main/apache2: security upgrade to 2.4.26

fixes #7463
author: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2017-07-06 14:24:10 +0300
committer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2017-07-06 14:26:18 +0300
commit: c930c29f44d1c8c27a01acc3e871b48922d3b620 (patch)
tree: d83bd75d0135874c118b8fb3d3f93bce90e893fe /main/apache2
parent: ba13c2bb464c773bf962da25426e9922be473839 (diff)
download: aports-c930c29f44d1c8c27a01acc3e871b48922d3b620.tar.bz2
aports-c930c29f44d1c8c27a01acc3e871b48922d3b620.tar.xz
16 files changed, 312 insertions, 106 deletions
diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD
index 71bb383644..905fc62498 100644
--- a/main/apache2/APKBUILD
+++ b/main/apache2/APKBUILD
@@ -2,8 +2,8 @@
 # Contributor: Valery Kartel <valery.kartel@gmail.com>
 pkgname=apache2
 _pkgreal=httpd
-pkgver=2.4.25
-pkgrel=1
+pkgver=2.4.26
+pkgrel=0
 pkgdesc="A high performance Unix-based HTTP server"
 url="http://httpd.apache.org/"
 arch="all"
@@ -27,6 +27,7 @@ subpackages="$pkgname-dev
              $pkgname-utils
              $pkgname-webdav"
 source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2
+	libressl.patch
 	apache2.confd
 	apache2.logrotate
 	apache2.initd
@@ -47,9 +48,16 @@ source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2
 	conf/0014-httpd-.conf-LoadModule.patch
 	"
 options="suid"
-
 builddir="$srcdir"/$_pkgreal-$pkgver
 
+# secfixes:
+#   2.4.26-r0:
+#     - CVE-2017-3167
+#     - CVE-2017-3169
+#     - CVE-2017-7659
+#     - CVE-2017-7668
+#     - CVE-2017-7679
+
 prepare() {
 	cd "$builddir"
 
@@ -295,60 +303,23 @@ _lua() {
 		"$subpkgdir"/usr/lib/apache2/ || return 1
 	_load_mods
 }
-md5sums="2826f49619112ad5813c0be5afcc7ddb  httpd-2.4.25.tar.bz2
-257d2572921dd4506b0464441f88fab4  apache2.confd
-8519af87c57b50441866ad4216e4d663  apache2.logrotate
-11b2718d7a0550498aaddf41e940ad04  apache2.initd
-699aec01d2f7c5a67c10d0fe280780b7  alpine.layout
-56bbe9e4e83bbea1366dc107471ab64e  0001-httpd.conf-ServerRoot.patch
-3bd91de3d0063eafa0a07a950fb9041d  0002-httpd.conf-ServerTokens.patch
-29a501f82c81c00cd51cc8de91eee988  0003-httpd.conf-ServerSignature.patch
-968d320d0dead0eeb10a425e0c9e2e59  0004-httpd.conf-User-Group.patch
-88f9a51476a813b97510d2bdb4b2ccd4  0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch
-592ed15071a0d1b47315a06e395b03e2  0006-httpd-dav.conf-DavLockDB.patch
-0c3a6b8826876098fee8ccae5f732758  0007-httpd-ssl.conf-SSLSessionCache.patch
-42d0ebb0d5cdf66611eb45316d27bb44  0008-httpd-ssl.conf-SSLRandomSeed.patch
-52513e71652fc180458d367f4d8b866b  0009-httpd-ssl.conf-SSL-File.patch
-794a51cec6712b6c0a1359d1812d2c7c  0010-httpd-ssl.conf-SSL-CipherSuite.patch
-aa73ec65c4c67819f297e48da8d3fb8e  0011-httpd.conf-IncludeOptional.patch
-605536ff208f88ea97331b6b5d03278f  0012-httpd.conf-MIMEMagicFile.patch
-78f648c86a895107a9381374d5497f51  0013-httpd-.conf-IfModule.patch
-3c873b99a197a7fa1792bc7fa5b05233  0014-httpd-.conf-LoadModule.patch"
-sha256sums="f87ec2df1c9fee3e6bfde3c8b855a3ddb7ca1ab20ca877bd0e2b6bf3f05c80b2  httpd-2.4.25.tar.bz2
-6ca904ad65c1a4122d8ea4a3303ea8184429a4a4d7fb81defc30f3e184258c0a  apache2.confd
-8e2a8870d51796cf04cc7d8985c43e36afe9ae79e2d6765050a0e72c0de8dce7  apache2.logrotate
-8761faa68c2db7114b3f463f3b8ef1aec8f8373da9908d943cc765765914ab36  apache2.initd
-c40668ae8384d0555488660b68eda16ad8ccb11fde16a8197d33bed739fed1e8  alpine.layout
-2e078ca7c99d78b0bf1d7eaa471d257f98af0aeb3d442e761552749981c8f503  0001-httpd.conf-ServerRoot.patch
-f9ad9b6fbdb6dd77b77e39410f061e4d155e83ac7943d4f3c8e783b75c4bca78  0002-httpd.conf-ServerTokens.patch
-8e38e5b285b5d7aabe3c03ce8d99555888de4a193f6ee52e725a40fc9380b42b  0003-httpd.conf-ServerSignature.patch
-6787eb526fe550c4bf4a507a23c33453e5e24731a88d662f230566f221c44cda  0004-httpd.conf-User-Group.patch
-262cab44115d07f0ee2397efd7a9ff8100ef9cbf6a94d856bee7de3831536a24  0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch
-0395f58e5f1d13e8ee8f88ea40862f54d1e94d361e43831337478af3ff39034d  0006-httpd-dav.conf-DavLockDB.patch
-38c27c17b9ed1b0440a69e594e5f45b52f59db193e03bbc9697bc784a9c5e308  0007-httpd-ssl.conf-SSLSessionCache.patch
-908c6a3f360e268caaf87f6d581443e7e0e3356b9a7be204d3b30423904dde81  0008-httpd-ssl.conf-SSLRandomSeed.patch
-d5129c7bd958a9a801527a3a07ad45a390fb23bc1754edf9274dbf32e68568ee  0009-httpd-ssl.conf-SSL-File.patch
-f22abd948065649d9972be320a1feb855b5807ca9f45af3ad354b9560cb257d1  0010-httpd-ssl.conf-SSL-CipherSuite.patch
-9ecd79e4a084d876c56000ccc2fa88463fb57617b575fe4f8104c099715c691b  0011-httpd.conf-IncludeOptional.patch
-5bad32417abc9fdf3e430aabd1ac8d13d90304911d6bd76515896df0aaa3e8d7  0012-httpd.conf-MIMEMagicFile.patch
-9603bf79c7eab05e635ee7c9b2ecc67c49146f955b59852a88f2c618bd489a78  0013-httpd-.conf-IfModule.patch
-34d0202635660c961ee5186a4950e2af714b27bbd4aef23901c1f05a5e6c6fcd  0014-httpd-.conf-LoadModule.patch"
-sha512sums="6ba4ce1dcef71416cf1c0de2468c002767b5637a75744daf5beb0edd045749a751b3826c4132f594c48e4b33ca8e1b25ebfb63ac4c8b759ca066a89d3261fb22  httpd-2.4.25.tar.bz2
+sha512sums="4b32f01f17c912011f24bf3991430d474be13836af41b26c072e3c1eab2b45a3c52851eb00423e046c59fc16e1f501d64daaee3f2469b2745857ec1982966c9a  httpd-2.4.26.tar.bz2
+7ccd6ba80836e5d8481779855e5b5618f10f20fb00c765e94a3788e746e99311d687c20053ed348fc1a31532fc8900c24915c7b0aff83418f2f40dc7b94944cc  libressl.patch
 8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc  apache2.confd
 18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b  apache2.logrotate
 81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701  apache2.initd
 177c58d049fc4476fd9b9b36b67725145777c84cf81948105c9314cb09312dff6c1931fe21aaa243597abaefded6c6dfd80d83839e45a23950b50de615d73b06  alpine.layout
-b55051f1358fb957cb24ea5d7cf6106822935c5fe3d1f4bb071d4caff5daa46c31c4fc81ec1f2ce0335a634e8b7545f2265c3d28bea3b0799b9ff589ba36c24a  0001-httpd.conf-ServerRoot.patch
-948299dd3b5b004276394a4ce94005a011cfe14e032e7cdce060bf0f6123835020419226cc0fe78cbefba996c0c2eebd1b8d713d2f1b424e0e6f58b1e589bc3f  0002-httpd.conf-ServerTokens.patch
-360d67fae5882f460509bfe3a295055602480902aa135f914cfd3c6d16c43fa92e77ef5de0360b2eab11ca0d0ad6bd46bf093a156a64718696635a6c3d328ad3  0003-httpd.conf-ServerSignature.patch
-2bf81ded68ccca5d893233bede8cd002d05b7e26fe1a6d341c41a5e439e16c816ffdcb03fd093b45ff0ea1b905f423420e45b07b9da91181ac73fb533e1b68c1  0004-httpd.conf-User-Group.patch
-9aa4bc57702c2b4adb91885558504318ebc5d4129aea259bff08d19d8350c82e308c801db77f1dadbbeae4bf284a7939c2f16a8fd26798b71e8510985540c1e4  0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch
-238f6b3572f6a39ed778aab33b7adc5023fb8d82cbea1af21b16587aac2c9056d025608c20232e3017531513b4b49e4272ab59c82a7a39b17291c93256037387  0006-httpd-dav.conf-DavLockDB.patch
-5c32f20f883055f47e796b9fd5dcea5e794c7a5375712e384a7093ca38629259beda376d0ba2c78c44329f75e2c75fda987bc38ff22669a8421a7825bdef78b7  0007-httpd-ssl.conf-SSLSessionCache.patch
-9eca9eca008af801adc067eb0ecfe19cff7e77e7e675cd005d3ac1d551c638bb6ea5dd9b30a019db9c650fba53ab6ce88202118361e53f018283f6794d3f09d3  0008-httpd-ssl.conf-SSLRandomSeed.patch
-377c89510dc165dfb88922aeaf923aa1efd69e7cfd10cb6f8b1e1f015865187f287c0a5090f31f76137de8b9973fcbf5bd17f7003fc275c87a6bf3cf32758c33  0009-httpd-ssl.conf-SSL-File.patch
-e151a8ebb23b1a3a92ea9a8b83b6bf64c950ec8ded8d514df8f16f074c5f712de7c44cb42190ca15a2010bac2c4ff57f26947e87625d40f7791ec1e77cf88cc7  0010-httpd-ssl.conf-SSL-CipherSuite.patch
-fc3352b50bee11e7560594398948a1af0279d339e891915e38766c9c0f930cc01f207e438afe9a43329b6d23fe438939666309e8ad77938dbe8dc784aaae4113  0011-httpd.conf-IncludeOptional.patch
-da3a99ccf54c8d4adc633cceb3e520e48b47e868e8f1be33c81027ce3173401c8b9b79af4f75c73c94f77a50452219a4d23774b03a74f6271a677ec271396ada  0012-httpd.conf-MIMEMagicFile.patch
-564866cadebd957eb9b23624286deb8cadb0ebeda0e3e80ec2cd8912731c8273f5ef5fa9f2d8295accb304da40c850772a854eb0c76c3aa08bb93b059c730882  0013-httpd-.conf-IfModule.patch
-3742b8ed06cfd081a02c171b5ddf42652d2848fd520e0ff1a4799fce90300e70ab8edbbecc7111a1083133077a57703a631879143777565e6918099a873d4aa0  0014-httpd-.conf-LoadModule.patch"
+361e0a74f6f8f5734f074dc2f2001ff64896ecc81f88ea384b6db7db33b7738eb92b4e16163b356259581a8e7dd86adeac971d36d2584abb781e8f9b8fae6356  0001-httpd.conf-ServerRoot.patch
+40f3b7579c403952ba1efcb8dfd6ffd91c2695a06a2e5530ab5a583946558790fbfa16cad259d273ac1aa7a6335dd79636aa82fd844dc3a60a34c34d90db5e17  0002-httpd.conf-ServerTokens.patch
+ad0c1711bc240f99cd0256d0984ad0142e03c384d30378ccca3e47cdd2596307e64bb19fbd810a56c0e4c0716577d3160bad2ae39783b1358412588bc729c113  0003-httpd.conf-ServerSignature.patch
+49940950d5f71c671cd1257714a95f437899a694a26e8e8557868ba65b0888b218afe2eecfa676a0ded5ad0db67bdfb15c7e9cf85f536b4559007dc7461f4c07  0004-httpd.conf-User-Group.patch
+165a016a2cb9969c25fa73fab90fba5662d916e4883abd223ac104579334424103c123009d41b6fe3fcd30070daa8c6bdbb2afbb2905d08e183ecb66018578a3  0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch
+c27af4e0fa0b4d441534c452fd5f26e8ab28e737660c1eddf952f9a44d82c54abd1eb5e7c1b3da5191c5ecf0358fcd4e23b8fd241d805290a7c32a7fb3138a12  0006-httpd-dav.conf-DavLockDB.patch
+90adca579c3c7dc69ce1f175b47acc9e9e33667d93bb33aead7cf286212f1bdb58062fcd4e01657a2bb8ea9a2ac90c7c95f4cb8f19a29f6366e28a7168240708  0007-httpd-ssl.conf-SSLSessionCache.patch
+0bae3368dd64737ffc1b1aeaccbe21e597c5d497e45a5e9bc0e27c78091b9ead13690da37d28cdc5d285c58d82085720cdd627abc3b650d4f13a4cbf24021565  0008-httpd-ssl.conf-SSLRandomSeed.patch
+a3b0827f86902ab05afb27ae7fef0a7b9984ef103cf3aea80651b5cfb239db99e477b077bee8d7f0e576471090055fe1a78238d746aae34bd397f3db1d0eac8f  0009-httpd-ssl.conf-SSL-File.patch
+a3936713f8ffcbf2bb633035873249b94fa8ace9fdb758405264f075f755fbcfec4d08794f79e4699ab398fcd0049d1897b1fd5af62e1356780938ad08ac3a11  0010-httpd-ssl.conf-SSL-CipherSuite.patch
+eb09b3bcbab70f6a48d5efe8fc4bd62cc2b3f46def97c09d8454b846a065c02d18bd846313c421897c8d13be728e4b2ca790e2a5c5c6add3821d9e572bacfab2  0011-httpd.conf-IncludeOptional.patch
+695742f569720d7bad9306acc40456de3a12ff2ff3a108499afc3fed2e8b13883027c6e14a3fac3efe387a70386b958605b5bbfd0147ec06bb87fad30f3b66fa  0012-httpd.conf-MIMEMagicFile.patch
+efbba3c3475bebe5c63ce8d6eaf153cf2c46188e282a65830571c8b7dbc1e657ab9ce160dc82e331097ac483fe632f5201fde6f3f5de32fe5c52dcc7dee66216  0013-httpd-.conf-IfModule.patch
+56e7bb9743d153416b15c32bb5435e4cf85d84204a02f28767c8dcba08eec1ac302521d57ce74154d3e9f7a3644ab3f8a9318150e21f8559eb67e387087a0821  0014-httpd-.conf-LoadModule.patch"
diff --git a/main/apache2/conf/0001-httpd.conf-ServerRoot.patch b/main/apache2/conf/0001-httpd.conf-ServerRoot.patch
index 26f9b5a388..3565bd4f8e 100644
--- a/main/apache2/conf/0001-httpd.conf-ServerRoot.patch
+++ b/main/apache2/conf/0001-httpd.conf-ServerRoot.patch
@@ -1,4 +1,4 @@
-From 8d6011f6009c74a6dc701017c629f21516142256 Mon Sep 17 00:00:00 2001
+From 0126e85796d645820a7883a5f133b52c1408d53c Mon Sep 17 00:00:00 2001
 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 Date: Mon, 21 Sep 2015 12:16:16 +0300
 Subject: [PATCH 01/14] httpd.conf: ServerRoot
@@ -8,7 +8,7 @@ Subject: [PATCH 01/14] httpd.conf: ServerRoot
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
-index 966d2c3..c97b18d 100644
+index 37d7c0b..3e21599 100644
 --- a/docs/conf/httpd.conf.in
 +++ b/docs/conf/httpd.conf.in
 @@ -28,7 +28,7 @@
@@ -21,5 +21,5 @@ index 966d2c3..c97b18d 100644
  #
  # Mutex: Allows you to set the mutex mechanism and mutex file directory
 -- 
-2.5.0
+2.9.4
 
diff --git a/main/apache2/conf/0002-httpd.conf-ServerTokens.patch b/main/apache2/conf/0002-httpd.conf-ServerTokens.patch
index d688592683..99ebcbd8e6 100644
--- a/main/apache2/conf/0002-httpd.conf-ServerTokens.patch
+++ b/main/apache2/conf/0002-httpd.conf-ServerTokens.patch
@@ -1,4 +1,4 @@
-From efe4452d812db7bdb0885ba89cf488c2eade7c70 Mon Sep 17 00:00:00 2001
+From 37588c3ee46bc58510d7aac77109eeafb56964ab Mon Sep 17 00:00:00 2001
 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 Date: Fri, 11 Sep 2015 11:10:55 +0300
 Subject: [PATCH 02/14] httpd.conf: ServerTokens
@@ -30,7 +30,7 @@ index 7196922..a05ebc1 100644
  # name to server-generated pages (internal error documents, FTP directory 
  # listings, mod_status and mod_info output etc., but not CGI generated 
 diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
-index c97b18d..0cceb2a 100644
+index 3e21599..e995794 100644
 --- a/docs/conf/httpd.conf.in
 +++ b/docs/conf/httpd.conf.in
 @@ -19,6 +19,16 @@
@@ -51,5 +51,5 @@ index c97b18d..0cceb2a 100644
  # configuration, error, and log files are kept.
  #
 -- 
-2.5.0
+2.9.4
 
diff --git a/main/apache2/conf/0003-httpd.conf-ServerSignature.patch b/main/apache2/conf/0003-httpd.conf-ServerSignature.patch
index c6c4f4ffda..f269f04516 100644
--- a/main/apache2/conf/0003-httpd.conf-ServerSignature.patch
+++ b/main/apache2/conf/0003-httpd.conf-ServerSignature.patch
@@ -1,4 +1,4 @@
-From ca039c67e17d45f641b018e76d90b36b1325ab16 Mon Sep 17 00:00:00 2001
+From f5c03e6a248fcf273efeabc31665f0af56a17b55 Mon Sep 17 00:00:00 2001
 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 Date: Fri, 11 Sep 2015 11:46:25 +0300
 Subject: [PATCH 03/14] httpd.conf: ServerSignature
@@ -30,7 +30,7 @@ index a05ebc1..dcc2fb5 100644
  # e.g., www.apache.org (on) or 204.62.129.132 (off).
  # The default is off because it'd be overall better for the net if people
 diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
-index 0cceb2a..5835643 100644
+index e995794..748b5ef 100644
 --- a/docs/conf/httpd.conf.in
 +++ b/docs/conf/httpd.conf.in
 @@ -109,6 +109,16 @@ Group daemon
@@ -51,5 +51,5 @@ index 0cceb2a..5835643 100644
  # This can often be determined automatically, but we recommend you specify
  # it explicitly to prevent problems during startup.
 -- 
-2.5.0
+2.9.4
 
diff --git a/main/apache2/conf/0004-httpd.conf-User-Group.patch b/main/apache2/conf/0004-httpd.conf-User-Group.patch
index 264ae3a494..24d1c83955 100644
--- a/main/apache2/conf/0004-httpd.conf-User-Group.patch
+++ b/main/apache2/conf/0004-httpd.conf-User-Group.patch
@@ -1,4 +1,4 @@
-From 1ac121e7d4ea97b2a2fa5c678fd989ad1081d541 Mon Sep 17 00:00:00 2001
+From 023f6840e901390b95f3d858d7f85cd9ac257d75 Mon Sep 17 00:00:00 2001
 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 Date: Fri, 11 Sep 2015 11:31:31 +0300
 Subject: [PATCH 04/14] httpd.conf: User/Group
@@ -8,7 +8,7 @@ Subject: [PATCH 04/14] httpd.conf: User/Group
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
-index 5835643..2f2bf49 100644
+index 748b5ef..33b7487 100644
 --- a/docs/conf/httpd.conf.in
 +++ b/docs/conf/httpd.conf.in
 @@ -84,8 +84,8 @@ Listen @@Port@@
@@ -23,5 +23,5 @@ index 5835643..2f2bf49 100644
  </IfModule>
  
 -- 
-2.5.0
+2.9.4
 
diff --git a/main/apache2/conf/0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch b/main/apache2/conf/0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch
index a4aa4d635d..ea0d23c442 100644
--- a/main/apache2/conf/0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch
+++ b/main/apache2/conf/0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch
@@ -1,4 +1,4 @@
-From c48105dca98ec2e4c63cb487f2ce5ab4da6a55c4 Mon Sep 17 00:00:00 2001
+From 3f6e035c2d85967fc63431d73e4a37821513b39c Mon Sep 17 00:00:00 2001
 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 Date: Fri, 11 Sep 2015 11:40:22 +0300
 Subject: [PATCH 05/14] httpd.conf: ErrorLog/CustomLog/TransferLog
@@ -9,7 +9,7 @@ Subject: [PATCH 05/14] httpd.conf: ErrorLog/CustomLog/TransferLog
  2 files changed, 6 insertions(+), 6 deletions(-)
 
 diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
-index f093b32..65dae32 100644
+index 6a3c67a..3ace58a 100644
 --- a/docs/conf/extra/httpd-ssl.conf.in
 +++ b/docs/conf/extra/httpd-ssl.conf.in
 @@ -124,8 +124,8 @@ SSLSessionCacheTimeout  300
@@ -33,7 +33,7 @@ index f093b32..65dae32 100644
  
  </VirtualHost>                                  
 diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
-index 2f2bf49..8386312 100644
+index 33b7487..29ac06c 100644
 --- a/docs/conf/httpd.conf.in
 +++ b/docs/conf/httpd.conf.in
 @@ -201,7 +201,7 @@ DocumentRoot "@exp_htdocsdir@"
@@ -62,5 +62,5 @@ index 2f2bf49..8386312 100644
  
  <IfModule alias_module>
 -- 
-2.5.0
+2.9.4
 
diff --git a/main/apache2/conf/0006-httpd-dav.conf-DavLockDB.patch b/main/apache2/conf/0006-httpd-dav.conf-DavLockDB.patch
index 6b4b21b38d..8db75cf7e6 100644
--- a/main/apache2/conf/0006-httpd-dav.conf-DavLockDB.patch
+++ b/main/apache2/conf/0006-httpd-dav.conf-DavLockDB.patch
@@ -1,4 +1,4 @@
-From 6b0ea0ffe5dda6d6d24535c2be57304e0cbbe484 Mon Sep 17 00:00:00 2001
+From 02d449be1ef2a6b84a913458d833778a66917e81 Mon Sep 17 00:00:00 2001
 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 Date: Fri, 11 Sep 2015 12:46:16 +0300
 Subject: [PATCH 06/14] httpd-dav.conf: DavLockDB
@@ -21,5 +21,5 @@ index f1d35e0..416110b 100644
  Alias /uploads "@@ServerRoot@@/uploads"
  
 -- 
-2.5.0
+2.9.4
 
diff --git a/main/apache2/conf/0007-httpd-ssl.conf-SSLSessionCache.patch b/main/apache2/conf/0007-httpd-ssl.conf-SSLSessionCache.patch
index 3de8608948..09de671124 100644
--- a/main/apache2/conf/0007-httpd-ssl.conf-SSLSessionCache.patch
+++ b/main/apache2/conf/0007-httpd-ssl.conf-SSLSessionCache.patch
@@ -1,4 +1,4 @@
-From ff4cb257ca2f5f6705776683dc6c26c65a8fffd3 Mon Sep 17 00:00:00 2001
+From e718f5cf478200adc3132f488fb673bc1f614fbd Mon Sep 17 00:00:00 2001
 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 Date: Fri, 11 Sep 2015 12:53:13 +0300
 Subject: [PATCH 07/14] httpd-ssl.conf: SSLSessionCache
@@ -8,7 +8,7 @@ Subject: [PATCH 07/14] httpd-ssl.conf: SSLSessionCache
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
-index 65dae32..1680430 100644
+index 3ace58a..090ce32 100644
 --- a/docs/conf/extra/httpd-ssl.conf.in
 +++ b/docs/conf/extra/httpd-ssl.conf.in
 @@ -89,7 +89,7 @@ SSLPassPhraseDialog  builtin
@@ -21,5 +21,5 @@ index 65dae32..1680430 100644
  
  #   OCSP Stapling (requires OpenSSL 0.9.8h or later)
 -- 
-2.5.0
+2.9.4
 
diff --git a/main/apache2/conf/0008-httpd-ssl.conf-SSLRandomSeed.patch b/main/apache2/conf/0008-httpd-ssl.conf-SSLRandomSeed.patch
index 0f461bcb73..ed99ad6330 100644
--- a/main/apache2/conf/0008-httpd-ssl.conf-SSLRandomSeed.patch
+++ b/main/apache2/conf/0008-httpd-ssl.conf-SSLRandomSeed.patch
@@ -1,4 +1,4 @@
-From 2270e11bbe1ba3a0b489ecd941ef3a7a944ba151 Mon Sep 17 00:00:00 2001
+From 201ea4523851206881c1feaacc7451d8df7f1267 Mon Sep 17 00:00:00 2001
 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 Date: Fri, 11 Sep 2015 12:58:01 +0300
 Subject: [PATCH 08/14] httpd-ssl.conf: SSLRandomSeed
@@ -9,7 +9,7 @@ Subject: [PATCH 08/14] httpd-ssl.conf: SSLRandomSeed
  2 files changed, 2 insertions(+), 14 deletions(-)
 
 diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
-index 1680430..da506c8 100644
+index 090ce32..75ce736 100644
 --- a/docs/conf/extra/httpd-ssl.conf.in
 +++ b/docs/conf/extra/httpd-ssl.conf.in
 @@ -24,7 +24,8 @@
@@ -23,10 +23,10 @@ index 1680430..da506c8 100644
  #SSLRandomSeed connect file:/dev/urandom 512
  
 diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
-index 8386312..de6ee33 100644
+index 29ac06c..46ccea6 100644
 --- a/docs/conf/httpd.conf.in
 +++ b/docs/conf/httpd.conf.in
-@@ -414,16 +414,3 @@ LogLevel warn
+@@ -423,16 +423,3 @@ LogLevel warn
  <IfModule proxy_html_module>
  Include @rel_sysconfdir@/extra/proxy-html.conf
  </IfModule>
@@ -44,5 +44,5 @@ index 8386312..de6ee33 100644
 -</IfModule>
 -
 -- 
-2.5.0
+2.9.4
 
diff --git a/main/apache2/conf/0009-httpd-ssl.conf-SSL-File.patch b/main/apache2/conf/0009-httpd-ssl.conf-SSL-File.patch
index 851130fe3d..845e01d56e 100644
--- a/main/apache2/conf/0009-httpd-ssl.conf-SSL-File.patch
+++ b/main/apache2/conf/0009-httpd-ssl.conf-SSL-File.patch
@@ -1,4 +1,4 @@
-From deef08a02706efc731555d4d4d1c43ca126d6d3e Mon Sep 17 00:00:00 2001
+From 35db76c3663f77b49c1f1b1f0e07d108d6176c8c Mon Sep 17 00:00:00 2001
 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 Date: Fri, 11 Sep 2015 13:03:38 +0300
 Subject: [PATCH 09/14] httpd-ssl.conf SSL*File
@@ -8,7 +8,7 @@ Subject: [PATCH 09/14] httpd-ssl.conf SSL*File
  1 file changed, 11 insertions(+), 11 deletions(-)
 
 diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
-index da506c8..4462fa6 100644
+index 75ce736..e80ad1a 100644
 --- a/docs/conf/extra/httpd-ssl.conf.in
 +++ b/docs/conf/extra/httpd-ssl.conf.in
 @@ -142,9 +142,9 @@ SSLEngine on
@@ -69,5 +69,5 @@ index da506c8..4462fa6 100644
  
  #   Client Authentication (Type):
 -- 
-2.5.0
+2.9.4
 
diff --git a/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch b/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch
index 7c806c3519..4b9229babd 100644
--- a/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch
+++ b/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch
@@ -1,4 +1,4 @@
-From 9ddd6227e5e0c38b869a77ce04c93877a2b1fc85 Mon Sep 17 00:00:00 2001
+From be15024e8c13bf740897274844bee4afd8c9946b Mon Sep 17 00:00:00 2001
 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 Date: Fri, 11 Sep 2015 13:32:31 +0300
 Subject: [PATCH 10/14] httpd-ssl.conf: SSL*CipherSuite
@@ -8,20 +8,20 @@ Subject: [PATCH 10/14] httpd-ssl.conf: SSL*CipherSuite
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
-index 4462fa6..4534852 100644
+index e80ad1a..b5f5e9d 100644
 --- a/docs/conf/extra/httpd-ssl.conf.in
 +++ b/docs/conf/extra/httpd-ssl.conf.in
 @@ -50,8 +50,8 @@ Listen @@SSLPort@@
  #   ensure these follow appropriate best practices for this deployment.
  #   httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
  #   while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
--SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
--SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
-+SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!ADH
-+SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!ADH
+-SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
+-SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
++SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
++SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
  
  #  By the end of 2016, only TLSv1.2 ciphers should remain in use.
  #  Older ciphers should be disallowed as soon as possible, while the
 -- 
-2.5.0
+2.9.4
 
diff --git a/main/apache2/conf/0011-httpd.conf-IncludeOptional.patch b/main/apache2/conf/0011-httpd.conf-IncludeOptional.patch
index bc38c2753c..06ed346b5c 100644
--- a/main/apache2/conf/0011-httpd.conf-IncludeOptional.patch
+++ b/main/apache2/conf/0011-httpd.conf-IncludeOptional.patch
@@ -1,4 +1,4 @@
-From 1013806f1128c2cf289b20362484f64379dda619 Mon Sep 17 00:00:00 2001
+From 355485ecb874640c0856e4f3c239d517d97893df Mon Sep 17 00:00:00 2001
 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 Date: Fri, 11 Sep 2015 11:27:24 +0300
 Subject: [PATCH 11/14] httpd.conf: IncludeOptional
@@ -8,10 +8,10 @@ Subject: [PATCH 11/14] httpd.conf: IncludeOptional
  1 file changed, 2 insertions(+), 40 deletions(-)
 
 diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
-index de6ee33..66d20fe 100644
+index 46ccea6..388916f 100644
 --- a/docs/conf/httpd.conf.in
 +++ b/docs/conf/httpd.conf.in
-@@ -373,44 +373,6 @@ LogLevel warn
+@@ -382,44 +382,6 @@ LogLevel warn
  #EnableMMAP off
  #EnableSendfile on
  
@@ -59,5 +59,5 @@ index de6ee33..66d20fe 100644
 -</IfModule>
 +IncludeOptional /etc/apache2/conf.d/*.conf
 -- 
-2.5.0
+2.9.4
 
diff --git a/main/apache2/conf/0012-httpd.conf-MIMEMagicFile.patch b/main/apache2/conf/0012-httpd.conf-MIMEMagicFile.patch
index 2db338d16f..4fa1911c23 100644
--- a/main/apache2/conf/0012-httpd.conf-MIMEMagicFile.patch
+++ b/main/apache2/conf/0012-httpd.conf-MIMEMagicFile.patch
@@ -1,4 +1,4 @@
-From 867d4c6caac66cb458316b97cd24761f339861ca Mon Sep 17 00:00:00 2001
+From e0eca7b6d1837ceee414e08698108fb35e79635e Mon Sep 17 00:00:00 2001
 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 Date: Fri, 11 Sep 2015 14:59:32 +0300
 Subject: [PATCH 12/14] httpd.conf: MIMEMagicFile
@@ -8,10 +8,10 @@ Subject: [PATCH 12/14] httpd.conf: MIMEMagicFile
  1 file changed, 3 insertions(+), 1 deletion(-)
 
 diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
-index 66d20fe..4266f87 100644
+index 388916f..61747cb 100644
 --- a/docs/conf/httpd.conf.in
 +++ b/docs/conf/httpd.conf.in
-@@ -341,7 +341,9 @@ LogLevel warn
+@@ -350,7 +350,9 @@ LogLevel warn
  # contents of the file itself to determine its type.  The MIMEMagicFile
  # directive tells the module where the hint definitions are located.
  #
@@ -23,5 +23,5 @@ index 66d20fe..4266f87 100644
  #
  # Customizable error responses come in three flavors:
 -- 
-2.5.0
+2.9.4
 
diff --git a/main/apache2/conf/0013-httpd-.conf-IfModule.patch b/main/apache2/conf/0013-httpd-.conf-IfModule.patch
index 20693109b7..8c88e93244 100644
--- a/main/apache2/conf/0013-httpd-.conf-IfModule.patch
+++ b/main/apache2/conf/0013-httpd-.conf-IfModule.patch
@@ -1,4 +1,4 @@
-From 5dfde3ec458ddda04b070709b60803144ce29d9a Mon Sep 17 00:00:00 2001
+From 9a788d82c38717396903f5352e6d27e938f0cb25 Mon Sep 17 00:00:00 2001
 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 Date: Fri, 11 Sep 2015 15:05:30 +0300
 Subject: [PATCH 13/14] httpd-*.conf: IfModule
@@ -65,5 +65,5 @@ index a744322..edd158f 100644
  
 +</IfModule>
 -- 
-2.5.0
+2.9.4
 
diff --git a/main/apache2/conf/0014-httpd-.conf-LoadModule.patch b/main/apache2/conf/0014-httpd-.conf-LoadModule.patch
index fbf0757bed..6d34deb501 100644
--- a/main/apache2/conf/0014-httpd-.conf-LoadModule.patch
+++ b/main/apache2/conf/0014-httpd-.conf-LoadModule.patch
@@ -1,4 +1,4 @@
-From a15f4e83f0c5b6a3974af01427e3facf9191d0ef Mon Sep 17 00:00:00 2001
+From 2a1fe11fab2e43d9c00aae699108e75e8185715b Mon Sep 17 00:00:00 2001
 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 Date: Fri, 11 Sep 2015 15:12:08 +0300
 Subject: [PATCH 14/14] httpd*.conf: LoadModule
@@ -25,7 +25,7 @@ index 416110b..0ddcb48 100644
  # The following example gives DAV write access to a directory called
  # "uploads" under the ServerRoot directory.
 diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
-index 4534852..b5bcb5d 100644
+index b5f5e9d..d9e5bd1 100644
 --- a/docs/conf/extra/httpd-ssl.conf.in
 +++ b/docs/conf/extra/httpd-ssl.conf.in
 @@ -10,6 +10,8 @@
@@ -55,7 +55,7 @@ index 683a091..0648e8e 100644
  # For Windows (I don't know if there's a standard path for the libraries)
  # LoadFile	C:/path/zlib.dll
 diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
-index 4266f87..df1f2a1 100644
+index 61747cb..8fec78c 100644
 --- a/docs/conf/httpd.conf.in
 +++ b/docs/conf/httpd.conf.in
 @@ -75,6 +75,8 @@ Listen @@Port@@
@@ -68,5 +68,5 @@ index 4266f87..df1f2a1 100644
  #
  # If you wish httpd to run as a different user or group, you must run
 -- 
-2.5.0
+2.9.4
 
diff --git a/main/apache2/libressl.patch b/main/apache2/libressl.patch
new file mode 100644
index 0000000000..e4b6176911
--- /dev/null
+++ b/main/apache2/libressl.patch
@@ -0,0 +1,235 @@
+--- httpd-2.4.26/modules/ssl/mod_ssl.c
++++ httpd-2.4.26.libressl/modules/ssl/mod_ssl.c
+@@ -337,12 +337,12 @@
+ #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
+     ENGINE_cleanup();
+ #endif
+-#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
++#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_COMP)
+     SSL_COMP_free_compression_methods();
+ #endif
+ 
+     /* Usually needed per thread, but this parent process is single-threaded */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #if OPENSSL_VERSION_NUMBER >= 0x1000000fL
+     ERR_remove_thread_state(NULL);
+ #else
+@@ -383,14 +383,14 @@
+     /* Some OpenSSL internals are allocated per-thread, make sure they
+      * are associated to the/our same thread-id until cleaned up.
+      */
+-#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     ssl_util_thread_id_setup(pconf);
+ #endif
+ 
+     /* We must register the library in full, to ensure our configuration
+      * code can successfully test the SSL environment.
+      */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     CRYPTO_malloc_init();
+ #else
+     OPENSSL_malloc_init();
+--- httpd-2.4.26/modules/ssl/ssl_engine_init.c
++++ httpd-2.4.26.libressl/modules/ssl/ssl_engine_init.c
+@@ -47,7 +47,7 @@
+ #define KEYTYPES "RSA or DSA"
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /* OpenSSL Pre-1.1.0 compatibility */
+ /* Taken from OpenSSL 1.1.0 snapshot 20160410 */
+ static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+@@ -257,7 +257,7 @@
+ #endif
+     }
+ 
+-#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if APR_HAS_THREADS && ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
+     ssl_util_thread_setup(p);
+ #endif
+ 
+@@ -380,7 +380,7 @@
+     modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */
+ 
+     init_dh_params();
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     init_bio_methods();
+ #endif
+ 
+@@ -1301,7 +1301,7 @@
+      * or configure NIST P-256 (required to enable ECDHE for earlier versions)
+      * ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList
+      */
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+     else {
+ #if defined(SSL_CTX_set_ecdh_auto)
+         SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
+@@ -2011,7 +2011,7 @@
+ 
+     }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     free_bio_methods();
+ #endif
+     free_dh_params();
+--- httpd-2.4.26/modules/ssl/ssl_engine_io.c
++++ httpd-2.4.26.libressl/modules/ssl/ssl_engine_io.c
+@@ -164,7 +164,7 @@
+ {
+     BIO_set_shutdown(bio, 1);
+     BIO_set_init(bio, 1);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     /* No setter method for OpenSSL 1.1.0 available,
+      * but I can't find any functional use of the
+      * "num" field there either.
+@@ -549,7 +549,7 @@
+     return -1;
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+         
+ static BIO_METHOD bio_filter_out_method = {
+     BIO_TYPE_MEM,
+@@ -2024,7 +2024,7 @@
+ 
+     filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, r, c);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     filter_ctx->pbioRead = BIO_new(&bio_filter_in_method);
+ #else
+     filter_ctx->pbioRead = BIO_new(bio_filter_in_method);
+@@ -2059,7 +2059,7 @@
+     filter_ctx->pOutputFilter   = ap_add_output_filter(ssl_io_filter,
+                                                        filter_ctx, r, c);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     filter_ctx->pbioWrite       = BIO_new(&bio_filter_out_method);
+ #else
+     filter_ctx->pbioWrite       = BIO_new(bio_filter_out_method);
+--- httpd-2.4.26/modules/ssl/ssl_engine_kernel.c
++++ httpd-2.4.26.libressl/modules/ssl/ssl_engine_kernel.c
+@@ -1733,7 +1733,7 @@
+  * so we need to increment here to prevent them from
+  * being freed.
+  */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define modssl_set_cert_info(info, cert, pkey) \
+     *cert = info->x509; \
+     CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \
+--- httpd-2.4.26/modules/ssl/ssl_engine_vars.c
++++ httpd-2.4.26.libressl/modules/ssl/ssl_engine_vars.c
+@@ -529,7 +529,7 @@
+         resdup = FALSE;
+     }
+     else if (strcEQ(var, "A_SIG")) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+         nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->signature->algorithm));
+ #else
+         const ASN1_OBJECT *paobj;
+--- httpd-2.4.26/modules/ssl/ssl_private.h
++++ httpd-2.4.26.libressl/modules/ssl/ssl_private.h
+@@ -123,6 +123,16 @@
+ #define MODSSL_SSL_METHOD_CONST
+ #endif
+ 
++#if defined(LIBRESSL_VERSION_NUMBER)
++/* Missing from LibreSSL */
++#define SSL_CTRL_SET_MIN_PROTO_VERSION          123
++#define SSL_CTRL_SET_MAX_PROTO_VERSION          124
++#define SSL_CTX_set_min_proto_version(ctx, version) \
++        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
++#define SSL_CTX_set_max_proto_version(ctx, version) \
++        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
++#endif
++
+ #if defined(OPENSSL_FIPS)
+ #define HAVE_FIPS
+ #endif
+@@ -136,7 +146,7 @@
+ #endif
+ 
+ /* session id constness */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define IDCONST
+ #else
+ #define IDCONST const
+@@ -199,7 +209,7 @@
+ 
+ #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define BN_get_rfc2409_prime_768   get_rfc2409_prime_768
+ #define BN_get_rfc2409_prime_1024  get_rfc2409_prime_1024
+ #define BN_get_rfc3526_prime_1536  get_rfc3526_prime_1536
+@@ -219,7 +229,7 @@
+ void free_bio_methods(void);
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10002000L
++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define X509_STORE_CTX_get0_store(x) (x->ctx)
+ #endif
+ 
+@@ -934,7 +944,7 @@
+                                  const char * const *);
+ BOOL         ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
+ #if APR_HAS_THREADS
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ void         ssl_util_thread_setup(apr_pool_t *);
+ #endif
+ void         ssl_util_thread_id_setup(apr_pool_t *);
+--- httpd-2.4.26/modules/ssl/ssl_util.c
++++ httpd-2.4.26.libressl/modules/ssl/ssl_util.c
+@@ -247,7 +247,7 @@
+ }
+ 
+ #if APR_HAS_THREADS
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /*
+  * To ensure thread-safetyness in OpenSSL - work in progress
+  */
+--- httpd-2.4.26/modules/ssl/ssl_util_ssl.h
++++ httpd-2.4.26.libressl/modules/ssl/ssl_util_ssl.h
+@@ -41,7 +41,7 @@
+ #define MODSSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER
+ #define MODSSL_LIBRARY_NAME    "OpenSSL"
+ #define MODSSL_LIBRARY_TEXT    OPENSSL_VERSION_TEXT
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define MODSSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION)
+ #else
+ #define MODSSL_LIBRARY_DYNTEXT OpenSSL_version(OPENSSL_VERSION)
+--- httpd-2.4.26/support/ab.c
++++ httpd-2.4.26.libressl/support/ab.c
+@@ -197,6 +197,14 @@
+ #if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name)
+ #define HAVE_TLSEXT
+ #endif
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2060000f
++# define SSL_CTRL_SET_MIN_PROTO_VERSION	123
++# define SSL_CTRL_SET_MAX_PROTO_VERSION 124
++#define SSL_CTX_set_min_proto_version(ctx, version) \
++   SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
++#define SSL_CTX_set_max_proto_version(ctx, version) \
++   SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
++#endif
+ #endif
+ 
+ #include <math.h>
author	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2017-07-06 14:24:10 +0300
committer	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2017-07-06 14:26:18 +0300
commit	c930c29f44d1c8c27a01acc3e871b48922d3b620 (patch)
tree	d83bd75d0135874c118b8fb3d3f93bce90e893fe /main/apache2
parent	ba13c2bb464c773bf962da25426e9922be473839 (diff)
download	aports-c930c29f44d1c8c27a01acc3e871b48922d3b620.tar.bz2 aports-c930c29f44d1c8c27a01acc3e871b48922d3b620.tar.xz