From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A4C3215807B for ; Tue, 15 Oct 2024 21:46:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D159DE07F0; Tue, 15 Oct 2024 21:46:08 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BB17EE07EC for ; Tue, 15 Oct 2024 21:46:08 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 0B32A340C57 for ; Tue, 15 Oct 2024 21:46:08 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 4477C1F64 for ; Tue, 15 Oct 2024 21:46:05 +0000 (UTC) From: "Conrad Kostecki" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Conrad Kostecki" Message-ID: <1729028738.287849413f51b54c4ad7b11791fe0eef69029da3.conikost@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: www-servers/apache/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: www-servers/apache/files/apache-2.4.59-dh-regression.patch X-VCS-Directories: www-servers/apache/files/ X-VCS-Committer: conikost X-VCS-Committer-Name: Conrad Kostecki X-VCS-Revision: 287849413f51b54c4ad7b11791fe0eef69029da3 X-VCS-Branch: master Date: Tue, 15 Oct 2024 21:46:05 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: b32167f5-af03-4d81-a667-70849d63eb54 X-Archives-Hash: f01b811764b301ec1d224568b7428b5c commit: 287849413f51b54c4ad7b11791fe0eef69029da3 Author: Michael Mair-Keimberger levelnine at> AuthorDate: Mon Oct 14 15:38:04 2024 +0000 Commit: Conrad Kostecki gentoo org> CommitDate: Tue Oct 15 21:45:38 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28784941 www-servers/apache: remove unused patch Signed-off-by: Michael Mair-Keimberger levelnine.at> Signed-off-by: Conrad Kostecki gentoo.org> .../apache/files/apache-2.4.59-dh-regression.patch | 81 ---------------------- 1 file changed, 81 deletions(-) diff --git a/www-servers/apache/files/apache-2.4.59-dh-regression.patch b/www-servers/apache/files/apache-2.4.59-dh-regression.patch deleted file mode 100644 index 63cb606a2630..000000000000 --- a/www-servers/apache/files/apache-2.4.59-dh-regression.patch +++ /dev/null @@ -1,81 +0,0 @@ -From dee1eb37d787d34cb37df7eab535240e1774293a Mon Sep 17 00:00:00 2001 -From: Ruediger Pluem -Date: Mon, 8 Apr 2024 13:18:28 +0000 -Subject: [PATCH] * Ensure that we set the default DH parameters for the key - -Replace else with an if as the if branch no longer ensures that -custome DH parameters have been loaded. -This fixes a regression that causes the default DH parameters for a key -no longer set and thus effectively disabling DH ciphers when no explicit -DH parameters are set. - -PR: 68863 - - -git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916863 13f79535-47bb-0310-9956-ffa450edef68 ---- - changes-entries/pr68863.txt | 3 +++ - modules/ssl/ssl_engine_init.c | 11 ++++++----- - 2 files changed, 9 insertions(+), 5 deletions(-) - create mode 100644 changes-entries/pr68863.txt - -diff --git a/changes-entries/pr68863.txt b/changes-entries/pr68863.txt -new file mode 100644 -index 00000000000..d45ffc708cc ---- /dev/null -+++ b/changes-entries/pr68863.txt -@@ -0,0 +1,3 @@ -+ *) mod_ssl: Fix a regression that causes the default DH parameters for a key -+ no longer set and thus effectively disabling DH ciphers when no explicit -+ DH parameters are set. PR 68863 [Ruediger Pluem] -diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c -index 64e4aaf1dcd..f657026d137 100644 ---- a/modules/ssl/ssl_engine_init.c -+++ b/modules/ssl/ssl_engine_init.c -@@ -1416,6 +1416,7 @@ static apr_status_t ssl_init_server_certs(server_rec *s, - const char *vhost_id = mctx->sc->vhost_id, *key_id, *certfile, *keyfile; - int i; - EVP_PKEY *pkey; -+ int custom_dh_done = 0; - #ifdef HAVE_ECC - EC_GROUP *ecgroup = NULL; - int curve_nid = 0; -@@ -1591,14 +1592,14 @@ static apr_status_t ssl_init_server_certs(server_rec *s, - */ - certfile = APR_ARRAY_IDX(mctx->pks->cert_files, 0, const char *); - if (certfile && !modssl_is_engine_id(certfile)) { -- int done = 0, num_bits = 0; -+ int num_bits = 0; - #if OPENSSL_VERSION_NUMBER < 0x30000000L - DH *dh = modssl_dh_from_file(certfile); - if (dh) { - num_bits = DH_bits(dh); - SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dh); - DH_free(dh); -- done = 1; -+ custom_dh_done = 1; - } - #else - pkey = modssl_dh_pkey_from_file(certfile); -@@ -1608,18 +1609,18 @@ static apr_status_t ssl_init_server_certs(server_rec *s, - EVP_PKEY_free(pkey); - } - else { -- done = 1; -+ custom_dh_done = 1; - } - } - #endif -- if (done) { -+ if (custom_dh_done) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540) - "Custom DH parameters (%d bits) for %s loaded from %s", - num_bits, vhost_id, certfile); - } - } - #if !MODSSL_USE_OPENSSL_PRE_1_1_API -- else { -+ if (!custom_dh_done) { - /* If no parameter is manually configured, enable auto - * selection. */ - SSL_CTX_set_dh_auto(mctx->ssl_ctx, 1);