diff --git a/apache-ssl-stuff.tar.bz2 b/apache-ssl-stuff.tar.bz2 index 39f95fd..0f6e456 100644 --- a/apache-ssl-stuff.tar.bz2 +++ b/apache-ssl-stuff.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:65caa151a4af2c46075d2dc2a1399f3398c9d5585bc7d6b89bcf582c86c46d20 -size 8433 +oid sha256:011b0281d69a43c16155d015c18440463e7e69d1b86bd8864028878f5c8362ad +size 851 diff --git a/apache2-vhost-ssl.template b/apache2-vhost-ssl.template index 91b53af..4976128 100644 --- a/apache2-vhost-ssl.template +++ b/apache2-vhost-ssl.template @@ -11,22 +11,13 @@ # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these -# directives see +# directives see http://httpd.apache.org/docs/2.2/mod/mod_ssl.html # -# For the moment, see for this info. -# The documents are still being prepared from material donated by the -# modssl project. -# # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # -# Until documentation is completed, please check http://www.modssl.org/ -# for additional config examples and module docmentation. Directives -# and features of mod_ssl are largely unchanged from the mod_ssl project -# for Apache 1.3. - @@ -47,10 +38,16 @@ # Enable/Disable SSL for this virtual host. SSLEngine on + # SSL protocols + # Supporting TLS only is adequate nowadays + SSLProtocol all -SSLv2 -SSLv3 + # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. - # See the mod_ssl documentation for a complete list. - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + # We disable weak ciphers by default. + # See the mod_ssl documentation or "openssl ciphers -v" for a + # complete list. + SSLCipherSuite ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If diff --git a/apache2.changes b/apache2.changes index e4e297d..3e4f9ac 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Fri Apr 8 13:41:48 UTC 2011 - lnussel@suse.de + +- set sane default cipher string in apache2-vhost-ssl.template +- remove useless example snakeoil certs +- remove broken mkcert script + +------------------------------------------------------------------- +Thu Feb 17 12:39:06 CET 2011 - werner@suse.de + +- Tag boot script as interactive as systemd uses it + +------------------------------------------------------------------- +Mon Feb 7 16:25:16 UTC 2011 - lnussel@suse.de + +- recommend the default mpm package (bnc#670027) + ------------------------------------------------------------------- Tue Oct 19 17:16:16 UTC 2010 - poeml@cmdline.net diff --git a/apache2.spec b/apache2.spec index 1bc4732..6a6b54d 100644 --- a/apache2.spec +++ b/apache2.spec @@ -77,8 +77,6 @@ Source1: apache2.changes Source10: SUSE-NOTICE Source11: rc.%{pname} Source13: sysconfig.%{pname} -Source16: certificate.sh -Source17: mkcert.sh.gz Source18: robots.txt Source20: favicon.ico Source22: apache2-README.QUICKSTART @@ -148,6 +146,9 @@ Obsoletes: apache < 1.3.29 Obsoletes: mod_ssl < 2.8.16 %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if 0%{?suse_version} >= 1110 +Recommends: apache2-%default_mpm +%endif %description Apache 2, the successor to Apache 1. @@ -316,14 +317,6 @@ Obsoletes: apache-example-pages Some Example pages for Apache that show information about the installed server. -%package example-certificates -License: ASLv.. -Summary: Example certificates for the Apache 2 Web Server -Group: Productivity/Networking/Web/Servers - -%description example-certificates -Snakeoil example certificates for Apache. - %package utils License: ASLv.. Summary: Apache 2 utilities @@ -350,8 +343,6 @@ to administrators of web servers in general. # cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE # -cp -p %{S:16} %{S:17} .; gunzip mkcert.sh.gz -# # replace PLATFORM string that's seen in the "Server:" header # sed 's,(" PLATFORM "),(%platform_string),' server/core.c > tmp_file && mv tmp_file server/core.c @@ -594,8 +585,7 @@ install -m 644 %{S:48} $RPM_BUILD_ROOT%{_datadir}/omc/svcinfo.d/ # # ssl stuff install -m 755 %{S:25} $RPM_BUILD_ROOT/%{_bindir}/ -chmod 755 certificate.sh mkcert.sh -tar xjf $RPM_SOURCE_DIR/apache-ssl-stuff.tar.bz2 -C $RPM_BUILD_ROOT/%{sysconfdir} +tar xjf %{SOURCE29} -C $RPM_BUILD_ROOT/%{sysconfdir} # # init script and friends mkdir -p $RPM_BUILD_ROOT/etc/init.d @@ -616,8 +606,9 @@ install -m 755 $RPM_SOURCE_DIR/a2enmod $RPM_BUILD_ROOT/%{_sbindir} ln -s a2enmod $RPM_BUILD_ROOT/%{_sbindir}/a2dismod # # directories for files from other packages and other configuration -mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/vhosts.d -mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/sysconfig.d +for i in vhosts.d sysconfig.d; do + mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/$i +done # # make list of all modules, and install sysconfig template for i in $(find $RPM_BUILD_ROOT/%{libexecdir}-%{default_mpm} -name "*.so" | sort); do @@ -821,8 +812,6 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original . %defattr(-,root,root) %doc INSTALL READM* LICENSE ABOUT_APACHE CHANGES %doc support/SHA1 -%doc %attr(755,root,root) certificate.sh -%doc %attr(755,root,root) mkcert.sh %doc %{_mandir}/man8/apachectl%{vers}.8.* %doc %{_mandir}/man8/htcacheclean%{vers}.8.* %doc %{_mandir}/man8/%{httpd}.8.* @@ -848,11 +837,7 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original . %dir %{sysconfdir}/ssl.csr %dir %attr(700,root,root) %{sysconfdir}/ssl.key %dir %{sysconfdir}/ssl.prm - %{sysconfdir}/ssl.*/README* -%config %{sysconfdir}/ssl.*/Makefile -%config(noreplace) %{sysconfdir}/ssl.crt/server.crt -%config(noreplace) %{sysconfdir}/ssl.csr/server.csr -%config(noreplace) %{sysconfdir}/ssl.key/server.key +%{sysconfdir}/ssl.*/README* %dir %{sysconfdir}/conf.d %dir %{sysconfdir}/vhosts.d %dir %{sysconfdir}/sysconfig.d @@ -943,11 +928,6 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original . %config(noreplace) %{htdocsdir}/favicon.ico %config(noreplace) %{htdocsdir}/robots.txt -%files example-certificates -%defattr(-,root,root) -%{sysconfdir}/ssl.*/snakeoil* -%{sysconfdir}/ssl.*/*.0 - %files utils %defattr(-,root,root) %doc %{_mandir}/man8/ab%{vers}.8.* diff --git a/certificate.sh b/certificate.sh deleted file mode 100644 index 3e70ff0..0000000 --- a/certificate.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -./mkcert.sh make --no-print-directory /usr/bin/openssl /usr/sbin/ test - diff --git a/mkcert.sh.gz b/mkcert.sh.gz deleted file mode 100644 index 47001b0..0000000 --- a/mkcert.sh.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:90308cef136bdc2ad7501647a19ab321f9645f34a87bf2c496a334098915eef2 -size 4601 diff --git a/rc.apache2 b/rc.apache2 index 1de2126..08e2aa6 100644 --- a/rc.apache2 +++ b/rc.apache2 @@ -20,6 +20,7 @@ # Required-Stop: $local_fs $remote_fs $network # Default-Start: 3 5 # Default-Stop: 0 1 2 6 +# X-Interactive: true # Short-Description: Apache 2.2 HTTP Server # Description: Start the Apache HTTP daemon ### END INIT INFO