52592b
%define contentdir %{_datadir}/httpd
52592b
%define docroot /var/www
52592b
%define suexec_caller apache
52592b
%define mmn 20120211
52592b
%define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
52592b
%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})
52592b
%if 0%{?fedora} > 26 || 0%{?rhel} > 7
52592b
%global mpm event
52592b
%else
52592b
%global mpm prefork
52592b
%endif
52592b
52592b
Summary: Apache HTTP Server
52592b
Name: httpd
52592b
Version: 2.4.37
fa34f0
Release: 30%{?dist}
52592b
URL: https://httpd.apache.org/
52592b
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
2f74ee
Source1: centos-noindex-8.0.tar.gz
52592b
Source2: httpd.logrotate
52592b
Source3: instance.conf
52592b
Source4: httpd-ssl-pass-dialog
52592b
Source5: httpd.tmpfiles
52592b
Source6: httpd.service
52592b
Source7: action-graceful.sh
52592b
Source8: action-configtest.sh
52592b
Source10: httpd.conf
52592b
Source11: 00-base.conf
52592b
Source12: 00-mpm.conf
52592b
Source13: 00-lua.conf
52592b
Source14: 01-cgi.conf
52592b
Source15: 00-dav.conf
52592b
Source16: 00-proxy.conf
52592b
Source17: 00-ssl.conf
52592b
Source18: 01-ldap.conf
52592b
Source19: 00-proxyhtml.conf
52592b
Source20: userdir.conf
52592b
Source21: ssl.conf
52592b
Source22: welcome.conf
52592b
Source23: manual.conf
52592b
Source24: 00-systemd.conf
52592b
Source25: 01-session.conf
52592b
Source26: 10-listen443.conf
52592b
Source27: httpd.socket
52592b
Source28: 00-optional.conf
52592b
# Documentation
52592b
Source30: README.confd
52592b
Source31: README.confmod
52592b
Source32: httpd.service.xml
52592b
Source33: htcacheclean.service.xml
52592b
Source34: httpd.conf.xml
52592b
Source40: htcacheclean.service
52592b
Source41: htcacheclean.sysconf
52592b
Source42: httpd-init.service
52592b
Source43: httpd-ssl-gencerts
52592b
Source44: httpd@.service
10ea73
Source45: config.layout
52592b
52592b
# build/scripts patches
52592b
# http://bugzilla.redhat.com/show_bug.cgi?id=1231924
52592b
# http://bugzilla.redhat.com/show_bug.cgi?id=842736
52592b
# http://bugzilla.redhat.com/show_bug.cgi?id=1214401
52592b
Patch1: httpd-2.4.35-apachectl.patch
52592b
Patch2: httpd-2.4.28-apxs.patch
52592b
Patch3: httpd-2.4.35-deplibs.patch
52592b
52592b
# Needed for socket activation and mod_systemd patch
52592b
Patch19: httpd-2.4.35-detect-systemd.patch
52592b
52592b
# Features/functional changes
52592b
Patch20: httpd-2.4.32-export.patch
52592b
Patch21: httpd-2.4.35-corelimit.patch
52592b
Patch22: httpd-2.4.35-selinux.patch
52592b
# https://bugzilla.redhat.com/show_bug.cgi?id=1170215
52592b
Patch23: httpd-2.4.28-icons.patch
52592b
Patch24: httpd-2.4.35-systemd.patch
52592b
Patch25: httpd-2.4.35-cachehardmax.patch
52592b
Patch26: httpd-2.4.28-socket-activation.patch
52592b
# https://bugzilla.redhat.com/show_bug.cgi?id=1109119
52592b
Patch27: httpd-2.4.35-sslciphdefault.patch
52592b
# https://bugzilla.redhat.com/show_bug.cgi?id=1332242
52592b
Patch28: httpd-2.4.28-statements-comment.patch
52592b
# https://bugzilla.redhat.com/show_bug.cgi?id=811714
52592b
Patch29: httpd-2.4.35-full-release.patch
52592b
Patch30: httpd-2.4.35-freebind.patch
52592b
Patch31: httpd-2.4.35-r1830819+.patch
52592b
# https://bugzilla.redhat.com/show_bug.cgi?id=1638738
52592b
Patch32: httpd-2.4.37-sslprotdefault.patch
26c8e2
# https://bugzilla.redhat.com/show_bug.cgi?id=1747898
26c8e2
Patch33: httpd-2.4.37-mod-md-mod-ssl-hooks.patch
26c8e2
# https://bugzilla.redhat.com/show_bug.cgi?id=1725031
26c8e2
Patch34: httpd-2.4.37-r1861793+.patch
fa34f0
# https://bugzilla.redhat.com/show_bug.cgi?id=1704317
26c8e2
Patch35: httpd-2.4.37-sslkeylogfile-support.patch
fa34f0
# https://bugzilla.redhat.com/show_bug.cgi?id=1794728
fa34f0
Patch36: httpd-2.4.37-session-expiry-updt-int.patch
fa34f0
# https://bugzilla.redhat.com/show_bug.cgi?id=1209162
fa34f0
Patch37: httpd-2.4.37-logjournal.patch
52592b
# Bug fixes
52592b
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243
52592b
Patch61: httpd-2.4.35-r1738878.patch
52592b
# https://bugzilla.redhat.com/show_bug.cgi?id=1170206
52592b
Patch62: httpd-2.4.35-r1633085.patch
52592b
# https://bugzilla.redhat.com/show_bug.cgi?id=1448892
52592b
Patch63: httpd-2.4.28-r1811831.patch
52592b
# https://bugzilla.redhat.com/show_bug.cgi?id=1602548
52592b
Patch65: httpd-2.4.35-r1842888.patch
52592b
# https://bugzilla.redhat.com/show_bug.cgi?id=1653009
10ea73
# https://bugzilla.redhat.com/show_bug.cgi?id=1672977
10ea73
# https://bugzilla.redhat.com/show_bug.cgi?id=1673022
52592b
Patch66: httpd-2.4.37-r1842929+.patch
52592b
# https://bugzilla.redhat.com/show_bug.cgi?id=1630432
52592b
Patch67: httpd-2.4.35-r1825120.patch
52592b
# https://bugzilla.redhat.com/show_bug.cgi?id=1670716
52592b
Patch68: httpd-2.4.37-fips-segfault.patch
10ea73
# https://bugzilla.redhat.com/show_bug.cgi?id=1669221
10ea73
Patch70: httpd-2.4.37-r1840554.patch
10ea73
# https://bugzilla.redhat.com/show_bug.cgi?id=1673022
10ea73
Patch71: httpd-2.4.37-mod-md-perms.patch
10ea73
# https://bugzilla.redhat.com/show_bug.cgi?id=1724549
10ea73
Patch72: httpd-2.4.37-mod-mime-magic-strdup.patch
26c8e2
# https://bugzilla.redhat.com/show_bug.cgi?id=1724034
26c8e2
Patch73: httpd-2.4.35-ocsp-wrong-ctx.patch
26c8e2
# https://bugzilla.redhat.com/show_bug.cgi?id=1633224
26c8e2
Patch74: httpd-2.4.37-r1828172+.patch
26c8e2
# https://bugzilla.redhat.com/show_bug.cgi?id=1775158
26c8e2
Patch75: httpd-2.4.37-r1870095+.patch
fa34f0
# https://bugzilla.redhat.com/show_bug.cgi?id=1771847
fa34f0
Patch76: httpd-2.4.37-proxy-continue.patch
fa34f0
Patch77: httpd-2.4.37-balancer-failover.patch
fa34f0
52592b
52592b
# Security fixes
52592b
Patch200: httpd-2.4.37-r1851471.patch
c49bed
# https://bugzilla.redhat.com/show_bug.cgi?id=1694980
c49bed
Patch201: httpd-2.4.37-CVE-2019-0211.patch
c49bed
# https://bugzilla.redhat.com/show_bug.cgi?id=1695025
c49bed
Patch202: httpd-2.4.37-CVE-2019-0215.patch
10ea73
# https://bugzilla.redhat.com/show_bug.cgi?id=1696141
10ea73
Patch203: httpd-2.4.37-CVE-2019-0217.patch
10ea73
# https://bugzilla.redhat.com/show_bug.cgi?id=1696097
10ea73
Patch204: httpd-2.4.37-CVE-2019-0220.patch
f45152
# https://bugzilla.redhat.com/show_bug.cgi?id=1741860
f45152
# https://bugzilla.redhat.com/show_bug.cgi?id=1741864
f45152
# https://bugzilla.redhat.com/show_bug.cgi?id=1741868
10ea73
Patch205: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch
fa34f0
# https://bugzilla.redhat.com/show_bug.cgi?id=1823259
fa34f0
# https://bugzilla.redhat.com/show_bug.cgi?id=1747284
fa34f0
# fixes both CVE-2020-1927 and CVE-2019-10098
fa34f0
Patch206: httpd-2.4.37-CVE-2019-10098.patch
fa34f0
# https://bugzilla.redhat.com/show_bug.cgi?id=1747281
fa34f0
Patch207: httpd-2.4.37-CVE-2019-10092.patch
fa34f0
# https://bugzilla.redhat.com/show_bug.cgi?id=1747291
fa34f0
Patch208: httpd-2.4.37-CVE-2019-10097.patch
fa34f0
# https://bugzilla.redhat.com/show_bug.cgi?id=1820772
fa34f0
Patch209: httpd-2.4.37-CVE-2020-1934.patch
52592b
52592b
License: ASL 2.0
52592b
Group: System Environment/Daemons
52592b
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
52592b
BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto
52592b
BuildRequires: zlib-devel, libselinux-devel, lua-devel,  brotli-devel
52592b
BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
52592b
BuildRequires: systemd-devel
52592b
Requires: /etc/mime.types, system-logos-httpd
52592b
Obsoletes: httpd-suexec
52592b
Provides: webserver
52592b
Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
52592b
Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
52592b
Requires: httpd-tools = %{version}-%{release}
52592b
Requires: httpd-filesystem = %{version}-%{release}
52592b
Requires: mod_http2
52592b
Requires(pre): httpd-filesystem
52592b
Requires(preun): systemd-units
52592b
Requires(postun): systemd-units
52592b
Requires(post): systemd-units
52592b
Conflicts: apr < 1.5.0-1
52592b
52592b
%description
52592b
The Apache HTTP Server is a powerful, efficient, and extensible
52592b
web server.
52592b
52592b
%package devel
52592b
Group: Development/Libraries
52592b
Summary: Development interfaces for the Apache HTTP server
52592b
Requires: apr-devel, apr-util-devel, pkgconfig
52592b
Requires: httpd = %{version}-%{release}
52592b
52592b
%description devel
52592b
The httpd-devel package contains the APXS binary and other files
52592b
that you need to build Dynamic Shared Objects (DSOs) for the
52592b
Apache HTTP Server.
52592b
52592b
If you are installing the Apache HTTP server and you want to be
52592b
able to compile or develop additional modules for Apache, you need
52592b
to install this package.
52592b
52592b
%package manual
52592b
Group: Documentation
52592b
Summary: Documentation for the Apache HTTP server
52592b
Requires: httpd = %{version}-%{release}
52592b
Obsoletes: secureweb-manual, apache-manual
52592b
BuildArch: noarch
52592b
52592b
%description manual
52592b
The httpd-manual package contains the complete manual and
52592b
reference guide for the Apache HTTP server. The information can
52592b
also be found at http://httpd.apache.org/docs/2.2/.
52592b
52592b
%package filesystem
52592b
Group: System Environment/Daemons
52592b
Summary: The basic directory layout for the Apache HTTP server
52592b
BuildArch: noarch
52592b
Requires(pre): /usr/sbin/useradd
52592b
52592b
%description filesystem
52592b
The httpd-filesystem package contains the basic directory layout
52592b
for the Apache HTTP server including the correct permissions
52592b
for the directories.
52592b
52592b
%package tools
52592b
Group: System Environment/Daemons
52592b
Summary: Tools for use with the Apache HTTP Server
52592b
52592b
%description tools
52592b
The httpd-tools package contains tools which can be used with 
52592b
the Apache HTTP Server.
52592b
52592b
%package -n mod_ssl
52592b
Group: System Environment/Daemons
52592b
Summary: SSL/TLS module for the Apache HTTP Server
52592b
Epoch: 1
52592b
BuildRequires: openssl-devel
52592b
Requires(pre): httpd-filesystem
52592b
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
52592b
Requires: sscg >= 2.2.0
52592b
Obsoletes: stronghold-mod_ssl
52592b
# Require an OpenSSL which supports PROFILE=SYSTEM
52592b
Conflicts: openssl-libs < 1:1.0.1h-4
52592b
52592b
%description -n mod_ssl
52592b
The mod_ssl module provides strong cryptography for the Apache Web
52592b
server via the Secure Sockets Layer (SSL) and Transport Layer
52592b
Security (TLS) protocols.
52592b
52592b
%package -n mod_proxy_html
52592b
Group: System Environment/Daemons
52592b
Summary: HTML and XML content filters for the Apache HTTP Server
52592b
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
52592b
BuildRequires: libxml2-devel
52592b
Epoch: 1
52592b
Obsoletes: mod_proxy_html < 1:2.4.1-2
52592b
52592b
%description -n mod_proxy_html
52592b
The mod_proxy_html and mod_xml2enc modules provide filters which can
52592b
transform and modify HTML and XML content.
52592b
52592b
%package -n mod_ldap
52592b
Group: System Environment/Daemons
52592b
Summary: LDAP authentication modules for the Apache HTTP Server
52592b
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
52592b
Requires: apr-util-ldap
52592b
52592b
%description -n mod_ldap
52592b
The mod_ldap and mod_authnz_ldap modules add support for LDAP
52592b
authentication to the Apache HTTP Server.
52592b
52592b
%package -n mod_session
52592b
Group: System Environment/Daemons
52592b
Summary: Session interface for the Apache HTTP Server
52592b
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
52592b
52592b
%description -n mod_session
52592b
The mod_session module and associated backends provide an abstract
52592b
interface for storing and accessing per-user session data.
52592b
52592b
%prep
52592b
%setup -q
52592b
%patch1 -p1 -b .apctl
52592b
%patch2 -p1 -b .apxs
52592b
%patch3 -p1 -b .deplibs
52592b
52592b
%patch19 -p1 -b .detectsystemd
52592b
%patch20 -p1 -b .export
52592b
%patch21 -p1 -b .corelimit
52592b
%patch22 -p1 -b .selinux
52592b
%patch23 -p1 -b .icons
52592b
%patch24 -p1 -b .systemd
52592b
%patch25 -p1 -b .cachehardmax
52592b
%patch26 -p1 -b .socketactivation
52592b
%patch27 -p1 -b .sslciphdefault
52592b
%patch28 -p1 -b .statementscomment
52592b
%patch29 -p1 -b .fullrelease
52592b
%patch30 -p1 -b .freebind
52592b
%patch31 -p1 -b .r1830819+
52592b
%patch32 -p1 -b .sslprotdefault
26c8e2
%patch33 -p1 -b .mod-md-mod-ssl-hooks
26c8e2
%patch34 -p1 -b .r1861793+
26c8e2
%patch35 -p1 -b .sslkeylogfile-support
fa34f0
%patch36 -p1 -b .session-expiry
fa34f0
%patch37 -p1 -b .logjournal
52592b
52592b
%patch61 -p1 -b .r1738878
52592b
%patch62 -p1 -b .r1633085
52592b
%patch63 -p1 -b .r1811831
52592b
%patch65 -p1 -b .r1842888
52592b
%patch66 -p1 -b .r1842929+
52592b
%patch67 -p1 -b .r1825120
52592b
%patch68 -p1 -b .fipscore
10ea73
%patch70 -p1 -b .r1840554
10ea73
%patch71 -p1 -b .modmdperms
10ea73
%patch72 -p1 -b .mimemagic
26c8e2
%patch73 -p1 -b .ocspwrongctx
26c8e2
%patch74 -p1 -b .r1828172+
26c8e2
%patch75 -p1 -b .r1870095+
fa34f0
%patch76 -p1 -b .proxy-continue
fa34f0
%patch77 -p1 -b .balancer-failover
fa34f0
52592b
52592b
%patch200 -p1 -b .r1851471
c49bed
%patch201 -p1 -b .CVE-2019-0211
c49bed
%patch202 -p1 -b .CVE-2019-0215
10ea73
%patch203 -p1 -b .CVE-2019-0217
10ea73
%patch204 -p1 -b .CVE-2019-0220
10ea73
%patch205 -p1 -b .CVE-2019-9511-and-9516-and-9517
fa34f0
%patch206 -p1 -b .CVE-2019-10098
fa34f0
%patch207 -p1 -b .CVE-2019-10092
fa34f0
%patch208 -p1 -b .CVE-2019-10097
fa34f0
%patch209 -p1 -b .CVE-2020-1934
52592b
52592b
# Patch in the vendor string
52592b
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
52592b
sed -i 's/@RELEASE@/%{release}/' server/core.c
52592b
52592b
# Prevent use of setcap in "install-suexec-caps" target.
52592b
sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in
52592b
52592b
# Example conf for instances
52592b
cp $RPM_SOURCE_DIR/instance.conf .
52592b
sed < $RPM_SOURCE_DIR/httpd.conf >> instance.conf '
52592b
0,/^ServerRoot/d;
52592b
/# Supplemental configuration/,$d
52592b
/^ *CustomLog .logs/s,logs/,logs/${HTTPD_INSTANCE}_,
52592b
/^ *ErrorLog .logs/s,logs/,logs/${HTTPD_INSTANCE}_,
52592b
'
52592b
touch -r $RPM_SOURCE_DIR/instance.conf instance.conf
52592b
52592b
# Safety check: prevent build if defined MMN does not equal upstream MMN.
52592b
vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
52592b
if test "x${vmmn}" != "x%{mmn}"; then
52592b
   : Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn}
52592b
   : Update the mmn macro and rebuild.
52592b
   exit 1
52592b
fi
52592b
10ea73
# Provide default layout
10ea73
cp $RPM_SOURCE_DIR/config.layout .
10ea73
52592b
sed '
52592b
s,@MPM@,%{mpm},g
52592b
s,@DOCROOT@,%{docroot},g
52592b
s,@LOGDIR@,%{_localstatedir}/log/httpd,g
52592b
' < $RPM_SOURCE_DIR/httpd.conf.xml \
52592b
    > httpd.conf.xml
52592b
52592b
xmlto man ./httpd.conf.xml
52592b
xmlto man $RPM_SOURCE_DIR/htcacheclean.service.xml
52592b
xmlto man $RPM_SOURCE_DIR/httpd.service.xml
52592b
52592b
: Building with MMN %{mmn}, MMN-ISA %{mmnisa}
52592b
: Default MPM is %{mpm}, vendor string is '%{vstring}'
52592b
52592b
%build
52592b
# forcibly prevent use of bundled apr, apr-util, pcre
52592b
rm -rf srclib/{apr,apr-util,pcre}
52592b
52592b
# regenerate configure scripts
52592b
autoheader && autoconf || exit 1
52592b
52592b
# Before configure; fix location of build dir in generated apxs
52592b
%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \
10ea73
        support/apxs.in
52592b
52592b
export CFLAGS=$RPM_OPT_FLAGS
52592b
export LDFLAGS="-Wl,-z,relro,-z,now"
52592b
52592b
# Hard-code path to links to avoid unnecessary builddep
52592b
export LYNX_PATH=/usr/bin/links
52592b
52592b
# Build the daemon
52592b
./configure \
52592b
        --prefix=%{_sysconfdir}/httpd \
52592b
        --exec-prefix=%{_prefix} \
52592b
        --bindir=%{_bindir} \
52592b
        --sbindir=%{_sbindir} \
52592b
        --mandir=%{_mandir} \
52592b
        --libdir=%{_libdir} \
52592b
        --sysconfdir=%{_sysconfdir}/httpd/conf \
52592b
        --includedir=%{_includedir}/httpd \
52592b
        --libexecdir=%{_libdir}/httpd/modules \
52592b
        --datadir=%{contentdir} \
52592b
        --enable-layout=Fedora \
52592b
        --with-installbuilddir=%{_libdir}/httpd/build \
52592b
        --enable-mpms-shared=all \
52592b
        --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
52592b
        --enable-suexec --with-suexec \
52592b
        --enable-suexec-capabilities \
52592b
        --with-suexec-caller=%{suexec_caller} \
52592b
        --with-suexec-docroot=%{docroot} \
52592b
        --without-suexec-logfile \
52592b
        --with-suexec-syslog \
52592b
        --with-suexec-bin=%{_sbindir}/suexec \
52592b
        --with-suexec-uidmin=1000 --with-suexec-gidmin=1000 \
52592b
        --with-brotli \
52592b
        --enable-pie \
52592b
        --with-pcre \
52592b
        --enable-mods-shared=all \
52592b
        --enable-ssl --with-ssl --disable-distcache \
52592b
        --enable-proxy --enable-proxy-fdpass \
52592b
        --enable-cache \
52592b
        --enable-disk-cache \
52592b
        --enable-ldap --enable-authnz-ldap \
52592b
        --enable-cgid --enable-cgi \
26c8e2
        --enable-cgid-fdpassing \
52592b
        --enable-authn-anon --enable-authn-alias \
52592b
        --disable-imagemap --disable-file-cache \
52592b
        --disable-http2 \
26c8e2
        --disable-md \
52592b
        $*
52592b
make %{?_smp_mflags}
52592b
52592b
%install
52592b
rm -rf $RPM_BUILD_ROOT
52592b
52592b
make DESTDIR=$RPM_BUILD_ROOT install
52592b
52592b
# Install systemd service files
52592b
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
52592b
for s in httpd.service htcacheclean.service httpd.socket \
52592b
         httpd@.service httpd-init.service; do
52592b
  install -p -m 644 $RPM_SOURCE_DIR/${s} \
52592b
                    $RPM_BUILD_ROOT%{_unitdir}/${s}
52592b
done
52592b
52592b
# install conf file/directory
52592b
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \
52592b
      $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d
52592b
install -m 644 $RPM_SOURCE_DIR/README.confd \
52592b
    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README
52592b
install -m 644 $RPM_SOURCE_DIR/README.confmod \
52592b
    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README
52592b
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
52592b
         00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
26c8e2
         01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf; do
52592b
  install -m 644 -p $RPM_SOURCE_DIR/$f \
52592b
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
52592b
done
52592b
52592b
sed -i '/^#LoadModule mpm_%{mpm}_module /s/^#//' \
52592b
     $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/00-mpm.conf
52592b
touch -r $RPM_SOURCE_DIR/00-mpm.conf \
52592b
     $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/00-mpm.conf
52592b
52592b
# install systemd override drop directory
52592b
# Web application packages can drop snippets into this location if
52592b
# they need ExecStart[pre|post].
52592b
mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d
52592b
mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d
52592b
52592b
install -m 644 -p $RPM_SOURCE_DIR/10-listen443.conf \
52592b
      $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d/10-listen443.conf
52592b
52592b
for f in welcome.conf ssl.conf manual.conf userdir.conf; do
52592b
  install -m 644 -p $RPM_SOURCE_DIR/$f \
52592b
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f
52592b
done
52592b
52592b
# Split-out extra config shipped as default in conf.d:
52592b
for f in autoindex; do
52592b
  install -m 644 docs/conf/extra/httpd-${f}.conf \
52592b
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/${f}.conf
52592b
done
52592b
52592b
# Extra config trimmed:
52592b
rm -v docs/conf/extra/httpd-{ssl,userdir}.conf
52592b
52592b
rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf
52592b
install -m 644 -p $RPM_SOURCE_DIR/httpd.conf \
52592b
   $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/httpd.conf
52592b
52592b
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
52592b
install -m 644 -p $RPM_SOURCE_DIR/htcacheclean.sysconf \
52592b
   $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/htcacheclean
52592b
52592b
# tmpfiles.d configuration
52592b
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d 
52592b
install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \
52592b
   $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/httpd.conf
52592b
52592b
# Other directories
52592b
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \
52592b
         $RPM_BUILD_ROOT%{_localstatedir}/lib/httpd \
52592b
         $RPM_BUILD_ROOT/run/httpd/htcacheclean
52592b
52592b
# Substitute in defaults which are usually done (badly) by "make install"
52592b
sed -i \
52592b
   "s,@@ServerRoot@@/var,%{_localstatedir}/lib/dav,;
52592b
    s,@@ServerRoot@@/user.passwd,/etc/httpd/conf/user.passwd,;
52592b
    s,@@ServerRoot@@/docs,%{docroot},;
52592b
    s,@@ServerRoot@@,%{docroot},;
52592b
    s,@@Port@@,80,;" \
52592b
    docs/conf/extra/*.conf
52592b
52592b
# Create cache directory
52592b
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd \
52592b
         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/proxy \
52592b
         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/ssl
52592b
52592b
# Make the MMN accessible to module packages
52592b
echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn
52592b
mkdir -p $RPM_BUILD_ROOT%{_rpmconfigdir}/macros.d
52592b
cat > $RPM_BUILD_ROOT%{_rpmconfigdir}/macros.d/macros.httpd <
52592b
%%_httpd_mmn %{mmnisa}
52592b
%%_httpd_apxs %%{_bindir}/apxs
52592b
%%_httpd_modconfdir %%{_sysconfdir}/httpd/conf.modules.d
52592b
%%_httpd_confdir %%{_sysconfdir}/httpd/conf.d
52592b
%%_httpd_contentdir %{contentdir}
52592b
%%_httpd_moddir %%{_libdir}/httpd/modules
52592b
EOF
52592b
52592b
# Handle contentdir
52592b
mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
2f74ee
tar xzf %{SOURCE1} -C $RPM_BUILD_ROOT%{contentdir}/noindex/ --strip-components=1
52592b
rm -rf %{contentdir}/htdocs
52592b
52592b
# remove manual sources
52592b
find $RPM_BUILD_ROOT%{contentdir}/manual \( \
52592b
    -name \*.xml -o -name \*.xml.* -o -name \*.ent -o -name \*.xsl -o -name \*.dtd \
52592b
    \) -print0 | xargs -0 rm -f
52592b
52592b
# Strip the manual down just to English and replace the typemaps with flat files:
52592b
set +x
52592b
for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do
52592b
   if test -f ${f}.en; then
52592b
      cp ${f}.en ${f}
52592b
      rm ${f}.*
52592b
   fi
52592b
done
52592b
set -x
52592b
52592b
# Clean Document Root
52592b
rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
52592b
      $RPM_BUILD_ROOT%{docroot}/cgi-bin/*
52592b
52592b
# Symlink for the powered-by-$DISTRO image:
52592b
ln -s ../../pixmaps/poweredby.png \
52592b
        $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
52592b
52592b
# symlinks for /etc/httpd
10ea73
rmdir $RPM_BUILD_ROOT/etc/httpd/{state,run}
52592b
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
52592b
ln -s ../..%{_localstatedir}/lib/httpd $RPM_BUILD_ROOT/etc/httpd/state
52592b
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
52592b
ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
52592b
52592b
# install http-ssl-pass-dialog
52592b
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
52592b
install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \
10ea73
        $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog
52592b
52592b
# install http-ssl-gencerts
52592b
install -m755 $RPM_SOURCE_DIR/httpd-ssl-gencerts \
10ea73
        $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-gencerts
52592b
52592b
# Install action scripts
52592b
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd
52592b
for f in graceful configtest; do
52592b
    install -p -m 755 $RPM_SOURCE_DIR/action-${f}.sh \
52592b
            $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd/${f}
52592b
done
52592b
52592b
# Install logrotate config
52592b
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
52592b
install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \
10ea73
        $RPM_BUILD_ROOT/etc/logrotate.d/httpd
52592b
52592b
# Install man pages
52592b
install -d $RPM_BUILD_ROOT%{_mandir}/man8 $RPM_BUILD_ROOT%{_mandir}/man5
52592b
install -m 644 -p httpd.service.8 httpd-init.service.8 httpd.socket.8 \
52592b
        httpd@.service.8  htcacheclean.service.8 \
52592b
        $RPM_BUILD_ROOT%{_mandir}/man8
52592b
install -m 644 -p httpd.conf.5 \
52592b
        $RPM_BUILD_ROOT%{_mandir}/man5
52592b
52592b
# fix man page paths
52592b
sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \
52592b
    -e "s|/usr/local/apache2/conf/mime.types|/etc/mime.types|" \
52592b
    -e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \
52592b
    -e "s|/usr/local/apache2/logs/error_log|/var/log/httpd/error_log|" \
52592b
    -e "s|/usr/local/apache2/logs/access_log|/var/log/httpd/access_log|" \
52592b
    -e "s|/usr/local/apache2/logs/httpd.pid|/run/httpd/httpd.pid|" \
52592b
    -e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \
52592b
  > $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8
52592b
52592b
# Make ap_config_layout.h libdir-agnostic
52592b
sed -i '/.*DEFAULT_..._LIBEXECDIR/d;/DEFAULT_..._INSTALLBUILDDIR/d' \
52592b
    $RPM_BUILD_ROOT%{_includedir}/httpd/ap_config_layout.h
52592b
52592b
# Fix path to instdso in special.mk
52592b
sed -i '/instdso/s,top_srcdir,top_builddir,' \
52592b
    $RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk
52592b
52592b
# Remove unpackaged files
52592b
rm -vf \
52592b
      $RPM_BUILD_ROOT%{_libdir}/*.exp \
52592b
      $RPM_BUILD_ROOT/etc/httpd/conf/mime.types \
52592b
      $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \
52592b
      $RPM_BUILD_ROOT%{_libdir}/httpd/build/config.nice \
52592b
      $RPM_BUILD_ROOT%{_bindir}/{ap?-config,dbmmanage} \
52592b
      $RPM_BUILD_ROOT%{_sbindir}/{checkgid,envvars*} \
52592b
      $RPM_BUILD_ROOT%{contentdir}/htdocs/* \
52592b
      $RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \
52592b
      $RPM_BUILD_ROOT%{contentdir}/cgi-bin/*
52592b
52592b
rm -rf $RPM_BUILD_ROOT/etc/httpd/conf/{original,extra}
52592b
52592b
%pre filesystem
52592b
getent group apache >/dev/null || groupadd -g 48 -r apache
52592b
getent passwd apache >/dev/null || \
52592b
  useradd -r -u 48 -g apache -s /sbin/nologin \
52592b
    -d %{contentdir} -c "Apache" apache
52592b
exit 0
52592b
52592b
%post
52592b
%systemd_post httpd.service htcacheclean.service httpd.socket
52592b
52592b
%preun
52592b
%systemd_preun httpd.service htcacheclean.service httpd.socket
52592b
52592b
%postun
fa34f0
%systemd_postun httpd.service htcacheclean.service httpd.socket
52592b
52592b
# Trigger for conversion from SysV, per guidelines at:
52592b
# https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd
52592b
%triggerun -- httpd < 2.2.21-5
52592b
# Save the current service runlevel info
52592b
# User must manually run systemd-sysv-convert --apply httpd
52592b
# to migrate them to systemd targets
52592b
/usr/bin/systemd-sysv-convert --save httpd.service >/dev/null 2>&1 ||:
52592b
52592b
# Run these because the SysV package being removed won't do them
52592b
/sbin/chkconfig --del httpd >/dev/null 2>&1 || :
52592b
52592b
%posttrans
52592b
test -f /etc/sysconfig/httpd-disable-posttrans || \
52592b
  /bin/systemctl try-restart --no-block httpd.service htcacheclean.service >/dev/null 2>&1 || :
52592b
52592b
%check
52592b
# Check the built modules are all PIC
52592b
if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then
52592b
   : modules contain non-relocatable code
52592b
   exit 1
52592b
fi
52592b
set +x
52592b
rv=0
52592b
# Ensure every mod_* that's built is loaded.
52592b
for f in $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so; do
52592b
  m=${f##*/}
52592b
  if ! grep -q $m $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/*.conf; then
52592b
    echo ERROR: Module $m not configured.  Disable it, or load it.
52592b
    rv=1
52592b
  fi
52592b
done
52592b
# Ensure every loaded mod_* is actually built
52592b
mods=`grep -h ^LoadModule $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/*.conf | sed 's,.*modules/,,'`
52592b
for m in $mods; do
52592b
  f=$RPM_BUILD_ROOT%{_libdir}/httpd/modules/${m}
52592b
  if ! test -x $f; then
52592b
    echo ERROR: Module $m is configured but not built.
52592b
    rv=1
52592b
  fi
52592b
done
52592b
set -x
52592b
exit $rv
52592b
52592b
%clean
52592b
rm -rf $RPM_BUILD_ROOT
52592b
52592b
%files
52592b
%defattr(-,root,root)
52592b
52592b
%doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE
52592b
%doc docs/conf/extra/*.conf
52592b
%doc instance.conf
52592b
52592b
%{_sysconfdir}/httpd/modules
52592b
%{_sysconfdir}/httpd/logs
52592b
%{_sysconfdir}/httpd/state
52592b
%{_sysconfdir}/httpd/run
52592b
%dir %{_sysconfdir}/httpd/conf
52592b
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
52592b
%config(noreplace) %{_sysconfdir}/httpd/conf/magic
52592b
52592b
%config(noreplace) %{_sysconfdir}/logrotate.d/httpd
52592b
52592b
%config(noreplace) %{_sysconfdir}/httpd/conf.d/*.conf
52592b
%exclude %{_sysconfdir}/httpd/conf.d/ssl.conf
52592b
%exclude %{_sysconfdir}/httpd/conf.d/manual.conf
52592b
52592b
%dir %{_sysconfdir}/httpd/conf.modules.d
52592b
%{_sysconfdir}/httpd/conf.modules.d/README
52592b
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf
52592b
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
52592b
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
52592b
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
52592b
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
52592b
52592b
%config(noreplace) %{_sysconfdir}/sysconfig/htcacheclean
52592b
%{_prefix}/lib/tmpfiles.d/httpd.conf
52592b
52592b
%dir %{_libexecdir}/initscripts/legacy-actions/httpd
52592b
%{_libexecdir}/initscripts/legacy-actions/httpd/*
52592b
52592b
%{_sbindir}/ht*
52592b
%{_sbindir}/fcgistarter
52592b
%{_sbindir}/apachectl
52592b
%{_sbindir}/rotatelogs
52592b
%caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
52592b
52592b
%dir %{_libdir}/httpd
52592b
%dir %{_libdir}/httpd/modules
52592b
%{_libdir}/httpd/modules/mod*.so
52592b
%exclude %{_libdir}/httpd/modules/mod_auth_form.so
52592b
%exclude %{_libdir}/httpd/modules/mod_ssl.so
52592b
%exclude %{_libdir}/httpd/modules/mod_*ldap.so
52592b
%exclude %{_libdir}/httpd/modules/mod_proxy_html.so
52592b
%exclude %{_libdir}/httpd/modules/mod_xml2enc.so
52592b
%exclude %{_libdir}/httpd/modules/mod_session*.so
52592b
52592b
%dir %{contentdir}/error
52592b
%dir %{contentdir}/error/include
52592b
%dir %{contentdir}/noindex
52592b
%{contentdir}/icons/*
52592b
%{contentdir}/error/README
52592b
%{contentdir}/error/*.var
52592b
%{contentdir}/error/include/*.html
2f74ee
%{contentdir}/noindex/*
52592b
52592b
%attr(0710,root,apache) %dir /run/httpd
52592b
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean
52592b
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd
52592b
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav
52592b
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/httpd
52592b
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
52592b
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
52592b
52592b
%{_mandir}/man8/*
52592b
%{_mandir}/man5/*
52592b
%exclude %{_mandir}/man8/httpd-init.*
52592b
52592b
%{_unitdir}/httpd.service
52592b
%{_unitdir}/httpd@.service
52592b
%{_unitdir}/htcacheclean.service
52592b
%{_unitdir}/*.socket
52592b
52592b
%files filesystem
52592b
%dir %{_sysconfdir}/httpd
52592b
%dir %{_sysconfdir}/httpd/conf.d
52592b
%{_sysconfdir}/httpd/conf.d/README
52592b
%dir %{docroot}
52592b
%dir %{docroot}/cgi-bin
52592b
%dir %{docroot}/html
52592b
%dir %{contentdir}
52592b
%dir %{contentdir}/icons
52592b
%attr(755,root,root) %dir %{_unitdir}/httpd.service.d
52592b
%attr(755,root,root) %dir %{_unitdir}/httpd.socket.d
52592b
52592b
%files tools
52592b
%defattr(-,root,root)
52592b
%{_bindir}/*
52592b
%{_mandir}/man1/*
52592b
%doc LICENSE NOTICE
52592b
%exclude %{_bindir}/apxs
52592b
%exclude %{_mandir}/man1/apxs.1*
52592b
52592b
%files manual
52592b
%defattr(-,root,root)
52592b
%{contentdir}/manual
52592b
%config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf
52592b
52592b
%files -n mod_ssl
52592b
%defattr(-,root,root)
52592b
%{_libdir}/httpd/modules/mod_ssl.so
52592b
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
52592b
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf
52592b
%attr(0700,apache,root) %dir %{_localstatedir}/cache/httpd/ssl
52592b
%{_unitdir}/httpd-init.service
52592b
%{_libexecdir}/httpd-ssl-pass-dialog
52592b
%{_libexecdir}/httpd-ssl-gencerts
52592b
%{_unitdir}/httpd.socket.d/10-listen443.conf
52592b
%{_mandir}/man8/httpd-init.*
52592b
52592b
%files -n mod_proxy_html
52592b
%defattr(-,root,root)
52592b
%{_libdir}/httpd/modules/mod_proxy_html.so
52592b
%{_libdir}/httpd/modules/mod_xml2enc.so
52592b
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
52592b
52592b
%files -n mod_ldap
52592b
%defattr(-,root,root)
52592b
%{_libdir}/httpd/modules/mod_*ldap.so
52592b
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
52592b
52592b
%files -n mod_session
52592b
%defattr(-,root,root)
52592b
%{_libdir}/httpd/modules/mod_session*.so
52592b
%{_libdir}/httpd/modules/mod_auth_form.so
52592b
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
52592b
52592b
%files devel
52592b
%defattr(-,root,root)
52592b
%{_includedir}/httpd
52592b
%{_bindir}/apxs
52592b
%{_mandir}/man1/apxs.1*
52592b
%dir %{_libdir}/httpd/build
52592b
%{_libdir}/httpd/build/*.mk
52592b
%{_libdir}/httpd/build/*.sh
52592b
%{_rpmconfigdir}/macros.d/macros.httpd
52592b
52592b
%changelog
fa34f0
* Mon Jun 15 2020 Joe Orton <jorton@redhat.com> - 2.4.37-30
fa34f0
- Resolves: #1209162 - support logging to journald from CustomLog
fa34f0
fa34f0
* Mon Jun 08 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-29
fa34f0
- Resolves: #1823263 (CVE-2020-1934) - CVE-2020-1934 httpd: mod_proxy_ftp use of
fa34f0
  uninitialized value
fa34f0
fa34f0
* Fri May 29 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-28
fa34f0
- Related: #1771847 - BalancerMember ping parameter for mod_proxy_http
fa34f0
  doesn't work
fa34f0
fa34f0
* Tue Apr 14 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-27
fa34f0
- Resolves: #1823259 - CVE-2020-1927 httpd:2.4/httpd: mod_rewrite configurations
fa34f0
  vulnerable to open redirect
fa34f0
- Resolves: #1747284 - CVE-2019-10098 httpd:2.4/httpd: mod_rewrite potential
fa34f0
  open redirect
fa34f0
- Resolves: #1747281 - CVE-2019-10092 httpd:2.4/httpd: limited cross-site 
fa34f0
  scripting in mod_proxy error page
fa34f0
- Resolves: #1747291 - CVE-2019-10097 httpd:2.4/httpd: null-pointer dereference
fa34f0
  in mod_remoteip
fa34f0
- Resolves: #1771847 - BalancerMember ping parameter for mod_proxy_http
fa34f0
  doesn't work
fa34f0
- Resolves: #1794728 - Backport of SessionExpiryUpdateInterval directive
f358ca
26c8e2
* Mon Dec 02 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-21
26c8e2
- Resolves: #1775158 - POST request with TLS 1.3 PHA client auth fails:
26c8e2
  Re-negotiation handshake failed: Client certificate missing
26c8e2
26c8e2
* Sun Dec 01 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-20
26c8e2
- Resolves: #1704317 - Add support for SSLKEYLOGFILE
26c8e2
26c8e2
* Thu Nov 28 2019 Joe Orton <jorton@redhat.com> - 2.4.37-19
26c8e2
- mod_cgid: enable fd passing (#1633224)
26c8e2
26c8e2
* Mon Nov 18 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-18
26c8e2
- Resolves: #1744121 - Unexpected OCSP in proxy SSL connection
26c8e2
- Resolves: #1725031 - htpasswd: support SHA-x passwords for FIPS compatibility
26c8e2
- Resolves: #1633224 - mod_cgid logging issues
26c8e2
26c8e2
* Wed Oct 02 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-17
26c8e2
- remove bundled mod_md module
26c8e2
- Related: #1747898 - add mod_md package
ab6d25
10ea73
* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-16
10ea73
- Resolves: #1744999 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
f45152
  of data request leads to denial of service
10ea73
- Resolves: #1745086 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
f45152
  headers leads to denial of service
10ea73
- Resolves: #1745154 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for
10ea73
  large response leads to denial of service
10ea73
10ea73
* Tue Jul 16 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-15
10ea73
- Resolves: #1730721 - absolute path used for default state and runtime dir by
10ea73
  default
10ea73
10ea73
* Thu Jun 27 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-14
10ea73
- Resolves: #1724549 - httpd response contains garbage in Content-Type header
10ea73
10ea73
* Wed Jun 12 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-13
10ea73
- Resolves: #1696142 - CVE-2019-0217 httpd:2.4/httpd: mod_auth_digest: access
10ea73
  control bypass due to race condition
10ea73
- Resolves: #1696097 - CVE-2019-0220 httpd:2.4/httpd: URL normalization
10ea73
  inconsistency
10ea73
- Resolves: #1669221 - `ExtendedStatus Off` directive when using mod_systemd
10ea73
  causes systemctl to hang
10ea73
- Resolves: #1673022 - httpd can not be started with mod_md enabled
10ea73
10ea73
* Mon Apr 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-11
10ea73
- Resolves: #1695432 - CVE-2019-0211 httpd: privilege escalation
c49bed
  from modules scripts
10ea73
- Resolves: #1696091 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control 
c49bed
  bypass when using per-location client certification authentication
2881fa
52592b
* Wed Feb 06 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-10
52592b
- Resolves: #1672977 - state-dir corruption on reload 
52592b
52592b
* Tue Feb 05 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-9
52592b
- Resolves: #1670716 - Coredump when starting in FIPS mode
52592b
52592b
* Fri Feb  1 2019 Joe Orton <jorton@redhat.com> - 2.4.37-8
52592b
- add security fix for CVE-2019-0190 (#1671282)
52592b
52592b
* Tue Dec 11 2018 Joe Orton <jorton@redhat.com> - 2.4.37-7
52592b
- add DefaultStateDir/ap_state_dir_relative() (#1653009)
52592b
- mod_dav_fs: use state dir for default DAVLockDB
52592b
- mod_md: use state dir for default MDStoreDir
52592b
52592b
* Mon Dec 10 2018 Joe Orton <jorton@redhat.com> - 2.4.37-6
52592b
- add httpd.conf(5) (#1611361)
52592b
52592b
* Mon Nov 26 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-5
52592b
- Resolves: #1652966 - Missing RELEASE in http header
52592b
52592b
* Fri Nov 23 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-4
52592b
- Resolves: #1641951 - No Documentation= line in htcacheclean.service files
52592b
52592b
* Fri Nov 23 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-3
52592b
- Resolves: #1643713 - TLS connection allowed while all protocols are forbidden
52592b
52592b
* Thu Nov 22 2018 Joe Orton <jorton@redhat.com> - 2.4.37-2
52592b
- mod_ssl: fix off-by-one causing crashes in CGI children (#1649428)
52592b
52592b
* Wed Nov 21 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-1
52592b
- Resolves: #1644625 - httpd rebase to 2.4.37
52592b
52592b
* Thu Oct 18 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.35-10
52592b
- Related: #1493510 - RFE: httpd, add IP_FREEBIND support for Listen
52592b
52592b
* Tue Oct 16 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-9
52592b
- mod_ssl: allow sending multiple CA names which differ only in case
52592b
52592b
* Tue Oct 16 2018 Joe Orton <jorton@redhat.com> - 2.4.35-7
52592b
- mod_ssl: drop SSLRandomSeed from default config (#1638730)
52592b
- mod_ssl: follow OpenSSL protocol defaults if SSLProtocol
52592b
     is not configured (Rob Crittenden, #1638738)
52592b
52592b
* Mon Oct 15 2018 Joe Orton <jorton@redhat.com> - 2.4.35-5
52592b
- mod_ssl: don't require SSLCryptoDevice to be set for PKCS#11 cert
52592b
52592b
* Mon Oct 15 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-4
52592b
- Resolves: #1635681 - sync with Fedora 28/29 httpd
52592b
- comment-out SSLProtocol, SSLProxyProtocol from ssl.conf in default
52592b
  configuration; now follow OpenSSL system default (#1468322)
52592b
- dropped NPN support
52592b
- mod_md: change hard-coded default MdStoreDir to state/md (#1563846)
52592b
- don't block on service try-restart in posttrans scriptlet
52592b
- build and load mod_brotli
52592b
- mod_systemd: show bound ports in status and log to journal
52592b
  at startup
52592b
- updated httpd.service.xml man page
52592b
- tweak wording in privkey passphrase prompt
52592b
- drop sslmultiproxy patch
52592b
- apachectl: don't read /etc/sysconfig/httpd
52592b
- drop irrelevant Obsoletes for devel subpackage
52592b
- move instantiated httpd@.service to main httpd package
52592b
52592b
* Mon Oct 15 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-3
52592b
- Resolves: #1602548 - various covscan fixes
52592b
52592b
* Thu Sep 27 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-2
52592b
- apache httpd can work with TLS 1.3 (#1617997)
52592b
- drop SSLv3 support patch
52592b
52592b
* Thu Sep 27 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-1
52592b
- new version 2.4.35 (#1632754)
52592b
52592b
* Mon Sep 03 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.33-4
52592b
- mod_ssl: enable SSLv3 and change behavior of "SSLProtocol All" 
52592b
  configuration (#1622630)
52592b
52592b
* Thu Jul 26 2018 Joe Orton <jorton@redhat.com> - 2.4.33-3
52592b
- mod_ssl: add PKCS#11 cert/key support (Anderson Sasaki, #1527084)
52592b
52592b
* Mon Apr 30 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.33-2
52592b
- new version 2.4.33
52592b
- add mod_md subpackage; load mod_proxy_uwsgi by default
52592b
52592b
* Mon Apr 30 2018 Joe Orton <jorton@redhat.com> - 2.4.28-8
52592b
- remove %%ghosted /etc/sysconfig/httpd (#1572676)
52592b
52592b
* Wed Mar 07 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.28-2
52592b
- Resolves: #1512563 - httpd: update welcome page branding
52592b
- Resolves: #1511123 - RFE: httpd use event MPM by default
52592b
- Resolves: #1493510 - RFE: httpd, add IP_FREEBIND support for Listen
52592b
52592b
* Fri Oct 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.28-1
52592b
- new version 2.4.28
52592b
52592b
* Tue Oct  3 2017 Joe Orton <jorton@redhat.com> - 2.4.27-14
52592b
- add notes on enabling httpd_graceful_shutdown boolean for prefork
52592b
52592b
* Fri Sep 22 2017 Joe Orton <jorton@redhat.com> - 2.4.27-13
52592b
- drop Requires(post) for mod_ssl
52592b
52592b
* Fri Sep 22 2017 Joe Orton <jorton@redhat.com> - 2.4.27-12
52592b
- better error handling in httpd-ssl-gencerts (#1494556)
52592b
52592b
* Thu Sep 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-11
52592b
- Require sscg 2.2.0 for creating service and CA certificates together
52592b
52592b
* Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-10
52592b
- Address CVE-2017-9798 by applying patch from upstream (#1490344)
52592b
52592b
* Thu Sep 21 2017 Joe Orton <jorton@redhat.com> - 2.4.27-9
52592b
- use sscg defaults; append CA cert to generated cert
52592b
- document httpd-init.service in httpd-init.service(8)
52592b
52592b
* Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-8
52592b
- Address CVE-2017-9798 by applying patch from upstream (#1490344)
52592b
52592b
* Wed Sep 20 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-8.1
52592b
- Generate SSL certificates on service start, not %%posttrans
52592b
52592b
* Tue Sep 19 2017 Joe Orton <jorton@redhat.com> - 2.4.27-8.1
52592b
- move httpd.service.d, httpd.socket.d dirs to -filesystem
52592b
52592b
* Wed Sep 13 2017 Joe Orton <jorton@redhat.com> - 2.4.27-7
52592b
- add new content-length filter (upstream PR 61222)
52592b
52592b
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.27-6
52592b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
52592b
52592b
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.27-5
52592b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
52592b
52592b
* Tue Jul 18 2017 Joe Orton <jorton@redhat.com> - 2.4.27-4
52592b
- update mod_systemd (r1802251)
52592b
52592b
* Mon Jul 17 2017 Joe Orton <jorton@redhat.com> - 2.4.27-3
52592b
- switch to event by default for Fedora 27 and later (#1471708)
52592b
52592b
* Wed Jul 12 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.27-2
52592b
- Resolves: #1469959 - httpd update cleaned out /etc/sysconfig
52592b
52592b
* Mon Jul 10 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.27-1
52592b
- new version 2.4.27
52592b
52592b
* Fri Jun 30 2017 Joe Orton <jorton@redhat.com> - 2.4.26-2
52592b
- mod_proxy_fcgi: fix further regressions (PR 61202)
52592b
52592b
* Mon Jun 19 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.26-1
52592b
- new version 2.4.26
52592b
52592b
* Mon Jun  5 2017 Joe Orton <jorton@redhat.com> - 2.4.25-10
52592b
- move unit man pages to section 8, add as Documentation= in units
52592b
52592b
* Fri May 19 2017 Joe Orton <jorton@redhat.com> - 2.4.25-9
52592b
- add httpd.service(5) and httpd.socket(5) man pages
52592b
52592b
* Tue May 16 2017 Joe Orton <jorton@redhat.com> - 2.4.25-8
52592b
- require mod_http2, now packaged separately
52592b
52592b
* Wed Mar 29 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.25-7
52592b
- Resolves: #1397243 - Backport Apache Bug 53098 - mod_proxy_ajp:
52592b
  patch to set worker secret passed to tomcat
52592b
52592b
* Tue Mar 28 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.25-6
52592b
- Resolves: #1434916 - httpd.service: Failed with result timeout
52592b
52592b
* Fri Mar 24 2017 Joe Orton <jorton@redhat.com> - 2.4.25-5
52592b
- link only httpd, not support/* against -lselinux -lsystemd
52592b
52592b
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.25-4
52592b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
52592b
52592b
* Thu Jan 12 2017 Joe Orton <jorton@redhat.com> - 2.4.25-3
52592b
- mod_watchdog: restrict thread lifetime (#1410883)
52592b
52592b
* Thu Dec 22 2016 Luboš Uhliarik <luhliari@redhat.com> - 2.4.25-2
52592b
- Resolves: #1358875 - require nghttp2 >= 1.5.0
52592b
52592b
* Thu Dec 22 2016 Luboš Uhliarik <luhliari@redhat.com> - 2.4.25-1
52592b
- new version 2.4.25
52592b
52592b
* Mon Dec 05 2016 Luboš Uhliarik <luhliari@redhat.com> - 2.4.23-7
52592b
- Resolves: #1401530 - CVE-2016-8740 httpd: Incomplete handling of
52592b
  LimitRequestFields directive in mod_http2
52592b
52592b
* Mon Nov 14 2016 Joe Orton <jorton@redhat.com> - 2.4.23-6
52592b
- fix build with OpenSSL 1.1 (#1392900)
52592b
- fix typos in ssl.conf (josef randinger, #1379407)
52592b
52592b
* Wed Nov  2 2016 Joe Orton <jorton@redhat.com> - 2.4.23-5
52592b
- no longer package /etc/sysconfig/httpd
52592b
- synch ssl.conf with upstream
52592b
52592b
* Mon Jul 18 2016 Joe Orton <jorton@redhat.com> - 2.4.23-4
52592b
- add security fix for CVE-2016-5387
52592b
52592b
* Thu Jul  7 2016 Joe Orton <jorton@redhat.com> - 2.4.23-3
52592b
- load mod_watchdog by default (#1353582)
52592b
52592b
* Thu Jul  7 2016 Joe Orton <jorton@redhat.com> - 2.4.23-2
52592b
- restore build of mod_proxy_fdpass (#1325883)
52592b
- improve check tests to catch configured-but-not-built modules
52592b
52592b
* Thu Jul  7 2016 Joe Orton <jorton@redhat.com> - 2.4.23-1
52592b
- update to 2.4.23 (#1325883, #1353203)
52592b
- load mod_proxy_hcheck
52592b
- recommend use of "systemctl edit" in httpd.service
52592b
52592b
* Thu Apr  7 2016 Joe Orton <jorton@redhat.com> - 2.4.18-6
52592b
- have "apachectl graceful" start httpd if not running, per man page
52592b
52592b
* Wed Apr  6 2016 Joe Orton <jorton@redhat.com> - 2.4.18-5
52592b
- use redirects for lang-specific /manual/ URLs
52592b
52592b
* Fri Mar 18 2016 Joe Orton <jorton@redhat.com> - 2.4.18-4
52592b
- fix welcome page HTML validity (Ville Skyttä)
52592b
52592b
* Fri Mar 18 2016 Joe Orton <jorton@redhat.com> - 2.4.18-3
52592b
- remove httpd pre script (duplicate of httpd-filesystem's)
52592b
- in httpd-filesystem pre script, create group/user iff non-existent
52592b
52592b
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.18-2
52592b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
52592b
52592b
* Mon Dec 14 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.18-1
52592b
- update to new version 2.4.18
52592b
52592b
* Wed Dec  9 2015 Joe Orton <jorton@redhat.com> - 2.4.17-4
52592b
- re-enable mod_asis due to popular demand (#1284315)
52592b
52592b
* Mon Oct 26 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.17-3
52592b
- fix crash when using -X argument (#1272234)
52592b
52592b
* Wed Oct 14 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.17-2
52592b
- rebase socket activation patch to 2.4.17
52592b
52592b
* Tue Oct 13 2015 Joe Orton <jorton@redhat.com> - 2.4.17-1
52592b
- update to 2.4.17 (#1271224)
52592b
- build, load mod_http2
52592b
- don't build mod_asis, mod_file_cache
52592b
- load mod_cache_socache, mod_proxy_wstunnel by default
52592b
- check every built mod_* is configured
52592b
- synch ssl.conf with upstream; disable SSLv3 by default
52592b
52592b
* Wed Jul 15 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.12-4
52592b
- update to 2.4.16
52592b
52592b
* Tue Jul  7 2015 Joe Orton <jorton@redhat.com> - 2.4.12-3
52592b
- mod_ssl: use "localhost" in the dummy SSL cert if len(FQDN) > 59 chars
52592b
52592b
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.12-2
52592b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
52592b
52592b
* Fri Mar 27 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.12-1
52592b
- update to 2.4.12
52592b
52592b
* Tue Mar 24 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-17
52592b
- fix compilation with lua-5.3
52592b
52592b
* Tue Mar 24 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-16
52592b
- remove filter for auto-provides of httpd modules, it is not needed since F20
52592b
52592b
* Wed Dec 17 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-15
52592b
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
52592b
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
52592b
- mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583)
52592b
- mod_lua: fix handling of the Require line when a LuaAuthzProvider is used
52592b
  in multiple Require directives with different arguments (CVE-2014-8109)
52592b
52592b
* Tue Oct 14 2014 Joe Orton <jorton@redhat.com> - 2.4.10-14
52592b
- require apr-util 1.5.x
52592b
52592b
* Thu Sep 18 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-13
52592b
- use NoDelay and DeferAcceptSec in httpd.socket
52592b
52592b
* Mon Sep 08 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-12
52592b
- increase suexec minimum acceptable uid/gid to 1000 (#1136391)
52592b
52592b
* Wed Sep 03 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-11
52592b
- fix hostname requirement and conflict with openssl-libs
52592b
52592b
* Mon Sep 01 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-10
52592b
- use KillMode=mixed in httpd.service (#1135122)
52592b
52592b
* Fri Aug 29 2014 Joe Orton <jorton@redhat.com> - 2.4.10-9
52592b
- set vstring based on /etc/os-release (Pat Riehecky, #1114539)
52592b
52592b
* Fri Aug 29 2014 Joe Orton <jorton@redhat.com> - 2.4.10-8
52592b
- pull in httpd-filesystem as Requires(pre) (#1128328)
52592b
- fix cipher selection in default ssl.conf, depend on new OpenSSL (#1134348)
52592b
- require hostname for mod_ssl post script (#1135118)
52592b
52592b
* Fri Aug 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-7
52592b
- mod_systemd: updated to the latest version
52592b
- use -lsystemd instead of -lsystemd-daemon (#1125084)
52592b
- fix possible crash in SIGINT handling (#958934)
52592b
52592b
* Thu Aug 21 2014 Joe Orton <jorton@redhat.com> - 2.4.10-6
52592b
- mod_ssl: treat "SSLCipherSuite PROFILE=..." as special (#1109119)
52592b
- switch default ssl.conf to use PROFILE=SYSTEM (#1109119)
52592b
52592b
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.10-5
52592b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
52592b
52592b
* Fri Aug 15 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-4
52592b
- add /usr/bin/useradd dependency to -filesystem requires
52592b
52592b
* Thu Aug 14 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-3
52592b
- fix creating apache user in pre script (#1128328)
52592b
52592b
* Thu Jul 31 2014 Joe Orton <jorton@redhat.com> - 2.4.10-2
52592b
- enable mod_request by default for mod_auth_form
52592b
- move disabled-by-default modules from 00-base.conf to 00-optional.conf
52592b
52592b
* Mon Jul 21 2014 Joe Orton <jorton@redhat.com> - 2.4.10-1
52592b
- update to 2.4.10
52592b
- expand variables in docdir example configs
52592b
52592b
* Tue Jul 08 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-8
52592b
- add support for systemd socket activation (#1111648)
52592b
52592b
* Mon Jul 07 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-7
52592b
- remove conf.modules.d from httpd-filesystem subpackage (#1081453)
52592b
52592b
* Mon Jul 07 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-6
52592b
- add httpd-filesystem subpackage (#1081453)
52592b
52592b
* Fri Jun 20 2014 Joe Orton <jorton@redhat.com> - 2.4.9-5
52592b
- mod_ssl: don't use the default OpenSSL cipher suite in ssl.conf (#1109119)
52592b
52592b
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.9-4
52592b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
52592b
52592b
* Fri Mar 28 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-3
52592b
- add support for SetHandler + proxy (#1078970)
52592b
52592b
* Thu Mar 27 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-2
52592b
- move macros from /etc/rpm to macros.d (#1074277)
52592b
- remove unused patches
52592b
52592b
* Mon Mar 17 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-1
52592b
- update to 2.4.9
52592b
52592b
* Fri Feb 28 2014 Joe Orton <jorton@redhat.com> - 2.4.7-6
52592b
- use 2048-bit RSA key with SHA-256 signature in dummy certificate
52592b
52592b
* Fri Feb 28 2014 Stephen Gallagher <sgallagh@redhat.com> 2.4.7-5
52592b
- Create drop directory for systemd snippets
52592b
52592b
* Thu Feb 27 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.7-4
52592b
- remove provides of old MMN, because it contained double-dash (#1068851)
52592b
52592b
* Thu Feb 20 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.7-3
52592b
- fix graceful restart using legacy actions
52592b
52592b
* Thu Dec 12 2013 Joe Orton <jorton@redhat.com> - 2.4.7-2
52592b
- conflict with pre-1.5.0 APR
52592b
- fix sslsninotreq patch
52592b
52592b
* Wed Nov 27 2013 Joe Orton <jorton@redhat.com> - 2.4.7-1
52592b
- update to 2.4.7 (#1034071)
52592b
52592b
* Fri Nov 22 2013 Joe Orton <jorton@redhat.com> - 2.4.6-10
52592b
- switch to requiring system-logos-httpd (#1031288)
52592b
52592b
* Tue Nov 12 2013 Joe Orton <jorton@redhat.com> - 2.4.6-9
52592b
- change mmnisa to drop "-" altogether
52592b
52592b
* Tue Nov 12 2013 Joe Orton <jorton@redhat.com> - 2.4.6-8
52592b
- drop ambiguous invalid "-" in RHS of httpd-mmn Provide, keeping old Provide
52592b
  for transition
52592b
52592b
* Fri Nov  1 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-7
52592b
- systemd: use {MAINPID} notation to ensure /bin/kill has always the second arg
52592b
52592b
* Thu Oct 31 2013 Joe Orton <jorton@redhat.com> - 2.4.6-6
52592b
- mod_ssl: allow SSLEngine to override Listen-based default (r1537535)
52592b
52592b
* Thu Oct 24 2013 Jan kaluza <jkaluza@redhat.com> - 2.4.6-5
52592b
- systemd: send SIGWINCH signal without httpd -k in ExecStop
52592b
52592b
* Mon Oct 21 2013 Joe Orton <jorton@redhat.com> - 2.4.6-4
52592b
- load mod_macro by default (#998452)
52592b
- add README to conf.modules.d
52592b
- mod_proxy_http: add possible fix for threading issues (r1534321)
52592b
- core: add fix for truncated output with CGI scripts (r1530793)
52592b
52592b
* Thu Oct 10 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-3
52592b
- require fedora-logos-httpd (#1009162)
52592b
52592b
* Wed Jul 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-2
52592b
- revert fix for dumping vhosts twice
52592b
52592b
* Mon Jul 22 2013 Joe Orton <jorton@redhat.com> - 2.4.6-1
52592b
- update to 2.4.6
52592b
- mod_ssl: use revised NPN API (r1487772)
52592b
52592b
* Thu Jul 11 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-12
52592b
- mod_unique_id: replace use of hostname + pid with PRNG output (#976666)
52592b
- apxs: mention -p option in manpage
52592b
52592b
* Tue Jul  2 2013 Joe Orton <jorton@redhat.com> - 2.4.4-11
52592b
- add patch for aarch64 (Dennis Gilmore, #925558)
52592b
52592b
* Mon Jul  1 2013 Joe Orton <jorton@redhat.com> - 2.4.4-10
52592b
- remove duplicate apxs man page from httpd-tools
52592b
52592b
* Mon Jun 17 2013 Joe Orton <jorton@redhat.com> - 2.4.4-9
52592b
- remove zombie dbmmanage script
52592b
52592b
* Fri May 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-8
52592b
- return 400 Bad Request on malformed Host header
52592b
52592b
* Fri May 24 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-7
52592b
- ignore /etc/sysconfig/httpd and document systemd way of setting env variables
52592b
  in this file
52592b
52592b
* Mon May 20 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-6
52592b
- htpasswd/htdbm: fix hash generation bug (#956344)
52592b
- do not dump vhosts twice in httpd -S output (#928761)
52592b
- mod_cache: fix potential crash caused by uninitialized variable (#954109)
52592b
52592b
* Thu Apr 18 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-5
52592b
- execute systemctl reload as result of apachectl graceful
52592b
- mod_ssl: ignore SNI hints unless required by config
52592b
- mod_cache: forward-port CacheMaxExpire "hard" option
52592b
- mod_ssl: fall back on another module's proxy hook if mod_ssl proxy
52592b
  is not configured.
52592b
52592b
* Tue Apr 16 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-4
52592b
- fix service file to not send SIGTERM after ExecStop (#906321, #912288)
52592b
52592b
* Tue Mar 26 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-3
52592b
- protect MIMEMagicFile with IfModule (#893949)
52592b
52592b
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-2
52592b
- really package mod_auth_form in mod_session (#915438)
52592b
52592b
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-1
52592b
- update to 2.4.4
52592b
- fix duplicate ownership of mod_session config (#914901)
52592b
52592b
* Fri Feb 22 2013 Joe Orton <jorton@redhat.com> - 2.4.3-17
52592b
- add mod_session subpackage, move mod_auth_form there (#894500)
52592b
52592b
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.3-16
52592b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
52592b
52592b
* Tue Jan  8 2013 Joe Orton <jorton@redhat.com> - 2.4.3-15
52592b
- add systemd service for htcacheclean
52592b
52592b
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-14
52592b
- drop patch for r1344712
52592b
52592b
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-13
52592b
- filter mod_*.so auto-provides (thanks to rcollet)
52592b
- pull in syslog logging fix from upstream (r1344712)
52592b
52592b
* Fri Oct 26 2012 Joe Orton <jorton@redhat.com> - 2.4.3-12
52592b
- rebuild to pick up new apr-util-ldap
52592b
52592b
* Tue Oct 23 2012 Joe Orton <jorton@redhat.com> - 2.4.3-11
52592b
- rebuild
52592b
52592b
* Wed Oct  3 2012 Joe Orton <jorton@redhat.com> - 2.4.3-10
52592b
- pull upstream patch r1392850 in addition to r1387633
52592b
52592b
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-9
52592b
- define PLATFORM in os.h using vendor string
52592b
52592b
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-8
52592b
- use systemd script unconditionally (#850149)
52592b
52592b
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-7
52592b
- use systemd scriptlets if available (#850149)
52592b
- don't run posttrans restart if /etc/sysconfig/httpd-disable-posttrans exists
52592b
52592b
* Mon Oct 01 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-6
52592b
- use systemctl from apachectl (#842736)
52592b
52592b
* Wed Sep 19 2012 Joe Orton <jorton@redhat.com> - 2.4.3-5
52592b
- fix some error log spam with graceful-stop (r1387633)
52592b
- minor mod_systemd tweaks
52592b
52592b
* Thu Sep 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-4
52592b
- use IncludeOptional for conf.d/*.conf inclusion
52592b
52592b
* Fri Sep 07 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-3
52592b
- adding mod_systemd to integrate with systemd better
52592b
52592b
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-2
52592b
- mod_ssl: add check for proxy keypair match (upstream r1374214)
52592b
52592b
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-1
52592b
- update to 2.4.3 (#849883)
52592b
- own the docroot (#848121)
52592b
52592b
* Mon Aug  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-23
52592b
- add mod_proxy fixes from upstream (r1366693, r1365604)
52592b
52592b
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-22
52592b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
52592b
52592b
* Fri Jul  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-21
52592b
- drop explicit version requirement on initscripts
52592b
52592b
* Thu Jul  5 2012 Joe Orton <jorton@redhat.com> - 2.4.2-20
52592b
- mod_ext_filter: fix error_log warnings
52592b
52592b
* Mon Jul  2 2012 Joe Orton <jorton@redhat.com> - 2.4.2-19
52592b
- support "configtest" and "graceful" as initscripts "legacy actions"
52592b
52592b
* Fri Jun  8 2012 Joe Orton <jorton@redhat.com> - 2.4.2-18
52592b
- avoid use of "core" GIF for a "core" directory (#168776)
52592b
- drop use of "syslog.target" in systemd unit file
52592b
52592b
* Thu Jun  7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-17
52592b
- use _unitdir for systemd unit file
52592b
- use /run in unit file, ssl.conf
52592b
52592b
* Thu Jun  7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-16
52592b
- mod_ssl: fix NPN patch merge
52592b
52592b
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-15
52592b
- move tmpfiles.d fragment into /usr/lib per new guidelines
52592b
- package /run/httpd not /var/run/httpd
52592b
- set runtimedir to /run/httpd likewise
52592b
52592b
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-14
52592b
- fix htdbm/htpasswd crash on crypt() failure (#818684)
52592b
52592b
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-13
52592b
- pull fix for NPN patch from upstream (r1345599)
52592b
52592b
* Thu May 31 2012 Joe Orton <jorton@redhat.com> - 2.4.2-12
52592b
- update suexec patch to use LOG_AUTHPRIV facility
52592b
52592b
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-11
52592b
- really fix autoindex.conf (thanks to remi@)
52592b
52592b
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-10
52592b
- fix autoindex.conf to allow symlink to poweredby.png
52592b
52592b
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-9
52592b
- suexec: use upstream version of patch for capability bit support
52592b
52592b
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-8
52592b
- suexec: use syslog rather than suexec.log, drop dac_override capability
52592b
52592b
* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-7
52592b
- mod_ssl: add TLS NPN support (r1332643, #809599)
52592b
52592b
* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-6
52592b
- add BR on APR >= 1.4.0
52592b
52592b
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-5
52592b
- use systemctl from logrotate (#221073)
52592b
52592b
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-4
52592b
- pull from upstream:
52592b
  * use TLS close_notify alert for dummy_connection (r1326980+)
52592b
  * cleanup symbol exports (r1327036+)
52592b
52592b
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3
52592b
- really fix restart
52592b
52592b
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-2
52592b
- tweak default ssl.conf
52592b
- fix restart handling (#814645)
52592b
- use graceful restart by default
52592b
52592b
* Wed Apr 18 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.2-1
52592b
- update to 2.4.2
52592b
52592b
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-6
52592b
- fix macros
52592b
52592b
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-5
52592b
- add _httpd_moddir to macros
52592b
52592b
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-4
52592b
- fix symlink for poweredby.png
52592b
- fix manual.conf
52592b
52592b
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-3
52592b
- add mod_proxy_html subpackage (w/mod_proxy_html + mod_xml2enc)
52592b
- move mod_ldap, mod_authnz_ldap to mod_ldap subpackage
52592b
52592b
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-2
52592b
- clean docroot better
52592b
- ship proxy, ssl directories within /var/cache/httpd
52592b
- default config:
52592b
 * unrestricted access to (only) /var/www
52592b
 * remove (commented) Mutex, MaxRanges, ScriptSock
52592b
 * split autoindex config to conf.d/autoindex.conf
52592b
- ship additional example configs in docdir
52592b
52592b
* Tue Mar  6 2012 Joe Orton <jorton@redhat.com> - 2.4.1-1
52592b
- update to 2.4.1
52592b
- adopt upstream default httpd.conf (almost verbatim)
52592b
- split all LoadModules to conf.modules.d/*.conf
52592b
- include conf.d/*.conf at end of httpd.conf
52592b
- trim %%changelog
52592b
52592b
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-2
52592b
- fix build against PCRE 8.30
52592b
52592b
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-1
52592b
- update to 2.2.22
52592b
52592b
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 2.2.21-8
52592b
- Rebuild against PCRE 8.30
52592b
52592b
* Mon Jan 23 2012 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-7
52592b
- fix #783629 - start httpd after named
52592b
52592b
* Mon Jan 16 2012 Joe Orton <jorton@redhat.com> - 2.2.21-6
52592b
- complete conversion to systemd, drop init script (#770311)
52592b
- fix comments in /etc/sysconfig/httpd (#771024)
52592b
- enable PrivateTmp in service file (#781440)
52592b
- set LANG=C in /etc/sysconfig/httpd
52592b
52592b
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.21-5
52592b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
52592b
52592b
* Tue Dec 06 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-4
52592b
- fix #751591 - start httpd after remote-fs
52592b
52592b
* Mon Oct 24 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-3
52592b
- allow change state of BalancerMember in mod_proxy_balancer web interface
52592b
52592b
* Thu Sep 22 2011 Ville Skyttä <ville.skytta@iki.fi> - 2.2.21-2
52592b
- Make mmn available as %%{_httpd_mmn}.
52592b
- Add .svgz to AddEncoding x-gzip example in httpd.conf.
52592b
52592b
* Tue Sep 13 2011 Joe Orton <jorton@redhat.com> - 2.2.21-1
52592b
- update to 2.2.21
52592b
52592b
* Mon Sep  5 2011 Joe Orton <jorton@redhat.com> - 2.2.20-1
52592b
- update to 2.2.20
52592b
- fix MPM stub man page generation
52592b
52592b
* Wed Aug 10 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-5
52592b
- fix #707917 - add httpd-ssl-pass-dialog to ask for SSL password using systemd
52592b
52592b
* Fri Jul 22 2011 Iain Arnell <iarnell@gmail.com> 1:2.2.19-4
52592b
- rebuild while rpm-4.9.1 is untagged to remove trailing slash in provided
52592b
  directory names
52592b
52592b
* Wed Jul 20 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-3
52592b
- fix #716621 - suexec now works without setuid bit
52592b
52592b
* Thu Jul 14 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-2
52592b
- fix #689091 - backported patch from 2.3 branch to support IPv6 in logresolve
52592b
52592b
* Fri Jul  1 2011 Joe Orton <jorton@redhat.com> - 2.2.19-1
52592b
- update to 2.2.19
52592b
- enable dbd, authn_dbd in default config
52592b
52592b
* Thu Apr 14 2011 Joe Orton <jorton@redhat.com> - 2.2.17-13
52592b
- fix path expansion in service files
52592b
52592b
* Tue Apr 12 2011 Joe Orton <jorton@redhat.com> - 2.2.17-12
52592b
- add systemd service files (#684175, thanks to Jóhann B. Guðmundsson)
52592b
52592b
* Wed Mar 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-11
52592b
- minor updates to httpd.conf
52592b
- drop old patches
52592b
52592b
* Wed Mar  2 2011 Joe Orton <jorton@redhat.com> - 2.2.17-10
52592b
- rebuild
52592b
52592b
* Wed Feb 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-9
52592b
- use arch-specific mmn
52592b
52592b
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.17-8
52592b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
52592b
52592b
* Mon Jan 31 2011 Joe Orton <jorton@redhat.com> - 2.2.17-7
52592b
- generate dummy mod_ssl cert with CA:FALSE constraint (#667841)
52592b
- add man page stubs for httpd.event, httpd.worker
52592b
- drop distcache support
52592b
- add STOP_TIMEOUT support to init script
52592b
52592b
* Sat Jan  8 2011 Joe Orton <jorton@redhat.com> - 2.2.17-6
52592b
- update default SSLCipherSuite per upstream trunk
52592b
52592b
* Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-5
52592b
- fix requires (#667397)
52592b
52592b
* Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-4
52592b
- de-ghost /var/run/httpd
52592b
52592b
* Tue Jan  4 2011 Joe Orton <jorton@redhat.com> - 2.2.17-3
52592b
- add tmpfiles.d configuration, ghost /var/run/httpd (#656600)
52592b
52592b
* Sat Nov 20 2010 Joe Orton <jorton@redhat.com> - 2.2.17-2
52592b
- drop setuid bit, use capabilities for suexec binary
52592b
52592b
* Wed Oct 27 2010 Joe Orton <jorton@redhat.com> - 2.2.17-1
52592b
- update to 2.2.17
52592b
52592b
* Fri Sep 10 2010 Joe Orton <jorton@redhat.com> - 2.2.16-2
52592b
- link everything using -z relro and -z now
52592b
52592b
* Mon Jul 26 2010 Joe Orton <jorton@redhat.com> - 2.2.16-1
52592b
- update to 2.2.16
52592b
52592b
* Fri Jul  9 2010 Joe Orton <jorton@redhat.com> - 2.2.15-3
52592b
- default config tweaks:
52592b
 * harden httpd.conf w.r.t. .htaccess restriction (#591293)
52592b
 * load mod_substitute, mod_version by default
52592b
 * drop proxy_ajp.conf, load mod_proxy_ajp in httpd.conf
52592b
 * add commented list of shipped-but-unloaded modules
52592b
 * bump up worker defaults a little
52592b
 * drop KeepAliveTimeout to 5 secs per upstream
52592b
- fix LSB compliance in init script (#522074)
52592b
- bundle NOTICE in -tools
52592b
- use init script in logrotate postrotate to pick up PIDFILE
52592b
- drop some old Obsoletes/Conflicts
52592b
52592b
* Sun Apr 04 2010 Robert Scheck <robert@fedoraproject.org> - 2.2.15-1
52592b
- update to 2.2.15 (#572404, #579311)
52592b