From owner-svn-ports-branches@FreeBSD.ORG  Thu Jun 11 14:21:05 2015
Return-Path: <owner-svn-ports-branches@FreeBSD.ORG>
Delivered-To: svn-ports-branches@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C9280228;
 Thu, 11 Jun 2015 14:21:05 +0000 (UTC) (envelope-from zi@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id AB62F1B83;
 Thu, 11 Jun 2015 14:21:05 +0000 (UTC) (envelope-from zi@FreeBSD.org)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t5BEL5qB094263;
 Thu, 11 Jun 2015 14:21:05 GMT (envelope-from zi@FreeBSD.org)
Received: (from zi@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t5BEL5a4094072;
 Thu, 11 Jun 2015 14:21:05 GMT (envelope-from zi@FreeBSD.org)
Message-Id: <201506111421.t5BEL5a4094072@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: zi set sender to zi@FreeBSD.org
 using -f
From: Ryan Steinmetz <zi@FreeBSD.org>
Date: Thu, 11 Jun 2015 14:21:05 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-branches@freebsd.org
Subject: svn commit: r389214 - in branches/2015Q2/www/apache22: . files
X-SVN-Group: ports-branches
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-branches@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for all the branches of the ports tree
 <svn-ports-branches.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-branches>, 
 <mailto:svn-ports-branches-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-branches/>
List-Post: <mailto:svn-ports-branches@freebsd.org>
List-Help: <mailto:svn-ports-branches-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-branches>, 
 <mailto:svn-ports-branches-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2015 14:21:05 -0000

Author: zi
Date: Thu Jun 11 14:21:04 2015
New Revision: 389214
URL: https://svnweb.freebsd.org/changeset/ports/389214

Log:
  - Merge logjam fix from head
  - Bump PORTREVISION
  
  PR:		200756
  With hat:	ports-secteam
  Approved by:	ports-secteam
  MFH:		r386904,388386

Added:
  branches/2015Q2/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c
     - copied, changed from r386904, head/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c
Modified:
  branches/2015Q2/www/apache22/Makefile
Directory Properties:
  branches/2015Q2/   (props changed)

Modified: branches/2015Q2/www/apache22/Makefile
==============================================================================
--- branches/2015Q2/www/apache22/Makefile	Thu Jun 11 14:16:10 2015	(r389213)
+++ branches/2015Q2/www/apache22/Makefile	Thu Jun 11 14:21:04 2015	(r389214)
@@ -2,7 +2,7 @@
 
 PORTNAME=	apache22
 PORTVERSION=	2.2.29
-PORTREVISION?=	2
+PORTREVISION?=	3
 CATEGORIES=	www ipv6
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD}
 DISTNAME=	httpd-${PORTVERSION}
@@ -174,6 +174,12 @@ post-configure:
 	@${REINPLACE_CMD} -e "s,%%WWWOWN%%,${WWWOWN}," -e "s,%%WWWGRP%%,${WWWGRP}," ${WRKSRC}/docs/conf/httpd.conf
 	@${REINPLACE_CMD} -e "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/support/envvars-std
 
+pre-build:
+.if ${PORT_OPTIONS:MSSL}
+	@${ECHO_MSG}    "===>  Generating unique DH group to mitigate Logjam attack (this will take a while)"
+	(cd ${WRKSRC}/modules/ssl && ${SETENV} HOME=${WRKDIR} ${PERL} ssl_engine_dh.c)
+.endif
+
 post-install:
 	@${MKDIR} ${ETC_SUBDIRS:S|^|${STAGEDIR}${ETCDIR}/|}
 	${INSTALL_DATA} ${FILESDIR}/no-accf.conf ${STAGEDIR}${ETCDIR}/Includes/

Copied and modified: branches/2015Q2/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c (from r386904, head/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c)
==============================================================================
--- head/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c	Thu May 21 02:13:07 2015	(r386904, copy source)
+++ branches/2015Q2/www/apache22/files/patch-modules_ssl_ssl__engine__dh.c	Thu Jun 11 14:21:04 2015	(r389214)
@@ -1,5 +1,74 @@
 --- modules/ssl/ssl_engine_dh.c.orig	2006-07-12 03:38:44 UTC
 +++ modules/ssl/ssl_engine_dh.c
+@@ -33,7 +33,7 @@
+ /* ----BEGIN GENERATED SECTION-------- */
+ 
+ /*
+-** Diffie-Hellman-Parameters: (512 bit)
++** Diffie-Hellman-Parameters: (2048 bit)
+ **     prime:
+ **         00:9f:db:8b:8a:00:45:44:f0:04:5f:17:37:d0:ba:
+ **         2e:0b:27:4c:df:1a:9f:58:82:18:fb:43:53:16:a1:
+@@ -41,7 +41,7 @@
+ **         0e:3e:30:06:80:a3:03:0c:6e:4c:37:57:d0:8f:70:
+ **         e6:aa:87:10:33
+ **     generator: 2 (0x2)
+-** Diffie-Hellman-Parameters: (1024 bit)
++** Diffie-Hellman-Parameters: (3072 bit)
+ **     prime:
+ **         00:d6:7d:e4:40:cb:bb:dc:19:36:d6:93:d3:4a:fd:
+ **         0a:d5:0c:84:d2:39:a4:5f:52:0b:b8:81:74:cb:98:
+@@ -55,7 +55,7 @@
+ **     generator: 2 (0x2)
+ */
+ 
+-static unsigned char dh512_p[] = {
++static unsigned char dh2048_p[] = {
+     0x9F, 0xDB, 0x8B, 0x8A, 0x00, 0x45, 0x44, 0xF0, 0x04, 0x5F, 0x17, 0x37,
+     0xD0, 0xBA, 0x2E, 0x0B, 0x27, 0x4C, 0xDF, 0x1A, 0x9F, 0x58, 0x82, 0x18,
+     0xFB, 0x43, 0x53, 0x16, 0xA1, 0x6E, 0x37, 0x41, 0x71, 0xFD, 0x19, 0xD8,
+@@ -63,17 +63,17 @@ static unsigned char dh512_p[] = {
+     0x80, 0xA3, 0x03, 0x0C, 0x6E, 0x4C, 0x37, 0x57, 0xD0, 0x8F, 0x70, 0xE6,
+     0xAA, 0x87, 0x10, 0x33,
+ };
+-static unsigned char dh512_g[] = {
++static unsigned char dh2048_g[] = {
+     0x02,
+ };
+ 
+-static DH *get_dh512(void)
++static DH *get_dh2048(void)
+ {
+-    return modssl_dh_configure(dh512_p, sizeof(dh512_p),
+-                               dh512_g, sizeof(dh512_g));
++    return modssl_dh_configure(dh2048_p, sizeof(dh2048_p),
++                               dh2048_g, sizeof(dh2048_g));
+ }
+ 
+-static unsigned char dh1024_p[] = {
++static unsigned char dh3072_p[] = {
+     0xD6, 0x7D, 0xE4, 0x40, 0xCB, 0xBB, 0xDC, 0x19, 0x36, 0xD6, 0x93, 0xD3,
+     0x4A, 0xFD, 0x0A, 0xD5, 0x0C, 0x84, 0xD2, 0x39, 0xA4, 0x5F, 0x52, 0x0B,
+     0xB8, 0x81, 0x74, 0xCB, 0x98, 0xBC, 0xE9, 0x51, 0x84, 0x9F, 0x91, 0x2E,
+@@ -86,14 +86,14 @@ static unsigned char dh1024_p[] = {
+     0x88, 0xAE, 0xAA, 0x74, 0x7D, 0xE0, 0xF4, 0xD6, 0xE2, 0xBD, 0x68, 0xB0,
+     0xE7, 0x39, 0x3E, 0x0F, 0x24, 0x21, 0x8E, 0xB3,
+ };
+-static unsigned char dh1024_g[] = {
++static unsigned char dh3072_g[] = {
+     0x02,
+ };
+ 
+-static DH *get_dh1024(void)
++static DH *get_dh3072(void)
+ {
+-    return modssl_dh_configure(dh1024_p, sizeof(dh1024_p),
+-                               dh1024_g, sizeof(dh1024_g));
++    return modssl_dh_configure(dh3072_p, sizeof(dh3072_p),
++                               dh3072_g, sizeof(dh3072_g));
+ }
+ 
+ /* ----END GENERATED SECTION---------- */
 @@ -102,12 +102,12 @@ DH *ssl_dh_GetTmpParam(int nKeyLen)
  {
      DH *dh;
@@ -33,8 +102,8 @@
  $rand = "-rand $rand" if ($rand ne '');
 -system("openssl gendh $rand -out dh512.pem 512");
 -system("openssl gendh $rand -out dh1024.pem 1024");
-+system("openssl gendh $rand -out dh2048.pem 2048");
-+system("openssl gendh $rand -out dh3072.pem 3072");
++system("openssl gendh -out dh2048.pem 2048");
++system("openssl gendh -out dh3072.pem 3072");
  
  #   generate DH param info
  my $dhinfo = '';