rpms/mod_md
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8-stream-2.4
Branches Tags
rpms:c8-stream-2.4
rpms:c9s
rpms:c10s
rpms:c10
rpms:c9
rpms:stream-httpd-2.4-rhel-8.10.0
rpms:c9-beta
rpms:stream-httpd-2.4-rhel-8.9.0
rpms:c8-beta-stream-2.4
rpms:c8s-stream-2.4
rpms:imports/c10s/mod_md-2.4.26-5.el10
rpms:imports/c10/mod_md-2.4.26-4.el10_1
rpms:imports/c9/mod_md-2.4.26-1.el9_7.1
rpms:imports/c8-stream-2.4/mod_md-2.0.8-8.module+el8.10.0+23815+1b5e1c66.2
rpms:imports/c10/mod_md-2.4.26-3.el10_0
rpms:imports/c9/mod_md-2.4.26-1.el9
rpms:imports/c10s/mod_md-2.4.26-3.el10
rpms:imports/c9-beta/mod_md-2.4.26-1.el9
rpms:imports/c10s/mod_md-2.4.26-2.el10
rpms:imports/c9/mod_md-2.4.19-1.el9
rpms:imports/c9-beta/mod_md-2.4.19-1.el9
rpms:imports/c9/mod_md-2.4.0-3.el9
rpms:imports/c9-beta/mod_md-2.4.0-3.el9
rpms:imports/c8-beta-stream-2.4/mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611
rpms:imports/c8-beta-stream-2.4/mod_md-2.0.8-6.module+el8.2.0+5146+97061b72
rpms:imports/c8s-stream-2.4/mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611
rpms:imports/c8-stream-2.4/mod_md-2.0.8-8.module+el8.9.0+19080+567b90f8
rpms:imports/c8-stream-2.4/mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611
rpms:imports/c8-stream-2.4/mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2
...
pull from: rpms:c9-beta
Branches Tags
rpms:c9s
rpms:c10s
rpms:c10
rpms:c9
rpms:c8-stream-2.4
rpms:stream-httpd-2.4-rhel-8.10.0
rpms:c9-beta
rpms:stream-httpd-2.4-rhel-8.9.0
rpms:c8-beta-stream-2.4
rpms:c8s-stream-2.4
rpms:imports/c10s/mod_md-2.4.26-5.el10
rpms:imports/c10/mod_md-2.4.26-4.el10_1
rpms:imports/c9/mod_md-2.4.26-1.el9_7.1
rpms:imports/c8-stream-2.4/mod_md-2.0.8-8.module+el8.10.0+23815+1b5e1c66.2
rpms:imports/c10/mod_md-2.4.26-3.el10_0
rpms:imports/c9/mod_md-2.4.26-1.el9
rpms:imports/c10s/mod_md-2.4.26-3.el10
rpms:imports/c9-beta/mod_md-2.4.26-1.el9
rpms:imports/c10s/mod_md-2.4.26-2.el10
rpms:imports/c9/mod_md-2.4.19-1.el9
rpms:imports/c9-beta/mod_md-2.4.19-1.el9
rpms:imports/c9/mod_md-2.4.0-3.el9
rpms:imports/c9-beta/mod_md-2.4.0-3.el9
rpms:imports/c8-beta-stream-2.4/mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611
rpms:imports/c8-beta-stream-2.4/mod_md-2.0.8-6.module+el8.2.0+5146+97061b72
rpms:imports/c8s-stream-2.4/mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611
rpms:imports/c8-stream-2.4/mod_md-2.0.8-8.module+el8.9.0+19080+567b90f8
rpms:imports/c8-stream-2.4/mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611
rpms:imports/c8-stream-2.4/mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2

No commits in common. "c8-stream-2.4" and "c9-beta" have entirely different histories.
c8-stream- ... c9-beta

8 changed files with 71 additions and 519 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/mod_md-2.0.8.tar.gz SOURCES/mod_md-2.4.26.tar.gz

2
.mod_md.metadata
View File

@ -1 +1 @@
6cec32070c6fd83701be0874a2d8b4f30d929d03 SOURCES/mod_md-2.0.8.tar.gz 825377ec615185dfaf6f8b0ad4f49ef313368a03 SOURCES/mod_md-2.4.26.tar.gz

418
SOURCES/a2md.xml
View File

@ -1,418 +0,0 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
]>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<refentry>
<refentryinfo>
<title>a2md</title>
<productname>mod_md</productname>
<author><contrib>Author</contrib><surname>Eissing</surname><firstname>Stefan</firstname><email>stefan.eissing@greenbytes.de</email></author>
<author><contrib>Documentation</contrib><surname>Uhliarik</surname><firstname>Lubos</firstname><email>luhliari@redhat.com</email></author>
</refentryinfo>
<refmeta>
<refentrytitle>a2md</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>a2md</refname>
<refpurpose>Show and manipulate Apache Managed Domains</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>a2md</command>
<arg choice="opt">options</arg>
<group choice="req">
<arg choice="plain">acme</arg>
<arg choice="plain">add</arg>
<arg choice="plain">update</arg>
<arg choice="plain">drive</arg>
<arg choice="plain">list</arg>
<arg choice="plain">store</arg>
</group>
<arg choice="opt">cmd options</arg>
<arg choice="opt">args</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>
The a2md utility can be used to configure and update managed domains with
the mod_md module for Apache HTTP Server. Managed Domains are virtual hosts
which automatically obtain and renew TLS certificates from an ACME server.
</para>
</refsect1>
<refsect1>
<title>Options</title>
<variablelist>
<varlistentry>
<term>
<option>-a</option> <replaceable>arg</replaceable>,
<option>--acme</option> <replaceable>arg</replaceable>
</term>
<listitem><simpara>The url of the ACME server directory</simpara></listitem>
</varlistentry>
<varlistentry>
<term>
<option>-d</option> <replaceable>arg</replaceable>,
<option>--dir</option> <replaceable>arg</replaceable>
</term>
<listitem><simpara>Directory for file data</simpara></listitem>
</varlistentry>
<varlistentry>
<term>
<option>-h</option>,
<option>--help</option>
</term>
<listitem><simpara>Print usage information</simpara></listitem>
</varlistentry>
<varlistentry>
<term>
<option>-j</option>,
<option>--json</option>
</term>
<listitem><simpara>Produce JSON output</simpara></listitem>
</varlistentry>
<varlistentry>
<term>
<option>-p</option> <replaceable>arg</replaceable>,
<option>--proxy</option> <replaceable>arg</replaceable>
</term>
<listitem><simpara>Use the HTTP proxy url</simpara></listitem>
</varlistentry>
<varlistentry>
<term>
<option>-q</option>,
<option>--quiet</option>
</term>
<listitem><simpara>Produce less output</simpara></listitem>
</varlistentry>
<varlistentry>
<term>
<option>-t</option> <replaceable>arg</replaceable>,
<option>--terms</option> <replaceable>arg</replaceable>
</term>
<listitem><simpara>You agree to the terms of services (url)</simpara></listitem>
</varlistentry>
<varlistentry>
<term>
<option>-v</option>,
<option>--verbose</option>
</term>
<listitem><simpara>Produce more output</simpara></listitem>
</varlistentry>
<varlistentry>
<term>
<option>-V</option>,
<option>--version</option>
</term>
<listitem><simpara>Print version</simpara></listitem>
</varlistentry>
</variablelist>
<refsect2>
<title>ACME server commands</title>
<cmdsynopsis>
<command>a2md acme</command>
<group choice="req">
<arg choice="plain">newreg</arg>
<arg choice="plain">delreg</arg>
<arg choice="plain">agree</arg>
<arg choice="plain">authz</arg>
<arg choice="plain">validate</arg>
</group>
<arg choice="opt">opts</arg>
<arg choice="opt">args</arg>
</cmdsynopsis>
<para>
Play with the ACME server. For most of the commands you need to specify
the url of the ACME server directory.
</para>
<refsect3>
<title>newreg</title>
<cmdsynopsis>
<command>newreg</command>
<arg choice="plain"><replaceable>contact-uri</replaceable></arg>
<arg choice="opt">contact-uri...</arg>
</cmdsynopsis>
<para>Register a new account at ACME server with given <replaceable>contact-uri</replaceable> (email)</para>
</refsect3>
<refsect3>
<title>delreg</title>
<cmdsynopsis>
<command>delreg</command>
<arg choice="plain"><replaceable>account</replaceable></arg>
</cmdsynopsis>
<para>Delete an existing ACME <replaceable>account</replaceable></para>
</refsect3>
<refsect3>
<title>agree</title>
<cmdsynopsis>
<command>agree</command>
<arg choice="plain"><replaceable>account</replaceable></arg>
</cmdsynopsis>
<para>Agree to ACME terms of service</para>
</refsect3>
<refsect3>
<title>authz</title>
<cmdsynopsis>
<command>authz</command>
<arg choice="plain"><replaceable>account</replaceable></arg>
<arg choice="plain"><replaceable>domain</replaceable></arg>
</cmdsynopsis>
<para>Request a new authorization for an <replaceable>account</replaceable> and
<replaceable>domain</replaceable></para>
</refsect3>
<refsect3>
<title>validate</title>
<cmdsynopsis>
<command>validate</command>
<arg choice="plain"><replaceable>account</replaceable></arg>
</cmdsynopsis>
<para>Validate <replaceable>account</replaceable> existence</para>
</refsect3>
</refsect2>
<refsect2>
<title>Managed domain addition</title>
<cmdsynopsis>
<command>a2md add</command>
<arg choice="opt">opts</arg>
<arg choice="plain"><replaceable>domain</replaceable></arg>
<arg choice="opt">domain...</arg>
</cmdsynopsis>
<para>
Adds a new managed domain. Must not overlap with existing domains.
</para>
</refsect2>
<refsect2>
<title>Updating managed domain</title>
<cmdsynopsis>
<command>a2md update</command>
<arg choice="plain"><replaceable>name</replaceable></arg>
<arg choice="opt">opts</arg>
<group choice="req">
<arg choice="plain">domains</arg>
<arg choice="plain">ca</arg>
<arg choice="plain">account</arg>
<arg choice="plain">contacts</arg>
<arg choice="plain">agreement</arg>
</group>
</cmdsynopsis>
<para>
Update a managed domain's properties, where <replaceable>name</replaceable> belongs to managed domain which
will be updated.
</para>
<para>URL of ACME server can be also updated if <option>-a</option>|
<option>--acme</option> option is present.</para>
<refsect3>
<title>domains</title>
<cmdsynopsis>
<command>domains</command>
<arg choice="plain"><replaceable>dname</replaceable></arg>
<arg choice="opt">dname...</arg>
</cmdsynopsis>
<para>Update domain where <replaceable>dname</replaceable> is domain name which will be updated.</para>
</refsect3>
<refsect3>
<title>ca</title>
<cmdsynopsis>
<command>ca</command>
<arg choice="plain"><replaceable>url</replaceable></arg>
<arg choice="opt">proto</arg>
</cmdsynopsis>
<para>The <replaceable>URL</replaceable> where the CA offers its service.</para>
<para>Currently only ACME (LetsEncrypt) <replaceable>proto</replaceable> is implemented.</para>
</refsect3>
<refsect3>
<title>account</title>
<cmdsynopsis>
<command>account</command>
</cmdsynopsis>
<para>Account name on corresponding ACME server.</para>
</refsect3>
<refsect3>
<title>contacts</title>
<cmdsynopsis>
<command>contacts</command>
<arg choice="plain"><replaceable>email</replaceable></arg>
<arg choice="opt">email...</arg>
</cmdsynopsis>
<para>Contact address which will be used by ACME server to inform about renewals or changed terms of service.</para>
</refsect3>
<refsect3>
<title>agreement</title>
<cmdsynopsis>
<command>agreement</command>
<arg choice="plain"><replaceable>URI</replaceable></arg>
</cmdsynopsis>
<para>URI pointing to terms of service of ACME server.</para>
</refsect3>
</refsect2>
<refsect2>
<title>Drive managed domains</title>
<cmdsynopsis>
<command>a2md drive</command>
<arg choice="opt">md...</arg>
<arg choice="opt">options...</arg>
</cmdsynopsis>
<para>
Drive all or the mentioned managed domains toward completeness
</para>
<refsect3>
<title>Options</title>
<variablelist>
<varlistentry>
<term>
<option>-c</option> <replaceable>arg</replaceable>,
<option>--challenge</option> <replaceable>arg</replaceable>
</term>
<listitem><simpara>Which challenge type to use</simpara></listitem>
</varlistentry>
<varlistentry>
<term>
<option>-f</option>,
<option>--force</option>
</term>
<listitem><simpara>Force driving the managed domain, even when it seems valid</simpara></listitem>
</varlistentry>
<varlistentry>
<term>
<option>-r</option>,
<option>--reset</option>
</term>
<listitem><simpara>Reset any staging data for the managed domain</simpara></listitem>
</varlistentry>
</variablelist>
</refsect3>
</refsect2>
<refsect2>
<title>List managed domamins</title>
<cmdsynopsis>
<command>a2md list</command>
</cmdsynopsis>
<para>
List all managed domains
</para>
</refsect2>
<refsect2>
<title>Manipulating MD store</title>
<cmdsynopsis>
<command>a2md store</command>
<group choice="req">
<arg choice="plain">add</arg>
<arg choice="plain">remove</arg>
<arg choice="plain">list</arg>
<arg choice="plain">update</arg>
</group>
<arg choice="opt">opts</arg>
<arg choice="opt">args</arg>
</cmdsynopsis>
<para>
Manipulate the MD store
</para>
<refsect3>
<title>add</title>
<cmdsynopsis>
<command>add</command>
<arg choice="plain"><replaceable>dns</replaceable></arg>
<arg choice="opt">dns2...</arg>
</cmdsynopsis>
<para>Add a new managed domain <replaceable>dns</replaceable> with all the additional domain names</para>
</refsect3>
<refsect3>
<title>remove</title>
<cmdsynopsis>
<command>remove</command>
<arg choice="opt">-f | --force</arg>
<arg choice="plain"><replaceable>name</replaceable></arg>
<arg choice="opt"><replaceable>name...</replaceable></arg>
</cmdsynopsis>
<para>Remove the managed domains <replaceable>name</replaceable> from the store</para>
<para>When <option>-f</option> or <option>--force</option> option is specified, force managed domain removal - be silent about missing domains</para>
</refsect3>
<refsect3>
<title>list</title>
<cmdsynopsis>
<command>list</command>
</cmdsynopsis>
<para>List all managed domains in the store</para>
</refsect3>
<refsect3>
<title>update</title>
<cmdsynopsis>
<command>update</command>
<arg choice="plain"><replaceable>name</replaceable></arg>
<arg choice="opt">
<arg choice="plain">domains</arg>
<arg choice="plain"><replaceable>dname</replaceable></arg>
<arg choice="opt"><replaceable>dname...</replaceable></arg>
</arg>
</cmdsynopsis>
<para>If <option>domains</option> cmd is specified followed by one or
more domains, MD store will be updated with those domains.</para>
<para>URL of ACME server can be also updated if <option>-a</option>|
<option>--acme</option> option is present.</para>
</refsect3>
</refsect2>
</refsect1>
</refentry>
<!-- LocalWords: a2md
-->

22
SOURCES/mod_md-2.0.8-CVE-2025-55753.patch
View File

@ -1,22 +0,0 @@
diff --git a/src/mod_md_drive.c b/src/mod_md_drive.c
index 670c7e7..35ad58c 100644
--- a/src/mod_md_drive.c
+++ b/src/mod_md_drive.c
@@ -135,9 +135,14 @@ static apr_time_t calc_err_delay(int err_count)
if (err_count > 0) {
/* back off duration, depending on the errors we encounter in a row */
- delay = apr_time_from_sec(5 << (err_count - 1));
- if (delay > apr_time_from_sec(60*60)) {
- delay = apr_time_from_sec(60*60);
+ int i;
+ delay = 30;
+ for (i = 0; i < (err_count - 1); ++i) {
+ delay <<= 1;
+ if ((delay <= 0) || (delay > apr_time_from_sec(60*60))) {
+ delay = apr_time_from_sec(60*60);
+ break;
+ }
}
}
return delay;

13
SOURCES/mod_md-2.0.8-duptrim-seg.patch
View File

@ -1,13 +0,0 @@
diff --git a/src/md_result.c b/src/md_result.c
index 4076d5b..0e0b688 100644
--- a/src/md_result.c
+++ b/src/md_result.c
@@ -32,7 +32,7 @@
static const char *dup_trim(apr_pool_t *p, const char *s)
{
char *d = apr_pstrdup(p, s);
- apr_collapse_spaces(d, d);
+ if (d) apr_collapse_spaces(d, d);
return d;
}

10
SOURCES/mod_md-2.0.8-state_dir.patch
View File

@ -1,18 +1,18 @@
Enable state_dir support for 2.4.x. Enable state_dir support for 2.4.x.
--- mod_md-2.0.8/src/mod_md_config.c.state_dir --- mod_md-2.2.6/src/mod_md_config.c.state_dir
+++ mod_md-2.0.8/src/mod_md_config.c +++ mod_md-2.2.6/src/mod_md_config.c
@@ -44,7 +44,7 @@ @@ -54,7 +54,7 @@
/* Default settings for the global conf */ /* Default settings for the global conf */
static md_mod_conf_t defmc = { static md_mod_conf_t defmc = {
NULL, /* list of mds */ NULL, /* list of mds */
-#if AP_MODULE_MAGIC_AT_LEAST(20180906, 2) -#if AP_MODULE_MAGIC_AT_LEAST(20180906, 2)
+#if 1 +#if 1
NULL, /* base dir by default state-dir-relative */ NULL, /* base dirm by default state-dir-relative */
#else #else
MD_DEFAULT_BASE_DIR, MD_DEFAULT_BASE_DIR,
@@ -898,7 +898,7 @@ @@ -1039,7 +1039,7 @@
mc->hsts_header = apr_psprintf(p, "max-age=%d", mc->hsts_max_age); mc->hsts_header = apr_psprintf(p, "max-age=%d", mc->hsts_max_age);
} }

22
SOURCES/mod_md-2.0.8-tolerate-missing-res.patch
View File

@ -1,22 +0,0 @@
diff --git a/src/md_acme.c b/src/md_acme.c
index d2cc00a..005a387 100644
--- a/src/md_acme.c
+++ b/src/md_acme.c
@@ -728,8 +728,15 @@ static apr_status_t update_directory(const md_http_response_t *res)
acme->api.v2.revoke_cert = md_json_dups(acme->p, json, "revokeCert", NULL);
acme->api.v2.key_change = md_json_dups(acme->p, json, "keyChange", NULL);
acme->api.v2.new_nonce = md_json_dups(acme->p, json, "newNonce", NULL);
- if (acme->api.v2.new_account && acme->api.v2.new_order
- && acme->api.v2.revoke_cert && acme->api.v2.key_change
+ /* RFC 8555 only requires "directory" and "newNonce" resources.
+ * mod_md uses "newAccount" and "newOrder" so check for them.
+ * But mod_md does not use the "revokeCert" or "keyChange"
+ * resources, so tolerate the absense of those keys. In the
+ * future if mod_md implements revocation or key rollover then
+ * the use of those features should be predicated on the
+ * server's advertised capabilities. */
+ if (acme->api.v2.new_account
+ && acme->api.v2.new_order
&& acme->api.v2.new_nonce) {
acme->version = MD_ACME_VERSION_2;
}

99
SPECS/mod_md.spec
View File

@ -1,24 +1,19 @@
# Module Magic Numberfa # Module Magic Number
%{!?_httpd_mmn: %global _httpd_mmn %(cat %{_includedir}/httpd/.mmn 2>/dev/null || echo 0-0)} %{!?_httpd_mmn: %global _httpd_mmn %(cat %{_includedir}/httpd/.mmn 2>/dev/null || echo 0-0)}
Name: mod_md Name: mod_md
Version: 2.0.8 Version: 2.4.26
Release: 8%{?dist}.2 Release: 1%{?dist}
Summary: Certificate provisioning using ACME for the Apache HTTP Server Summary: Certificate provisioning using ACME for the Apache HTTP Server
License: ASL 2.0 License: ASL 2.0
URL: https://icing.github.io/mod_md/ URL: https://icing.github.io/mod_md/
Source0: https://github.com/icing/mod_md/releases/download/v%{version}/mod_md-%{version}.tar.gz Source0: https://github.com/icing/mod_md/releases/download/v%{version}/mod_md-%{version}.tar.gz
# documentation
Source10: a2md.xml
Patch1: mod_md-2.0.8-state_dir.patch Patch1: mod_md-2.0.8-state_dir.patch
Patch2: mod_md-2.0.8-duptrim-seg.patch BuildRequires: make
Patch3: mod_md-2.0.8-tolerate-missing-res.patch
Patch4: mod_md-2.0.8-CVE-2025-55753.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: pkgconfig, httpd-devel >= 2.4.37, openssl-devel >= 1.1.0, jansson-devel, libcurl-devel BuildRequires: pkgconfig, httpd-devel >= 2.4.41, openssl-devel >= 1.1.0, jansson-devel, libcurl-devel, xmlto
BuildRequires: xmlto Requires: httpd-mmn = %{_httpd_mmn}, mod_ssl >= 1:2.4.41, httpd >= 2.4.48
Requires: httpd-mmn = %{_httpd_mmn}, mod_ssl >= 1:2.4.37-17 Conflicts: httpd < 2.4.39-7
Conflicts: httpd < 2.4.37-17
Epoch: 1 Epoch: 1
%description %description
@ -28,19 +23,15 @@ certificate provisioning. Certificates will be configured for managed
domains and their virtual hosts automatically, including at renewal. domains and their virtual hosts automatically, including at renewal.
%prep %prep
%setup -q %autosetup -p1
%patch1 -p1 -b .state_dir
%patch2 -p1 -b .dup_trim
%patch3 -p1 -b .tol_missing_res
%patch4 -p1 -b .CVE-2025-55753
xmlto man $RPM_SOURCE_DIR/a2md.xml
%build %build
%configure %configure --with-apxs=%{_httpd_apxs}
# remove rpath # remove rpath
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
# remove Werror
sed -i 's|-Werror ||' */Makefile Makefile
%make_build V=1 %make_build V=1
@ -59,10 +50,6 @@ mv %{buildroot}%{_httpd_moddir}/mod_md.so.0.0.0 %{buildroot}%{_httpd_moddir}/mod
mkdir -p %{buildroot}%{_httpd_modconfdir} mkdir -p %{buildroot}%{_httpd_modconfdir}
echo "LoadModule md_module modules/mod_md.so" > %{buildroot}%{_httpd_modconfdir}/01-md.conf echo "LoadModule md_module modules/mod_md.so" > %{buildroot}%{_httpd_modconfdir}/01-md.conf
# Install man pages
install -d $RPM_BUILD_ROOT%{_mandir}/man1
install -m 644 -p a2md.1 $RPM_BUILD_ROOT%{_mandir}/man1
%files %files
%doc README.md ChangeLog AUTHORS %doc README.md ChangeLog AUTHORS
%license LICENSE %license LICENSE
@ -72,22 +59,62 @@ install -m 644 -p a2md.1 $RPM_BUILD_ROOT%{_mandir}/man1
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Tue Dec 09 2025 Luboš Uhliarik <luhliari@redhat.com> - 1:2.0.8-8.2 * Mon May 20 2024 Luboš Uhliarik <luhliari@redhat.com> - 1:2.4.26-1
- Resolves: RHEL-134487 - httpd:2.4/httpd: Apache HTTP Server: mod_md (ACME), - Resolves: RHEL-25075 - new version 2.4.26
unintended retry intervals (CVE-2025-55753) - Resolves: RHEL-11838 - [RFE] add support of dns_01 challenge to mod_md
- Resolves: RHEL-17462 - OCSP response rejected when nextUpdate field not set
- Resolves: RHEL-17467 - mod_md should trigger the reissue of new pair
key/certificate when OCSP reports a revoked status
* Thu May 28 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:2.0.8-8 * Tue Nov 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:2.4.19-1
- Resolves: #1832844 - mod_md does not work with ACME server that does not - Resolves: #2140979 - mod_md rebase to 2.4.19
provide keyChange or revokeCert resources
* Wed Jan 22 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:2.0.8-7 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.4.0-3
- Resolves: #1747912 - add a2md(1) documentation - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Dec 09 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:2.0.8-6 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.4.0-2
- Resolves: #1781263 - mod_md ACMEv1 crash - Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Thu Oct 03 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:2.0.8-5 * Tue May 18 2021 Lubos Uhliarik <luhliari@redhat.com> - 1:2.4.0-1
- Resolves: #1747898 - add mod_md package - new version 2.4.0
- Resolves: #1961242 - mod_md: rebase to 2.4.0
* Mon May 17 2021 Joe Orton <jorton@redhat.com> - 1:2.3.7-3
- don't build with -Werror (#1958041)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.3.7-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Feb 2 2021 Joe Orton <jorton@redhat.com> - 1:2.3.7-1
- update to 2.3.7 (beta)
- use autosetup macro
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.2.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Jan 22 2021 Joe Orton <jorton@redhat.com> - 1:2.2.8-4
- update to 2.2.8
* Fri Aug 28 2020 Joe Orton <jorton@redhat.com> - 1:2.2.7-4
- use _httpd_apxs macro
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.2.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 23 2020 Alexander Bokovoy <abokovoy@redhat.com> - 1:2.2.7-2
- mod_md does not work with ACME server that does not provide revokeCert or
keyChange resource (#1832841)
* Tue Feb 11 2020 Joe Orton <jorton@redhat.com> - 1:2.2.7-1
- update to 2.2.7
* Fri Feb 7 2020 Joe Orton <jorton@redhat.com> - 1:2.2.6-1
- update to 2.2.6 (#1799660)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.0.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Aug 30 2019 Joe Orton <jorton@redhat.com> - 1:2.0.8-4 * Fri Aug 30 2019 Joe Orton <jorton@redhat.com> - 1:2.0.8-4
- require mod_ssl, update package description - require mod_ssl, update package description