commit: 10b3011a4085229faa82e2a1512a233d86bc5e80 Author: Aaron Bauman <bman <AT> gentoo <DOT> org> AuthorDate: Fri Apr 20 03:11:08 2018 +0000 Commit: Aaron Bauman <bman <AT> gentoo <DOT> org> CommitDate: Fri Apr 20 03:11:08 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10b3011a
www-servers/apache: compatibility patch for LibreSSL This patch fixes building dev-libs/libressl and is based on the upstream Git commit 8134addfabf2685e08da6d51167775b628fda0dc. Closes: https://bugs.gentoo.org/651312 Package-Manager: Portage-2.3.31, Repoman-2.3.9 www-servers/apache/apache-2.4.33.ebuild | 5 ++ .../apache-2.4.33-libressl-compatibility.patch | 97 ++++++++++++++++++++++ 2 files changed, 102 insertions(+) diff --git a/www-servers/apache/apache-2.4.33.ebuild b/www-servers/apache/apache-2.4.33.ebuild index 6ec7fdfb67e..54ecf1cb053 100644 --- a/www-servers/apache/apache-2.4.33.ebuild +++ b/www-servers/apache/apache-2.4.33.ebuild @@ -141,6 +141,11 @@ RDEPEND+="${CDEPEND}" REQUIRED_USE="apache2_modules_http2? ( ssl )" +PATCHES=( + # this *should* be included from upstream in the next release as it is currently in Git head + "${FILESDIR}/${P}-libressl-compatibility.patch" +) + pkg_setup() { # dependend critical modules which are not allowed in global scope due # to USE flag conditionals (bug #499260) diff --git a/www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch b/www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch new file mode 100644 index 00000000000..97d33468e19 --- /dev/null +++ b/www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch @@ -0,0 +1,97 @@ +# based on upstream commit from: +# https://github.com/apache/httpd/commit/8134addfabf2685e08da6d51167775b628fda0dc +# this should be included in the next release (2.4.34?) + +diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c +index 66682eaf4d..8f0def2805 100644 +--- a/modules/md/md_crypt.c ++++ b/modules/md/md_crypt.c +@@ -190,7 +190,7 @@ static int pem_passwd(char *buf, int size, int rwflag, void *baton) + */ + static apr_time_t md_asn1_time_get(const ASN1_TIME* time) + { +-#ifdef LIBRESSL_VERSION_NUMBER ++#ifdef LIBRESSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) + /* courtesy: https://stackoverflow.com/questions/10975542/asn1-time-to-time-t-conversion#11263731 + * all bugs are mine */ + apr_time_exp_t t; +@@ -471,7 +471,7 @@ apr_status_t md_pkey_gen(md_pkey_t **ppkey, apr_pool_t *p, md_pkey_spec_t *spec) + } + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f) + + #ifndef NID_tlsfeature + #define NID_tlsfeature 1020 +diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c +index 48d64cb624..2392019aed 100644 +--- a/modules/ssl/mod_ssl.c ++++ b/modules/ssl/mod_ssl.c +@@ -398,7 +398,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf, + /* We must register the library in full, to ensure our configuration + * code can successfully test the SSL environment. + */ +-#if MODSSL_USE_OPENSSL_PRE_1_1_API ++#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER) + (void)CRYPTO_malloc_init(); + #else + OPENSSL_malloc_init(); +diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c +index a3a74f474c..88c0939cab 100644 +--- a/modules/ssl/ssl_engine_init.c ++++ b/modules/ssl/ssl_engine_init.c +@@ -546,7 +546,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, + char *cp; + int protocol = mctx->protocol; + SSLSrvConfigRec *sc = mySrvConfig(s); +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L) + int prot; + #endif + +@@ -616,7 +617,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, + + SSL_CTX_set_options(ctx, SSL_OP_ALL); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L) + /* always disable SSLv2, as per RFC 6176 */ + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); + +diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h +index a39569cbf7..e0e1b37087 100644 +--- a/modules/ssl/ssl_private.h ++++ b/modules/ssl/ssl_private.h +@@ -132,13 +132,14 @@ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) + #define SSL_CTX_set_max_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +-#endif +-/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most +- * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so +- * we have to work around this... ++#elif LIBRESSL_VERSION_NUMBER < 0x2070000f ++/* LibreSSL before 2.7 declares OPENSSL_VERSION_NUMBER == 2.0 but does not ++ * include most changes from OpenSSL >= 1.1 (new functions, macros, ++ * deprecations, ...), so we have to work around this... + */ + #define MODSSL_USE_OPENSSL_PRE_1_1_API (1) +-#else ++#endif /* LIBRESSL_VERSION_NUMBER < 0x2060000f */ ++#else /* defined(LIBRESSL_VERSION_NUMBER) */ + #define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L) + #endif + +@@ -238,7 +239,8 @@ void init_bio_methods(void); + void free_bio_methods(void); + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10002000L || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f) + #define X509_STORE_CTX_get0_store(x) (x->ctx) + #endif +
