Resurrect www/mod_gnutls and update to 0.8.2.

9 files changed, 153 insertions, 0 deletions

diff --git a/www/Makefile b/www/Makefile
index 0ba059b7186c..e6c932d8a41d 100644
--- a/www/Makefile
+++ b/www/Makefile
@@ -450,6 +450,7 @@
     SUBDIR += mod_fileiri
     SUBDIR += mod_flickr
     SUBDIR += mod_geoip2
+    SUBDIR += mod_gnutls
     SUBDIR += mod_gzip2
     SUBDIR += mod_h264_streaming
     SUBDIR += mod_hosts_access
diff --git a/www/mod_gnutls/Makefile b/www/mod_gnutls/Makefile
new file mode 100644
index 000000000000..c1bce5c79f01
--- /dev/null
+++ b/www/mod_gnutls/Makefile
@@ -0,0 +1,32 @@
+# $FreeBSD$
+
+PORTNAME=	mod_gnutls
+PORTVERSION=	0.8.2
+CATEGORIES=	www security
+MASTER_SITES=	https://mod.gnutls.org/downloads/
+PKGNAMEPREFIX=	${APACHE_PKGNAMEPREFIX}
+
+MAINTAINER=	ports@FreeBSD.org
+COMMENT=	Extension for Apache httpd using GnuTLS library to provide HTTPS
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+LIB_DEPENDS=	libgnutls.so:security/gnutls
+
+GNU_CONFIGURE=	yes
+USES=		libtool pkgconfig tar:bzip2
+USE_APACHE=	24
+
+DBDIR=		${PREFIX}/var/db/${PORTNAME}
+PLIST_SUB=	SED="${SED}" WWWGRP=${WWWGRP} WWWOWN=${WWWOWN}
+SUB_FILES=	pkg-message
+SUB_LIST=	DBDIR="${DBDIR}"
+
+CFLAGS+=	-Wno-deprecated-declarations
+CONFIGURE_ARGS=	--with-apxs="${APXS}"
+
+post-install:
+	${MKDIR} "${STAGEDIR}${DBDIR}"
+
+.include <bsd.port.mk>
diff --git a/www/mod_gnutls/distinfo b/www/mod_gnutls/distinfo
new file mode 100644
index 000000000000..9f0091971c55
--- /dev/null
+++ b/www/mod_gnutls/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1503524329
+SHA256 (mod_gnutls-0.8.2.tar.bz2) = 05eeb78e41f1fd6780607a17d705b1965ce5c3ce6223a9a8a86ba9288d22e683
+SIZE (mod_gnutls-0.8.2.tar.bz2) = 415903
diff --git a/www/mod_gnutls/files/patch-src_gnutls__io.c b/www/mod_gnutls/files/patch-src_gnutls__io.c
new file mode 100644
index 000000000000..2d3441f460b0
--- /dev/null
+++ b/www/mod_gnutls/files/patch-src_gnutls__io.c
@@ -0,0 +1,36 @@
+--- src/gnutls_io.c.orig	2016-12-25 18:36:37 UTC
++++ src/gnutls_io.c
+@@ -23,7 +23,8 @@
+ APLOG_USE_MODULE(gnutls);
+ #endif
+ 
+-#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
++#if defined(__GNUC__) && __GNUC__ < 5 && \
++    !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
+ #include <inttypes.h>
+ #endif
+ 
+@@ -572,18 +573,21 @@ apr_status_t mgs_filter_input(ap_filter_t * f,
+          * might have different lengths. Read sizes should be too
+          * small for 32 or 64 bit to matter, but we have to make
+          * sure. */
+-#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
++#if defined(__GNUC__) && __GNUC__ < 5 && \
++    !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
+         if ((apr_size_t) readbytes < len)
+         {
++#if INTMAX_MAX > SIZE_MAX
+             /* If readbytes is negative the function fails in the
+              * check above, but the compiler doesn't get that. */
+-            if (__builtin_expect(imaxabs(readbytes) > SIZE_MAX, 0))
++            if (__builtin_expect(imaxabs(readbytes) > (intmax_t) SIZE_MAX, 0))
+             {
+                 ap_log_cerror(APLOG_MARK, APLOG_CRIT, APR_EINVAL, ctxt->c,
+                               "%s: prevented buffer length overflow",
+                               __func__);
+                 return APR_EINVAL;
+             }
++#endif
+             len = (apr_size_t) readbytes;
+         }
+ #else
diff --git a/www/mod_gnutls/files/patch-src_gnutls__ocsp.c b/www/mod_gnutls/files/patch-src_gnutls__ocsp.c
new file mode 100644
index 000000000000..458b418a08fd
--- /dev/null
+++ b/www/mod_gnutls/files/patch-src_gnutls__ocsp.c
@@ -0,0 +1,32 @@
+--- src/gnutls_ocsp.c.orig	2017-01-08 14:16:07 UTC
++++ src/gnutls_ocsp.c
+@@ -414,7 +414,8 @@ static gnutls_datum_t mgs_get_cert_fingerprint(apr_poo
+     /* Safe integer type conversion: The types of fingerprint.size
+      * (unsigned int) and fplen (size_t) may have different
+      * lengths. */
+-#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
++#if defined(__GNUC__) && __GNUC__ < 5 && \
++    !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
+     if (__builtin_expect(fplen <= UINT_MAX, 1))
+     {
+         fingerprint.size = (unsigned int) fplen;
+@@ -569,7 +570,8 @@ static apr_status_t do_ocsp_request(apr_pool_t *p, ser
+     }
+ 
+     /* With the length restriction this really should not overflow. */
+-#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
++#if defined(__GNUC__) && __GNUC__ < 5 && \
++    !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
+     if (__builtin_expect(len > UINT_MAX, 0))
+ #else
+     if (__builtin_add_overflow(len, 0, &response->size))
+@@ -580,7 +582,8 @@ static apr_status_t do_ocsp_request(apr_pool_t *p, ser
+     }
+     else
+     {
+-#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
++#if defined(__GNUC__) && __GNUC__ < 5 && \
++    !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
+         response->size = (unsigned int) len;
+ #endif
+         response->data = apr_pmemdup(p, buf, len);
diff --git a/www/mod_gnutls/files/patch-src_gnutls__util.c b/www/mod_gnutls/files/patch-src_gnutls__util.c
new file mode 100644
index 000000000000..138353bcfc0a
--- /dev/null
+++ b/www/mod_gnutls/files/patch-src_gnutls__util.c
@@ -0,0 +1,12 @@
+--- src/gnutls_util.c.orig	2016-12-25 18:36:37 UTC
++++ src/gnutls_util.c
+@@ -113,7 +113,8 @@ apr_status_t datum_from_file(apr_pool_t *p, const char
+ 
+     /* safe integer type conversion: unsigned int and apr_size_t might
+      * have different sizes */
+-#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
++#if defined(__GNUC__) && __GNUC__ < 5 && \
++    !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
+     if (__builtin_expect(br > UINT_MAX, 0))
+         return APR_EINVAL;
+     else
diff --git a/www/mod_gnutls/files/pkg-message.in b/www/mod_gnutls/files/pkg-message.in
new file mode 100644
index 000000000000..f8dad14e39ee
--- /dev/null
+++ b/www/mod_gnutls/files/pkg-message.in
@@ -0,0 +1,27 @@
+*********************************************************************
+
+Sample %%PREFIX%%/%%APACHEETCDIR%%/httpd.conf:
+
+    #LoadModule ssl_module %%APACHEMODDIR%%/mod_ssl.so
+    LoadModule gnutls_module %%APACHEMODDIR%%/mod_gnutls.so
+
+    <IfModule gnutls_module>
+        Include %%APACHEETCDIR%%/extra/httpd-gnutls.conf
+    </IfModule>
+
+Sample %%PREFIX%%/%%APACHEETCDIR%%/extra/httpd-gnutls.conf:
+
+    Listen 443
+
+    GnuTLSCache dbm %%DBDIR%%/tls-cache
+    GnuTLSCacheTimeout 500
+
+    <VirtualHost _default_:443>
+        GnuTLSEnable on
+        GnuTLSKeyFile %%PREFIX%%/etc/ssl/certs/private/example_com.key.pem
+        GnuTLSCertificateFile %%PREFIX%%/etc/ssl/certs/example_com.crt.pem
+        GnuTLSClientCAFile %%PREFIX%%/etc/ssl/certs/example_com.ca.pem
+        GnuTLSPriorities NORMAL:%COMPAT
+    </VirtualHost>
+
+*********************************************************************
diff --git a/www/mod_gnutls/pkg-descr b/www/mod_gnutls/pkg-descr
new file mode 100644
index 000000000000..03cd06e5f73d
--- /dev/null
+++ b/www/mod_gnutls/pkg-descr
@@ -0,0 +1,5 @@
+mod_gnutls uses the GnuTLS library to provide SSL 3.0, TLS 1.0, TLS
+1.1 and 1.2 encryption for Apache HTTPD. It is similar to mod_ssl in
+purpose, but does not use OpenSSL.
+
+WWW: https://mod.gnutls.org
diff --git a/www/mod_gnutls/pkg-plist b/www/mod_gnutls/pkg-plist
new file mode 100644
index 000000000000..97abb05cf659
--- /dev/null
+++ b/www/mod_gnutls/pkg-plist
@@ -0,0 +1,5 @@
+%%APACHEMODDIR%%/%%AP_MODULE%%
+@postexec %D/sbin/apxs -e %%AP_MOD_EN%% -n %%AP_NAME%% %D/%F
+@postunexec %%SED%% -i '' -E '/LoadModule[[:blank:]]+%%AP_NAME%%_module/d' %D/%%APACHEETCDIR%%/httpd.conf
+@postunexec echo "Don't forget to remove all mod_%%AP_NAME%%-related directives in your httpd.conf"
+@dir(%%WWWOWN%%,%%WWWGRP%%,750) var/db/mod_%%AP_NAME%%