diff options
-rw-r--r-- | www/apache2/Makefile | 4 | ||||
-rw-r--r-- | www/apache2/buildlink3.mk | 4 | ||||
-rw-r--r-- | www/apache2/distinfo | 4 | ||||
-rw-r--r-- | www/apache2/patches/patch-as | 26 | ||||
-rw-r--r-- | www/apache2/patches/patch-at | 19 |
5 files changed, 52 insertions, 5 deletions
diff --git a/www/apache2/Makefile b/www/apache2/Makefile index 58c9c40bb41..c0efaa09f42 100644 --- a/www/apache2/Makefile +++ b/www/apache2/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.60 2004/12/07 22:25:50 seb Exp $ +# $NetBSD: Makefile,v 1.61 2004/12/18 08:42:12 adrianp Exp $ .include "Makefile.common" PKGNAME= apache-${APACHE_VERSION} -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= www HOMEPAGE= http://httpd.apache.org/ diff --git a/www/apache2/buildlink3.mk b/www/apache2/buildlink3.mk index aa0dcc4b705..86313e811f4 100644 --- a/www/apache2/buildlink3.mk +++ b/www/apache2/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.10 2004/11/30 23:21:44 jlam Exp $ +# $NetBSD: buildlink3.mk,v 1.11 2004/12/18 08:42:12 adrianp Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ APACHE_BUILDLINK3_MK:= ${APACHE_BUILDLINK3_MK}+ @@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+= apache .if !empty(APACHE_BUILDLINK3_MK:M+) BUILDLINK_DEPENDS.apache+= apache>=2.0.51 -BUILDLINK_RECOMMENDED.apache+= apache>=2.0.52nb2 +BUILDLINK_RECOMMENDED.apache+= apache>=2.0.52nb5 BUILDLINK_PKGSRCDIR.apache?= ../../www/apache2 BUILDLINK_DEPMETHOD.apache?= build . if defined(APACHE_MODULE) diff --git a/www/apache2/distinfo b/www/apache2/distinfo index 3793bee5567..0fe7f0a0285 100644 --- a/www/apache2/distinfo +++ b/www/apache2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.32 2004/11/30 23:21:44 jlam Exp $ +$NetBSD: distinfo,v 1.33 2004/12/18 08:42:12 adrianp Exp $ SHA1 (httpd-2.0.52.tar.gz) = 2a22fde052adc7d7258f999cd7dd8a7592ff36e7 Size (httpd-2.0.52.tar.gz) = 6918995 bytes @@ -10,3 +10,5 @@ SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215 SHA1 (patch-al) = 29cc52616c50b7ec998339cca386112a8f1611cc SHA1 (patch-am) = ff60a7b69ad949363ebec194141e9b95cb796426 SHA1 (patch-ar) = c6769617cd9111f6d233d68883c71988a36fbbce +SHA1 (patch-as) = c6fb574d5d96024e641816569f059bca4368fcec +SHA1 (patch-at) = dd9a3eb14b3e20876eca6eff968e82326a53b7d9 diff --git a/www/apache2/patches/patch-as b/www/apache2/patches/patch-as new file mode 100644 index 00000000000..53066380121 --- /dev/null +++ b/www/apache2/patches/patch-as @@ -0,0 +1,26 @@ +$NetBSD: patch-as,v 1.5 2004/12/18 08:42:12 adrianp Exp $ + +--- modules/ssl/ssl_engine_kernel.c.orig 2004-12-18 07:10:37.000000000 +0000 ++++ modules/ssl/ssl_engine_kernel.c 2004-12-18 07:13:50.000000000 +0000 +@@ -719,6 +719,21 @@ + X509_free(peercert); + } + } ++ ++ /* ++ * Also check that SSLCipherSuite has been enforced as expected. ++ */ ++ if (cipher_list) { ++ cipher = SSL_get_current_cipher(ssl); ++ if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ++ "SSL cipher suite not renegotiated: " ++ "access to %s denied using cipher %s", ++ r->filename, ++ SSL_CIPHER_get_name(cipher)); ++ return HTTP_FORBIDDEN; ++ } ++ } + } + + /* diff --git a/www/apache2/patches/patch-at b/www/apache2/patches/patch-at new file mode 100644 index 00000000000..60b9cf6179a --- /dev/null +++ b/www/apache2/patches/patch-at @@ -0,0 +1,19 @@ +$NetBSD: patch-at,v 1.1 2004/12/18 08:42:12 adrianp Exp $ + +--- modules/ssl/ssl_engine_init.c.orig 2004-12-18 07:15:01.000000000 +0000 ++++ modules/ssl/ssl_engine_init.c 2004-12-18 07:15:59.000000000 +0000 +@@ -439,6 +439,14 @@ + * Configure additional context ingredients + */ + SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); ++ ++#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION ++ /* ++ * Disallow a session from being resumed during a renegotiation, ++ * so that an acceptable cipher suite can be negotiated. ++ */ ++ SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); ++#endif + } + + static void ssl_init_ctx_session_cache(server_rec *s, |