Merge branch 'f28' into f27
This commit is contained in:
commit
5bd4fb47d6
@ -14,4 +14,5 @@ LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
|
|||||||
LoadModule proxy_http_module modules/mod_proxy_http.so
|
LoadModule proxy_http_module modules/mod_proxy_http.so
|
||||||
LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
|
LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
|
||||||
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
|
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
|
||||||
|
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
|
||||||
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
|
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
|
||||||
|
1
01-md.conf
Normal file
1
01-md.conf
Normal file
@ -0,0 +1 @@
|
|||||||
|
LoadModule md_module modules/mod_md.so
|
@ -6,12 +6,12 @@ Upstream-HEAD: needed
|
|||||||
Upstream-2.0: omit
|
Upstream-2.0: omit
|
||||||
Upstream-Status: EXPORT_DIRS change is conditional on using shared apr
|
Upstream-Status: EXPORT_DIRS change is conditional on using shared apr
|
||||||
|
|
||||||
--- httpd-2.4.4/server/Makefile.in.export
|
--- httpd-2.4.33/server/Makefile.in.export
|
||||||
+++ httpd-2.4.4/server/Makefile.in
|
+++ httpd-2.4.33/server/Makefile.in
|
||||||
@@ -57,9 +57,6 @@ export_files:
|
@@ -60,9 +60,6 @@
|
||||||
( for dir in $(EXPORT_DIRS); do \
|
|
||||||
ls $$dir/*.h ; \
|
ls $$dir/*.h ; \
|
||||||
done; \
|
done; \
|
||||||
|
echo "$(top_srcdir)/server/mpm_fdqueue.h"; \
|
||||||
- for dir in $(EXPORT_DIRS_APR); do \
|
- for dir in $(EXPORT_DIRS_APR); do \
|
||||||
- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \
|
- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \
|
||||||
- done; \
|
- done; \
|
21
httpd-2.4.33-mddefault.patch
Normal file
21
httpd-2.4.33-mddefault.patch
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
|
||||||
|
Override default.
|
||||||
|
|
||||||
|
--- httpd-2.4.33/modules/md/mod_md_config.c.mddefault
|
||||||
|
+++ httpd-2.4.33/modules/md/mod_md_config.c
|
||||||
|
@@ -54,10 +54,14 @@
|
||||||
|
|
||||||
|
#define DEF_VAL (-1)
|
||||||
|
|
||||||
|
+#ifndef MD_DEFAULT_STORE_DIR
|
||||||
|
+#define MD_DEFAULT_STORE_DIR "state/md"
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/* Default settings for the global conf */
|
||||||
|
static md_mod_conf_t defmc = {
|
||||||
|
NULL,
|
||||||
|
- "md",
|
||||||
|
+ MD_DEFAULT_STORE_DIR,
|
||||||
|
NULL,
|
||||||
|
NULL,
|
||||||
|
80,
|
@ -1,28 +1,9 @@
|
|||||||
diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h
|
diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h
|
||||||
index c119a7e..267150a 100644
|
index c119a7e..267150a 100644
|
||||||
--- a/modules/proxy/ajp.h
|
diff -uap httpd-2.4.33/modules/proxy/ajp_header.c.r1738878 httpd-2.4.33/modules/proxy/ajp_header.c
|
||||||
+++ b/modules/proxy/ajp.h
|
--- httpd-2.4.33/modules/proxy/ajp_header.c.r1738878
|
||||||
@@ -413,12 +413,14 @@ apr_status_t ajp_ilink_receive(apr_socket_t *sock, ajp_msg_t *msg);
|
+++ httpd-2.4.33/modules/proxy/ajp_header.c
|
||||||
* @param sock backend socket
|
@@ -213,7 +213,8 @@
|
||||||
* @param r current request
|
|
||||||
* @param buffsize max size of the AJP packet.
|
|
||||||
+ * @param secret authentication secret
|
|
||||||
* @param uri requested uri
|
|
||||||
* @return APR_SUCCESS or error
|
|
||||||
*/
|
|
||||||
apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r,
|
|
||||||
apr_size_t buffsize,
|
|
||||||
- apr_uri_t *uri);
|
|
||||||
+ apr_uri_t *uri,
|
|
||||||
+ const char *secret);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Read the ajp message and return the type of the message.
|
|
||||||
diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
|
|
||||||
index 67353a7..680a8f3 100644
|
|
||||||
--- a/modules/proxy/ajp_header.c
|
|
||||||
+++ b/modules/proxy/ajp_header.c
|
|
||||||
@@ -213,7 +213,8 @@ AJPV13_REQUEST/AJPV14_REQUEST=
|
|
||||||
|
|
||||||
static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
|
static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
|
||||||
request_rec *r,
|
request_rec *r,
|
||||||
@ -32,7 +13,7 @@ index 67353a7..680a8f3 100644
|
|||||||
{
|
{
|
||||||
int method;
|
int method;
|
||||||
apr_uint32_t i, num_headers = 0;
|
apr_uint32_t i, num_headers = 0;
|
||||||
@@ -293,17 +294,15 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
|
@@ -293,17 +294,15 @@
|
||||||
i, elts[i].key, elts[i].val);
|
i, elts[i].key, elts[i].val);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -53,7 +34,7 @@ index 67353a7..680a8f3 100644
|
|||||||
|
|
||||||
if (r->user) {
|
if (r->user) {
|
||||||
if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) ||
|
if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) ||
|
||||||
@@ -671,7 +670,8 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg,
|
@@ -671,7 +670,8 @@
|
||||||
apr_status_t ajp_send_header(apr_socket_t *sock,
|
apr_status_t ajp_send_header(apr_socket_t *sock,
|
||||||
request_rec *r,
|
request_rec *r,
|
||||||
apr_size_t buffsize,
|
apr_size_t buffsize,
|
||||||
@ -63,7 +44,7 @@ index 67353a7..680a8f3 100644
|
|||||||
{
|
{
|
||||||
ajp_msg_t *msg;
|
ajp_msg_t *msg;
|
||||||
apr_status_t rc;
|
apr_status_t rc;
|
||||||
@@ -683,7 +683,7 @@ apr_status_t ajp_send_header(apr_socket_t *sock,
|
@@ -683,7 +683,7 @@
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -72,48 +53,29 @@ index 67353a7..680a8f3 100644
|
|||||||
if (rc != APR_SUCCESS) {
|
if (rc != APR_SUCCESS) {
|
||||||
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988)
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988)
|
||||||
"ajp_send_header: ajp_marshal_into_msgb failed");
|
"ajp_send_header: ajp_marshal_into_msgb failed");
|
||||||
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
|
diff -uap httpd-2.4.33/modules/proxy/ajp.h.r1738878 httpd-2.4.33/modules/proxy/ajp.h
|
||||||
index f6fb473..f693f63 100644
|
--- httpd-2.4.33/modules/proxy/ajp.h.r1738878
|
||||||
--- a/modules/proxy/mod_proxy.c
|
+++ httpd-2.4.33/modules/proxy/ajp.h
|
||||||
+++ b/modules/proxy/mod_proxy.c
|
@@ -413,12 +413,14 @@
|
||||||
@@ -314,6 +314,12 @@ static const char *set_worker_param(apr_pool_t *p,
|
* @param sock backend socket
|
||||||
(int)sizeof(worker->s->upgrade));
|
* @param r current request
|
||||||
}
|
* @param buffsize max size of the AJP packet.
|
||||||
}
|
+ * @param secret authentication secret
|
||||||
+ else if (!strcasecmp(key, "secret")) {
|
* @param uri requested uri
|
||||||
+ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) {
|
* @return APR_SUCCESS or error
|
||||||
+ return apr_psprintf(p, "Secret length must be < %d characters",
|
*/
|
||||||
+ (int)sizeof(worker->s->secret));
|
apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r,
|
||||||
+ }
|
apr_size_t buffsize,
|
||||||
+ }
|
- apr_uri_t *uri);
|
||||||
else {
|
+ apr_uri_t *uri,
|
||||||
if (set_worker_hc_param_f) {
|
+ const char *secret);
|
||||||
return set_worker_hc_param_f(p, s, worker, key, val, NULL);
|
|
||||||
diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
|
|
||||||
index 8a0ad10..f92c185 100644
|
|
||||||
--- a/modules/proxy/mod_proxy.h
|
|
||||||
+++ b/modules/proxy/mod_proxy.h
|
|
||||||
@@ -352,6 +352,7 @@ PROXY_WORKER_HC_FAIL )
|
|
||||||
#define PROXY_WORKER_MAX_HOSTNAME_SIZE 64
|
|
||||||
#define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
|
|
||||||
#define PROXY_BALANCER_MAX_STICKY_SIZE 64
|
|
||||||
+#define PROXY_WORKER_MAX_SECRET_SIZE 64
|
|
||||||
|
|
||||||
/* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names,
|
/**
|
||||||
* dotted together(?) this would fit the below size (+ trailing NUL).
|
* Read the ajp message and return the type of the message.
|
||||||
@@ -443,6 +444,7 @@ typedef struct {
|
diff -uap httpd-2.4.33/modules/proxy/mod_proxy_ajp.c.r1738878 httpd-2.4.33/modules/proxy/mod_proxy_ajp.c
|
||||||
hcmethod_t method; /* method to use for health check */
|
--- httpd-2.4.33/modules/proxy/mod_proxy_ajp.c.r1738878
|
||||||
apr_interval_time_t interval;
|
+++ httpd-2.4.33/modules/proxy/mod_proxy_ajp.c
|
||||||
char upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */
|
@@ -193,6 +193,7 @@
|
||||||
+ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
|
|
||||||
} proxy_worker_shared;
|
|
||||||
|
|
||||||
#define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
|
|
||||||
diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
|
|
||||||
index 051724e..e706518 100644
|
|
||||||
--- a/modules/proxy/mod_proxy_ajp.c
|
|
||||||
+++ b/modules/proxy/mod_proxy_ajp.c
|
|
||||||
@@ -193,6 +193,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
|
|
||||||
apr_off_t content_length = 0;
|
apr_off_t content_length = 0;
|
||||||
int original_status = r->status;
|
int original_status = r->status;
|
||||||
const char *original_status_line = r->status_line;
|
const char *original_status_line = r->status_line;
|
||||||
@ -121,7 +83,7 @@ index 051724e..e706518 100644
|
|||||||
|
|
||||||
if (psf->io_buffer_size_set)
|
if (psf->io_buffer_size_set)
|
||||||
maxsize = psf->io_buffer_size;
|
maxsize = psf->io_buffer_size;
|
||||||
@@ -202,12 +203,15 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
|
@@ -202,12 +203,15 @@
|
||||||
maxsize = AJP_MSG_BUFFER_SZ;
|
maxsize = AJP_MSG_BUFFER_SZ;
|
||||||
maxsize = APR_ALIGN(maxsize, 1024);
|
maxsize = APR_ALIGN(maxsize, 1024);
|
||||||
|
|
||||||
@ -138,3 +100,38 @@ index 051724e..e706518 100644
|
|||||||
if (status != APR_SUCCESS) {
|
if (status != APR_SUCCESS) {
|
||||||
conn->close = 1;
|
conn->close = 1;
|
||||||
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868)
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868)
|
||||||
|
diff -uap httpd-2.4.33/modules/proxy/mod_proxy.c.r1738878 httpd-2.4.33/modules/proxy/mod_proxy.c
|
||||||
|
--- httpd-2.4.33/modules/proxy/mod_proxy.c.r1738878
|
||||||
|
+++ httpd-2.4.33/modules/proxy/mod_proxy.c
|
||||||
|
@@ -318,6 +318,12 @@
|
||||||
|
(int)sizeof(worker->s->upgrade));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ else if (!strcasecmp(key, "secret")) {
|
||||||
|
+ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) {
|
||||||
|
+ return apr_psprintf(p, "Secret length must be < %d characters",
|
||||||
|
+ (int)sizeof(worker->s->secret));
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
else {
|
||||||
|
if (set_worker_hc_param_f) {
|
||||||
|
return set_worker_hc_param_f(p, s, worker, key, val, NULL);
|
||||||
|
diff -uap httpd-2.4.33/modules/proxy/mod_proxy.h.r1738878 httpd-2.4.33/modules/proxy/mod_proxy.h
|
||||||
|
--- httpd-2.4.33/modules/proxy/mod_proxy.h.r1738878
|
||||||
|
+++ httpd-2.4.33/modules/proxy/mod_proxy.h
|
||||||
|
@@ -353,6 +353,7 @@
|
||||||
|
#define PROXY_WORKER_MAX_HOSTNAME_SIZE 64
|
||||||
|
#define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
|
||||||
|
#define PROXY_BALANCER_MAX_STICKY_SIZE 64
|
||||||
|
+#define PROXY_WORKER_MAX_SECRET_SIZE 64
|
||||||
|
|
||||||
|
#define PROXY_RFC1035_HOSTNAME_SIZE 256
|
||||||
|
|
||||||
|
@@ -447,6 +448,7 @@
|
||||||
|
apr_interval_time_t interval;
|
||||||
|
char upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */
|
||||||
|
char hostname_ex[PROXY_RFC1035_HOSTNAME_SIZE]; /* RFC1035 compliant version of the remote backend address */
|
||||||
|
+ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
|
||||||
|
} proxy_worker_shared;
|
||||||
|
|
||||||
|
#define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
|
@ -3,9 +3,9 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1109119
|
|||||||
|
|
||||||
Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
|
Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
|
||||||
|
|
||||||
--- httpd-2.4.17/modules/ssl/ssl_engine_config.c.sslciphdefault
|
--- httpd-2.4.33/modules/ssl/ssl_engine_config.c.sslciphdefault
|
||||||
+++ httpd-2.4.17/modules/ssl/ssl_engine_config.c
|
+++ httpd-2.4.33/modules/ssl/ssl_engine_config.c
|
||||||
@@ -708,8 +708,10 @@ const char *ssl_cmd_SSLCipherSuite(cmd_p
|
@@ -758,8 +758,10 @@
|
||||||
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
|
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
|
||||||
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
|
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
|
||||||
|
|
||||||
@ -18,9 +18,9 @@ Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
|
|||||||
|
|
||||||
if (cmd->path) {
|
if (cmd->path) {
|
||||||
dc->szCipherSuite = arg;
|
dc->szCipherSuite = arg;
|
||||||
@@ -1428,8 +1430,10 @@ const char *ssl_cmd_SSLProxyCipherSuite(
|
@@ -1502,8 +1504,10 @@
|
||||||
{
|
{
|
||||||
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
|
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
|
||||||
|
|
||||||
- /* always disable null and export ciphers */
|
- /* always disable null and export ciphers */
|
||||||
- arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
|
- arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
|
||||||
@ -29,5 +29,5 @@ Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
|
|||||||
+ if (strncmp(arg, "PROFILE=", 8) != 0)
|
+ if (strncmp(arg, "PROFILE=", 8) != 0)
|
||||||
+ arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
|
+ arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
|
||||||
|
|
||||||
sc->proxy->auth.cipher_suite = arg;
|
dc->proxy->auth.cipher_suite = arg;
|
||||||
|
|
@ -166,6 +166,20 @@ Wants=network-online.target</programlisting>
|
|||||||
--kill-who=main --signal=HUP httpd</command>.</para>
|
--kill-who=main --signal=HUP httpd</command>.</para>
|
||||||
</refsect2>
|
</refsect2>
|
||||||
|
|
||||||
|
<refsect2>
|
||||||
|
<title>Automated service restarts</title>
|
||||||
|
|
||||||
|
<para>System packages (including the httpd package itself) may
|
||||||
|
restart the httpd service automatically after packages are
|
||||||
|
upgraded, installed, or removed. This is done using the
|
||||||
|
<command>systemctl reload httpd.service</command>, which
|
||||||
|
produces a <emphasis>graceful</emphasis> restart by default as
|
||||||
|
described above.</para>
|
||||||
|
|
||||||
|
<para>To suppress automatic reloads entirely, create the file
|
||||||
|
<filename>/etc/sysconfig/httpd-disable-posttrans</filename>.</para>
|
||||||
|
</refsect2>
|
||||||
|
|
||||||
<refsect2>
|
<refsect2>
|
||||||
<title>Changing the default MPM (Multi-Processing Module)</title>
|
<title>Changing the default MPM (Multi-Processing Module)</title>
|
||||||
|
|
||||||
|
72
httpd.spec
72
httpd.spec
@ -12,8 +12,8 @@
|
|||||||
|
|
||||||
Summary: Apache HTTP Server
|
Summary: Apache HTTP Server
|
||||||
Name: httpd
|
Name: httpd
|
||||||
Version: 2.4.29
|
Version: 2.4.33
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
URL: https://httpd.apache.org/
|
URL: https://httpd.apache.org/
|
||||||
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
||||||
Source1: index.html
|
Source1: index.html
|
||||||
@ -42,6 +42,7 @@ Source25: 01-session.conf
|
|||||||
Source26: 10-listen443.conf
|
Source26: 10-listen443.conf
|
||||||
Source27: httpd.socket
|
Source27: httpd.socket
|
||||||
Source28: 00-optional.conf
|
Source28: 00-optional.conf
|
||||||
|
Source29: 01-md.conf
|
||||||
# Documentation
|
# Documentation
|
||||||
Source30: README.confd
|
Source30: README.confd
|
||||||
Source31: README.confmod
|
Source31: README.confmod
|
||||||
@ -59,7 +60,7 @@ Patch6: httpd-2.4.3-apctl-systemd.patch
|
|||||||
# Needed for socket activation and mod_systemd patch
|
# Needed for socket activation and mod_systemd patch
|
||||||
Patch19: httpd-2.4.25-detect-systemd.patch
|
Patch19: httpd-2.4.25-detect-systemd.patch
|
||||||
# Features/functional changes
|
# Features/functional changes
|
||||||
Patch23: httpd-2.4.4-export.patch
|
Patch23: httpd-2.4.33-export.patch
|
||||||
Patch24: httpd-2.4.1-corelimit.patch
|
Patch24: httpd-2.4.1-corelimit.patch
|
||||||
Patch25: httpd-2.4.25-selinux.patch
|
Patch25: httpd-2.4.25-selinux.patch
|
||||||
Patch26: httpd-2.4.4-r1337344+.patch
|
Patch26: httpd-2.4.4-r1337344+.patch
|
||||||
@ -68,15 +69,16 @@ Patch29: httpd-2.4.27-systemd.patch
|
|||||||
Patch30: httpd-2.4.4-cachehardmax.patch
|
Patch30: httpd-2.4.4-cachehardmax.patch
|
||||||
Patch31: httpd-2.4.18-sslmultiproxy.patch
|
Patch31: httpd-2.4.18-sslmultiproxy.patch
|
||||||
Patch34: httpd-2.4.17-socket-activation.patch
|
Patch34: httpd-2.4.17-socket-activation.patch
|
||||||
Patch35: httpd-2.4.17-sslciphdefault.patch
|
Patch35: httpd-2.4.33-sslciphdefault.patch
|
||||||
|
|
||||||
# Bug fixes
|
# Bug fixes
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243
|
||||||
Patch58: httpd-2.4.25-r1738878.patch
|
Patch58: httpd-2.4.33-r1738878.patch
|
||||||
|
|
||||||
|
# Security fixes
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
|
||||||
BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto
|
BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto
|
||||||
BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel
|
BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel
|
||||||
BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
|
BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
|
||||||
@ -160,6 +162,19 @@ The mod_ssl module provides strong cryptography for the Apache Web
|
|||||||
server via the Secure Sockets Layer (SSL) and Transport Layer
|
server via the Secure Sockets Layer (SSL) and Transport Layer
|
||||||
Security (TLS) protocols.
|
Security (TLS) protocols.
|
||||||
|
|
||||||
|
%package -n mod_md
|
||||||
|
Group: System Environment/Daemons
|
||||||
|
Summary: Certificate provisioning using ACME for the Apache HTTP Server
|
||||||
|
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
|
||||||
|
BuildRequires: jansson-devel, libcurl-devel
|
||||||
|
|
||||||
|
%description -n mod_md
|
||||||
|
This module manages common properties of domains for one or more
|
||||||
|
virtual hosts. Specifically it can use the ACME protocol (RFC Draft)
|
||||||
|
to automate certificate provisioning. These will be configured for
|
||||||
|
managed domains and their virtual hosts automatically. This includes
|
||||||
|
renewal of certificates before they expire.
|
||||||
|
|
||||||
%package -n mod_proxy_html
|
%package -n mod_proxy_html
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
Summary: HTML and XML content filters for the Apache HTTP Server
|
Summary: HTML and XML content filters for the Apache HTTP Server
|
||||||
@ -208,7 +223,7 @@ interface for storing and accessing per-user session data.
|
|||||||
%patch27 -p1 -b .icons
|
%patch27 -p1 -b .icons
|
||||||
%patch29 -p1 -b .systemd
|
%patch29 -p1 -b .systemd
|
||||||
%patch30 -p1 -b .cachehardmax
|
%patch30 -p1 -b .cachehardmax
|
||||||
%patch31 -p1 -b .sslmultiproxy
|
#patch31 -p1 -b .sslmultiproxy
|
||||||
%patch34 -p1 -b .socketactivation
|
%patch34 -p1 -b .socketactivation
|
||||||
%patch35 -p1 -b .sslciphdefault
|
%patch35 -p1 -b .sslciphdefault
|
||||||
%patch58 -p1 -b .r1738878
|
%patch58 -p1 -b .r1738878
|
||||||
@ -313,7 +328,8 @@ install -m 644 $RPM_SOURCE_DIR/README.confmod \
|
|||||||
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README
|
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README
|
||||||
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
|
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
|
||||||
00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
|
00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
|
||||||
01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf; do
|
01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf \
|
||||||
|
01-md.conf; do
|
||||||
install -m 644 -p $RPM_SOURCE_DIR/$f \
|
install -m 644 -p $RPM_SOURCE_DIR/$f \
|
||||||
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
|
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
|
||||||
done
|
done
|
||||||
@ -361,6 +377,7 @@ install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \
|
|||||||
|
|
||||||
# Other directories
|
# Other directories
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \
|
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \
|
||||||
|
$RPM_BUILD_ROOT%{_localstatedir}/lib/httpd \
|
||||||
$RPM_BUILD_ROOT/run/httpd/htcacheclean
|
$RPM_BUILD_ROOT/run/httpd/htcacheclean
|
||||||
|
|
||||||
# Substitute in defaults which are usually done (badly) by "make install"
|
# Substitute in defaults which are usually done (badly) by "make install"
|
||||||
@ -420,6 +437,7 @@ ln -s ../../pixmaps/poweredby.png \
|
|||||||
|
|
||||||
# symlinks for /etc/httpd
|
# symlinks for /etc/httpd
|
||||||
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
|
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
|
||||||
|
ln -s ../..%{_localstatedir}/lib/httpd $RPM_BUILD_ROOT/etc/httpd/state
|
||||||
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
|
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
|
||||||
ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
|
ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
|
||||||
|
|
||||||
@ -539,9 +557,6 @@ done
|
|||||||
set -x
|
set -x
|
||||||
exit $rv
|
exit $rv
|
||||||
|
|
||||||
%clean
|
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
|
|
||||||
@ -550,6 +565,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
|
|
||||||
%{_sysconfdir}/httpd/modules
|
%{_sysconfdir}/httpd/modules
|
||||||
%{_sysconfdir}/httpd/logs
|
%{_sysconfdir}/httpd/logs
|
||||||
|
%{_sysconfdir}/httpd/state
|
||||||
%{_sysconfdir}/httpd/run
|
%{_sysconfdir}/httpd/run
|
||||||
%dir %{_sysconfdir}/httpd/conf
|
%dir %{_sysconfdir}/httpd/conf
|
||||||
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
|
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
|
||||||
@ -587,6 +603,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_libdir}/httpd/modules/mod*.so
|
%{_libdir}/httpd/modules/mod*.so
|
||||||
%exclude %{_libdir}/httpd/modules/mod_auth_form.so
|
%exclude %{_libdir}/httpd/modules/mod_auth_form.so
|
||||||
%exclude %{_libdir}/httpd/modules/mod_ssl.so
|
%exclude %{_libdir}/httpd/modules/mod_ssl.so
|
||||||
|
%exclude %{_libdir}/httpd/modules/mod_md.so
|
||||||
%exclude %{_libdir}/httpd/modules/mod_*ldap.so
|
%exclude %{_libdir}/httpd/modules/mod_*ldap.so
|
||||||
%exclude %{_libdir}/httpd/modules/mod_proxy_html.so
|
%exclude %{_libdir}/httpd/modules/mod_proxy_html.so
|
||||||
%exclude %{_libdir}/httpd/modules/mod_xml2enc.so
|
%exclude %{_libdir}/httpd/modules/mod_xml2enc.so
|
||||||
@ -605,6 +622,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean
|
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean
|
||||||
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd
|
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd
|
||||||
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav
|
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav
|
||||||
|
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/httpd
|
||||||
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
|
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
|
||||||
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
|
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
|
||||||
|
|
||||||
@ -669,6 +687,11 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_libdir}/httpd/modules/mod_auth_form.so
|
%{_libdir}/httpd/modules/mod_auth_form.so
|
||||||
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
|
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
|
||||||
|
|
||||||
|
%files -n mod_md
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%{_libdir}/httpd/modules/mod_md.so
|
||||||
|
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-md.conf
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%{_includedir}/httpd
|
%{_includedir}/httpd
|
||||||
@ -680,6 +703,29 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_rpmconfigdir}/macros.d/macros.httpd
|
%{_rpmconfigdir}/macros.d/macros.httpd
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Mar 28 2018 Joe Orton <jorton@redhat.com> - 2.4.33-1
|
||||||
|
- rebase to 2.4.33 (#1560174)
|
||||||
|
- add mod_md subpackage; load mod_proxy_uwsgi by default
|
||||||
|
|
||||||
|
* Mon Mar 05 2018 Jitka Plesnikova <jplesnik@redhat.com> - 2.4.29-8
|
||||||
|
- Rebuilt with brotli 1.0.3
|
||||||
|
|
||||||
|
* Mon Feb 26 2018 Joe Orton <jorton@redhat.com> - 2.4.29-7
|
||||||
|
- simplify liblua detection in configure
|
||||||
|
|
||||||
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.29-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jan 27 2018 Joe Orton <jorton@redhat.com> - 2.4.29-5
|
||||||
|
- link mod_lua against -lcrypt (#1538992)
|
||||||
|
|
||||||
|
* Fri Jan 26 2018 Paul Howarth <paul@city-fan.org> - 2.4.29-4
|
||||||
|
- Rebuild with updated flags to work around compiler issues on i686
|
||||||
|
(#1538648, #1538693)
|
||||||
|
|
||||||
|
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 2.4.29-3
|
||||||
|
- Rebuilt for switch to libxcrypt
|
||||||
|
|
||||||
* Thu Nov 23 2017 Joe Orton <jorton@redhat.com> - 2.4.29-2
|
* Thu Nov 23 2017 Joe Orton <jorton@redhat.com> - 2.4.29-2
|
||||||
- build and load mod_brotli
|
- build and load mod_brotli
|
||||||
|
|
||||||
@ -716,12 +762,8 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
- use sscg defaults; append CA cert to generated cert
|
- use sscg defaults; append CA cert to generated cert
|
||||||
- document httpd-init.service in httpd-init.service(8)
|
- document httpd-init.service in httpd-init.service(8)
|
||||||
|
|
||||||
* Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-8
|
|
||||||
- Address CVE-2017-9798 by applying patch from upstream (#1490344)
|
|
||||||
|
|
||||||
* Wed Sep 20 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-8.1
|
* Wed Sep 20 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-8.1
|
||||||
- Generate SSL certificates on service start, not %%posttrans
|
- Generate SSL certificates on service start, not %%posttrans
|
||||||
- Generate SSL certificates on service start, not %%posttrans
|
|
||||||
|
|
||||||
* Tue Sep 19 2017 Joe Orton <jorton@redhat.com> - 2.4.27-8
|
* Tue Sep 19 2017 Joe Orton <jorton@redhat.com> - 2.4.27-8
|
||||||
- move httpd.service.d, httpd.socket.d dirs to -filesystem
|
- move httpd.service.d, httpd.socket.d dirs to -filesystem
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (httpd-2.4.29.tar.bz2) = 840982fd3d21463bc5c1747f211dfacf3abdf634d149e49bb49fd2e5deda140de602dbdf31e1bbe5337a48f718ab2261c408e83a8dd39a9291ee7b6b7a85639a
|
SHA512 (httpd-2.4.33.tar.bz2) = e74b2b3346d67be45a8bc8a7cbb8eabf5c403a5cfe5797a976f94a539529843fbcdf03b9ca0548816b2cf37f4ce0eb301f8d5af25b1270fdf8dd9f5bf0585269
|
||||||
|
Loading…
Reference in New Issue
Block a user