aboutsummaryrefslogtreecommitdiff
path: root/www/mod_gnutls/files
diff options
context:
space:
mode:
Diffstat (limited to 'www/mod_gnutls/files')
-rw-r--r--www/mod_gnutls/files/patch-src_gnutls__io.c36
-rw-r--r--www/mod_gnutls/files/patch-src_gnutls__ocsp.c32
-rw-r--r--www/mod_gnutls/files/patch-src_gnutls__util.c12
-rw-r--r--www/mod_gnutls/files/pkg-message.in27
4 files changed, 107 insertions, 0 deletions
diff --git a/www/mod_gnutls/files/patch-src_gnutls__io.c b/www/mod_gnutls/files/patch-src_gnutls__io.c
new file mode 100644
index 000000000000..2d3441f460b0
--- /dev/null
+++ b/www/mod_gnutls/files/patch-src_gnutls__io.c
@@ -0,0 +1,36 @@
+--- src/gnutls_io.c.orig 2016-12-25 18:36:37 UTC
++++ src/gnutls_io.c
+@@ -23,7 +23,8 @@
+ APLOG_USE_MODULE(gnutls);
+ #endif
+
+-#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
++#if defined(__GNUC__) && __GNUC__ < 5 && \
++ !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
+ #include <inttypes.h>
+ #endif
+
+@@ -572,18 +573,21 @@ apr_status_t mgs_filter_input(ap_filter_t * f,
+ * might have different lengths. Read sizes should be too
+ * small for 32 or 64 bit to matter, but we have to make
+ * sure. */
+-#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
++#if defined(__GNUC__) && __GNUC__ < 5 && \
++ !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
+ if ((apr_size_t) readbytes < len)
+ {
++#if INTMAX_MAX > SIZE_MAX
+ /* If readbytes is negative the function fails in the
+ * check above, but the compiler doesn't get that. */
+- if (__builtin_expect(imaxabs(readbytes) > SIZE_MAX, 0))
++ if (__builtin_expect(imaxabs(readbytes) > (intmax_t) SIZE_MAX, 0))
+ {
+ ap_log_cerror(APLOG_MARK, APLOG_CRIT, APR_EINVAL, ctxt->c,
+ "%s: prevented buffer length overflow",
+ __func__);
+ return APR_EINVAL;
+ }
++#endif
+ len = (apr_size_t) readbytes;
+ }
+ #else
diff --git a/www/mod_gnutls/files/patch-src_gnutls__ocsp.c b/www/mod_gnutls/files/patch-src_gnutls__ocsp.c
new file mode 100644
index 000000000000..458b418a08fd
--- /dev/null
+++ b/www/mod_gnutls/files/patch-src_gnutls__ocsp.c
@@ -0,0 +1,32 @@
+--- src/gnutls_ocsp.c.orig 2017-01-08 14:16:07 UTC
++++ src/gnutls_ocsp.c
+@@ -414,7 +414,8 @@ static gnutls_datum_t mgs_get_cert_fingerprint(apr_poo
+ /* Safe integer type conversion: The types of fingerprint.size
+ * (unsigned int) and fplen (size_t) may have different
+ * lengths. */
+-#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
++#if defined(__GNUC__) && __GNUC__ < 5 && \
++ !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
+ if (__builtin_expect(fplen <= UINT_MAX, 1))
+ {
+ fingerprint.size = (unsigned int) fplen;
+@@ -569,7 +570,8 @@ static apr_status_t do_ocsp_request(apr_pool_t *p, ser
+ }
+
+ /* With the length restriction this really should not overflow. */
+-#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
++#if defined(__GNUC__) && __GNUC__ < 5 && \
++ !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
+ if (__builtin_expect(len > UINT_MAX, 0))
+ #else
+ if (__builtin_add_overflow(len, 0, &response->size))
+@@ -580,7 +582,8 @@ static apr_status_t do_ocsp_request(apr_pool_t *p, ser
+ }
+ else
+ {
+-#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
++#if defined(__GNUC__) && __GNUC__ < 5 && \
++ !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
+ response->size = (unsigned int) len;
+ #endif
+ response->data = apr_pmemdup(p, buf, len);
diff --git a/www/mod_gnutls/files/patch-src_gnutls__util.c b/www/mod_gnutls/files/patch-src_gnutls__util.c
new file mode 100644
index 000000000000..138353bcfc0a
--- /dev/null
+++ b/www/mod_gnutls/files/patch-src_gnutls__util.c
@@ -0,0 +1,12 @@
+--- src/gnutls_util.c.orig 2016-12-25 18:36:37 UTC
++++ src/gnutls_util.c
+@@ -113,7 +113,8 @@ apr_status_t datum_from_file(apr_pool_t *p, const char
+
+ /* safe integer type conversion: unsigned int and apr_size_t might
+ * have different sizes */
+-#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
++#if defined(__GNUC__) && __GNUC__ < 5 && \
++ !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
+ if (__builtin_expect(br > UINT_MAX, 0))
+ return APR_EINVAL;
+ else
diff --git a/www/mod_gnutls/files/pkg-message.in b/www/mod_gnutls/files/pkg-message.in
new file mode 100644
index 000000000000..f8dad14e39ee
--- /dev/null
+++ b/www/mod_gnutls/files/pkg-message.in
@@ -0,0 +1,27 @@
+*********************************************************************
+
+Sample %%PREFIX%%/%%APACHEETCDIR%%/httpd.conf:
+
+ #LoadModule ssl_module %%APACHEMODDIR%%/mod_ssl.so
+ LoadModule gnutls_module %%APACHEMODDIR%%/mod_gnutls.so
+
+ <IfModule gnutls_module>
+ Include %%APACHEETCDIR%%/extra/httpd-gnutls.conf
+ </IfModule>
+
+Sample %%PREFIX%%/%%APACHEETCDIR%%/extra/httpd-gnutls.conf:
+
+ Listen 443
+
+ GnuTLSCache dbm %%DBDIR%%/tls-cache
+ GnuTLSCacheTimeout 500
+
+ <VirtualHost _default_:443>
+ GnuTLSEnable on
+ GnuTLSKeyFile %%PREFIX%%/etc/ssl/certs/private/example_com.key.pem
+ GnuTLSCertificateFile %%PREFIX%%/etc/ssl/certs/example_com.crt.pem
+ GnuTLSClientCAFile %%PREFIX%%/etc/ssl/certs/example_com.ca.pem
+ GnuTLSPriorities NORMAL:%COMPAT
+ </VirtualHost>
+
+*********************************************************************