576df0
%define contentdir %{_datadir}/httpd
576df0
%define docroot /var/www
576df0
%define suexec_caller apache
576df0
%define mmn 20120211
576df0
%define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
576df0
%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})
576df0
%if 0%{?fedora} > 26 || 0%{?rhel} > 7
576df0
%global mpm event
576df0
%else
576df0
%global mpm prefork
576df0
%endif
576df0
576df0
Summary: Apache HTTP Server
576df0
Name: httpd
576df0
Version: 2.4.37
576df0
Release: 30%{?dist}
576df0
URL: https://httpd.apache.org/
576df0
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
576df0
Source1: index.html
576df0
Source2: httpd.logrotate
576df0
Source3: instance.conf
576df0
Source4: httpd-ssl-pass-dialog
576df0
Source5: httpd.tmpfiles
576df0
Source6: httpd.service
576df0
Source7: action-graceful.sh
576df0
Source8: action-configtest.sh
576df0
Source10: httpd.conf
576df0
Source11: 00-base.conf
576df0
Source12: 00-mpm.conf
576df0
Source13: 00-lua.conf
576df0
Source14: 01-cgi.conf
576df0
Source15: 00-dav.conf
576df0
Source16: 00-proxy.conf
576df0
Source17: 00-ssl.conf
576df0
Source18: 01-ldap.conf
576df0
Source19: 00-proxyhtml.conf
576df0
Source20: userdir.conf
576df0
Source21: ssl.conf
576df0
Source22: welcome.conf
576df0
Source23: manual.conf
576df0
Source24: 00-systemd.conf
576df0
Source25: 01-session.conf
576df0
Source26: 10-listen443.conf
576df0
Source27: httpd.socket
576df0
Source28: 00-optional.conf
576df0
# Documentation
576df0
Source30: README.confd
576df0
Source31: README.confmod
576df0
Source32: httpd.service.xml
576df0
Source33: htcacheclean.service.xml
576df0
Source34: httpd.conf.xml
576df0
Source40: htcacheclean.service
576df0
Source41: htcacheclean.sysconf
576df0
Source42: httpd-init.service
576df0
Source43: httpd-ssl-gencerts
576df0
Source44: httpd@.service
576df0
Source45: config.layout
576df0
576df0
# build/scripts patches
576df0
# http://bugzilla.redhat.com/show_bug.cgi?id=1231924
576df0
# http://bugzilla.redhat.com/show_bug.cgi?id=842736
576df0
# http://bugzilla.redhat.com/show_bug.cgi?id=1214401
576df0
Patch1: httpd-2.4.35-apachectl.patch
576df0
Patch2: httpd-2.4.28-apxs.patch
576df0
Patch3: httpd-2.4.35-deplibs.patch
576df0
576df0
# Needed for socket activation and mod_systemd patch
576df0
Patch19: httpd-2.4.35-detect-systemd.patch
576df0
576df0
# Features/functional changes
576df0
Patch20: httpd-2.4.32-export.patch
576df0
Patch21: httpd-2.4.35-corelimit.patch
576df0
Patch22: httpd-2.4.35-selinux.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1170215
576df0
Patch23: httpd-2.4.28-icons.patch
576df0
Patch24: httpd-2.4.35-systemd.patch
576df0
Patch25: httpd-2.4.35-cachehardmax.patch
576df0
Patch26: httpd-2.4.28-socket-activation.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1109119
576df0
Patch27: httpd-2.4.35-sslciphdefault.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1332242
576df0
Patch28: httpd-2.4.28-statements-comment.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=811714
576df0
Patch29: httpd-2.4.35-full-release.patch
576df0
Patch30: httpd-2.4.35-freebind.patch
576df0
Patch31: httpd-2.4.35-r1830819+.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1638738
576df0
Patch32: httpd-2.4.37-sslprotdefault.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1747898
576df0
Patch33: httpd-2.4.37-mod-md-mod-ssl-hooks.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1725031
576df0
Patch34: httpd-2.4.37-r1861793+.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1704317
576df0
Patch35: httpd-2.4.37-sslkeylogfile-support.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1794728
576df0
Patch36: httpd-2.4.37-session-expiry-updt-int.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1209162
576df0
Patch37: httpd-2.4.37-logjournal.patch
576df0
# Bug fixes
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243
576df0
Patch61: httpd-2.4.35-r1738878.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1170206
576df0
Patch62: httpd-2.4.35-r1633085.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1448892
576df0
Patch63: httpd-2.4.28-r1811831.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1602548
576df0
Patch65: httpd-2.4.35-r1842888.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1653009
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1672977
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1673022
576df0
Patch66: httpd-2.4.37-r1842929+.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1630432
576df0
Patch67: httpd-2.4.35-r1825120.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1670716
576df0
Patch68: httpd-2.4.37-fips-segfault.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1669221
576df0
Patch70: httpd-2.4.37-r1840554.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1673022
576df0
Patch71: httpd-2.4.37-mod-md-perms.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1724549
576df0
Patch72: httpd-2.4.37-mod-mime-magic-strdup.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1724034
576df0
Patch73: httpd-2.4.35-ocsp-wrong-ctx.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1633224
576df0
Patch74: httpd-2.4.37-r1828172+.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1775158
576df0
Patch75: httpd-2.4.37-r1870095+.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1771847
576df0
Patch76: httpd-2.4.37-proxy-continue.patch
576df0
Patch77: httpd-2.4.37-balancer-failover.patch
576df0
576df0
576df0
# Security fixes
576df0
Patch200: httpd-2.4.37-r1851471.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1694980
576df0
Patch201: httpd-2.4.37-CVE-2019-0211.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1695025
576df0
Patch202: httpd-2.4.37-CVE-2019-0215.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1696141
576df0
Patch203: httpd-2.4.37-CVE-2019-0217.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1696097
576df0
Patch204: httpd-2.4.37-CVE-2019-0220.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1741860
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1741864
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1741868
576df0
Patch205: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1823259
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1747284
576df0
# fixes both CVE-2020-1927 and CVE-2019-10098
576df0
Patch206: httpd-2.4.37-CVE-2019-10098.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1747281
576df0
Patch207: httpd-2.4.37-CVE-2019-10092.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1747291
576df0
Patch208: httpd-2.4.37-CVE-2019-10097.patch
576df0
# https://bugzilla.redhat.com/show_bug.cgi?id=1820772
576df0
Patch209: httpd-2.4.37-CVE-2020-1934.patch
576df0
576df0
License: ASL 2.0
576df0
Group: System Environment/Daemons
576df0
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
576df0
BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto
576df0
BuildRequires: zlib-devel, libselinux-devel, lua-devel,  brotli-devel
576df0
BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
576df0
BuildRequires: systemd-devel
576df0
Requires: /etc/mime.types, system-logos-httpd
576df0
Obsoletes: httpd-suexec
576df0
Provides: webserver
576df0
Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
576df0
Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
576df0
Requires: httpd-tools = %{version}-%{release}
576df0
Requires: httpd-filesystem = %{version}-%{release}
576df0
Requires: mod_http2
576df0
Requires(pre): httpd-filesystem
576df0
Requires(preun): systemd-units
576df0
Requires(postun): systemd-units
576df0
Requires(post): systemd-units
576df0
Conflicts: apr < 1.5.0-1
576df0
576df0
%description
576df0
The Apache HTTP Server is a powerful, efficient, and extensible
576df0
web server.
576df0
576df0
%package devel
576df0
Group: Development/Libraries
576df0
Summary: Development interfaces for the Apache HTTP server
576df0
Requires: apr-devel, apr-util-devel, pkgconfig
576df0
Requires: httpd = %{version}-%{release}
576df0
576df0
%description devel
576df0
The httpd-devel package contains the APXS binary and other files
576df0
that you need to build Dynamic Shared Objects (DSOs) for the
576df0
Apache HTTP Server.
576df0
576df0
If you are installing the Apache HTTP server and you want to be
576df0
able to compile or develop additional modules for Apache, you need
576df0
to install this package.
576df0
576df0
%package manual
576df0
Group: Documentation
576df0
Summary: Documentation for the Apache HTTP server
576df0
Requires: httpd = %{version}-%{release}
576df0
Obsoletes: secureweb-manual, apache-manual
576df0
BuildArch: noarch
576df0
576df0
%description manual
576df0
The httpd-manual package contains the complete manual and
576df0
reference guide for the Apache HTTP server. The information can
576df0
also be found at http://httpd.apache.org/docs/2.2/.
576df0
576df0
%package filesystem
576df0
Group: System Environment/Daemons
576df0
Summary: The basic directory layout for the Apache HTTP server
576df0
BuildArch: noarch
576df0
Requires(pre): /usr/sbin/useradd
576df0
576df0
%description filesystem
576df0
The httpd-filesystem package contains the basic directory layout
576df0
for the Apache HTTP server including the correct permissions
576df0
for the directories.
576df0
576df0
%package tools
576df0
Group: System Environment/Daemons
576df0
Summary: Tools for use with the Apache HTTP Server
576df0
576df0
%description tools
576df0
The httpd-tools package contains tools which can be used with 
576df0
the Apache HTTP Server.
576df0
576df0
%package -n mod_ssl
576df0
Group: System Environment/Daemons
576df0
Summary: SSL/TLS module for the Apache HTTP Server
576df0
Epoch: 1
576df0
BuildRequires: openssl-devel
576df0
Requires(pre): httpd-filesystem
576df0
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
576df0
Requires: sscg >= 2.2.0
576df0
Obsoletes: stronghold-mod_ssl
576df0
# Require an OpenSSL which supports PROFILE=SYSTEM
576df0
Conflicts: openssl-libs < 1:1.0.1h-4
576df0
576df0
%description -n mod_ssl
576df0
The mod_ssl module provides strong cryptography for the Apache Web
576df0
server via the Secure Sockets Layer (SSL) and Transport Layer
576df0
Security (TLS) protocols.
576df0
576df0
%package -n mod_proxy_html
576df0
Group: System Environment/Daemons
576df0
Summary: HTML and XML content filters for the Apache HTTP Server
576df0
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
576df0
BuildRequires: libxml2-devel
576df0
Epoch: 1
576df0
Obsoletes: mod_proxy_html < 1:2.4.1-2
576df0
576df0
%description -n mod_proxy_html
576df0
The mod_proxy_html and mod_xml2enc modules provide filters which can
576df0
transform and modify HTML and XML content.
576df0
576df0
%package -n mod_ldap
576df0
Group: System Environment/Daemons
576df0
Summary: LDAP authentication modules for the Apache HTTP Server
576df0
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
576df0
Requires: apr-util-ldap
576df0
576df0
%description -n mod_ldap
576df0
The mod_ldap and mod_authnz_ldap modules add support for LDAP
576df0
authentication to the Apache HTTP Server.
576df0
576df0
%package -n mod_session
576df0
Group: System Environment/Daemons
576df0
Summary: Session interface for the Apache HTTP Server
576df0
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
576df0
576df0
%description -n mod_session
576df0
The mod_session module and associated backends provide an abstract
576df0
interface for storing and accessing per-user session data.
576df0
576df0
%prep
576df0
%setup -q
576df0
%patch1 -p1 -b .apctl
576df0
%patch2 -p1 -b .apxs
576df0
%patch3 -p1 -b .deplibs
576df0
576df0
%patch19 -p1 -b .detectsystemd
576df0
%patch20 -p1 -b .export
576df0
%patch21 -p1 -b .corelimit
576df0
%patch22 -p1 -b .selinux
576df0
%patch23 -p1 -b .icons
576df0
%patch24 -p1 -b .systemd
576df0
%patch25 -p1 -b .cachehardmax
576df0
%patch26 -p1 -b .socketactivation
576df0
%patch27 -p1 -b .sslciphdefault
576df0
%patch28 -p1 -b .statementscomment
576df0
%patch29 -p1 -b .fullrelease
576df0
%patch30 -p1 -b .freebind
576df0
%patch31 -p1 -b .r1830819+
576df0
%patch32 -p1 -b .sslprotdefault
576df0
%patch33 -p1 -b .mod-md-mod-ssl-hooks
576df0
%patch34 -p1 -b .r1861793+
576df0
%patch35 -p1 -b .sslkeylogfile-support
576df0
%patch36 -p1 -b .session-expiry
576df0
%patch37 -p1 -b .logjournal
576df0
576df0
%patch61 -p1 -b .r1738878
576df0
%patch62 -p1 -b .r1633085
576df0
%patch63 -p1 -b .r1811831
576df0
%patch65 -p1 -b .r1842888
576df0
%patch66 -p1 -b .r1842929+
576df0
%patch67 -p1 -b .r1825120
576df0
%patch68 -p1 -b .fipscore
576df0
%patch70 -p1 -b .r1840554
576df0
%patch71 -p1 -b .modmdperms
576df0
%patch72 -p1 -b .mimemagic
576df0
%patch73 -p1 -b .ocspwrongctx
576df0
%patch74 -p1 -b .r1828172+
576df0
%patch75 -p1 -b .r1870095+
576df0
%patch76 -p1 -b .proxy-continue
576df0
%patch77 -p1 -b .balancer-failover
576df0
576df0
576df0
%patch200 -p1 -b .r1851471
576df0
%patch201 -p1 -b .CVE-2019-0211
576df0
%patch202 -p1 -b .CVE-2019-0215
576df0
%patch203 -p1 -b .CVE-2019-0217
576df0
%patch204 -p1 -b .CVE-2019-0220
576df0
%patch205 -p1 -b .CVE-2019-9511-and-9516-and-9517
576df0
%patch206 -p1 -b .CVE-2019-10098
576df0
%patch207 -p1 -b .CVE-2019-10092
576df0
%patch208 -p1 -b .CVE-2019-10097
576df0
%patch209 -p1 -b .CVE-2020-1934
576df0
576df0
# Patch in the vendor string
576df0
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
576df0
sed -i 's/@RELEASE@/%{release}/' server/core.c
576df0
576df0
# Prevent use of setcap in "install-suexec-caps" target.
576df0
sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in
576df0
576df0
# Example conf for instances
576df0
cp $RPM_SOURCE_DIR/instance.conf .
576df0
sed < $RPM_SOURCE_DIR/httpd.conf >> instance.conf '
576df0
0,/^ServerRoot/d;
576df0
/# Supplemental configuration/,$d
576df0
/^ *CustomLog .logs/s,logs/,logs/${HTTPD_INSTANCE}_,
576df0
/^ *ErrorLog .logs/s,logs/,logs/${HTTPD_INSTANCE}_,
576df0
'
576df0
touch -r $RPM_SOURCE_DIR/instance.conf instance.conf
576df0
576df0
# Safety check: prevent build if defined MMN does not equal upstream MMN.
576df0
vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
576df0
if test "x${vmmn}" != "x%{mmn}"; then
576df0
   : Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn}
576df0
   : Update the mmn macro and rebuild.
576df0
   exit 1
576df0
fi
576df0
576df0
# Provide default layout
576df0
cp $RPM_SOURCE_DIR/config.layout .
576df0
576df0
sed '
576df0
s,@MPM@,%{mpm},g
576df0
s,@DOCROOT@,%{docroot},g
576df0
s,@LOGDIR@,%{_localstatedir}/log/httpd,g
576df0
' < $RPM_SOURCE_DIR/httpd.conf.xml \
576df0
    > httpd.conf.xml
576df0
576df0
xmlto man ./httpd.conf.xml
576df0
xmlto man $RPM_SOURCE_DIR/htcacheclean.service.xml
576df0
xmlto man $RPM_SOURCE_DIR/httpd.service.xml
576df0
576df0
: Building with MMN %{mmn}, MMN-ISA %{mmnisa}
576df0
: Default MPM is %{mpm}, vendor string is '%{vstring}'
576df0
576df0
%build
576df0
# forcibly prevent use of bundled apr, apr-util, pcre
576df0
rm -rf srclib/{apr,apr-util,pcre}
576df0
576df0
# regenerate configure scripts
576df0
autoheader && autoconf || exit 1
576df0
576df0
# Before configure; fix location of build dir in generated apxs
576df0
%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \
576df0
        support/apxs.in
576df0
576df0
export CFLAGS=$RPM_OPT_FLAGS
576df0
export LDFLAGS="-Wl,-z,relro,-z,now"
576df0
576df0
# Hard-code path to links to avoid unnecessary builddep
576df0
export LYNX_PATH=/usr/bin/links
576df0
576df0
# Build the daemon
576df0
./configure \
576df0
        --prefix=%{_sysconfdir}/httpd \
576df0
        --exec-prefix=%{_prefix} \
576df0
        --bindir=%{_bindir} \
576df0
        --sbindir=%{_sbindir} \
576df0
        --mandir=%{_mandir} \
576df0
        --libdir=%{_libdir} \
576df0
        --sysconfdir=%{_sysconfdir}/httpd/conf \
576df0
        --includedir=%{_includedir}/httpd \
576df0
        --libexecdir=%{_libdir}/httpd/modules \
576df0
        --datadir=%{contentdir} \
576df0
        --enable-layout=Fedora \
576df0
        --with-installbuilddir=%{_libdir}/httpd/build \
576df0
        --enable-mpms-shared=all \
576df0
        --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
576df0
        --enable-suexec --with-suexec \
576df0
        --enable-suexec-capabilities \
576df0
        --with-suexec-caller=%{suexec_caller} \
576df0
        --with-suexec-docroot=%{docroot} \
576df0
        --without-suexec-logfile \
576df0
        --with-suexec-syslog \
576df0
        --with-suexec-bin=%{_sbindir}/suexec \
576df0
        --with-suexec-uidmin=1000 --with-suexec-gidmin=1000 \
576df0
        --with-brotli \
576df0
        --enable-pie \
576df0
        --with-pcre \
576df0
        --enable-mods-shared=all \
576df0
        --enable-ssl --with-ssl --disable-distcache \
576df0
        --enable-proxy --enable-proxy-fdpass \
576df0
        --enable-cache \
576df0
        --enable-disk-cache \
576df0
        --enable-ldap --enable-authnz-ldap \
576df0
        --enable-cgid --enable-cgi \
576df0
        --enable-cgid-fdpassing \
576df0
        --enable-authn-anon --enable-authn-alias \
576df0
        --disable-imagemap --disable-file-cache \
576df0
        --disable-http2 \
576df0
        --disable-md \
576df0
        $*
576df0
make %{?_smp_mflags}
576df0
576df0
%install
576df0
rm -rf $RPM_BUILD_ROOT
576df0
576df0
make DESTDIR=$RPM_BUILD_ROOT install
576df0
576df0
# Install systemd service files
576df0
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
576df0
for s in httpd.service htcacheclean.service httpd.socket \
576df0
         httpd@.service httpd-init.service; do
576df0
  install -p -m 644 $RPM_SOURCE_DIR/${s} \
576df0
                    $RPM_BUILD_ROOT%{_unitdir}/${s}
576df0
done
576df0
576df0
# install conf file/directory
576df0
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \
576df0
      $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d
576df0
install -m 644 $RPM_SOURCE_DIR/README.confd \
576df0
    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README
576df0
install -m 644 $RPM_SOURCE_DIR/README.confmod \
576df0
    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README
576df0
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
576df0
         00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
576df0
         01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf; do
576df0
  install -m 644 -p $RPM_SOURCE_DIR/$f \
576df0
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
576df0
done
576df0
576df0
sed -i '/^#LoadModule mpm_%{mpm}_module /s/^#//' \
576df0
     $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/00-mpm.conf
576df0
touch -r $RPM_SOURCE_DIR/00-mpm.conf \
576df0
     $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/00-mpm.conf
576df0
576df0
# install systemd override drop directory
576df0
# Web application packages can drop snippets into this location if
576df0
# they need ExecStart[pre|post].
576df0
mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d
576df0
mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d
576df0
576df0
install -m 644 -p $RPM_SOURCE_DIR/10-listen443.conf \
576df0
      $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d/10-listen443.conf
576df0
576df0
for f in welcome.conf ssl.conf manual.conf userdir.conf; do
576df0
  install -m 644 -p $RPM_SOURCE_DIR/$f \
576df0
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f
576df0
done
576df0
576df0
# Split-out extra config shipped as default in conf.d:
576df0
for f in autoindex; do
576df0
  install -m 644 docs/conf/extra/httpd-${f}.conf \
576df0
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/${f}.conf
576df0
done
576df0
576df0
# Extra config trimmed:
576df0
rm -v docs/conf/extra/httpd-{ssl,userdir}.conf
576df0
576df0
rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf
576df0
install -m 644 -p $RPM_SOURCE_DIR/httpd.conf \
576df0
   $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/httpd.conf
576df0
576df0
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
576df0
install -m 644 -p $RPM_SOURCE_DIR/htcacheclean.sysconf \
576df0
   $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/htcacheclean
576df0
576df0
# tmpfiles.d configuration
576df0
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d 
576df0
install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \
576df0
   $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/httpd.conf
576df0
576df0
# Other directories
576df0
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \
576df0
         $RPM_BUILD_ROOT%{_localstatedir}/lib/httpd \
576df0
         $RPM_BUILD_ROOT/run/httpd/htcacheclean
576df0
576df0
# Substitute in defaults which are usually done (badly) by "make install"
576df0
sed -i \
576df0
   "s,@@ServerRoot@@/var,%{_localstatedir}/lib/dav,;
576df0
    s,@@ServerRoot@@/user.passwd,/etc/httpd/conf/user.passwd,;
576df0
    s,@@ServerRoot@@/docs,%{docroot},;
576df0
    s,@@ServerRoot@@,%{docroot},;
576df0
    s,@@Port@@,80,;" \
576df0
    docs/conf/extra/*.conf
576df0
576df0
# Create cache directory
576df0
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd \
576df0
         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/proxy \
576df0
         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/ssl
576df0
576df0
# Make the MMN accessible to module packages
576df0
echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn
576df0
mkdir -p $RPM_BUILD_ROOT%{_rpmconfigdir}/macros.d
576df0
cat > $RPM_BUILD_ROOT%{_rpmconfigdir}/macros.d/macros.httpd <
576df0
%%_httpd_mmn %{mmnisa}
576df0
%%_httpd_apxs %%{_bindir}/apxs
576df0
%%_httpd_modconfdir %%{_sysconfdir}/httpd/conf.modules.d
576df0
%%_httpd_confdir %%{_sysconfdir}/httpd/conf.d
576df0
%%_httpd_contentdir %{contentdir}
576df0
%%_httpd_moddir %%{_libdir}/httpd/modules
576df0
EOF
576df0
576df0
# Handle contentdir
576df0
mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
576df0
install -m 644 -p $RPM_SOURCE_DIR/index.html \
576df0
        $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
576df0
rm -rf %{contentdir}/htdocs
576df0
576df0
# remove manual sources
576df0
find $RPM_BUILD_ROOT%{contentdir}/manual \( \
576df0
    -name \*.xml -o -name \*.xml.* -o -name \*.ent -o -name \*.xsl -o -name \*.dtd \
576df0
    \) -print0 | xargs -0 rm -f
576df0
576df0
# Strip the manual down just to English and replace the typemaps with flat files:
576df0
set +x
576df0
for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do
576df0
   if test -f ${f}.en; then
576df0
      cp ${f}.en ${f}
576df0
      rm ${f}.*
576df0
   fi
576df0
done
576df0
set -x
576df0
576df0
# Clean Document Root
576df0
rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
576df0
      $RPM_BUILD_ROOT%{docroot}/cgi-bin/*
576df0
576df0
# Symlink for the powered-by-$DISTRO image:
576df0
ln -s ../../pixmaps/poweredby.png \
576df0
        $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
576df0
576df0
# symlinks for /etc/httpd
576df0
rmdir $RPM_BUILD_ROOT/etc/httpd/{state,run}
576df0
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
576df0
ln -s ../..%{_localstatedir}/lib/httpd $RPM_BUILD_ROOT/etc/httpd/state
576df0
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
576df0
ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
576df0
576df0
# install http-ssl-pass-dialog
576df0
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
576df0
install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \
576df0
        $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog
576df0
576df0
# install http-ssl-gencerts
576df0
install -m755 $RPM_SOURCE_DIR/httpd-ssl-gencerts \
576df0
        $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-gencerts
576df0
576df0
# Install action scripts
576df0
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd
576df0
for f in graceful configtest; do
576df0
    install -p -m 755 $RPM_SOURCE_DIR/action-${f}.sh \
576df0
            $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd/${f}
576df0
done
576df0
576df0
# Install logrotate config
576df0
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
576df0
install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \
576df0
        $RPM_BUILD_ROOT/etc/logrotate.d/httpd
576df0
576df0
# Install man pages
576df0
install -d $RPM_BUILD_ROOT%{_mandir}/man8 $RPM_BUILD_ROOT%{_mandir}/man5
576df0
install -m 644 -p httpd.service.8 httpd-init.service.8 httpd.socket.8 \
576df0
        httpd@.service.8  htcacheclean.service.8 \
576df0
        $RPM_BUILD_ROOT%{_mandir}/man8
576df0
install -m 644 -p httpd.conf.5 \
576df0
        $RPM_BUILD_ROOT%{_mandir}/man5
576df0
576df0
# fix man page paths
576df0
sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \
576df0
    -e "s|/usr/local/apache2/conf/mime.types|/etc/mime.types|" \
576df0
    -e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \
576df0
    -e "s|/usr/local/apache2/logs/error_log|/var/log/httpd/error_log|" \
576df0
    -e "s|/usr/local/apache2/logs/access_log|/var/log/httpd/access_log|" \
576df0
    -e "s|/usr/local/apache2/logs/httpd.pid|/run/httpd/httpd.pid|" \
576df0
    -e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \
576df0
  > $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8
576df0
576df0
# Make ap_config_layout.h libdir-agnostic
576df0
sed -i '/.*DEFAULT_..._LIBEXECDIR/d;/DEFAULT_..._INSTALLBUILDDIR/d' \
576df0
    $RPM_BUILD_ROOT%{_includedir}/httpd/ap_config_layout.h
576df0
576df0
# Fix path to instdso in special.mk
576df0
sed -i '/instdso/s,top_srcdir,top_builddir,' \
576df0
    $RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk
576df0
576df0
# Remove unpackaged files
576df0
rm -vf \
576df0
      $RPM_BUILD_ROOT%{_libdir}/*.exp \
576df0
      $RPM_BUILD_ROOT/etc/httpd/conf/mime.types \
576df0
      $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \
576df0
      $RPM_BUILD_ROOT%{_libdir}/httpd/build/config.nice \
576df0
      $RPM_BUILD_ROOT%{_bindir}/{ap?-config,dbmmanage} \
576df0
      $RPM_BUILD_ROOT%{_sbindir}/{checkgid,envvars*} \
576df0
      $RPM_BUILD_ROOT%{contentdir}/htdocs/* \
576df0
      $RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \
576df0
      $RPM_BUILD_ROOT%{contentdir}/cgi-bin/*
576df0
576df0
rm -rf $RPM_BUILD_ROOT/etc/httpd/conf/{original,extra}
576df0
576df0
%pre filesystem
576df0
getent group apache >/dev/null || groupadd -g 48 -r apache
576df0
getent passwd apache >/dev/null || \
576df0
  useradd -r -u 48 -g apache -s /sbin/nologin \
576df0
    -d %{contentdir} -c "Apache" apache
576df0
exit 0
576df0
576df0
%post
576df0
%systemd_post httpd.service htcacheclean.service httpd.socket
576df0
576df0
%preun
576df0
%systemd_preun httpd.service htcacheclean.service httpd.socket
576df0
576df0
%postun
576df0
%systemd_postun httpd.service htcacheclean.service httpd.socket
576df0
576df0
# Trigger for conversion from SysV, per guidelines at:
576df0
# https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd
576df0
%triggerun -- httpd < 2.2.21-5
576df0
# Save the current service runlevel info
576df0
# User must manually run systemd-sysv-convert --apply httpd
576df0
# to migrate them to systemd targets
576df0
/usr/bin/systemd-sysv-convert --save httpd.service >/dev/null 2>&1 ||:
576df0
576df0
# Run these because the SysV package being removed won't do them
576df0
/sbin/chkconfig --del httpd >/dev/null 2>&1 || :
576df0
576df0
%posttrans
576df0
test -f /etc/sysconfig/httpd-disable-posttrans || \
576df0
  /bin/systemctl try-restart --no-block httpd.service htcacheclean.service >/dev/null 2>&1 || :
576df0
576df0
%check
576df0
# Check the built modules are all PIC
576df0
if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then
576df0
   : modules contain non-relocatable code
576df0
   exit 1
576df0
fi
576df0
set +x
576df0
rv=0
576df0
# Ensure every mod_* that's built is loaded.
576df0
for f in $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so; do
576df0
  m=${f##*/}
576df0
  if ! grep -q $m $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/*.conf; then
576df0
    echo ERROR: Module $m not configured.  Disable it, or load it.
576df0
    rv=1
576df0
  fi
576df0
done
576df0
# Ensure every loaded mod_* is actually built
576df0
mods=`grep -h ^LoadModule $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/*.conf | sed 's,.*modules/,,'`
576df0
for m in $mods; do
576df0
  f=$RPM_BUILD_ROOT%{_libdir}/httpd/modules/${m}
576df0
  if ! test -x $f; then
576df0
    echo ERROR: Module $m is configured but not built.
576df0
    rv=1
576df0
  fi
576df0
done
576df0
set -x
576df0
exit $rv
576df0
576df0
%clean
576df0
rm -rf $RPM_BUILD_ROOT
576df0
576df0
%files
576df0
%defattr(-,root,root)
576df0
576df0
%doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE
576df0
%doc docs/conf/extra/*.conf
576df0
%doc instance.conf
576df0
576df0
%{_sysconfdir}/httpd/modules
576df0
%{_sysconfdir}/httpd/logs
576df0
%{_sysconfdir}/httpd/state
576df0
%{_sysconfdir}/httpd/run
576df0
%dir %{_sysconfdir}/httpd/conf
576df0
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
576df0
%config(noreplace) %{_sysconfdir}/httpd/conf/magic
576df0
576df0
%config(noreplace) %{_sysconfdir}/logrotate.d/httpd
576df0
576df0
%config(noreplace) %{_sysconfdir}/httpd/conf.d/*.conf
576df0
%exclude %{_sysconfdir}/httpd/conf.d/ssl.conf
576df0
%exclude %{_sysconfdir}/httpd/conf.d/manual.conf
576df0
576df0
%dir %{_sysconfdir}/httpd/conf.modules.d
576df0
%{_sysconfdir}/httpd/conf.modules.d/README
576df0
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf
576df0
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
576df0
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
576df0
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
576df0
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
576df0
576df0
%config(noreplace) %{_sysconfdir}/sysconfig/htcacheclean
576df0
%{_prefix}/lib/tmpfiles.d/httpd.conf
576df0
576df0
%dir %{_libexecdir}/initscripts/legacy-actions/httpd
576df0
%{_libexecdir}/initscripts/legacy-actions/httpd/*
576df0
576df0
%{_sbindir}/ht*
576df0
%{_sbindir}/fcgistarter
576df0
%{_sbindir}/apachectl
576df0
%{_sbindir}/rotatelogs
576df0
%caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
576df0
576df0
%dir %{_libdir}/httpd
576df0
%dir %{_libdir}/httpd/modules
576df0
%{_libdir}/httpd/modules/mod*.so
576df0
%exclude %{_libdir}/httpd/modules/mod_auth_form.so
576df0
%exclude %{_libdir}/httpd/modules/mod_ssl.so
576df0
%exclude %{_libdir}/httpd/modules/mod_*ldap.so
576df0
%exclude %{_libdir}/httpd/modules/mod_proxy_html.so
576df0
%exclude %{_libdir}/httpd/modules/mod_xml2enc.so
576df0
%exclude %{_libdir}/httpd/modules/mod_session*.so
576df0
576df0
%dir %{contentdir}/error
576df0
%dir %{contentdir}/error/include
576df0
%dir %{contentdir}/noindex
576df0
%{contentdir}/icons/*
576df0
%{contentdir}/error/README
576df0
%{contentdir}/error/*.var
576df0
%{contentdir}/error/include/*.html
576df0
%{contentdir}/noindex/index.html
576df0
576df0
%attr(0710,root,apache) %dir /run/httpd
576df0
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean
576df0
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd
576df0
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav
576df0
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/httpd
576df0
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
576df0
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
576df0
576df0
%{_mandir}/man8/*
576df0
%{_mandir}/man5/*
576df0
%exclude %{_mandir}/man8/httpd-init.*
576df0
576df0
%{_unitdir}/httpd.service
576df0
%{_unitdir}/httpd@.service
576df0
%{_unitdir}/htcacheclean.service
576df0
%{_unitdir}/*.socket
576df0
576df0
%files filesystem
576df0
%dir %{_sysconfdir}/httpd
576df0
%dir %{_sysconfdir}/httpd/conf.d
576df0
%{_sysconfdir}/httpd/conf.d/README
576df0
%dir %{docroot}
576df0
%dir %{docroot}/cgi-bin
576df0
%dir %{docroot}/html
576df0
%dir %{contentdir}
576df0
%dir %{contentdir}/icons
576df0
%attr(755,root,root) %dir %{_unitdir}/httpd.service.d
576df0
%attr(755,root,root) %dir %{_unitdir}/httpd.socket.d
576df0
576df0
%files tools
576df0
%defattr(-,root,root)
576df0
%{_bindir}/*
576df0
%{_mandir}/man1/*
576df0
%doc LICENSE NOTICE
576df0
%exclude %{_bindir}/apxs
576df0
%exclude %{_mandir}/man1/apxs.1*
576df0
576df0
%files manual
576df0
%defattr(-,root,root)
576df0
%{contentdir}/manual
576df0
%config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf
576df0
576df0
%files -n mod_ssl
576df0
%defattr(-,root,root)
576df0
%{_libdir}/httpd/modules/mod_ssl.so
576df0
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
576df0
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf
576df0
%attr(0700,apache,root) %dir %{_localstatedir}/cache/httpd/ssl
576df0
%{_unitdir}/httpd-init.service
576df0
%{_libexecdir}/httpd-ssl-pass-dialog
576df0
%{_libexecdir}/httpd-ssl-gencerts
576df0
%{_unitdir}/httpd.socket.d/10-listen443.conf
576df0
%{_mandir}/man8/httpd-init.*
576df0
576df0
%files -n mod_proxy_html
576df0
%defattr(-,root,root)
576df0
%{_libdir}/httpd/modules/mod_proxy_html.so
576df0
%{_libdir}/httpd/modules/mod_xml2enc.so
576df0
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
576df0
576df0
%files -n mod_ldap
576df0
%defattr(-,root,root)
576df0
%{_libdir}/httpd/modules/mod_*ldap.so
576df0
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
576df0
576df0
%files -n mod_session
576df0
%defattr(-,root,root)
576df0
%{_libdir}/httpd/modules/mod_session*.so
576df0
%{_libdir}/httpd/modules/mod_auth_form.so
576df0
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
576df0
576df0
%files devel
576df0
%defattr(-,root,root)
576df0
%{_includedir}/httpd
576df0
%{_bindir}/apxs
576df0
%{_mandir}/man1/apxs.1*
576df0
%dir %{_libdir}/httpd/build
576df0
%{_libdir}/httpd/build/*.mk
576df0
%{_libdir}/httpd/build/*.sh
576df0
%{_rpmconfigdir}/macros.d/macros.httpd
576df0
576df0
%changelog
576df0
* Mon Jun 15 2020 Joe Orton <jorton@redhat.com> - 2.4.37-30
576df0
- Resolves: #1209162 - support logging to journald from CustomLog
576df0
576df0
* Mon Jun 08 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-29
576df0
- Resolves: #1823263 (CVE-2020-1934) - CVE-2020-1934 httpd: mod_proxy_ftp use of
576df0
  uninitialized value
576df0
576df0
* Fri May 29 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-28
576df0
- Related: #1771847 - BalancerMember ping parameter for mod_proxy_http
576df0
  doesn't work
576df0
576df0
* Tue Apr 14 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-27
576df0
- Resolves: #1823259 - CVE-2020-1927 httpd:2.4/httpd: mod_rewrite configurations
576df0
  vulnerable to open redirect
576df0
- Resolves: #1747284 - CVE-2019-10098 httpd:2.4/httpd: mod_rewrite potential
576df0
  open redirect
576df0
- Resolves: #1747281 - CVE-2019-10092 httpd:2.4/httpd: limited cross-site 
576df0
  scripting in mod_proxy error page
576df0
- Resolves: #1747291 - CVE-2019-10097 httpd:2.4/httpd: null-pointer dereference
576df0
  in mod_remoteip
576df0
- Resolves: #1771847 - BalancerMember ping parameter for mod_proxy_http
576df0
  doesn't work
576df0
- Resolves: #1794728 - Backport of SessionExpiryUpdateInterval directive
576df0
576df0
* Mon Dec 02 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-21
576df0
- Resolves: #1775158 - POST request with TLS 1.3 PHA client auth fails:
576df0
  Re-negotiation handshake failed: Client certificate missing
576df0
576df0
* Sun Dec 01 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-20
576df0
- Resolves: #1704317 - Add support for SSLKEYLOGFILE
576df0
576df0
* Thu Nov 28 2019 Joe Orton <jorton@redhat.com> - 2.4.37-19
576df0
- mod_cgid: enable fd passing (#1633224)
576df0
576df0
* Mon Nov 18 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-18
576df0
- Resolves: #1744121 - Unexpected OCSP in proxy SSL connection
576df0
- Resolves: #1725031 - htpasswd: support SHA-x passwords for FIPS compatibility
576df0
- Resolves: #1633224 - mod_cgid logging issues
576df0
576df0
* Wed Oct 02 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-17
576df0
- remove bundled mod_md module
576df0
- Related: #1747898 - add mod_md package
576df0
576df0
* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-16
576df0
- Resolves: #1744999 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
576df0
  of data request leads to denial of service
576df0
- Resolves: #1745086 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
576df0
  headers leads to denial of service
576df0
- Resolves: #1745154 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for
576df0
  large response leads to denial of service
576df0
576df0
* Tue Jul 16 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-15
576df0
- Resolves: #1730721 - absolute path used for default state and runtime dir by
576df0
  default
576df0
576df0
* Thu Jun 27 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-14
576df0
- Resolves: #1724549 - httpd response contains garbage in Content-Type header
576df0
576df0
* Wed Jun 12 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-13
576df0
- Resolves: #1696142 - CVE-2019-0217 httpd:2.4/httpd: mod_auth_digest: access
576df0
  control bypass due to race condition
576df0
- Resolves: #1696097 - CVE-2019-0220 httpd:2.4/httpd: URL normalization
576df0
  inconsistency
576df0
- Resolves: #1669221 - `ExtendedStatus Off` directive when using mod_systemd
576df0
  causes systemctl to hang
576df0
- Resolves: #1673022 - httpd can not be started with mod_md enabled
576df0
576df0
* Mon Apr 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-11
576df0
- Resolves: #1695432 - CVE-2019-0211 httpd: privilege escalation
576df0
  from modules scripts
576df0
- Resolves: #1696091 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control 
576df0
  bypass when using per-location client certification authentication
576df0
576df0
* Wed Feb 06 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-10
576df0
- Resolves: #1672977 - state-dir corruption on reload 
576df0
576df0
* Tue Feb 05 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-9
576df0
- Resolves: #1670716 - Coredump when starting in FIPS mode
576df0
576df0
* Fri Feb  1 2019 Joe Orton <jorton@redhat.com> - 2.4.37-8
576df0
- add security fix for CVE-2019-0190 (#1671282)
576df0
576df0
* Tue Dec 11 2018 Joe Orton <jorton@redhat.com> - 2.4.37-7
576df0
- add DefaultStateDir/ap_state_dir_relative() (#1653009)
576df0
- mod_dav_fs: use state dir for default DAVLockDB
576df0
- mod_md: use state dir for default MDStoreDir
576df0
576df0
* Mon Dec 10 2018 Joe Orton <jorton@redhat.com> - 2.4.37-6
576df0
- add httpd.conf(5) (#1611361)
576df0
576df0
* Mon Nov 26 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-5
576df0
- Resolves: #1652966 - Missing RELEASE in http header
576df0
576df0
* Fri Nov 23 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-4
576df0
- Resolves: #1641951 - No Documentation= line in htcacheclean.service files
576df0
576df0
* Fri Nov 23 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-3
576df0
- Resolves: #1643713 - TLS connection allowed while all protocols are forbidden
576df0
576df0
* Thu Nov 22 2018 Joe Orton <jorton@redhat.com> - 2.4.37-2
576df0
- mod_ssl: fix off-by-one causing crashes in CGI children (#1649428)
576df0
576df0
* Wed Nov 21 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-1
576df0
- Resolves: #1644625 - httpd rebase to 2.4.37
576df0
576df0
* Thu Oct 18 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.35-10
576df0
- Related: #1493510 - RFE: httpd, add IP_FREEBIND support for Listen
576df0
576df0
* Tue Oct 16 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-9
576df0
- mod_ssl: allow sending multiple CA names which differ only in case
576df0
576df0
* Tue Oct 16 2018 Joe Orton <jorton@redhat.com> - 2.4.35-7
576df0
- mod_ssl: drop SSLRandomSeed from default config (#1638730)
576df0
- mod_ssl: follow OpenSSL protocol defaults if SSLProtocol
576df0
     is not configured (Rob Crittenden, #1638738)
576df0
576df0
* Mon Oct 15 2018 Joe Orton <jorton@redhat.com> - 2.4.35-5
576df0
- mod_ssl: don't require SSLCryptoDevice to be set for PKCS#11 cert
576df0
576df0
* Mon Oct 15 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-4
576df0
- Resolves: #1635681 - sync with Fedora 28/29 httpd
576df0
- comment-out SSLProtocol, SSLProxyProtocol from ssl.conf in default
576df0
  configuration; now follow OpenSSL system default (#1468322)
576df0
- dropped NPN support
576df0
- mod_md: change hard-coded default MdStoreDir to state/md (#1563846)
576df0
- don't block on service try-restart in posttrans scriptlet
576df0
- build and load mod_brotli
576df0
- mod_systemd: show bound ports in status and log to journal
576df0
  at startup
576df0
- updated httpd.service.xml man page
576df0
- tweak wording in privkey passphrase prompt
576df0
- drop sslmultiproxy patch
576df0
- apachectl: don't read /etc/sysconfig/httpd
576df0
- drop irrelevant Obsoletes for devel subpackage
576df0
- move instantiated httpd@.service to main httpd package
576df0
576df0
* Mon Oct 15 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-3
576df0
- Resolves: #1602548 - various covscan fixes
576df0
576df0
* Thu Sep 27 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-2
576df0
- apache httpd can work with TLS 1.3 (#1617997)
576df0
- drop SSLv3 support patch
576df0
576df0
* Thu Sep 27 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.35-1
576df0
- new version 2.4.35 (#1632754)
576df0
576df0
* Mon Sep 03 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.4.33-4
576df0
- mod_ssl: enable SSLv3 and change behavior of "SSLProtocol All" 
576df0
  configuration (#1622630)
576df0
576df0
* Thu Jul 26 2018 Joe Orton <jorton@redhat.com> - 2.4.33-3
576df0
- mod_ssl: add PKCS#11 cert/key support (Anderson Sasaki, #1527084)
576df0
576df0
* Mon Apr 30 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.33-2
576df0
- new version 2.4.33
576df0
- add mod_md subpackage; load mod_proxy_uwsgi by default
576df0
576df0
* Mon Apr 30 2018 Joe Orton <jorton@redhat.com> - 2.4.28-8
576df0
- remove %%ghosted /etc/sysconfig/httpd (#1572676)
576df0
576df0
* Wed Mar 07 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.28-2
576df0
- Resolves: #1512563 - httpd: update welcome page branding
576df0
- Resolves: #1511123 - RFE: httpd use event MPM by default
576df0
- Resolves: #1493510 - RFE: httpd, add IP_FREEBIND support for Listen
576df0
576df0
* Fri Oct 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.28-1
576df0
- new version 2.4.28
576df0
576df0
* Tue Oct  3 2017 Joe Orton <jorton@redhat.com> - 2.4.27-14
576df0
- add notes on enabling httpd_graceful_shutdown boolean for prefork
576df0
576df0
* Fri Sep 22 2017 Joe Orton <jorton@redhat.com> - 2.4.27-13
576df0
- drop Requires(post) for mod_ssl
576df0
576df0
* Fri Sep 22 2017 Joe Orton <jorton@redhat.com> - 2.4.27-12
576df0
- better error handling in httpd-ssl-gencerts (#1494556)
576df0
576df0
* Thu Sep 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-11
576df0
- Require sscg 2.2.0 for creating service and CA certificates together
576df0
576df0
* Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-10
576df0
- Address CVE-2017-9798 by applying patch from upstream (#1490344)
576df0
576df0
* Thu Sep 21 2017 Joe Orton <jorton@redhat.com> - 2.4.27-9
576df0
- use sscg defaults; append CA cert to generated cert
576df0
- document httpd-init.service in httpd-init.service(8)
576df0
576df0
* Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-8
576df0
- Address CVE-2017-9798 by applying patch from upstream (#1490344)
576df0
576df0
* Wed Sep 20 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-8.1
576df0
- Generate SSL certificates on service start, not %%posttrans
576df0
576df0
* Tue Sep 19 2017 Joe Orton <jorton@redhat.com> - 2.4.27-8.1
576df0
- move httpd.service.d, httpd.socket.d dirs to -filesystem
576df0
576df0
* Wed Sep 13 2017 Joe Orton <jorton@redhat.com> - 2.4.27-7
576df0
- add new content-length filter (upstream PR 61222)
576df0
576df0
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.27-6
576df0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
576df0
576df0
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.27-5
576df0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
576df0
576df0
* Tue Jul 18 2017 Joe Orton <jorton@redhat.com> - 2.4.27-4
576df0
- update mod_systemd (r1802251)
576df0
576df0
* Mon Jul 17 2017 Joe Orton <jorton@redhat.com> - 2.4.27-3
576df0
- switch to event by default for Fedora 27 and later (#1471708)
576df0
576df0
* Wed Jul 12 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.27-2
576df0
- Resolves: #1469959 - httpd update cleaned out /etc/sysconfig
576df0
576df0
* Mon Jul 10 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.27-1
576df0
- new version 2.4.27
576df0
576df0
* Fri Jun 30 2017 Joe Orton <jorton@redhat.com> - 2.4.26-2
576df0
- mod_proxy_fcgi: fix further regressions (PR 61202)
576df0
576df0
* Mon Jun 19 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.26-1
576df0
- new version 2.4.26
576df0
576df0
* Mon Jun  5 2017 Joe Orton <jorton@redhat.com> - 2.4.25-10
576df0
- move unit man pages to section 8, add as Documentation= in units
576df0
576df0
* Fri May 19 2017 Joe Orton <jorton@redhat.com> - 2.4.25-9
576df0
- add httpd.service(5) and httpd.socket(5) man pages
576df0
576df0
* Tue May 16 2017 Joe Orton <jorton@redhat.com> - 2.4.25-8
576df0
- require mod_http2, now packaged separately
576df0
576df0
* Wed Mar 29 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.25-7
576df0
- Resolves: #1397243 - Backport Apache Bug 53098 - mod_proxy_ajp:
576df0
  patch to set worker secret passed to tomcat
576df0
576df0
* Tue Mar 28 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.25-6
576df0
- Resolves: #1434916 - httpd.service: Failed with result timeout
576df0
576df0
* Fri Mar 24 2017 Joe Orton <jorton@redhat.com> - 2.4.25-5
576df0
- link only httpd, not support/* against -lselinux -lsystemd
576df0
576df0
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.25-4
576df0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
576df0
576df0
* Thu Jan 12 2017 Joe Orton <jorton@redhat.com> - 2.4.25-3
576df0
- mod_watchdog: restrict thread lifetime (#1410883)
576df0
576df0
* Thu Dec 22 2016 Luboš Uhliarik <luhliari@redhat.com> - 2.4.25-2
576df0
- Resolves: #1358875 - require nghttp2 >= 1.5.0
576df0
576df0
* Thu Dec 22 2016 Luboš Uhliarik <luhliari@redhat.com> - 2.4.25-1
576df0
- new version 2.4.25
576df0
576df0
* Mon Dec 05 2016 Luboš Uhliarik <luhliari@redhat.com> - 2.4.23-7
576df0
- Resolves: #1401530 - CVE-2016-8740 httpd: Incomplete handling of
576df0
  LimitRequestFields directive in mod_http2
576df0
576df0
* Mon Nov 14 2016 Joe Orton <jorton@redhat.com> - 2.4.23-6
576df0
- fix build with OpenSSL 1.1 (#1392900)
576df0
- fix typos in ssl.conf (josef randinger, #1379407)
576df0
576df0
* Wed Nov  2 2016 Joe Orton <jorton@redhat.com> - 2.4.23-5
576df0
- no longer package /etc/sysconfig/httpd
576df0
- synch ssl.conf with upstream
576df0
576df0
* Mon Jul 18 2016 Joe Orton <jorton@redhat.com> - 2.4.23-4
576df0
- add security fix for CVE-2016-5387
576df0
576df0
* Thu Jul  7 2016 Joe Orton <jorton@redhat.com> - 2.4.23-3
576df0
- load mod_watchdog by default (#1353582)
576df0
576df0
* Thu Jul  7 2016 Joe Orton <jorton@redhat.com> - 2.4.23-2
576df0
- restore build of mod_proxy_fdpass (#1325883)
576df0
- improve check tests to catch configured-but-not-built modules
576df0
576df0
* Thu Jul  7 2016 Joe Orton <jorton@redhat.com> - 2.4.23-1
576df0
- update to 2.4.23 (#1325883, #1353203)
576df0
- load mod_proxy_hcheck
576df0
- recommend use of "systemctl edit" in httpd.service
576df0
576df0
* Thu Apr  7 2016 Joe Orton <jorton@redhat.com> - 2.4.18-6
576df0
- have "apachectl graceful" start httpd if not running, per man page
576df0
576df0
* Wed Apr  6 2016 Joe Orton <jorton@redhat.com> - 2.4.18-5
576df0
- use redirects for lang-specific /manual/ URLs
576df0
576df0
* Fri Mar 18 2016 Joe Orton <jorton@redhat.com> - 2.4.18-4
576df0
- fix welcome page HTML validity (Ville Skyttä)
576df0
576df0
* Fri Mar 18 2016 Joe Orton <jorton@redhat.com> - 2.4.18-3
576df0
- remove httpd pre script (duplicate of httpd-filesystem's)
576df0
- in httpd-filesystem pre script, create group/user iff non-existent
576df0
576df0
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.18-2
576df0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
576df0
576df0
* Mon Dec 14 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.18-1
576df0
- update to new version 2.4.18
576df0
576df0
* Wed Dec  9 2015 Joe Orton <jorton@redhat.com> - 2.4.17-4
576df0
- re-enable mod_asis due to popular demand (#1284315)
576df0
576df0
* Mon Oct 26 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.17-3
576df0
- fix crash when using -X argument (#1272234)
576df0
576df0
* Wed Oct 14 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.17-2
576df0
- rebase socket activation patch to 2.4.17
576df0
576df0
* Tue Oct 13 2015 Joe Orton <jorton@redhat.com> - 2.4.17-1
576df0
- update to 2.4.17 (#1271224)
576df0
- build, load mod_http2
576df0
- don't build mod_asis, mod_file_cache
576df0
- load mod_cache_socache, mod_proxy_wstunnel by default
576df0
- check every built mod_* is configured
576df0
- synch ssl.conf with upstream; disable SSLv3 by default
576df0
576df0
* Wed Jul 15 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.12-4
576df0
- update to 2.4.16
576df0
576df0
* Tue Jul  7 2015 Joe Orton <jorton@redhat.com> - 2.4.12-3
576df0
- mod_ssl: use "localhost" in the dummy SSL cert if len(FQDN) > 59 chars
576df0
576df0
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.12-2
576df0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
576df0
576df0
* Fri Mar 27 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.12-1
576df0
- update to 2.4.12
576df0
576df0
* Tue Mar 24 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-17
576df0
- fix compilation with lua-5.3
576df0
576df0
* Tue Mar 24 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-16
576df0
- remove filter for auto-provides of httpd modules, it is not needed since F20
576df0
576df0
* Wed Dec 17 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-15
576df0
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
576df0
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
576df0
- mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583)
576df0
- mod_lua: fix handling of the Require line when a LuaAuthzProvider is used
576df0
  in multiple Require directives with different arguments (CVE-2014-8109)
576df0
576df0
* Tue Oct 14 2014 Joe Orton <jorton@redhat.com> - 2.4.10-14
576df0
- require apr-util 1.5.x
576df0
576df0
* Thu Sep 18 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-13
576df0
- use NoDelay and DeferAcceptSec in httpd.socket
576df0
576df0
* Mon Sep 08 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-12
576df0
- increase suexec minimum acceptable uid/gid to 1000 (#1136391)
576df0
576df0
* Wed Sep 03 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-11
576df0
- fix hostname requirement and conflict with openssl-libs
576df0
576df0
* Mon Sep 01 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-10
576df0
- use KillMode=mixed in httpd.service (#1135122)
576df0
576df0
* Fri Aug 29 2014 Joe Orton <jorton@redhat.com> - 2.4.10-9
576df0
- set vstring based on /etc/os-release (Pat Riehecky, #1114539)
576df0
576df0
* Fri Aug 29 2014 Joe Orton <jorton@redhat.com> - 2.4.10-8
576df0
- pull in httpd-filesystem as Requires(pre) (#1128328)
576df0
- fix cipher selection in default ssl.conf, depend on new OpenSSL (#1134348)
576df0
- require hostname for mod_ssl post script (#1135118)
576df0
576df0
* Fri Aug 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-7
576df0
- mod_systemd: updated to the latest version
576df0
- use -lsystemd instead of -lsystemd-daemon (#1125084)
576df0
- fix possible crash in SIGINT handling (#958934)
576df0
576df0
* Thu Aug 21 2014 Joe Orton <jorton@redhat.com> - 2.4.10-6
576df0
- mod_ssl: treat "SSLCipherSuite PROFILE=..." as special (#1109119)
576df0
- switch default ssl.conf to use PROFILE=SYSTEM (#1109119)
576df0
576df0
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.10-5
576df0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
576df0
576df0
* Fri Aug 15 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-4
576df0
- add /usr/bin/useradd dependency to -filesystem requires
576df0
576df0
* Thu Aug 14 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.10-3
576df0
- fix creating apache user in pre script (#1128328)
576df0
576df0
* Thu Jul 31 2014 Joe Orton <jorton@redhat.com> - 2.4.10-2
576df0
- enable mod_request by default for mod_auth_form
576df0
- move disabled-by-default modules from 00-base.conf to 00-optional.conf
576df0
576df0
* Mon Jul 21 2014 Joe Orton <jorton@redhat.com> - 2.4.10-1
576df0
- update to 2.4.10
576df0
- expand variables in docdir example configs
576df0
576df0
* Tue Jul 08 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-8
576df0
- add support for systemd socket activation (#1111648)
576df0
576df0
* Mon Jul 07 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-7
576df0
- remove conf.modules.d from httpd-filesystem subpackage (#1081453)
576df0
576df0
* Mon Jul 07 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-6
576df0
- add httpd-filesystem subpackage (#1081453)
576df0
576df0
* Fri Jun 20 2014 Joe Orton <jorton@redhat.com> - 2.4.9-5
576df0
- mod_ssl: don't use the default OpenSSL cipher suite in ssl.conf (#1109119)
576df0
576df0
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.9-4
576df0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
576df0
576df0
* Fri Mar 28 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-3
576df0
- add support for SetHandler + proxy (#1078970)
576df0
576df0
* Thu Mar 27 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-2
576df0
- move macros from /etc/rpm to macros.d (#1074277)
576df0
- remove unused patches
576df0
576df0
* Mon Mar 17 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.9-1
576df0
- update to 2.4.9
576df0
576df0
* Fri Feb 28 2014 Joe Orton <jorton@redhat.com> - 2.4.7-6
576df0
- use 2048-bit RSA key with SHA-256 signature in dummy certificate
576df0
576df0
* Fri Feb 28 2014 Stephen Gallagher <sgallagh@redhat.com> 2.4.7-5
576df0
- Create drop directory for systemd snippets
576df0
576df0
* Thu Feb 27 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.7-4
576df0
- remove provides of old MMN, because it contained double-dash (#1068851)
576df0
576df0
* Thu Feb 20 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.7-3
576df0
- fix graceful restart using legacy actions
576df0
576df0
* Thu Dec 12 2013 Joe Orton <jorton@redhat.com> - 2.4.7-2
576df0
- conflict with pre-1.5.0 APR
576df0
- fix sslsninotreq patch
576df0
576df0
* Wed Nov 27 2013 Joe Orton <jorton@redhat.com> - 2.4.7-1
576df0
- update to 2.4.7 (#1034071)
576df0
576df0
* Fri Nov 22 2013 Joe Orton <jorton@redhat.com> - 2.4.6-10
576df0
- switch to requiring system-logos-httpd (#1031288)
576df0
576df0
* Tue Nov 12 2013 Joe Orton <jorton@redhat.com> - 2.4.6-9
576df0
- change mmnisa to drop "-" altogether
576df0
576df0
* Tue Nov 12 2013 Joe Orton <jorton@redhat.com> - 2.4.6-8
576df0
- drop ambiguous invalid "-" in RHS of httpd-mmn Provide, keeping old Provide
576df0
  for transition
576df0
576df0
* Fri Nov  1 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-7
576df0
- systemd: use {MAINPID} notation to ensure /bin/kill has always the second arg
576df0
576df0
* Thu Oct 31 2013 Joe Orton <jorton@redhat.com> - 2.4.6-6
576df0
- mod_ssl: allow SSLEngine to override Listen-based default (r1537535)
576df0
576df0
* Thu Oct 24 2013 Jan kaluza <jkaluza@redhat.com> - 2.4.6-5
576df0
- systemd: send SIGWINCH signal without httpd -k in ExecStop
576df0
576df0
* Mon Oct 21 2013 Joe Orton <jorton@redhat.com> - 2.4.6-4
576df0
- load mod_macro by default (#998452)
576df0
- add README to conf.modules.d
576df0
- mod_proxy_http: add possible fix for threading issues (r1534321)
576df0
- core: add fix for truncated output with CGI scripts (r1530793)
576df0
576df0
* Thu Oct 10 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-3
576df0
- require fedora-logos-httpd (#1009162)
576df0
576df0
* Wed Jul 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-2
576df0
- revert fix for dumping vhosts twice
576df0
576df0
* Mon Jul 22 2013 Joe Orton <jorton@redhat.com> - 2.4.6-1
576df0
- update to 2.4.6
576df0
- mod_ssl: use revised NPN API (r1487772)
576df0
576df0
* Thu Jul 11 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-12
576df0
- mod_unique_id: replace use of hostname + pid with PRNG output (#976666)
576df0
- apxs: mention -p option in manpage
576df0
576df0
* Tue Jul  2 2013 Joe Orton <jorton@redhat.com> - 2.4.4-11
576df0
- add patch for aarch64 (Dennis Gilmore, #925558)
576df0
576df0
* Mon Jul  1 2013 Joe Orton <jorton@redhat.com> - 2.4.4-10
576df0
- remove duplicate apxs man page from httpd-tools
576df0
576df0
* Mon Jun 17 2013 Joe Orton <jorton@redhat.com> - 2.4.4-9
576df0
- remove zombie dbmmanage script
576df0
576df0
* Fri May 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-8
576df0
- return 400 Bad Request on malformed Host header
576df0
576df0
* Fri May 24 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-7
576df0
- ignore /etc/sysconfig/httpd and document systemd way of setting env variables
576df0
  in this file
576df0
576df0
* Mon May 20 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-6
576df0
- htpasswd/htdbm: fix hash generation bug (#956344)
576df0
- do not dump vhosts twice in httpd -S output (#928761)
576df0
- mod_cache: fix potential crash caused by uninitialized variable (#954109)
576df0
576df0
* Thu Apr 18 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-5
576df0
- execute systemctl reload as result of apachectl graceful
576df0
- mod_ssl: ignore SNI hints unless required by config
576df0
- mod_cache: forward-port CacheMaxExpire "hard" option
576df0
- mod_ssl: fall back on another module's proxy hook if mod_ssl proxy
576df0
  is not configured.
576df0
576df0
* Tue Apr 16 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-4
576df0
- fix service file to not send SIGTERM after ExecStop (#906321, #912288)
576df0
576df0
* Tue Mar 26 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-3
576df0
- protect MIMEMagicFile with IfModule (#893949)
576df0
576df0
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-2
576df0
- really package mod_auth_form in mod_session (#915438)
576df0
576df0
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-1
576df0
- update to 2.4.4
576df0
- fix duplicate ownership of mod_session config (#914901)
576df0
576df0
* Fri Feb 22 2013 Joe Orton <jorton@redhat.com> - 2.4.3-17
576df0
- add mod_session subpackage, move mod_auth_form there (#894500)
576df0
576df0
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.3-16
576df0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
576df0
576df0
* Tue Jan  8 2013 Joe Orton <jorton@redhat.com> - 2.4.3-15
576df0
- add systemd service for htcacheclean
576df0
576df0
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-14
576df0
- drop patch for r1344712
576df0
576df0
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-13
576df0
- filter mod_*.so auto-provides (thanks to rcollet)
576df0
- pull in syslog logging fix from upstream (r1344712)
576df0
576df0
* Fri Oct 26 2012 Joe Orton <jorton@redhat.com> - 2.4.3-12
576df0
- rebuild to pick up new apr-util-ldap
576df0
576df0
* Tue Oct 23 2012 Joe Orton <jorton@redhat.com> - 2.4.3-11
576df0
- rebuild
576df0
576df0
* Wed Oct  3 2012 Joe Orton <jorton@redhat.com> - 2.4.3-10
576df0
- pull upstream patch r1392850 in addition to r1387633
576df0
576df0
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-9
576df0
- define PLATFORM in os.h using vendor string
576df0
576df0
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-8
576df0
- use systemd script unconditionally (#850149)
576df0
576df0
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-7
576df0
- use systemd scriptlets if available (#850149)
576df0
- don't run posttrans restart if /etc/sysconfig/httpd-disable-posttrans exists
576df0
576df0
* Mon Oct 01 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-6
576df0
- use systemctl from apachectl (#842736)
576df0
576df0
* Wed Sep 19 2012 Joe Orton <jorton@redhat.com> - 2.4.3-5
576df0
- fix some error log spam with graceful-stop (r1387633)
576df0
- minor mod_systemd tweaks
576df0
576df0
* Thu Sep 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-4
576df0
- use IncludeOptional for conf.d/*.conf inclusion
576df0
576df0
* Fri Sep 07 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-3
576df0
- adding mod_systemd to integrate with systemd better
576df0
576df0
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-2
576df0
- mod_ssl: add check for proxy keypair match (upstream r1374214)
576df0
576df0
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-1
576df0
- update to 2.4.3 (#849883)
576df0
- own the docroot (#848121)
576df0
576df0
* Mon Aug  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-23
576df0
- add mod_proxy fixes from upstream (r1366693, r1365604)
576df0
576df0
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-22
576df0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
576df0
576df0
* Fri Jul  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-21
576df0
- drop explicit version requirement on initscripts
576df0
576df0
* Thu Jul  5 2012 Joe Orton <jorton@redhat.com> - 2.4.2-20
576df0
- mod_ext_filter: fix error_log warnings
576df0
576df0
* Mon Jul  2 2012 Joe Orton <jorton@redhat.com> - 2.4.2-19
576df0
- support "configtest" and "graceful" as initscripts "legacy actions"
576df0
576df0
* Fri Jun  8 2012 Joe Orton <jorton@redhat.com> - 2.4.2-18
576df0
- avoid use of "core" GIF for a "core" directory (#168776)
576df0
- drop use of "syslog.target" in systemd unit file
576df0
576df0
* Thu Jun  7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-17
576df0
- use _unitdir for systemd unit file
576df0
- use /run in unit file, ssl.conf
576df0
576df0
* Thu Jun  7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-16
576df0
- mod_ssl: fix NPN patch merge
576df0
576df0
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-15
576df0
- move tmpfiles.d fragment into /usr/lib per new guidelines
576df0
- package /run/httpd not /var/run/httpd
576df0
- set runtimedir to /run/httpd likewise
576df0
576df0
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-14
576df0
- fix htdbm/htpasswd crash on crypt() failure (#818684)
576df0
576df0
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-13
576df0
- pull fix for NPN patch from upstream (r1345599)
576df0
576df0
* Thu May 31 2012 Joe Orton <jorton@redhat.com> - 2.4.2-12
576df0
- update suexec patch to use LOG_AUTHPRIV facility
576df0
576df0
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-11
576df0
- really fix autoindex.conf (thanks to remi@)
576df0
576df0
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-10
576df0
- fix autoindex.conf to allow symlink to poweredby.png
576df0
576df0
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-9
576df0
- suexec: use upstream version of patch for capability bit support
576df0
576df0
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-8
576df0
- suexec: use syslog rather than suexec.log, drop dac_override capability
576df0
576df0
* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-7
576df0
- mod_ssl: add TLS NPN support (r1332643, #809599)
576df0
576df0
* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-6
576df0
- add BR on APR >= 1.4.0
576df0
576df0
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-5
576df0
- use systemctl from logrotate (#221073)
576df0
576df0
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-4
576df0
- pull from upstream:
576df0
  * use TLS close_notify alert for dummy_connection (r1326980+)
576df0
  * cleanup symbol exports (r1327036+)
576df0
576df0
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3
576df0
- really fix restart
576df0
576df0
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-2
576df0
- tweak default ssl.conf
576df0
- fix restart handling (#814645)
576df0
- use graceful restart by default
576df0
576df0
* Wed Apr 18 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.2-1
576df0
- update to 2.4.2
576df0
576df0
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-6
576df0
- fix macros
576df0
576df0
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-5
576df0
- add _httpd_moddir to macros
576df0
576df0
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-4
576df0
- fix symlink for poweredby.png
576df0
- fix manual.conf
576df0
576df0
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-3
576df0
- add mod_proxy_html subpackage (w/mod_proxy_html + mod_xml2enc)
576df0
- move mod_ldap, mod_authnz_ldap to mod_ldap subpackage
576df0
576df0
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-2
576df0
- clean docroot better
576df0
- ship proxy, ssl directories within /var/cache/httpd
576df0
- default config:
576df0
 * unrestricted access to (only) /var/www
576df0
 * remove (commented) Mutex, MaxRanges, ScriptSock
576df0
 * split autoindex config to conf.d/autoindex.conf
576df0
- ship additional example configs in docdir
576df0
576df0
* Tue Mar  6 2012 Joe Orton <jorton@redhat.com> - 2.4.1-1
576df0
- update to 2.4.1
576df0
- adopt upstream default httpd.conf (almost verbatim)
576df0
- split all LoadModules to conf.modules.d/*.conf
576df0
- include conf.d/*.conf at end of httpd.conf
576df0
- trim %%changelog
576df0
576df0
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-2
576df0
- fix build against PCRE 8.30
576df0
576df0
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-1
576df0
- update to 2.2.22
576df0
576df0
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 2.2.21-8
576df0
- Rebuild against PCRE 8.30
576df0
576df0
* Mon Jan 23 2012 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-7
576df0
- fix #783629 - start httpd after named
576df0
576df0
* Mon Jan 16 2012 Joe Orton <jorton@redhat.com> - 2.2.21-6
576df0
- complete conversion to systemd, drop init script (#770311)
576df0
- fix comments in /etc/sysconfig/httpd (#771024)
576df0
- enable PrivateTmp in service file (#781440)
576df0
- set LANG=C in /etc/sysconfig/httpd
576df0
576df0
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.21-5
576df0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
576df0
576df0
* Tue Dec 06 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-4
576df0
- fix #751591 - start httpd after remote-fs
576df0
576df0
* Mon Oct 24 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-3
576df0
- allow change state of BalancerMember in mod_proxy_balancer web interface
576df0
576df0
* Thu Sep 22 2011 Ville Skyttä <ville.skytta@iki.fi> - 2.2.21-2
576df0
- Make mmn available as %%{_httpd_mmn}.
576df0
- Add .svgz to AddEncoding x-gzip example in httpd.conf.
576df0
576df0
* Tue Sep 13 2011 Joe Orton <jorton@redhat.com> - 2.2.21-1
576df0
- update to 2.2.21
576df0
576df0
* Mon Sep  5 2011 Joe Orton <jorton@redhat.com> - 2.2.20-1
576df0
- update to 2.2.20
576df0
- fix MPM stub man page generation
576df0
576df0
* Wed Aug 10 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-5
576df0
- fix #707917 - add httpd-ssl-pass-dialog to ask for SSL password using systemd
576df0
576df0
* Fri Jul 22 2011 Iain Arnell <iarnell@gmail.com> 1:2.2.19-4
576df0
- rebuild while rpm-4.9.1 is untagged to remove trailing slash in provided
576df0
  directory names
576df0
576df0
* Wed Jul 20 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-3
576df0
- fix #716621 - suexec now works without setuid bit
576df0
576df0
* Thu Jul 14 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-2
576df0
- fix #689091 - backported patch from 2.3 branch to support IPv6 in logresolve
576df0
576df0
* Fri Jul  1 2011 Joe Orton <jorton@redhat.com> - 2.2.19-1
576df0
- update to 2.2.19
576df0
- enable dbd, authn_dbd in default config
576df0
576df0
* Thu Apr 14 2011 Joe Orton <jorton@redhat.com> - 2.2.17-13
576df0
- fix path expansion in service files
576df0
576df0
* Tue Apr 12 2011 Joe Orton <jorton@redhat.com> - 2.2.17-12
576df0
- add systemd service files (#684175, thanks to Jóhann B. Guðmundsson)
576df0
576df0
* Wed Mar 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-11
576df0
- minor updates to httpd.conf
576df0
- drop old patches
576df0
576df0
* Wed Mar  2 2011 Joe Orton <jorton@redhat.com> - 2.2.17-10
576df0
- rebuild
576df0
576df0
* Wed Feb 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-9
576df0
- use arch-specific mmn
576df0
576df0
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.17-8
576df0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
576df0
576df0
* Mon Jan 31 2011 Joe Orton <jorton@redhat.com> - 2.2.17-7
576df0
- generate dummy mod_ssl cert with CA:FALSE constraint (#667841)
576df0
- add man page stubs for httpd.event, httpd.worker
576df0
- drop distcache support
576df0
- add STOP_TIMEOUT support to init script
576df0
576df0
* Sat Jan  8 2011 Joe Orton <jorton@redhat.com> - 2.2.17-6
576df0
- update default SSLCipherSuite per upstream trunk
576df0
576df0
* Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-5
576df0
- fix requires (#667397)
576df0
576df0
* Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-4
576df0
- de-ghost /var/run/httpd
576df0
576df0
* Tue Jan  4 2011 Joe Orton <jorton@redhat.com> - 2.2.17-3
576df0
- add tmpfiles.d configuration, ghost /var/run/httpd (#656600)
576df0
576df0
* Sat Nov 20 2010 Joe Orton <jorton@redhat.com> - 2.2.17-2
576df0
- drop setuid bit, use capabilities for suexec binary
576df0
576df0
* Wed Oct 27 2010 Joe Orton <jorton@redhat.com> - 2.2.17-1
576df0
- update to 2.2.17
576df0
576df0
* Fri Sep 10 2010 Joe Orton <jorton@redhat.com> - 2.2.16-2
576df0
- link everything using -z relro and -z now
576df0
576df0
* Mon Jul 26 2010 Joe Orton <jorton@redhat.com> - 2.2.16-1
576df0
- update to 2.2.16
576df0
576df0
* Fri Jul  9 2010 Joe Orton <jorton@redhat.com> - 2.2.15-3
576df0
- default config tweaks:
576df0
 * harden httpd.conf w.r.t. .htaccess restriction (#591293)
576df0
 * load mod_substitute, mod_version by default
576df0
 * drop proxy_ajp.conf, load mod_proxy_ajp in httpd.conf
576df0
 * add commented list of shipped-but-unloaded modules
576df0
 * bump up worker defaults a little
576df0
 * drop KeepAliveTimeout to 5 secs per upstream
576df0
- fix LSB compliance in init script (#522074)
576df0
- bundle NOTICE in -tools
576df0
- use init script in logrotate postrotate to pick up PIDFILE
576df0
- drop some old Obsoletes/Conflicts
576df0
576df0
* Sun Apr 04 2010 Robert Scheck <robert@fedoraproject.org> - 2.2.15-1
576df0
- update to 2.2.15 (#572404, #579311)
576df0