From 1578b453430d67328430007f0f1ddfffc0e83dfd Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Thu, 15 Aug 2019 06:44:03 +0100 Subject: [PATCH] update to 2.4.41 --- httpd-2.4.37-r1857129.patch | 65 ------------------------------------ httpd-2.4.37-r1861793+.patch | 4 +-- httpd-2.4.39-r1842929+.patch | 35 ------------------- httpd.spec | 10 +++--- sources | 2 +- 5 files changed, 8 insertions(+), 108 deletions(-) delete mode 100644 httpd-2.4.37-r1857129.patch diff --git a/httpd-2.4.37-r1857129.patch b/httpd-2.4.37-r1857129.patch deleted file mode 100644 index 4dbf05a..0000000 --- a/httpd-2.4.37-r1857129.patch +++ /dev/null @@ -1,65 +0,0 @@ -# ./pullrev.sh 1857129 -http://svn.apache.org/viewvc?view=revision&revision=1857129 - ---- httpd-2.4.37/modules/filters/mod_reqtimeout.c -+++ httpd-2.4.37/modules/filters/mod_reqtimeout.c -@@ -31,7 +31,7 @@ - #define UNSET -1 - #define MRT_DEFAULT_handshake_TIMEOUT 0 /* disabled */ - #define MRT_DEFAULT_handshake_MAX_TIMEOUT 0 --#define MRT_DEFAULT_handshake_MIN_RATE APR_INT32_MAX -+#define MRT_DEFAULT_handshake_MIN_RATE 0 - #define MRT_DEFAULT_header_TIMEOUT 20 - #define MRT_DEFAULT_header_MAX_TIMEOUT 40 - #define MRT_DEFAULT_header_MIN_RATE 500 -@@ -220,7 +220,7 @@ - if (block == APR_NONBLOCK_READ || mode == AP_MODE_INIT - || mode == AP_MODE_EATCRLF) { - rv = ap_get_brigade(f->next, bb, mode, block, readbytes); -- if (ccfg->cur_stage.rate_factor > 0 && rv == APR_SUCCESS) { -+ if (ccfg->cur_stage.rate_factor && rv == APR_SUCCESS) { - extend_timeout(ccfg, bb); - } - return rv; -@@ -254,7 +254,7 @@ - } - - if (!APR_BRIGADE_EMPTY(bb)) { -- if (ccfg->cur_stage.rate_factor > 0) { -+ if (ccfg->cur_stage.rate_factor) { - extend_timeout(ccfg, bb); - } - -@@ -315,7 +315,7 @@ - * the real (relevant) bytes to be asked later, within the - * currently alloted time. - */ -- if (ccfg->cur_stage.rate_factor > 0 && rv == APR_SUCCESS -+ if (ccfg->cur_stage.rate_factor && rv == APR_SUCCESS - && mode != AP_MODE_SPECULATIVE) { - extend_timeout(ccfg, bb); - } -@@ -638,17 +638,17 @@ - ap_hook_post_read_request(reqtimeout_before_body, NULL, NULL, - APR_HOOK_MIDDLE); - --#if MRT_DEFAULT_HANDSHAKE_MIN_RATE > 0 -+#if MRT_DEFAULT_handshake_MIN_RATE - default_handshake_rate_factor = apr_time_from_sec(1) / -- MRT_DEFAULT_HANDSHAKE_MIN_RATE; -+ MRT_DEFAULT_handshake_MIN_RATE; - #endif --#if MRT_DEFAULT_HEADER_MIN_RATE > 0 -+#if MRT_DEFAULT_header_MIN_RATE - default_header_rate_factor = apr_time_from_sec(1) / -- MRT_DEFAULT_HEADER_MIN_RATE; -+ MRT_DEFAULT_header_MIN_RATE; - #endif --#if MRT_DEFAULT_BODY_MIN_RATE > 0 -+#if MRT_DEFAULT_body_MIN_RATE - default_body_rate_factor = apr_time_from_sec(1) / -- MRT_DEFAULT_BODY_MIN_RATE; -+ MRT_DEFAULT_body_MIN_RATE; - #endif - } - diff --git a/httpd-2.4.37-r1861793+.patch b/httpd-2.4.37-r1861793+.patch index c522c7c..22886e2 100644 --- a/httpd-2.4.37-r1861793+.patch +++ b/httpd-2.4.37-r1861793+.patch @@ -46,7 +46,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1862612 + " -5 Force SHA-512 crypt() hash of the password (very secure)." NL + " -B Force bcrypt aencryption of the password (very secure)." NL " -C Set the computing time used for the bcrypt algorithm" NL - " (higher is more secure but slower, default: %d, valid: 4 to 31)." NL + " (higher is more secure but slower, default: %d, valid: 4 to 17)." NL + " -r Set the number of rounds used for the SHA-256, SHA-512 algorithms" NL + " (higher is more secure but slower, default: 5000)." NL " -d Force CRYPT encryption of the password (8 chars max, insecure)." NL @@ -237,7 +237,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1862612 .TP @@ -79,11 +85,14 @@ \fB-C\fR - This flag is only allowed in combination with \fB-B\fR (bcrypt encryption)\&. It sets the computing time used for the bcrypt algorithm (higher is more secure but slower, default: 5, valid: 4 to 31)\&. + This flag is only allowed in combination with \fB-B\fR (bcrypt encryption)\&. It sets the computing time used for the bcrypt algorithm (higher is more secure but slower, default: 5, valid: 4 to 17)\&. .TP +\fB-r\fR +This flag is only allowed in combination with \fB-2\fR or \fB-5\fR\&. It sets the number of hash rounds used for the SHA-2 algorithms (higher is more secure but slower; the default is 5,000)\&. diff --git a/httpd-2.4.39-r1842929+.patch b/httpd-2.4.39-r1842929+.patch index 9fea432..0bf7292 100644 --- a/httpd-2.4.39-r1842929+.patch +++ b/httpd-2.4.39-r1842929+.patch @@ -118,41 +118,6 @@ http://svn.apache.org/viewvc?view=revision&revision=1853631 dav_hook_gather_propsets(dav_fs_gather_propsets, NULL, NULL, APR_HOOK_MIDDLE); dav_hook_find_liveprop(dav_fs_find_liveprop, NULL, NULL, APR_HOOK_MIDDLE); ---- httpd-2.4.39/modules/md/mod_md_config.c.r1842929+ -+++ httpd-2.4.39/modules/md/mod_md_config.c -@@ -54,10 +54,18 @@ - - #define DEF_VAL (-1) - -+#ifndef MD_DEFAULT_BASE_DIR -+#define MD_DEFAULT_BASE_DIR "md" -+#endif -+ - /* Default settings for the global conf */ - static md_mod_conf_t defmc = { - NULL, -- "md", -+#if 1 -+ NULL, /* apply default state-dir-relative */ -+#else -+ MD_DEFAULT_BASE_DIR, -+#endif - NULL, - NULL, - 80, -@@ -864,6 +872,12 @@ - if (mc->hsts_max_age > 0) { - mc->hsts_header = apr_psprintf(p, "max-age=%d", mc->hsts_max_age); - } -+ -+#if 1 -+ if (mc->base_dir == NULL) { -+ mc->base_dir = ap_state_dir_relative(p, MD_DEFAULT_BASE_DIR); -+ } -+#endif - - return APR_SUCCESS; - } --- httpd-2.4.39/server/core.c.r1842929+ +++ httpd-2.4.39/server/core.c @@ -129,6 +129,8 @@ diff --git a/httpd.spec b/httpd.spec index 69c630c..ed18bf1 100644 --- a/httpd.spec +++ b/httpd.spec @@ -12,8 +12,8 @@ Summary: Apache HTTP Server Name: httpd -Version: 2.4.39 -Release: 13%{?dist} +Version: 2.4.41 +Release: 1%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -83,8 +83,6 @@ Patch42: httpd-2.4.37-r1828172+.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1397243 Patch58: httpd-2.4.34-r1738878.patch Patch60: httpd-2.4.34-enable-sslv3.patch -# https://bz.apache.org/bugzilla/show_bug.cgi?id=63325 -Patch61: httpd-2.4.37-r1857129.patch # Security fixes @@ -223,7 +221,6 @@ interface for storing and accessing per-user session data. %patch58 -p1 -b .r1738878 %patch60 -p1 -b .enable-sslv3 -%patch61 -p1 -b .r1857129 # Patch in the vendor string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h @@ -744,6 +741,9 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Thu Aug 15 2019 Joe Orton - 2.4.41-1 +- update to 2.4.41 + * Thu Jul 25 2019 Fedora Release Engineering - 2.4.39-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild diff --git a/sources b/sources index 248974a..c6aa939 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (httpd-2.4.39.tar.bz2) = 9742202040b3dc6344b301540f54b2d3f8e36898410d24206a7f8dcecb1bea7d7230fabc7256752724558af249facf64bffe2cf678b8f7cccb64076737abfda7 +SHA512 (httpd-2.4.41.tar.bz2) = 350cc7dcd2c439e0590338fa6da3f44df44f9bb885c381e91f91b14c2f48597f6f0bbac0ea118a8a67eaa70ae7edbb769beace368643ed73f6daee44c307b335