- add security fix for CVE CAN-2004-0942 (memory consumption DoS)
- SELinux: run httpd -t under runcon in configtest (Steven Smalley) - fix SSLSessionCache comment for distcache in ssl.conf - restart using SIGHUP not SIGUSR1 after logrotate - add ap_save_brigade fix (upstream #31247) - mod_ssl: fix possible segfault in auth hook (upstream #31848) - add htsslpass(1) and configure as default SSLPassPhraseDialog (#128677) - apachectl: restore use of $OPTIONS - apachectl, httpd.init: refuse to restart if $HTTPD -t fails - apachectl: run $HTTPD -t in user SELinux context for configtest - update for pcre-5.0 header locations
This commit is contained in:
		
							parent
							
								
									ff2220fd78
								
							
						
					
					
						commit
						7c0f3e466d
					
				
							
								
								
									
										4
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										4
									
								
								Makefile
									
									
									
									
									
								
							| @ -1,5 +1,5 @@ | |||||||
| # Makefile for source rpm: httpd
 | # Makefile for source rpm: httpd
 | ||||||
| # $Id: Makefile,v 1.4 2004/10/13 10:44:51 jorton Exp $
 | # $Id: Makefile,v 1.5 2004/10/13 16:35:07 jorton Exp $
 | ||||||
| NAME := httpd | NAME := httpd | ||||||
| SPECFILE = $(firstword $(wildcard *.spec)) | SPECFILE = $(firstword $(wildcard *.spec)) | ||||||
| UPSTREAM_CHECKS = asc | UPSTREAM_CHECKS = asc | ||||||
| @ -21,4 +21,4 @@ status.html: status.xml status-html.xsl | |||||||
| 	@xsltproc status-html.xsl $< > $@ | 	@xsltproc status-html.xsl $< > $@ | ||||||
| 
 | 
 | ||||||
| view-status: status.html | view-status: status.html | ||||||
| 	gnome-moz-remote `pwd`/$< | 	firefox -remote 'openFile($(shell pwd)/$<)' | ||||||
|  | |||||||
| @ -2,9 +2,9 @@ | |||||||
| Set SIGXFSZ to be ignored, so a write() beyond 2gb will fail with | Set SIGXFSZ to be ignored, so a write() beyond 2gb will fail with | ||||||
| E2BIG rather than killing the process | E2BIG rather than killing the process | ||||||
| 
 | 
 | ||||||
| Upstream-HEAD: omit | Upstream-HEAD: needed | ||||||
| Upstream-2.0: omit | Upstream-2.0: omit | ||||||
| Upstream-Status: Obsoleted by proper LFS support in APR | Upstream-Status: Obsoleted by proper LFS support in APR, do it anyway | ||||||
| Upstream-PR: 13511 | Upstream-PR: 13511 | ||||||
| 
 | 
 | ||||||
| --- ./server/mpm/prefork/prefork.c.xfsz	Wed Jul 17 22:39:55 2002
 | --- ./server/mpm/prefork/prefork.c.xfsz	Wed Jul 17 22:39:55 2002
 | ||||||
|  | |||||||
							
								
								
									
										14
									
								
								httpd.init
									
									
									
									
									
								
							
							
						
						
									
										14
									
								
								httpd.init
									
									
									
									
									
								
							| @ -73,11 +73,15 @@ stop() { | |||||||
| 	[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile} | 	[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile} | ||||||
| } | } | ||||||
| reload() { | reload() { | ||||||
| 	echo -n $"Reloading $prog: " |     if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t; then | ||||||
| 	check13 || exit 1 |         failure $"Configuration syntax check for $httpd, will not reload" | ||||||
| 	killproc $httpd -HUP |         RETVAL=$? | ||||||
| 	RETVAL=$? |     else | ||||||
| 	echo |         echo -n $"Reloading $prog: " | ||||||
|  |         killproc $httpd -HUP | ||||||
|  |         RETVAL=$? | ||||||
|  |         echo | ||||||
|  |     fi | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # See how we were called. | # See how we were called. | ||||||
|  | |||||||
| @ -3,6 +3,6 @@ | |||||||
|     notifempty |     notifempty | ||||||
|     sharedscripts |     sharedscripts | ||||||
|     postrotate |     postrotate | ||||||
| 	/bin/kill -USR1 `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true | 	/bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true | ||||||
|     endscript |     endscript | ||||||
| } | } | ||||||
|  | |||||||
							
								
								
									
										56
									
								
								httpd.spec
									
									
									
									
									
								
							
							
						
						
									
										56
									
								
								httpd.spec
									
									
									
									
									
								
							| @ -7,7 +7,7 @@ | |||||||
| Summary: Apache HTTP Server | Summary: Apache HTTP Server | ||||||
| Name: httpd | Name: httpd | ||||||
| Version: 2.0.52 | Version: 2.0.52 | ||||||
| Release: 5 | Release: 6 | ||||||
| URL: http://httpd.apache.org/ | URL: http://httpd.apache.org/ | ||||||
| Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz | Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz | ||||||
| Source1: index.html | Source1: index.html | ||||||
| @ -23,11 +23,13 @@ Source12: welcome.conf | |||||||
| Source13: manual.conf | Source13: manual.conf | ||||||
| Source14: mod_ssl-Makefile.crt | Source14: mod_ssl-Makefile.crt | ||||||
| Source15: mod_ssl-Makefile.crl | Source15: mod_ssl-Makefile.crl | ||||||
|  | Source16: htsslpass.c | ||||||
| # Documentation | # Documentation | ||||||
| Source30: migration.xml | Source30: migration.xml | ||||||
| Source31: migration.css | Source31: migration.css | ||||||
| Source32: html.xsl | Source32: html.xsl | ||||||
| Source33: README.confd | Source33: README.confd | ||||||
|  | Source34: htsslpass.xml | ||||||
| # build/scripts patches | # build/scripts patches | ||||||
| Patch1: httpd-2.0.40-apctl.patch | Patch1: httpd-2.0.40-apctl.patch | ||||||
| Patch2: httpd-2.0.36-apxs.patch | Patch2: httpd-2.0.36-apxs.patch | ||||||
| @ -49,6 +51,8 @@ Patch28: httpd-2.0.48-worker.patch | |||||||
| Patch29: httpd-2.0.48-workerhup.patch | Patch29: httpd-2.0.48-workerhup.patch | ||||||
| Patch30: httpd-2.0.48-davmisc.patch | Patch30: httpd-2.0.48-davmisc.patch | ||||||
| Patch39: httpd-2.0.50-reclaim.patch | Patch39: httpd-2.0.50-reclaim.patch | ||||||
|  | Patch40: httpd-2.0.52-sslauth.patch | ||||||
|  | Patch41: httpd-2.0.52-savebrigade.patch | ||||||
| # Features/functional changes | # Features/functional changes | ||||||
| Patch70: httpd-2.0.48-release.patch | Patch70: httpd-2.0.48-release.patch | ||||||
| Patch71: httpd-2.0.40-xfsz.patch | Patch71: httpd-2.0.40-xfsz.patch | ||||||
| @ -70,11 +74,13 @@ Patch91: httpd-2.0.46-testhook.patch | |||||||
| Patch92: httpd-2.0.46-dumpcerts.patch | Patch92: httpd-2.0.46-dumpcerts.patch | ||||||
| # Security fixes | # Security fixes | ||||||
| Patch120: httpd-2.0.52-CAN-2004-0885.patch | Patch120: httpd-2.0.52-CAN-2004-0885.patch | ||||||
|  | Patch121: httpd-2.0.52-CAN-2004-0942.patch | ||||||
| License: Apache Software License | License: Apache Software License | ||||||
| Group: System Environment/Daemons | Group: System Environment/Daemons | ||||||
| BuildRoot: %{_tmppath}/%{name}-root | BuildRoot: %{_tmppath}/%{name}-root | ||||||
| BuildRequires: db4-devel, expat-devel, findutils, perl, pkgconfig, xmlto >= 0.0.11 | BuildRequires: db4-devel, expat-devel, findutils, perl, pkgconfig, xmlto >= 0.0.11 | ||||||
| BuildRequires: apr-devel >= 0.9.4-20, apr-util-devel, pcre-devel, zlib-devel | BuildRequires: apr-devel >= 0.9.4-20, apr-util-devel, pcre-devel >= 5.0,  | ||||||
|  | BuildRequires: zlib-devel | ||||||
| Requires: /etc/mime.types, gawk, /usr/share/magic.mime, /usr/bin/find | Requires: /etc/mime.types, gawk, /usr/share/magic.mime, /usr/bin/find | ||||||
| Requires: httpd-suexec | Requires: httpd-suexec | ||||||
| Prereq: /sbin/chkconfig, /bin/mktemp, /bin/rm, /bin/mv | Prereq: /sbin/chkconfig, /bin/mktemp, /bin/rm, /bin/mv | ||||||
| @ -86,19 +92,20 @@ Obsoletes: mod_put, mod_roaming | |||||||
| Conflicts: pcre < 4.0 | Conflicts: pcre < 4.0 | ||||||
| 
 | 
 | ||||||
| %description | %description | ||||||
| Apache is a powerful, full-featured, efficient, and freely-available | The Apache HTTP Server is a powerful, full-featured, efficient, and | ||||||
| Web server. Apache is also the most popular Web server on the | freely-available Web server. The Apache HTTP Server is also the | ||||||
| Internet. | most popular Web server on the Internet. | ||||||
| 
 | 
 | ||||||
| %package devel | %package devel | ||||||
| Group: Development/Libraries | Group: Development/Libraries | ||||||
| Summary: Development tools for the Apache HTTP server. | Summary: Development tools for the Apache HTTP server. | ||||||
| Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel | Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel | ||||||
| Requires: apr-devel, apr-util-devel, httpd = %{version}, pcre-devel | Requires: apr-devel, apr-util-devel, httpd = %{version}, pcre-devel >= 5.0 | ||||||
| 
 | 
 | ||||||
| %description devel | %description devel | ||||||
| The httpd-devel package contains the APXS binary and other files | The httpd-devel package contains the APXS binary and other files | ||||||
| that you need to build Dynamic Shared Objects (DSOs) for Apache. | that you need to build Dynamic Shared Objects (DSOs) for the | ||||||
|  | Apache HTTP Server. | ||||||
| 
 | 
 | ||||||
| If you are installing the Apache HTTP server and you want to be | If you are installing the Apache HTTP server and you want to be | ||||||
| able to compile or develop additional modules for Apache, you need | able to compile or develop additional modules for Apache, you need | ||||||
| @ -161,6 +168,8 @@ executed by SSI pages) as a user other than the 'apache' user. | |||||||
| %patch29 -p1 -b .workerhup | %patch29 -p1 -b .workerhup | ||||||
| %patch30 -p1 -b .davmisc | %patch30 -p1 -b .davmisc | ||||||
| %patch39 -p1 -b .reclaim | %patch39 -p1 -b .reclaim | ||||||
|  | %patch40 -p1 -b .sslauth | ||||||
|  | %patch41 -p1 -b .savebrigade | ||||||
| 
 | 
 | ||||||
| %patch71 -p0 -b .xfsz | %patch71 -p0 -b .xfsz | ||||||
| %patch72 -p1 -b .pod | %patch72 -p1 -b .pod | ||||||
| @ -181,6 +190,7 @@ executed by SSI pages) as a user other than the 'apache' user. | |||||||
| %patch92 -p1 -b .dumpcerts | %patch92 -p1 -b .dumpcerts | ||||||
| 
 | 
 | ||||||
| %patch120 -p1 -b .can0885 | %patch120 -p1 -b .can0885 | ||||||
|  | %patch121 -p1 -b .can0942 | ||||||
| 
 | 
 | ||||||
| # Patch in vendor/release string | # Patch in vendor/release string | ||||||
| sed "s/@RELEASE@/%{vstring}/" < %{PATCH70} | patch -p1 | sed "s/@RELEASE@/%{vstring}/" < %{PATCH70} | patch -p1 | ||||||
| @ -231,8 +241,15 @@ sed 's/@DISTRO@/%{distro}/' < $RPM_SOURCE_DIR/migration.xml > migration.xml | |||||||
| xmlto -x $RPM_SOURCE_DIR/html.xsl html-nochunks migration.xml | xmlto -x $RPM_SOURCE_DIR/html.xsl html-nochunks migration.xml | ||||||
| cp $RPM_SOURCE_DIR/migration.css . # make %%doc happy | cp $RPM_SOURCE_DIR/migration.css . # make %%doc happy | ||||||
| 
 | 
 | ||||||
|  | # Build the htsslpass man page | ||||||
|  | xmlto man $RPM_SOURCE_DIR/htsslpass.xml | ||||||
|  | 
 | ||||||
|  | # Build htsslpass | ||||||
|  | cp $RPM_SOURCE_DIR/htsslpass.c . || exit 1 | ||||||
|  | gcc $RPM_OPT_FLAGS -Wall -Werror htsslpass.c -o htsslpass | ||||||
|  | 
 | ||||||
| CFLAGS=$RPM_OPT_FLAGS | CFLAGS=$RPM_OPT_FLAGS | ||||||
| CPPFLAGS="-DSSL_EXPERIMENTAL_ENGINE -I/usr/include/pcre" | CPPFLAGS="-DSSL_EXPERIMENTAL_ENGINE" | ||||||
| export CFLAGS CPPFLAGS | export CFLAGS CPPFLAGS | ||||||
| 
 | 
 | ||||||
| function mpmbuild() | function mpmbuild() | ||||||
| @ -302,7 +319,11 @@ popd | |||||||
| install -m 755 worker/httpd $RPM_BUILD_ROOT%{_sbindir}/httpd.worker | install -m 755 worker/httpd $RPM_BUILD_ROOT%{_sbindir}/httpd.worker | ||||||
| 
 | 
 | ||||||
| # link to system pcreposix.h | # link to system pcreposix.h | ||||||
| ln -s ../pcre/pcreposix.h $RPM_BUILD_ROOT%{_includedir}/httpd/pcreposix.h | ln -s ../pcreposix.h $RPM_BUILD_ROOT%{_includedir}/httpd/pcreposix.h | ||||||
|  | 
 | ||||||
|  | # install htsslpass(1) and man page | ||||||
|  | install -m 755 htsslpass $RPM_BUILD_ROOT%{_bindir}/htsslpass | ||||||
|  | install -m 644 htsslpass.1 $RPM_BUILD_ROOT%{_mandir}/man1/htsslpass.1 | ||||||
| 
 | 
 | ||||||
| # install conf file/directory | # install conf file/directory | ||||||
| mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d | mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d | ||||||
| @ -519,6 +540,7 @@ rm -rf $RPM_BUILD_ROOT | |||||||
| %{_sbindir}/httpd.worker | %{_sbindir}/httpd.worker | ||||||
| %{_sbindir}/apachectl | %{_sbindir}/apachectl | ||||||
| %{_sbindir}/rotatelogs | %{_sbindir}/rotatelogs | ||||||
|  | %exclude %{_bindir}/htsslpass | ||||||
| 
 | 
 | ||||||
| %dir %{_libdir}/httpd | %dir %{_libdir}/httpd | ||||||
| %dir %{_libdir}/httpd/modules | %dir %{_libdir}/httpd/modules | ||||||
| @ -544,6 +566,7 @@ rm -rf $RPM_BUILD_ROOT | |||||||
| %{_mandir}/man?/* | %{_mandir}/man?/* | ||||||
| %exclude %{_mandir}/man8/apxs.8* | %exclude %{_mandir}/man8/apxs.8* | ||||||
| %exclude %{_mandir}/man8/suexec.8* | %exclude %{_mandir}/man8/suexec.8* | ||||||
|  | %exclude %{_mandir}/man1/htsslpass.1* | ||||||
| 
 | 
 | ||||||
| %files manual | %files manual | ||||||
| %defattr(-,root,root) | %defattr(-,root,root) | ||||||
| @ -552,6 +575,8 @@ rm -rf $RPM_BUILD_ROOT | |||||||
| 
 | 
 | ||||||
| %files -n mod_ssl | %files -n mod_ssl | ||||||
| %defattr(-,root,root) | %defattr(-,root,root) | ||||||
|  | %{_bindir}/htsslpass | ||||||
|  | %{_mandir}/man1/htsslpass.1* | ||||||
| %{_libdir}/httpd/modules/mod_ssl.so | %{_libdir}/httpd/modules/mod_ssl.so | ||||||
| %config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf | %config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf | ||||||
| %attr(0700,root,root) %dir %{_sysconfdir}/httpd/conf/ssl.* | %attr(0700,root,root) %dir %{_sysconfdir}/httpd/conf/ssl.* | ||||||
| @ -579,6 +604,19 @@ rm -rf $RPM_BUILD_ROOT | |||||||
| %{_mandir}/man8/suexec.8* | %{_mandir}/man8/suexec.8* | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Tue Nov 16 2004 Joe Orton <jorton@redhat.com> 2.0.52-6 | ||||||
|  | - add security fix for CVE CAN-2004-0942 (memory consumption DoS) | ||||||
|  | - SELinux: run httpd -t under runcon in configtest (Steven Smalley) | ||||||
|  | - fix SSLSessionCache comment for distcache in ssl.conf | ||||||
|  | - restart using SIGHUP not SIGUSR1 after logrotate | ||||||
|  | - add ap_save_brigade fix (upstream #31247) | ||||||
|  | - mod_ssl: fix possible segfault in auth hook (upstream #31848) | ||||||
|  | - add htsslpass(1) and configure as default SSLPassPhraseDialog (#128677) | ||||||
|  | - apachectl: restore use of $OPTIONS | ||||||
|  | - apachectl, httpd.init: refuse to restart if $HTTPD -t fails | ||||||
|  | - apachectl: run $HTTPD -t in user SELinux context for configtest | ||||||
|  | - update for pcre-5.0 header locations | ||||||
|  | 
 | ||||||
| * Sat Nov 13 2004 Jeff Johnson <jbj@redhat.com> 2.0.52-5 | * Sat Nov 13 2004 Jeff Johnson <jbj@redhat.com> 2.0.52-5 | ||||||
| - rebuild against db-4.3.21 aware apr-util. | - rebuild against db-4.3.21 aware apr-util. | ||||||
| 
 | 
 | ||||||
|  | |||||||
							
								
								
									
										4
									
								
								ssl.conf
									
									
									
									
									
								
							
							
						
						
									
										4
									
								
								ssl.conf
									
									
									
									
									
								
							| @ -44,9 +44,7 @@ SSLPassPhraseDialog  builtin | |||||||
| #   Inter-Process Session Cache: | #   Inter-Process Session Cache: | ||||||
| #   Configure the SSL Session Cache: First the mechanism  | #   Configure the SSL Session Cache: First the mechanism  | ||||||
| #   to use and second the expiring timeout (in seconds). | #   to use and second the expiring timeout (in seconds). | ||||||
| #SSLSessionCache        none | #SSLSessionCache        dc:UNIX:/var/cache/mod_ssl/distcache | ||||||
| #SSLSessionCache        dbm:/var/cache/mod_ssl/scache(512000) |  | ||||||
| #SSLSessionCache        dc:UNIX/var/cache/mod_ssl/distcache |  | ||||||
| SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000) | SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000) | ||||||
| SSLSessionCacheTimeout  300 | SSLSessionCacheTimeout  300 | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user