rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

new version 2.4.38 (#1668125)

Browse Source 
adjusted patches
This commit is contained in:
Lubos Uhliarik 2019-01-23 11:21:32 +00:00
parent ccaa54fd8d
commit 1810bd511f
3 changed files with 52 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
httpd-2.4.33-r1830819+.patch → httpd-2.4.38-r1830819+.patch
View File

@ -9,9 +9,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1831173
http://svn.apache.org/viewvc?view=revision&revision=1835240 http://svn.apache.org/viewvc?view=revision&revision=1835240
http://svn.apache.org/viewvc?view=revision&revision=1835242 http://svn.apache.org/viewvc?view=revision&revision=1835242
--- httpd-2.4.33/modules/ssl/ssl_engine_config.c.r1830819+ diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
+++ httpd-2.4.33/modules/ssl/ssl_engine_config.c index d276fea..5467d23 100644
@@ -891,7 +891,9 @@ --- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -919,7 +919,9 @@ const char *ssl_cmd_SSLCertificateFile(cmd_parms *cmd,
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
const char *err; const char *err;
@ -22,7 +24,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
return err; return err;
} }
@@ -907,7 +909,9 @@ @@ -935,7 +937,9 @@ const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd,
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
const char *err; const char *err;
@ -33,9 +35,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
return err; return err;
} }
--- httpd-2.4.33/modules/ssl/ssl_engine_init.c.r1830819+ diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
+++ httpd-2.4.33/modules/ssl/ssl_engine_init.c index 8ba3486..e1b0844 100644
@@ -1181,12 +1182,18 @@ --- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1264,12 +1264,18 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
(certfile = APR_ARRAY_IDX(mctx->pks->cert_files, i, (certfile = APR_ARRAY_IDX(mctx->pks->cert_files, i,
const char *)); const char *));
i++) { i++) {
@ -55,7 +59,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
if ((SSL_CTX_use_certificate_file(mctx->ssl_ctx, certfile, if ((SSL_CTX_use_certificate_file(mctx->ssl_ctx, certfile,
SSL_FILETYPE_PEM) < 1)) { SSL_FILETYPE_PEM) < 1)) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02561) ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02561)
@@ -1215,12 +1222,46 @@ @@ -1298,12 +1304,46 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
ERR_clear_error(); ERR_clear_error();
@ -107,7 +111,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
const unsigned char *ptr; const unsigned char *ptr;
ERR_clear_error(); ERR_clear_error();
@@ -1307,8 +1348,9 @@ @@ -1390,8 +1430,9 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
/* /*
* Try to read DH parameters from the (first) SSLCertificateFile * Try to read DH parameters from the (first) SSLCertificateFile
*/ */
@ -119,7 +123,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams); SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540) ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540)
"Custom DH parameters (%d bits) for %s loaded from %s", "Custom DH parameters (%d bits) for %s loaded from %s",
@@ -1320,10 +1362,10 @@ @@ -1403,10 +1444,10 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
/* /*
* Similarly, try to read the ECDH curve name from SSLCertificateFile... * Similarly, try to read the ECDH curve name from SSLCertificateFile...
*/ */
@ -134,42 +138,20 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey); SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541) ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541)
"ECDH curve %s for %s specified in %s", "ECDH curve %s for %s specified in %s",
--- httpd-2.4.33/modules/ssl/ssl_engine_pphrase.c.r1830819+ diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c
+++ httpd-2.4.33/modules/ssl/ssl_engine_pphrase.c index 8c29443..d5d33f7 100644
@@ -143,9 +143,6 @@ --- a/modules/ssl/ssl_engine_pphrase.c
+++ b/modules/ssl/ssl_engine_pphrase.c
@@ -143,8 +143,6 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
const char *key_id = asn1_table_vhost_key(mc, p, sc->vhost_id, idx); const char *key_id = asn1_table_vhost_key(mc, p, sc->vhost_id, idx);
EVP_PKEY *pPrivateKey = NULL; EVP_PKEY *pPrivateKey = NULL;
ssl_asn1_t *asn1; ssl_asn1_t *asn1;
- unsigned char *ucp; - unsigned char *ucp;
- long int length; - long int length;
- BOOL bReadable;
int nPassPhrase = (*pphrases)->nelts; int nPassPhrase = (*pphrases)->nelts;
int nPassPhraseRetry = 0; int nPassPhraseRetry = 0;
apr_time_t pkey_mtime = 0; apr_time_t pkey_mtime = 0;
@@ -222,16 +219,12 @@ @@ -351,19 +349,12 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
* is not empty. */
ERR_clear_error();
- bReadable = ((pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file,
- NULL, ssl_pphrase_Handle_CB, &ppcb_arg)) != NULL ?
- TRUE : FALSE);
-
- /*
- * when the private key file now was readable,
- * it's fine and we go out of the loop
- */
- if (bReadable)
- break;
+ pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file,
+ ssl_pphrase_Handle_CB, &ppcb_arg);
+ /* If the private key was successfully read, nothing more to
+ do here. */
+ if (pPrivateKey != NULL)
+ break;
/*
* when we have more remembered pass phrases
@@ -356,19 +349,12 @@
nPassPhrase++; nPassPhrase++;
} }
@ -192,7 +174,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
asn1->source_mtime = pkey_mtime; asn1->source_mtime = pkey_mtime;
} }
@@ -619,3 +605,288 @@ @@ -614,3 +605,288 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv)
*/ */
return (len); return (len);
} }
@ -481,9 +463,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
+ return APR_SUCCESS; + return APR_SUCCESS;
+} +}
+#endif +#endif
--- httpd-2.4.33/modules/ssl/ssl_private.h.r1830819+ diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
+++ httpd-2.4.33/modules/ssl/ssl_private.h index f46814d..1fdde13 100644
@@ -976,21 +976,28 @@ --- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -1002,21 +1002,28 @@ BOOL ssl_util_vhost_matches(const char *servername, server_rec *s);
apr_status_t ssl_load_encrypted_pkey(server_rec *, apr_pool_t *, int, apr_status_t ssl_load_encrypted_pkey(server_rec *, apr_pool_t *, int,
const char *, apr_array_header_t **); const char *, apr_array_header_t **);
@ -521,7 +505,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
/** Mutex Support */ /** Mutex Support */
int ssl_mutex_init(server_rec *, apr_pool_t *); int ssl_mutex_init(server_rec *, apr_pool_t *);
@@ -1078,6 +1085,10 @@ @@ -1109,6 +1116,10 @@ int modssl_request_is_tls(const request_rec *r, SSLConnRec **sslconn);
int ssl_is_challenge(conn_rec *c, const char *servername, int ssl_is_challenge(conn_rec *c, const char *servername,
X509 **pcert, EVP_PKEY **pkey); X509 **pcert, EVP_PKEY **pkey);
@ -532,9 +516,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
#endif /* SSL_PRIVATE_H */ #endif /* SSL_PRIVATE_H */
/** @} */ /** @} */
--- httpd-2.4.33/modules/ssl/ssl_util.c.r1830819+ diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c
+++ httpd-2.4.33/modules/ssl/ssl_util.c index 0d23465..223b385 100644
@@ -181,45 +181,37 @@ --- a/modules/ssl/ssl_util.c
+++ b/modules/ssl/ssl_util.c
@@ -192,45 +192,37 @@ BOOL ssl_util_path_check(ssl_pathcheck_t pcm, const char *path, apr_pool_t *p)
return TRUE; return TRUE;
} }
@ -596,7 +582,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
} }
ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table, ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
@@ -469,3 +461,13 @@ @@ -480,3 +472,13 @@ void ssl_util_thread_id_setup(apr_pool_t *p)
} }
#endif /* #if APR_HAS_THREADS && MODSSL_USE_OPENSSL_PRE_1_1_API */ #endif /* #if APR_HAS_THREADS && MODSSL_USE_OPENSSL_PRE_1_1_API */
@ -610,9 +596,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
+ return 0; + return 0;
+#endif +#endif
+} +}
--- httpd-2.4.33/modules/ssl/ssl_util_ssl.c.r1830819+ diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
+++ httpd-2.4.33/modules/ssl/ssl_util_ssl.c index b7f0eca..4fa089b 100644
@@ -74,7 +74,7 @@ --- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -74,7 +74,7 @@ void modssl_set_app_data2(SSL *ssl, void *arg)
** _________________________________________________________________ ** _________________________________________________________________
*/ */
@ -621,7 +609,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
{ {
EVP_PKEY *rc; EVP_PKEY *rc;
BIO *bioS; BIO *bioS;
@@ -83,7 +83,7 @@ @@ -83,7 +83,7 @@ EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_passw
/* 1. try PEM (= DER+Base64+headers) */ /* 1. try PEM (= DER+Base64+headers) */
if ((bioS=BIO_new_file(filename, "r")) == NULL) if ((bioS=BIO_new_file(filename, "r")) == NULL)
return NULL; return NULL;
@ -630,7 +618,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
BIO_free(bioS); BIO_free(bioS);
if (rc == NULL) { if (rc == NULL) {
@@ -107,41 +107,9 @@ @@ -107,41 +107,9 @@ EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_passw
BIO_free(bioS); BIO_free(bioS);
} }
} }
@ -672,8 +660,10 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
/* _________________________________________________________________ /* _________________________________________________________________
** **
** Smart shutdown ** Smart shutdown
--- httpd-2.4.33/modules/ssl/ssl_util_ssl.h.r1830819+ diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h
+++ httpd-2.4.33/modules/ssl/ssl_util_ssl.h index c67dacf..d6307d9 100644
--- a/modules/ssl/ssl_util_ssl.h
+++ b/modules/ssl/ssl_util_ssl.h
@@ -64,8 +64,11 @@ @@ -64,8 +64,11 @@
void modssl_init_app_data2_idx(void); void modssl_init_app_data2_idx(void);
void *modssl_get_app_data2(SSL *); void *modssl_get_app_data2(SSL *);

11
httpd.spec
View File

@ -12,8 +12,8 @@
Summary: Apache HTTP Server Summary: Apache HTTP Server
Name: httpd Name: httpd
Version: 2.4.37 Version: 2.4.38
Release: 6%{?dist} Release: 1%{?dist}
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html Source1: index.html
@ -74,7 +74,7 @@ Patch29: httpd-2.4.33-systemd.patch
Patch30: httpd-2.4.4-cachehardmax.patch Patch30: httpd-2.4.4-cachehardmax.patch
Patch31: httpd-2.4.33-sslmultiproxy.patch Patch31: httpd-2.4.33-sslmultiproxy.patch
Patch34: httpd-2.4.17-socket-activation.patch Patch34: httpd-2.4.17-socket-activation.patch
Patch36: httpd-2.4.33-r1830819+.patch Patch36: httpd-2.4.38-r1830819+.patch
Patch38: httpd-2.4.34-sslciphdefault.patch Patch38: httpd-2.4.34-sslciphdefault.patch
Patch39: httpd-2.4.37-sslprotdefault.patch Patch39: httpd-2.4.37-sslprotdefault.patch
@ -235,7 +235,7 @@ interface for storing and accessing per-user session data.
%patch30 -p1 -b .cachehardmax %patch30 -p1 -b .cachehardmax
#patch31 -p1 -b .sslmultiproxy #patch31 -p1 -b .sslmultiproxy
%patch34 -p1 -b .socketactivation %patch34 -p1 -b .socketactivation
%patch36 -p1 -b .r1830819+ #%patch36 -p1 -b .r1830819+
%patch38 -p1 -b .sslciphdefault %patch38 -p1 -b .sslciphdefault
%patch39 -p1 -b .sslprotdefault %patch39 -p1 -b .sslprotdefault
@ -739,6 +739,9 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Wed Jan 23 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.38-1
- new version 2.4.38 (#1668125)
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2.4.37-6 * Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2.4.37-6
- Rebuilt for libcrypt.so.2 (#1666033) - Rebuilt for libcrypt.so.2 (#1666033)

2
sources
View File

@ -1 +1 @@
SHA512 (httpd-2.4.37.tar.bz2) = e802915801bbe885a65dada04b0116d145b293fabfff734dddb61a79ca1c6d65326f51155d1b864b093c3ec00d0bdfdf1401ab55677bae1ea3da1d199d7bcad4 SHA512 (httpd-2.4.38.tar.bz2) = 8bdc36fa2bd13fd83feee17fdce4a5316ed8f96c1ac32b636ba106572ba257815438c72068d2d0e900783a3fa25c90a5da34c3f83fc2c04a1dbdbf234f7ad448