 and apache2 server ports.

Rewrite of modules selection:
   - WITH_MODULES and WITHOUT_MODULES are no more conflicting
     WITHOUT_MODULES can be safely used internally to remove conflicting
     modules
   - Selection is based on modules categories to improve flexibility
        - WITH_${category}[_MODULES]
        - WITHOUT_${category}
        - WITH_CUSTOM_${category}
   -  Support apache13, apache2{0,1}
        This is EXPERIMENTAL. I'll test it IRL with www/apache13-ssl,
        and it should be easily usuable in future bsd.apache.mk

apache2 NG patch 1/5.

o Changes in httpd.conf
  - mod_userdir:
        . set Userdir if mod_userdir is loaded [1]
        . Userdir is denied for users from /etc/ftpusers
  - set more "secure" permissions.
    By default, policy is to deny access to filesystem.
    You HAVE to _ENABLE_ access to your filesystem in httpd.conf.
  - Add an "Includes" directory to ${PREFIX}/etc/apache2/
    to make configuration more flexible
    ${PREFIX}/etc/apache2/*.conf files are now automatically loaded.

o apache.sh
  - be closer to apachectl, apache.sh need envvars [2]
    It should restore subversion behavior.

Partially submitted by:
                kuriyama [1],
                Gregory (Grisha) Trubetskoy <grisha at apache dot org> [2]

Future changes are mostly written, they should be committed during the
week-end.
If you're interrested in changes, feel free contact me.

- Disable mod_cgi if MPM is threaded.

- Update experimental apr/kqueue patch

Obtained from:  apr CVS

- Fix hostname resolution if IPv4 are mapped. [1]
- Add WITHOUT_V4MAPPED knob and explicitly set --disable-v4-mapped
  if WITHOUT_V4MAPPED or WITH_IPV6_V6ONLY

Also submitted by:      Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> [1]

- Improve plist generation.
  It fixes problems when you deinstall a port with $PREFIX != $(apxs -q
  prefix). Now plist is aware of real location of apache module.

- Add WITHOUT_IPV6 knob to workaround problem with IP resolution
  when --enable-v4-mapped is used (default).
  Use WITHOUT_IPV6 knob if you have problem with "HostnameLookup On" on
  IPv4-only server(s).
  I hope I can provide a real fix soon.

- remove from plist reference to share/nls/en_US.US-ASCII
  and share/nls/POSIX

Noticed by:     thierry

- Make configure script define DEFAULT_SCOREBOARD.
- Add NOTICE file to respect Apache 2.0 license

- revert ade's commit, since it breaks the ports due to something
  looking like a reverse patching.

Autotools cleanup.  Remove autoconf257 (259), automake17 (18), and
libtool14 (13/15).

PR:             67768
Submitted by:   ade
Approved by:    4-exp bento runs (thanks, kris!)

- Update to 2.0.50
  Important changes:
  *) SECURITY: CAN-2004-0493 (cve.mitre.org)
     Close a denial of service vulnerability identified by Georgi
     Guninski which could lead to memory exhaustion with certain
     input data.  [Jeff Trawick]
  *) SECURITY: CAN-2004-0488 (cve.mitre.org)
     mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
     (trusted) client certificate subject DN which exceeds 6K in length.
     [Joe Orton]
  Details can be found here:
        http://www.apache.org/dist/httpd/CHANGES_2.0
- Use autoconf 2.59
- Add add SUEXEC_LOGFILE tunable to set suexec logfile [1]
- Silently ignore removal of libexec/apache2 directory

- Security fix.
  CAN-2004-0493 - memory exhaustion denial of service
 
http://www.freebsd.org/ports/portaudit/81a8c9c2-c94f-11d8-8898-000d6111a684.html

Noticed by:     eik
Obtained from:  apache CVS

Don't remove www/ now that it is created by the system.

- change limits from user www to daemon class to be in sync with
  apachectl
- fix limits (missing eval)

- Clarify pkg-message

Noticed by:     Hutterer Robert <robert.hutterer@univie.ac.at>

- Sync pkg-descr with reality.

-1- make show-options readable from a vt100 ;-)
-2- add WITH_DEBUG knob (supports DEBUG_FLAGS)
-3- convert start script to RCng [1]
    - add possibility to run limits(1) before apache starts
    - apache2.sh reload = apachectl graceful
-4- Add threadpool MPM
-5- Adapt COMMENT to fit MPM.
-6- Bump PORTREVISION

PR:             ports/66955 [1]
Submitted by:   nork [1] (partially)
Requested by:   ume [1]

- remove quotes from "bogus" IGNORE string

Noticed by:     kris

- Fix IGNORE s,(,\(,

- s/BROKEN/IGNORE/

- Fix build if WITH_APR_FROM_PORTS is defined.
- Advertise ServerToken i.e.:
Apache/2.0.49 (FreeBSD) Server at satan.cultdeadsheep.org Port 80

- Import security fix from Apache CVS...
* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix buffer
overflow in FakeBasicAuth code if client's subject DN exceeds 6K in
length (CVE CAN-2004-0488); switch to using apr-util base64 encoder
functions.
- ... and of course bump PORTREVISION.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
http://secunia.com/advisories/11534/

Reported by:    Charles-Damien Orbello <tazma@cultdeadsheep.org>

- Fix plist after upgrading libtool to 1.5

Notice by:       Fritz Heinrichmeyer <fritz.heinrichmeyer@fernuni-hagen.de>

- import buildconf patch in ports tree.
  It has been living out the tree for historical reason.

- use autoconf 2.57
- use libtool 1.5.6

- s/BROKEN/IGNORE/
Per linimon's request correct {mis,ab}use of BROKEN.

- Do not activate module automatically [1]
- Cosmectic change in autogenerated plist (run apxs before the removal
  of the module file, it can make apxs fail if you change module
  name/shortname)

Forgotten by:   me [1]
Reminded by:    discussion with kris [1]

Add AP_EXTRA to support extra arguments to apxs during build.
AP_INC and AP_LIB were added.

Reminded by: mod_vdbh port

Remove noisy apache version detection

Add Makefile.modules.3rd, which should simplify apache modules porting.
It can not be used with USE_APACHE knob.

Most important knobs:
WANT_APACHE=    {13,2}
        Apache version required. if undefined, both apache version
        are allowed.
AP_FAST_BUILD
        Do ${APXS} -c ${APXS} -i for you
AP_GENPLIST
        Autogenerate a _SIMPLE_ plist:

See future commits to know how to use this file.

- Fix install when people use a different /bin/sh
  This shouldn't have been fixed, but I don't like setting UID and GID
  variables.
  so ${*} -> ${WWW*}

PR:             64032
Noticed by:     Patrick Schoenfeld <schoenfeld@in-medias-res.com>

- s/ac_cv_pthreads/apr_cv_pthreads/ (due to changes in 2.0.49)
  WITH_PTHREAD_LIBS and WITH_PTHREAD_CFLAGS are now working again

  WARNING: This option is still NOT offically supported.
  You can't flame me,but you still cansend me some backtrace ;-)

Update to 2.0.49

Full ChangeLogand announcement:
http://www.apache.org/dist/httpd/Announcement2.html

Port changes:
- buildconf patches improvement
- Fix typo [1]

PR:             64297 [1]
Submitted by:   TSUMAI Yasuyuki <ral@ta-ko.jp> [1]