Date: Wed, 1 Feb 2012 17:40:07 GMT From: Jason Helfman <jgh@FreeBSD.org> To: apache@FreeBSD.org Subject: Re: ports/164675 Message-ID: <201202011740.q11He7IW097300@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/164675; it has been noted by GNATS. From: Jason Helfman <jgh@FreeBSD.org> To: Miroslav Lachman <quip@quip.cz> Cc: bug-followup@FreeBSD.org Subject: Re: ports/164675 Date: Wed, 1 Feb 2012 09:30:57 -0800 --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline On Wed, Feb 01, 2012 at 10:40:00AM +0100, Miroslav Lachman thus spake: >Yes, new httpd-ssl.conf.in already has changes in SSLProtocol and >SSLCipherSuite, so we no longer need it in local patch. > >But please, don't change the log file names >from httpd-error.log to httpd-error_log >from httpd-access.log to httpd-access_log >from httpd-ssl_request.log to httpd-ssl_request_log > >-- >Miroslav Lachman > Attached is the updated patch. -jgh -- Jason Helfman | FreeBSD Committer jgh@FreeBSD.org | http://people.freebsd.org/~jgh --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="patch.txt" Index: Makefile =================================================================== RCS file: /home/pcvs/ports/www/apache22/Makefile,v retrieving revision 1.294 diff -u -r1.294 Makefile --- Makefile 23 Sep 2011 22:25:53 -0000 1.294 +++ Makefile 1 Feb 2012 17:30:19 -0000 @@ -8,7 +8,7 @@ # PORTNAME= apache -PORTVERSION= 2.2.21 +PORTVERSION= 2.2.22 #PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} Index: Makefile.doc =================================================================== RCS file: /home/pcvs/ports/www/apache22/Makefile.doc,v retrieving revision 1.15 diff -u -r1.15 Makefile.doc --- Makefile.doc 31 Mar 2011 17:00:36 -0000 1.15 +++ Makefile.doc 1 Feb 2012 17:30:19 -0000 @@ -102,7 +102,7 @@ MAKE_ENV+= NOPORTDOCS=yes .endif -MAN1= dbmmanage.1 htdigest.1 htpasswd.1 htdbm.1 -MAN8= ab.8 apachectl.8 apxs.8 httpd.8 logresolve.8 rotatelogs.8 suexec.8 htcacheclean.8 +MAN1= ab.1 apxs.1 dbmmanage.1 htdbm.1 htdigest.1 htpasswd.1 httxt2dbm.1 logresolve.1 +MAN8= apachectl.8 htcacheclean.8 httpd.8 rotatelogs.8 suexec.8 PORTDOCS= * #don't blame me ;-) Index: distinfo =================================================================== RCS file: /home/pcvs/ports/www/apache22/distinfo,v retrieving revision 1.86 diff -u -r1.86 distinfo --- distinfo 15 Sep 2011 05:00:28 -0000 1.86 +++ distinfo 1 Feb 2012 17:30:19 -0000 @@ -1,2 +1,2 @@ -SHA256 (apache22/httpd-2.2.21.tar.bz2) = 18d5591fe48cfbac44fc20316036ffe17456df60bc3a2aaad238d56c6445577f -SIZE (apache22/httpd-2.2.21.tar.bz2) = 5324905 +SHA256 (apache22/httpd-2.2.22.tar.bz2) = dcdc9f1dc722f84798caf69d69dca78daa5e09a4269060045aeca7e4f44cb231 +SIZE (apache22/httpd-2.2.22.tar.bz2) = 5378934 Index: files/patch-Makefile.in =================================================================== RCS file: /home/pcvs/ports/www/apache22/files/patch-Makefile.in,v retrieving revision 1.25 diff -u -r1.25 patch-Makefile.in --- files/patch-Makefile.in 7 May 2010 03:15:44 -0000 1.25 +++ files/patch-Makefile.in 1 Feb 2012 17:30:19 -0000 @@ -96,10 +96,10 @@ @test -d $(DESTDIR)$(manualdir) || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir) - @cp -p $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1 - @cp -p $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8 -+ for i in dbmmanage htdbm htdigest htpasswd; do \ ++ for i in ab apxs dbmmanage htdbm htdigest htpasswd httxt2dbm logresolve; do \ + ${INSTALL_MAN} $(top_srcdir)/docs/man/$$i.1 $(DESTDIR)$(mandir)/man1; \ + done -+ for i in ab apachectl apxs htcacheclean httpd logresolve rotatelogs suexec; do \ ++ for i in apachectl htcacheclean httpd rotatelogs suexec; do \ + ${INSTALL_MAN} $(top_srcdir)/docs/man/$$i.8 $(DESTDIR)$(mandir)/man8; \ + done +.if !defined(NOPORTDOCS) Index: files/patch-docs__conf__extra__httpd-ssl.conf.in =================================================================== RCS file: /home/pcvs/ports/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in,v retrieving revision 1.3 diff -u -r1.3 patch-docs__conf__extra__httpd-ssl.conf.in --- files/patch-docs__conf__extra__httpd-ssl.conf.in 23 Jan 2012 23:24:38 -0000 1.3 +++ files/patch-docs__conf__extra__httpd-ssl.conf.in 1 Feb 2012 17:30:19 -0000 @@ -1,6 +1,6 @@ ---- ./docs/conf/extra/httpd-ssl.conf.in.orig 2008-02-04 23:00:07.000000000 +0000 -+++ ./docs/conf/extra/httpd-ssl.conf.in 2012-01-23 23:20:06.446390870 +0000 -@@ -77,17 +77,35 @@ +--- ./docs/conf/extra/httpd-ssl.conf.in.orig 2012-02-01 08:25:55.000000000 -0800 ++++ ./docs/conf/extra/httpd-ssl.conf.in 2012-02-01 08:27:23.000000000 -0800 +@@ -77,8 +77,8 @@ DocumentRoot "@exp_htdocsdir@" ServerName www.example.com:@@SSLPort@@ ServerAdmin you@example.com @@ -11,43 +11,7 @@ # SSL Engine Switch: # Enable/Disable SSL for this virtual host. - SSLEngine on - -+# SSL Protocol support: -+# List the protocol versions which clients are allowed to -+# connect with. Disable SSLv2 by default (cf. RFC 6176). -+SSLProtocol all -SSLv2 -+ - # SSL Cipher Suite: - # List the ciphers that the client is permitted to negotiate. - # See the mod_ssl documentation for a complete list. --SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL -+SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 -+ -+# Speed-optimized SSL Cipher configuration: -+# If speed is your main concern (on busy HTTPS servers e.g.), -+# you might want to force clients to specific, performance -+# optimized ciphers. In this case, prepend those ciphers -+# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. -+# Caveat: by giving precedence to RC4-SHA and AES128-SHA -+# (as in the example below), most connections will no longer -+# have perfect forward secrecy - if the server's key is -+# compromised, captures of past or future traffic must be -+# considered compromised, too. -+#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 -+#SSLHonorCipherOrder on - - # Server Certificate: - # Point SSLCertificateFile at a PEM encoded certificate. If -@@ -218,14 +236,14 @@ - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. --BrowserMatch ".*MSIE.*" \ -+BrowserMatch "MSIE [2-5]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - +@@ -243,7 +243,7 @@ # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. --wac7ysb48OaltWcw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202011740.q11He7IW097300>