Apache 2.4.26 was released and addresses multiple CVE: http://httpd.apache.org/security/vulnerabilities_24.html Also it contains a new module: mod_brotli (bug #218851)
Created attachment 183655 [details] Update Apache to v2.4.26 !! mod_brotli support depends on bug #218851 !! - update to 2.4.26 -- Add mod_brotli support, fix pkg-plist -- HTTP/2 support no longer tagged as "experimental" but is instead considered fully production ready.
Created attachment 183656 [details] Build log with security/libressl There is a problem when building with security/libessl regarding SSL_CTX_set_max_proto_version and SSL_CTX_set_min_proto_version or OPENSSL_VERSION_NUMBER
(In reply to Markus Kohlmeyer from comment #2) Looks like the support for OpenSSL 1.1.0, which has been added in v2.4.26, breaks the build with LibreSSL (which isn't officially supported by Apache afaik). See: https://github.com/apache/httpd/commit/d9a5d4c6ee64b400cd552dbd8b3bbd36942d5544 and https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_max_proto_version.html
Patch for the LibreSSL problem from Bernard Spil exists in Apache Bugzilla: https://bz.apache.org/bugzilla/show_bug.cgi?id=61184
Created attachment 183888 [details] patch from: https://bz.apache.org/bugzilla/show_bug.cgi?id=61184 Now builds ok.
A commit references this bug: Author: brnrd Date: Wed Jul 12 19:31:42 UTC 2017 New revision: 445603 URL: https://svnweb.freebsd.org/changeset/ports/445603 Log: www/apache24: Update to 2.4.27 - Bugfix update to 2.4.27 - Fix build with LibreSSL [1] - Add brotli compression option - Add pkg-message for 10.3 base-ssl users - HTTP/2 is production ready, default enable - warn users of 10.3 for mod_http2/OpenSSL 1.0.1 [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61184 PR: 220160 [1] Reported by: Markus Kohlmeyer <rootservice@gmail.com> Reviewed by: ohauer (hat) Approved by: ohauer (hat) Differential Revision: https://reviews.freebsd.org/D11285 Changes: head/www/apache24/Makefile head/www/apache24/Makefile.options head/www/apache24/Makefile.options.desc head/www/apache24/distinfo head/www/apache24/files/patch-modules_ssl_mod__ssl.c head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c head/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c head/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c head/www/apache24/files/patch-modules_ssl_ssl__private.h head/www/apache24/files/patch-modules_ssl_ssl__util.c head/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h head/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c head/www/apache24/files/patch-support_ab.c head/www/apache24/files/pkg-message.in head/www/apache24/pkg-plist
A commit references this bug: Author: brnrd Date: Fri Jul 14 12:28:14 UTC 2017 New revision: 445747 URL: https://svnweb.freebsd.org/changeset/ports/445747 Log: MFH: r445603 www/apache24: Update to 2.4.27 - Bugfix update to 2.4.27 - Fix build with LibreSSL [1] - Add brotli compression option - Add pkg-message for 10.3 base-ssl users - HTTP/2 is production ready, default enable - warn users of 10.3 for mod_http2/OpenSSL 1.0.1 [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61184 PR: 220160 [1] Reported by: Markus Kohlmeyer <rootservice@gmail.com> Reviewed by: ohauer (hat) Approved by: ohauer (hat) Differential Revision: https://reviews.freebsd.org/D11285 Approved by: ports-secteam (junovitch) Changes: _U branches/2017Q3/ branches/2017Q3/www/apache24/Makefile branches/2017Q3/www/apache24/Makefile.options branches/2017Q3/www/apache24/Makefile.options.desc branches/2017Q3/www/apache24/distinfo branches/2017Q3/www/apache24/files/patch-modules_ssl_mod__ssl.c branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__init.c branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__io.c branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__private.h branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__util.c branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c branches/2017Q3/www/apache24/files/patch-support_ab.c branches/2017Q3/www/apache24/files/pkg-message.in branches/2017Q3/www/apache24/pkg-plist