From c930c29f44d1c8c27a01acc3e871b48922d3b620 Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Thu, 6 Jul 2017 14:24:10 +0300 Subject: main/apache2: security upgrade to 2.4.26 fixes #7463 --- main/apache2/conf/0001-httpd.conf-ServerRoot.patch | 6 +++--- main/apache2/conf/0002-httpd.conf-ServerTokens.patch | 6 +++--- main/apache2/conf/0003-httpd.conf-ServerSignature.patch | 6 +++--- main/apache2/conf/0004-httpd.conf-User-Group.patch | 6 +++--- .../0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch | 8 ++++---- main/apache2/conf/0006-httpd-dav.conf-DavLockDB.patch | 4 ++-- .../apache2/conf/0007-httpd-ssl.conf-SSLSessionCache.patch | 6 +++--- main/apache2/conf/0008-httpd-ssl.conf-SSLRandomSeed.patch | 10 +++++----- main/apache2/conf/0009-httpd-ssl.conf-SSL-File.patch | 6 +++--- .../apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch | 14 +++++++------- main/apache2/conf/0011-httpd.conf-IncludeOptional.patch | 8 ++++---- main/apache2/conf/0012-httpd.conf-MIMEMagicFile.patch | 8 ++++---- main/apache2/conf/0013-httpd-.conf-IfModule.patch | 4 ++-- main/apache2/conf/0014-httpd-.conf-LoadModule.patch | 8 ++++---- 14 files changed, 50 insertions(+), 50 deletions(-) (limited to 'main/apache2/conf') diff --git a/main/apache2/conf/0001-httpd.conf-ServerRoot.patch b/main/apache2/conf/0001-httpd.conf-ServerRoot.patch index 26f9b5a388..3565bd4f8e 100644 --- a/main/apache2/conf/0001-httpd.conf-ServerRoot.patch +++ b/main/apache2/conf/0001-httpd.conf-ServerRoot.patch @@ -1,4 +1,4 @@ -From 8d6011f6009c74a6dc701017c629f21516142256 Mon Sep 17 00:00:00 2001 +From 0126e85796d645820a7883a5f133b52c1408d53c Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Mon, 21 Sep 2015 12:16:16 +0300 Subject: [PATCH 01/14] httpd.conf: ServerRoot @@ -8,7 +8,7 @@ Subject: [PATCH 01/14] httpd.conf: ServerRoot 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in -index 966d2c3..c97b18d 100644 +index 37d7c0b..3e21599 100644 --- a/docs/conf/httpd.conf.in +++ b/docs/conf/httpd.conf.in @@ -28,7 +28,7 @@ @@ -21,5 +21,5 @@ index 966d2c3..c97b18d 100644 # # Mutex: Allows you to set the mutex mechanism and mutex file directory -- -2.5.0 +2.9.4 diff --git a/main/apache2/conf/0002-httpd.conf-ServerTokens.patch b/main/apache2/conf/0002-httpd.conf-ServerTokens.patch index d688592683..99ebcbd8e6 100644 --- a/main/apache2/conf/0002-httpd.conf-ServerTokens.patch +++ b/main/apache2/conf/0002-httpd.conf-ServerTokens.patch @@ -1,4 +1,4 @@ -From efe4452d812db7bdb0885ba89cf488c2eade7c70 Mon Sep 17 00:00:00 2001 +From 37588c3ee46bc58510d7aac77109eeafb56964ab Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Fri, 11 Sep 2015 11:10:55 +0300 Subject: [PATCH 02/14] httpd.conf: ServerTokens @@ -30,7 +30,7 @@ index 7196922..a05ebc1 100644 # name to server-generated pages (internal error documents, FTP directory # listings, mod_status and mod_info output etc., but not CGI generated diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in -index c97b18d..0cceb2a 100644 +index 3e21599..e995794 100644 --- a/docs/conf/httpd.conf.in +++ b/docs/conf/httpd.conf.in @@ -19,6 +19,16 @@ @@ -51,5 +51,5 @@ index c97b18d..0cceb2a 100644 # configuration, error, and log files are kept. # -- -2.5.0 +2.9.4 diff --git a/main/apache2/conf/0003-httpd.conf-ServerSignature.patch b/main/apache2/conf/0003-httpd.conf-ServerSignature.patch index c6c4f4ffda..f269f04516 100644 --- a/main/apache2/conf/0003-httpd.conf-ServerSignature.patch +++ b/main/apache2/conf/0003-httpd.conf-ServerSignature.patch @@ -1,4 +1,4 @@ -From ca039c67e17d45f641b018e76d90b36b1325ab16 Mon Sep 17 00:00:00 2001 +From f5c03e6a248fcf273efeabc31665f0af56a17b55 Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Fri, 11 Sep 2015 11:46:25 +0300 Subject: [PATCH 03/14] httpd.conf: ServerSignature @@ -30,7 +30,7 @@ index a05ebc1..dcc2fb5 100644 # e.g., www.apache.org (on) or 204.62.129.132 (off). # The default is off because it'd be overall better for the net if people diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in -index 0cceb2a..5835643 100644 +index e995794..748b5ef 100644 --- a/docs/conf/httpd.conf.in +++ b/docs/conf/httpd.conf.in @@ -109,6 +109,16 @@ Group daemon @@ -51,5 +51,5 @@ index 0cceb2a..5835643 100644 # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. -- -2.5.0 +2.9.4 diff --git a/main/apache2/conf/0004-httpd.conf-User-Group.patch b/main/apache2/conf/0004-httpd.conf-User-Group.patch index 264ae3a494..24d1c83955 100644 --- a/main/apache2/conf/0004-httpd.conf-User-Group.patch +++ b/main/apache2/conf/0004-httpd.conf-User-Group.patch @@ -1,4 +1,4 @@ -From 1ac121e7d4ea97b2a2fa5c678fd989ad1081d541 Mon Sep 17 00:00:00 2001 +From 023f6840e901390b95f3d858d7f85cd9ac257d75 Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Fri, 11 Sep 2015 11:31:31 +0300 Subject: [PATCH 04/14] httpd.conf: User/Group @@ -8,7 +8,7 @@ Subject: [PATCH 04/14] httpd.conf: User/Group 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in -index 5835643..2f2bf49 100644 +index 748b5ef..33b7487 100644 --- a/docs/conf/httpd.conf.in +++ b/docs/conf/httpd.conf.in @@ -84,8 +84,8 @@ Listen @@Port@@ @@ -23,5 +23,5 @@ index 5835643..2f2bf49 100644 -- -2.5.0 +2.9.4 diff --git a/main/apache2/conf/0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch b/main/apache2/conf/0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch index a4aa4d635d..ea0d23c442 100644 --- a/main/apache2/conf/0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch +++ b/main/apache2/conf/0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch @@ -1,4 +1,4 @@ -From c48105dca98ec2e4c63cb487f2ce5ab4da6a55c4 Mon Sep 17 00:00:00 2001 +From 3f6e035c2d85967fc63431d73e4a37821513b39c Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Fri, 11 Sep 2015 11:40:22 +0300 Subject: [PATCH 05/14] httpd.conf: ErrorLog/CustomLog/TransferLog @@ -9,7 +9,7 @@ Subject: [PATCH 05/14] httpd.conf: ErrorLog/CustomLog/TransferLog 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in -index f093b32..65dae32 100644 +index 6a3c67a..3ace58a 100644 --- a/docs/conf/extra/httpd-ssl.conf.in +++ b/docs/conf/extra/httpd-ssl.conf.in @@ -124,8 +124,8 @@ SSLSessionCacheTimeout 300 @@ -33,7 +33,7 @@ index f093b32..65dae32 100644 diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in -index 2f2bf49..8386312 100644 +index 33b7487..29ac06c 100644 --- a/docs/conf/httpd.conf.in +++ b/docs/conf/httpd.conf.in @@ -201,7 +201,7 @@ DocumentRoot "@exp_htdocsdir@" @@ -62,5 +62,5 @@ index 2f2bf49..8386312 100644 -- -2.5.0 +2.9.4 diff --git a/main/apache2/conf/0006-httpd-dav.conf-DavLockDB.patch b/main/apache2/conf/0006-httpd-dav.conf-DavLockDB.patch index 6b4b21b38d..8db75cf7e6 100644 --- a/main/apache2/conf/0006-httpd-dav.conf-DavLockDB.patch +++ b/main/apache2/conf/0006-httpd-dav.conf-DavLockDB.patch @@ -1,4 +1,4 @@ -From 6b0ea0ffe5dda6d6d24535c2be57304e0cbbe484 Mon Sep 17 00:00:00 2001 +From 02d449be1ef2a6b84a913458d833778a66917e81 Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Fri, 11 Sep 2015 12:46:16 +0300 Subject: [PATCH 06/14] httpd-dav.conf: DavLockDB @@ -21,5 +21,5 @@ index f1d35e0..416110b 100644 Alias /uploads "@@ServerRoot@@/uploads" -- -2.5.0 +2.9.4 diff --git a/main/apache2/conf/0007-httpd-ssl.conf-SSLSessionCache.patch b/main/apache2/conf/0007-httpd-ssl.conf-SSLSessionCache.patch index 3de8608948..09de671124 100644 --- a/main/apache2/conf/0007-httpd-ssl.conf-SSLSessionCache.patch +++ b/main/apache2/conf/0007-httpd-ssl.conf-SSLSessionCache.patch @@ -1,4 +1,4 @@ -From ff4cb257ca2f5f6705776683dc6c26c65a8fffd3 Mon Sep 17 00:00:00 2001 +From e718f5cf478200adc3132f488fb673bc1f614fbd Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Fri, 11 Sep 2015 12:53:13 +0300 Subject: [PATCH 07/14] httpd-ssl.conf: SSLSessionCache @@ -8,7 +8,7 @@ Subject: [PATCH 07/14] httpd-ssl.conf: SSLSessionCache 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in -index 65dae32..1680430 100644 +index 3ace58a..090ce32 100644 --- a/docs/conf/extra/httpd-ssl.conf.in +++ b/docs/conf/extra/httpd-ssl.conf.in @@ -89,7 +89,7 @@ SSLPassPhraseDialog builtin @@ -21,5 +21,5 @@ index 65dae32..1680430 100644 # OCSP Stapling (requires OpenSSL 0.9.8h or later) -- -2.5.0 +2.9.4 diff --git a/main/apache2/conf/0008-httpd-ssl.conf-SSLRandomSeed.patch b/main/apache2/conf/0008-httpd-ssl.conf-SSLRandomSeed.patch index 0f461bcb73..ed99ad6330 100644 --- a/main/apache2/conf/0008-httpd-ssl.conf-SSLRandomSeed.patch +++ b/main/apache2/conf/0008-httpd-ssl.conf-SSLRandomSeed.patch @@ -1,4 +1,4 @@ -From 2270e11bbe1ba3a0b489ecd941ef3a7a944ba151 Mon Sep 17 00:00:00 2001 +From 201ea4523851206881c1feaacc7451d8df7f1267 Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Fri, 11 Sep 2015 12:58:01 +0300 Subject: [PATCH 08/14] httpd-ssl.conf: SSLRandomSeed @@ -9,7 +9,7 @@ Subject: [PATCH 08/14] httpd-ssl.conf: SSLRandomSeed 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in -index 1680430..da506c8 100644 +index 090ce32..75ce736 100644 --- a/docs/conf/extra/httpd-ssl.conf.in +++ b/docs/conf/extra/httpd-ssl.conf.in @@ -24,7 +24,8 @@ @@ -23,10 +23,10 @@ index 1680430..da506c8 100644 #SSLRandomSeed connect file:/dev/urandom 512 diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in -index 8386312..de6ee33 100644 +index 29ac06c..46ccea6 100644 --- a/docs/conf/httpd.conf.in +++ b/docs/conf/httpd.conf.in -@@ -414,16 +414,3 @@ LogLevel warn +@@ -423,16 +423,3 @@ LogLevel warn Include @rel_sysconfdir@/extra/proxy-html.conf @@ -44,5 +44,5 @@ index 8386312..de6ee33 100644 - - -- -2.5.0 +2.9.4 diff --git a/main/apache2/conf/0009-httpd-ssl.conf-SSL-File.patch b/main/apache2/conf/0009-httpd-ssl.conf-SSL-File.patch index 851130fe3d..845e01d56e 100644 --- a/main/apache2/conf/0009-httpd-ssl.conf-SSL-File.patch +++ b/main/apache2/conf/0009-httpd-ssl.conf-SSL-File.patch @@ -1,4 +1,4 @@ -From deef08a02706efc731555d4d4d1c43ca126d6d3e Mon Sep 17 00:00:00 2001 +From 35db76c3663f77b49c1f1b1f0e07d108d6176c8c Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Fri, 11 Sep 2015 13:03:38 +0300 Subject: [PATCH 09/14] httpd-ssl.conf SSL*File @@ -8,7 +8,7 @@ Subject: [PATCH 09/14] httpd-ssl.conf SSL*File 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in -index da506c8..4462fa6 100644 +index 75ce736..e80ad1a 100644 --- a/docs/conf/extra/httpd-ssl.conf.in +++ b/docs/conf/extra/httpd-ssl.conf.in @@ -142,9 +142,9 @@ SSLEngine on @@ -69,5 +69,5 @@ index da506c8..4462fa6 100644 # Client Authentication (Type): -- -2.5.0 +2.9.4 diff --git a/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch b/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch index 7c806c3519..4b9229babd 100644 --- a/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch +++ b/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch @@ -1,4 +1,4 @@ -From 9ddd6227e5e0c38b869a77ce04c93877a2b1fc85 Mon Sep 17 00:00:00 2001 +From be15024e8c13bf740897274844bee4afd8c9946b Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Fri, 11 Sep 2015 13:32:31 +0300 Subject: [PATCH 10/14] httpd-ssl.conf: SSL*CipherSuite @@ -8,20 +8,20 @@ Subject: [PATCH 10/14] httpd-ssl.conf: SSL*CipherSuite 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in -index 4462fa6..4534852 100644 +index e80ad1a..b5f5e9d 100644 --- a/docs/conf/extra/httpd-ssl.conf.in +++ b/docs/conf/extra/httpd-ssl.conf.in @@ -50,8 +50,8 @@ Listen @@SSLPort@@ # ensure these follow appropriate best practices for this deployment. # httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers, # while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a. --SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 --SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 -+SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!ADH -+SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!ADH +-SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES +-SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES ++SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH ++SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH # By the end of 2016, only TLSv1.2 ciphers should remain in use. # Older ciphers should be disallowed as soon as possible, while the -- -2.5.0 +2.9.4 diff --git a/main/apache2/conf/0011-httpd.conf-IncludeOptional.patch b/main/apache2/conf/0011-httpd.conf-IncludeOptional.patch index bc38c2753c..06ed346b5c 100644 --- a/main/apache2/conf/0011-httpd.conf-IncludeOptional.patch +++ b/main/apache2/conf/0011-httpd.conf-IncludeOptional.patch @@ -1,4 +1,4 @@ -From 1013806f1128c2cf289b20362484f64379dda619 Mon Sep 17 00:00:00 2001 +From 355485ecb874640c0856e4f3c239d517d97893df Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Fri, 11 Sep 2015 11:27:24 +0300 Subject: [PATCH 11/14] httpd.conf: IncludeOptional @@ -8,10 +8,10 @@ Subject: [PATCH 11/14] httpd.conf: IncludeOptional 1 file changed, 2 insertions(+), 40 deletions(-) diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in -index de6ee33..66d20fe 100644 +index 46ccea6..388916f 100644 --- a/docs/conf/httpd.conf.in +++ b/docs/conf/httpd.conf.in -@@ -373,44 +373,6 @@ LogLevel warn +@@ -382,44 +382,6 @@ LogLevel warn #EnableMMAP off #EnableSendfile on @@ -59,5 +59,5 @@ index de6ee33..66d20fe 100644 - +IncludeOptional /etc/apache2/conf.d/*.conf -- -2.5.0 +2.9.4 diff --git a/main/apache2/conf/0012-httpd.conf-MIMEMagicFile.patch b/main/apache2/conf/0012-httpd.conf-MIMEMagicFile.patch index 2db338d16f..4fa1911c23 100644 --- a/main/apache2/conf/0012-httpd.conf-MIMEMagicFile.patch +++ b/main/apache2/conf/0012-httpd.conf-MIMEMagicFile.patch @@ -1,4 +1,4 @@ -From 867d4c6caac66cb458316b97cd24761f339861ca Mon Sep 17 00:00:00 2001 +From e0eca7b6d1837ceee414e08698108fb35e79635e Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Fri, 11 Sep 2015 14:59:32 +0300 Subject: [PATCH 12/14] httpd.conf: MIMEMagicFile @@ -8,10 +8,10 @@ Subject: [PATCH 12/14] httpd.conf: MIMEMagicFile 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in -index 66d20fe..4266f87 100644 +index 388916f..61747cb 100644 --- a/docs/conf/httpd.conf.in +++ b/docs/conf/httpd.conf.in -@@ -341,7 +341,9 @@ LogLevel warn +@@ -350,7 +350,9 @@ LogLevel warn # contents of the file itself to determine its type. The MIMEMagicFile # directive tells the module where the hint definitions are located. # @@ -23,5 +23,5 @@ index 66d20fe..4266f87 100644 # # Customizable error responses come in three flavors: -- -2.5.0 +2.9.4 diff --git a/main/apache2/conf/0013-httpd-.conf-IfModule.patch b/main/apache2/conf/0013-httpd-.conf-IfModule.patch index 20693109b7..8c88e93244 100644 --- a/main/apache2/conf/0013-httpd-.conf-IfModule.patch +++ b/main/apache2/conf/0013-httpd-.conf-IfModule.patch @@ -1,4 +1,4 @@ -From 5dfde3ec458ddda04b070709b60803144ce29d9a Mon Sep 17 00:00:00 2001 +From 9a788d82c38717396903f5352e6d27e938f0cb25 Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Fri, 11 Sep 2015 15:05:30 +0300 Subject: [PATCH 13/14] httpd-*.conf: IfModule @@ -65,5 +65,5 @@ index a744322..edd158f 100644 + -- -2.5.0 +2.9.4 diff --git a/main/apache2/conf/0014-httpd-.conf-LoadModule.patch b/main/apache2/conf/0014-httpd-.conf-LoadModule.patch index fbf0757bed..6d34deb501 100644 --- a/main/apache2/conf/0014-httpd-.conf-LoadModule.patch +++ b/main/apache2/conf/0014-httpd-.conf-LoadModule.patch @@ -1,4 +1,4 @@ -From a15f4e83f0c5b6a3974af01427e3facf9191d0ef Mon Sep 17 00:00:00 2001 +From 2a1fe11fab2e43d9c00aae699108e75e8185715b Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Fri, 11 Sep 2015 15:12:08 +0300 Subject: [PATCH 14/14] httpd*.conf: LoadModule @@ -25,7 +25,7 @@ index 416110b..0ddcb48 100644 # The following example gives DAV write access to a directory called # "uploads" under the ServerRoot directory. diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in -index 4534852..b5bcb5d 100644 +index b5f5e9d..d9e5bd1 100644 --- a/docs/conf/extra/httpd-ssl.conf.in +++ b/docs/conf/extra/httpd-ssl.conf.in @@ -10,6 +10,8 @@ @@ -55,7 +55,7 @@ index 683a091..0648e8e 100644 # For Windows (I don't know if there's a standard path for the libraries) # LoadFile C:/path/zlib.dll diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in -index 4266f87..df1f2a1 100644 +index 61747cb..8fec78c 100644 --- a/docs/conf/httpd.conf.in +++ b/docs/conf/httpd.conf.in @@ -75,6 +75,8 @@ Listen @@Port@@ @@ -68,5 +68,5 @@ index 4266f87..df1f2a1 100644 # # If you wish httpd to run as a different user or group, you must run -- -2.5.0 +2.9.4 -- cgit v1.2.3