Re: update www/apache-httpd 2.4.29
ping ? :-) On 23 November 2017 at 08:33, Stuart Henderson wrote: > On 2017/11/23 08:43, Giovanni Bechis wrote: > > On Wed, Nov 22, 2017 at 07:24:08PM +, David CARLIER wrote: > > > On 22 November 2017 at 16:28, Giovanni Bechis > wrote: > > > > > > > On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote: > > > > > Hi, > > > > > > > > > > here a proposal to update to 2.4.29, removing some patches > LIBRESSL's > > > > > related pushed upstream in the process. > > > > > > > > > not all of them has been pushed, ad least mod_ssl.c is missing one, > > > > I haven't looked at all patches yet. > > > > > > > > > > > You sure ? For example in this version > > > > > yep: > > -- > > $ cd $(make show=WRKSRC) > > $ grep -nHA4 OPENSSL_VERSION_NUMBER modules/ssl/mod_ssl.c > > modules/ssl/mod_ssl.c:340:#if OPENSSL_VERSION_NUMBER >= 0x1000200fL > > modules/ssl/mod_ssl.c-341-#ifndef OPENSSL_NO_COMP > > modules/ssl/mod_ssl.c-342-SSL_COMP_free_compression_methods(); > > modules/ssl/mod_ssl.c-343-#endif > > modules/ssl/mod_ssl.c-344-#endif > > That one is ok, we define OPENSSL_NO_COMP. I haven't checked the others. >
Re: update www/apache-httpd 2.4.29
On 2017/11/23 08:43, Giovanni Bechis wrote: > On Wed, Nov 22, 2017 at 07:24:08PM +, David CARLIER wrote: > > On 22 November 2017 at 16:28, Giovanni Bechis wrote: > > > > > On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote: > > > > Hi, > > > > > > > > here a proposal to update to 2.4.29, removing some patches LIBRESSL's > > > > related pushed upstream in the process. > > > > > > > not all of them has been pushed, ad least mod_ssl.c is missing one, > > > I haven't looked at all patches yet. > > > > > > > > You sure ? For example in this version > > > yep: > -- > $ cd $(make show=WRKSRC) > $ grep -nHA4 OPENSSL_VERSION_NUMBER modules/ssl/mod_ssl.c > modules/ssl/mod_ssl.c:340:#if OPENSSL_VERSION_NUMBER >= 0x1000200fL > modules/ssl/mod_ssl.c-341-#ifndef OPENSSL_NO_COMP > modules/ssl/mod_ssl.c-342-SSL_COMP_free_compression_methods(); > modules/ssl/mod_ssl.c-343-#endif > modules/ssl/mod_ssl.c-344-#endif That one is ok, we define OPENSSL_NO_COMP. I haven't checked the others.
Re: update www/apache-httpd 2.4.29
On Wed, Nov 22, 2017 at 07:24:08PM +, David CARLIER wrote:
> On 22 November 2017 at 16:28, Giovanni Bechis wrote:
>
> > On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote:
> > > Hi,
> > >
> > > here a proposal to update to 2.4.29, removing some patches LIBRESSL's
> > > related pushed upstream in the process.
> > >
> > not all of them has been pushed, ad least mod_ssl.c is missing one,
> > I haven't looked at all patches yet.
> >
> >
> You sure ? For example in this version
>
yep:
--
$ cd $(make show=WRKSRC)
$ grep -nHA4 OPENSSL_VERSION_NUMBER modules/ssl/mod_ssl.c
modules/ssl/mod_ssl.c:340:#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
modules/ssl/mod_ssl.c-341-#ifndef OPENSSL_NO_COMP
modules/ssl/mod_ssl.c-342-SSL_COMP_free_compression_methods();
modules/ssl/mod_ssl.c-343-#endif
modules/ssl/mod_ssl.c-344-#endif
modules/ssl/mod_ssl.c:348:#if OPENSSL_VERSION_NUMBER >= 0x100fL
modules/ssl/mod_ssl.c-349-ERR_remove_thread_state(NULL);
modules/ssl/mod_ssl.c-350-#else
modules/ssl/mod_ssl.c-351-ERR_remove_state(0);
modules/ssl/mod_ssl.c-352-#endif
modules/ssl/mod_ssl.c:358:#if (OPENSSL_VERSION_NUMBER >= 0x00090805f)
modules/ssl/mod_ssl.c-359-ERR_free_strings();
modules/ssl/mod_ssl.c-360-#endif
modules/ssl/mod_ssl.c-361-
modules/ssl/mod_ssl.c-362-/* Also don't call CRYPTO_cleanup_all_ex_data
when linked statically here;
--
At least the first part of mod_ssl patch is needed.
Cheers
Giovanni
> mod_ssl.c
>
> #if MODSSL_USE_OPENSSL_PRE_1_1_API
>
> (void)CRYPTO_malloc_init();
>
> #else
>
> OPENSSL_malloc_init();
>
> #endif
>
>
>
> e.g. in ssl_private.h is
>
> ...
>
> #if defined(LIBRESSL_VERSION_NUMBER)
>
> /* Missing from LibreSSL */
>
> #if LIBRESSL_VERSION_NUMBER < 0x206f
>
> #define SSL_CTRL_SET_MIN_PROTO_VERSION 123
>
> #define SSL_CTRL_SET_MAX_PROTO_VERSION 124
>
> #define SSL_CTX_set_min_proto_version(ctx, version) \
>
> SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
>
> #define SSL_CTX_set_max_proto_version(ctx, version) \
>
> SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
>
> #endif
>
> /* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most
>
> * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...),
> so
>
> * we have to work around this...
>
> */
>
> #define MODSSL_USE_OPENSSL_PRE_1_1_API (1)
>
> #else
>
> #define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x1010L
> )
>
> #endif
>
> ...
>
>
>
> > > Hope it is good.
> > >
> > > Kind regards.
> >
> > > Index: Makefile
> > > ===
> > > RCS file: /cvs/ports/www/apache-httpd/Makefile,v
> > > retrieving revision 1.85
> > > diff -u -p -r1.85 Makefile
> > > --- Makefile 18 Sep 2017 19:25:38 - 1.85
> > > +++ Makefile 4 Nov 2017 09:10:58 -
> > > @@ -3,8 +3,7 @@
> > > COMMENT-main=apache HTTP server
> > [...]
> > > share/doc/apache2/mod/prefork.html.en
> > > @@ -1453,4 +1455,3 @@ share/examples/apache2/htdocs/
> > > share/examples/apache2/htdocs/index.html
> > > @sample /var/www/htdocs/index.html
> > > %%ldap%%
> > > -@rcscript ${RCDIR}/apache2
> > you should not remove the rcscript
> >
> >
> Good point . Corrected.
>
>
>
> > Cheers
> > Giovanni
> >
> Index: Makefile
> ===
> RCS file: /cvs/ports/www/apache-httpd/Makefile,v
> retrieving revision 1.85
> diff -u -p -r1.85 Makefile
> --- Makefile 18 Sep 2017 19:25:38 - 1.85
> +++ Makefile 22 Nov 2017 19:15:11 -
> @@ -3,8 +3,7 @@
> COMMENT-main=apache HTTP server
> COMMENT-common= /var/www files for Apache HTTPd
>
> -V= 2.4.27
> -REVISION-main= 0
> +V= 2.4.29
> DISTNAME=httpd-${V}
> PKGNAME= apache-httpd-${V}
>
> Index: distinfo
> ===
> RCS file: /cvs/ports/www/apache-httpd/distinfo,v
> retrieving revision 1.26
> diff -u -p -r1.26 distinfo
> --- distinfo 14 Jul 2017 17:14:33 - 1.26
> +++ distinfo 22 Nov 2017 19:15:11 -
> @@ -1,2 +1,2 @@
> -SHA256 (httpd-2.4.27.tar.gz) = NG3T0BauXXEBAW5ogFFQvc6QQKjSRsKJqnDminzYa2Y=
> -SIZE (httpd-2.4.27.tar.gz) = 8603417
> +SHA256 (httpd-2.4.29.tar.gz) = lI5KESeKWVRpi4gLMPQBsemrdDcT7ixygKVN1N3YcIU=
> +SIZE (httpd-2.4.29.tar.gz) = 8638793
> Index: patches/patch-modules_ssl_mod_ssl_c
> ===
> RCS file: patches/patch-modules_ssl_mod_ssl_c
> diff -N patches/patch-modules_ssl_mod_ssl_c
> --- patches/patch-modules_ssl_mod_ssl_c 14 Jul 2017 17:04:12 -
> 1.3
> +++ /dev/null 1 Jan 1970 00:00:00 -
> @@ -1
Re: update www/apache-httpd 2.4.29
On 22 November 2017 at 16:28, Giovanni Bechis wrote:
> On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote:
> > Hi,
> >
> > here a proposal to update to 2.4.29, removing some patches LIBRESSL's
> > related pushed upstream in the process.
> >
> not all of them has been pushed, ad least mod_ssl.c is missing one,
> I haven't looked at all patches yet.
>
>
You sure ? For example in this version
mod_ssl.c
#if MODSSL_USE_OPENSSL_PRE_1_1_API
(void)CRYPTO_malloc_init();
#else
OPENSSL_malloc_init();
#endif
e.g. in ssl_private.h is
...
#if defined(LIBRESSL_VERSION_NUMBER)
/* Missing from LibreSSL */
#if LIBRESSL_VERSION_NUMBER < 0x206f
#define SSL_CTRL_SET_MIN_PROTO_VERSION 123
#define SSL_CTRL_SET_MAX_PROTO_VERSION 124
#define SSL_CTX_set_min_proto_version(ctx, version) \
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
#define SSL_CTX_set_max_proto_version(ctx, version) \
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
#endif
/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most
* changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...),
so
* we have to work around this...
*/
#define MODSSL_USE_OPENSSL_PRE_1_1_API (1)
#else
#define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x1010L
)
#endif
...
> > Hope it is good.
> >
> > Kind regards.
>
> > Index: Makefile
> > ===
> > RCS file: /cvs/ports/www/apache-httpd/Makefile,v
> > retrieving revision 1.85
> > diff -u -p -r1.85 Makefile
> > --- Makefile 18 Sep 2017 19:25:38 - 1.85
> > +++ Makefile 4 Nov 2017 09:10:58 -
> > @@ -3,8 +3,7 @@
> > COMMENT-main=apache HTTP server
> [...]
> > share/doc/apache2/mod/prefork.html.en
> > @@ -1453,4 +1455,3 @@ share/examples/apache2/htdocs/
> > share/examples/apache2/htdocs/index.html
> > @sample /var/www/htdocs/index.html
> > %%ldap%%
> > -@rcscript ${RCDIR}/apache2
> you should not remove the rcscript
>
>
Good point . Corrected.
> Cheers
> Giovanni
>
Index: Makefile
===
RCS file: /cvs/ports/www/apache-httpd/Makefile,v
retrieving revision 1.85
diff -u -p -r1.85 Makefile
--- Makefile18 Sep 2017 19:25:38 - 1.85
+++ Makefile22 Nov 2017 19:15:11 -
@@ -3,8 +3,7 @@
COMMENT-main= apache HTTP server
COMMENT-common=/var/www files for Apache HTTPd
-V= 2.4.27
-REVISION-main= 0
+V= 2.4.29
DISTNAME= httpd-${V}
PKGNAME= apache-httpd-${V}
Index: distinfo
===
RCS file: /cvs/ports/www/apache-httpd/distinfo,v
retrieving revision 1.26
diff -u -p -r1.26 distinfo
--- distinfo14 Jul 2017 17:14:33 - 1.26
+++ distinfo22 Nov 2017 19:15:11 -
@@ -1,2 +1,2 @@
-SHA256 (httpd-2.4.27.tar.gz) = NG3T0BauXXEBAW5ogFFQvc6QQKjSRsKJqnDminzYa2Y=
-SIZE (httpd-2.4.27.tar.gz) = 8603417
+SHA256 (httpd-2.4.29.tar.gz) = lI5KESeKWVRpi4gLMPQBsemrdDcT7ixygKVN1N3YcIU=
+SIZE (httpd-2.4.29.tar.gz) = 8638793
Index: patches/patch-modules_ssl_mod_ssl_c
===
RCS file: patches/patch-modules_ssl_mod_ssl_c
diff -N patches/patch-modules_ssl_mod_ssl_c
--- patches/patch-modules_ssl_mod_ssl_c 14 Jul 2017 17:04:12 - 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,23 +0,0 @@
-$OpenBSD: patch-modules_ssl_mod_ssl_c,v 1.3 2017/07/14 17:04:12 sthen Exp $
-
-Index: modules/ssl/mod_ssl.c
modules/ssl/mod_ssl.c.orig
-+++ modules/ssl/mod_ssl.c
-@@ -337,7 +337,7 @@ static apr_status_t ssl_cleanup_pre_config(void *data)
- #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
- ENGINE_cleanup();
- #endif
--#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
-+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
- SSL_COMP_free_compression_methods();
- #endif
-
-@@ -390,7 +390,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
- /* We must register the library in full, to ensure our configuration
- * code can successfully test the SSL environment.
- */
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)
- CRYPTO_malloc_init();
- #else
- OPENSSL_malloc_init();
Index: patches/patch-modules_ssl_ssl_engine_init_c
===
RCS file: patches/patch-modules_ssl_ssl_engine_init_c
diff -N patches/patch-modules_ssl_ssl_engine_init_c
--- patches/patch-modules_ssl_ssl_engine_init_c 14 Jul 2017 17:04:12 -
1.9
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,50 +0,0 @@
-$OpenBSD: patch-modules_ssl_ssl_engine_init_c,v 1.9 2017/07/14 17:04:12 sthen
Exp $
-
-Index: modules/ssl/ssl_engine_init.c
modules/ssl/ssl_engine_in
Re: update www/apache-httpd 2.4.29
On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote:
> Hi,
>
> here a proposal to update to 2.4.29, removing some patches LIBRESSL's
> related pushed upstream in the process.
>
not all of them has been pushed, ad least mod_ssl.c is missing one,
I haven't looked at all patches yet.
> Hope it is good.
>
> Kind regards.
> Index: Makefile
> ===
> RCS file: /cvs/ports/www/apache-httpd/Makefile,v
> retrieving revision 1.85
> diff -u -p -r1.85 Makefile
> --- Makefile 18 Sep 2017 19:25:38 - 1.85
> +++ Makefile 4 Nov 2017 09:10:58 -
> @@ -3,8 +3,7 @@
> COMMENT-main=apache HTTP server
[...]
> share/doc/apache2/mod/prefork.html.en
> @@ -1453,4 +1455,3 @@ share/examples/apache2/htdocs/
> share/examples/apache2/htdocs/index.html
> @sample /var/www/htdocs/index.html
> %%ldap%%
> -@rcscript ${RCDIR}/apache2
you should not remove the rcscript
Cheers
Giovanni
signature.asc
Description: PGP signature
Re: update www/apache-httpd 2.4.29
ping :-) On 4 November 2017 at 09:13, David CARLIER wrote: > Hi, > > here a proposal to update to 2.4.29, removing some patches LIBRESSL's > related pushed upstream in the process. > > Hope it is good. > > Kind regards. >
update www/apache-httpd 2.4.29
Hi,
here a proposal to update to 2.4.29, removing some patches LIBRESSL's
related pushed upstream in the process.
Hope it is good.
Kind regards.
Index: Makefile
===
RCS file: /cvs/ports/www/apache-httpd/Makefile,v
retrieving revision 1.85
diff -u -p -r1.85 Makefile
--- Makefile18 Sep 2017 19:25:38 - 1.85
+++ Makefile4 Nov 2017 09:10:58 -
@@ -3,8 +3,7 @@
COMMENT-main= apache HTTP server
COMMENT-common=/var/www files for Apache HTTPd
-V= 2.4.27
-REVISION-main= 0
+V= 2.4.29
DISTNAME= httpd-${V}
PKGNAME= apache-httpd-${V}
Index: distinfo
===
RCS file: /cvs/ports/www/apache-httpd/distinfo,v
retrieving revision 1.26
diff -u -p -r1.26 distinfo
--- distinfo14 Jul 2017 17:14:33 - 1.26
+++ distinfo4 Nov 2017 09:10:58 -
@@ -1,2 +1,2 @@
-SHA256 (httpd-2.4.27.tar.gz) = NG3T0BauXXEBAW5ogFFQvc6QQKjSRsKJqnDminzYa2Y=
-SIZE (httpd-2.4.27.tar.gz) = 8603417
+SHA256 (httpd-2.4.29.tar.gz) = lI5KESeKWVRpi4gLMPQBsemrdDcT7ixygKVN1N3YcIU=
+SIZE (httpd-2.4.29.tar.gz) = 8638793
Index: patches/patch-modules_ssl_mod_ssl_c
===
RCS file: patches/patch-modules_ssl_mod_ssl_c
diff -N patches/patch-modules_ssl_mod_ssl_c
--- patches/patch-modules_ssl_mod_ssl_c 14 Jul 2017 17:04:12 - 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,23 +0,0 @@
-$OpenBSD: patch-modules_ssl_mod_ssl_c,v 1.3 2017/07/14 17:04:12 sthen Exp $
-
-Index: modules/ssl/mod_ssl.c
modules/ssl/mod_ssl.c.orig
-+++ modules/ssl/mod_ssl.c
-@@ -337,7 +337,7 @@ static apr_status_t ssl_cleanup_pre_config(void *data)
- #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
- ENGINE_cleanup();
- #endif
--#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
-+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
- SSL_COMP_free_compression_methods();
- #endif
-
-@@ -390,7 +390,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
- /* We must register the library in full, to ensure our configuration
- * code can successfully test the SSL environment.
- */
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)
- CRYPTO_malloc_init();
- #else
- OPENSSL_malloc_init();
Index: patches/patch-modules_ssl_ssl_engine_init_c
===
RCS file: patches/patch-modules_ssl_ssl_engine_init_c
diff -N patches/patch-modules_ssl_ssl_engine_init_c
--- patches/patch-modules_ssl_ssl_engine_init_c 14 Jul 2017 17:04:12 -
1.9
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,50 +0,0 @@
-$OpenBSD: patch-modules_ssl_ssl_engine_init_c,v 1.9 2017/07/14 17:04:12 sthen
Exp $
-
-Index: modules/ssl/ssl_engine_init.c
modules/ssl/ssl_engine_init.c.orig
-+++ modules/ssl/ssl_engine_init.c
-@@ -47,7 +47,7 @@ APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, ini
- #define KEYTYPES "RSA or DSA"
- #endif
-
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)
- /* OpenSSL Pre-1.1.0 compatibility */
- /* Taken from OpenSSL 1.1.0 snapshot 20160410 */
- static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-@@ -380,7 +380,7 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t
- modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request
time */
-
- init_dh_params();
--#if OPENSSL_VERSION_NUMBER >= 0x1010L
-+#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
- init_bio_methods();
- #endif
-
-@@ -513,7 +513,7 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *
- char *cp;
- int protocol = mctx->protocol;
- SSLSrvConfigRec *sc = mySrvConfig(s);
--#if OPENSSL_VERSION_NUMBER >= 0x1010L
-+#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
- int prot;
- #endif
-
-@@ -583,7 +583,7 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *
-
- SSL_CTX_set_options(ctx, SSL_OP_ALL);
-
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)
- /* always disable SSLv2, as per RFC 6176 */
- SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
-
-@@ -2011,7 +2011,7 @@ apr_status_t ssl_init_ModuleKill(void *data)
-
- }
-
--#if OPENSSL_VERSION_NUMBER >= 0x1010L
-+#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
- free_bio_methods();
- #endif
- free_dh_params();
Index: patches/patch-modules_ssl_ssl_engine_io_c
===
RCS file: patches/patch-modules_ssl_ssl_engine_io_c
diff -N patches/patch-modules_ssl_ssl_engine_io_c
--- patches/patch-modules_ssl_ssl_engine_i
