aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2017-10-10 11:40:39 +0300
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2017-10-10 11:40:39 +0300
commit933cdbb71e6d0e6208bc86aebe8706b1d880c3c1 (patch)
tree714d088b88169400325ea8da860ab593fc854325
parent9247cd5bf1135043e01e249dfa5ba5105442131a (diff)
downloadaports-933cdbb71e6d0e6208bc86aebe8706b1d880c3c1.tar.bz2
aports-933cdbb71e6d0e6208bc86aebe8706b1d880c3c1.tar.xz
main/apache2: upgrade to 2.4.28
-rw-r--r--main/apache2/APKBUILD10
-rw-r--r--main/apache2/libressl.patch235
-rw-r--r--main/apache2/optionsbleed.patch15
3 files changed, 3 insertions, 257 deletions
diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD
index a4f60d4ceb..ddaa1450d6 100644
--- a/main/apache2/APKBUILD
+++ b/main/apache2/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Valery Kartel <valery.kartel@gmail.com>
pkgname=apache2
_pkgreal=httpd
-pkgver=2.4.27
-pkgrel=2
+pkgver=2.4.28
+pkgrel=0
pkgdesc="A high performance Unix-based HTTP server"
url="http://httpd.apache.org/"
arch="all"
@@ -28,8 +28,6 @@ subpackages="$pkgname-ctl
$pkgname-utils
$pkgname-webdav"
source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2
- libressl.patch
- optionsbleed.patch
apache2.confd
apache2.logrotate
apache2.initd
@@ -313,9 +311,7 @@ _lua() {
"$subpkgdir"/usr/lib/apache2/ || return 1
_load_mods
}
-sha512sums="7e7e8070715b74cb6890096a74e194f4c6a49c14bda685b1ad832e84312f1ac4316ea03a430e679502bfd8e1853aefa544ee002a20d0f7e994b9a590c74bc42c httpd-2.4.27.tar.bz2
-7ccd6ba80836e5d8481779855e5b5618f10f20fb00c765e94a3788e746e99311d687c20053ed348fc1a31532fc8900c24915c7b0aff83418f2f40dc7b94944cc libressl.patch
-11582354ef82be7c1f71b44f135dd15d99c3945a2aa52e9d3213119024a9cf83a137251a730c186a416ecfd57cc4acfc166ce2c27023988b22b31b24222d1632 optionsbleed.patch
+sha512sums="8de8e32b87e6de220e492e74db9df0882fae11c3b9732f3d3316da048c04767ac4429c0433c36f87d8705263e3376f97a7e1f66a9d7a518632a67b6fe617590a httpd-2.4.28.tar.bz2
8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc apache2.confd
18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b apache2.logrotate
81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701 apache2.initd
diff --git a/main/apache2/libressl.patch b/main/apache2/libressl.patch
deleted file mode 100644
index e4b6176911..0000000000
--- a/main/apache2/libressl.patch
+++ /dev/null
@@ -1,235 +0,0 @@
---- httpd-2.4.26/modules/ssl/mod_ssl.c
-+++ httpd-2.4.26.libressl/modules/ssl/mod_ssl.c
-@@ -337,12 +337,12 @@
- #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
- ENGINE_cleanup();
- #endif
--#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
-+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_COMP)
- SSL_COMP_free_compression_methods();
- #endif
-
- /* Usually needed per thread, but this parent process is single-threaded */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- #if OPENSSL_VERSION_NUMBER >= 0x1000000fL
- ERR_remove_thread_state(NULL);
- #else
-@@ -383,14 +383,14 @@
- /* Some OpenSSL internals are allocated per-thread, make sure they
- * are associated to the/our same thread-id until cleaned up.
- */
--#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- ssl_util_thread_id_setup(pconf);
- #endif
-
- /* We must register the library in full, to ensure our configuration
- * code can successfully test the SSL environment.
- */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- CRYPTO_malloc_init();
- #else
- OPENSSL_malloc_init();
---- httpd-2.4.26/modules/ssl/ssl_engine_init.c
-+++ httpd-2.4.26.libressl/modules/ssl/ssl_engine_init.c
-@@ -47,7 +47,7 @@
- #define KEYTYPES "RSA or DSA"
- #endif
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- /* OpenSSL Pre-1.1.0 compatibility */
- /* Taken from OpenSSL 1.1.0 snapshot 20160410 */
- static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-@@ -257,7 +257,7 @@
- #endif
- }
-
--#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if APR_HAS_THREADS && ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
- ssl_util_thread_setup(p);
- #endif
-
-@@ -380,7 +380,7 @@
- modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */
-
- init_dh_params();
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- init_bio_methods();
- #endif
-
-@@ -1301,7 +1301,7 @@
- * or configure NIST P-256 (required to enable ECDHE for earlier versions)
- * ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList
- */
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- else {
- #if defined(SSL_CTX_set_ecdh_auto)
- SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
-@@ -2011,7 +2011,7 @@
-
- }
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- free_bio_methods();
- #endif
- free_dh_params();
---- httpd-2.4.26/modules/ssl/ssl_engine_io.c
-+++ httpd-2.4.26.libressl/modules/ssl/ssl_engine_io.c
-@@ -164,7 +164,7 @@
- {
- BIO_set_shutdown(bio, 1);
- BIO_set_init(bio, 1);
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- /* No setter method for OpenSSL 1.1.0 available,
- * but I can't find any functional use of the
- * "num" field there either.
-@@ -549,7 +549,7 @@
- return -1;
- }
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-
- static BIO_METHOD bio_filter_out_method = {
- BIO_TYPE_MEM,
-@@ -2024,7 +2024,7 @@
-
- filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, r, c);
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- filter_ctx->pbioRead = BIO_new(&bio_filter_in_method);
- #else
- filter_ctx->pbioRead = BIO_new(bio_filter_in_method);
-@@ -2059,7 +2059,7 @@
- filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter,
- filter_ctx, r, c);
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method);
- #else
- filter_ctx->pbioWrite = BIO_new(bio_filter_out_method);
---- httpd-2.4.26/modules/ssl/ssl_engine_kernel.c
-+++ httpd-2.4.26.libressl/modules/ssl/ssl_engine_kernel.c
-@@ -1733,7 +1733,7 @@
- * so we need to increment here to prevent them from
- * being freed.
- */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- #define modssl_set_cert_info(info, cert, pkey) \
- *cert = info->x509; \
- CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \
---- httpd-2.4.26/modules/ssl/ssl_engine_vars.c
-+++ httpd-2.4.26.libressl/modules/ssl/ssl_engine_vars.c
-@@ -529,7 +529,7 @@
- resdup = FALSE;
- }
- else if (strcEQ(var, "A_SIG")) {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->signature->algorithm));
- #else
- const ASN1_OBJECT *paobj;
---- httpd-2.4.26/modules/ssl/ssl_private.h
-+++ httpd-2.4.26.libressl/modules/ssl/ssl_private.h
-@@ -123,6 +123,16 @@
- #define MODSSL_SSL_METHOD_CONST
- #endif
-
-+#if defined(LIBRESSL_VERSION_NUMBER)
-+/* Missing from LibreSSL */
-+#define SSL_CTRL_SET_MIN_PROTO_VERSION 123
-+#define SSL_CTRL_SET_MAX_PROTO_VERSION 124
-+#define SSL_CTX_set_min_proto_version(ctx, version) \
-+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
-+#define SSL_CTX_set_max_proto_version(ctx, version) \
-+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
-+#endif
-+
- #if defined(OPENSSL_FIPS)
- #define HAVE_FIPS
- #endif
-@@ -136,7 +146,7 @@
- #endif
-
- /* session id constness */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- #define IDCONST
- #else
- #define IDCONST const
-@@ -199,7 +209,7 @@
-
- #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- #define BN_get_rfc2409_prime_768 get_rfc2409_prime_768
- #define BN_get_rfc2409_prime_1024 get_rfc2409_prime_1024
- #define BN_get_rfc3526_prime_1536 get_rfc3526_prime_1536
-@@ -219,7 +229,7 @@
- void free_bio_methods(void);
- #endif
-
--#if OPENSSL_VERSION_NUMBER < 0x10002000L
-+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
- #define X509_STORE_CTX_get0_store(x) (x->ctx)
- #endif
-
-@@ -934,7 +944,7 @@
- const char * const *);
- BOOL ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
- #if APR_HAS_THREADS
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- void ssl_util_thread_setup(apr_pool_t *);
- #endif
- void ssl_util_thread_id_setup(apr_pool_t *);
---- httpd-2.4.26/modules/ssl/ssl_util.c
-+++ httpd-2.4.26.libressl/modules/ssl/ssl_util.c
-@@ -247,7 +247,7 @@
- }
-
- #if APR_HAS_THREADS
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- /*
- * To ensure thread-safetyness in OpenSSL - work in progress
- */
---- httpd-2.4.26/modules/ssl/ssl_util_ssl.h
-+++ httpd-2.4.26.libressl/modules/ssl/ssl_util_ssl.h
-@@ -41,7 +41,7 @@
- #define MODSSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER
- #define MODSSL_LIBRARY_NAME "OpenSSL"
- #define MODSSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- #define MODSSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION)
- #else
- #define MODSSL_LIBRARY_DYNTEXT OpenSSL_version(OPENSSL_VERSION)
---- httpd-2.4.26/support/ab.c
-+++ httpd-2.4.26.libressl/support/ab.c
-@@ -197,6 +197,14 @@
- #if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name)
- #define HAVE_TLSEXT
- #endif
-+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2060000f
-+# define SSL_CTRL_SET_MIN_PROTO_VERSION 123
-+# define SSL_CTRL_SET_MAX_PROTO_VERSION 124
-+#define SSL_CTX_set_min_proto_version(ctx, version) \
-+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
-+#define SSL_CTX_set_max_proto_version(ctx, version) \
-+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
-+#endif
- #endif
-
- #include <math.h>
diff --git a/main/apache2/optionsbleed.patch b/main/apache2/optionsbleed.patch
deleted file mode 100644
index be0afee60a..0000000000
--- a/main/apache2/optionsbleed.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- httpd-2.4.2//server/core.c 2017/08/16 16:50:29 1805223
-+++ httpd-2.4.2//server/core.c 2017/09/08 13:13:11 1807754
-@@ -2266,6 +2266,12 @@
- /* method has not been registered yet, but resource restriction
- * is always checked before method handling, so register it.
- */
-+ if (cmd->pool == cmd->temp_pool) {
-+ /* In .htaccess, we can't globally register new methods. */
-+ return apr_psprintf(cmd->pool, "Could not register method '%s' "
-+ "for %s from .htaccess configuration",
-+ method, cmd->cmd->name);
-+ }
- methnum = ap_method_register(cmd->pool,
- apr_pstrdup(cmd->pool, method));
- }