ports/164675
Jason Helfman
jgh at FreeBSD.org
Wed Feb 1 17:40:07 UTC 2012
The following reply was made to PR ports/164675; it has been noted by GNATS.
From: Jason Helfman <jgh at FreeBSD.org>
To: Miroslav Lachman <quip at quip.cz>
Cc: bug-followup at FreeBSD.org
Subject: Re: ports/164675
Date: Wed, 1 Feb 2012 09:30:57 -0800
--wac7ysb48OaltWcw
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
On Wed, Feb 01, 2012 at 10:40:00AM +0100, Miroslav Lachman thus spake:
>Yes, new httpd-ssl.conf.in already has changes in SSLProtocol and
>SSLCipherSuite, so we no longer need it in local patch.
>
>But please, don't change the log file names
>from httpd-error.log to httpd-error_log
>from httpd-access.log to httpd-access_log
>from httpd-ssl_request.log to httpd-ssl_request_log
>
>--
>Miroslav Lachman
>
Attached is the updated patch.
-jgh
--
Jason Helfman | FreeBSD Committer
jgh at FreeBSD.org | http://people.freebsd.org/~jgh
--wac7ysb48OaltWcw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="patch.txt"
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/www/apache22/Makefile,v
retrieving revision 1.294
diff -u -r1.294 Makefile
--- Makefile 23 Sep 2011 22:25:53 -0000 1.294
+++ Makefile 1 Feb 2012 17:30:19 -0000
@@ -8,7 +8,7 @@
#
PORTNAME= apache
-PORTVERSION= 2.2.21
+PORTVERSION= 2.2.22
#PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD}
Index: Makefile.doc
===================================================================
RCS file: /home/pcvs/ports/www/apache22/Makefile.doc,v
retrieving revision 1.15
diff -u -r1.15 Makefile.doc
--- Makefile.doc 31 Mar 2011 17:00:36 -0000 1.15
+++ Makefile.doc 1 Feb 2012 17:30:19 -0000
@@ -102,7 +102,7 @@
MAKE_ENV+= NOPORTDOCS=yes
.endif
-MAN1= dbmmanage.1 htdigest.1 htpasswd.1 htdbm.1
-MAN8= ab.8 apachectl.8 apxs.8 httpd.8 logresolve.8 rotatelogs.8 suexec.8 htcacheclean.8
+MAN1= ab.1 apxs.1 dbmmanage.1 htdbm.1 htdigest.1 htpasswd.1 httxt2dbm.1 logresolve.1
+MAN8= apachectl.8 htcacheclean.8 httpd.8 rotatelogs.8 suexec.8
PORTDOCS= * #don't blame me ;-)
Index: distinfo
===================================================================
RCS file: /home/pcvs/ports/www/apache22/distinfo,v
retrieving revision 1.86
diff -u -r1.86 distinfo
--- distinfo 15 Sep 2011 05:00:28 -0000 1.86
+++ distinfo 1 Feb 2012 17:30:19 -0000
@@ -1,2 +1,2 @@
-SHA256 (apache22/httpd-2.2.21.tar.bz2) = 18d5591fe48cfbac44fc20316036ffe17456df60bc3a2aaad238d56c6445577f
-SIZE (apache22/httpd-2.2.21.tar.bz2) = 5324905
+SHA256 (apache22/httpd-2.2.22.tar.bz2) = dcdc9f1dc722f84798caf69d69dca78daa5e09a4269060045aeca7e4f44cb231
+SIZE (apache22/httpd-2.2.22.tar.bz2) = 5378934
Index: files/patch-Makefile.in
===================================================================
RCS file: /home/pcvs/ports/www/apache22/files/patch-Makefile.in,v
retrieving revision 1.25
diff -u -r1.25 patch-Makefile.in
--- files/patch-Makefile.in 7 May 2010 03:15:44 -0000 1.25
+++ files/patch-Makefile.in 1 Feb 2012 17:30:19 -0000
@@ -96,10 +96,10 @@
@test -d $(DESTDIR)$(manualdir) || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir)
- @cp -p $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1
- @cp -p $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8
-+ for i in dbmmanage htdbm htdigest htpasswd; do \
++ for i in ab apxs dbmmanage htdbm htdigest htpasswd httxt2dbm logresolve; do \
+ ${INSTALL_MAN} $(top_srcdir)/docs/man/$$i.1 $(DESTDIR)$(mandir)/man1; \
+ done
-+ for i in ab apachectl apxs htcacheclean httpd logresolve rotatelogs suexec; do \
++ for i in apachectl htcacheclean httpd rotatelogs suexec; do \
+ ${INSTALL_MAN} $(top_srcdir)/docs/man/$$i.8 $(DESTDIR)$(mandir)/man8; \
+ done
+.if !defined(NOPORTDOCS)
Index: files/patch-docs__conf__extra__httpd-ssl.conf.in
===================================================================
RCS file: /home/pcvs/ports/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in,v
retrieving revision 1.3
diff -u -r1.3 patch-docs__conf__extra__httpd-ssl.conf.in
--- files/patch-docs__conf__extra__httpd-ssl.conf.in 23 Jan 2012 23:24:38 -0000 1.3
+++ files/patch-docs__conf__extra__httpd-ssl.conf.in 1 Feb 2012 17:30:19 -0000
@@ -1,6 +1,6 @@
---- ./docs/conf/extra/httpd-ssl.conf.in.orig 2008-02-04 23:00:07.000000000 +0000
-+++ ./docs/conf/extra/httpd-ssl.conf.in 2012-01-23 23:20:06.446390870 +0000
-@@ -77,17 +77,35 @@
+--- ./docs/conf/extra/httpd-ssl.conf.in.orig 2012-02-01 08:25:55.000000000 -0800
++++ ./docs/conf/extra/httpd-ssl.conf.in 2012-02-01 08:27:23.000000000 -0800
+@@ -77,8 +77,8 @@
DocumentRoot "@exp_htdocsdir@"
ServerName www.example.com:@@SSLPort@@
ServerAdmin you at example.com
@@ -11,43 +11,7 @@
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
- SSLEngine on
-
-+# SSL Protocol support:
-+# List the protocol versions which clients are allowed to
-+# connect with. Disable SSLv2 by default (cf. RFC 6176).
-+SSLProtocol all -SSLv2
-+
- # SSL Cipher Suite:
- # List the ciphers that the client is permitted to negotiate.
- # See the mod_ssl documentation for a complete list.
--SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-+SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
-+
-+# Speed-optimized SSL Cipher configuration:
-+# If speed is your main concern (on busy HTTPS servers e.g.),
-+# you might want to force clients to specific, performance
-+# optimized ciphers. In this case, prepend those ciphers
-+# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
-+# Caveat: by giving precedence to RC4-SHA and AES128-SHA
-+# (as in the example below), most connections will no longer
-+# have perfect forward secrecy - if the server's key is
-+# compromised, captures of past or future traffic must be
-+# considered compromised, too.
-+#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
-+#SSLHonorCipherOrder on
-
- # Server Certificate:
- # Point SSLCertificateFile at a PEM encoded certificate. If
-@@ -218,14 +236,14 @@
- # Similarly, one has to force some clients to use HTTP/1.0 to workaround
- # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
- # "force-response-1.0" for this.
--BrowserMatch ".*MSIE.*" \
-+BrowserMatch "MSIE [2-5]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
-
+@@ -243,7 +243,7 @@
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
--wac7ysb48OaltWcw--
More information about the freebsd-apache
mailing list