Blame SPECS/httpd.spec

008793
%define contentdir %{_datadir}/httpd
008793
%define docroot /var/www
008793
%define suexec_caller apache
008793
%define mmn 20120211
008793
%define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
008793
%define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
008793
%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})
008793
008793
# Drop automatic provides for module DSOs
008793
%{?filter_setup:
008793
%filter_provides_in %{_libdir}/httpd/modules/.*\.so$
008793
%filter_setup
008793
}
008793
008793
Summary: Apache HTTP Server
008793
Name: httpd
008793
Version: 2.4.6
008793
Release: 92%{?dist}
008793
URL: http://httpd.apache.org/
008793
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
008793
Source1: index.html
008793
Source2: httpd.logrotate
008793
Source3: httpd.sysconf
008793
Source4: httpd-ssl-pass-dialog
008793
Source5: httpd.tmpfiles
008793
Source6: httpd.service
008793
Source7: action-graceful.sh
008793
Source8: action-configtest.sh
008793
Source10: httpd.conf
008793
Source11: 00-base.conf
008793
Source12: 00-mpm.conf
008793
Source13: 00-lua.conf
008793
Source14: 01-cgi.conf
008793
Source15: 00-dav.conf
008793
Source16: 00-proxy.conf
008793
Source17: 00-ssl.conf
008793
Source18: 01-ldap.conf
008793
Source19: 00-proxyhtml.conf
008793
Source20: userdir.conf
008793
Source21: ssl.conf
008793
Source22: welcome.conf
008793
Source23: manual.conf
008793
Source24: 00-systemd.conf
008793
Source25: 01-session.conf
008793
# Documentation
008793
Source30: README.confd
008793
Source40: htcacheclean.service
008793
Source41: htcacheclean.sysconf
008793
# build/scripts patches
008793
Patch1: httpd-2.4.1-apctl.patch
008793
Patch2: httpd-2.4.3-apxs.patch
008793
Patch3: httpd-2.4.1-deplibs.patch
008793
Patch5: httpd-2.4.3-layout.patch
008793
Patch6: httpd-2.4.3-apctl-systemd.patch
008793
# Features/functional changes
008793
Patch21: httpd-2.4.6-full-release.patch
008793
Patch23: httpd-2.4.4-export.patch
008793
Patch24: httpd-2.4.1-corelimit.patch
008793
Patch25: httpd-2.4.1-selinux.patch
008793
Patch26: httpd-2.4.4-r1337344+.patch
008793
Patch27: httpd-2.4.2-icons.patch
008793
Patch28: httpd-2.4.6-r1332643+.patch
008793
Patch29: httpd-2.4.3-mod_systemd.patch
008793
Patch30: httpd-2.4.4-cachehardmax.patch
008793
Patch31: httpd-2.4.6-sslmultiproxy.patch
008793
Patch32: httpd-2.4.6-r1537535.patch
008793
Patch33: httpd-2.4.6-r1542327.patch
008793
Patch34: httpd-2.4.6-ssl-large-keys.patch
008793
Patch35: httpd-2.4.6-pre_htaccess.patch
008793
Patch36: httpd-2.4.6-r1573626.patch
008793
Patch37: httpd-2.4.6-uds.patch
008793
Patch38: httpd-2.4.6-upn.patch
008793
Patch39: httpd-2.4.6-r1664565.patch
008793
Patch40: httpd-2.4.6-r1861793+.patch
008793
# Bug fixes
008793
Patch51: httpd-2.4.3-sslsninotreq.patch
008793
Patch55: httpd-2.4.4-malformed-host.patch
008793
Patch56: httpd-2.4.4-mod_unique_id.patch
008793
Patch57: httpd-2.4.6-ldaprefer.patch
008793
Patch58: httpd-2.4.6-r1507681+.patch
008793
Patch59: httpd-2.4.6-r1556473.patch
008793
Patch60: httpd-2.4.6-r1553540.patch
008793
Patch61: httpd-2.4.6-rewrite-clientaddr.patch
008793
Patch62: httpd-2.4.6-ab-overflow.patch
008793
Patch63: httpd-2.4.6-sigint.patch
008793
Patch64: httpd-2.4.6-ssl-ecdh-auto.patch
008793
Patch65: httpd-2.4.6-r1556818.patch
008793
Patch66: httpd-2.4.6-r1618851.patch
008793
Patch67: httpd-2.4.6-r1526189.patch
008793
Patch68: httpd-2.4.6-r1663647.patch
008793
Patch69: httpd-2.4.6-r1569006.patch
008793
Patch70: httpd-2.4.6-r1506474.patch
008793
Patch71: httpd-2.4.6-bomb.patch
008793
Patch72: httpd-2.4.6-r1604460.patch
008793
Patch73: httpd-2.4.6-r1624349.patch
008793
Patch74: httpd-2.4.6-ap-ipv6.patch
008793
Patch75: httpd-2.4.6-r1530280.patch
008793
Patch76: httpd-2.4.6-r1633085.patch
008793
Patch78: httpd-2.4.6-ssl-error-free.patch
008793
Patch79: httpd-2.4.6-r1528556.patch
008793
Patch80: httpd-2.4.6-r1594625.patch
008793
Patch81: httpd-2.4.6-r1674222.patch
008793
Patch82: httpd-2.4.6-apachectl-httpd-env.patch
008793
Patch83: httpd-2.4.6-rewrite-dir.patch
008793
Patch84: httpd-2.4.6-r1420184.patch
008793
Patch85: httpd-2.4.6-r1524368.patch
008793
Patch86: httpd-2.4.6-r1528958.patch
008793
Patch87: httpd-2.4.6-r1651083.patch
008793
Patch88: httpd-2.4.6-r1688399.patch
008793
Patch89: httpd-2.4.6-r1527509.patch
008793
Patch90: httpd-2.4.6-apachectl-status.patch
008793
Patch91: httpd-2.4.6-r1650655.patch
008793
Patch92: httpd-2.4.6-r1533448.patch
008793
Patch93: httpd-2.4.6-r1610013.patch
008793
Patch94: httpd-2.4.6-r1705528.patch
008793
Patch95: httpd-2.4.6-r1684462.patch
008793
Patch96: httpd-2.4.6-r1650677.patch
008793
Patch97: httpd-2.4.6-r1621601.patch
008793
Patch98: httpd-2.4.6-r1610396.patch
008793
Patch99: httpd-2.4.6-rotatelog-timezone.patch
008793
Patch100: httpd-2.4.6-ab-ssl-error.patch
008793
Patch101: httpd-2.4.6-r1723522.patch
008793
Patch102: httpd-2.4.6-r1681107.patch
008793
Patch103: httpd-2.4.6-dhparams-free.patch
008793
Patch104: httpd-2.4.6-r1651658.patch
008793
Patch105: httpd-2.4.6-r1560093.patch
008793
Patch106: httpd-2.4.6-r1748212.patch
008793
Patch107: httpd-2.4.6-r1570327.patch
008793
Patch108: httpd-2.4.6-r1631119.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1406184
008793
Patch109: httpd-2.4.6-r1593002.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1389535
008793
Patch110: httpd-2.4.6-r1662640.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1348019
008793
Patch111: httpd-2.4.6-r1348019.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1396197
008793
Patch112: httpd-2.4.6-r1587053.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1376835
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1527295
008793
Patch113: httpd-2.4.6-mpm-segfault.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1372692
008793
Patch114: httpd-2.4.6-r1681114.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1371876
008793
Patch115: httpd-2.4.6-r1775832.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1353740
008793
Patch116: httpd-2.4.6-r1726019.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1364604
008793
Patch117: httpd-2.4.6-r1683112.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1378946
008793
Patch118: httpd-2.4.6-r1651653.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1414258
008793
Patch119: httpd-2.4.6-r1634529.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1397241
008793
Patch120: httpd-2.4.6-r1738878.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1445885
008793
Patch121: httpd-2.4.6-http-protocol-options-define.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1332242
008793
Patch122: httpd-2.4.6-statements-comment.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1451333
008793
Patch123: httpd-2.4.6-rotatelogs-zombie.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1368491
008793
Patch124: httpd-2.4.6-mod_authz_dbd-missing-query.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1288395
008793
Patch125: httpd-2.4.6-r1668532.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1499253
008793
Patch126: httpd-2.4.6-r1681289.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1430640
008793
Patch127: httpd-2.4.6-r1805099.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1448892
008793
Patch128: httpd-2.4.6-r1811831.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1464406
008793
Patch129: httpd-2.4.6-r1811746.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1440590
008793
Patch130: httpd-2.4.6-r1811976.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1506392
008793
Patch131: httpd-2.4.6-r1650310.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1557785
008793
Patch132: httpd-2.4.6-r1530999.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1533793
008793
Patch133: httpd-2.4.6-r1555539.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1523536
008793
Patch134: httpd-2.4.6-r1737363.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1548501
008793
Patch135: httpd-2.4.6-r1826995.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1556761
008793
Patch136: httpd-2.4.6-default-port-worker.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1493181
008793
Patch137: httpd-2.4.6-r1825120.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1458364
008793
Patch138: httpd-2.4.6-r1515372.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1458364
008793
Patch139: httpd-2.4.6-r1824872.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1583218
008793
Patch140: httpd-2.4.6-r1833014.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1673457
008793
Patch141: httpd-2.4.6-r1583175.patch
008793
# https://bugzilla.redhat.com/show_bug.cgi?id=1649470
008793
Patch142: httpd-2.4.6-r1862604.patch
008793
008793
# Security fixes
008793
Patch200: httpd-2.4.6-CVE-2013-6438.patch
008793
Patch201: httpd-2.4.6-CVE-2014-0098.patch
008793
Patch202: httpd-2.4.6-CVE-2014-0231.patch
008793
Patch203: httpd-2.4.6-CVE-2014-0117.patch
008793
Patch204: httpd-2.4.6-CVE-2014-0118.patch
008793
Patch205: httpd-2.4.6-CVE-2014-0226.patch
008793
Patch206: httpd-2.4.6-CVE-2013-4352.patch
008793
Patch207: httpd-2.4.6-CVE-2013-5704.patch
008793
Patch208: httpd-2.4.6-CVE-2014-3581.patch
008793
Patch209: httpd-2.4.6-CVE-2015-3185.patch
008793
Patch210: httpd-2.4.6-CVE-2015-3183.patch
008793
Patch211: httpd-2.4.6-CVE-2016-5387.patch
008793
Patch212: httpd-2.4.6-CVE-2016-8743.patch
008793
Patch213: httpd-2.4.6-CVE-2016-0736.patch
008793
Patch214: httpd-2.4.6-CVE-2016-2161.patch
008793
Patch215: httpd-2.4.6-CVE-2017-3167.patch
008793
Patch216: httpd-2.4.6-CVE-2017-3169.patch
008793
Patch217: httpd-2.4.6-CVE-2017-7668.patch
008793
Patch218: httpd-2.4.6-CVE-2017-7679.patch
008793
Patch219: httpd-2.4.6-CVE-2017-9788.patch
008793
Patch220: httpd-2.4.6-CVE-2017-9798.patch
008793
Patch221: httpd-2.4.6-CVE-2018-1312.patch
008793
Patch222: httpd-2.4.6-CVE-2019-0217.patch
008793
Patch223: httpd-2.4.6-CVE-2019-0220.patch
008793
Patch224: httpd-2.4.6-CVE-2017-15710.patch
008793
Patch225: httpd-2.4.6-CVE-2018-1301.patch
008793
008793
License: ASL 2.0
008793
Group: System Environment/Daemons
008793
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
008793
BuildRequires: autoconf, perl, pkgconfig, findutils, xmlto
008793
BuildRequires: zlib-devel, libselinux-devel, lua-devel
008793
BuildRequires: apr-devel >= 1.4.0, apr-util-devel >= 1.2.0, pcre-devel >= 5.0
008793
BuildRequires: systemd-devel
008793
Requires: /etc/mime.types, system-logos >= 7.92.1-1
008793
Obsoletes: httpd-suexec
008793
Provides: webserver
008793
Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
008793
Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}, httpd-mmn = %{oldmmnisa}
008793
Requires: httpd-tools = %{version}-%{release}
008793
Requires(pre): /usr/sbin/useradd
008793
Requires(pre): /usr/sbin/groupadd
008793
Requires(preun): systemd-units
008793
Requires(postun): systemd-units
008793
Requires(post): systemd-units
008793
008793
%description
008793
The Apache HTTP Server is a powerful, efficient, and extensible
008793
web server.
008793
008793
%package devel
008793
Group: Development/Libraries
008793
Summary: Development interfaces for the Apache HTTP server
008793
Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
008793
Requires: apr-devel, apr-util-devel, pkgconfig
008793
Requires: httpd = %{version}-%{release}
008793
008793
%description devel
008793
The httpd-devel package contains the APXS binary and other files
008793
that you need to build Dynamic Shared Objects (DSOs) for the
008793
Apache HTTP Server.
008793
008793
If you are installing the Apache HTTP server and you want to be
008793
able to compile or develop additional modules for Apache, you need
008793
to install this package.
008793
008793
%package manual
008793
Group: Documentation
008793
Summary: Documentation for the Apache HTTP server
008793
Requires: httpd = %{version}-%{release}
008793
Obsoletes: secureweb-manual, apache-manual
008793
BuildArch: noarch
008793
008793
%description manual
008793
The httpd-manual package contains the complete manual and
008793
reference guide for the Apache HTTP server. The information can
008793
also be found at http://httpd.apache.org/docs/2.2/.
008793
008793
%package tools
008793
Group: System Environment/Daemons
008793
Summary: Tools for use with the Apache HTTP Server
008793
008793
%description tools
008793
The httpd-tools package contains tools which can be used with 
008793
the Apache HTTP Server.
008793
008793
%package -n mod_ssl
008793
Group: System Environment/Daemons
008793
Summary: SSL/TLS module for the Apache HTTP Server
008793
Epoch: 1
008793
BuildRequires: openssl-devel >= 1:1.0.1e-37
008793
Requires: openssl-libs >= 1:1.0.1e-37
008793
Requires(post): openssl, /bin/cat, hostname
008793
Requires(pre): httpd
008793
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
008793
Obsoletes: stronghold-mod_ssl
008793
008793
%description -n mod_ssl
008793
The mod_ssl module provides strong cryptography for the Apache Web
008793
server via the Secure Sockets Layer (SSL) and Transport Layer
008793
Security (TLS) protocols.
008793
008793
%package -n mod_proxy_html
008793
Group: System Environment/Daemons
008793
Summary: HTML and XML content filters for the Apache HTTP Server
008793
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
008793
BuildRequires: libxml2-devel
008793
Epoch: 1
008793
Obsoletes: mod_proxy_html < 1:2.4.1-2
008793
008793
%description -n mod_proxy_html
008793
The mod_proxy_html and mod_xml2enc modules provide filters which can
008793
transform and modify HTML and XML content.
008793
008793
%package -n mod_ldap
008793
Group: System Environment/Daemons
008793
Summary: LDAP authentication modules for the Apache HTTP Server
008793
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
008793
Requires: apr-util-ldap
008793
008793
%description -n mod_ldap
008793
The mod_ldap and mod_authnz_ldap modules add support for LDAP
008793
authentication to the Apache HTTP Server.
008793
008793
%package -n mod_session
008793
Group: System Environment/Daemons
008793
Summary: Session interface for the Apache HTTP Server
008793
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
008793
Requires: apr-util-openssl
008793
008793
%description -n mod_session
008793
The mod_session module and associated backends provide an abstract
008793
interface for storing and accessing per-user session data.
008793
008793
%prep
008793
%setup -q
008793
%patch1 -p1 -b .apctl
008793
%patch2 -p1 -b .apxs
008793
%patch3 -p1 -b .deplibs
008793
%patch5 -p1 -b .layout
008793
%patch6 -p1 -b .apctlsystemd
008793
008793
%patch21 -p1 -b .fullrelease
008793
%patch23 -p1 -b .export
008793
%patch24 -p1 -b .corelimit
008793
%patch25 -p1 -b .selinux
008793
%patch26 -p1 -b .r1337344+
008793
%patch27 -p1 -b .icons
008793
%patch28 -p1 -b .r1332643+
008793
%patch29 -p1 -b .systemd
008793
%patch30 -p1 -b .cachehardmax
008793
%patch31 -p1 -b .sslmultiproxy
008793
%patch32 -p1 -b .r1537535
008793
%patch33 -p1 -b .r1542327
008793
rm modules/ssl/ssl_engine_dh.c
008793
%patch34 -p1 -b .ssllargekeys
008793
%patch35 -p1 -b .prehtaccess
008793
%patch36 -p1 -b .r1573626
008793
%patch37 -p1 -b .uds
008793
%patch38 -p1 -b .upn
008793
%patch39 -p1 -b .r1664565
008793
%patch40 -p1 -b .r1861793+
008793
008793
%patch51 -p1 -b .sninotreq
008793
%patch55 -p1 -b .malformedhost
008793
%patch56 -p1 -b .uniqueid
008793
%patch57 -p1 -b .ldaprefer
008793
%patch58 -p1 -b .r1507681+
008793
%patch59 -p1 -b .r1556473
008793
%patch60 -p1 -b .r1553540
008793
%patch61 -p1 -b .clientaddr
008793
%patch62 -p1 -b .aboverflow
008793
%patch63 -p1 -b .sigint
008793
%patch64 -p1 -b .sslecdhauto
008793
%patch65 -p1 -b .r1556818
008793
%patch66 -p1 -b .r1618851
008793
%patch67 -p1 -b .r1526189
008793
%patch68 -p1 -b .r1663647
008793
%patch69 -p1 -b .1569006
008793
%patch70 -p1 -b .r1506474
008793
%patch71 -p1 -b .bomb
008793
%patch72 -p1 -b .r1604460
008793
%patch73 -p1 -b .r1624349
008793
%patch74 -p1 -b .abipv6
008793
%patch75 -p1 -b .r1530280
008793
%patch76 -p1 -b .r1633085
008793
%patch78 -p1 -b .sslerrorfree
008793
%patch79 -p1 -b .r1528556
008793
%patch80 -p1 -b .r1594625
008793
%patch81 -p1 -b .r1674222
008793
%patch82 -p1 -b .envhttpd
008793
%patch83 -p1 -b .rewritedir
008793
%patch84 -p1 -b .r1420184
008793
%patch85 -p1 -b .r1524368
008793
%patch86 -p1 -b .r1528958
008793
%patch87 -p1 -b .r1651083
008793
%patch88 -p1 -b .r1688399
008793
%patch89 -p1 -b .r1527509
008793
%patch90 -p1 -b .apachectlstatus
008793
%patch91 -p1 -b .r1650655
008793
%patch92 -p1 -b .r1533448
008793
%patch93 -p1 -b .r1610013
008793
%patch94 -p1 -b .r1705528
008793
%patch95 -p1 -b .r1684462
008793
%patch96 -p1 -b .r1650677
008793
%patch97 -p1 -b .r1621601
008793
%patch98 -p1 -b .r1610396
008793
%patch99 -p1 -b .rotatelogtimezone
008793
%patch100 -p1 -b .absslerror
008793
%patch101 -p1 -b .r1723522
008793
%patch102 -p1 -b .r1681107
008793
%patch103 -p1 -b .dhparamsfree
008793
%patch104 -p1 -b .r1651658
008793
%patch105 -p1 -b .r1560093
008793
%patch106 -p1 -b .r1748212
008793
%patch107 -p1 -b .r1570327
008793
%patch108 -p1 -b .r1631119
008793
%patch109 -p1 -b .r1593002
008793
%patch110 -p1 -b .r1662640
008793
%patch111 -p1 -b .r1348019
008793
%patch112 -p1 -b .r1587053
008793
%patch113 -p1 -b .mpmsegfault
008793
%patch114 -p1 -b .r1681114
008793
%patch115 -p1 -b .r1371876
008793
%patch116 -p1 -b .r1726019
008793
%patch117 -p1 -b .r1683112
008793
%patch118 -p1 -b .r1651653
008793
%patch119 -p1 -b .r1634529
008793
%patch120 -p1 -b .r1738878
008793
%patch121 -p1 -b .httpprotdefine
008793
%patch122 -p1 -b .statement-comment
008793
%patch123 -p1 -b .logrotate-zombie
008793
%patch124 -p1 -b .modauthzdbd-segfault
008793
%patch125 -p1 -b .r1668532
008793
%patch126 -p1 -b .r1681289
008793
%patch127 -p1 -b .r1805099
008793
%patch128 -p1 -b .r1811831
008793
%patch129 -p1 -b .r1811746
008793
%patch130 -p1 -b .r1811976
008793
%patch131 -p1 -b .r1650310
008793
%patch132 -p1 -b .r1530999
008793
%patch133 -p1 -b .r1555539
008793
%patch134 -p1 -b .r1523536
008793
%patch135 -p1 -b .r1826995
008793
%patch136 -p1 -b .defaultport-proxy
008793
%patch137 -p1 -b .r1825120
008793
%patch138 -p1 -b .r1515372
008793
%patch139 -p1 -b .r1824872
008793
%patch140 -p1 -b .r1833014
008793
%patch141 -p1 -b .r1583175
008793
%patch142 -p1 -b .1862604
008793
008793
008793
%patch200 -p1 -b .cve6438
008793
%patch201 -p1 -b .cve0098
008793
%patch202 -p1 -b .cve0231
008793
%patch203 -p1 -b .cve0117
008793
%patch204 -p1 -b .cve0118
008793
%patch205 -p1 -b .cve0226
008793
%patch206 -p1 -b .cve4352
008793
%patch207 -p1 -b .cve5704
008793
%patch208 -p1 -b .cve3581
008793
%patch209 -p1 -b .cve3185
008793
%patch210 -p1 -b .cve3183
008793
%patch211 -p1 -b .cve5387
008793
%patch212 -p1 -b .cve8743
008793
%patch213 -p1 -b .cve0736
008793
%patch214 -p1 -b .cve2161
008793
%patch215 -p1 -b .cve3167
008793
%patch216 -p1 -b .cve3169
008793
%patch217 -p1 -b .cve7668
008793
%patch218 -p1 -b .cve7679
008793
%patch219 -p1 -b .cve9788
008793
%patch220 -p1 -b .cve9798
008793
%patch221 -p1 -b .cve1312
008793
%patch222 -p1 -b .cve0217
008793
%patch223 -p1 -b .cve0220
008793
%patch224 -p1 -b .cve15710
008793
%patch225 -p1 -b .cve1301
008793
008793
# Patch in the vendor string and the release string
008793
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
008793
sed -i 's/@RELEASE@/%{release}/' server/core.c
008793
008793
# Prevent use of setcap in "install-suexec-caps" target.
008793
sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in
008793
008793
# Safety check: prevent build if defined MMN does not equal upstream MMN.
008793
vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
008793
if test "x${vmmn}" != "x%{mmn}"; then
008793
   : Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn}
008793
   : Update the mmn macro and rebuild.
008793
   exit 1
008793
fi
008793
008793
: Building with MMN %{mmn}, MMN-ISA %{mmnisa} and vendor string '%{vstring}'
008793
008793
%build
008793
# forcibly prevent use of bundled apr, apr-util, pcre
008793
rm -rf srclib/{apr,apr-util,pcre}
008793
008793
# regenerate configure scripts
008793
autoheader && autoconf || exit 1
008793
008793
# Before configure; fix location of build dir in generated apxs
008793
%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \
008793
	support/apxs.in
008793
008793
export CFLAGS=$RPM_OPT_FLAGS
008793
export LDFLAGS="-Wl,-z,relro,-z,now"
008793
008793
%ifarch ppc64 ppc64le
008793
%global _performance_build 1
008793
%endif
008793
008793
# Hard-code path to links to avoid unnecessary builddep
008793
export LYNX_PATH=/usr/bin/links
008793
008793
# Build the daemon
008793
%configure \
008793
 	--prefix=%{_sysconfdir}/httpd \
008793
 	--exec-prefix=%{_prefix} \
008793
 	--bindir=%{_bindir} \
008793
 	--sbindir=%{_sbindir} \
008793
 	--mandir=%{_mandir} \
008793
	--libdir=%{_libdir} \
008793
	--sysconfdir=%{_sysconfdir}/httpd/conf \
008793
	--includedir=%{_includedir}/httpd \
008793
	--libexecdir=%{_libdir}/httpd/modules \
008793
	--datadir=%{contentdir} \
008793
        --enable-layout=Fedora \
008793
        --with-installbuilddir=%{_libdir}/httpd/build \
008793
        --enable-mpms-shared=all \
008793
        --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
008793
	--enable-suexec --with-suexec \
008793
        --enable-suexec-capabilities \
008793
	--with-suexec-caller=%{suexec_caller} \
008793
	--with-suexec-docroot=%{docroot} \
008793
	--without-suexec-logfile \
008793
        --with-suexec-syslog \
008793
	--with-suexec-bin=%{_sbindir}/suexec \
008793
	--with-suexec-uidmin=500 --with-suexec-gidmin=100 \
008793
        --enable-pie \
008793
        --with-pcre \
008793
        --enable-mods-shared=all \
008793
	--enable-ssl --with-ssl --disable-distcache \
008793
	--enable-proxy \
008793
        --enable-cache \
008793
        --enable-disk-cache \
008793
        --enable-ldap --enable-authnz-ldap \
008793
        --enable-cgid --enable-cgi \
008793
        --enable-authn-anon --enable-authn-alias \
008793
        --disable-imagemap  \
008793
	$*
008793
make %{?_smp_mflags}
008793
008793
%install
008793
rm -rf $RPM_BUILD_ROOT
008793
008793
make DESTDIR=$RPM_BUILD_ROOT install
008793
008793
# Install systemd service files
008793
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
008793
for s in httpd htcacheclean; do
008793
  install -p -m 644 $RPM_SOURCE_DIR/${s}.service \
008793
                    $RPM_BUILD_ROOT%{_unitdir}/${s}.service
008793
done
008793
008793
# install conf file/directory
008793
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \
008793
      $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d
008793
install -m 644 $RPM_SOURCE_DIR/README.confd \
008793
    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README
008793
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
008793
         00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
008793
         01-ldap.conf 00-systemd.conf 01-session.conf; do
008793
  install -m 644 -p $RPM_SOURCE_DIR/$f \
008793
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
008793
done
008793
008793
for f in welcome.conf ssl.conf manual.conf userdir.conf; do
008793
  install -m 644 -p $RPM_SOURCE_DIR/$f \
008793
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f
008793
done
008793
008793
# Split-out extra config shipped as default in conf.d:
008793
for f in autoindex; do
008793
  mv docs/conf/extra/httpd-${f}.conf \
008793
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/${f}.conf
008793
done
008793
008793
# Extra config trimmed:
008793
rm -v docs/conf/extra/httpd-{ssl,userdir}.conf
008793
008793
rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf
008793
install -m 644 -p $RPM_SOURCE_DIR/httpd.conf \
008793
   $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/httpd.conf
008793
008793
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
008793
for s in httpd htcacheclean; do
008793
  install -m 644 -p $RPM_SOURCE_DIR/${s}.sysconf \
008793
                    $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/${s}
008793
done
008793
008793
# tmpfiles.d configuration
008793
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d 
008793
install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \
008793
   $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/httpd.conf
008793
008793
# Other directories
008793
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \
008793
         $RPM_BUILD_ROOT/run/httpd/htcacheclean
008793
008793
# Create cache directory
008793
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd \
008793
         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/proxy \
008793
         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/ssl
008793
008793
# Make the MMN accessible to module packages
008793
echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn
008793
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm
008793
cat > $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.httpd <
008793
%%_httpd_mmn %{mmnisa}
008793
%%_httpd_apxs %{_bindir}/apxs
008793
%%_httpd_modconfdir %{_sysconfdir}/httpd/conf.modules.d
008793
%%_httpd_confdir %{_sysconfdir}/httpd/conf.d
008793
%%_httpd_contentdir %{contentdir}
008793
%%_httpd_moddir %{_libdir}/httpd/modules
008793
EOF
008793
008793
# Handle contentdir
008793
mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
008793
install -m 644 -p $RPM_SOURCE_DIR/index.html \
008793
        $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
008793
rm -rf %{contentdir}/htdocs
008793
008793
# remove manual sources
008793
find $RPM_BUILD_ROOT%{contentdir}/manual \( \
008793
    -name \*.xml -o -name \*.xml.* -o -name \*.ent -o -name \*.xsl -o -name \*.dtd \
008793
    \) -print0 | xargs -0 rm -f
008793
008793
# Strip the manual down just to English and replace the typemaps with flat files:
008793
set +x
008793
for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do
008793
   if test -f ${f}.en; then
008793
      cp ${f}.en ${f}
008793
      rm ${f}.*
008793
   fi
008793
done
008793
set -x
008793
008793
# Clean Document Root
008793
rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
008793
      $RPM_BUILD_ROOT%{docroot}/cgi-bin/*
008793
008793
# Symlink for the powered-by-$DISTRO image:
008793
ln -s ../../pixmaps/poweredby.png \
008793
        $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
008793
008793
# symlinks for /etc/httpd
008793
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
008793
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
008793
ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
008793
008793
# install http-ssl-pass-dialog
008793
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
008793
install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \
008793
	$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog
008793
008793
# Install action scripts
008793
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd
008793
for f in graceful configtest; do
008793
    install -p -m 755 $RPM_SOURCE_DIR/action-${f}.sh \
008793
            $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd/${f}
008793
done
008793
008793
# Install logrotate config
008793
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
008793
install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \
008793
	$RPM_BUILD_ROOT/etc/logrotate.d/httpd
008793
008793
# fix man page paths
008793
sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \
008793
    -e "s|/usr/local/apache2/conf/mime.types|/etc/mime.types|" \
008793
    -e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \
008793
    -e "s|/usr/local/apache2/logs/error_log|/var/log/httpd/error_log|" \
008793
    -e "s|/usr/local/apache2/logs/access_log|/var/log/httpd/access_log|" \
008793
    -e "s|/usr/local/apache2/logs/httpd.pid|/run/httpd/httpd.pid|" \
008793
    -e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \
008793
  > $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8
008793
008793
# Make ap_config_layout.h libdir-agnostic
008793
sed -i '/.*DEFAULT_..._LIBEXECDIR/d;/DEFAULT_..._INSTALLBUILDDIR/d' \
008793
    $RPM_BUILD_ROOT%{_includedir}/httpd/ap_config_layout.h
008793
008793
# Fix path to instdso in special.mk
008793
sed -i '/instdso/s,top_srcdir,top_builddir,' \
008793
    $RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk
008793
008793
# Remove unpackaged files
008793
rm -vf \
008793
      $RPM_BUILD_ROOT%{_libdir}/*.exp \
008793
      $RPM_BUILD_ROOT/etc/httpd/conf/mime.types \
008793
      $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \
008793
      $RPM_BUILD_ROOT%{_libdir}/httpd/build/config.nice \
008793
      $RPM_BUILD_ROOT%{_bindir}/{ap?-config,dbmmanage} \
008793
      $RPM_BUILD_ROOT%{_sbindir}/{checkgid,envvars*} \
008793
      $RPM_BUILD_ROOT%{contentdir}/htdocs/* \
008793
      $RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \
008793
      $RPM_BUILD_ROOT%{contentdir}/cgi-bin/*
008793
008793
rm -rf $RPM_BUILD_ROOT/etc/httpd/conf/{original,extra}
008793
008793
%pre
008793
# Add the "apache" group and user
008793
/usr/sbin/groupadd -g 48 -r apache 2> /dev/null || :
008793
/usr/sbin/useradd -c "Apache" -u 48 -g apache \
008793
	-s /sbin/nologin -r -d %{contentdir} apache 2> /dev/null || :
008793
008793
%post
008793
%systemd_post httpd.service htcacheclean.service
008793
008793
%preun
008793
%systemd_preun httpd.service htcacheclean.service
008793
008793
%postun
008793
%systemd_postun
008793
008793
# Trigger for conversion from SysV, per guidelines at:
008793
# https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd
008793
%triggerun -- httpd < 2.2.21-5
008793
# Save the current service runlevel info
008793
# User must manually run systemd-sysv-convert --apply httpd
008793
# to migrate them to systemd targets
008793
/usr/bin/systemd-sysv-convert --save httpd.service >/dev/null 2>&1 ||:
008793
008793
# Run these because the SysV package being removed won't do them
008793
/sbin/chkconfig --del httpd >/dev/null 2>&1 || :
008793
008793
%posttrans
008793
test -f /etc/sysconfig/httpd-disable-posttrans || \
008793
  /bin/systemctl try-restart httpd.service htcacheclean.service >/dev/null 2>&1 || :
008793
008793
%define sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt
008793
%define sslkey %{_sysconfdir}/pki/tls/private/localhost.key
008793
008793
%post -n mod_ssl
008793
umask 077
008793
008793
if [ -f %{sslkey} -o -f %{sslcert} ]; then
008793
   exit 0
008793
fi
008793
008793
%{_bindir}/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 2048 > %{sslkey} 2> /dev/null
008793
008793
FQDN=`hostname`
008793
if [ "x${FQDN}" = "x" -o ${#FQDN} -gt 59 ]; then
008793
   FQDN=localhost.localdomain
008793
fi
008793
008793
cat << EOF | %{_bindir}/openssl req -new -key %{sslkey} \
008793
         -x509 -sha256 -days 365 -set_serial $RANDOM -extensions v3_req \
008793
         -out %{sslcert} 2>/dev/null
008793
--
008793
SomeState
008793
SomeCity
008793
SomeOrganization
008793
SomeOrganizationalUnit
008793
${FQDN}
008793
root@${FQDN}
008793
EOF
008793
008793
%check
008793
# Check the built modules are all PIC
008793
if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then
008793
   : modules contain non-relocatable code
008793
   exit 1
008793
fi
008793
008793
%clean
008793
rm -rf $RPM_BUILD_ROOT
008793
008793
%files
008793
%defattr(-,root,root)
008793
008793
%doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE
008793
%doc docs/conf/extra/*.conf
008793
008793
%dir %{_sysconfdir}/httpd
008793
%{_sysconfdir}/httpd/modules
008793
%{_sysconfdir}/httpd/logs
008793
%{_sysconfdir}/httpd/run
008793
%dir %{_sysconfdir}/httpd/conf
008793
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
008793
%config(noreplace) %{_sysconfdir}/httpd/conf/magic
008793
008793
%config(noreplace) %{_sysconfdir}/logrotate.d/httpd
008793
008793
%dir %{_sysconfdir}/httpd/conf.d
008793
%{_sysconfdir}/httpd/conf.d/README
008793
%config(noreplace) %{_sysconfdir}/httpd/conf.d/*.conf
008793
%exclude %{_sysconfdir}/httpd/conf.d/ssl.conf
008793
%exclude %{_sysconfdir}/httpd/conf.d/manual.conf
008793
008793
%dir %{_sysconfdir}/httpd/conf.modules.d
008793
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf
008793
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
008793
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
008793
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
008793
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
008793
008793
%config(noreplace) %{_sysconfdir}/sysconfig/ht*
008793
%{_prefix}/lib/tmpfiles.d/httpd.conf
008793
008793
%dir %{_libexecdir}/initscripts/legacy-actions/httpd
008793
%{_libexecdir}/initscripts/legacy-actions/httpd/*
008793
008793
%{_sbindir}/ht*
008793
%{_sbindir}/fcgistarter
008793
%{_sbindir}/apachectl
008793
%{_sbindir}/rotatelogs
008793
%caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
008793
008793
%dir %{_libdir}/httpd
008793
%dir %{_libdir}/httpd/modules
008793
%{_libdir}/httpd/modules/mod*.so
008793
%exclude %{_libdir}/httpd/modules/mod_auth_form.so
008793
%exclude %{_libdir}/httpd/modules/mod_ssl.so
008793
%exclude %{_libdir}/httpd/modules/mod_*ldap.so
008793
%exclude %{_libdir}/httpd/modules/mod_proxy_html.so
008793
%exclude %{_libdir}/httpd/modules/mod_xml2enc.so
008793
%exclude %{_libdir}/httpd/modules/mod_session*.so
008793
008793
%dir %{contentdir}
008793
%dir %{contentdir}/icons
008793
%dir %{contentdir}/error
008793
%dir %{contentdir}/error/include
008793
%dir %{contentdir}/noindex
008793
%{contentdir}/icons/*
008793
%{contentdir}/error/README
008793
%{contentdir}/error/*.var
008793
%{contentdir}/error/include/*.html
008793
%{contentdir}/noindex/index.html
008793
008793
%dir %{docroot}
008793
%dir %{docroot}/cgi-bin
008793
%dir %{docroot}/html
008793
008793
%attr(0710,root,apache) %dir /run/httpd
008793
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean
008793
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd
008793
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav
008793
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
008793
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
008793
008793
%{_mandir}/man8/*
008793
008793
%{_unitdir}/*.service
008793
008793
%files tools
008793
%defattr(-,root,root)
008793
%{_bindir}/*
008793
%{_mandir}/man1/*
008793
%doc LICENSE NOTICE
008793
%exclude %{_bindir}/apxs
008793
%exclude %{_mandir}/man1/apxs.1*
008793
008793
%files manual
008793
%defattr(-,root,root)
008793
%{contentdir}/manual
008793
%config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf
008793
008793
%files -n mod_ssl
008793
%defattr(-,root,root)
008793
%{_libdir}/httpd/modules/mod_ssl.so
008793
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
008793
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf
008793
%attr(0700,apache,root) %dir %{_localstatedir}/cache/httpd/ssl
008793
%{_libexecdir}/httpd-ssl-pass-dialog
008793
008793
%files -n mod_proxy_html
008793
%defattr(-,root,root)
008793
%{_libdir}/httpd/modules/mod_proxy_html.so
008793
%{_libdir}/httpd/modules/mod_xml2enc.so
008793
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
008793
008793
%files -n mod_ldap
008793
%defattr(-,root,root)
008793
%{_libdir}/httpd/modules/mod_*ldap.so
008793
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
008793
008793
%files -n mod_session
008793
%defattr(-,root,root)
008793
%{_libdir}/httpd/modules/mod_session*.so
008793
%{_libdir}/httpd/modules/mod_auth_form.so
008793
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
008793
008793
%files devel
008793
%defattr(-,root,root)
008793
%{_includedir}/httpd
008793
%{_bindir}/apxs
008793
%{_mandir}/man1/apxs.1*
008793
%dir %{_libdir}/httpd/build
008793
%{_libdir}/httpd/build/*.mk
008793
%{_libdir}/httpd/build/*.sh
008793
%{_sysconfdir}/rpm/macros.httpd
008793
008793
%changelog
008793
* Thu Aug 22 2019 Joe Orton <jorton@redhat.com> - 2.4.6-92
008793
- htpasswd: add SHA-2 crypt() support (#1486889)
008793
008793
* Wed Jul 31 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-91
008793
- Resolves: #1630886 - scriptlet can fail if hostname is not installed
008793
- Resolves: #1565465 - CVE-2017-15710 httpd: Out of bound write in
008793
  mod_authnz_ldap when using too small Accept-Language values
008793
- Resolves: #1568298 - CVE-2018-1301 httpd: Out of bounds access after
008793
  failure in reading the HTTP request
008793
- Resolves: #1673457 - Apache child process crashes because ScriptAliasMatch
008793
  directive
008793
- Resolves: #1633152 - mod_session missing apr-util-openssl
008793
- Resolves: #1649470 - httpd response contains garbage in Content-Type header
008793
- Resolves: #1724034 - Unexpected OCSP in proxy SSL connection
008793
008793
* Sat Jun 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-90
008793
- Resolves: #1566317 - CVE-2018-1312 httpd: Weak Digest auth nonce generation
008793
  in mod_auth_digest
008793
- Resolves: #1696141 - CVE-2019-0217 httpd: mod_auth_digest: access control
008793
  bypass due to race condition
008793
- Resolves: #1696096 - CVE-2019-0220 httpd: URL normalization inconsistency
008793
008793
* Fri Mar 15 2019 Joe Orton <jorton@redhat.com> - 2.4.6-89
008793
- fix per-request leak of bucket brigade structure (#1583218)
008793
008793
* Thu Jun 21 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-88
008793
- Resolves: #1527295 - httpd with worker/event mpm segfaults after multiple
008793
  SIGUSR1
008793
008793
* Thu Jun 21 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-87
008793
- Resolves: #1458364 - RMM list corruption in ldap module results in server hang
008793
008793
* Thu Jun 21 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-86
008793
- Resolves: #1493181 - RFE: mod_ssl: allow sending multiple CA names which
008793
  differ only in case
008793
008793
* Wed Jun 20 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-85
008793
- Resolves: #1556761 - mod_proxy_wstunned config needs the default port number
008793
008793
* Mon Jun 18 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-84
008793
- Resolves: #1548501 - Make OCSP more configurable (like CRL)
008793
008793
* Mon Jun 11 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-83
008793
- Resolves: #1523536 - Backport Apache BZ#59230 mod_proxy_express uses db
008793
  after close
008793
008793
* Mon Jun 11 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-82
008793
- Resolves: #1533793 - Use Variable with mod_authnz_ldap
008793
008793
* Mon Mar 26 2018 Joe Orton <jorton@redhat.com> - 2.4.6-81
008793
- don't terminate connections during graceful stop/restart (#1557785)
008793
008793
* Mon Jan 08 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-80
008793
- Related: #1288395 - httpd segfault when logrotate invoked
008793
008793
* Wed Nov 01 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-79
008793
- Resolves: #1274890 - mod_ssl config: tighten defaults
008793
008793
* Tue Oct 31 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-78
008793
- Resolves: #1506392 - Backport: SSLSessionTickets directive support
008793
008793
* Mon Oct 16 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-77
008793
- Resolves: #1440590 - Need an option to disable UTF8-conversion
008793
  of certificate DN
008793
008793
* Thu Oct 12 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-76
008793
- Resolves: #1464406 - Apache consumes too much memory for CGI output
008793
008793
* Thu Oct 12 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-75
008793
- Resolves: #1448892 - Cannot override LD_LIBARY_PATH in Apache HTTPD
008793
  using SetEnv or PassEnv. Needs documentation.
008793
008793
* Mon Oct 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-74
008793
- Resolves: #1430640 - "ProxyAddHeaders Off" does not become effective
008793
  when it's defined outside <Proxy> setting
008793
008793
* Fri Oct 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-73
008793
- Resolves: #1499253 - ProxyRemote with HTTPS backend sends requests
008793
  with absoluteURI instead of abs_path
008793
008793
* Tue Oct 03 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-72
008793
- Resolves: #1288395 - httpd segfault when logrotate invoked
008793
008793
* Tue Oct 03 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-71
008793
- Resolves: #1368491 - mod_authz_dbd segfaults when AuthzDBDQuery missing
008793
008793
* Mon Oct 02 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-70
008793
- Resolves: #1467402 - rotatelogs: creation of zombie processes when -p is used
008793
008793
* Tue Sep 19 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-69
008793
- Resolves: #1493065 - CVE-2017-9798 httpd: Use-after-free by limiting
008793
  unregistered HTTP method
008793
008793
* Tue Jul 25 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-68
008793
- Resolves: #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw()
008793
  authentication bypass
008793
- Resolves: #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference
008793
- Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread
008793
- Resolves: #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread
008793
- Resolves: #1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection
008793
  in mod_auth_digest
008793
008793
* Tue May 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-67
008793
- Related: #1332242 - Explicitly disallow the '#' character in allow,deny
008793
  directives
008793
008793
* Tue May 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-66
008793
- Related: #1332242 - Explicitly disallow the '#' character in allow,deny
008793
  directives
008793
008793
* Thu Apr 27 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-65
008793
- Resolves: #1445885 - define _RH_HAS_HTTPPROTOCOLOPTIONS
008793
008793
* Tue Apr 18 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-64
008793
- Resolves: #1442872 - apache user is not created during httpd installation
008793
  when apache group already exist with GID other than 48
008793
008793
* Wed Mar 22 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-63
008793
- Related: #1412976 - CVE-2016-0736 CVE-2016-2161 CVE-2016-8743
008793
  httpd: various flaws
008793
008793
* Wed Mar 15 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-62
008793
- Resolves: #1397241 - Backport Apache Bug 53098 - mod_proxy_ajp:
008793
  patch to set worker secret passed to tomcat
008793
008793
* Wed Mar 15 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-61
008793
- Related: #1414258 - Crash during restart or at startup in mod_ssl,
008793
  in certinfo_free() function registered by ssl_stapling_ex_init()
008793
008793
* Tue Mar 14 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-60
008793
- Resolves: #1414258 - Crash during restart or at startup in mod_ssl,
008793
  in certinfo_free() function registered by ssl_stapling_ex_init()
008793
008793
* Mon Mar 13 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-59
008793
- Resolves: #1378946 - Backport of apache bug 55910: Continuation lines
008793
  are broken during buffer resize
008793
008793
* Fri Mar 10 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-58
008793
- Resolves: #1364604 - Upstream Bug 56925 - ErrorDocument directive misbehaves
008793
  with mod_proxy_http and mod_proxy_ajp
008793
008793
* Thu Mar 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-57
008793
- Resolves: #1324416 - Error 404 when switching language in HTML manual
008793
  more than once
008793
008793
* Wed Mar 08 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-56
008793
- Resolves: #1353740 - Backport Apache PR58118 to fix mod_proxy_fcgi
008793
  spamming non-errors: AH01075: Error dispatching request to : (passing
008793
  brigade to output filters)
008793
008793
* Wed Mar 08 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-55
008793
- Resolves: #1371876 - Apache httpd returns "200 OK" for a request
008793
  exceeding LimitRequestBody when enabling mod_ext_filter
008793
008793
* Tue Mar 07 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-54
008793
- Resolves: #1372692 - Apache httpd does not log status code "413" in
008793
  access_log when exceeding LimitRequestBody
008793
008793
* Tue Mar 07 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-53
008793
- Resolves: #1376835 - httpd with worker/event mpm segfaults after multiple
008793
  successive graceful reloads
008793
008793
* Tue Mar 07 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-52
008793
- Resolves: #1332242 - Explicitly disallow the '#' character in allow,deny
008793
  directives
008793
008793
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-51
008793
- Resolves: #1396197 - Backport: mod_proxy_wstunnel - AH02447: err/hup
008793
  on backconn
008793
008793
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-50
008793
- Resolves: #1348019 - mod_proxy: Fix a race condition that caused a failed
008793
  worker to be retried before the retry period is over
008793
008793
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-49
008793
- Resolves: #1389535 - Segmentation fault in SSL_renegotiate
008793
008793
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-48
008793
- Resolves: #1406184 - stapling_renew_response: abort early
008793
  (before apr_uri_parse) if ocspuri is empty
008793
008793
* Tue Feb  7 2017 Joe Orton <jorton@redhat.com> - 2.4.6-47
008793
- prefork: fix delay completing graceful restart (#1327624)
008793
- mod_ldap: fix authz regression, failing to rebind (#1415257)
008793
008793
* Thu Jan 26 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-46
008793
- Resolves: #1412976 - CVE-2016-0736 CVE-2016-2161 CVE-2016-8743
008793
  httpd: various flaws
008793
008793
* Wed Aug 03 2016 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-45
008793
- RFE: run mod_rewrite external mapping program as non-root (#1316900)
008793
008793
* Tue Jul 12 2016 Joe Orton <jorton@redhat.com> - 2.4.6-44
008793
- add security fix for CVE-2016-5387
008793
008793
* Tue Jul  5 2016 Joe Orton <jorton@redhat.com> - 2.4.6-43
008793
- add 451 (Unavailable For Legal Reasons) response status-code (#1343582)
008793
008793
* Fri Jun 17 2016 Joe Orton <jorton@redhat.com> - 2.4.6-42
008793
- mod_cache: treat cache as valid with changed Expires in 304 (#1331341)
008793
008793
* Wed Feb 24 2016 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-41
008793
- mod_cache: merge r->err_headers_out into r->headers when the response
008793
  is cached for the first time (#1264989)
008793
- mod_ssl: Do not send SSL warning when SNI hostname is not found as per
008793
  RFC 6066 (#1298148)
008793
- mod_proxy_fcgi: Ignore body data from backend for 304 responses (#1263038)
008793
- fix apache user creation when apache group already exists (#1299889)
008793
- fix apache user creation when USERGROUPS_ENAB is set to 'no' (#1288757)
008793
- mod_proxy: fix slow response time for reponses with error status code
008793
  when using ProxyErrorOverride (#1283653)
008793
- mod_ldap: Respect LDAPConnectionPoolTTL for authn connections (#1300149)
008793
- mod_ssl: use "localhost" in the dummy SSL cert for long FQDNs (#1240495)
008793
- rotatelogs: improve support for localtime (#1244545)
008793
- ab: fix read failure when targeting SSL server (#1255331)
008793
- mod_log_debug: fix LogMessage example in documentation (#1279465)
008793
- mod_authz_dbd, mod_authn_dbd, mod_session_dbd, mod_rewrite: Fix lifetime
008793
  of DB lookup entries independently of the selected DB engine (#1287844)
008793
- mod_ssl: fix hardware crypto support with custom DH parms (#1291865)
008793
- mod_proxy_fcgi: fix SCRIPT_FILENAME when a balancer is used (#1302797)
008793
008793
* Thu Sep 17 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-40
008793
- mod_dav: follow up fix for previous commit (#1263975)
008793
008793
* Wed Aug 26 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-39
008793
- mod_dav: treat dav_resource uri as escaped (#1255480)
008793
008793
* Wed Aug 19 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-38
008793
- mod_ssl: add support for User Principal Name in SSLUserName  (#1242503)
008793
008793
* Mon Aug 10 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-37
008793
- core: fix chunk header parsing defect (CVE-2015-3183)
008793
- core: replace of ap_some_auth_required with ap_some_authn_required
008793
  and ap_force_authn hook (CVE-2015-3185)
008793
008793
* Tue Jul 14 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-36
008793
- Revert fix for #1162152, it is not needed in RHEL7
008793
- mod_proxy_ajp: fix settings ProxyPass parameters for AJP backends (#1242416)
008793
008793
* Wed Jul 01 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-35
008793
- mod_remoteip: correct the trusted proxy match test (#1179306)
008793
- mod_dav: send complete response when resource is created (#1235383)
008793
- apachectl: correct the apachectl status man page (#1231924)
008793
008793
* Wed Jun 03 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-34
008793
- mod_proxy_fcgi: honor Timeout / ProxyTimeout (#1222328)
008793
- do not show all vhosts twice in httpd -D DUMP_VHOSTS output (#1225820)
008793
- fix -D[efined] or <Define>[d] variables lifetime accross restarts (#1227219)
008793
- mod_ssl: do not send NPN extension with not configured (#1226015)
008793
008793
* Mon May 18 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-33
008793
- mod_authz_dbm: fix crash when using "Require dbm-file-group" (#1221575)
008793
008793
* Wed Apr 15 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-32
008793
- mod_authn_dbd: fix use-after-free bug with postgresql (#1188779)
008793
- mod_remoteip: correct the trusted proxy match test (#1179306)
008793
- mod_status: honor remote_ip as documented (#1169081)
008793
- mod_deflate: fix decompression of files larger than 4GB (#1170214)
008793
- core: improve error message for inaccessible DocumentRoot (#1170220)
008793
- ab: try all addresses instead of failing on first one when not available (#1125276)
008793
- mod_proxy_wstunnel: add support for SSL (#1180745)
008793
- mod_proxy_wstunnel: load this module by default (#1180745)
008793
- mod_rewrite: add support for WebSockets (#1180745)
008793
- mod_rewrite: do not search for directory if a URL will be rewritten (#1210091)
008793
- mod_ssl: Fix SSL_CLIENT_VERIFY value when optional_no_ca and SSLSessionCache
008793
  are used and SSL session is resumed (#1170206)
008793
- mod_ssl: fix memory leak on httpd reloads (#1181690)
008793
- mod_ssl: use SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA (#1118476)
008793
- mod_cgi: return error code 408 on timeout (#1162152)
008793
- mod_dav_fs: set default value of DAVLockDB (#1176449)
008793
- add Documentation= to the httpd.service and htcacheclean.service (#1184118)
008793
- do not display "bomb" icon for files ending with "core" (#1170215)
008793
- add missing Reason-Phrase in HTTP response headers (#1162159)
008793
- fix BuildRequires to require openssl-devel >= 1:1.0.1e-37 (#1160625)
008793
- apachectl: ignore HTTPD variable from sysconfig (#1214401)
008793
- apachectl: fix "graceful" documentation (#1214398)
008793
- apachectl: fix "graceful" behaviour when httpd is not running (#1214430)
008793
008793
* Tue Dec 02 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-31
008793
- mod_proxy_fcgi: determine if FCGI_CONN_CLOSE should be enabled
008793
  instead of hardcoding it (#1168050)
008793
- mod_proxy: support Unix Domain Sockets (#1168081)
008793
008793
* Tue Nov 25 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-30
008793
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
008793
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
008793
008793
* Tue Nov 04 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-29
008793
- rebuild against proper version of OpenSSL (#1080125)
008793
008793
* Wed Oct 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-28
008793
- set vstring based on /etc/os-release (#1114123)
008793
008793
* Mon Oct 06 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-27
008793
- fix the dependency on openssl-libs to match the fix for #1080125
008793
008793
* Mon Sep 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-26
008793
- allow <Auth*ProviderAlias>'es to be seen under virtual hosts (#1131847)
008793
008793
* Fri Sep 19 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-25
008793
- do not use hardcoded curve for ECDHE suites (#1080125)
008793
008793
* Wed Sep 03 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-24
008793
- allow reverse-proxy to be set via SetHandler (#1136290)
008793
008793
* Thu Aug 21 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-23
008793
- fix possible crash in SIGINT handling (#1131006)
008793
008793
* Mon Aug 18 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-22
008793
- ab: fix integer overflow when printing stats with lot of requests (#1092420)
008793
008793
* Mon Aug 11 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-21
008793
- add pre_htaccess so mpm-itk can be build as separate module (#1059143)
008793
008793
* Tue Aug 05 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-20
008793
- mod_ssl: prefer larger keys and support up to 8192-bit keys (#1073078)
008793
008793
* Mon Aug 04 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-19
008793
- fix build on ppc64le by using configure macro (#1125545)
008793
- compile httpd with -O3 on ppc64le (#1123490)
008793
- mod_rewrite: expose CONN_REMOTE_ADDR (#1060536)
008793
008793
* Thu Jul 17 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-18
008793
- mod_cgid: add security fix for CVE-2014-0231 (#1120608)
008793
- mod_proxy: add security fix for CVE-2014-0117 (#1120608)
008793
- mod_deflate: add security fix for CVE-2014-0118 (#1120608)
008793
- mod_status: add security fix for CVE-2014-0226 (#1120608)
008793
- mod_cache: add secutiry fix for CVE-2013-4352 (#1120608)
008793
008793
* Thu Mar 20 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-17
008793
- mod_dav: add security fix for CVE-2013-6438 (#1077907)
008793
- mod_log_config: add security fix for CVE-2014-0098 (#1077907)
008793
008793
* Wed Mar  5 2014 Joe Orton <jorton@redhat.com> - 2.4.6-16
008793
- mod_ssl: improve DH temp key handling (#1057687)
008793
008793
* Wed Mar  5 2014 Joe Orton <jorton@redhat.com> - 2.4.6-15
008793
- mod_ssl: use 2048-bit RSA key with SHA-256 signature in dummy certificate (#1071276)
008793
008793
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.4.6-14
008793
- Mass rebuild 2014-01-24
008793
008793
* Mon Jan 13 2014 Joe Orton <jorton@redhat.com> - 2.4.6-13
008793
- mod_ssl: sanity-check use of "SSLCompression" (#1036666)
008793
- mod_proxy_http: fix brigade memory usage (#1040447)
008793
008793
* Fri Jan 10 2014 Joe Orton <jorton@redhat.com> - 2.4.6-12
008793
- rebuild
008793
008793
* Thu Jan  9 2014 Joe Orton <jorton@redhat.com> - 2.4.6-11
008793
- build with -O3 on ppc64 (#1051066)
008793
008793
* Tue Jan  7 2014 Joe Orton <jorton@redhat.com> - 2.4.6-10
008793
- mod_dav: fix locktoken handling (#1004046)
008793
008793
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.4.6-9
008793
- Mass rebuild 2013-12-27
008793
008793
* Fri Dec 20 2013 Joe Orton <jorton@redhat.com> - 2.4.6-8
008793
- use unambiguous httpd-mmn (#1029360)
008793
008793
* Fri Nov   1 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-7
008793
- mod_ssl: allow SSLEngine to override Listen-based default (#1023168)
008793
008793
* Thu Oct  31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-6
008793
- systemd: Use {MAINPID} notation in service file (#969972)
008793
008793
* Thu Oct 24 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-5
008793
- systemd: send SIGWINCH signal without httpd -k in ExecStop (#969972)
008793
008793
* Thu Oct 03 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-4
008793
- expand macros in macros.httpd (#1011393)
008793
008793
* Mon Aug 26 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-3
008793
- fix "LDAPReferrals off" to really disable LDAP Referrals
008793
008793
* Wed Jul 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-2
008793
- revert fix for dumping vhosts twice
008793
008793
* Mon Jul 22 2013 Joe Orton <jorton@redhat.com> - 2.4.6-1
008793
- update to 2.4.6
008793
- mod_ssl: use revised NPN API (r1487772)
008793
008793
* Thu Jul 11 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-12
008793
- mod_unique_id: replace use of hostname + pid with PRNG output (#976666)
008793
- apxs: mention -p option in manpage
008793
008793
* Tue Jul  2 2013 Joe Orton <jorton@redhat.com> - 2.4.4-11
008793
- add patch for aarch64 (Dennis Gilmore, #925558)
008793
008793
* Mon Jul  1 2013 Joe Orton <jorton@redhat.com> - 2.4.4-10
008793
- remove duplicate apxs man page from httpd-tools
008793
008793
* Mon Jun 17 2013 Joe Orton <jorton@redhat.com> - 2.4.4-9
008793
- remove zombie dbmmanage script
008793
008793
* Fri May 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-8
008793
- return 400 Bad Request on malformed Host header
008793
008793
* Mon May 20 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-6
008793
- htpasswd/htdbm: fix hash generation bug (#956344)
008793
- do not dump vhosts twice in httpd -S output (#928761)
008793
- mod_cache: fix potential crash caused by uninitialized variable (#954109)
008793
008793
* Thu Apr 18 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-5
008793
- execute systemctl reload as result of apachectl graceful
008793
- mod_ssl: ignore SNI hints unless required by config
008793
- mod_cache: forward-port CacheMaxExpire "hard" option
008793
- mod_ssl: fall back on another module's proxy hook if mod_ssl proxy
008793
  is not configured.
008793
008793
* Tue Apr 16 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-4
008793
- fix service file to not send SIGTERM after ExecStop (#906321, #912288)
008793
008793
* Tue Mar 26 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-3
008793
- protect MIMEMagicFile with IfModule (#893949)
008793
008793
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-2
008793
- really package mod_auth_form in mod_session (#915438)
008793
008793
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-1
008793
- update to 2.4.4
008793
- fix duplicate ownership of mod_session config (#914901)
008793
008793
* Fri Feb 22 2013 Joe Orton <jorton@redhat.com> - 2.4.3-17
008793
- add mod_session subpackage, move mod_auth_form there (#894500)
008793
008793
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.3-16
008793
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
008793
008793
* Tue Jan  8 2013 Joe Orton <jorton@redhat.com> - 2.4.3-15
008793
- add systemd service for htcacheclean
008793
008793
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-14
008793
- drop patch for r1344712
008793
008793
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-13
008793
- filter mod_*.so auto-provides (thanks to rcollet)
008793
- pull in syslog logging fix from upstream (r1344712)
008793
008793
* Fri Oct 26 2012 Joe Orton <jorton@redhat.com> - 2.4.3-12
008793
- rebuild to pick up new apr-util-ldap
008793
008793
* Tue Oct 23 2012 Joe Orton <jorton@redhat.com> - 2.4.3-11
008793
- rebuild
008793
008793
* Wed Oct  3 2012 Joe Orton <jorton@redhat.com> - 2.4.3-10
008793
- pull upstream patch r1392850 in addition to r1387633
008793
008793
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-9.1
008793
- restore "ServerTokens Full-Release" support (#811714)
008793
008793
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-9
008793
- define PLATFORM in os.h using vendor string
008793
008793
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-8
008793
- use systemd script unconditionally (#850149)
008793
008793
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-7
008793
- use systemd scriptlets if available (#850149)
008793
- don't run posttrans restart if /etc/sysconfig/httpd-disable-posttrans exists
008793
008793
* Mon Oct 01 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-6
008793
- use systemctl from apachectl (#842736)
008793
008793
* Wed Sep 19 2012 Joe Orton <jorton@redhat.com> - 2.4.3-5
008793
- fix some error log spam with graceful-stop (r1387633)
008793
- minor mod_systemd tweaks
008793
008793
* Thu Sep 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-4
008793
- use IncludeOptional for conf.d/*.conf inclusion
008793
008793
* Fri Sep 07 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-3
008793
- adding mod_systemd to integrate with systemd better
008793
008793
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-2
008793
- mod_ssl: add check for proxy keypair match (upstream r1374214)
008793
008793
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-1
008793
- update to 2.4.3 (#849883)
008793
- own the docroot (#848121)
008793
008793
* Mon Aug  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-23
008793
- add mod_proxy fixes from upstream (r1366693, r1365604)
008793
008793
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-22
008793
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
008793
008793
* Fri Jul  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-21
008793
- drop explicit version requirement on initscripts
008793
008793
* Thu Jul  5 2012 Joe Orton <jorton@redhat.com> - 2.4.2-20
008793
- mod_ext_filter: fix error_log warnings
008793
008793
* Mon Jul  2 2012 Joe Orton <jorton@redhat.com> - 2.4.2-19
008793
- support "configtest" and "graceful" as initscripts "legacy actions"
008793
008793
* Fri Jun  8 2012 Joe Orton <jorton@redhat.com> - 2.4.2-18
008793
- avoid use of "core" GIF for a "core" directory (#168776)
008793
- drop use of "syslog.target" in systemd unit file
008793
008793
* Thu Jun  7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-17
008793
- use _unitdir for systemd unit file
008793
- use /run in unit file, ssl.conf
008793
008793
* Thu Jun  7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-16
008793
- mod_ssl: fix NPN patch merge
008793
008793
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-15
008793
- move tmpfiles.d fragment into /usr/lib per new guidelines
008793
- package /run/httpd not /var/run/httpd
008793
- set runtimedir to /run/httpd likewise
008793
008793
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-14
008793
- fix htdbm/htpasswd crash on crypt() failure (#818684)
008793
008793
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-13
008793
- pull fix for NPN patch from upstream (r1345599)
008793
008793
* Thu May 31 2012 Joe Orton <jorton@redhat.com> - 2.4.2-12
008793
- update suexec patch to use LOG_AUTHPRIV facility
008793
008793
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-11
008793
- really fix autoindex.conf (thanks to remi@)
008793
008793
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-10
008793
- fix autoindex.conf to allow symlink to poweredby.png
008793
008793
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-9
008793
- suexec: use upstream version of patch for capability bit support
008793
008793
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-8
008793
- suexec: use syslog rather than suexec.log, drop dac_override capability
008793
008793
* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-7
008793
- mod_ssl: add TLS NPN support (r1332643, #809599)
008793
008793
* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-6
008793
- add BR on APR >= 1.4.0
008793
008793
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-5
008793
- use systemctl from logrotate (#221073)
008793
008793
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-4
008793
- pull from upstream:
008793
  * use TLS close_notify alert for dummy_connection (r1326980+)
008793
  * cleanup symbol exports (r1327036+)
008793
008793
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3.2
008793
- rebuild
008793
008793
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3
008793
- really fix restart
008793
008793
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-2
008793
- tweak default ssl.conf
008793
- fix restart handling (#814645)
008793
- use graceful restart by default
008793
008793
* Wed Apr 18 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.2-1
008793
- update to 2.4.2
008793
008793
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-6
008793
- fix macros
008793
008793
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-5
008793
- add _httpd_moddir to macros
008793
008793
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-4
008793
- fix symlink for poweredby.png
008793
- fix manual.conf
008793
008793
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-3
008793
- add mod_proxy_html subpackage (w/mod_proxy_html + mod_xml2enc)
008793
- move mod_ldap, mod_authnz_ldap to mod_ldap subpackage
008793
008793
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-2
008793
- clean docroot better
008793
- ship proxy, ssl directories within /var/cache/httpd
008793
- default config:
008793
 * unrestricted access to (only) /var/www
008793
 * remove (commented) Mutex, MaxRanges, ScriptSock
008793
 * split autoindex config to conf.d/autoindex.conf
008793
- ship additional example configs in docdir
008793
008793
* Tue Mar  6 2012 Joe Orton <jorton@redhat.com> - 2.4.1-1
008793
- update to 2.4.1
008793
- adopt upstream default httpd.conf (almost verbatim)
008793
- split all LoadModules to conf.modules.d/*.conf
008793
- include conf.d/*.conf at end of httpd.conf
008793
- trim %%changelog
008793
008793
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-2
008793
- fix build against PCRE 8.30
008793
008793
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-1
008793
- update to 2.2.22
008793
008793
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 2.2.21-8
008793
- Rebuild against PCRE 8.30
008793
008793
* Mon Jan 23 2012 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-7
008793
- fix #783629 - start httpd after named
008793
008793
* Mon Jan 16 2012 Joe Orton <jorton@redhat.com> - 2.2.21-6
008793
- complete conversion to systemd, drop init script (#770311)
008793
- fix comments in /etc/sysconfig/httpd (#771024)
008793
- enable PrivateTmp in service file (#781440)
008793
- set LANG=C in /etc/sysconfig/httpd
008793
008793
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.21-5
008793
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
008793
008793
* Tue Dec 06 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-4
008793
- fix #751591 - start httpd after remote-fs
008793
008793
* Mon Oct 24 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-3
008793
- allow change state of BalancerMember in mod_proxy_balancer web interface
008793
008793
* Thu Sep 22 2011 Ville Skyttä <ville.skytta@iki.fi> - 2.2.21-2
008793
- Make mmn available as %%{_httpd_mmn}.
008793
- Add .svgz to AddEncoding x-gzip example in httpd.conf.
008793
008793
* Tue Sep 13 2011 Joe Orton <jorton@redhat.com> - 2.2.21-1
008793
- update to 2.2.21
008793
008793
* Mon Sep  5 2011 Joe Orton <jorton@redhat.com> - 2.2.20-1
008793
- update to 2.2.20
008793
- fix MPM stub man page generation
008793
008793
* Wed Aug 10 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-5
008793
- fix #707917 - add httpd-ssl-pass-dialog to ask for SSL password using systemd
008793
008793
* Fri Jul 22 2011 Iain Arnell <iarnell@gmail.com> 1:2.2.19-4
008793
- rebuild while rpm-4.9.1 is untagged to remove trailing slash in provided
008793
  directory names
008793
008793
* Wed Jul 20 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-3
008793
- fix #716621 - suexec now works without setuid bit
008793
008793
* Thu Jul 14 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-2
008793
- fix #689091 - backported patch from 2.3 branch to support IPv6 in logresolve
008793
008793
* Fri Jul  1 2011 Joe Orton <jorton@redhat.com> - 2.2.19-1
008793
- update to 2.2.19
008793
- enable dbd, authn_dbd in default config
008793
008793
* Thu Apr 14 2011 Joe Orton <jorton@redhat.com> - 2.2.17-13
008793
- fix path expansion in service files
008793
008793
* Tue Apr 12 2011 Joe Orton <jorton@redhat.com> - 2.2.17-12
008793
- add systemd service files (#684175, thanks to Jóhann B. Guðmundsson)
008793
008793
* Wed Mar 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-11
008793
- minor updates to httpd.conf
008793
- drop old patches
008793
008793
* Wed Mar  2 2011 Joe Orton <jorton@redhat.com> - 2.2.17-10
008793
- rebuild
008793
008793
* Wed Feb 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-9
008793
- use arch-specific mmn
008793
008793
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.17-8
008793
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
008793
008793
* Mon Jan 31 2011 Joe Orton <jorton@redhat.com> - 2.2.17-7
008793
- generate dummy mod_ssl cert with CA:FALSE constraint (#667841)
008793
- add man page stubs for httpd.event, httpd.worker
008793
- drop distcache support
008793
- add STOP_TIMEOUT support to init script
008793
008793
* Sat Jan  8 2011 Joe Orton <jorton@redhat.com> - 2.2.17-6
008793
- update default SSLCipherSuite per upstream trunk
008793
008793
* Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-5
008793
- fix requires (#667397)
008793
008793
* Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-4
008793
- de-ghost /var/run/httpd
008793
008793
* Tue Jan  4 2011 Joe Orton <jorton@redhat.com> - 2.2.17-3
008793
- add tmpfiles.d configuration, ghost /var/run/httpd (#656600)
008793
008793
* Sat Nov 20 2010 Joe Orton <jorton@redhat.com> - 2.2.17-2
008793
- drop setuid bit, use capabilities for suexec binary
008793
008793
* Wed Oct 27 2010 Joe Orton <jorton@redhat.com> - 2.2.17-1
008793
- update to 2.2.17
008793
008793
* Fri Sep 10 2010 Joe Orton <jorton@redhat.com> - 2.2.16-2
008793
- link everything using -z relro and -z now
008793
008793
* Mon Jul 26 2010 Joe Orton <jorton@redhat.com> - 2.2.16-1
008793
- update to 2.2.16
008793
008793
* Fri Jul  9 2010 Joe Orton <jorton@redhat.com> - 2.2.15-3
008793
- default config tweaks:
008793
 * harden httpd.conf w.r.t. .htaccess restriction (#591293)
008793
 * load mod_substitute, mod_version by default
008793
 * drop proxy_ajp.conf, load mod_proxy_ajp in httpd.conf
008793
 * add commented list of shipped-but-unloaded modules
008793
 * bump up worker defaults a little
008793
 * drop KeepAliveTimeout to 5 secs per upstream
008793
- fix LSB compliance in init script (#522074)
008793
- bundle NOTICE in -tools
008793
- use init script in logrotate postrotate to pick up PIDFILE
008793
- drop some old Obsoletes/Conflicts
008793
008793
* Sun Apr 04 2010 Robert Scheck <robert@fedoraproject.org> - 2.2.15-1
008793
- update to 2.2.15 (#572404, #579311)
008793