apache with libressl fix from

https://mail-archives.apache.org/mod_mbox/subversion-commits/201404.mbox/%3C20140427182653.375C423888D7@eris.apache.org%3E
and SNI fix from upstream commit

8 files changed, 312 insertions, 0 deletions

diff --git a/www-servers/apache/Manifest b/www-servers/apache/Manifest
new file mode 100644
index 0000000..fa5792c
--- /dev/null
+++ b/www-servers/apache/Manifest
@@ -0,0 +1,9 @@
+AUX 00_systemd.conf 88 SHA256 487e7451ce2d834d8af09a1db09bfe235fbc87b17b13a88bf849f0739b023ce3 SHA512 c510b77450f45d8ca5b8f00ebae5de9e3dc0ecb45f9857e391ac923dadb6b5193b13e9bc372790de20bb8829f2bee5bfc0e85ad03b3a72818c5dd6a0d7f45353 WHIRLPOOL 35ff7234f1ac513a522481ed08d2281dc331835cccd1049dbbadd9f2dff7fce1700a3ae9fd8f2f490f09d82edd960f4a0b4f00a91db2bafb7c647e3b54733cef
+AUX apache-2.4.9-libressl.diff 542 SHA256 d1ce461d5abdc131a80fbc694d574d52d51cbae95ac84f74c8e23c40d00d59e2 SHA512 2df6fe35bee1627b82acae7cdf17ca8fe1b420233b35945e187279c07330a8a6f3af97ee177cc0b227cd3bd691de47c91a7d33317b2dbe19f605817b4cefa332 WHIRLPOOL 39c749278e21875e1a9870e210810fbf59c2a571e733a27b8da7ce5c539c120691612c5dc277fa1ede79d9c7437fa261a7c8a1b07924f91be9ebbd1afd715340
+AUX apache-fix-sni.diff 621 SHA256 272ea68c8af38fb48a805124e5e467448cfc9e1c4a00b8ceef7d84677c8eb1b7 SHA512 865f1148fd5f38dbbea1960275ac29764cfd36369d5df81e7c1029c4363fafdda8dacce760d6424664649df20f4e3bbc15afaa1de693e79605ce2472f721d38e WHIRLPOOL ef1dfd348871d0dd13071fddc74f348ab4ea5114b78fb8db22ccefb781f2f3ca600c18752c284ccb0c7f77783a7e2332865f35a38d4766636c772628874e459e
+AUX apache.conf 55 SHA256 ea616c5cc37979a006d69c51bda43fca15a4327d33175762652b29f5cdea1c7b SHA512 3a53beb7a283d17c14383f16ad14c0602681ac1b193cce8f5aca50ae9d9af3a71054ce4a9ab11cbcb72fe913459e1b306fd54660154e66afe10272f8c0f149f3 WHIRLPOOL fa348414f320a9f70001386dfb77d57ca4836c3ef3d251976077b7ad545d7f6752e534efadbf28c7dcb777388e3d844eba84b939dcf48881983388daf6ac23f0
+AUX apache2.2.service 716 SHA256 e850ad73585fbba52ade58a39ca91adbfd52f56a0bbd426ebcadb340a7dcb62b SHA512 5f736c803772077598248bbb41f76dff396dfd2f11a60d1ba929a619275efb8c1b4c0dab78cbcdf83b9ec94db67b958b3333b01f67d71eb3b2e07dba4bca2a7c WHIRLPOOL 776a928422b8f37a12099111a1503674ca901934b60dca8596dc8bc287390be9a0e912d7ba6226dcb22eb7c669fa298ddc20fd7bf5c275b0cf019bae0d594839
+AUX apache2.4.service 728 SHA256 4420af10d1237f90ae519e56e75f1cc84e9f7c7b63aca9decf91a77f88ae0390 SHA512 6b43e5638d5da68a5408d45befd10a9e42197c1a393764e945ba22d47d0736e2b28bad36a96f4f4ad4ff928db6f2c1377bd22ce401056b2f21fb38933a3cd972 WHIRLPOOL 5526995c5f4772353fcccbd83ed93c8186cb47f80f5d1244dc454ca886189ac92539572c43978d2868b77002a2397ff4794b3c8f6c655fecb432b8013afaf38e
+DIST gentoo-apache-2.4.9-r3-20140522.tar.bz2 24978 SHA256 65714f27eb1d3c125ff9cd9ef71159ca5592d4336c8d7807e55c826f3a317920 SHA512 0a35a8bf4af399ac4c203db7ac0b60b66550317734fd72e4ce7640dd27648f679ba02100c2384e6dd79fc97bbef25889dfd8c481a2ca0593d06b5df13a762f5d WHIRLPOOL 97085dfb7703187d4a1c873a3dab96ff0b92a36578da000ee9ade6d7762c21e80b4452d4496d60f2918a3818e4137c5717a68eda43b0fa675823b02ba114cd19
+DIST httpd-2.4.9.tar.bz2 4994460 SHA256 f78cc90dfa47caf3d83ad18fd6b4e85f237777c1733fc9088594b70ce2847603 SHA512 3a66302e18a2d165b3851665dc73be7d3849fc3359c1ff9dd9e2eaebf1f1d8fb89b7b0a05929d6247750bf0ed1abf9cf3c236a373b2d99635c8ca41698719c96 WHIRLPOOL 735677695d3b1497d554dd3e8d97733359140f3bb524335ab474275ca2b5546ceab8f5f3778948fabee2d152bf5b096d99b3dabb1011a4b68905c7cd5012a648
+EBUILD apache-2.4.9-r3.ebuild 7558 SHA256 ec4b67fb41849b03920c60928a3110c62279e24d5fcbab0c5cd65d7d2015e132 SHA512 32a5d5cdf8ab40e0e8ff0a35ab40a72b50edd9a46c6648a1fb873e4f0440ba2fec6a62c65185b2f28854320232b4649db1c0f358ae439980b54b574ee8ec2385 WHIRLPOOL 340a55d1f8b2533bb9be156c8881f88957a0b8d4a581e3e34c4c7a6b027ef6672b6593d35907ecee1d254e074986bc4a93361602b959553cca6f1cb14b6c8316
diff --git a/www-servers/apache/apache-2.4.9-r3.ebuild b/www-servers/apache/apache-2.4.9-r3.ebuild
new file mode 100644
index 0000000..48218a5
--- /dev/null
+++ b/www-servers/apache/apache-2.4.9-r3.ebuild
@@ -0,0 +1,233 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.4.9-r3.ebuild,v 1.1 2014/05/22 14:02:43 polynomial-c Exp $
+
+EAPI=5
+
+# latest gentoo apache files
+GENTOO_PATCHSTAMP="20140522"
+GENTOO_DEVELOPER="polynomial-c"
+GENTOO_PATCHNAME="gentoo-apache-2.4.9-r3"
+
+# IUSE/USE_EXPAND magic
+IUSE_MPMS_FORK="peruser prefork"
+IUSE_MPMS_THREAD="event worker"
+
+# << obsolete modules:
+# authn_default authz_default mem_cache
+# mem_cache is replaced by cache_disk
+# ?? buggy modules
+# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
+# >> added modules for reason:
+# compat: compatibility with 2.2 access control
+# authz_host: new module for access control
+# authn_core: functionality provided by authn_alias in previous versions
+# authz_core: new module, provides core authorization capabilities
+# cache_disk: replacement for mem_cache
+# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
+# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
+# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
+# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
+# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
+# socache_shmcb: shared object cache provider. Default config with ssl needs it
+# unixd: fixes startup error: Invalid command 'User'
+IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest
+authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authz_core
+authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex
+cache cache_disk cern_meta charset_lite cgi cgid dav dav_fs dav_lock dbd deflate
+dir dumpio env expires ext_filter file_cache filter headers ident imagemap
+include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness
+lbmethod_heartbeat log_config log_forensic logio mime mime_magic negotiation
+proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi
+proxy_fcgi  proxy_wstunnel rewrite ratelimit remoteip reqtimeout setenvif
+slotmem_shm speling socache_shmcb status substitute unique_id userdir usertrack
+unixd version vhost_alias"
+# The following are also in the source as of this version, but are not available
+# for user selection:
+# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
+# optional_fn_import optional_hook_export optional_hook_import
+
+# inter-module dependencies
+# TODO: this may still be incomplete
+MODULE_DEPENDS="
+	dav_fs:dav
+	dav_lock:dav
+	deflate:filter
+	cache_disk:cache
+	ext_filter:filter
+	file_cache:cache
+	lbmethod_byrequests:proxy_balancer
+	lbmethod_byrequests:slotmem_shm
+	lbmethod_bytraffic:proxy_balancer
+	lbmethod_bybusyness:proxy_balancer
+	lbmethod_heartbeat:proxy_balancer
+	log_forensic:log_config
+	logio:log_config
+	cache_disk:cache
+	mime_magic:mime
+	proxy_ajp:proxy
+	proxy_balancer:proxy
+	proxy_balancer:slotmem_shm
+	proxy_connect:proxy
+	proxy_ftp:proxy
+	proxy_http:proxy
+	proxy_scgi:proxy
+	proxy_fcgi:proxy
+	proxy_wstunnel:proxy
+	substitute:filter
+"
+
+# module<->define mappings
+MODULE_DEFINES="
+	auth_digest:AUTH_DIGEST
+	authnz_ldap:AUTHNZ_LDAP
+	cache:CACHE
+	cache_disk:CACHE
+	dav:DAV
+	dav_fs:DAV
+	dav_lock:DAV
+	file_cache:CACHE
+	info:INFO
+	ldap:LDAP
+	proxy:PROXY
+	proxy_ajp:PROXY
+	proxy_balancer:PROXY
+	proxy_connect:PROXY
+	proxy_ftp:PROXY
+	proxy_http:PROXY
+	proxy_fcgi:PROXY
+	proxy_scgi:PROXY
+	proxy_wstunnel:PROXY
+	socache_shmcb:SSL
+	ssl:SSL
+	status:STATUS
+	suexec:SUEXEC
+	userdir:USERDIR
+"
+
+# critical modules for the default config
+MODULE_CRITICAL="
+	authn_core
+	authz_core
+	authz_host
+	dir
+	mime
+	unixd
+"
+inherit eutils apache-2 systemd toolchain-funcs
+
+DESCRIPTION="The Apache Web Server."
+HOMEPAGE="http://httpd.apache.org/"
+
+# some helper scripts are Apache-1.1, thus both are here
+LICENSE="Apache-2.0 Apache-1.1"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
+IUSE=""
+
+pkg_setup() {
+	# dependend critical modules which are not allowed in global scope due
+	# to USE flag conditionals (bug #499260)
+	use ssl && MODULE_CRITICAL+=" socache_shmcb"
+	use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
+	apache-2_pkg_setup
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/apache-fix-sni.diff"
+	epatch "${FILESDIR}/apache-2.4.9-libressl.diff"
+	apache-2_src_prepare
+}
+
+src_configure() {
+	# Brain dead check.
+	tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no"
+
+	apache-2_src_configure
+}
+
+src_compile() {
+	if tc-is-cross-compiler; then
+		# This header is the same across targets, so use the build compiler.
+		pushd server >/dev/null
+		emake gen_test_char
+		tc-export_build_env BUILD_CC
+		${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \
+			gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die
+		popd >/dev/null
+	fi
+
+	default
+}
+
+src_install() {
+	apache-2_src_install
+	for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do
+		rm "${D}"/$i || die "Failed to prune apache-tools bits"
+	done
+	for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do
+		rm "${D}"/$i || die "Failed to prune apache-tools bits"
+	done
+	for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do
+		rm "${D}"/$i || die "Failed to prune apache-tools bits"
+	done
+	for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do
+		rm "${D}/"$i || die "Failed to prune apache-tools bits"
+	done
+
+	# install apxs in /usr/bin (bug #502384) and put a symlink into the 
+	# old location until all ebuilds and eclasses have been modified to
+	# use the new location.
+	local apxs="/usr/bin/apxs"
+	cp "${S}"/support/apxs "${D}"${apxs} || die "Failed to install apxs"
+	ln -s ../bin/apxs "${D}"/usr/sbin/apxs || die
+	chmod 0755 "${D}"${apxs} || die
+
+	# Note: wait for mod_systemd to be included in the next release,
+	# then apache2.4.service can be used and systemd support controlled
+	# through --enable-systemd
+	systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service"
+	systemd_dotmpfilesd "${FILESDIR}/apache.conf"
+	#insinto /etc/apache2/modules.d
+	#doins "${FILESDIR}/00_systemd.conf"
+}
+
+pkg_postinst()
+{
+	apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
+	# warnings that default config might not work out of the box
+	for mod in $MODULE_CRITICAL; do
+		if ! use "apache2_modules_${mod}"; then
+			echo
+			ewarn "Warning: Critical module not installed!"
+			ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
+			ewarn "are highly recomended but might not be in the base profile yet."
+			ewarn "Default config for ssl needs module 'socache_shmcb'."
+			ewarn "Enabling the following flags is highly recommended:"
+			for cmod in $MODULE_CRITICAL; do
+				use "apache2_modules_${cmod}" || \
+					ewarn "+ apache2_modules_${cmod}"
+			done
+			echo
+			break
+		fi
+	done
+	# warning for proxy_balancer and missing load balancing scheduler
+	if use apache2_modules_proxy_balancer; then
+		local lbset=
+		for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
+			if use "apache2_modules_${mod}"; then
+				lbset=1 && break
+			fi
+		done
+		if [ ! $lbset ]; then
+			echo
+			ewarn "Info: Missing load balancing scheduler algorithm module"
+			ewarn "(They were split off from proxy_balancer in 2.3)"
+			ewarn "In order to get the ability of load balancing, at least"
+			ewarn "one of these modules has to be present:"
+			ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
+			echo
+		fi
+	fi
+}
diff --git a/www-servers/apache/files/00_systemd.conf b/www-servers/apache/files/00_systemd.conf
new file mode 100644
index 0000000..b208c97
--- /dev/null
+++ b/www-servers/apache/files/00_systemd.conf
@@ -0,0 +1,2 @@
+# This file configures systemd module:
+LoadModule systemd_module modules/mod_systemd.so
diff --git a/www-servers/apache/files/apache-2.4.9-libressl.diff b/www-servers/apache/files/apache-2.4.9-libressl.diff
new file mode 100644
index 0000000..9e3443d
--- /dev/null
+++ b/www-servers/apache/files/apache-2.4.9-libressl.diff
@@ -0,0 +1,14 @@
+--- httpd-2.4.9/modules/ssl/ssl_engine_init.c	2014-03-13 13:39:33.000000000 +0100
++++ httpd-2.4.9-1/modules/ssl/ssl_engine_init.c	2014-07-12 01:26:17.266272651 +0200
+@@ -275,9 +275,11 @@
+             return ssl_die(s);
+         }
+ 
++#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK
+         if (strEQ(mc->szCryptoDevice, "chil")) {
+             ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
+         }
++#endif
+ 
+         if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+             ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01889)
diff --git a/www-servers/apache/files/apache-fix-sni.diff b/www-servers/apache/files/apache-fix-sni.diff
new file mode 100644
index 0000000..099ee63
--- /dev/null
+++ b/www-servers/apache/files/apache-fix-sni.diff
@@ -0,0 +1,13 @@
+Index: modules/ssl/ssl_engine_config.c
+===================================================================
+--- modules/ssl/ssl_engine_config.c	(revision 1585379)
++++ modules/ssl/ssl_engine_config.c	(working copy)
+@@ -243,7 +243,7 @@
+ }
+ 
+ #define cfgMerge(el,unset)  mrg->el = (add->el == (unset)) ? base->el : add->el
+-#define cfgMergeArray(el)   mrg->el = apr_array_append(p, add->el, base->el)
++#define cfgMergeArray(el)   mrg->el = apr_array_append(p, base->el, add->el)
+ #define cfgMergeString(el)  cfgMerge(el, NULL)
+ #define cfgMergeBool(el)    cfgMerge(el, UNSET)
+ #define cfgMergeInt(el)     cfgMerge(el, UNSET)
diff --git a/www-servers/apache/files/apache.conf b/www-servers/apache/files/apache.conf
new file mode 100644
index 0000000..56e23ae
--- /dev/null
+++ b/www-servers/apache/files/apache.conf
@@ -0,0 +1,2 @@
+d /run/apache2 710 root apache
+d /run/apache_ssl_mutex
diff --git a/www-servers/apache/files/apache2.2.service b/www-servers/apache/files/apache2.2.service
new file mode 100644
index 0000000..76f783a
--- /dev/null
+++ b/www-servers/apache/files/apache2.2.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=The Apache HTTP Server
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+EnvironmentFile=/etc/conf.d/apache2
+ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND
+ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful
+ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop
+# We want systemd to give httpd some time to finish gracefully, but still want
+# it to kill httpd after TimeoutStopSec if something went wrong during the
+# graceful stop. Normally, Systemd sends SIGTERM signal right after the
+# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
+# httpd time to finish.
+KillSignal=SIGCONT
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/www-servers/apache/files/apache2.4.service b/www-servers/apache/files/apache2.4.service
new file mode 100644
index 0000000..ace453f
--- /dev/null
+++ b/www-servers/apache/files/apache2.4.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=The Apache HTTP Server
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=notify
+EnvironmentFile=/etc/conf.d/apache2
+ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND
+ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful
+ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop
+# We want systemd to give httpd some time to finish gracefully, but still want
+# it to kill httpd after TimeoutStopSec if something went wrong during the
+# graceful stop. Normally, Systemd sends SIGTERM signal right after the
+# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
+# httpd time to finish.
+KillSignal=SIGCONT
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target