8335b1
%define contentdir %{_datadir}/httpd
8335b1
%define docroot /var/www
8335b1
%define suexec_caller apache
8335b1
%define mmn 20120211
8335b1
%define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
8335b1
%define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
8335b1
%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})
8335b1
8335b1
# Drop automatic provides for module DSOs
8335b1
%{?filter_setup:
8335b1
%filter_provides_in %{_libdir}/httpd/modules/.*\.so$
8335b1
%filter_setup
8335b1
}
8335b1
8335b1
Summary: Apache HTTP Server
8335b1
Name: httpd
8335b1
Version: 2.4.6
8335b1
Release: 80%{?dist}
8335b1
URL: http://httpd.apache.org/
8335b1
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
8335b1
Source1: index.html
8335b1
Source2: httpd.logrotate
8335b1
Source3: httpd.sysconf
8335b1
Source4: httpd-ssl-pass-dialog
8335b1
Source5: httpd.tmpfiles
8335b1
Source6: httpd.service
8335b1
Source7: action-graceful.sh
8335b1
Source8: action-configtest.sh
8335b1
Source10: httpd.conf
8335b1
Source11: 00-base.conf
8335b1
Source12: 00-mpm.conf
8335b1
Source13: 00-lua.conf
8335b1
Source14: 01-cgi.conf
8335b1
Source15: 00-dav.conf
8335b1
Source16: 00-proxy.conf
8335b1
Source17: 00-ssl.conf
8335b1
Source18: 01-ldap.conf
8335b1
Source19: 00-proxyhtml.conf
8335b1
Source20: userdir.conf
8335b1
Source21: ssl.conf
8335b1
Source22: welcome.conf
8335b1
Source23: manual.conf
8335b1
Source24: 00-systemd.conf
8335b1
Source25: 01-session.conf
8335b1
# Documentation
8335b1
Source30: README.confd
8335b1
Source40: htcacheclean.service
8335b1
Source41: htcacheclean.sysconf
8335b1
# build/scripts patches
8335b1
Patch1: httpd-2.4.1-apctl.patch
8335b1
Patch2: httpd-2.4.3-apxs.patch
8335b1
Patch3: httpd-2.4.1-deplibs.patch
8335b1
Patch5: httpd-2.4.3-layout.patch
8335b1
Patch6: httpd-2.4.3-apctl-systemd.patch
8335b1
# Features/functional changes
8335b1
Patch21: httpd-2.4.6-full-release.patch
8335b1
Patch23: httpd-2.4.4-export.patch
8335b1
Patch24: httpd-2.4.1-corelimit.patch
8335b1
Patch25: httpd-2.4.1-selinux.patch
8335b1
Patch26: httpd-2.4.4-r1337344+.patch
8335b1
Patch27: httpd-2.4.2-icons.patch
8335b1
Patch28: httpd-2.4.6-r1332643+.patch
8335b1
Patch29: httpd-2.4.3-mod_systemd.patch
8335b1
Patch30: httpd-2.4.4-cachehardmax.patch
8335b1
Patch31: httpd-2.4.6-sslmultiproxy.patch
8335b1
Patch32: httpd-2.4.6-r1537535.patch
8335b1
Patch33: httpd-2.4.6-r1542327.patch
8335b1
Patch34: httpd-2.4.6-ssl-large-keys.patch
8335b1
Patch35: httpd-2.4.6-pre_htaccess.patch
8335b1
Patch36: httpd-2.4.6-r1573626.patch
8335b1
Patch37: httpd-2.4.6-uds.patch
8335b1
Patch38: httpd-2.4.6-upn.patch
8335b1
Patch39: httpd-2.4.6-r1664565.patch
8335b1
# Bug fixes
8335b1
Patch51: httpd-2.4.3-sslsninotreq.patch
8335b1
Patch55: httpd-2.4.4-malformed-host.patch
8335b1
Patch56: httpd-2.4.4-mod_unique_id.patch
8335b1
Patch57: httpd-2.4.6-ldaprefer.patch
8335b1
Patch58: httpd-2.4.6-r1507681+.patch
8335b1
Patch59: httpd-2.4.6-r1556473.patch
8335b1
Patch60: httpd-2.4.6-r1553540.patch
8335b1
Patch61: httpd-2.4.6-rewrite-clientaddr.patch
8335b1
Patch62: httpd-2.4.6-ab-overflow.patch
8335b1
Patch63: httpd-2.4.6-sigint.patch
8335b1
Patch64: httpd-2.4.6-ssl-ecdh-auto.patch
8335b1
Patch65: httpd-2.4.6-r1556818.patch
8335b1
Patch66: httpd-2.4.6-r1618851.patch
8335b1
Patch67: httpd-2.4.6-r1526189.patch
8335b1
Patch68: httpd-2.4.6-r1663647.patch
8335b1
Patch69: httpd-2.4.6-r1569006.patch
8335b1
Patch70: httpd-2.4.6-r1506474.patch
8335b1
Patch71: httpd-2.4.6-bomb.patch
8335b1
Patch72: httpd-2.4.6-r1604460.patch
8335b1
Patch73: httpd-2.4.6-r1624349.patch
8335b1
Patch74: httpd-2.4.6-ap-ipv6.patch
8335b1
Patch75: httpd-2.4.6-r1530280.patch
8335b1
Patch76: httpd-2.4.6-r1633085.patch
8335b1
Patch78: httpd-2.4.6-ssl-error-free.patch
8335b1
Patch79: httpd-2.4.6-r1528556.patch
8335b1
Patch80: httpd-2.4.6-r1594625.patch
8335b1
Patch81: httpd-2.4.6-r1674222.patch
8335b1
Patch82: httpd-2.4.6-apachectl-httpd-env.patch
8335b1
Patch83: httpd-2.4.6-rewrite-dir.patch
8335b1
Patch84: httpd-2.4.6-r1420184.patch
8335b1
Patch85: httpd-2.4.6-r1524368.patch
8335b1
Patch86: httpd-2.4.6-r1528958.patch
8335b1
Patch87: httpd-2.4.6-r1651083.patch
8335b1
Patch88: httpd-2.4.6-r1688399.patch
8335b1
Patch89: httpd-2.4.6-r1527509.patch
8335b1
Patch90: httpd-2.4.6-apachectl-status.patch
8335b1
Patch91: httpd-2.4.6-r1650655.patch
8335b1
Patch92: httpd-2.4.6-r1533448.patch
8335b1
Patch93: httpd-2.4.6-r1610013.patch
8335b1
Patch94: httpd-2.4.6-r1705528.patch
8335b1
Patch95: httpd-2.4.6-r1684462.patch
8335b1
Patch96: httpd-2.4.6-r1650677.patch
8335b1
Patch97: httpd-2.4.6-r1621601.patch
8335b1
Patch98: httpd-2.4.6-r1610396.patch
8335b1
Patch99: httpd-2.4.6-rotatelog-timezone.patch
8335b1
Patch100: httpd-2.4.6-ab-ssl-error.patch
8335b1
Patch101: httpd-2.4.6-r1723522.patch
8335b1
Patch102: httpd-2.4.6-r1681107.patch
8335b1
Patch103: httpd-2.4.6-dhparams-free.patch
8335b1
Patch104: httpd-2.4.6-r1651658.patch
8335b1
Patch105: httpd-2.4.6-r1560093.patch
8335b1
Patch106: httpd-2.4.6-r1748212.patch
8335b1
Patch107: httpd-2.4.6-r1570327.patch
8335b1
Patch108: httpd-2.4.6-r1631119.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1406184
8335b1
Patch109: httpd-2.4.6-r1593002.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1389535
8335b1
Patch110: httpd-2.4.6-r1662640.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1348019
8335b1
Patch111: httpd-2.4.6-r1348019.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1396197
8335b1
Patch112: httpd-2.4.6-r1587053.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1376835
8335b1
Patch113: httpd-2.4.6-mpm-segfault.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1372692
8335b1
Patch114: httpd-2.4.6-r1681114.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1371876
8335b1
Patch115: httpd-2.4.6-r1775832.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1353740
8335b1
Patch116: httpd-2.4.6-r1726019.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1364604
8335b1
Patch117: httpd-2.4.6-r1683112.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1378946
8335b1
Patch118: httpd-2.4.6-r1651653.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1414258
8335b1
Patch119: httpd-2.4.6-r1634529.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1397241
8335b1
Patch120: httpd-2.4.6-r1738878.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1445885
8335b1
Patch121: httpd-2.4.6-http-protocol-options-define.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1332242
8335b1
Patch122: httpd-2.4.6-statements-comment.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1451333
8335b1
Patch123: httpd-2.4.6-rotatelogs-zombie.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1368491
8335b1
Patch124: httpd-2.4.6-mod_authz_dbd-missing-query.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1288395
8335b1
Patch125: httpd-2.4.6-r1668532.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1499253
8335b1
Patch126: httpd-2.4.6-r1681289.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1430640
8335b1
Patch127: httpd-2.4.6-r1805099.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1448892
8335b1
Patch128: httpd-2.4.6-r1811831.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1464406
8335b1
Patch129: httpd-2.4.6-r1811746.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1440590
8335b1
Patch130: httpd-2.4.6-r1811976.patch
8335b1
# https://bugzilla.redhat.com/show_bug.cgi?id=1506392
8335b1
Patch131: httpd-2.4.6-r1650310.patch
8335b1
8335b1
# Security fixes
8335b1
Patch200: httpd-2.4.6-CVE-2013-6438.patch
8335b1
Patch201: httpd-2.4.6-CVE-2014-0098.patch
8335b1
Patch202: httpd-2.4.6-CVE-2014-0231.patch
8335b1
Patch203: httpd-2.4.6-CVE-2014-0117.patch
8335b1
Patch204: httpd-2.4.6-CVE-2014-0118.patch
8335b1
Patch205: httpd-2.4.6-CVE-2014-0226.patch
8335b1
Patch206: httpd-2.4.6-CVE-2013-4352.patch
8335b1
Patch207: httpd-2.4.6-CVE-2013-5704.patch
8335b1
Patch208: httpd-2.4.6-CVE-2014-3581.patch
8335b1
Patch209: httpd-2.4.6-CVE-2015-3185.patch
8335b1
Patch210: httpd-2.4.6-CVE-2015-3183.patch
8335b1
Patch211: httpd-2.4.6-CVE-2016-5387.patch
8335b1
Patch212: httpd-2.4.6-CVE-2016-8743.patch
8335b1
Patch213: httpd-2.4.6-CVE-2016-0736.patch
8335b1
Patch214: httpd-2.4.6-CVE-2016-2161.patch
8335b1
Patch215: httpd-2.4.6-CVE-2017-3167.patch
8335b1
Patch216: httpd-2.4.6-CVE-2017-3169.patch
8335b1
Patch217: httpd-2.4.6-CVE-2017-7668.patch
8335b1
Patch218: httpd-2.4.6-CVE-2017-7679.patch
8335b1
Patch219: httpd-2.4.6-CVE-2017-9788.patch
8335b1
Patch220: httpd-2.4.6-CVE-2017-9798.patch
8335b1
8335b1
License: ASL 2.0
8335b1
Group: System Environment/Daemons
8335b1
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
8335b1
BuildRequires: autoconf, perl, pkgconfig, findutils, xmlto
8335b1
BuildRequires: zlib-devel, libselinux-devel, lua-devel
8335b1
BuildRequires: apr-devel >= 1.4.0, apr-util-devel >= 1.2.0, pcre-devel >= 5.0
8335b1
BuildRequires: systemd-devel
8335b1
Requires: /etc/mime.types, system-logos >= 7.92.1-1
8335b1
Obsoletes: httpd-suexec
8335b1
Provides: webserver
8335b1
Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
8335b1
Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}, httpd-mmn = %{oldmmnisa}
8335b1
Requires: httpd-tools = %{version}-%{release}
8335b1
Requires(pre): /usr/sbin/useradd
8335b1
Requires(pre): /usr/sbin/groupadd
8335b1
Requires(preun): systemd-units
8335b1
Requires(postun): systemd-units
8335b1
Requires(post): systemd-units
8335b1
8335b1
%description
8335b1
The Apache HTTP Server is a powerful, efficient, and extensible
8335b1
web server.
8335b1
8335b1
%package devel
8335b1
Group: Development/Libraries
8335b1
Summary: Development interfaces for the Apache HTTP server
8335b1
Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
8335b1
Requires: apr-devel, apr-util-devel, pkgconfig
8335b1
Requires: httpd = %{version}-%{release}
8335b1
8335b1
%description devel
8335b1
The httpd-devel package contains the APXS binary and other files
8335b1
that you need to build Dynamic Shared Objects (DSOs) for the
8335b1
Apache HTTP Server.
8335b1
8335b1
If you are installing the Apache HTTP server and you want to be
8335b1
able to compile or develop additional modules for Apache, you need
8335b1
to install this package.
8335b1
8335b1
%package manual
8335b1
Group: Documentation
8335b1
Summary: Documentation for the Apache HTTP server
8335b1
Requires: httpd = %{version}-%{release}
8335b1
Obsoletes: secureweb-manual, apache-manual
8335b1
BuildArch: noarch
8335b1
8335b1
%description manual
8335b1
The httpd-manual package contains the complete manual and
8335b1
reference guide for the Apache HTTP server. The information can
8335b1
also be found at http://httpd.apache.org/docs/2.2/.
8335b1
8335b1
%package tools
8335b1
Group: System Environment/Daemons
8335b1
Summary: Tools for use with the Apache HTTP Server
8335b1
8335b1
%description tools
8335b1
The httpd-tools package contains tools which can be used with 
8335b1
the Apache HTTP Server.
8335b1
8335b1
%package -n mod_ssl
8335b1
Group: System Environment/Daemons
8335b1
Summary: SSL/TLS module for the Apache HTTP Server
8335b1
Epoch: 1
8335b1
BuildRequires: openssl-devel >= 1:1.0.1e-37
8335b1
Requires: openssl-libs >= 1:1.0.1e-37
8335b1
Requires(post): openssl, /bin/cat
8335b1
Requires(pre): httpd
8335b1
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
8335b1
Obsoletes: stronghold-mod_ssl
8335b1
8335b1
%description -n mod_ssl
8335b1
The mod_ssl module provides strong cryptography for the Apache Web
8335b1
server via the Secure Sockets Layer (SSL) and Transport Layer
8335b1
Security (TLS) protocols.
8335b1
8335b1
%package -n mod_proxy_html
8335b1
Group: System Environment/Daemons
8335b1
Summary: HTML and XML content filters for the Apache HTTP Server
8335b1
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
8335b1
BuildRequires: libxml2-devel
8335b1
Epoch: 1
8335b1
Obsoletes: mod_proxy_html < 1:2.4.1-2
8335b1
8335b1
%description -n mod_proxy_html
8335b1
The mod_proxy_html and mod_xml2enc modules provide filters which can
8335b1
transform and modify HTML and XML content.
8335b1
8335b1
%package -n mod_ldap
8335b1
Group: System Environment/Daemons
8335b1
Summary: LDAP authentication modules for the Apache HTTP Server
8335b1
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
8335b1
Requires: apr-util-ldap
8335b1
8335b1
%description -n mod_ldap
8335b1
The mod_ldap and mod_authnz_ldap modules add support for LDAP
8335b1
authentication to the Apache HTTP Server.
8335b1
8335b1
%package -n mod_session
8335b1
Group: System Environment/Daemons
8335b1
Summary: Session interface for the Apache HTTP Server
8335b1
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
8335b1
8335b1
%description -n mod_session
8335b1
The mod_session module and associated backends provide an abstract
8335b1
interface for storing and accessing per-user session data.
8335b1
8335b1
%prep
8335b1
%setup -q
8335b1
%patch1 -p1 -b .apctl
8335b1
%patch2 -p1 -b .apxs
8335b1
%patch3 -p1 -b .deplibs
8335b1
%patch5 -p1 -b .layout
8335b1
%patch6 -p1 -b .apctlsystemd
8335b1
8335b1
%patch21 -p1 -b .fullrelease
8335b1
%patch23 -p1 -b .export
8335b1
%patch24 -p1 -b .corelimit
8335b1
%patch25 -p1 -b .selinux
8335b1
%patch26 -p1 -b .r1337344+
8335b1
%patch27 -p1 -b .icons
8335b1
%patch28 -p1 -b .r1332643+
8335b1
%patch29 -p1 -b .systemd
8335b1
%patch30 -p1 -b .cachehardmax
8335b1
%patch31 -p1 -b .sslmultiproxy
8335b1
%patch32 -p1 -b .r1537535
8335b1
%patch33 -p1 -b .r1542327
8335b1
rm modules/ssl/ssl_engine_dh.c
8335b1
%patch34 -p1 -b .ssllargekeys
8335b1
%patch35 -p1 -b .prehtaccess
8335b1
%patch36 -p1 -b .r1573626
8335b1
%patch37 -p1 -b .uds
8335b1
%patch38 -p1 -b .upn
8335b1
%patch39 -p1 -b .r1664565
8335b1
8335b1
%patch51 -p1 -b .sninotreq
8335b1
%patch55 -p1 -b .malformedhost
8335b1
%patch56 -p1 -b .uniqueid
8335b1
%patch57 -p1 -b .ldaprefer
8335b1
%patch58 -p1 -b .r1507681+
8335b1
%patch59 -p1 -b .r1556473
8335b1
%patch60 -p1 -b .r1553540
8335b1
%patch61 -p1 -b .clientaddr
8335b1
%patch62 -p1 -b .aboverflow
8335b1
%patch63 -p1 -b .sigint
8335b1
%patch64 -p1 -b .sslecdhauto
8335b1
%patch65 -p1 -b .r1556818
8335b1
%patch66 -p1 -b .r1618851
8335b1
%patch67 -p1 -b .r1526189
8335b1
%patch68 -p1 -b .r1663647
8335b1
%patch69 -p1 -b .1569006
8335b1
%patch70 -p1 -b .r1506474
8335b1
%patch71 -p1 -b .bomb
8335b1
%patch72 -p1 -b .r1604460
8335b1
%patch73 -p1 -b .r1624349
8335b1
%patch74 -p1 -b .abipv6
8335b1
%patch75 -p1 -b .r1530280
8335b1
%patch76 -p1 -b .r1633085
8335b1
%patch78 -p1 -b .sslerrorfree
8335b1
%patch79 -p1 -b .r1528556
8335b1
%patch80 -p1 -b .r1594625
8335b1
%patch81 -p1 -b .r1674222
8335b1
%patch82 -p1 -b .envhttpd
8335b1
%patch83 -p1 -b .rewritedir
8335b1
%patch84 -p1 -b .r1420184
8335b1
%patch85 -p1 -b .r1524368
8335b1
%patch86 -p1 -b .r1528958
8335b1
%patch87 -p1 -b .r1651083
8335b1
%patch88 -p1 -b .r1688399
8335b1
%patch89 -p1 -b .r1527509
8335b1
%patch90 -p1 -b .apachectlstatus
8335b1
%patch91 -p1 -b .r1650655
8335b1
%patch92 -p1 -b .r1533448
8335b1
%patch93 -p1 -b .r1610013
8335b1
%patch94 -p1 -b .r1705528
8335b1
%patch95 -p1 -b .r1684462
8335b1
%patch96 -p1 -b .r1650677
8335b1
%patch97 -p1 -b .r1621601
8335b1
%patch98 -p1 -b .r1610396
8335b1
%patch99 -p1 -b .rotatelogtimezone
8335b1
%patch100 -p1 -b .absslerror
8335b1
%patch101 -p1 -b .r1723522
8335b1
%patch102 -p1 -b .r1681107
8335b1
%patch103 -p1 -b .dhparamsfree
8335b1
%patch104 -p1 -b .r1651658
8335b1
%patch105 -p1 -b .r1560093
8335b1
%patch106 -p1 -b .r1748212
8335b1
%patch107 -p1 -b .r1570327
8335b1
%patch108 -p1 -b .r1631119
8335b1
%patch109 -p1 -b .r1593002
8335b1
%patch110 -p1 -b .r1662640
8335b1
%patch111 -p1 -b .r1348019
8335b1
%patch112 -p1 -b .r1587053
8335b1
%patch113 -p1 -b .mpmsegfault
8335b1
%patch114 -p1 -b .r1681114
8335b1
%patch115 -p1 -b .r1371876
8335b1
%patch116 -p1 -b .r1726019
8335b1
%patch117 -p1 -b .r1683112
8335b1
%patch118 -p1 -b .r1651653
8335b1
%patch119 -p1 -b .r1634529
8335b1
%patch120 -p1 -b .r1738878
8335b1
%patch121 -p1 -b .httpprotdefine
8335b1
%patch122 -p1 -b .statement-comment
8335b1
%patch123 -p1 -b .logrotate-zombie
8335b1
%patch124 -p1 -b .modauthzdbd-segfault
8335b1
%patch125 -p1 -b .r1668532
8335b1
%patch126 -p1 -b .r1681289
8335b1
%patch127 -p1 -b .r1805099
8335b1
%patch128 -p1 -b .r1811831
8335b1
%patch129 -p1 -b .r1811746
8335b1
%patch130 -p1 -b .r1811976
8335b1
%patch131 -p1 -b .r1650310
8335b1
8335b1
%patch200 -p1 -b .cve6438
8335b1
%patch201 -p1 -b .cve0098
8335b1
%patch202 -p1 -b .cve0231
8335b1
%patch203 -p1 -b .cve0117
8335b1
%patch204 -p1 -b .cve0118
8335b1
%patch205 -p1 -b .cve0226
8335b1
%patch206 -p1 -b .cve4352
8335b1
%patch207 -p1 -b .cve5704
8335b1
%patch208 -p1 -b .cve3581
8335b1
%patch209 -p1 -b .cve3185
8335b1
%patch210 -p1 -b .cve3183
8335b1
%patch211 -p1 -b .cve5387
8335b1
%patch212 -p1 -b .cve8743
8335b1
%patch213 -p1 -b .cve0736
8335b1
%patch214 -p1 -b .cve2161
8335b1
%patch215 -p1 -b .cve3167
8335b1
%patch216 -p1 -b .cve3169
8335b1
%patch217 -p1 -b .cve7668
8335b1
%patch218 -p1 -b .cve7679
8335b1
%patch219 -p1 -b .cve9788
8335b1
%patch220 -p1 -b .cve9798
8335b1
8335b1
# Patch in the vendor string and the release string
8335b1
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
8335b1
sed -i 's/@RELEASE@/%{release}/' server/core.c
8335b1
8335b1
# Prevent use of setcap in "install-suexec-caps" target.
8335b1
sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in
8335b1
8335b1
# Safety check: prevent build if defined MMN does not equal upstream MMN.
8335b1
vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
8335b1
if test "x${vmmn}" != "x%{mmn}"; then
8335b1
   : Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn}
8335b1
   : Update the mmn macro and rebuild.
8335b1
   exit 1
8335b1
fi
8335b1
8335b1
: Building with MMN %{mmn}, MMN-ISA %{mmnisa} and vendor string '%{vstring}'
8335b1
8335b1
%build
8335b1
# forcibly prevent use of bundled apr, apr-util, pcre
8335b1
rm -rf srclib/{apr,apr-util,pcre}
8335b1
8335b1
# regenerate configure scripts
8335b1
autoheader && autoconf || exit 1
8335b1
8335b1
# Before configure; fix location of build dir in generated apxs
8335b1
%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \
8335b1
	support/apxs.in
8335b1
8335b1
export CFLAGS=$RPM_OPT_FLAGS
8335b1
export LDFLAGS="-Wl,-z,relro,-z,now"
8335b1
8335b1
%ifarch ppc64 ppc64le
8335b1
%global _performance_build 1
8335b1
%endif
8335b1
8335b1
# Hard-code path to links to avoid unnecessary builddep
8335b1
export LYNX_PATH=/usr/bin/links
8335b1
8335b1
# Build the daemon
8335b1
%configure \
8335b1
 	--prefix=%{_sysconfdir}/httpd \
8335b1
 	--exec-prefix=%{_prefix} \
8335b1
 	--bindir=%{_bindir} \
8335b1
 	--sbindir=%{_sbindir} \
8335b1
 	--mandir=%{_mandir} \
8335b1
	--libdir=%{_libdir} \
8335b1
	--sysconfdir=%{_sysconfdir}/httpd/conf \
8335b1
	--includedir=%{_includedir}/httpd \
8335b1
	--libexecdir=%{_libdir}/httpd/modules \
8335b1
	--datadir=%{contentdir} \
8335b1
        --enable-layout=Fedora \
8335b1
        --with-installbuilddir=%{_libdir}/httpd/build \
8335b1
        --enable-mpms-shared=all \
8335b1
        --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
8335b1
	--enable-suexec --with-suexec \
8335b1
        --enable-suexec-capabilities \
8335b1
	--with-suexec-caller=%{suexec_caller} \
8335b1
	--with-suexec-docroot=%{docroot} \
8335b1
	--without-suexec-logfile \
8335b1
        --with-suexec-syslog \
8335b1
	--with-suexec-bin=%{_sbindir}/suexec \
8335b1
	--with-suexec-uidmin=500 --with-suexec-gidmin=100 \
8335b1
        --enable-pie \
8335b1
        --with-pcre \
8335b1
        --enable-mods-shared=all \
8335b1
	--enable-ssl --with-ssl --disable-distcache \
8335b1
	--enable-proxy \
8335b1
        --enable-cache \
8335b1
        --enable-disk-cache \
8335b1
        --enable-ldap --enable-authnz-ldap \
8335b1
        --enable-cgid --enable-cgi \
8335b1
        --enable-authn-anon --enable-authn-alias \
8335b1
        --disable-imagemap  \
8335b1
	$*
8335b1
make %{?_smp_mflags}
8335b1
8335b1
%install
8335b1
rm -rf $RPM_BUILD_ROOT
8335b1
8335b1
make DESTDIR=$RPM_BUILD_ROOT install
8335b1
8335b1
# Install systemd service files
8335b1
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
8335b1
for s in httpd htcacheclean; do
8335b1
  install -p -m 644 $RPM_SOURCE_DIR/${s}.service \
8335b1
                    $RPM_BUILD_ROOT%{_unitdir}/${s}.service
8335b1
done
8335b1
8335b1
# install conf file/directory
8335b1
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \
8335b1
      $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d
8335b1
install -m 644 $RPM_SOURCE_DIR/README.confd \
8335b1
    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README
8335b1
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
8335b1
         00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
8335b1
         01-ldap.conf 00-systemd.conf 01-session.conf; do
8335b1
  install -m 644 -p $RPM_SOURCE_DIR/$f \
8335b1
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
8335b1
done
8335b1
8335b1
for f in welcome.conf ssl.conf manual.conf userdir.conf; do
8335b1
  install -m 644 -p $RPM_SOURCE_DIR/$f \
8335b1
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f
8335b1
done
8335b1
8335b1
# Split-out extra config shipped as default in conf.d:
8335b1
for f in autoindex; do
8335b1
  mv docs/conf/extra/httpd-${f}.conf \
8335b1
        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/${f}.conf
8335b1
done
8335b1
8335b1
# Extra config trimmed:
8335b1
rm -v docs/conf/extra/httpd-{ssl,userdir}.conf
8335b1
8335b1
rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf
8335b1
install -m 644 -p $RPM_SOURCE_DIR/httpd.conf \
8335b1
   $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/httpd.conf
8335b1
8335b1
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
8335b1
for s in httpd htcacheclean; do
8335b1
  install -m 644 -p $RPM_SOURCE_DIR/${s}.sysconf \
8335b1
                    $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/${s}
8335b1
done
8335b1
8335b1
# tmpfiles.d configuration
8335b1
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d 
8335b1
install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \
8335b1
   $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/httpd.conf
8335b1
8335b1
# Other directories
8335b1
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \
8335b1
         $RPM_BUILD_ROOT/run/httpd/htcacheclean
8335b1
8335b1
# Create cache directory
8335b1
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd \
8335b1
         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/proxy \
8335b1
         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/ssl
8335b1
8335b1
# Make the MMN accessible to module packages
8335b1
echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn
8335b1
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm
8335b1
cat > $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.httpd <
8335b1
%%_httpd_mmn %{mmnisa}
8335b1
%%_httpd_apxs %{_bindir}/apxs
8335b1
%%_httpd_modconfdir %{_sysconfdir}/httpd/conf.modules.d
8335b1
%%_httpd_confdir %{_sysconfdir}/httpd/conf.d
8335b1
%%_httpd_contentdir %{contentdir}
8335b1
%%_httpd_moddir %{_libdir}/httpd/modules
8335b1
EOF
8335b1
8335b1
# Handle contentdir
8335b1
mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
8335b1
install -m 644 -p $RPM_SOURCE_DIR/index.html \
8335b1
        $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
8335b1
rm -rf %{contentdir}/htdocs
8335b1
8335b1
# remove manual sources
8335b1
find $RPM_BUILD_ROOT%{contentdir}/manual \( \
8335b1
    -name \*.xml -o -name \*.xml.* -o -name \*.ent -o -name \*.xsl -o -name \*.dtd \
8335b1
    \) -print0 | xargs -0 rm -f
8335b1
8335b1
# Strip the manual down just to English and replace the typemaps with flat files:
8335b1
set +x
8335b1
for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do
8335b1
   if test -f ${f}.en; then
8335b1
      cp ${f}.en ${f}
8335b1
      rm ${f}.*
8335b1
   fi
8335b1
done
8335b1
set -x
8335b1
8335b1
# Clean Document Root
8335b1
rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
8335b1
      $RPM_BUILD_ROOT%{docroot}/cgi-bin/*
8335b1
8335b1
# Symlink for the powered-by-$DISTRO image:
8335b1
ln -s ../../pixmaps/poweredby.png \
8335b1
        $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
8335b1
8335b1
# symlinks for /etc/httpd
8335b1
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
8335b1
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
8335b1
ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
8335b1
8335b1
# install http-ssl-pass-dialog
8335b1
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
8335b1
install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \
8335b1
	$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog
8335b1
8335b1
# Install action scripts
8335b1
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd
8335b1
for f in graceful configtest; do
8335b1
    install -p -m 755 $RPM_SOURCE_DIR/action-${f}.sh \
8335b1
            $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd/${f}
8335b1
done
8335b1
8335b1
# Install logrotate config
8335b1
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
8335b1
install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \
8335b1
	$RPM_BUILD_ROOT/etc/logrotate.d/httpd
8335b1
8335b1
# fix man page paths
8335b1
sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \
8335b1
    -e "s|/usr/local/apache2/conf/mime.types|/etc/mime.types|" \
8335b1
    -e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \
8335b1
    -e "s|/usr/local/apache2/logs/error_log|/var/log/httpd/error_log|" \
8335b1
    -e "s|/usr/local/apache2/logs/access_log|/var/log/httpd/access_log|" \
8335b1
    -e "s|/usr/local/apache2/logs/httpd.pid|/run/httpd/httpd.pid|" \
8335b1
    -e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \
8335b1
  > $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8
8335b1
8335b1
# Make ap_config_layout.h libdir-agnostic
8335b1
sed -i '/.*DEFAULT_..._LIBEXECDIR/d;/DEFAULT_..._INSTALLBUILDDIR/d' \
8335b1
    $RPM_BUILD_ROOT%{_includedir}/httpd/ap_config_layout.h
8335b1
8335b1
# Fix path to instdso in special.mk
8335b1
sed -i '/instdso/s,top_srcdir,top_builddir,' \
8335b1
    $RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk
8335b1
8335b1
# Remove unpackaged files
8335b1
rm -vf \
8335b1
      $RPM_BUILD_ROOT%{_libdir}/*.exp \
8335b1
      $RPM_BUILD_ROOT/etc/httpd/conf/mime.types \
8335b1
      $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \
8335b1
      $RPM_BUILD_ROOT%{_libdir}/httpd/build/config.nice \
8335b1
      $RPM_BUILD_ROOT%{_bindir}/{ap?-config,dbmmanage} \
8335b1
      $RPM_BUILD_ROOT%{_sbindir}/{checkgid,envvars*} \
8335b1
      $RPM_BUILD_ROOT%{contentdir}/htdocs/* \
8335b1
      $RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \
8335b1
      $RPM_BUILD_ROOT%{contentdir}/cgi-bin/*
8335b1
8335b1
rm -rf $RPM_BUILD_ROOT/etc/httpd/conf/{original,extra}
8335b1
8335b1
%pre
8335b1
# Add the "apache" group and user
8335b1
/usr/sbin/groupadd -g 48 -r apache 2> /dev/null || :
8335b1
/usr/sbin/useradd -c "Apache" -u 48 -g apache \
8335b1
	-s /sbin/nologin -r -d %{contentdir} apache 2> /dev/null || :
8335b1
8335b1
%post
8335b1
%systemd_post httpd.service htcacheclean.service
8335b1
8335b1
%preun
8335b1
%systemd_preun httpd.service htcacheclean.service
8335b1
8335b1
%postun
8335b1
%systemd_postun
8335b1
8335b1
# Trigger for conversion from SysV, per guidelines at:
8335b1
# https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd
8335b1
%triggerun -- httpd < 2.2.21-5
8335b1
# Save the current service runlevel info
8335b1
# User must manually run systemd-sysv-convert --apply httpd
8335b1
# to migrate them to systemd targets
8335b1
/usr/bin/systemd-sysv-convert --save httpd.service >/dev/null 2>&1 ||:
8335b1
8335b1
# Run these because the SysV package being removed won't do them
8335b1
/sbin/chkconfig --del httpd >/dev/null 2>&1 || :
8335b1
8335b1
%posttrans
8335b1
test -f /etc/sysconfig/httpd-disable-posttrans || \
8335b1
  /bin/systemctl try-restart httpd.service htcacheclean.service >/dev/null 2>&1 || :
8335b1
8335b1
%define sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt
8335b1
%define sslkey %{_sysconfdir}/pki/tls/private/localhost.key
8335b1
8335b1
%post -n mod_ssl
8335b1
umask 077
8335b1
8335b1
if [ -f %{sslkey} -o -f %{sslcert} ]; then
8335b1
   exit 0
8335b1
fi
8335b1
8335b1
%{_bindir}/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 2048 > %{sslkey} 2> /dev/null
8335b1
8335b1
FQDN=`hostname`
8335b1
if [ "x${FQDN}" = "x" -o ${#FQDN} -gt 59 ]; then
8335b1
   FQDN=localhost.localdomain
8335b1
fi
8335b1
8335b1
cat << EOF | %{_bindir}/openssl req -new -key %{sslkey} \
8335b1
         -x509 -sha256 -days 365 -set_serial $RANDOM -extensions v3_req \
8335b1
         -out %{sslcert} 2>/dev/null
8335b1
--
8335b1
SomeState
8335b1
SomeCity
8335b1
SomeOrganization
8335b1
SomeOrganizationalUnit
8335b1
${FQDN}
8335b1
root@${FQDN}
8335b1
EOF
8335b1
8335b1
%check
8335b1
# Check the built modules are all PIC
8335b1
if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then
8335b1
   : modules contain non-relocatable code
8335b1
   exit 1
8335b1
fi
8335b1
8335b1
%clean
8335b1
rm -rf $RPM_BUILD_ROOT
8335b1
8335b1
%files
8335b1
%defattr(-,root,root)
8335b1
8335b1
%doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE
8335b1
%doc docs/conf/extra/*.conf
8335b1
8335b1
%dir %{_sysconfdir}/httpd
8335b1
%{_sysconfdir}/httpd/modules
8335b1
%{_sysconfdir}/httpd/logs
8335b1
%{_sysconfdir}/httpd/run
8335b1
%dir %{_sysconfdir}/httpd/conf
8335b1
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
8335b1
%config(noreplace) %{_sysconfdir}/httpd/conf/magic
8335b1
8335b1
%config(noreplace) %{_sysconfdir}/logrotate.d/httpd
8335b1
8335b1
%dir %{_sysconfdir}/httpd/conf.d
8335b1
%{_sysconfdir}/httpd/conf.d/README
8335b1
%config(noreplace) %{_sysconfdir}/httpd/conf.d/*.conf
8335b1
%exclude %{_sysconfdir}/httpd/conf.d/ssl.conf
8335b1
%exclude %{_sysconfdir}/httpd/conf.d/manual.conf
8335b1
8335b1
%dir %{_sysconfdir}/httpd/conf.modules.d
8335b1
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf
8335b1
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
8335b1
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
8335b1
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
8335b1
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
8335b1
8335b1
%config(noreplace) %{_sysconfdir}/sysconfig/ht*
8335b1
%{_prefix}/lib/tmpfiles.d/httpd.conf
8335b1
8335b1
%dir %{_libexecdir}/initscripts/legacy-actions/httpd
8335b1
%{_libexecdir}/initscripts/legacy-actions/httpd/*
8335b1
8335b1
%{_sbindir}/ht*
8335b1
%{_sbindir}/fcgistarter
8335b1
%{_sbindir}/apachectl
8335b1
%{_sbindir}/rotatelogs
8335b1
%caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
8335b1
8335b1
%dir %{_libdir}/httpd
8335b1
%dir %{_libdir}/httpd/modules
8335b1
%{_libdir}/httpd/modules/mod*.so
8335b1
%exclude %{_libdir}/httpd/modules/mod_auth_form.so
8335b1
%exclude %{_libdir}/httpd/modules/mod_ssl.so
8335b1
%exclude %{_libdir}/httpd/modules/mod_*ldap.so
8335b1
%exclude %{_libdir}/httpd/modules/mod_proxy_html.so
8335b1
%exclude %{_libdir}/httpd/modules/mod_xml2enc.so
8335b1
%exclude %{_libdir}/httpd/modules/mod_session*.so
8335b1
8335b1
%dir %{contentdir}
8335b1
%dir %{contentdir}/icons
8335b1
%dir %{contentdir}/error
8335b1
%dir %{contentdir}/error/include
8335b1
%dir %{contentdir}/noindex
8335b1
%{contentdir}/icons/*
8335b1
%{contentdir}/error/README
8335b1
%{contentdir}/error/*.var
8335b1
%{contentdir}/error/include/*.html
8335b1
%{contentdir}/noindex/index.html
8335b1
8335b1
%dir %{docroot}
8335b1
%dir %{docroot}/cgi-bin
8335b1
%dir %{docroot}/html
8335b1
8335b1
%attr(0710,root,apache) %dir /run/httpd
8335b1
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean
8335b1
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd
8335b1
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav
8335b1
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
8335b1
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
8335b1
8335b1
%{_mandir}/man8/*
8335b1
8335b1
%{_unitdir}/*.service
8335b1
8335b1
%files tools
8335b1
%defattr(-,root,root)
8335b1
%{_bindir}/*
8335b1
%{_mandir}/man1/*
8335b1
%doc LICENSE NOTICE
8335b1
%exclude %{_bindir}/apxs
8335b1
%exclude %{_mandir}/man1/apxs.1*
8335b1
8335b1
%files manual
8335b1
%defattr(-,root,root)
8335b1
%{contentdir}/manual
8335b1
%config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf
8335b1
8335b1
%files -n mod_ssl
8335b1
%defattr(-,root,root)
8335b1
%{_libdir}/httpd/modules/mod_ssl.so
8335b1
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
8335b1
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf
8335b1
%attr(0700,apache,root) %dir %{_localstatedir}/cache/httpd/ssl
8335b1
%{_libexecdir}/httpd-ssl-pass-dialog
8335b1
8335b1
%files -n mod_proxy_html
8335b1
%defattr(-,root,root)
8335b1
%{_libdir}/httpd/modules/mod_proxy_html.so
8335b1
%{_libdir}/httpd/modules/mod_xml2enc.so
8335b1
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
8335b1
8335b1
%files -n mod_ldap
8335b1
%defattr(-,root,root)
8335b1
%{_libdir}/httpd/modules/mod_*ldap.so
8335b1
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
8335b1
8335b1
%files -n mod_session
8335b1
%defattr(-,root,root)
8335b1
%{_libdir}/httpd/modules/mod_session*.so
8335b1
%{_libdir}/httpd/modules/mod_auth_form.so
8335b1
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
8335b1
8335b1
%files devel
8335b1
%defattr(-,root,root)
8335b1
%{_includedir}/httpd
8335b1
%{_bindir}/apxs
8335b1
%{_mandir}/man1/apxs.1*
8335b1
%dir %{_libdir}/httpd/build
8335b1
%{_libdir}/httpd/build/*.mk
8335b1
%{_libdir}/httpd/build/*.sh
8335b1
%{_sysconfdir}/rpm/macros.httpd
8335b1
8335b1
%changelog
8335b1
* Mon Jan 08 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-80
8335b1
- Related: #1288395 - httpd segfault when logrotate invoked
8335b1
8335b1
* Wed Nov 01 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-79
8335b1
- Resolves: #1274890 - mod_ssl config: tighten defaults
8335b1
8335b1
* Tue Oct 31 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-78
8335b1
- Resolves: #1506392 - Backport: SSLSessionTickets directive support
8335b1
8335b1
* Mon Oct 16 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-77
8335b1
- Resolves: #1440590 - Need an option to disable UTF8-conversion
8335b1
  of certificate DN
8335b1
8335b1
* Thu Oct 12 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-76
8335b1
- Resolves: #1464406 - Apache consumes too much memory for CGI output
8335b1
8335b1
* Thu Oct 12 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-75
8335b1
- Resolves: #1448892 - Cannot override LD_LIBARY_PATH in Apache HTTPD
8335b1
  using SetEnv or PassEnv. Needs documentation.
8335b1
8335b1
* Mon Oct 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-74
8335b1
- Resolves: #1430640 - "ProxyAddHeaders Off" does not become effective
8335b1
  when it's defined outside <Proxy> setting
8335b1
8335b1
* Fri Oct 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-73
8335b1
- Resolves: #1499253 - ProxyRemote with HTTPS backend sends requests
8335b1
  with absoluteURI instead of abs_path
8335b1
8335b1
* Tue Oct 03 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-72
8335b1
- Resolves: #1288395 - httpd segfault when logrotate invoked
8335b1
8335b1
* Tue Oct 03 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-71
8335b1
- Resolves: #1368491 - mod_authz_dbd segfaults when AuthzDBDQuery missing
8335b1
8335b1
* Mon Oct 02 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-70
8335b1
- Resolves: #1467402 - rotatelogs: creation of zombie processes when -p is used
8335b1
8335b1
* Tue Sep 19 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-69
8335b1
- Resolves: #1493065 - CVE-2017-9798 httpd: Use-after-free by limiting
8335b1
  unregistered HTTP method
8335b1
8335b1
* Tue Jul 25 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-68
8335b1
- Resolves: #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw()
8335b1
  authentication bypass
8335b1
- Resolves: #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference
8335b1
- Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread
8335b1
- Resolves: #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread
8335b1
- Resolves: #1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection
8335b1
  in mod_auth_digest
8335b1
8335b1
* Tue May 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-67
8335b1
- Related: #1332242 - Explicitly disallow the '#' character in allow,deny
8335b1
  directives
8335b1
8335b1
* Tue May 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-66
8335b1
- Related: #1332242 - Explicitly disallow the '#' character in allow,deny
8335b1
  directives
8335b1
8335b1
* Thu Apr 27 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-65
8335b1
- Resolves: #1445885 - define _RH_HAS_HTTPPROTOCOLOPTIONS
8335b1
8335b1
* Tue Apr 18 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-64
8335b1
- Resolves: #1442872 - apache user is not created during httpd installation
8335b1
  when apache group already exist with GID other than 48
8335b1
8335b1
* Wed Mar 22 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-63
8335b1
- Related: #1412976 - CVE-2016-0736 CVE-2016-2161 CVE-2016-8743
8335b1
  httpd: various flaws
8335b1
8335b1
* Wed Mar 15 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-62
8335b1
- Resolves: #1397241 - Backport Apache Bug 53098 - mod_proxy_ajp:
8335b1
  patch to set worker secret passed to tomcat
8335b1
8335b1
* Wed Mar 15 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-61
8335b1
- Related: #1414258 - Crash during restart or at startup in mod_ssl,
8335b1
  in certinfo_free() function registered by ssl_stapling_ex_init()
8335b1
8335b1
* Tue Mar 14 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-60
8335b1
- Resolves: #1414258 - Crash during restart or at startup in mod_ssl,
8335b1
  in certinfo_free() function registered by ssl_stapling_ex_init()
8335b1
8335b1
* Mon Mar 13 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-59
8335b1
- Resolves: #1378946 - Backport of apache bug 55910: Continuation lines
8335b1
  are broken during buffer resize
8335b1
8335b1
* Fri Mar 10 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-58
8335b1
- Resolves: #1364604 - Upstream Bug 56925 - ErrorDocument directive misbehaves
8335b1
  with mod_proxy_http and mod_proxy_ajp
8335b1
8335b1
* Thu Mar 09 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-57
8335b1
- Resolves: #1324416 - Error 404 when switching language in HTML manual
8335b1
  more than once
8335b1
8335b1
* Wed Mar 08 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-56
8335b1
- Resolves: #1353740 - Backport Apache PR58118 to fix mod_proxy_fcgi
8335b1
  spamming non-errors: AH01075: Error dispatching request to : (passing
8335b1
  brigade to output filters)
8335b1
8335b1
* Wed Mar 08 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-55
8335b1
- Resolves: #1371876 - Apache httpd returns "200 OK" for a request
8335b1
  exceeding LimitRequestBody when enabling mod_ext_filter
8335b1
8335b1
* Tue Mar 07 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-54
8335b1
- Resolves: #1372692 - Apache httpd does not log status code "413" in
8335b1
  access_log when exceeding LimitRequestBody
8335b1
8335b1
* Tue Mar 07 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-53
8335b1
- Resolves: #1376835 - httpd with worker/event mpm segfaults after multiple
8335b1
  successive graceful reloads
8335b1
8335b1
* Tue Mar 07 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-52
8335b1
- Resolves: #1332242 - Explicitly disallow the '#' character in allow,deny
8335b1
  directives
8335b1
8335b1
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-51
8335b1
- Resolves: #1396197 - Backport: mod_proxy_wstunnel - AH02447: err/hup
8335b1
  on backconn
8335b1
8335b1
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-50
8335b1
- Resolves: #1348019 - mod_proxy: Fix a race condition that caused a failed
8335b1
  worker to be retried before the retry period is over
8335b1
8335b1
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-49
8335b1
- Resolves: #1389535 - Segmentation fault in SSL_renegotiate
8335b1
8335b1
* Mon Mar 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-48
8335b1
- Resolves: #1406184 - stapling_renew_response: abort early
8335b1
  (before apr_uri_parse) if ocspuri is empty
8335b1
8335b1
* Tue Feb  7 2017 Joe Orton <jorton@redhat.com> - 2.4.6-47
8335b1
- prefork: fix delay completing graceful restart (#1327624)
8335b1
- mod_ldap: fix authz regression, failing to rebind (#1415257)
8335b1
8335b1
* Thu Jan 26 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-46
8335b1
- Resolves: #1412976 - CVE-2016-0736 CVE-2016-2161 CVE-2016-8743
8335b1
  httpd: various flaws
8335b1
8335b1
* Wed Aug 03 2016 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-45
8335b1
- RFE: run mod_rewrite external mapping program as non-root (#1316900)
8335b1
8335b1
* Tue Jul 12 2016 Joe Orton <jorton@redhat.com> - 2.4.6-44
8335b1
- add security fix for CVE-2016-5387
8335b1
8335b1
* Tue Jul  5 2016 Joe Orton <jorton@redhat.com> - 2.4.6-43
8335b1
- add 451 (Unavailable For Legal Reasons) response status-code (#1343582)
8335b1
8335b1
* Fri Jun 17 2016 Joe Orton <jorton@redhat.com> - 2.4.6-42
8335b1
- mod_cache: treat cache as valid with changed Expires in 304 (#1331341)
8335b1
8335b1
* Wed Feb 24 2016 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-41
8335b1
- mod_cache: merge r->err_headers_out into r->headers when the response
8335b1
  is cached for the first time (#1264989)
8335b1
- mod_ssl: Do not send SSL warning when SNI hostname is not found as per
8335b1
  RFC 6066 (#1298148)
8335b1
- mod_proxy_fcgi: Ignore body data from backend for 304 responses (#1263038)
8335b1
- fix apache user creation when apache group already exists (#1299889)
8335b1
- fix apache user creation when USERGROUPS_ENAB is set to 'no' (#1288757)
8335b1
- mod_proxy: fix slow response time for reponses with error status code
8335b1
  when using ProxyErrorOverride (#1283653)
8335b1
- mod_ldap: Respect LDAPConnectionPoolTTL for authn connections (#1300149)
8335b1
- mod_ssl: use "localhost" in the dummy SSL cert for long FQDNs (#1240495)
8335b1
- rotatelogs: improve support for localtime (#1244545)
8335b1
- ab: fix read failure when targeting SSL server (#1255331)
8335b1
- mod_log_debug: fix LogMessage example in documentation (#1279465)
8335b1
- mod_authz_dbd, mod_authn_dbd, mod_session_dbd, mod_rewrite: Fix lifetime
8335b1
  of DB lookup entries independently of the selected DB engine (#1287844)
8335b1
- mod_ssl: fix hardware crypto support with custom DH parms (#1291865)
8335b1
- mod_proxy_fcgi: fix SCRIPT_FILENAME when a balancer is used (#1302797)
8335b1
8335b1
* Thu Sep 17 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-40
8335b1
- mod_dav: follow up fix for previous commit (#1263975)
8335b1
8335b1
* Wed Aug 26 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-39
8335b1
- mod_dav: treat dav_resource uri as escaped (#1255480)
8335b1
8335b1
* Wed Aug 19 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-38
8335b1
- mod_ssl: add support for User Principal Name in SSLUserName  (#1242503)
8335b1
8335b1
* Mon Aug 10 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-37
8335b1
- core: fix chunk header parsing defect (CVE-2015-3183)
8335b1
- core: replace of ap_some_auth_required with ap_some_authn_required
8335b1
  and ap_force_authn hook (CVE-2015-3185)
8335b1
8335b1
* Tue Jul 14 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-36
8335b1
- Revert fix for #1162152, it is not needed in RHEL7
8335b1
- mod_proxy_ajp: fix settings ProxyPass parameters for AJP backends (#1242416)
8335b1
8335b1
* Wed Jul 01 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-35
8335b1
- mod_remoteip: correct the trusted proxy match test (#1179306)
8335b1
- mod_dav: send complete response when resource is created (#1235383)
8335b1
- apachectl: correct the apachectl status man page (#1231924)
8335b1
8335b1
* Wed Jun 03 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-34
8335b1
- mod_proxy_fcgi: honor Timeout / ProxyTimeout (#1222328)
8335b1
- do not show all vhosts twice in httpd -D DUMP_VHOSTS output (#1225820)
8335b1
- fix -D[efined] or <Define>[d] variables lifetime accross restarts (#1227219)
8335b1
- mod_ssl: do not send NPN extension with not configured (#1226015)
8335b1
8335b1
* Mon May 18 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-33
8335b1
- mod_authz_dbm: fix crash when using "Require dbm-file-group" (#1221575)
8335b1
8335b1
* Wed Apr 15 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-32
8335b1
- mod_authn_dbd: fix use-after-free bug with postgresql (#1188779)
8335b1
- mod_remoteip: correct the trusted proxy match test (#1179306)
8335b1
- mod_status: honor remote_ip as documented (#1169081)
8335b1
- mod_deflate: fix decompression of files larger than 4GB (#1170214)
8335b1
- core: improve error message for inaccessible DocumentRoot (#1170220)
8335b1
- ab: try all addresses instead of failing on first one when not available (#1125276)
8335b1
- mod_proxy_wstunnel: add support for SSL (#1180745)
8335b1
- mod_proxy_wstunnel: load this module by default (#1180745)
8335b1
- mod_rewrite: add support for WebSockets (#1180745)
8335b1
- mod_rewrite: do not search for directory if a URL will be rewritten (#1210091)
8335b1
- mod_ssl: Fix SSL_CLIENT_VERIFY value when optional_no_ca and SSLSessionCache
8335b1
  are used and SSL session is resumed (#1170206)
8335b1
- mod_ssl: fix memory leak on httpd reloads (#1181690)
8335b1
- mod_ssl: use SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA (#1118476)
8335b1
- mod_cgi: return error code 408 on timeout (#1162152)
8335b1
- mod_dav_fs: set default value of DAVLockDB (#1176449)
8335b1
- add Documentation= to the httpd.service and htcacheclean.service (#1184118)
8335b1
- do not display "bomb" icon for files ending with "core" (#1170215)
8335b1
- add missing Reason-Phrase in HTTP response headers (#1162159)
8335b1
- fix BuildRequires to require openssl-devel >= 1:1.0.1e-37 (#1160625)
8335b1
- apachectl: ignore HTTPD variable from sysconfig (#1214401)
8335b1
- apachectl: fix "graceful" documentation (#1214398)
8335b1
- apachectl: fix "graceful" behaviour when httpd is not running (#1214430)
8335b1
8335b1
* Tue Dec 02 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-31
8335b1
- mod_proxy_fcgi: determine if FCGI_CONN_CLOSE should be enabled
8335b1
  instead of hardcoding it (#1168050)
8335b1
- mod_proxy: support Unix Domain Sockets (#1168081)
8335b1
8335b1
* Tue Nov 25 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-30
8335b1
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
8335b1
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
8335b1
8335b1
* Tue Nov 04 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-29
8335b1
- rebuild against proper version of OpenSSL (#1080125)
8335b1
8335b1
* Wed Oct 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-28
8335b1
- set vstring based on /etc/os-release (#1114123)
8335b1
8335b1
* Mon Oct 06 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-27
8335b1
- fix the dependency on openssl-libs to match the fix for #1080125
8335b1
8335b1
* Mon Sep 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-26
8335b1
- allow <Auth*ProviderAlias>'es to be seen under virtual hosts (#1131847)
8335b1
8335b1
* Fri Sep 19 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-25
8335b1
- do not use hardcoded curve for ECDHE suites (#1080125)
8335b1
8335b1
* Wed Sep 03 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-24
8335b1
- allow reverse-proxy to be set via SetHandler (#1136290)
8335b1
8335b1
* Thu Aug 21 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-23
8335b1
- fix possible crash in SIGINT handling (#1131006)
8335b1
8335b1
* Mon Aug 18 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-22
8335b1
- ab: fix integer overflow when printing stats with lot of requests (#1092420)
8335b1
8335b1
* Mon Aug 11 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-21
8335b1
- add pre_htaccess so mpm-itk can be build as separate module (#1059143)
8335b1
8335b1
* Tue Aug 05 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-20
8335b1
- mod_ssl: prefer larger keys and support up to 8192-bit keys (#1073078)
8335b1
8335b1
* Mon Aug 04 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-19
8335b1
- fix build on ppc64le by using configure macro (#1125545)
8335b1
- compile httpd with -O3 on ppc64le (#1123490)
8335b1
- mod_rewrite: expose CONN_REMOTE_ADDR (#1060536)
8335b1
8335b1
* Thu Jul 17 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-18
8335b1
- mod_cgid: add security fix for CVE-2014-0231 (#1120608)
8335b1
- mod_proxy: add security fix for CVE-2014-0117 (#1120608)
8335b1
- mod_deflate: add security fix for CVE-2014-0118 (#1120608)
8335b1
- mod_status: add security fix for CVE-2014-0226 (#1120608)
8335b1
- mod_cache: add secutiry fix for CVE-2013-4352 (#1120608)
8335b1
8335b1
* Thu Mar 20 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-17
8335b1
- mod_dav: add security fix for CVE-2013-6438 (#1077907)
8335b1
- mod_log_config: add security fix for CVE-2014-0098 (#1077907)
8335b1
8335b1
* Wed Mar  5 2014 Joe Orton <jorton@redhat.com> - 2.4.6-16
8335b1
- mod_ssl: improve DH temp key handling (#1057687)
8335b1
8335b1
* Wed Mar  5 2014 Joe Orton <jorton@redhat.com> - 2.4.6-15
8335b1
- mod_ssl: use 2048-bit RSA key with SHA-256 signature in dummy certificate (#1071276)
8335b1
8335b1
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.4.6-14
8335b1
- Mass rebuild 2014-01-24
8335b1
8335b1
* Mon Jan 13 2014 Joe Orton <jorton@redhat.com> - 2.4.6-13
8335b1
- mod_ssl: sanity-check use of "SSLCompression" (#1036666)
8335b1
- mod_proxy_http: fix brigade memory usage (#1040447)
8335b1
8335b1
* Fri Jan 10 2014 Joe Orton <jorton@redhat.com> - 2.4.6-12
8335b1
- rebuild
8335b1
8335b1
* Thu Jan  9 2014 Joe Orton <jorton@redhat.com> - 2.4.6-11
8335b1
- build with -O3 on ppc64 (#1051066)
8335b1
8335b1
* Tue Jan  7 2014 Joe Orton <jorton@redhat.com> - 2.4.6-10
8335b1
- mod_dav: fix locktoken handling (#1004046)
8335b1
8335b1
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.4.6-9
8335b1
- Mass rebuild 2013-12-27
8335b1
8335b1
* Fri Dec 20 2013 Joe Orton <jorton@redhat.com> - 2.4.6-8
8335b1
- use unambiguous httpd-mmn (#1029360)
8335b1
8335b1
* Fri Nov   1 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-7
8335b1
- mod_ssl: allow SSLEngine to override Listen-based default (#1023168)
8335b1
8335b1
* Thu Oct  31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-6
8335b1
- systemd: Use {MAINPID} notation in service file (#969972)
8335b1
8335b1
* Thu Oct 24 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-5
8335b1
- systemd: send SIGWINCH signal without httpd -k in ExecStop (#969972)
8335b1
8335b1
* Thu Oct 03 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-4
8335b1
- expand macros in macros.httpd (#1011393)
8335b1
8335b1
* Mon Aug 26 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-3
8335b1
- fix "LDAPReferrals off" to really disable LDAP Referrals
8335b1
8335b1
* Wed Jul 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-2
8335b1
- revert fix for dumping vhosts twice
8335b1
8335b1
* Mon Jul 22 2013 Joe Orton <jorton@redhat.com> - 2.4.6-1
8335b1
- update to 2.4.6
8335b1
- mod_ssl: use revised NPN API (r1487772)
8335b1
8335b1
* Thu Jul 11 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-12
8335b1
- mod_unique_id: replace use of hostname + pid with PRNG output (#976666)
8335b1
- apxs: mention -p option in manpage
8335b1
8335b1
* Tue Jul  2 2013 Joe Orton <jorton@redhat.com> - 2.4.4-11
8335b1
- add patch for aarch64 (Dennis Gilmore, #925558)
8335b1
8335b1
* Mon Jul  1 2013 Joe Orton <jorton@redhat.com> - 2.4.4-10
8335b1
- remove duplicate apxs man page from httpd-tools
8335b1
8335b1
* Mon Jun 17 2013 Joe Orton <jorton@redhat.com> - 2.4.4-9
8335b1
- remove zombie dbmmanage script
8335b1
8335b1
* Fri May 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-8
8335b1
- return 400 Bad Request on malformed Host header
8335b1
8335b1
* Mon May 20 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-6
8335b1
- htpasswd/htdbm: fix hash generation bug (#956344)
8335b1
- do not dump vhosts twice in httpd -S output (#928761)
8335b1
- mod_cache: fix potential crash caused by uninitialized variable (#954109)
8335b1
8335b1
* Thu Apr 18 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-5
8335b1
- execute systemctl reload as result of apachectl graceful
8335b1
- mod_ssl: ignore SNI hints unless required by config
8335b1
- mod_cache: forward-port CacheMaxExpire "hard" option
8335b1
- mod_ssl: fall back on another module's proxy hook if mod_ssl proxy
8335b1
  is not configured.
8335b1
8335b1
* Tue Apr 16 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-4
8335b1
- fix service file to not send SIGTERM after ExecStop (#906321, #912288)
8335b1
8335b1
* Tue Mar 26 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-3
8335b1
- protect MIMEMagicFile with IfModule (#893949)
8335b1
8335b1
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-2
8335b1
- really package mod_auth_form in mod_session (#915438)
8335b1
8335b1
* Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-1
8335b1
- update to 2.4.4
8335b1
- fix duplicate ownership of mod_session config (#914901)
8335b1
8335b1
* Fri Feb 22 2013 Joe Orton <jorton@redhat.com> - 2.4.3-17
8335b1
- add mod_session subpackage, move mod_auth_form there (#894500)
8335b1
8335b1
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.3-16
8335b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
8335b1
8335b1
* Tue Jan  8 2013 Joe Orton <jorton@redhat.com> - 2.4.3-15
8335b1
- add systemd service for htcacheclean
8335b1
8335b1
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-14
8335b1
- drop patch for r1344712
8335b1
8335b1
* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-13
8335b1
- filter mod_*.so auto-provides (thanks to rcollet)
8335b1
- pull in syslog logging fix from upstream (r1344712)
8335b1
8335b1
* Fri Oct 26 2012 Joe Orton <jorton@redhat.com> - 2.4.3-12
8335b1
- rebuild to pick up new apr-util-ldap
8335b1
8335b1
* Tue Oct 23 2012 Joe Orton <jorton@redhat.com> - 2.4.3-11
8335b1
- rebuild
8335b1
8335b1
* Wed Oct  3 2012 Joe Orton <jorton@redhat.com> - 2.4.3-10
8335b1
- pull upstream patch r1392850 in addition to r1387633
8335b1
8335b1
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-9.1
8335b1
- restore "ServerTokens Full-Release" support (#811714)
8335b1
8335b1
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-9
8335b1
- define PLATFORM in os.h using vendor string
8335b1
8335b1
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-8
8335b1
- use systemd script unconditionally (#850149)
8335b1
8335b1
* Mon Oct  1 2012 Joe Orton <jorton@redhat.com> - 2.4.3-7
8335b1
- use systemd scriptlets if available (#850149)
8335b1
- don't run posttrans restart if /etc/sysconfig/httpd-disable-posttrans exists
8335b1
8335b1
* Mon Oct 01 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-6
8335b1
- use systemctl from apachectl (#842736)
8335b1
8335b1
* Wed Sep 19 2012 Joe Orton <jorton@redhat.com> - 2.4.3-5
8335b1
- fix some error log spam with graceful-stop (r1387633)
8335b1
- minor mod_systemd tweaks
8335b1
8335b1
* Thu Sep 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-4
8335b1
- use IncludeOptional for conf.d/*.conf inclusion
8335b1
8335b1
* Fri Sep 07 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.3-3
8335b1
- adding mod_systemd to integrate with systemd better
8335b1
8335b1
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-2
8335b1
- mod_ssl: add check for proxy keypair match (upstream r1374214)
8335b1
8335b1
* Tue Aug 21 2012 Joe Orton <jorton@redhat.com> - 2.4.3-1
8335b1
- update to 2.4.3 (#849883)
8335b1
- own the docroot (#848121)
8335b1
8335b1
* Mon Aug  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-23
8335b1
- add mod_proxy fixes from upstream (r1366693, r1365604)
8335b1
8335b1
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-22
8335b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
8335b1
8335b1
* Fri Jul  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-21
8335b1
- drop explicit version requirement on initscripts
8335b1
8335b1
* Thu Jul  5 2012 Joe Orton <jorton@redhat.com> - 2.4.2-20
8335b1
- mod_ext_filter: fix error_log warnings
8335b1
8335b1
* Mon Jul  2 2012 Joe Orton <jorton@redhat.com> - 2.4.2-19
8335b1
- support "configtest" and "graceful" as initscripts "legacy actions"
8335b1
8335b1
* Fri Jun  8 2012 Joe Orton <jorton@redhat.com> - 2.4.2-18
8335b1
- avoid use of "core" GIF for a "core" directory (#168776)
8335b1
- drop use of "syslog.target" in systemd unit file
8335b1
8335b1
* Thu Jun  7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-17
8335b1
- use _unitdir for systemd unit file
8335b1
- use /run in unit file, ssl.conf
8335b1
8335b1
* Thu Jun  7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-16
8335b1
- mod_ssl: fix NPN patch merge
8335b1
8335b1
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-15
8335b1
- move tmpfiles.d fragment into /usr/lib per new guidelines
8335b1
- package /run/httpd not /var/run/httpd
8335b1
- set runtimedir to /run/httpd likewise
8335b1
8335b1
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-14
8335b1
- fix htdbm/htpasswd crash on crypt() failure (#818684)
8335b1
8335b1
* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-13
8335b1
- pull fix for NPN patch from upstream (r1345599)
8335b1
8335b1
* Thu May 31 2012 Joe Orton <jorton@redhat.com> - 2.4.2-12
8335b1
- update suexec patch to use LOG_AUTHPRIV facility
8335b1
8335b1
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-11
8335b1
- really fix autoindex.conf (thanks to remi@)
8335b1
8335b1
* Thu May 24 2012 Joe Orton <jorton@redhat.com> - 2.4.2-10
8335b1
- fix autoindex.conf to allow symlink to poweredby.png
8335b1
8335b1
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-9
8335b1
- suexec: use upstream version of patch for capability bit support
8335b1
8335b1
* Wed May 23 2012 Joe Orton <jorton@redhat.com> - 2.4.2-8
8335b1
- suexec: use syslog rather than suexec.log, drop dac_override capability
8335b1
8335b1
* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-7
8335b1
- mod_ssl: add TLS NPN support (r1332643, #809599)
8335b1
8335b1
* Tue May  1 2012 Joe Orton <jorton@redhat.com> - 2.4.2-6
8335b1
- add BR on APR >= 1.4.0
8335b1
8335b1
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-5
8335b1
- use systemctl from logrotate (#221073)
8335b1
8335b1
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-4
8335b1
- pull from upstream:
8335b1
  * use TLS close_notify alert for dummy_connection (r1326980+)
8335b1
  * cleanup symbol exports (r1327036+)
8335b1
8335b1
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3.2
8335b1
- rebuild
8335b1
8335b1
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3
8335b1
- really fix restart
8335b1
8335b1
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-2
8335b1
- tweak default ssl.conf
8335b1
- fix restart handling (#814645)
8335b1
- use graceful restart by default
8335b1
8335b1
* Wed Apr 18 2012 Jan Kaluza <jkaluza@redhat.com> - 2.4.2-1
8335b1
- update to 2.4.2
8335b1
8335b1
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-6
8335b1
- fix macros
8335b1
8335b1
* Fri Mar 23 2012 Joe Orton <jorton@redhat.com> - 2.4.1-5
8335b1
- add _httpd_moddir to macros
8335b1
8335b1
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-4
8335b1
- fix symlink for poweredby.png
8335b1
- fix manual.conf
8335b1
8335b1
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-3
8335b1
- add mod_proxy_html subpackage (w/mod_proxy_html + mod_xml2enc)
8335b1
- move mod_ldap, mod_authnz_ldap to mod_ldap subpackage
8335b1
8335b1
* Tue Mar 13 2012 Joe Orton <jorton@redhat.com> - 2.4.1-2
8335b1
- clean docroot better
8335b1
- ship proxy, ssl directories within /var/cache/httpd
8335b1
- default config:
8335b1
 * unrestricted access to (only) /var/www
8335b1
 * remove (commented) Mutex, MaxRanges, ScriptSock
8335b1
 * split autoindex config to conf.d/autoindex.conf
8335b1
- ship additional example configs in docdir
8335b1
8335b1
* Tue Mar  6 2012 Joe Orton <jorton@redhat.com> - 2.4.1-1
8335b1
- update to 2.4.1
8335b1
- adopt upstream default httpd.conf (almost verbatim)
8335b1
- split all LoadModules to conf.modules.d/*.conf
8335b1
- include conf.d/*.conf at end of httpd.conf
8335b1
- trim %%changelog
8335b1
8335b1
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-2
8335b1
- fix build against PCRE 8.30
8335b1
8335b1
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-1
8335b1
- update to 2.2.22
8335b1
8335b1
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 2.2.21-8
8335b1
- Rebuild against PCRE 8.30
8335b1
8335b1
* Mon Jan 23 2012 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-7
8335b1
- fix #783629 - start httpd after named
8335b1
8335b1
* Mon Jan 16 2012 Joe Orton <jorton@redhat.com> - 2.2.21-6
8335b1
- complete conversion to systemd, drop init script (#770311)
8335b1
- fix comments in /etc/sysconfig/httpd (#771024)
8335b1
- enable PrivateTmp in service file (#781440)
8335b1
- set LANG=C in /etc/sysconfig/httpd
8335b1
8335b1
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.21-5
8335b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
8335b1
8335b1
* Tue Dec 06 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-4
8335b1
- fix #751591 - start httpd after remote-fs
8335b1
8335b1
* Mon Oct 24 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.21-3
8335b1
- allow change state of BalancerMember in mod_proxy_balancer web interface
8335b1
8335b1
* Thu Sep 22 2011 Ville Skyttä <ville.skytta@iki.fi> - 2.2.21-2
8335b1
- Make mmn available as %%{_httpd_mmn}.
8335b1
- Add .svgz to AddEncoding x-gzip example in httpd.conf.
8335b1
8335b1
* Tue Sep 13 2011 Joe Orton <jorton@redhat.com> - 2.2.21-1
8335b1
- update to 2.2.21
8335b1
8335b1
* Mon Sep  5 2011 Joe Orton <jorton@redhat.com> - 2.2.20-1
8335b1
- update to 2.2.20
8335b1
- fix MPM stub man page generation
8335b1
8335b1
* Wed Aug 10 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-5
8335b1
- fix #707917 - add httpd-ssl-pass-dialog to ask for SSL password using systemd
8335b1
8335b1
* Fri Jul 22 2011 Iain Arnell <iarnell@gmail.com> 1:2.2.19-4
8335b1
- rebuild while rpm-4.9.1 is untagged to remove trailing slash in provided
8335b1
  directory names
8335b1
8335b1
* Wed Jul 20 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-3
8335b1
- fix #716621 - suexec now works without setuid bit
8335b1
8335b1
* Thu Jul 14 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-2
8335b1
- fix #689091 - backported patch from 2.3 branch to support IPv6 in logresolve
8335b1
8335b1
* Fri Jul  1 2011 Joe Orton <jorton@redhat.com> - 2.2.19-1
8335b1
- update to 2.2.19
8335b1
- enable dbd, authn_dbd in default config
8335b1
8335b1
* Thu Apr 14 2011 Joe Orton <jorton@redhat.com> - 2.2.17-13
8335b1
- fix path expansion in service files
8335b1
8335b1
* Tue Apr 12 2011 Joe Orton <jorton@redhat.com> - 2.2.17-12
8335b1
- add systemd service files (#684175, thanks to Jóhann B. Guðmundsson)
8335b1
8335b1
* Wed Mar 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-11
8335b1
- minor updates to httpd.conf
8335b1
- drop old patches
8335b1
8335b1
* Wed Mar  2 2011 Joe Orton <jorton@redhat.com> - 2.2.17-10
8335b1
- rebuild
8335b1
8335b1
* Wed Feb 23 2011 Joe Orton <jorton@redhat.com> - 2.2.17-9
8335b1
- use arch-specific mmn
8335b1
8335b1
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.17-8
8335b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
8335b1
8335b1
* Mon Jan 31 2011 Joe Orton <jorton@redhat.com> - 2.2.17-7
8335b1
- generate dummy mod_ssl cert with CA:FALSE constraint (#667841)
8335b1
- add man page stubs for httpd.event, httpd.worker
8335b1
- drop distcache support
8335b1
- add STOP_TIMEOUT support to init script
8335b1
8335b1
* Sat Jan  8 2011 Joe Orton <jorton@redhat.com> - 2.2.17-6
8335b1
- update default SSLCipherSuite per upstream trunk
8335b1
8335b1
* Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-5
8335b1
- fix requires (#667397)
8335b1
8335b1
* Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-4
8335b1
- de-ghost /var/run/httpd
8335b1
8335b1
* Tue Jan  4 2011 Joe Orton <jorton@redhat.com> - 2.2.17-3
8335b1
- add tmpfiles.d configuration, ghost /var/run/httpd (#656600)
8335b1
8335b1
* Sat Nov 20 2010 Joe Orton <jorton@redhat.com> - 2.2.17-2
8335b1
- drop setuid bit, use capabilities for suexec binary
8335b1
8335b1
* Wed Oct 27 2010 Joe Orton <jorton@redhat.com> - 2.2.17-1
8335b1
- update to 2.2.17
8335b1
8335b1
* Fri Sep 10 2010 Joe Orton <jorton@redhat.com> - 2.2.16-2
8335b1
- link everything using -z relro and -z now
8335b1
8335b1
* Mon Jul 26 2010 Joe Orton <jorton@redhat.com> - 2.2.16-1
8335b1
- update to 2.2.16
8335b1
8335b1
* Fri Jul  9 2010 Joe Orton <jorton@redhat.com> - 2.2.15-3
8335b1
- default config tweaks:
8335b1
 * harden httpd.conf w.r.t. .htaccess restriction (#591293)
8335b1
 * load mod_substitute, mod_version by default
8335b1
 * drop proxy_ajp.conf, load mod_proxy_ajp in httpd.conf
8335b1
 * add commented list of shipped-but-unloaded modules
8335b1
 * bump up worker defaults a little
8335b1
 * drop KeepAliveTimeout to 5 secs per upstream
8335b1
- fix LSB compliance in init script (#522074)
8335b1
- bundle NOTICE in -tools
8335b1
- use init script in logrotate postrotate to pick up PIDFILE
8335b1
- drop some old Obsoletes/Conflicts
8335b1
8335b1
* Sun Apr 04 2010 Robert Scheck <robert@fedoraproject.org> - 2.2.15-1
8335b1
- update to 2.2.15 (#572404, #579311)
8335b1