[gentoo-commits] repo/gentoo:master commit in: www-servers/apache/, www-servers/apache/files/

["Aaron Bauman" <bman@gentoo.org>]

commit:     10b3011a4085229faa82e2a1512a233d86bc5e80
Author:     Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 20 03:11:08 2018 +0000
Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Fri Apr 20 03:11:08 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10b3011a

www-servers/apache: compatibility patch for LibreSSL

This patch fixes building dev-libs/libressl and is based on the upstream
Git commit 8134addfabf2685e08da6d51167775b628fda0dc.

Closes: https://bugs.gentoo.org/651312
Package-Manager: Portage-2.3.31, Repoman-2.3.9

 www-servers/apache/apache-2.4.33.ebuild            |  5 ++
 .../apache-2.4.33-libressl-compatibility.patch     | 97 ++++++++++++++++++++++
 2 files changed, 102 insertions(+)

diff --git a/www-servers/apache/apache-2.4.33.ebuild b/www-servers/apache/apache-2.4.33.ebuild
index 6ec7fdfb67e..54ecf1cb053 100644
--- a/www-servers/apache/apache-2.4.33.ebuild
+++ b/www-servers/apache/apache-2.4.33.ebuild
@@ -141,6 +141,11 @@ RDEPEND+="${CDEPEND}"
 
 REQUIRED_USE="apache2_modules_http2? ( ssl )"
 
+PATCHES=(
+	# this *should* be included from upstream in the next release as it is currently in Git head
+	"${FILESDIR}/${P}-libressl-compatibility.patch"
+)
+
 pkg_setup() {
 	# dependend critical modules which are not allowed in global scope due
 	# to USE flag conditionals (bug #499260)

diff --git a/www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch b/www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch
new file mode 100644
index 00000000000..97d33468e19
--- /dev/null
+++ b/www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch
@@ -0,0 +1,97 @@
+# based on upstream commit from:
+# https://github.com/apache/httpd/commit/8134addfabf2685e08da6d51167775b628fda0dc
+# this should be included in the next release (2.4.34?)
+
+diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c
+index 66682eaf4d..8f0def2805 100644
+--- a/modules/md/md_crypt.c
++++ b/modules/md/md_crypt.c
+@@ -190,7 +190,7 @@ static int pem_passwd(char *buf, int size, int rwflag, void *baton)
+  */
+ static apr_time_t md_asn1_time_get(const ASN1_TIME* time)
+ {
+-#ifdef LIBRESSL_VERSION_NUMBER
++#ifdef LIBRESSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+     /* courtesy: https://stackoverflow.com/questions/10975542/asn1-time-to-time-t-conversion#11263731
+      * all bugs are mine */
+     apr_time_exp_t t;
+@@ -471,7 +471,7 @@ apr_status_t md_pkey_gen(md_pkey_t **ppkey, apr_pool_t *p, md_pkey_spec_t *spec)
+     }
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f)
+ 
+ #ifndef NID_tlsfeature
+ #define NID_tlsfeature          1020
+diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
+index 48d64cb624..2392019aed 100644
+--- a/modules/ssl/mod_ssl.c
++++ b/modules/ssl/mod_ssl.c
+@@ -398,7 +398,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
+     /* We must register the library in full, to ensure our configuration
+      * code can successfully test the SSL environment.
+      */
+-#if MODSSL_USE_OPENSSL_PRE_1_1_API
++#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER)
+     (void)CRYPTO_malloc_init();
+ #else
+     OPENSSL_malloc_init();
+diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
+index a3a74f474c..88c0939cab 100644
+--- a/modules/ssl/ssl_engine_init.c
++++ b/modules/ssl/ssl_engine_init.c
+@@ -546,7 +546,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
+     char *cp;
+     int protocol = mctx->protocol;
+     SSLSrvConfigRec *sc = mySrvConfig(s);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L || \
++	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L)
+     int prot;
+ #endif
+ 
+@@ -616,7 +617,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
+ 
+     SSL_CTX_set_options(ctx, SSL_OP_ALL);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L)
+     /* always disable SSLv2, as per RFC 6176 */
+     SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
+ 
+diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
+index a39569cbf7..e0e1b37087 100644
+--- a/modules/ssl/ssl_private.h
++++ b/modules/ssl/ssl_private.h
+@@ -132,13 +132,14 @@
+         SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+ #define SSL_CTX_set_max_proto_version(ctx, version) \
+         SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+-#endif
+-/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most
+- * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so
+- * we have to work around this...
++#elif LIBRESSL_VERSION_NUMBER < 0x2070000f
++/* LibreSSL before 2.7 declares OPENSSL_VERSION_NUMBER == 2.0 but does not
++ * include most changes from OpenSSL >= 1.1 (new functions, macros, 
++ * deprecations, ...), so we have to work around this...
+  */
+ #define MODSSL_USE_OPENSSL_PRE_1_1_API (1)
+-#else
++#endif /* LIBRESSL_VERSION_NUMBER < 0x2060000f */
++#else /* defined(LIBRESSL_VERSION_NUMBER) */
+ #define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ #endif
+ 
+@@ -238,7 +239,8 @@ void init_bio_methods(void);
+ void free_bio_methods(void);
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10002000L || \
++	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f)
+ #define X509_STORE_CTX_get0_store(x) (x->ctx)
+ #endif
+