Merge pull request #80182 from dirkx/Redwax-0.22-update

redwax-modules: 0.2.1 -> 0.2.2/0.2.3

10 files changed, 20 insertions, 184 deletions

diff --git a/pkgs/servers/http/apache-modules/mod_ca/default.nix b/pkgs/servers/http/apache-modules/mod_ca/default.nix
index 37f2a397ae6..c4551108338 100644
--- a/pkgs/servers/http/apache-modules/mod_ca/default.nix
+++ b/pkgs/servers/http/apache-modules/mod_ca/default.nix
@@ -1,16 +1,16 @@
-{ stdenv, fetchurl, pkgconfig, apacheHttpd, openssl, openldap }:
+{ stdenv, fetchurl, pkgconfig, apacheHttpd, openssl, openldap, apr, aprutil }:
 
 stdenv.mkDerivation rec {
   pname = "mod_ca";
-  version = "0.2.1";
+  version = "0.2.2";
 
   src = fetchurl {
     url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
-    sha256 = "1pxapjrzdsk2s25vhgvf56fkakdqcbn9hjncwmqh0asl1pa25iic";
+    sha256 = "0gs66br3aig749rzifxn6j1rz2kps4hc4jppscly48lypgyygy8s";
   };
 
   nativeBuildInputs = [ pkgconfig ];
-  buildInputs = [ apacheHttpd openssl openldap ];
+  buildInputs = [ apacheHttpd openssl openldap apr aprutil ];
 
   # Note that configureFlags and installFlags are inherited by
   # the various submodules.
diff --git a/pkgs/servers/http/apache-modules/mod_crl/default.nix b/pkgs/servers/http/apache-modules/mod_crl/default.nix
index 54c0de1c701..ee7dbe3245d 100644
--- a/pkgs/servers/http/apache-modules/mod_crl/default.nix
+++ b/pkgs/servers/http/apache-modules/mod_crl/default.nix
@@ -1,12 +1,13 @@
 { stdenv, fetchurl, pkgconfig, mod_ca, apr, aprutil }:
 
+
 stdenv.mkDerivation rec {
   pname = "mod_crl";
-  version = "0.2.1";
+  version = "0.2.3";
 
   src = fetchurl {
     url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
-    sha256 = "0k6iqn5a4bqdz3yx6d53f1r75c21jnwhxmmcq071zq0361xjzzj6";
+    sha256 = "1x186kp6fr8nwg0jlv5phagxndvw4rjqfga9mkibmn6dx252p61d";
   };
 
   nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/servers/http/apache-modules/mod_csr/default.nix b/pkgs/servers/http/apache-modules/mod_csr/default.nix
index 60f97d2f361..6547d3aa2b5 100644
--- a/pkgs/servers/http/apache-modules/mod_csr/default.nix
+++ b/pkgs/servers/http/apache-modules/mod_csr/default.nix
@@ -1,35 +1,19 @@
 { stdenv, fetchurl, pkgconfig, mod_ca, apr, aprutil }:
 
+
 stdenv.mkDerivation rec {
   pname = "mod_csr";
-  version = "0.2.1";
+  version = "0.2.3";
 
   src = fetchurl {
     url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
-    sha256 = "01sdvv07kchdd6ssrmd2cbhj50qh2ibp5g5h6jy1jqbzp0b3j9ja";
+    sha256 = "1p4jc0q40453wpvwqgnr1n007b4jxpkizzy3r4jygsxxgg4x9w7x";
   };
 
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [ mod_ca apr aprutil ];
   inherit (mod_ca) configureFlags installFlags;
 
-  # After openssl-1.0.2t, starting in  openssl-1.1.0l
-  # parts of the OpenSSL struct API was replaced by
-  # getters - but some setters where forgotten.
-  #
-  # It is expected that these are back/retrofitted in version
-  # openssl-1.1.1d -- but while fixing this it was found
-  # that there were quite a few other setters missing and
-  # that some of the memory management needed was at odds
-  # with the principles used sofar.
-  #
-  # See https://github.com/openssl/openssl/pull/10563
-  #
-  # So as a stopgap - use a minimalist compat. layer
-  # https://source.redwax.eu/projects/RS/repos/mod_csr/browse/openssl_setter_compat.h
-  #
-  preBuild = "cp ${./openssl_setter_compat.h} openssl_setter_compat.h";
-
   meta = with stdenv.lib; {
     description = "RedWax CA service module to handle Certificate Signing Requests";
 
diff --git a/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h b/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h
deleted file mode 100644
index a2a9e0f7a18..00000000000
--- a/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* Licensed to Stichting The Commons Conservancy (TCC) under one or more
- * contributor license agreements.  See the AUTHORS file distributed with
- * this work for additional information regarding copyright ownership.
- * TCC licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-// These routines are copies from OpenSSL/1.1.1 its x509/x509_req.c
-// and the private header files for that. They are needed as
-// starting with OpenSSL 1.1.0 the X509_req structure became
-// private; and got some get0 functions to access its internals.
-// But no getter's until post 1.1.1 (PR#10563). So this is a
-// stopgap for these lacking releases.
-//
-// Testest against: 
-//   openssl-1.0.2t 0x01000214fL (does not need it, privates still accessile)
-//   openssl-1.1.0l 0x0101000cfL (needs it)
-//   openssl-1.1.1d 0x01010104fL (last version that needs it)
-//   openssl-1.1.1-dev		 (should not need it - post PR#10563).
-//
-/* #if OPENSSL_VERSION_NUMBER >= 0x010100000L &&  OPENSSL_VERSION_NUMBER  <= 0x01010104fL */
-#if OPENSSL_VERSION_NUMBER >= 0x010100000L 
-#include "openssl/x509.h"
-
-#define HAS_OPENSSL_PR10563_WORK_AROUND
-
-struct X509_req_info_st {
-    ASN1_ENCODING enc;          
-    ASN1_INTEGER *version;     
-    X509_NAME *subject;       
-    X509_PUBKEY *pubkey;     
-    STACK_OF(X509_ATTRIBUTE) *attributes;
-};
-
-typedef _Atomic int CRYPTO_REF_COUNT;
-
-struct X509_req_st {
-    X509_REQ_INFO req_info; 
-    X509_ALGOR sig_alg;       
-    ASN1_BIT_STRING *signature; /* signature */
-    CRYPTO_REF_COUNT references;
-    CRYPTO_RWLOCK *lock;
-# ifndef OPENSSL_NO_SM2
-    ASN1_OCTET_STRING *sm2_id;
-# endif
-};
-
-
-static void _X509_REQ_set1_signature(X509_REQ *req, X509_ALGOR *palg)
-{
-    if (req->sig_alg.algorithm)
-        ASN1_OBJECT_free(req->sig_alg.algorithm);
-    if (req->sig_alg.parameter)
-        ASN1_TYPE_free(req->sig_alg.parameter);
-    req->sig_alg = *palg;
-}
-#endif
diff --git a/pkgs/servers/http/apache-modules/mod_ocsp/default.nix b/pkgs/servers/http/apache-modules/mod_ocsp/default.nix
index 6730ca16f10..6ec3f246fad 100644
--- a/pkgs/servers/http/apache-modules/mod_ocsp/default.nix
+++ b/pkgs/servers/http/apache-modules/mod_ocsp/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "mod_ocsp";
-  version = "0.2.1";
+  version = "0.2.2";
 
   src = fetchurl {
     url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
-    sha256 = "1vwgai56krdf8knb0mgy07ni9mqxk82bcb4gibwpnxvl6qwgv2i0";
+    sha256 = "0wy5363m4gq1w08iny2b3sh925bnznlln88pr9lgj9vgbn8pqnrn";
   };
 
   nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/servers/http/apache-modules/mod_pkcs12/default.nix b/pkgs/servers/http/apache-modules/mod_pkcs12/default.nix
index 2bcf3b1d9c2..1cf68f2a276 100644
--- a/pkgs/servers/http/apache-modules/mod_pkcs12/default.nix
+++ b/pkgs/servers/http/apache-modules/mod_pkcs12/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "mod_pkcs12";
-  version = "0.2.1";
+  version = "0.2.2";
 
   src = fetchurl {
     url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
-    sha256 = "0by4qfjs3a8q0amzwazfq8ii6ydv36v2mjga0jzc9i6xyl4rs6ai";
+    sha256 = "1jfyax3qrw9rpf2n0pn6iw4dpn2nl4j0i2a998n5p1mdmjx9ch73";
   };
 
   nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/servers/http/apache-modules/mod_scep/default.nix b/pkgs/servers/http/apache-modules/mod_scep/default.nix
index 98703659c35..1331c6da3e4 100644
--- a/pkgs/servers/http/apache-modules/mod_scep/default.nix
+++ b/pkgs/servers/http/apache-modules/mod_scep/default.nix
@@ -2,34 +2,17 @@
 
 stdenv.mkDerivation rec {
   pname = "mod_scep";
-  version = "0.2.1";
+  version = "0.2.3";
 
   src = fetchurl {
     url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
-    sha256 = "14l8v6y6kx5dg8avb5ny95qdcgrw40ss80nqrgmw615mk7zcj81f";
+    sha256 = "1imddqyi81l90valvndx9r0ywn32ggijrdfrjmbx8j1abaccagrc";
   };
 
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [ mod_ca apr aprutil ];
   inherit (mod_ca) configureFlags installFlags;
 
-  # After openssl-1.0.2t, starting in  openssl-1.1.0l
-  # parts of the OpenSSL struct API was replaced by
-  # getters - but some setters where forgotten.
-  #
-  # It is expected that these are back/retrofitted in version
-  # openssl-1.1.1d -- but while fixing this it was found
-  # that there were quite a few other setters missing and
-  # that some of the memory management needed was at odds
-  # with the principles used sofar.
-  #
-  # See https://github.com/openssl/openssl/pull/10563
-  #
-  # So as a stopgap - use a minimalist compat. layer
-  # https://source.redwax.eu/projects/RS/repos/mod_csr/browse/openssl_setter_compat.h
-  #
-  preBuild = "cp ${./openssl_setter_compat.h} openssl_setter_compat.h";
-
   meta = with stdenv.lib; {
     description = "RedWax CA service modules for SCEP (Automatic ceritifcate issue/renewal)";
 
diff --git a/pkgs/servers/http/apache-modules/mod_scep/openssl_setter_compat.h b/pkgs/servers/http/apache-modules/mod_scep/openssl_setter_compat.h
deleted file mode 100644
index a2a9e0f7a18..00000000000
--- a/pkgs/servers/http/apache-modules/mod_scep/openssl_setter_compat.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* Licensed to Stichting The Commons Conservancy (TCC) under one or more
- * contributor license agreements.  See the AUTHORS file distributed with
- * this work for additional information regarding copyright ownership.
- * TCC licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-// These routines are copies from OpenSSL/1.1.1 its x509/x509_req.c
-// and the private header files for that. They are needed as
-// starting with OpenSSL 1.1.0 the X509_req structure became
-// private; and got some get0 functions to access its internals.
-// But no getter's until post 1.1.1 (PR#10563). So this is a
-// stopgap for these lacking releases.
-//
-// Testest against: 
-//   openssl-1.0.2t 0x01000214fL (does not need it, privates still accessile)
-//   openssl-1.1.0l 0x0101000cfL (needs it)
-//   openssl-1.1.1d 0x01010104fL (last version that needs it)
-//   openssl-1.1.1-dev		 (should not need it - post PR#10563).
-//
-/* #if OPENSSL_VERSION_NUMBER >= 0x010100000L &&  OPENSSL_VERSION_NUMBER  <= 0x01010104fL */
-#if OPENSSL_VERSION_NUMBER >= 0x010100000L 
-#include "openssl/x509.h"
-
-#define HAS_OPENSSL_PR10563_WORK_AROUND
-
-struct X509_req_info_st {
-    ASN1_ENCODING enc;          
-    ASN1_INTEGER *version;     
-    X509_NAME *subject;       
-    X509_PUBKEY *pubkey;     
-    STACK_OF(X509_ATTRIBUTE) *attributes;
-};
-
-typedef _Atomic int CRYPTO_REF_COUNT;
-
-struct X509_req_st {
-    X509_REQ_INFO req_info; 
-    X509_ALGOR sig_alg;       
-    ASN1_BIT_STRING *signature; /* signature */
-    CRYPTO_REF_COUNT references;
-    CRYPTO_RWLOCK *lock;
-# ifndef OPENSSL_NO_SM2
-    ASN1_OCTET_STRING *sm2_id;
-# endif
-};
-
-
-static void _X509_REQ_set1_signature(X509_REQ *req, X509_ALGOR *palg)
-{
-    if (req->sig_alg.algorithm)
-        ASN1_OBJECT_free(req->sig_alg.algorithm);
-    if (req->sig_alg.parameter)
-        ASN1_TYPE_free(req->sig_alg.parameter);
-    req->sig_alg = *palg;
-}
-#endif
diff --git a/pkgs/servers/http/apache-modules/mod_spkac/default.nix b/pkgs/servers/http/apache-modules/mod_spkac/default.nix
index 72e0d521e3b..00f054f755e 100644
--- a/pkgs/servers/http/apache-modules/mod_spkac/default.nix
+++ b/pkgs/servers/http/apache-modules/mod_spkac/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "mod_spkac";
-  version = "0.2.1";
+  version = "0.2.2";
 
   src = fetchurl {
     url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
-    sha256 = "0x6ia9qcr7lx2awpv9cr4ndic5f4g8yqzmp2hz66zpzkmk2b2pyz";
+    sha256 = "0hpr58yazbi21m0sjn22a8ns4h81s4jlab9szcdw7j9w9jdc7j0h";
   };
 
   nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/servers/http/apache-modules/mod_timestamp/default.nix b/pkgs/servers/http/apache-modules/mod_timestamp/default.nix
index 139da289078..9cd2a822b09 100644
--- a/pkgs/servers/http/apache-modules/mod_timestamp/default.nix
+++ b/pkgs/servers/http/apache-modules/mod_timestamp/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "mod_timestamp";
-  version = "0.2.1";
+  version = "0.2.2";
 
   src = fetchurl {
     url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
-    sha256 = "0j4b04dbdwn9aff3da9m0lnqi0qbw6c6hhi81skl15kyc3vzp67f";
+    sha256 = "1p18mgxx2ainfrc2wm27rl3lh6yl0ihx6snib60jnp694587bfwg";
   };
 
   nativeBuildInputs = [ pkgconfig ];