apache: update to 2.4.29. (#8518)

This commit is contained in:
maxice8 2017-10-25 02:01:26 -02:00 committed by Juan RP
parent 7394b36f49
commit acd018ca03
3 changed files with 2 additions and 222 deletions

View File

@ -1,21 +0,0 @@
CVE-2017-9798
Backport from https://svn.apache.org/viewvc?view=revision&revision=1807655
diff --git a/server/core.c b/server/core.c
index f61699e..d24542e 100644
--- ./server/core.c
+++ ./server/core.c
@@ -1809,6 +1809,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd,
/* method has not been registered yet, but resorce restriction
* is always checked before method handling, so register it.
*/
+ if (cmd->pool == cmd->temp_pool) {
+ /* In .htaccess, we can't globally register new methods. */
+ return apr_psprintf(cmd->pool, "Could not register method '%s' "
+ "for %s from .htaccess configuration",
+ method, cmd->cmd->name);
+ }
methnum = ap_method_register(cmd->pool,
apr_pstrdup(cmd->pool, method));

View File

@ -1,144 +1,3 @@
--- ./modules/ssl/mod_ssl.c.orig
+++ ./modules/ssl/mod_ssl.c
@@ -337,12 +337,12 @@
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
ENGINE_cleanup();
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_COMP)
SSL_COMP_free_compression_methods();
#endif
/* Usually needed per thread, but this parent process is single-threaded */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
ERR_remove_thread_state(NULL);
#else
@@ -383,14 +383,14 @@
/* Some OpenSSL internals are allocated per-thread, make sure they
* are associated to the/our same thread-id until cleaned up.
*/
-#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
+#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ssl_util_thread_id_setup(pconf);
#endif
/* We must register the library in full, to ensure our configuration
* code can successfully test the SSL environment.
*/
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
CRYPTO_malloc_init();
#else
OPENSSL_malloc_init();
--- ./modules/ssl/ssl_engine_init.c.orig
+++ ./modules/ssl/ssl_engine_init.c
@@ -47,7 +47,7 @@
#define KEYTYPES "RSA or DSA"
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/* OpenSSL Pre-1.1.0 compatibility */
/* Taken from OpenSSL 1.1.0 snapshot 20160410 */
static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
@@ -257,7 +257,7 @@
#endif
}
-#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
+#if APR_HAS_THREADS && ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
ssl_util_thread_setup(p);
#endif
@@ -380,7 +380,7 @@
modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */
init_dh_params();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
init_bio_methods();
#endif
@@ -1301,7 +1301,7 @@
* or configure NIST P-256 (required to enable ECDHE for earlier versions)
* ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList
*/
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
else {
#if defined(SSL_CTX_set_ecdh_auto)
SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
@@ -2011,7 +2011,7 @@
}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
free_bio_methods();
#endif
free_dh_params();
--- ./modules/ssl/ssl_engine_io.c.orig
+++ ./modules/ssl/ssl_engine_io.c
@@ -164,7 +164,7 @@
{
BIO_set_shutdown(bio, 1);
BIO_set_init(bio, 1);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/* No setter method for OpenSSL 1.1.0 available,
* but I can't find any functional use of the
* "num" field there either.
@@ -549,7 +549,7 @@
return -1;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static BIO_METHOD bio_filter_out_method = {
BIO_TYPE_MEM,
@@ -2024,7 +2024,7 @@
filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, r, c);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
filter_ctx->pbioRead = BIO_new(&bio_filter_in_method);
#else
filter_ctx->pbioRead = BIO_new(bio_filter_in_method);
@@ -2059,7 +2059,7 @@
filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter,
filter_ctx, r, c);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method);
#else
filter_ctx->pbioWrite = BIO_new(bio_filter_out_method);
--- ./modules/ssl/ssl_engine_kernel.c.orig
+++ ./modules/ssl/ssl_engine_kernel.c
@@ -1733,7 +1733,7 @@
* so we need to increment here to prevent them from
* being freed.
*/
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define modssl_set_cert_info(info, cert, pkey) \
*cert = info->x509; \
CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \
--- ./modules/ssl/ssl_engine_vars.c.orig
+++ ./modules/ssl/ssl_engine_vars.c
@@ -529,7 +529,7 @@
resdup = FALSE;
}
else if (strcEQ(var, "A_SIG")) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->signature->algorithm));
#else
const ASN1_OBJECT *paobj;
--- ./modules/ssl/ssl_private.h.orig
+++ ./modules/ssl/ssl_private.h
@@ -123,6 +123,16 @@
@ -158,64 +17,6 @@
#if defined(OPENSSL_FIPS)
#define HAVE_FIPS
#endif
@@ -136,7 +146,7 @@
#endif
/* session id constness */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define IDCONST
#else
#define IDCONST const
@@ -199,7 +209,7 @@
#endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define BN_get_rfc2409_prime_768 get_rfc2409_prime_768
#define BN_get_rfc2409_prime_1024 get_rfc2409_prime_1024
#define BN_get_rfc3526_prime_1536 get_rfc3526_prime_1536
@@ -219,7 +229,7 @@
void free_bio_methods(void);
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10002000L
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
#define X509_STORE_CTX_get0_store(x) (x->ctx)
#endif
@@ -934,7 +944,7 @@
const char * const *);
BOOL ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
#if APR_HAS_THREADS
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
void ssl_util_thread_setup(apr_pool_t *);
#endif
void ssl_util_thread_id_setup(apr_pool_t *);
--- ./modules/ssl/ssl_util.c.orig
+++ ./modules/ssl/ssl_util.c
@@ -247,7 +247,7 @@
}
#if APR_HAS_THREADS
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/*
* To ensure thread-safetyness in OpenSSL - work in progress
*/
--- ./modules/ssl/ssl_util_ssl.h.orig
+++ ./modules/ssl/ssl_util_ssl.h
@@ -41,7 +41,7 @@
#define MODSSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER
#define MODSSL_LIBRARY_NAME "OpenSSL"
#define MODSSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define MODSSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION)
#else
#define MODSSL_LIBRARY_DYNTEXT OpenSSL_version(OPENSSL_VERSION)
--- ./support/ab.c.orig
+++ ./support/ab.c
@@ -197,6 +197,14 @@

View File

@ -1,6 +1,6 @@
# Template file for 'apache'
pkgname=apache
version=2.4.27
version=2.4.29
revision=1
wrksrc=httpd-${version}
build_style=gnu-configure
@ -36,7 +36,7 @@ maintainer="Juan RP <xtraeme@voidlinux.eu>"
homepage="http://httpd.apache.org/"
license="Apache-2.0"
distfiles="http://www.apache.org/dist/httpd/httpd-${version}.tar.bz2"
checksum=71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a
checksum=777753a5a25568a2a27428b2214980564bc1c38c1abf9ccc7630b639991f7f00
system_accounts="_$pkgname"
_apache_homedir="/srv/www/$pkgname"