diff --git a/00-proxy.conf b/00-proxy.conf
index 448eb63..f0f84c2 100644
--- a/00-proxy.conf
+++ b/00-proxy.conf
@@ -14,4 +14,5 @@ LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
+LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
diff --git a/01-md.conf b/01-md.conf
new file mode 100644
index 0000000..2739202
--- /dev/null
+++ b/01-md.conf
@@ -0,0 +1 @@
+LoadModule md_module modules/mod_md.so
diff --git a/httpd-2.4.4-export.patch b/httpd-2.4.33-export.patch
similarity index 75%
rename from httpd-2.4.4-export.patch
rename to httpd-2.4.33-export.patch
index eb670c6..9adf398 100644
--- a/httpd-2.4.4-export.patch
+++ b/httpd-2.4.33-export.patch
@@ -6,12 +6,12 @@ Upstream-HEAD: needed
Upstream-2.0: omit
Upstream-Status: EXPORT_DIRS change is conditional on using shared apr
---- httpd-2.4.4/server/Makefile.in.export
-+++ httpd-2.4.4/server/Makefile.in
-@@ -57,9 +57,6 @@ export_files:
- ( for dir in $(EXPORT_DIRS); do \
+--- httpd-2.4.33/server/Makefile.in.export
++++ httpd-2.4.33/server/Makefile.in
+@@ -60,9 +60,6 @@
ls $$dir/*.h ; \
done; \
+ echo "$(top_srcdir)/server/mpm_fdqueue.h"; \
- for dir in $(EXPORT_DIRS_APR); do \
- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \
- done; \
diff --git a/httpd-2.4.33-mddefault.patch b/httpd-2.4.33-mddefault.patch
new file mode 100644
index 0000000..9e82fb8
--- /dev/null
+++ b/httpd-2.4.33-mddefault.patch
@@ -0,0 +1,21 @@
+
+Override default.
+
+--- httpd-2.4.33/modules/md/mod_md_config.c.mddefault
++++ httpd-2.4.33/modules/md/mod_md_config.c
+@@ -54,10 +54,14 @@
+
+ #define DEF_VAL (-1)
+
++#ifndef MD_DEFAULT_STORE_DIR
++#define MD_DEFAULT_STORE_DIR "state/md"
++#endif
++
+ /* Default settings for the global conf */
+ static md_mod_conf_t defmc = {
+ NULL,
+- "md",
++ MD_DEFAULT_STORE_DIR,
+ NULL,
+ NULL,
+ 80,
diff --git a/httpd-2.4.25-r1738878.patch b/httpd-2.4.33-r1738878.patch
similarity index 71%
rename from httpd-2.4.25-r1738878.patch
rename to httpd-2.4.33-r1738878.patch
index e4b46cc..d7ef42f 100644
--- a/httpd-2.4.25-r1738878.patch
+++ b/httpd-2.4.33-r1738878.patch
@@ -1,28 +1,9 @@
diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h
index c119a7e..267150a 100644
---- a/modules/proxy/ajp.h
-+++ b/modules/proxy/ajp.h
-@@ -413,12 +413,14 @@ apr_status_t ajp_ilink_receive(apr_socket_t *sock, ajp_msg_t *msg);
- * @param sock backend socket
- * @param r current request
- * @param buffsize max size of the AJP packet.
-+ * @param secret authentication secret
- * @param uri requested uri
- * @return APR_SUCCESS or error
- */
- apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r,
- apr_size_t buffsize,
-- apr_uri_t *uri);
-+ apr_uri_t *uri,
-+ const char *secret);
-
- /**
- * Read the ajp message and return the type of the message.
-diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
-index 67353a7..680a8f3 100644
---- a/modules/proxy/ajp_header.c
-+++ b/modules/proxy/ajp_header.c
-@@ -213,7 +213,8 @@ AJPV13_REQUEST/AJPV14_REQUEST=
+diff -uap httpd-2.4.33/modules/proxy/ajp_header.c.r1738878 httpd-2.4.33/modules/proxy/ajp_header.c
+--- httpd-2.4.33/modules/proxy/ajp_header.c.r1738878
++++ httpd-2.4.33/modules/proxy/ajp_header.c
+@@ -213,7 +213,8 @@
static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
request_rec *r,
@@ -32,7 +13,7 @@ index 67353a7..680a8f3 100644
{
int method;
apr_uint32_t i, num_headers = 0;
-@@ -293,17 +294,15 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
+@@ -293,17 +294,15 @@
i, elts[i].key, elts[i].val);
}
@@ -53,7 +34,7 @@ index 67353a7..680a8f3 100644
if (r->user) {
if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) ||
-@@ -671,7 +670,8 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg,
+@@ -671,7 +670,8 @@
apr_status_t ajp_send_header(apr_socket_t *sock,
request_rec *r,
apr_size_t buffsize,
@@ -63,7 +44,7 @@ index 67353a7..680a8f3 100644
{
ajp_msg_t *msg;
apr_status_t rc;
-@@ -683,7 +683,7 @@ apr_status_t ajp_send_header(apr_socket_t *sock,
+@@ -683,7 +683,7 @@
return rc;
}
@@ -72,48 +53,29 @@ index 67353a7..680a8f3 100644
if (rc != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988)
"ajp_send_header: ajp_marshal_into_msgb failed");
-diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
-index f6fb473..f693f63 100644
---- a/modules/proxy/mod_proxy.c
-+++ b/modules/proxy/mod_proxy.c
-@@ -314,6 +314,12 @@ static const char *set_worker_param(apr_pool_t *p,
- (int)sizeof(worker->s->upgrade));
- }
- }
-+ else if (!strcasecmp(key, "secret")) {
-+ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) {
-+ return apr_psprintf(p, "Secret length must be < %d characters",
-+ (int)sizeof(worker->s->secret));
-+ }
-+ }
- else {
- if (set_worker_hc_param_f) {
- return set_worker_hc_param_f(p, s, worker, key, val, NULL);
-diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
-index 8a0ad10..f92c185 100644
---- a/modules/proxy/mod_proxy.h
-+++ b/modules/proxy/mod_proxy.h
-@@ -352,6 +352,7 @@ PROXY_WORKER_HC_FAIL )
- #define PROXY_WORKER_MAX_HOSTNAME_SIZE 64
- #define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
- #define PROXY_BALANCER_MAX_STICKY_SIZE 64
-+#define PROXY_WORKER_MAX_SECRET_SIZE 64
+diff -uap httpd-2.4.33/modules/proxy/ajp.h.r1738878 httpd-2.4.33/modules/proxy/ajp.h
+--- httpd-2.4.33/modules/proxy/ajp.h.r1738878
++++ httpd-2.4.33/modules/proxy/ajp.h
+@@ -413,12 +413,14 @@
+ * @param sock backend socket
+ * @param r current request
+ * @param buffsize max size of the AJP packet.
++ * @param secret authentication secret
+ * @param uri requested uri
+ * @return APR_SUCCESS or error
+ */
+ apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r,
+ apr_size_t buffsize,
+- apr_uri_t *uri);
++ apr_uri_t *uri,
++ const char *secret);
- /* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names,
- * dotted together(?) this would fit the below size (+ trailing NUL).
-@@ -443,6 +444,7 @@ typedef struct {
- hcmethod_t method; /* method to use for health check */
- apr_interval_time_t interval;
- char upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */
-+ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
- } proxy_worker_shared;
-
- #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
-diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
-index 051724e..e706518 100644
---- a/modules/proxy/mod_proxy_ajp.c
-+++ b/modules/proxy/mod_proxy_ajp.c
-@@ -193,6 +193,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
+ /**
+ * Read the ajp message and return the type of the message.
+diff -uap httpd-2.4.33/modules/proxy/mod_proxy_ajp.c.r1738878 httpd-2.4.33/modules/proxy/mod_proxy_ajp.c
+--- httpd-2.4.33/modules/proxy/mod_proxy_ajp.c.r1738878
++++ httpd-2.4.33/modules/proxy/mod_proxy_ajp.c
+@@ -193,6 +193,7 @@
apr_off_t content_length = 0;
int original_status = r->status;
const char *original_status_line = r->status_line;
@@ -121,7 +83,7 @@ index 051724e..e706518 100644
if (psf->io_buffer_size_set)
maxsize = psf->io_buffer_size;
-@@ -202,12 +203,15 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
+@@ -202,12 +203,15 @@
maxsize = AJP_MSG_BUFFER_SZ;
maxsize = APR_ALIGN(maxsize, 1024);
@@ -138,3 +100,38 @@ index 051724e..e706518 100644
if (status != APR_SUCCESS) {
conn->close = 1;
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868)
+diff -uap httpd-2.4.33/modules/proxy/mod_proxy.c.r1738878 httpd-2.4.33/modules/proxy/mod_proxy.c
+--- httpd-2.4.33/modules/proxy/mod_proxy.c.r1738878
++++ httpd-2.4.33/modules/proxy/mod_proxy.c
+@@ -318,6 +318,12 @@
+ (int)sizeof(worker->s->upgrade));
+ }
+ }
++ else if (!strcasecmp(key, "secret")) {
++ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) {
++ return apr_psprintf(p, "Secret length must be < %d characters",
++ (int)sizeof(worker->s->secret));
++ }
++ }
+ else {
+ if (set_worker_hc_param_f) {
+ return set_worker_hc_param_f(p, s, worker, key, val, NULL);
+diff -uap httpd-2.4.33/modules/proxy/mod_proxy.h.r1738878 httpd-2.4.33/modules/proxy/mod_proxy.h
+--- httpd-2.4.33/modules/proxy/mod_proxy.h.r1738878
++++ httpd-2.4.33/modules/proxy/mod_proxy.h
+@@ -353,6 +353,7 @@
+ #define PROXY_WORKER_MAX_HOSTNAME_SIZE 64
+ #define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
+ #define PROXY_BALANCER_MAX_STICKY_SIZE 64
++#define PROXY_WORKER_MAX_SECRET_SIZE 64
+
+ #define PROXY_RFC1035_HOSTNAME_SIZE 256
+
+@@ -447,6 +448,7 @@
+ apr_interval_time_t interval;
+ char upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */
+ char hostname_ex[PROXY_RFC1035_HOSTNAME_SIZE]; /* RFC1035 compliant version of the remote backend address */
++ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
+ } proxy_worker_shared;
+
+ #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
diff --git a/httpd-2.4.17-sslciphdefault.patch b/httpd-2.4.33-sslciphdefault.patch
similarity index 75%
rename from httpd-2.4.17-sslciphdefault.patch
rename to httpd-2.4.33-sslciphdefault.patch
index 8efc461..f2919b8 100644
--- a/httpd-2.4.17-sslciphdefault.patch
+++ b/httpd-2.4.33-sslciphdefault.patch
@@ -3,9 +3,9 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1109119
Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
---- httpd-2.4.17/modules/ssl/ssl_engine_config.c.sslciphdefault
-+++ httpd-2.4.17/modules/ssl/ssl_engine_config.c
-@@ -708,8 +708,10 @@ const char *ssl_cmd_SSLCipherSuite(cmd_p
+--- httpd-2.4.33/modules/ssl/ssl_engine_config.c.sslciphdefault
++++ httpd-2.4.33/modules/ssl/ssl_engine_config.c
+@@ -758,8 +758,10 @@
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
@@ -18,9 +18,9 @@ Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
if (cmd->path) {
dc->szCipherSuite = arg;
-@@ -1428,8 +1430,10 @@ const char *ssl_cmd_SSLProxyCipherSuite(
+@@ -1502,8 +1504,10 @@
{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+ SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
- /* always disable null and export ciphers */
- arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
@@ -29,5 +29,5 @@ Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
+ if (strncmp(arg, "PROFILE=", 8) != 0)
+ arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
- sc->proxy->auth.cipher_suite = arg;
+ dc->proxy->auth.cipher_suite = arg;
diff --git a/httpd.service.xml b/httpd.service.xml
index b8fe7b3..8008b16 100644
--- a/httpd.service.xml
+++ b/httpd.service.xml
@@ -166,6 +166,20 @@ Wants=network-online.target
--kill-who=main --signal=HUP httpd.
+
+ Automated service restarts
+
+ System packages (including the httpd package itself) may
+ restart the httpd service automatically after packages are
+ upgraded, installed, or removed. This is done using the
+ systemctl reload httpd.service, which
+ produces a graceful restart by default as
+ described above.
+
+ To suppress automatic reloads entirely, create the file
+ /etc/sysconfig/httpd-disable-posttrans.
+
+
Changing the default MPM (Multi-Processing Module)
diff --git a/httpd.spec b/httpd.spec
index 25f543b..0ba512a 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -12,8 +12,8 @@
Summary: Apache HTTP Server
Name: httpd
-Version: 2.4.29
-Release: 2%{?dist}
+Version: 2.4.33
+Release: 1%{?dist}
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html
@@ -42,6 +42,7 @@ Source25: 01-session.conf
Source26: 10-listen443.conf
Source27: httpd.socket
Source28: 00-optional.conf
+Source29: 01-md.conf
# Documentation
Source30: README.confd
Source31: README.confmod
@@ -59,7 +60,7 @@ Patch6: httpd-2.4.3-apctl-systemd.patch
# Needed for socket activation and mod_systemd patch
Patch19: httpd-2.4.25-detect-systemd.patch
# Features/functional changes
-Patch23: httpd-2.4.4-export.patch
+Patch23: httpd-2.4.33-export.patch
Patch24: httpd-2.4.1-corelimit.patch
Patch25: httpd-2.4.25-selinux.patch
Patch26: httpd-2.4.4-r1337344+.patch
@@ -68,15 +69,16 @@ Patch29: httpd-2.4.27-systemd.patch
Patch30: httpd-2.4.4-cachehardmax.patch
Patch31: httpd-2.4.18-sslmultiproxy.patch
Patch34: httpd-2.4.17-socket-activation.patch
-Patch35: httpd-2.4.17-sslciphdefault.patch
+Patch35: httpd-2.4.33-sslciphdefault.patch
# Bug fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243
-Patch58: httpd-2.4.25-r1738878.patch
+Patch58: httpd-2.4.33-r1738878.patch
+
+# Security fixes
License: ASL 2.0
Group: System Environment/Daemons
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto
BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel
BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
@@ -160,6 +162,19 @@ The mod_ssl module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols.
+%package -n mod_md
+Group: System Environment/Daemons
+Summary: Certificate provisioning using ACME for the Apache HTTP Server
+Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
+BuildRequires: jansson-devel, libcurl-devel
+
+%description -n mod_md
+This module manages common properties of domains for one or more
+virtual hosts. Specifically it can use the ACME protocol (RFC Draft)
+to automate certificate provisioning. These will be configured for
+managed domains and their virtual hosts automatically. This includes
+renewal of certificates before they expire.
+
%package -n mod_proxy_html
Group: System Environment/Daemons
Summary: HTML and XML content filters for the Apache HTTP Server
@@ -208,7 +223,7 @@ interface for storing and accessing per-user session data.
%patch27 -p1 -b .icons
%patch29 -p1 -b .systemd
%patch30 -p1 -b .cachehardmax
-%patch31 -p1 -b .sslmultiproxy
+#patch31 -p1 -b .sslmultiproxy
%patch34 -p1 -b .socketactivation
%patch35 -p1 -b .sslciphdefault
%patch58 -p1 -b .r1738878
@@ -313,7 +328,8 @@ install -m 644 $RPM_SOURCE_DIR/README.confmod \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
- 01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf; do
+ 01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf \
+ 01-md.conf; do
install -m 644 -p $RPM_SOURCE_DIR/$f \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
done
@@ -361,6 +377,7 @@ install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \
# Other directories
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \
+ $RPM_BUILD_ROOT%{_localstatedir}/lib/httpd \
$RPM_BUILD_ROOT/run/httpd/htcacheclean
# Substitute in defaults which are usually done (badly) by "make install"
@@ -420,6 +437,7 @@ ln -s ../../pixmaps/poweredby.png \
# symlinks for /etc/httpd
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
+ln -s ../..%{_localstatedir}/lib/httpd $RPM_BUILD_ROOT/etc/httpd/state
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
@@ -539,9 +557,6 @@ done
set -x
exit $rv
-%clean
-rm -rf $RPM_BUILD_ROOT
-
%files
%defattr(-,root,root)
@@ -550,6 +565,7 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/httpd/modules
%{_sysconfdir}/httpd/logs
+%{_sysconfdir}/httpd/state
%{_sysconfdir}/httpd/run
%dir %{_sysconfdir}/httpd/conf
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
@@ -587,6 +603,7 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/httpd/modules/mod*.so
%exclude %{_libdir}/httpd/modules/mod_auth_form.so
%exclude %{_libdir}/httpd/modules/mod_ssl.so
+%exclude %{_libdir}/httpd/modules/mod_md.so
%exclude %{_libdir}/httpd/modules/mod_*ldap.so
%exclude %{_libdir}/httpd/modules/mod_proxy_html.so
%exclude %{_libdir}/httpd/modules/mod_xml2enc.so
@@ -605,6 +622,7 @@ rm -rf $RPM_BUILD_ROOT
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav
+%attr(0700,apache,apache) %dir %{_localstatedir}/lib/httpd
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
@@ -669,6 +687,11 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/httpd/modules/mod_auth_form.so
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
+%files -n mod_md
+%defattr(-,root,root)
+%{_libdir}/httpd/modules/mod_md.so
+%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-md.conf
+
%files devel
%defattr(-,root,root)
%{_includedir}/httpd
@@ -680,6 +703,29 @@ rm -rf $RPM_BUILD_ROOT
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
+* Wed Mar 28 2018 Joe Orton - 2.4.33-1
+- rebase to 2.4.33 (#1560174)
+- add mod_md subpackage; load mod_proxy_uwsgi by default
+
+* Mon Mar 05 2018 Jitka Plesnikova - 2.4.29-8
+- Rebuilt with brotli 1.0.3
+
+* Mon Feb 26 2018 Joe Orton - 2.4.29-7
+- simplify liblua detection in configure
+
+* Wed Feb 07 2018 Fedora Release Engineering - 2.4.29-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Sat Jan 27 2018 Joe Orton - 2.4.29-5
+- link mod_lua against -lcrypt (#1538992)
+
+* Fri Jan 26 2018 Paul Howarth - 2.4.29-4
+- Rebuild with updated flags to work around compiler issues on i686
+ (#1538648, #1538693)
+
+* Sat Jan 20 2018 Björn Esser - 2.4.29-3
+- Rebuilt for switch to libxcrypt
+
* Thu Nov 23 2017 Joe Orton - 2.4.29-2
- build and load mod_brotli
@@ -716,12 +762,8 @@ rm -rf $RPM_BUILD_ROOT
- use sscg defaults; append CA cert to generated cert
- document httpd-init.service in httpd-init.service(8)
-* Thu Sep 21 2017 Jeroen van Meeuwen - 2.4.27-8
-- Address CVE-2017-9798 by applying patch from upstream (#1490344)
-
* Wed Sep 20 2017 Stephen Gallagher - 2.4.27-8.1
- Generate SSL certificates on service start, not %%posttrans
-- Generate SSL certificates on service start, not %%posttrans
* Tue Sep 19 2017 Joe Orton - 2.4.27-8
- move httpd.service.d, httpd.socket.d dirs to -filesystem
diff --git a/sources b/sources
index 6978287..e8c3a89 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (httpd-2.4.29.tar.bz2) = 840982fd3d21463bc5c1747f211dfacf3abdf634d149e49bb49fd2e5deda140de602dbdf31e1bbe5337a48f718ab2261c408e83a8dd39a9291ee7b6b7a85639a
+SHA512 (httpd-2.4.33.tar.bz2) = e74b2b3346d67be45a8bc8a7cbb8eabf5c403a5cfe5797a976f94a539529843fbcdf03b9ca0548816b2cf37f4ce0eb301f8d5af25b1270fdf8dd9f5bf0585269