Update apache to 2.4.46

Changes with Apache 2.4.46
  *) SECURITY: CVE-2020-11984 (cve.mitre.org)
     mod_proxy_uwsgi: Malicious request may result in information disclosure
     or RCE of existing file on the server running under a malicious process
     environment. [Yann Ylavic]

  *) SECURITY: CVE-2020-11993 (cve.mitre.org)
     mod_http2: when throttling connection requests, log statements
     where possibly made that result in concurrent, unsafe use of
     a memory pool. [Stefan Eissing]

  *) SECURITY:
     mod_http2: a specially crafted value for the 'Cache-Digest' header
     request would result in a crash when the server actually tries
     to HTTP/2 PUSH a resource afterwards.
     [Stefen Eissing, Eric Covener, Christophe Jaillet]

  *) mod_proxy_fcgi: Fix build warnings for Windows platform

Changes with Apache 2.4.45

  *) mod_http2: remove support for abandoned http-wg draft
     <https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/>.
     [Stefan Eissing]

Changes with Apache 2.4.44

  *) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard
     protocol limit).  [Yann Ylavic]

  *) mod_http2:
     Fixes <icing/mod_h2#200>:
     "LimitRequestFields 0" now disables the limit, as documented.
     Fixes <icing/mod_h2#201>:
     Do not count repeated headers with same name against the field
     count limit. The are merged internally, as if sent in a single HTTP/1 line.
     [Stefan Eissing]

  *) mod_http2: Avoid segfaults in case of handling certain responses for
     already aborted connections.  [Stefan Eissing, Ruediger Pluem]

  *) mod_http2: The module now handles master/secondary connections and has marked
     methods according to use. [Stefan Eissing]

  *) core: Drop an invalid Last-Modified header value coming
     from a FCGI/CGI script instead of replacing it with Unix epoch.
     [Yann Ylavic, Luca Toscano]

  *) Add support for strict content-length parsing through addition of
     ap_parse_strict_length() [Yann Ylavic]

  *) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when expression
     evaluates to false.  PR64365. [Michael König <mail ikoenig.net>]

  *) mod_proxy_http: flush spooled request body in one go to avoid
     leaking (or long lived) temporary file. PR 64452. [Yann Ylavic]

  *) mod_ssl: Fix a race condition and possible crash when using a proxy client
     certificate (SSLProxyMachineCertificateFile).
     [Armin Abfalterer <a.abfalterer gmail.com>]

  *) mod_ssl: Fix memory leak in stapling code. PR63687. [Stefan Eissing]

  *) mod_http2: Fixed regression that no longer set H2_STREAM_ID and H2_STREAM_TAG.
     PR64330 [Stefan Eissing]

  *) mod_http2: Fixed regression that caused connections to close when mod_reqtimeout
     was configured with a handshake timeout. Fixes gitub issue #196.
     [Stefan Eissing]

  *) mod_proxy_http2: the "ping" proxy parameter
     (see <https://httpd.apache.org/docs/2.4/mod/mod_proxy.html>) is now used
     when checking the liveliness of a new or reused h2 connection to the backend.
     With short durations, this makes load-balancing more responsive. The module
     will hold back requests until ping conditions are met, using features of the
     HTTP/2 protocol alone. [Ruediger Pluem, Stefan Eissing]

  *) core: httpd is no longer linked against -lsystemd if mod_systemd
     is enabled (and built as a DSO).  [Rainer Jung]

  *) mod_proxy_http2: respect ProxyTimeout settings on backend connections
     while waiting on incoming data. [Ruediger Pluem, Stefan Eissing]

www/apache24/Makefile

@@ -1,6 +1,5 @@
 PORTNAME=	apache24
-PORTVERSION=	2.4.43
-PORTREVISION=	1
+PORTVERSION=	2.4.46
 CATEGORIES=	www
 MASTER_SITES=	APACHE_HTTPD
 DISTNAME=	httpd-${PORTVERSION}
@@ -89,6 +88,7 @@ SOCACHE_DC_LIB_DEPENDS=		libdistcache.so:security/distcache
 #  apu-1-config --(includes|ldflags) and apr_rules.mk
 SSL_CONFIGURE_ON=		--with-ssl=${OPENSSLBASE}
 SSL_USES=			ssl
+SUEXEC_SYSLOG_CONFIGURE_ON=	--without-suexec-logfile --with-suexec-syslog
 XML2ENC_USE=			GNOME=libxml2
 XML2ENC_USES=			gnome
 

www/apache24/Makefile.options

@@ -42,7 +42,7 @@ MOST_ENABLED_MODULES= \
 	IMAGEMAP INCLUDE INFO \
 	LBMETHOD_BYBUSYNESS LBMETHOD_BYREQUESTS LBMETHOD_BYTRAFFIC \
 	LBMETHOD_HEARTBEAT LOGIO LOG_DEBUG LOG_FORENSIC \
-	MACRO MIME MIME_MAGIC \
+	MACRO MD MIME MIME_MAGIC \
 	NEGOTIATION \
 	RATELIMIT REFLECTOR REMOTEIP REQTIMEOUT REQUEST REWRITE \
 	SED SETENVIF \
@@ -53,7 +53,8 @@ MOST_ENABLED_MODULES= \
 	WATCHDOG XML2ENC
 
 MOST_DISABLED_MODULES= \
-	AUTHNZ_LDAP BROTLI IDENT LDAP LUA MD SOCACHE_DC SOCACHE_REDIS SUEXEC
+	AUTHNZ_LDAP BROTLI IDENT LDAP LUA SOCACHE_DC SOCACHE_REDIS SUEXEC \
+	SUEXEC_SYSLOG
 
 #     enable/disable additional PROXY/SESSION modules
 META_MODULES=	PROXY SESSION

www/apache24/Makefile.options.desc

@@ -154,6 +154,7 @@ SSL_DESC=			SSL/TLS support (mod_ssl)
 STATUS_DESC=			Process/thread monitoring
 SUBSTITUTE_DESC=		Response content rewrite-like filtering
 SUEXEC_DESC=			Set uid and gid for spawned processes
+SUEXEC_SYSLOG_DESC=		Enable syslog for suexec
 
 UNIQUE_ID_DESC=			Per-request unique ids
 UNIXD_DESC=			(required) security for Unix-family platforms

www/apache24/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1587061858
-SHA256 (apache24/httpd-2.4.43.tar.bz2) = a497652ab3fc81318cdc2a203090a999150d86461acff97c1065dc910fe10f43
-SIZE (apache24/httpd-2.4.43.tar.bz2) = 7155865
+TIMESTAMP = 1597599810
+SHA256 (apache24/httpd-2.4.46.tar.bz2) = 740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea
+SIZE (apache24/httpd-2.4.46.tar.bz2) = 7187805

www/apache24/pkg-plist

@@ -228,7 +228,7 @@ man/man8/fcgistarter.8.gz
 man/man8/htcacheclean.8.gz
 man/man8/httpd.8.gz
 man/man8/rotatelogs.8.gz
-man/man8/suexec.8.gz
+%%SUEXEC%%man/man8/suexec.8.gz
 sbin/apachectl
 sbin/apxs
 %%LOG_FORENSIC%%sbin/check_forensic