Re: update www/apache-httpd 2.4.29
ping ? :-) On 23 November 2017 at 08:33, Stuart Henderson wrote: > On 2017/11/23 08:43, Giovanni Bechis wrote: > > On Wed, Nov 22, 2017 at 07:24:08PM +, David CARLIER wrote: > > > On 22 November 2017 at 16:28, Giovanni Bechis > wrote: > > > > > > > On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote: > > > > > Hi, > > > > > > > > > > here a proposal to update to 2.4.29, removing some patches > LIBRESSL's > > > > > related pushed upstream in the process. > > > > > > > > > not all of them has been pushed, ad least mod_ssl.c is missing one, > > > > I haven't looked at all patches yet. > > > > > > > > > > > You sure ? For example in this version > > > > > yep: > > -- > > $ cd $(make show=WRKSRC) > > $ grep -nHA4 OPENSSL_VERSION_NUMBER modules/ssl/mod_ssl.c > > modules/ssl/mod_ssl.c:340:#if OPENSSL_VERSION_NUMBER >= 0x1000200fL > > modules/ssl/mod_ssl.c-341-#ifndef OPENSSL_NO_COMP > > modules/ssl/mod_ssl.c-342-SSL_COMP_free_compression_methods(); > > modules/ssl/mod_ssl.c-343-#endif > > modules/ssl/mod_ssl.c-344-#endif > > That one is ok, we define OPENSSL_NO_COMP. I haven't checked the others. >
Re: update www/apache-httpd 2.4.29
On 2017/11/23 08:43, Giovanni Bechis wrote: > On Wed, Nov 22, 2017 at 07:24:08PM +, David CARLIER wrote: > > On 22 November 2017 at 16:28, Giovanni Bechis wrote: > > > > > On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote: > > > > Hi, > > > > > > > > here a proposal to update to 2.4.29, removing some patches LIBRESSL's > > > > related pushed upstream in the process. > > > > > > > not all of them has been pushed, ad least mod_ssl.c is missing one, > > > I haven't looked at all patches yet. > > > > > > > > You sure ? For example in this version > > > yep: > -- > $ cd $(make show=WRKSRC) > $ grep -nHA4 OPENSSL_VERSION_NUMBER modules/ssl/mod_ssl.c > modules/ssl/mod_ssl.c:340:#if OPENSSL_VERSION_NUMBER >= 0x1000200fL > modules/ssl/mod_ssl.c-341-#ifndef OPENSSL_NO_COMP > modules/ssl/mod_ssl.c-342-SSL_COMP_free_compression_methods(); > modules/ssl/mod_ssl.c-343-#endif > modules/ssl/mod_ssl.c-344-#endif That one is ok, we define OPENSSL_NO_COMP. I haven't checked the others.
Re: update www/apache-httpd 2.4.29
On Wed, Nov 22, 2017 at 07:24:08PM +, David CARLIER wrote: > On 22 November 2017 at 16:28, Giovanni Bechis wrote: > > > On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote: > > > Hi, > > > > > > here a proposal to update to 2.4.29, removing some patches LIBRESSL's > > > related pushed upstream in the process. > > > > > not all of them has been pushed, ad least mod_ssl.c is missing one, > > I haven't looked at all patches yet. > > > > > You sure ? For example in this version > yep: -- $ cd $(make show=WRKSRC) $ grep -nHA4 OPENSSL_VERSION_NUMBER modules/ssl/mod_ssl.c modules/ssl/mod_ssl.c:340:#if OPENSSL_VERSION_NUMBER >= 0x1000200fL modules/ssl/mod_ssl.c-341-#ifndef OPENSSL_NO_COMP modules/ssl/mod_ssl.c-342-SSL_COMP_free_compression_methods(); modules/ssl/mod_ssl.c-343-#endif modules/ssl/mod_ssl.c-344-#endif modules/ssl/mod_ssl.c:348:#if OPENSSL_VERSION_NUMBER >= 0x100fL modules/ssl/mod_ssl.c-349-ERR_remove_thread_state(NULL); modules/ssl/mod_ssl.c-350-#else modules/ssl/mod_ssl.c-351-ERR_remove_state(0); modules/ssl/mod_ssl.c-352-#endif modules/ssl/mod_ssl.c:358:#if (OPENSSL_VERSION_NUMBER >= 0x00090805f) modules/ssl/mod_ssl.c-359-ERR_free_strings(); modules/ssl/mod_ssl.c-360-#endif modules/ssl/mod_ssl.c-361- modules/ssl/mod_ssl.c-362-/* Also don't call CRYPTO_cleanup_all_ex_data when linked statically here; -- At least the first part of mod_ssl patch is needed. Cheers Giovanni > mod_ssl.c > > #if MODSSL_USE_OPENSSL_PRE_1_1_API > > (void)CRYPTO_malloc_init(); > > #else > > OPENSSL_malloc_init(); > > #endif > > > > e.g. in ssl_private.h is > > ... > > #if defined(LIBRESSL_VERSION_NUMBER) > > /* Missing from LibreSSL */ > > #if LIBRESSL_VERSION_NUMBER < 0x206f > > #define SSL_CTRL_SET_MIN_PROTO_VERSION 123 > > #define SSL_CTRL_SET_MAX_PROTO_VERSION 124 > > #define SSL_CTX_set_min_proto_version(ctx, version) \ > > SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) > > #define SSL_CTX_set_max_proto_version(ctx, version) \ > > SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) > > #endif > > /* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most > > * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), > so > > * we have to work around this... > > */ > > #define MODSSL_USE_OPENSSL_PRE_1_1_API (1) > > #else > > #define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x1010L > ) > > #endif > > ... > > > > > > Hope it is good. > > > > > > Kind regards. > > > > > Index: Makefile > > > === > > > RCS file: /cvs/ports/www/apache-httpd/Makefile,v > > > retrieving revision 1.85 > > > diff -u -p -r1.85 Makefile > > > --- Makefile 18 Sep 2017 19:25:38 - 1.85 > > > +++ Makefile 4 Nov 2017 09:10:58 - > > > @@ -3,8 +3,7 @@ > > > COMMENT-main=apache HTTP server > > [...] > > > share/doc/apache2/mod/prefork.html.en > > > @@ -1453,4 +1455,3 @@ share/examples/apache2/htdocs/ > > > share/examples/apache2/htdocs/index.html > > > @sample /var/www/htdocs/index.html > > > %%ldap%% > > > -@rcscript ${RCDIR}/apache2 > > you should not remove the rcscript > > > > > Good point . Corrected. > > > > > Cheers > > Giovanni > > > Index: Makefile > === > RCS file: /cvs/ports/www/apache-httpd/Makefile,v > retrieving revision 1.85 > diff -u -p -r1.85 Makefile > --- Makefile 18 Sep 2017 19:25:38 - 1.85 > +++ Makefile 22 Nov 2017 19:15:11 - > @@ -3,8 +3,7 @@ > COMMENT-main=apache HTTP server > COMMENT-common= /var/www files for Apache HTTPd > > -V= 2.4.27 > -REVISION-main= 0 > +V= 2.4.29 > DISTNAME=httpd-${V} > PKGNAME= apache-httpd-${V} > > Index: distinfo > === > RCS file: /cvs/ports/www/apache-httpd/distinfo,v > retrieving revision 1.26 > diff -u -p -r1.26 distinfo > --- distinfo 14 Jul 2017 17:14:33 - 1.26 > +++ distinfo 22 Nov 2017 19:15:11 - > @@ -1,2 +1,2 @@ > -SHA256 (httpd-2.4.27.tar.gz) = NG3T0BauXXEBAW5ogFFQvc6QQKjSRsKJqnDminzYa2Y= > -SIZE (httpd-2.4.27.tar.gz) = 8603417 > +SHA256 (httpd-2.4.29.tar.gz) = lI5KESeKWVRpi4gLMPQBsemrdDcT7ixygKVN1N3YcIU= > +SIZE (httpd-2.4.29.tar.gz) = 8638793 > Index: patches/patch-modules_ssl_mod_ssl_c > === > RCS file: patches/patch-modules_ssl_mod_ssl_c > diff -N patches/patch-modules_ssl_mod_ssl_c > --- patches/patch-modules_ssl_mod_ssl_c 14 Jul 2017 17:04:12 - > 1.3 > +++ /dev/null 1 Jan 1970 00:00:00 - > @@ -1
Re: update www/apache-httpd 2.4.29
On 22 November 2017 at 16:28, Giovanni Bechis wrote: > On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote: > > Hi, > > > > here a proposal to update to 2.4.29, removing some patches LIBRESSL's > > related pushed upstream in the process. > > > not all of them has been pushed, ad least mod_ssl.c is missing one, > I haven't looked at all patches yet. > > You sure ? For example in this version mod_ssl.c #if MODSSL_USE_OPENSSL_PRE_1_1_API (void)CRYPTO_malloc_init(); #else OPENSSL_malloc_init(); #endif e.g. in ssl_private.h is ... #if defined(LIBRESSL_VERSION_NUMBER) /* Missing from LibreSSL */ #if LIBRESSL_VERSION_NUMBER < 0x206f #define SSL_CTRL_SET_MIN_PROTO_VERSION 123 #define SSL_CTRL_SET_MAX_PROTO_VERSION 124 #define SSL_CTX_set_min_proto_version(ctx, version) \ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) #define SSL_CTX_set_max_proto_version(ctx, version) \ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) #endif /* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so * we have to work around this... */ #define MODSSL_USE_OPENSSL_PRE_1_1_API (1) #else #define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x1010L ) #endif ... > > Hope it is good. > > > > Kind regards. > > > Index: Makefile > > === > > RCS file: /cvs/ports/www/apache-httpd/Makefile,v > > retrieving revision 1.85 > > diff -u -p -r1.85 Makefile > > --- Makefile 18 Sep 2017 19:25:38 - 1.85 > > +++ Makefile 4 Nov 2017 09:10:58 - > > @@ -3,8 +3,7 @@ > > COMMENT-main=apache HTTP server > [...] > > share/doc/apache2/mod/prefork.html.en > > @@ -1453,4 +1455,3 @@ share/examples/apache2/htdocs/ > > share/examples/apache2/htdocs/index.html > > @sample /var/www/htdocs/index.html > > %%ldap%% > > -@rcscript ${RCDIR}/apache2 > you should not remove the rcscript > > Good point . Corrected. > Cheers > Giovanni > Index: Makefile === RCS file: /cvs/ports/www/apache-httpd/Makefile,v retrieving revision 1.85 diff -u -p -r1.85 Makefile --- Makefile18 Sep 2017 19:25:38 - 1.85 +++ Makefile22 Nov 2017 19:15:11 - @@ -3,8 +3,7 @@ COMMENT-main= apache HTTP server COMMENT-common=/var/www files for Apache HTTPd -V= 2.4.27 -REVISION-main= 0 +V= 2.4.29 DISTNAME= httpd-${V} PKGNAME= apache-httpd-${V} Index: distinfo === RCS file: /cvs/ports/www/apache-httpd/distinfo,v retrieving revision 1.26 diff -u -p -r1.26 distinfo --- distinfo14 Jul 2017 17:14:33 - 1.26 +++ distinfo22 Nov 2017 19:15:11 - @@ -1,2 +1,2 @@ -SHA256 (httpd-2.4.27.tar.gz) = NG3T0BauXXEBAW5ogFFQvc6QQKjSRsKJqnDminzYa2Y= -SIZE (httpd-2.4.27.tar.gz) = 8603417 +SHA256 (httpd-2.4.29.tar.gz) = lI5KESeKWVRpi4gLMPQBsemrdDcT7ixygKVN1N3YcIU= +SIZE (httpd-2.4.29.tar.gz) = 8638793 Index: patches/patch-modules_ssl_mod_ssl_c === RCS file: patches/patch-modules_ssl_mod_ssl_c diff -N patches/patch-modules_ssl_mod_ssl_c --- patches/patch-modules_ssl_mod_ssl_c 14 Jul 2017 17:04:12 - 1.3 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,23 +0,0 @@ -$OpenBSD: patch-modules_ssl_mod_ssl_c,v 1.3 2017/07/14 17:04:12 sthen Exp $ - -Index: modules/ssl/mod_ssl.c modules/ssl/mod_ssl.c.orig -+++ modules/ssl/mod_ssl.c -@@ -337,7 +337,7 @@ static apr_status_t ssl_cleanup_pre_config(void *data) - #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES - ENGINE_cleanup(); - #endif --#if OPENSSL_VERSION_NUMBER >= 0x1000200fL -+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER) - SSL_COMP_free_compression_methods(); - #endif - -@@ -390,7 +390,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf, - /* We must register the library in full, to ensure our configuration - * code can successfully test the SSL environment. - */ --#if OPENSSL_VERSION_NUMBER < 0x1010L -+#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) - CRYPTO_malloc_init(); - #else - OPENSSL_malloc_init(); Index: patches/patch-modules_ssl_ssl_engine_init_c === RCS file: patches/patch-modules_ssl_ssl_engine_init_c diff -N patches/patch-modules_ssl_ssl_engine_init_c --- patches/patch-modules_ssl_ssl_engine_init_c 14 Jul 2017 17:04:12 - 1.9 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,50 +0,0 @@ -$OpenBSD: patch-modules_ssl_ssl_engine_init_c,v 1.9 2017/07/14 17:04:12 sthen Exp $ - -Index: modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_in
Re: update www/apache-httpd 2.4.29
On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote: > Hi, > > here a proposal to update to 2.4.29, removing some patches LIBRESSL's > related pushed upstream in the process. > not all of them has been pushed, ad least mod_ssl.c is missing one, I haven't looked at all patches yet. > Hope it is good. > > Kind regards. > Index: Makefile > === > RCS file: /cvs/ports/www/apache-httpd/Makefile,v > retrieving revision 1.85 > diff -u -p -r1.85 Makefile > --- Makefile 18 Sep 2017 19:25:38 - 1.85 > +++ Makefile 4 Nov 2017 09:10:58 - > @@ -3,8 +3,7 @@ > COMMENT-main=apache HTTP server [...] > share/doc/apache2/mod/prefork.html.en > @@ -1453,4 +1455,3 @@ share/examples/apache2/htdocs/ > share/examples/apache2/htdocs/index.html > @sample /var/www/htdocs/index.html > %%ldap%% > -@rcscript ${RCDIR}/apache2 you should not remove the rcscript Cheers Giovanni signature.asc Description: PGP signature
Re: update www/apache-httpd 2.4.29
ping :-) On 4 November 2017 at 09:13, David CARLIER wrote: > Hi, > > here a proposal to update to 2.4.29, removing some patches LIBRESSL's > related pushed upstream in the process. > > Hope it is good. > > Kind regards. >
update www/apache-httpd 2.4.29
Hi, here a proposal to update to 2.4.29, removing some patches LIBRESSL's related pushed upstream in the process. Hope it is good. Kind regards. Index: Makefile === RCS file: /cvs/ports/www/apache-httpd/Makefile,v retrieving revision 1.85 diff -u -p -r1.85 Makefile --- Makefile18 Sep 2017 19:25:38 - 1.85 +++ Makefile4 Nov 2017 09:10:58 - @@ -3,8 +3,7 @@ COMMENT-main= apache HTTP server COMMENT-common=/var/www files for Apache HTTPd -V= 2.4.27 -REVISION-main= 0 +V= 2.4.29 DISTNAME= httpd-${V} PKGNAME= apache-httpd-${V} Index: distinfo === RCS file: /cvs/ports/www/apache-httpd/distinfo,v retrieving revision 1.26 diff -u -p -r1.26 distinfo --- distinfo14 Jul 2017 17:14:33 - 1.26 +++ distinfo4 Nov 2017 09:10:58 - @@ -1,2 +1,2 @@ -SHA256 (httpd-2.4.27.tar.gz) = NG3T0BauXXEBAW5ogFFQvc6QQKjSRsKJqnDminzYa2Y= -SIZE (httpd-2.4.27.tar.gz) = 8603417 +SHA256 (httpd-2.4.29.tar.gz) = lI5KESeKWVRpi4gLMPQBsemrdDcT7ixygKVN1N3YcIU= +SIZE (httpd-2.4.29.tar.gz) = 8638793 Index: patches/patch-modules_ssl_mod_ssl_c === RCS file: patches/patch-modules_ssl_mod_ssl_c diff -N patches/patch-modules_ssl_mod_ssl_c --- patches/patch-modules_ssl_mod_ssl_c 14 Jul 2017 17:04:12 - 1.3 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,23 +0,0 @@ -$OpenBSD: patch-modules_ssl_mod_ssl_c,v 1.3 2017/07/14 17:04:12 sthen Exp $ - -Index: modules/ssl/mod_ssl.c modules/ssl/mod_ssl.c.orig -+++ modules/ssl/mod_ssl.c -@@ -337,7 +337,7 @@ static apr_status_t ssl_cleanup_pre_config(void *data) - #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES - ENGINE_cleanup(); - #endif --#if OPENSSL_VERSION_NUMBER >= 0x1000200fL -+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER) - SSL_COMP_free_compression_methods(); - #endif - -@@ -390,7 +390,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf, - /* We must register the library in full, to ensure our configuration - * code can successfully test the SSL environment. - */ --#if OPENSSL_VERSION_NUMBER < 0x1010L -+#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) - CRYPTO_malloc_init(); - #else - OPENSSL_malloc_init(); Index: patches/patch-modules_ssl_ssl_engine_init_c === RCS file: patches/patch-modules_ssl_ssl_engine_init_c diff -N patches/patch-modules_ssl_ssl_engine_init_c --- patches/patch-modules_ssl_ssl_engine_init_c 14 Jul 2017 17:04:12 - 1.9 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,50 +0,0 @@ -$OpenBSD: patch-modules_ssl_ssl_engine_init_c,v 1.9 2017/07/14 17:04:12 sthen Exp $ - -Index: modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_init.c.orig -+++ modules/ssl/ssl_engine_init.c -@@ -47,7 +47,7 @@ APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, ini - #define KEYTYPES "RSA or DSA" - #endif - --#if OPENSSL_VERSION_NUMBER < 0x1010L -+#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) - /* OpenSSL Pre-1.1.0 compatibility */ - /* Taken from OpenSSL 1.1.0 snapshot 20160410 */ - static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) -@@ -380,7 +380,7 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t - modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */ - - init_dh_params(); --#if OPENSSL_VERSION_NUMBER >= 0x1010L -+#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER) - init_bio_methods(); - #endif - -@@ -513,7 +513,7 @@ static apr_status_t ssl_init_ctx_protocol(server_rec * - char *cp; - int protocol = mctx->protocol; - SSLSrvConfigRec *sc = mySrvConfig(s); --#if OPENSSL_VERSION_NUMBER >= 0x1010L -+#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER) - int prot; - #endif - -@@ -583,7 +583,7 @@ static apr_status_t ssl_init_ctx_protocol(server_rec * - - SSL_CTX_set_options(ctx, SSL_OP_ALL); - --#if OPENSSL_VERSION_NUMBER < 0x1010L -+#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) - /* always disable SSLv2, as per RFC 6176 */ - SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); - -@@ -2011,7 +2011,7 @@ apr_status_t ssl_init_ModuleKill(void *data) - - } - --#if OPENSSL_VERSION_NUMBER >= 0x1010L -+#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER) - free_bio_methods(); - #endif - free_dh_params(); Index: patches/patch-modules_ssl_ssl_engine_io_c === RCS file: patches/patch-modules_ssl_ssl_engine_io_c diff -N patches/patch-modules_ssl_ssl_engine_io_c --- patches/patch-modules_ssl_ssl_engine_i