arrfab / rpms / httpd

Forked from rpms/httpd 5 years ago
Clone
28b219
%define contentdir %{_datadir}/httpd
28b219
%define docroot /var/www
28b219
%define suexec_caller apache
28b219
%define mmn 20120211
706609
%define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
706609
%define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
e0f934
%define vstring CentOS
28b219
28b219
# Drop automatic provides for module DSOs
28b219
%{?filter_setup:
28b219
%filter_provides_in %{_libdir}/httpd/modules/.*\.so$
28b219
%filter_setup
28b219
}
28b219
28b219
Summary: Apache HTTP Server
28b219
Name: httpd
28b219
Version: 2.4.6
cae244
Release: 80%{?dist}.1
28b219
URL: http://httpd.apache.org/
28b219
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
e0f934
Source1: centos-noindex.tar.gz
28b219
Source2: httpd.logrotate
28b219
Source3: httpd.sysconf
28b219
Source4: httpd-ssl-pass-dialog
28b219
Source5: httpd.tmpfiles
28b219
Source6: httpd.service
28b219
Source7: action-graceful.sh
28b219
Source8: action-configtest.sh
28b219
Source10: httpd.conf
28b219
Source11: 00-base.conf
28b219
Source12: 00-mpm.conf
28b219
Source13: 00-lua.conf
28b219
Source14: 01-cgi.conf
28b219
Source15: 00-dav.conf
28b219
Source16: 00-proxy.conf
28b219
Source17: 00-ssl.conf
28b219
Source18: 01-ldap.conf
28b219
Source19: 00-proxyhtml.conf
28b219
Source20: userdir.conf
28b219
Source21: ssl.conf
28b219
Source22: welcome.conf
28b219
Source23: manual.conf
28b219
Source24: 00-systemd.conf
28b219
Source25: 01-session.conf
28b219
# Documentation
28b219
Source30: README.confd
28b219
Source40: htcacheclean.service
28b219
Source41: htcacheclean.sysconf
28b219
# build/scripts patches
28b219
Patch1: httpd-2.4.1-apctl.patch
28b219
Patch2: httpd-2.4.3-apxs.patch
28b219
Patch3: httpd-2.4.1-deplibs.patch
28b219
Patch5: httpd-2.4.3-layout.patch
28b219
Patch6: httpd-2.4.3-apctl-systemd.patch
28b219
# Features/functional changes
28b219
Patch21: httpd-2.4.6-full-release.patch
28b219
Patch23: httpd-2.4.4-export.patch
28b219
Patch24: httpd-2.4.1-corelimit.patch
28b219
Patch25: httpd-2.4.1-selinux.patch
28b219
Patch26: httpd-2.4.4-r1337344+.patch
28b219
Patch27: httpd-2.4.2-icons.patch
28b219
Patch28: httpd-2.4.6-r1332643+.patch
28b219
Patch29: httpd-2.4.3-mod_systemd.patch
28b219
Patch30: httpd-2.4.4-cachehardmax.patch
28b219
Patch31: httpd-2.4.6-sslmultiproxy.patch
28b219
Patch32: httpd-2.4.6-r1537535.patch
706609
Patch33: httpd-2.4.6-r1542327.patch
75a229
Patch34: httpd-2.4.6-ssl-large-keys.patch
75a229
Patch35: httpd-2.4.6-pre_htaccess.patch
75a229
Patch36: httpd-2.4.6-r1573626.patch
75a229
Patch37: httpd-2.4.6-uds.patch
0943f8
Patch38: httpd-2.4.6-upn.patch
07ea28
Patch39: httpd-2.4.6-r1664565.patch
28b219
# Bug fixes
28b219
Patch51: httpd-2.4.3-sslsninotreq.patch
28b219
Patch55: httpd-2.4.4-malformed-host.patch
28b219
Patch56: httpd-2.4.4-mod_unique_id.patch
28b219
Patch57: httpd-2.4.6-ldaprefer.patch
706609
Patch58: httpd-2.4.6-r1507681+.patch
706609
Patch59: httpd-2.4.6-r1556473.patch
706609
Patch60: httpd-2.4.6-r1553540.patch
75a229
Patch61: httpd-2.4.6-rewrite-clientaddr.patch
75a229
Patch62: httpd-2.4.6-ab-overflow.patch
75a229
Patch63: httpd-2.4.6-sigint.patch
75a229
Patch64: httpd-2.4.6-ssl-ecdh-auto.patch
75a229
Patch65: httpd-2.4.6-r1556818.patch
75a229
Patch66: httpd-2.4.6-r1618851.patch
75a229
Patch67: httpd-2.4.6-r1526189.patch
0943f8
Patch68: httpd-2.4.6-r1663647.patch
0943f8
Patch69: httpd-2.4.6-r1569006.patch
0943f8
Patch70: httpd-2.4.6-r1506474.patch
0943f8
Patch71: httpd-2.4.6-bomb.patch
0943f8
Patch72: httpd-2.4.6-r1604460.patch
0943f8
Patch73: httpd-2.4.6-r1624349.patch
0943f8
Patch74: httpd-2.4.6-ap-ipv6.patch
0943f8
Patch75: httpd-2.4.6-r1530280.patch
0943f8
Patch76: httpd-2.4.6-r1633085.patch
0943f8
Patch78: httpd-2.4.6-ssl-error-free.patch
0943f8
Patch79: httpd-2.4.6-r1528556.patch
0943f8
Patch80: httpd-2.4.6-r1594625.patch
0943f8
Patch81: httpd-2.4.6-r1674222.patch
0943f8
Patch82: httpd-2.4.6-apachectl-httpd-env.patch
0943f8
Patch83: httpd-2.4.6-rewrite-dir.patch
0943f8
Patch84: httpd-2.4.6-r1420184.patch
0943f8
Patch85: httpd-2.4.6-r1524368.patch
0943f8
Patch86: httpd-2.4.6-r1528958.patch
0943f8
Patch87: httpd-2.4.6-r1651083.patch
0943f8
Patch88: httpd-2.4.6-r1688399.patch
0943f8
Patch89: httpd-2.4.6-r1527509.patch
0943f8
Patch90: httpd-2.4.6-apachectl-status.patch
0943f8
Patch91: httpd-2.4.6-r1650655.patch
0943f8
Patch92: httpd-2.4.6-r1533448.patch
0943f8
Patch93: httpd-2.4.6-r1610013.patch
07ea28
Patch94: httpd-2.4.6-r1705528.patch
07ea28
Patch95: httpd-2.4.6-r1684462.patch
07ea28
Patch96: httpd-2.4.6-r1650677.patch
07ea28
Patch97: httpd-2.4.6-r1621601.patch
07ea28
Patch98: httpd-2.4.6-r1610396.patch
07ea28
Patch99: httpd-2.4.6-rotatelog-timezone.patch
07ea28
Patch100: httpd-2.4.6-ab-ssl-error.patch
07ea28
Patch101: httpd-2.4.6-r1723522.patch
07ea28
Patch102: httpd-2.4.6-r1681107.patch
07ea28
Patch103: httpd-2.4.6-dhparams-free.patch
07ea28
Patch104: httpd-2.4.6-r1651658.patch
48b77b
Patch105: httpd-2.4.6-r1560093.patch
48b77b
Patch106: httpd-2.4.6-r1748212.patch
21495e
Patch107: httpd-2.4.6-r1570327.patch
21495e
Patch108: httpd-2.4.6-r1631119.patch
cce4bc
# https://bugzilla.redhat.com/show_bug.cgi?id=1406184
cce4bc
Patch109: httpd-2.4.6-r1593002.patch
cce4bc
# https://bugzilla.redhat.com/show_bug.cgi?id=1389535
cce4bc
Patch110: httpd-2.4.6-r1662640.patch
cce4bc
# https://bugzilla.redhat.com/show_bug.cgi?id=1348019
cce4bc
Patch111: httpd-2.4.6-r1348019.patch
cce4bc
# https://bugzilla.redhat.com/show_bug.cgi?id=1396197
cce4bc
Patch112: httpd-2.4.6-r1587053.patch
cce4bc
# https://bugzilla.redhat.com/show_bug.cgi?id=1376835
cce4bc
Patch113: httpd-2.4.6-mpm-segfault.patch
cce4bc
# https://bugzilla.redhat.com/show_bug.cgi?id=1372692
cce4bc
Patch114: httpd-2.4.6-r1681114.patch
cce4bc
# https://bugzilla.redhat.com/show_bug.cgi?id=1371876
cce4bc
Patch115: httpd-2.4.6-r1775832.patch
cce4bc
# https://bugzilla.redhat.com/show_bug.cgi?id=1353740
cce4bc
Patch116: httpd-2.4.6-r1726019.patch
cce4bc
# https://bugzilla.redhat.com/show_bug.cgi?id=1364604
cce4bc
Patch117: httpd-2.4.6-r1683112.patch
cce4bc
# https://bugzilla.redhat.com/show_bug.cgi?id=1378946
cce4bc
Patch118: httpd-2.4.6-r1651653.patch
cce4bc
# https://bugzilla.redhat.com/show_bug.cgi?id=1414258
cce4bc
Patch119: httpd-2.4.6-r1634529.patch
cce4bc
# https://bugzilla.redhat.com/show_bug.cgi?id=1397241
cce4bc
Patch120: httpd-2.4.6-r1738878.patch
cce4bc
# https://bugzilla.redhat.com/show_bug.cgi?id=1445885
cce4bc
Patch121: httpd-2.4.6-http-protocol-options-define.patch
cce4bc
# https://bugzilla.redhat.com/show_bug.cgi?id=1332242
cce4bc
Patch122: httpd-2.4.6-statements-comment.patch
b19d6e
# https://bugzilla.redhat.com/show_bug.cgi?id=1451333
be05ba
Patch123: httpd-2.4.6-rotatelogs-zombie.patch
b19d6e
# https://bugzilla.redhat.com/show_bug.cgi?id=1368491
b19d6e
Patch124: httpd-2.4.6-mod_authz_dbd-missing-query.patch
b19d6e
# https://bugzilla.redhat.com/show_bug.cgi?id=1288395
b19d6e
Patch125: httpd-2.4.6-r1668532.patch
b19d6e
# https://bugzilla.redhat.com/show_bug.cgi?id=1499253
b19d6e
Patch126: httpd-2.4.6-r1681289.patch
b19d6e
# https://bugzilla.redhat.com/show_bug.cgi?id=1430640
b19d6e
Patch127: httpd-2.4.6-r1805099.patch
b19d6e
# https://bugzilla.redhat.com/show_bug.cgi?id=1448892
b19d6e
Patch128: httpd-2.4.6-r1811831.patch
b19d6e
# https://bugzilla.redhat.com/show_bug.cgi?id=1464406
b19d6e
Patch129: httpd-2.4.6-r1811746.patch
b19d6e
# https://bugzilla.redhat.com/show_bug.cgi?id=1440590
b19d6e
Patch130: httpd-2.4.6-r1811976.patch
b19d6e
# https://bugzilla.redhat.com/show_bug.cgi?id=1506392
b19d6e
Patch131: httpd-2.4.6-r1650310.patch
cae244
# https://bugzilla.redhat.com/show_bug.cgi?id=1557785
cae244
Patch132: httpd-2.4.6-r1530999.patch
cce4bc
706609
# Security fixes
706609
Patch200: httpd-2.4.6-CVE-2013-6438.patch
706609
Patch201: httpd-2.4.6-CVE-2014-0098.patch
331623
Patch202: httpd-2.4.6-CVE-2014-0231.patch
331623
Patch203: httpd-2.4.6-CVE-2014-0117.patch
331623
Patch204: httpd-2.4.6-CVE-2014-0118.patch
331623
Patch205: httpd-2.4.6-CVE-2014-0226.patch
331623
Patch206: httpd-2.4.6-CVE-2013-4352.patch
75a229
Patch207: httpd-2.4.6-CVE-2013-5704.patch
75a229
Patch208: httpd-2.4.6-CVE-2014-3581.patch
1e590c
Patch209: httpd-2.4.6-CVE-2015-3185.patch
1e590c
Patch210: httpd-2.4.6-CVE-2015-3183.patch
48b77b
Patch211: httpd-2.4.6-CVE-2016-5387.patch
21495e
Patch212: httpd-2.4.6-CVE-2016-8743.patch
21495e
Patch213: httpd-2.4.6-CVE-2016-0736.patch
21495e
Patch214: httpd-2.4.6-CVE-2016-2161.patch
749353
Patch215: httpd-2.4.6-CVE-2017-3167.patch
749353
Patch216: httpd-2.4.6-CVE-2017-3169.patch
749353
Patch217: httpd-2.4.6-CVE-2017-7668.patch
749353
Patch218: httpd-2.4.6-CVE-2017-7679.patch
749353
Patch219: httpd-2.4.6-CVE-2017-9788.patch
3540ca
Patch220: httpd-2.4.6-CVE-2017-9798.patch
749353
28b219
License: ASL 2.0
28b219
Group: System Environment/Daemons
28b219
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
28b219
BuildRequires: autoconf, perl, pkgconfig, findutils, xmlto
28b219
BuildRequires: zlib-devel, libselinux-devel, lua-devel
28b219
BuildRequires: apr-devel >= 1.4.0, apr-util-devel >= 1.2.0, pcre-devel >= 5.0
28b219
BuildRequires: systemd-devel
28b219
Requires: /etc/mime.types, system-logos >= 7.92.1-1
28b219
Obsoletes: httpd-suexec
28b219
Provides: webserver
28b219
Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
706609
Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}, httpd-mmn = %{oldmmnisa}
28b219
Requires: httpd-tools = %{version}-%{release}
28b219
Requires(pre): /usr/sbin/useradd
5cfdd4
Requires(pre): /usr/sbin/groupadd
28b219
Requires(preun): systemd-units
28b219
Requires(postun): systemd-units
28b219
Requires(post): systemd-units
28b219
28b219
%description
28b219
The Apache HTTP Server is a powerful, efficient, and extensible
28b219
web server.
28b219
28b219
%package devel
28b219
Group: Development/Libraries
28b219
Summary: Development interfaces for the Apache HTTP server
28b219
Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
28b219
Requires: apr-devel, apr-util-devel, pkgconfig
28b219
Requires: httpd = %{version}-%{release}
28b219
28b219
%description devel
28b219
The httpd-devel package contains the APXS binary and other files
28b219
that you need to build Dynamic Shared Objects (DSOs) for the
28b219
Apache HTTP Server.
28b219
28b219
If you are installing the Apache HTTP server and you want to be
28b219
able to compile or develop additional modules for Apache, you need
28b219
to install this package.
28b219
28b219
%package manual
28b219
Group: Documentation
28b219
Summary: Documentation for the Apache HTTP server
28b219
Requires: httpd = %{version}-%{release}
28b219
Obsoletes: secureweb-manual, apache-manual
28b219
BuildArch: noarch
28b219
28b219
%description manual
28b219
The httpd-manual package contains the complete manual and
28b219
reference guide for the Apache HTTP server. The information can
28b219
also be found at http://httpd.apache.org/docs/2.2/.
28b219
28b219
%package tools
28b219
Group: System Environment/Daemons
28b219
Summary: Tools for use with the Apache HTTP Server
28b219
28b219
%description tools
28b219
The httpd-tools package contains tools which can be used with 
28b219
the Apache HTTP Server.
28b219
28b219
%package -n mod_ssl
28b219
Group: System Environment/Daemons
28b219
Summary: SSL/TLS module for the Apache HTTP Server
28b219
Epoch: 1
0943f8
BuildRequires: openssl-devel >= 1:1.0.1e-37
75a229
Requires: openssl-libs >= 1:1.0.1e-37
28b219
Requires(post): openssl, /bin/cat
28b219
Requires(pre): httpd
28b219
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
28b219
Obsoletes: stronghold-mod_ssl
28b219
28b219
%description -n mod_ssl
28b219
The mod_ssl module provides strong cryptography for the Apache Web
28b219
server via the Secure Sockets Layer (SSL) and Transport Layer
28b219
Security (TLS) protocols.
28b219
28b219
%package -n mod_proxy_html
28b219
Group: System Environment/Daemons
28b219
Summary: HTML and XML content filters for the Apache HTTP Server
28b219
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
28b219
BuildRequires: libxml2-devel
28b219
Epoch: 1
28b219
Obsoletes: mod_proxy_html < 1:2.4.1-2
28b219
28b219
%description -n mod_proxy_html
28b219
The mod_proxy_html and mod_xml2enc modules provide filters which can
28b219
transform and modify HTML and XML content.
28b219
28b219
%package -n mod_ldap
28b219
Group: System Environment/Daemons
28b219
Summary: LDAP authentication modules for the Apache HTTP Server
28b219
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
28b219
Requires: apr-util-ldap
28b219
28b219
%description -n mod_ldap
28b219
The mod_ldap and mod_authnz_ldap modules add support for LDAP
28b219
authentication to the Apache HTTP Server.
28b219
28b219
%package -n mod_session
28b219
Group: System Environment/Daemons
28b219
Summary: Session interface for the Apache HTTP Server
28b219
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
28b219
28b219
%description -n mod_session
28b219
The mod_session module and associated backends provide an abstract
28b219
interface for storing and accessing per-user session data.
28b219
28b219
%prep
28b219
%setup -q
28b219
%patch1 -p1 -b .apctl
28b219
%patch2 -p1 -b .apxs
28b219
%patch3 -p1 -b .deplibs
28b219
%patch5 -p1 -b .layout
28b219
%patch6 -p1 -b .apctlsystemd
28b219
28b219
%patch21 -p1 -b .fullrelease
28b219
%patch23 -p1 -b .export
28b219
%patch24 -p1 -b .corelimit
28b219
%patch25 -p1 -b .selinux
28b219
%patch26 -p1 -b .r1337344+
28b219
%patch27 -p1 -b .icons
28b219
%patch28 -p1 -b .r1332643+
28b219
%patch29 -p1 -b .systemd
28b219
%patch30 -p1 -b .cachehardmax
28b219
%patch31 -p1 -b .sslmultiproxy
28b219
%patch32 -p1 -b .r1537535
706609
%patch33 -p1 -b .r1542327
706609
rm modules/ssl/ssl_engine_dh.c
75a229
%patch34 -p1 -b .ssllargekeys
75a229
%patch35 -p1 -b .prehtaccess
75a229
%patch36 -p1 -b .r1573626
75a229
%patch37 -p1 -b .uds
0943f8
%patch38 -p1 -b .upn
07ea28
%patch39 -p1 -b .r1664565
28b219
28b219
%patch51 -p1 -b .sninotreq
28b219
%patch55 -p1 -b .malformedhost
28b219
%patch56 -p1 -b .uniqueid
28b219
%patch57 -p1 -b .ldaprefer
706609
%patch58 -p1 -b .r1507681+
706609
%patch59 -p1 -b .r1556473
706609
%patch60 -p1 -b .r1553540
75a229
%patch61 -p1 -b .clientaddr
75a229
%patch62 -p1 -b .aboverflow
75a229
%patch63 -p1 -b .sigint
75a229
%patch64 -p1 -b .sslecdhauto
75a229
%patch65 -p1 -b .r1556818
75a229
%patch66 -p1 -b .r1618851
75a229
%patch67 -p1 -b .r1526189
0943f8
%patch68 -p1 -b .r1663647
0943f8
%patch69 -p1 -b .1569006
0943f8
%patch70 -p1 -b .r1506474
0943f8
%patch71 -p1 -b .bomb
0943f8
%patch72 -p1 -b .r1604460
0943f8
%patch73 -p1 -b .r1624349
0943f8
%patch74 -p1 -b .abipv6
0943f8
%patch75 -p1 -b .r1530280
0943f8
%patch76 -p1 -b .r1633085
0943f8
%patch78 -p1 -b .sslerrorfree
0943f8
%patch79 -p1 -b .r1528556
0943f8
%patch80 -p1 -b .r1594625
0943f8
%patch81 -p1 -b .r1674222
0943f8
%patch82 -p1 -b .envhttpd
0943f8
%patch83 -p1 -b .rewritedir
0943f8
%patch84 -p1 -b .r1420184
0943f8
%patch85 -p1 -b .r1524368
0943f8
%patch86 -p1 -b .r1528958
0943f8
%patch87 -p1 -b .r1651083
0943f8
%patch88 -p1 -b .r1688399
0943f8
%patch89 -p1 -b .r1527509
0943f8
%patch90 -p1 -b .apachectlstatus
0943f8
%patch91 -p1 -b .r1650655
0943f8
%patch92 -p1 -b .r1533448
0943f8
%patch93 -p1 -b .r1610013
07ea28
%patch94 -p1 -b .r1705528
07ea28
%patch95 -p1 -b .r1684462
07ea28
%patch96 -p1 -b .r1650677
07ea28
%patch97 -p1 -b .r1621601
07ea28
%patch98 -p1 -b .r1610396
07ea28
%patch99 -p1 -b .rotatelogtimezone
07ea28
%patch100 -p1 -b .absslerror
07ea28
%patch101 -p1 -b .r1723522
07ea28
%patch102 -p1 -b .r1681107
07ea28
%patch103 -p1 -b .dhparamsfree
07ea28
%patch104 -p1 -b .r1651658
48b77b
%patch105 -p1 -b .r1560093
48b77b
%patch106 -p1 -b .r1748212
21495e
%patch107 -p1 -b .r1570327
21495e
%patch108 -p1 -b .r1631119
cce4bc
%patch109 -p1 -b .r1593002
cce4bc
%patch110 -p1 -b .r1662640
cce4bc
%patch111 -p1 -b .r1348019
cce4bc
%patch112 -p1 -b .r1587053
cce4bc
%patch113 -p1 -b .mpmsegfault
cce4bc
%patch114 -p1 -b .r1681114
cce4bc
%patch115 -p1 -b .r1371876
cce4bc
%patch116 -p1 -b .r1726019
cce4bc
%patch117 -p1 -b .r1683112
cce4bc
%patch118 -p1 -b .r1651653
cce4bc
%patch119 -p1 -b .r1634529
cce4bc
%patch120 -p1 -b .r1738878
cce4bc
%patch121 -p1 -b .httpprotdefine
cce4bc
%patch122 -p1 -b .statement-comment
be05ba
%patch123 -p1 -b .logrotate-zombie
b19d6e
%patch124 -p1 -b .modauthzdbd-segfault
b19d6e
%patch125 -p1 -b .r1668532
b19d6e
%patch126 -p1 -b .r1681289
b19d6e
%patch127 -p1 -b .r1805099
b19d6e
%patch128 -p1 -b .r1811831
b19d6e
%patch129 -p1 -b .r1811746
b19d6e
%patch130 -p1 -b .r1811976
b19d6e
%patch131 -p1 -b .r1650310
cae244
%patch132 -p1 -b .r1530999
706609
706609
%patch200 -p1 -b .cve6438
706609
%patch201 -p1 -b .cve0098
331623
%patch202 -p1 -b .cve0231
331623
%patch203 -p1 -b .cve0117
331623
%patch204 -p1 -b .cve0118
331623
%patch205 -p1 -b .cve0226
331623
%patch206 -p1 -b .cve4352
75a229
%patch207 -p1 -b .cve5704
75a229
%patch208 -p1 -b .cve3581
1e590c
%patch209 -p1 -b .cve3185
1e590c
%patch210 -p1 -b .cve3183
48b77b
%patch211 -p1 -b .cve5387
21495e
%patch212 -p1 -b .cve8743
21495e
%patch213 -p1 -b .cve0736
21495e
%patch214 -p1 -b .cve2161
749353
%patch215 -p1 -b .cve3167
749353
%patch216 -p1 -b .cve3169
749353
%patch217 -p1 -b .cve7668
749353
%patch218 -p1 -b .cve7679
749353
%patch219 -p1 -b .cve9788
3540ca
%patch220 -p1 -b .cve9798
28b219
28b219
# Patch in the vendor string and the release string
28b219
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
28b219
sed -i 's/@RELEASE@/%{release}/' server/core.c
28b219
28b219
# Prevent use of setcap in "install-suexec-caps" target.
28b219
sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in
28b219
28b219
# Safety check: prevent build if defined MMN does not equal upstream MMN.
28b219
vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
28b219
if test "x${vmmn}" != "x%{mmn}"; then
28b219
   : Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn}
28b219
   : Update the mmn macro and rebuild.
28b219
   exit 1
28b219
fi
28b219
28b219
: Building with MMN %{mmn}, MMN-ISA %{mmnisa} and vendor string '%{vstring}'
28b219
28b219
%build
28b219
# forcibly prevent use of bundled apr, apr-util, pcre
28b219
rm -rf srclib/{apr,apr-util,pcre}
28b219
28b219
# regenerate configure scripts
28b219
autoheader && autoconf || exit 1
28b219
28b219
# Before configure; fix location of build dir in generated apxs
28b219
%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \
28b219
	support/apxs.in
28b219
28b219
export CFLAGS=$RPM_OPT_FLAGS
28b219
export LDFLAGS="-Wl,-z,relro,-z,now"
28b219
75a229
%ifarch ppc64 ppc64le
75a229
%global _performance_build 1
706609
%endif
706609
28b219
# Hard-code path to links to avoid unnecessary builddep
28b219
export LYNX_PATH=/usr/bin/links
28b219
28b219
# Build the daemon
75a229
%configure \
28b219
 	--prefix=%{_sysconfdir}/httpd \
28b219
 	--exec-prefix=%{_prefix} \
28b219
 	--bindir=%{_bindir} \
28b219
 	--sbindir=%{_sbindir} \
28b219
 	--mandir=%{_mandir} \
28b219
	--libdir=%{_libdir} \
28b219
	--sysconfdir=%{_sysconfdir}/httpd/conf \
28b219
	--includedir=%{_includedir}/httpd \
28b219
	--libexecdir=%{_libdir}/httpd/modules \
28b219
	--datadir=%{contentdir} \
28b219
        --enable-layout=Fedora \
28b219
        --with-installbuilddir=%{_libdir}/httpd/build \
28b219
        --enable-mpms-shared=all \
28b219
        --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
28b219
	--enable-suexec --with-suexec \
28b219
        --enable-suexec-capabilities \
28b219
	--with-suexec-caller=%{suexec_caller} \
28b219
	--with-suexec-docroot=%{docroot} \
28b219
	--without-suexec-logfile \
28b219
        --with-suexec-syslog \
28b219
	--with-suexec-bin=%{_sbindir}/suexec \
28b219
	--with-suexec-uidmin=500 --with-suexec-gidmin=100 \
28b219
        --enable-pie \
28b219
        --with-pcre \
28b219
        --enable-mods-shared=all \
28b219
	--enable-ssl --with-ssl --disable-distcache \
28b219
	--enable-proxy \
28b219
        --enable-cache \
28b219
        --enable-disk-cache \
28b219
        --enable-ldap --enable-authnz-ldap \
28b219
        --enable-cgid --enable-cgi \
28b219
        --enable-authn-anon --enable-authn-alias \
28b219
        --disable-imagemap  \
28b219
	$*
28b219
make %{?_smp_mflags}
28b219
28b219
%install
28b219
rm -rf $RPM_BUILD_ROOT
28b219
28b219
make DESTDIR=$RPM_BUILD_ROOT install
28b219
28b219
# Install systemd service files
28b219
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
28b219
for s in httpd htcacheclean; do
28b219
  install -p -m 644 $RPM_SOURCE_DIR/${s}.service \
28b219
                    $RPM_BUILD_ROOT%{_unitdir}/${s}.service
28b219
done
28b219
28b219
# install conf file/directory
28b219
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \
28b219
      $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d
28b219
install -m 644 $RPM_SOURCE_DIR/README.confd \
28b219
    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README
28b219
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
28b219
         00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
28b219
         01-ldap.conf 00-systemd.conf 01-session.conf; do
28b219
  install -m 644 -p $RPM_SOURCE_DIR/$f \
28b219
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
28b219
done
28b219
28b219
for f in welcome.conf ssl.conf manual.conf userdir.conf; do
28b219
  install -m 644 -p $RPM_SOURCE_DIR/$f \
28b219
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f
28b219
done
28b219
28b219
# Split-out extra config shipped as default in conf.d:
28b219
for f in autoindex; do
28b219
  mv docs/conf/extra/httpd-${f}.conf \
28b219
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/${f}.conf
28b219
done
28b219
28b219
# Extra config trimmed:
28b219
rm -v docs/conf/extra/httpd-{ssl,userdir}.conf
28b219
28b219
rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf
28b219
install -m 644 -p $RPM_SOURCE_DIR/httpd.conf \
28b219
   $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/httpd.conf
28b219
28b219
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
28b219
for s in httpd htcacheclean; do
28b219
  install -m 644 -p $RPM_SOURCE_DIR/${s}.sysconf \
28b219
                    $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/${s}
28b219
done
28b219
28b219
# tmpfiles.d configuration
28b219
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d 
28b219
install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \
28b219
   $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/httpd.conf
28b219
28b219
# Other directories
28b219
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \
28b219
         $RPM_BUILD_ROOT/run/httpd/htcacheclean
28b219
28b219
# Create cache directory
28b219
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd \
28b219
         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/proxy \
28b219
         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/ssl
28b219
28b219
# Make the MMN accessible to module packages
28b219
echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn
28b219
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm
28b219
cat > $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.httpd <
28b219
%%_httpd_mmn %{mmnisa}
28b219
%%_httpd_apxs %{_bindir}/apxs
28b219
%%_httpd_modconfdir %{_sysconfdir}/httpd/conf.modules.d
28b219
%%_httpd_confdir %{_sysconfdir}/httpd/conf.d
28b219
%%_httpd_contentdir %{contentdir}
28b219
%%_httpd_moddir %{_libdir}/httpd/modules
28b219
EOF
28b219
28b219
# Handle contentdir
28b219
mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
e0f934
tar xzf $RPM_SOURCE_DIR/centos-noindex.tar.gz \
e0f934
        -C $RPM_BUILD_ROOT%{contentdir}/noindex/ \
e0f934
        --strip-components=1
e0f934
28b219
rm -rf %{contentdir}/htdocs
28b219
28b219
# remove manual sources
28b219
find $RPM_BUILD_ROOT%{contentdir}/manual \( \
28b219
    -name \*.xml -o -name \*.xml.* -o -name \*.ent -o -name \*.xsl -o -name \*.dtd \
28b219
    \) -print0 | xargs -0 rm -f
28b219
28b219
# Strip the manual down just to English and replace the typemaps with flat files:
28b219
set +x
28b219
for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do
28b219
   if test -f ${f}.en; then
28b219
      cp ${f}.en ${f}
28b219
      rm ${f}.*
28b219
   fi
28b219
done
28b219
set -x
28b219
28b219
# Clean Document Root
28b219
rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
28b219
      $RPM_BUILD_ROOT%{docroot}/cgi-bin/*
28b219
28b219
# Symlink for the powered-by-$DISTRO image:
e0f934
ln -s ../noindex/images/poweredby.png \
28b219
        $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
28b219
28b219
# symlinks for /etc/httpd
28b219
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
28b219
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
28b219
ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
28b219
28b219
# install http-ssl-pass-dialog
28b219
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
28b219
install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \
28b219
	$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog
28b219
28b219
# Install action scripts
28b219
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd
28b219
for f in graceful configtest; do
28b219
    install -p -m 755 $RPM_SOURCE_DIR/action-${f}.sh \
28b219
            $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd/${f}
28b219
done
28b219
28b219
# Install logrotate config
28b219
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
28b219
install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \
28b219
	$RPM_BUILD_ROOT/etc/logrotate.d/httpd
28b219
28b219
# fix man page paths
28b219
sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \
28b219
    -e "s|/usr/local/apache2/conf/mime.types|/etc/mime.types|" \
28b219
    -e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \
28b219
    -e "s|/usr/local/apache2/logs/error_log|/var/log/httpd/error_log|" \
28b219
    -e "s|/usr/local/apache2/logs/access_log|/var/log/httpd/access_log|" \
28b219
    -e "s|/usr/local/apache2/logs/httpd.pid|/run/httpd/httpd.pid|" \
28b219
    -e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \
28b219
  > $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8
28b219
28b219
# Make ap_config_layout.h libdir-agnostic
28b219
sed -i '/.*DEFAULT_..._LIBEXECDIR/d;/DEFAULT_..._INSTALLBUILDDIR/d' \
28b219
    $RPM_BUILD_ROOT%{_includedir}/httpd/ap_config_layout.h
28b219
28b219
# Fix path to instdso in special.mk
28b219
sed -i '/instdso/s,top_srcdir,top_builddir,' \
28b219
    $RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk
28b219
28b219
# Remove unpackaged files
28b219
rm -vf \
28b219
      $RPM_BUILD_ROOT%{_libdir}/*.exp \
28b219
      $RPM_BUILD_ROOT/etc/httpd/conf/mime.types \
28b219
      $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \
28b219
      $RPM_BUILD_ROOT%{_libdir}/httpd/build/config.nice \
28b219
      $RPM_BUILD_ROOT%{_bindir}/{ap?-config,dbmmanage} \
28b219
      $RPM_BUILD_ROOT%{_sbindir}/{checkgid,envvars*} \
28b219
      $RPM_BUILD_ROOT%{contentdir}/htdocs/* \
28b219
      $RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \
28b219
      $RPM_BUILD_ROOT%{contentdir}/cgi-bin/*
28b219
28b219
rm -rf $RPM_BUILD_ROOT/etc/httpd/conf/{original,extra}
28b219
28b219
%pre
5cfdd4
# Add the "apache" group and user
5cfdd4
/usr/sbin/groupadd -g 48 -r apache 2> /dev/null || :
cce4bc
/usr/sbin/useradd -c "Apache" -u 48 -g apache \
28b219
	-s /sbin/nologin -r -d %{contentdir} apache 2> /dev/null || :
28b219
28b219
%post
28b219
%systemd_post httpd.service htcacheclean.service
28b219
28b219
%preun
28b219
%systemd_preun httpd.service htcacheclean.service
28b219
28b219
%postun
28b219
%systemd_postun
28b219
28b219
# Trigger for conversion from SysV, per guidelines at:
28b219
# https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd
28b219
%triggerun -- httpd < 2.2.21-5
28b219
# Save the current service runlevel info
28b219
# User must manually run systemd-sysv-convert --apply httpd
28b219
# to migrate them to systemd targets
28b219
/usr/bin/systemd-sysv-convert --save httpd.service >/dev/null 2>&1 ||:
28b219
28b219
# Run these because the SysV package being removed won't do them
28b219
/sbin/chkconfig --del httpd >/dev/null 2>&1 || :
28b219
28b219
%posttrans
28b219
test -f /etc/sysconfig/httpd-disable-posttrans || \
28b219
  /bin/systemctl try-restart httpd.service htcacheclean.service >/dev/null 2>&1 || :
28b219
28b219
%define sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt
28b219
%define sslkey %{_sysconfdir}/pki/tls/private/localhost.key
28b219
28b219
%post -n mod_ssl
28b219
umask 077
28b219
28b219
if [ -f %{sslkey} -o -f %{sslcert} ]; then
28b219
   exit 0
28b219
fi
28b219
706609
%{_bindir}/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 2048 > %{sslkey} 2> /dev/null
28b219
28b219
FQDN=`hostname`
07ea28
if [ "x${FQDN}" = "x" -o ${#FQDN} -gt 59 ]; then
28b219
   FQDN=localhost.localdomain
28b219
fi
28b219
28b219
cat << EOF | %{_bindir}/openssl req -new -key %{sslkey} \
706609
         -x509 -sha256 -days 365 -set_serial $RANDOM -extensions v3_req \
28b219
         -out %{sslcert} 2>/dev/null
28b219
--
28b219
SomeState
28b219
SomeCity
28b219
SomeOrganization
28b219
SomeOrganizationalUnit
28b219
${FQDN}
28b219
root@${FQDN}
28b219
EOF
28b219
28b219
%check
28b219
# Check the built modules are all PIC
28b219
if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then
28b219
   : modules contain non-relocatable code
28b219
   exit 1
28b219
fi
28b219
28b219
%clean
28b219
rm -rf $RPM_BUILD_ROOT
28b219
28b219
%files
28b219
%defattr(-,root,root)
28b219
28b219
%doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE
28b219
%doc docs/conf/extra/*.conf
28b219
28b219
%dir %{_sysconfdir}/httpd
28b219
%{_sysconfdir}/httpd/modules
28b219
%{_sysconfdir}/httpd/logs
28b219
%{_sysconfdir}/httpd/run
28b219
%dir %{_sysconfdir}/httpd/conf
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf/magic
28b219
28b219
%config(noreplace) %{_sysconfdir}/logrotate.d/httpd
28b219
28b219
%dir %{_sysconfdir}/httpd/conf.d
28b219
%{_sysconfdir}/httpd/conf.d/README
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.d/*.conf
28b219
%exclude %{_sysconfdir}/httpd/conf.d/ssl.conf
28b219
%exclude %{_sysconfdir}/httpd/conf.d/manual.conf
28b219
28b219
%dir %{_sysconfdir}/httpd/conf.modules.d
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf
28b219
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
28b219
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
28b219
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
28b219
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
28b219
28b219
%config(noreplace) %{_sysconfdir}/sysconfig/ht*
28b219
%{_prefix}/lib/tmpfiles.d/httpd.conf
28b219
28b219
%dir %{_libexecdir}/initscripts/legacy-actions/httpd
28b219
%{_libexecdir}/initscripts/legacy-actions/httpd/*
28b219
28b219
%{_sbindir}/ht*
28b219
%{_sbindir}/fcgistarter
28b219
%{_sbindir}/apachectl
28b219
%{_sbindir}/rotatelogs
28b219
%caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
28b219
28b219
%dir %{_libdir}/httpd
28b219
%dir %{_libdir}/httpd/modules
28b219
%{_libdir}/httpd/modules/mod*.so
28b219
%exclude %{_libdir}/httpd/modules/mod_auth_form.so
28b219
%exclude %{_libdir}/httpd/modules/mod_ssl.so
28b219
%exclude %{_libdir}/httpd/modules/mod_*ldap.so
28b219
%exclude %{_libdir}/httpd/modules/mod_proxy_html.so
28b219
%exclude %{_libdir}/httpd/modules/mod_xml2enc.so
28b219
%exclude %{_libdir}/httpd/modules/mod_session*.so
28b219
28b219
%dir %{contentdir}
28b219
%dir %{contentdir}/icons
28b219
%dir %{contentdir}/error
28b219
%dir %{contentdir}/error/include
28b219
%dir %{contentdir}/noindex
28b219
%{contentdir}/icons/*
28b219
%{contentdir}/error/README
28b219
%{contentdir}/error/*.var
28b219
%{contentdir}/error/include/*.html
e0f934
%{contentdir}/noindex/*
28b219
28b219
%dir %{docroot}
28b219
%dir %{docroot}/cgi-bin
28b219
%dir %{docroot}/html
28b219
28b219
%attr(0710,root,apache) %dir /run/httpd
28b219
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean
28b219
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd
28b219
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav
28b219
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
28b219
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
28b219
28b219
%{_mandir}/man8/*
28b219
28b219
%{_unitdir}/*.service
28b219
28b219
%files tools
28b219
%defattr(-,root,root)
28b219
%{_bindir}/*
28b219
%{_mandir}/man1/*
28b219
%doc LICENSE NOTICE
28b219
%exclude %{_bindir}/apxs
28b219
%exclude %{_mandir}/man1/apxs.1*
28b219
28b219
%files manual
28b219
%defattr(-,root,root)
28b219
%{contentdir}/manual
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf
28b219
28b219
%files -n mod_ssl
28b219
%defattr(-,root,root)
28b219
%{_libdir}/httpd/modules/mod_ssl.so
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf
28b219
%attr(0700,apache,root) %dir %{_localstatedir}/cache/httpd/ssl
28b219
%{_libexecdir}/httpd-ssl-pass-dialog
28b219
28b219
%files -n mod_proxy_html
28b219
%defattr(-,root,root)
28b219
%{_libdir}/httpd/modules/mod_proxy_html.so
28b219
%{_libdir}/httpd/modules/mod_xml2enc.so
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
28b219
28b219
%files -n mod_ldap
28b219
%defattr(-,root,root)
28b219
%{_libdir}/httpd/modules/mod_*ldap.so
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
28b219
28b219
%files -n mod_session
28b219
%defattr(-,root,root)
28b219
%{_libdir}/httpd/modules/mod_session*.so
28b219
%{_libdir}/httpd/modules/mod_auth_form.so
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
28b219
28b219
%files devel
28b219
%defattr(-,root,root)
28b219
%{_includedir}/httpd
28b219
%{_bindir}/apxs
28b219
%{_mandir}/man1/apxs.1*
28b219
%dir %{_libdir}/httpd/build
28b219
%{_libdir}/httpd/build/*.mk
28b219
%{_libdir}/httpd/build/*.sh
28b219
%{_sysconfdir}/rpm/macros.httpd
28b219
28b219
%changelog
e0f934
* Tue Jun 26 2018 CentOS Sources <bugs@centos.org> - 2.4.6-80.el7.centos.1
e0f934
- Remove index.html, add centos-noindex.tar.gz
e0f934
- change vstring
e0f934
- change symlink for poweredby.png
e0f934
- update welcome.conf with proper aliases
e0f934
cae244
* Mon May 28 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-80.1
cae244
- Resolves: #1560609 - httpd: active connections being terminated when httpd
cae244
  gets gracefully stopped/restarted, GracefulShutdownTimeout is not being
cae244
  honored
0db3da
b19d6e
* Mon Jan 08 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-80
b19d6e
- Related: #1288395 - httpd segfault when logrotate invoked
b19d6e
b19d6e
* Wed Nov 01 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-79
b19d6e
- Resolves: #1274890 - mod_ssl config: tighten defaults
b19d6e
b19d6e
* Tue Oct 31 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-78
b19d6e
- Resolves: #1506392 - Backport: SSLSessionTickets directive support
b19d6e
b19d6e
* Mon Oct 16 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-77
b19d6e
- Resolves: #1440590 - Need an option to disable UTF8-conversion
b19d6e
  of certificate DN
b19d6e
b19d6e
* Thu Oct 12 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-76
b19d6e
- Resolves: #1464406 - Apache consumes too much memory for CGI output
b19d6e
b19d6e
* Thu Oct 12 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-75
b19d6e
- Resolves: #1448892 - Cannot override LD_LIBARY_PATH in Apache HTTPD
b19d6e
  using SetEnv or PassEnv. Needs documentation.
b19d6e
b19d6e
* Mon Oct 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-74
b19d6e
- Resolves: #1430640 - "ProxyAddHeaders Off" does not become effective
b19d6e
  when it's defined outside <Proxy> setting
b19d6e
b19d6e
* Fri Oct 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-73
b19d6e
- Resolves: #1499253 - ProxyRemote with HTTPS backend sends requests
b19d6e
  with absoluteURI instead of abs_path
b19d6e
b19d6e
* Tue Oct 03 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-72
b19d6e
- Resolves: #1288395 - httpd segfault when logrotate invoked
b19d6e
b19d6e
* Tue Oct 03 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-71
b19d6e
- Resolves: #1368491 - mod_authz_dbd segfaults when AuthzDBDQuery missing
f63cd2
b19d6e
* Mon Oct 02 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-70
b19d6e
- Resolves: #1467402 - rotatelogs: creation of zombie processes when -p is used
2a6ec3
b19d6e
* Tue Sep 19 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-69
b19d6e
- Resolves: #1493065 - CVE-2017-9798 httpd: Use-after-free by limiting
3540ca
  unregistered HTTP method
4bd05b
b19d6e
* Tue Jul 25 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-68
749353
- Resolves: #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw()
749353
  authentication bypass
749353
- Resolves: #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference
749353
- Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread
749353
- Resolves: #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread
749353
- Resolves: #1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection
749353
  in mod_auth_digest
d18778
cce4bc
* Tue May 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-67
cce4bc
- Related: #1332242 - Explicitly disallow the '#' character in allow,deny
cce4bc
  directives
cce4bc
cce4bc
* Tue May 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-66
cce4bc
- Related: #1332242 - Explicitly disallow the '#' character in allow,deny
cce4bc
  directives
cce4bc
cce4bc
* Thu Apr 27 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-65
cce4bc
- Resolves: #1445885 - define _RH_HAS_HTTPPROTOCOLOPTIONS
cce4bc
cce4bc
* Tue Apr 18 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-64
cce4bc
- Resolves: #1442872 - apache user is not created during httpd installation
cce4bc
  when apache group already exist with GID other than 48
cce4bc
cce4bc
* Wed Mar 22 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-63
cce4bc
- Related: #1412976 - CVE-2016-0736 CVE-2016-2161 CVE-2016-8743
cce4bc
  httpd: various flaws
cce4bc
cce4bc
* Wed Mar 15 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-62
cce4bc
- Resolves: #1397241 - Backport Apache Bug 53098 - mod_proxy_ajp:
cce4bc
  patch to set worker secret passed to tomcat
cce4bc
cce4bc
* Wed Mar 15 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-61
cce4bc
- Related: #1414258 - Crash during restart or at startup in mod_ssl,
cce4bc
  in certinfo_free() function registered by ssl_stapling_ex_init()
cce4bc
cce4bc
* Tue Mar 14 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-60
cce4bc
- Resolves: #1414258 - Crash during restart or at startup in mod_ssl,
cce4bc
  in certinfo_free() function registered by ssl_stapling_ex_init()
cce4bc
cce4bc
* Mon Mar 13 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-59
cce4bc
- Resolves: #1378946 - Backport of apache bug 55910: Continuation lines
cce4bc
  are broken during buffer resize
cce4bc
cce4bc
* Fri Mar 10 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-58
cce4bc
- Resolves: #1364604 - Upstream Bug 56925 - ErrorDocument directive misbehaves
cce4bc
  with mod_proxy_http and mod_proxy_ajp
bda2b7
cce4bc
* Thu Mar 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-57
cce4bc
- Resolves: #1324416 - Error 404 when switching language in HTML manual
cce4bc
  more than once
cce4bc
cce4bc
* Wed Mar 08 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-56
cce4bc
- Resolves: #1353740 - Backport Apache PR58118 to fix mod_proxy_fcgi
cce4bc
  spamming non-errors: AH01075: Error dispatching request to : (passing
cce4bc
  brigade to output filters)
cce4bc
cce4bc
* Wed Mar 08 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-55
cce4bc
- Resolves: #1371876 - Apache httpd returns "200 OK" for a request
cce4bc
  exceeding LimitRequestBody when enabling mod_ext_filter
cce4bc
cce4bc
* Tue Mar 07 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-54
cce4bc
- Resolves: #1372692 - Apache httpd does not log status code "413" in
cce4bc
  access_log when exceeding LimitRequestBody
cce4bc
cce4bc
* Tue Mar 07 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-53
cce4bc
- Resolves: #1376835 - httpd with worker/event mpm segfaults after multiple
cce4bc
  successive graceful reloads
cce4bc
cce4bc
* Tue Mar 07 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-52
cce4bc
- Resolves: #1332242 - Explicitly disallow the '#' character in allow,deny
cce4bc
  directives
cce4bc
cce4bc
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-51
21495e
- Resolves: #1396197 - Backport: mod_proxy_wstunnel - AH02447: err/hup
21495e
  on backconn
21495e
cce4bc
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-50
cce4bc
- Resolves: #1348019 - mod_proxy: Fix a race condition that caused a failed
cce4bc
  worker to be retried before the retry period is over
cce4bc
cce4bc
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-49
cce4bc
- Resolves: #1389535 - Segmentation fault in SSL_renegotiate
cce4bc
cce4bc
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-48
cce4bc
- Resolves: #1406184 - stapling_renew_response: abort early
cce4bc
  (before apr_uri_parse) if ocspuri is empty
cce4bc
cce4bc
* Tue Feb  7 2017 Joe Orton <jorton@redhat.com> - 2.4.6-47
21495e
- prefork: fix delay completing graceful restart (#1327624)
21495e
- mod_ldap: fix authz regression, failing to rebind (#1415257)
21495e
cce4bc
* Thu Jan 26 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-46
cce4bc
- Resolves: #1412976 - CVE-2016-0736 CVE-2016-2161 CVE-2016-8743
cce4bc
  httpd: various flaws
92bb46
07ea28
* Wed Aug 03 2016 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-45
07ea28
- RFE: run mod_rewrite external mapping program as non-root (#1316900)
7552d4
07ea28
* Tue Jul 12 2016 Joe Orton <jorton@redhat.com> - 2.4.6-44
48b77b
- add security fix for CVE-2016-5387
48b77b
07ea28
* Tue Jul  5 2016 Joe Orton <jorton@redhat.com> - 2.4.6-43
07ea28
- add 451 (Unavailable For Legal Reasons) response status-code (#1343582)
07ea28
07ea28
* Fri Jun 17 2016 Joe Orton <jorton@redhat.com> - 2.4.6-42
07ea28
- mod_cache: treat cache as valid with changed Expires in 304 (#1331341)
07ea28
07ea28
* Wed Feb 24 2016 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-41
07ea28
- mod_cache: merge r->err_headers_out into r->headers when the response
07ea28
  is cached for the first time (#1264989)
07ea28
- mod_ssl: Do not send SSL warning when SNI hostname is not found as per
07ea28
  RFC 6066 (#1298148)
07ea28
- mod_proxy_fcgi: Ignore body data from backend for 304 responses (#1263038)
07ea28
- fix apache user creation when apache group already exists (#1299889)
07ea28
- fix apache user creation when USERGROUPS_ENAB is set to 'no' (#1288757)
07ea28
- mod_proxy: fix slow response time for reponses with error status code
07ea28
  when using ProxyErrorOverride (#1283653)
07ea28
- mod_ldap: Respect LDAPConnectionPoolTTL for authn connections (#1300149)
07ea28
- mod_ssl: use "localhost" in the dummy SSL cert for long FQDNs (#1240495)
07ea28
- rotatelogs: improve support for localtime (#1244545)
07ea28
- ab: fix read failure when targeting SSL server (#1255331)
07ea28
- mod_log_debug: fix LogMessage example in documentation (#1279465)
07ea28
- mod_authz_dbd, mod_authn_dbd, mod_session_dbd, mod_rewrite: Fix lifetime
07ea28
  of DB lookup entries independently of the selected DB engine (#1287844)
07ea28
- mod_ssl: fix hardware crypto support with custom DH parms (#1291865)
07ea28
- mod_proxy_fcgi: fix SCRIPT_FILENAME when a balancer is used (#1302797)
19d22d
0943f8
* Thu Sep 17 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-40
0943f8
- mod_dav: follow up fix for previous commit (#1263975)
0943f8
0943f8
* Wed Aug 26 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-39
0943f8
- mod_dav: treat dav_resource uri as escaped (#1255480)
5aba2d
0943f8
* Wed Aug 19 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-38
0943f8
- mod_ssl: add support for User Principal Name in SSLUserName  (#1242503)
0943f8
0943f8
* Mon Aug 10 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-37
1e590c
- core: fix chunk header parsing defect (CVE-2015-3183)
1e590c
- core: replace of ap_some_auth_required with ap_some_authn_required
1e590c
  and ap_force_authn hook (CVE-2015-3185)
d5a8a7
0943f8
* Tue Jul 14 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-36
0943f8
- Revert fix for #1162152, it is not needed in RHEL7
0943f8
- mod_proxy_ajp: fix settings ProxyPass parameters for AJP backends (#1242416)
0943f8
0943f8
* Wed Jul 01 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-35
0943f8
- mod_remoteip: correct the trusted proxy match test (#1179306)
0943f8
- mod_dav: send complete response when resource is created (#1235383)
0943f8
- apachectl: correct the apachectl status man page (#1231924)
0943f8
0943f8
* Wed Jun 03 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-34
0943f8
- mod_proxy_fcgi: honor Timeout / ProxyTimeout (#1222328)
0943f8
- do not show all vhosts twice in httpd -D DUMP_VHOSTS output (#1225820)
0943f8
- fix -D[efined] or <Define>[d] variables lifetime accross restarts (#1227219)
0943f8
- mod_ssl: do not send NPN extension with not configured (#1226015)
0943f8
0943f8
* Mon May 18 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-33
0943f8
- mod_authz_dbm: fix crash when using "Require dbm-file-group" (#1221575)
0943f8
0943f8
* Wed Apr 15 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-32
0943f8
- mod_authn_dbd: fix use-after-free bug with postgresql (#1188779)
0943f8
- mod_remoteip: correct the trusted proxy match test (#1179306)
0943f8
- mod_status: honor remote_ip as documented (#1169081)
0943f8
- mod_deflate: fix decompression of files larger than 4GB (#1170214)
0943f8
- core: improve error message for inaccessible DocumentRoot (#1170220)
0943f8
- ab: try all addresses instead of failing on first one when not available (#1125276)
0943f8
- mod_proxy_wstunnel: add support for SSL (#1180745)
0943f8
- mod_proxy_wstunnel: load this module by default (#1180745)
0943f8
- mod_rewrite: add support for WebSockets (#1180745)
0943f8
- mod_rewrite: do not search for directory if a URL will be rewritten (#1210091)
0943f8
- mod_ssl: Fix SSL_CLIENT_VERIFY value when optional_no_ca and SSLSessionCache
0943f8
  are used and SSL session is resumed (#1170206)
0943f8
- mod_ssl: fix memory leak on httpd reloads (#1181690)
0943f8
- mod_ssl: use SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA (#1118476)
0943f8
- mod_cgi: return error code 408 on timeout (#1162152)
0943f8
- mod_dav_fs: set default value of DAVLockDB (#1176449)
0943f8
- add Documentation= to the httpd.service and htcacheclean.service (#1184118)
0943f8
- do not display "bomb" icon for files ending with "core" (#1170215)
0943f8
- add missing Reason-Phrase in HTTP response headers (#1162159)
0943f8
- fix BuildRequires to require openssl-devel >= 1:1.0.1e-37 (#1160625)
0943f8
- apachectl: ignore HTTPD variable from sysconfig (#1214401)
0943f8
- apachectl: fix "graceful" documentation (#1214398)
0943f8
- apachectl: fix "graceful" behaviour when httpd is not running (#1214430)
0943f8
75a229
* Tue Dec 02 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-31
4126fd
- mod_proxy_fcgi: determine if FCGI_CONN_CLOSE should be enabled
75a229
  instead of hardcoding it (#1168050)
75a229
- mod_proxy: support Unix Domain Sockets (#1168081)
75a229
75a229
* Tue Nov 25 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-30
75a229
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
75a229
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
75a229
75a229
* Tue Nov 04 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-29
75a229
- rebuild against proper version of OpenSSL (#1080125)
75a229
75a229
* Wed Oct 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-28
75a229
- set vstring based on /etc/os-release (#1114123)
75a229
75a229
* Mon Oct 06 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-27
75a229
- fix the dependency on openssl-libs to match the fix for #1080125
75a229
75a229
* Mon Sep 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-26
75a229
- allow <Auth*ProviderAlias>'es to be seen under virtual hosts (#1131847)
75a229
75a229
* Fri Sep 19 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-25
75a229
- do not use hardcoded curve for ECDHE suites (#1080125)
75a229
75a229
* Wed Sep 03 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-24
75a229
- allow reverse-proxy to be set via SetHandler (#1136290)
75a229
75a229
* Thu Aug 21 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-23
75a229
- fix possible crash in SIGINT handling (#1131006)
75a229
75a229
* Mon Aug 18 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-22
75a229
- ab: fix integer overflow when printing stats with lot of requests (#1092420)
75a229
75a229
* Mon Aug 11 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-21
75a229
- add pre_htaccess so mpm-itk can be build as separate module (#1059143)
75a229
75a229
* Tue Aug 05 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-20
75a229
- mod_ssl: prefer larger keys and support up to 8192-bit keys (#1073078)
75a229
75a229
* Mon Aug 04 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-19
75a229
- fix build on ppc64le by using configure macro (#1125545)
75a229
- compile httpd with -O3 on ppc64le (#1123490)
75a229
- mod_rewrite: expose CONN_REMOTE_ADDR (#1060536)
Johnny Hughes b69bb1
331623
* Thu Jul 17 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-18
75a229
- mod_cgid: add security fix for CVE-2014-0231 (#1120608)
75a229
- mod_proxy: add security fix for CVE-2014-0117 (#1120608)
75a229
- mod_deflate: add security fix for CVE-2014-0118 (#1120608)
75a229
- mod_status: add security fix for CVE-2014-0226 (#1120608)
75a229
- mod_cache: add secutiry fix for CVE-2013-4352 (#1120608)
Jim Perrin 3c9b58
706609
* Thu Mar 20 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-17
706609
- mod_dav: add security fix for CVE-2013-6438 (#1077907)
706609
- mod_log_config: add security fix for CVE-2014-0098 (#1077907)
706609
706609
* Wed Mar  5 2014 Joe Orton <jorton@redhat.com> - 2.4.6-16
706609
- mod_ssl: improve DH temp key handling (#1057687)
706609
706609
* Wed Mar  5 2014 Joe Orton <jorton@redhat.com> - 2.4.6-15
706609
- mod_ssl: use 2048-bit RSA key with SHA-256 signature in dummy certificate (#1071276)
706609
706609
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.4.6-14
706609
- Mass rebuild 2014-01-24
706609
706609
* Mon Jan 13 2014 Joe Orton <jorton@redhat.com> - 2.4.6-13
706609
- mod_ssl: sanity-check use of "SSLCompression" (#1036666)
706609
- mod_proxy_http: fix brigade memory usage (#1040447)
706609
706609
* Fri Jan 10 2014 Joe Orton <jorton@redhat.com> - 2.4.6-12
706609
- rebuild
706609
706609
* Thu Jan  9 2014 Joe Orton <jorton@redhat.com> - 2.4.6-11
706609
- build with -O3 on ppc64 (#1051066)
706609
706609
* Tue Jan  7 2014 Joe Orton <jorton@redhat.com> - 2.4.6-10
706609
- mod_dav: fix locktoken handling (#1004046)
706609
706609
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.4.6-9
706609
- Mass rebuild 2013-12-27
706609
706609
* Fri Dec 20 2013 Joe Orton <jorton@redhat.com> - 2.4.6-8
706609
- use unambiguous httpd-mmn (#1029360)
706609
28b219
* Fri Nov   1 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-7
28b219
- mod_ssl: allow SSLEngine to override Listen-based default (#1023168)
28b219
28b219
* Thu Oct  31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-6
28b219
- systemd: Use {MAINPID} notation in service file (#969972)
28b219
28b219
* Thu Oct 24 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-5
28b219
- systemd: send SIGWINCH signal without httpd -k in ExecStop (#969972)
28b219
28b219
* Thu Oct 03 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-4
28b219
- expand macros in macros.httpd (#1011393)
28b219
28b219
* Mon Aug 26 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-3
28b219
- fix "LDAPReferrals off" to really disable LDAP Referrals
28b219
28b219
* Wed Jul 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-2
28b219
- revert fix for dumping vhosts twice
28b219
28b219
* Mon Jul 22 2013 Joe Orton <jorton@redhat.com> - 2.4.6-1
28b219
- update to 2.4.6
28b219
- mod_ssl: use revised NPN API (r1487772)
28b219
28b219
* Thu Jul 11 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-12
28b219
- mod_unique_id: replace use of hostname + pid with PRNG output (#976666)
28b219
- apxs: mention -p option in manpage
28b219
28b219
* Tue Jul  2 2013 Joe Orton <jorton@redhat.com> - 2.4.4-11
28b219
- add patch for aarch64 (Dennis Gilmore, #925558)
28b219
28b219
* Mon Jul  1 2013 Joe Orton <jorton@redhat.com> - 2.4.4-10
28b219
- remove duplicate apxs man page from httpd-tools
28b219
28b219
* Mon Jun 17 2013 Joe Orton <jorton@redhat.com> - 2.4.4-9
28b219
- remove zombie dbmmanage script
28b219
28b219
* Fri May 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-8
28b219
- return 400 Bad Request on malformed Host header
28b219
28b219
* Mon May 20 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-6
28b219
- htpasswd/htdbm: fix hash generation bug (#956344)
28b219
- do not dump vhosts twice in httpd -S output (#928761)
28b219
- mod_cache: fix potential crash caused by uninitialized variable (#954109)
28b219
28b219
* Thu Apr 18 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-5
28b219
- execute systemctl reload as result of apachectl graceful
28b219
- mod_ssl: ignore SNI hints unless required by config
28b219
- mod_cache: forward-port CacheMaxExpire "hard" option
28b219
- mod_ssl: fall back on another module's proxy hook if mod_ssl proxy
28b219
  is not configured.
28b219
28b219
* Tue Apr 16 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-4
28b219
- fix service file to not send SIGTERM after ExecStop (#906321, #912288)
28b219
28b219
* Tue Mar 26 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-3
28b219
- protect MIMEMagicFile with IfModule (#893949)
28b219
28b219
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-2
28b219
- really package mod_auth_form in mod_session (#915438)
28b219
28b219
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-1
28b219
- update to 2.4.4
28b219
- fix duplicate ownership of mod_session config (#914901)
28b219
28b219
* Fri Feb 22 2013 Joe Orton <jorton@redhat.com> - 2.4.3-17
28b219
- add mod_session subpackage, move mod_auth_form there (#894500)
28b219
28b219
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.3-16
28b219
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
28b219
28b219
* Tue Jan  8 2013 Joe Orton <jorton@redhat.com> - 2.4.3-15
28b219
- add systemd service for htcacheclean
28b219
28b219
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-14
28b219
- drop patch for r1344712
28b219
28b219
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-13
28b219
- filter mod_*.so auto-provides (thanks to rcollet)
28b219
- pull in syslog logging fix from upstream (r1344712)
28b219
28b219
* Fri Oct 26 2012 Joe Orton <jorton@redhat.com> - 2.4.3-12
28b219
- rebuild to pick up new apr-util-ldap
28b219
28b219
* Tue Oct 23 2012 Joe Orton <jorton@redhat.com> - 2.4.3-11
28b219
- rebuild
28b219
28b219
* Wed Oct  3 2012 Joe Orton <jorton@redhat.com> - 2.4.3-10
28b219
- pull upstream patch r1392850 in addition to r1387633
28b219
28b219
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-9.1
28b219
- restore "ServerTokens Full-Release" support (#811714)
28b219
28b219
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-9
28b219
- define PLATFORM in os.h using vendor string
28b219
28b219
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-8
28b219
- use systemd script unconditionally (#850149)
28b219
28b219
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-7
28b219
- use systemd scriptlets if available (#850149)
28b219
- don't run posttrans restart if /etc/sysconfig/httpd-disable-posttrans exists
28b219
28b219
* Mon Oct 01 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-6
28b219
- use systemctl from apachectl (#842736)
28b219
28b219
* Wed Sep 19 2012 Joe Orton <jorton@redhat.com> - 2.4.3-5
28b219
- fix some error log spam with graceful-stop (r1387633)
28b219
- minor mod_systemd tweaks
28b219
28b219
* Thu Sep 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-4
28b219
- use IncludeOptional for conf.d/*.conf inclusion
28b219
28b219
* Fri Sep 07 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-3
28b219
- adding mod_systemd to integrate with systemd better
28b219
28b219
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-2
28b219
- mod_ssl: add check for proxy keypair match (upstream r1374214)
28b219
28b219
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-1
28b219
- update to 2.4.3 (#849883)
28b219
- own the docroot (#848121)
28b219
28b219
* Mon Aug  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-23
28b219
- add mod_proxy fixes from upstream (r1366693, r1365604)
28b219
28b219
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-22
28b219
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
28b219
28b219
* Fri Jul  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-21
28b219
- drop explicit version requirement on initscripts
28b219
28b219
* Thu Jul  5 2012 Joe Orton <jorton@redhat.com> - 2.4.2-20
28b219
- mod_ext_filter: fix error_log warnings
28b219
28b219
* Mon Jul  2 2012 Joe Orton <jorton@redhat.com> - 2.4.2-19
28b219
- support "configtest" and "graceful" as initscripts "legacy actions"
28b219
28b219
* Fri Jun  8 2012 Joe Orton <jorton@redhat.com> - 2.4.2-18
28b219
- avoid use of "core" GIF for a "core" directory (#168776)
28b219
- drop use of "syslog.target" in systemd unit file
28b219
28b219
* Thu Jun  7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-17
28b219
- use _unitdir for systemd unit file
28b219
- use /run in unit file, ssl.conf
28b219
28b219
* Thu Jun  7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-16
28b219
- mod_ssl: fix NPN patch merge
28b219
28b219
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-15
28b219
- move tmpfiles.d fragment into /usr/lib per new guidelines
28b219
- package /run/httpd not /var/run/httpd
28b219
- set runtimedir to /run/httpd likewise
28b219
28b219
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-14
28b219
- fix htdbm/htpasswd crash on crypt() failure (#818684)
28b219
28b219
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-13
28b219
- pull fix for NPN patch from upstream (r1345599)
28b219
28b219
* Thu May 31 2012 Joe Orton <jorton@redhat.com> - 2.4.2-12
28b219
- update suexec patch to use LOG_AUTHPRIV facility
28b219
28b219
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-11
28b219
- really fix autoindex.conf (thanks to remi@)
28b219
28b219
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-10
28b219
- fix autoindex.conf to allow symlink to poweredby.png
28b219
28b219
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-9
28b219
- suexec: use upstream version of patch for capability bit support
28b219
28b219
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-8
28b219
- suexec: use syslog rather than suexec.log, drop dac_override capability
28b219
28b219
* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-7
28b219
- mod_ssl: add TLS NPN support (r1332643, #809599)
28b219
28b219
* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-6
28b219
- add BR on APR >= 1.4.0
28b219
28b219
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-5
28b219
- use systemctl from logrotate (#221073)
28b219
28b219
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-4
28b219
- pull from upstream:
28b219
  * use TLS close_notify alert for dummy_connection (r1326980+)
28b219
  * cleanup symbol exports (r1327036+)
28b219
28b219
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3.2
28b219
- rebuild
28b219
28b219
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3
28b219
- really fix restart
28b219
28b219
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-2
28b219
- tweak default ssl.conf
28b219
- fix restart handling (#814645)
28b219
- use graceful restart by default
28b219
28b219
* Wed Apr 18 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.2-1
28b219
- update to 2.4.2
28b219
28b219
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-6
28b219
- fix macros
28b219
28b219
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-5
28b219
- add _httpd_moddir to macros
28b219
28b219
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-4
28b219
- fix symlink for poweredby.png
28b219
- fix manual.conf
28b219
28b219
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-3
28b219
- add mod_proxy_html subpackage (w/mod_proxy_html + mod_xml2enc)
28b219
- move mod_ldap, mod_authnz_ldap to mod_ldap subpackage
28b219
28b219
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-2
28b219
- clean docroot better
28b219
- ship proxy, ssl directories within /var/cache/httpd
28b219
- default config:
28b219
 * unrestricted access to (only) /var/www
28b219
 * remove (commented) Mutex, MaxRanges, ScriptSock
28b219
 * split autoindex config to conf.d/autoindex.conf
28b219
- ship additional example configs in docdir
28b219
28b219
* Tue Mar  6 2012 Joe Orton <jorton@redhat.com> - 2.4.1-1
28b219
- update to 2.4.1
28b219
- adopt upstream default httpd.conf (almost verbatim)
28b219
- split all LoadModules to conf.modules.d/*.conf
28b219
- include conf.d/*.conf at end of httpd.conf
28b219
- trim %%changelog
28b219
28b219
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-2
28b219
- fix build against PCRE 8.30
28b219
28b219
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-1
28b219
- update to 2.2.22
28b219
28b219
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 2.2.21-8
28b219
- Rebuild against PCRE 8.30
28b219
28b219
* Mon Jan 23 2012 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-7
28b219
- fix #783629 - start httpd after named
28b219
28b219
* Mon Jan 16 2012 Joe Orton <jorton@redhat.com> - 2.2.21-6
28b219
- complete conversion to systemd, drop init script (#770311)
28b219
- fix comments in /etc/sysconfig/httpd (#771024)
28b219
- enable PrivateTmp in service file (#781440)
28b219
- set LANG=C in /etc/sysconfig/httpd
28b219
28b219
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.21-5
28b219
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
28b219
28b219
* Tue Dec 06 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-4
28b219
- fix #751591 - start httpd after remote-fs
28b219
28b219
* Mon Oct 24 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-3
28b219
- allow change state of BalancerMember in mod_proxy_balancer web interface
28b219
28b219
* Thu Sep 22 2011 Ville Skyttä <ville.skytta@iki.fi> - 2.2.21-2
28b219
- Make mmn available as %%{_httpd_mmn}.
28b219
- Add .svgz to AddEncoding x-gzip example in httpd.conf.
28b219
28b219
* Tue Sep 13 2011 Joe Orton <jorton@redhat.com> - 2.2.21-1
28b219
- update to 2.2.21
28b219
28b219
* Mon Sep  5 2011 Joe Orton <jorton@redhat.com> - 2.2.20-1
28b219
- update to 2.2.20
28b219
- fix MPM stub man page generation
28b219
28b219
* Wed Aug 10 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-5
28b219
- fix #707917 - add httpd-ssl-pass-dialog to ask for SSL password using systemd
28b219
28b219
* Fri Jul 22 2011 Iain Arnell <iarnell@gmail.com> 1:2.2.19-4
28b219
- rebuild while rpm-4.9.1 is untagged to remove trailing slash in provided
28b219
  directory names
28b219
28b219
* Wed Jul 20 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-3
28b219
- fix #716621 - suexec now works without setuid bit
28b219
28b219
* Thu Jul 14 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-2
28b219
- fix #689091 - backported patch from 2.3 branch to support IPv6 in logresolve
28b219
28b219
* Fri Jul  1 2011 Joe Orton <jorton@redhat.com> - 2.2.19-1
28b219
- update to 2.2.19
28b219
- enable dbd, authn_dbd in default config
28b219
28b219
* Thu Apr 14 2011 Joe Orton <jorton@redhat.com> - 2.2.17-13
28b219
- fix path expansion in service files
28b219
28b219
* Tue Apr 12 2011 Joe Orton <jorton@redhat.com> - 2.2.17-12
28b219
- add systemd service files (#684175, thanks to Jóhann B. Guðmundsson)
28b219
28b219
* Wed Mar 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-11
28b219
- minor updates to httpd.conf
28b219
- drop old patches
28b219
28b219
* Wed Mar  2 2011 Joe Orton <jorton@redhat.com> - 2.2.17-10
28b219
- rebuild
28b219
28b219
* Wed Feb 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-9
28b219
- use arch-specific mmn
28b219
28b219
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.17-8
28b219
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
28b219
28b219
* Mon Jan 31 2011 Joe Orton <jorton@redhat.com> - 2.2.17-7
28b219
- generate dummy mod_ssl cert with CA:FALSE constraint (#667841)
28b219
- add man page stubs for httpd.event, httpd.worker
28b219
- drop distcache support
28b219
- add STOP_TIMEOUT support to init script
28b219
28b219
* Sat Jan  8 2011 Joe Orton <jorton@redhat.com> - 2.2.17-6
28b219
- update default SSLCipherSuite per upstream trunk
28b219
28b219
* Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-5
28b219
- fix requires (#667397)
28b219
28b219
* Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-4
28b219
- de-ghost /var/run/httpd
28b219
28b219
* Tue Jan  4 2011 Joe Orton <jorton@redhat.com> - 2.2.17-3
28b219
- add tmpfiles.d configuration, ghost /var/run/httpd (#656600)
28b219
28b219
* Sat Nov 20 2010 Joe Orton <jorton@redhat.com> - 2.2.17-2
28b219
- drop setuid bit, use capabilities for suexec binary
28b219
28b219
* Wed Oct 27 2010 Joe Orton <jorton@redhat.com> - 2.2.17-1
28b219
- update to 2.2.17
28b219
28b219
* Fri Sep 10 2010 Joe Orton <jorton@redhat.com> - 2.2.16-2
28b219
- link everything using -z relro and -z now
28b219
28b219
* Mon Jul 26 2010 Joe Orton <jorton@redhat.com> - 2.2.16-1
28b219
- update to 2.2.16
28b219
28b219
* Fri Jul  9 2010 Joe Orton <jorton@redhat.com> - 2.2.15-3
28b219
- default config tweaks:
28b219
 * harden httpd.conf w.r.t. .htaccess restriction (#591293)
28b219
 * load mod_substitute, mod_version by default
28b219
 * drop proxy_ajp.conf, load mod_proxy_ajp in httpd.conf
28b219
 * add commented list of shipped-but-unloaded modules
28b219
 * bump up worker defaults a little
28b219
 * drop KeepAliveTimeout to 5 secs per upstream
28b219
- fix LSB compliance in init script (#522074)
28b219
- bundle NOTICE in -tools
28b219
- use init script in logrotate postrotate to pick up PIDFILE
28b219
- drop some old Obsoletes/Conflicts
28b219
28b219
* Sun Apr 04 2010 Robert Scheck <robert@fedoraproject.org> - 2.2.15-1
28b219
- update to 2.2.15 (#572404, #579311)
28b219