Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 14 Jul 2017 12:28:12 +0000 (UTC)
From:      Bernard Spil <brnrd@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r445747 - in branches/2017Q3/www/apache24: . files
Message-ID:  <201707141228.v6ECSCO1056281@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: brnrd
Date: Fri Jul 14 12:28:12 2017
New Revision: 445747
URL: https://svnweb.freebsd.org/changeset/ports/445747

Log:
  MFH: r445603
  
  www/apache24: Update to 2.4.27
  
   - Bugfix update to 2.4.27
   - Fix build with LibreSSL [1]
   - Add brotli compression option
   - Add pkg-message for 10.3 base-ssl users
   - HTTP/2 is production ready, default enable
     - warn users of 10.3 for mod_http2/OpenSSL 1.0.1
  
  [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61184
  
  PR:             220160 [1]
  Reported by:    Markus Kohlmeyer <rootservice@gmail.com>
  Reviewed by:    ohauer (hat)
  Approved by:    ohauer (hat)
  Differential Revision:  https://reviews.freebsd.org/D11285
  
  Approved by:	ports-secteam (junovitch)

Added:
  branches/2017Q3/www/apache24/files/patch-modules_ssl_mod__ssl.c
     - copied unchanged from r445603, head/www/apache24/files/patch-modules_ssl_mod__ssl.c
  branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__init.c
     - copied unchanged from r445603, head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c
  branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__io.c
     - copied unchanged from r445603, head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c
  branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c
     - copied unchanged from r445603, head/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c
  branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c
     - copied unchanged from r445603, head/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c
  branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__private.h
     - copied unchanged from r445603, head/www/apache24/files/patch-modules_ssl_ssl__private.h
  branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__util.c
     - copied unchanged from r445603, head/www/apache24/files/patch-modules_ssl_ssl__util.c
  branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h
     - copied unchanged from r445603, head/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h
  branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c
     - copied unchanged from r445603, head/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c
  branches/2017Q3/www/apache24/files/patch-support_ab.c
     - copied unchanged from r445603, head/www/apache24/files/patch-support_ab.c
  branches/2017Q3/www/apache24/files/pkg-message.in
     - copied unchanged from r445603, head/www/apache24/files/pkg-message.in
Modified:
  branches/2017Q3/www/apache24/Makefile
  branches/2017Q3/www/apache24/Makefile.options
  branches/2017Q3/www/apache24/Makefile.options.desc
  branches/2017Q3/www/apache24/distinfo
  branches/2017Q3/www/apache24/pkg-plist
Directory Properties:
  branches/2017Q3/   (props changed)

Modified: branches/2017Q3/www/apache24/Makefile
==============================================================================
--- branches/2017Q3/www/apache24/Makefile	Fri Jul 14 11:35:50 2017	(r445746)
+++ branches/2017Q3/www/apache24/Makefile	Fri Jul 14 12:28:12 2017	(r445747)
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	apache24
-PORTVERSION=	2.4.26
+PORTVERSION=	2.4.27
 CATEGORIES=	www ipv6
 MASTER_SITES=	APACHE_HTTPD
 DISTNAME=	httpd-${PORTVERSION}
@@ -78,6 +78,8 @@ IPV4_MAPPED_CONFIGURE_ENABLE=	v4-mapped
 
 LDAP_CONFIGURE_ON=		--enable-ldap=shared
 
+BROTLI_CONFIGURE_ON=		--with-brotli=${LOCALBASE}
+BROTLI_LIB_DEPENDS=		libbrotlicommon.so:archivers/brotli
 HTTP2_CONFIGURE_ON=		--with-nghttp2=${LOCALBASE}
 HTTP2_LIB_DEPENDS=		libnghttp2.so:www/libnghttp2
 LUAJIT_LIB_DEPENDS=		libluajit-5.1.so:lang/luajit
@@ -85,7 +87,6 @@ LUA_CONFIGURE_WITH=		lua
 LUA_USES=			lua
 PROXY_HTTP2_CONFIGURE_ON=	--with-nghttp2=${LOCALBASE}
 PROXY_HTTP2_LIB_DEPENDS=	libnghttp2.so:www/libnghttp2
-
 SOCACHE_DC_CONFIGURE_ON=	--with-distcache=${LOCALBASE}
 SOCACHE_DC_LIB_DEPENDS=		libdistcache.so:security/distcache
 
@@ -98,7 +99,6 @@ SSL_LDFLAGS=			-L${OPENSSLLIB}
 SSL_USES=			ssl
 
 .include <bsd.port.options.mk>
-
 ETC_SUBDIRS=		Includes envvars.d extra modules.d
 
 APR_CONFIG?=		${LOCALBASE}/bin/apr-1-config
@@ -149,6 +149,11 @@ USE_GNOME=	libxml2
 
 .include <bsd.port.pre.mk>
 .include "${APACHEDIR}/Makefile.modules"
+
+.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1100085 &&\
+	${PORT_OPTIONS:MHTTP2} && ${OPENSSLBASE} == /usr
+SUB_FILES+=    pkg-message
+.endif
 
 post-extract:
 # remove possible leftover .svn directories in the sources

Modified: branches/2017Q3/www/apache24/Makefile.options
==============================================================================
--- branches/2017Q3/www/apache24/Makefile.options	Fri Jul 14 11:35:50 2017	(r445746)
+++ branches/2017Q3/www/apache24/Makefile.options	Fri Jul 14 12:28:12 2017	(r445747)
@@ -11,11 +11,10 @@
 
 # mod_proxy_html and xml2enc depending on libxml2
 PROXY_ENABLED_MODULES= \
-	PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_EXPRESS PROXY_FCGI \
+	PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_EXPRESS PROXY_FCGI PROXY_HTTP2 \
 	PROXY_FDPASS PROXY_FTP PROXY_HCHECK PROXY_HTML PROXY_HTTP PROXY_SCGI PROXY_WSTUNNEL
 
-PROXY_DISABLED_MODULES=	\
-	PROXY_HTTP2
+PROXY_DISABLED_MODULES=
 
 # SESSION_CRYPTO need APR build with crypto (EVP support in APR)
 SESSION_ENABLED_MODULES= \
@@ -40,7 +39,7 @@ MOST_ENABLED_MODULES= \
 	DATA DAV DAV_FS DAV_LOCK DBD DEFLATE DIALUP DIR DUMPIO \
 	ENV EXPIRES EXT_FILTER \
 	FILE_CACHE FILTER \
-	HEADERS HEARTBEAT HEARTMONITOR \
+	HEADERS HEARTBEAT HEARTMONITOR HTTP2 \
 	IMAGEMAP INCLUDE INFO \
 	LBMETHOD_BYBUSYNESS LBMETHOD_BYREQUESTS LBMETHOD_BYTRAFFIC \
 	LBMETHOD_HEARTBEAT LOGIO LOG_DEBUG LOG_FORENSIC \
@@ -55,9 +54,8 @@ MOST_ENABLED_MODULES= \
 	WATCHDOG XML2ENC
 
 MOST_DISABLED_MODULES:= \
-	AUTHNZ_LDAP IDENT LDAP LUA SOCACHE_DC SUEXEC HTTP2
+	AUTHNZ_LDAP BROTLI IDENT LDAP LUA SOCACHE_DC SUEXEC
 
-# XXX PROXY and SESSION are modules but also used to
 #     enable/disable additional PROXY/SESSION modules
 META_MODULES=	PROXY SESSION
 
@@ -100,4 +98,3 @@ OPTIONS_DEFAULT:=		\
 	${PROXY_ENABLED_MODULES} \
 	MPM_SHARED \
 	MPM_PREFORK
-

Modified: branches/2017Q3/www/apache24/Makefile.options.desc
==============================================================================
--- branches/2017Q3/www/apache24/Makefile.options.desc	Fri Jul 14 11:35:50 2017	(r445746)
+++ branches/2017Q3/www/apache24/Makefile.options.desc	Fri Jul 14 12:28:12 2017	(r445747)
@@ -63,6 +63,7 @@ AUTH_DIGEST_DESC=		RFC2617 Digest authentication
 AUTH_FORM_DESC=			Form authentication
 AUTOINDEX_DESC=			Directory listing
 
+BROTLI_DESC=			Brotli compression support
 BUCKETEER_DESC=			(dev) buckets manipulation filter
 BUFFER_DESC=			Filter Buffering
 
@@ -99,7 +100,7 @@ FILTER_DESC=			Smart Filtering
 HEADERS_DESC=			HTTP header control
 HEARTBEAT_DESC=			Generates Heartbeats
 HEARTMONITOR_DESC=		Collects Heartbeats
-HTTP2_DESC=			HTTP/2 (RFC 7540) support (experimental)
+HTTP2_DESC=			HTTP/2 (RFC 7540) support
 
 IDENT_DESC=			RFC 1413 ident lookups
 IMAGEMAP_DESC=			Server-side imagemaps

Modified: branches/2017Q3/www/apache24/distinfo
==============================================================================
--- branches/2017Q3/www/apache24/distinfo	Fri Jul 14 11:35:50 2017	(r445746)
+++ branches/2017Q3/www/apache24/distinfo	Fri Jul 14 12:28:12 2017	(r445747)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1498129310
-SHA256 (apache24/httpd-2.4.26.tar.bz2) = a07eb52fafc879e0149d31882f7da63173e72df4478db4dc69f7a775b663d387
-SIZE (apache24/httpd-2.4.26.tar.bz2) = 6524642
+TIMESTAMP = 1499686775
+SHA256 (apache24/httpd-2.4.27.tar.bz2) = 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a
+SIZE (apache24/httpd-2.4.27.tar.bz2) = 6527394

Copied: branches/2017Q3/www/apache24/files/patch-modules_ssl_mod__ssl.c (from r445603, head/www/apache24/files/patch-modules_ssl_mod__ssl.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2017Q3/www/apache24/files/patch-modules_ssl_mod__ssl.c	Fri Jul 14 12:28:12 2017	(r445747, copy of r445603, head/www/apache24/files/patch-modules_ssl_mod__ssl.c)
@@ -0,0 +1,34 @@
+--- modules/ssl/mod_ssl.c.orig	2017-04-03 11:39:20 UTC
++++ modules/ssl/mod_ssl.c
+@@ -337,12 +337,12 @@ static apr_status_t ssl_cleanup_pre_conf
+ #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
+     ENGINE_cleanup();
+ #endif
+-#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
++#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_COMP)
+     SSL_COMP_free_compression_methods();
+ #endif
+ 
+     /* Usually needed per thread, but this parent process is single-threaded */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #if OPENSSL_VERSION_NUMBER >= 0x1000000fL
+     ERR_remove_thread_state(NULL);
+ #else
+@@ -383,14 +383,14 @@ static int ssl_hook_pre_config(apr_pool_
+     /* Some OpenSSL internals are allocated per-thread, make sure they
+      * are associated to the/our same thread-id until cleaned up.
+      */
+-#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     ssl_util_thread_id_setup(pconf);
+ #endif
+ 
+     /* We must register the library in full, to ensure our configuration
+      * code can successfully test the SSL environment.
+      */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     CRYPTO_malloc_init();
+ #else
+     OPENSSL_malloc_init();

Copied: branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__init.c (from r445603, head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__init.c	Fri Jul 14 12:28:12 2017	(r445747, copy of r445603, head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c)
@@ -0,0 +1,47 @@
+--- modules/ssl/ssl_engine_init.c.orig	2017-04-03 11:39:20 UTC
++++ modules/ssl/ssl_engine_init.c
+@@ -47,7 +47,7 @@ APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl,
+ #define KEYTYPES "RSA or DSA"
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /* OpenSSL Pre-1.1.0 compatibility */
+ /* Taken from OpenSSL 1.1.0 snapshot 20160410 */
+ static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+@@ -257,7 +257,7 @@ apr_status_t ssl_init_Module(apr_pool_t 
+ #endif
+     }
+ 
+-#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if APR_HAS_THREADS && ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
+     ssl_util_thread_setup(p);
+ #endif
+ 
+@@ -380,7 +380,7 @@ apr_status_t ssl_init_Module(apr_pool_t 
+     modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */
+ 
+     init_dh_params();
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     init_bio_methods();
+ #endif
+ 
+@@ -1301,7 +1301,7 @@ static apr_status_t ssl_init_server_cert
+      * or configure NIST P-256 (required to enable ECDHE for earlier versions)
+      * ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList
+      */
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+     else {
+ #if defined(SSL_CTX_set_ecdh_auto)
+         SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
+@@ -2011,7 +2011,7 @@ apr_status_t ssl_init_ModuleKill(void *d
+ 
+     }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     free_bio_methods();
+ #endif
+     free_dh_params();

Copied: branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__io.c (from r445603, head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__io.c	Fri Jul 14 12:28:12 2017	(r445747, copy of r445603, head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c)
@@ -0,0 +1,38 @@
+--- modules/ssl/ssl_engine_io.c.orig	2017-05-30 12:26:05 UTC
++++ modules/ssl/ssl_engine_io.c
+@@ -164,7 +164,7 @@ static int bio_filter_create(BIO *bio)
+ {
+     BIO_set_shutdown(bio, 1);
+     BIO_set_init(bio, 1);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     /* No setter method for OpenSSL 1.1.0 available,
+      * but I can't find any functional use of the
+      * "num" field there either.
+@@ -549,7 +549,7 @@ static long bio_filter_in_ctrl(BIO *bio,
+     return -1;
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+         
+ static BIO_METHOD bio_filter_out_method = {
+     BIO_TYPE_MEM,
+@@ -2024,7 +2024,7 @@ static void ssl_io_input_add_filter(ssl_
+ 
+     filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, r, c);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     filter_ctx->pbioRead = BIO_new(&bio_filter_in_method);
+ #else
+     filter_ctx->pbioRead = BIO_new(bio_filter_in_method);
+@@ -2059,7 +2059,7 @@ void ssl_io_filter_init(conn_rec *c, req
+     filter_ctx->pOutputFilter   = ap_add_output_filter(ssl_io_filter,
+                                                        filter_ctx, r, c);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     filter_ctx->pbioWrite       = BIO_new(&bio_filter_out_method);
+ #else
+     filter_ctx->pbioWrite       = BIO_new(bio_filter_out_method);

Copied: branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c (from r445603, head/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c	Fri Jul 14 12:28:12 2017	(r445747, copy of r445603, head/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c)
@@ -0,0 +1,11 @@
+--- modules/ssl/ssl_engine_kernel.c.orig	2017-05-02 11:01:17 UTC
++++ modules/ssl/ssl_engine_kernel.c
+@@ -1733,7 +1733,7 @@ static void modssl_proxy_info_log(conn_r
+  * so we need to increment here to prevent them from
+  * being freed.
+  */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define modssl_set_cert_info(info, cert, pkey) \
+     *cert = info->x509; \
+     CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \

Copied: branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c (from r445603, head/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c	Fri Jul 14 12:28:12 2017	(r445747, copy of r445603, head/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c)
@@ -0,0 +1,11 @@
+--- modules/ssl/ssl_engine_vars.c.orig	2017-03-20 12:01:16 UTC
++++ modules/ssl/ssl_engine_vars.c
+@@ -529,7 +529,7 @@ static char *ssl_var_lookup_ssl_cert(apr
+         resdup = FALSE;
+     }
+     else if (strcEQ(var, "A_SIG")) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+         nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->signature->algorithm));
+ #else
+         const ASN1_OBJECT *paobj;

Copied: branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__private.h (from r445603, head/www/apache24/files/patch-modules_ssl_ssl__private.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__private.h	Fri Jul 14 12:28:12 2017	(r445747, copy of r445603, head/www/apache24/files/patch-modules_ssl_ssl__private.h)
@@ -0,0 +1,55 @@
+--- modules/ssl/ssl_private.h.orig	2017-04-03 11:39:20 UTC
++++ modules/ssl/ssl_private.h
+@@ -123,6 +123,16 @@
+ #define MODSSL_SSL_METHOD_CONST
+ #endif
+ 
++#if defined(LIBRESSL_VERSION_NUMBER)
++/* Missing from LibreSSL */
++#define SSL_CTRL_SET_MIN_PROTO_VERSION          123
++#define SSL_CTRL_SET_MAX_PROTO_VERSION          124
++#define SSL_CTX_set_min_proto_version(ctx, version) \
++        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
++#define SSL_CTX_set_max_proto_version(ctx, version) \
++        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
++#endif
++
+ #if defined(OPENSSL_FIPS)
+ #define HAVE_FIPS
+ #endif
+@@ -136,7 +146,7 @@
+ #endif
+ 
+ /* session id constness */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define IDCONST
+ #else
+ #define IDCONST const
+@@ -199,7 +209,7 @@
+ 
+ #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define BN_get_rfc2409_prime_768   get_rfc2409_prime_768
+ #define BN_get_rfc2409_prime_1024  get_rfc2409_prime_1024
+ #define BN_get_rfc3526_prime_1536  get_rfc3526_prime_1536
+@@ -219,7 +229,7 @@ void init_bio_methods(void);
+ void free_bio_methods(void);
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10002000L
++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define X509_STORE_CTX_get0_store(x) (x->ctx)
+ #endif
+ 
+@@ -934,7 +944,7 @@ char        *ssl_util_readfilter(server_
+                                  const char * const *);
+ BOOL         ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
+ #if APR_HAS_THREADS
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ void         ssl_util_thread_setup(apr_pool_t *);
+ #endif
+ void         ssl_util_thread_id_setup(apr_pool_t *);

Copied: branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__util.c (from r445603, head/www/apache24/files/patch-modules_ssl_ssl__util.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__util.c	Fri Jul 14 12:28:12 2017	(r445747, copy of r445603, head/www/apache24/files/patch-modules_ssl_ssl__util.c)
@@ -0,0 +1,11 @@
+--- modules/ssl/ssl_util.c.orig	2017-03-24 13:31:03 UTC
++++ modules/ssl/ssl_util.c
+@@ -247,7 +247,7 @@ void ssl_asn1_table_unset(apr_hash_t *ta
+ }
+ 
+ #if APR_HAS_THREADS
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /*
+  * To ensure thread-safetyness in OpenSSL - work in progress
+  */

Copied: branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h (from r445603, head/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h	Fri Jul 14 12:28:12 2017	(r445747, copy of r445603, head/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h)
@@ -0,0 +1,11 @@
+--- modules/ssl/ssl_util_ssl.h.orig	2017-03-20 12:01:16 UTC
++++ modules/ssl/ssl_util_ssl.h
+@@ -41,7 +41,7 @@
+ #define MODSSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER
+ #define MODSSL_LIBRARY_NAME    "OpenSSL"
+ #define MODSSL_LIBRARY_TEXT    OPENSSL_VERSION_TEXT
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define MODSSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION)
+ #else
+ #define MODSSL_LIBRARY_DYNTEXT OpenSSL_version(OPENSSL_VERSION)

Copied: branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c (from r445603, head/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2017Q3/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c	Fri Jul 14 12:28:12 2017	(r445747, copy of r445603, head/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c)
@@ -0,0 +1,11 @@
+--- modules/ssl/ssl_util_stapling.c.orig	2017-07-06 21:11:28 UTC
++++ modules/ssl/ssl_util_stapling.c
+@@ -91,7 +91,7 @@ static X509 *stapling_get_issuer(modssl_
+     for (i = 0; i < sk_X509_num(extra_certs); i++) {
+         issuer = sk_X509_value(extra_certs, i);
+         if (X509_check_issued(issuer, x) == X509_V_OK) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER < 0x2050000fL
+             CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509);
+ #else
+             X509_up_ref(issuer);

Copied: branches/2017Q3/www/apache24/files/patch-support_ab.c (from r445603, head/www/apache24/files/patch-support_ab.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2017Q3/www/apache24/files/patch-support_ab.c	Fri Jul 14 12:28:12 2017	(r445747, copy of r445603, head/www/apache24/files/patch-support_ab.c)
@@ -0,0 +1,17 @@
+--- support/ab.c.orig	2017-05-28 21:15:41 UTC
++++ support/ab.c
+@@ -197,6 +197,14 @@ typedef STACK_OF(X509) X509_STACK_TYPE;
+ #if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name)
+ #define HAVE_TLSEXT
+ #endif
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2060000f
++# define SSL_CTRL_SET_MIN_PROTO_VERSION	123
++# define SSL_CTRL_SET_MAX_PROTO_VERSION 124
++#define SSL_CTX_set_min_proto_version(ctx, version) \
++   SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
++#define SSL_CTX_set_max_proto_version(ctx, version) \
++   SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
++#endif
+ #endif
+ 
+ #include <math.h>

Copied: branches/2017Q3/www/apache24/files/pkg-message.in (from r445603, head/www/apache24/files/pkg-message.in)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2017Q3/www/apache24/files/pkg-message.in	Fri Jul 14 12:28:12 2017	(r445747, copy of r445603, head/www/apache24/files/pkg-message.in)
@@ -0,0 +1,5 @@
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! mod_http2 on FreeBSD with OpenSSL from base results in a mostly !!
+!! functionally unusable module due to lack of "Upgrade"           !! 
+!! capability in OpenSSL 1.0.1.                                    !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Modified: branches/2017Q3/www/apache24/pkg-plist
==============================================================================
--- branches/2017Q3/www/apache24/pkg-plist	Fri Jul 14 11:35:50 2017	(r445746)
+++ branches/2017Q3/www/apache24/pkg-plist	Fri Jul 14 12:28:12 2017	(r445747)
@@ -109,6 +109,7 @@ libexec/apache24/httpd.exp
 %%MOD_AUTHZ_OWNER%%libexec/apache24/mod_authz_owner.so
 %%MOD_AUTHZ_USER%%libexec/apache24/mod_authz_user.so
 %%MOD_AUTOINDEX%%libexec/apache24/mod_autoindex.so
+%%MOD_BROTLI%%libexec/apache24/mod_brotli.so
 %%MOD_BUCKETEER%%libexec/apache24/mod_bucketeer.so
 %%MOD_BUFFER%%libexec/apache24/mod_buffer.so
 %%MOD_CACHE%%libexec/apache24/mod_cache.so



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707141228.v6ECSCO1056281>