new version 2.4.49 (#2005339)

Resolves: #2005339

.gitignore

@@ -39,3 +39,4 @@ x86_64
 /KEYS
 /httpd-2.4.46.tar.bz2.asc
 /httpd-2.4.48.tar.bz2.asc
+/httpd-2.4.49.tar.bz2.asc

httpd-2.4.48-r1869842.patch

@@ -1,117 +0,0 @@
-# ./pullrev.sh 1869842
-http://svn.apache.org/viewvc?view=revision&revision=1869842
-
---- httpd-2.4.48/modules/ssl/ssl_engine_config.c.r1869842
-+++ httpd-2.4.48/modules/ssl/ssl_engine_config.c
-@@ -75,6 +75,10 @@
-     mc->stapling_refresh_mutex = NULL;
- #endif
- 
-+#ifdef HAVE_OPENSSL_KEYLOG
-+    mc->keylog_file = NULL;
-+#endif
-+
-     apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY,
-                           apr_pool_cleanup_null,
-                           pool);
---- httpd-2.4.48/modules/ssl/ssl_engine_init.c.r1869842
-+++ httpd-2.4.48/modules/ssl/ssl_engine_init.c
-@@ -445,6 +445,28 @@
-     init_bio_methods();
- #endif
- 
-+#ifdef HAVE_OPENSSL_KEYLOG
-+    {
-+        const char *logfn = getenv("SSLKEYLOGFILE");
-+
-+        if (logfn) {
-+            rv = apr_file_open(&mc->keylog_file, logfn,
-+                               APR_FOPEN_CREATE|APR_FOPEN_WRITE|APR_FOPEN_APPEND|APR_FOPEN_LARGEFILE,
-+                               APR_FPROT_UREAD|APR_FPROT_UWRITE,
-+                               mc->pPool);
-+            if (rv) {
-+                ap_log_error(APLOG_MARK, APLOG_NOTICE, rv, s, APLOGNO(10226)
-+                             "Could not open log file '%s' configured via SSLKEYLOGFILE",
-+                             logfn);
-+                return rv;
-+            }
-+
-+            ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, APLOGNO(10227)
-+                         "Init: Logging SSL private key material to %s", logfn);
-+        }
-+    }
-+#endif
-+    
-     return OK;
- }
- 
-@@ -806,6 +828,12 @@
-      * https://github.com/openssl/openssl/issues/7178 */
-     SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
- #endif
-+
-+#ifdef HAVE_OPENSSL_KEYLOG
-+    if (mctx->sc->mc->keylog_file) {
-+        SSL_CTX_set_keylog_callback(ctx, modssl_callback_keylog);
-+    }
-+#endif
-     
-     return APR_SUCCESS;
- }
---- httpd-2.4.48/modules/ssl/ssl_engine_kernel.c.r1869842
-+++ httpd-2.4.48/modules/ssl/ssl_engine_kernel.c
-@@ -2822,3 +2822,17 @@
- }
- 
- #endif /* HAVE_SRP */
-+
-+
-+#ifdef HAVE_OPENSSL_KEYLOG
-+/* Callback used with SSL_CTX_set_keylog_callback. */
-+void modssl_callback_keylog(const SSL *ssl, const char *line)
-+{
-+    conn_rec *conn = SSL_get_app_data(ssl);
-+    SSLSrvConfigRec *sc = mySrvConfig(conn->base_server);
-+
-+    if (sc && sc->mc->keylog_file) {
-+        apr_file_printf(sc->mc->keylog_file, "%s\n", line);
-+    }
-+}
-+#endif
---- httpd-2.4.48/modules/ssl/ssl_private.h.r1869842
-+++ httpd-2.4.48/modules/ssl/ssl_private.h
-@@ -252,6 +252,10 @@
- #endif
- #endif
- 
-+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#define HAVE_OPENSSL_KEYLOG
-+#endif
-+
- /* mod_ssl headers */
- #include "ssl_util_ssl.h"
- 
-@@ -620,6 +624,11 @@
-     apr_global_mutex_t   *stapling_cache_mutex;
-     apr_global_mutex_t   *stapling_refresh_mutex;
- #endif
-+
-+#ifdef HAVE_OPENSSL_KEYLOG
-+    /* Used for logging if SSLKEYLOGFILE is set at startup. */
-+    apr_file_t      *keylog_file;
-+#endif
- } SSLModConfigRec;
- 
- /** Structure representing configured filenames for certs and keys for
-@@ -979,6 +988,11 @@
- int          ssl_callback_SRPServerParams(SSL *, int *, void *);
- #endif
- 
-+#ifdef HAVE_OPENSSL_KEYLOG
-+/* Callback used with SSL_CTX_set_keylog_callback. */
-+void         modssl_callback_keylog(const SSL *ssl, const char *line);
-+#endif
-+
- /**  I/O  */
- void         ssl_io_filter_init(conn_rec *, request_rec *r, SSL *);
- void         ssl_io_filter_register(apr_pool_t *);

httpd.spec

@@ -12,8 +12,8 @@
 
 Summary: Apache HTTP Server
 Name: httpd
-Version: 2.4.48
-Release: 18%{?dist}
+Version: 2.4.49
+Release: 1%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@@ -76,7 +76,6 @@ Patch25: httpd-2.4.43-selinux.patch
 Patch26: httpd-2.4.43-gettid.patch
 Patch27: httpd-2.4.43-icons.patch
 Patch30: httpd-2.4.43-cachehardmax.patch
-Patch32: httpd-2.4.48-r1869842.patch
 Patch34: httpd-2.4.43-socket-activation.patch
 Patch38: httpd-2.4.43-sslciphdefault.patch
 Patch39: httpd-2.4.43-sslprotdefault.patch
@@ -244,7 +243,6 @@ written in the Lua programming language.
 %patch26 -p1 -b .gettid
 %patch27 -p1 -b .icons
 %patch30 -p1 -b .cachehardmax
-%patch32 -p1 -b .r1869842
 %patch34 -p1 -b .socketactivation
 %patch38 -p1 -b .sslciphdefault
 %patch39 -p1 -b .sslprotdefault
@@ -809,6 +807,9 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Fri Sep 17 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.49-1
+- new version 2.4.49 (#2005339)
+
 * Wed Sep 15 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-18
 - Resolves: #2004143 - RFE: mod_ssl: allow sending multiple CA names which
   differ only in case

sources

@@ -1,3 +1,3 @@
-SHA512 (httpd-2.4.48.tar.bz2) = 6c250626f1e7d10428a92d984fd48ff841effcc8705f7816ab71b681bbd51d0012ad158dcd13763fe7d630311f2de258b27574603140d648be42796ab8326724
-SHA512 (httpd-2.4.48.tar.bz2.asc) = 9f125de75107b04dd01f71e9e233b1602658b49e38371931b98dc1092be8df05cf7243b5564fa2f56f46544bef61a54a721dee5ca17ce823a2302a7c3698a195
-SHA512 (KEYS) = 7ab66c64eaa4a152e88a913993c8ea0d9c46fd5865788e7b32a9619784d245cef8bddd9700368e3d63ce88ed94df8933e5892878523dc0fce697331136bb829e
+SHA512 (httpd-2.4.49.tar.bz2) = 418e277232cf30a81d02b8554e31aaae6433bbea842bdb81e47a609469395cc4891183fb6ee02bd669edb2392c2007869b19da29f5998b8fd5c7d3142db310dd
+SHA512 (httpd-2.4.49.tar.bz2.asc) = f3d31cea838c2f965c6f7bea85afb85e4a12fbbcc5162fb8eebf2ba1e808326f99401e0c7f36bd4cb2f32bbac3c206d0bcb5f5b1b15237cb651c3b43d39f4cf4
+SHA512 (KEYS) = 88c848b7ab9e4915d6625dcad3e8328673b0448f2ce76f2c44eecc612cf6afbce3287a4ee7219a44c6fcc61d5ecb2a1a8545456a4a16b90400263d7249cbf192