rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

new version 2.4.38 (#1668125)

Browse Source 
adjusted patches
This commit is contained in:
Lubos Uhliarik 2019-01-23 11:21:32 +00:00
parent ccaa54fd8d
commit 1810bd511f
3 changed files with 52 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
httpd-2.4.33-r1830819+.patch → httpd-2.4.38-r1830819+.patch
View File

@ -9,9 +9,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1831173
http://svn.apache.org/viewvc?view=revision&revision=1835240
http://svn.apache.org/viewvc?view=revision&revision=1835242
--- httpd-2.4.33/modules/ssl/ssl_engine_config.c.r1830819+
+++ httpd-2.4.33/modules/ssl/ssl_engine_config.c
@@ -891,7 +891,9 @@
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index d276fea..5467d23 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -919,7 +919,9 @@ const char *ssl_cmd_SSLCertificateFile(cmd_parms *cmd,
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
const char *err;
@ -22,7 +24,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
return err;
}
@@ -907,7 +909,9 @@
@@ -935,7 +937,9 @@ const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd,
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
const char *err;
@ -33,9 +35,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
return err;
}
--- httpd-2.4.33/modules/ssl/ssl_engine_init.c.r1830819+
+++ httpd-2.4.33/modules/ssl/ssl_engine_init.c
@@ -1181,12 +1182,18 @@
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 8ba3486..e1b0844 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1264,12 +1264,18 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
(certfile = APR_ARRAY_IDX(mctx->pks->cert_files, i,
const char *));
i++) {
@ -55,7 +59,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
if ((SSL_CTX_use_certificate_file(mctx->ssl_ctx, certfile,
SSL_FILETYPE_PEM) < 1)) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02561)
@@ -1215,12 +1222,46 @@
@@ -1298,12 +1304,46 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
ERR_clear_error();
@ -107,7 +111,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
const unsigned char *ptr;
ERR_clear_error();
@@ -1307,8 +1348,9 @@
@@ -1390,8 +1430,9 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
/*
* Try to read DH parameters from the (first) SSLCertificateFile
*/
@ -119,7 +123,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540)
"Custom DH parameters (%d bits) for %s loaded from %s",
@@ -1320,10 +1362,10 @@
@@ -1403,10 +1444,10 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
/*
* Similarly, try to read the ECDH curve name from SSLCertificateFile...
*/
@ -134,42 +138,20 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541)
"ECDH curve %s for %s specified in %s",
--- httpd-2.4.33/modules/ssl/ssl_engine_pphrase.c.r1830819+
+++ httpd-2.4.33/modules/ssl/ssl_engine_pphrase.c
@@ -143,9 +143,6 @@
diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c
index 8c29443..d5d33f7 100644
--- a/modules/ssl/ssl_engine_pphrase.c
+++ b/modules/ssl/ssl_engine_pphrase.c
@@ -143,8 +143,6 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
const char *key_id = asn1_table_vhost_key(mc, p, sc->vhost_id, idx);
EVP_PKEY *pPrivateKey = NULL;
ssl_asn1_t *asn1;
- unsigned char *ucp;
- long int length;
- BOOL bReadable;
int nPassPhrase = (*pphrases)->nelts;
int nPassPhraseRetry = 0;
apr_time_t pkey_mtime = 0;
@@ -222,16 +219,12 @@
* is not empty. */
ERR_clear_error();
- bReadable = ((pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file,
- NULL, ssl_pphrase_Handle_CB, &ppcb_arg)) != NULL ?
- TRUE : FALSE);
-
- /*
- * when the private key file now was readable,
- * it's fine and we go out of the loop
- */
- if (bReadable)
- break;
+ pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file,
+ ssl_pphrase_Handle_CB, &ppcb_arg);
+ /* If the private key was successfully read, nothing more to
+ do here. */
+ if (pPrivateKey != NULL)
+ break;
/*
* when we have more remembered pass phrases
@@ -356,19 +349,12 @@
@@ -351,19 +349,12 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
nPassPhrase++;
}
@ -192,7 +174,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
asn1->source_mtime = pkey_mtime;
}
@@ -619,3 +605,288 @@
@@ -614,3 +605,288 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv)
*/
return (len);
}
@ -481,9 +463,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
+ return APR_SUCCESS;
+}
+#endif
--- httpd-2.4.33/modules/ssl/ssl_private.h.r1830819+
+++ httpd-2.4.33/modules/ssl/ssl_private.h
@@ -976,21 +976,28 @@
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index f46814d..1fdde13 100644
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -1002,21 +1002,28 @@ BOOL ssl_util_vhost_matches(const char *servername, server_rec *s);
apr_status_t ssl_load_encrypted_pkey(server_rec *, apr_pool_t *, int,
const char *, apr_array_header_t **);
@ -521,7 +505,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
/** Mutex Support */
int ssl_mutex_init(server_rec *, apr_pool_t *);
@@ -1078,6 +1085,10 @@
@@ -1109,6 +1116,10 @@ int modssl_request_is_tls(const request_rec *r, SSLConnRec **sslconn);
int ssl_is_challenge(conn_rec *c, const char *servername,
X509 **pcert, EVP_PKEY **pkey);
@ -532,9 +516,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
#endif /* SSL_PRIVATE_H */
/** @} */
--- httpd-2.4.33/modules/ssl/ssl_util.c.r1830819+
+++ httpd-2.4.33/modules/ssl/ssl_util.c
@@ -181,45 +181,37 @@
diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c
index 0d23465..223b385 100644
--- a/modules/ssl/ssl_util.c
+++ b/modules/ssl/ssl_util.c
@@ -192,45 +192,37 @@ BOOL ssl_util_path_check(ssl_pathcheck_t pcm, const char *path, apr_pool_t *p)
return TRUE;
}
@ -596,7 +582,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
}
ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
@@ -469,3 +461,13 @@
@@ -480,3 +472,13 @@ void ssl_util_thread_id_setup(apr_pool_t *p)
}
#endif /* #if APR_HAS_THREADS && MODSSL_USE_OPENSSL_PRE_1_1_API */
@ -610,9 +596,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
+ return 0;
+#endif
+}
--- httpd-2.4.33/modules/ssl/ssl_util_ssl.c.r1830819+
+++ httpd-2.4.33/modules/ssl/ssl_util_ssl.c
@@ -74,7 +74,7 @@
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index b7f0eca..4fa089b 100644
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -74,7 +74,7 @@ void modssl_set_app_data2(SSL *ssl, void *arg)
** _________________________________________________________________
*/
@ -621,7 +609,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
{
EVP_PKEY *rc;
BIO *bioS;
@@ -83,7 +83,7 @@
@@ -83,7 +83,7 @@ EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_passw
/* 1. try PEM (= DER+Base64+headers) */
if ((bioS=BIO_new_file(filename, "r")) == NULL)
return NULL;
@ -630,7 +618,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
BIO_free(bioS);
if (rc == NULL) {
@@ -107,41 +107,9 @@
@@ -107,41 +107,9 @@ EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_passw
BIO_free(bioS);
}
}
@ -672,8 +660,10 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
/* _________________________________________________________________
**
** Smart shutdown
--- httpd-2.4.33/modules/ssl/ssl_util_ssl.h.r1830819+
+++ httpd-2.4.33/modules/ssl/ssl_util_ssl.h
diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h
index c67dacf..d6307d9 100644
--- a/modules/ssl/ssl_util_ssl.h
+++ b/modules/ssl/ssl_util_ssl.h
@@ -64,8 +64,11 @@
void modssl_init_app_data2_idx(void);
void *modssl_get_app_data2(SSL *);

11
httpd.spec
View File

@ -12,8 +12,8 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.37
Release: 6%{?dist}
Version: 2.4.38
Release: 1%{?dist}
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html
@ -74,7 +74,7 @@ Patch29: httpd-2.4.33-systemd.patch
Patch30: httpd-2.4.4-cachehardmax.patch
Patch31: httpd-2.4.33-sslmultiproxy.patch
Patch34: httpd-2.4.17-socket-activation.patch
Patch36: httpd-2.4.33-r1830819+.patch
Patch36: httpd-2.4.38-r1830819+.patch
Patch38: httpd-2.4.34-sslciphdefault.patch
Patch39: httpd-2.4.37-sslprotdefault.patch
@ -235,7 +235,7 @@ interface for storing and accessing per-user session data.
%patch30 -p1 -b .cachehardmax
#patch31 -p1 -b .sslmultiproxy
%patch34 -p1 -b .socketactivation
%patch36 -p1 -b .r1830819+
#%patch36 -p1 -b .r1830819+
%patch38 -p1 -b .sslciphdefault
%patch39 -p1 -b .sslprotdefault
@ -739,6 +739,9 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Wed Jan 23 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.38-1
- new version 2.4.38 (#1668125)
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2.4.37-6
- Rebuilt for libcrypt.so.2 (#1666033)

2
sources
View File

@ -1 +1 @@
SHA512 (httpd-2.4.37.tar.bz2) = e802915801bbe885a65dada04b0116d145b293fabfff734dddb61a79ca1c6d65326f51155d1b864b093c3ec00d0bdfdf1401ab55677bae1ea3da1d199d7bcad4
SHA512 (httpd-2.4.38.tar.bz2) = 8bdc36fa2bd13fd83feee17fdce4a5316ed8f96c1ac32b636ba106572ba257815438c72068d2d0e900783a3fa25c90a5da34c3f83fc2c04a1dbdbf234f7ad448