diff --git a/.cvsignore b/.cvsignore
index c52b1d9..ed025a3 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-httpd-2.0.48.tar.gz
+httpd-2.0.49.tar.gz
diff --git a/httpd-2.0.48-release.patch b/httpd-2.0.48-release.patch
index 924d3c4..18c0c28 100644
--- a/httpd-2.0.48-release.patch
+++ b/httpd-2.0.48-release.patch
@@ -1,6 +1,6 @@
--- httpd-2.0.48/server/core.c.release
+++ httpd-2.0.48/server/core.c
-@@ -2429,7 +2429,7 @@
+@@ -2386,7 +2386,7 @@
ap_add_version_component(pconf, AP_SERVER_BASEPRODUCT "/" AP_SERVER_MAJORVERSION);
}
else {
diff --git a/httpd.conf b/httpd.conf
index 7d7f90d..e9947a5 100644
--- a/httpd.conf
+++ b/httpd.conf
@@ -565,6 +565,11 @@ AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ "/var/www/manual$1"
DAVLockDB /var/lib/dav/lockdb
+
+ # XML request bodies are loaded into memory; limit to 128K by default
+ LimitXMLRequestBody 131072
+
+
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
diff --git a/httpd.spec b/httpd.spec
index 580c9de..082fa99 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -6,8 +6,8 @@
Summary: Apache HTTP Server
Name: httpd
-Version: 2.0.48
-Release: 16.ent
+Version: 2.0.49
+Release: 2.ent
URL: http://httpd.apache.org/
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
Source1: index.html
@@ -30,7 +30,6 @@ Source33: README.confd
Patch1: httpd-2.0.40-apctl.patch
Patch2: httpd-2.0.36-apxs.patch
Patch3: httpd-2.0.48-linkmods.patch
-Patch4: httpd-2.0.45-parallel.patch
Patch5: httpd-2.0.45-deplibs.patch
Patch6: httpd-2.0.47-pie.patch
Patch7: httpd-2.0.45-syspcre.patch
@@ -38,38 +37,29 @@ Patch8: httpd-2.0.48-suexeclibs.patch
Patch9: httpd-2.0.48-vpathinc.patch
# Bug fixes
Patch20: httpd-2.0.45-encode.patch
-Patch21: httpd-2.0.45-davfs.patch
Patch22: httpd-2.0.45-davetag.patch
-Patch24: httpd-2.0.47-sslcleanup.patch
Patch25: httpd-2.0.47-ldapshm.patch
Patch26: httpd-2.0.46-shmcb.patch
Patch27: httpd-2.0.46-sslmutex.patch
-Patch28: httpd-2.0.46-sslio.patch
-Patch29: httpd-2.0.46-graceful.patch
-Patch30: httpd-2.0.46-metharray.patch
-Patch31: httpd-2.0.48-usertrack.patch
-Patch32: httpd-2.0.46-execfail.patch
-Patch33: httpd-2.0.46-logtimez.patch
-Patch34: httpd-2.0.46-sslerr.patch
Patch35: httpd-2.0.46-md5dig.patch
-Patch36: httpd-2.0.48-sslvars.patch
-Patch37: httpd-2.0.48-include.patch
-Patch38: httpd-2.0.48-autoindex.patch
Patch39: httpd-2.0.48-proxy11.patch
Patch40: httpd-2.0.48-sslpphrase.patch
Patch41: httpd-2.0.48-worker.patch
-Patch42: httpd-2.0.46-davbadfrag.patch
-Patch43: httpd-2.0.46-dav401dest.patch
+Patch44: httpd-2.0.48-workerhup.patch
+Patch45: httpd-2.0.48-davmisc.patch
+Patch46: httpd-2.0.48-limitxml.patch
+Patch47: httpd-2.0.48-vhost.patch
+Patch48: httpd-2.0.49-sslcache.patch
+Patch49: httpd-2.0.49-sslcleanup.patch
+Patch50: httpd-2.0.49-eocbucket.patch
# Features/functional changes
Patch70: httpd-2.0.48-release.patch
Patch71: httpd-2.0.40-xfsz.patch
Patch72: httpd-2.0.40-pod.patch
Patch73: httpd-2.0.40-noshmht.patch
-Patch74: httpd-2.0.45-proxy.patch
Patch75: httpd-2.0.45-export.patch
Patch76: httpd-2.0.48-dynlimit.patch
Patch77: httpd-2.0.48-dynamic.patch
-Patch78: httpd-2.0.48-status.patch
Patch79: httpd-2.0.48-sslstatus.patch
Patch80: httpd-2.0.48-corelimit.patch
Patch81: httpd-2.0.46-rolog.patch
@@ -77,10 +67,10 @@ Patch82: httpd-2.0.48-distcache.patch
Patch83: httpd-2.0.48-debuglog.patch
Patch84: httpd-2.0.48-abench.patch
Patch85: httpd-2.0.48-fdsetsize.patch
-# Security fixes
-Patch120: httpd-2.0.48-CAN-2003-0020.patch
-# Documentation fixes
-Patch170: httpd-2.0.48-manpages.patch
+Patch86: httpd-2.0.48-sslheader.patch
+Patch87: httpd-2.0.48-sslvars2.patch
+Patch88: httpd-2.0.48-rewritessl.patch
+Patch89: httpd-2.0.49-largefile.patch
License: Apache Software License
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-root
@@ -142,7 +132,6 @@ Security (TLS) protocols.
%patch1 -p0 -b .apctl
%patch2 -p1 -b .apxs
%patch3 -p1 -b .linkmods
-%patch4 -p1 -b .parallel
%patch5 -p1 -b .deplibs
%patch7 -p1 -b .syspcre
%patch8 -p1 -b .suexeclibs
@@ -150,37 +139,28 @@ Security (TLS) protocols.
# no -b to prevent droplets in install root
%patch20 -p1
-%patch21 -p1 -b .davfs
%patch22 -p1 -b .davetag
-%patch24 -p1 -b .sslcleanup
%patch25 -p1 -b .ldapshm
%patch26 -p1 -b .shmcb
%patch27 -p1 -b .sslmutex
-%patch28 -p1 -b .sslio
-%patch29 -p1 -b .graceful
-%patch30 -p1 -b .metharray
-%patch31 -p1 -b .usertrack
-%patch32 -p1 -b .execfail
-%patch33 -p1 -b .logtimez
-%patch34 -p1 -b .sslerr
%patch35 -p1 -b .md5dig
-%patch36 -p1 -b .sslvars
-%patch37 -p1 -b .include
-%patch38 -p1 -b .autoindex
-%patch39 -p1 -b .proxy11
+## %patch39 -p1 -b .proxy11 ### NEEDS MERGE
%patch40 -p1 -b .sslpphrase
%patch41 -p1 -b .worker
-%patch42 -p1 -b .davbadfrag
-%patch43 -p1 -b .dav401dest
+%patch44 -p1 -b .workerhup
+%patch45 -p1 -b .davmisc
+%patch46 -p1 -b .limitxml
+%patch47 -p1 -b .vhost
+%patch48 -p1 -b .sslcache
+%patch49 -p1 -b .sslcleanup
+%patch50 -p1 -b .eocbucket
%patch71 -p0 -b .xfsz
%patch72 -p0 -b .pod
%patch73 -p1 -b .noshmht
-%patch74 -p1 -b .proxy
%patch75 -p1 -b .export
%patch76 -p1 -b .dynlimit
%patch77 -p1 -b .dynamic
-%patch78 -p1 -b .status
%patch79 -p1 -b .sslstatus
%patch80 -p1 -b .corelimit
%patch81 -p1 -b .rolog
@@ -188,14 +168,17 @@ Security (TLS) protocols.
%patch83 -p1 -b .debuglog
%patch84 -p1 -b .abench
%patch85 -p1 -b .fdsetsize
-
-%patch120 -p1 -b .can0020
-
-%patch170 -p1 -b .manpages
+%patch86 -p1 -b .sslheader
+%patch87 -p1 -b .sslvars2
+%patch88 -p1 -b .rewritessl
+%patch89 -p1 -b .largefile
# Patch in vendor/release string
sed "s/@RELEASE@/%{vstring}/" < %{PATCH70} | patch -p1
+# Touch mod_ssl expression parser sources to prevent regenerating it
+touch modules/ssl/ssl_expr_*.[chyl]
+
# Safety check: prevent build if defined MMN does not equal upstream MMN.
vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
if test "x${vmmn}" != "x%{mmn}"; then
@@ -239,16 +222,14 @@ sed 's/@DISTRO@/%{distro}/' < $RPM_SOURCE_DIR/migration.xml > migration.xml
xmlto --skip-validation -x $RPM_SOURCE_DIR/html.xsl html-nochunks migration.xml
cp $RPM_SOURCE_DIR/migration.css . # make %%doc happy
-CFLAGS="$RPM_OPT_FLAGS -DSSL_EXPERIMENTAL_ENGINE"
-if pkg-config openssl ; then
+CFLAGS=$RPM_OPT_FLAGS
+CPPFLAGS="-DSSL_EXPERIMENTAL_ENGINE"
+if pkg-config openssl; then
# configure -C barfs with trailing spaces in CFLAGS
- CFLAGS="$CFLAGS `pkg-config --cflags openssl | sed 's/ *$//'`"
- AP_LIBS="$AP_LIBS `pkg-config --libs openssl`"
-else
- AP_LIBS="-lssl -lcrypto"
+ CPPFLAGS="$CPPFLAGS `pkg-config --cflags openssl | sed 's/ *$//'`"
+ SSL_LIBS="`pkg-config --libs openssl`"
fi
-export CFLAGS
-export AP_LIBS
+export CFLAGS CPPFLAGS SSL_LIBS
function mpmbuild()
{
@@ -438,9 +419,6 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.exp \
$RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \
$RPM_BUILD_ROOT%{contentdir}/cgi-bin/*
-# Remove headers which needn't be public
-rm -f $RPM_BUILD_ROOT%{_includedir}/httpd/{ssl_expr_parse.h,ssl_util_table.h}
-
# Make suexec a+rw so it can be stripped. %%files lists real permissions
chmod 755 $RPM_BUILD_ROOT%{_sbindir}/suexec
@@ -584,8 +562,36 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/httpd/build/libtool
%changelog
-* Thu Feb 26 2004 Joe Orton 2.0.48-16.ent
-- rebuild
+* Fri Mar 26 2004 Joe Orton 2.0.49-2
+- mod_ssl: fix session cache memory leak (Madhu Mathihalli)
+- mod_ssl: fix SEGV when trying to shutdown during pool cleanup
+- merge the mod_proxy HTTP/1.1-compliance fixes
+- apply fix for #118020
+
+* Thu Mar 18 2004 Joe Orton 2.0.49-1
+- update to 2.0.49 (#118798, thanks to Robert Scheck)
+- only link ab and mod_ssl against SSL_LIBS
+- open log files using APR_LARGEFILE where available
+
+* Wed Mar 17 2004 Joe Orton 2.0.48-18
+- add fix for #118020
+- ssl.conf tweaks: seed SSL PRNG with 256 bytes from /dev/urandom
+
+* Mon Mar 15 2004 Joe Orton 2.0.48-17
+- use "SSLMutex default" in default ssl.conf
+- limit to 128K XML request bodies in default httpd.conf; fix to
+ give a 413 error not a 400 if the limit is exceeded
+- mod_rewrite: add %%{SSL:...} and %%{HTTPS} variable lookups
+- mod_dav: propagate executable property across COPY/MOVE
+- mod_dav: give 507 on out-of-space errors in more places
+- mod_ssl: add ssl_is_https optional function
+- mod_ssl: support indexed lookup of DN components
+- mod_ssl: optimised variable lookup
+- mod_ssl: install only minimal mod_ssl.h
+- worker: fix potential hang at restart
+
+* Tue Mar 02 2004 Elliot Lee 2.0.48-16.1
+- rebuilt
* Mon Feb 23 2004 Joe Orton 2.0.48-16
- fix apxs -q installbuilddir
diff --git a/sources b/sources
index ce3f6db..017e9fb 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-466c63bb71b710d20a5c353df8c1a19c httpd-2.0.48.tar.gz
+275d3d37eed1b070f333d3618f7d1954 httpd-2.0.49.tar.gz
diff --git a/ssl.conf b/ssl.conf
index ffcd9ff..9e0a65a 100644
--- a/ssl.conf
+++ b/ssl.conf
@@ -3,10 +3,6 @@
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see
-#
-# For the moment, see for this info.
-# The documents are still being prepared from material donated by the
-# modssl project.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
@@ -26,13 +22,6 @@ LoadModule ssl_module modules/mod_ssl.so
#
Listen 443
-#
-# Dynamic Shared Object (DSO) Support
-#
-# To be able to use the functionality of a module which was built as a DSO you
-# ErrorLog logs/dummy-host.example.com-error_log
-# CustomLog logs/dummy-host.example.com-access_log common
-
##
## SSL Global Context
##
@@ -64,7 +53,7 @@ SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
-SSLMutex file:logs/ssl_mutex
+SSLMutex default
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
@@ -76,10 +65,9 @@ SSLMutex file:logs/ssl_mutex
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
-SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
-#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
@@ -99,14 +87,15 @@ SSLCryptoDevice builtin
-# General setup for the virtual host, inherited from global configuration
+# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
-#ServerName new.host.name:443
-#ServerAdmin you@your.address
+#ServerName www.example.com:443
-# Use separate log files:
+# Use separate log files for the SSL virtual host; note that LogLevel
+# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
+LogLevel warn
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.