From owner-svn-ports-all@freebsd.org Wed Jul 12 19:31:43 2017 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A48E8DA17E7; Wed, 12 Jul 2017 19:31:43 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7031074592; Wed, 12 Jul 2017 19:31:43 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v6CJVgND040613; Wed, 12 Jul 2017 19:31:42 GMT (envelope-from brnrd@FreeBSD.org) Received: (from brnrd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v6CJVfT6040596; Wed, 12 Jul 2017 19:31:41 GMT (envelope-from brnrd@FreeBSD.org) Message-Id: <201707121931.v6CJVfT6040596@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brnrd set sender to brnrd@FreeBSD.org using -f From: Bernard Spil Date: Wed, 12 Jul 2017 19:31:41 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r445603 - in head/www/apache24: . files X-SVN-Group: ports-head X-SVN-Commit-Author: brnrd X-SVN-Commit-Paths: in head/www/apache24: . files X-SVN-Commit-Revision: 445603 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2017 19:31:43 -0000 Author: brnrd Date: Wed Jul 12 19:31:40 2017 New Revision: 445603 URL: https://svnweb.freebsd.org/changeset/ports/445603 Log: www/apache24: Update to 2.4.27 - Bugfix update to 2.4.27 - Fix build with LibreSSL [1] - Add brotli compression option - Add pkg-message for 10.3 base-ssl users - HTTP/2 is production ready, default enable - warn users of 10.3 for mod_http2/OpenSSL 1.0.1 [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61184 PR: 220160 [1] Reported by: Markus Kohlmeyer Reviewed by: ohauer (hat) Approved by: ohauer (hat) Differential Revision: https://reviews.freebsd.org/D11285 Added: head/www/apache24/files/patch-modules_ssl_mod__ssl.c (contents, props changed) head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c (contents, props changed) head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c (contents, props changed) head/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c (contents, props changed) head/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c (contents, props changed) head/www/apache24/files/patch-modules_ssl_ssl__private.h (contents, props changed) head/www/apache24/files/patch-modules_ssl_ssl__util.c (contents, props changed) head/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h (contents, props changed) head/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c (contents, props changed) head/www/apache24/files/patch-support_ab.c (contents, props changed) head/www/apache24/files/pkg-message.in (contents, props changed) Modified: head/www/apache24/Makefile head/www/apache24/Makefile.options head/www/apache24/Makefile.options.desc head/www/apache24/distinfo head/www/apache24/pkg-plist Modified: head/www/apache24/Makefile ============================================================================== --- head/www/apache24/Makefile Wed Jul 12 19:26:14 2017 (r445602) +++ head/www/apache24/Makefile Wed Jul 12 19:31:40 2017 (r445603) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= apache24 -PORTVERSION= 2.4.26 +PORTVERSION= 2.4.27 CATEGORIES= www ipv6 MASTER_SITES= APACHE_HTTPD DISTNAME= httpd-${PORTVERSION} @@ -78,6 +78,8 @@ IPV4_MAPPED_CONFIGURE_ENABLE= v4-mapped LDAP_CONFIGURE_ON= --enable-ldap=shared +BROTLI_CONFIGURE_ON= --with-brotli=${LOCALBASE} +BROTLI_LIB_DEPENDS= libbrotlicommon.so:archivers/brotli HTTP2_CONFIGURE_ON= --with-nghttp2=${LOCALBASE} HTTP2_LIB_DEPENDS= libnghttp2.so:www/libnghttp2 LUAJIT_LIB_DEPENDS= libluajit-5.1.so:lang/luajit @@ -85,7 +87,6 @@ LUA_CONFIGURE_WITH= lua LUA_USES= lua PROXY_HTTP2_CONFIGURE_ON= --with-nghttp2=${LOCALBASE} PROXY_HTTP2_LIB_DEPENDS= libnghttp2.so:www/libnghttp2 - SOCACHE_DC_CONFIGURE_ON= --with-distcache=${LOCALBASE} SOCACHE_DC_LIB_DEPENDS= libdistcache.so:security/distcache @@ -98,7 +99,6 @@ SSL_LDFLAGS= -L${OPENSSLLIB} SSL_USES= ssl .include - ETC_SUBDIRS= Includes envvars.d extra modules.d APR_CONFIG?= ${LOCALBASE}/bin/apr-1-config @@ -149,6 +149,11 @@ USE_GNOME= libxml2 .include .include "${APACHEDIR}/Makefile.modules" + +.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1100085 &&\ + ${PORT_OPTIONS:MHTTP2} && ${OPENSSLBASE} == /usr +SUB_FILES+= pkg-message +.endif post-extract: # remove possible leftover .svn directories in the sources Modified: head/www/apache24/Makefile.options ============================================================================== --- head/www/apache24/Makefile.options Wed Jul 12 19:26:14 2017 (r445602) +++ head/www/apache24/Makefile.options Wed Jul 12 19:31:40 2017 (r445603) @@ -11,11 +11,10 @@ # mod_proxy_html and xml2enc depending on libxml2 PROXY_ENABLED_MODULES= \ - PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_EXPRESS PROXY_FCGI \ + PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_EXPRESS PROXY_FCGI PROXY_HTTP2 \ PROXY_FDPASS PROXY_FTP PROXY_HCHECK PROXY_HTML PROXY_HTTP PROXY_SCGI PROXY_WSTUNNEL -PROXY_DISABLED_MODULES= \ - PROXY_HTTP2 +PROXY_DISABLED_MODULES= # SESSION_CRYPTO need APR build with crypto (EVP support in APR) SESSION_ENABLED_MODULES= \ @@ -40,7 +39,7 @@ MOST_ENABLED_MODULES= \ DATA DAV DAV_FS DAV_LOCK DBD DEFLATE DIALUP DIR DUMPIO \ ENV EXPIRES EXT_FILTER \ FILE_CACHE FILTER \ - HEADERS HEARTBEAT HEARTMONITOR \ + HEADERS HEARTBEAT HEARTMONITOR HTTP2 \ IMAGEMAP INCLUDE INFO \ LBMETHOD_BYBUSYNESS LBMETHOD_BYREQUESTS LBMETHOD_BYTRAFFIC \ LBMETHOD_HEARTBEAT LOGIO LOG_DEBUG LOG_FORENSIC \ @@ -55,9 +54,8 @@ MOST_ENABLED_MODULES= \ WATCHDOG XML2ENC MOST_DISABLED_MODULES:= \ - AUTHNZ_LDAP IDENT LDAP LUA SOCACHE_DC SUEXEC HTTP2 + AUTHNZ_LDAP BROTLI IDENT LDAP LUA SOCACHE_DC SUEXEC -# XXX PROXY and SESSION are modules but also used to # enable/disable additional PROXY/SESSION modules META_MODULES= PROXY SESSION @@ -100,4 +98,3 @@ OPTIONS_DEFAULT:= \ ${PROXY_ENABLED_MODULES} \ MPM_SHARED \ MPM_PREFORK - Modified: head/www/apache24/Makefile.options.desc ============================================================================== --- head/www/apache24/Makefile.options.desc Wed Jul 12 19:26:14 2017 (r445602) +++ head/www/apache24/Makefile.options.desc Wed Jul 12 19:31:40 2017 (r445603) @@ -63,6 +63,7 @@ AUTH_DIGEST_DESC= RFC2617 Digest authentication AUTH_FORM_DESC= Form authentication AUTOINDEX_DESC= Directory listing +BROTLI_DESC= Brotli compression support BUCKETEER_DESC= (dev) buckets manipulation filter BUFFER_DESC= Filter Buffering @@ -99,7 +100,7 @@ FILTER_DESC= Smart Filtering HEADERS_DESC= HTTP header control HEARTBEAT_DESC= Generates Heartbeats HEARTMONITOR_DESC= Collects Heartbeats -HTTP2_DESC= HTTP/2 (RFC 7540) support (experimental) +HTTP2_DESC= HTTP/2 (RFC 7540) support IDENT_DESC= RFC 1413 ident lookups IMAGEMAP_DESC= Server-side imagemaps Modified: head/www/apache24/distinfo ============================================================================== --- head/www/apache24/distinfo Wed Jul 12 19:26:14 2017 (r445602) +++ head/www/apache24/distinfo Wed Jul 12 19:31:40 2017 (r445603) @@ -1,3 +1,3 @@ -TIMESTAMP = 1498129310 -SHA256 (apache24/httpd-2.4.26.tar.bz2) = a07eb52fafc879e0149d31882f7da63173e72df4478db4dc69f7a775b663d387 -SIZE (apache24/httpd-2.4.26.tar.bz2) = 6524642 +TIMESTAMP = 1499686775 +SHA256 (apache24/httpd-2.4.27.tar.bz2) = 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a +SIZE (apache24/httpd-2.4.27.tar.bz2) = 6527394 Added: head/www/apache24/files/patch-modules_ssl_mod__ssl.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/apache24/files/patch-modules_ssl_mod__ssl.c Wed Jul 12 19:31:40 2017 (r445603) @@ -0,0 +1,34 @@ +--- modules/ssl/mod_ssl.c.orig 2017-04-03 11:39:20 UTC ++++ modules/ssl/mod_ssl.c +@@ -337,12 +337,12 @@ static apr_status_t ssl_cleanup_pre_conf + #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES + ENGINE_cleanup(); + #endif +-#if OPENSSL_VERSION_NUMBER >= 0x1000200fL ++#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_COMP) + SSL_COMP_free_compression_methods(); + #endif + + /* Usually needed per thread, but this parent process is single-threaded */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #if OPENSSL_VERSION_NUMBER >= 0x1000000fL + ERR_remove_thread_state(NULL); + #else +@@ -383,14 +383,14 @@ static int ssl_hook_pre_config(apr_pool_ + /* Some OpenSSL internals are allocated per-thread, make sure they + * are associated to the/our same thread-id until cleaned up. + */ +-#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L ++#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ssl_util_thread_id_setup(pconf); + #endif + + /* We must register the library in full, to ensure our configuration + * code can successfully test the SSL environment. + */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + CRYPTO_malloc_init(); + #else + OPENSSL_malloc_init(); Added: head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c Wed Jul 12 19:31:40 2017 (r445603) @@ -0,0 +1,47 @@ +--- modules/ssl/ssl_engine_init.c.orig 2017-04-03 11:39:20 UTC ++++ modules/ssl/ssl_engine_init.c +@@ -47,7 +47,7 @@ APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, + #define KEYTYPES "RSA or DSA" + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* OpenSSL Pre-1.1.0 compatibility */ + /* Taken from OpenSSL 1.1.0 snapshot 20160410 */ + static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) +@@ -257,7 +257,7 @@ apr_status_t ssl_init_Module(apr_pool_t + #endif + } + +-#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L ++#if APR_HAS_THREADS && ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ) + ssl_util_thread_setup(p); + #endif + +@@ -380,7 +380,7 @@ apr_status_t ssl_init_Module(apr_pool_t + modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */ + + init_dh_params(); +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + init_bio_methods(); + #endif + +@@ -1301,7 +1301,7 @@ static apr_status_t ssl_init_server_cert + * or configure NIST P-256 (required to enable ECDHE for earlier versions) + * ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList + */ +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + else { + #if defined(SSL_CTX_set_ecdh_auto) + SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1); +@@ -2011,7 +2011,7 @@ apr_status_t ssl_init_ModuleKill(void *d + + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + free_bio_methods(); + #endif + free_dh_params(); Added: head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/apache24/files/patch-modules_ssl_ssl__engine__io.c Wed Jul 12 19:31:40 2017 (r445603) @@ -0,0 +1,38 @@ +--- modules/ssl/ssl_engine_io.c.orig 2017-05-30 12:26:05 UTC ++++ modules/ssl/ssl_engine_io.c +@@ -164,7 +164,7 @@ static int bio_filter_create(BIO *bio) + { + BIO_set_shutdown(bio, 1); + BIO_set_init(bio, 1); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* No setter method for OpenSSL 1.1.0 available, + * but I can't find any functional use of the + * "num" field there either. +@@ -549,7 +549,7 @@ static long bio_filter_in_ctrl(BIO *bio, + return -1; + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + static BIO_METHOD bio_filter_out_method = { + BIO_TYPE_MEM, +@@ -2024,7 +2024,7 @@ static void ssl_io_input_add_filter(ssl_ + + filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, r, c); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + filter_ctx->pbioRead = BIO_new(&bio_filter_in_method); + #else + filter_ctx->pbioRead = BIO_new(bio_filter_in_method); +@@ -2059,7 +2059,7 @@ void ssl_io_filter_init(conn_rec *c, req + filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter, + filter_ctx, r, c); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method); + #else + filter_ctx->pbioWrite = BIO_new(bio_filter_out_method); Added: head/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/apache24/files/patch-modules_ssl_ssl__engine__kernel.c Wed Jul 12 19:31:40 2017 (r445603) @@ -0,0 +1,11 @@ +--- modules/ssl/ssl_engine_kernel.c.orig 2017-05-02 11:01:17 UTC ++++ modules/ssl/ssl_engine_kernel.c +@@ -1733,7 +1733,7 @@ static void modssl_proxy_info_log(conn_r + * so we need to increment here to prevent them from + * being freed. + */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #define modssl_set_cert_info(info, cert, pkey) \ + *cert = info->x509; \ + CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \ Added: head/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/apache24/files/patch-modules_ssl_ssl__engine__vars.c Wed Jul 12 19:31:40 2017 (r445603) @@ -0,0 +1,11 @@ +--- modules/ssl/ssl_engine_vars.c.orig 2017-03-20 12:01:16 UTC ++++ modules/ssl/ssl_engine_vars.c +@@ -529,7 +529,7 @@ static char *ssl_var_lookup_ssl_cert(apr + resdup = FALSE; + } + else if (strcEQ(var, "A_SIG")) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->signature->algorithm)); + #else + const ASN1_OBJECT *paobj; Added: head/www/apache24/files/patch-modules_ssl_ssl__private.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/apache24/files/patch-modules_ssl_ssl__private.h Wed Jul 12 19:31:40 2017 (r445603) @@ -0,0 +1,55 @@ +--- modules/ssl/ssl_private.h.orig 2017-04-03 11:39:20 UTC ++++ modules/ssl/ssl_private.h +@@ -123,6 +123,16 @@ + #define MODSSL_SSL_METHOD_CONST + #endif + ++#if defined(LIBRESSL_VERSION_NUMBER) ++/* Missing from LibreSSL */ ++#define SSL_CTRL_SET_MIN_PROTO_VERSION 123 ++#define SSL_CTRL_SET_MAX_PROTO_VERSION 124 ++#define SSL_CTX_set_min_proto_version(ctx, version) \ ++ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) ++#define SSL_CTX_set_max_proto_version(ctx, version) \ ++ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) ++#endif ++ + #if defined(OPENSSL_FIPS) + #define HAVE_FIPS + #endif +@@ -136,7 +146,7 @@ + #endif + + /* session id constness */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #define IDCONST + #else + #define IDCONST const +@@ -199,7 +209,7 @@ + + #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */ + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #define BN_get_rfc2409_prime_768 get_rfc2409_prime_768 + #define BN_get_rfc2409_prime_1024 get_rfc2409_prime_1024 + #define BN_get_rfc3526_prime_1536 get_rfc3526_prime_1536 +@@ -219,7 +229,7 @@ void init_bio_methods(void); + void free_bio_methods(void); + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10002000L ++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) + #define X509_STORE_CTX_get0_store(x) (x->ctx) + #endif + +@@ -934,7 +944,7 @@ char *ssl_util_readfilter(server_ + const char * const *); + BOOL ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *); + #if APR_HAS_THREADS +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + void ssl_util_thread_setup(apr_pool_t *); + #endif + void ssl_util_thread_id_setup(apr_pool_t *); Added: head/www/apache24/files/patch-modules_ssl_ssl__util.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/apache24/files/patch-modules_ssl_ssl__util.c Wed Jul 12 19:31:40 2017 (r445603) @@ -0,0 +1,11 @@ +--- modules/ssl/ssl_util.c.orig 2017-03-24 13:31:03 UTC ++++ modules/ssl/ssl_util.c +@@ -247,7 +247,7 @@ void ssl_asn1_table_unset(apr_hash_t *ta + } + + #if APR_HAS_THREADS +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* + * To ensure thread-safetyness in OpenSSL - work in progress + */ Added: head/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/apache24/files/patch-modules_ssl_ssl__util__ssl.h Wed Jul 12 19:31:40 2017 (r445603) @@ -0,0 +1,11 @@ +--- modules/ssl/ssl_util_ssl.h.orig 2017-03-20 12:01:16 UTC ++++ modules/ssl/ssl_util_ssl.h +@@ -41,7 +41,7 @@ + #define MODSSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER + #define MODSSL_LIBRARY_NAME "OpenSSL" + #define MODSSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #define MODSSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION) + #else + #define MODSSL_LIBRARY_DYNTEXT OpenSSL_version(OPENSSL_VERSION) Added: head/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/apache24/files/patch-modules_ssl_ssl__util__stapling.c Wed Jul 12 19:31:40 2017 (r445603) @@ -0,0 +1,11 @@ +--- modules/ssl/ssl_util_stapling.c.orig 2017-07-06 21:11:28 UTC ++++ modules/ssl/ssl_util_stapling.c +@@ -91,7 +91,7 @@ static X509 *stapling_get_issuer(modssl_ + for (i = 0; i < sk_X509_num(extra_certs); i++) { + issuer = sk_X509_value(extra_certs, i); + if (X509_check_issued(issuer, x) == X509_V_OK) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER < 0x2050000fL + CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509); + #else + X509_up_ref(issuer); Added: head/www/apache24/files/patch-support_ab.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/apache24/files/patch-support_ab.c Wed Jul 12 19:31:40 2017 (r445603) @@ -0,0 +1,17 @@ +--- support/ab.c.orig 2017-05-28 21:15:41 UTC ++++ support/ab.c +@@ -197,6 +197,14 @@ typedef STACK_OF(X509) X509_STACK_TYPE; + #if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) + #define HAVE_TLSEXT + #endif ++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2060000f ++# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 ++# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 ++#define SSL_CTX_set_min_proto_version(ctx, version) \ ++ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) ++#define SSL_CTX_set_max_proto_version(ctx, version) \ ++ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) ++#endif + #endif + + #include Added: head/www/apache24/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/apache24/files/pkg-message.in Wed Jul 12 19:31:40 2017 (r445603) @@ -0,0 +1,5 @@ +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!! mod_http2 on FreeBSD with OpenSSL from base results in a mostly !! +!! functionally unusable module due to lack of "Upgrade" !! +!! capability in OpenSSL 1.0.1. !! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Modified: head/www/apache24/pkg-plist ============================================================================== --- head/www/apache24/pkg-plist Wed Jul 12 19:26:14 2017 (r445602) +++ head/www/apache24/pkg-plist Wed Jul 12 19:31:40 2017 (r445603) @@ -109,6 +109,7 @@ libexec/apache24/httpd.exp %%MOD_AUTHZ_OWNER%%libexec/apache24/mod_authz_owner.so %%MOD_AUTHZ_USER%%libexec/apache24/mod_authz_user.so %%MOD_AUTOINDEX%%libexec/apache24/mod_autoindex.so +%%MOD_BROTLI%%libexec/apache24/mod_brotli.so %%MOD_BUCKETEER%%libexec/apache24/mod_bucketeer.so %%MOD_BUFFER%%libexec/apache24/mod_buffer.so %%MOD_CACHE%%libexec/apache24/mod_cache.so