You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1534 lines
54 KiB
1534 lines
54 KiB
%define contentdir %{_datadir}/httpd |
|
%define docroot /var/www |
|
%define suexec_caller apache |
|
%define mmn 20120211 |
|
%define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits} |
|
%define mmnisa %{mmn}%{__isa_name}%{__isa_bits} |
|
%define vstring PowerEL |
|
|
|
# Drop automatic provides for module DSOs |
|
%{?filter_setup: |
|
%filter_provides_in %{_libdir}/httpd/modules/.*\.so$ |
|
%filter_setup |
|
} |
|
|
|
Summary: Apache HTTP Server |
|
Name: httpd |
|
Version: 2.4.6 |
|
Release: 80%{?dist} |
|
URL: http://httpd.apache.org/ |
|
Source0: http://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2 |
|
Source1: centos-noindex.tar.gz |
|
Source2: httpd.logrotate |
|
Source3: httpd.sysconf |
|
Source4: httpd-ssl-pass-dialog |
|
Source5: httpd.tmpfiles |
|
Source6: httpd.service |
|
Source7: action-graceful.sh |
|
Source8: action-configtest.sh |
|
Source10: httpd.conf |
|
Source11: 00-base.conf |
|
Source12: 00-mpm.conf |
|
Source13: 00-lua.conf |
|
Source14: 01-cgi.conf |
|
Source15: 00-dav.conf |
|
Source16: 00-proxy.conf |
|
Source17: 00-ssl.conf |
|
Source18: 01-ldap.conf |
|
Source19: 00-proxyhtml.conf |
|
Source20: userdir.conf |
|
Source21: ssl.conf |
|
Source22: welcome.conf |
|
Source23: manual.conf |
|
Source24: 00-systemd.conf |
|
Source25: 01-session.conf |
|
# Documentation |
|
Source30: README.confd |
|
Source40: htcacheclean.service |
|
Source41: htcacheclean.sysconf |
|
# build/scripts patches |
|
Patch1: httpd-2.4.1-apctl.patch |
|
Patch2: httpd-2.4.3-apxs.patch |
|
Patch3: httpd-2.4.1-deplibs.patch |
|
Patch5: httpd-2.4.3-layout.patch |
|
Patch6: httpd-2.4.3-apctl-systemd.patch |
|
# Features/functional changes |
|
Patch21: httpd-2.4.6-full-release.patch |
|
Patch23: httpd-2.4.4-export.patch |
|
Patch24: httpd-2.4.1-corelimit.patch |
|
Patch25: httpd-2.4.1-selinux.patch |
|
Patch26: httpd-2.4.4-r1337344+.patch |
|
Patch27: httpd-2.4.2-icons.patch |
|
Patch28: httpd-2.4.6-r1332643+.patch |
|
Patch29: httpd-2.4.3-mod_systemd.patch |
|
Patch30: httpd-2.4.4-cachehardmax.patch |
|
Patch31: httpd-2.4.6-sslmultiproxy.patch |
|
Patch32: httpd-2.4.6-r1537535.patch |
|
Patch33: httpd-2.4.6-r1542327.patch |
|
Patch34: httpd-2.4.6-ssl-large-keys.patch |
|
Patch35: httpd-2.4.6-pre_htaccess.patch |
|
Patch36: httpd-2.4.6-r1573626.patch |
|
Patch37: httpd-2.4.6-uds.patch |
|
Patch38: httpd-2.4.6-upn.patch |
|
Patch39: httpd-2.4.6-r1664565.patch |
|
# Bug fixes |
|
Patch51: httpd-2.4.3-sslsninotreq.patch |
|
Patch55: httpd-2.4.4-malformed-host.patch |
|
Patch56: httpd-2.4.4-mod_unique_id.patch |
|
Patch57: httpd-2.4.6-ldaprefer.patch |
|
Patch58: httpd-2.4.6-r1507681+.patch |
|
Patch59: httpd-2.4.6-r1556473.patch |
|
Patch60: httpd-2.4.6-r1553540.patch |
|
Patch61: httpd-2.4.6-rewrite-clientaddr.patch |
|
Patch62: httpd-2.4.6-ab-overflow.patch |
|
Patch63: httpd-2.4.6-sigint.patch |
|
Patch64: httpd-2.4.6-ssl-ecdh-auto.patch |
|
Patch65: httpd-2.4.6-r1556818.patch |
|
Patch66: httpd-2.4.6-r1618851.patch |
|
Patch67: httpd-2.4.6-r1526189.patch |
|
Patch68: httpd-2.4.6-r1663647.patch |
|
Patch69: httpd-2.4.6-r1569006.patch |
|
Patch70: httpd-2.4.6-r1506474.patch |
|
Patch71: httpd-2.4.6-bomb.patch |
|
Patch72: httpd-2.4.6-r1604460.patch |
|
Patch73: httpd-2.4.6-r1624349.patch |
|
Patch74: httpd-2.4.6-ap-ipv6.patch |
|
Patch75: httpd-2.4.6-r1530280.patch |
|
Patch76: httpd-2.4.6-r1633085.patch |
|
Patch78: httpd-2.4.6-ssl-error-free.patch |
|
Patch79: httpd-2.4.6-r1528556.patch |
|
Patch80: httpd-2.4.6-r1594625.patch |
|
Patch81: httpd-2.4.6-r1674222.patch |
|
Patch82: httpd-2.4.6-apachectl-httpd-env.patch |
|
Patch83: httpd-2.4.6-rewrite-dir.patch |
|
Patch84: httpd-2.4.6-r1420184.patch |
|
Patch85: httpd-2.4.6-r1524368.patch |
|
Patch86: httpd-2.4.6-r1528958.patch |
|
Patch87: httpd-2.4.6-r1651083.patch |
|
Patch88: httpd-2.4.6-r1688399.patch |
|
Patch89: httpd-2.4.6-r1527509.patch |
|
Patch90: httpd-2.4.6-apachectl-status.patch |
|
Patch91: httpd-2.4.6-r1650655.patch |
|
Patch92: httpd-2.4.6-r1533448.patch |
|
Patch93: httpd-2.4.6-r1610013.patch |
|
Patch94: httpd-2.4.6-r1705528.patch |
|
Patch95: httpd-2.4.6-r1684462.patch |
|
Patch96: httpd-2.4.6-r1650677.patch |
|
Patch97: httpd-2.4.6-r1621601.patch |
|
Patch98: httpd-2.4.6-r1610396.patch |
|
Patch99: httpd-2.4.6-rotatelog-timezone.patch |
|
Patch100: httpd-2.4.6-ab-ssl-error.patch |
|
Patch101: httpd-2.4.6-r1723522.patch |
|
Patch102: httpd-2.4.6-r1681107.patch |
|
Patch103: httpd-2.4.6-dhparams-free.patch |
|
Patch104: httpd-2.4.6-r1651658.patch |
|
Patch105: httpd-2.4.6-r1560093.patch |
|
Patch106: httpd-2.4.6-r1748212.patch |
|
Patch107: httpd-2.4.6-r1570327.patch |
|
Patch108: httpd-2.4.6-r1631119.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1406184 |
|
Patch109: httpd-2.4.6-r1593002.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1389535 |
|
Patch110: httpd-2.4.6-r1662640.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1348019 |
|
Patch111: httpd-2.4.6-r1348019.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1396197 |
|
Patch112: httpd-2.4.6-r1587053.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1376835 |
|
Patch113: httpd-2.4.6-mpm-segfault.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1372692 |
|
Patch114: httpd-2.4.6-r1681114.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1371876 |
|
Patch115: httpd-2.4.6-r1775832.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1353740 |
|
Patch116: httpd-2.4.6-r1726019.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1364604 |
|
Patch117: httpd-2.4.6-r1683112.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1378946 |
|
Patch118: httpd-2.4.6-r1651653.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1414258 |
|
Patch119: httpd-2.4.6-r1634529.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1397241 |
|
Patch120: httpd-2.4.6-r1738878.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1445885 |
|
Patch121: httpd-2.4.6-http-protocol-options-define.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1332242 |
|
Patch122: httpd-2.4.6-statements-comment.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1451333 |
|
Patch123: httpd-2.4.6-rotatelogs-zombie.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1368491 |
|
Patch124: httpd-2.4.6-mod_authz_dbd-missing-query.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1288395 |
|
Patch125: httpd-2.4.6-r1668532.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1499253 |
|
Patch126: httpd-2.4.6-r1681289.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1430640 |
|
Patch127: httpd-2.4.6-r1805099.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1448892 |
|
Patch128: httpd-2.4.6-r1811831.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1464406 |
|
Patch129: httpd-2.4.6-r1811746.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1440590 |
|
Patch130: httpd-2.4.6-r1811976.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1506392 |
|
Patch131: httpd-2.4.6-r1650310.patch |
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1557785 |
|
Patch132: httpd-2.4.6-r1530999.patch |
|
|
|
# Security fixes |
|
Patch200: httpd-2.4.6-CVE-2013-6438.patch |
|
Patch201: httpd-2.4.6-CVE-2014-0098.patch |
|
Patch202: httpd-2.4.6-CVE-2014-0231.patch |
|
Patch203: httpd-2.4.6-CVE-2014-0117.patch |
|
Patch204: httpd-2.4.6-CVE-2014-0118.patch |
|
Patch205: httpd-2.4.6-CVE-2014-0226.patch |
|
Patch206: httpd-2.4.6-CVE-2013-4352.patch |
|
Patch207: httpd-2.4.6-CVE-2013-5704.patch |
|
Patch208: httpd-2.4.6-CVE-2014-3581.patch |
|
Patch209: httpd-2.4.6-CVE-2015-3185.patch |
|
Patch210: httpd-2.4.6-CVE-2015-3183.patch |
|
Patch211: httpd-2.4.6-CVE-2016-5387.patch |
|
Patch212: httpd-2.4.6-CVE-2016-8743.patch |
|
Patch213: httpd-2.4.6-CVE-2016-0736.patch |
|
Patch214: httpd-2.4.6-CVE-2016-2161.patch |
|
Patch215: httpd-2.4.6-CVE-2017-3167.patch |
|
Patch216: httpd-2.4.6-CVE-2017-3169.patch |
|
Patch217: httpd-2.4.6-CVE-2017-7668.patch |
|
Patch218: httpd-2.4.6-CVE-2017-7679.patch |
|
Patch219: httpd-2.4.6-CVE-2017-9788.patch |
|
Patch220: httpd-2.4.6-CVE-2017-9798.patch |
|
|
|
License: ASL 2.0 |
|
Group: System Environment/Daemons |
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root |
|
BuildRequires: autoconf, perl, pkgconfig, findutils, xmlto |
|
BuildRequires: zlib-devel, libselinux-devel, lua-devel |
|
BuildRequires: apr-devel >= 1.4.0, apr-util-devel >= 1.2.0, pcre-devel >= 5.0 |
|
BuildRequires: systemd-devel |
|
Requires: /etc/mime.types, system-logos |
|
Obsoletes: httpd-suexec |
|
Provides: webserver |
|
Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release} |
|
Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}, httpd-mmn = %{oldmmnisa} |
|
Requires: httpd-tools = %{version}-%{release} |
|
Requires(pre): /usr/sbin/useradd |
|
Requires(pre): /usr/sbin/groupadd |
|
Requires(preun): systemd-units |
|
Requires(postun): systemd-units |
|
Requires(post): systemd-units |
|
|
|
%description |
|
The Apache HTTP Server is a powerful, efficient, and extensible |
|
web server. |
|
|
|
%package devel |
|
Group: Development/Libraries |
|
Summary: Development interfaces for the Apache HTTP server |
|
Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel |
|
Requires: apr-devel, apr-util-devel, pkgconfig |
|
Requires: httpd = %{version}-%{release} |
|
|
|
%description devel |
|
The httpd-devel package contains the APXS binary and other files |
|
that you need to build Dynamic Shared Objects (DSOs) for the |
|
Apache HTTP Server. |
|
|
|
If you are installing the Apache HTTP server and you want to be |
|
able to compile or develop additional modules for Apache, you need |
|
to install this package. |
|
|
|
%package manual |
|
Group: Documentation |
|
Summary: Documentation for the Apache HTTP server |
|
Requires: httpd = %{version}-%{release} |
|
Obsoletes: secureweb-manual, apache-manual |
|
BuildArch: noarch |
|
|
|
%description manual |
|
The httpd-manual package contains the complete manual and |
|
reference guide for the Apache HTTP server. The information can |
|
also be found at http://httpd.apache.org/docs/2.2/. |
|
|
|
%package tools |
|
Group: System Environment/Daemons |
|
Summary: Tools for use with the Apache HTTP Server |
|
|
|
%description tools |
|
The httpd-tools package contains tools which can be used with |
|
the Apache HTTP Server. |
|
|
|
%package -n mod_ssl |
|
Group: System Environment/Daemons |
|
Summary: SSL/TLS module for the Apache HTTP Server |
|
Epoch: 1 |
|
BuildRequires: openssl-devel >= 1:1.0.1e-37 |
|
Requires: openssl-libs >= 1:1.0.1e-37 |
|
Requires(post): openssl, /bin/cat |
|
Requires(pre): httpd |
|
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} |
|
Obsoletes: stronghold-mod_ssl |
|
|
|
%description -n mod_ssl |
|
The mod_ssl module provides strong cryptography for the Apache Web |
|
server via the Secure Sockets Layer (SSL) and Transport Layer |
|
Security (TLS) protocols. |
|
|
|
%package -n mod_proxy_html |
|
Group: System Environment/Daemons |
|
Summary: HTML and XML content filters for the Apache HTTP Server |
|
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} |
|
BuildRequires: libxml2-devel |
|
Epoch: 1 |
|
Obsoletes: mod_proxy_html < 1:2.4.1-2 |
|
|
|
%description -n mod_proxy_html |
|
The mod_proxy_html and mod_xml2enc modules provide filters which can |
|
transform and modify HTML and XML content. |
|
|
|
%package -n mod_ldap |
|
Group: System Environment/Daemons |
|
Summary: LDAP authentication modules for the Apache HTTP Server |
|
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} |
|
Requires: apr-util-ldap |
|
|
|
%description -n mod_ldap |
|
The mod_ldap and mod_authnz_ldap modules add support for LDAP |
|
authentication to the Apache HTTP Server. |
|
|
|
%package -n mod_session |
|
Group: System Environment/Daemons |
|
Summary: Session interface for the Apache HTTP Server |
|
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} |
|
|
|
%description -n mod_session |
|
The mod_session module and associated backends provide an abstract |
|
interface for storing and accessing per-user session data. |
|
|
|
%prep |
|
%setup -q |
|
%patch1 -p1 -b .apctl |
|
%patch2 -p1 -b .apxs |
|
%patch3 -p1 -b .deplibs |
|
%patch5 -p1 -b .layout |
|
%patch6 -p1 -b .apctlsystemd |
|
|
|
%patch21 -p1 -b .fullrelease |
|
%patch23 -p1 -b .export |
|
%patch24 -p1 -b .corelimit |
|
%patch25 -p1 -b .selinux |
|
%patch26 -p1 -b .r1337344+ |
|
%patch27 -p1 -b .icons |
|
%patch28 -p1 -b .r1332643+ |
|
%patch29 -p1 -b .systemd |
|
%patch30 -p1 -b .cachehardmax |
|
%patch31 -p1 -b .sslmultiproxy |
|
%patch32 -p1 -b .r1537535 |
|
%patch33 -p1 -b .r1542327 |
|
rm modules/ssl/ssl_engine_dh.c |
|
%patch34 -p1 -b .ssllargekeys |
|
%patch35 -p1 -b .prehtaccess |
|
%patch36 -p1 -b .r1573626 |
|
%patch37 -p1 -b .uds |
|
%patch38 -p1 -b .upn |
|
%patch39 -p1 -b .r1664565 |
|
|
|
%patch51 -p1 -b .sninotreq |
|
%patch55 -p1 -b .malformedhost |
|
%patch56 -p1 -b .uniqueid |
|
%patch57 -p1 -b .ldaprefer |
|
%patch58 -p1 -b .r1507681+ |
|
%patch59 -p1 -b .r1556473 |
|
%patch60 -p1 -b .r1553540 |
|
%patch61 -p1 -b .clientaddr |
|
%patch62 -p1 -b .aboverflow |
|
%patch63 -p1 -b .sigint |
|
%patch64 -p1 -b .sslecdhauto |
|
%patch65 -p1 -b .r1556818 |
|
%patch66 -p1 -b .r1618851 |
|
%patch67 -p1 -b .r1526189 |
|
%patch68 -p1 -b .r1663647 |
|
%patch69 -p1 -b .1569006 |
|
%patch70 -p1 -b .r1506474 |
|
%patch71 -p1 -b .bomb |
|
%patch72 -p1 -b .r1604460 |
|
%patch73 -p1 -b .r1624349 |
|
%patch74 -p1 -b .abipv6 |
|
%patch75 -p1 -b .r1530280 |
|
%patch76 -p1 -b .r1633085 |
|
%patch78 -p1 -b .sslerrorfree |
|
%patch79 -p1 -b .r1528556 |
|
%patch80 -p1 -b .r1594625 |
|
%patch81 -p1 -b .r1674222 |
|
%patch82 -p1 -b .envhttpd |
|
%patch83 -p1 -b .rewritedir |
|
%patch84 -p1 -b .r1420184 |
|
%patch85 -p1 -b .r1524368 |
|
%patch86 -p1 -b .r1528958 |
|
%patch87 -p1 -b .r1651083 |
|
%patch88 -p1 -b .r1688399 |
|
%patch89 -p1 -b .r1527509 |
|
%patch90 -p1 -b .apachectlstatus |
|
%patch91 -p1 -b .r1650655 |
|
%patch92 -p1 -b .r1533448 |
|
%patch93 -p1 -b .r1610013 |
|
%patch94 -p1 -b .r1705528 |
|
%patch95 -p1 -b .r1684462 |
|
%patch96 -p1 -b .r1650677 |
|
%patch97 -p1 -b .r1621601 |
|
%patch98 -p1 -b .r1610396 |
|
%patch99 -p1 -b .rotatelogtimezone |
|
%patch100 -p1 -b .absslerror |
|
%patch101 -p1 -b .r1723522 |
|
%patch102 -p1 -b .r1681107 |
|
%patch103 -p1 -b .dhparamsfree |
|
%patch104 -p1 -b .r1651658 |
|
%patch105 -p1 -b .r1560093 |
|
%patch106 -p1 -b .r1748212 |
|
%patch107 -p1 -b .r1570327 |
|
%patch108 -p1 -b .r1631119 |
|
%patch109 -p1 -b .r1593002 |
|
%patch110 -p1 -b .r1662640 |
|
%patch111 -p1 -b .r1348019 |
|
%patch112 -p1 -b .r1587053 |
|
%patch113 -p1 -b .mpmsegfault |
|
%patch114 -p1 -b .r1681114 |
|
%patch115 -p1 -b .r1371876 |
|
%patch116 -p1 -b .r1726019 |
|
%patch117 -p1 -b .r1683112 |
|
%patch118 -p1 -b .r1651653 |
|
%patch119 -p1 -b .r1634529 |
|
%patch120 -p1 -b .r1738878 |
|
%patch121 -p1 -b .httpprotdefine |
|
%patch122 -p1 -b .statement-comment |
|
%patch123 -p1 -b .logrotate-zombie |
|
%patch124 -p1 -b .modauthzdbd-segfault |
|
%patch125 -p1 -b .r1668532 |
|
%patch126 -p1 -b .r1681289 |
|
%patch127 -p1 -b .r1805099 |
|
%patch128 -p1 -b .r1811831 |
|
%patch129 -p1 -b .r1811746 |
|
%patch130 -p1 -b .r1811976 |
|
%patch131 -p1 -b .r1650310 |
|
%patch132 -p1 -b .r1530999 |
|
|
|
%patch200 -p1 -b .cve6438 |
|
%patch201 -p1 -b .cve0098 |
|
%patch202 -p1 -b .cve0231 |
|
%patch203 -p1 -b .cve0117 |
|
%patch204 -p1 -b .cve0118 |
|
%patch205 -p1 -b .cve0226 |
|
%patch206 -p1 -b .cve4352 |
|
%patch207 -p1 -b .cve5704 |
|
%patch208 -p1 -b .cve3581 |
|
%patch209 -p1 -b .cve3185 |
|
%patch210 -p1 -b .cve3183 |
|
%patch211 -p1 -b .cve5387 |
|
%patch212 -p1 -b .cve8743 |
|
%patch213 -p1 -b .cve0736 |
|
%patch214 -p1 -b .cve2161 |
|
%patch215 -p1 -b .cve3167 |
|
%patch216 -p1 -b .cve3169 |
|
%patch217 -p1 -b .cve7668 |
|
%patch218 -p1 -b .cve7679 |
|
%patch219 -p1 -b .cve9788 |
|
%patch220 -p1 -b .cve9798 |
|
|
|
# Patch in the vendor string and the release string |
|
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h |
|
sed -i 's/@RELEASE@/%{release}/' server/core.c |
|
|
|
# Prevent use of setcap in "install-suexec-caps" target. |
|
sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in |
|
|
|
# Safety check: prevent build if defined MMN does not equal upstream MMN. |
|
vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'` |
|
if test "x${vmmn}" != "x%{mmn}"; then |
|
: Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn} |
|
: Update the mmn macro and rebuild. |
|
exit 1 |
|
fi |
|
|
|
: Building with MMN %{mmn}, MMN-ISA %{mmnisa} and vendor string '%{vstring}' |
|
|
|
%build |
|
# forcibly prevent use of bundled apr, apr-util, pcre |
|
rm -rf srclib/{apr,apr-util,pcre} |
|
|
|
# regenerate configure scripts |
|
autoheader && autoconf || exit 1 |
|
|
|
# Before configure; fix location of build dir in generated apxs |
|
%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \ |
|
support/apxs.in |
|
|
|
export CFLAGS=$RPM_OPT_FLAGS |
|
export LDFLAGS="-Wl,-z,relro,-z,now" |
|
|
|
%global _performance_build 1 |
|
|
|
# Hard-code path to links to avoid unnecessary builddep |
|
export LYNX_PATH=/usr/bin/links |
|
|
|
# Build the daemon |
|
%configure \ |
|
--prefix=%{_sysconfdir}/httpd \ |
|
--exec-prefix=%{_prefix} \ |
|
--bindir=%{_bindir} \ |
|
--sbindir=%{_sbindir} \ |
|
--mandir=%{_mandir} \ |
|
--libdir=%{_libdir} \ |
|
--sysconfdir=%{_sysconfdir}/httpd/conf \ |
|
--includedir=%{_includedir}/httpd \ |
|
--libexecdir=%{_libdir}/httpd/modules \ |
|
--datadir=%{contentdir} \ |
|
--enable-layout=Fedora \ |
|
--with-installbuilddir=%{_libdir}/httpd/build \ |
|
--enable-mpms-shared=all \ |
|
--with-apr=%{_prefix} --with-apr-util=%{_prefix} \ |
|
--enable-suexec --with-suexec \ |
|
--enable-suexec-capabilities \ |
|
--with-suexec-caller=%{suexec_caller} \ |
|
--with-suexec-docroot=%{docroot} \ |
|
--without-suexec-logfile \ |
|
--with-suexec-syslog \ |
|
--with-suexec-bin=%{_sbindir}/suexec \ |
|
--with-suexec-uidmin=500 --with-suexec-gidmin=100 \ |
|
--enable-pie \ |
|
--with-pcre \ |
|
--enable-mods-shared=all \ |
|
--enable-ssl --with-ssl --disable-distcache \ |
|
--enable-proxy \ |
|
--enable-cache \ |
|
--enable-disk-cache \ |
|
--enable-ldap --enable-authnz-ldap \ |
|
--enable-cgid --enable-cgi \ |
|
--enable-authn-anon --enable-authn-alias \ |
|
--disable-imagemap \ |
|
$* |
|
make %{?_smp_mflags} |
|
|
|
%install |
|
rm -rf $RPM_BUILD_ROOT |
|
|
|
make DESTDIR=$RPM_BUILD_ROOT install |
|
|
|
# Install systemd service files |
|
mkdir -p $RPM_BUILD_ROOT%{_unitdir} |
|
for s in httpd htcacheclean; do |
|
install -p -m 644 $RPM_SOURCE_DIR/${s}.service \ |
|
$RPM_BUILD_ROOT%{_unitdir}/${s}.service |
|
done |
|
|
|
# install conf file/directory |
|
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \ |
|
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d |
|
install -m 644 $RPM_SOURCE_DIR/README.confd \ |
|
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README |
|
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \ |
|
00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \ |
|
01-ldap.conf 00-systemd.conf 01-session.conf; do |
|
install -m 644 -p $RPM_SOURCE_DIR/$f \ |
|
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f |
|
done |
|
|
|
for f in welcome.conf ssl.conf manual.conf userdir.conf; do |
|
install -m 644 -p $RPM_SOURCE_DIR/$f \ |
|
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f |
|
done |
|
|
|
# Split-out extra config shipped as default in conf.d: |
|
for f in autoindex; do |
|
mv docs/conf/extra/httpd-${f}.conf \ |
|
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/${f}.conf |
|
done |
|
|
|
# Extra config trimmed: |
|
rm -v docs/conf/extra/httpd-{ssl,userdir}.conf |
|
|
|
rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf |
|
install -m 644 -p $RPM_SOURCE_DIR/httpd.conf \ |
|
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/httpd.conf |
|
|
|
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig |
|
for s in httpd htcacheclean; do |
|
install -m 644 -p $RPM_SOURCE_DIR/${s}.sysconf \ |
|
$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/${s} |
|
done |
|
|
|
# tmpfiles.d configuration |
|
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d |
|
install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \ |
|
$RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/httpd.conf |
|
|
|
# Other directories |
|
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \ |
|
$RPM_BUILD_ROOT/run/httpd/htcacheclean |
|
|
|
# Create cache directory |
|
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd \ |
|
$RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/proxy \ |
|
$RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/ssl |
|
|
|
# Make the MMN accessible to module packages |
|
echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn |
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm |
|
cat > $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.httpd <<EOF |
|
%%_httpd_mmn %{mmnisa} |
|
%%_httpd_apxs %{_bindir}/apxs |
|
%%_httpd_modconfdir %{_sysconfdir}/httpd/conf.modules.d |
|
%%_httpd_confdir %{_sysconfdir}/httpd/conf.d |
|
%%_httpd_contentdir %{contentdir} |
|
%%_httpd_moddir %{_libdir}/httpd/modules |
|
EOF |
|
|
|
# Handle contentdir |
|
#mkdir $RPM_BUILD_ROOT%{contentdir}/noindex |
|
#tar xzf $RPM_SOURCE_DIR/centos-noindex.tar.gz \ |
|
# -C $RPM_BUILD_ROOT%{contentdir}/noindex/ \ |
|
# --strip-components=1 |
|
|
|
rm -rf %{contentdir}/htdocs |
|
|
|
# remove manual sources |
|
find $RPM_BUILD_ROOT%{contentdir}/manual \( \ |
|
-name \*.xml -o -name \*.xml.* -o -name \*.ent -o -name \*.xsl -o -name \*.dtd \ |
|
\) -print0 | xargs -0 rm -f |
|
|
|
# Strip the manual down just to English and replace the typemaps with flat files: |
|
set +x |
|
for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do |
|
if test -f ${f}.en; then |
|
cp ${f}.en ${f} |
|
rm ${f}.* |
|
fi |
|
done |
|
set -x |
|
|
|
# Clean Document Root |
|
rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \ |
|
$RPM_BUILD_ROOT%{docroot}/cgi-bin/* |
|
|
|
# Symlink for the powered-by-$DISTRO image: |
|
ln -s ../noindex/images/poweredby.png \ |
|
$RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png |
|
|
|
# symlinks for /etc/httpd |
|
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs |
|
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run |
|
ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules |
|
|
|
# install http-ssl-pass-dialog |
|
mkdir -p $RPM_BUILD_ROOT%{_libexecdir} |
|
install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \ |
|
$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog |
|
|
|
# Install action scripts |
|
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd |
|
for f in graceful configtest; do |
|
install -p -m 755 $RPM_SOURCE_DIR/action-${f}.sh \ |
|
$RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd/${f} |
|
done |
|
|
|
# Install logrotate config |
|
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d |
|
install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \ |
|
$RPM_BUILD_ROOT/etc/logrotate.d/httpd |
|
|
|
# fix man page paths |
|
sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \ |
|
-e "s|/usr/local/apache2/conf/mime.types|/etc/mime.types|" \ |
|
-e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \ |
|
-e "s|/usr/local/apache2/logs/error_log|/var/log/httpd/error_log|" \ |
|
-e "s|/usr/local/apache2/logs/access_log|/var/log/httpd/access_log|" \ |
|
-e "s|/usr/local/apache2/logs/httpd.pid|/run/httpd/httpd.pid|" \ |
|
-e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \ |
|
> $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8 |
|
|
|
# Make ap_config_layout.h libdir-agnostic |
|
sed -i '/.*DEFAULT_..._LIBEXECDIR/d;/DEFAULT_..._INSTALLBUILDDIR/d' \ |
|
$RPM_BUILD_ROOT%{_includedir}/httpd/ap_config_layout.h |
|
|
|
# Fix path to instdso in special.mk |
|
sed -i '/instdso/s,top_srcdir,top_builddir,' \ |
|
$RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk |
|
|
|
# Remove unpackaged files |
|
rm -vf \ |
|
$RPM_BUILD_ROOT%{_libdir}/*.exp \ |
|
$RPM_BUILD_ROOT/etc/httpd/conf/mime.types \ |
|
$RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \ |
|
$RPM_BUILD_ROOT%{_libdir}/httpd/build/config.nice \ |
|
$RPM_BUILD_ROOT%{_bindir}/{ap?-config,dbmmanage} \ |
|
$RPM_BUILD_ROOT%{_sbindir}/{checkgid,envvars*} \ |
|
$RPM_BUILD_ROOT%{contentdir}/htdocs/* \ |
|
$RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \ |
|
$RPM_BUILD_ROOT%{contentdir}/cgi-bin/* |
|
|
|
rm -rf $RPM_BUILD_ROOT/etc/httpd/conf/{original,extra} |
|
|
|
%pre |
|
# Add the "apache" group and user |
|
/usr/sbin/groupadd -g 48 -r apache 2> /dev/null || : |
|
/usr/sbin/useradd -c "Apache" -u 48 -g apache \ |
|
-s /sbin/nologin -r -d %{contentdir} apache 2> /dev/null || : |
|
|
|
%post |
|
%systemd_post httpd.service htcacheclean.service |
|
|
|
%preun |
|
%systemd_preun httpd.service htcacheclean.service |
|
|
|
%postun |
|
%systemd_postun |
|
|
|
# Trigger for conversion from SysV, per guidelines at: |
|
# https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd |
|
%triggerun -- httpd < 2.2.21-5 |
|
# Save the current service runlevel info |
|
# User must manually run systemd-sysv-convert --apply httpd |
|
# to migrate them to systemd targets |
|
/usr/bin/systemd-sysv-convert --save httpd.service >/dev/null 2>&1 ||: |
|
|
|
# Run these because the SysV package being removed won't do them |
|
/sbin/chkconfig --del httpd >/dev/null 2>&1 || : |
|
|
|
%posttrans |
|
test -f /etc/sysconfig/httpd-disable-posttrans || \ |
|
/bin/systemctl try-restart httpd.service htcacheclean.service >/dev/null 2>&1 || : |
|
|
|
%define sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt |
|
%define sslkey %{_sysconfdir}/pki/tls/private/localhost.key |
|
|
|
%post -n mod_ssl |
|
umask 077 |
|
|
|
if [ -f %{sslkey} -o -f %{sslcert} ]; then |
|
exit 0 |
|
fi |
|
|
|
%{_bindir}/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 2048 > %{sslkey} 2> /dev/null |
|
|
|
FQDN=`hostname` |
|
if [ "x${FQDN}" = "x" -o ${#FQDN} -gt 59 ]; then |
|
FQDN=localhost.localdomain |
|
fi |
|
|
|
cat << EOF | %{_bindir}/openssl req -new -key %{sslkey} \ |
|
-x509 -sha256 -days 365 -set_serial $RANDOM -extensions v3_req \ |
|
-out %{sslcert} 2>/dev/null |
|
-- |
|
SomeState |
|
SomeCity |
|
SomeOrganization |
|
SomeOrganizationalUnit |
|
${FQDN} |
|
root@${FQDN} |
|
EOF |
|
|
|
%check |
|
# Check the built modules are all PIC |
|
if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then |
|
: modules contain non-relocatable code |
|
exit 1 |
|
fi |
|
|
|
%clean |
|
rm -rf $RPM_BUILD_ROOT |
|
|
|
%files |
|
%defattr(-,root,root) |
|
|
|
%doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE |
|
%doc docs/conf/extra/*.conf |
|
|
|
%dir %{_sysconfdir}/httpd |
|
%{_sysconfdir}/httpd/modules |
|
%{_sysconfdir}/httpd/logs |
|
%{_sysconfdir}/httpd/run |
|
%dir %{_sysconfdir}/httpd/conf |
|
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf |
|
%config(noreplace) %{_sysconfdir}/httpd/conf/magic |
|
|
|
%config(noreplace) %{_sysconfdir}/logrotate.d/httpd |
|
|
|
%dir %{_sysconfdir}/httpd/conf.d |
|
%{_sysconfdir}/httpd/conf.d/README |
|
%config(noreplace) %{_sysconfdir}/httpd/conf.d/*.conf |
|
%exclude %{_sysconfdir}/httpd/conf.d/ssl.conf |
|
%exclude %{_sysconfdir}/httpd/conf.d/manual.conf |
|
|
|
%dir %{_sysconfdir}/httpd/conf.modules.d |
|
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf |
|
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf |
|
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf |
|
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf |
|
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-session.conf |
|
|
|
%config(noreplace) %{_sysconfdir}/sysconfig/ht* |
|
%{_prefix}/lib/tmpfiles.d/httpd.conf |
|
|
|
%dir %{_libexecdir}/initscripts/legacy-actions/httpd |
|
%{_libexecdir}/initscripts/legacy-actions/httpd/* |
|
|
|
%{_sbindir}/ht* |
|
%{_sbindir}/fcgistarter |
|
%{_sbindir}/apachectl |
|
%{_sbindir}/rotatelogs |
|
%caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec |
|
|
|
%dir %{_libdir}/httpd |
|
%dir %{_libdir}/httpd/modules |
|
%{_libdir}/httpd/modules/mod*.so |
|
%exclude %{_libdir}/httpd/modules/mod_auth_form.so |
|
%exclude %{_libdir}/httpd/modules/mod_ssl.so |
|
%exclude %{_libdir}/httpd/modules/mod_*ldap.so |
|
%exclude %{_libdir}/httpd/modules/mod_proxy_html.so |
|
%exclude %{_libdir}/httpd/modules/mod_xml2enc.so |
|
%exclude %{_libdir}/httpd/modules/mod_session*.so |
|
|
|
%dir %{contentdir} |
|
%dir %{contentdir}/icons |
|
%dir %{contentdir}/error |
|
%dir %{contentdir}/error/include |
|
%dir %{contentdir}/noindex |
|
%{contentdir}/icons/* |
|
%{contentdir}/error/README |
|
%{contentdir}/error/*.var |
|
%{contentdir}/error/include/*.html |
|
%{contentdir}/noindex/* |
|
|
|
%dir %{docroot} |
|
%dir %{docroot}/cgi-bin |
|
%dir %{docroot}/html |
|
|
|
%attr(0710,root,apache) %dir /run/httpd |
|
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean |
|
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd |
|
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav |
|
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd |
|
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy |
|
|
|
%{_mandir}/man8/* |
|
|
|
%{_unitdir}/*.service |
|
|
|
%files tools |
|
%defattr(-,root,root) |
|
%{_bindir}/* |
|
%{_mandir}/man1/* |
|
%doc LICENSE NOTICE |
|
%exclude %{_bindir}/apxs |
|
%exclude %{_mandir}/man1/apxs.1* |
|
|
|
%files manual |
|
%defattr(-,root,root) |
|
%{contentdir}/manual |
|
%config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf |
|
|
|
%files -n mod_ssl |
|
%defattr(-,root,root) |
|
%{_libdir}/httpd/modules/mod_ssl.so |
|
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf |
|
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf |
|
%attr(0700,apache,root) %dir %{_localstatedir}/cache/httpd/ssl |
|
%{_libexecdir}/httpd-ssl-pass-dialog |
|
|
|
%files -n mod_proxy_html |
|
%defattr(-,root,root) |
|
%{_libdir}/httpd/modules/mod_proxy_html.so |
|
%{_libdir}/httpd/modules/mod_xml2enc.so |
|
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf |
|
|
|
%files -n mod_ldap |
|
%defattr(-,root,root) |
|
%{_libdir}/httpd/modules/mod_*ldap.so |
|
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf |
|
|
|
%files -n mod_session |
|
%defattr(-,root,root) |
|
%{_libdir}/httpd/modules/mod_session*.so |
|
%{_libdir}/httpd/modules/mod_auth_form.so |
|
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf |
|
|
|
%files devel |
|
%defattr(-,root,root) |
|
%{_includedir}/httpd |
|
%{_bindir}/apxs |
|
%{_mandir}/man1/apxs.1* |
|
%dir %{_libdir}/httpd/build |
|
%{_libdir}/httpd/build/*.mk |
|
%{_libdir}/httpd/build/*.sh |
|
%{_sysconfdir}/rpm/macros.httpd |
|
|
|
%changelog |
|
* Tue Jun 26 2018 CentOS Sources <bugs@centos.org> - 2.4.6-80.el7.centos.1 |
|
- Remove index.html, add centos-noindex.tar.gz |
|
- change vstring |
|
- change symlink for poweredby.png |
|
- update welcome.conf with proper aliases |
|
|
|
* Mon May 28 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-80.1 |
|
- Resolves: #1560609 - httpd: active connections being terminated when httpd |
|
gets gracefully stopped/restarted, GracefulShutdownTimeout is not being |
|
honored |
|
|
|
* Mon Jan 08 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-80 |
|
- Related: #1288395 - httpd segfault when logrotate invoked |
|
|
|
* Wed Nov 01 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-79 |
|
- Resolves: #1274890 - mod_ssl config: tighten defaults |
|
|
|
* Tue Oct 31 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-78 |
|
- Resolves: #1506392 - Backport: SSLSessionTickets directive support |
|
|
|
* Mon Oct 16 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-77 |
|
- Resolves: #1440590 - Need an option to disable UTF8-conversion |
|
of certificate DN |
|
|
|
* Thu Oct 12 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-76 |
|
- Resolves: #1464406 - Apache consumes too much memory for CGI output |
|
|
|
* Thu Oct 12 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-75 |
|
- Resolves: #1448892 - Cannot override LD_LIBARY_PATH in Apache HTTPD |
|
using SetEnv or PassEnv. Needs documentation. |
|
|
|
* Mon Oct 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-74 |
|
- Resolves: #1430640 - "ProxyAddHeaders Off" does not become effective |
|
when it's defined outside <Proxy> setting |
|
|
|
* Fri Oct 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-73 |
|
- Resolves: #1499253 - ProxyRemote with HTTPS backend sends requests |
|
with absoluteURI instead of abs_path |
|
|
|
* Tue Oct 03 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-72 |
|
- Resolves: #1288395 - httpd segfault when logrotate invoked |
|
|
|
* Tue Oct 03 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-71 |
|
- Resolves: #1368491 - mod_authz_dbd segfaults when AuthzDBDQuery missing |
|
|
|
* Mon Oct 02 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-70 |
|
- Resolves: #1467402 - rotatelogs: creation of zombie processes when -p is used |
|
|
|
* Tue Sep 19 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-69 |
|
- Resolves: #1493065 - CVE-2017-9798 httpd: Use-after-free by limiting |
|
unregistered HTTP method |
|
|
|
* Tue Jul 25 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-68 |
|
- Resolves: #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() |
|
authentication bypass |
|
- Resolves: #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference |
|
- Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread |
|
- Resolves: #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread |
|
- Resolves: #1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection |
|
in mod_auth_digest |
|
|
|
* Tue May 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-67 |
|
- Related: #1332242 - Explicitly disallow the '#' character in allow,deny |
|
directives |
|
|
|
* Tue May 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-66 |
|
- Related: #1332242 - Explicitly disallow the '#' character in allow,deny |
|
directives |
|
|
|
* Thu Apr 27 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-65 |
|
- Resolves: #1445885 - define _RH_HAS_HTTPPROTOCOLOPTIONS |
|
|
|
* Tue Apr 18 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-64 |
|
- Resolves: #1442872 - apache user is not created during httpd installation |
|
when apache group already exist with GID other than 48 |
|
|
|
* Wed Mar 22 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-63 |
|
- Related: #1412976 - CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 |
|
httpd: various flaws |
|
|
|
* Wed Mar 15 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-62 |
|
- Resolves: #1397241 - Backport Apache Bug 53098 - mod_proxy_ajp: |
|
patch to set worker secret passed to tomcat |
|
|
|
* Wed Mar 15 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-61 |
|
- Related: #1414258 - Crash during restart or at startup in mod_ssl, |
|
in certinfo_free() function registered by ssl_stapling_ex_init() |
|
|
|
* Tue Mar 14 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-60 |
|
- Resolves: #1414258 - Crash during restart or at startup in mod_ssl, |
|
in certinfo_free() function registered by ssl_stapling_ex_init() |
|
|
|
* Mon Mar 13 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-59 |
|
- Resolves: #1378946 - Backport of apache bug 55910: Continuation lines |
|
are broken during buffer resize |
|
|
|
* Fri Mar 10 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-58 |
|
- Resolves: #1364604 - Upstream Bug 56925 - ErrorDocument directive misbehaves |
|
with mod_proxy_http and mod_proxy_ajp |
|
|
|
* Thu Mar 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-57 |
|
- Resolves: #1324416 - Error 404 when switching language in HTML manual |
|
more than once |
|
|
|
* Wed Mar 08 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-56 |
|
- Resolves: #1353740 - Backport Apache PR58118 to fix mod_proxy_fcgi |
|
spamming non-errors: AH01075: Error dispatching request to : (passing |
|
brigade to output filters) |
|
|
|
* Wed Mar 08 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-55 |
|
- Resolves: #1371876 - Apache httpd returns "200 OK" for a request |
|
exceeding LimitRequestBody when enabling mod_ext_filter |
|
|
|
* Tue Mar 07 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-54 |
|
- Resolves: #1372692 - Apache httpd does not log status code "413" in |
|
access_log when exceeding LimitRequestBody |
|
|
|
* Tue Mar 07 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-53 |
|
- Resolves: #1376835 - httpd with worker/event mpm segfaults after multiple |
|
successive graceful reloads |
|
|
|
* Tue Mar 07 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-52 |
|
- Resolves: #1332242 - Explicitly disallow the '#' character in allow,deny |
|
directives |
|
|
|
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-51 |
|
- Resolves: #1396197 - Backport: mod_proxy_wstunnel - AH02447: err/hup |
|
on backconn |
|
|
|
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-50 |
|
- Resolves: #1348019 - mod_proxy: Fix a race condition that caused a failed |
|
worker to be retried before the retry period is over |
|
|
|
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-49 |
|
- Resolves: #1389535 - Segmentation fault in SSL_renegotiate |
|
|
|
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-48 |
|
- Resolves: #1406184 - stapling_renew_response: abort early |
|
(before apr_uri_parse) if ocspuri is empty |
|
|
|
* Tue Feb 7 2017 Joe Orton <jorton@redhat.com> - 2.4.6-47 |
|
- prefork: fix delay completing graceful restart (#1327624) |
|
- mod_ldap: fix authz regression, failing to rebind (#1415257) |
|
|
|
* Thu Jan 26 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-46 |
|
- Resolves: #1412976 - CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 |
|
httpd: various flaws |
|
|
|
* Wed Aug 03 2016 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-45 |
|
- RFE: run mod_rewrite external mapping program as non-root (#1316900) |
|
|
|
* Tue Jul 12 2016 Joe Orton <jorton@redhat.com> - 2.4.6-44 |
|
- add security fix for CVE-2016-5387 |
|
|
|
* Tue Jul 5 2016 Joe Orton <jorton@redhat.com> - 2.4.6-43 |
|
- add 451 (Unavailable For Legal Reasons) response status-code (#1343582) |
|
|
|
* Fri Jun 17 2016 Joe Orton <jorton@redhat.com> - 2.4.6-42 |
|
- mod_cache: treat cache as valid with changed Expires in 304 (#1331341) |
|
|
|
* Wed Feb 24 2016 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-41 |
|
- mod_cache: merge r->err_headers_out into r->headers when the response |
|
is cached for the first time (#1264989) |
|
- mod_ssl: Do not send SSL warning when SNI hostname is not found as per |
|
RFC 6066 (#1298148) |
|
- mod_proxy_fcgi: Ignore body data from backend for 304 responses (#1263038) |
|
- fix apache user creation when apache group already exists (#1299889) |
|
- fix apache user creation when USERGROUPS_ENAB is set to 'no' (#1288757) |
|
- mod_proxy: fix slow response time for reponses with error status code |
|
when using ProxyErrorOverride (#1283653) |
|
- mod_ldap: Respect LDAPConnectionPoolTTL for authn connections (#1300149) |
|
- mod_ssl: use "localhost" in the dummy SSL cert for long FQDNs (#1240495) |
|
- rotatelogs: improve support for localtime (#1244545) |
|
- ab: fix read failure when targeting SSL server (#1255331) |
|
- mod_log_debug: fix LogMessage example in documentation (#1279465) |
|
- mod_authz_dbd, mod_authn_dbd, mod_session_dbd, mod_rewrite: Fix lifetime |
|
of DB lookup entries independently of the selected DB engine (#1287844) |
|
- mod_ssl: fix hardware crypto support with custom DH parms (#1291865) |
|
- mod_proxy_fcgi: fix SCRIPT_FILENAME when a balancer is used (#1302797) |
|
|
|
* Thu Sep 17 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-40 |
|
- mod_dav: follow up fix for previous commit (#1263975) |
|
|
|
* Wed Aug 26 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-39 |
|
- mod_dav: treat dav_resource uri as escaped (#1255480) |
|
|
|
* Wed Aug 19 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-38 |
|
- mod_ssl: add support for User Principal Name in SSLUserName (#1242503) |
|
|
|
* Mon Aug 10 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-37 |
|
- core: fix chunk header parsing defect (CVE-2015-3183) |
|
- core: replace of ap_some_auth_required with ap_some_authn_required |
|
and ap_force_authn hook (CVE-2015-3185) |
|
|
|
* Tue Jul 14 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-36 |
|
- Revert fix for #1162152, it is not needed in RHEL7 |
|
- mod_proxy_ajp: fix settings ProxyPass parameters for AJP backends (#1242416) |
|
|
|
* Wed Jul 01 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-35 |
|
- mod_remoteip: correct the trusted proxy match test (#1179306) |
|
- mod_dav: send complete response when resource is created (#1235383) |
|
- apachectl: correct the apachectl status man page (#1231924) |
|
|
|
* Wed Jun 03 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-34 |
|
- mod_proxy_fcgi: honor Timeout / ProxyTimeout (#1222328) |
|
- do not show all vhosts twice in httpd -D DUMP_VHOSTS output (#1225820) |
|
- fix -D[efined] or <Define>[d] variables lifetime accross restarts (#1227219) |
|
- mod_ssl: do not send NPN extension with not configured (#1226015) |
|
|
|
* Mon May 18 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-33 |
|
- mod_authz_dbm: fix crash when using "Require dbm-file-group" (#1221575) |
|
|
|
* Wed Apr 15 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-32 |
|
- mod_authn_dbd: fix use-after-free bug with postgresql (#1188779) |
|
- mod_remoteip: correct the trusted proxy match test (#1179306) |
|
- mod_status: honor remote_ip as documented (#1169081) |
|
- mod_deflate: fix decompression of files larger than 4GB (#1170214) |
|
- core: improve error message for inaccessible DocumentRoot (#1170220) |
|
- ab: try all addresses instead of failing on first one when not available (#1125276) |
|
- mod_proxy_wstunnel: add support for SSL (#1180745) |
|
- mod_proxy_wstunnel: load this module by default (#1180745) |
|
- mod_rewrite: add support for WebSockets (#1180745) |
|
- mod_rewrite: do not search for directory if a URL will be rewritten (#1210091) |
|
- mod_ssl: Fix SSL_CLIENT_VERIFY value when optional_no_ca and SSLSessionCache |
|
are used and SSL session is resumed (#1170206) |
|
- mod_ssl: fix memory leak on httpd reloads (#1181690) |
|
- mod_ssl: use SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA (#1118476) |
|
- mod_cgi: return error code 408 on timeout (#1162152) |
|
- mod_dav_fs: set default value of DAVLockDB (#1176449) |
|
- add Documentation= to the httpd.service and htcacheclean.service (#1184118) |
|
- do not display "bomb" icon for files ending with "core" (#1170215) |
|
- add missing Reason-Phrase in HTTP response headers (#1162159) |
|
- fix BuildRequires to require openssl-devel >= 1:1.0.1e-37 (#1160625) |
|
- apachectl: ignore HTTPD variable from sysconfig (#1214401) |
|
- apachectl: fix "graceful" documentation (#1214398) |
|
- apachectl: fix "graceful" behaviour when httpd is not running (#1214430) |
|
|
|
* Tue Dec 02 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-31 |
|
- mod_proxy_fcgi: determine if FCGI_CONN_CLOSE should be enabled |
|
instead of hardcoding it (#1168050) |
|
- mod_proxy: support Unix Domain Sockets (#1168081) |
|
|
|
* Tue Nov 25 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-30 |
|
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704) |
|
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581) |
|
|
|
* Tue Nov 04 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-29 |
|
- rebuild against proper version of OpenSSL (#1080125) |
|
|
|
* Wed Oct 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-28 |
|
- set vstring based on /etc/os-release (#1114123) |
|
|
|
* Mon Oct 06 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-27 |
|
- fix the dependency on openssl-libs to match the fix for #1080125 |
|
|
|
* Mon Sep 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-26 |
|
- allow <Auth*ProviderAlias>'es to be seen under virtual hosts (#1131847) |
|
|
|
* Fri Sep 19 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-25 |
|
- do not use hardcoded curve for ECDHE suites (#1080125) |
|
|
|
* Wed Sep 03 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-24 |
|
- allow reverse-proxy to be set via SetHandler (#1136290) |
|
|
|
* Thu Aug 21 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-23 |
|
- fix possible crash in SIGINT handling (#1131006) |
|
|
|
* Mon Aug 18 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-22 |
|
- ab: fix integer overflow when printing stats with lot of requests (#1092420) |
|
|
|
* Mon Aug 11 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-21 |
|
- add pre_htaccess so mpm-itk can be build as separate module (#1059143) |
|
|
|
* Tue Aug 05 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-20 |
|
- mod_ssl: prefer larger keys and support up to 8192-bit keys (#1073078) |
|
|
|
* Mon Aug 04 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-19 |
|
- fix build on ppc64le by using configure macro (#1125545) |
|
- compile httpd with -O3 on ppc64le (#1123490) |
|
- mod_rewrite: expose CONN_REMOTE_ADDR (#1060536) |
|
|
|
* Thu Jul 17 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-18 |
|
- mod_cgid: add security fix for CVE-2014-0231 (#1120608) |
|
- mod_proxy: add security fix for CVE-2014-0117 (#1120608) |
|
- mod_deflate: add security fix for CVE-2014-0118 (#1120608) |
|
- mod_status: add security fix for CVE-2014-0226 (#1120608) |
|
- mod_cache: add secutiry fix for CVE-2013-4352 (#1120608) |
|
|
|
* Thu Mar 20 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-17 |
|
- mod_dav: add security fix for CVE-2013-6438 (#1077907) |
|
- mod_log_config: add security fix for CVE-2014-0098 (#1077907) |
|
|
|
* Wed Mar 5 2014 Joe Orton <jorton@redhat.com> - 2.4.6-16 |
|
- mod_ssl: improve DH temp key handling (#1057687) |
|
|
|
* Wed Mar 5 2014 Joe Orton <jorton@redhat.com> - 2.4.6-15 |
|
- mod_ssl: use 2048-bit RSA key with SHA-256 signature in dummy certificate (#1071276) |
|
|
|
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.4.6-14 |
|
- Mass rebuild 2014-01-24 |
|
|
|
* Mon Jan 13 2014 Joe Orton <jorton@redhat.com> - 2.4.6-13 |
|
- mod_ssl: sanity-check use of "SSLCompression" (#1036666) |
|
- mod_proxy_http: fix brigade memory usage (#1040447) |
|
|
|
* Fri Jan 10 2014 Joe Orton <jorton@redhat.com> - 2.4.6-12 |
|
- rebuild |
|
|
|
* Thu Jan 9 2014 Joe Orton <jorton@redhat.com> - 2.4.6-11 |
|
- build with -O3 on ppc64 (#1051066) |
|
|
|
* Tue Jan 7 2014 Joe Orton <jorton@redhat.com> - 2.4.6-10 |
|
- mod_dav: fix locktoken handling (#1004046) |
|
|
|
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.4.6-9 |
|
- Mass rebuild 2013-12-27 |
|
|
|
* Fri Dec 20 2013 Joe Orton <jorton@redhat.com> - 2.4.6-8 |
|
- use unambiguous httpd-mmn (#1029360) |
|
|
|
* Fri Nov 1 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-7 |
|
- mod_ssl: allow SSLEngine to override Listen-based default (#1023168) |
|
|
|
* Thu Oct 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-6 |
|
- systemd: Use {MAINPID} notation in service file (#969972) |
|
|
|
* Thu Oct 24 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-5 |
|
- systemd: send SIGWINCH signal without httpd -k in ExecStop (#969972) |
|
|
|
* Thu Oct 03 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-4 |
|
- expand macros in macros.httpd (#1011393) |
|
|
|
* Mon Aug 26 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-3 |
|
- fix "LDAPReferrals off" to really disable LDAP Referrals |
|
|
|
* Wed Jul 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-2 |
|
- revert fix for dumping vhosts twice |
|
|
|
* Mon Jul 22 2013 Joe Orton <jorton@redhat.com> - 2.4.6-1 |
|
- update to 2.4.6 |
|
- mod_ssl: use revised NPN API (r1487772) |
|
|
|
* Thu Jul 11 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-12 |
|
- mod_unique_id: replace use of hostname + pid with PRNG output (#976666) |
|
- apxs: mention -p option in manpage |
|
|
|
* Tue Jul 2 2013 Joe Orton <jorton@redhat.com> - 2.4.4-11 |
|
- add patch for aarch64 (Dennis Gilmore, #925558) |
|
|
|
* Mon Jul 1 2013 Joe Orton <jorton@redhat.com> - 2.4.4-10 |
|
- remove duplicate apxs man page from httpd-tools |
|
|
|
* Mon Jun 17 2013 Joe Orton <jorton@redhat.com> - 2.4.4-9 |
|
- remove zombie dbmmanage script |
|
|
|
* Fri May 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-8 |
|
- return 400 Bad Request on malformed Host header |
|
|
|
* Mon May 20 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-6 |
|
- htpasswd/htdbm: fix hash generation bug (#956344) |
|
- do not dump vhosts twice in httpd -S output (#928761) |
|
- mod_cache: fix potential crash caused by uninitialized variable (#954109) |
|
|
|
* Thu Apr 18 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-5 |
|
- execute systemctl reload as result of apachectl graceful |
|
- mod_ssl: ignore SNI hints unless required by config |
|
- mod_cache: forward-port CacheMaxExpire "hard" option |
|
- mod_ssl: fall back on another module's proxy hook if mod_ssl proxy |
|
is not configured. |
|
|
|
* Tue Apr 16 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-4 |
|
- fix service file to not send SIGTERM after ExecStop (#906321, #912288) |
|
|
|
* Tue Mar 26 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-3 |
|
- protect MIMEMagicFile with IfModule (#893949) |
|
|
|
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-2 |
|
- really package mod_auth_form in mod_session (#915438) |
|
|
|
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-1 |
|
- update to 2.4.4 |
|
- fix duplicate ownership of mod_session config (#914901) |
|
|
|
* Fri Feb 22 2013 Joe Orton <jorton@redhat.com> - 2.4.3-17 |
|
- add mod_session subpackage, move mod_auth_form there (#894500) |
|
|
|
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.3-16 |
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild |
|
|
|
* Tue Jan 8 2013 Joe Orton <jorton@redhat.com> - 2.4.3-15 |
|
- add systemd service for htcacheclean |
|
|
|
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-14 |
|
- drop patch for r1344712 |
|
|
|
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-13 |
|
- filter mod_*.so auto-provides (thanks to rcollet) |
|
- pull in syslog logging fix from upstream (r1344712) |
|
|
|
* Fri Oct 26 2012 Joe Orton <jorton@redhat.com> - 2.4.3-12 |
|
- rebuild to pick up new apr-util-ldap |
|
|
|
* Tue Oct 23 2012 Joe Orton <jorton@redhat.com> - 2.4.3-11 |
|
- rebuild |
|
|
|
* Wed Oct 3 2012 Joe Orton <jorton@redhat.com> - 2.4.3-10 |
|
- pull upstream patch r1392850 in addition to r1387633 |
|
|
|
* Mon Oct 1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-9.1 |
|
- restore "ServerTokens Full-Release" support (#811714) |
|
|
|
* Mon Oct 1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-9 |
|
- define PLATFORM in os.h using vendor string |
|
|
|
* Mon Oct 1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-8 |
|
- use systemd script unconditionally (#850149) |
|
|
|
* Mon Oct 1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-7 |
|
- use systemd scriptlets if available (#850149) |
|
- don't run posttrans restart if /etc/sysconfig/httpd-disable-posttrans exists |
|
|
|
* Mon Oct 01 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-6 |
|
- use systemctl from apachectl (#842736) |
|
|
|
* Wed Sep 19 2012 Joe Orton <jorton@redhat.com> - 2.4.3-5 |
|
- fix some error log spam with graceful-stop (r1387633) |
|
- minor mod_systemd tweaks |
|
|
|
* Thu Sep 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-4 |
|
- use IncludeOptional for conf.d/*.conf inclusion |
|
|
|
* Fri Sep 07 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-3 |
|
- adding mod_systemd to integrate with systemd better |
|
|
|
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-2 |
|
- mod_ssl: add check for proxy keypair match (upstream r1374214) |
|
|
|
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-1 |
|
- update to 2.4.3 (#849883) |
|
- own the docroot (#848121) |
|
|
|
* Mon Aug 6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-23 |
|
- add mod_proxy fixes from upstream (r1366693, r1365604) |
|
|
|
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-22 |
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
|
|
|
* Fri Jul 6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-21 |
|
- drop explicit version requirement on initscripts |
|
|
|
* Thu Jul 5 2012 Joe Orton <jorton@redhat.com> - 2.4.2-20 |
|
- mod_ext_filter: fix error_log warnings |
|
|
|
* Mon Jul 2 2012 Joe Orton <jorton@redhat.com> - 2.4.2-19 |
|
- support "configtest" and "graceful" as initscripts "legacy actions" |
|
|
|
* Fri Jun 8 2012 Joe Orton <jorton@redhat.com> - 2.4.2-18 |
|
- avoid use of "core" GIF for a "core" directory (#168776) |
|
- drop use of "syslog.target" in systemd unit file |
|
|
|
* Thu Jun 7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-17 |
|
- use _unitdir for systemd unit file |
|
- use /run in unit file, ssl.conf |
|
|
|
* Thu Jun 7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-16 |
|
- mod_ssl: fix NPN patch merge |
|
|
|
* Wed Jun 6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-15 |
|
- move tmpfiles.d fragment into /usr/lib per new guidelines |
|
- package /run/httpd not /var/run/httpd |
|
- set runtimedir to /run/httpd likewise |
|
|
|
* Wed Jun 6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-14 |
|
- fix htdbm/htpasswd crash on crypt() failure (#818684) |
|
|
|
* Wed Jun 6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-13 |
|
- pull fix for NPN patch from upstream (r1345599) |
|
|
|
* Thu May 31 2012 Joe Orton <jorton@redhat.com> - 2.4.2-12 |
|
- update suexec patch to use LOG_AUTHPRIV facility |
|
|
|
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-11 |
|
- really fix autoindex.conf (thanks to remi@) |
|
|
|
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-10 |
|
- fix autoindex.conf to allow symlink to poweredby.png |
|
|
|
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-9 |
|
- suexec: use upstream version of patch for capability bit support |
|
|
|
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-8 |
|
- suexec: use syslog rather than suexec.log, drop dac_override capability |
|
|
|
* Tue May 1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-7 |
|
- mod_ssl: add TLS NPN support (r1332643, #809599) |
|
|
|
* Tue May 1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-6 |
|
- add BR on APR >= 1.4.0 |
|
|
|
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-5 |
|
- use systemctl from logrotate (#221073) |
|
|
|
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-4 |
|
- pull from upstream: |
|
* use TLS close_notify alert for dummy_connection (r1326980+) |
|
* cleanup symbol exports (r1327036+) |
|
|
|
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3.2 |
|
- rebuild |
|
|
|
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3 |
|
- really fix restart |
|
|
|
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-2 |
|
- tweak default ssl.conf |
|
- fix restart handling (#814645) |
|
- use graceful restart by default |
|
|
|
* Wed Apr 18 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.2-1 |
|
- update to 2.4.2 |
|
|
|
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-6 |
|
- fix macros |
|
|
|
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-5 |
|
- add _httpd_moddir to macros |
|
|
|
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-4 |
|
- fix symlink for poweredby.png |
|
- fix manual.conf |
|
|
|
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-3 |
|
- add mod_proxy_html subpackage (w/mod_proxy_html + mod_xml2enc) |
|
- move mod_ldap, mod_authnz_ldap to mod_ldap subpackage |
|
|
|
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-2 |
|
- clean docroot better |
|
- ship proxy, ssl directories within /var/cache/httpd |
|
- default config: |
|
* unrestricted access to (only) /var/www |
|
* remove (commented) Mutex, MaxRanges, ScriptSock |
|
* split autoindex config to conf.d/autoindex.conf |
|
- ship additional example configs in docdir |
|
|
|
* Tue Mar 6 2012 Joe Orton <jorton@redhat.com> - 2.4.1-1 |
|
- update to 2.4.1 |
|
- adopt upstream default httpd.conf (almost verbatim) |
|
- split all LoadModules to conf.modules.d/*.conf |
|
- include conf.d/*.conf at end of httpd.conf |
|
- trim %%changelog |
|
|
|
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-2 |
|
- fix build against PCRE 8.30 |
|
|
|
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-1 |
|
- update to 2.2.22 |
|
|
|
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 2.2.21-8 |
|
- Rebuild against PCRE 8.30 |
|
|
|
* Mon Jan 23 2012 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-7 |
|
- fix #783629 - start httpd after named |
|
|
|
* Mon Jan 16 2012 Joe Orton <jorton@redhat.com> - 2.2.21-6 |
|
- complete conversion to systemd, drop init script (#770311) |
|
- fix comments in /etc/sysconfig/httpd (#771024) |
|
- enable PrivateTmp in service file (#781440) |
|
- set LANG=C in /etc/sysconfig/httpd |
|
|
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.21-5 |
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild |
|
|
|
* Tue Dec 06 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-4 |
|
- fix #751591 - start httpd after remote-fs |
|
|
|
* Mon Oct 24 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-3 |
|
- allow change state of BalancerMember in mod_proxy_balancer web interface |
|
|
|
* Thu Sep 22 2011 Ville Skyttä <ville.skytta@iki.fi> - 2.2.21-2 |
|
- Make mmn available as %%{_httpd_mmn}. |
|
- Add .svgz to AddEncoding x-gzip example in httpd.conf. |
|
|
|
* Tue Sep 13 2011 Joe Orton <jorton@redhat.com> - 2.2.21-1 |
|
- update to 2.2.21 |
|
|
|
* Mon Sep 5 2011 Joe Orton <jorton@redhat.com> - 2.2.20-1 |
|
- update to 2.2.20 |
|
- fix MPM stub man page generation |
|
|
|
* Wed Aug 10 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-5 |
|
- fix #707917 - add httpd-ssl-pass-dialog to ask for SSL password using systemd |
|
|
|
* Fri Jul 22 2011 Iain Arnell <iarnell@gmail.com> 1:2.2.19-4 |
|
- rebuild while rpm-4.9.1 is untagged to remove trailing slash in provided |
|
directory names |
|
|
|
* Wed Jul 20 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-3 |
|
- fix #716621 - suexec now works without setuid bit |
|
|
|
* Thu Jul 14 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-2 |
|
- fix #689091 - backported patch from 2.3 branch to support IPv6 in logresolve |
|
|
|
* Fri Jul 1 2011 Joe Orton <jorton@redhat.com> - 2.2.19-1 |
|
- update to 2.2.19 |
|
- enable dbd, authn_dbd in default config |
|
|
|
* Thu Apr 14 2011 Joe Orton <jorton@redhat.com> - 2.2.17-13 |
|
- fix path expansion in service files |
|
|
|
* Tue Apr 12 2011 Joe Orton <jorton@redhat.com> - 2.2.17-12 |
|
- add systemd service files (#684175, thanks to Jóhann B. Guðmundsson) |
|
|
|
* Wed Mar 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-11 |
|
- minor updates to httpd.conf |
|
- drop old patches |
|
|
|
* Wed Mar 2 2011 Joe Orton <jorton@redhat.com> - 2.2.17-10 |
|
- rebuild |
|
|
|
* Wed Feb 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-9 |
|
- use arch-specific mmn |
|
|
|
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.17-8 |
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild |
|
|
|
* Mon Jan 31 2011 Joe Orton <jorton@redhat.com> - 2.2.17-7 |
|
- generate dummy mod_ssl cert with CA:FALSE constraint (#667841) |
|
- add man page stubs for httpd.event, httpd.worker |
|
- drop distcache support |
|
- add STOP_TIMEOUT support to init script |
|
|
|
* Sat Jan 8 2011 Joe Orton <jorton@redhat.com> - 2.2.17-6 |
|
- update default SSLCipherSuite per upstream trunk |
|
|
|
* Wed Jan 5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-5 |
|
- fix requires (#667397) |
|
|
|
* Wed Jan 5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-4 |
|
- de-ghost /var/run/httpd |
|
|
|
* Tue Jan 4 2011 Joe Orton <jorton@redhat.com> - 2.2.17-3 |
|
- add tmpfiles.d configuration, ghost /var/run/httpd (#656600) |
|
|
|
* Sat Nov 20 2010 Joe Orton <jorton@redhat.com> - 2.2.17-2 |
|
- drop setuid bit, use capabilities for suexec binary |
|
|
|
* Wed Oct 27 2010 Joe Orton <jorton@redhat.com> - 2.2.17-1 |
|
- update to 2.2.17 |
|
|
|
* Fri Sep 10 2010 Joe Orton <jorton@redhat.com> - 2.2.16-2 |
|
- link everything using -z relro and -z now |
|
|
|
* Mon Jul 26 2010 Joe Orton <jorton@redhat.com> - 2.2.16-1 |
|
- update to 2.2.16 |
|
|
|
* Fri Jul 9 2010 Joe Orton <jorton@redhat.com> - 2.2.15-3 |
|
- default config tweaks: |
|
* harden httpd.conf w.r.t. .htaccess restriction (#591293) |
|
* load mod_substitute, mod_version by default |
|
* drop proxy_ajp.conf, load mod_proxy_ajp in httpd.conf |
|
* add commented list of shipped-but-unloaded modules |
|
* bump up worker defaults a little |
|
* drop KeepAliveTimeout to 5 secs per upstream |
|
- fix LSB compliance in init script (#522074) |
|
- bundle NOTICE in -tools |
|
- use init script in logrotate postrotate to pick up PIDFILE |
|
- drop some old Obsoletes/Conflicts |
|
|
|
* Sun Apr 04 2010 Robert Scheck <robert@fedoraproject.org> - 2.2.15-1 |
|
- update to 2.2.15 (#572404, #579311) |
|
|
|
|