diff options
| -rw-r--r-- | www/apache22/Makefile | 9 | ||||
| -rw-r--r-- | www/apache22/distinfo | 9 | ||||
| -rw-r--r-- | www/apache22/patches/patch-modules_ssl_ssl__engine__dh.c | 73 |
3 files changed, 6 insertions, 85 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile index f0b926972a0..df6649d5abd 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.104 2015/06/12 10:51:48 wiz Exp $ +# $NetBSD: Makefile,v 1.104.2.1 2015/09/09 20:38:53 tron Exp $ -DISTNAME= httpd-2.2.29 +DISTNAME= httpd-2.2.31 PKGNAME= ${DISTNAME:S/httpd/apache/} -PKGREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ http://archive.apache.org/dist/httpd/ \ @@ -210,10 +209,6 @@ post-extract: ${TOUCH} ${WRKSRC}/build/libtool ${ECHO} "" >> ${WRKSRC}/docs/conf/extra/httpd-languages.conf.in -pre-build: - ${ECHO} "===> Generating unique DH group to mitigate Logjam attack (this will take a while)" - (cd ${WRKSRC}/modules/ssl && ${PERL5} ssl_engine_dh.c) - post-build: ${SED} "s#@PKG_SYSCONFDIR@#${PKG_SYSCONFDIR}#g" \ < ${FILESDIR}/mkcert.sh > ${WRKDIR}/mkcert diff --git a/www/apache22/distinfo b/www/apache22/distinfo index 4e7ccaf1692..bd870ac3755 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.61 2015/05/22 09:20:20 sborrill Exp $ +$NetBSD: distinfo,v 1.61.2.1 2015/09/09 20:38:53 tron Exp $ -SHA1 (httpd-2.2.29.tar.bz2) = 1d6a8fbc1391d358cc6fe430edc16222b97258d5 -RMD160 (httpd-2.2.29.tar.bz2) = c9a823f038a6a1cbfd94cd9bdd067edd26cf7a3b -Size (httpd-2.2.29.tar.bz2) = 5625498 bytes +SHA1 (httpd-2.2.31.tar.bz2) = e3b55387112206307ba76526820a2627472f3787 +RMD160 (httpd-2.2.31.tar.bz2) = 5b073f5f556c74e19eba8e40faa5c5fa308e018a +Size (httpd-2.2.31.tar.bz2) = 5610489 bytes SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7 SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad @@ -16,5 +16,4 @@ SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 SHA1 (patch-docs_man_apxs.8) = 70797ea73ae6379492971bec1106a8427ae7fdaa SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1 SHA1 (patch-modules_proxy_mod_proxy_connect.c) = b2b5d0242a92c7bf20b14c16d8cd3abae42f3746 -SHA1 (patch-modules_ssl_ssl__engine__dh.c) = fc37a639ecfbade0cf8a4fc684d7ec3b92949897 SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1 diff --git a/www/apache22/patches/patch-modules_ssl_ssl__engine__dh.c b/www/apache22/patches/patch-modules_ssl_ssl__engine__dh.c deleted file mode 100644 index ab46b73cfab..00000000000 --- a/www/apache22/patches/patch-modules_ssl_ssl__engine__dh.c +++ /dev/null @@ -1,73 +0,0 @@ ---- modules/ssl/ssl_engine_dh.c.orig 2006-07-12 03:38:44 UTC -+++ modules/ssl/ssl_engine_dh.c -@@ -102,12 +102,12 @@ DH *ssl_dh_GetTmpParam(int nKeyLen) - { - DH *dh; - -- if (nKeyLen == 512) -- dh = get_dh512(); -- else if (nKeyLen == 1024) -- dh = get_dh1024(); -+ if (nKeyLen == 2048) -+ dh = get_dh2048(); -+ else if (nKeyLen == 3072) -+ dh = get_dh3072(); - else -- dh = get_dh1024(); -+ dh = get_dh3072(); - return dh; - } - -@@ -151,7 +151,7 @@ print FP $source; - close(FP); - - # generate the DH parameters --print "1. Generate 512 and 1024 bit Diffie-Hellman parameters (p, g)\n"; -+print "1. Generate 2048 and 3072 bit Diffie-Hellman parameters (p, g)\n"; - my $rand = ''; - foreach $file (qw(/var/log/messages /var/adm/messages - /kernel /vmunix /vmlinuz /etc/hosts /etc/resolv.conf)) { -@@ -161,15 +161,15 @@ foreach $file (qw(/var/log/messages /var - } - } - $rand = "-rand $rand" if ($rand ne ''); --system("openssl gendh $rand -out dh512.pem 512"); --system("openssl gendh $rand -out dh1024.pem 1024"); -+system("openssl gendh $rand -out dh2048.pem 2048"); -+system("openssl gendh $rand -out dh3072.pem 3072"); - - # generate DH param info - my $dhinfo = ''; --open(FP, "openssl dh -noout -text -in dh512.pem |") || die; -+open(FP, "openssl dh -noout -text -in dh2048.pem |") || die; - $dhinfo .= $_ while (<FP>); - close(FP); --open(FP, "openssl dh -noout -text -in dh1024.pem |") || die; -+open(FP, "openssl dh -noout -text -in dh3072.pem |") || die; - $dhinfo .= $_ while (<FP>); - close(FP); - $dhinfo =~ s|^|** |mg; -@@ -177,10 +177,10 @@ $dhinfo = "\n\/\*\n$dhinfo\*\/\n\n"; - - # generate C source from DH params - my $dhsource = ''; --open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand |") || die; -+open(FP, "openssl dh -noout -C -in dh2048.pem | indent | expand |") || die; - $dhsource .= $_ while (<FP>); - close(FP); --open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand |") || die; -+open(FP, "openssl dh -noout -C -in dh3072.pem | indent | expand |") || die; - $dhsource .= $_ while (<FP>); - close(FP); - $dhsource =~ s|(DH\s+\*get_dh)(\d+)[^}]*\n}|static $1$2(void) -@@ -203,8 +203,8 @@ print FP $source; - close(FP); - - # cleanup --unlink("dh512.pem"); --unlink("dh1024.pem"); -+unlink("dh2048.pem"); -+unlink("dh3072.pem"); - - =pod - */ |