* [gentoo-commits] repo/gentoo:master commit in: www-servers/apache/files/, www-servers/apache/
@ 2016-03-03 16:16 Lars Wendler
0 siblings, 0 replies; 8+ messages in thread
From: Lars Wendler @ 2016-03-03 16:16 UTC (permalink / raw
To: gentoo-commits
commit: 11d62311fe7432483fdabba794a18d59e3873e45
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 3 16:14:55 2016 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Mar 3 16:16:38 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11d62311
www-servers/apache: Revbump to add fixed init script (bug #566726)
and added a config file for http2 module.
Package-Manager: portage-2.2.27
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
www-servers/apache/Manifest | 1 +
www-servers/apache/apache-2.4.18-r1.ebuild | 237 +++++++++++++++++++++++++++++
www-servers/apache/files/41_mod_http2.conf | 9 ++
3 files changed, 247 insertions(+)
diff --git a/www-servers/apache/Manifest b/www-servers/apache/Manifest
index f8894ec..8bbaf71 100644
--- a/www-servers/apache/Manifest
+++ b/www-servers/apache/Manifest
@@ -1,5 +1,6 @@
DIST gentoo-apache-2.2.29-20140922.tar.bz2 64135 SHA256 8c69c36c2f40fb81ee905b4dd72ab74aab4563c75149d302f372a451498e2678 SHA512 1d9aa12aa3ab79b5f80ee3fda020b33ff6798e5b1abbcbc138acea06a1ab9968ad240d2bdf9c5dbb9640fa9fb6718eec7175df7cc0fb8574cc4d7d5cdfb5bcc4 WHIRLPOOL f655300f0dcd2f4503cbdb25983fed902e4b717ff57e06f66486bebd0ed7cb8df56387be74b4259bfffad949bb446c5ec28f89065b6d5239585324b610be7b88
DIST gentoo-apache-2.4.10-r1-20140731.tar.bz2 24531 SHA256 8e093a18582c3a20283ed1c09de9acc6832a80b1d5a02962599db0535d38af19 SHA512 c54239df36d7ab30bd14a41241d94b4b49b92c5e50e64857da3e7cde7575d5c0a634d51710bdf75807a57932bf9447906407ae4ef6cb333d7197e82ba5052cd9 WHIRLPOOL 0d184763a033209eaa3c91f7050b24c2a2da24d930ed280a8aa99e32461ac31402e6fd8f57e2122a96e45a8308c4a332144ede7b511ceee352be2f38a6ef7839
+DIST gentoo-apache-2.4.18-r1-20160303.tar.bz2 24505 SHA256 d81e32d876594b48a7ff6d9123bf776c5bea5453eddd2fe40f4a9b79c11537aa SHA512 68f0c4de38ae05c45839fe692cbb7de641e331ca133b8aaaf69f3659dec15833cda95e6e074edb3a5b6b6d59b3fc5a4ee3589fff810707fe27417a25cd8a4c4d WHIRLPOOL fb61224b2104e611237e1d09eb4dfb3d2b8f023348c9622f7f19434b6b77d63786c41af17a300d994c14d983676f3753ab6fa52f7a7fcd07b9cea3d7eeacc9b9
DIST httpd-2.2.31.tar.bz2 5610489 SHA256 f32f9d19f535dac63b06cb55dfc023b40dcd28196b785f79f9346779e22f26ac SHA512 5aa47d4b76f692bbd8b309135ff99152df98cf69b505b9daf3f13f7f2a31443eaf4995161adfbc47a133b4d0e091fda2d95fc6b87a956f0ada18d7466ee28e74 WHIRLPOOL a2e3e53c51719cb6f7e641b41788cd89ce7b4d2ea105b403bfa3b3d4479b69c5604228269062f66722594e105e91121d05b1c9f27ca7dc4ecfcf339da8b8375c
DIST httpd-2.4.16.tar.bz2 5101005 SHA256 ac660b47aaa7887779a6430404dcb40c0b04f90ea69e7bd49a40552e9ff13743 SHA512 039750ff962c08a7261896acc8272e59874d066f7d52721aaf967ddb737fc5716acc47e1effaf7c4d156ba61bc393e0738f64f8e89cc277ba2651e0f61d56628 WHIRLPOOL f67a4449409cd1a50fcdf4d192a3a0c90e6e3483269d19e9f0454557cbfbda7fb3535063e1738de60d6f524e22eac7fc159d2abe5a60952219c1b01ee143ae05
DIST httpd-2.4.18.tar.bz2 5181291 SHA256 0644b050de41f5c9f67c825285049b144690421acb709b06fe53eddfa8a9fd4c SHA512 8e342cc447313c07275869381c2d6f2314a96547f0c86ee1c617975d0f7ad8efb47113ab5995c733108ae4dec31ad79847e397ecea859b60414ffe1680617a31 WHIRLPOOL e0ae6b8581e2993e0f873d8928e3b54f1df750f29e82d2f1308376af440308c56e89dfb3ec051cdf164a271580ccac71ebc5b038e23ca65a9221fdfc08b47b41
diff --git a/www-servers/apache/apache-2.4.18-r1.ebuild b/www-servers/apache/apache-2.4.18-r1.ebuild
new file mode 100644
index 0000000..11ed895
--- /dev/null
+++ b/www-servers/apache/apache-2.4.18-r1.ebuild
@@ -0,0 +1,237 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# latest gentoo apache files
+GENTOO_PATCHSTAMP="20160303"
+GENTOO_DEVELOPER="polynomial-c"
+GENTOO_PATCHNAME="gentoo-apache-2.4.18-r1"
+
+# IUSE/USE_EXPAND magic
+IUSE_MPMS_FORK="peruser prefork"
+IUSE_MPMS_THREAD="event worker"
+
+# << obsolete modules:
+# authn_default authz_default mem_cache
+# mem_cache is replaced by cache_disk
+# ?? buggy modules
+# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
+# >> added modules for reason:
+# compat: compatibility with 2.2 access control
+# authz_host: new module for access control
+# authn_core: functionality provided by authn_alias in previous versions
+# authz_core: new module, provides core authorization capabilities
+# cache_disk: replacement for mem_cache
+# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
+# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
+# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
+# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
+# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
+# socache_shmcb: shared object cache provider. Default config with ssl needs it
+# unixd: fixes startup error: Invalid command 'User'
+IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest
+authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authz_core
+authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex
+cache cache_disk cern_meta charset_lite cgi cgid dav dav_fs dav_lock dbd deflate
+dir dumpio env expires ext_filter file_cache filter headers http2 ident imagemap
+include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness
+lbmethod_heartbeat log_config log_forensic logio macro mime mime_magic negotiation
+proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_html proxy_http proxy_scgi
+proxy_fcgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout setenvif
+slotmem_shm speling socache_shmcb status substitute unique_id userdir usertrack
+unixd version vhost_alias"
+# The following are also in the source as of this version, but are not available
+# for user selection:
+# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
+# optional_fn_import optional_hook_export optional_hook_import
+
+# inter-module dependencies
+# TODO: this may still be incomplete
+MODULE_DEPENDS="
+ dav_fs:dav
+ dav_lock:dav
+ deflate:filter
+ cache_disk:cache
+ ext_filter:filter
+ file_cache:cache
+ lbmethod_byrequests:proxy_balancer
+ lbmethod_byrequests:slotmem_shm
+ lbmethod_bytraffic:proxy_balancer
+ lbmethod_bybusyness:proxy_balancer
+ lbmethod_heartbeat:proxy_balancer
+ log_forensic:log_config
+ logio:log_config
+ cache_disk:cache
+ mime_magic:mime
+ proxy_ajp:proxy
+ proxy_balancer:proxy
+ proxy_balancer:slotmem_shm
+ proxy_connect:proxy
+ proxy_ftp:proxy
+ proxy_html:proxy
+ proxy_http:proxy
+ proxy_scgi:proxy
+ proxy_fcgi:proxy
+ proxy_wstunnel:proxy
+ substitute:filter
+"
+
+# module<->define mappings
+MODULE_DEFINES="
+ auth_digest:AUTH_DIGEST
+ authnz_ldap:AUTHNZ_LDAP
+ cache:CACHE
+ cache_disk:CACHE
+ dav:DAV
+ dav_fs:DAV
+ dav_lock:DAV
+ file_cache:CACHE
+ http2:HTTP2
+ info:INFO
+ ldap:LDAP
+ proxy:PROXY
+ proxy_ajp:PROXY
+ proxy_balancer:PROXY
+ proxy_connect:PROXY
+ proxy_ftp:PROXY
+ proxy_html:PROXY
+ proxy_http:PROXY
+ proxy_fcgi:PROXY
+ proxy_scgi:PROXY
+ proxy_wstunnel:PROXY
+ socache_shmcb:SSL
+ ssl:SSL
+ status:STATUS
+ suexec:SUEXEC
+ userdir:USERDIR
+"
+
+# critical modules for the default config
+MODULE_CRITICAL="
+ authn_core
+ authz_core
+ authz_host
+ dir
+ mime
+ unixd
+"
+inherit eutils apache-2 systemd toolchain-funcs
+
+DESCRIPTION="The Apache Web Server"
+HOMEPAGE="http://httpd.apache.org/"
+
+# some helper scripts are Apache-1.1, thus both are here
+LICENSE="Apache-2.0 Apache-1.1"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris"
+
+DEPEND+="apache2_modules_http2? ( >=net-libs/nghttp2-1.2.1 )"
+
+REQUIRED_USE="apache2_modules_http2? ( ssl )"
+
+pkg_setup() {
+ # dependend critical modules which are not allowed in global scope due
+ # to USE flag conditionals (bug #499260)
+ use ssl && MODULE_CRITICAL+=" socache_shmcb"
+ use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
+ apache-2_pkg_setup
+}
+
+src_configure() {
+ # Brain dead check.
+ tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no"
+
+ apache-2_src_configure
+}
+
+src_compile() {
+ if tc-is-cross-compiler; then
+ # This header is the same across targets, so use the build compiler.
+ pushd server >/dev/null
+ emake gen_test_char
+ tc-export_build_env BUILD_CC
+ ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \
+ gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die
+ popd >/dev/null
+ fi
+
+ default
+}
+
+src_install() {
+ apache-2_src_install
+ for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do
+ rm "${ED}"/$i || die "Failed to prune apache-tools bits"
+ done
+ for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do
+ rm "${ED}"/$i || die "Failed to prune apache-tools bits"
+ done
+ for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do
+ rm "${ED}"/$i || die "Failed to prune apache-tools bits"
+ done
+ for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do
+ rm "${ED}/"$i || die "Failed to prune apache-tools bits"
+ done
+
+ # install apxs in /usr/bin (bug #502384) and put a symlink into the
+ # old location until all ebuilds and eclasses have been modified to
+ # use the new location.
+ local apxs="/usr/bin/apxs"
+ cp "${S}"/support/apxs "${ED}"${apxs} || die "Failed to install apxs"
+ ln -s ../bin/apxs "${ED}"/usr/sbin/apxs || die
+ chmod 0755 "${ED}"${apxs} || die
+
+ # Note: wait for mod_systemd to be included in the next release,
+ # then apache2.4.service can be used and systemd support controlled
+ # through --enable-systemd
+ systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service"
+ systemd_dotmpfilesd "${FILESDIR}/apache.conf"
+ #insinto /etc/apache2/modules.d
+ #doins "${FILESDIR}/00_systemd.conf"
+
+ # Install http2 module config
+ insinto /etc/apache2/modules.d
+ doins "${FILESDIR}"/41_mod_http2.conf
+}
+
+pkg_postinst()
+{
+ apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
+ # warnings that default config might not work out of the box
+ for mod in $MODULE_CRITICAL; do
+ if ! use "apache2_modules_${mod}"; then
+ echo
+ ewarn "Warning: Critical module not installed!"
+ ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
+ ewarn "are highly recomended but might not be in the base profile yet."
+ ewarn "Default config for ssl needs module 'socache_shmcb'."
+ ewarn "Enabling the following flags is highly recommended:"
+ for cmod in $MODULE_CRITICAL; do
+ use "apache2_modules_${cmod}" || \
+ ewarn "+ apache2_modules_${cmod}"
+ done
+ echo
+ break
+ fi
+ done
+ # warning for proxy_balancer and missing load balancing scheduler
+ if use apache2_modules_proxy_balancer; then
+ local lbset=
+ for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
+ if use "apache2_modules_${mod}"; then
+ lbset=1 && break
+ fi
+ done
+ if [ ! $lbset ]; then
+ echo
+ ewarn "Info: Missing load balancing scheduler algorithm module"
+ ewarn "(They were split off from proxy_balancer in 2.3)"
+ ewarn "In order to get the ability of load balancing, at least"
+ ewarn "one of these modules has to be present:"
+ ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
+ echo
+ fi
+ fi
+}
diff --git a/www-servers/apache/files/41_mod_http2.conf b/www-servers/apache/files/41_mod_http2.conf
new file mode 100644
index 0000000..68b4838
--- /dev/null
+++ b/www-servers/apache/files/41_mod_http2.conf
@@ -0,0 +1,9 @@
+<IfDefine SSL>
+ <IfModule http2_module>
+ # enable debugging for this module
+ #LogLevel http2:info
+
+ #Enable HTTP/2 support
+ Protocols h2 http/1.1
+ </IfModule>
+</IfDefine>
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/apache/files/, www-servers/apache/
@ 2016-11-02 14:39 Lars Wendler
0 siblings, 0 replies; 8+ messages in thread
From: Lars Wendler @ 2016-11-02 14:39 UTC (permalink / raw
To: gentoo-commits
commit: 692a27baa1b889755b928d2766f9efee17462291
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 2 14:38:57 2016 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Nov 2 14:39:15 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=692a27ba
www-servers/apache: Security revbumps for CVE-2016-5387 (bug #589226).
Also fixes fcgi bug in apache-2.4.23 (bug #591288).
Package-Manager: portage-2.3.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
www-servers/apache/Manifest | 1 +
www-servers/apache/apache-2.2.31-r1.ebuild | 119 +++++++++++
www-servers/apache/apache-2.4.23-r2.ebuild | 245 ++++++++++++++++++++++
www-servers/apache/files/apache-asf-httpoxy.patch | 20 ++
4 files changed, 385 insertions(+)
diff --git a/www-servers/apache/Manifest b/www-servers/apache/Manifest
index 5482f14..a266c24 100644
--- a/www-servers/apache/Manifest
+++ b/www-servers/apache/Manifest
@@ -1,3 +1,4 @@
+DIST apache-2.4.23-fcgi_fix.patch 1186 SHA256 2943092f4d16f998bed1839d762be6b12254bb59b54e027ae17a2f8042c0eac7 SHA512 5dd1d2eee99322d7af398e7e9c46da4275b83d47bbdac663c022fab734715aabaf5cf0e7abe9bf7b90b69a7b6456f4df55ec33519844124906ad9021f0331e01 WHIRLPOOL 80b03d44e861b08ade36fb317a7aa8cb13a7b79b80b6d59d90d404c9ce99590d8466cb098812b4e2fbb85e69fc7a69ce973269b1ec6ce516e2ad835566534f8e
DIST gentoo-apache-2.2.29-20140922.tar.bz2 64135 SHA256 8c69c36c2f40fb81ee905b4dd72ab74aab4563c75149d302f372a451498e2678 SHA512 1d9aa12aa3ab79b5f80ee3fda020b33ff6798e5b1abbcbc138acea06a1ab9968ad240d2bdf9c5dbb9640fa9fb6718eec7175df7cc0fb8574cc4d7d5cdfb5bcc4 WHIRLPOOL f655300f0dcd2f4503cbdb25983fed902e4b717ff57e06f66486bebd0ed7cb8df56387be74b4259bfffad949bb446c5ec28f89065b6d5239585324b610be7b88
DIST gentoo-apache-2.4.18-r1-20160303.tar.bz2 24505 SHA256 d81e32d876594b48a7ff6d9123bf776c5bea5453eddd2fe40f4a9b79c11537aa SHA512 68f0c4de38ae05c45839fe692cbb7de641e331ca133b8aaaf69f3659dec15833cda95e6e074edb3a5b6b6d59b3fc5a4ee3589fff810707fe27417a25cd8a4c4d WHIRLPOOL fb61224b2104e611237e1d09eb4dfb3d2b8f023348c9622f7f19434b6b77d63786c41af17a300d994c14d983676f3753ab6fa52f7a7fcd07b9cea3d7eeacc9b9
DIST httpd-2.2.31.tar.bz2 5610489 SHA256 f32f9d19f535dac63b06cb55dfc023b40dcd28196b785f79f9346779e22f26ac SHA512 5aa47d4b76f692bbd8b309135ff99152df98cf69b505b9daf3f13f7f2a31443eaf4995161adfbc47a133b4d0e091fda2d95fc6b87a956f0ada18d7466ee28e74 WHIRLPOOL a2e3e53c51719cb6f7e641b41788cd89ce7b4d2ea105b403bfa3b3d4479b69c5604228269062f66722594e105e91121d05b1c9f27ca7dc4ecfcf339da8b8375c
diff --git a/www-servers/apache/apache-2.2.31-r1.ebuild b/www-servers/apache/apache-2.2.31-r1.ebuild
new file mode 100644
index 00000000..5e2b8c7
--- /dev/null
+++ b/www-servers/apache/apache-2.2.31-r1.ebuild
@@ -0,0 +1,119 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# latest gentoo apache files
+GENTOO_PATCHSTAMP="20140922"
+GENTOO_DEVELOPER="polynomial-c"
+GENTOO_PATCHNAME="gentoo-apache-2.2.29"
+
+# IUSE/USE_EXPAND magic
+IUSE_MPMS_FORK="itk peruser prefork"
+IUSE_MPMS_THREAD="event worker"
+
+IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
+authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
+authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
+charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
+env expires ext_filter file_cache filter headers ident imagemap include info
+log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
+proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
+reqtimeout setenvif speling status substitute unique_id userdir usertrack
+version vhost_alias"
+# The following are also in the source as of this version, but are not available
+# for user selection:
+# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
+# optional_fn_import optional_hook_export optional_hook_import
+
+# inter-module dependencies
+# TODO: this may still be incomplete
+MODULE_DEPENDS="
+ dav_fs:dav
+ dav_lock:dav
+ deflate:filter
+ disk_cache:cache
+ ext_filter:filter
+ file_cache:cache
+ log_forensic:log_config
+ logio:log_config
+ mem_cache:cache
+ mime_magic:mime
+ proxy_ajp:proxy
+ proxy_balancer:proxy
+ proxy_connect:proxy
+ proxy_ftp:proxy
+ proxy_http:proxy
+ proxy_scgi:proxy
+ substitute:filter
+"
+
+# module<->define mappings
+MODULE_DEFINES="
+ auth_digest:AUTH_DIGEST
+ authnz_ldap:AUTHNZ_LDAP
+ cache:CACHE
+ dav:DAV
+ dav_fs:DAV
+ dav_lock:DAV
+ disk_cache:CACHE
+ file_cache:CACHE
+ info:INFO
+ ldap:LDAP
+ mem_cache:CACHE
+ proxy:PROXY
+ proxy_ajp:PROXY
+ proxy_balancer:PROXY
+ proxy_connect:PROXY
+ proxy_ftp:PROXY
+ proxy_http:PROXY
+ ssl:SSL
+ status:STATUS
+ suexec:SUEXEC
+ userdir:USERDIR
+"
+
+# critical modules for the default config
+MODULE_CRITICAL="
+ authz_host
+ dir
+ mime
+"
+
+inherit apache-2 systemd toolchain-funcs
+
+DESCRIPTION="The Apache Web Server"
+HOMEPAGE="https://httpd.apache.org/"
+
+# some helper scripts are Apache-1.1, thus both are here
+LICENSE="Apache-2.0 Apache-1.1"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
+IUSE=""
+
+PATCHES=(
+ "${FILESDIR}/${PN}-asf-httpoxy.patch"
+)
+
+src_configure() {
+ # Brain dead check.
+ tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no"
+
+ apache-2_src_configure
+}
+
+src_install() {
+ apache-2_src_install
+
+ # install apxs in /usr/bin (bug #502384) and put a symlink into the
+ # old location until all ebuilds and eclasses have been modified to
+ # use the new location.
+ local apxs_dir="/usr/bin"
+ dodir ${apxs_dir}
+ mv "${D}"/usr/sbin/apxs "${D}"${apxs_dir} || die
+ ln -s ../bin/apxs "${D}"/usr/sbin/apxs || die
+
+ systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service"
+ systemd_dotmpfilesd "${FILESDIR}/apache.conf"
+}
diff --git a/www-servers/apache/apache-2.4.23-r2.ebuild b/www-servers/apache/apache-2.4.23-r2.ebuild
new file mode 100644
index 00000000..80874b3
--- /dev/null
+++ b/www-servers/apache/apache-2.4.23-r2.ebuild
@@ -0,0 +1,245 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# latest gentoo apache files
+GENTOO_PATCHSTAMP="20160303"
+GENTOO_DEVELOPER="polynomial-c"
+GENTOO_PATCHNAME="gentoo-apache-2.4.18-r1"
+
+# IUSE/USE_EXPAND magic
+IUSE_MPMS_FORK="prefork"
+IUSE_MPMS_THREAD="event worker"
+
+# << obsolete modules:
+# authn_default authz_default mem_cache
+# mem_cache is replaced by cache_disk
+# ?? buggy modules
+# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
+# >> added modules for reason:
+# compat: compatibility with 2.2 access control
+# authz_host: new module for access control
+# authn_core: functionality provided by authn_alias in previous versions
+# authz_core: new module, provides core authorization capabilities
+# cache_disk: replacement for mem_cache
+# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
+# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
+# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
+# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
+# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
+# socache_shmcb: shared object cache provider. Default config with ssl needs it
+# unixd: fixes startup error: Invalid command 'User'
+IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest
+authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authz_core
+authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex
+cache cache_disk cern_meta charset_lite cgi cgid dav dav_fs dav_lock dbd deflate
+dir dumpio env expires ext_filter file_cache filter headers http2 ident imagemap
+include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness
+lbmethod_heartbeat log_config log_forensic logio macro mime mime_magic negotiation
+proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_html proxy_http proxy_scgi
+proxy_fcgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout setenvif
+slotmem_shm speling socache_shmcb status substitute unique_id userdir usertrack
+unixd version vhost_alias"
+# The following are also in the source as of this version, but are not available
+# for user selection:
+# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
+# optional_fn_import optional_hook_export optional_hook_import
+
+# inter-module dependencies
+# TODO: this may still be incomplete
+MODULE_DEPENDS="
+ dav_fs:dav
+ dav_lock:dav
+ deflate:filter
+ cache_disk:cache
+ ext_filter:filter
+ file_cache:cache
+ lbmethod_byrequests:proxy_balancer
+ lbmethod_byrequests:slotmem_shm
+ lbmethod_bytraffic:proxy_balancer
+ lbmethod_bybusyness:proxy_balancer
+ lbmethod_heartbeat:proxy_balancer
+ log_forensic:log_config
+ logio:log_config
+ cache_disk:cache
+ mime_magic:mime
+ proxy_ajp:proxy
+ proxy_balancer:proxy
+ proxy_balancer:slotmem_shm
+ proxy_connect:proxy
+ proxy_ftp:proxy
+ proxy_html:proxy
+ proxy_http:proxy
+ proxy_scgi:proxy
+ proxy_fcgi:proxy
+ proxy_wstunnel:proxy
+ substitute:filter
+"
+
+# module<->define mappings
+MODULE_DEFINES="
+ auth_digest:AUTH_DIGEST
+ authnz_ldap:AUTHNZ_LDAP
+ cache:CACHE
+ cache_disk:CACHE
+ dav:DAV
+ dav_fs:DAV
+ dav_lock:DAV
+ file_cache:CACHE
+ http2:HTTP2
+ info:INFO
+ ldap:LDAP
+ proxy:PROXY
+ proxy_ajp:PROXY
+ proxy_balancer:PROXY
+ proxy_connect:PROXY
+ proxy_ftp:PROXY
+ proxy_html:PROXY
+ proxy_http:PROXY
+ proxy_fcgi:PROXY
+ proxy_scgi:PROXY
+ proxy_wstunnel:PROXY
+ socache_shmcb:SSL
+ ssl:SSL
+ status:STATUS
+ suexec:SUEXEC
+ userdir:USERDIR
+"
+
+# critical modules for the default config
+MODULE_CRITICAL="
+ authn_core
+ authz_core
+ authz_host
+ dir
+ mime
+ unixd
+"
+inherit eutils apache-2 systemd toolchain-funcs
+
+DESCRIPTION="The Apache Web Server"
+HOMEPAGE="https://httpd.apache.org/"
+
+# some helper scripts are Apache-1.1, thus both are here
+LICENSE="Apache-2.0 Apache-1.1"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris"
+
+# Upstream fixes
+SRC_URI+=" http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c?r1=1751970&r2=1751969&pathrev=1751970&view=patch -> ${PN}-2.4.23-fcgi_fix.patch"
+
+DEPEND+="apache2_modules_http2? ( >=net-libs/nghttp2-1.2.1 )"
+
+REQUIRED_USE="apache2_modules_http2? ( ssl )"
+
+PATCHES=(
+ "${DISTDIR}"/${P}-fcgi_fix.patch
+ "${FILESDIR}"/apache-asf-httpoxy.patch
+)
+
+pkg_setup() {
+ # dependend critical modules which are not allowed in global scope due
+ # to USE flag conditionals (bug #499260)
+ use ssl && MODULE_CRITICAL+=" socache_shmcb"
+ use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
+ apache-2_pkg_setup
+}
+
+src_configure() {
+ # Brain dead check.
+ tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no"
+
+ apache-2_src_configure
+}
+
+src_compile() {
+ if tc-is-cross-compiler; then
+ # This header is the same across targets, so use the build compiler.
+ pushd server >/dev/null
+ emake gen_test_char
+ tc-export_build_env BUILD_CC
+ ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \
+ gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die
+ popd >/dev/null
+ fi
+
+ default
+}
+
+src_install() {
+ apache-2_src_install
+ for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do
+ rm "${ED}"/$i || die "Failed to prune apache-tools bits"
+ done
+ for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do
+ rm "${ED}"/$i || die "Failed to prune apache-tools bits"
+ done
+ for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do
+ rm "${ED}"/$i || die "Failed to prune apache-tools bits"
+ done
+ for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do
+ rm "${ED}/"$i || die "Failed to prune apache-tools bits"
+ done
+
+ # install apxs in /usr/bin (bug #502384) and put a symlink into the
+ # old location until all ebuilds and eclasses have been modified to
+ # use the new location.
+ local apxs="/usr/bin/apxs"
+ cp "${S}"/support/apxs "${ED}"${apxs} || die "Failed to install apxs"
+ ln -s ../bin/apxs "${ED}"/usr/sbin/apxs || die
+ chmod 0755 "${ED}"${apxs} || die
+
+ # Note: wait for mod_systemd to be included in the next release,
+ # then apache2.4.service can be used and systemd support controlled
+ # through --enable-systemd
+ systemd_newunit "${FILESDIR}/apache2.2-hardened.service" "apache2.service"
+ systemd_dotmpfilesd "${FILESDIR}/apache.conf"
+ #insinto /etc/apache2/modules.d
+ #doins "${FILESDIR}/00_systemd.conf"
+
+ # Install http2 module config
+ insinto /etc/apache2/modules.d
+ doins "${FILESDIR}"/41_mod_http2.conf
+}
+
+pkg_postinst()
+{
+ apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
+ # warnings that default config might not work out of the box
+ for mod in $MODULE_CRITICAL; do
+ if ! use "apache2_modules_${mod}"; then
+ echo
+ ewarn "Warning: Critical module not installed!"
+ ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
+ ewarn "are highly recomended but might not be in the base profile yet."
+ ewarn "Default config for ssl needs module 'socache_shmcb'."
+ ewarn "Enabling the following flags is highly recommended:"
+ for cmod in $MODULE_CRITICAL; do
+ use "apache2_modules_${cmod}" || \
+ ewarn "+ apache2_modules_${cmod}"
+ done
+ echo
+ break
+ fi
+ done
+ # warning for proxy_balancer and missing load balancing scheduler
+ if use apache2_modules_proxy_balancer; then
+ local lbset=
+ for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
+ if use "apache2_modules_${mod}"; then
+ lbset=1 && break
+ fi
+ done
+ if [ ! $lbset ]; then
+ echo
+ ewarn "Info: Missing load balancing scheduler algorithm module"
+ ewarn "(They were split off from proxy_balancer in 2.3)"
+ ewarn "In order to get the ability of load balancing, at least"
+ ewarn "one of these modules has to be present:"
+ ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
+ echo
+ fi
+ fi
+}
diff --git a/www-servers/apache/files/apache-asf-httpoxy.patch b/www-servers/apache/files/apache-asf-httpoxy.patch
new file mode 100644
index 00000000..68e3d86
--- /dev/null
+++ b/www-servers/apache/files/apache-asf-httpoxy.patch
@@ -0,0 +1,20 @@
+https://bugs.gentoo.org/589226
+https://www.apache.org/security/asf-httpoxy-response.txt
+
+--- server/util_script.c (revision 1752426)
++++ server/util_script.c (working copy)
+@@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r
+ else if (!strcasecmp(hdrs[i].key, "Content-length")) {
+ apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
+ }
++ /* HTTP_PROXY collides with a popular envvar used to configure
++ * proxies, don't let clients set/override it. But, if you must...
++ */
++#ifndef SECURITY_HOLE_PASS_PROXY
++ else if (!strcasecmp(hdrs[i].key, "Proxy")) {
++ ;
++ }
++#endif
+ /*
+ * You really don't want to disable this check, since it leaves you
+ * wide open to CGIs stealing passwords and people viewing them
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/apache/files/, www-servers/apache/
@ 2018-07-17 7:10 Lars Wendler
0 siblings, 0 replies; 8+ messages in thread
From: Lars Wendler @ 2018-07-17 7:10 UTC (permalink / raw
To: gentoo-commits
commit: 04d8c60e97d7fcbd225b060c244a4709cd2f73ab
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 17 07:08:50 2018 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Jul 17 07:10:03 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=04d8c60e
www-servers/apache: Revbump to add new suexec related USE flags.
Also fixed a parallel install issue with suexec binary.
Closes: https://bugs.gentoo.org/661358
Package-Manager: Portage-2.3.43, Repoman-2.3.10
.../{apache-2.4.34.ebuild => apache-2.4.34-r1.ebuild} | 12 ++++++++++--
.../files/apache-2.4.34-suexec_parallel_install.patch | 19 +++++++++++++++++++
www-servers/apache/metadata.xml | 2 ++
3 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/www-servers/apache/apache-2.4.34.ebuild b/www-servers/apache/apache-2.4.34-r1.ebuild
similarity index 96%
rename from www-servers/apache/apache-2.4.34.ebuild
rename to www-servers/apache/apache-2.4.34-r1.ebuild
index eee96296f45..cf545f229ee 100644
--- a/www-servers/apache/apache-2.4.34.ebuild
+++ b/www-servers/apache/apache-2.4.34-r1.ebuild
@@ -130,21 +130,29 @@ HOMEPAGE="https://httpd.apache.org/"
# some helper scripts are Apache-1.1, thus both are here
LICENSE="Apache-2.0 Apache-1.1"
SLOT="2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris"
+
# Enable http2 by default (bug #563452)
# FIXME: Move to apache-2.eclass once this has reached stable.
IUSE="${IUSE/apache2_modules_http2/+apache2_modules_http2}"
+# New suexec options (since 2.4.34)
+IUSE="${IUSE} +suexec-caps suexec-syslog"
CDEPEND="apache2_modules_brotli? ( >=app-arch/brotli-0.6.0:= )
apache2_modules_http2? ( >=net-libs/nghttp2-1.2.1 )
apache2_modules_md? ( >=dev-libs/jansson-2.10 )"
-DEPEND+="${CDEPEND}"
+DEPEND+="${CDEPEND}
+ suexec? ( suexec-caps? ( sys-libs/libcap ) )"
RDEPEND+="${CDEPEND}"
REQUIRED_USE="apache2_modules_http2? ( ssl )
apache2_modules_md? ( ssl )"
+PATCHES=(
+ "${FILESDIR}/${PN}-2.4.34-suexec_parallel_install.patch" #661358
+)
+
pkg_setup() {
# dependend critical modules which are not allowed in global scope due
# to USE flag conditionals (bug #499260)
diff --git a/www-servers/apache/files/apache-2.4.34-suexec_parallel_install.patch b/www-servers/apache/files/apache-2.4.34-suexec_parallel_install.patch
new file mode 100644
index 00000000000..d5543f7004b
--- /dev/null
+++ b/www-servers/apache/files/apache-2.4.34-suexec_parallel_install.patch
@@ -0,0 +1,19 @@
+https://bugs.gentoo.org/661358
+
+--- httpd-2.4.34/Makefile.in
++++ httpd-2.4.34/Makefile.in
+@@ -277,12 +277,12 @@
+ $(INSTALL_PROGRAM) $(top_builddir)/support/suexec $(DESTDIR)$(sbindir); \
+ fi
+
+-install-suexec-setuid:
++install-suexec-setuid: install-suexec-binary
+ @if test -f $(builddir)/support/suexec; then \
+ chmod 4755 $(DESTDIR)$(sbindir)/suexec; \
+ fi
+
+-install-suexec-caps:
++install-suexec-caps: install-suexec-binary
+ @if test -f $(builddir)/support/suexec; then \
+ setcap 'cap_setuid,cap_setgid+pe' $(DESTDIR)$(sbindir)/suexec; \
+ fi
diff --git a/www-servers/apache/metadata.xml b/www-servers/apache/metadata.xml
index 293e43d3f29..af77bdc266c 100644
--- a/www-servers/apache/metadata.xml
+++ b/www-servers/apache/metadata.xml
@@ -13,6 +13,8 @@
</longdescription>
<use>
<flag name="suexec">Install suexec with apache</flag>
+ <flag name="suexec-caps">Install suexec with capabilities instead of SUID</flag>
+ <flag name="suexec-syslog">Log suexec to syslog instead of to a separate file</flag>
<flag name="static">Link in apache2 modules statically rather then plugins</flag>
<flag name="apache2_modules_access_compat">Group authorizations based on host (name or IP address). Available as a compatibility module with previous versions.</flag>
<flag name="apache2_modules_authn_core">Provides core authentication capabilities common to all authentication providers (functionality provided by authn_alias in previous versions).</flag>
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/apache/files/, www-servers/apache/
@ 2019-09-04 7:16 Lars Wendler
0 siblings, 0 replies; 8+ messages in thread
From: Lars Wendler @ 2019-09-04 7:16 UTC (permalink / raw
To: gentoo-commits
commit: c6c5718a40db2adb0084150bf5fb30b4d29e53d5
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 4 07:03:37 2019 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Sep 4 07:16:39 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6c5718a
www-servers/apache: Added libressl patch
Thanks-to: Stefan Strogin <steils <AT> gentoo.org>
Closes: https://bugs.gentoo.org/668060
Package-Manager: Portage-2.3.75, Repoman-2.3.17
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
www-servers/apache/apache-2.4.41.ebuild | 4 ++++
.../apache/files/apache-2.4.41-libressl.patch | 27 ++++++++++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/www-servers/apache/apache-2.4.41.ebuild b/www-servers/apache/apache-2.4.41.ebuild
index 08d40edf1cc..36acc74b412 100644
--- a/www-servers/apache/apache-2.4.41.ebuild
+++ b/www-servers/apache/apache-2.4.41.ebuild
@@ -160,6 +160,10 @@ RDEPEND+="${CDEPEND}"
REQUIRED_USE="apache2_modules_http2? ( ssl )
apache2_modules_md? ( ssl )"
+PATCHES=(
+ "${FILESDIR}/${PN}-2.4.41-libressl.patch" #668060
+)
+
pkg_setup() {
# dependend critical modules which are not allowed in global scope due
# to USE flag conditionals (bug #499260)
diff --git a/www-servers/apache/files/apache-2.4.41-libressl.patch b/www-servers/apache/files/apache-2.4.41-libressl.patch
new file mode 100644
index 00000000000..86a1a7d0236
--- /dev/null
+++ b/www-servers/apache/files/apache-2.4.41-libressl.patch
@@ -0,0 +1,27 @@
+From d446b977f28ec79fffc2d2b45c671e037b709f19 Mon Sep 17 00:00:00 2001
+From: Stefan Strogin <steils@gentoo.org>
+Date: Wed, 28 Aug 2019 02:15:42 +0300
+Subject: [PATCH] mod_ssl: fix compilation with LibreSSL
+
+Upstream-Status: Submitted [https://github.com/apache/httpd/pull/64]
+Signed-off-by: Stefan Strogin <steils@gentoo.org>
+---
+ modules/ssl/ssl_engine_init.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
+index f54c922fc7..646c903fea 100644
+--- a/modules/ssl/ssl_engine_init.c
++++ b/modules/ssl/ssl_engine_init.c
+@@ -1512,7 +1512,7 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s,
+ X509_STORE_CTX *sctx;
+ X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
+
+-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
++#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
+ /* For OpenSSL >=1.1.1, turn on client cert support which is
+ * otherwise turned off by default (by design).
+ * https://github.com/openssl/openssl/issues/6933 */
+--
+2.23.0
+
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/apache/files/, www-servers/apache/
@ 2022-07-22 7:51 Hans de Graaff
0 siblings, 0 replies; 8+ messages in thread
From: Hans de Graaff @ 2022-07-22 7:51 UTC (permalink / raw
To: gentoo-commits
commit: 5b1026e2a5c0761ed5b820a903312e186849fd16
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Tue Jul 19 15:07:50 2022 +0000
Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org>
CommitDate: Fri Jul 22 07:51:12 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b1026e2
www-servers/apache: Fix the build with rlibtool
Bug: https://bugs.gentoo.org/858836
Signed-off-by: orbea <orbea <AT> riseup.net>
Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org>
www-servers/apache/apache-2.4.54-r5.ebuild | 259 +++++++++++++++++++++
.../apache/files/apache-2.4.54-libtool.patch | 21 ++
2 files changed, 280 insertions(+)
diff --git a/www-servers/apache/apache-2.4.54-r5.ebuild b/www-servers/apache/apache-2.4.54-r5.ebuild
new file mode 100644
index 000000000000..21b251bc2cf3
--- /dev/null
+++ b/www-servers/apache/apache-2.4.54-r5.ebuild
@@ -0,0 +1,259 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# latest gentoo apache files
+GENTOO_PATCHSTAMP="20210212"
+GENTOO_DEVELOPER="polynomial-c"
+GENTOO_PATCHNAME="gentoo-apache-2.4.46-r6"
+
+# IUSE/USE_EXPAND magic
+IUSE_MPMS_FORK="prefork"
+IUSE_MPMS_THREAD="event worker"
+
+# << obsolete modules:
+# authn_default authz_default mem_cache
+# mem_cache is replaced by cache_disk
+# ?? buggy modules
+# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
+# >> added modules for reason:
+# compat: compatibility with 2.2 access control
+# authz_host: new module for access control
+# authn_core: functionality provided by authn_alias in previous versions
+# authz_core: new module, provides core authorization capabilities
+# cache_disk: replacement for mem_cache
+# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
+# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
+# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
+# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
+# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
+# socache_shmcb: shared object cache provider. Default config with ssl needs it
+# unixd: fixes startup error: Invalid command 'User'
+IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest auth_form
+authn_anon authn_core authn_dbd authn_dbm authn_file authn_socache authz_core
+authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex
+brotli cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock
+dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2
+ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness
+lbmethod_heartbeat log_config log_forensic logio lua macro md mime mime_magic negotiation
+proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_hcheck proxy_html proxy_http proxy_scgi
+proxy_http2 proxy_fcgi proxy_uwsgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout
+session session_cookie session_crypto session_dbd setenvif slotmem_shm socache_memcache
+socache_shmcb speling status substitute systemd unique_id userdir usertrack
+unixd version vhost_alias watchdog xml2enc"
+# The following are also in the source as of this version, but are not available
+# for user selection:
+# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
+# optional_fn_import optional_hook_export optional_hook_import
+
+# inter-module dependencies
+# TODO: this may still be incomplete
+MODULE_DEPENDS="
+ auth_form:session
+ brotli:filter
+ dav_fs:dav
+ dav_lock:dav
+ deflate:filter
+ cache_disk:cache
+ ext_filter:filter
+ file_cache:cache
+ lbmethod_byrequests:proxy_balancer
+ lbmethod_byrequests:slotmem_shm
+ lbmethod_bytraffic:proxy_balancer
+ lbmethod_bybusyness:proxy_balancer
+ lbmethod_heartbeat:proxy_balancer
+ log_forensic:log_config
+ logio:log_config
+ cache_disk:cache
+ cache_socache:cache
+ md:watchdog
+ mime_magic:mime
+ proxy_ajp:proxy
+ proxy_balancer:proxy
+ proxy_balancer:slotmem_shm
+ proxy_connect:proxy
+ proxy_ftp:proxy
+ proxy_hcheck:proxy
+ proxy_hcheck:watchdog
+ proxy_html:proxy
+ proxy_html:xml2enc
+ proxy_http:proxy
+ proxy_http2:proxy
+ proxy_scgi:proxy
+ proxy_uwsgi:proxy
+ proxy_fcgi:proxy
+ proxy_wstunnel:proxy
+ session_cookie:session
+ session_dbd:dbd
+ session_dbd:session
+ socache_memcache:cache
+ substitute:filter
+"
+
+# module<->define mappings
+MODULE_DEFINES="
+ auth_digest:AUTH_DIGEST
+ authnz_ldap:AUTHNZ_LDAP
+ cache:CACHE
+ cache_disk:CACHE
+ cache_socache:CACHE
+ dav:DAV
+ dav_fs:DAV
+ dav_lock:DAV
+ file_cache:CACHE
+ http2:HTTP2
+ info:INFO
+ ldap:LDAP
+ lua:LUA
+ md:SSL
+ proxy:PROXY
+ proxy_ajp:PROXY
+ proxy_balancer:PROXY
+ proxy_connect:PROXY
+ proxy_ftp:PROXY
+ proxy_html:PROXY
+ proxy_http:PROXY
+ proxy_hcheck:PROXY
+ proxy_fcgi:PROXY
+ proxy_scgi:PROXY
+ proxy_wstunnel:PROXY
+ socache_shmcb:SSL
+ socache_memcache:CACHE
+ ssl:SSL
+ status:STATUS
+ suexec:SUEXEC
+ systemd:SYSTEMD
+ userdir:USERDIR
+"
+
+# critical modules for the default config
+MODULE_CRITICAL="
+ authn_core
+ authz_core
+ authz_host
+ dir
+ mime
+ unixd
+"
+inherit apache-2 systemd tmpfiles toolchain-funcs
+
+DESCRIPTION="The Apache Web Server"
+HOMEPAGE="https://httpd.apache.org/"
+
+# some helper scripts are Apache-1.1, thus both are here
+LICENSE="Apache-2.0 Apache-1.1"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x64-macos ~sparc64-solaris ~x64-solaris"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.4.54-no-which.patch # bug #844868
+ "${FILESDIR}"/${PN}-2.4.54-libtool.patch # bug #858836
+)
+
+pkg_setup() {
+ # dependend critical modules which are not allowed in global scope due
+ # to USE flag conditionals (bug #499260)
+ use ssl && MODULE_CRITICAL+=" socache_shmcb"
+ use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
+ apache-2_pkg_setup
+}
+
+src_configure() {
+ # Brain dead check.
+ tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no"
+
+ apache-2_src_configure
+}
+
+src_compile() {
+ if tc-is-cross-compiler ; then
+ # This header is the same across targets, so use the build compiler.
+ pushd server >/dev/null
+ emake gen_test_char
+ tc-export_build_env BUILD_CC
+ ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \
+ gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die
+ popd >/dev/null
+ fi
+
+ default
+}
+
+src_install() {
+ apache-2_src_install
+ local i
+ local apache_tools_prune_list=(
+ /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}
+ /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}
+ /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}
+ /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}
+ )
+ for i in ${apache_tools_prune_list[@]} ; do
+ rm "${ED}"/${i} || die "Failed to prune apache-tools bits"
+ done
+
+ # install apxs in /usr/bin (bug #502384) and put a symlink into the
+ # old location until all ebuilds and eclasses have been modified to
+ # use the new location.
+ dobin support/apxs
+ use split-usr && dosym ../bin/apxs /usr/sbin/apxs
+
+ # Note: wait for mod_systemd to be included in some forthcoming release,
+ # Then apache2.4.service can be used and systemd support controlled
+ # through --enable-systemd
+ systemd_newunit "${FILESDIR}/apache2.2-hardened.service" "apache2.service"
+ dotmpfiles "${FILESDIR}/apache.conf"
+ #insinto /etc/apache2/modules.d
+ #doins "${FILESDIR}/00_systemd.conf"
+
+ # Install http2 module config
+ insinto /etc/apache2/modules.d
+ doins "${FILESDIR}"/41_mod_http2.conf
+
+ # Fix path to apache libdir
+ sed "s|@LIBDIR@|$(get_libdir)|" -i "${ED}"/usr/sbin/apache2ctl || die
+}
+
+pkg_postinst() {
+ apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
+
+ tmpfiles_process apache.conf #662544
+
+ # warnings that default config might not work out of the box
+ local mod cmod
+ for mod in ${MODULE_CRITICAL} ; do
+ if ! use "apache2_modules_${mod}"; then
+ echo
+ ewarn "Warning: Critical module not installed!"
+ ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
+ ewarn "are highly recomended but might not be in the base profile yet."
+ ewarn "Default config for ssl needs module 'socache_shmcb'."
+ ewarn "Enabling the following flags is highly recommended:"
+ for cmod in ${MODULE_CRITICAL} ; do
+ use "apache2_modules_${cmod}" || \
+ ewarn "+ apache2_modules_${cmod}"
+ done
+ echo
+ break
+ fi
+ done
+ # warning for proxy_balancer and missing load balancing scheduler
+ if use apache2_modules_proxy_balancer; then
+ local lbset=
+ for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
+ if use "apache2_modules_${mod}"; then
+ lbset=1 && break
+ fi
+ done
+ if [[ ! ${lbset} ]] ; then
+ echo
+ ewarn "Info: Missing load balancing scheduler algorithm module"
+ ewarn "(They were split off from proxy_balancer in 2.3)"
+ ewarn "In order to get the ability of load balancing, at least"
+ ewarn "one of these modules has to be present:"
+ ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
+ echo
+ fi
+ fi
+}
diff --git a/www-servers/apache/files/apache-2.4.54-libtool.patch b/www-servers/apache/files/apache-2.4.54-libtool.patch
new file mode 100644
index 000000000000..a0d55d885fd8
--- /dev/null
+++ b/www-servers/apache/files/apache-2.4.54-libtool.patch
@@ -0,0 +1,21 @@
+Bug: https://bugs.gentoo.org/858836
+
+From: orbea <orbea@riseup.net>
+Date: Tue, 19 Jul 2022 07:46:36 -0700
+Subject: [PATCH] build: Fix the build with slibtool
+
+Adding LT_INIT to configure.in generates the libtool script in the build
+directory which is required by rlibtool to determine if the build is
+shared or static.
+
+--- a/configure.in
++++ b/configure.in
+@@ -398,7 +398,7 @@ AC_PATH_PROG(RSYNC, rsync)
+ AC_PATH_PROG(SVN, svn)
+ AC_PROG_AWK
+ AC_PROG_LN_S
+-AC_CHECK_TOOL(RANLIB, ranlib, true)
++LT_INIT
+ dnl AC_PATH_PROG(PERL_PATH, perl)
+ AC_CHECK_PROGS(LYNX_PATH,[lynx links elinks], [lynx])
+
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/apache/files/, www-servers/apache/
@ 2023-05-26 9:35 Sam James
0 siblings, 0 replies; 8+ messages in thread
From: Sam James @ 2023-05-26 9:35 UTC (permalink / raw
To: gentoo-commits
commit: 3fba530b2684f515d1da5f8e0baa1116a3e29f5a
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri May 26 09:06:58 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri May 26 09:35:16 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3fba530b
www-servers/apache: fix build w/ rustls-ffi-0.10.0
Closes: https://bugs.gentoo.org/906523
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/apache/apache-2.4.57.ebuild | 3 +-
.../files/apache-2.4.57-rustls-ffi-0.10.0.patch | 51 ++++++++++++++++++++++
2 files changed, 53 insertions(+), 1 deletion(-)
diff --git a/www-servers/apache/apache-2.4.57.ebuild b/www-servers/apache/apache-2.4.57.ebuild
index be1f9d9f9ca6..6b8092bd3916 100644
--- a/www-servers/apache/apache-2.4.57.ebuild
+++ b/www-servers/apache/apache-2.4.57.ebuild
@@ -149,10 +149,11 @@ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv
PATCHES=(
"${FILESDIR}"/${PN}-2.4.54-no-which.patch # bug #844868
"${FILESDIR}"/${PN}-2.4.54-libtool.patch # bug #858836
+ "${FILESDIR}"/${P}-rustls-ffi-0.10.0.patch # bug #906523
)
pkg_setup() {
- # dependend critical modules which are not allowed in global scope due
+ # dependent critical modules which are not allowed in global scope due
# to USE flag conditionals (bug #499260)
use ssl && MODULE_CRITICAL+=" socache_shmcb"
use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
diff --git a/www-servers/apache/files/apache-2.4.57-rustls-ffi-0.10.0.patch b/www-servers/apache/files/apache-2.4.57-rustls-ffi-0.10.0.patch
new file mode 100644
index 000000000000..81869f7bbf00
--- /dev/null
+++ b/www-servers/apache/files/apache-2.4.57-rustls-ffi-0.10.0.patch
@@ -0,0 +1,51 @@
+https://github.com/apache/httpd/commit/0495a95f511c0bc7f34dc1b706d6d8276865743b
+https://bugs.gentoo.org/906523
+
+From 0495a95f511c0bc7f34dc1b706d6d8276865743b Mon Sep 17 00:00:00 2001
+From: Stefan Eissing <icing@apache.org>
+Date: Tue, 2 May 2023 09:21:07 +0000
+Subject: [PATCH] Backport of r1909558 from trunk:
+
+ *) mod_tls: updating to rustls-ffi version 0.9.2 or higher.
+ Checking in configure for proper version installed. Code
+ fixes for changed clienthello member name.
+
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1909561 13f79535-47bb-0310-9956-ffa450edef68
+--- /dev/null
++++ b/changes-entries/tls-rustls-update.txt
+@@ -0,0 +1,4 @@
++ *) mod_tls: updating to rustls-ffi version 0.9.2 or higher.
++ Checking in configure for proper version installed. Code
++ fixes for changed clienthello member name.
++ [Stefan Eissing]
+\ No newline at end of file
+--- a/modules/tls/config2.m4
++++ b/modules/tls/config2.m4
+@@ -109,9 +109,10 @@ AC_DEFUN([APACHE_CHECK_RUSTLS],[
+ fi
+ fi
+
+- AC_MSG_CHECKING([for rustls version >= 0.8.2])
++ AC_MSG_CHECKING([for rustls version >= 0.9.2])
+ AC_TRY_COMPILE([#include <rustls.h>],[
+ rustls_version();
++rustls_acceptor_new();
+ ],
+ [AC_MSG_RESULT(OK)
+ ac_cv_rustls=yes],
+--- a/modules/tls/tls_core.c
++++ b/modules/tls/tls_core.c
+@@ -507,8 +507,8 @@ static const rustls_certified_key *extract_client_hello_values(
+ ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, "extract client hello values");
+ if (!cc) goto cleanup;
+ cc->client_hello_seen = 1;
+- if (hello->sni_name.len > 0) {
+- cc->sni_hostname = apr_pstrndup(c->pool, hello->sni_name.data, hello->sni_name.len);
++ if (hello->server_name.len > 0) {
++ cc->sni_hostname = apr_pstrndup(c->pool, hello->server_name.data, hello->server_name.len);
+ ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, "sni detected: %s", cc->sni_hostname);
+ }
+ else {
+
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/apache/files/, www-servers/apache/
@ 2024-02-06 3:26 Sam James
0 siblings, 0 replies; 8+ messages in thread
From: Sam James @ 2024-02-06 3:26 UTC (permalink / raw
To: gentoo-commits
commit: 3cdcb3fd70a84534e73a4d943b16b7dfaa2b9f67
Author: Francisco Javier Félix <web <AT> inode64 <DOT> com>
AuthorDate: Wed Jan 31 18:05:09 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Feb 6 03:24:55 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3cdcb3fd
www-servers/apache: Fix build with >=dev-libs/libxml2-2.12.0
See the pull https://github.com/apache/httpd/pull/393.
Signed-off-by: INODE64 <web <AT> inode64.com>
Closes: https://github.com/gentoo/gentoo/pull/35118
Signed-off-by: Sam James <sam <AT> gentoo.org>
www-servers/apache/apache-2.4.57-r6.ebuild | 6 +++++-
www-servers/apache/apache-2.4.57.ebuild | 3 ++-
www-servers/apache/apache-2.4.58-r2.ebuild | 6 +++++-
www-servers/apache/apache-2.4.58.ebuild | 4 ++++
www-servers/apache/files/libxmlv212.patch | 22 ++++++++++++++++++++++
5 files changed, 38 insertions(+), 3 deletions(-)
diff --git a/www-servers/apache/apache-2.4.57-r6.ebuild b/www-servers/apache/apache-2.4.57-r6.ebuild
index bf8fd0ba00f5..dc912ab557f7 100644
--- a/www-servers/apache/apache-2.4.57-r6.ebuild
+++ b/www-servers/apache/apache-2.4.57-r6.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -148,6 +148,10 @@ LICENSE="Apache-2.0 Apache-1.1"
SLOT="2"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x64-macos ~x64-solaris"
+PATCHES=(
+ "${FILESDIR}"/libxmlv212.patch
+)
+
pkg_setup() {
# dependent critical modules which are not allowed in global scope due
# to USE flag conditionals (bug #499260)
diff --git a/www-servers/apache/apache-2.4.57.ebuild b/www-servers/apache/apache-2.4.57.ebuild
index cf939d694848..3d01a3dbe425 100644
--- a/www-servers/apache/apache-2.4.57.ebuild
+++ b/www-servers/apache/apache-2.4.57.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -153,6 +153,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.4.54-no-which.patch # bug #844868
"${FILESDIR}"/${PN}-2.4.54-libtool.patch # bug #858836
"${FILESDIR}"/${P}-rustls-ffi-0.10.0.patch # bug #906523
+ "${FILESDIR}"/libxmlv212.patch
)
pkg_setup() {
diff --git a/www-servers/apache/apache-2.4.58-r2.ebuild b/www-servers/apache/apache-2.4.58-r2.ebuild
index 5b5e4fb1a034..44dfbad8d9c8 100644
--- a/www-servers/apache/apache-2.4.58-r2.ebuild
+++ b/www-servers/apache/apache-2.4.58-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -148,6 +148,10 @@ LICENSE="Apache-2.0 Apache-1.1"
SLOT="2"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x64-macos ~x64-solaris"
+PATCHES=(
+ "${FILESDIR}"/libxmlv212.patch
+)
+
pkg_setup() {
# dependent critical modules which are not allowed in global scope due
# to USE flag conditionals (bug #499260)
diff --git a/www-servers/apache/apache-2.4.58.ebuild b/www-servers/apache/apache-2.4.58.ebuild
index 9c2078b6af2f..4924d8ce9518 100644
--- a/www-servers/apache/apache-2.4.58.ebuild
+++ b/www-servers/apache/apache-2.4.58.ebuild
@@ -151,6 +151,10 @@ LICENSE="Apache-2.0 Apache-1.1"
SLOT="2"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x64-macos ~x64-solaris"
+PATCHES=(
+ "${FILESDIR}"/libxmlv212.patch
+)
+
pkg_setup() {
# dependent critical modules which are not allowed in global scope due
# to USE flag conditionals (bug #499260)
diff --git a/www-servers/apache/files/libxmlv212.patch b/www-servers/apache/files/libxmlv212.patch
new file mode 100644
index 000000000000..0ec544d04c13
--- /dev/null
+++ b/www-servers/apache/files/libxmlv212.patch
@@ -0,0 +1,22 @@
+From bd2c4e466e0949f6f770bbb2569ce5ae9b3965c0 Mon Sep 17 00:00:00 2001
+From: ttachi <tachihara@hotmail.com>
+Date: Fri, 17 Nov 2023 22:24:45 +0900
+Subject: [PATCH] mod_xml2enc: remove dependency on xmlstring header
+
+---
+ modules/filters/mod_xml2enc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/filters/mod_xml2enc.c b/modules/filters/mod_xml2enc.c
+index 34f8e8ee090..0d3d13c1239 100644
+--- a/modules/filters/mod_xml2enc.c
++++ b/modules/filters/mod_xml2enc.c
+@@ -209,7 +209,7 @@ static void sniff_encoding(request_rec* r, xml2ctx* ctx)
+
+ /* to sniff, first we look for BOM */
+ if (ctx->xml2enc == XML_CHAR_ENCODING_NONE) {
+- ctx->xml2enc = xmlDetectCharEncoding((const xmlChar*)ctx->buf,
++ ctx->xml2enc = xmlDetectCharEncoding((const unsigned char*)ctx->buf,
+ ctx->bytes);
+ if (HAVE_ENCODING(ctx->xml2enc)) {
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01432)
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/apache/files/, www-servers/apache/
@ 2024-05-11 7:13 Hans de Graaff
0 siblings, 0 replies; 8+ messages in thread
From: Hans de Graaff @ 2024-05-11 7:13 UTC (permalink / raw
To: gentoo-commits
commit: 7cd11ed4304bde562f3323e1c8771e92995cfb3c
Author: Hans de Graaff <graaff <AT> gentoo <DOT> org>
AuthorDate: Sat May 11 07:12:55 2024 +0000
Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org>
CommitDate: Sat May 11 07:13:21 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7cd11ed4
www-servers/apache: drop 2.4.59-r2
Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org>
www-servers/apache/apache-2.4.59-r2.ebuild | 259 ----------
.../apache/files/apache-2.4.59-rustls-0.13.0.patch | 544 ---------------------
2 files changed, 803 deletions(-)
diff --git a/www-servers/apache/apache-2.4.59-r2.ebuild b/www-servers/apache/apache-2.4.59-r2.ebuild
deleted file mode 100644
index 9da48f31fb38..000000000000
--- a/www-servers/apache/apache-2.4.59-r2.ebuild
+++ /dev/null
@@ -1,259 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# latest gentoo apache files
-GENTOO_PATCHSTAMP="20240405"
-GENTOO_DEVELOPER="graaff"
-GENTOO_PATCHNAME="gentoo-apache-2.4.59"
-
-# IUSE/USE_EXPAND magic
-IUSE_MPMS_FORK="prefork"
-IUSE_MPMS_THREAD="event worker"
-
-# << obsolete modules:
-# authn_default authz_default mem_cache
-# mem_cache is replaced by cache_disk
-# ?? buggy modules
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
-# >> added modules for reason:
-# compat: compatibility with 2.2 access control
-# authz_host: new module for access control
-# authn_core: functionality provided by authn_alias in previous versions
-# authz_core: new module, provides core authorization capabilities
-# cache_disk: replacement for mem_cache
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
-# socache_shmcb: shared object cache provider. Default config with ssl needs it
-# unixd: fixes startup error: Invalid command 'User'
-IUSE_MODULES="access_compat actions alias allowmethods asis auth_basic auth_digest auth_form
-authn_anon authn_core authn_dbd authn_dbm authn_file authn_socache authz_core
-authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex
-brotli cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock
-dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2
-ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness
-lbmethod_heartbeat log_config log_forensic logio lua macro md mime mime_magic negotiation
-proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_hcheck proxy_html proxy_http proxy_scgi
-proxy_http2 proxy_fcgi proxy_uwsgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout
-session session_cookie session_crypto session_dbd setenvif slotmem_shm socache_memcache
-socache_shmcb speling status substitute systemd tls unique_id userdir usertrack
-unixd version vhost_alias watchdog xml2enc"
-# The following are also in the source as of this version, but are not available
-# for user selection:
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
-# optional_fn_import optional_hook_export optional_hook_import
-
-# inter-module dependencies
-# TODO: this may still be incomplete
-MODULE_DEPENDS="
- auth_form:session
- brotli:filter
- dav_fs:dav
- dav_lock:dav
- deflate:filter
- cache_disk:cache
- ext_filter:filter
- file_cache:cache
- lbmethod_byrequests:proxy_balancer
- lbmethod_byrequests:slotmem_shm
- lbmethod_bytraffic:proxy_balancer
- lbmethod_bybusyness:proxy_balancer
- lbmethod_heartbeat:proxy_balancer
- log_forensic:log_config
- logio:log_config
- cache_disk:cache
- cache_socache:cache
- md:watchdog
- mime_magic:mime
- proxy_ajp:proxy
- proxy_balancer:proxy
- proxy_balancer:slotmem_shm
- proxy_connect:proxy
- proxy_ftp:proxy
- proxy_hcheck:proxy
- proxy_hcheck:watchdog
- proxy_html:proxy
- proxy_html:xml2enc
- proxy_http:proxy
- proxy_http2:proxy
- proxy_scgi:proxy
- proxy_uwsgi:proxy
- proxy_fcgi:proxy
- proxy_wstunnel:proxy
- session_cookie:session
- session_dbd:dbd
- session_dbd:session
- socache_memcache:cache
- substitute:filter
-"
-
-# module<->define mappings
-MODULE_DEFINES="
- auth_digest:AUTH_DIGEST
- authnz_ldap:AUTHNZ_LDAP
- cache:CACHE
- cache_disk:CACHE
- cache_socache:CACHE
- dav:DAV
- dav_fs:DAV
- dav_lock:DAV
- file_cache:CACHE
- http2:HTTP2
- info:INFO
- ldap:LDAP
- lua:LUA
- md:SSL
- proxy:PROXY
- proxy_ajp:PROXY
- proxy_balancer:PROXY
- proxy_connect:PROXY
- proxy_fcgi:PROXY
- proxy_ftp:PROXY
- proxy_hcheck:PROXY
- proxy_html:PROXY
- proxy_http:PROXY
- proxy_http2:PROXY
- proxy_scgi:PROXY
- proxy_uwsgi:PROXY
- proxy_wstunnel:PROXY
- socache_shmcb:SSL
- socache_memcache:CACHE
- ssl:SSL
- status:STATUS
- suexec:SUEXEC
- systemd:SYSTEMD
- userdir:USERDIR
-"
-
-# critical modules for the default config
-MODULE_CRITICAL="
- authn_core
- authz_core
- authz_host
- dir
- mime
- unixd
-"
-inherit apache-2 systemd tmpfiles toolchain-funcs
-
-DESCRIPTION="The Apache Web Server"
-HOMEPAGE="https://httpd.apache.org/"
-
-# some helper scripts are Apache-1.1, thus both are here
-LICENSE="Apache-2.0 Apache-1.1"
-SLOT="2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x64-macos ~x64-solaris"
-
-RDEPEND="
- apache2_modules_tls? ( >=net-libs/rustls-ffi-0.13.0:= )
-"
-DEPEND="${RDEPEND}"
-
-PATCHES=( "${FILESDIR}/${P}-dh-regression.patch" "${FILESDIR}/${P}-rustls-0.13.0.patch" )
-
-pkg_setup() {
- # dependent critical modules which are not allowed in global scope due
- # to USE flag conditionals (bug #499260)
- use ssl && MODULE_CRITICAL+=" socache_shmcb"
- use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
- apache-2_pkg_setup
-}
-
-src_configure() {
- # Brain dead check.
- tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no"
-
- apache-2_src_configure
-}
-
-src_compile() {
- if tc-is-cross-compiler ; then
- # This header is the same across targets, so use the build compiler.
- pushd server >/dev/null
- emake gen_test_char
- tc-export_build_env BUILD_CC
- ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \
- gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die
- popd >/dev/null
- fi
-
- default
-}
-
-src_install() {
- apache-2_src_install
- local i
- local apache_tools_prune_list=(
- /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}
- /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}
- /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}
- /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}
- )
- for i in ${apache_tools_prune_list[@]} ; do
- rm "${ED}"/${i} || die "Failed to prune apache-tools bits"
- done
-
- dobin support/apxs
-
- # Note: wait for mod_systemd to be included in some forthcoming release,
- # Then apache2.4.service can be used and systemd support controlled
- # through --enable-systemd
- systemd_newunit "${FILESDIR}/apache2.4-hardened.service" "apache2.service"
- dotmpfiles "${FILESDIR}/apache.conf"
- #insinto /etc/apache2/modules.d
- #doins "${FILESDIR}/00_systemd.conf"
-
- # Install http2 module config
- insinto /etc/apache2/modules.d
- doins "${FILESDIR}"/41_mod_http2.conf
-
- # Fix path to apache libdir
- sed "s|@LIBDIR@|$(get_libdir)|" -i "${ED}"/usr/sbin/apache2ctl || die
-}
-
-pkg_postinst() {
- apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
-
- tmpfiles_process apache.conf #662544
-
- # warnings that default config might not work out of the box
- local mod cmod
- for mod in ${MODULE_CRITICAL} ; do
- if ! use "apache2_modules_${mod}"; then
- echo
- ewarn "Warning: Critical module not installed!"
- ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
- ewarn "are highly recomended but might not be in the base profile yet."
- ewarn "Default config for ssl needs module 'socache_shmcb'."
- ewarn "Enabling the following flags is highly recommended:"
- for cmod in ${MODULE_CRITICAL} ; do
- use "apache2_modules_${cmod}" || \
- ewarn "+ apache2_modules_${cmod}"
- done
- echo
- break
- fi
- done
- # warning for proxy_balancer and missing load balancing scheduler
- if use apache2_modules_proxy_balancer; then
- local lbset=
- for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
- if use "apache2_modules_${mod}"; then
- lbset=1 && break
- fi
- done
- if [[ ! ${lbset} ]] ; then
- echo
- ewarn "Info: Missing load balancing scheduler algorithm module"
- ewarn "(They were split off from proxy_balancer in 2.3)"
- ewarn "In order to get the ability of load balancing, at least"
- ewarn "one of these modules has to be present:"
- ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
- echo
- fi
- fi
-}
diff --git a/www-servers/apache/files/apache-2.4.59-rustls-0.13.0.patch b/www-servers/apache/files/apache-2.4.59-rustls-0.13.0.patch
deleted file mode 100644
index f8cfc6b73c31..000000000000
--- a/www-servers/apache/files/apache-2.4.59-rustls-0.13.0.patch
+++ /dev/null
@@ -1,544 +0,0 @@
-From 68a5a569f630b116f30c49384e4f737a5e669bb2 Mon Sep 17 00:00:00 2001
-From: Daniel McCarney <daniel@binaryparadox.net>
-Date: Sun, 21 Apr 2024 15:05:19 -0400
-Subject: [PATCH] test: relax rustls-ffi SSL_VERSION_LIBRARY
-
-The rustls version included in the rustls-ffi version output does not
-always contain three components. E.g. rustls-ffi 0.12.2 uses the version
-string:
-
- rustls-ffi/0.12.2/rustls/0.22
-
-Notably there is no `.0` after the `0.22` for the Rustls version, and
-this requires the `SSL_VERSION_LIBRARY` regexp be relaxed to allow this.
----
- test/modules/tls/test_08_vars.py | 2 +-
- test/modules/tls/test_14_proxy_ssl.py | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/test/modules/tls/test_08_vars.py b/test/modules/tls/test_08_vars.py
-index ad764a7985a..0e3ee74d2df 100644
---- a/test/modules/tls/test_08_vars.py
-+++ b/test/modules/tls/test_08_vars.py
-@@ -59,7 +59,7 @@ def test_tls_08_vars_const(self, env, name: str, value: str):
-
- @pytest.mark.parametrize("name, pattern", [
- ("SSL_VERSION_INTERFACE", r'mod_tls/\d+\.\d+\.\d+'),
-- ("SSL_VERSION_LIBRARY", r'rustls-ffi/\d+\.\d+\.\d+/rustls/\d+\.\d+\.\d+'),
-+ ("SSL_VERSION_LIBRARY", r'rustls-ffi/\d+\.\d+\.\d+/rustls/\d+\.\d+(\.\d+)?'),
- ])
- def test_tls_08_vars_match(self, env, name: str, pattern: str):
- r = env.tls_get(env.domain_b, f"/vars.py?name={name}")
-diff --git a/test/modules/tls/test_14_proxy_ssl.py b/test/modules/tls/test_14_proxy_ssl.py
-index 2f46c64f710..87e04c28afa 100644
---- a/test/modules/tls/test_14_proxy_ssl.py
-+++ b/test/modules/tls/test_14_proxy_ssl.py
-@@ -100,7 +100,7 @@ def test_tls_14_proxy_ssl_vars_const(self, env, name: str, value: str):
-
- @pytest.mark.parametrize("name, pattern", [
- ("SSL_VERSION_INTERFACE", r'mod_tls/\d+\.\d+\.\d+'),
-- ("SSL_VERSION_LIBRARY", r'rustls-ffi/\d+\.\d+\.\d+/rustls/\d+\.\d+\.\d+'),
-+ ("SSL_VERSION_LIBRARY", r'rustls-ffi/\d+\.\d+\.\d+/rustls/\d+\.\d+(\.\d+)?'),
- ])
- def test_tls_14_proxy_tsl_vars_match(self, env, name: str, pattern: str):
- if not HttpdTestEnv.has_shared_module("tls"):
-From fd64ac68206232641406c1512e0916d837821db5 Mon Sep 17 00:00:00 2001
-From: Daniel McCarney <daniel@binaryparadox.net>
-Date: Sun, 21 Apr 2024 15:19:50 -0400
-Subject: [PATCH] mod_tls: rustls-ffi 0.10 -> 0.11
-
-See upstream release notes[0] for more information.
-
-Also note that the, ahem, clunkyness of the verifier API is reduced in
-the 0.12 release and this is a transition state.
-
-[0]: https://github.com/rustls/rustls-ffi/releases/tag/v0.11.0
----
- .github/workflows/linux.yml | 2 +-
- modules/tls/tls_cert.c | 26 ++++++++++++++++++--------
- modules/tls/tls_cert.h | 6 +++---
- modules/tls/tls_core.c | 4 ++--
- 4 files changed, 24 insertions(+), 14 deletions(-)
-
-diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
-index 8c45faf5651..1ac41c6b2d6 100644
---- a/.github/workflows/linux.yml
-+++ b/.github/workflows/linux.yml
-@@ -241,7 +241,7 @@ jobs:
- APR_VERSION=1.7.4
- APU_VERSION=1.6.3
- APU_CONFIG="--with-crypto"
-- RUSTLS_VERSION="v0.10.0"
-+ RUSTLS_VERSION="v0.11.0"
- NO_TEST_FRAMEWORK=1
- TEST_INSTALL=1
- TEST_MOD_TLS=1
-diff --git a/modules/tls/tls_cert.c b/modules/tls/tls_cert.c
-index 624535aa444..17a35fc498d 100644
---- a/modules/tls/tls_cert.c
-+++ b/modules/tls/tls_cert.c
-@@ -449,8 +449,8 @@ apr_status_t tls_cert_root_stores_get(
-
- typedef struct {
- const char *id;
-- const rustls_client_cert_verifier *client_verifier;
-- const rustls_client_cert_verifier_optional *client_verifier_opt;
-+ const rustls_allow_any_authenticated_client_verifier *client_verifier;
-+ const rustls_allow_any_anonymous_or_authenticated_client_verifier *client_verifier_opt;
- } tls_cert_verifiers_entry_t;
-
- static int verifiers_entry_cleanup(void *ctx, const void *key, apr_ssize_t klen, const void *val)
-@@ -458,11 +458,11 @@ static int verifiers_entry_cleanup(void *ctx, const void *key, apr_ssize_t klen,
- tls_cert_verifiers_entry_t *entry = (tls_cert_verifiers_entry_t*)val;
- (void)ctx; (void)key; (void)klen;
- if (entry->client_verifier) {
-- rustls_client_cert_verifier_free(entry->client_verifier);
-+ rustls_allow_any_authenticated_client_verifier_free(entry->client_verifier);
- entry->client_verifier = NULL;
- }
- if (entry->client_verifier_opt) {
-- rustls_client_cert_verifier_optional_free(entry->client_verifier_opt);
-+ rustls_allow_any_anonymous_or_authenticated_client_verifier_free(entry->client_verifier_opt);
- entry->client_verifier_opt = NULL;
- }
- return 1;
-@@ -514,20 +514,25 @@ static tls_cert_verifiers_entry_t * verifiers_get_or_make_entry(
- apr_status_t tls_cert_client_verifiers_get(
- tls_cert_verifiers_t *verifiers,
- const char *store_file,
-- const rustls_client_cert_verifier **pverifier)
-+ const rustls_allow_any_authenticated_client_verifier **pverifier)
- {
- apr_status_t rv = APR_SUCCESS;
- tls_cert_verifiers_entry_t *entry;
-+ struct rustls_allow_any_authenticated_client_builder *verifier_builder = NULL;
-
- entry = verifiers_get_or_make_entry(verifiers, store_file);
- if (!entry->client_verifier) {
- rustls_root_cert_store *store;
- rv = tls_cert_root_stores_get(verifiers->stores, store_file, &store);
- if (APR_SUCCESS != rv) goto cleanup;
-- entry->client_verifier = rustls_client_cert_verifier_new(store);
-+ verifier_builder = rustls_allow_any_authenticated_client_builder_new(store);
-+ entry->client_verifier = rustls_allow_any_authenticated_client_verifier_new(verifier_builder);
- }
-
- cleanup:
-+ if (verifier_builder != NULL) {
-+ rustls_allow_any_authenticated_client_builder_free(verifier_builder);
-+ }
- if (APR_SUCCESS == rv) {
- *pverifier = entry->client_verifier;
- }
-@@ -540,20 +545,25 @@ apr_status_t tls_cert_client_verifiers_get(
- apr_status_t tls_cert_client_verifiers_get_optional(
- tls_cert_verifiers_t *verifiers,
- const char *store_file,
-- const rustls_client_cert_verifier_optional **pverifier)
-+ const rustls_allow_any_anonymous_or_authenticated_client_verifier **pverifier)
- {
- apr_status_t rv = APR_SUCCESS;
- tls_cert_verifiers_entry_t *entry;
-+ struct rustls_allow_any_anonymous_or_authenticated_client_builder *verifier_builder = NULL;
-
- entry = verifiers_get_or_make_entry(verifiers, store_file);
- if (!entry->client_verifier_opt) {
- rustls_root_cert_store *store;
- rv = tls_cert_root_stores_get(verifiers->stores, store_file, &store);
- if (APR_SUCCESS != rv) goto cleanup;
-- entry->client_verifier_opt = rustls_client_cert_verifier_optional_new(store);
-+ verifier_builder = rustls_client_cert_verifier_optional_builder_new(store);
-+ entry->client_verifier_opt = rustls_allow_any_anonymous_or_authenticated_client_verifier_new(verifier_builder);
- }
-
- cleanup:
-+ if (verifier_builder != NULL) {
-+ rustls_client_cert_verifier_optional_builder_free(verifier_builder);
-+ }
- if (APR_SUCCESS == rv) {
- *pverifier = entry->client_verifier_opt;
- }
-diff --git a/modules/tls/tls_cert.h b/modules/tls/tls_cert.h
-index 6ab3f48ae13..4ac3865dd86 100644
---- a/modules/tls/tls_cert.h
-+++ b/modules/tls/tls_cert.h
-@@ -193,7 +193,7 @@ void tls_cert_verifiers_clear(
- apr_status_t tls_cert_client_verifiers_get(
- tls_cert_verifiers_t *verifiers,
- const char *store_file,
-- const rustls_client_cert_verifier **pverifier);
-+ const rustls_allow_any_authenticated_client_verifier **pverifier);
-
- /**
- * Get the optional client certificate verifier for the
-@@ -206,6 +206,6 @@ apr_status_t tls_cert_client_verifiers_get(
- apr_status_t tls_cert_client_verifiers_get_optional(
- tls_cert_verifiers_t *verifiers,
- const char *store_file,
-- const rustls_client_cert_verifier_optional **pverifier);
-+ const rustls_allow_any_anonymous_or_authenticated_client_verifier **pverifier);
-
--#endif /* tls_cert_h */
-\ No newline at end of file
-+#endif /* tls_cert_h */
-diff --git a/modules/tls/tls_core.c b/modules/tls/tls_core.c
-index 25479392f1a..df29077826d 100644
---- a/modules/tls/tls_core.c
-+++ b/modules/tls/tls_core.c
-@@ -1119,13 +1119,13 @@ static apr_status_t build_server_connection(rustls_connection **pconnection,
- if (cc->client_auth != TLS_CLIENT_AUTH_NONE) {
- ap_assert(sc->client_ca); /* checked in server_setup */
- if (cc->client_auth == TLS_CLIENT_AUTH_REQUIRED) {
-- const rustls_client_cert_verifier *verifier;
-+ const rustls_allow_any_authenticated_client_verifier *verifier;
- rv = tls_cert_client_verifiers_get(sc->global->verifiers, sc->client_ca, &verifier);
- if (APR_SUCCESS != rv) goto cleanup;
- rustls_server_config_builder_set_client_verifier(builder, verifier);
- }
- else {
-- const rustls_client_cert_verifier_optional *verifier;
-+ const rustls_allow_any_anonymous_or_authenticated_client_verifier *verifier;
- rv = tls_cert_client_verifiers_get_optional(sc->global->verifiers, sc->client_ca, &verifier);
- if (APR_SUCCESS != rv) goto cleanup;
- rustls_server_config_builder_set_client_verifier_optional(builder, verifier);
-From 6d565575343ac5ddd674e53b7b9002396cc04375 Mon Sep 17 00:00:00 2001
-From: Daniel McCarney <daniel@binaryparadox.net>
-Date: Sun, 21 Apr 2024 15:37:25 -0400
-Subject: [PATCH] mod_tls: rustls-ffi 0.11 -> 0.12
-
-See upstream release notes for more information:
-
-https://github.com/rustls/rustls-ffi/releases/tag/v0.12.0
-https://github.com/rustls/rustls-ffi/releases/tag/v0.12.1
-https://github.com/rustls/rustls-ffi/releases/tag/v0.12.2
----
- .github/workflows/linux.yml | 2 +-
- modules/tls/tls_cert.c | 99 ++++++++++++++++++++-----------------
- modules/tls/tls_cert.h | 8 +--
- modules/tls/tls_core.c | 16 ++++--
- 4 files changed, 70 insertions(+), 55 deletions(-)
-
-diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
-index 1ac41c6b2d6..3700bc4546a 100644
---- a/.github/workflows/linux.yml
-+++ b/.github/workflows/linux.yml
-@@ -241,7 +241,7 @@ jobs:
- APR_VERSION=1.7.4
- APU_VERSION=1.6.3
- APU_CONFIG="--with-crypto"
-- RUSTLS_VERSION="v0.11.0"
-+ RUSTLS_VERSION="v0.12.2"
- NO_TEST_FRAMEWORK=1
- TEST_INSTALL=1
- TEST_MOD_TLS=1
-diff --git a/modules/tls/tls_cert.c b/modules/tls/tls_cert.c
-index 17a35fc498d..ffb941cae40 100644
---- a/modules/tls/tls_cert.c
-+++ b/modules/tls/tls_cert.c
-@@ -331,11 +331,12 @@ const char *tls_cert_reg_get_id(tls_cert_reg_t *reg, const rustls_certified_key
- }
-
- apr_status_t tls_cert_load_root_store(
-- apr_pool_t *p, const char *store_file, rustls_root_cert_store **pstore)
-+ apr_pool_t *p, const char *store_file, const rustls_root_cert_store **pstore)
- {
- const char *fpath;
- tls_data_t pem;
-- rustls_root_cert_store *store = NULL;
-+ rustls_root_cert_store_builder *store_builder = NULL;
-+ const rustls_root_cert_store *store = NULL;
- rustls_result rr = RUSTLS_RESULT_OK;
- apr_pool_t *ptemp = NULL;
- apr_status_t rv;
-@@ -353,11 +354,17 @@ apr_status_t tls_cert_load_root_store(
- rv = tls_util_file_load(ptemp, fpath, 0, 1024*1024, &pem);
- if (APR_SUCCESS != rv) goto cleanup;
-
-- store = rustls_root_cert_store_new();
-- rr = rustls_root_cert_store_add_pem(store, pem.data, pem.len, 1);
-+ store_builder = rustls_root_cert_store_builder_new();
-+ rr = rustls_root_cert_store_builder_add_pem(store_builder, pem.data, pem.len, 1);
-+ if (RUSTLS_RESULT_OK != rr) goto cleanup;
-+
-+ rr = rustls_root_cert_store_builder_build(store_builder, &store);
- if (RUSTLS_RESULT_OK != rr) goto cleanup;
-
- cleanup:
-+ if (store_builder != NULL) {
-+ rustls_root_cert_store_builder_free(store_builder);
-+ }
- if (RUSTLS_RESULT_OK != rr) {
- const char *err_descr;
- rv = tls_util_rustls_error(p, rr, &err_descr);
-@@ -378,7 +385,7 @@ apr_status_t tls_cert_load_root_store(
-
- typedef struct {
- const char *id;
-- rustls_root_cert_store *store;
-+ const rustls_root_cert_store *store;
- } tls_cert_root_stores_entry_t;
-
- static int stores_entry_cleanup(void *ctx, const void *key, apr_ssize_t klen, const void *val)
-@@ -421,14 +428,14 @@ void tls_cert_root_stores_clear(tls_cert_root_stores_t *stores)
- apr_status_t tls_cert_root_stores_get(
- tls_cert_root_stores_t *stores,
- const char *store_file,
-- rustls_root_cert_store **pstore)
-+ const rustls_root_cert_store **pstore)
- {
- apr_status_t rv = APR_SUCCESS;
- tls_cert_root_stores_entry_t *entry;
-
- entry = apr_hash_get(stores->file2store, store_file, APR_HASH_KEY_STRING);
- if (!entry) {
-- rustls_root_cert_store *store;
-+ const rustls_root_cert_store *store;
- rv = tls_cert_load_root_store(stores->pool, store_file, &store);
- if (APR_SUCCESS != rv) goto cleanup;
- entry = apr_pcalloc(stores->pool, sizeof(*entry));
-@@ -449,8 +456,8 @@ apr_status_t tls_cert_root_stores_get(
-
- typedef struct {
- const char *id;
-- const rustls_allow_any_authenticated_client_verifier *client_verifier;
-- const rustls_allow_any_anonymous_or_authenticated_client_verifier *client_verifier_opt;
-+ rustls_client_cert_verifier *client_verifier;
-+ rustls_client_cert_verifier *client_verifier_opt;
- } tls_cert_verifiers_entry_t;
-
- static int verifiers_entry_cleanup(void *ctx, const void *key, apr_ssize_t klen, const void *val)
-@@ -458,11 +465,11 @@ static int verifiers_entry_cleanup(void *ctx, const void *key, apr_ssize_t klen,
- tls_cert_verifiers_entry_t *entry = (tls_cert_verifiers_entry_t*)val;
- (void)ctx; (void)key; (void)klen;
- if (entry->client_verifier) {
-- rustls_allow_any_authenticated_client_verifier_free(entry->client_verifier);
-+ rustls_client_cert_verifier_free(entry->client_verifier);
- entry->client_verifier = NULL;
- }
- if (entry->client_verifier_opt) {
-- rustls_allow_any_anonymous_or_authenticated_client_verifier_free(entry->client_verifier_opt);
-+ rustls_client_cert_verifier_free(entry->client_verifier_opt);
- entry->client_verifier_opt = NULL;
- }
- return 1;
-@@ -511,27 +518,43 @@ static tls_cert_verifiers_entry_t * verifiers_get_or_make_entry(
- return entry;
- }
-
--apr_status_t tls_cert_client_verifiers_get(
-- tls_cert_verifiers_t *verifiers,
-- const char *store_file,
-- const rustls_allow_any_authenticated_client_verifier **pverifier)
-+static apr_status_t tls_cert_client_verifiers_get_internal(
-+ tls_cert_verifiers_t *verifiers,
-+ const char *store_file,
-+ const rustls_client_cert_verifier **pverifier,
-+ bool allow_unauthenticated)
- {
- apr_status_t rv = APR_SUCCESS;
- tls_cert_verifiers_entry_t *entry;
-- struct rustls_allow_any_authenticated_client_builder *verifier_builder = NULL;
-+ rustls_result rr = RUSTLS_RESULT_OK;
-+ struct rustls_web_pki_client_cert_verifier_builder *verifier_builder = NULL;
-
- entry = verifiers_get_or_make_entry(verifiers, store_file);
- if (!entry->client_verifier) {
-- rustls_root_cert_store *store;
-+ const rustls_root_cert_store *store;
- rv = tls_cert_root_stores_get(verifiers->stores, store_file, &store);
- if (APR_SUCCESS != rv) goto cleanup;
-- verifier_builder = rustls_allow_any_authenticated_client_builder_new(store);
-- entry->client_verifier = rustls_allow_any_authenticated_client_verifier_new(verifier_builder);
-+ verifier_builder = rustls_web_pki_client_cert_verifier_builder_new(store);
-+
-+ if (allow_unauthenticated) {
-+ rr = rustls_web_pki_client_cert_verifier_builder_allow_unauthenticated(verifier_builder);
-+ if (rr != RUSTLS_RESULT_OK) {
-+ goto cleanup;
-+ }
-+ }
-+
-+ rr = rustls_web_pki_client_cert_verifier_builder_build(verifier_builder, &entry->client_verifier);
-+ if (rr != RUSTLS_RESULT_OK) {
-+ goto cleanup;
-+ }
- }
-
- cleanup:
- if (verifier_builder != NULL) {
-- rustls_allow_any_authenticated_client_builder_free(verifier_builder);
-+ rustls_web_pki_client_cert_verifier_builder_free(verifier_builder);
-+ }
-+ if (rr != RUSTLS_RESULT_OK) {
-+ rv = tls_util_rustls_error(verifiers->pool, rr, NULL);
- }
- if (APR_SUCCESS == rv) {
- *pverifier = entry->client_verifier;
-@@ -542,33 +565,19 @@ apr_status_t tls_cert_client_verifiers_get(
- return rv;
- }
-
--apr_status_t tls_cert_client_verifiers_get_optional(
-+
-+apr_status_t tls_cert_client_verifiers_get(
- tls_cert_verifiers_t *verifiers,
- const char *store_file,
-- const rustls_allow_any_anonymous_or_authenticated_client_verifier **pverifier)
-+ const rustls_client_cert_verifier **pverifier)
- {
-- apr_status_t rv = APR_SUCCESS;
-- tls_cert_verifiers_entry_t *entry;
-- struct rustls_allow_any_anonymous_or_authenticated_client_builder *verifier_builder = NULL;
--
-- entry = verifiers_get_or_make_entry(verifiers, store_file);
-- if (!entry->client_verifier_opt) {
-- rustls_root_cert_store *store;
-- rv = tls_cert_root_stores_get(verifiers->stores, store_file, &store);
-- if (APR_SUCCESS != rv) goto cleanup;
-- verifier_builder = rustls_client_cert_verifier_optional_builder_new(store);
-- entry->client_verifier_opt = rustls_allow_any_anonymous_or_authenticated_client_verifier_new(verifier_builder);
-- }
-+ return tls_cert_client_verifiers_get_internal(verifiers, store_file, pverifier, false);
-+}
-
--cleanup:
-- if (verifier_builder != NULL) {
-- rustls_client_cert_verifier_optional_builder_free(verifier_builder);
-- }
-- if (APR_SUCCESS == rv) {
-- *pverifier = entry->client_verifier_opt;
-- }
-- else {
-- *pverifier = NULL;
-- }
-- return rv;
-+apr_status_t tls_cert_client_verifiers_get_optional(
-+ tls_cert_verifiers_t *verifiers,
-+ const char *store_file,
-+ const rustls_client_cert_verifier **pverifier)
-+{
-+ return tls_cert_client_verifiers_get_internal(verifiers, store_file, pverifier, true);
- }
-diff --git a/modules/tls/tls_cert.h b/modules/tls/tls_cert.h
-index 4ac3865dd86..3326f0eb3e7 100644
---- a/modules/tls/tls_cert.h
-+++ b/modules/tls/tls_cert.h
-@@ -128,7 +128,7 @@ const char *tls_cert_reg_get_id(tls_cert_reg_t *reg, const rustls_certified_key
- * @param pstore the loaded root store on success
- */
- apr_status_t tls_cert_load_root_store(
-- apr_pool_t *p, const char *store_file, rustls_root_cert_store **pstore);
-+ apr_pool_t *p, const char *store_file, const rustls_root_cert_store **pstore);
-
- typedef struct tls_cert_root_stores_t tls_cert_root_stores_t;
- struct tls_cert_root_stores_t {
-@@ -157,7 +157,7 @@ void tls_cert_root_stores_clear(tls_cert_root_stores_t *stores);
- apr_status_t tls_cert_root_stores_get(
- tls_cert_root_stores_t *stores,
- const char *store_file,
-- rustls_root_cert_store **pstore);
-+ const rustls_root_cert_store **pstore);
-
- typedef struct tls_cert_verifiers_t tls_cert_verifiers_t;
- struct tls_cert_verifiers_t {
-@@ -193,7 +193,7 @@ void tls_cert_verifiers_clear(
- apr_status_t tls_cert_client_verifiers_get(
- tls_cert_verifiers_t *verifiers,
- const char *store_file,
-- const rustls_allow_any_authenticated_client_verifier **pverifier);
-+ const rustls_client_cert_verifier **pverifier);
-
- /**
- * Get the optional client certificate verifier for the
-@@ -206,6 +206,6 @@ apr_status_t tls_cert_client_verifiers_get(
- apr_status_t tls_cert_client_verifiers_get_optional(
- tls_cert_verifiers_t *verifiers,
- const char *store_file,
-- const rustls_allow_any_anonymous_or_authenticated_client_verifier **pverifier);
-+ const rustls_client_cert_verifier **pverifier);
-
- #endif /* tls_cert_h */
-diff --git a/modules/tls/tls_core.c b/modules/tls/tls_core.c
-index df29077826d..1cef254f103 100644
---- a/modules/tls/tls_core.c
-+++ b/modules/tls/tls_core.c
-@@ -764,8 +764,10 @@ static apr_status_t init_outgoing_connection(conn_rec *c)
- tls_conf_proxy_t *pc;
- const apr_array_header_t *ciphersuites = NULL;
- apr_array_header_t *tls_versions = NULL;
-+ rustls_web_pki_server_cert_verifier_builder *verifier_builder = NULL;
-+ struct rustls_server_cert_verifier *verifier = NULL;
- rustls_client_config_builder *builder = NULL;
-- rustls_root_cert_store *ca_store = NULL;
-+ const rustls_root_cert_store *ca_store = NULL;
- const char *hostname = NULL, *alpn_note = NULL;
- rustls_result rr = RUSTLS_RESULT_OK;
- apr_status_t rv = APR_SUCCESS;
-@@ -809,7 +811,10 @@ static apr_status_t init_outgoing_connection(conn_rec *c)
- if (pc->proxy_ca && strcasecmp(pc->proxy_ca, "default")) {
- rv = tls_cert_root_stores_get(pc->global->stores, pc->proxy_ca, &ca_store);
- if (APR_SUCCESS != rv) goto cleanup;
-- rustls_client_config_builder_use_roots(builder, ca_store);
-+ verifier_builder = rustls_web_pki_server_cert_verifier_builder_new(ca_store);
-+ rr = rustls_web_pki_server_cert_verifier_builder_build(verifier_builder, &verifier);
-+ if (RUSTLS_RESULT_OK != rr) goto cleanup;
-+ rustls_client_config_builder_set_server_verifier(builder, verifier);
- }
-
- #if TLS_MACHINE_CERTS
-@@ -881,6 +886,7 @@ static apr_status_t init_outgoing_connection(conn_rec *c)
- rustls_connection_set_userdata(cc->rustls_connection, c);
-
- cleanup:
-+ if (verifier_builder != NULL) rustls_web_pki_server_cert_verifier_builder_free(verifier_builder);
- if (builder != NULL) rustls_client_config_builder_free(builder);
- if (RUSTLS_RESULT_OK != rr) {
- const char *err_descr = NULL;
-@@ -1119,16 +1125,16 @@ static apr_status_t build_server_connection(rustls_connection **pconnection,
- if (cc->client_auth != TLS_CLIENT_AUTH_NONE) {
- ap_assert(sc->client_ca); /* checked in server_setup */
- if (cc->client_auth == TLS_CLIENT_AUTH_REQUIRED) {
-- const rustls_allow_any_authenticated_client_verifier *verifier;
-+ const rustls_client_cert_verifier *verifier;
- rv = tls_cert_client_verifiers_get(sc->global->verifiers, sc->client_ca, &verifier);
- if (APR_SUCCESS != rv) goto cleanup;
- rustls_server_config_builder_set_client_verifier(builder, verifier);
- }
- else {
-- const rustls_allow_any_anonymous_or_authenticated_client_verifier *verifier;
-+ const rustls_client_cert_verifier *verifier;
- rv = tls_cert_client_verifiers_get_optional(sc->global->verifiers, sc->client_ca, &verifier);
- if (APR_SUCCESS != rv) goto cleanup;
-- rustls_server_config_builder_set_client_verifier_optional(builder, verifier);
-+ rustls_server_config_builder_set_client_verifier(builder, verifier);
- }
- }
-
-From ef690ed43eed53a7b6aaba6027842cdd76d3ccb4 Mon Sep 17 00:00:00 2001
-From: Daniel McCarney <daniel@binaryparadox.net>
-Date: Sun, 21 Apr 2024 13:49:49 -0400
-Subject: [PATCH] mod_tls: rustls-ffi 0.12 -> 0.13
-
-The breaking API changes in this release don't affect `mod_tls`, making
-this an in-place update.
-
-See the upstream release notes[0] for more information.
-
-[0]: https://github.com/rustls/rustls-ffi/releases/tag/v0.13.0
----
- .github/workflows/linux.yml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
-index 3700bc4546a..54dcd7b0b32 100644
---- a/.github/workflows/linux.yml
-+++ b/.github/workflows/linux.yml
-@@ -241,7 +241,7 @@ jobs:
- APR_VERSION=1.7.4
- APU_VERSION=1.6.3
- APU_CONFIG="--with-crypto"
-- RUSTLS_VERSION="v0.12.2"
-+ RUSTLS_VERSION="v0.13.0"
- NO_TEST_FRAMEWORK=1
- TEST_INSTALL=1
- TEST_MOD_TLS=1
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-05-11 7:13 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-06 3:26 [gentoo-commits] repo/gentoo:master commit in: www-servers/apache/files/, www-servers/apache/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2024-05-11 7:13 Hans de Graaff
2023-05-26 9:35 Sam James
2022-07-22 7:51 Hans de Graaff
2019-09-04 7:16 Lars Wendler
2018-07-17 7:10 Lars Wendler
2016-11-02 14:39 Lars Wendler
2016-03-03 16:16 Lars Wendler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox