apache: update to 2.4.29. (#8518)
This commit is contained in:
parent
7394b36f49
commit
acd018ca03
|
@ -1,21 +0,0 @@
|
|||
CVE-2017-9798
|
||||
|
||||
Backport from https://svn.apache.org/viewvc?view=revision&revision=1807655
|
||||
|
||||
diff --git a/server/core.c b/server/core.c
|
||||
index f61699e..d24542e 100644
|
||||
--- ./server/core.c
|
||||
+++ ./server/core.c
|
||||
@@ -1809,6 +1809,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd,
|
||||
/* method has not been registered yet, but resorce restriction
|
||||
* is always checked before method handling, so register it.
|
||||
*/
|
||||
+ if (cmd->pool == cmd->temp_pool) {
|
||||
+ /* In .htaccess, we can't globally register new methods. */
|
||||
+ return apr_psprintf(cmd->pool, "Could not register method '%s' "
|
||||
+ "for %s from .htaccess configuration",
|
||||
+ method, cmd->cmd->name);
|
||||
+ }
|
||||
methnum = ap_method_register(cmd->pool,
|
||||
apr_pstrdup(cmd->pool, method));
|
||||
|
|
@ -1,144 +1,3 @@
|
|||
--- ./modules/ssl/mod_ssl.c.orig
|
||||
+++ ./modules/ssl/mod_ssl.c
|
||||
@@ -337,12 +337,12 @@
|
||||
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
|
||||
ENGINE_cleanup();
|
||||
#endif
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_COMP)
|
||||
SSL_COMP_free_compression_methods();
|
||||
#endif
|
||||
|
||||
/* Usually needed per thread, but this parent process is single-threaded */
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
|
||||
ERR_remove_thread_state(NULL);
|
||||
#else
|
||||
@@ -383,14 +383,14 @@
|
||||
/* Some OpenSSL internals are allocated per-thread, make sure they
|
||||
* are associated to the/our same thread-id until cleaned up.
|
||||
*/
|
||||
-#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
ssl_util_thread_id_setup(pconf);
|
||||
#endif
|
||||
|
||||
/* We must register the library in full, to ensure our configuration
|
||||
* code can successfully test the SSL environment.
|
||||
*/
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
CRYPTO_malloc_init();
|
||||
#else
|
||||
OPENSSL_malloc_init();
|
||||
--- ./modules/ssl/ssl_engine_init.c.orig
|
||||
+++ ./modules/ssl/ssl_engine_init.c
|
||||
@@ -47,7 +47,7 @@
|
||||
#define KEYTYPES "RSA or DSA"
|
||||
#endif
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
/* OpenSSL Pre-1.1.0 compatibility */
|
||||
/* Taken from OpenSSL 1.1.0 snapshot 20160410 */
|
||||
static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
|
||||
@@ -257,7 +257,7 @@
|
||||
#endif
|
||||
}
|
||||
|
||||
-#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if APR_HAS_THREADS && ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
|
||||
ssl_util_thread_setup(p);
|
||||
#endif
|
||||
|
||||
@@ -380,7 +380,7 @@
|
||||
modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */
|
||||
|
||||
init_dh_params();
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
init_bio_methods();
|
||||
#endif
|
||||
|
||||
@@ -1301,7 +1301,7 @@
|
||||
* or configure NIST P-256 (required to enable ECDHE for earlier versions)
|
||||
* ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList
|
||||
*/
|
||||
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
|
||||
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
else {
|
||||
#if defined(SSL_CTX_set_ecdh_auto)
|
||||
SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
|
||||
@@ -2011,7 +2011,7 @@
|
||||
|
||||
}
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
free_bio_methods();
|
||||
#endif
|
||||
free_dh_params();
|
||||
--- ./modules/ssl/ssl_engine_io.c.orig
|
||||
+++ ./modules/ssl/ssl_engine_io.c
|
||||
@@ -164,7 +164,7 @@
|
||||
{
|
||||
BIO_set_shutdown(bio, 1);
|
||||
BIO_set_init(bio, 1);
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
/* No setter method for OpenSSL 1.1.0 available,
|
||||
* but I can't find any functional use of the
|
||||
* "num" field there either.
|
||||
@@ -549,7 +549,7 @@
|
||||
return -1;
|
||||
}
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
|
||||
static BIO_METHOD bio_filter_out_method = {
|
||||
BIO_TYPE_MEM,
|
||||
@@ -2024,7 +2024,7 @@
|
||||
|
||||
filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, r, c);
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
filter_ctx->pbioRead = BIO_new(&bio_filter_in_method);
|
||||
#else
|
||||
filter_ctx->pbioRead = BIO_new(bio_filter_in_method);
|
||||
@@ -2059,7 +2059,7 @@
|
||||
filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter,
|
||||
filter_ctx, r, c);
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method);
|
||||
#else
|
||||
filter_ctx->pbioWrite = BIO_new(bio_filter_out_method);
|
||||
--- ./modules/ssl/ssl_engine_kernel.c.orig
|
||||
+++ ./modules/ssl/ssl_engine_kernel.c
|
||||
@@ -1733,7 +1733,7 @@
|
||||
* so we need to increment here to prevent them from
|
||||
* being freed.
|
||||
*/
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#define modssl_set_cert_info(info, cert, pkey) \
|
||||
*cert = info->x509; \
|
||||
CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \
|
||||
--- ./modules/ssl/ssl_engine_vars.c.orig
|
||||
+++ ./modules/ssl/ssl_engine_vars.c
|
||||
@@ -529,7 +529,7 @@
|
||||
resdup = FALSE;
|
||||
}
|
||||
else if (strcEQ(var, "A_SIG")) {
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->signature->algorithm));
|
||||
#else
|
||||
const ASN1_OBJECT *paobj;
|
||||
--- ./modules/ssl/ssl_private.h.orig
|
||||
+++ ./modules/ssl/ssl_private.h
|
||||
@@ -123,6 +123,16 @@
|
||||
|
@ -158,64 +17,6 @@
|
|||
#if defined(OPENSSL_FIPS)
|
||||
#define HAVE_FIPS
|
||||
#endif
|
||||
@@ -136,7 +146,7 @@
|
||||
#endif
|
||||
|
||||
/* session id constness */
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#define IDCONST
|
||||
#else
|
||||
#define IDCONST const
|
||||
@@ -199,7 +209,7 @@
|
||||
|
||||
#endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#define BN_get_rfc2409_prime_768 get_rfc2409_prime_768
|
||||
#define BN_get_rfc2409_prime_1024 get_rfc2409_prime_1024
|
||||
#define BN_get_rfc3526_prime_1536 get_rfc3526_prime_1536
|
||||
@@ -219,7 +229,7 @@
|
||||
void free_bio_methods(void);
|
||||
#endif
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10002000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#define X509_STORE_CTX_get0_store(x) (x->ctx)
|
||||
#endif
|
||||
|
||||
@@ -934,7 +944,7 @@
|
||||
const char * const *);
|
||||
BOOL ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
|
||||
#if APR_HAS_THREADS
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
void ssl_util_thread_setup(apr_pool_t *);
|
||||
#endif
|
||||
void ssl_util_thread_id_setup(apr_pool_t *);
|
||||
--- ./modules/ssl/ssl_util.c.orig
|
||||
+++ ./modules/ssl/ssl_util.c
|
||||
@@ -247,7 +247,7 @@
|
||||
}
|
||||
|
||||
#if APR_HAS_THREADS
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
/*
|
||||
* To ensure thread-safetyness in OpenSSL - work in progress
|
||||
*/
|
||||
--- ./modules/ssl/ssl_util_ssl.h.orig
|
||||
+++ ./modules/ssl/ssl_util_ssl.h
|
||||
@@ -41,7 +41,7 @@
|
||||
#define MODSSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER
|
||||
#define MODSSL_LIBRARY_NAME "OpenSSL"
|
||||
#define MODSSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#define MODSSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION)
|
||||
#else
|
||||
#define MODSSL_LIBRARY_DYNTEXT OpenSSL_version(OPENSSL_VERSION)
|
||||
--- ./support/ab.c.orig
|
||||
+++ ./support/ab.c
|
||||
@@ -197,6 +197,14 @@
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Template file for 'apache'
|
||||
pkgname=apache
|
||||
version=2.4.27
|
||||
version=2.4.29
|
||||
revision=1
|
||||
wrksrc=httpd-${version}
|
||||
build_style=gnu-configure
|
||||
|
@ -36,7 +36,7 @@ maintainer="Juan RP <xtraeme@voidlinux.eu>"
|
|||
homepage="http://httpd.apache.org/"
|
||||
license="Apache-2.0"
|
||||
distfiles="http://www.apache.org/dist/httpd/httpd-${version}.tar.bz2"
|
||||
checksum=71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a
|
||||
checksum=777753a5a25568a2a27428b2214980564bc1c38c1abf9ccc7630b639991f7f00
|
||||
|
||||
system_accounts="_$pkgname"
|
||||
_apache_homedir="/srv/www/$pkgname"
|
||||
|
|
Loading…
Reference in New Issue