summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAaron Bauman <bman@gentoo.org>2018-04-19 23:11:08 -0400
committerAaron Bauman <bman@gentoo.org>2018-04-19 23:11:08 -0400
commit10b3011a4085229faa82e2a1512a233d86bc5e80 (patch)
treefc4fc19170a02a93246ce3252f93f056b56cf941 /www-servers/apache
parentapp-crypt/xca: amd64 stable wrt bug #653572 (diff)
downloadgentoo-10b3011a4085229faa82e2a1512a233d86bc5e80.tar.gz
gentoo-10b3011a4085229faa82e2a1512a233d86bc5e80.tar.bz2
gentoo-10b3011a4085229faa82e2a1512a233d86bc5e80.zip
www-servers/apache: compatibility patch for LibreSSL
This patch fixes building dev-libs/libressl and is based on the upstream Git commit 8134addfabf2685e08da6d51167775b628fda0dc. Closes: https://bugs.gentoo.org/651312 Package-Manager: Portage-2.3.31, Repoman-2.3.9
Diffstat (limited to 'www-servers/apache')
-rw-r--r--www-servers/apache/apache-2.4.33.ebuild5
-rw-r--r--www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch97
2 files changed, 102 insertions, 0 deletions
diff --git a/www-servers/apache/apache-2.4.33.ebuild b/www-servers/apache/apache-2.4.33.ebuild
index 6ec7fdfb67e..54ecf1cb053 100644
--- a/www-servers/apache/apache-2.4.33.ebuild
+++ b/www-servers/apache/apache-2.4.33.ebuild
@@ -141,6 +141,11 @@ RDEPEND+="${CDEPEND}"
REQUIRED_USE="apache2_modules_http2? ( ssl )"
+PATCHES=(
+ # this *should* be included from upstream in the next release as it is currently in Git head
+ "${FILESDIR}/${P}-libressl-compatibility.patch"
+)
+
pkg_setup() {
# dependend critical modules which are not allowed in global scope due
# to USE flag conditionals (bug #499260)
diff --git a/www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch b/www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch
new file mode 100644
index 00000000000..97d33468e19
--- /dev/null
+++ b/www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch
@@ -0,0 +1,97 @@
+# based on upstream commit from:
+# https://github.com/apache/httpd/commit/8134addfabf2685e08da6d51167775b628fda0dc
+# this should be included in the next release (2.4.34?)
+
+diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c
+index 66682eaf4d..8f0def2805 100644
+--- a/modules/md/md_crypt.c
++++ b/modules/md/md_crypt.c
+@@ -190,7 +190,7 @@ static int pem_passwd(char *buf, int size, int rwflag, void *baton)
+ */
+ static apr_time_t md_asn1_time_get(const ASN1_TIME* time)
+ {
+-#ifdef LIBRESSL_VERSION_NUMBER
++#ifdef LIBRESSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+ /* courtesy: https://stackoverflow.com/questions/10975542/asn1-time-to-time-t-conversion#11263731
+ * all bugs are mine */
+ apr_time_exp_t t;
+@@ -471,7 +471,7 @@ apr_status_t md_pkey_gen(md_pkey_t **ppkey, apr_pool_t *p, md_pkey_spec_t *spec)
+ }
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f)
+
+ #ifndef NID_tlsfeature
+ #define NID_tlsfeature 1020
+diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
+index 48d64cb624..2392019aed 100644
+--- a/modules/ssl/mod_ssl.c
++++ b/modules/ssl/mod_ssl.c
+@@ -398,7 +398,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
+ /* We must register the library in full, to ensure our configuration
+ * code can successfully test the SSL environment.
+ */
+-#if MODSSL_USE_OPENSSL_PRE_1_1_API
++#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER)
+ (void)CRYPTO_malloc_init();
+ #else
+ OPENSSL_malloc_init();
+diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
+index a3a74f474c..88c0939cab 100644
+--- a/modules/ssl/ssl_engine_init.c
++++ b/modules/ssl/ssl_engine_init.c
+@@ -546,7 +546,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
+ char *cp;
+ int protocol = mctx->protocol;
+ SSLSrvConfigRec *sc = mySrvConfig(s);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L)
+ int prot;
+ #endif
+
+@@ -616,7 +617,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
+
+ SSL_CTX_set_options(ctx, SSL_OP_ALL);
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L)
+ /* always disable SSLv2, as per RFC 6176 */
+ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
+
+diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
+index a39569cbf7..e0e1b37087 100644
+--- a/modules/ssl/ssl_private.h
++++ b/modules/ssl/ssl_private.h
+@@ -132,13 +132,14 @@
+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+ #define SSL_CTX_set_max_proto_version(ctx, version) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+-#endif
+-/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most
+- * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so
+- * we have to work around this...
++#elif LIBRESSL_VERSION_NUMBER < 0x2070000f
++/* LibreSSL before 2.7 declares OPENSSL_VERSION_NUMBER == 2.0 but does not
++ * include most changes from OpenSSL >= 1.1 (new functions, macros,
++ * deprecations, ...), so we have to work around this...
+ */
+ #define MODSSL_USE_OPENSSL_PRE_1_1_API (1)
+-#else
++#endif /* LIBRESSL_VERSION_NUMBER < 0x2060000f */
++#else /* defined(LIBRESSL_VERSION_NUMBER) */
+ #define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ #endif
+
+@@ -238,7 +239,8 @@ void init_bio_methods(void);
+ void free_bio_methods(void);
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10002000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f)
+ #define X509_STORE_CTX_get0_store(x) (x->ctx)
+ #endif
+