git: 145858d18e57 - main - www/tomcat-native2: new port
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 29 Apr 2024 17:10:28 UTC
The branch main has been updated by michaelo: URL: https://cgit.FreeBSD.org/ports/commit/?id=145858d18e57843af64146a7f961e116b7266956 commit 145858d18e57843af64146a7f961e116b7266956 Author: Michael Osipov <michaelo@apache.org> AuthorDate: 2024-04-17 09:45:43 +0000 Commit: Michael Osipov <michaelo@FreeBSD.org> CommitDate: 2024-04-29 17:09:47 +0000 www/tomcat-native2: new port PR: 276736 Approved by: jrm (mentor) Tested by: jonc@chen.org.nz Differential Revision: https://reviews.freebsd.org/D44824 --- www/Makefile | 1 + www/tomcat-native2/Makefile | 37 +++++++++++++ www/tomcat-native2/distinfo | 3 ++ .../files/patch-include_ssl__private.h | 12 +++++ www/tomcat-native2/files/patch-src_ssl.c | 63 ++++++++++++++++++++++ www/tomcat-native2/files/patch-src_sslutils.c | 14 +++++ www/tomcat-native2/pkg-descr | 3 ++ 7 files changed, 133 insertions(+) diff --git a/www/Makefile b/www/Makefile index fe7e9865e7be..1864982cb05d 100644 --- a/www/Makefile +++ b/www/Makefile @@ -2384,6 +2384,7 @@ SUBDIR += tokyopromenade SUBDIR += tomcat-devel SUBDIR += tomcat-native + SUBDIR += tomcat-native2 SUBDIR += tomcat101 SUBDIR += tomcat85 SUBDIR += tomcat9 diff --git a/www/tomcat-native2/Makefile b/www/tomcat-native2/Makefile new file mode 100644 index 000000000000..4cb291adc34c --- /dev/null +++ b/www/tomcat-native2/Makefile @@ -0,0 +1,37 @@ +PORTNAME= tomcat-native +DISTVERSION= 2.0.7 +CATEGORIES= www java +MASTER_SITES= https://archive.apache.org/dist/tomcat/tomcat-connectors/native/${PORTVERSION}/source/ +PKGNAMESUFFIX= 2 +DISTNAME= ${PORTNAME}-${PORTVERSION}-src + +MAINTAINER= michaelo@apache.org +COMMENT= Tomcat native library +WWW= https://tomcat.apache.org/native-doc/ + +LICENSE= APACHE20 + +LIB_DEPENDS= libapr-1.so:devel/apr1 + +USES= libtool ssl +USE_JAVA= yes +USE_LDCONFIG= yes +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --with-apr=${LOCALBASE} \ + --with-java-home=${JAVA_HOME} \ + --with-ssl=${OPENSSLBASE} \ + --disable-openssl-version-check + +WRKSRC= ${WRKDIR}/${DISTNAME}/native + +SOVERSION= ${PORTVERSION:E} +MAJORVERSION= ${PORTVERSION:R:R} +PLIST_FILES= lib/libtcnative-${MAJORVERSION}.so \ + lib/libtcnative-${MAJORVERSION}.so.0 \ + lib/libtcnative-${MAJORVERSION}.so.0.0.${SOVERSION} + +post-install: + ${RM} ${STAGEDIR}${PREFIX}/lib/libtcnative-${MAJORVERSION}.a + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libtcnative-${MAJORVERSION}.so.0.0.${SOVERSION} + +.include <bsd.port.mk> diff --git a/www/tomcat-native2/distinfo b/www/tomcat-native2/distinfo new file mode 100644 index 000000000000..6c7db5104702 --- /dev/null +++ b/www/tomcat-native2/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1713346420 +SHA256 (tomcat-native-2.0.7-src.tar.gz) = 2c5afc7edc383e47660647e9a7071ad81f58e51c7f765c12f7e7afc9203b2d4d +SIZE (tomcat-native-2.0.7-src.tar.gz) = 538131 diff --git a/www/tomcat-native2/files/patch-include_ssl__private.h b/www/tomcat-native2/files/patch-include_ssl__private.h new file mode 100644 index 000000000000..80ff3e5c8cd9 --- /dev/null +++ b/www/tomcat-native2/files/patch-include_ssl__private.h @@ -0,0 +1,12 @@ +--- include/ssl_private.h.orig 2024-02-04 19:32:52 UTC ++++ include/ssl_private.h +@@ -46,9 +46,6 @@ + #include <openssl/x509v3.h> + #include <openssl/dh.h> + #include <openssl/bn.h> +-#ifndef LIBRESSL_VERSION_NUMBER +-#include <openssl/provider.h> +-#endif + /* Avoid tripping over an engine build installed globally and detected + * when the user points at an explicit non-engine flavor of OpenSSL + */ diff --git a/www/tomcat-native2/files/patch-src_ssl.c b/www/tomcat-native2/files/patch-src_ssl.c new file mode 100644 index 000000000000..b3b37819b955 --- /dev/null +++ b/www/tomcat-native2/files/patch-src_ssl.c @@ -0,0 +1,63 @@ +--- src/ssl.c.orig 2024-02-04 19:32:52 UTC ++++ src/ssl.c +@@ -395,30 +395,14 @@ TCN_IMPLEMENT_CALL(void, SSL, randSet)(TCN_STDARGS, js + + TCN_IMPLEMENT_CALL(jint, SSL, fipsModeGet)(TCN_STDARGS) + { +-#if defined(LIBRESSL_VERSION_NUMBER) + UNREFERENCED(o); +- /* LibreSSL doesn't support FIPS */ +- return 0; ++#ifdef OPENSSL_FIPS ++ return FIPS_mode(); + #else +- EVP_MD *md; +- const OSSL_PROVIDER *provider; +- const char *name; +- UNREFERENCED(o); ++ /* FIPS is unavailable */ ++ tcn_ThrowException(e, "FIPS was not available to tcnative at build time. You will need to re-build tcnative against an OpenSSL with FIPS."); + +- // Maps the OpenSSL 3. x onwards behaviour to theOpenSSL 1.x API +- +- // Checks that FIPS is the default provider +- md = EVP_MD_fetch(NULL, "SHA-512", NULL); +- provider = EVP_MD_get0_provider(md); +- name = OSSL_PROVIDER_get0_name(provider); +- // Clean up +- EVP_MD_free(md); +- +- if (strcmp("fips", name)) { +- return 0; +- } else { +- return 1; +- } ++ return 0; + #endif + } + +@@ -427,8 +411,22 @@ TCN_IMPLEMENT_CALL(jint, SSL, fipsModeSet)(TCN_STDARGS + int r = 0; + UNREFERENCED(o); + +- /* This method should never be called when using Tomcat Native 2.x onwards */ +- tcn_ThrowException(e, "fipsModeSet is not supported in Tomcat Native 2.x onwards."); ++#ifdef OPENSSL_FIPS ++ if(1 != (r = (jint)FIPS_mode_set((int)mode))) { ++ /* arrange to get a human-readable error message */ ++ unsigned long err = SSL_ERR_get(); ++ char msg[256]; ++ ++ /* ERR_load_crypto_strings() already called in initialize() */ ++ ++ ERR_error_string_n(err, msg, 256); ++ ++ tcn_ThrowException(e, msg); ++ } ++#else ++ /* FIPS is unavailable */ ++ tcn_ThrowException(e, "FIPS was not available to tcnative at build time. You will need to re-build tcnative against an OpenSSL with FIPS."); ++#endif + + return r; + } diff --git a/www/tomcat-native2/files/patch-src_sslutils.c b/www/tomcat-native2/files/patch-src_sslutils.c new file mode 100644 index 000000000000..39d22ddc7850 --- /dev/null +++ b/www/tomcat-native2/files/patch-src_sslutils.c @@ -0,0 +1,14 @@ +--- src/sslutils.c.orig 2024-02-04 19:32:52 UTC ++++ src/sslutils.c +@@ -946,11 +946,7 @@ static OCSP_RESPONSE *get_ocsp_response(apr_pool_t *p, + int ok = 0; + apr_socket_t *apr_sock = NULL; + apr_pool_t *mp; +-#ifdef LIBRESSL_VERSION_NUMBER + if (OCSP_parse_url(url, &hostname, &c_port, &path, &use_ssl) == 0) +-#else +- if (OSSL_HTTP_parse_url(url, &use_ssl, NULL, &hostname, &c_port, NULL, &path, NULL, NULL) == 0) +-#endif + goto end; + + if (sscanf(c_port, "%d", &port) != 1) diff --git a/www/tomcat-native2/pkg-descr b/www/tomcat-native2/pkg-descr new file mode 100644 index 000000000000..35d1f60cfb90 --- /dev/null +++ b/www/tomcat-native2/pkg-descr @@ -0,0 +1,3 @@ +The Apache Tomcat Native Library is an optional component for use with Apache +Tomcat that allows Tomcat to use OpenSSL as a replacement for JSSE to support +TLS connections.