Merge branch 'f28' into f27

This commit is contained in:
Joe Orton 2018-03-29 17:00:55 +01:00
commit 5bd4fb47d6
9 changed files with 170 additions and 94 deletions

View File

@ -14,4 +14,5 @@ LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

1
01-md.conf Normal file
View File

@ -0,0 +1 @@
LoadModule md_module modules/mod_md.so

View File

@ -6,12 +6,12 @@ Upstream-HEAD: needed
Upstream-2.0: omit Upstream-2.0: omit
Upstream-Status: EXPORT_DIRS change is conditional on using shared apr Upstream-Status: EXPORT_DIRS change is conditional on using shared apr
--- httpd-2.4.4/server/Makefile.in.export --- httpd-2.4.33/server/Makefile.in.export
+++ httpd-2.4.4/server/Makefile.in +++ httpd-2.4.33/server/Makefile.in
@@ -57,9 +57,6 @@ export_files: @@ -60,9 +60,6 @@
( for dir in $(EXPORT_DIRS); do \
ls $$dir/*.h ; \ ls $$dir/*.h ; \
done; \ done; \
echo "$(top_srcdir)/server/mpm_fdqueue.h"; \
- for dir in $(EXPORT_DIRS_APR); do \ - for dir in $(EXPORT_DIRS_APR); do \
- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ - ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \
- done; \ - done; \

View File

@ -0,0 +1,21 @@
Override default.
--- httpd-2.4.33/modules/md/mod_md_config.c.mddefault
+++ httpd-2.4.33/modules/md/mod_md_config.c
@@ -54,10 +54,14 @@
#define DEF_VAL (-1)
+#ifndef MD_DEFAULT_STORE_DIR
+#define MD_DEFAULT_STORE_DIR "state/md"
+#endif
+
/* Default settings for the global conf */
static md_mod_conf_t defmc = {
NULL,
- "md",
+ MD_DEFAULT_STORE_DIR,
NULL,
NULL,
80,

View File

@ -1,28 +1,9 @@
diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h
index c119a7e..267150a 100644 index c119a7e..267150a 100644
--- a/modules/proxy/ajp.h diff -uap httpd-2.4.33/modules/proxy/ajp_header.c.r1738878 httpd-2.4.33/modules/proxy/ajp_header.c
+++ b/modules/proxy/ajp.h --- httpd-2.4.33/modules/proxy/ajp_header.c.r1738878
@@ -413,12 +413,14 @@ apr_status_t ajp_ilink_receive(apr_socket_t *sock, ajp_msg_t *msg); +++ httpd-2.4.33/modules/proxy/ajp_header.c
* @param sock backend socket @@ -213,7 +213,8 @@
* @param r current request
* @param buffsize max size of the AJP packet.
+ * @param secret authentication secret
* @param uri requested uri
* @return APR_SUCCESS or error
*/
apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r,
apr_size_t buffsize,
- apr_uri_t *uri);
+ apr_uri_t *uri,
+ const char *secret);
/**
* Read the ajp message and return the type of the message.
diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
index 67353a7..680a8f3 100644
--- a/modules/proxy/ajp_header.c
+++ b/modules/proxy/ajp_header.c
@@ -213,7 +213,8 @@ AJPV13_REQUEST/AJPV14_REQUEST=
static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg, static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
request_rec *r, request_rec *r,
@ -32,7 +13,7 @@ index 67353a7..680a8f3 100644
{ {
int method; int method;
apr_uint32_t i, num_headers = 0; apr_uint32_t i, num_headers = 0;
@@ -293,17 +294,15 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg, @@ -293,17 +294,15 @@
i, elts[i].key, elts[i].val); i, elts[i].key, elts[i].val);
} }
@ -53,7 +34,7 @@ index 67353a7..680a8f3 100644
if (r->user) { if (r->user) {
if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) || if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) ||
@@ -671,7 +670,8 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg, @@ -671,7 +670,8 @@
apr_status_t ajp_send_header(apr_socket_t *sock, apr_status_t ajp_send_header(apr_socket_t *sock,
request_rec *r, request_rec *r,
apr_size_t buffsize, apr_size_t buffsize,
@ -63,7 +44,7 @@ index 67353a7..680a8f3 100644
{ {
ajp_msg_t *msg; ajp_msg_t *msg;
apr_status_t rc; apr_status_t rc;
@@ -683,7 +683,7 @@ apr_status_t ajp_send_header(apr_socket_t *sock, @@ -683,7 +683,7 @@
return rc; return rc;
} }
@ -72,48 +53,29 @@ index 67353a7..680a8f3 100644
if (rc != APR_SUCCESS) { if (rc != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988) ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988)
"ajp_send_header: ajp_marshal_into_msgb failed"); "ajp_send_header: ajp_marshal_into_msgb failed");
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c diff -uap httpd-2.4.33/modules/proxy/ajp.h.r1738878 httpd-2.4.33/modules/proxy/ajp.h
index f6fb473..f693f63 100644 --- httpd-2.4.33/modules/proxy/ajp.h.r1738878
--- a/modules/proxy/mod_proxy.c +++ httpd-2.4.33/modules/proxy/ajp.h
+++ b/modules/proxy/mod_proxy.c @@ -413,12 +413,14 @@
@@ -314,6 +314,12 @@ static const char *set_worker_param(apr_pool_t *p, * @param sock backend socket
(int)sizeof(worker->s->upgrade)); * @param r current request
} * @param buffsize max size of the AJP packet.
} + * @param secret authentication secret
+ else if (!strcasecmp(key, "secret")) { * @param uri requested uri
+ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) { * @return APR_SUCCESS or error
+ return apr_psprintf(p, "Secret length must be < %d characters", */
+ (int)sizeof(worker->s->secret)); apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r,
+ } apr_size_t buffsize,
+ } - apr_uri_t *uri);
else { + apr_uri_t *uri,
if (set_worker_hc_param_f) { + const char *secret);
return set_worker_hc_param_f(p, s, worker, key, val, NULL);
diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
index 8a0ad10..f92c185 100644
--- a/modules/proxy/mod_proxy.h
+++ b/modules/proxy/mod_proxy.h
@@ -352,6 +352,7 @@ PROXY_WORKER_HC_FAIL )
#define PROXY_WORKER_MAX_HOSTNAME_SIZE 64
#define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
#define PROXY_BALANCER_MAX_STICKY_SIZE 64
+#define PROXY_WORKER_MAX_SECRET_SIZE 64
/* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names, /**
* dotted together(?) this would fit the below size (+ trailing NUL). * Read the ajp message and return the type of the message.
@@ -443,6 +444,7 @@ typedef struct { diff -uap httpd-2.4.33/modules/proxy/mod_proxy_ajp.c.r1738878 httpd-2.4.33/modules/proxy/mod_proxy_ajp.c
hcmethod_t method; /* method to use for health check */ --- httpd-2.4.33/modules/proxy/mod_proxy_ajp.c.r1738878
apr_interval_time_t interval; +++ httpd-2.4.33/modules/proxy/mod_proxy_ajp.c
char upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */ @@ -193,6 +193,7 @@
+ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
} proxy_worker_shared;
#define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
index 051724e..e706518 100644
--- a/modules/proxy/mod_proxy_ajp.c
+++ b/modules/proxy/mod_proxy_ajp.c
@@ -193,6 +193,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
apr_off_t content_length = 0; apr_off_t content_length = 0;
int original_status = r->status; int original_status = r->status;
const char *original_status_line = r->status_line; const char *original_status_line = r->status_line;
@ -121,7 +83,7 @@ index 051724e..e706518 100644
if (psf->io_buffer_size_set) if (psf->io_buffer_size_set)
maxsize = psf->io_buffer_size; maxsize = psf->io_buffer_size;
@@ -202,12 +203,15 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, @@ -202,12 +203,15 @@
maxsize = AJP_MSG_BUFFER_SZ; maxsize = AJP_MSG_BUFFER_SZ;
maxsize = APR_ALIGN(maxsize, 1024); maxsize = APR_ALIGN(maxsize, 1024);
@ -138,3 +100,38 @@ index 051724e..e706518 100644
if (status != APR_SUCCESS) { if (status != APR_SUCCESS) {
conn->close = 1; conn->close = 1;
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868) ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868)
diff -uap httpd-2.4.33/modules/proxy/mod_proxy.c.r1738878 httpd-2.4.33/modules/proxy/mod_proxy.c
--- httpd-2.4.33/modules/proxy/mod_proxy.c.r1738878
+++ httpd-2.4.33/modules/proxy/mod_proxy.c
@@ -318,6 +318,12 @@
(int)sizeof(worker->s->upgrade));
}
}
+ else if (!strcasecmp(key, "secret")) {
+ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) {
+ return apr_psprintf(p, "Secret length must be < %d characters",
+ (int)sizeof(worker->s->secret));
+ }
+ }
else {
if (set_worker_hc_param_f) {
return set_worker_hc_param_f(p, s, worker, key, val, NULL);
diff -uap httpd-2.4.33/modules/proxy/mod_proxy.h.r1738878 httpd-2.4.33/modules/proxy/mod_proxy.h
--- httpd-2.4.33/modules/proxy/mod_proxy.h.r1738878
+++ httpd-2.4.33/modules/proxy/mod_proxy.h
@@ -353,6 +353,7 @@
#define PROXY_WORKER_MAX_HOSTNAME_SIZE 64
#define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
#define PROXY_BALANCER_MAX_STICKY_SIZE 64
+#define PROXY_WORKER_MAX_SECRET_SIZE 64
#define PROXY_RFC1035_HOSTNAME_SIZE 256
@@ -447,6 +448,7 @@
apr_interval_time_t interval;
char upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */
char hostname_ex[PROXY_RFC1035_HOSTNAME_SIZE]; /* RFC1035 compliant version of the remote backend address */
+ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
} proxy_worker_shared;
#define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))

View File

@ -3,9 +3,9 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1109119
Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite. Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
--- httpd-2.4.17/modules/ssl/ssl_engine_config.c.sslciphdefault --- httpd-2.4.33/modules/ssl/ssl_engine_config.c.sslciphdefault
+++ httpd-2.4.17/modules/ssl/ssl_engine_config.c +++ httpd-2.4.33/modules/ssl/ssl_engine_config.c
@@ -708,8 +708,10 @@ const char *ssl_cmd_SSLCipherSuite(cmd_p @@ -758,8 +758,10 @@
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
@ -18,9 +18,9 @@ Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
if (cmd->path) { if (cmd->path) {
dc->szCipherSuite = arg; dc->szCipherSuite = arg;
@@ -1428,8 +1430,10 @@ const char *ssl_cmd_SSLProxyCipherSuite( @@ -1502,8 +1504,10 @@
{ {
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
- /* always disable null and export ciphers */ - /* always disable null and export ciphers */
- arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL); - arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
@ -29,5 +29,5 @@ Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
+ if (strncmp(arg, "PROFILE=", 8) != 0) + if (strncmp(arg, "PROFILE=", 8) != 0)
+ arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL); + arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
sc->proxy->auth.cipher_suite = arg; dc->proxy->auth.cipher_suite = arg;

View File

@ -166,6 +166,20 @@ Wants=network-online.target</programlisting>
--kill-who=main --signal=HUP httpd</command>.</para> --kill-who=main --signal=HUP httpd</command>.</para>
</refsect2> </refsect2>
<refsect2>
<title>Automated service restarts</title>
<para>System packages (including the httpd package itself) may
restart the httpd service automatically after packages are
upgraded, installed, or removed. This is done using the
<command>systemctl reload httpd.service</command>, which
produces a <emphasis>graceful</emphasis> restart by default as
described above.</para>
<para>To suppress automatic reloads entirely, create the file
<filename>/etc/sysconfig/httpd-disable-posttrans</filename>.</para>
</refsect2>
<refsect2> <refsect2>
<title>Changing the default MPM (Multi-Processing Module)</title> <title>Changing the default MPM (Multi-Processing Module)</title>

View File

@ -12,8 +12,8 @@
Summary: Apache HTTP Server Summary: Apache HTTP Server
Name: httpd Name: httpd
Version: 2.4.29 Version: 2.4.33
Release: 2%{?dist} Release: 1%{?dist}
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html Source1: index.html
@ -42,6 +42,7 @@ Source25: 01-session.conf
Source26: 10-listen443.conf Source26: 10-listen443.conf
Source27: httpd.socket Source27: httpd.socket
Source28: 00-optional.conf Source28: 00-optional.conf
Source29: 01-md.conf
# Documentation # Documentation
Source30: README.confd Source30: README.confd
Source31: README.confmod Source31: README.confmod
@ -59,7 +60,7 @@ Patch6: httpd-2.4.3-apctl-systemd.patch
# Needed for socket activation and mod_systemd patch # Needed for socket activation and mod_systemd patch
Patch19: httpd-2.4.25-detect-systemd.patch Patch19: httpd-2.4.25-detect-systemd.patch
# Features/functional changes # Features/functional changes
Patch23: httpd-2.4.4-export.patch Patch23: httpd-2.4.33-export.patch
Patch24: httpd-2.4.1-corelimit.patch Patch24: httpd-2.4.1-corelimit.patch
Patch25: httpd-2.4.25-selinux.patch Patch25: httpd-2.4.25-selinux.patch
Patch26: httpd-2.4.4-r1337344+.patch Patch26: httpd-2.4.4-r1337344+.patch
@ -68,15 +69,16 @@ Patch29: httpd-2.4.27-systemd.patch
Patch30: httpd-2.4.4-cachehardmax.patch Patch30: httpd-2.4.4-cachehardmax.patch
Patch31: httpd-2.4.18-sslmultiproxy.patch Patch31: httpd-2.4.18-sslmultiproxy.patch
Patch34: httpd-2.4.17-socket-activation.patch Patch34: httpd-2.4.17-socket-activation.patch
Patch35: httpd-2.4.17-sslciphdefault.patch Patch35: httpd-2.4.33-sslciphdefault.patch
# Bug fixes # Bug fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243 # https://bugzilla.redhat.com/show_bug.cgi?id=1397243
Patch58: httpd-2.4.25-r1738878.patch Patch58: httpd-2.4.33-r1738878.patch
# Security fixes
License: ASL 2.0 License: ASL 2.0
Group: System Environment/Daemons Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto
BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel
BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0 BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
@ -160,6 +162,19 @@ The mod_ssl module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer server via the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols. Security (TLS) protocols.
%package -n mod_md
Group: System Environment/Daemons
Summary: Certificate provisioning using ACME for the Apache HTTP Server
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
BuildRequires: jansson-devel, libcurl-devel
%description -n mod_md
This module manages common properties of domains for one or more
virtual hosts. Specifically it can use the ACME protocol (RFC Draft)
to automate certificate provisioning. These will be configured for
managed domains and their virtual hosts automatically. This includes
renewal of certificates before they expire.
%package -n mod_proxy_html %package -n mod_proxy_html
Group: System Environment/Daemons Group: System Environment/Daemons
Summary: HTML and XML content filters for the Apache HTTP Server Summary: HTML and XML content filters for the Apache HTTP Server
@ -208,7 +223,7 @@ interface for storing and accessing per-user session data.
%patch27 -p1 -b .icons %patch27 -p1 -b .icons
%patch29 -p1 -b .systemd %patch29 -p1 -b .systemd
%patch30 -p1 -b .cachehardmax %patch30 -p1 -b .cachehardmax
%patch31 -p1 -b .sslmultiproxy #patch31 -p1 -b .sslmultiproxy
%patch34 -p1 -b .socketactivation %patch34 -p1 -b .socketactivation
%patch35 -p1 -b .sslciphdefault %patch35 -p1 -b .sslciphdefault
%patch58 -p1 -b .r1738878 %patch58 -p1 -b .r1738878
@ -313,7 +328,8 @@ install -m 644 $RPM_SOURCE_DIR/README.confmod \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \ for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \ 00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf; do 01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf \
01-md.conf; do
install -m 644 -p $RPM_SOURCE_DIR/$f \ install -m 644 -p $RPM_SOURCE_DIR/$f \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
done done
@ -361,6 +377,7 @@ install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \
# Other directories # Other directories
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \
$RPM_BUILD_ROOT%{_localstatedir}/lib/httpd \
$RPM_BUILD_ROOT/run/httpd/htcacheclean $RPM_BUILD_ROOT/run/httpd/htcacheclean
# Substitute in defaults which are usually done (badly) by "make install" # Substitute in defaults which are usually done (badly) by "make install"
@ -420,6 +437,7 @@ ln -s ../../pixmaps/poweredby.png \
# symlinks for /etc/httpd # symlinks for /etc/httpd
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
ln -s ../..%{_localstatedir}/lib/httpd $RPM_BUILD_ROOT/etc/httpd/state
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
@ -539,9 +557,6 @@ done
set -x set -x
exit $rv exit $rv
%clean
rm -rf $RPM_BUILD_ROOT
%files %files
%defattr(-,root,root) %defattr(-,root,root)
@ -550,6 +565,7 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/httpd/modules %{_sysconfdir}/httpd/modules
%{_sysconfdir}/httpd/logs %{_sysconfdir}/httpd/logs
%{_sysconfdir}/httpd/state
%{_sysconfdir}/httpd/run %{_sysconfdir}/httpd/run
%dir %{_sysconfdir}/httpd/conf %dir %{_sysconfdir}/httpd/conf
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf %config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
@ -587,6 +603,7 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/httpd/modules/mod*.so %{_libdir}/httpd/modules/mod*.so
%exclude %{_libdir}/httpd/modules/mod_auth_form.so %exclude %{_libdir}/httpd/modules/mod_auth_form.so
%exclude %{_libdir}/httpd/modules/mod_ssl.so %exclude %{_libdir}/httpd/modules/mod_ssl.so
%exclude %{_libdir}/httpd/modules/mod_md.so
%exclude %{_libdir}/httpd/modules/mod_*ldap.so %exclude %{_libdir}/httpd/modules/mod_*ldap.so
%exclude %{_libdir}/httpd/modules/mod_proxy_html.so %exclude %{_libdir}/httpd/modules/mod_proxy_html.so
%exclude %{_libdir}/httpd/modules/mod_xml2enc.so %exclude %{_libdir}/httpd/modules/mod_xml2enc.so
@ -605,6 +622,7 @@ rm -rf $RPM_BUILD_ROOT
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean %attr(0700,apache,apache) %dir /run/httpd/htcacheclean
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd %attr(0700,root,root) %dir %{_localstatedir}/log/httpd
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav %attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/httpd
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd %attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy %attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
@ -669,6 +687,11 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/httpd/modules/mod_auth_form.so %{_libdir}/httpd/modules/mod_auth_form.so
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf %config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
%files -n mod_md
%defattr(-,root,root)
%{_libdir}/httpd/modules/mod_md.so
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-md.conf
%files devel %files devel
%defattr(-,root,root) %defattr(-,root,root)
%{_includedir}/httpd %{_includedir}/httpd
@ -680,6 +703,29 @@ rm -rf $RPM_BUILD_ROOT
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Wed Mar 28 2018 Joe Orton <jorton@redhat.com> - 2.4.33-1
- rebase to 2.4.33 (#1560174)
- add mod_md subpackage; load mod_proxy_uwsgi by default
* Mon Mar 05 2018 Jitka Plesnikova <jplesnik@redhat.com> - 2.4.29-8
- Rebuilt with brotli 1.0.3
* Mon Feb 26 2018 Joe Orton <jorton@redhat.com> - 2.4.29-7
- simplify liblua detection in configure
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.29-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Jan 27 2018 Joe Orton <jorton@redhat.com> - 2.4.29-5
- link mod_lua against -lcrypt (#1538992)
* Fri Jan 26 2018 Paul Howarth <paul@city-fan.org> - 2.4.29-4
- Rebuild with updated flags to work around compiler issues on i686
(#1538648, #1538693)
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 2.4.29-3
- Rebuilt for switch to libxcrypt
* Thu Nov 23 2017 Joe Orton <jorton@redhat.com> - 2.4.29-2 * Thu Nov 23 2017 Joe Orton <jorton@redhat.com> - 2.4.29-2
- build and load mod_brotli - build and load mod_brotli
@ -716,12 +762,8 @@ rm -rf $RPM_BUILD_ROOT
- use sscg defaults; append CA cert to generated cert - use sscg defaults; append CA cert to generated cert
- document httpd-init.service in httpd-init.service(8) - document httpd-init.service in httpd-init.service(8)
* Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-8
- Address CVE-2017-9798 by applying patch from upstream (#1490344)
* Wed Sep 20 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-8.1 * Wed Sep 20 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-8.1
- Generate SSL certificates on service start, not %%posttrans - Generate SSL certificates on service start, not %%posttrans
- Generate SSL certificates on service start, not %%posttrans
* Tue Sep 19 2017 Joe Orton <jorton@redhat.com> - 2.4.27-8 * Tue Sep 19 2017 Joe Orton <jorton@redhat.com> - 2.4.27-8
- move httpd.service.d, httpd.socket.d dirs to -filesystem - move httpd.service.d, httpd.socket.d dirs to -filesystem

View File

@ -1 +1 @@
SHA512 (httpd-2.4.29.tar.bz2) = 840982fd3d21463bc5c1747f211dfacf3abdf634d149e49bb49fd2e5deda140de602dbdf31e1bbe5337a48f718ab2261c408e83a8dd39a9291ee7b6b7a85639a SHA512 (httpd-2.4.33.tar.bz2) = e74b2b3346d67be45a8bc8a7cbb8eabf5c403a5cfe5797a976f94a539529843fbcdf03b9ca0548816b2cf37f4ce0eb301f8d5af25b1270fdf8dd9f5bf0585269