From 9fe47c8d911730e13e621d21a5bb177351b0dc1ef4bd67c8cb984e768be14015 Mon Sep 17 00:00:00 2001 From: Kristyna Streitova Date: Mon, 6 Oct 2014 12:46:43 +0000 Subject: [PATCH] - the following unused patches were removed from the package: * apache2-mod_ssl_npn.patch * httpd-2.0.49-log_server_status.dif OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=410 --- apache2-mod_ssl_npn.patch | 353 ----------------------------- apache2.changes | 7 + httpd-2.0.49-log_server_status.dif | 36 --- 3 files changed, 7 insertions(+), 389 deletions(-) delete mode 100644 apache2-mod_ssl_npn.patch delete mode 100644 httpd-2.0.49-log_server_status.dif diff --git a/apache2-mod_ssl_npn.patch b/apache2-mod_ssl_npn.patch deleted file mode 100644 index 64e0742..0000000 --- a/apache2-mod_ssl_npn.patch +++ /dev/null @@ -1,353 +0,0 @@ ---- httpd-2.4.4.orig/modules/ssl/mod_ssl.c -+++ httpd-2.4.4/modules/ssl/mod_ssl.c -@@ -94,6 +94,15 @@ static const command_rec ssl_config_cmds - SSL_CMD_SRV(PKCS7CertificateFile, TAKE1, - "PKCS#7 file containing server certificate and chain" - " certificates ('/path/to/file' - PEM encoded)") -+ SSL_CMD_ALL(RSAAuthzFile, TAKE1, -+ "RFC 5878 Authz Extension file for RSA certificate " -+ "(`/path/to/file')") -+ SSL_CMD_ALL(DSAAuthzFile, TAKE1, -+ "RFC 5878 Authz Extension file for DSA certificate " -+ "(`/path/to/file')") -+ SSL_CMD_ALL(ECAuthzFile, TAKE1, -+ "RFC 5878 Authz Extension file for EC certificate " -+ "(`/path/to/file')") - #ifdef HAVE_TLS_SESSION_TICKETS - SSL_CMD_SRV(SessionTicketKeyFile, TAKE1, - "TLS session ticket encryption/decryption key file (RFC 5077) " -@@ -157,6 +166,15 @@ static const command_rec ssl_config_cmds - "('some secret text')") - #endif - -+#ifndef OPENSSL_NO_SRP -+ SSL_CMD_SRV(SRPVerifierFile, TAKE1, -+ "SRP verifier file " -+ "('/path/to/file' - created by srptool)") -+ SSL_CMD_SRV(SRPUnknownUserSeed, TAKE1, -+ "SRP seed for unknown users (to avoid leaking a user's existence) " -+ "('some secret text')") -+#endif -+ - /* - * Proxy configuration for remote SSL connections - */ -@@ -272,6 +290,18 @@ static const command_rec ssl_config_cmds - AP_END_CMD - }; - -+/* Implement 'modssl_run_npn_advertise_protos_hook'. */ -+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( -+ modssl, AP, int, npn_advertise_protos_hook, -+ (conn_rec *connection, apr_array_header_t *protos), -+ (connection, protos), OK, DECLINED); -+ -+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */ -+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( -+ modssl, AP, int, npn_proto_negotiated_hook, -+ (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len), -+ (connection, proto_name, proto_name_len), OK, DECLINED); -+ - /* - * the various processing hooks - */ ---- httpd-2.4.4.orig/modules/ssl/mod_ssl.h -+++ httpd-2.4.4/modules/ssl/mod_ssl.h -@@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_e - - APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); - -+/** The npn_advertise_protos optional hook allows other modules to add entries -+ * to the list of protocol names advertised by the server during the Next -+ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is -+ * given the connection and an APR array; it should push one or more char*'s -+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto -+ * the array and return OK, or do nothing and return DECLINED. */ -+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook, -+ (conn_rec *connection, apr_array_header_t *protos)); -+ -+/** The npn_proto_negotiated optional hook allows other modules to discover the -+ * name of the protocol that was chosen during the Next Protocol Negotiation -+ * (NPN) portion of the SSL handshake. Note that this may be the empty string -+ * (in which case modules should probably assume HTTP), or it may be a protocol -+ * that was never even advertised by the server. The hook callee is given the -+ * connection, a non-null-terminated string containing the protocol name, and -+ * the length of the string; it should do something appropriate (i.e. insert or -+ * remove filters) and return OK, or do nothing and return DECLINED. */ -+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook, -+ (conn_rec *connection, const char *proto_name, -+ apr_size_t proto_name_len)); -+ - #endif /* __MOD_SSL_H__ */ - /** @} */ ---- httpd-2.4.4.orig/modules/ssl/ssl_engine_config.c -+++ httpd-2.4.4/modules/ssl/ssl_engine_config.c -@@ -125,6 +125,10 @@ static void modssl_ctx_init(modssl_ctx_t - mctx->crl_file = NULL; - mctx->crl_check_mode = SSL_CRLCHECK_UNSET; - -+ mctx->rsa_authz_file = NULL; -+ mctx->dsa_authz_file = NULL; -+ mctx->ec_authz_file = NULL; -+ - mctx->auth.ca_cert_path = NULL; - mctx->auth.ca_cert_file = NULL; - mctx->auth.cipher_suite = NULL; -@@ -155,6 +159,12 @@ static void modssl_ctx_init(modssl_ctx_t - mctx->srp_unknown_user_seed = NULL; - mctx->srp_vbase = NULL; - #endif -+ -+#ifndef OPENSSL_NO_SRP -+ mctx->srp_vfile = NULL; -+ mctx->srp_unknown_user_seed = NULL; -+ mctx->srp_vbase = NULL; -+#endif - } - - static void modssl_ctx_init_proxy(SSLSrvConfigRec *sc, -@@ -257,6 +267,10 @@ static void modssl_ctx_cfg_merge(modssl_ - cfgMerge(crl_file, NULL); - cfgMerge(crl_check_mode, SSL_CRLCHECK_UNSET); - -+ cfgMergeString(rsa_authz_file); -+ cfgMergeString(dsa_authz_file); -+ cfgMergeString(ec_authz_file); -+ - cfgMergeString(auth.ca_cert_path); - cfgMergeString(auth.ca_cert_file); - cfgMergeString(auth.cipher_suite); -@@ -839,6 +853,54 @@ const char *ssl_cmd_SSLPKCS7CertificateF - - return NULL; - } -+ -+const char *ssl_cmd_SSLRSAAuthzFile(cmd_parms *cmd, -+ void *dcfg, -+ const char *arg) -+{ -+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); -+ const char *err; -+ -+ if ((err = ssl_cmd_check_file(cmd, &arg))) { -+ return err; -+ } -+ -+ sc->server->rsa_authz_file = arg; -+ -+ return NULL; -+} -+ -+const char *ssl_cmd_SSLDSAAuthzFile(cmd_parms *cmd, -+ void *dcfg, -+ const char *arg) -+{ -+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); -+ const char *err; -+ -+ if ((err = ssl_cmd_check_file(cmd, &arg))) { -+ return err; -+ } -+ -+ sc->server->dsa_authz_file = arg; -+ -+ return NULL; -+} -+ -+const char *ssl_cmd_SSLECAuthzFile(cmd_parms *cmd, -+ void *dcfg, -+ const char *arg) -+{ -+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); -+ const char *err; -+ -+ if ((err = ssl_cmd_check_file(cmd, &arg))) { -+ return err; -+ } -+ -+ sc->server->ec_authz_file = arg; -+ -+ return NULL; -+} - - #ifdef HAVE_TLS_SESSION_TICKETS - const char *ssl_cmd_SSLSessionTicketKeyFile(cmd_parms *cmd, ---- httpd-2.4.4.orig/modules/ssl/ssl_engine_io.c -+++ httpd-2.4.4/modules/ssl/ssl_engine_io.c -@@ -28,6 +28,7 @@ - core keeps dumping.'' - -- Unknown */ - #include "ssl_private.h" -+#include "mod_ssl.h" - #include "apr_date.h" - - /* _________________________________________________________________ -@@ -297,6 +298,7 @@ typedef struct { - apr_pool_t *pool; - char buffer[AP_IOBUFSIZE]; - ssl_filter_ctx_t *filter_ctx; -+ int npn_finished; /* 1 if NPN has finished, 0 otherwise */ - } bio_filter_in_ctx_t; - - /* -@@ -1385,6 +1387,26 @@ static apr_status_t ssl_io_filter_input( - APR_BRIGADE_INSERT_TAIL(bb, bucket); - } - -+#ifdef HAVE_TLS_NPN -+ /* By this point, Next Protocol Negotiation (NPN) should be completed (if -+ * our version of OpenSSL supports it). If we haven't already, find out -+ * which protocol was decided upon and inform other modules by calling -+ * npn_proto_negotiated_hook. */ -+ if (!inctx->npn_finished) { -+ const unsigned char *next_proto = NULL; -+ unsigned next_proto_len = 0; -+ -+ SSL_get0_next_proto_negotiated( -+ inctx->ssl, &next_proto, &next_proto_len); -+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, -+ APLOGNO(02306) "SSL NPN negotiated protocol: '%*s'", -+ next_proto_len, (const char*)next_proto); -+ modssl_run_npn_proto_negotiated_hook( -+ f->c, (const char*)next_proto, next_proto_len); -+ inctx->npn_finished = 1; -+ } -+#endif -+ - return APR_SUCCESS; - } - -@@ -1866,6 +1888,7 @@ static void ssl_io_input_add_filter(ssl_ - inctx->block = APR_BLOCK_READ; - inctx->pool = c->pool; - inctx->filter_ctx = filter_ctx; -+ inctx->npn_finished = 0; - } - - /* The request_rec pointer is passed in here only to ensure that the ---- httpd-2.4.4.orig/modules/ssl/ssl_engine_kernel.c -+++ httpd-2.4.4/modules/ssl/ssl_engine_kernel.c -@@ -29,6 +29,7 @@ - time I was too famous.'' - -- Unknown */ - #include "ssl_private.h" -+#include "mod_ssl.h" - #include "util_md5.h" - - static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); -@@ -320,6 +321,19 @@ int ssl_hook_Access(request_rec *r) - return HTTP_FORBIDDEN; - } - -+#ifndef OPENSSL_NO_SRP -+ /* -+ * Support for per-directory reconfigured SSL connection parameters -+ * -+ * We do not force any renegotiation if the user is already authenticated -+ * via SRP. -+ * -+ */ -+ if (SSL_get_srp_username(ssl)) { -+ return DECLINED; -+ } -+#endif -+ - /* - * Check to see whether SSL is in use; if it's not, then no - * further access control checks are relevant. (the test for -@@ -1397,7 +1411,7 @@ EC_KEY *ssl_callback_TmpECDH(SSL *ssl, i - - return (EC_KEY *)mc->pTmpKeys[idx]; - } --#endif -+#endif /* OPENSSL_NO_TLSEXT */ - - /* - * This OpenSSL callback function is called when OpenSSL ---- httpd-2.4.4.orig/modules/ssl/ssl_private.h -+++ httpd-2.4.4/modules/ssl/ssl_private.h -@@ -139,6 +139,11 @@ - #define HAVE_FIPS - #endif - -+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ -+ && !defined(OPENSSL_NO_TLSEXT) -+#define HAVE_TLS_NPN -+#endif -+ - #if (OPENSSL_VERSION_NUMBER >= 0x10000000) - #define MODSSL_SSL_CIPHER_CONST const - #define MODSSL_SSL_METHOD_CONST const -@@ -194,6 +199,20 @@ - #endif - #endif - -+#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \ -+ && OPENSSL_VERSION_NUMBER < 0x00908000L -+#define OPENSSL_NO_COMP -+#endif -+ -+/* SRP support came in OpenSSL 1.0.1 */ -+#ifndef OPENSSL_NO_SRP -+#ifdef SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB -+#include -+#else -+#define OPENSSL_NO_SRP -+#endif -+#endif -+ - /* mod_ssl headers */ - #include "ssl_util_ssl.h" - -@@ -662,6 +681,11 @@ typedef struct { - SRP_VBASE *srp_vbase; - #endif - -+ /** RFC 5878 */ -+ const char *rsa_authz_file; -+ const char *dsa_authz_file; -+ const char *ec_authz_file; -+ - modssl_auth_ctx_t auth; - - BOOL ocsp_enabled; /* true if OCSP verification enabled */ -@@ -738,6 +762,9 @@ const char *ssl_cmd_SSLCryptoDevice(cmd - const char *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *); - const char *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *); - const char *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *); -+const char *ssl_cmd_SSLRSAAuthzFile(cmd_parms *, void *, const char *); -+const char *ssl_cmd_SSLDSAAuthzFile(cmd_parms *, void *, const char *); -+const char *ssl_cmd_SSLECAuthzFile(cmd_parms *, void *, const char *); - const char *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *); - const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *); - const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *); -@@ -795,6 +822,11 @@ const char *ssl_cmd_SSLSRPVerifierFile(c - const char *ssl_cmd_SSLSRPUnknownUserSeed(cmd_parms *cmd, void *dcfg, const char *arg); - #endif - -+#ifndef OPENSSL_NO_SRP -+const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg, const char *arg); -+const char *ssl_cmd_SSLSRPUnknownUserSeed(cmd_parms *cmd, void *dcfg, const char *arg); -+#endif -+ - const char *ssl_cmd_SSLFIPS(cmd_parms *cmd, void *dcfg, int flag); - - /** module initialization */ -@@ -840,6 +872,7 @@ int ssl_callback_ServerNameIndi - int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, - EVP_CIPHER_CTX *, HMAC_CTX *, int); - #endif -+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); - - /** Session Cache Support */ - void ssl_scache_init(server_rec *, apr_pool_t *); -@@ -873,6 +906,9 @@ int ssl_stapling_init_cert(serv - #endif - #ifndef OPENSSL_NO_SRP - int ssl_callback_SRPServerParams(SSL *, int *, void *); -+#endif -+#ifndef OPENSSL_NO_SRP -+int ssl_callback_SRPServerParams(SSL *, int *, void *); - #endif - - /** I/O */ diff --git a/apache2.changes b/apache2.changes index 86ed56c..9ed8122 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Oct 6 12:30:07 UTC 2014 - kstreitova@suse.com + +- the following unused patches were removed from the package: + * apache2-mod_ssl_npn.patch + * httpd-2.0.49-log_server_status.dif + ------------------------------------------------------------------- Mon Sep 29 11:57:40 UTC 2014 - pgajdos@suse.com diff --git a/httpd-2.0.49-log_server_status.dif b/httpd-2.0.49-log_server_status.dif deleted file mode 100644 index 1b07d68..0000000 --- a/httpd-2.0.49-log_server_status.dif +++ /dev/null @@ -1,36 +0,0 @@ ---- httpd-2.0.49.orig/support/log_server_status.in 2004-02-09 21:59:49.000000000 +0100 -+++ httpd-2.0.49/support/log_server_status2 2004-06-18 11:34:37.000000000 +0200 -@@ -24,18 +24,18 @@ - # it to a file. Make sure the directory $wherelog is writable by the - # user who runs this script. - # --require 'sys/socket.ph'; -+use Socket; - --$wherelog = "/var/log/graph/"; # Logs will be like "/var/log/graph/19960312" -+$wherelog = "/var/log/apache2/status/"; # Logs will be like "/var/log/apache2/status/19960312" - $server = "localhost"; # Name of server, could be "www.foo.com" - $port = "80"; # Port on server --$request = "/status/?auto"; # Request to send -+$request = "/server-status/?auto"; # Request to send - - sub tcp_connect - { - local($host,$port) =@_; - $sockaddr='S n a4 x8'; -- chop($hostname=`hostname`); -+ chop($hostname='localhost'); - $port=(getservbyname($port, 'tcp'))[2] unless $port =~ /^\d+$/; - $me=pack($sockaddr,&AF_INET,0,(gethostbyname($hostname))[4]); - $them=pack($sockaddr,&AF_INET,$port,(gethostbyname($host))[4]); -@@ -66,8 +66,8 @@ - } - print S "GET $request\n"; - while () { -- $requests=$1 if ( m|^BusyServers:\ (\S+)|); -- $idle=$1 if ( m|^IdleServers:\ (\S+)|); -+ $requests=$1 if ( m|^BusyWorkers:\ (\S+)|); -+ $idle=$1 if ( m|^IdleWorkers:\ (\S+)|); - $number=$1 if ( m|sses:\ (\S+)|); - $cpu=$1 if (m|^CPULoad:\ (\S+)|); - }