Hello community, here is the log from the commit of package apache2 for openSUSE:Factory checked in at Fri May 27 15:52:49 CEST 2011.
-------- --- apache2/apache2.changes 2010-10-21 16:13:51.000000000 +0200 +++ /mounts/work_src_done/STABLE/apache2/apache2.changes 2011-04-08 16:30:30.000000000 +0200 @@ -1,0 +2,17 @@ +Fri Apr 8 13:41:48 UTC 2011 - [email protected] + +- set sane default cipher string in apache2-vhost-ssl.template +- remove useless example snakeoil certs +- remove broken mkcert script + +------------------------------------------------------------------- +Thu Feb 17 12:39:06 CET 2011 - [email protected] + +- Tag boot script as interactive as systemd uses it + +------------------------------------------------------------------- +Mon Feb 7 16:25:16 UTC 2011 - [email protected] + +- recommend the default mpm package (bnc#670027) + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- certificate.sh mkcert.sh.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache2.spec ++++++ --- /var/tmp/diff_new_pack.8AHkPa/_old 2011-05-27 15:48:36.000000000 +0200 +++ /var/tmp/diff_new_pack.8AHkPa/_new 2011-05-27 15:48:36.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package apache2 (Version 2.2.17) +# spec file for package apache2 # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -69,7 +69,7 @@ Group: Productivity/Networking/Web/Servers %define realver 2.2.17 Version: 2.2.17 -Release: 1 +Release: 6 #Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2 Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2 # Add file to take mtime from it in prep section @@ -77,8 +77,6 @@ Source10: SUSE-NOTICE Source11: rc.%{pname} Source13: sysconfig.%{pname} -Source16: certificate.sh -Source17: mkcert.sh.gz Source18: robots.txt Source20: favicon.ico Source22: apache2-README.QUICKSTART @@ -148,6 +146,9 @@ Obsoletes: mod_ssl < 2.8.16 %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if 0%{?suse_version} >= 1110 +Recommends: apache2-%default_mpm +%endif %description Apache 2, the successor to Apache 1. @@ -316,14 +317,6 @@ Some Example pages for Apache that show information about the installed server. -%package example-certificates -License: ASLv.. -Summary: Example certificates for the Apache 2 Web Server -Group: Productivity/Networking/Web/Servers - -%description example-certificates -Snakeoil example certificates for Apache. - %package utils License: ASLv.. Summary: Apache 2 utilities @@ -350,8 +343,6 @@ # cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE # -cp -p %{S:16} %{S:17} .; gunzip mkcert.sh.gz -# # replace PLATFORM string that's seen in the "Server:" header # sed 's,(" PLATFORM "),(%platform_string),' server/core.c > tmp_file && mv tmp_file server/core.c @@ -594,8 +585,7 @@ # # ssl stuff install -m 755 %{S:25} $RPM_BUILD_ROOT/%{_bindir}/ -chmod 755 certificate.sh mkcert.sh -tar xjf $RPM_SOURCE_DIR/apache-ssl-stuff.tar.bz2 -C $RPM_BUILD_ROOT/%{sysconfdir} +tar xjf %{SOURCE29} -C $RPM_BUILD_ROOT/%{sysconfdir} # # init script and friends mkdir -p $RPM_BUILD_ROOT/etc/init.d @@ -616,8 +606,9 @@ ln -s a2enmod $RPM_BUILD_ROOT/%{_sbindir}/a2dismod # # directories for files from other packages and other configuration -mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/vhosts.d -mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/sysconfig.d +for i in vhosts.d sysconfig.d; do + mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/$i +done # # make list of all modules, and install sysconfig template for i in $(find $RPM_BUILD_ROOT/%{libexecdir}-%{default_mpm} -name "*.so" | sort); do @@ -821,8 +812,6 @@ %defattr(-,root,root) %doc INSTALL READM* LICENSE ABOUT_APACHE CHANGES %doc support/SHA1 -%doc %attr(755,root,root) certificate.sh -%doc %attr(755,root,root) mkcert.sh %doc %{_mandir}/man8/apachectl%{vers}.8.* %doc %{_mandir}/man8/htcacheclean%{vers}.8.* %doc %{_mandir}/man8/%{httpd}.8.* @@ -848,11 +837,7 @@ %dir %{sysconfdir}/ssl.csr %dir %attr(700,root,root) %{sysconfdir}/ssl.key %dir %{sysconfdir}/ssl.prm - %{sysconfdir}/ssl.*/README* -%config %{sysconfdir}/ssl.*/Makefile -%config(noreplace) %{sysconfdir}/ssl.crt/server.crt -%config(noreplace) %{sysconfdir}/ssl.csr/server.csr -%config(noreplace) %{sysconfdir}/ssl.key/server.key +%{sysconfdir}/ssl.*/README* %dir %{sysconfdir}/conf.d %dir %{sysconfdir}/vhosts.d %dir %{sysconfdir}/sysconfig.d @@ -943,11 +928,6 @@ %config(noreplace) %{htdocsdir}/favicon.ico %config(noreplace) %{htdocsdir}/robots.txt -%files example-certificates -%defattr(-,root,root) -%{sysconfdir}/ssl.*/snakeoil* -%{sysconfdir}/ssl.*/*.0 - %files utils %defattr(-,root,root) %doc %{_mandir}/man8/ab%{vers}.8.* ++++++ apache-ssl-stuff.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.crl/Makefile new/ssl.crl/Makefile --- old/ssl.crl/Makefile 2002-10-24 12:06:31.000000000 +0200 +++ new/ssl.crl/Makefile 1970-01-01 01:00:00.000000000 +0100 @@ -1,54 +0,0 @@ -## -## Makefile to keep the hash symlinks in SSLCARevocationPath up to date -## Copyright (c) 1998-2001 Ralf S. Engelschall, All Rights Reserved. -## - -SSL_PROGRAM= - -update: clean - -@ssl_program="$(SSL_PROGRAM)"; \ - if [ ".$$ssl_program" = . ]; then \ - for dir in . `echo $$PATH | sed -e 's/:/ /g'`; do \ - for program in openssl ssleay; do \ - if [ -f "$$dir/$$program" ]; then \ - if [ -x "$$dir/$$program" ]; then \ - ssl_program="$$dir/$$program"; \ - break; \ - fi; \ - fi; \ - done; \ - if [ ".$$ssl_program" != . ]; then \ - break; \ - fi; \ - done; \ - fi; \ - if [ ".$$ssl_program" = . ]; then \ - echo "Error: neither 'openssl' nor 'ssleay' program found" 1>&2; \ - exit 1; \ - fi; \ - for file in *.crl; do \ - [ "x$$file" = "x*.crl" ] && continue; \ - if [ ".`grep SKIPME $$file`" != . ]; then \ - echo dummy |\ - awk '{ printf("%-15s ... Skipped\n", file); }' \ - "file=$$file"; \ - else \ - n=0; \ - while [ 1 ]; do \ - hash="`$$ssl_program crl -noout -hash <$$file`"; \ - if [ -r "$$hash.r$$n" ]; then \ - n=`expr $$n + 1`; \ - else \ - echo dummy |\ - awk '{ printf("%-15s ... %s\n", file, hash); }' \ - "file=$$file" "hash=$$hash.r$$n"; \ - ln -s $$file $$hash.r$$n; \ - break; \ - fi; \ - done; \ - fi; \ - done - -clean: - -@rm -f [0-9a-fA-F]*.r[0-9]* - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.crl/README.CRL new/ssl.crl/README.CRL --- old/ssl.crl/README.CRL 2002-10-24 12:06:31.000000000 +0200 +++ new/ssl.crl/README.CRL 2011-04-08 16:17:16.000000000 +0200 @@ -2,8 +2,6 @@ This is the ssl.crl/ directory of Apache/mod_ssl where PEM-encoded X.509 Certificate Revocation Lists (CRL) for SSL are stored. - Per default this directory contains no CRLs. - You can view the ingredients of a particular CRL file in plain text by running the command: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.crt/0cf14d7d.0 new/ssl.crt/0cf14d7d.0 --- old/ssl.crt/0cf14d7d.0 2011-05-27 15:48:36.000000000 +0200 +++ new/ssl.crt/0cf14d7d.0 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -symbolic link to snakeoil-ca-dsa.crt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.crt/5d8360e1.0 new/ssl.crt/5d8360e1.0 --- old/ssl.crt/5d8360e1.0 2011-05-27 15:48:36.000000000 +0200 +++ new/ssl.crt/5d8360e1.0 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -symbolic link to snakeoil-dsa.crt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.crt/82ab5372.0 new/ssl.crt/82ab5372.0 --- old/ssl.crt/82ab5372.0 2011-05-27 15:48:36.000000000 +0200 +++ new/ssl.crt/82ab5372.0 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -symbolic link to snakeoil-rsa.crt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.crt/Makefile new/ssl.crt/Makefile --- old/ssl.crt/Makefile 2002-10-24 12:06:29.000000000 +0200 +++ new/ssl.crt/Makefile 1970-01-01 01:00:00.000000000 +0100 @@ -1,53 +0,0 @@ -## -## Makefile to keep the hash symlinks in SSLCACertificatePath up to date -## Copyright (c) 1998-2001 Ralf S. Engelschall, All Rights Reserved. -## - -SSL_PROGRAM= - -update: clean - -@ssl_program="$(SSL_PROGRAM)"; \ - if [ ".$$ssl_program" = . ]; then \ - for dir in . `echo $$PATH | sed -e 's/:/ /g'`; do \ - for program in openssl ssleay; do \ - if [ -f "$$dir/$$program" ]; then \ - if [ -x "$$dir/$$program" ]; then \ - ssl_program="$$dir/$$program"; \ - break; \ - fi; \ - fi; \ - done; \ - if [ ".$$ssl_program" != . ]; then \ - break; \ - fi; \ - done; \ - fi; \ - if [ ".$$ssl_program" = . ]; then \ - echo "Error: neither 'openssl' nor 'ssleay' program found" 1>&2; \ - exit 1; \ - fi; \ - for file in *.crt; do \ - if [ ".`grep SKIPME $$file`" != . ]; then \ - echo dummy |\ - awk '{ printf("%-15s ... Skipped\n", file); }' \ - "file=$$file"; \ - else \ - n=0; \ - while [ 1 ]; do \ - hash="`$$ssl_program x509 -noout -hash <$$file`"; \ - if [ -r "$$hash.$$n" ]; then \ - n=`expr $$n + 1`; \ - else \ - echo dummy |\ - awk '{ printf("%-15s ... %s\n", file, hash); }' \ - "file=$$file" "hash=$$hash.$$n"; \ - ln -s $$file $$hash.$$n; \ - break; \ - fi; \ - done; \ - fi; \ - done - -clean: - -@rm -f [0-9a-fA-F]*.[0-9]* - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.crt/README.CRT new/ssl.crt/README.CRT --- old/ssl.crt/README.CRT 2002-10-24 12:06:29.000000000 +0200 +++ new/ssl.crt/README.CRT 2011-04-08 16:17:25.000000000 +0200 @@ -2,30 +2,6 @@ This is the ssl.crt/ directory of Apache/mod_ssl where PEM-encoded X.509 Certificates for SSL are stored. - Per default the following two files are provided: - - o server.crt: - This is the server certificate for Apache/mod_ssl, configured with the - SSLCertificateFile directive. Per default this is a dummy file, but may be - overwritten by the `make certificate' target under built-time. - - o snakeoil.crt: - This is the _DEMONSTRATION ONLY_ `Snake Oil' dummy server certificate. - NEVER USE THIS FOR REAL LIFE! INSTEAD USE A REAL CERTIFICATE! - - o snakeoil-ca.crt: - This is the certificate of the _DEMONSTRATION ONLY_ `Snake Oil' Certificate - Authority. This CA is used to sign the server.crt on `make certificate' - because self-signed server certificates are not accepted by all browsers. - NEVER USE THIS CA YOURSELF FOR REAL LIFE! INSTEAD EITHER USE A PUBLICALLY - KNOWN CA OR CREATE YOUR OWN CA! - - o ca-bundle.crt: - This is a bundle of CA root certificate for Apache/mod_ssl, configurable - with the SSLCACertificateFile directive. Per default it's disabled but can - be enabled for client authentication when the clients use certificates - signed by one of the commonly known public Certificate Authorities. - You can view the ingredients of a particular certificate file in plain text by running the command: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.crt/e52d41d0.0 new/ssl.crt/e52d41d0.0 --- old/ssl.crt/e52d41d0.0 2011-05-27 15:48:36.000000000 +0200 +++ new/ssl.crt/e52d41d0.0 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -symbolic link to snakeoil-ca-rsa.crt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.crt/server.crt new/ssl.crt/server.crt --- old/ssl.crt/server.crt 2002-10-24 12:06:29.000000000 +0200 +++ new/ssl.crt/server.crt 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -THIS FILE HAS TO BE REPLACED BY A REAL SERVER CERTIFICATE! (SKIPME) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.crt/snakeoil-ca-dsa.crt new/ssl.crt/snakeoil-ca-dsa.crt --- old/ssl.crt/snakeoil-ca-dsa.crt 2002-10-24 12:06:29.000000000 +0200 +++ new/ssl.crt/snakeoil-ca-dsa.crt 1970-01-01 01:00:00.000000000 +0100 @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEEzCCA8+gAwIBAgIBADALBgcqhkjOOAQDBQAwga8xCzAJBgNVBAYTAlhZMRUw -EwYDVQQIEwxTbmFrZSBEZXNlcnQxEzARBgNVBAcTClNuYWtlIFRvd24xFzAVBgNV -BAoTDlNuYWtlIE9pbCwgTHRkMSQwIgYDVQQLExtDZXJ0aWZpY2F0ZSBBdXRob3Jp -dHkgKERTQSkxFTATBgNVBAMTDFNuYWtlIE9pbCBDQTEeMBwGCSqGSIb3DQEJARYP -Y2FAc25ha2VvaWwuZG9tMB4XDTk5MTAyMTE4MjkzN1oXDTAxMTAyMDE4MjkzN1ow -ga8xCzAJBgNVBAYTAlhZMRUwEwYDVQQIEwxTbmFrZSBEZXNlcnQxEzARBgNVBAcT -ClNuYWtlIFRvd24xFzAVBgNVBAoTDlNuYWtlIE9pbCwgTHRkMSQwIgYDVQQLExtD -ZXJ0aWZpY2F0ZSBBdXRob3JpdHkgKERTQSkxFTATBgNVBAMTDFNuYWtlIE9pbCBD -QTEeMBwGCSqGSIb3DQEJARYPY2FAc25ha2VvaWwuZG9tMIIBtjCCASsGByqGSM44 -BAEwggEeAoGBAIufVdfx9oweG3NK2n3BjoFVM+4RT1ukyaGtvq+Bo1nLh1N7pVLz -invAZ6mrkJCN84vgeN1r6DXbHO2jy7EGQIM73xeD2rzoJjjkdmT6robIY4tlI4Px -xAfCHWhQ/rmzlPPTXw4UHOkjdsfF87pph6VZjOIOIUqnUGtR25r6krhJAhUA8sdJ -X0VLPxnsgc6DVmvkfzahA6UCgYBZI9bJ9Vc8AXyHYYNv5x/3uTjhWQdn5HGl7waC -GV8Gf0vcRJZRk04kx8MuWfLt1K1hT3xVNU16SJ1i5oGy/ISQWufLs0JSaK5pKdfh -SO0UOQ2Ff2PlhsJEYuaxzzrkBPngpG7fU7b90ocujo2AU+KuKMfL30cngtFj1n0e -RdXOzAOBhAACgYAsjVZYJl5pyLiRK+FfLF6dMI1BCRzyz3/EK4CLh1XjZ5IZCi6b -dua9YTVwum4w8buOE86P2zC/9Z9tpEpn1Joqf68jgjmzPKNpaO2AiQQC5UkzGzpx -EVagyIzL0FP+WIM0ABLodiyoDkmPydPpllQjnG/O9na5o4gkrgxsqNKQLKN6MHgw -GgYDVR0RBBMwEYEPY2FAc25ha2VvaWwuZG9tMA8GA1UdEwQIMAYBAf8CAQAwNgYJ -YIZIAYb4QgENBCkWJ21vZF9zc2wgZ2VuZXJhdGVkIGN1c3RvbSBDQSBjZXJ0aWZp -Y2F0ZTARBglghkgBhvhCAQEEBAMCAgQwCwYHKoZIzjgEAwUAAzEAMC4CFQC/d4P2 -0mWRROo+DKuNJDnnjQ9NmQIVAKs5D8EhoYBwBm4IwOsuvd3YWoVa ------END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.crt/snakeoil-ca-rsa.crt new/ssl.crt/snakeoil-ca-rsa.crt --- old/ssl.crt/snakeoil-ca-rsa.crt 2002-10-24 12:06:29.000000000 +0200 +++ new/ssl.crt/snakeoil-ca-rsa.crt 1970-01-01 01:00:00.000000000 +0100 @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDRDCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx -FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG -A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv -cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz -bmFrZW9pbC5kb20wHhcNOTkxMDIxMTgyMTQ2WhcNMDExMDIwMTgyMTQ2WjCBqTEL -MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h -a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRp -ZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZI -hvcNAQkBFg9jYUBzbmFrZW9pbC5kb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ -AoGBANiTGAmWoiB2Qx3SbwFXwjbqU9ZwnfBE5Er1h1kNh487D782I8mcT/CzxmsH -evK3heBKTEno+jB0y5p4+QShxryaMUUbRoOGfrlrVwc/dbwJQz7UNyqDlWnvnW4p -TfdVd+8JlCpYFB23Z7bmpUV1Xy6VFKBahzIhzITaux1vvEPLAgMBAAGjejB4MBoG -A1UdEQQTMBGBD2NhQHNuYWtlb2lsLmRvbTAPBgNVHRMECDAGAQH/AgEAMDYGCWCG -SAGG+EIBDQQpFidtb2Rfc3NsIGdlbmVyYXRlZCBjdXN0b20gQ0EgY2VydGlmaWNh -dGUwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBBAUAA4GBAImhzPY4PBRt -PQbAQBAmHIBRcb69iTbFC+dghnVJQ3F549rZapY420kQDKQ6aCybPFmxJ/Rf27gY -FuAuo+B8EEVX0lU8VUSEhYQedODnQ3skwcT02g4b33GkzH7ED2N9kaa6U65UUrcE -KXJgz7tmAQHnTc9K1g2qIApIjnr3FrrJ ------END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.crt/snakeoil-dsa.crt new/ssl.crt/snakeoil-dsa.crt --- old/ssl.crt/snakeoil-dsa.crt 2002-10-24 12:06:29.000000000 +0200 +++ new/ssl.crt/snakeoil-dsa.crt 1970-01-01 01:00:00.000000000 +0100 @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEAzCCA8GgAwIBAgIBATALBgcqhkjOOAQDBQAwga8xCzAJBgNVBAYTAlhZMRUw -EwYDVQQIEwxTbmFrZSBEZXNlcnQxEzARBgNVBAcTClNuYWtlIFRvd24xFzAVBgNV -BAoTDlNuYWtlIE9pbCwgTHRkMSQwIgYDVQQLExtDZXJ0aWZpY2F0ZSBBdXRob3Jp -dHkgKERTQSkxFTATBgNVBAMTDFNuYWtlIE9pbCBDQTEeMBwGCSqGSIb3DQEJARYP -Y2FAc25ha2VvaWwuZG9tMB4XDTk5MTAyMTE4Mjk1MFoXDTAxMTAyMDE4Mjk1MFow -ga0xCzAJBgNVBAYTAlhZMRUwEwYDVQQIEwxTbmFrZSBEZXNlcnQxEzARBgNVBAcT -ClNuYWtlIFRvd24xFzAVBgNVBAoTDlNuYWtlIE9pbCwgTHRkMR0wGwYDVQQLExRX -ZWJzZXJ2ZXIgVGVhbSAoRFNBKTEZMBcGA1UEAxMQd3d3LnNuYWtlb2lsLmRvbTEf -MB0GCSqGSIb3DQEJARYQd3d3QHNuYWtlb2lsLmRvbTCCAbYwggErBgcqhkjOOAQB -MIIBHgKBgQCLn1XX8faMHhtzStp9wY6BVTPuEU9bpMmhrb6vgaNZy4dTe6VS84p7 -wGepq5CQjfOL4Hjda+g12xzto8uxBkCDO98Xg9q86CY45HZk+q6GyGOLZSOD8cQH -wh1oUP65s5Tz018OFBzpI3bHxfO6aYelWYziDiFKp1BrUdua+pK4SQIVAPLHSV9F -Sz8Z7IHOg1Zr5H82oQOlAoGAWSPWyfVXPAF8h2GDb+cf97k44VkHZ+Rxpe8Gghlf -Bn9L3ESWUZNOJMfDLlny7dStYU98VTVNekidYuaBsvyEkFrny7NCUmiuaSnX4Ujt -FDkNhX9j5YbCRGLmsc865AT54KRu31O2/dKHLo6NgFPirijHy99HJ4LRY9Z9HkXV -zswDgYQAAoGAcARR9kHyvPAuiSlt2ofunB0OA3qIpbcYutu1jeR3EC8JDxp/lrWE -mYxubcOLaqqIJifiD9hf+RuhSNg0D+0A7yjXgFPI13Loo7lqNu0trG4ULV4GUU2b -zoxp/PQQtJiB4B0DJCO789+ZsdUpJN1Tat3ocIRgryZb6Hor9ifF9iGjbjBsMBsG -A1UdEQQUMBKBEHd3d0BzbmFrZW9pbC5kb20wOgYJYIZIAYb4QgENBC0WK21vZF9z -c2wgZ2VuZXJhdGVkIGN1c3RvbSBzZXJ2ZXIgY2VydGlmaWNhdGUwEQYJYIZIAYb4 -QgEBBAQDAgZAMAsGByqGSM44BAMFAAMvADAsAhRXQ6Pm1pLo0Du/A7Lg1ILzncj5 -3gIUBHvNEBKuqJERC8Zt7LECsjmrVMM= ------END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.crt/snakeoil-rsa.crt new/ssl.crt/snakeoil-rsa.crt --- old/ssl.crt/snakeoil-rsa.crt 2002-10-24 12:06:29.000000000 +0200 +++ new/ssl.crt/snakeoil-rsa.crt 1970-01-01 01:00:00.000000000 +0100 @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDNjCCAp+gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx -FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG -A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv -cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz -bmFrZW9pbC5kb20wHhcNOTkxMDIxMTgyMTUxWhcNMDExMDIwMTgyMTUxWjCBpzEL -MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h -a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxFzAVBgNVBAsTDldlYnNl -cnZlciBUZWFtMRkwFwYDVQQDExB3d3cuc25ha2VvaWwuZG9tMR8wHQYJKoZIhvcN -AQkBFhB3d3dAc25ha2VvaWwuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB -gQC554Ro+VH0dJONqljPBW+C72MDNGNy9eXnzejXrczsHs3Pc92Vaat6CpIEEGue -yG29xagb1o7Gj2KRgpVYcmdx6tHd2JkFW5BcFVfWXL42PV4rf9ziYon8jWsbK2aE -+L6hCtcbxdbHOGZdSIWZJwc/1Vs70S/7ImW+Zds8YEFiAwIDAQABo24wbDAbBgNV -HREEFDASgRB3d3dAc25ha2VvaWwuZG9tMDoGCWCGSAGG+EIBDQQtFittb2Rfc3Ns -IGdlbmVyYXRlZCBjdXN0b20gc2VydmVyIGNlcnRpZmljYXRlMBEGCWCGSAGG+EIB -AQQEAwIGQDANBgkqhkiG9w0BAQQFAAOBgQB6MRsYGTXUR53/nTkRDQlBdgCcnhy3 -hErfmPNl/Or5jWOmuufeIXqCvM6dK7kW/KBboui4pffIKUVafLUMdARVV6BpIGMI -5LmVFK3sgwuJ01v/90hCt4kTWoT8YHbBLtQh7PzWgJoBAY7MJmjSguYCRt91sU4K -s0dfWsdItkw4uQ== ------END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.csr/README.CSR new/ssl.csr/README.CSR --- old/ssl.csr/README.CSR 2002-10-24 12:06:31.000000000 +0200 +++ new/ssl.csr/README.CSR 2011-04-08 16:17:32.000000000 +0200 @@ -2,16 +2,6 @@ This is the ssl.csr/ directory of Apache/mod_ssl where PEM-encoded X.509 Certificate Signing Requests for SSL are stored. - Per default the following file is provided: - - o server.csr: - This is the server certificate signing request for Apache/mod_ssl - corresponding to the ../ssl.crt/server.crt file. Per default this is a - dummy file, but may be overwritten by the `make certificate' target under - built-time. Then it contains the CSR which you can send to a public - Certification Authority (CA) for requesting a real signed certificate - (which then can replace the ../ssl.crt/server.crt file). - You can also use this directory for temporarily storing CSRs from within your (CGI-) scripts when you want to perform client authentication with your own CA instance. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.csr/server.csr new/ssl.csr/server.csr --- old/ssl.csr/server.csr 2002-10-24 12:06:31.000000000 +0200 +++ new/ssl.csr/server.csr 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -THIS FILE HAS TO BE REPLACED BY A REAL SERVER CERTIFICATE SIGNING REQUEST! (SKIPME) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.key/README.KEY new/ssl.key/README.KEY --- old/ssl.key/README.KEY 2002-10-24 12:06:31.000000000 +0200 +++ new/ssl.key/README.KEY 2011-04-08 16:17:42.000000000 +0200 @@ -2,25 +2,6 @@ This is the ssl.key/ directory of Apache/mod_ssl where PEM-encoded RSA Private Keys for SSL are stored. - Per default the following files are provided: - - o server.key: - This is the server private key for Apache/mod_ssl, configured with the - SSLCertificateKeyFile directive. Per default this is a dummy file, but may - be overwritten by the `make certificate' target under built-time. - - o snakeoil.key: - This is the private key of the _DEMONSTRATION ONLY_ `Snake Oil' Server. It - corresponds to the dummy server certificate ../ssl.crt/snakeoil.crt. NEVER - USE THIS PRIVATE KEY YOURSELF FOR REAL LIFE! INSTEAD USE A REAL SERVER KEY! - - o snakeoil-ca.key: - This is the private key of the _DEMONSTRATION ONLY_ `Snake Oil' Certificate - Authority. It is used to sign the ../ssl.crt/server.crt on `make - certificate' because self-signed server certificates are not accepted by - all browsers. NEVER USE THIS PRIVATE KEY YOURSELF FOR REAL LIFE! INSTEAD - EITHER USE A PUBLICALLY KNOWN CA OR CREATE YOUR OWN CA! - You can view the ingredients of a particular private key file in plain text by running the command (a pass phrase may be queried): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.key/server.key new/ssl.key/server.key --- old/ssl.key/server.key 2002-10-24 12:06:31.000000000 +0200 +++ new/ssl.key/server.key 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -THIS FILE HAS TO BE REPLACED BY A REAL SERVER PRIVATE KEY! (SKIPME) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.key/snakeoil-ca-dsa.key new/ssl.key/snakeoil-ca-dsa.key --- old/ssl.key/snakeoil-ca-dsa.key 2002-10-24 12:06:31.000000000 +0200 +++ new/ssl.key/snakeoil-ca-dsa.key 1970-01-01 01:00:00.000000000 +0100 @@ -1,12 +0,0 @@ ------BEGIN DSA PRIVATE KEY----- -MIIBuwIBAAKBgQCLn1XX8faMHhtzStp9wY6BVTPuEU9bpMmhrb6vgaNZy4dTe6VS -84p7wGepq5CQjfOL4Hjda+g12xzto8uxBkCDO98Xg9q86CY45HZk+q6GyGOLZSOD -8cQHwh1oUP65s5Tz018OFBzpI3bHxfO6aYelWYziDiFKp1BrUdua+pK4SQIVAPLH -SV9FSz8Z7IHOg1Zr5H82oQOlAoGAWSPWyfVXPAF8h2GDb+cf97k44VkHZ+Rxpe8G -ghlfBn9L3ESWUZNOJMfDLlny7dStYU98VTVNekidYuaBsvyEkFrny7NCUmiuaSnX -4UjtFDkNhX9j5YbCRGLmsc865AT54KRu31O2/dKHLo6NgFPirijHy99HJ4LRY9Z9 -HkXVzswCgYAsjVZYJl5pyLiRK+FfLF6dMI1BCRzyz3/EK4CLh1XjZ5IZCi6bdua9 -YTVwum4w8buOE86P2zC/9Z9tpEpn1Joqf68jgjmzPKNpaO2AiQQC5UkzGzpxEVag -yIzL0FP+WIM0ABLodiyoDkmPydPpllQjnG/O9na5o4gkrgxsqNKQLAIVANDb2WME -cYQBeW7FgeCXtSBf75d/ ------END DSA PRIVATE KEY----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.key/snakeoil-ca-rsa.key new/ssl.key/snakeoil-ca-rsa.key --- old/ssl.key/snakeoil-ca-rsa.key 2002-10-24 12:06:31.000000000 +0200 +++ new/ssl.key/snakeoil-ca-rsa.key 1970-01-01 01:00:00.000000000 +0100 @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDYkxgJlqIgdkMd0m8BV8I26lPWcJ3wRORK9YdZDYePOw+/NiPJ -nE/ws8ZrB3ryt4XgSkxJ6PowdMuaePkEoca8mjFFG0aDhn65a1cHP3W8CUM+1Dcq -g5Vp751uKU33VXfvCZQqWBQdt2e25qVFdV8ulRSgWocyIcyE2rsdb7xDywIDAQAB -AoGAEIvUZ08h3dcLM6kTIAgjZ2ypsRVzi5rH0k5F4/DbrX62qkYpn8qYdOxXOXAd -3ZNV4BftEiyBiNgzgf7CD6+IblZUqkc1dUc96AJH16CUXM/favAHhIoSdyhrnAH8 -O9UN1KxlzUpvLDOelbOdL4/4sQ0XXqd9DJcZkeKc4zCi35kCQQD43SlsTDBeO7ae -Ig5qnJ/g2V2V4bPh1xTH7LjxthsksOqPUEt3DgRmRVq+qeDyyxN49V9uFYf8oXDl -1FchPranAkEA3sjny2sxBNIBGtPVLGFl+aukBRkNOdmssVcBudsnigOEL0lbd4Wu -07ok0zeCuAu+yHRYJKY4eqWVGQJ/DtUSPQJBAIqxVuCQJXSe+stuV3J7D28UNN/P -BZ0bbO1utDOhNcdhAZgVO7mCClmk1UnlCwTEwHls5l5HiZ31qyGrEVPpy4kCQDfR -VmIdBTcT9rrmAC8SaB5Z5spwMGQiKaZ1CjWqtwlZQDEozAXyNI9PwBI7gkDikHZg -0AS+sL/p5KVTfsoUkHECQQDWCSgpZ8k7EajS1RWIGH/GcFT/GaKX8yiMIP2S3Atc -nl7yMj8yw+1N503FF0aRwimryXQt/VHVYjtYsSAgNU/i ------END RSA PRIVATE KEY----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.key/snakeoil-dsa.key new/ssl.key/snakeoil-dsa.key --- old/ssl.key/snakeoil-dsa.key 2002-10-24 12:06:31.000000000 +0200 +++ new/ssl.key/snakeoil-dsa.key 1970-01-01 01:00:00.000000000 +0100 @@ -1,12 +0,0 @@ ------BEGIN DSA PRIVATE KEY----- -MIIBuwIBAAKBgQCLn1XX8faMHhtzStp9wY6BVTPuEU9bpMmhrb6vgaNZy4dTe6VS -84p7wGepq5CQjfOL4Hjda+g12xzto8uxBkCDO98Xg9q86CY45HZk+q6GyGOLZSOD -8cQHwh1oUP65s5Tz018OFBzpI3bHxfO6aYelWYziDiFKp1BrUdua+pK4SQIVAPLH -SV9FSz8Z7IHOg1Zr5H82oQOlAoGAWSPWyfVXPAF8h2GDb+cf97k44VkHZ+Rxpe8G -ghlfBn9L3ESWUZNOJMfDLlny7dStYU98VTVNekidYuaBsvyEkFrny7NCUmiuaSnX -4UjtFDkNhX9j5YbCRGLmsc865AT54KRu31O2/dKHLo6NgFPirijHy99HJ4LRY9Z9 -HkXVzswCgYBwBFH2QfK88C6JKW3ah+6cHQ4Deoiltxi627WN5HcQLwkPGn+WtYSZ -jG5tw4tqqogmJ+IP2F/5G6FI2DQP7QDvKNeAU8jXcuijuWo27S2sbhQtXgZRTZvO -jGn89BC0mIHgHQMkI7vz35mx1Skk3VNq3ehwhGCvJlvoeiv2J8X2IQIVAOTRp7zp -En7QlXnXw1s7xXbbuKP0 ------END DSA PRIVATE KEY----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.key/snakeoil-rsa.key new/ssl.key/snakeoil-rsa.key --- old/ssl.key/snakeoil-rsa.key 2002-10-24 12:06:31.000000000 +0200 +++ new/ssl.key/snakeoil-rsa.key 1970-01-01 01:00:00.000000000 +0100 @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQC554Ro+VH0dJONqljPBW+C72MDNGNy9eXnzejXrczsHs3Pc92V -aat6CpIEEGueyG29xagb1o7Gj2KRgpVYcmdx6tHd2JkFW5BcFVfWXL42PV4rf9zi -Yon8jWsbK2aE+L6hCtcbxdbHOGZdSIWZJwc/1Vs70S/7ImW+Zds8YEFiAwIDAQAB -AoGBAKTvnFGKSkUJnNQGe66I0wunGgCA3W7kbarAzEF2qKYhGlZhJQnn68RmVnAW -pXUFvB+vmtu/+4J9OmWBJsGHFvC9xH32a0PWNr7APjAKrjAD8GWS7Z6BjuxN8QhD -WlFMmpYhYIjT1jt7RNfs2gJGS2Ryu3zutUQGwtUB9Pou03dJAkEA6yttwVINFqQP -utgUZ1JUHrN/rE73FzYsF/CwJp5d3rLHenZzLT0iW+kNDLUw/VpzYxK7bF2Qrt/3 -QIUWwm2InQJBAMpe+jhNMJeLDLc3tG3zeithT0mFkuzWWmT2PJgQ0V78UWhw/fSn -Qqnq7KBY/DNjlfhezrozLDD73/ccmha0Ax8CQQCBaBlyOtNm9QqO116K6HvPlRiZ -Wa6QQEgNOG3GInknFZu9ILcKWsywZNLAfmgh0gcSqnkmDWqTQD0PbOz0Ok/lAkEA -g24JrfUbwOASww9PhDUju/a36rTwhhZ0oKt3EP+jKsBOErmHhZP3bKlhQoZoTOu5 -Y5QXSMChS7LZcwDFZkdE2wJATRgMbhErif+ZRwt9XJRdCo5Sx6ewyGyxjc5gvUyK -KegHcgru/ZC3pGlujRD2LqxgJNAn5QTdW4LK8xVPFySTYg== ------END RSA PRIVATE KEY----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.prm/README.PRM new/ssl.prm/README.PRM --- old/ssl.prm/README.PRM 2002-10-24 12:06:31.000000000 +0200 +++ new/ssl.prm/README.PRM 2011-04-08 16:17:48.000000000 +0200 @@ -2,15 +2,6 @@ This is the ssl.prm/ directory of Apache/mod_ssl where public DSA Parameter Files for SSL are stored. - Per default the following files are provided: - - o snakeoil-ca-dsa.prm: - This is the DSA parameter file of the _DEMONSTRATION ONLY_ `Snake Oil' CA. - - o snakeoil-dsa.prm: - This is the DSA parameter file of the _DEMONSTRATION ONLY_ `Snake Oil' - server. - You can view the ingredients of a particular parameter file in plain text by running the command: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.prm/snakeoil-ca-dsa.prm new/ssl.prm/snakeoil-ca-dsa.prm --- old/ssl.prm/snakeoil-ca-dsa.prm 2002-10-24 12:06:31.000000000 +0200 +++ new/ssl.prm/snakeoil-ca-dsa.prm 1970-01-01 01:00:00.000000000 +0100 @@ -1,9 +0,0 @@ ------BEGIN DSA PARAMETERS----- -MIIBHgKBgQDqP04Jh4QoUWqPJZftxsgLdO54hGmvEYr2o2nqMjO/DbVuujr8QDnV -WNRveEuVdrx6AftCchgIvdJS4LTqfvgOmIwsGYylADmycIRlBVHd5q1ocGldkeEB -iY+cS5yv8ro1x4DRCd0axmhBvTu2BRbippaK7PNALw5xs8eQch0KLQIVAJ8rT8F7 -NqIRASUjy1Bwx701zSIfAoGAT5RMEmjJ4HXOJ0GyIKAesFQhOy3gXXUfV4zXTpSM -z8cQWfTqxLgVjkvZCt6SYcNmpaRnJyrmUdGD2uSwBcMkXj3G/NI/7n1C6ZuBTt1x -6TCQA72nYh0xQaj/kbmhT2wNyONMx/sZO/WPUr0qvu/012FS2YlKtq3wRM4+XHz7 -jY0= ------END DSA PARAMETERS----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl.prm/snakeoil-dsa.prm new/ssl.prm/snakeoil-dsa.prm --- old/ssl.prm/snakeoil-dsa.prm 2002-10-24 12:06:31.000000000 +0200 +++ new/ssl.prm/snakeoil-dsa.prm 1970-01-01 01:00:00.000000000 +0100 @@ -1,9 +0,0 @@ ------BEGIN DSA PARAMETERS----- -MIIBHgKBgQDqP04Jh4QoUWqPJZftxsgLdO54hGmvEYr2o2nqMjO/DbVuujr8QDnV -WNRveEuVdrx6AftCchgIvdJS4LTqfvgOmIwsGYylADmycIRlBVHd5q1ocGldkeEB -iY+cS5yv8ro1x4DRCd0axmhBvTu2BRbippaK7PNALw5xs8eQch0KLQIVAJ8rT8F7 -NqIRASUjy1Bwx701zSIfAoGAT5RMEmjJ4HXOJ0GyIKAesFQhOy3gXXUfV4zXTpSM -z8cQWfTqxLgVjkvZCt6SYcNmpaRnJyrmUdGD2uSwBcMkXj3G/NI/7n1C6ZuBTt1x -6TCQA72nYh0xQaj/kbmhT2wNyONMx/sZO/WPUr0qvu/012FS2YlKtq3wRM4+XHz7 -jY0= ------END DSA PARAMETERS----- ++++++ apache2-vhost-ssl.template ++++++ --- /var/tmp/diff_new_pack.8AHkPa/_old 2011-05-27 15:48:36.000000000 +0200 +++ /var/tmp/diff_new_pack.8AHkPa/_new 2011-05-27 15:48:36.000000000 +0200 @@ -11,22 +11,13 @@ # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these -# directives see <URL:http://httpd.apache.org/docs-2.2/mod/mod_ssl.html> +# directives see http://httpd.apache.org/docs/2.2/mod/mod_ssl.html # -# For the moment, see <URL:http://www.modssl.org/docs/> for this info. -# The documents are still being prepared from material donated by the -# modssl project. -# # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # -# Until documentation is completed, please check http://www.modssl.org/ -# for additional config examples and module docmentation. Directives -# and features of mod_ssl are largely unchanged from the mod_ssl project -# for Apache 1.3. - <IfDefine SSL> <IfDefine !NOSSL> @@ -47,10 +38,16 @@ # Enable/Disable SSL for this virtual host. SSLEngine on + # SSL protocols + # Supporting TLS only is adequate nowadays + SSLProtocol all -SSLv2 -SSLv3 + # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. - # See the mod_ssl documentation for a complete list. - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + # We disable weak ciphers by default. + # See the mod_ssl documentation or "openssl ciphers -v" for a + # complete list. + SSLCipherSuite ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If ++++++ rc.apache2 ++++++ --- /var/tmp/diff_new_pack.8AHkPa/_old 2011-05-27 15:48:37.000000000 +0200 +++ /var/tmp/diff_new_pack.8AHkPa/_new 2011-05-27 15:48:37.000000000 +0200 @@ -20,6 +20,7 @@ # Required-Stop: $local_fs $remote_fs $network # Default-Start: 3 5 # Default-Stop: 0 1 2 6 +# X-Interactive: true # Short-Description: Apache 2.2 HTTP Server # Description: Start the Apache HTTP daemon ### END INIT INFO ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
