Blame SPECS/httpd.spec

28b219
%define contentdir %{_datadir}/httpd
28b219
%define docroot /var/www
28b219
%define suexec_caller apache
28b219
%define mmn 20120211
706609
%define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
706609
%define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
48b77b
%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})
28b219
28b219
# Drop automatic provides for module DSOs
28b219
%{?filter_setup:
28b219
%filter_provides_in %{_libdir}/httpd/modules/.*\.so$
28b219
%filter_setup
28b219
}
28b219
28b219
Summary: Apache HTTP Server
28b219
Name: httpd
28b219
Version: 2.4.6
48b77b
Release: 40%{?dist}.4
28b219
URL: http://httpd.apache.org/
28b219
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
48b77b
Source1: index.html
28b219
Source2: httpd.logrotate
28b219
Source3: httpd.sysconf
28b219
Source4: httpd-ssl-pass-dialog
28b219
Source5: httpd.tmpfiles
28b219
Source6: httpd.service
28b219
Source7: action-graceful.sh
28b219
Source8: action-configtest.sh
28b219
Source10: httpd.conf
28b219
Source11: 00-base.conf
28b219
Source12: 00-mpm.conf
28b219
Source13: 00-lua.conf
28b219
Source14: 01-cgi.conf
28b219
Source15: 00-dav.conf
28b219
Source16: 00-proxy.conf
28b219
Source17: 00-ssl.conf
28b219
Source18: 01-ldap.conf
28b219
Source19: 00-proxyhtml.conf
28b219
Source20: userdir.conf
28b219
Source21: ssl.conf
28b219
Source22: welcome.conf
28b219
Source23: manual.conf
28b219
Source24: 00-systemd.conf
28b219
Source25: 01-session.conf
28b219
# Documentation
28b219
Source30: README.confd
28b219
Source40: htcacheclean.service
28b219
Source41: htcacheclean.sysconf
28b219
# build/scripts patches
28b219
Patch1: httpd-2.4.1-apctl.patch
28b219
Patch2: httpd-2.4.3-apxs.patch
28b219
Patch3: httpd-2.4.1-deplibs.patch
28b219
Patch5: httpd-2.4.3-layout.patch
28b219
Patch6: httpd-2.4.3-apctl-systemd.patch
28b219
# Features/functional changes
28b219
Patch21: httpd-2.4.6-full-release.patch
28b219
Patch23: httpd-2.4.4-export.patch
28b219
Patch24: httpd-2.4.1-corelimit.patch
28b219
Patch25: httpd-2.4.1-selinux.patch
28b219
Patch26: httpd-2.4.4-r1337344+.patch
28b219
Patch27: httpd-2.4.2-icons.patch
28b219
Patch28: httpd-2.4.6-r1332643+.patch
28b219
Patch29: httpd-2.4.3-mod_systemd.patch
28b219
Patch30: httpd-2.4.4-cachehardmax.patch
28b219
Patch31: httpd-2.4.6-sslmultiproxy.patch
28b219
Patch32: httpd-2.4.6-r1537535.patch
706609
Patch33: httpd-2.4.6-r1542327.patch
75a229
Patch34: httpd-2.4.6-ssl-large-keys.patch
75a229
Patch35: httpd-2.4.6-pre_htaccess.patch
75a229
Patch36: httpd-2.4.6-r1573626.patch
75a229
Patch37: httpd-2.4.6-uds.patch
0943f8
Patch38: httpd-2.4.6-upn.patch
28b219
# Bug fixes
28b219
Patch51: httpd-2.4.3-sslsninotreq.patch
28b219
Patch55: httpd-2.4.4-malformed-host.patch
28b219
Patch56: httpd-2.4.4-mod_unique_id.patch
28b219
Patch57: httpd-2.4.6-ldaprefer.patch
706609
Patch58: httpd-2.4.6-r1507681+.patch
706609
Patch59: httpd-2.4.6-r1556473.patch
706609
Patch60: httpd-2.4.6-r1553540.patch
75a229
Patch61: httpd-2.4.6-rewrite-clientaddr.patch
75a229
Patch62: httpd-2.4.6-ab-overflow.patch
75a229
Patch63: httpd-2.4.6-sigint.patch
75a229
Patch64: httpd-2.4.6-ssl-ecdh-auto.patch
75a229
Patch65: httpd-2.4.6-r1556818.patch
75a229
Patch66: httpd-2.4.6-r1618851.patch
75a229
Patch67: httpd-2.4.6-r1526189.patch
0943f8
Patch68: httpd-2.4.6-r1663647.patch
0943f8
Patch69: httpd-2.4.6-r1569006.patch
0943f8
Patch70: httpd-2.4.6-r1506474.patch
0943f8
Patch71: httpd-2.4.6-bomb.patch
0943f8
Patch72: httpd-2.4.6-r1604460.patch
0943f8
Patch73: httpd-2.4.6-r1624349.patch
0943f8
Patch74: httpd-2.4.6-ap-ipv6.patch
0943f8
Patch75: httpd-2.4.6-r1530280.patch
0943f8
Patch76: httpd-2.4.6-r1633085.patch
0943f8
Patch78: httpd-2.4.6-ssl-error-free.patch
0943f8
Patch79: httpd-2.4.6-r1528556.patch
0943f8
Patch80: httpd-2.4.6-r1594625.patch
0943f8
Patch81: httpd-2.4.6-r1674222.patch
0943f8
Patch82: httpd-2.4.6-apachectl-httpd-env.patch
0943f8
Patch83: httpd-2.4.6-rewrite-dir.patch
0943f8
Patch84: httpd-2.4.6-r1420184.patch
0943f8
Patch85: httpd-2.4.6-r1524368.patch
0943f8
Patch86: httpd-2.4.6-r1528958.patch
0943f8
Patch87: httpd-2.4.6-r1651083.patch
0943f8
Patch88: httpd-2.4.6-r1688399.patch
0943f8
Patch89: httpd-2.4.6-r1527509.patch
0943f8
Patch90: httpd-2.4.6-apachectl-status.patch
0943f8
Patch91: httpd-2.4.6-r1650655.patch
0943f8
Patch92: httpd-2.4.6-r1533448.patch
0943f8
Patch93: httpd-2.4.6-r1610013.patch
48b77b
Patch105: httpd-2.4.6-r1560093.patch
48b77b
Patch106: httpd-2.4.6-r1748212.patch
706609
# Security fixes
706609
Patch200: httpd-2.4.6-CVE-2013-6438.patch
706609
Patch201: httpd-2.4.6-CVE-2014-0098.patch
331623
Patch202: httpd-2.4.6-CVE-2014-0231.patch
331623
Patch203: httpd-2.4.6-CVE-2014-0117.patch
331623
Patch204: httpd-2.4.6-CVE-2014-0118.patch
331623
Patch205: httpd-2.4.6-CVE-2014-0226.patch
331623
Patch206: httpd-2.4.6-CVE-2013-4352.patch
75a229
Patch207: httpd-2.4.6-CVE-2013-5704.patch
75a229
Patch208: httpd-2.4.6-CVE-2014-3581.patch
1e590c
Patch209: httpd-2.4.6-CVE-2015-3185.patch
1e590c
Patch210: httpd-2.4.6-CVE-2015-3183.patch
48b77b
Patch211: httpd-2.4.6-CVE-2016-5387.patch
28b219
License: ASL 2.0
28b219
Group: System Environment/Daemons
28b219
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
28b219
BuildRequires: autoconf, perl, pkgconfig, findutils, xmlto
28b219
BuildRequires: zlib-devel, libselinux-devel, lua-devel
28b219
BuildRequires: apr-devel >= 1.4.0, apr-util-devel >= 1.2.0, pcre-devel >= 5.0
28b219
BuildRequires: systemd-devel
28b219
Requires: /etc/mime.types, system-logos >= 7.92.1-1
28b219
Obsoletes: httpd-suexec
28b219
Provides: webserver
28b219
Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
706609
Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}, httpd-mmn = %{oldmmnisa}
28b219
Requires: httpd-tools = %{version}-%{release}
28b219
Requires(pre): /usr/sbin/useradd
5cfdd4
Requires(pre): /usr/sbin/groupadd
28b219
Requires(preun): systemd-units
28b219
Requires(postun): systemd-units
28b219
Requires(post): systemd-units
28b219
28b219
%description
28b219
The Apache HTTP Server is a powerful, efficient, and extensible
28b219
web server.
28b219
28b219
%package devel
28b219
Group: Development/Libraries
28b219
Summary: Development interfaces for the Apache HTTP server
28b219
Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
28b219
Requires: apr-devel, apr-util-devel, pkgconfig
28b219
Requires: httpd = %{version}-%{release}
28b219
28b219
%description devel
28b219
The httpd-devel package contains the APXS binary and other files
28b219
that you need to build Dynamic Shared Objects (DSOs) for the
28b219
Apache HTTP Server.
28b219
28b219
If you are installing the Apache HTTP server and you want to be
28b219
able to compile or develop additional modules for Apache, you need
28b219
to install this package.
28b219
28b219
%package manual
28b219
Group: Documentation
28b219
Summary: Documentation for the Apache HTTP server
28b219
Requires: httpd = %{version}-%{release}
28b219
Obsoletes: secureweb-manual, apache-manual
28b219
BuildArch: noarch
28b219
28b219
%description manual
28b219
The httpd-manual package contains the complete manual and
28b219
reference guide for the Apache HTTP server. The information can
28b219
also be found at http://httpd.apache.org/docs/2.2/.
28b219
28b219
%package tools
28b219
Group: System Environment/Daemons
28b219
Summary: Tools for use with the Apache HTTP Server
28b219
28b219
%description tools
28b219
The httpd-tools package contains tools which can be used with 
28b219
the Apache HTTP Server.
28b219
28b219
%package -n mod_ssl
28b219
Group: System Environment/Daemons
28b219
Summary: SSL/TLS module for the Apache HTTP Server
28b219
Epoch: 1
0943f8
BuildRequires: openssl-devel >= 1:1.0.1e-37
75a229
Requires: openssl-libs >= 1:1.0.1e-37
28b219
Requires(post): openssl, /bin/cat
28b219
Requires(pre): httpd
28b219
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
28b219
Obsoletes: stronghold-mod_ssl
28b219
28b219
%description -n mod_ssl
28b219
The mod_ssl module provides strong cryptography for the Apache Web
28b219
server via the Secure Sockets Layer (SSL) and Transport Layer
28b219
Security (TLS) protocols.
28b219
28b219
%package -n mod_proxy_html
28b219
Group: System Environment/Daemons
28b219
Summary: HTML and XML content filters for the Apache HTTP Server
28b219
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
28b219
BuildRequires: libxml2-devel
28b219
Epoch: 1
28b219
Obsoletes: mod_proxy_html < 1:2.4.1-2
28b219
28b219
%description -n mod_proxy_html
28b219
The mod_proxy_html and mod_xml2enc modules provide filters which can
28b219
transform and modify HTML and XML content.
28b219
28b219
%package -n mod_ldap
28b219
Group: System Environment/Daemons
28b219
Summary: LDAP authentication modules for the Apache HTTP Server
28b219
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
28b219
Requires: apr-util-ldap
28b219
28b219
%description -n mod_ldap
28b219
The mod_ldap and mod_authnz_ldap modules add support for LDAP
28b219
authentication to the Apache HTTP Server.
28b219
28b219
%package -n mod_session
28b219
Group: System Environment/Daemons
28b219
Summary: Session interface for the Apache HTTP Server
28b219
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
28b219
28b219
%description -n mod_session
28b219
The mod_session module and associated backends provide an abstract
28b219
interface for storing and accessing per-user session data.
28b219
28b219
%prep
28b219
%setup -q
28b219
%patch1 -p1 -b .apctl
28b219
%patch2 -p1 -b .apxs
28b219
%patch3 -p1 -b .deplibs
28b219
%patch5 -p1 -b .layout
28b219
%patch6 -p1 -b .apctlsystemd
28b219
28b219
%patch21 -p1 -b .fullrelease
28b219
%patch23 -p1 -b .export
28b219
%patch24 -p1 -b .corelimit
28b219
%patch25 -p1 -b .selinux
28b219
%patch26 -p1 -b .r1337344+
28b219
%patch27 -p1 -b .icons
28b219
%patch28 -p1 -b .r1332643+
28b219
%patch29 -p1 -b .systemd
28b219
%patch30 -p1 -b .cachehardmax
28b219
%patch31 -p1 -b .sslmultiproxy
28b219
%patch32 -p1 -b .r1537535
706609
%patch33 -p1 -b .r1542327
706609
rm modules/ssl/ssl_engine_dh.c
75a229
%patch34 -p1 -b .ssllargekeys
75a229
%patch35 -p1 -b .prehtaccess
75a229
%patch36 -p1 -b .r1573626
75a229
%patch37 -p1 -b .uds
0943f8
%patch38 -p1 -b .upn
28b219
28b219
%patch51 -p1 -b .sninotreq
28b219
%patch55 -p1 -b .malformedhost
28b219
%patch56 -p1 -b .uniqueid
28b219
%patch57 -p1 -b .ldaprefer
706609
%patch58 -p1 -b .r1507681+
706609
%patch59 -p1 -b .r1556473
706609
%patch60 -p1 -b .r1553540
75a229
%patch61 -p1 -b .clientaddr
75a229
%patch62 -p1 -b .aboverflow
75a229
%patch63 -p1 -b .sigint
75a229
%patch64 -p1 -b .sslecdhauto
75a229
%patch65 -p1 -b .r1556818
75a229
%patch66 -p1 -b .r1618851
75a229
%patch67 -p1 -b .r1526189
0943f8
%patch68 -p1 -b .r1663647
0943f8
%patch69 -p1 -b .1569006
0943f8
%patch70 -p1 -b .r1506474
0943f8
%patch71 -p1 -b .bomb
0943f8
%patch72 -p1 -b .r1604460
0943f8
%patch73 -p1 -b .r1624349
0943f8
%patch74 -p1 -b .abipv6
0943f8
%patch75 -p1 -b .r1530280
0943f8
%patch76 -p1 -b .r1633085
0943f8
%patch78 -p1 -b .sslerrorfree
0943f8
%patch79 -p1 -b .r1528556
0943f8
%patch80 -p1 -b .r1594625
0943f8
%patch81 -p1 -b .r1674222
0943f8
%patch82 -p1 -b .envhttpd
0943f8
%patch83 -p1 -b .rewritedir
0943f8
%patch84 -p1 -b .r1420184
0943f8
%patch85 -p1 -b .r1524368
0943f8
%patch86 -p1 -b .r1528958
0943f8
%patch87 -p1 -b .r1651083
0943f8
%patch88 -p1 -b .r1688399
0943f8
%patch89 -p1 -b .r1527509
0943f8
%patch90 -p1 -b .apachectlstatus
0943f8
%patch91 -p1 -b .r1650655
0943f8
%patch92 -p1 -b .r1533448
0943f8
%patch93 -p1 -b .r1610013
48b77b
%patch105 -p1 -b .r1560093
48b77b
%patch106 -p1 -b .r1748212
706609
706609
%patch200 -p1 -b .cve6438
706609
%patch201 -p1 -b .cve0098
331623
%patch202 -p1 -b .cve0231
331623
%patch203 -p1 -b .cve0117
331623
%patch204 -p1 -b .cve0118
331623
%patch205 -p1 -b .cve0226
331623
%patch206 -p1 -b .cve4352
75a229
%patch207 -p1 -b .cve5704
75a229
%patch208 -p1 -b .cve3581
1e590c
%patch209 -p1 -b .cve3185
1e590c
%patch210 -p1 -b .cve3183
48b77b
%patch211 -p1 -b .cve5387
28b219
28b219
# Patch in the vendor string and the release string
28b219
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
28b219
sed -i 's/@RELEASE@/%{release}/' server/core.c
28b219
28b219
# Prevent use of setcap in "install-suexec-caps" target.
28b219
sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in
28b219
28b219
# Safety check: prevent build if defined MMN does not equal upstream MMN.
28b219
vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
28b219
if test "x${vmmn}" != "x%{mmn}"; then
28b219
   : Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn}
28b219
   : Update the mmn macro and rebuild.
28b219
   exit 1
28b219
fi
28b219
28b219
: Building with MMN %{mmn}, MMN-ISA %{mmnisa} and vendor string '%{vstring}'
28b219
28b219
%build
28b219
# forcibly prevent use of bundled apr, apr-util, pcre
28b219
rm -rf srclib/{apr,apr-util,pcre}
28b219
28b219
# regenerate configure scripts
28b219
autoheader && autoconf || exit 1
28b219
28b219
# Before configure; fix location of build dir in generated apxs
28b219
%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \
28b219
	support/apxs.in
28b219
28b219
export CFLAGS=$RPM_OPT_FLAGS
28b219
export LDFLAGS="-Wl,-z,relro,-z,now"
28b219
75a229
%ifarch ppc64 ppc64le
75a229
%global _performance_build 1
706609
%endif
706609
28b219
# Hard-code path to links to avoid unnecessary builddep
28b219
export LYNX_PATH=/usr/bin/links
28b219
28b219
# Build the daemon
75a229
%configure \
28b219
 	--prefix=%{_sysconfdir}/httpd \
28b219
 	--exec-prefix=%{_prefix} \
28b219
 	--bindir=%{_bindir} \
28b219
 	--sbindir=%{_sbindir} \
28b219
 	--mandir=%{_mandir} \
28b219
	--libdir=%{_libdir} \
28b219
	--sysconfdir=%{_sysconfdir}/httpd/conf \
28b219
	--includedir=%{_includedir}/httpd \
28b219
	--libexecdir=%{_libdir}/httpd/modules \
28b219
	--datadir=%{contentdir} \
28b219
        --enable-layout=Fedora \
28b219
        --with-installbuilddir=%{_libdir}/httpd/build \
28b219
        --enable-mpms-shared=all \
28b219
        --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
28b219
	--enable-suexec --with-suexec \
28b219
        --enable-suexec-capabilities \
28b219
	--with-suexec-caller=%{suexec_caller} \
28b219
	--with-suexec-docroot=%{docroot} \
28b219
	--without-suexec-logfile \
28b219
        --with-suexec-syslog \
28b219
	--with-suexec-bin=%{_sbindir}/suexec \
28b219
	--with-suexec-uidmin=500 --with-suexec-gidmin=100 \
28b219
        --enable-pie \
28b219
        --with-pcre \
28b219
        --enable-mods-shared=all \
28b219
	--enable-ssl --with-ssl --disable-distcache \
28b219
	--enable-proxy \
28b219
        --enable-cache \
28b219
        --enable-disk-cache \
28b219
        --enable-ldap --enable-authnz-ldap \
28b219
        --enable-cgid --enable-cgi \
28b219
        --enable-authn-anon --enable-authn-alias \
28b219
        --disable-imagemap  \
28b219
	$*
28b219
make %{?_smp_mflags}
28b219
28b219
%install
28b219
rm -rf $RPM_BUILD_ROOT
28b219
28b219
make DESTDIR=$RPM_BUILD_ROOT install
28b219
28b219
# Install systemd service files
28b219
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
28b219
for s in httpd htcacheclean; do
28b219
  install -p -m 644 $RPM_SOURCE_DIR/${s}.service \
28b219
                    $RPM_BUILD_ROOT%{_unitdir}/${s}.service
28b219
done
28b219
28b219
# install conf file/directory
28b219
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \
28b219
      $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d
28b219
install -m 644 $RPM_SOURCE_DIR/README.confd \
28b219
    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README
28b219
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
28b219
         00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
28b219
         01-ldap.conf 00-systemd.conf 01-session.conf; do
28b219
  install -m 644 -p $RPM_SOURCE_DIR/$f \
28b219
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
28b219
done
28b219
28b219
for f in welcome.conf ssl.conf manual.conf userdir.conf; do
28b219
  install -m 644 -p $RPM_SOURCE_DIR/$f \
28b219
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f
28b219
done
28b219
28b219
# Split-out extra config shipped as default in conf.d:
28b219
for f in autoindex; do
28b219
  mv docs/conf/extra/httpd-${f}.conf \
28b219
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/${f}.conf
28b219
done
28b219
28b219
# Extra config trimmed:
28b219
rm -v docs/conf/extra/httpd-{ssl,userdir}.conf
28b219
28b219
rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf
28b219
install -m 644 -p $RPM_SOURCE_DIR/httpd.conf \
28b219
   $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/httpd.conf
28b219
28b219
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
28b219
for s in httpd htcacheclean; do
28b219
  install -m 644 -p $RPM_SOURCE_DIR/${s}.sysconf \
28b219
                    $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/${s}
28b219
done
28b219
28b219
# tmpfiles.d configuration
28b219
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d 
28b219
install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \
28b219
   $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/httpd.conf
28b219
28b219
# Other directories
28b219
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \
28b219
         $RPM_BUILD_ROOT/run/httpd/htcacheclean
28b219
28b219
# Create cache directory
28b219
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd \
28b219
         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/proxy \
28b219
         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/ssl
28b219
28b219
# Make the MMN accessible to module packages
28b219
echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn
28b219
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm
28b219
cat > $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.httpd <
28b219
%%_httpd_mmn %{mmnisa}
28b219
%%_httpd_apxs %{_bindir}/apxs
28b219
%%_httpd_modconfdir %{_sysconfdir}/httpd/conf.modules.d
28b219
%%_httpd_confdir %{_sysconfdir}/httpd/conf.d
28b219
%%_httpd_contentdir %{contentdir}
28b219
%%_httpd_moddir %{_libdir}/httpd/modules
28b219
EOF
28b219
28b219
# Handle contentdir
28b219
mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
48b77b
install -m 644 -p $RPM_SOURCE_DIR/index.html \
48b77b
        $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
28b219
rm -rf %{contentdir}/htdocs
28b219
28b219
# remove manual sources
28b219
find $RPM_BUILD_ROOT%{contentdir}/manual \( \
28b219
    -name \*.xml -o -name \*.xml.* -o -name \*.ent -o -name \*.xsl -o -name \*.dtd \
28b219
    \) -print0 | xargs -0 rm -f
28b219
28b219
# Strip the manual down just to English and replace the typemaps with flat files:
28b219
set +x
28b219
for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do
28b219
   if test -f ${f}.en; then
28b219
      cp ${f}.en ${f}
28b219
      rm ${f}.*
28b219
   fi
28b219
done
28b219
set -x
28b219
28b219
# Clean Document Root
28b219
rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
28b219
      $RPM_BUILD_ROOT%{docroot}/cgi-bin/*
28b219
28b219
# Symlink for the powered-by-$DISTRO image:
48b77b
ln -s ../../pixmaps/poweredby.png \
28b219
        $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
28b219
28b219
# symlinks for /etc/httpd
28b219
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
28b219
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
28b219
ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
28b219
28b219
# install http-ssl-pass-dialog
28b219
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
28b219
install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \
28b219
	$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog
28b219
28b219
# Install action scripts
28b219
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd
28b219
for f in graceful configtest; do
28b219
    install -p -m 755 $RPM_SOURCE_DIR/action-${f}.sh \
28b219
            $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd/${f}
28b219
done
28b219
28b219
# Install logrotate config
28b219
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
28b219
install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \
28b219
	$RPM_BUILD_ROOT/etc/logrotate.d/httpd
28b219
28b219
# fix man page paths
28b219
sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \
28b219
    -e "s|/usr/local/apache2/conf/mime.types|/etc/mime.types|" \
28b219
    -e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \
28b219
    -e "s|/usr/local/apache2/logs/error_log|/var/log/httpd/error_log|" \
28b219
    -e "s|/usr/local/apache2/logs/access_log|/var/log/httpd/access_log|" \
28b219
    -e "s|/usr/local/apache2/logs/httpd.pid|/run/httpd/httpd.pid|" \
28b219
    -e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \
28b219
  > $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8
28b219
28b219
# Make ap_config_layout.h libdir-agnostic
28b219
sed -i '/.*DEFAULT_..._LIBEXECDIR/d;/DEFAULT_..._INSTALLBUILDDIR/d' \
28b219
    $RPM_BUILD_ROOT%{_includedir}/httpd/ap_config_layout.h
28b219
28b219
# Fix path to instdso in special.mk
28b219
sed -i '/instdso/s,top_srcdir,top_builddir,' \
28b219
    $RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk
28b219
28b219
# Remove unpackaged files
28b219
rm -vf \
28b219
      $RPM_BUILD_ROOT%{_libdir}/*.exp \
28b219
      $RPM_BUILD_ROOT/etc/httpd/conf/mime.types \
28b219
      $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \
28b219
      $RPM_BUILD_ROOT%{_libdir}/httpd/build/config.nice \
28b219
      $RPM_BUILD_ROOT%{_bindir}/{ap?-config,dbmmanage} \
28b219
      $RPM_BUILD_ROOT%{_sbindir}/{checkgid,envvars*} \
28b219
      $RPM_BUILD_ROOT%{contentdir}/htdocs/* \
28b219
      $RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \
28b219
      $RPM_BUILD_ROOT%{contentdir}/cgi-bin/*
28b219
28b219
rm -rf $RPM_BUILD_ROOT/etc/httpd/conf/{original,extra}
28b219
28b219
%pre
5cfdd4
# Add the "apache" group and user
5cfdd4
/usr/sbin/groupadd -g 48 -r apache 2> /dev/null || :
5cfdd4
/usr/sbin/useradd -c "Apache" -u 48 -g 48 \
28b219
	-s /sbin/nologin -r -d %{contentdir} apache 2> /dev/null || :
28b219
28b219
%post
28b219
%systemd_post httpd.service htcacheclean.service
28b219
28b219
%preun
28b219
%systemd_preun httpd.service htcacheclean.service
28b219
28b219
%postun
28b219
%systemd_postun
28b219
28b219
# Trigger for conversion from SysV, per guidelines at:
28b219
# https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd
28b219
%triggerun -- httpd < 2.2.21-5
28b219
# Save the current service runlevel info
28b219
# User must manually run systemd-sysv-convert --apply httpd
28b219
# to migrate them to systemd targets
28b219
/usr/bin/systemd-sysv-convert --save httpd.service >/dev/null 2>&1 ||:
28b219
28b219
# Run these because the SysV package being removed won't do them
28b219
/sbin/chkconfig --del httpd >/dev/null 2>&1 || :
28b219
28b219
%posttrans
28b219
test -f /etc/sysconfig/httpd-disable-posttrans || \
28b219
  /bin/systemctl try-restart httpd.service htcacheclean.service >/dev/null 2>&1 || :
28b219
28b219
%define sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt
28b219
%define sslkey %{_sysconfdir}/pki/tls/private/localhost.key
28b219
28b219
%post -n mod_ssl
28b219
umask 077
28b219
28b219
if [ -f %{sslkey} -o -f %{sslcert} ]; then
28b219
   exit 0
28b219
fi
28b219
706609
%{_bindir}/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 2048 > %{sslkey} 2> /dev/null
28b219
28b219
FQDN=`hostname`
28b219
if [ "x${FQDN}" = "x" ]; then
28b219
   FQDN=localhost.localdomain
28b219
fi
28b219
28b219
cat << EOF | %{_bindir}/openssl req -new -key %{sslkey} \
706609
         -x509 -sha256 -days 365 -set_serial $RANDOM -extensions v3_req \
28b219
         -out %{sslcert} 2>/dev/null
28b219
--
28b219
SomeState
28b219
SomeCity
28b219
SomeOrganization
28b219
SomeOrganizationalUnit
28b219
${FQDN}
28b219
root@${FQDN}
28b219
EOF
28b219
28b219
%check
28b219
# Check the built modules are all PIC
28b219
if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then
28b219
   : modules contain non-relocatable code
28b219
   exit 1
28b219
fi
28b219
28b219
%clean
28b219
rm -rf $RPM_BUILD_ROOT
28b219
28b219
%files
28b219
%defattr(-,root,root)
28b219
28b219
%doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE
28b219
%doc docs/conf/extra/*.conf
28b219
28b219
%dir %{_sysconfdir}/httpd
28b219
%{_sysconfdir}/httpd/modules
28b219
%{_sysconfdir}/httpd/logs
28b219
%{_sysconfdir}/httpd/run
28b219
%dir %{_sysconfdir}/httpd/conf
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf/magic
28b219
28b219
%config(noreplace) %{_sysconfdir}/logrotate.d/httpd
28b219
28b219
%dir %{_sysconfdir}/httpd/conf.d
28b219
%{_sysconfdir}/httpd/conf.d/README
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.d/*.conf
28b219
%exclude %{_sysconfdir}/httpd/conf.d/ssl.conf
28b219
%exclude %{_sysconfdir}/httpd/conf.d/manual.conf
28b219
28b219
%dir %{_sysconfdir}/httpd/conf.modules.d
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf
28b219
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
28b219
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
28b219
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
28b219
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
28b219
28b219
%config(noreplace) %{_sysconfdir}/sysconfig/ht*
28b219
%{_prefix}/lib/tmpfiles.d/httpd.conf
28b219
28b219
%dir %{_libexecdir}/initscripts/legacy-actions/httpd
28b219
%{_libexecdir}/initscripts/legacy-actions/httpd/*
28b219
28b219
%{_sbindir}/ht*
28b219
%{_sbindir}/fcgistarter
28b219
%{_sbindir}/apachectl
28b219
%{_sbindir}/rotatelogs
28b219
%caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
28b219
28b219
%dir %{_libdir}/httpd
28b219
%dir %{_libdir}/httpd/modules
28b219
%{_libdir}/httpd/modules/mod*.so
28b219
%exclude %{_libdir}/httpd/modules/mod_auth_form.so
28b219
%exclude %{_libdir}/httpd/modules/mod_ssl.so
28b219
%exclude %{_libdir}/httpd/modules/mod_*ldap.so
28b219
%exclude %{_libdir}/httpd/modules/mod_proxy_html.so
28b219
%exclude %{_libdir}/httpd/modules/mod_xml2enc.so
28b219
%exclude %{_libdir}/httpd/modules/mod_session*.so
28b219
28b219
%dir %{contentdir}
28b219
%dir %{contentdir}/icons
28b219
%dir %{contentdir}/error
28b219
%dir %{contentdir}/error/include
28b219
%dir %{contentdir}/noindex
28b219
%{contentdir}/icons/*
28b219
%{contentdir}/error/README
28b219
%{contentdir}/error/*.var
28b219
%{contentdir}/error/include/*.html
48b77b
%{contentdir}/noindex/index.html
28b219
28b219
%dir %{docroot}
28b219
%dir %{docroot}/cgi-bin
28b219
%dir %{docroot}/html
28b219
28b219
%attr(0710,root,apache) %dir /run/httpd
28b219
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean
28b219
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd
28b219
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav
28b219
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
28b219
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
28b219
28b219
%{_mandir}/man8/*
28b219
28b219
%{_unitdir}/*.service
28b219
28b219
%files tools
28b219
%defattr(-,root,root)
28b219
%{_bindir}/*
28b219
%{_mandir}/man1/*
28b219
%doc LICENSE NOTICE
28b219
%exclude %{_bindir}/apxs
28b219
%exclude %{_mandir}/man1/apxs.1*
28b219
28b219
%files manual
28b219
%defattr(-,root,root)
28b219
%{contentdir}/manual
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf
28b219
28b219
%files -n mod_ssl
28b219
%defattr(-,root,root)
28b219
%{_libdir}/httpd/modules/mod_ssl.so
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf
28b219
%attr(0700,apache,root) %dir %{_localstatedir}/cache/httpd/ssl
28b219
%{_libexecdir}/httpd-ssl-pass-dialog
28b219
28b219
%files -n mod_proxy_html
28b219
%defattr(-,root,root)
28b219
%{_libdir}/httpd/modules/mod_proxy_html.so
28b219
%{_libdir}/httpd/modules/mod_xml2enc.so
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
28b219
28b219
%files -n mod_ldap
28b219
%defattr(-,root,root)
28b219
%{_libdir}/httpd/modules/mod_*ldap.so
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
28b219
28b219
%files -n mod_session
28b219
%defattr(-,root,root)
28b219
%{_libdir}/httpd/modules/mod_session*.so
28b219
%{_libdir}/httpd/modules/mod_auth_form.so
28b219
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
28b219
28b219
%files devel
28b219
%defattr(-,root,root)
28b219
%{_includedir}/httpd
28b219
%{_bindir}/apxs
28b219
%{_mandir}/man1/apxs.1*
28b219
%dir %{_libdir}/httpd/build
28b219
%{_libdir}/httpd/build/*.mk
28b219
%{_libdir}/httpd/build/*.sh
28b219
%{_sysconfdir}/rpm/macros.httpd
28b219
28b219
%changelog
48b77b
* Tue Jul 12 2016 Joe Orton <jorton@redhat.com> - 2.4.6-40.4
48b77b
- add security fix for CVE-2016-5387
48b77b
48b77b
* Thu Jul  7 2016 Joe Orton <jorton@redhat.com> - 2.4.6-40.3
48b77b
- add 451 (Unavailable For Legal Reasons) response status-code (#1353269)
48b77b
48b77b
* Fri Jun 17 2016 Joe Orton <jorton@redhat.com> - 2.4.6-40.2
48b77b
- mod_cache: treat cache as valid with changed Expires in 304 (#1347648)
7576c0
5cfdd4
* Mon Mar 21 2016 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-40.1
5cfdd4
- fix apache user creation when apache group already exists (#1319001)
19d22d
0943f8
* Thu Sep 17 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-40
0943f8
- mod_dav: follow up fix for previous commit (#1263975)
0943f8
0943f8
* Wed Aug 26 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-39
0943f8
- mod_dav: treat dav_resource uri as escaped (#1255480)
5aba2d
0943f8
* Wed Aug 19 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-38
0943f8
- mod_ssl: add support for User Principal Name in SSLUserName  (#1242503)
0943f8
0943f8
* Mon Aug 10 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-37
1e590c
- core: fix chunk header parsing defect (CVE-2015-3183)
1e590c
- core: replace of ap_some_auth_required with ap_some_authn_required
1e590c
  and ap_force_authn hook (CVE-2015-3185)
d5a8a7
0943f8
* Tue Jul 14 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-36
0943f8
- Revert fix for #1162152, it is not needed in RHEL7
0943f8
- mod_proxy_ajp: fix settings ProxyPass parameters for AJP backends (#1242416)
0943f8
0943f8
* Wed Jul 01 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-35
0943f8
- mod_remoteip: correct the trusted proxy match test (#1179306)
0943f8
- mod_dav: send complete response when resource is created (#1235383)
0943f8
- apachectl: correct the apachectl status man page (#1231924)
0943f8
0943f8
* Wed Jun 03 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-34
0943f8
- mod_proxy_fcgi: honor Timeout / ProxyTimeout (#1222328)
0943f8
- do not show all vhosts twice in httpd -D DUMP_VHOSTS output (#1225820)
0943f8
- fix -D[efined] or <Define>[d] variables lifetime accross restarts (#1227219)
0943f8
- mod_ssl: do not send NPN extension with not configured (#1226015)
0943f8
0943f8
* Mon May 18 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-33
0943f8
- mod_authz_dbm: fix crash when using "Require dbm-file-group" (#1221575)
0943f8
0943f8
* Wed Apr 15 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-32
0943f8
- mod_authn_dbd: fix use-after-free bug with postgresql (#1188779)
0943f8
- mod_remoteip: correct the trusted proxy match test (#1179306)
0943f8
- mod_status: honor remote_ip as documented (#1169081)
0943f8
- mod_deflate: fix decompression of files larger than 4GB (#1170214)
0943f8
- core: improve error message for inaccessible DocumentRoot (#1170220)
0943f8
- ab: try all addresses instead of failing on first one when not available (#1125276)
0943f8
- mod_proxy_wstunnel: add support for SSL (#1180745)
0943f8
- mod_proxy_wstunnel: load this module by default (#1180745)
0943f8
- mod_rewrite: add support for WebSockets (#1180745)
0943f8
- mod_rewrite: do not search for directory if a URL will be rewritten (#1210091)
0943f8
- mod_ssl: Fix SSL_CLIENT_VERIFY value when optional_no_ca and SSLSessionCache
0943f8
  are used and SSL session is resumed (#1170206)
0943f8
- mod_ssl: fix memory leak on httpd reloads (#1181690)
0943f8
- mod_ssl: use SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA (#1118476)
0943f8
- mod_cgi: return error code 408 on timeout (#1162152)
0943f8
- mod_dav_fs: set default value of DAVLockDB (#1176449)
0943f8
- add Documentation= to the httpd.service and htcacheclean.service (#1184118)
0943f8
- do not display "bomb" icon for files ending with "core" (#1170215)
0943f8
- add missing Reason-Phrase in HTTP response headers (#1162159)
0943f8
- fix BuildRequires to require openssl-devel >= 1:1.0.1e-37 (#1160625)
0943f8
- apachectl: ignore HTTPD variable from sysconfig (#1214401)
0943f8
- apachectl: fix "graceful" documentation (#1214398)
0943f8
- apachectl: fix "graceful" behaviour when httpd is not running (#1214430)
0943f8
75a229
* Tue Dec 02 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-31
4126fd
- mod_proxy_fcgi: determine if FCGI_CONN_CLOSE should be enabled
75a229
  instead of hardcoding it (#1168050)
75a229
- mod_proxy: support Unix Domain Sockets (#1168081)
75a229
75a229
* Tue Nov 25 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-30
75a229
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
75a229
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
75a229
75a229
* Tue Nov 04 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-29
75a229
- rebuild against proper version of OpenSSL (#1080125)
75a229
75a229
* Wed Oct 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-28
75a229
- set vstring based on /etc/os-release (#1114123)
75a229
75a229
* Mon Oct 06 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-27
75a229
- fix the dependency on openssl-libs to match the fix for #1080125
75a229
75a229
* Mon Sep 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-26
75a229
- allow <Auth*ProviderAlias>'es to be seen under virtual hosts (#1131847)
75a229
75a229
* Fri Sep 19 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-25
75a229
- do not use hardcoded curve for ECDHE suites (#1080125)
75a229
75a229
* Wed Sep 03 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-24
75a229
- allow reverse-proxy to be set via SetHandler (#1136290)
75a229
75a229
* Thu Aug 21 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-23
75a229
- fix possible crash in SIGINT handling (#1131006)
75a229
75a229
* Mon Aug 18 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-22
75a229
- ab: fix integer overflow when printing stats with lot of requests (#1092420)
75a229
75a229
* Mon Aug 11 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-21
75a229
- add pre_htaccess so mpm-itk can be build as separate module (#1059143)
75a229
75a229
* Tue Aug 05 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-20
75a229
- mod_ssl: prefer larger keys and support up to 8192-bit keys (#1073078)
75a229
75a229
* Mon Aug 04 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-19
75a229
- fix build on ppc64le by using configure macro (#1125545)
75a229
- compile httpd with -O3 on ppc64le (#1123490)
75a229
- mod_rewrite: expose CONN_REMOTE_ADDR (#1060536)
Johnny Hughes b69bb1
331623
* Thu Jul 17 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-18
75a229
- mod_cgid: add security fix for CVE-2014-0231 (#1120608)
75a229
- mod_proxy: add security fix for CVE-2014-0117 (#1120608)
75a229
- mod_deflate: add security fix for CVE-2014-0118 (#1120608)
75a229
- mod_status: add security fix for CVE-2014-0226 (#1120608)
75a229
- mod_cache: add secutiry fix for CVE-2013-4352 (#1120608)
Jim Perrin 3c9b58
706609
* Thu Mar 20 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-17
706609
- mod_dav: add security fix for CVE-2013-6438 (#1077907)
706609
- mod_log_config: add security fix for CVE-2014-0098 (#1077907)
706609
706609
* Wed Mar  5 2014 Joe Orton <jorton@redhat.com> - 2.4.6-16
706609
- mod_ssl: improve DH temp key handling (#1057687)
706609
706609
* Wed Mar  5 2014 Joe Orton <jorton@redhat.com> - 2.4.6-15
706609
- mod_ssl: use 2048-bit RSA key with SHA-256 signature in dummy certificate (#1071276)
706609
706609
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.4.6-14
706609
- Mass rebuild 2014-01-24
706609
706609
* Mon Jan 13 2014 Joe Orton <jorton@redhat.com> - 2.4.6-13
706609
- mod_ssl: sanity-check use of "SSLCompression" (#1036666)
706609
- mod_proxy_http: fix brigade memory usage (#1040447)
706609
706609
* Fri Jan 10 2014 Joe Orton <jorton@redhat.com> - 2.4.6-12
706609
- rebuild
706609
706609
* Thu Jan  9 2014 Joe Orton <jorton@redhat.com> - 2.4.6-11
706609
- build with -O3 on ppc64 (#1051066)
706609
706609
* Tue Jan  7 2014 Joe Orton <jorton@redhat.com> - 2.4.6-10
706609
- mod_dav: fix locktoken handling (#1004046)
706609
706609
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.4.6-9
706609
- Mass rebuild 2013-12-27
706609
706609
* Fri Dec 20 2013 Joe Orton <jorton@redhat.com> - 2.4.6-8
706609
- use unambiguous httpd-mmn (#1029360)
706609
28b219
* Fri Nov   1 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-7
28b219
- mod_ssl: allow SSLEngine to override Listen-based default (#1023168)
28b219
28b219
* Thu Oct  31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-6
28b219
- systemd: Use {MAINPID} notation in service file (#969972)
28b219
28b219
* Thu Oct 24 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-5
28b219
- systemd: send SIGWINCH signal without httpd -k in ExecStop (#969972)
28b219
28b219
* Thu Oct 03 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-4
28b219
- expand macros in macros.httpd (#1011393)
28b219
28b219
* Mon Aug 26 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-3
28b219
- fix "LDAPReferrals off" to really disable LDAP Referrals
28b219
28b219
* Wed Jul 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-2
28b219
- revert fix for dumping vhosts twice
28b219
28b219
* Mon Jul 22 2013 Joe Orton <jorton@redhat.com> - 2.4.6-1
28b219
- update to 2.4.6
28b219
- mod_ssl: use revised NPN API (r1487772)
28b219
28b219
* Thu Jul 11 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-12
28b219
- mod_unique_id: replace use of hostname + pid with PRNG output (#976666)
28b219
- apxs: mention -p option in manpage
28b219
28b219
* Tue Jul  2 2013 Joe Orton <jorton@redhat.com> - 2.4.4-11
28b219
- add patch for aarch64 (Dennis Gilmore, #925558)
28b219
28b219
* Mon Jul  1 2013 Joe Orton <jorton@redhat.com> - 2.4.4-10
28b219
- remove duplicate apxs man page from httpd-tools
28b219
28b219
* Mon Jun 17 2013 Joe Orton <jorton@redhat.com> - 2.4.4-9
28b219
- remove zombie dbmmanage script
28b219
28b219
* Fri May 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-8
28b219
- return 400 Bad Request on malformed Host header
28b219
28b219
* Mon May 20 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-6
28b219
- htpasswd/htdbm: fix hash generation bug (#956344)
28b219
- do not dump vhosts twice in httpd -S output (#928761)
28b219
- mod_cache: fix potential crash caused by uninitialized variable (#954109)
28b219
28b219
* Thu Apr 18 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-5
28b219
- execute systemctl reload as result of apachectl graceful
28b219
- mod_ssl: ignore SNI hints unless required by config
28b219
- mod_cache: forward-port CacheMaxExpire "hard" option
28b219
- mod_ssl: fall back on another module's proxy hook if mod_ssl proxy
28b219
  is not configured.
28b219
28b219
* Tue Apr 16 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-4
28b219
- fix service file to not send SIGTERM after ExecStop (#906321, #912288)
28b219
28b219
* Tue Mar 26 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-3
28b219
- protect MIMEMagicFile with IfModule (#893949)
28b219
28b219
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-2
28b219
- really package mod_auth_form in mod_session (#915438)
28b219
28b219
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-1
28b219
- update to 2.4.4
28b219
- fix duplicate ownership of mod_session config (#914901)
28b219
28b219
* Fri Feb 22 2013 Joe Orton <jorton@redhat.com> - 2.4.3-17
28b219
- add mod_session subpackage, move mod_auth_form there (#894500)
28b219
28b219
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.3-16
28b219
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
28b219
28b219
* Tue Jan  8 2013 Joe Orton <jorton@redhat.com> - 2.4.3-15
28b219
- add systemd service for htcacheclean
28b219
28b219
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-14
28b219
- drop patch for r1344712
28b219
28b219
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-13
28b219
- filter mod_*.so auto-provides (thanks to rcollet)
28b219
- pull in syslog logging fix from upstream (r1344712)
28b219
28b219
* Fri Oct 26 2012 Joe Orton <jorton@redhat.com> - 2.4.3-12
28b219
- rebuild to pick up new apr-util-ldap
28b219
28b219
* Tue Oct 23 2012 Joe Orton <jorton@redhat.com> - 2.4.3-11
28b219
- rebuild
28b219
28b219
* Wed Oct  3 2012 Joe Orton <jorton@redhat.com> - 2.4.3-10
28b219
- pull upstream patch r1392850 in addition to r1387633
28b219
28b219
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-9.1
28b219
- restore "ServerTokens Full-Release" support (#811714)
28b219
28b219
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-9
28b219
- define PLATFORM in os.h using vendor string
28b219
28b219
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-8
28b219
- use systemd script unconditionally (#850149)
28b219
28b219
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-7
28b219
- use systemd scriptlets if available (#850149)
28b219
- don't run posttrans restart if /etc/sysconfig/httpd-disable-posttrans exists
28b219
28b219
* Mon Oct 01 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-6
28b219
- use systemctl from apachectl (#842736)
28b219
28b219
* Wed Sep 19 2012 Joe Orton <jorton@redhat.com> - 2.4.3-5
28b219
- fix some error log spam with graceful-stop (r1387633)
28b219
- minor mod_systemd tweaks
28b219
28b219
* Thu Sep 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-4
28b219
- use IncludeOptional for conf.d/*.conf inclusion
28b219
28b219
* Fri Sep 07 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-3
28b219
- adding mod_systemd to integrate with systemd better
28b219
28b219
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-2
28b219
- mod_ssl: add check for proxy keypair match (upstream r1374214)
28b219
28b219
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-1
28b219
- update to 2.4.3 (#849883)
28b219
- own the docroot (#848121)
28b219
28b219
* Mon Aug  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-23
28b219
- add mod_proxy fixes from upstream (r1366693, r1365604)
28b219
28b219
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-22
28b219
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
28b219
28b219
* Fri Jul  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-21
28b219
- drop explicit version requirement on initscripts
28b219
28b219
* Thu Jul  5 2012 Joe Orton <jorton@redhat.com> - 2.4.2-20
28b219
- mod_ext_filter: fix error_log warnings
28b219
28b219
* Mon Jul  2 2012 Joe Orton <jorton@redhat.com> - 2.4.2-19
28b219
- support "configtest" and "graceful" as initscripts "legacy actions"
28b219
28b219
* Fri Jun  8 2012 Joe Orton <jorton@redhat.com> - 2.4.2-18
28b219
- avoid use of "core" GIF for a "core" directory (#168776)
28b219
- drop use of "syslog.target" in systemd unit file
28b219
28b219
* Thu Jun  7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-17
28b219
- use _unitdir for systemd unit file
28b219
- use /run in unit file, ssl.conf
28b219
28b219
* Thu Jun  7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-16
28b219
- mod_ssl: fix NPN patch merge
28b219
28b219
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-15
28b219
- move tmpfiles.d fragment into /usr/lib per new guidelines
28b219
- package /run/httpd not /var/run/httpd
28b219
- set runtimedir to /run/httpd likewise
28b219
28b219
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-14
28b219
- fix htdbm/htpasswd crash on crypt() failure (#818684)
28b219
28b219
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-13
28b219
- pull fix for NPN patch from upstream (r1345599)
28b219
28b219
* Thu May 31 2012 Joe Orton <jorton@redhat.com> - 2.4.2-12
28b219
- update suexec patch to use LOG_AUTHPRIV facility
28b219
28b219
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-11
28b219
- really fix autoindex.conf (thanks to remi@)
28b219
28b219
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-10
28b219
- fix autoindex.conf to allow symlink to poweredby.png
28b219
28b219
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-9
28b219
- suexec: use upstream version of patch for capability bit support
28b219
28b219
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-8
28b219
- suexec: use syslog rather than suexec.log, drop dac_override capability
28b219
28b219
* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-7
28b219
- mod_ssl: add TLS NPN support (r1332643, #809599)
28b219
28b219
* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-6
28b219
- add BR on APR >= 1.4.0
28b219
28b219
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-5
28b219
- use systemctl from logrotate (#221073)
28b219
28b219
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-4
28b219
- pull from upstream:
28b219
  * use TLS close_notify alert for dummy_connection (r1326980+)
28b219
  * cleanup symbol exports (r1327036+)
28b219
28b219
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3.2
28b219
- rebuild
28b219
28b219
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3
28b219
- really fix restart
28b219
28b219
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-2
28b219
- tweak default ssl.conf
28b219
- fix restart handling (#814645)
28b219
- use graceful restart by default
28b219
28b219
* Wed Apr 18 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.2-1
28b219
- update to 2.4.2
28b219
28b219
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-6
28b219
- fix macros
28b219
28b219
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-5
28b219
- add _httpd_moddir to macros
28b219
28b219
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-4
28b219
- fix symlink for poweredby.png
28b219
- fix manual.conf
28b219
28b219
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-3
28b219
- add mod_proxy_html subpackage (w/mod_proxy_html + mod_xml2enc)
28b219
- move mod_ldap, mod_authnz_ldap to mod_ldap subpackage
28b219
28b219
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-2
28b219
- clean docroot better
28b219
- ship proxy, ssl directories within /var/cache/httpd
28b219
- default config:
28b219
 * unrestricted access to (only) /var/www
28b219
 * remove (commented) Mutex, MaxRanges, ScriptSock
28b219
 * split autoindex config to conf.d/autoindex.conf
28b219
- ship additional example configs in docdir
28b219
28b219
* Tue Mar  6 2012 Joe Orton <jorton@redhat.com> - 2.4.1-1
28b219
- update to 2.4.1
28b219
- adopt upstream default httpd.conf (almost verbatim)
28b219
- split all LoadModules to conf.modules.d/*.conf
28b219
- include conf.d/*.conf at end of httpd.conf
28b219
- trim %%changelog
28b219
28b219
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-2
28b219
- fix build against PCRE 8.30
28b219
28b219
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-1
28b219
- update to 2.2.22
28b219
28b219
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 2.2.21-8
28b219
- Rebuild against PCRE 8.30
28b219
28b219
* Mon Jan 23 2012 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-7
28b219
- fix #783629 - start httpd after named
28b219
28b219
* Mon Jan 16 2012 Joe Orton <jorton@redhat.com> - 2.2.21-6
28b219
- complete conversion to systemd, drop init script (#770311)
28b219
- fix comments in /etc/sysconfig/httpd (#771024)
28b219
- enable PrivateTmp in service file (#781440)
28b219
- set LANG=C in /etc/sysconfig/httpd
28b219
28b219
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.21-5
28b219
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
28b219
28b219
* Tue Dec 06 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-4
28b219
- fix #751591 - start httpd after remote-fs
28b219
28b219
* Mon Oct 24 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-3
28b219
- allow change state of BalancerMember in mod_proxy_balancer web interface
28b219
28b219
* Thu Sep 22 2011 Ville Skyttä <ville.skytta@iki.fi> - 2.2.21-2
28b219
- Make mmn available as %%{_httpd_mmn}.
28b219
- Add .svgz to AddEncoding x-gzip example in httpd.conf.
28b219
28b219
* Tue Sep 13 2011 Joe Orton <jorton@redhat.com> - 2.2.21-1
28b219
- update to 2.2.21
28b219
28b219
* Mon Sep  5 2011 Joe Orton <jorton@redhat.com> - 2.2.20-1
28b219
- update to 2.2.20
28b219
- fix MPM stub man page generation
28b219
28b219
* Wed Aug 10 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-5
28b219
- fix #707917 - add httpd-ssl-pass-dialog to ask for SSL password using systemd
28b219
28b219
* Fri Jul 22 2011 Iain Arnell <iarnell@gmail.com> 1:2.2.19-4
28b219
- rebuild while rpm-4.9.1 is untagged to remove trailing slash in provided
28b219
  directory names
28b219
28b219
* Wed Jul 20 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-3
28b219
- fix #716621 - suexec now works without setuid bit
28b219
28b219
* Thu Jul 14 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-2
28b219
- fix #689091 - backported patch from 2.3 branch to support IPv6 in logresolve
28b219
28b219
* Fri Jul  1 2011 Joe Orton <jorton@redhat.com> - 2.2.19-1
28b219
- update to 2.2.19
28b219
- enable dbd, authn_dbd in default config
28b219
28b219
* Thu Apr 14 2011 Joe Orton <jorton@redhat.com> - 2.2.17-13
28b219
- fix path expansion in service files
28b219
28b219
* Tue Apr 12 2011 Joe Orton <jorton@redhat.com> - 2.2.17-12
28b219
- add systemd service files (#684175, thanks to Jóhann B. Guðmundsson)
28b219
28b219
* Wed Mar 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-11
28b219
- minor updates to httpd.conf
28b219
- drop old patches
28b219
28b219
* Wed Mar  2 2011 Joe Orton <jorton@redhat.com> - 2.2.17-10
28b219
- rebuild
28b219
28b219
* Wed Feb 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-9
28b219
- use arch-specific mmn
28b219
28b219
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.17-8
28b219
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
28b219
28b219
* Mon Jan 31 2011 Joe Orton <jorton@redhat.com> - 2.2.17-7
28b219
- generate dummy mod_ssl cert with CA:FALSE constraint (#667841)
28b219
- add man page stubs for httpd.event, httpd.worker
28b219
- drop distcache support
28b219
- add STOP_TIMEOUT support to init script
28b219
28b219
* Sat Jan  8 2011 Joe Orton <jorton@redhat.com> - 2.2.17-6
28b219
- update default SSLCipherSuite per upstream trunk
28b219
28b219
* Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-5
28b219
- fix requires (#667397)
28b219
28b219
* Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-4
28b219
- de-ghost /var/run/httpd
28b219
28b219
* Tue Jan  4 2011 Joe Orton <jorton@redhat.com> - 2.2.17-3
28b219
- add tmpfiles.d configuration, ghost /var/run/httpd (#656600)
28b219
28b219
* Sat Nov 20 2010 Joe Orton <jorton@redhat.com> - 2.2.17-2
28b219
- drop setuid bit, use capabilities for suexec binary
28b219
28b219
* Wed Oct 27 2010 Joe Orton <jorton@redhat.com> - 2.2.17-1
28b219
- update to 2.2.17
28b219
28b219
* Fri Sep 10 2010 Joe Orton <jorton@redhat.com> - 2.2.16-2
28b219
- link everything using -z relro and -z now
28b219
28b219
* Mon Jul 26 2010 Joe Orton <jorton@redhat.com> - 2.2.16-1
28b219
- update to 2.2.16
28b219
28b219
* Fri Jul  9 2010 Joe Orton <jorton@redhat.com> - 2.2.15-3
28b219
- default config tweaks:
28b219
 * harden httpd.conf w.r.t. .htaccess restriction (#591293)
28b219
 * load mod_substitute, mod_version by default
28b219
 * drop proxy_ajp.conf, load mod_proxy_ajp in httpd.conf
28b219
 * add commented list of shipped-but-unloaded modules
28b219
 * bump up worker defaults a little
28b219
 * drop KeepAliveTimeout to 5 secs per upstream
28b219
- fix LSB compliance in init script (#522074)
28b219
- bundle NOTICE in -tools
28b219
- use init script in logrotate postrotate to pick up PIDFILE
28b219
- drop some old Obsoletes/Conflicts
28b219
28b219
* Sun Apr 04 2010 Robert Scheck <robert@fedoraproject.org> - 2.2.15-1
28b219
- update to 2.2.15 (#572404, #579311)
28b219