Date: Fri, 30 Jan 2026 17:04:56 +0000 From: Michael Osipov <michaelo@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 99c91e99baae - main - www/tomcat-native2: Upgrade port to 2.0.12 Message-ID: <697ce4b8.40772.1c75b0fb@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by michaelo: URL: https://cgit.FreeBSD.org/ports/commit/?id=99c91e99baae1f10136796a261d183566dc1c8b1 commit 99c91e99baae1f10136796a261d183566dc1c8b1 Author: Michael Osipov <michaelo@FreeBSD.org> AuthorDate: 2026-01-29 21:24:18 +0000 Commit: Michael Osipov <michaelo@FreeBSD.org> CommitDate: 2026-01-30 17:04:44 +0000 www/tomcat-native2: Upgrade port to 2.0.12 This release finally drops backported OpenSSL 1.1.1 support, thus FreeBSD 13 support because the patches fail to apply due to upstream changes to those files. MFH: 2026Q1 Changelog: https://tomcat.apache.org/native-doc/miscellaneous/changelog.html#Changes_in_2.0.12 --- www/tomcat-native2/Makefile | 5 +- www/tomcat-native2/distinfo | 6 +-- .../files/patch-include_ssl__private.h | 12 ----- www/tomcat-native2/files/patch-src_ssl.c | 63 ---------------------- www/tomcat-native2/files/patch-src_sslutils.c | 14 ----- 5 files changed, 6 insertions(+), 94 deletions(-) diff --git a/www/tomcat-native2/Makefile b/www/tomcat-native2/Makefile index e864ee6ae4ec..54cab00270ab 100644 --- a/www/tomcat-native2/Makefile +++ b/www/tomcat-native2/Makefile @@ -1,5 +1,5 @@ PORTNAME= tomcat-native -DISTVERSION= 2.0.7 +DISTVERSION= 2.0.12 CATEGORIES= www java MASTER_SITES= https://archive.apache.org/dist/tomcat/tomcat-connectors/native/${PORTVERSION}/source/ PKGNAMESUFFIX= 2 @@ -11,6 +11,8 @@ WWW= https://tomcat.apache.org/native-doc/ LICENSE= APACHE20 +IGNORE_FreeBSD_13= Does not build on FreeBSD 13.x due to OpenSSL 1.1.1 + LIB_DEPENDS= libapr-1.so:devel/apr1 USES= java libtool ssl @@ -20,7 +22,6 @@ GNU_CONFIGURE= yes CONFIGURE_ARGS= --with-apr=${LOCALBASE} \ --with-java-home=${JAVA_HOME} \ --with-ssl=${OPENSSLBASE} \ - --disable-openssl-version-check WRKSRC= ${WRKDIR}/${DISTNAME}/native diff --git a/www/tomcat-native2/distinfo b/www/tomcat-native2/distinfo index 6c7db5104702..29f282f73c90 100644 --- a/www/tomcat-native2/distinfo +++ b/www/tomcat-native2/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1713346420 -SHA256 (tomcat-native-2.0.7-src.tar.gz) = 2c5afc7edc383e47660647e9a7071ad81f58e51c7f765c12f7e7afc9203b2d4d -SIZE (tomcat-native-2.0.7-src.tar.gz) = 538131 +TIMESTAMP = 1769721811 +SHA256 (tomcat-native-2.0.12-src.tar.gz) = 8894d0f1577e78342585a706050b7ff4b557ff385cdcea0424404c593bfd3104 +SIZE (tomcat-native-2.0.12-src.tar.gz) = 470007 diff --git a/www/tomcat-native2/files/patch-include_ssl__private.h b/www/tomcat-native2/files/patch-include_ssl__private.h deleted file mode 100644 index 80ff3e5c8cd9..000000000000 --- a/www/tomcat-native2/files/patch-include_ssl__private.h +++ /dev/null @@ -1,12 +0,0 @@ ---- include/ssl_private.h.orig 2024-02-04 19:32:52 UTC -+++ include/ssl_private.h -@@ -46,9 +46,6 @@ - #include <openssl/x509v3.h> - #include <openssl/dh.h> - #include <openssl/bn.h> --#ifndef LIBRESSL_VERSION_NUMBER --#include <openssl/provider.h> --#endif - /* Avoid tripping over an engine build installed globally and detected - * when the user points at an explicit non-engine flavor of OpenSSL - */ diff --git a/www/tomcat-native2/files/patch-src_ssl.c b/www/tomcat-native2/files/patch-src_ssl.c deleted file mode 100644 index b3b37819b955..000000000000 --- a/www/tomcat-native2/files/patch-src_ssl.c +++ /dev/null @@ -1,63 +0,0 @@ ---- src/ssl.c.orig 2024-02-04 19:32:52 UTC -+++ src/ssl.c -@@ -395,30 +395,14 @@ TCN_IMPLEMENT_CALL(void, SSL, randSet)(TCN_STDARGS, js - - TCN_IMPLEMENT_CALL(jint, SSL, fipsModeGet)(TCN_STDARGS) - { --#if defined(LIBRESSL_VERSION_NUMBER) - UNREFERENCED(o); -- /* LibreSSL doesn't support FIPS */ -- return 0; -+#ifdef OPENSSL_FIPS -+ return FIPS_mode(); - #else -- EVP_MD *md; -- const OSSL_PROVIDER *provider; -- const char *name; -- UNREFERENCED(o); -+ /* FIPS is unavailable */ -+ tcn_ThrowException(e, "FIPS was not available to tcnative at build time. You will need to re-build tcnative against an OpenSSL with FIPS."); - -- // Maps the OpenSSL 3. x onwards behaviour to theOpenSSL 1.x API -- -- // Checks that FIPS is the default provider -- md = EVP_MD_fetch(NULL, "SHA-512", NULL); -- provider = EVP_MD_get0_provider(md); -- name = OSSL_PROVIDER_get0_name(provider); -- // Clean up -- EVP_MD_free(md); -- -- if (strcmp("fips", name)) { -- return 0; -- } else { -- return 1; -- } -+ return 0; - #endif - } - -@@ -427,8 +411,22 @@ TCN_IMPLEMENT_CALL(jint, SSL, fipsModeSet)(TCN_STDARGS - int r = 0; - UNREFERENCED(o); - -- /* This method should never be called when using Tomcat Native 2.x onwards */ -- tcn_ThrowException(e, "fipsModeSet is not supported in Tomcat Native 2.x onwards."); -+#ifdef OPENSSL_FIPS -+ if(1 != (r = (jint)FIPS_mode_set((int)mode))) { -+ /* arrange to get a human-readable error message */ -+ unsigned long err = SSL_ERR_get(); -+ char msg[256]; -+ -+ /* ERR_load_crypto_strings() already called in initialize() */ -+ -+ ERR_error_string_n(err, msg, 256); -+ -+ tcn_ThrowException(e, msg); -+ } -+#else -+ /* FIPS is unavailable */ -+ tcn_ThrowException(e, "FIPS was not available to tcnative at build time. You will need to re-build tcnative against an OpenSSL with FIPS."); -+#endif - - return r; - } diff --git a/www/tomcat-native2/files/patch-src_sslutils.c b/www/tomcat-native2/files/patch-src_sslutils.c deleted file mode 100644 index 39d22ddc7850..000000000000 --- a/www/tomcat-native2/files/patch-src_sslutils.c +++ /dev/null @@ -1,14 +0,0 @@ ---- src/sslutils.c.orig 2024-02-04 19:32:52 UTC -+++ src/sslutils.c -@@ -946,11 +946,7 @@ static OCSP_RESPONSE *get_ocsp_response(apr_pool_t *p, - int ok = 0; - apr_socket_t *apr_sock = NULL; - apr_pool_t *mp; --#ifdef LIBRESSL_VERSION_NUMBER - if (OCSP_parse_url(url, &hostname, &c_port, &path, &use_ssl) == 0) --#else -- if (OSSL_HTTP_parse_url(url, &use_ssl, NULL, &hostname, &c_port, NULL, &path, NULL, NULL) == 0) --#endif - goto end; - - if (sscanf(c_port, "%d", &port) != 1)home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?697ce4b8.40772.1c75b0fb>