git: 50f24dd9de4a - main - www/mod_gnutls: update to 0.12.0 (+)
Date: Sat, 03 Sep 2022 15:57:35 UTC
The branch main has been updated by fluffy: URL: https://cgit.FreeBSD.org/ports/commit/?id=50f24dd9de4a59ae50f15855ba365ad6fde33134 commit 50f24dd9de4a59ae50f15855ba365ad6fde33134 Author: Dima Panov <fluffy@FreeBSD.org> AuthorDate: 2022-09-03 15:55:52 +0000 Commit: Dima Panov <fluffy@FreeBSD.org> CommitDate: 2022-09-03 15:57:30 +0000 www/mod_gnutls: update to 0.12.0 (+) Major change is three fixes that make mod_gnutls compatible with the Let's Encrypt OCSP responder for OCSP stapling. With hat: ports-secteam --- www/mod_gnutls/Makefile | 13 +++++++++---- www/mod_gnutls/distinfo | 6 +++--- www/mod_gnutls/files/patch-src_gnutls__io.c | 6 +++--- www/mod_gnutls/files/patch-src_gnutls__ocsp.c | 8 ++++---- www/mod_gnutls/files/patch-src_gnutls__sni.c | 15 +++++++++++++++ www/mod_gnutls/files/patch-src_gnutls__util.c | 4 ++-- 6 files changed, 36 insertions(+), 16 deletions(-) diff --git a/www/mod_gnutls/Makefile b/www/mod_gnutls/Makefile index 7848ff8ecb00..a99cd4871ca6 100644 --- a/www/mod_gnutls/Makefile +++ b/www/mod_gnutls/Makefile @@ -1,6 +1,5 @@ PORTNAME= mod_gnutls -PORTVERSION= 0.8.4 -PORTREVISION= 2 +PORTVERSION= 0.12.0 CATEGORIES= www security MASTER_SITES= https://mod.gnutls.org/downloads/ PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX} @@ -11,20 +10,26 @@ COMMENT= Extension for Apache httpd using GnuTLS library to provide HTTPS LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE +BUILD_DEPENDS= ${RUN_DEPENDS} +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}yaml>=3.13:devel/py-yaml@${PY_FLAVOR} LIB_DEPENDS= libgnutls.so:security/gnutls GNU_CONFIGURE= yes -USES= apache:2.4 compiler:c++11-lang cpe libtool pkgconfig tar:bzip2 +USES= apache:2.4 compiler:c++11-lang cpe libtool pkgconfig python:3.7+ tar:bzip2 CPE_VENDOR= ${PORTNAME}_project +BINARY_ALIAS= python3=${PYTHON_CMD} python=${PYTHON_CMD} + DBDIR= ${PREFIX}/var/db/${PORTNAME} PLIST_SUB= SED="${SED}" WWWGRP=${WWWGRP} WWWOWN=${WWWOWN} SUB_FILES= pkg-message SUB_LIST= DBDIR="${DBDIR}" -CFLAGS+= -Wno-deprecated-declarations +CFLAGS+= -Wno-deprecated-declarations -Wno-null-pointer-subtraction CONFIGURE_ARGS= --with-apxs="${APXS}" +INSTALL_TARGET= install-strip + post-install: ${MKDIR} "${STAGEDIR}${DBDIR}" diff --git a/www/mod_gnutls/distinfo b/www/mod_gnutls/distinfo index 427c8963aaf4..a9daa1ff7b24 100644 --- a/www/mod_gnutls/distinfo +++ b/www/mod_gnutls/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1524324472 -SHA256 (mod_gnutls-0.8.4.tar.bz2) = f2dbd0d9a329568a166a1fc1eafc81ab955bdebd36b9546a9466f248c3adcdf7 -SIZE (mod_gnutls-0.8.4.tar.bz2) = 422811 +TIMESTAMP = 1661878634 +SHA256 (mod_gnutls-0.12.0.tar.bz2) = d986ff68de94b80e505f8b6bd68bd1ba146bf234b40d1f519695fe15592e995b +SIZE (mod_gnutls-0.12.0.tar.bz2) = 461643 diff --git a/www/mod_gnutls/files/patch-src_gnutls__io.c b/www/mod_gnutls/files/patch-src_gnutls__io.c index 2d3441f460b0..c0ed339dc410 100644 --- a/www/mod_gnutls/files/patch-src_gnutls__io.c +++ b/www/mod_gnutls/files/patch-src_gnutls__io.c @@ -1,6 +1,6 @@ ---- src/gnutls_io.c.orig 2016-12-25 18:36:37 UTC +--- src/gnutls_io.c.orig 2021-08-13 20:27:17 UTC +++ src/gnutls_io.c -@@ -23,7 +23,8 @@ +@@ -25,7 +25,8 @@ APLOG_USE_MODULE(gnutls); APLOG_USE_MODULE(gnutls); #endif @@ -10,7 +10,7 @@ #include <inttypes.h> #endif -@@ -572,18 +573,21 @@ apr_status_t mgs_filter_input(ap_filter_t * f, +@@ -576,18 +577,21 @@ apr_status_t mgs_filter_input(ap_filter_t * f, * might have different lengths. Read sizes should be too * small for 32 or 64 bit to matter, but we have to make * sure. */ diff --git a/www/mod_gnutls/files/patch-src_gnutls__ocsp.c b/www/mod_gnutls/files/patch-src_gnutls__ocsp.c index 458b418a08fd..fa04fa311575 100644 --- a/www/mod_gnutls/files/patch-src_gnutls__ocsp.c +++ b/www/mod_gnutls/files/patch-src_gnutls__ocsp.c @@ -1,6 +1,6 @@ ---- src/gnutls_ocsp.c.orig 2017-01-08 14:16:07 UTC +--- src/gnutls_ocsp.c.orig 2021-07-29 19:47:39 UTC +++ src/gnutls_ocsp.c -@@ -414,7 +414,8 @@ static gnutls_datum_t mgs_get_cert_fingerprint(apr_poo +@@ -446,7 +446,8 @@ static gnutls_datum_t mgs_get_cert_fingerprint(apr_poo /* Safe integer type conversion: The types of fingerprint.size * (unsigned int) and fplen (size_t) may have different * lengths. */ @@ -10,7 +10,7 @@ if (__builtin_expect(fplen <= UINT_MAX, 1)) { fingerprint.size = (unsigned int) fplen; -@@ -569,7 +570,8 @@ static apr_status_t do_ocsp_request(apr_pool_t *p, ser +@@ -603,7 +604,8 @@ static apr_status_t do_ocsp_request(apr_pool_t *p, ser } /* With the length restriction this really should not overflow. */ @@ -20,7 +20,7 @@ if (__builtin_expect(len > UINT_MAX, 0)) #else if (__builtin_add_overflow(len, 0, &response->size)) -@@ -580,7 +582,8 @@ static apr_status_t do_ocsp_request(apr_pool_t *p, ser +@@ -614,7 +616,8 @@ static apr_status_t do_ocsp_request(apr_pool_t *p, ser } else { diff --git a/www/mod_gnutls/files/patch-src_gnutls__sni.c b/www/mod_gnutls/files/patch-src_gnutls__sni.c new file mode 100644 index 000000000000..ec30d7ae220e --- /dev/null +++ b/www/mod_gnutls/files/patch-src_gnutls__sni.c @@ -0,0 +1,15 @@ +--- src/gnutls_sni.c.orig 2019-01-28 19:50:38 UTC ++++ src/gnutls_sni.c +@@ -18,7 +18,12 @@ + + #include <apr_lib.h> + #include <apr_strings.h> ++#if defined(__FreeBSD__) ++#include <sys/endian.h> ++#define bswap_16(x) bswap16(x) ++#else + #include <byteswap.h> ++#endif + #include <gnutls/gnutls.h> + #include <inttypes.h> + diff --git a/www/mod_gnutls/files/patch-src_gnutls__util.c b/www/mod_gnutls/files/patch-src_gnutls__util.c index 138353bcfc0a..da9e96b993ed 100644 --- a/www/mod_gnutls/files/patch-src_gnutls__util.c +++ b/www/mod_gnutls/files/patch-src_gnutls__util.c @@ -1,6 +1,6 @@ ---- src/gnutls_util.c.orig 2016-12-25 18:36:37 UTC +--- src/gnutls_util.c.orig 2021-07-11 11:33:26 UTC +++ src/gnutls_util.c -@@ -113,7 +113,8 @@ apr_status_t datum_from_file(apr_pool_t *p, const char +@@ -121,7 +121,8 @@ apr_status_t datum_from_file(apr_pool_t *p, const char /* safe integer type conversion: unsigned int and apr_size_t might * have different sizes */