diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..5ac9fdb --- /dev/null +++ b/gating.yaml @@ -0,0 +1,10 @@ +--- !Policy +product_versions: + - rhel-9 +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier2.functional} + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier3.functional} + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.acceptance-tier.functional} + diff --git a/mod_http2-1.15.14-openssl30.patch b/mod_http2-1.15.14-openssl30.patch new file mode 100644 index 0000000..69a28f4 --- /dev/null +++ b/mod_http2-1.15.14-openssl30.patch @@ -0,0 +1,65 @@ +commit 124c2ca0886b05d0871ee09466de555d757b72fc +Author: Joe Orton +Date: Fri May 7 10:58:18 2021 +0100 + + Switch to using OpenSSL EVP_* API to avoid deprecation warnings + with OpenSSL 3.0. + +diff --git a/mod_http2/h2_push.c b/mod_http2/h2_push.c +index 8ae0b49..0a90a5d 100644 +--- a/mod_http2/h2_push.c ++++ b/mod_http2/h2_push.c +@@ -23,7 +23,7 @@ + #include + + #ifdef H2_OPENSSL +-#include ++#include + #endif + + #include +@@ -472,27 +472,32 @@ typedef struct h2_push_diary_entry { + + + #ifdef H2_OPENSSL +-static void sha256_update(SHA256_CTX *ctx, const char *s) ++static void sha256_update(EVP_MD_CTX *ctx, const char *s) + { +- SHA256_Update(ctx, s, strlen(s)); ++ EVP_DigestUpdate(ctx, s, strlen(s)); + } + + static void calc_sha256_hash(h2_push_diary *diary, apr_uint64_t *phash, h2_push *push) + { +- SHA256_CTX sha256; ++ EVP_MD_CTX *md; + apr_uint64_t val; +- unsigned char hash[SHA256_DIGEST_LENGTH]; ++ unsigned char hash[EVP_MAX_MD_SIZE]; ++ unsigned len; + int i; +- +- SHA256_Init(&sha256); +- sha256_update(&sha256, push->req->scheme); +- sha256_update(&sha256, "://"); +- sha256_update(&sha256, push->req->authority); +- sha256_update(&sha256, push->req->path); +- SHA256_Final(hash, &sha256); ++ ++ md = EVP_MD_CTX_create(); ++ ap_assert(md != NULL); ++ ++ i = EVP_DigestInit_ex(md, EVP_sha256(), NULL); ++ ap_assert(i == 1); ++ sha256_update(md, push->req->scheme); ++ sha256_update(md, "://"); ++ sha256_update(md, push->req->authority); ++ sha256_update(md, push->req->path); ++ EVP_DigestFinal(md, hash, &len); + + val = 0; +- for (i = 0; i != sizeof(val); ++i) ++ for (i = 0; i != len; ++i) + val = val * 256 + hash[i]; + *phash = val >> (64 - diary->mask_bits); + } diff --git a/mod_http2.spec b/mod_http2.spec index cf00734..66b1245 100644 --- a/mod_http2.spec +++ b/mod_http2.spec @@ -3,12 +3,13 @@ Name: mod_http2 Version: 1.15.14 -Release: 4%{?dist} +Release: 5%{?dist} Summary: module implementing HTTP/2 for Apache 2 License: ASL 2.0 URL: https://icing.github.io/mod_h2/ Source0: https://github.com/icing/mod_h2/releases/download/v%{version}/mod_http2-%{version}.tar.gz Patch1: mod_http2-1.14.1-buildfix.patch +Patch2: mod_http2-1.15.14-openssl30.patch BuildRequires: make BuildRequires: gcc BuildRequires: pkgconfig, httpd-devel >= 2.4.20, libnghttp2-devel >= 1.7.0, openssl-devel >= 1.0.2 @@ -22,6 +23,7 @@ top of libnghttp2 for httpd 2.4 servers. %prep %setup -q %patch1 -p1 -b .buildfix +%patch2 -p1 -b .openssl30 %build %configure --with-apxs=%{_httpd_apxs} @@ -45,6 +47,9 @@ echo "LoadModule proxy_http2_module modules/mod_proxy_http2.so" > %{buildroot}%{ %{_httpd_moddir}/mod_proxy_http2.so %changelog +* Fri May 7 2021 Joe Orton - 1.15.14-5 +- avoid use of deprecated OpenSSL 3.0 API (#1958042) + * Fri Apr 16 2021 Mohan Boddu - 1.15.14-4 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937