From 19af89cedcd32b97fa4d359423b6c1ca4710e451 Mon Sep 17 00:00:00 2001
From: Luboš Uhliarik <luhliari@redhat.com>
Date: Oct 26 2017 09:40:31 +0000
Subject: Revert "new version 1.6.1"


This reverts commit 0b215905278785481b07e3ec32025e1f559b58af.

---

diff --git a/apr-util-1.3.7-nodbmdso.patch b/apr-util-1.3.7-nodbmdso.patch
index c2ba6ef..fd0e206 100644
--- a/apr-util-1.3.7-nodbmdso.patch
+++ b/apr-util-1.3.7-nodbmdso.patch
@@ -1,11 +1,10 @@
-diff --git a/build/dso.m4 b/build/dso.m4
-index 2c5df6b..5b06570 100644
---- a/build/dso.m4
-+++ b/build/dso.m4
-@@ -44,6 +44,15 @@ yes
+--- apr-util-1.3.7/build/dso.m4.nodbmdso
++++ apr-util-1.3.7/build/dso.m4
+@@ -44,6 +44,16 @@ AC_DEFUN([APU_CHECK_UTIL_DSO], [
       fi
    fi
  
++
 +  ### Hack: force static linking of DBM code.
 +  objs=
 +  test $apu_have_db = 1 && objs="$objs dbm/apr_dbm_berkeleydb.lo"
@@ -18,9 +17,9 @@ index 2c5df6b..5b06570 100644
    if test "$apu_dso_build" = "0"; then
  
       # Statically link the drivers:
-@@ -57,9 +66,6 @@ yes
-      test $apu_have_sqlite2 = 1 && objs="$objs dbd/apr_dbd_sqlite2.lo"
+@@ -42,9 +65,6 @@ AC_DEFUN([APU_CHECK_UTIL_DSO], [
       test $apu_have_sqlite3 = 1 && objs="$objs dbd/apr_dbd_sqlite3.lo"
+      test $apu_have_freetds = 1 && objs="$objs dbd/apr_dbd_freetds.lo"
       test $apu_have_odbc = 1 && objs="$objs dbd/apr_dbd_odbc.lo"
 -     test $apu_have_db = 1 && objs="$objs dbm/apr_dbm_berkeleydb.lo"
 -     test $apu_have_gdbm = 1 && objs="$objs dbm/apr_dbm_gdbm.lo"
@@ -28,21 +27,21 @@ index 2c5df6b..5b06570 100644
       test $apu_has_ldap = 1 && objs="$objs ldap/apr_ldap_init.lo"
       test $apu_has_ldap = 1 && objs="$objs ldap/apr_ldap_option.lo"
       test $apu_has_ldap = 1 && objs="$objs ldap/apr_ldap_rebind.lo"
-@@ -81,11 +87,9 @@ yes
+@@ -81,11 +81,9 @@
  
-      APRUTIL_LIBS="$APRUTIL_LIBS $LDADD_crypto_openssl $LDADD_crypto_nss $LDADD_crypto_commoncrypto"
-      APRUTIL_LIBS="$APRUTIL_LIBS $LDADD_dbd_pgsql $LDADD_dbd_sqlite2 $LDADD_dbd_sqlite3 $LDADD_dbd_oracle $LDADD_dbd_mysql $LDADD_dbd_odbc"
+      APRUTIL_LIBS="$APRUTIL_LIBS $LDADD_crypto_openssl $LDADD_crypto_nss"
+      APRUTIL_LIBS="$APRUTIL_LIBS $LDADD_dbd_pgsql $LDADD_dbd_sqlite2 $LDADD_dbd_sqlite3 $LDADD_dbd_oracle $LDADD_dbd_mysql $LDADD_dbd_freetds $LDADD_dbd_odbc"
 -     APRUTIL_LIBS="$APRUTIL_LIBS $LDADD_dbm_db $LDADD_dbm_gdbm $LDADD_dbm_ndbm"
       APRUTIL_LIBS="$APRUTIL_LIBS $LDADD_ldap"
-      APRUTIL_EXPORT_LIBS="$APRUTIL_EXPORT_LIBS $LDADD_crypto_openssl $LDADD_crypto_nss $LDADD_crypto_commoncrypto"
-      APRUTIL_EXPORT_LIBS="$APRUTIL_EXPORT_LIBS $LDADD_dbd_pgsql $LDADD_dbd_sqlite2 $LDADD_dbd_sqlite3 $LDADD_dbd_oracle $LDADD_dbd_mysql $LDADD_dbd_odbc"
+      APRUTIL_EXPORT_LIBS="$APRUTIL_EXPORT_LIBS $LDADD_crypto_openssl $LDADD_crypto_nss"
+      APRUTIL_EXPORT_LIBS="$APRUTIL_EXPORT_LIBS $LDADD_dbd_pgsql $LDADD_dbd_sqlite2 $LDADD_dbd_sqlite3 $LDADD_dbd_oracle $LDADD_dbd_mysql $LDADD_dbd_freetds $LDADD_dbd_odbc"
 -     APRUTIL_EXPORT_LIBS="$APRUTIL_EXPORT_LIBS $LDADD_dbm_db $LDADD_dbm_gdbm $LDADD_dbm_ndbm"
       APRUTIL_EXPORT_LIBS="$APRUTIL_EXPORT_LIBS $LDADD_ldap"
  
    else
-@@ -101,9 +105,6 @@ yes
-      test $apu_have_sqlite2 = 1 && dsos="$dsos dbd/apr_dbd_sqlite2.la"
+@@ -82,9 +100,6 @@ AC_DEFUN([APU_CHECK_UTIL_DSO], [
       test $apu_have_sqlite3 = 1 && dsos="$dsos dbd/apr_dbd_sqlite3.la"
+      test $apu_have_freetds = 1 && dsos="$dsos dbd/apr_dbd_freetds.la"
       test $apu_have_odbc = 1 && dsos="$dsos dbd/apr_dbd_odbc.la"
 -     test $apu_have_db = 1 && dsos="$dsos dbm/apr_dbm_db.la"
 -     test $apu_have_gdbm = 1 && dsos="$dsos dbm/apr_dbm_gdbm.la"
@@ -50,17 +49,15 @@ index 2c5df6b..5b06570 100644
       test $apu_has_ldap = 1 && dsos="$dsos ldap/apr_ldap.la"
  
       if test -n "$dsos"; then
-diff --git a/dbd/apr_dbd.c b/dbd/apr_dbd.c
-index abf858c..0cd3a27 100644
---- a/dbd/apr_dbd.c
-+++ b/dbd/apr_dbd.c
-@@ -33,6 +33,9 @@
- #include "apr_dbd.h"
- #include "apu_version.h"
+--- apr-util-1.3.7/dbm/apr_dbm.c.nodbmdso
++++ apr-util-1.3.7/dbm/apr_dbm.c
+@@ -56,6 +56,9 @@
+ #error a DBM implementation was not specified
+ #endif
  
 +#undef APU_DSO_BUILD
 +#define APU_DSO_BUILD 0
 +
- static apr_hash_t *drivers = NULL;
- static apr_uint32_t initialised = 0, in_init = 1;
+ #if APU_DSO_BUILD
  
+ static apr_hash_t *drivers = NULL;
diff --git a/apr-util-1.5.4-openssl11.patch b/apr-util-1.5.4-openssl11.patch
new file mode 100644
index 0000000..dfe28e4
--- /dev/null
+++ b/apr-util-1.5.4-openssl11.patch
@@ -0,0 +1,256 @@
+
+OpenSSL 1.1.0 fixes from apr-util 1.5.x branch.
+
+diff -uap apr-util-1.5.4/build/crypto.m4.openssl11 apr-util-1.5.4/build/crypto.m4
+--- apr-util-1.5.4/build/crypto.m4.openssl11
++++ apr-util-1.5.4/build/crypto.m4
+@@ -88,7 +88,7 @@
+   [
+     if test "$withval" = "yes"; then
+       AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
+-      AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
++      AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+       if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
+         apu_have_openssl=1
+       fi
+@@ -104,7 +104,7 @@
+ 
+       AC_MSG_NOTICE(checking for openssl in $withval)
+       AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
+-      AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
++      AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+       if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
+         apu_have_openssl=1
+         APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
+@@ -113,7 +113,7 @@
+ 
+       if test "$apu_have_openssl" != "1"; then
+         AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
+-        AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
++        AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+         if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
+           apu_have_openssl=1
+           APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
+diff -uap apr-util-1.5.4/crypto/apr_crypto_openssl.c.openssl11 apr-util-1.5.4/crypto/apr_crypto_openssl.c
+--- apr-util-1.5.4/crypto/apr_crypto_openssl.c.openssl11
++++ apr-util-1.5.4/crypto/apr_crypto_openssl.c
+@@ -64,7 +64,7 @@
+     apr_pool_t *pool;
+     const apr_crypto_driver_t *provider;
+     const apr_crypto_t *f;
+-    EVP_CIPHER_CTX cipherCtx;
++    EVP_CIPHER_CTX *cipherCtx;
+     int initialised;
+     int ivSize;
+     int blockSize;
+@@ -111,7 +111,11 @@
+ static apr_status_t crypto_init(apr_pool_t *pool, const char *params,
+         const apu_err_t **result)
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     CRYPTO_malloc_init();
++#else
++    OPENSSL_malloc_init();
++#endif
+     ERR_load_crypto_strings();
+     /* SSL_load_error_strings(); */
+     OpenSSL_add_all_algorithms();
+@@ -124,6 +128,30 @@
+     return APR_SUCCESS;
+ }
+ 
++#if OPENSSL_VERSION_NUMBER < 0x0090802fL
++
++/* Code taken from OpenSSL 0.9.8b, see
++ * https://github.com/openssl/openssl/commit/cf6bc84148cb15af09b292394aaf2b45f0d5af0d
++ */
++
++EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
++{
++     EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
++     if (ctx)
++         EVP_CIPHER_CTX_init(ctx);
++     return ctx;
++}
++
++void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
++{
++    if (ctx) {
++        EVP_CIPHER_CTX_cleanup(ctx);
++        OPENSSL_free(ctx);
++    }
++}
++
++#endif
++
+ /**
+  * @brief Clean encryption / decryption context.
+  * @note After cleanup, a context is free to be reused if necessary.
+@@ -134,7 +162,7 @@
+ {
+ 
+     if (ctx->initialised) {
+-        EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx);
++        EVP_CIPHER_CTX_free(ctx->cipherCtx);
+         ctx->initialised = 0;
+     }
+ 
+@@ -491,8 +519,10 @@
+             apr_pool_cleanup_null);
+ 
+     /* create a new context for encryption */
+-    EVP_CIPHER_CTX_init(&block->cipherCtx);
+-    block->initialised = 1;
++    if (!block->initialised) {
++        block->cipherCtx = EVP_CIPHER_CTX_new();
++        block->initialised = 1;
++    }
+ 
+     /* generate an IV, if necessary */
+     usedIv = NULL;
+@@ -519,16 +549,16 @@
+ 
+     /* set up our encryption context */
+ #if CRYPTO_OPENSSL_CONST_BUFFERS
+-    if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
++    if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine,
+             key->key, usedIv)) {
+ #else
+-        if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
++        if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
+ #endif
+         return APR_EINIT;
+     }
+ 
+     /* Clear up any read padding */
+-    if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
++    if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
+         return APR_EPADDING;
+     }
+ 
+@@ -582,11 +612,16 @@
+     }
+ 
+ #if CRYPT_OPENSSL_CONST_BUFFERS
+-    if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) {
++    if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, in, inlen)) {
+ #else
+-    if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl,
++    if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl,
+             (unsigned char *) in, inlen)) {
+ #endif
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++        EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
++#else
++        EVP_CIPHER_CTX_reset(ctx->cipherCtx);
++#endif
+         return APR_ECRYPT;
+     }
+     *outlen = outl;
+@@ -616,14 +651,22 @@
+ static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
+         apr_size_t *outlen, apr_crypto_block_t *ctx)
+ {
++    apr_status_t rc = APR_SUCCESS;
+     int len = *outlen;
+ 
+-    if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
+-        return APR_EPADDING;
++    if (EVP_EncryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
++        rc = APR_EPADDING;
+     }
+-    *outlen = len;
++    else {
++        *outlen = len;
++    }
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++    EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
++#else
++    EVP_CIPHER_CTX_reset(ctx->cipherCtx);
++#endif
+ 
+-    return APR_SUCCESS;
++    return rc;
+ 
+ }
+ 
+@@ -662,8 +705,10 @@
+             apr_pool_cleanup_null);
+ 
+     /* create a new context for encryption */
+-    EVP_CIPHER_CTX_init(&block->cipherCtx);
+-    block->initialised = 1;
++    if (!block->initialised) {
++        block->cipherCtx = EVP_CIPHER_CTX_new();
++        block->initialised = 1;
++    }
+ 
+     /* generate an IV, if necessary */
+     if (key->ivSize) {
+@@ -674,16 +719,16 @@
+ 
+     /* set up our encryption context */
+ #if CRYPTO_OPENSSL_CONST_BUFFERS
+-    if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
++    if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine,
+             key->key, iv)) {
+ #else
+-        if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
++        if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
+ #endif
+         return APR_EINIT;
+     }
+ 
+     /* Clear up any read padding */
+-    if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
++    if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
+         return APR_EPADDING;
+     }
+ 
+@@ -737,11 +782,16 @@
+     }
+ 
+ #if CRYPT_OPENSSL_CONST_BUFFERS
+-    if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) {
++    if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, in, inlen)) {
+ #else
+-    if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, (unsigned char *) in,
++    if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in,
+             inlen)) {
+ #endif
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++        EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
++#else
++        EVP_CIPHER_CTX_reset(ctx->cipherCtx);
++#endif
+         return APR_ECRYPT;
+     }
+     *outlen = outl;
+@@ -771,15 +821,22 @@
+ static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
+         apr_size_t *outlen, apr_crypto_block_t *ctx)
+ {
+-
++    apr_status_t rc = APR_SUCCESS;
+     int len = *outlen;
+ 
+-    if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
+-        return APR_EPADDING;
++    if (EVP_DecryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
++        rc = APR_EPADDING;
++    }
++    else {
++        *outlen = len;
+     }
+-    *outlen = len;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++    EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
++#else
++    EVP_CIPHER_CTX_reset(ctx->cipherCtx);
++#endif
+ 
+-    return APR_SUCCESS;
++    return rc;
+ 
+ }
+ 
diff --git a/apr-util.spec b/apr-util.spec
index 242c583..6a7b24d 100644
--- a/apr-util.spec
+++ b/apr-util.spec
@@ -24,6 +24,7 @@ Source0: http://www.apache.org/dist/apr/%{name}-%{version}.tar.bz2
 Patch1: apr-util-1.2.7-pkgconf.patch
 Patch2: apr-util-1.3.7-nodbmdso.patch
 Patch4: apr-util-1.4.1-private.patch
+Patch5: apr-util-1.5.4-openssl11.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 BuildRequires: autoconf, apr-devel >= 1.3.0
 BuildRequires: %{dbdep}, expat-devel, libuuid-devel
@@ -132,6 +133,7 @@ This package provides the NSS crypto support for the apr-util.
 %patch1 -p1 -b .pkgconf
 %patch2 -p1 -b .nodbmdso
 %patch4 -p1 -b .private
+%patch5 -p1 -b .openssl11
 
 %build
 autoheader && autoconf