Luboš Uhliarik
01bcbc5642
new version 2.4.28
2017-10-06 18:14:03 +02:00
Joe Orton
6d96e6a193
add notes on enabling httpd_graceful_shutdown boolean for prefork
2017-10-03 09:16:29 +01:00
Joe Orton
d31ea66d9d
drop Requires(post) for mod_ssl
2017-09-22 16:20:54 +01:00
Joe Orton
962c800331
better error handling in httpd-ssl-gencerts ( #1494556 )
...
Resolves: rhbz#1494556
2017-09-22 15:48:42 +01:00
Joe Orton
c094ba4827
Fix conditional.
2017-09-22 08:06:39 +01:00
Joe Orton
5ec11c5a4f
Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/httpd
2017-09-22 08:05:04 +01:00
Joe Orton
ccd2dc5050
Fix MPM defaults if building on RHEL, fix touch -r for 00-mpm.conf.
2017-09-22 08:03:13 +01:00
Stephen Gallagher
d614e8aa11
Require sscg 2.2.0 for creating service and CA certificates together
...
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-09-21 14:55:16 -04:00
Jeroen van Meeuwen (Ergo Project)
10a87792e5
Address CVE-2017-9798 by applying upstream patch
...
Reference RHBZ #1490344
2017-09-21 19:28:15 +02:00
Joe Orton
6a77761740
use sscg defaults; append CA cert to generated cert
...
document httpd-init.service in httpd-init.service(8)
2017-09-21 16:41:20 +01:00
Stephen Gallagher
180ad320f4
Generate SSL keys on service start
...
This defers the creation of self-signed SSL certificates to the
first time that httpd starts up. This has several advantages:
* Waiting until the first boot will help avoid some issues with
limited entropy in the install process.
* The certificates can be regenerated automatically whenever they
are removed, which helps with tools such as virt-sysprep
* The certificates are now generated by SSCG, which produces a
limited-trust CA alongside it that can be safely imported by a
client.
For more information on SSCG, see:
https://sgallagh.wordpress.com/2016/05/02/self-signed-ssltls-certificates-why-they-are-terrible-and-a-better-alternative/
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-09-20 15:00:20 -04:00
Joe Orton
e2185159ed
move httpd.service.d, httpd.socket.d dirs to -filesystem
2017-09-19 10:08:07 +01:00
Joe Orton
a7a88382f7
move httpd.service.d, httpd.socket.d dirs to -filesystem
2017-09-19 10:02:32 +01:00
Joe Orton
b022e3b523
add new content-length filter (upstream PR 61222)
2017-09-13 14:21:17 +01:00
Joe Orton
ddabcffa42
Switch to https:// URLs.
2017-08-04 13:19:55 +01:00
Fedora Release Engineering
da66bed0cf
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
2017-08-02 23:33:12 +00:00
Fedora Release Engineering
bd989fa784
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-26 12:53:42 +00:00
Joe Orton
adcaa34289
update mod_systemd (r1802251)
2017-07-18 09:25:14 +01:00
Joe Orton
e9d2120fbf
switch to event by default for Fedora 27 and later ( #1471708 )
...
Resolves: rhbz#1471708
2017-07-17 11:39:57 +01:00
Petr Písař
70d2b4ee4f
perl dependency renamed to perl-interpreter < https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules >
2017-07-12 14:54:15 +02:00
Luboš Uhliarik
06cde88ecf
Resolves : #1469959 - httpd update cleaned out /etc/sysconfig
2017-07-12 11:42:25 +02:00
Luboš Uhliarik
c6fd35316d
new version 2.4.27
2017-07-10 15:25:44 +02:00
Joe Orton
1205ddb60b
mod_proxy_fcgi: fix further regressions (PR 61202)
2017-06-30 17:01:34 +01:00
Luboš Uhliarik
fd6452a0f2
new version 2.4.26
2017-06-19 11:48:36 +02:00
Joe Orton
fce414a1c1
move unit man pages to section 8, add as Documentation= in units
2017-06-05 16:55:45 +01:00
Joe Orton
bbb988f0f4
add httpd.service.xml to Sources.
2017-05-19 11:10:34 +01:00
Joe Orton
710b63c5e0
add httpd.service(5) and httpd.socket(5) man pages
2017-05-19 11:04:53 +01:00
Joe Orton
dbcbdf8a73
require mod_http2, now packaged separately
2017-05-16 10:00:54 +01:00
Luboš Uhliarik
c58fda3be9
Resolves : #1397243 - Backport Apache Bug 53098 - mod_proxy_ajp:
...
patch to set worker secret passed to tomcat
2017-03-30 15:32:35 +02:00
Luboš Uhliarik
c79ba20a8d
Resolves : #1434916 - httpd.service: Failed with result timeout
2017-03-28 13:11:07 +02:00
Joe Orton
59afc1533e
link only httpd, not support/* against -lselinux -lsystemd
2017-03-24 17:05:26 +00:00
Fedora Release Engineering
65743a6b6a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
2017-02-10 12:45:49 +00:00
Joe Orton
33e6dce94a
mod_watchdog: restrict thread lifetime ( #1410883 )
...
Resolves: rhbz#1410883
2017-01-20 20:16:04 +00:00
Luboš Uhliarik
4e2c6125ac
Resolves : #1358875 - require nghttp2 >= 1.5.0
2016-12-22 16:58:29 +01:00
Luboš Uhliarik
ad0d0a1ae0
new version 2.4.25
2016-12-22 16:05:36 +01:00
Luboš Uhliarik
92e639b8c0
Resolves : #1401530 - CVE-2016-8740 httpd: Incomplete handling of
...
LimitRequestFields directive in mod_http2
2016-12-05 17:21:33 +01:00
Joe Orton
0d708eba11
fix build with OpenSSL 1.1 ( #1392900 )
...
- fix typos in ssl.conf (josef randinger, #1379407 )
Resolves: rhbz#1392900
Resolves: rhbz#1379407
2016-11-14 10:46:52 +00:00
Joe Orton
45529bc72a
synch ssl.conf with upstream
2016-11-02 11:33:05 +00:00
Joe Orton
70c651fe5c
no longer package /etc/sysconfig/httpd
2016-11-02 11:32:07 +00:00
Joe Orton
4a0435cd7b
add security fix for CVE-2016-5387
2016-07-18 16:31:52 +01:00
Joe Orton
17ef1b1f5e
load mod_watchdog by default ( #1353582 )
...
Resolves: rhbz#1325883
Resolves: rhbz#1353582
2016-07-07 19:29:00 +01:00
Joe Orton
53f8164b15
restore build of mod_proxy_fdpass ( #1325883 )
...
- improve check tests to catch configured-but-not-built modules
Resolves: rhbz#1325883
2016-07-07 15:27:42 +01:00
Joe Orton
a67a8d7392
update to 2.4.23 ( #1325883 , #1353203 )
...
- load mod_proxy_hcheck
- recommend use of "systemctl edit" in httpd.service
Resolves: rhbz#1353203
Resolves: rhbz#1325883
2016-07-07 13:22:30 +01:00
Petr Písař
aaf7efcca6
Mandatory Perl build-requires added < https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl >
2016-06-24 09:44:53 +02:00
Joe Orton
37b82598ea
have "apachectl graceful" start httpd if not running, per man page
2016-04-07 14:07:25 +01:00
Joe Orton
a4ba0cdfda
use redirects for lang-specific /manual/ URLs
2016-04-06 11:35:45 +01:00
Joe Orton
e67ea8a7b5
fix welcome page HTML validity (Ville Skyttä)
2016-03-18 13:08:34 +00:00
Joe Orton
0f2de0f53c
remove httpd pre script (duplicate of httpd-filesystem's)
...
- in httpd-filesystem pre script, create group/user iff non-existent
2016-03-18 10:18:52 +00:00
Dennis Gilmore
1a66c1a6dd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-03 23:56:42 +00:00
Jan Kaluza
c791d40a6b
update to new version 2.4.18
2015-12-14 09:43:41 +01:00
Joe Orton
47b967cd91
re-enable mod_asis due to popular demand ( #1284315 )
...
Resolves: rhbz#1284315
2015-12-09 16:51:03 +00:00
Jan Kaluza
6abf69b549
fix crash when using -X argument ( #1272234 )
2015-10-26 08:02:55 +01:00
Jan Kaluza
c2c03777d6
rebase socket activation patch to 2.4.17
2015-10-14 10:52:58 +02:00
Joe Orton
91a2788bce
update to 2.4.17 ( #1271224 )
...
- build, load mod_http2
- don't build mod_asis, mod_file_cache
- load mod_cache_socache, mod_proxy_wstunnel by default
- check every built mod_* is configured
- synch ssl.conf with upstream; disable SSLv3 by default
Resolves: rhbz#1271224
2015-10-14 09:06:30 +01:00
Jan Kaluza
c119a5ba7a
Add right tarball...
2015-07-16 09:36:06 +02:00
Jan Kaluza
0d4633dbd4
Add missing tarball
2015-07-16 09:28:27 +02:00
Jan Kaluza
1cdbc457b3
update to 2.4.16
2015-07-15 15:29:48 +02:00
Joe Orton
db205dad27
mod_ssl: use "localhost" in the dummy SSL cert if len(FQDN) > 59 chars
2015-07-07 09:41:55 +01:00
Dennis Gilmore
b274835c1b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-17 10:36:22 +00:00
Jan Kaluza
16a9524e26
update to 2.4.12
2015-03-27 09:33:08 +01:00
Jan Kaluza
571518a2a6
fix compilation with lua-5.3
2015-03-24 10:16:44 +01:00
Jan Kaluza
07b85b43f8
remove filter for auto-provides of httpd modules, it is not needed since F20
2015-03-24 09:41:33 +01:00
Jan Kaluza
af9996ce69
core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
...
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
- mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583)
- mod_lua: fix handling of the Require line when a LuaAuthzProvider is used
in multiple Require directives with different arguments (CVE-2014-8109)
2014-12-17 09:25:50 +01:00
Joe Orton
8c01244b34
require apr-util 1.5.x
2014-10-14 10:53:35 +01:00
Jan Kaluza
5d7dedd78c
use NoDelay and DeferAcceptSec in httpd.socket
2014-09-18 08:04:18 +02:00
Jan Kaluza
46346fae47
increase suexec minimum acceptable uid/gid to 1000 ( #1136391 )
2014-09-08 14:12:40 +02:00
Jan Kaluza
b430bfe6b0
fix hostname requirement and conflict with openssl-libs
2014-09-03 16:17:05 +02:00
Jan Kaluza
36930381bc
use KillMode=mixed in httpd.service ( #1135122 )
2014-09-01 09:32:54 +02:00
Joe Orton
92ee9cf626
set vstring based on /etc/os-release (Pat Riehecky, #1114539 )
...
Resolves: rhbz#1114539
2014-08-29 16:13:01 +01:00
Joe Orton
793563ad40
pull in httpd-filesystem as Requires(pre) ( #1128328 )
...
- fix cipher selection in default ssl.conf, depend on new OpenSSL (#1134348 )
- require hostname for mod_ssl post script (#1135118 )
Resolves: rhbz#1135118
Resolves: rhbz#1134348
Resolves: rhbz#1128328
2014-08-29 14:45:59 +01:00
Joe Orton
452da8d9b6
pull in httpd-filesystem as Requires(pre) ( #1128328 )
...
Resolves: rhbz#1128328
2014-08-29 14:35:18 +01:00
Jan Kaluza
94399e06f8
mod_systemd: updated to the latest version
...
- use -lsystemd instead of -lsystemd-daemon (#1125084 )
- fix possible crash in SIGINT handling (#958934 )
2014-08-22 12:11:38 +02:00
Joe Orton
4475e3e262
mod_ssl: treat "SSLCipherSuite PROFILE=..." as special ( #1109119 )
...
- switch default ssl.conf to use PROFILE=SYSTEM (#1109119 )
Resolves: rhbz#1109119
2014-08-21 11:32:44 +01:00
Peter Robinson
f65d1ef433
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-16 20:45:39 +00:00
Jan Kaluza
5ee418c3b4
add /usr/bin/useradd dependency to -filesystem requires
2014-08-15 09:34:45 +02:00
Jan Kaluza
34169cb8c8
fix creating apache user in pre script ( #1128328 )
2014-08-14 19:45:12 +02:00
Jan Kaluza
bb13a678b7
fix creating apache user in pre script ( #1128328 )
2014-08-14 19:41:29 +02:00
Joe Orton
b46475bf5a
enable mod_request by default for mod_auth_form
...
- move disabled-by-default modules from 00-base.conf to 00-optional.conf
2014-07-31 12:16:47 +01:00
Joe Orton
1fce54ba4f
expand variables in docdir example configs
2014-07-21 22:06:14 +01:00
Joe Orton
94c96741e2
update to 2.4.10
2014-07-21 22:05:49 +01:00
Jan Kaluza
572a5df9ee
add support for systemd socket activation ( #1111648 )
2014-07-08 15:52:58 +02:00
Jan Kaluza
63d5e3d13d
remove conf.modules.d from httpd-filesystem subpackage ( #1081453 )
2014-07-07 13:16:02 +02:00
Jan Kaluza
fa66d3ef87
add httpd-filesystem subpackage ( #1081453 )
2014-07-07 12:47:52 +02:00
Joe Orton
c0bdfa464b
mod_ssl: don't use the default OpenSSL cipher suite in ssl.conf ( #1109119 )
...
Resolves: rhbz#1109119
2014-06-20 10:54:36 +01:00
Dennis Gilmore
2d734473b0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-07 15:31:52 -05:00
Jan Kaluza
5b3da1ff0f
add support for SetHandler + proxy ( #1078970 )
2014-03-28 11:35:30 +01:00
Jan Kaluza
6228c46ec0
move macros from /etc/rpm to macros.d ( #1074277 )
...
- remove unused patches
2014-03-27 12:39:16 +01:00
Jan Kaluza
9f6ae98c27
update to 2.4.9
2014-03-18 07:55:27 +01:00
Joe Orton
8efab6ad85
use 2048-bit RSA key with SHA-256 signature in dummy certificate
2014-02-28 17:45:18 +00:00
Joe Orton
6a627fd53c
Create drop directory for systemd snippets
2014-02-28 08:10:10 +00:00
Joe Orton
15ab7bceeb
Create drop directory for systemd snippets
2014-02-28 08:09:14 +00:00
Jan Kaluza
a035f96c4e
remove provides of old MMN, because it contained double-dash ( #1068851 )
2014-02-27 12:03:34 +01:00
Jan Kaluza
567c7a9431
fix graceful restart using legacy actions
2014-02-20 12:19:52 +01:00
Joe Orton
a2e9cec246
conflict with pre-1.5.0 APR
...
- fix sslsninotreq patch
2013-12-12 14:13:38 +00:00
Joe Orton
ed353d03f2
update to 2.4.7 ( #1034071 )
2013-11-27 17:19:09 +00:00
Joe Orton
fdd0182ac0
switch to requiring system-logos-httpd ( #1031288 )
2013-11-22 19:03:44 +00:00
Joe Orton
353758d2ab
change mmnisa to drop "-" altogether
2013-11-12 12:45:29 +00:00
Joe Orton
b39251e583
drop ambiguous invalid "-" in RHS of httpd-mmn Provide, keeping old Provide
...
for transition
2013-11-12 09:54:01 +00:00
Jan Kaluza
13efaf1ac9
systemd: use {MAINPID} notation to ensure /bin/kill has always the second arg
2013-11-01 12:44:15 +01:00
Jan Kaluza
51fe77bc1f
systemd: use {MAINPID} notation to ensure /bin/kill has always the second arg
2013-11-01 12:43:40 +01:00