From c7d07f31b9738c8f1f0d5b31b87e8474541e4818 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Wed, 28 Mar 2018 20:18:58 +0100 Subject: [PATCH] rebase to 2.4.33 (#1560174) add mod_md subpackage; load mod_proxy_uwsgi by default --- 00-proxy.conf | 1 + 01-md.conf | 1 + httpd-2.4.27-r1822305.patch | 17 --- httpd-2.4.27-r1825147.patch | 35 ----- ...-export.patch => httpd-2.4.33-export.patch | 8 +- httpd-2.4.33-mddefault.patch | 21 +++ ...38878.patch => httpd-2.4.33-r1738878.patch | 133 +++++++++--------- ...patch => httpd-2.4.33-sslciphdefault.patch | 12 +- httpd.spec | 47 +++++-- sources | 2 +- 10 files changed, 135 insertions(+), 142 deletions(-) create mode 100644 01-md.conf delete mode 100644 httpd-2.4.27-r1822305.patch delete mode 100644 httpd-2.4.27-r1825147.patch rename httpd-2.4.4-export.patch => httpd-2.4.33-export.patch (75%) create mode 100644 httpd-2.4.33-mddefault.patch rename httpd-2.4.25-r1738878.patch => httpd-2.4.33-r1738878.patch (71%) rename httpd-2.4.17-sslciphdefault.patch => httpd-2.4.33-sslciphdefault.patch (75%) diff --git a/00-proxy.conf b/00-proxy.conf index 448eb63..f0f84c2 100644 --- a/00-proxy.conf +++ b/00-proxy.conf @@ -14,4 +14,5 @@ LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so LoadModule proxy_scgi_module modules/mod_proxy_scgi.so +LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so diff --git a/01-md.conf b/01-md.conf new file mode 100644 index 0000000..2739202 --- /dev/null +++ b/01-md.conf @@ -0,0 +1 @@ +LoadModule md_module modules/mod_md.so diff --git a/httpd-2.4.27-r1822305.patch b/httpd-2.4.27-r1822305.patch deleted file mode 100644 index d8c6a8c..0000000 --- a/httpd-2.4.27-r1822305.patch +++ /dev/null @@ -1,17 +0,0 @@ -# ./pullrev.sh 1822305 - -http://svn.apache.org/viewvc?view=revision&revision=1822305 - -https://bugzilla.redhat.com/show_bug.cgi?id=1538992 - ---- httpd-2.4.27/modules/lua/config.m4 -+++ httpd-2.4.27/modules/lua/config.m4 -@@ -104,7 +104,7 @@ - CHECK_LUA() - if test "x$enable_lua" != "xno" ; then - APR_ADDTO(MOD_INCLUDES, [$LUA_CFLAGS]) -- APR_ADDTO(MOD_LUA_LDADD, [$LUA_LIBS]) -+ APR_ADDTO(MOD_LUA_LDADD, [$LUA_LIBS $CRYPT_LIBS]) - fi - ]) - diff --git a/httpd-2.4.27-r1825147.patch b/httpd-2.4.27-r1825147.patch deleted file mode 100644 index 314ad2e..0000000 --- a/httpd-2.4.27-r1825147.patch +++ /dev/null @@ -1,35 +0,0 @@ -# ./pullrev.sh 1825147 -http://svn.apache.org/viewvc?view=revision&revision=1825147 - ---- httpd-2.4.27/modules/lua/config.m4 -+++ httpd-2.4.27/modules/lua/config.m4 -@@ -55,9 +55,16 @@ - test_paths="${lua_path}" - fi - --AC_CHECK_LIB(m, pow, lib_m="-lm") --AC_CHECK_LIB(m, sqrt, lib_m="-lm") --for x in $test_paths ; do -+if test -n "$PKGCONFIG" -a -z "$lua_path" \ -+ && $PKGCONFIG --atleast-version=5.1 lua; then -+ LUA_LIBS="`$PKGCONFIG --libs lua`" -+ LUA_CFLAGS="`$PKGCONFIG --cflags lua`" -+ LUA_VERSION="`$PKGCONFIG --modversion lua`" -+ AC_MSG_NOTICE([using Lua $LUA_VERSION configuration from pkg-config]) -+else -+ AC_CHECK_LIB(m, pow, lib_m="-lm") -+ AC_CHECK_LIB(m, sqrt, lib_m="-lm") -+ for x in $test_paths ; do - CHECK_LUA_PATH([${x}], [include/lua-5.3], [lib/lua-5.3], [lua-5.3]) - CHECK_LUA_PATH([${x}], [include/lua5.3], [lib], [lua5.3]) - CHECK_LUA_PATH([${x}], [include/lua53], [lib/lua53], [lua]) -@@ -71,7 +78,8 @@ - CHECK_LUA_PATH([${x}], [include/lua-5.1], [lib/lua-5.1], [lua-5.1]) - CHECK_LUA_PATH([${x}], [include/lua5.1], [lib], [lua5.1]) - CHECK_LUA_PATH([${x}], [include/lua51], [lib/lua51], [lua]) --done -+ done -+fi - - AC_SUBST(LUA_LIBS) - AC_SUBST(LUA_CFLAGS) diff --git a/httpd-2.4.4-export.patch b/httpd-2.4.33-export.patch similarity index 75% rename from httpd-2.4.4-export.patch rename to httpd-2.4.33-export.patch index eb670c6..9adf398 100644 --- a/httpd-2.4.4-export.patch +++ b/httpd-2.4.33-export.patch @@ -6,12 +6,12 @@ Upstream-HEAD: needed Upstream-2.0: omit Upstream-Status: EXPORT_DIRS change is conditional on using shared apr ---- httpd-2.4.4/server/Makefile.in.export -+++ httpd-2.4.4/server/Makefile.in -@@ -57,9 +57,6 @@ export_files: - ( for dir in $(EXPORT_DIRS); do \ +--- httpd-2.4.33/server/Makefile.in.export ++++ httpd-2.4.33/server/Makefile.in +@@ -60,9 +60,6 @@ ls $$dir/*.h ; \ done; \ + echo "$(top_srcdir)/server/mpm_fdqueue.h"; \ - for dir in $(EXPORT_DIRS_APR); do \ - ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ - done; \ diff --git a/httpd-2.4.33-mddefault.patch b/httpd-2.4.33-mddefault.patch new file mode 100644 index 0000000..9e82fb8 --- /dev/null +++ b/httpd-2.4.33-mddefault.patch @@ -0,0 +1,21 @@ + +Override default. + +--- httpd-2.4.33/modules/md/mod_md_config.c.mddefault ++++ httpd-2.4.33/modules/md/mod_md_config.c +@@ -54,10 +54,14 @@ + + #define DEF_VAL (-1) + ++#ifndef MD_DEFAULT_STORE_DIR ++#define MD_DEFAULT_STORE_DIR "state/md" ++#endif ++ + /* Default settings for the global conf */ + static md_mod_conf_t defmc = { + NULL, +- "md", ++ MD_DEFAULT_STORE_DIR, + NULL, + NULL, + 80, diff --git a/httpd-2.4.25-r1738878.patch b/httpd-2.4.33-r1738878.patch similarity index 71% rename from httpd-2.4.25-r1738878.patch rename to httpd-2.4.33-r1738878.patch index e4b46cc..d7ef42f 100644 --- a/httpd-2.4.25-r1738878.patch +++ b/httpd-2.4.33-r1738878.patch @@ -1,28 +1,9 @@ diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h index c119a7e..267150a 100644 ---- a/modules/proxy/ajp.h -+++ b/modules/proxy/ajp.h -@@ -413,12 +413,14 @@ apr_status_t ajp_ilink_receive(apr_socket_t *sock, ajp_msg_t *msg); - * @param sock backend socket - * @param r current request - * @param buffsize max size of the AJP packet. -+ * @param secret authentication secret - * @param uri requested uri - * @return APR_SUCCESS or error - */ - apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r, - apr_size_t buffsize, -- apr_uri_t *uri); -+ apr_uri_t *uri, -+ const char *secret); - - /** - * Read the ajp message and return the type of the message. -diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c -index 67353a7..680a8f3 100644 ---- a/modules/proxy/ajp_header.c -+++ b/modules/proxy/ajp_header.c -@@ -213,7 +213,8 @@ AJPV13_REQUEST/AJPV14_REQUEST= +diff -uap httpd-2.4.33/modules/proxy/ajp_header.c.r1738878 httpd-2.4.33/modules/proxy/ajp_header.c +--- httpd-2.4.33/modules/proxy/ajp_header.c.r1738878 ++++ httpd-2.4.33/modules/proxy/ajp_header.c +@@ -213,7 +213,8 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg, request_rec *r, @@ -32,7 +13,7 @@ index 67353a7..680a8f3 100644 { int method; apr_uint32_t i, num_headers = 0; -@@ -293,17 +294,15 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg, +@@ -293,17 +294,15 @@ i, elts[i].key, elts[i].val); } @@ -53,7 +34,7 @@ index 67353a7..680a8f3 100644 if (r->user) { if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) || -@@ -671,7 +670,8 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg, +@@ -671,7 +670,8 @@ apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r, apr_size_t buffsize, @@ -63,7 +44,7 @@ index 67353a7..680a8f3 100644 { ajp_msg_t *msg; apr_status_t rc; -@@ -683,7 +683,7 @@ apr_status_t ajp_send_header(apr_socket_t *sock, +@@ -683,7 +683,7 @@ return rc; } @@ -72,48 +53,29 @@ index 67353a7..680a8f3 100644 if (rc != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988) "ajp_send_header: ajp_marshal_into_msgb failed"); -diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c -index f6fb473..f693f63 100644 ---- a/modules/proxy/mod_proxy.c -+++ b/modules/proxy/mod_proxy.c -@@ -314,6 +314,12 @@ static const char *set_worker_param(apr_pool_t *p, - (int)sizeof(worker->s->upgrade)); - } - } -+ else if (!strcasecmp(key, "secret")) { -+ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) { -+ return apr_psprintf(p, "Secret length must be < %d characters", -+ (int)sizeof(worker->s->secret)); -+ } -+ } - else { - if (set_worker_hc_param_f) { - return set_worker_hc_param_f(p, s, worker, key, val, NULL); -diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h -index 8a0ad10..f92c185 100644 ---- a/modules/proxy/mod_proxy.h -+++ b/modules/proxy/mod_proxy.h -@@ -352,6 +352,7 @@ PROXY_WORKER_HC_FAIL ) - #define PROXY_WORKER_MAX_HOSTNAME_SIZE 64 - #define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE - #define PROXY_BALANCER_MAX_STICKY_SIZE 64 -+#define PROXY_WORKER_MAX_SECRET_SIZE 64 +diff -uap httpd-2.4.33/modules/proxy/ajp.h.r1738878 httpd-2.4.33/modules/proxy/ajp.h +--- httpd-2.4.33/modules/proxy/ajp.h.r1738878 ++++ httpd-2.4.33/modules/proxy/ajp.h +@@ -413,12 +413,14 @@ + * @param sock backend socket + * @param r current request + * @param buffsize max size of the AJP packet. ++ * @param secret authentication secret + * @param uri requested uri + * @return APR_SUCCESS or error + */ + apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r, + apr_size_t buffsize, +- apr_uri_t *uri); ++ apr_uri_t *uri, ++ const char *secret); - /* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names, - * dotted together(?) this would fit the below size (+ trailing NUL). -@@ -443,6 +444,7 @@ typedef struct { - hcmethod_t method; /* method to use for health check */ - apr_interval_time_t interval; - char upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */ -+ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */ - } proxy_worker_shared; - - #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared))) -diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c -index 051724e..e706518 100644 ---- a/modules/proxy/mod_proxy_ajp.c -+++ b/modules/proxy/mod_proxy_ajp.c -@@ -193,6 +193,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, + /** + * Read the ajp message and return the type of the message. +diff -uap httpd-2.4.33/modules/proxy/mod_proxy_ajp.c.r1738878 httpd-2.4.33/modules/proxy/mod_proxy_ajp.c +--- httpd-2.4.33/modules/proxy/mod_proxy_ajp.c.r1738878 ++++ httpd-2.4.33/modules/proxy/mod_proxy_ajp.c +@@ -193,6 +193,7 @@ apr_off_t content_length = 0; int original_status = r->status; const char *original_status_line = r->status_line; @@ -121,7 +83,7 @@ index 051724e..e706518 100644 if (psf->io_buffer_size_set) maxsize = psf->io_buffer_size; -@@ -202,12 +203,15 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, +@@ -202,12 +203,15 @@ maxsize = AJP_MSG_BUFFER_SZ; maxsize = APR_ALIGN(maxsize, 1024); @@ -138,3 +100,38 @@ index 051724e..e706518 100644 if (status != APR_SUCCESS) { conn->close = 1; ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868) +diff -uap httpd-2.4.33/modules/proxy/mod_proxy.c.r1738878 httpd-2.4.33/modules/proxy/mod_proxy.c +--- httpd-2.4.33/modules/proxy/mod_proxy.c.r1738878 ++++ httpd-2.4.33/modules/proxy/mod_proxy.c +@@ -318,6 +318,12 @@ + (int)sizeof(worker->s->upgrade)); + } + } ++ else if (!strcasecmp(key, "secret")) { ++ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) { ++ return apr_psprintf(p, "Secret length must be < %d characters", ++ (int)sizeof(worker->s->secret)); ++ } ++ } + else { + if (set_worker_hc_param_f) { + return set_worker_hc_param_f(p, s, worker, key, val, NULL); +diff -uap httpd-2.4.33/modules/proxy/mod_proxy.h.r1738878 httpd-2.4.33/modules/proxy/mod_proxy.h +--- httpd-2.4.33/modules/proxy/mod_proxy.h.r1738878 ++++ httpd-2.4.33/modules/proxy/mod_proxy.h +@@ -353,6 +353,7 @@ + #define PROXY_WORKER_MAX_HOSTNAME_SIZE 64 + #define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE + #define PROXY_BALANCER_MAX_STICKY_SIZE 64 ++#define PROXY_WORKER_MAX_SECRET_SIZE 64 + + #define PROXY_RFC1035_HOSTNAME_SIZE 256 + +@@ -447,6 +448,7 @@ + apr_interval_time_t interval; + char upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */ + char hostname_ex[PROXY_RFC1035_HOSTNAME_SIZE]; /* RFC1035 compliant version of the remote backend address */ ++ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */ + } proxy_worker_shared; + + #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared))) diff --git a/httpd-2.4.17-sslciphdefault.patch b/httpd-2.4.33-sslciphdefault.patch similarity index 75% rename from httpd-2.4.17-sslciphdefault.patch rename to httpd-2.4.33-sslciphdefault.patch index 8efc461..f2919b8 100644 --- a/httpd-2.4.17-sslciphdefault.patch +++ b/httpd-2.4.33-sslciphdefault.patch @@ -3,9 +3,9 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1109119 Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite. ---- httpd-2.4.17/modules/ssl/ssl_engine_config.c.sslciphdefault -+++ httpd-2.4.17/modules/ssl/ssl_engine_config.c -@@ -708,8 +708,10 @@ const char *ssl_cmd_SSLCipherSuite(cmd_p +--- httpd-2.4.33/modules/ssl/ssl_engine_config.c.sslciphdefault ++++ httpd-2.4.33/modules/ssl/ssl_engine_config.c +@@ -758,8 +758,10 @@ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; @@ -18,9 +18,9 @@ Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite. if (cmd->path) { dc->szCipherSuite = arg; -@@ -1428,8 +1430,10 @@ const char *ssl_cmd_SSLProxyCipherSuite( +@@ -1502,8 +1504,10 @@ { - SSLSrvConfigRec *sc = mySrvConfig(cmd->server); + SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; - /* always disable null and export ciphers */ - arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL); @@ -29,5 +29,5 @@ Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite. + if (strncmp(arg, "PROFILE=", 8) != 0) + arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL); - sc->proxy->auth.cipher_suite = arg; + dc->proxy->auth.cipher_suite = arg; diff --git a/httpd.spec b/httpd.spec index 2c97e1e..0ba512a 100644 --- a/httpd.spec +++ b/httpd.spec @@ -12,8 +12,8 @@ Summary: Apache HTTP Server Name: httpd -Version: 2.4.29 -Release: 8%{?dist} +Version: 2.4.33 +Release: 1%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -42,6 +42,7 @@ Source25: 01-session.conf Source26: 10-listen443.conf Source27: httpd.socket Source28: 00-optional.conf +Source29: 01-md.conf # Documentation Source30: README.confd Source31: README.confmod @@ -56,12 +57,10 @@ Patch2: httpd-2.4.9-apxs.patch Patch3: httpd-2.4.1-deplibs.patch Patch5: httpd-2.4.3-layout.patch Patch6: httpd-2.4.3-apctl-systemd.patch -Patch7: httpd-2.4.27-r1822305.patch -Patch8: httpd-2.4.27-r1825147.patch # Needed for socket activation and mod_systemd patch Patch19: httpd-2.4.25-detect-systemd.patch # Features/functional changes -Patch23: httpd-2.4.4-export.patch +Patch23: httpd-2.4.33-export.patch Patch24: httpd-2.4.1-corelimit.patch Patch25: httpd-2.4.25-selinux.patch Patch26: httpd-2.4.4-r1337344+.patch @@ -70,11 +69,11 @@ Patch29: httpd-2.4.27-systemd.patch Patch30: httpd-2.4.4-cachehardmax.patch Patch31: httpd-2.4.18-sslmultiproxy.patch Patch34: httpd-2.4.17-socket-activation.patch -Patch35: httpd-2.4.17-sslciphdefault.patch +Patch35: httpd-2.4.33-sslciphdefault.patch # Bug fixes # https://bugzilla.redhat.com/show_bug.cgi?id=1397243 -Patch58: httpd-2.4.25-r1738878.patch +Patch58: httpd-2.4.33-r1738878.patch # Security fixes @@ -163,6 +162,19 @@ The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. +%package -n mod_md +Group: System Environment/Daemons +Summary: Certificate provisioning using ACME for the Apache HTTP Server +Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} +BuildRequires: jansson-devel, libcurl-devel + +%description -n mod_md +This module manages common properties of domains for one or more +virtual hosts. Specifically it can use the ACME protocol (RFC Draft) +to automate certificate provisioning. These will be configured for +managed domains and their virtual hosts automatically. This includes +renewal of certificates before they expire. + %package -n mod_proxy_html Group: System Environment/Daemons Summary: HTML and XML content filters for the Apache HTTP Server @@ -201,8 +213,6 @@ interface for storing and accessing per-user session data. %patch3 -p1 -b .deplibs %patch5 -p1 -b .layout %patch6 -p1 -b .apctlsystemd -%patch7 -p1 -b .r1822305 -%patch8 -p1 -b .r1825147 %patch19 -p1 -b .detectsystemd @@ -213,7 +223,7 @@ interface for storing and accessing per-user session data. %patch27 -p1 -b .icons %patch29 -p1 -b .systemd %patch30 -p1 -b .cachehardmax -%patch31 -p1 -b .sslmultiproxy +#patch31 -p1 -b .sslmultiproxy %patch34 -p1 -b .socketactivation %patch35 -p1 -b .sslciphdefault %patch58 -p1 -b .r1738878 @@ -318,7 +328,8 @@ install -m 644 $RPM_SOURCE_DIR/README.confmod \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \ 00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \ - 01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf; do + 01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf \ + 01-md.conf; do install -m 644 -p $RPM_SOURCE_DIR/$f \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f done @@ -366,6 +377,7 @@ install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \ # Other directories mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \ + $RPM_BUILD_ROOT%{_localstatedir}/lib/httpd \ $RPM_BUILD_ROOT/run/httpd/htcacheclean # Substitute in defaults which are usually done (badly) by "make install" @@ -425,6 +437,7 @@ ln -s ../../pixmaps/poweredby.png \ # symlinks for /etc/httpd ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs +ln -s ../..%{_localstatedir}/lib/httpd $RPM_BUILD_ROOT/etc/httpd/state ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules @@ -552,6 +565,7 @@ exit $rv %{_sysconfdir}/httpd/modules %{_sysconfdir}/httpd/logs +%{_sysconfdir}/httpd/state %{_sysconfdir}/httpd/run %dir %{_sysconfdir}/httpd/conf %config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf @@ -589,6 +603,7 @@ exit $rv %{_libdir}/httpd/modules/mod*.so %exclude %{_libdir}/httpd/modules/mod_auth_form.so %exclude %{_libdir}/httpd/modules/mod_ssl.so +%exclude %{_libdir}/httpd/modules/mod_md.so %exclude %{_libdir}/httpd/modules/mod_*ldap.so %exclude %{_libdir}/httpd/modules/mod_proxy_html.so %exclude %{_libdir}/httpd/modules/mod_xml2enc.so @@ -607,6 +622,7 @@ exit $rv %attr(0700,apache,apache) %dir /run/httpd/htcacheclean %attr(0700,root,root) %dir %{_localstatedir}/log/httpd %attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav +%attr(0700,apache,apache) %dir %{_localstatedir}/lib/httpd %attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd %attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy @@ -671,6 +687,11 @@ exit $rv %{_libdir}/httpd/modules/mod_auth_form.so %config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf +%files -n mod_md +%defattr(-,root,root) +%{_libdir}/httpd/modules/mod_md.so +%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-md.conf + %files devel %defattr(-,root,root) %{_includedir}/httpd @@ -682,6 +703,10 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Wed Mar 28 2018 Joe Orton - 2.4.33-1 +- rebase to 2.4.33 (#1560174) +- add mod_md subpackage; load mod_proxy_uwsgi by default + * Mon Mar 05 2018 Jitka Plesnikova - 2.4.29-8 - Rebuilt with brotli 1.0.3 diff --git a/sources b/sources index 6978287..e8c3a89 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (httpd-2.4.29.tar.bz2) = 840982fd3d21463bc5c1747f211dfacf3abdf634d149e49bb49fd2e5deda140de602dbdf31e1bbe5337a48f718ab2261c408e83a8dd39a9291ee7b6b7a85639a +SHA512 (httpd-2.4.33.tar.bz2) = e74b2b3346d67be45a8bc8a7cbb8eabf5c403a5cfe5797a976f94a539529843fbcdf03b9ca0548816b2cf37f4ce0eb301f8d5af25b1270fdf8dd9f5bf0585269