diff --git a/srcpkgs/apache/patches/libressl.patch b/srcpkgs/apache/patches/libressl.patch index 9217d7e8fd2..7729a1e674b 100644 --- a/srcpkgs/apache/patches/libressl.patch +++ b/srcpkgs/apache/patches/libressl.patch @@ -1,62 +1,11 @@ -diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c -index 48d64cb..2392019 100644 ---- ./modules/ssl/mod_ssl.c -+++ ./modules/ssl/mod_ssl.c -@@ -398,7 +398,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf, - /* We must register the library in full, to ensure our configuration - * code can successfully test the SSL environment. - */ --#if MODSSL_USE_OPENSSL_PRE_1_1_API -+#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER) - (void)CRYPTO_malloc_init(); - #else - OPENSSL_malloc_init(); -diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c -index a3a74f4..33ea494 100644 ---- ./modules/ssl/ssl_engine_init.c -+++ ./modules/ssl/ssl_engine_init.c -@@ -616,7 +616,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, - - SSL_CTX_set_options(ctx, SSL_OP_ALL); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L) - /* always disable SSLv2, as per RFC 6176 */ - SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); - -diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h -index a39569c..e0e1b37 100644 ---- ./modules/ssl/ssl_private.h -+++ ./modules/ssl/ssl_private.h -@@ -132,13 +132,14 @@ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) - #define SSL_CTX_set_max_proto_version(ctx, version) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) --#endif --/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most -- * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so -- * we have to work around this... -+#elif LIBRESSL_VERSION_NUMBER < 0x2070000f -+/* LibreSSL before 2.7 declares OPENSSL_VERSION_NUMBER == 2.0 but does not -+ * include most changes from OpenSSL >= 1.1 (new functions, macros, -+ * deprecations, ...), so we have to work around this... - */ - #define MODSSL_USE_OPENSSL_PRE_1_1_API (1) --#else -+#endif /* LIBRESSL_VERSION_NUMBER < 0x2060000f */ -+#else /* defined(LIBRESSL_VERSION_NUMBER) */ - #define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L) - #endif - -@@ -238,7 +239,8 @@ void init_bio_methods(void); - void free_bio_methods(void); - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER < 0x10002000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f) - #define X509_STORE_CTX_get0_store(x) (x->ctx) - #endif - +--- modules/ssl/ssl_engine_init.c.orig 2018-10-30 16:25:09.084840429 +0100 ++++ modules/ssl/ssl_engine_init.c 2018-10-30 16:25:55.019411636 +0100 +@@ -1492,7 +1492,7 @@ + X509_STORE_CTX *sctx; + X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx); +-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL ++#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) + /* For OpenSSL >=1.1.1, turn on client cert support which is + * otherwise turned off by default (by design). + * https://github.com/openssl/openssl/issues/6933 */ diff --git a/srcpkgs/apache/template b/srcpkgs/apache/template index 51d1145ac28..0862dace53f 100644 --- a/srcpkgs/apache/template +++ b/srcpkgs/apache/template @@ -1,7 +1,6 @@ # Template file for 'apache' pkgname=apache -reverts="2.4.37_1" -version=2.4.35 +version=2.4.37 revision=2 wrksrc="httpd-${version}" build_style=gnu-configure @@ -38,7 +37,7 @@ homepage="http://httpd.apache.org/" changelog="http://www.apache.org/dist/httpd/CHANGES_2.4" license="Apache-2.0" distfiles="https://archive.apache.org/dist/httpd/httpd-${version}.tar.bz2" -checksum=2607c6fdd4d12ac3f583127629291e9432b247b782396a563bec5678aae69b56 +checksum=3498dc5c6772fac2eb7307dc7963122ffe243b5e806e0be4fb51974ff759d726 system_accounts="_${pkgname}" _apache_homedir="/srv/www/$pkgname"