diff --git a/httpd-2.4.33-r1830819+.patch b/httpd-2.4.38-r1830819+.patch similarity index 89% rename from httpd-2.4.33-r1830819+.patch rename to httpd-2.4.38-r1830819+.patch index 0b2d90d..01027ce 100644 --- a/httpd-2.4.33-r1830819+.patch +++ b/httpd-2.4.38-r1830819+.patch @@ -9,9 +9,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1831173 http://svn.apache.org/viewvc?view=revision&revision=1835240 http://svn.apache.org/viewvc?view=revision&revision=1835242 ---- httpd-2.4.33/modules/ssl/ssl_engine_config.c.r1830819+ -+++ httpd-2.4.33/modules/ssl/ssl_engine_config.c -@@ -891,7 +891,9 @@ +diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c +index d276fea..5467d23 100644 +--- a/modules/ssl/ssl_engine_config.c ++++ b/modules/ssl/ssl_engine_config.c +@@ -919,7 +919,9 @@ const char *ssl_cmd_SSLCertificateFile(cmd_parms *cmd, SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; @@ -22,7 +24,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 return err; } -@@ -907,7 +909,9 @@ +@@ -935,7 +937,9 @@ const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd, SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; @@ -33,9 +35,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 return err; } ---- httpd-2.4.33/modules/ssl/ssl_engine_init.c.r1830819+ -+++ httpd-2.4.33/modules/ssl/ssl_engine_init.c -@@ -1181,12 +1182,18 @@ +diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c +index 8ba3486..e1b0844 100644 +--- a/modules/ssl/ssl_engine_init.c ++++ b/modules/ssl/ssl_engine_init.c +@@ -1264,12 +1264,18 @@ static apr_status_t ssl_init_server_certs(server_rec *s, (certfile = APR_ARRAY_IDX(mctx->pks->cert_files, i, const char *)); i++) { @@ -55,7 +59,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 if ((SSL_CTX_use_certificate_file(mctx->ssl_ctx, certfile, SSL_FILETYPE_PEM) < 1)) { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02561) -@@ -1215,12 +1222,46 @@ +@@ -1298,12 +1304,46 @@ static apr_status_t ssl_init_server_certs(server_rec *s, ERR_clear_error(); @@ -107,7 +111,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 const unsigned char *ptr; ERR_clear_error(); -@@ -1307,8 +1348,9 @@ +@@ -1390,8 +1430,9 @@ static apr_status_t ssl_init_server_certs(server_rec *s, /* * Try to read DH parameters from the (first) SSLCertificateFile */ @@ -119,7 +123,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540) "Custom DH parameters (%d bits) for %s loaded from %s", -@@ -1320,10 +1362,10 @@ +@@ -1403,10 +1444,10 @@ static apr_status_t ssl_init_server_certs(server_rec *s, /* * Similarly, try to read the ECDH curve name from SSLCertificateFile... */ @@ -134,42 +138,20 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541) "ECDH curve %s for %s specified in %s", ---- httpd-2.4.33/modules/ssl/ssl_engine_pphrase.c.r1830819+ -+++ httpd-2.4.33/modules/ssl/ssl_engine_pphrase.c -@@ -143,9 +143,6 @@ +diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c +index 8c29443..d5d33f7 100644 +--- a/modules/ssl/ssl_engine_pphrase.c ++++ b/modules/ssl/ssl_engine_pphrase.c +@@ -143,8 +143,6 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx, const char *key_id = asn1_table_vhost_key(mc, p, sc->vhost_id, idx); EVP_PKEY *pPrivateKey = NULL; ssl_asn1_t *asn1; - unsigned char *ucp; - long int length; -- BOOL bReadable; int nPassPhrase = (*pphrases)->nelts; int nPassPhraseRetry = 0; apr_time_t pkey_mtime = 0; -@@ -222,16 +219,12 @@ - * is not empty. */ - ERR_clear_error(); - -- bReadable = ((pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file, -- NULL, ssl_pphrase_Handle_CB, &ppcb_arg)) != NULL ? -- TRUE : FALSE); -- -- /* -- * when the private key file now was readable, -- * it's fine and we go out of the loop -- */ -- if (bReadable) -- break; -+ pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file, -+ ssl_pphrase_Handle_CB, &ppcb_arg); -+ /* If the private key was successfully read, nothing more to -+ do here. */ -+ if (pPrivateKey != NULL) -+ break; - - /* - * when we have more remembered pass phrases -@@ -356,19 +349,12 @@ +@@ -351,19 +349,12 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx, nPassPhrase++; } @@ -192,7 +174,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 asn1->source_mtime = pkey_mtime; } -@@ -619,3 +605,288 @@ +@@ -614,3 +605,288 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv) */ return (len); } @@ -481,9 +463,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 + return APR_SUCCESS; +} +#endif ---- httpd-2.4.33/modules/ssl/ssl_private.h.r1830819+ -+++ httpd-2.4.33/modules/ssl/ssl_private.h -@@ -976,21 +976,28 @@ +diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h +index f46814d..1fdde13 100644 +--- a/modules/ssl/ssl_private.h ++++ b/modules/ssl/ssl_private.h +@@ -1002,21 +1002,28 @@ BOOL ssl_util_vhost_matches(const char *servername, server_rec *s); apr_status_t ssl_load_encrypted_pkey(server_rec *, apr_pool_t *, int, const char *, apr_array_header_t **); @@ -521,7 +505,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 /** Mutex Support */ int ssl_mutex_init(server_rec *, apr_pool_t *); -@@ -1078,6 +1085,10 @@ +@@ -1109,6 +1116,10 @@ int modssl_request_is_tls(const request_rec *r, SSLConnRec **sslconn); int ssl_is_challenge(conn_rec *c, const char *servername, X509 **pcert, EVP_PKEY **pkey); @@ -532,9 +516,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 #endif /* SSL_PRIVATE_H */ /** @} */ ---- httpd-2.4.33/modules/ssl/ssl_util.c.r1830819+ -+++ httpd-2.4.33/modules/ssl/ssl_util.c -@@ -181,45 +181,37 @@ +diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c +index 0d23465..223b385 100644 +--- a/modules/ssl/ssl_util.c ++++ b/modules/ssl/ssl_util.c +@@ -192,45 +192,37 @@ BOOL ssl_util_path_check(ssl_pathcheck_t pcm, const char *path, apr_pool_t *p) return TRUE; } @@ -596,7 +582,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 } ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table, -@@ -469,3 +461,13 @@ +@@ -480,3 +472,13 @@ void ssl_util_thread_id_setup(apr_pool_t *p) } #endif /* #if APR_HAS_THREADS && MODSSL_USE_OPENSSL_PRE_1_1_API */ @@ -610,9 +596,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 + return 0; +#endif +} ---- httpd-2.4.33/modules/ssl/ssl_util_ssl.c.r1830819+ -+++ httpd-2.4.33/modules/ssl/ssl_util_ssl.c -@@ -74,7 +74,7 @@ +diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c +index b7f0eca..4fa089b 100644 +--- a/modules/ssl/ssl_util_ssl.c ++++ b/modules/ssl/ssl_util_ssl.c +@@ -74,7 +74,7 @@ void modssl_set_app_data2(SSL *ssl, void *arg) ** _________________________________________________________________ */ @@ -621,7 +609,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 { EVP_PKEY *rc; BIO *bioS; -@@ -83,7 +83,7 @@ +@@ -83,7 +83,7 @@ EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_passw /* 1. try PEM (= DER+Base64+headers) */ if ((bioS=BIO_new_file(filename, "r")) == NULL) return NULL; @@ -630,7 +618,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 BIO_free(bioS); if (rc == NULL) { -@@ -107,41 +107,9 @@ +@@ -107,41 +107,9 @@ EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_passw BIO_free(bioS); } } @@ -672,8 +660,10 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 /* _________________________________________________________________ ** ** Smart shutdown ---- httpd-2.4.33/modules/ssl/ssl_util_ssl.h.r1830819+ -+++ httpd-2.4.33/modules/ssl/ssl_util_ssl.h +diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h +index c67dacf..d6307d9 100644 +--- a/modules/ssl/ssl_util_ssl.h ++++ b/modules/ssl/ssl_util_ssl.h @@ -64,8 +64,11 @@ void modssl_init_app_data2_idx(void); void *modssl_get_app_data2(SSL *); diff --git a/httpd.spec b/httpd.spec index 8e3bf09..6539e23 100644 --- a/httpd.spec +++ b/httpd.spec @@ -12,8 +12,8 @@ Summary: Apache HTTP Server Name: httpd -Version: 2.4.37 -Release: 6%{?dist} +Version: 2.4.38 +Release: 1%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -74,7 +74,7 @@ Patch29: httpd-2.4.33-systemd.patch Patch30: httpd-2.4.4-cachehardmax.patch Patch31: httpd-2.4.33-sslmultiproxy.patch Patch34: httpd-2.4.17-socket-activation.patch -Patch36: httpd-2.4.33-r1830819+.patch +Patch36: httpd-2.4.38-r1830819+.patch Patch38: httpd-2.4.34-sslciphdefault.patch Patch39: httpd-2.4.37-sslprotdefault.patch @@ -235,7 +235,7 @@ interface for storing and accessing per-user session data. %patch30 -p1 -b .cachehardmax #patch31 -p1 -b .sslmultiproxy %patch34 -p1 -b .socketactivation -%patch36 -p1 -b .r1830819+ +#%patch36 -p1 -b .r1830819+ %patch38 -p1 -b .sslciphdefault %patch39 -p1 -b .sslprotdefault @@ -739,6 +739,9 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Wed Jan 23 2019 Lubos Uhliarik - 2.4.38-1 +- new version 2.4.38 (#1668125) + * Mon Jan 14 2019 Björn Esser - 2.4.37-6 - Rebuilt for libcrypt.so.2 (#1666033) diff --git a/sources b/sources index ca284fa..69cd474 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (httpd-2.4.37.tar.bz2) = e802915801bbe885a65dada04b0116d145b293fabfff734dddb61a79ca1c6d65326f51155d1b864b093c3ec00d0bdfdf1401ab55677bae1ea3da1d199d7bcad4 +SHA512 (httpd-2.4.38.tar.bz2) = 8bdc36fa2bd13fd83feee17fdce4a5316ed8f96c1ac32b636ba106572ba257815438c72068d2d0e900783a3fa25c90a5da34c3f83fc2c04a1dbdbf234f7ad448