diff options
Diffstat (limited to 'www-servers/apache')
-rw-r--r-- | www-servers/apache/Manifest | 5 | ||||
-rw-r--r-- | www-servers/apache/apache-2.4.29-r1.ebuild | 2 | ||||
-rw-r--r-- | www-servers/apache/apache-2.4.33.ebuild | 5 | ||||
-rw-r--r-- | www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch | 97 |
4 files changed, 106 insertions, 3 deletions
diff --git a/www-servers/apache/Manifest b/www-servers/apache/Manifest index 371332af3a90..2b969243e9b2 100644 --- a/www-servers/apache/Manifest +++ b/www-servers/apache/Manifest @@ -1,4 +1,5 @@ AUX 41_mod_http2.conf 189 BLAKE2B 70f006ead657b250bb4c30a332484baf698541d44d922453bae6133e2458a7009035156f47c1dbba42bd6830ab5bef8c56d151821b0b56e9b41ef9b3db885411 SHA512 3d56a24ea98bc3188e5d6f8e2e0148e4b718e04f23452e77750bca984c44fc7c3acd4521a945b4c415284d0a5dac0f7e846bb60daf70fe61ce2632e8fa201ed6 +AUX apache-2.4.33-libressl-compatibility.patch 4025 BLAKE2B 4e4716f2827d76f7e2980096ade6d9d617b29d405372e929525020fd9aa4882ae5656eacf8778cf20d2de0588f28304d4bee60a1e00e1acfff520f253ef8f0fa SHA512 330e3e5a427e3f50da30e3861d11025c3b80c8226bae1d1a299af35826c25d7ff1c75d0b60d4b3233d6a95ce8dd7a6dc1d51cdf194549986ec29fa72d54c3ecd AUX apache.conf 55 BLAKE2B 05ab58ac12e51c7aa548a71a2da43bbf80e53ef8ebe7d143f698b118621f2af1498a1362e7f30b82dc12a96485652cb0c34248c290f6a1aab6a3f378d9843c2a SHA512 3a53beb7a283d17c14383f16ad14c0602681ac1b193cce8f5aca50ae9d9af3a71054ce4a9ab11cbcb72fe913459e1b306fd54660154e66afe10272f8c0f149f3 AUX apache2.2-hardened.service 970 BLAKE2B 77bf52cd0e5793aa81ad2b16267c1339e10fc4875704add053fd9ec67db60d2e175cb7a271c8d36b5e675a9cddd431062a6c31730510a921357b472383b502e4 SHA512 c206e7103d592dcf4f2d62979a20f7ab3cc7ce357ffe3c06ae8137064c812b9727e01a53fd602a0a55a64ed609664061de680ff42329381db787e2dae9310c48 AUX apache2.2.service 716 BLAKE2B 0006b5f5eee85bf4bae7b1b49944cedb057df974b7ed6e74cee21eed109846d91537c997241554ee4ff7b8d0534dcc54fc435f6a1e9d1f07817091f93f986500 SHA512 5f736c803772077598248bbb41f76dff396dfd2f11a60d1ba929a619275efb8c1b4c0dab78cbcdf83b9ec94db67b958b3333b01f67d71eb3b2e07dba4bca2a7c @@ -12,6 +13,6 @@ DIST httpd-2.4.29.tar.bz2 6567926 BLAKE2B 01a83212941abad548f73fc144f9731ff51e0e DIST httpd-2.4.33.tar.bz2 6934765 BLAKE2B 4ff266b85358e3100c8064c84c89db0235e6f46bb4b308e6b3bf642a9c0815eb6a731ee12e3d8ea2bf31a5d5e6621152452f1e8a9625755689f552f2473b1955 SHA512 e74b2b3346d67be45a8bc8a7cbb8eabf5c403a5cfe5797a976f94a539529843fbcdf03b9ca0548816b2cf37f4ce0eb301f8d5af25b1270fdf8dd9f5bf0585269 EBUILD apache-2.2.34.ebuild 2976 BLAKE2B 8816d1f547ba7e8de670ef0f45cde40748fc5d611e1060f0c76a8b35ce9771a493f89f2277afcd90ac36fc6f4f684be1e19913d2d3a2ecd78e63e9f4f0d97470 SHA512 32b49f813a80f28b50a2170878d3b204c51db243bbd117b60b8aff63627b42d2cb76e87282ad9053ac1513f0faf8489a60edc7dec0c8087f12650a74d3a533b7 EBUILD apache-2.4.27-r1.ebuild 7737 BLAKE2B 6e459c6d091a5d91d1179cde68fa1b34bb4faf04d3c66b8b0a759311e6b03102485fc4758a65437c5c9bd12f63e3afdd50730c196f3e5785c3c6aa25fb2cf2c5 SHA512 bd2df8d64f22fd28af9e2225492de2d3dc2d8172220f14f495841fec587aeb39c02d4d7021d4f96430f9821922baa84a78a7b8470f56d5c5305bd124d763afd2 -EBUILD apache-2.4.29-r1.ebuild 7879 BLAKE2B 56c024f5e6f03973977e02bcdc4b7a9814b8015fb087ab0c7c6050acc8477c50574f51724bf7dd2615f4e09863900cf169dd3050912e6a59a594b30f624918d1 SHA512 ea4094069a3af8a6015411ba1af9f2a1fecb51d49b7eb64cf1c9177e41788ef99d95a66ec31e3d3155a38547843385abfd035fb7b06b722d831658a834aa2c73 -EBUILD apache-2.4.33.ebuild 8031 BLAKE2B c2b6744661c172c941f4188c642311a3f8f7cbbb9cb02eaa3a42338a8796cd7be6862d00f1cc00afb991da825a1b47ccf4441aa1eef19f894bf353c01065f16f SHA512 c6183f5894d7a14448ec56bca2a9f918ced6563aabae6c0ad9cb8f44ef628356a5e5ddcd297d5d42aabe903a5a8e4eaa0d2682e47928eded5cb32f89ed6deb35 +EBUILD apache-2.4.29-r1.ebuild 7878 BLAKE2B 3798d1ac5cc708adef4561d647cfb14cccdf83485c4701e42f4498c556dd6004d8176acb1d46c4b0088fa0b44e421577119dd88f982a71489260465c86423743 SHA512 abc125622dd7b362819639893b463db80a960390b2ab16fc859506f22026094a540ddc646df50d99a636708c944db982a0594bc6c1d8806bc2e983a29ca8fa84 +EBUILD apache-2.4.33.ebuild 8187 BLAKE2B c2f6a73b0f70b2894aa105fcf388222fcf4c075cbfdf5a8f6a1aa1e8b26ea032adf0f3f06fd53a1d26590d4f13cd1f9f983215bedca7846f4e474b70b85b6a62 SHA512 379d362316e8cf94ec7070e2a475a856b9dc2cfd6a1e54cc3c432889e1c0a5f756d2c61a31a993dbf927aac451150a41122c7f08300915bd0911cdc55481ca15 MISC metadata.xml 3554 BLAKE2B d415eb42fbe1614b63620c8d4f60390ca585d56b10cc7d7ab057b299f3a7046bedb2cf0d0490e36d00e497afa3ebd9a46d61e6afa8716ab55c3c4bf59389b4e2 SHA512 3165c25c9f23548ce0c5efdf5ca6fe563eaf51671c1df0cef8fafeb33c128b224fba921e7edd3ce7c194a980dbd4774889dfd57bf7e21559c659e3163532b902 diff --git a/www-servers/apache/apache-2.4.29-r1.ebuild b/www-servers/apache/apache-2.4.29-r1.ebuild index 0b0d7de76739..1d97a24d6da8 100644 --- a/www-servers/apache/apache-2.4.29-r1.ebuild +++ b/www-servers/apache/apache-2.4.29-r1.ebuild @@ -128,7 +128,7 @@ HOMEPAGE="https://httpd.apache.org/" # some helper scripts are Apache-1.1, thus both are here LICENSE="Apache-2.0 Apache-1.1" SLOT="2" -KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ia64 ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris" +KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris" CDEPEND="apache2_modules_brotli? ( >=app-arch/brotli-0.6.0:= ) apache2_modules_http2? ( >=net-libs/nghttp2-1.2.1 )" diff --git a/www-servers/apache/apache-2.4.33.ebuild b/www-servers/apache/apache-2.4.33.ebuild index 6ec7fdfb67e3..54ecf1cb0539 100644 --- a/www-servers/apache/apache-2.4.33.ebuild +++ b/www-servers/apache/apache-2.4.33.ebuild @@ -141,6 +141,11 @@ RDEPEND+="${CDEPEND}" REQUIRED_USE="apache2_modules_http2? ( ssl )" +PATCHES=( + # this *should* be included from upstream in the next release as it is currently in Git head + "${FILESDIR}/${P}-libressl-compatibility.patch" +) + pkg_setup() { # dependend critical modules which are not allowed in global scope due # to USE flag conditionals (bug #499260) diff --git a/www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch b/www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch new file mode 100644 index 000000000000..97d33468e194 --- /dev/null +++ b/www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch @@ -0,0 +1,97 @@ +# based on upstream commit from: +# https://github.com/apache/httpd/commit/8134addfabf2685e08da6d51167775b628fda0dc +# this should be included in the next release (2.4.34?) + +diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c +index 66682eaf4d..8f0def2805 100644 +--- a/modules/md/md_crypt.c ++++ b/modules/md/md_crypt.c +@@ -190,7 +190,7 @@ static int pem_passwd(char *buf, int size, int rwflag, void *baton) + */ + static apr_time_t md_asn1_time_get(const ASN1_TIME* time) + { +-#ifdef LIBRESSL_VERSION_NUMBER ++#ifdef LIBRESSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) + /* courtesy: https://stackoverflow.com/questions/10975542/asn1-time-to-time-t-conversion#11263731 + * all bugs are mine */ + apr_time_exp_t t; +@@ -471,7 +471,7 @@ apr_status_t md_pkey_gen(md_pkey_t **ppkey, apr_pool_t *p, md_pkey_spec_t *spec) + } + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f) + + #ifndef NID_tlsfeature + #define NID_tlsfeature 1020 +diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c +index 48d64cb624..2392019aed 100644 +--- a/modules/ssl/mod_ssl.c ++++ b/modules/ssl/mod_ssl.c +@@ -398,7 +398,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf, + /* We must register the library in full, to ensure our configuration + * code can successfully test the SSL environment. + */ +-#if MODSSL_USE_OPENSSL_PRE_1_1_API ++#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER) + (void)CRYPTO_malloc_init(); + #else + OPENSSL_malloc_init(); +diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c +index a3a74f474c..88c0939cab 100644 +--- a/modules/ssl/ssl_engine_init.c ++++ b/modules/ssl/ssl_engine_init.c +@@ -546,7 +546,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, + char *cp; + int protocol = mctx->protocol; + SSLSrvConfigRec *sc = mySrvConfig(s); +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L) + int prot; + #endif + +@@ -616,7 +617,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, + + SSL_CTX_set_options(ctx, SSL_OP_ALL); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L) + /* always disable SSLv2, as per RFC 6176 */ + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); + +diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h +index a39569cbf7..e0e1b37087 100644 +--- a/modules/ssl/ssl_private.h ++++ b/modules/ssl/ssl_private.h +@@ -132,13 +132,14 @@ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) + #define SSL_CTX_set_max_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +-#endif +-/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most +- * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so +- * we have to work around this... ++#elif LIBRESSL_VERSION_NUMBER < 0x2070000f ++/* LibreSSL before 2.7 declares OPENSSL_VERSION_NUMBER == 2.0 but does not ++ * include most changes from OpenSSL >= 1.1 (new functions, macros, ++ * deprecations, ...), so we have to work around this... + */ + #define MODSSL_USE_OPENSSL_PRE_1_1_API (1) +-#else ++#endif /* LIBRESSL_VERSION_NUMBER < 0x2060000f */ ++#else /* defined(LIBRESSL_VERSION_NUMBER) */ + #define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L) + #endif + +@@ -238,7 +239,8 @@ void init_bio_methods(void); + void free_bio_methods(void); + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10002000L || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f) + #define X509_STORE_CTX_get0_store(x) (x->ctx) + #endif + |