rpms/httpd
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- add security fix for CVE CAN-2004-0942 (memory consumption DoS)

Browse Source 
- SELinux: run httpd -t under runcon in configtest (Steven Smalley)
- fix SSLSessionCache comment for distcache in ssl.conf
- restart using SIGHUP not SIGUSR1 after logrotate
- add ap_save_brigade fix (upstream #31247)
- mod_ssl: fix possible segfault in auth hook (upstream #31848)
- add htsslpass(1) and configure as default SSLPassPhraseDialog (#128677)
- apachectl: restore use of $OPTIONS
- apachectl, httpd.init: refuse to restart if $HTTPD -t fails
- apachectl: run $HTTPD -t in user SELinux context for configtest
- update for pcre-5.0 header locations
This commit is contained in:
jorton 2004-11-18 11:59:52 +00:00
parent ff2220fd78
commit 7c0f3e466d
6 changed files with 62 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
View File

@ -1,5 +1,5 @@
# Makefile for source rpm: httpd # Makefile for source rpm: httpd
# $Id: Makefile,v 1.4 2004/10/13 10:44:51 jorton Exp $ # $Id: Makefile,v 1.5 2004/10/13 16:35:07 jorton Exp $
NAME := httpd NAME := httpd
SPECFILE = $(firstword $(wildcard *.spec)) SPECFILE = $(firstword $(wildcard *.spec))
UPSTREAM_CHECKS = asc UPSTREAM_CHECKS = asc
@ -21,4 +21,4 @@ status.html: status.xml status-html.xsl
@xsltproc status-html.xsl $< > $@ @xsltproc status-html.xsl $< > $@
view-status: status.html view-status: status.html
gnome-moz-remote `pwd`/$< firefox -remote 'openFile($(shell pwd)/$<)'

4
httpd-2.0.40-xfsz.patch
View File

@ -2,9 +2,9 @@
Set SIGXFSZ to be ignored, so a write() beyond 2gb will fail with Set SIGXFSZ to be ignored, so a write() beyond 2gb will fail with
E2BIG rather than killing the process E2BIG rather than killing the process
Upstream-HEAD: omit Upstream-HEAD: needed
Upstream-2.0: omit Upstream-2.0: omit
Upstream-Status: Obsoleted by proper LFS support in APR Upstream-Status: Obsoleted by proper LFS support in APR, do it anyway
Upstream-PR: 13511 Upstream-PR: 13511
--- ./server/mpm/prefork/prefork.c.xfsz Wed Jul 17 22:39:55 2002 --- ./server/mpm/prefork/prefork.c.xfsz Wed Jul 17 22:39:55 2002

6
httpd.init
View File

@ -73,11 +73,15 @@ stop() {
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile} [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
} }
reload() { reload() {
if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t; then
failure $"Configuration syntax check for $httpd, will not reload"
RETVAL=$?
else
echo -n $"Reloading $prog: " echo -n $"Reloading $prog: "
check13 || exit 1
killproc $httpd -HUP killproc $httpd -HUP
RETVAL=$? RETVAL=$?
echo echo
fi
} }
# See how we were called. # See how we were called.

2
httpd.logrotate
View File

@ -3,6 +3,6 @@
notifempty notifempty
sharedscripts sharedscripts
postrotate postrotate
/bin/kill -USR1 `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true /bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
endscript endscript
} }

56
httpd.spec
View File

@ -7,7 +7,7 @@
Summary: Apache HTTP Server Summary: Apache HTTP Server
Name: httpd Name: httpd
Version: 2.0.52 Version: 2.0.52
Release: 5 Release: 6
URL: http://httpd.apache.org/ URL: http://httpd.apache.org/
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
Source1: index.html Source1: index.html
@ -23,11 +23,13 @@ Source12: welcome.conf
Source13: manual.conf Source13: manual.conf
Source14: mod_ssl-Makefile.crt Source14: mod_ssl-Makefile.crt
Source15: mod_ssl-Makefile.crl Source15: mod_ssl-Makefile.crl
Source16: htsslpass.c
# Documentation # Documentation
Source30: migration.xml Source30: migration.xml
Source31: migration.css Source31: migration.css
Source32: html.xsl Source32: html.xsl
Source33: README.confd Source33: README.confd
Source34: htsslpass.xml
# build/scripts patches # build/scripts patches
Patch1: httpd-2.0.40-apctl.patch Patch1: httpd-2.0.40-apctl.patch
Patch2: httpd-2.0.36-apxs.patch Patch2: httpd-2.0.36-apxs.patch
@ -49,6 +51,8 @@ Patch28: httpd-2.0.48-worker.patch
Patch29: httpd-2.0.48-workerhup.patch Patch29: httpd-2.0.48-workerhup.patch
Patch30: httpd-2.0.48-davmisc.patch Patch30: httpd-2.0.48-davmisc.patch
Patch39: httpd-2.0.50-reclaim.patch Patch39: httpd-2.0.50-reclaim.patch
Patch40: httpd-2.0.52-sslauth.patch
Patch41: httpd-2.0.52-savebrigade.patch
# Features/functional changes # Features/functional changes
Patch70: httpd-2.0.48-release.patch Patch70: httpd-2.0.48-release.patch
Patch71: httpd-2.0.40-xfsz.patch Patch71: httpd-2.0.40-xfsz.patch
@ -70,11 +74,13 @@ Patch91: httpd-2.0.46-testhook.patch
Patch92: httpd-2.0.46-dumpcerts.patch Patch92: httpd-2.0.46-dumpcerts.patch
# Security fixes # Security fixes
Patch120: httpd-2.0.52-CAN-2004-0885.patch Patch120: httpd-2.0.52-CAN-2004-0885.patch
Patch121: httpd-2.0.52-CAN-2004-0942.patch
License: Apache Software License License: Apache Software License
Group: System Environment/Daemons Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-root BuildRoot: %{_tmppath}/%{name}-root
BuildRequires: db4-devel, expat-devel, findutils, perl, pkgconfig, xmlto >= 0.0.11 BuildRequires: db4-devel, expat-devel, findutils, perl, pkgconfig, xmlto >= 0.0.11
BuildRequires: apr-devel >= 0.9.4-20, apr-util-devel, pcre-devel, zlib-devel BuildRequires: apr-devel >= 0.9.4-20, apr-util-devel, pcre-devel >= 5.0,
BuildRequires: zlib-devel
Requires: /etc/mime.types, gawk, /usr/share/magic.mime, /usr/bin/find Requires: /etc/mime.types, gawk, /usr/share/magic.mime, /usr/bin/find
Requires: httpd-suexec Requires: httpd-suexec
Prereq: /sbin/chkconfig, /bin/mktemp, /bin/rm, /bin/mv Prereq: /sbin/chkconfig, /bin/mktemp, /bin/rm, /bin/mv
@ -86,19 +92,20 @@ Obsoletes: mod_put, mod_roaming
Conflicts: pcre < 4.0 Conflicts: pcre < 4.0
%description %description
Apache is a powerful, full-featured, efficient, and freely-available The Apache HTTP Server is a powerful, full-featured, efficient, and
Web server. Apache is also the most popular Web server on the freely-available Web server. The Apache HTTP Server is also the
Internet. most popular Web server on the Internet.
%package devel %package devel
Group: Development/Libraries Group: Development/Libraries
Summary: Development tools for the Apache HTTP server. Summary: Development tools for the Apache HTTP server.
Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
Requires: apr-devel, apr-util-devel, httpd = %{version}, pcre-devel Requires: apr-devel, apr-util-devel, httpd = %{version}, pcre-devel >= 5.0
%description devel %description devel
The httpd-devel package contains the APXS binary and other files The httpd-devel package contains the APXS binary and other files
that you need to build Dynamic Shared Objects (DSOs) for Apache. that you need to build Dynamic Shared Objects (DSOs) for the
Apache HTTP Server.
If you are installing the Apache HTTP server and you want to be If you are installing the Apache HTTP server and you want to be
able to compile or develop additional modules for Apache, you need able to compile or develop additional modules for Apache, you need
@ -161,6 +168,8 @@ executed by SSI pages) as a user other than the 'apache' user.
%patch29 -p1 -b .workerhup %patch29 -p1 -b .workerhup
%patch30 -p1 -b .davmisc %patch30 -p1 -b .davmisc
%patch39 -p1 -b .reclaim %patch39 -p1 -b .reclaim
%patch40 -p1 -b .sslauth
%patch41 -p1 -b .savebrigade
%patch71 -p0 -b .xfsz %patch71 -p0 -b .xfsz
%patch72 -p1 -b .pod %patch72 -p1 -b .pod
@ -181,6 +190,7 @@ executed by SSI pages) as a user other than the 'apache' user.
%patch92 -p1 -b .dumpcerts %patch92 -p1 -b .dumpcerts
%patch120 -p1 -b .can0885 %patch120 -p1 -b .can0885
%patch121 -p1 -b .can0942
# Patch in vendor/release string # Patch in vendor/release string
sed "s/@RELEASE@/%{vstring}/" < %{PATCH70} | patch -p1 sed "s/@RELEASE@/%{vstring}/" < %{PATCH70} | patch -p1
@ -231,8 +241,15 @@ sed 's/@DISTRO@/%{distro}/' < $RPM_SOURCE_DIR/migration.xml > migration.xml
xmlto -x $RPM_SOURCE_DIR/html.xsl html-nochunks migration.xml xmlto -x $RPM_SOURCE_DIR/html.xsl html-nochunks migration.xml
cp $RPM_SOURCE_DIR/migration.css . # make %%doc happy cp $RPM_SOURCE_DIR/migration.css . # make %%doc happy
# Build the htsslpass man page
xmlto man $RPM_SOURCE_DIR/htsslpass.xml
# Build htsslpass
cp $RPM_SOURCE_DIR/htsslpass.c . || exit 1
gcc $RPM_OPT_FLAGS -Wall -Werror htsslpass.c -o htsslpass
CFLAGS=$RPM_OPT_FLAGS CFLAGS=$RPM_OPT_FLAGS
CPPFLAGS="-DSSL_EXPERIMENTAL_ENGINE -I/usr/include/pcre" CPPFLAGS="-DSSL_EXPERIMENTAL_ENGINE"
export CFLAGS CPPFLAGS export CFLAGS CPPFLAGS
function mpmbuild() function mpmbuild()
@ -302,7 +319,11 @@ popd
install -m 755 worker/httpd $RPM_BUILD_ROOT%{_sbindir}/httpd.worker install -m 755 worker/httpd $RPM_BUILD_ROOT%{_sbindir}/httpd.worker
# link to system pcreposix.h # link to system pcreposix.h
ln -s ../pcre/pcreposix.h $RPM_BUILD_ROOT%{_includedir}/httpd/pcreposix.h ln -s ../pcreposix.h $RPM_BUILD_ROOT%{_includedir}/httpd/pcreposix.h
# install htsslpass(1) and man page
install -m 755 htsslpass $RPM_BUILD_ROOT%{_bindir}/htsslpass
install -m 644 htsslpass.1 $RPM_BUILD_ROOT%{_mandir}/man1/htsslpass.1
# install conf file/directory # install conf file/directory
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
@ -519,6 +540,7 @@ rm -rf $RPM_BUILD_ROOT
%{_sbindir}/httpd.worker %{_sbindir}/httpd.worker
%{_sbindir}/apachectl %{_sbindir}/apachectl
%{_sbindir}/rotatelogs %{_sbindir}/rotatelogs
%exclude %{_bindir}/htsslpass
%dir %{_libdir}/httpd %dir %{_libdir}/httpd
%dir %{_libdir}/httpd/modules %dir %{_libdir}/httpd/modules
@ -544,6 +566,7 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man?/* %{_mandir}/man?/*
%exclude %{_mandir}/man8/apxs.8* %exclude %{_mandir}/man8/apxs.8*
%exclude %{_mandir}/man8/suexec.8* %exclude %{_mandir}/man8/suexec.8*
%exclude %{_mandir}/man1/htsslpass.1*
%files manual %files manual
%defattr(-,root,root) %defattr(-,root,root)
@ -552,6 +575,8 @@ rm -rf $RPM_BUILD_ROOT
%files -n mod_ssl %files -n mod_ssl
%defattr(-,root,root) %defattr(-,root,root)
%{_bindir}/htsslpass
%{_mandir}/man1/htsslpass.1*
%{_libdir}/httpd/modules/mod_ssl.so %{_libdir}/httpd/modules/mod_ssl.so
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf %config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf
%attr(0700,root,root) %dir %{_sysconfdir}/httpd/conf/ssl.* %attr(0700,root,root) %dir %{_sysconfdir}/httpd/conf/ssl.*
@ -579,6 +604,19 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/suexec.8* %{_mandir}/man8/suexec.8*
%changelog %changelog
* Tue Nov 16 2004 Joe Orton <jorton@redhat.com> 2.0.52-6
- add security fix for CVE CAN-2004-0942 (memory consumption DoS)
- SELinux: run httpd -t under runcon in configtest (Steven Smalley)
- fix SSLSessionCache comment for distcache in ssl.conf
- restart using SIGHUP not SIGUSR1 after logrotate
- add ap_save_brigade fix (upstream #31247)
- mod_ssl: fix possible segfault in auth hook (upstream #31848)
- add htsslpass(1) and configure as default SSLPassPhraseDialog (#128677)
- apachectl: restore use of $OPTIONS
- apachectl, httpd.init: refuse to restart if $HTTPD -t fails
- apachectl: run $HTTPD -t in user SELinux context for configtest
- update for pcre-5.0 header locations
* Sat Nov 13 2004 Jeff Johnson <jbj@redhat.com> 2.0.52-5 * Sat Nov 13 2004 Jeff Johnson <jbj@redhat.com> 2.0.52-5
- rebuild against db-4.3.21 aware apr-util. - rebuild against db-4.3.21 aware apr-util.

4
ssl.conf
View File

@ -44,9 +44,7 @@ SSLPassPhraseDialog builtin
# Inter-Process Session Cache: # Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism # Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds). # to use and second the expiring timeout (in seconds).
#SSLSessionCache none #SSLSessionCache dc:UNIX:/var/cache/mod_ssl/distcache
#SSLSessionCache dbm:/var/cache/mod_ssl/scache(512000)
#SSLSessionCache dc:UNIX/var/cache/mod_ssl/distcache
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300 SSLSessionCacheTimeout 300