diff --git a/.gitignore b/.gitignore index ea4148c..13567f6 100644 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,4 @@ x86_64 /KEYS /httpd-2.4.46.tar.bz2.asc /httpd-2.4.48.tar.bz2.asc +/httpd-2.4.49.tar.bz2.asc diff --git a/httpd-2.4.48-r1869842.patch b/httpd-2.4.48-r1869842.patch deleted file mode 100644 index 7629a13..0000000 --- a/httpd-2.4.48-r1869842.patch +++ /dev/null @@ -1,117 +0,0 @@ -# ./pullrev.sh 1869842 -http://svn.apache.org/viewvc?view=revision&revision=1869842 - ---- httpd-2.4.48/modules/ssl/ssl_engine_config.c.r1869842 -+++ httpd-2.4.48/modules/ssl/ssl_engine_config.c -@@ -75,6 +75,10 @@ - mc->stapling_refresh_mutex = NULL; - #endif - -+#ifdef HAVE_OPENSSL_KEYLOG -+ mc->keylog_file = NULL; -+#endif -+ - apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY, - apr_pool_cleanup_null, - pool); ---- httpd-2.4.48/modules/ssl/ssl_engine_init.c.r1869842 -+++ httpd-2.4.48/modules/ssl/ssl_engine_init.c -@@ -445,6 +445,28 @@ - init_bio_methods(); - #endif - -+#ifdef HAVE_OPENSSL_KEYLOG -+ { -+ const char *logfn = getenv("SSLKEYLOGFILE"); -+ -+ if (logfn) { -+ rv = apr_file_open(&mc->keylog_file, logfn, -+ APR_FOPEN_CREATE|APR_FOPEN_WRITE|APR_FOPEN_APPEND|APR_FOPEN_LARGEFILE, -+ APR_FPROT_UREAD|APR_FPROT_UWRITE, -+ mc->pPool); -+ if (rv) { -+ ap_log_error(APLOG_MARK, APLOG_NOTICE, rv, s, APLOGNO(10226) -+ "Could not open log file '%s' configured via SSLKEYLOGFILE", -+ logfn); -+ return rv; -+ } -+ -+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, APLOGNO(10227) -+ "Init: Logging SSL private key material to %s", logfn); -+ } -+ } -+#endif -+ - return OK; - } - -@@ -806,6 +828,12 @@ - * https://github.com/openssl/openssl/issues/7178 */ - SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); - #endif -+ -+#ifdef HAVE_OPENSSL_KEYLOG -+ if (mctx->sc->mc->keylog_file) { -+ SSL_CTX_set_keylog_callback(ctx, modssl_callback_keylog); -+ } -+#endif - - return APR_SUCCESS; - } ---- httpd-2.4.48/modules/ssl/ssl_engine_kernel.c.r1869842 -+++ httpd-2.4.48/modules/ssl/ssl_engine_kernel.c -@@ -2822,3 +2822,17 @@ - } - - #endif /* HAVE_SRP */ -+ -+ -+#ifdef HAVE_OPENSSL_KEYLOG -+/* Callback used with SSL_CTX_set_keylog_callback. */ -+void modssl_callback_keylog(const SSL *ssl, const char *line) -+{ -+ conn_rec *conn = SSL_get_app_data(ssl); -+ SSLSrvConfigRec *sc = mySrvConfig(conn->base_server); -+ -+ if (sc && sc->mc->keylog_file) { -+ apr_file_printf(sc->mc->keylog_file, "%s\n", line); -+ } -+} -+#endif ---- httpd-2.4.48/modules/ssl/ssl_private.h.r1869842 -+++ httpd-2.4.48/modules/ssl/ssl_private.h -@@ -252,6 +252,10 @@ - #endif - #endif - -+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) -+#define HAVE_OPENSSL_KEYLOG -+#endif -+ - /* mod_ssl headers */ - #include "ssl_util_ssl.h" - -@@ -620,6 +624,11 @@ - apr_global_mutex_t *stapling_cache_mutex; - apr_global_mutex_t *stapling_refresh_mutex; - #endif -+ -+#ifdef HAVE_OPENSSL_KEYLOG -+ /* Used for logging if SSLKEYLOGFILE is set at startup. */ -+ apr_file_t *keylog_file; -+#endif - } SSLModConfigRec; - - /** Structure representing configured filenames for certs and keys for -@@ -979,6 +988,11 @@ - int ssl_callback_SRPServerParams(SSL *, int *, void *); - #endif - -+#ifdef HAVE_OPENSSL_KEYLOG -+/* Callback used with SSL_CTX_set_keylog_callback. */ -+void modssl_callback_keylog(const SSL *ssl, const char *line); -+#endif -+ - /** I/O */ - void ssl_io_filter_init(conn_rec *, request_rec *r, SSL *); - void ssl_io_filter_register(apr_pool_t *); diff --git a/httpd.spec b/httpd.spec index a501275..3660f74 100644 --- a/httpd.spec +++ b/httpd.spec @@ -12,8 +12,8 @@ Summary: Apache HTTP Server Name: httpd -Version: 2.4.48 -Release: 18%{?dist} +Version: 2.4.49 +Release: 1%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc @@ -76,7 +76,6 @@ Patch25: httpd-2.4.43-selinux.patch Patch26: httpd-2.4.43-gettid.patch Patch27: httpd-2.4.43-icons.patch Patch30: httpd-2.4.43-cachehardmax.patch -Patch32: httpd-2.4.48-r1869842.patch Patch34: httpd-2.4.43-socket-activation.patch Patch38: httpd-2.4.43-sslciphdefault.patch Patch39: httpd-2.4.43-sslprotdefault.patch @@ -244,7 +243,6 @@ written in the Lua programming language. %patch26 -p1 -b .gettid %patch27 -p1 -b .icons %patch30 -p1 -b .cachehardmax -%patch32 -p1 -b .r1869842 %patch34 -p1 -b .socketactivation %patch38 -p1 -b .sslciphdefault %patch39 -p1 -b .sslprotdefault @@ -809,6 +807,9 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Fri Sep 17 2021 Luboš Uhliarik - 2.4.49-1 +- new version 2.4.49 (#2005339) + * Wed Sep 15 2021 Luboš Uhliarik - 2.4.48-18 - Resolves: #2004143 - RFE: mod_ssl: allow sending multiple CA names which differ only in case diff --git a/sources b/sources index 5e6cb0c..8d356ef 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (httpd-2.4.48.tar.bz2) = 6c250626f1e7d10428a92d984fd48ff841effcc8705f7816ab71b681bbd51d0012ad158dcd13763fe7d630311f2de258b27574603140d648be42796ab8326724 -SHA512 (httpd-2.4.48.tar.bz2.asc) = 9f125de75107b04dd01f71e9e233b1602658b49e38371931b98dc1092be8df05cf7243b5564fa2f56f46544bef61a54a721dee5ca17ce823a2302a7c3698a195 -SHA512 (KEYS) = 7ab66c64eaa4a152e88a913993c8ea0d9c46fd5865788e7b32a9619784d245cef8bddd9700368e3d63ce88ed94df8933e5892878523dc0fce697331136bb829e +SHA512 (httpd-2.4.49.tar.bz2) = 418e277232cf30a81d02b8554e31aaae6433bbea842bdb81e47a609469395cc4891183fb6ee02bd669edb2392c2007869b19da29f5998b8fd5c7d3142db310dd +SHA512 (httpd-2.4.49.tar.bz2.asc) = f3d31cea838c2f965c6f7bea85afb85e4a12fbbcc5162fb8eebf2ba1e808326f99401e0c7f36bd4cb2f32bbac3c206d0bcb5f5b1b15237cb651c3b43d39f4cf4 +SHA512 (KEYS) = 88c848b7ab9e4915d6625dcad3e8328673b0448f2ce76f2c44eecc612cf6afbce3287a4ee7219a44c6fcc61d5ecb2a1a8545456a4a16b90400263d7249cbf192