[SCM] Debian packaging for apache2 branch, master, updated. debian/2.2.22-3-51-gf4c9309

Mon Jul 30 20:40:03 UTC 2012

The following commit has been merged in the master branch:
commit c7243019a11fa227c1cc2bcb2bcb3823e5fc5956
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Mon Jul 30 22:22:07 2012 +0200

    Fix and simplify patch

diff --git a/debian/patches/SSLProtocol-tls11-12.2.patch b/debian/patches/SSLProtocol-tls11-12.2.patch
index f483728..3c1c925 100644
--- a/debian/patches/SSLProtocol-tls11-12.2.patch
+++ b/debian/patches/SSLProtocol-tls11-12.2.patch
@@ -1,6 +1,6 @@
 Description: Support TLSv1.1 and TLSv1.2 in SSLProtocol directive
 Forwarded: not-needed
-Author: kbrand at apache.org, wrowe at apache.org
+Author: Stefan Fritsch
 Last-Update: 2012-07-30
 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682897
 #
@@ -30,29 +30,20 @@ Index: apache2/modules/ssl/ssl_private.h
  #include "ssl_util_ssl.h"
  
  /** The #ifdef macros are only defined AFTER including the above
-@@ -215,13 +220,22 @@
-  * Define the SSL Protocol options
-  */
- #define SSL_PROTOCOL_NONE  (0)
-+#ifndef OPENSSL_NO_SSL2
+@@ -218,10 +223,14 @@
  #define SSL_PROTOCOL_SSLV2 (1<<0)
-+#endif
  #define SSL_PROTOCOL_SSLV3 (1<<1)
  #define SSL_PROTOCOL_TLSV1 (1<<2)
--#ifndef OPENSSL_NO_SSL2
--#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
-+#ifdef OPENSSL_NO_SSL2
-+#define SSL_MOST_ALL SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1
-+#else
-+#define SSL_MOST_ALL SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1
-+#endif
-+#ifdef HAVE_TLSV1_X
 +#define SSL_PROTOCOL_TLSV1_1 (1<<3)
 +#define SSL_PROTOCOL_TLSV1_2 (1<<4)
-+#define SSL_PROTOCOL_ALL (SSL_MOST_ALL|SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
+ #ifndef OPENSSL_NO_SSL2
+-#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
++#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|\
++                          SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
  #else
 -#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
-+#define SSL_PROTOCOL_ALL (SSL_MOST_ALL)
++#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|\
++                          SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
  #endif
  typedef int ssl_proto_t;
  
@@ -60,13 +51,8 @@ Index: apache2/modules/ssl/ssl_engine_init.c
 ===================================================================
 --- apache2.orig/modules/ssl/ssl_engine_init.c
 +++ apache2/modules/ssl/ssl_engine_init.c
-@@ -456,9 +456,15 @@
-     }
- 
-     cp = apr_pstrcat(p,
-+#ifndef OPENSSL_NO_SSL2
+@@ -459,6 +459,10 @@
                       (protocol & SSL_PROTOCOL_SSLV2 ? "SSLv2, " : ""),
-+#endif
                       (protocol & SSL_PROTOCOL_SSLV3 ? "SSLv3, " : ""),
                       (protocol & SSL_PROTOCOL_TLSV1 ? "TLSv1, " : ""),
 +#ifdef HAVE_TLSV1_X
@@ -76,7 +62,7 @@ Index: apache2/modules/ssl/ssl_engine_init.c
                       NULL);
      cp[strlen(cp)-2] = NUL;
  
-@@ -474,6 +480,19 @@
+@@ -474,6 +478,21 @@
      }
      else
  #endif
@@ -85,30 +71,20 @@ Index: apache2/modules/ssl/ssl_engine_init.c
 +        method = mctx->pkp ?
 +            TLSv1_1_client_method() : /* proxy */
 +            TLSv1_1_server_method();  /* server */
++        ctx = SSL_CTX_new(method);
 +    }
 +    else if (protocol == SSL_PROTOCOL_TLSV1_2) {
 +        method = mctx->pkp ?
 +            TLSv1_2_client_method() : /* proxy */
 +            TLSv1_2_server_method();  /* server */
++        ctx = SSL_CTX_new(method);
 +    }
 +    else
 +#endif
      {
          method = mctx->pkp ?
              SSLv23_client_method() : /* proxy */
-@@ -485,9 +504,11 @@
- 
-     SSL_CTX_set_options(ctx, SSL_OP_ALL);
- 
-+#ifndef OPENSSL_NO_SSL2
-     if (!(protocol & SSL_PROTOCOL_SSLV2)) {
-         SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
-     }
-+#endif
- 
-     if (!(protocol & SSL_PROTOCOL_SSLV3)) {
-         SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
-@@ -497,6 +518,16 @@
+@@ -497,6 +516,16 @@
          SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
      }
  
@@ -129,18 +105,7 @@ Index: apache2/modules/ssl/ssl_engine_config.c
 ===================================================================
 --- apache2.orig/modules/ssl/ssl_engine_config.c
 +++ apache2/modules/ssl/ssl_engine_config.c
-@@ -1277,8 +1277,9 @@
-             if (action != '-') {
-                 return "SSLv2 not supported by this version of OpenSSL";
-             }
--#endif
-+#else
-             thisopt = SSL_PROTOCOL_SSLV2;
-+#endif
-         }
-         else if (strcEQ(w, "SSLv3")) {
-             thisopt = SSL_PROTOCOL_SSLV3;
-@@ -1286,6 +1287,14 @@
+@@ -1286,6 +1286,14 @@
          else if (strcEQ(w, "TLSv1")) {
              thisopt = SSL_PROTOCOL_TLSV1;
          }

-- 
Debian packaging for apache2

