[git.ipfire.org] IPFire 2.x development tree branch, next, updated. beb256e0a0a302a8722d082741375336ed4371f8

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. beb256e0a0a302a8722d082741375336ed4371f8
Date: Mon, 20 Nov 2017 20:38:04 +0000	[thread overview]
Message-ID: <20171120203804.EECDC1081BCF@git01.ipfire.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 3721 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  beb256e0a0a302a8722d082741375336ed4371f8 (commit)
       via  a57f4a9f5d39069032b0f4e64f90fe4330cb6357 (commit)
      from  f574f9ea02430521fafb9f28c3a42d31b68117bb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit beb256e0a0a302a8722d082741375336ed4371f8
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Nov 20 15:46:53 2017 +0000

    core117: Reload apache for change of configuration
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit a57f4a9f5d39069032b0f4e64f90fe4330cb6357
Author: Peter Müller <peter.mueller(a)link38.eu>
Date:   Sun Nov 19 17:24:36 2017 +0100

    disable SSL compression and session tickets in Apache
    
    Ensure that Apache never uses SSL compression, which is vulnerable,
    and turn off session tickets since the might cause impact to PFS.
    
    Based against next, supersedes first version.
    
    Reported-by: Wolfgang Apolinarski <wolfgang.apolinarski(a)ipfire.org>
    Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/httpd/vhosts.d/ipfire-interface-ssl.conf | 2 ++
 config/rootfiles/core/117/filelists/files       | 1 +
 config/rootfiles/core/117/update.sh             | 1 +
 3 files changed, 4 insertions(+)

Difference in files:
diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
index c9ccd5b..dacf6a0 100644
--- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
+++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
@@ -11,6 +11,8 @@
     SSLProtocol all -SSLv2 -SSLv3
     SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA
     SSLHonorCipherOrder on
+    SSLCompression off
+    SSLSessionTickets off
     SSLCertificateFile /etc/httpd/server.crt
     SSLCertificateKeyFile /etc/httpd/server.key
     SSLCertificateFile /etc/httpd/server-ecdsa.crt
diff --git a/config/rootfiles/core/117/filelists/files b/config/rootfiles/core/117/filelists/files
index dea752c..a29d9ac 100644
--- a/config/rootfiles/core/117/filelists/files
+++ b/config/rootfiles/core/117/filelists/files
@@ -1,5 +1,6 @@
 etc/system-release
 etc/issue
+etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
 etc/ssl/certs/ca-bundle.crt
 etc/ssl/certs/ca-bundle.trust.crt
 opt/pakfire/lib/functions.pl
diff --git a/config/rootfiles/core/117/update.sh b/config/rootfiles/core/117/update.sh
index a8d83ba..816f7f1 100644
--- a/config/rootfiles/core/117/update.sh
+++ b/config/rootfiles/core/117/update.sh
@@ -43,6 +43,7 @@ ldconfig
 #/usr/local/bin/update-lang-cache
 
 # Start services
+/etc/init.d/apache reload
 
 # This update need a reboot...
 #touch /var/run/need_reboot


hooks/post-receive
--
IPFire 2.x development tree

                 reply	other threads:[~2017-11-20 20:38 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171120203804.EECDC1081BCF@git01.ipfire.org \
    --to=git@ipfire.org \
    --cc=ipfire-scm@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox