Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 11 Jun 2015 14:21:05 +0000 (UTC)
From:      Ryan Steinmetz <zi@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r389214 - in branches/2015Q2/www/apache22: . files
Message-ID:  <201506111421.t5BEL5a4094072@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: zi
Date: Thu Jun 11 14:21:04 2015
New Revision: 389214
URL: https://svnweb.freebsd.org/changeset/ports/389214

Log:
  - Merge logjam fix from head
  - Bump PORTREVISION
  
  PR:		200756
  With hat:	ports-secteam
  Approved by:	ports-secteam
  MFH:		r386904,388386

Added:
  branches/2015Q2/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c
     - copied, changed from r386904, head/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c
Modified:
  branches/2015Q2/www/apache22/Makefile
Directory Properties:
  branches/2015Q2/   (props changed)

Modified: branches/2015Q2/www/apache22/Makefile
==============================================================================
--- branches/2015Q2/www/apache22/Makefile	Thu Jun 11 14:16:10 2015	(r389213)
+++ branches/2015Q2/www/apache22/Makefile	Thu Jun 11 14:21:04 2015	(r389214)
@@ -2,7 +2,7 @@
 
 PORTNAME=	apache22
 PORTVERSION=	2.2.29
-PORTREVISION?=	2
+PORTREVISION?=	3
 CATEGORIES=	www ipv6
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD}
 DISTNAME=	httpd-${PORTVERSION}
@@ -174,6 +174,12 @@ post-configure:
 	@${REINPLACE_CMD} -e "s,%%WWWOWN%%,${WWWOWN}," -e "s,%%WWWGRP%%,${WWWGRP}," ${WRKSRC}/docs/conf/httpd.conf
 	@${REINPLACE_CMD} -e "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/support/envvars-std
 
+pre-build:
+.if ${PORT_OPTIONS:MSSL}
+	@${ECHO_MSG}    "===>  Generating unique DH group to mitigate Logjam attack (this will take a while)"
+	(cd ${WRKSRC}/modules/ssl && ${SETENV} HOME=${WRKDIR} ${PERL} ssl_engine_dh.c)
+.endif
+
 post-install:
 	@${MKDIR} ${ETC_SUBDIRS:S|^|${STAGEDIR}${ETCDIR}/|}
 	${INSTALL_DATA} ${FILESDIR}/no-accf.conf ${STAGEDIR}${ETCDIR}/Includes/

Copied and modified: branches/2015Q2/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c (from r386904, head/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c)
==============================================================================
--- head/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c	Thu May 21 02:13:07 2015	(r386904, copy source)
+++ branches/2015Q2/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c	Thu Jun 11 14:21:04 2015	(r389214)
@@ -1,5 +1,74 @@
 --- modules/ssl/ssl_engine_dh.c.orig	2006-07-12 03:38:44 UTC
 +++ modules/ssl/ssl_engine_dh.c
+@@ -33,7 +33,7 @@
+ /* ----BEGIN GENERATED SECTION-------- */
+ 
+ /*
+-** Diffie-Hellman-Parameters: (512 bit)
++** Diffie-Hellman-Parameters: (2048 bit)
+ **     prime:
+ **         00:9f:db:8b:8a:00:45:44:f0:04:5f:17:37:d0:ba:
+ **         2e:0b:27:4c:df:1a:9f:58:82:18:fb:43:53:16:a1:
+@@ -41,7 +41,7 @@
+ **         0e:3e:30:06:80:a3:03:0c:6e:4c:37:57:d0:8f:70:
+ **         e6:aa:87:10:33
+ **     generator: 2 (0x2)
+-** Diffie-Hellman-Parameters: (1024 bit)
++** Diffie-Hellman-Parameters: (3072 bit)
+ **     prime:
+ **         00:d6:7d:e4:40:cb:bb:dc:19:36:d6:93:d3:4a:fd:
+ **         0a:d5:0c:84:d2:39:a4:5f:52:0b:b8:81:74:cb:98:
+@@ -55,7 +55,7 @@
+ **     generator: 2 (0x2)
+ */
+ 
+-static unsigned char dh512_p[] = {
++static unsigned char dh2048_p[] = {
+     0x9F, 0xDB, 0x8B, 0x8A, 0x00, 0x45, 0x44, 0xF0, 0x04, 0x5F, 0x17, 0x37,
+     0xD0, 0xBA, 0x2E, 0x0B, 0x27, 0x4C, 0xDF, 0x1A, 0x9F, 0x58, 0x82, 0x18,
+     0xFB, 0x43, 0x53, 0x16, 0xA1, 0x6E, 0x37, 0x41, 0x71, 0xFD, 0x19, 0xD8,
+@@ -63,17 +63,17 @@ static unsigned char dh512_p[] = {
+     0x80, 0xA3, 0x03, 0x0C, 0x6E, 0x4C, 0x37, 0x57, 0xD0, 0x8F, 0x70, 0xE6,
+     0xAA, 0x87, 0x10, 0x33,
+ };
+-static unsigned char dh512_g[] = {
++static unsigned char dh2048_g[] = {
+     0x02,
+ };
+ 
+-static DH *get_dh512(void)
++static DH *get_dh2048(void)
+ {
+-    return modssl_dh_configure(dh512_p, sizeof(dh512_p),
+-                               dh512_g, sizeof(dh512_g));
++    return modssl_dh_configure(dh2048_p, sizeof(dh2048_p),
++                               dh2048_g, sizeof(dh2048_g));
+ }
+ 
+-static unsigned char dh1024_p[] = {
++static unsigned char dh3072_p[] = {
+     0xD6, 0x7D, 0xE4, 0x40, 0xCB, 0xBB, 0xDC, 0x19, 0x36, 0xD6, 0x93, 0xD3,
+     0x4A, 0xFD, 0x0A, 0xD5, 0x0C, 0x84, 0xD2, 0x39, 0xA4, 0x5F, 0x52, 0x0B,
+     0xB8, 0x81, 0x74, 0xCB, 0x98, 0xBC, 0xE9, 0x51, 0x84, 0x9F, 0x91, 0x2E,
+@@ -86,14 +86,14 @@ static unsigned char dh1024_p[] = {
+     0x88, 0xAE, 0xAA, 0x74, 0x7D, 0xE0, 0xF4, 0xD6, 0xE2, 0xBD, 0x68, 0xB0,
+     0xE7, 0x39, 0x3E, 0x0F, 0x24, 0x21, 0x8E, 0xB3,
+ };
+-static unsigned char dh1024_g[] = {
++static unsigned char dh3072_g[] = {
+     0x02,
+ };
+ 
+-static DH *get_dh1024(void)
++static DH *get_dh3072(void)
+ {
+-    return modssl_dh_configure(dh1024_p, sizeof(dh1024_p),
+-                               dh1024_g, sizeof(dh1024_g));
++    return modssl_dh_configure(dh3072_p, sizeof(dh3072_p),
++                               dh3072_g, sizeof(dh3072_g));
+ }
+ 
+ /* ----END GENERATED SECTION---------- */
 @@ -102,12 +102,12 @@ DH *ssl_dh_GetTmpParam(int nKeyLen)
  {
      DH *dh;
@@ -33,8 +102,8 @@
  $rand = "-rand $rand" if ($rand ne '');
 -system("openssl gendh $rand -out dh512.pem 512");
 -system("openssl gendh $rand -out dh1024.pem 1024");
-+system("openssl gendh $rand -out dh2048.pem 2048");
-+system("openssl gendh $rand -out dh3072.pem 3072");
++system("openssl gendh -out dh2048.pem 2048");
++system("openssl gendh -out dh3072.pem 3072");
  
  #   generate DH param info
  my $dhinfo = '';



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201506111421.t5BEL5a4094072>