From 1d3107c4da15be40c7a4d08cfa744df8e736fdb2 Mon Sep 17 00:00:00 2001 From: rhatto Date: Wed, 29 Apr 2009 12:55:09 +0000 Subject: EOLing old patches git-svn-id: svn+slack://slack.fluxo.info/var/svn/slackbuilds@2175 370017ae-e619-0410-ac65-c121f96126d4 --- patches/mod_ssl/_mod_ssl.tar.gz | Bin 4699 -> 0 bytes patches/mod_ssl/libssl.module.diff.gz | Bin 392 -> 0 bytes patches/mod_ssl/mod_ssl.SlackBuild | 191 ------------------------ patches/mod_ssl/mod_ssl.conf.example | 266 ---------------------------------- patches/mod_ssl/slack-desc | 19 --- 5 files changed, 476 deletions(-) delete mode 100644 patches/mod_ssl/_mod_ssl.tar.gz delete mode 100644 patches/mod_ssl/libssl.module.diff.gz delete mode 100755 patches/mod_ssl/mod_ssl.SlackBuild delete mode 100644 patches/mod_ssl/mod_ssl.conf.example delete mode 100644 patches/mod_ssl/slack-desc (limited to 'patches/mod_ssl') diff --git a/patches/mod_ssl/_mod_ssl.tar.gz b/patches/mod_ssl/_mod_ssl.tar.gz deleted file mode 100644 index da20236a..00000000 Binary files a/patches/mod_ssl/_mod_ssl.tar.gz and /dev/null differ diff --git a/patches/mod_ssl/libssl.module.diff.gz b/patches/mod_ssl/libssl.module.diff.gz deleted file mode 100644 index a04fb079..00000000 Binary files a/patches/mod_ssl/libssl.module.diff.gz and /dev/null differ diff --git a/patches/mod_ssl/mod_ssl.SlackBuild b/patches/mod_ssl/mod_ssl.SlackBuild deleted file mode 100755 index dcc67799..00000000 --- a/patches/mod_ssl/mod_ssl.SlackBuild +++ /dev/null @@ -1,191 +0,0 @@ -#!/bin/bash -# -# Build and package mod_ssl on Slackware. -# by: David Cantrell -# Currently maintained by: PJV -# -# Small changes by rhatto -# - -CWD="`pwd`" - -if [ -f ~/.slackbuildrc ]; then - source ~/.slackbuildrc -elif [ -f /etc/slackbuildrc ]; then - source /etc/slackbuildrc -fi - -PACKAGE="mod_ssl" -MODSSL_VER=${MODSSL_VER:=2.8.28} -APACHE_VER=${APACHE_VER:=1.3.37} -ARCH=${ARCH:=i486} -BUILD=${BUILD:=1rha} -REPOS=${REPOS:=$TMP} - -SRC_DIR=${SRC:=$CWD} -TMP=${TMP:=/tmp} - -cat << EOCAT - -Pleasy check if the apache version installed system-wide is $APACHE_VER, -otherwise upgrade your apache. - -Press ENTER to continue. -EOCAT - -read garbage - -RTOOL="wget" -MODSSL="mod_ssl-$MODSSL_VER-$APACHE_VER.tar.gz" -MODSSL_URL="http://www.modssl.org/source/$MODSSL" -APACHE="apache_$APACHE_VER.tar.gz" -APACHE_URL="http://ftp.unicamp.br/pub/apache/httpd/$APACHE" - -SRC_DIR="$SRC_DIR/$PACKAGE" -mkdir -p $SRC_DIR - -if [ "$RTOOL" == "wget" ]; then - - if [ ! -f "$SRC_DIR/$MODSSL" ]; then - wget "$MODSSL_URL" -O "$SRC_DIR/$MODSSL" - fi - - if [ ! -f "$SRC_DIR/$APACHE" ]; then - wget "$APACHE_URL" -O "$SRC_DIR/$APACHE" - fi - -fi - -TMP="$TMP/$PACKAGE" -rm -rf $TMP -mkdir -p $TMP -cd $TMP - -PKG=$TMP/package-$PACKAGE -mkdir -p $PKG -( cd $PKG ; explodepkg $CWD/_mod_ssl.tar.gz ) -# Install sample config file: -cat $CWD/mod_ssl.conf.example > $PKG/etc/apache/mod_ssl.conf.new - -cd $TMP -rm -rf mod_ssl-$MODSSL_VER-$APACHE_VER -rm -rf apache_$APACHE_VER -tar xvzf $SRC_DIR/apache_$APACHE_VER.tar.gz -tar xvzf $SRC_DIR/mod_ssl-$MODSSL_VER-$APACHE_VER.tar.gz - -# build mod_ssl -cd $TMP/mod_ssl-$MODSSL_VER-$APACHE_VER -chown -R root.root . - -if [ "$ARCH" == "x86_64" ]; then - ( cd pkg.sslmod ; zcat $CWD/libssl.module.diff.gz | patch -p0 --verbose ) -fi - -./configure --with-apxs=/usr/sbin/apxs \ - --with-crt=/etc/apache/mod_ssl/server.crt \ - --with-key=/etc/apache/mod_ssl/server.key \ - --with-patch=/usr/bin/patch - -# Enjoy this kludge! :-) -if [ "$ARCH" == "x86_64" ]; then - echo "SSL_CFLAGS= -DSSL_ENGINE -DSSL_USE_SDBM -L/usr/lib64" >> pkg.sslmod/Makefile -else - echo "SSL_CFLAGS= -DSSL_ENGINE -DSSL_USE_SDBM" >> pkg.sslmod/Makefile -fi - -make -j3 - -# go back to the Apache tree and generate the additional package components -cd $TMP/apache_$APACHE_VER -cat $TMP/mod_ssl-$MODSSL_VER-$APACHE_VER/pkg.sslcfg/sslcfg.patch | patch -p0 -cat $TMP/mod_ssl-$MODSSL_VER-$APACHE_VER/pkg.ssldoc/ssldoc.patch | patch -p0 -cat $TMP/mod_ssl-$MODSSL_VER-$APACHE_VER/pkg.sslsup/sslsup.patch | patch -p0 -zcat $CWD/../apache/apache.dbm.diff.gz | patch -p1 -( cd $TMP/apache_$APACHE_VER/src/support - cat apachectl | sed -e "s|PIDFILE=/usr/local/apache/logs/httpd.pid|PIDFILE=/var/run/httpd.pid|g" | sed -e "s|HTTPD='/usr/local/apache/src/httpd'|HTTPD=/usr/sbin/httpd|g" > apachectl.new - mv apachectl.new apachectl ) - -# install mod_ssl -cd $TMP/mod_ssl-$MODSSL_VER-$APACHE_VER -make -j3 -make install -mkdir -p $PKG/usr/doc/mod_ssl-$MODSSL_VER-$APACHE_VER -cp -a ANNOUNCE CREDITS INSTALL LICENSE NEWS README* \ - $PKG/usr/doc/mod_ssl-$MODSSL_VER-$APACHE_VER - -# install the other components for this package -cd $TMP/mod_ssl-$MODSSL_VER-$APACHE_VER -( cd pkg.sslcfg - cp -a README.CRT Makefile.crt ca-bundle.crt snakeoil-ca-rsa.crt \ - snakeoil-ca-dsa.crt snakeoil-rsa.crt snakeoil-dsa.crt \ - server.crt $PKG/etc/apache/ssl.crt ) -( cd pkg.sslcfg - cp -a README.CSR server.csr $PKG/etc/apache/ssl.csr ) -( cd pkg.sslcfg - cp -a README.PRM snakeoil-ca-dsa.prm snakeoil-dsa.prm \ - $PKG/etc/apache/ssl.prm ) -( cd pkg.sslcfg - cp -a Makefile.crl README.CRL $PKG/etc/apache/ssl.crl ) -( cd pkg.sslcfg - cp -a README.KEY snakeoil-ca-rsa.key snakeoil-ca-dsa.key snakeoil-rsa.key \ - snakeoil-dsa.key server.key $PKG/etc/apache/ssl.key ) - -( cd pkg.ssldoc - cp -a index.html ssl_* $PKG/var/www/htdocs/manual/mod/mod_ssl ) -( cd pkg.ssldoc - cp -a apache_pb.gif feather.jpg mod_ssl_sb.gif openssl_ics.gif \ - $PKG/var/www/htdocs/manual/images ) - -cd $TMP/apache_$APACHE_VER -( cd htdocs - cp -a index.html.en $PKG/var/www/htdocs ) -( cd htdocs/manual/mod - cp -a index.html.en index-bytype.html.en directives.html.en \ - $PKG/var/www/htdocs/manual/mod ) -( cd src/support - cp -a apachectl $PKG/usr/sbin ) -# This is a point of overlap with the apache package, so we'll make it -# a symlink so that it's less of a trap for the unsuspecting admin: -( cd $PKG/usr/sbin - mv apachectl apachectl-mod_ssl - ln -sf apachectl-mod_ssl apachectl -) - -# Make key files that we wouldn't want overwritten use .new: -for file in \ -$PKG/etc/apache/ssl.crt/server.crt \ -$PKG/etc/apache/ssl.csr/server.csr \ -$PKG/etc/apache/ssl.key/server.key ; do - mv $file ${file}.new -done - -# get the module in the package -mkdir -p $PKG/usr/libexec/apache -cp -a /usr/libexec/apache/libssl.so $PKG/usr/libexec/apache - -# attributes -chmod 700 $PKG/etc/apache/ssl.key - -# strip: -( cd $PKG - find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null - find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null -) - -# some housekeeping -chown -R root.bin $PKG/usr/sbin -chmod 755 $PKG/usr/sbin/* - -# Install slack-desc: -mkdir -p $PKG/install -cat $CWD/slack-desc > $PKG/install/slack-desc - -# make the package -cd $PKG -makepkg -l y -c n $REPOS/mod_ssl-${MODSSL_VER}_${APACHE_VER}-$ARCH-$BUILD.tgz - -# clean up -if [ "$CLEANUP" == "yes" ]; then - rm -rf $TMP -fi - diff --git a/patches/mod_ssl/mod_ssl.conf.example b/patches/mod_ssl/mod_ssl.conf.example deleted file mode 100644 index 79cce3b9..00000000 --- a/patches/mod_ssl/mod_ssl.conf.example +++ /dev/null @@ -1,266 +0,0 @@ -## _ _ -## _ __ ___ ___ __| | ___ ___| | mod_ssl -## | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL -## | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org -## |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org -## |_____| -## ____________________________________________________________________________ -## -## Copyright (c) 1998-2001 Ralf S. Engelschall, All Rights Reserved. - -## -## Load the mod_ssl module: -## -LoadModule ssl_module libexec/apache/libssl.so - -## -## SSL Support -## -## When we also provide SSL we have to listen to the -## standard HTTP port (see above) and to the HTTPS port -## - -Listen 80 -Listen 443 - - -# -# - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# -# Some MIME-types for downloading Certificates and CRLs -# - -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - - - - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First either `none' -# or `dbm:/path/to/file' for the mechanism to use and -# second the expiring timeout (in seconds). -#SSLSessionCache none -#SSLSessionCache shm:/var/log/apache/ssl_scache(512000) -SSLSessionCache dbm:/var/log/apache/ssl_scache -SSLSessionCacheTimeout 300 - -# Semaphore: -# Configure the path to the mutual explusion semaphore the -# SSL engine uses internally for inter-process synchronization. -SSLMutex file:/var/log/apache/ssl_mutex - -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed startup file:/dev/urandom 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - -# Logging: -# The home of the dedicated SSL protocol logfile. Errors are -# additionally duplicated in the general error log file. Put -# this somewhere where it cannot be used for symlink attacks on -# a real server (i.e. somewhere where only root can write). -# Log levels are (ascending order: higher ones include lower ones): -# none, error, warn, info, trace, debug. -SSLLog /var/log/apache/ssl_engine_log -SSLLogLevel info - - - - - -## -## SSL Virtual Host Context -## - - - -# General setup for the virtual host -DocumentRoot "/var/www/htdocs" -ServerName new.host.name -ServerAdmin you@your.address -ErrorLog /var/log/apache/error_log -TransferLog /var/log/apache/access_log - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -SSLEngine on - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - -# Server Certificate: -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. A test -# certificate can be generated with `make certificate' under -# built time. Keep in mind that if you've both a RSA and a DSA -# certificate you can configure both in parallel (to also allow -# the use of DSA ciphers, etc.) -SSLCertificateFile /etc/apache/ssl.crt/server.crt -#SSLCertificateFile /etc/apache/ssl.crt/server-dsa.crt - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. Keep in mind that if -# you've both a RSA and a DSA private key you can configure -# both in parallel (to also allow the use of DSA ciphers, etc.) -SSLCertificateKeyFile /etc/apache/ssl.key/server.key -#SSLCertificateKeyFile /etc/apache/ssl.key/server-dsa.key - -# Server Certificate Chain: -# Point SSLCertificateChainFile at a file containing the -# concatenation of PEM encoded CA certificates which form the -# certificate chain for the server certificate. Alternatively -# the referenced file can be the same as SSLCertificateFile -# when the CA certificates are directly appended to the server -# certificate for convinience. -#SSLCertificateChainFile /etc/apache/ssl.crt/ca.crt - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -# Note: Inside SSLCACertificatePath you need hash symlinks -# to point to the certificate files. Use the provided -# Makefile to update the hash symlinks after changes. -#SSLCACertificatePath /etc/apache/ssl.crt -#SSLCACertificateFile /etc/apache/ssl.crt/ca-bundle.crt - -# Certificate Revocation Lists (CRL): -# Set the CA revocation path where to find CA CRLs for client -# authentication or alternatively one huge file containing all -# of them (file must be PEM encoded) -# Note: Inside SSLCARevocationPath you need hash symlinks -# to point to the certificate files. Use the provided -# Makefile to update the hash symlinks after changes. -#SSLCARevocationPath /etc/apache/ssl.crl -#SSLCARevocationFile /etc/apache/ssl.crl/ca-bundle.crl - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -# -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -# - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o CompatEnvVars: -# This exports obsolete environment variables for backward compatibility -# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this -# to provide compatibility to existing CGI scripts. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - -# SSL Protocol Adjustments: -# The safe and default but still SSL/TLS standard compliant shutdown -# approach is that mod_ssl sends the close notify alert but doesn't wait for -# the close notify alert from client. When you need a different shutdown -# approach you can use one of the following variables: -# o ssl-unclean-shutdown: -# This forces an unclean shutdown when the connection is closed, i.e. no -# SSL close notify alert is send or allowed to received. This violates -# the SSL/TLS standard but is needed for some brain-dead browsers. Use -# this when you receive I/O errors because of the standard approach where -# mod_ssl sends the close notify alert. -# o ssl-accurate-shutdown: -# This forces an accurate shutdown when the connection is closed, i.e. a -# SSL close notify alert is send and mod_ssl waits for the close notify -# alert of the client. This is 100% SSL/TLS standard compliant, but in -# practice often causes hanging connections with brain-dead browsers. Use -# this only for browsers where you know that their SSL implementation -# works correctly. -# Notice: Most problems of broken clients are also related to the HTTP -# keep-alive facility, so you usually additionally want to disable -# keep-alive for those clients, too. Use variable "nokeepalive" for this. -# Similarly, one has to force some clients to use HTTP/1.0 to workaround -# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and -# "force-response-1.0" for this. -SetEnvIf User-Agent ".*MSIE.*" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog /var/log/apache/ssl_request_log \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - - - diff --git a/patches/mod_ssl/slack-desc b/patches/mod_ssl/slack-desc deleted file mode 100644 index e137e2ef..00000000 --- a/patches/mod_ssl/slack-desc +++ /dev/null @@ -1,19 +0,0 @@ -# HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line -# up the first '|' above the ':' following the base package name, and the '|' -# on the right side marks the last column you can put a character in. You must -# make exactly 11 lines for the formatting to be correct. It's also -# customary to leave one space after the ':'. - - |-----handy-ruler------------------------------------------------------| -mod_ssl: mod_ssl (Apache module for SSL) -mod_ssl: -mod_ssl: mod_ssl provides provides strong cryptography for the Apache web -mod_ssl: server via the Secure Sockets Layer (SSL v2/v3) and Transport Layer -mod_ssl: Security (TLS v1). It is based on OpenSSL and provides support for -mod_ssl: all major security needs through HTTP. -mod_ssl: -mod_ssl: mod_ssl is written by Ralf S. Engelschall. -mod_ssl: -mod_ssl: -mod_ssl: -- cgit v1.2.3