Bug 209266 - www/lighttpd broken with libressl
Summary: www/lighttpd broken with libressl
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-04 15:04 UTC by Christian Heckendorf
Modified: 2016-05-11 15:17 UTC (History)
2 users (show)

See Also:
pkubaj: maintainer-feedback+


Attachments
Fix SSLv[23] checks (887 bytes, text/x-csrc)
2016-05-04 15:04 UTC, Christian Heckendorf
no flags Details
svn diff for www/lighttpd (1.57 KB, patch)
2016-05-10 19:54 UTC, Bernard Spil
no flags Details | Diff
svn diff for www/lighttpd (1.69 KB, patch)
2016-05-11 06:47 UTC, Bernard Spil
brnrd: maintainer-approval? (pkubaj)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Heckendorf 2016-05-04 15:04:39 UTC
Created attachment 169967 [details]
Fix SSLv[23] checks

Recent versions of libressl dropped support for SSLv2 and 3 and defined SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 as zero. The current checks in lighttpd will always fail under these conditions since they assume the values are nonzero. This results in lighttpd failing to start when built against libressl. The attached patch should fix this. I also submitted it upstream.
Comment 1 Bugzilla Automation freebsd_committer 2016-05-04 15:04:39 UTC
Maintainer informed via mail
Comment 2 Piotr Kubaj freebsd_committer 2016-05-09 11:51:09 UTC
I've tested this patch on 10.3-RELEASE with and without LibreSSL. It compiles fine using both configs.
Comment 3 Piotr Kubaj freebsd_committer 2016-05-09 11:52:20 UTC
(In reply to Piotr Kubaj from comment #2)
And since LibreSSL 2.3.4 is supposed to be merged to quarterly, this is also a candidate for MHF.
Comment 4 Bernard Spil freebsd_committer 2016-05-10 19:54:05 UTC
Created attachment 170189 [details]
svn diff for www/lighttpd

Created a diff that does not affect users of base or ports' OpenSSL.

Please test and report back in this bug.

Maintainer: Please review patch and let me know if you're OK to commit this.
Comment 5 Bernard Spil freebsd_committer 2016-05-10 19:56:05 UTC
(In reply to Bernard Spil from comment #4)

Forgot to mention that this has been reported upstream as well
http://redmine.lighttpd.net/issues/2729
Comment 6 Bernard Spil freebsd_committer 2016-05-10 19:59:55 UTC
(In reply to Piotr Kubaj from comment #3)

2016Q2 will get 2.2.7 not 2.3.4. Patch is currently in review with ports-secteam. Just checked the tarball and that does not define the deprecated feature flags to 0x0.
Comment 7 Piotr Kubaj freebsd_committer 2016-05-10 20:15:12 UTC
Upstream seems to have committed Christian's fix:
https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/1ca52fdce3b87f7748dd5db6f59d738ed7a9efe1/diff

Since it compiles fine with LibreSSL and base OpenSSL (FreeBSD 10.3-RELEASE), I'd rather use this approach.
Comment 8 Bernard Spil freebsd_committer 2016-05-11 06:47:21 UTC
Created attachment 170202 [details]
svn diff for www/lighttpd

Hi Piotr,

Sorry for that. Was chatting with someone on irc and thought he was the reporter...

You're absolutely right, let's import that upstream change by Christian!

Please let me know if the svn diff I attached is OK and I can commit it.

> www/lighttpd: Fix run-time issue with LibreSSL 2.3
> 
>  - Add upstream fix for SSL_OP_NO_SSLv2/v3 [1]
> 
> [1] https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/1ca52fdce3b87f7748dd5db6f59d738ed7a9efe1/diff
> 
> PR: 209266
> Submitted by: Christian Heckendorf <heckendorfc@gmail.com>
> Reviewed by:  Piotr Kubaj <pkubaj@anongoth.pl> (maintaner)
Comment 9 Piotr Kubaj freebsd_committer 2016-05-11 09:38:04 UTC
(In reply to Bernard Spil from comment #8)
Yes, it's perfectly fine to commit it. I've tested Lighttp with this patch run-time and it works.
Comment 10 commit-hook freebsd_committer 2016-05-11 14:34:16 UTC
A commit references this bug:

Author: brnrd
Date: Wed May 11 14:33:34 UTC 2016
New revision: 414996
URL: https://svnweb.freebsd.org/changeset/ports/414996

Log:
  www/lighttpd: Fix run-time issue with LibreSSL 2.3

    - Add upstream fix for SSL_OP_NO_SSLv2/v3 [1]

  [1] https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/1ca52fdce3b87f7748dd5db6f59d738ed7a9efe1/diff

  PR:		209266
  Submitted by:	Christian Heckendorf <heckendorfc@gmail.com>
  Approved by:	Piotr Kubaj <pkubaj@anongoth.pl> (maintaner)

Changes:
  head/www/lighttpd/files/patch-src_network.c