OpenWRT
/
packages
mirror of https://github.com/openwrt/packages.git
1
0
Fork 0
Code Issues Releases Wiki Activity

apache: update to 2.4.59 

- Remove obsolete OpenSSL patch - upstream handles it by itself now
- Refresh another patch
- Remaining patches are unaffected

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
pull/24307/head
krant 2024-06-02 11:00:02 +03:00 committed by Rosen Penev
parent 567a123f88
commit d1f58074b4
3 changed files with 3 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
net/apache/Makefile
View File

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=apache
PKG_VERSION:=2.4.58
PKG_VERSION:=2.4.59
PKG_RELEASE:=1
PKG_SOURCE_NAME:=httpd
PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@APACHE/httpd/
PKG_HASH:=fa16d72a078210a54c47dd5bef2f8b9b8a01d94909a51453956b3ec6442ea4c5
PKG_HASH:=ec51501ec480284ff52f637258135d333230a7d229c3afa6f6c2f9040e321323
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_NAME)-$(PKG_VERSION)

2
net/apache/patches/010-reproducible-builds.patch
View File

@ -18,7 +18,7 @@ Last-Update: 2015-08-11
-#endif
+static const char server_built[] = "";
AP_DECLARE(const char *) ap_get_server_built()
AP_DECLARE(const char *) ap_get_server_built(void)
{
--- a/server/Makefile.in
+++ b/server/Makefile.in

129
net/apache/patches/020-openssl-deprecated.patch
View File

@ -1,129 +0,0 @@
--- a/modules/md/md_crypt.c
+++ b/modules/md/md_crypt.c
@@ -1194,23 +1194,23 @@ int md_certs_are_equal(const md_cert_t *
int md_cert_is_valid_now(const md_cert_t *cert)
{
- return ((X509_cmp_current_time(X509_get_notBefore(cert->x509)) < 0)
- && (X509_cmp_current_time(X509_get_notAfter(cert->x509)) > 0));
+ return ((X509_cmp_current_time(X509_get0_notBefore(cert->x509)) < 0)
+ && (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) > 0));
}
int md_cert_has_expired(const md_cert_t *cert)
{
- return (X509_cmp_current_time(X509_get_notAfter(cert->x509)) <= 0);
+ return (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) <= 0);
}
apr_time_t md_cert_get_not_after(const md_cert_t *cert)
{
- return md_asn1_time_get(X509_get_notAfter(cert->x509));
+ return md_asn1_time_get(X509_get0_notAfter(cert->x509));
}
apr_time_t md_cert_get_not_before(const md_cert_t *cert)
{
- return md_asn1_time_get(X509_get_notBefore(cert->x509));
+ return md_asn1_time_get(X509_get0_notBefore(cert->x509));
}
md_timeperiod_t md_cert_get_valid(const md_cert_t *cert)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -231,7 +231,7 @@ apr_status_t ssl_init_Module(apr_pool_t
apr_status_t rv;
apr_array_header_t *pphrases;
- if (SSLeay() < MODSSL_LIBRARY_VERSION) {
+ if (OpenSSL_version_num() < MODSSL_LIBRARY_VERSION) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01882)
"Init: this version of mod_ssl was compiled against "
"a newer library (%s, version currently loaded is %s)"
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -1316,9 +1316,9 @@ static apr_status_t ssl_io_filter_handsh
if (dc->proxy->ssl_check_peer_expire != FALSE) {
if (!cert
|| (X509_cmp_current_time(
- X509_get_notBefore(cert)) >= 0)
+ X509_get0_notBefore(cert)) >= 0)
|| (X509_cmp_current_time(
- X509_get_notAfter(cert)) <= 0)) {
+ X509_get0_notAfter(cert)) <= 0)) {
proxy_ssl_check_peer_ok = FALSE;
ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c, APLOGNO(02004)
"SSL Proxy: Peer certificate is expired");
--- a/modules/ssl/ssl_engine_log.c
+++ b/modules/ssl/ssl_engine_log.c
@@ -171,10 +171,10 @@ static void ssl_log_cert_error(const cha
BIO_puts(bio, "(ERROR)");
BIO_puts(bio, " / notbefore: ");
- ASN1_TIME_print(bio, X509_get_notBefore(cert));
+ ASN1_TIME_print(bio, X509_get0_notBefore(cert));
BIO_puts(bio, " / notafter: ");
- ASN1_TIME_print(bio, X509_get_notAfter(cert));
+ ASN1_TIME_print(bio, X509_get0_notAfter(cert));
BIO_puts(bio, "]");
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -490,13 +490,13 @@ static char *ssl_var_lookup_ssl_cert(apr
result = ssl_var_lookup_ssl_cert_serial(p, xs);
}
else if (strcEQ(var, "V_START")) {
- result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs));
+ result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notBefore(xs));
}
else if (strcEQ(var, "V_END")) {
- result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs));
+ result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notAfter(xs));
}
else if (strcEQ(var, "V_REMAIN")) {
- result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs));
+ result = ssl_var_lookup_ssl_cert_remain(p, X509_get0_notAfter(xs));
resdup = FALSE;
}
else if (*var && strcEQ(var+1, "_DN")) {
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -102,6 +102,9 @@
#include <openssl/x509v3.h>
#include <openssl/x509_vfy.h>
#include <openssl/ocsp.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/ui.h>
/* Avoid tripping over an engine build installed globally and detected
* when the user points at an explicit non-engine flavor of OpenSSL
--- a/support/ab.c
+++ b/support/ab.c
@@ -665,11 +665,11 @@ static void ssl_print_cert_info(BIO *bio
BIO_printf(bio, "Certificate version: %ld\n", X509_get_version(cert)+1);
BIO_printf(bio,"Valid from: ");
- ASN1_UTCTIME_print(bio, X509_get_notBefore(cert));
+ ASN1_UTCTIME_print(bio, X509_get0_notBefore(cert));
BIO_printf(bio,"\n");
BIO_printf(bio,"Valid to : ");
- ASN1_UTCTIME_print(bio, X509_get_notAfter(cert));
+ ASN1_UTCTIME_print(bio, X509_get0_notAfter(cert));
BIO_printf(bio,"\n");
pk = X509_get_pubkey(cert);
@@ -2647,8 +2647,10 @@ int main(int argc, const char * const ar
CRYPTO_malloc_init();
#endif
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_load_error_strings();
SSL_library_init();
+#endif
bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);