diff --git a/.gitignore b/.gitignore index 2abdf3f..455deea 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ x86_64 /httpd-2.4.12.tar.bz2 /httpd-2.4.16.tar.bz2 /httpd-2.4.17.tar.bz2 +/httpd-2.4.18.tar.bz2 diff --git a/httpd-2.4.6-sslmultiproxy.patch b/httpd-2.4.18-sslmultiproxy.patch similarity index 68% rename from httpd-2.4.6-sslmultiproxy.patch rename to httpd-2.4.18-sslmultiproxy.patch index f8a3b4b..3f00f3f 100644 --- a/httpd-2.4.6-sslmultiproxy.patch +++ b/httpd-2.4.18-sslmultiproxy.patch @@ -1,9 +1,8 @@ - -Ugly hack to enable mod_ssl and mod_nss to "share" hooks. - ---- httpd-2.4.6/modules/ssl/mod_ssl.c.sslmultiproxy -+++ httpd-2.4.6/modules/ssl/mod_ssl.c -@@ -369,6 +369,9 @@ static SSLConnRec *ssl_init_connection_c +diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c +index 717a694..a3ce718 100644 +--- a/modules/ssl/mod_ssl.c ++++ b/modules/ssl/mod_ssl.c +@@ -395,6 +395,9 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c) return sslconn; } @@ -13,7 +12,7 @@ Ugly hack to enable mod_ssl and mod_nss to "share" hooks. int ssl_proxy_enable(conn_rec *c) { SSLSrvConfigRec *sc; -@@ -377,6 +380,12 @@ int ssl_proxy_enable(conn_rec *c) +@@ -403,6 +406,12 @@ int ssl_proxy_enable(conn_rec *c) sc = mySrvConfig(sslconn->server); if (!sc->proxy_enabled) { @@ -26,7 +25,7 @@ Ugly hack to enable mod_ssl and mod_nss to "share" hooks. ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01961) "SSL Proxy requested for %s but not enabled " "[Hint: SSLProxyEngine]", sc->vhost_id); -@@ -396,6 +405,10 @@ int ssl_engine_disable(conn_rec *c) +@@ -422,6 +431,10 @@ int ssl_engine_disable(conn_rec *c) SSLConnRec *sslconn = myConnConfig(c); @@ -37,7 +36,7 @@ Ugly hack to enable mod_ssl and mod_nss to "share" hooks. if (sslconn) { sc = mySrvConfig(sslconn->server); } -@@ -612,6 +625,9 @@ static void ssl_register_hooks(apr_pool_ +@@ -621,6 +634,9 @@ static void ssl_register_hooks(apr_pool_t *p) ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE); ssl_var_register(p); @@ -47,26 +46,31 @@ Ugly hack to enable mod_ssl and mod_nss to "share" hooks. APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable); APR_REGISTER_OPTIONAL_FN(ssl_engine_disable); ---- httpd-2.4.6/modules/ssl/ssl_engine_vars.c.sslmultiproxy -+++ httpd-2.4.6/modules/ssl/ssl_engine_vars.c -@@ -53,10 +53,15 @@ static void ssl_var_lookup_ssl_cipher_b +diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c +index a6b0d0d..24fd8c7 100644 +--- a/modules/ssl/ssl_engine_vars.c ++++ b/modules/ssl/ssl_engine_vars.c +@@ -54,6 +54,8 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, SSLConnRec *sslconn, char + static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize); static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var); static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl); - +static APR_OPTIONAL_FN_TYPE(ssl_is_https) *othermod_is_https; +static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *othermod_var_lookup; -+ + + static SSLConnRec *ssl_get_effective_config(conn_rec *c) + { +@@ -68,7 +70,9 @@ static SSLConnRec *ssl_get_effective_config(conn_rec *c) static int ssl_is_https(conn_rec *c) { - SSLConnRec *sslconn = myConnConfig(c); + SSLConnRec *sslconn = ssl_get_effective_config(c); - return sslconn && sslconn->ssl; -+ ++ + return (sslconn && sslconn->ssl) + || (othermod_is_https && othermod_is_https(c)); } static const char var_interface[] = "mod_ssl/" AP_SERVER_BASEREVISION; -@@ -106,6 +111,9 @@ void ssl_var_register(apr_pool_t *p) +@@ -137,6 +141,9 @@ void ssl_var_register(apr_pool_t *p) { char *cp, *cp2; @@ -76,10 +80,10 @@ Ugly hack to enable mod_ssl and mod_nss to "share" hooks. APR_REGISTER_OPTIONAL_FN(ssl_is_https); APR_REGISTER_OPTIONAL_FN(ssl_var_lookup); APR_REGISTER_OPTIONAL_FN(ssl_ext_list); -@@ -241,6 +249,15 @@ char *ssl_var_lookup(apr_pool_t *p, serv +@@ -272,6 +279,15 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, */ if (result == NULL && c != NULL) { - SSLConnRec *sslconn = myConnConfig(c); + SSLConnRec *sslconn = ssl_get_effective_config(c); + + if (strlen(var) > 4 && strcEQn(var, "SSL_", 4) + && (!sslconn || !sslconn->ssl) && othermod_var_lookup) { @@ -91,4 +95,4 @@ Ugly hack to enable mod_ssl and mod_nss to "share" hooks. + if (strlen(var) > 4 && strcEQn(var, "SSL_", 4) && sslconn && sslconn->ssl) - result = ssl_var_lookup_ssl(p, c, r, var+4); + result = ssl_var_lookup_ssl(p, sslconn, r, var+4); diff --git a/httpd.spec b/httpd.spec index 6318a9e..4a1b3e6 100644 --- a/httpd.spec +++ b/httpd.spec @@ -7,8 +7,8 @@ Summary: Apache HTTP Server Name: httpd -Version: 2.4.17 -Release: 4%{?dist} +Version: 2.4.18 +Release: 1%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -59,7 +59,7 @@ Patch26: httpd-2.4.4-r1337344+.patch Patch27: httpd-2.4.2-icons.patch Patch29: httpd-2.4.10-mod_systemd.patch Patch30: httpd-2.4.4-cachehardmax.patch -Patch31: httpd-2.4.6-sslmultiproxy.patch +Patch31: httpd-2.4.18-sslmultiproxy.patch Patch34: httpd-2.4.17-socket-activation.patch Patch35: httpd-2.4.17-sslciphdefault.patch # Bug fixes @@ -675,6 +675,9 @@ rm -rf $RPM_BUILD_ROOT %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Mon Dec 14 2015 Jan Kaluza - 2.4.18-1 +- update to new version 2.4.18 + * Wed Dec 9 2015 Joe Orton - 2.4.17-4 - re-enable mod_asis due to popular demand (#1284315) diff --git a/sources b/sources index c7410a8..101e022 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -cf4dfee11132cde836022f196611a8b7 httpd-2.4.17.tar.bz2 +3690b3cc991b7dfd22aea9e1264a11b9 httpd-2.4.18.tar.bz2