Commit c930c29f authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

main/apache2: security upgrade to 2.4.26

fixes #7463
parent ba13c2bb
......@@ -2,8 +2,8 @@
# Contributor: Valery Kartel <valery.kartel@gmail.com>
pkgname=apache2
_pkgreal=httpd
pkgver=2.4.25
pkgrel=1
pkgver=2.4.26
pkgrel=0
pkgdesc="A high performance Unix-based HTTP server"
url="http://httpd.apache.org/"
arch="all"
......@@ -27,6 +27,7 @@ subpackages="$pkgname-dev
$pkgname-utils
$pkgname-webdav"
source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2
libressl.patch
apache2.confd
apache2.logrotate
apache2.initd
......@@ -47,9 +48,16 @@ source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2
conf/0014-httpd-.conf-LoadModule.patch
"
options="suid"
builddir="$srcdir"/$_pkgreal-$pkgver
# secfixes:
# 2.4.26-r0:
# - CVE-2017-3167
# - CVE-2017-3169
# - CVE-2017-7659
# - CVE-2017-7668
# - CVE-2017-7679
prepare() {
cd "$builddir"
......@@ -295,60 +303,23 @@ _lua() {
"$subpkgdir"/usr/lib/apache2/ || return 1
_load_mods
}
md5sums="2826f49619112ad5813c0be5afcc7ddb httpd-2.4.25.tar.bz2
257d2572921dd4506b0464441f88fab4 apache2.confd
8519af87c57b50441866ad4216e4d663 apache2.logrotate
11b2718d7a0550498aaddf41e940ad04 apache2.initd
699aec01d2f7c5a67c10d0fe280780b7 alpine.layout
56bbe9e4e83bbea1366dc107471ab64e 0001-httpd.conf-ServerRoot.patch
3bd91de3d0063eafa0a07a950fb9041d 0002-httpd.conf-ServerTokens.patch
29a501f82c81c00cd51cc8de91eee988 0003-httpd.conf-ServerSignature.patch
968d320d0dead0eeb10a425e0c9e2e59 0004-httpd.conf-User-Group.patch
88f9a51476a813b97510d2bdb4b2ccd4 0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch
592ed15071a0d1b47315a06e395b03e2 0006-httpd-dav.conf-DavLockDB.patch
0c3a6b8826876098fee8ccae5f732758 0007-httpd-ssl.conf-SSLSessionCache.patch
42d0ebb0d5cdf66611eb45316d27bb44 0008-httpd-ssl.conf-SSLRandomSeed.patch
52513e71652fc180458d367f4d8b866b 0009-httpd-ssl.conf-SSL-File.patch
794a51cec6712b6c0a1359d1812d2c7c 0010-httpd-ssl.conf-SSL-CipherSuite.patch
aa73ec65c4c67819f297e48da8d3fb8e 0011-httpd.conf-IncludeOptional.patch
605536ff208f88ea97331b6b5d03278f 0012-httpd.conf-MIMEMagicFile.patch
78f648c86a895107a9381374d5497f51 0013-httpd-.conf-IfModule.patch
3c873b99a197a7fa1792bc7fa5b05233 0014-httpd-.conf-LoadModule.patch"
sha256sums="f87ec2df1c9fee3e6bfde3c8b855a3ddb7ca1ab20ca877bd0e2b6bf3f05c80b2 httpd-2.4.25.tar.bz2
6ca904ad65c1a4122d8ea4a3303ea8184429a4a4d7fb81defc30f3e184258c0a apache2.confd
8e2a8870d51796cf04cc7d8985c43e36afe9ae79e2d6765050a0e72c0de8dce7 apache2.logrotate
8761faa68c2db7114b3f463f3b8ef1aec8f8373da9908d943cc765765914ab36 apache2.initd
c40668ae8384d0555488660b68eda16ad8ccb11fde16a8197d33bed739fed1e8 alpine.layout
2e078ca7c99d78b0bf1d7eaa471d257f98af0aeb3d442e761552749981c8f503 0001-httpd.conf-ServerRoot.patch
f9ad9b6fbdb6dd77b77e39410f061e4d155e83ac7943d4f3c8e783b75c4bca78 0002-httpd.conf-ServerTokens.patch
8e38e5b285b5d7aabe3c03ce8d99555888de4a193f6ee52e725a40fc9380b42b 0003-httpd.conf-ServerSignature.patch
6787eb526fe550c4bf4a507a23c33453e5e24731a88d662f230566f221c44cda 0004-httpd.conf-User-Group.patch
262cab44115d07f0ee2397efd7a9ff8100ef9cbf6a94d856bee7de3831536a24 0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch
0395f58e5f1d13e8ee8f88ea40862f54d1e94d361e43831337478af3ff39034d 0006-httpd-dav.conf-DavLockDB.patch
38c27c17b9ed1b0440a69e594e5f45b52f59db193e03bbc9697bc784a9c5e308 0007-httpd-ssl.conf-SSLSessionCache.patch
908c6a3f360e268caaf87f6d581443e7e0e3356b9a7be204d3b30423904dde81 0008-httpd-ssl.conf-SSLRandomSeed.patch
d5129c7bd958a9a801527a3a07ad45a390fb23bc1754edf9274dbf32e68568ee 0009-httpd-ssl.conf-SSL-File.patch
f22abd948065649d9972be320a1feb855b5807ca9f45af3ad354b9560cb257d1 0010-httpd-ssl.conf-SSL-CipherSuite.patch
9ecd79e4a084d876c56000ccc2fa88463fb57617b575fe4f8104c099715c691b 0011-httpd.conf-IncludeOptional.patch
5bad32417abc9fdf3e430aabd1ac8d13d90304911d6bd76515896df0aaa3e8d7 0012-httpd.conf-MIMEMagicFile.patch
9603bf79c7eab05e635ee7c9b2ecc67c49146f955b59852a88f2c618bd489a78 0013-httpd-.conf-IfModule.patch
34d0202635660c961ee5186a4950e2af714b27bbd4aef23901c1f05a5e6c6fcd 0014-httpd-.conf-LoadModule.patch"
sha512sums="6ba4ce1dcef71416cf1c0de2468c002767b5637a75744daf5beb0edd045749a751b3826c4132f594c48e4b33ca8e1b25ebfb63ac4c8b759ca066a89d3261fb22 httpd-2.4.25.tar.bz2
sha512sums="4b32f01f17c912011f24bf3991430d474be13836af41b26c072e3c1eab2b45a3c52851eb00423e046c59fc16e1f501d64daaee3f2469b2745857ec1982966c9a httpd-2.4.26.tar.bz2
7ccd6ba80836e5d8481779855e5b5618f10f20fb00c765e94a3788e746e99311d687c20053ed348fc1a31532fc8900c24915c7b0aff83418f2f40dc7b94944cc libressl.patch
8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc apache2.confd
18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b apache2.logrotate
81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701 apache2.initd
177c58d049fc4476fd9b9b36b67725145777c84cf81948105c9314cb09312dff6c1931fe21aaa243597abaefded6c6dfd80d83839e45a23950b50de615d73b06 alpine.layout
b55051f1358fb957cb24ea5d7cf6106822935c5fe3d1f4bb071d4caff5daa46c31c4fc81ec1f2ce0335a634e8b7545f2265c3d28bea3b0799b9ff589ba36c24a 0001-httpd.conf-ServerRoot.patch
948299dd3b5b004276394a4ce94005a011cfe14e032e7cdce060bf0f6123835020419226cc0fe78cbefba996c0c2eebd1b8d713d2f1b424e0e6f58b1e589bc3f 0002-httpd.conf-ServerTokens.patch
360d67fae5882f460509bfe3a295055602480902aa135f914cfd3c6d16c43fa92e77ef5de0360b2eab11ca0d0ad6bd46bf093a156a64718696635a6c3d328ad3 0003-httpd.conf-ServerSignature.patch
2bf81ded68ccca5d893233bede8cd002d05b7e26fe1a6d341c41a5e439e16c816ffdcb03fd093b45ff0ea1b905f423420e45b07b9da91181ac73fb533e1b68c1 0004-httpd.conf-User-Group.patch
9aa4bc57702c2b4adb91885558504318ebc5d4129aea259bff08d19d8350c82e308c801db77f1dadbbeae4bf284a7939c2f16a8fd26798b71e8510985540c1e4 0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch
238f6b3572f6a39ed778aab33b7adc5023fb8d82cbea1af21b16587aac2c9056d025608c20232e3017531513b4b49e4272ab59c82a7a39b17291c93256037387 0006-httpd-dav.conf-DavLockDB.patch
5c32f20f883055f47e796b9fd5dcea5e794c7a5375712e384a7093ca38629259beda376d0ba2c78c44329f75e2c75fda987bc38ff22669a8421a7825bdef78b7 0007-httpd-ssl.conf-SSLSessionCache.patch
9eca9eca008af801adc067eb0ecfe19cff7e77e7e675cd005d3ac1d551c638bb6ea5dd9b30a019db9c650fba53ab6ce88202118361e53f018283f6794d3f09d3 0008-httpd-ssl.conf-SSLRandomSeed.patch
377c89510dc165dfb88922aeaf923aa1efd69e7cfd10cb6f8b1e1f015865187f287c0a5090f31f76137de8b9973fcbf5bd17f7003fc275c87a6bf3cf32758c33 0009-httpd-ssl.conf-SSL-File.patch
e151a8ebb23b1a3a92ea9a8b83b6bf64c950ec8ded8d514df8f16f074c5f712de7c44cb42190ca15a2010bac2c4ff57f26947e87625d40f7791ec1e77cf88cc7 0010-httpd-ssl.conf-SSL-CipherSuite.patch
fc3352b50bee11e7560594398948a1af0279d339e891915e38766c9c0f930cc01f207e438afe9a43329b6d23fe438939666309e8ad77938dbe8dc784aaae4113 0011-httpd.conf-IncludeOptional.patch
da3a99ccf54c8d4adc633cceb3e520e48b47e868e8f1be33c81027ce3173401c8b9b79af4f75c73c94f77a50452219a4d23774b03a74f6271a677ec271396ada 0012-httpd.conf-MIMEMagicFile.patch
564866cadebd957eb9b23624286deb8cadb0ebeda0e3e80ec2cd8912731c8273f5ef5fa9f2d8295accb304da40c850772a854eb0c76c3aa08bb93b059c730882 0013-httpd-.conf-IfModule.patch
3742b8ed06cfd081a02c171b5ddf42652d2848fd520e0ff1a4799fce90300e70ab8edbbecc7111a1083133077a57703a631879143777565e6918099a873d4aa0 0014-httpd-.conf-LoadModule.patch"
361e0a74f6f8f5734f074dc2f2001ff64896ecc81f88ea384b6db7db33b7738eb92b4e16163b356259581a8e7dd86adeac971d36d2584abb781e8f9b8fae6356 0001-httpd.conf-ServerRoot.patch
40f3b7579c403952ba1efcb8dfd6ffd91c2695a06a2e5530ab5a583946558790fbfa16cad259d273ac1aa7a6335dd79636aa82fd844dc3a60a34c34d90db5e17 0002-httpd.conf-ServerTokens.patch
ad0c1711bc240f99cd0256d0984ad0142e03c384d30378ccca3e47cdd2596307e64bb19fbd810a56c0e4c0716577d3160bad2ae39783b1358412588bc729c113 0003-httpd.conf-ServerSignature.patch
49940950d5f71c671cd1257714a95f437899a694a26e8e8557868ba65b0888b218afe2eecfa676a0ded5ad0db67bdfb15c7e9cf85f536b4559007dc7461f4c07 0004-httpd.conf-User-Group.patch
165a016a2cb9969c25fa73fab90fba5662d916e4883abd223ac104579334424103c123009d41b6fe3fcd30070daa8c6bdbb2afbb2905d08e183ecb66018578a3 0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch
c27af4e0fa0b4d441534c452fd5f26e8ab28e737660c1eddf952f9a44d82c54abd1eb5e7c1b3da5191c5ecf0358fcd4e23b8fd241d805290a7c32a7fb3138a12 0006-httpd-dav.conf-DavLockDB.patch
90adca579c3c7dc69ce1f175b47acc9e9e33667d93bb33aead7cf286212f1bdb58062fcd4e01657a2bb8ea9a2ac90c7c95f4cb8f19a29f6366e28a7168240708 0007-httpd-ssl.conf-SSLSessionCache.patch
0bae3368dd64737ffc1b1aeaccbe21e597c5d497e45a5e9bc0e27c78091b9ead13690da37d28cdc5d285c58d82085720cdd627abc3b650d4f13a4cbf24021565 0008-httpd-ssl.conf-SSLRandomSeed.patch
a3b0827f86902ab05afb27ae7fef0a7b9984ef103cf3aea80651b5cfb239db99e477b077bee8d7f0e576471090055fe1a78238d746aae34bd397f3db1d0eac8f 0009-httpd-ssl.conf-SSL-File.patch
a3936713f8ffcbf2bb633035873249b94fa8ace9fdb758405264f075f755fbcfec4d08794f79e4699ab398fcd0049d1897b1fd5af62e1356780938ad08ac3a11 0010-httpd-ssl.conf-SSL-CipherSuite.patch
eb09b3bcbab70f6a48d5efe8fc4bd62cc2b3f46def97c09d8454b846a065c02d18bd846313c421897c8d13be728e4b2ca790e2a5c5c6add3821d9e572bacfab2 0011-httpd.conf-IncludeOptional.patch
695742f569720d7bad9306acc40456de3a12ff2ff3a108499afc3fed2e8b13883027c6e14a3fac3efe387a70386b958605b5bbfd0147ec06bb87fad30f3b66fa 0012-httpd.conf-MIMEMagicFile.patch
efbba3c3475bebe5c63ce8d6eaf153cf2c46188e282a65830571c8b7dbc1e657ab9ce160dc82e331097ac483fe632f5201fde6f3f5de32fe5c52dcc7dee66216 0013-httpd-.conf-IfModule.patch
56e7bb9743d153416b15c32bb5435e4cf85d84204a02f28767c8dcba08eec1ac302521d57ce74154d3e9f7a3644ab3f8a9318150e21f8559eb67e387087a0821 0014-httpd-.conf-LoadModule.patch"
From 8d6011f6009c74a6dc701017c629f21516142256 Mon Sep 17 00:00:00 2001
From 0126e85796d645820a7883a5f133b52c1408d53c Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Mon, 21 Sep 2015 12:16:16 +0300
Subject: [PATCH 01/14] httpd.conf: ServerRoot
......@@ -8,7 +8,7 @@ Subject: [PATCH 01/14] httpd.conf: ServerRoot
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index 966d2c3..c97b18d 100644
index 37d7c0b..3e21599 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -28,7 +28,7 @@
......@@ -21,5 +21,5 @@ index 966d2c3..c97b18d 100644
#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
--
2.5.0
2.9.4
From efe4452d812db7bdb0885ba89cf488c2eade7c70 Mon Sep 17 00:00:00 2001
From 37588c3ee46bc58510d7aac77109eeafb56964ab Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 11:10:55 +0300
Subject: [PATCH 02/14] httpd.conf: ServerTokens
......@@ -30,7 +30,7 @@ index 7196922..a05ebc1 100644
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index c97b18d..0cceb2a 100644
index 3e21599..e995794 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -19,6 +19,16 @@
......@@ -51,5 +51,5 @@ index c97b18d..0cceb2a 100644
# configuration, error, and log files are kept.
#
--
2.5.0
2.9.4
From ca039c67e17d45f641b018e76d90b36b1325ab16 Mon Sep 17 00:00:00 2001
From f5c03e6a248fcf273efeabc31665f0af56a17b55 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 11:46:25 +0300
Subject: [PATCH 03/14] httpd.conf: ServerSignature
......@@ -30,7 +30,7 @@ index a05ebc1..dcc2fb5 100644
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index 0cceb2a..5835643 100644
index e995794..748b5ef 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -109,6 +109,16 @@ Group daemon
......@@ -51,5 +51,5 @@ index 0cceb2a..5835643 100644
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
--
2.5.0
2.9.4
From 1ac121e7d4ea97b2a2fa5c678fd989ad1081d541 Mon Sep 17 00:00:00 2001
From 023f6840e901390b95f3d858d7f85cd9ac257d75 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 11:31:31 +0300
Subject: [PATCH 04/14] httpd.conf: User/Group
......@@ -8,7 +8,7 @@ Subject: [PATCH 04/14] httpd.conf: User/Group
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index 5835643..2f2bf49 100644
index 748b5ef..33b7487 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -84,8 +84,8 @@ Listen @@Port@@
......@@ -23,5 +23,5 @@ index 5835643..2f2bf49 100644
</IfModule>
--
2.5.0
2.9.4
From c48105dca98ec2e4c63cb487f2ce5ab4da6a55c4 Mon Sep 17 00:00:00 2001
From 3f6e035c2d85967fc63431d73e4a37821513b39c Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 11:40:22 +0300
Subject: [PATCH 05/14] httpd.conf: ErrorLog/CustomLog/TransferLog
......@@ -9,7 +9,7 @@ Subject: [PATCH 05/14] httpd.conf: ErrorLog/CustomLog/TransferLog
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index f093b32..65dae32 100644
index 6a3c67a..3ace58a 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -124,8 +124,8 @@ SSLSessionCacheTimeout 300
......@@ -33,7 +33,7 @@ index f093b32..65dae32 100644
</VirtualHost>
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index 2f2bf49..8386312 100644
index 33b7487..29ac06c 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -201,7 +201,7 @@ DocumentRoot "@exp_htdocsdir@"
......@@ -62,5 +62,5 @@ index 2f2bf49..8386312 100644
<IfModule alias_module>
--
2.5.0
2.9.4
From 6b0ea0ffe5dda6d6d24535c2be57304e0cbbe484 Mon Sep 17 00:00:00 2001
From 02d449be1ef2a6b84a913458d833778a66917e81 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 12:46:16 +0300
Subject: [PATCH 06/14] httpd-dav.conf: DavLockDB
......@@ -21,5 +21,5 @@ index f1d35e0..416110b 100644
Alias /uploads "@@ServerRoot@@/uploads"
--
2.5.0
2.9.4
From ff4cb257ca2f5f6705776683dc6c26c65a8fffd3 Mon Sep 17 00:00:00 2001
From e718f5cf478200adc3132f488fb673bc1f614fbd Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 12:53:13 +0300
Subject: [PATCH 07/14] httpd-ssl.conf: SSLSessionCache
......@@ -8,7 +8,7 @@ Subject: [PATCH 07/14] httpd-ssl.conf: SSLSessionCache
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index 65dae32..1680430 100644
index 3ace58a..090ce32 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -89,7 +89,7 @@ SSLPassPhraseDialog builtin
......@@ -21,5 +21,5 @@ index 65dae32..1680430 100644
# OCSP Stapling (requires OpenSSL 0.9.8h or later)
--
2.5.0
2.9.4
From 2270e11bbe1ba3a0b489ecd941ef3a7a944ba151 Mon Sep 17 00:00:00 2001
From 201ea4523851206881c1feaacc7451d8df7f1267 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 12:58:01 +0300
Subject: [PATCH 08/14] httpd-ssl.conf: SSLRandomSeed
......@@ -9,7 +9,7 @@ Subject: [PATCH 08/14] httpd-ssl.conf: SSLRandomSeed
2 files changed, 2 insertions(+), 14 deletions(-)
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index 1680430..da506c8 100644
index 090ce32..75ce736 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -24,7 +24,8 @@
......@@ -23,10 +23,10 @@ index 1680430..da506c8 100644
#SSLRandomSeed connect file:/dev/urandom 512
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index 8386312..de6ee33 100644
index 29ac06c..46ccea6 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -414,16 +414,3 @@ LogLevel warn
@@ -423,16 +423,3 @@ LogLevel warn
<IfModule proxy_html_module>
Include @rel_sysconfdir@/extra/proxy-html.conf
</IfModule>
......@@ -44,5 +44,5 @@ index 8386312..de6ee33 100644
-</IfModule>
-
--
2.5.0
2.9.4
From deef08a02706efc731555d4d4d1c43ca126d6d3e Mon Sep 17 00:00:00 2001
From 35db76c3663f77b49c1f1b1f0e07d108d6176c8c Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 13:03:38 +0300
Subject: [PATCH 09/14] httpd-ssl.conf SSL*File
......@@ -8,7 +8,7 @@ Subject: [PATCH 09/14] httpd-ssl.conf SSL*File
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index da506c8..4462fa6 100644
index 75ce736..e80ad1a 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -142,9 +142,9 @@ SSLEngine on
......@@ -69,5 +69,5 @@ index da506c8..4462fa6 100644
# Client Authentication (Type):
--
2.5.0
2.9.4
From 9ddd6227e5e0c38b869a77ce04c93877a2b1fc85 Mon Sep 17 00:00:00 2001
From be15024e8c13bf740897274844bee4afd8c9946b Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 13:32:31 +0300
Subject: [PATCH 10/14] httpd-ssl.conf: SSL*CipherSuite
......@@ -8,20 +8,20 @@ Subject: [PATCH 10/14] httpd-ssl.conf: SSL*CipherSuite
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index 4462fa6..4534852 100644
index e80ad1a..b5f5e9d 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -50,8 +50,8 @@ Listen @@SSLPort@@
# ensure these follow appropriate best practices for this deployment.
# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
-SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
-SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
+SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!ADH
+SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!ADH
-SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
-SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
+SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
+SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
# By the end of 2016, only TLSv1.2 ciphers should remain in use.
# Older ciphers should be disallowed as soon as possible, while the
--
2.5.0
2.9.4
From 1013806f1128c2cf289b20362484f64379dda619 Mon Sep 17 00:00:00 2001
From 355485ecb874640c0856e4f3c239d517d97893df Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 11:27:24 +0300
Subject: [PATCH 11/14] httpd.conf: IncludeOptional
......@@ -8,10 +8,10 @@ Subject: [PATCH 11/14] httpd.conf: IncludeOptional
1 file changed, 2 insertions(+), 40 deletions(-)
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index de6ee33..66d20fe 100644
index 46ccea6..388916f 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -373,44 +373,6 @@ LogLevel warn
@@ -382,44 +382,6 @@ LogLevel warn
#EnableMMAP off
#EnableSendfile on
......@@ -59,5 +59,5 @@ index de6ee33..66d20fe 100644
-</IfModule>
+IncludeOptional /etc/apache2/conf.d/*.conf
--
2.5.0
2.9.4
From 867d4c6caac66cb458316b97cd24761f339861ca Mon Sep 17 00:00:00 2001
From e0eca7b6d1837ceee414e08698108fb35e79635e Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 14:59:32 +0300
Subject: [PATCH 12/14] httpd.conf: MIMEMagicFile
......@@ -8,10 +8,10 @@ Subject: [PATCH 12/14] httpd.conf: MIMEMagicFile
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index 66d20fe..4266f87 100644
index 388916f..61747cb 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -341,7 +341,9 @@ LogLevel warn
@@ -350,7 +350,9 @@ LogLevel warn
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
......@@ -23,5 +23,5 @@ index 66d20fe..4266f87 100644
#
# Customizable error responses come in three flavors:
--
2.5.0
2.9.4
From 5dfde3ec458ddda04b070709b60803144ce29d9a Mon Sep 17 00:00:00 2001
From 9a788d82c38717396903f5352e6d27e938f0cb25 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 15:05:30 +0300
Subject: [PATCH 13/14] httpd-*.conf: IfModule
......@@ -65,5 +65,5 @@ index a744322..edd158f 100644
+</IfModule>
--
2.5.0
2.9.4
From a15f4e83f0c5b6a3974af01427e3facf9191d0ef Mon Sep 17 00:00:00 2001
From 2a1fe11fab2e43d9c00aae699108e75e8185715b Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 15:12:08 +0300
Subject: [PATCH 14/14] httpd*.conf: LoadModule
......@@ -25,7 +25,7 @@ index 416110b..0ddcb48 100644
# The following example gives DAV write access to a directory called
# "uploads" under the ServerRoot directory.
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index 4534852..b5bcb5d 100644
index b5f5e9d..d9e5bd1 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -10,6 +10,8 @@
......@@ -55,7 +55,7 @@ index 683a091..0648e8e 100644
# For Windows (I don't know if there's a standard path for the libraries)
# LoadFile C:/path/zlib.dll
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index 4266f87..df1f2a1 100644
index 61747cb..8fec78c 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -75,6 +75,8 @@ Listen @@Port@@
......@@ -68,5 +68,5 @@ index 4266f87..df1f2a1 100644
#
# If you wish httpd to run as a different user or group, you must run
--
2.5.0
2.9.4
--- httpd-2.4.26/modules/ssl/mod_ssl.c
+++ httpd-2.4.26.libressl/modules/ssl/mod_ssl.c
@@ -337,12 +337,12 @@
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
ENGINE_cleanup();
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_COMP)
SSL_COMP_free_compression_methods();
#endif
/* Usually needed per thread, but this parent process is single-threaded */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
ERR_remove_thread_state(NULL);
#else
@@ -383,14 +383,14 @@
/* Some OpenSSL internals are allocated per-thread, make sure they
* are associated to the/our same thread-id until cleaned up.
*/
-#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
+#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ssl_util_thread_id_setup(pconf);
#endif
/* We must register the library in full, to ensure our configuration
* code can successfully test the SSL environment.
*/
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
CRYPTO_malloc_init();
#else
OPENSSL_malloc_init();
--- httpd-2.4.26/modules/ssl/ssl_engine_init.c
+++ httpd-2.4.26.libressl/modules/ssl/ssl_engine_init.c
@@ -47,7 +47,7 @@
#define KEYTYPES "RSA or DSA"
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/* OpenSSL Pre-1.1.0 compatibility */
/* Taken from OpenSSL 1.1.0 snapshot 20160410 */
static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
@@ -257,7 +257,7 @@
#endif
}
-#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
+#if APR_HAS_THREADS && ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
ssl_util_thread_setup(p);
#endif
@@ -380,7 +380,7 @@
modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */
init_dh_params();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
init_bio_methods();
#endif
@@ -1301,7 +1301,7 @@
* or configure NIST P-256 (required to enable ECDHE for earlier versions)
* ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList
*/
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
else {
#if defined(SSL_CTX_set_ecdh_auto)
SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
@@ -2011,7 +2011,7 @@
}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
free_bio_methods();
#endif
free_dh_params();
--- httpd-2.4.26/modules/ssl/ssl_engine_io.c
+++ httpd-2.4.26.libressl/modules/ssl/ssl_engine_io.c
@@ -164,7 +164,7 @@
{
BIO_set_shutdown(bio, 1);
BIO_set_init(bio, 1);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/* No setter method for OpenSSL 1.1.0 available,
* but I can't find any functional use of the
* "num" field there either.
@@ -549,7 +549,7 @@
return -1;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static BIO_METHOD bio_filter_out_method = {
BIO_TYPE_MEM,
@@ -2024,7 +2024,7 @@
filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, r, c);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
filter_ctx->pbioRead = BIO_new(&bio_filter_in_method);
#else
filter_ctx->pbioRead = BIO_new(bio_filter_in_method);
@@ -2059,7 +2059,7 @@
filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter,
filter_ctx, r, c);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method);
#else
filter_ctx->pbioWrite = BIO_new(bio_filter_out_method);
--- httpd-2.4.26/modules/ssl/ssl_engine_kernel.c
+++ httpd-2.4.26.libressl/modules/ssl/ssl_engine_kernel.c
@@ -1733,7 +1733,7 @@
* so we need to increment here to prevent them from
* being freed.
*/
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define modssl_set_cert_info(info, cert, pkey) \
*cert = info->x509; \
CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \
--- httpd-2.4.26/modules/ssl/ssl_engine_vars.c
+++ httpd-2.4.26.libressl/modules/ssl/ssl_engine_vars.c
@@ -529,7 +529,7 @@
resdup = FALSE;
}
else if (strcEQ(var, "A_SIG")) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->signature->algorithm));
#else
const ASN1_OBJECT *paobj;
--- httpd-2.4.26/modules/ssl/ssl_private.h
+++ httpd-2.4.26.libressl/modules/ssl/ssl_private.h
@@ -123,6 +123,16 @@
#define MODSSL_SSL_METHOD_CONST
#endif
+#if defined(LIBRESSL_VERSION_NUMBER)
+/* Missing from LibreSSL */
+#define SSL_CTRL_SET_MIN_PROTO_VERSION 123
+#define SSL_CTRL_SET_MAX_PROTO_VERSION 124
+#define SSL_CTX_set_min_proto_version(ctx, version) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+#define SSL_CTX_set_max_proto_version(ctx, version) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+#endif
+
#if defined(OPENSSL_FIPS)
#define HAVE_FIPS
#endif
@@ -136,7 +146,7 @@
#endif
/* session id constness */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define IDCONST
#else
#define IDCONST const
@@ -199,7 +209,7 @@
#endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define BN_get_rfc2409_prime_768 get_rfc2409_prime_768
#define BN_get_rfc2409_prime_1024 get_rfc2409_prime_1024
#define BN_get_rfc3526_prime_1536 get_rfc3526_prime_1536
@@ -219,7 +229,7 @@
void free_bio_methods(void);
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10002000L
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
#define X509_STORE_CTX_get0_store(x) (x->ctx)
#endif
@@ -934,7 +944,7 @@
const char * const *);
BOOL ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
#if APR_HAS_THREADS
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
void ssl_util_thread_setup(apr_pool_t *);
#endif
void ssl_util_thread_id_setup(apr_pool_t *);
--- httpd-2.4.26/modules/ssl/ssl_util.c
+++ httpd-2.4.26.libressl/modules/ssl/ssl_util.c
@@ -247,7 +247,7 @@
}
#if APR_HAS_THREADS
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/*
* To ensure thread-safetyness in OpenSSL - work in progress
*/
--- httpd-2.4.26/modules/ssl/ssl_util_ssl.h
+++ httpd-2.4.26.libressl/modules/ssl/ssl_util_ssl.h
@@ -41,7 +41,7 @@
#define MODSSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER
#define MODSSL_LIBRARY_NAME "OpenSSL"
#define MODSSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define MODSSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION)
#else
#define MODSSL_LIBRARY_DYNTEXT OpenSSL_version(OPENSSL_VERSION)
--- httpd-2.4.26/support/ab.c
+++ httpd-2.4.26.libressl/support/ab.c
@@ -197,6 +197,14 @@
#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name)
#define HAVE_TLSEXT
#endif
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2060000f
+# define SSL_CTRL_SET_MIN_PROTO_VERSION 123
+# define SSL_CTRL_SET_MAX_PROTO_VERSION 124
+#define SSL_CTX_set_min_proto_version(ctx, version) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+#define SSL_CTX_set_max_proto_version(ctx, version) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+#endif
#endif
#include <math.h>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment