diff --git a/net/apache/Makefile b/net/apache/Makefile index 154d0fc7c7..108bcc470f 100644 --- a/net/apache/Makefile +++ b/net/apache/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=apache -PKG_VERSION:=2.4.58 +PKG_VERSION:=2.4.59 PKG_RELEASE:=1 PKG_SOURCE_NAME:=httpd PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=@APACHE/httpd/ -PKG_HASH:=fa16d72a078210a54c47dd5bef2f8b9b8a01d94909a51453956b3ec6442ea4c5 +PKG_HASH:=ec51501ec480284ff52f637258135d333230a7d229c3afa6f6c2f9040e321323 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_NAME)-$(PKG_VERSION) diff --git a/net/apache/patches/010-reproducible-builds.patch b/net/apache/patches/010-reproducible-builds.patch index 8d73efec85..79c50e488a 100644 --- a/net/apache/patches/010-reproducible-builds.patch +++ b/net/apache/patches/010-reproducible-builds.patch @@ -18,7 +18,7 @@ Last-Update: 2015-08-11 -#endif +static const char server_built[] = ""; - AP_DECLARE(const char *) ap_get_server_built() + AP_DECLARE(const char *) ap_get_server_built(void) { --- a/server/Makefile.in +++ b/server/Makefile.in diff --git a/net/apache/patches/020-openssl-deprecated.patch b/net/apache/patches/020-openssl-deprecated.patch deleted file mode 100644 index 94115840a6..0000000000 --- a/net/apache/patches/020-openssl-deprecated.patch +++ /dev/null @@ -1,129 +0,0 @@ ---- a/modules/md/md_crypt.c -+++ b/modules/md/md_crypt.c -@@ -1194,23 +1194,23 @@ int md_certs_are_equal(const md_cert_t * - - int md_cert_is_valid_now(const md_cert_t *cert) - { -- return ((X509_cmp_current_time(X509_get_notBefore(cert->x509)) < 0) -- && (X509_cmp_current_time(X509_get_notAfter(cert->x509)) > 0)); -+ return ((X509_cmp_current_time(X509_get0_notBefore(cert->x509)) < 0) -+ && (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) > 0)); - } - - int md_cert_has_expired(const md_cert_t *cert) - { -- return (X509_cmp_current_time(X509_get_notAfter(cert->x509)) <= 0); -+ return (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) <= 0); - } - - apr_time_t md_cert_get_not_after(const md_cert_t *cert) - { -- return md_asn1_time_get(X509_get_notAfter(cert->x509)); -+ return md_asn1_time_get(X509_get0_notAfter(cert->x509)); - } - - apr_time_t md_cert_get_not_before(const md_cert_t *cert) - { -- return md_asn1_time_get(X509_get_notBefore(cert->x509)); -+ return md_asn1_time_get(X509_get0_notBefore(cert->x509)); - } - - md_timeperiod_t md_cert_get_valid(const md_cert_t *cert) ---- a/modules/ssl/ssl_engine_init.c -+++ b/modules/ssl/ssl_engine_init.c -@@ -231,7 +231,7 @@ apr_status_t ssl_init_Module(apr_pool_t - apr_status_t rv; - apr_array_header_t *pphrases; - -- if (SSLeay() < MODSSL_LIBRARY_VERSION) { -+ if (OpenSSL_version_num() < MODSSL_LIBRARY_VERSION) { - ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01882) - "Init: this version of mod_ssl was compiled against " - "a newer library (%s, version currently loaded is %s)" ---- a/modules/ssl/ssl_engine_io.c -+++ b/modules/ssl/ssl_engine_io.c -@@ -1316,9 +1316,9 @@ static apr_status_t ssl_io_filter_handsh - if (dc->proxy->ssl_check_peer_expire != FALSE) { - if (!cert - || (X509_cmp_current_time( -- X509_get_notBefore(cert)) >= 0) -+ X509_get0_notBefore(cert)) >= 0) - || (X509_cmp_current_time( -- X509_get_notAfter(cert)) <= 0)) { -+ X509_get0_notAfter(cert)) <= 0)) { - proxy_ssl_check_peer_ok = FALSE; - ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c, APLOGNO(02004) - "SSL Proxy: Peer certificate is expired"); ---- a/modules/ssl/ssl_engine_log.c -+++ b/modules/ssl/ssl_engine_log.c -@@ -171,10 +171,10 @@ static void ssl_log_cert_error(const cha - BIO_puts(bio, "(ERROR)"); - - BIO_puts(bio, " / notbefore: "); -- ASN1_TIME_print(bio, X509_get_notBefore(cert)); -+ ASN1_TIME_print(bio, X509_get0_notBefore(cert)); - - BIO_puts(bio, " / notafter: "); -- ASN1_TIME_print(bio, X509_get_notAfter(cert)); -+ ASN1_TIME_print(bio, X509_get0_notAfter(cert)); - - BIO_puts(bio, "]"); - ---- a/modules/ssl/ssl_engine_vars.c -+++ b/modules/ssl/ssl_engine_vars.c -@@ -490,13 +490,13 @@ static char *ssl_var_lookup_ssl_cert(apr - result = ssl_var_lookup_ssl_cert_serial(p, xs); - } - else if (strcEQ(var, "V_START")) { -- result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs)); -+ result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notBefore(xs)); - } - else if (strcEQ(var, "V_END")) { -- result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs)); -+ result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notAfter(xs)); - } - else if (strcEQ(var, "V_REMAIN")) { -- result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs)); -+ result = ssl_var_lookup_ssl_cert_remain(p, X509_get0_notAfter(xs)); - resdup = FALSE; - } - else if (*var && strcEQ(var+1, "_DN")) { ---- a/modules/ssl/ssl_private.h -+++ b/modules/ssl/ssl_private.h -@@ -102,6 +102,9 @@ - #include - #include - #include -+#include -+#include -+#include - - /* Avoid tripping over an engine build installed globally and detected - * when the user points at an explicit non-engine flavor of OpenSSL ---- a/support/ab.c -+++ b/support/ab.c -@@ -665,11 +665,11 @@ static void ssl_print_cert_info(BIO *bio - - BIO_printf(bio, "Certificate version: %ld\n", X509_get_version(cert)+1); - BIO_printf(bio,"Valid from: "); -- ASN1_UTCTIME_print(bio, X509_get_notBefore(cert)); -+ ASN1_UTCTIME_print(bio, X509_get0_notBefore(cert)); - BIO_printf(bio,"\n"); - - BIO_printf(bio,"Valid to : "); -- ASN1_UTCTIME_print(bio, X509_get_notAfter(cert)); -+ ASN1_UTCTIME_print(bio, X509_get0_notAfter(cert)); - BIO_printf(bio,"\n"); - - pk = X509_get_pubkey(cert); -@@ -2647,8 +2647,10 @@ int main(int argc, const char * const ar - CRYPTO_malloc_init(); - #endif - #endif -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - SSL_load_error_strings(); - SSL_library_init(); -+#endif - bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); -