From 1f5365b89cb5efe4baca60a6576963aaabb46d35b51ca0807d73b9bf748f6607 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Tue, 30 Nov 2010 17:39:53 +0000 Subject: [PATCH 1/4] Updating link to change in openSUSE:Factory/apache2 revision 47.0 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=73f33a0098f48af872a344cb0ff75fbe --- apache2.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apache2.spec b/apache2.spec index 6af0f30..1bc4732 100644 --- a/apache2.spec +++ b/apache2.spec @@ -1,5 +1,5 @@ # -# spec file for package apache2 (Version 2.2.11) +# spec file for package apache2 (Version 2.2.17) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # From 24a2a1338c98d16f271b80102be1bf113dc3a9b2192d9cdb5d5fc6bbfec0fe5a Mon Sep 17 00:00:00 2001 From: Roman Drahtmueller Date: Mon, 7 Feb 2011 16:42:02 +0000 Subject: [PATCH 2/4] Accepting request 60241 from home:lnussel:branches:Apache love it. OBS-URL: https://build.opensuse.org/request/show/60241 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=328 --- apache2.changes | 5 +++++ apache2.spec | 3 +++ 2 files changed, 8 insertions(+) diff --git a/apache2.changes b/apache2.changes index e4e297d..642bc1f 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Feb 7 16:25:16 UTC 2011 - lnussel@suse.de + +- recommend the default mpm package (bnc#670027) + ------------------------------------------------------------------- Tue Oct 19 17:16:16 UTC 2010 - poeml@cmdline.net diff --git a/apache2.spec b/apache2.spec index 1bc4732..b9131ea 100644 --- a/apache2.spec +++ b/apache2.spec @@ -148,6 +148,9 @@ Obsoletes: apache < 1.3.29 Obsoletes: mod_ssl < 2.8.16 %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if 0%{?suse_version} >= 1110 +Recommends: apache2-%default_mpm +%endif %description Apache 2, the successor to Apache 1. From 1350785443c09da0610ae77b2ea8fb4a8e20283d8e51d942956477f1cf50667a Mon Sep 17 00:00:00 2001 From: Roman Drahtmueller Date: Thu, 17 Feb 2011 12:10:51 +0000 Subject: [PATCH 3/4] Accepting request 61588 from home:WernerFink:branches:Apache Danke! OBS-URL: https://build.opensuse.org/request/show/61588 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=329 --- apache2.changes | 5 +++++ rc.apache2 | 1 + 2 files changed, 6 insertions(+) diff --git a/apache2.changes b/apache2.changes index 642bc1f..55c347c 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Feb 17 12:39:06 CET 2011 - werner@suse.de + +- Tag boot script as interactive as systemd uses it + ------------------------------------------------------------------- Mon Feb 7 16:25:16 UTC 2011 - lnussel@suse.de diff --git a/rc.apache2 b/rc.apache2 index 1de2126..08e2aa6 100644 --- a/rc.apache2 +++ b/rc.apache2 @@ -20,6 +20,7 @@ # Required-Stop: $local_fs $remote_fs $network # Default-Start: 3 5 # Default-Stop: 0 1 2 6 +# X-Interactive: true # Short-Description: Apache 2.2 HTTP Server # Description: Start the Apache HTTP daemon ### END INIT INFO From 0eb627382f1db1a58d36470656521dcaa2e18ee055a6da50c85bd7c9d8ca70a8 Mon Sep 17 00:00:00 2001 From: Roman Drahtmueller Date: Fri, 8 Apr 2011 14:57:32 +0000 Subject: [PATCH 4/4] Accepting request 66521 from home:lnussel:branches:Apache we need a new mkcert script. Ok. OBS-URL: https://build.opensuse.org/request/show/66521 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=330 --- apache-ssl-stuff.tar.bz2 | 4 ++-- apache2-vhost-ssl.template | 21 +++++++++------------ apache2.changes | 7 +++++++ apache2.spec | 33 +++++---------------------------- certificate.sh | 4 ---- mkcert.sh.gz | 3 --- 6 files changed, 23 insertions(+), 49 deletions(-) delete mode 100644 certificate.sh delete mode 100644 mkcert.sh.gz diff --git a/apache-ssl-stuff.tar.bz2 b/apache-ssl-stuff.tar.bz2 index 39f95fd..0f6e456 100644 --- a/apache-ssl-stuff.tar.bz2 +++ b/apache-ssl-stuff.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:65caa151a4af2c46075d2dc2a1399f3398c9d5585bc7d6b89bcf582c86c46d20 -size 8433 +oid sha256:011b0281d69a43c16155d015c18440463e7e69d1b86bd8864028878f5c8362ad +size 851 diff --git a/apache2-vhost-ssl.template b/apache2-vhost-ssl.template index 91b53af..4976128 100644 --- a/apache2-vhost-ssl.template +++ b/apache2-vhost-ssl.template @@ -11,22 +11,13 @@ # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these -# directives see +# directives see http://httpd.apache.org/docs/2.2/mod/mod_ssl.html # -# For the moment, see for this info. -# The documents are still being prepared from material donated by the -# modssl project. -# # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # -# Until documentation is completed, please check http://www.modssl.org/ -# for additional config examples and module docmentation. Directives -# and features of mod_ssl are largely unchanged from the mod_ssl project -# for Apache 1.3. - @@ -47,10 +38,16 @@ # Enable/Disable SSL for this virtual host. SSLEngine on + # SSL protocols + # Supporting TLS only is adequate nowadays + SSLProtocol all -SSLv2 -SSLv3 + # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. - # See the mod_ssl documentation for a complete list. - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + # We disable weak ciphers by default. + # See the mod_ssl documentation or "openssl ciphers -v" for a + # complete list. + SSLCipherSuite ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If diff --git a/apache2.changes b/apache2.changes index 55c347c..3e4f9ac 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Apr 8 13:41:48 UTC 2011 - lnussel@suse.de + +- set sane default cipher string in apache2-vhost-ssl.template +- remove useless example snakeoil certs +- remove broken mkcert script + ------------------------------------------------------------------- Thu Feb 17 12:39:06 CET 2011 - werner@suse.de diff --git a/apache2.spec b/apache2.spec index b9131ea..6a6b54d 100644 --- a/apache2.spec +++ b/apache2.spec @@ -77,8 +77,6 @@ Source1: apache2.changes Source10: SUSE-NOTICE Source11: rc.%{pname} Source13: sysconfig.%{pname} -Source16: certificate.sh -Source17: mkcert.sh.gz Source18: robots.txt Source20: favicon.ico Source22: apache2-README.QUICKSTART @@ -319,14 +317,6 @@ Obsoletes: apache-example-pages Some Example pages for Apache that show information about the installed server. -%package example-certificates -License: ASLv.. -Summary: Example certificates for the Apache 2 Web Server -Group: Productivity/Networking/Web/Servers - -%description example-certificates -Snakeoil example certificates for Apache. - %package utils License: ASLv.. Summary: Apache 2 utilities @@ -353,8 +343,6 @@ to administrators of web servers in general. # cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE # -cp -p %{S:16} %{S:17} .; gunzip mkcert.sh.gz -# # replace PLATFORM string that's seen in the "Server:" header # sed 's,(" PLATFORM "),(%platform_string),' server/core.c > tmp_file && mv tmp_file server/core.c @@ -597,8 +585,7 @@ install -m 644 %{S:48} $RPM_BUILD_ROOT%{_datadir}/omc/svcinfo.d/ # # ssl stuff install -m 755 %{S:25} $RPM_BUILD_ROOT/%{_bindir}/ -chmod 755 certificate.sh mkcert.sh -tar xjf $RPM_SOURCE_DIR/apache-ssl-stuff.tar.bz2 -C $RPM_BUILD_ROOT/%{sysconfdir} +tar xjf %{SOURCE29} -C $RPM_BUILD_ROOT/%{sysconfdir} # # init script and friends mkdir -p $RPM_BUILD_ROOT/etc/init.d @@ -619,8 +606,9 @@ install -m 755 $RPM_SOURCE_DIR/a2enmod $RPM_BUILD_ROOT/%{_sbindir} ln -s a2enmod $RPM_BUILD_ROOT/%{_sbindir}/a2dismod # # directories for files from other packages and other configuration -mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/vhosts.d -mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/sysconfig.d +for i in vhosts.d sysconfig.d; do + mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/$i +done # # make list of all modules, and install sysconfig template for i in $(find $RPM_BUILD_ROOT/%{libexecdir}-%{default_mpm} -name "*.so" | sort); do @@ -824,8 +812,6 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original . %defattr(-,root,root) %doc INSTALL READM* LICENSE ABOUT_APACHE CHANGES %doc support/SHA1 -%doc %attr(755,root,root) certificate.sh -%doc %attr(755,root,root) mkcert.sh %doc %{_mandir}/man8/apachectl%{vers}.8.* %doc %{_mandir}/man8/htcacheclean%{vers}.8.* %doc %{_mandir}/man8/%{httpd}.8.* @@ -851,11 +837,7 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original . %dir %{sysconfdir}/ssl.csr %dir %attr(700,root,root) %{sysconfdir}/ssl.key %dir %{sysconfdir}/ssl.prm - %{sysconfdir}/ssl.*/README* -%config %{sysconfdir}/ssl.*/Makefile -%config(noreplace) %{sysconfdir}/ssl.crt/server.crt -%config(noreplace) %{sysconfdir}/ssl.csr/server.csr -%config(noreplace) %{sysconfdir}/ssl.key/server.key +%{sysconfdir}/ssl.*/README* %dir %{sysconfdir}/conf.d %dir %{sysconfdir}/vhosts.d %dir %{sysconfdir}/sysconfig.d @@ -946,11 +928,6 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original . %config(noreplace) %{htdocsdir}/favicon.ico %config(noreplace) %{htdocsdir}/robots.txt -%files example-certificates -%defattr(-,root,root) -%{sysconfdir}/ssl.*/snakeoil* -%{sysconfdir}/ssl.*/*.0 - %files utils %defattr(-,root,root) %doc %{_mandir}/man8/ab%{vers}.8.* diff --git a/certificate.sh b/certificate.sh deleted file mode 100644 index 3e70ff0..0000000 --- a/certificate.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -./mkcert.sh make --no-print-directory /usr/bin/openssl /usr/sbin/ test - diff --git a/mkcert.sh.gz b/mkcert.sh.gz deleted file mode 100644 index 47001b0..0000000 --- a/mkcert.sh.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:90308cef136bdc2ad7501647a19ab321f9645f34a87bf2c496a334098915eef2 -size 4601