diff --git a/.gitignore b/.gitignore
index 4c70af4..2c3e956 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,3 @@ SOURCES/htcacheclean.service.xml
SOURCES/httpd-2.4.37.tar.bz2
SOURCES/httpd.conf.xml
SOURCES/httpd.service.xml
-SOURCES/centos-noindex-8.0.tar.gz
diff --git a/.httpd.metadata b/.httpd.metadata
index 000b59a..091ca86 100644
--- a/.httpd.metadata
+++ b/.httpd.metadata
@@ -2,4 +2,3 @@ a34c31169efbe6140496c37801489610461bdf9b SOURCES/htcacheclean.service.xml
4a38471de821288b0300148016f2b03dfee8adf2 SOURCES/httpd-2.4.37.tar.bz2
fa18caadd0afbddc2c7a7fc404bf4f2b41867148 SOURCES/httpd.conf.xml
888df830bdc465de3bced6f075c33380018e544f SOURCES/httpd.service.xml
-6aa65f45c247226fc922c455e0187abd90c839e8 SOURCES/centos-noindex-8.0.tar.gz
diff --git a/README.debrand b/README.debrand
deleted file mode 100644
index 01c46d2..0000000
--- a/README.debrand
+++ /dev/null
@@ -1,2 +0,0 @@
-Warning: This package was configured for automatic debranding, but the changes
-failed to apply.
diff --git a/SOURCES/config.layout b/SOURCES/config.layout
new file mode 100644
index 0000000..3a9f6c8
--- /dev/null
+++ b/SOURCES/config.layout
@@ -0,0 +1,24 @@
+# Layout used in Fedora httpd packaging.
+
+ prefix: /etc/httpd
+ localstatedir: /var
+ exec_prefix: /usr
+ bindir: ${exec_prefix}/bin
+ sbindir: ${exec_prefix}/sbin
+ libdir: ${exec_prefix}/lib
+ libexecdir: ${exec_prefix}/libexec
+ mandir: ${exec_prefix}/man
+ sysconfdir: /etc/httpd/conf
+ datadir: ${exec_prefix}/share/httpd
+ installbuilddir: ${libdir}/httpd/build
+ errordir: ${datadir}/error
+ iconsdir: ${datadir}/icons
+ htdocsdir: ${localstatedir}/www/html
+ manualdir: ${datadir}/manual
+ cgidir: ${localstatedir}/www/cgi-bin
+ includedir: ${exec_prefix}/include/httpd
+ runtimedir: ${prefix}/run
+ logfiledir: ${localstatedir}/log/httpd
+ statedir: ${prefix}/state
+ proxycachedir: ${localstatedir}/cache/httpd/proxy
+
diff --git a/SOURCES/httpd-2.4.35-layout.patch b/SOURCES/httpd-2.4.35-layout.patch
deleted file mode 100644
index 7633871..0000000
--- a/SOURCES/httpd-2.4.35-layout.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-
-Add layout for Fedora.
-
-diff --git a/config.layout b/config.layout
-index 8579587..79fbce7 100644
---- a/config.layout
-+++ b/config.layout
-@@ -394,3 +394,27 @@
- logfiledir: ${localstatedir}/log/httpd
- proxycachedir: ${localstatedir}/cache/httpd
-
-+
-+# Fedora/RHEL layout
-+
-+ prefix: /usr
-+ exec_prefix: ${prefix}
-+ bindir: ${prefix}/bin
-+ sbindir: ${prefix}/sbin
-+ libdir: ${prefix}/lib
-+ libexecdir: ${prefix}/libexec
-+ mandir: ${prefix}/man
-+ sysconfdir: /etc/httpd/conf
-+ datadir: ${prefix}/share/httpd
-+ installbuilddir: ${libdir}/httpd/build
-+ errordir: ${datadir}/error
-+ iconsdir: ${datadir}/icons
-+ htdocsdir: /var/www/html
-+ manualdir: ${datadir}/manual
-+ cgidir: /var/www/cgi-bin
-+ includedir: ${prefix}/include/httpd
-+ localstatedir: /var
-+ runtimedir: /run/httpd
-+ logfiledir: ${localstatedir}/log/httpd
-+ proxycachedir: ${localstatedir}/cache/httpd/proxy
-+
diff --git a/SOURCES/httpd-2.4.37-CVE-2019-0217.patch b/SOURCES/httpd-2.4.37-CVE-2019-0217.patch
new file mode 100644
index 0000000..1614e72
--- /dev/null
+++ b/SOURCES/httpd-2.4.37-CVE-2019-0217.patch
@@ -0,0 +1,111 @@
+--- a/modules/aaa/mod_auth_digest.c 2019/03/12 09:24:19 1855297
++++ b/modules/aaa/mod_auth_digest.c 2019/03/12 09:24:26 1855298
+@@ -92,7 +92,6 @@
+ int check_nc;
+ const char *algorithm;
+ char *uri_list;
+- const char *ha1;
+ } digest_config_rec;
+
+
+@@ -153,6 +152,7 @@
+ apr_time_t nonce_time;
+ enum hdr_sts auth_hdr_sts;
+ int needed_auth;
++ const char *ha1;
+ client_entry *client;
+ } digest_header_rec;
+
+@@ -1304,7 +1304,7 @@
+ */
+
+ static authn_status get_hash(request_rec *r, const char *user,
+- digest_config_rec *conf)
++ digest_config_rec *conf, const char **rethash)
+ {
+ authn_status auth_result;
+ char *password;
+@@ -1356,7 +1356,7 @@
+ } while (current_provider);
+
+ if (auth_result == AUTH_USER_FOUND) {
+- conf->ha1 = password;
++ *rethash = password;
+ }
+
+ return auth_result;
+@@ -1483,25 +1483,24 @@
+
+ /* RFC-2069 */
+ static const char *old_digest(const request_rec *r,
+- const digest_header_rec *resp, const char *ha1)
++ const digest_header_rec *resp)
+ {
+ const char *ha2;
+
+ ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":",
+ resp->uri, NULL));
+ return ap_md5(r->pool,
+- (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce,
+- ":", ha2, NULL));
++ (unsigned char *)apr_pstrcat(r->pool, resp->ha1, ":",
++ resp->nonce, ":", ha2, NULL));
+ }
+
+ /* RFC-2617 */
+ static const char *new_digest(const request_rec *r,
+- digest_header_rec *resp,
+- const digest_config_rec *conf)
++ digest_header_rec *resp)
+ {
+ const char *ha1, *ha2, *a2;
+
+- ha1 = conf->ha1;
++ ha1 = resp->ha1;
+
+ a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL);
+ ha2 = ap_md5(r->pool, (const unsigned char *)a2);
+@@ -1514,7 +1513,6 @@
+ NULL));
+ }
+
+-
+ static void copy_uri_components(apr_uri_t *dst,
+ apr_uri_t *src, request_rec *r) {
+ if (src->scheme && src->scheme[0] != '\0') {
+@@ -1759,7 +1757,7 @@
+ return HTTP_UNAUTHORIZED;
+ }
+
+- return_code = get_hash(r, r->user, conf);
++ return_code = get_hash(r, r->user, conf, &resp->ha1);
+
+ if (return_code == AUTH_USER_NOT_FOUND) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01790)
+@@ -1789,7 +1787,7 @@
+
+ if (resp->message_qop == NULL) {
+ /* old (rfc-2069) style digest */
+- if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) {
++ if (strcmp(resp->digest, old_digest(r, resp))) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01792)
+ "user %s: password mismatch: %s", r->user,
+ r->uri);
+@@ -1819,7 +1817,7 @@
+ return HTTP_UNAUTHORIZED;
+ }
+
+- exp_digest = new_digest(r, resp, conf);
++ exp_digest = new_digest(r, resp);
+ if (!exp_digest) {
+ /* we failed to allocate a client struct */
+ return HTTP_INTERNAL_SERVER_ERROR;
+@@ -1903,7 +1901,7 @@
+
+ /* calculate rspauth attribute
+ */
+- ha1 = conf->ha1;
++ ha1 = resp->ha1;
+
+ a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL);
+ ha2 = ap_md5(r->pool, (const unsigned char *)a2);
diff --git a/SOURCES/httpd-2.4.37-CVE-2019-0220.patch b/SOURCES/httpd-2.4.37-CVE-2019-0220.patch
new file mode 100644
index 0000000..1fcb68e
--- /dev/null
+++ b/SOURCES/httpd-2.4.37-CVE-2019-0220.patch
@@ -0,0 +1,235 @@
+diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
+index 0a24bc8..20d1e5a 100644
+--- a/docs/manual/mod/core.html.en
++++ b/docs/manual/mod/core.html.en
+@@ -97,6 +97,7 @@ available
+
MaxRangeOverlaps
+ MaxRangeReversals
+ MaxRanges
++ MergeSlashes
+ MergeTrailers
+ Mutex
+ NameVirtualHost
+@@ -3465,6 +3466,30 @@ resource
+
+
+
++
++
++
By default, the server merges (or collapses) multiple consecutive slash
++ ('/') characters in the path component of the request URL.
++
++
When mapping URL's to the filesystem, these multiple slashes are not
++ significant. However, URL's handled other ways, such as by CGI or proxy,
++ might prefer to retain the significance of multiple consecutive slashes.
++ In these cases MergeSlashes
can be set to
++ OFF to retain the multiple consecutive slashes. In these
++ configurations, regular expressions used in the configuration file that match
++ the path component of the URL (LocationMatch
,
++ RewriteRule
, ...) need to take into account multiple
++ consecutive slashes.
++
++
+
+
+ Description: | Determines whether trailers are merged into headers |
+--- a/include/http_core.h 2019/03/18 08:49:19 1855736
++++ b/include/http_core.h 2019/03/18 08:49:59 1855737
+@@ -740,7 +740,7 @@
+ #define AP_HTTP_METHODS_LENIENT 1
+ #define AP_HTTP_METHODS_REGISTERED 2
+ char http_methods;
+-
++ unsigned int merge_slashes;
+ } core_server_config;
+
+ /* for AddOutputFiltersByType in core.c */
+diff --git a/include/httpd.h b/include/httpd.h
+index 65392f8..99f7f04 100644
+--- a/include/httpd.h
++++ b/include/httpd.h
+@@ -1697,11 +1697,21 @@ AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes);
+ AP_DECLARE(int) ap_unescape_urlencoded(char *query);
+
+ /**
+- * Convert all double slashes to single slashes
+- * @param name The string to convert
++ * Convert all double slashes to single slashes, except where significant
++ * to the filesystem on the current platform.
++ * @param name The string to convert, assumed to be a filesystem path
+ */
+ AP_DECLARE(void) ap_no2slash(char *name);
+
++/**
++ * Convert all double slashes to single slashes, except where significant
++ * to the filesystem on the current platform.
++ * @param name The string to convert
++ * @param is_fs_path if set to 0, the significance of any double-slashes is
++ * ignored.
++ */
++AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path);
++
+ /**
+ * Remove all ./ and xx/../ substrings from a file name. Also remove
+ * any leading ../ or /../ substrings.
+diff --git a/server/request.c b/server/request.c
+index dbe3e07..d5c558a 100644
+--- a/server/request.c
++++ b/server/request.c
+@@ -167,6 +167,8 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
+ int file_req = (r->main && r->filename);
+ int access_status;
+ core_dir_config *d;
++ core_server_config *sconf =
++ ap_get_core_module_config(r->server->module_config);
+
+ /* Ignore embedded %2F's in path for proxy requests */
+ if (!r->proxyreq && r->parsed_uri.path) {
+@@ -191,6 +193,12 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
+ }
+
+ ap_getparents(r->uri); /* OK --- shrinking transformations... */
++ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
++ ap_no2slash(r->uri);
++ if (r->parsed_uri.path) {
++ ap_no2slash(r->parsed_uri.path);
++ }
++ }
+
+ /* All file subrequests are a huge pain... they cannot bubble through the
+ * next several steps. Only file subrequests are allowed an empty uri,
+@@ -1411,20 +1419,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
+
+ cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
+ cached = (cache->cached != NULL);
+-
+- /* Location and LocationMatch differ on their behaviour w.r.t. multiple
+- * slashes. Location matches multiple slashes with a single slash,
+- * LocationMatch doesn't. An exception, for backwards brokenness is
+- * absoluteURIs... in which case neither match multiple slashes.
+- */
+- if (r->uri[0] != '/') {
+- entry_uri = r->uri;
+- }
+- else {
+- char *uri = apr_pstrdup(r->pool, r->uri);
+- ap_no2slash(uri);
+- entry_uri = uri;
+- }
++ entry_uri = r->uri;
+
+ /* If we have an cache->cached location that matches r->uri,
+ * and the vhost's list of locations hasn't changed, we can skip
+@@ -1491,7 +1486,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
+ pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
+ }
+
+- if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
++ if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
+ continue;
+ }
+
+@@ -1501,7 +1496,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
+ apr_table_setn(r->subprocess_env,
+ ((const char **)entry_core->refs->elts)[i],
+ apr_pstrndup(r->pool,
+- r->uri + pmatch[i].rm_so,
++ entry_uri + pmatch[i].rm_so,
+ pmatch[i].rm_eo - pmatch[i].rm_so));
+ }
+ }
+diff --git a/server/util.c b/server/util.c
+index fd7a0a1..e0c558c 100644
+--- a/server/util.c
++++ b/server/util.c
+@@ -561,16 +561,20 @@ AP_DECLARE(void) ap_getparents(char *name)
+ name[l] = '\0';
+ }
+ }
+-
+-AP_DECLARE(void) ap_no2slash(char *name)
++AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path)
+ {
++
+ char *d, *s;
+
++ if (!*name) {
++ return;
++ }
++
+ s = d = name;
+
+ #ifdef HAVE_UNC_PATHS
+ /* Check for UNC names. Leave leading two slashes. */
+- if (s[0] == '/' && s[1] == '/')
++ if (is_fs_path && s[0] == '/' && s[1] == '/')
+ *d++ = *s++;
+ #endif
+
+@@ -587,6 +591,10 @@ AP_DECLARE(void) ap_no2slash(char *name)
+ *d = '\0';
+ }
+
++AP_DECLARE(void) ap_no2slash(char *name)
++{
++ ap_no2slash_ex(name, 1);
++}
+
+ /*
+ * copy at most n leading directories of s into d
+diff --git a/server/core.c b/server/core.c
+index b5ab429..a31f1e4 100644
+--- a/server/core.c
++++ b/server/core.c
+@@ -493,6 +493,7 @@ static void *create_core_server_config(apr_pool_t *a, server_rec *s)
+ */
+
+ conf->trace_enable = AP_TRACE_UNSET;
++ conf->merge_slashes = AP_CORE_CONFIG_UNSET;
+
+ conf->protocols = apr_array_make(a, 5, sizeof(const char *));
+ conf->protocols_honor_order = -1;
+@@ -561,7 +562,9 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv)
+ conf->protocols_honor_order = ((virt->protocols_honor_order < 0)?
+ base->protocols_honor_order :
+ virt->protocols_honor_order);
+-
++
++ AP_CORE_MERGE_FLAG(merge_slashes, conf, base, virt);
++
+ return conf;
+ }
+
+@@ -1872,6 +1875,13 @@ static const char *set_qualify_redirect_url(cmd_parms *cmd, void *d_, int flag)
+ return NULL;
+ }
+
++static const char *set_core_server_flag(cmd_parms *cmd, void *s_, int flag)
++{
++ core_server_config *conf =
++ ap_get_core_module_config(cmd->server->module_config);
++ return ap_set_flag_slot(cmd, conf, flag);
++}
++
+ static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *const argv[])
+ {
+ core_dir_config *d = d_;
+@@ -4598,6 +4608,10 @@ AP_INIT_ITERATE("HttpProtocolOptions", set_http_protocol_options, NULL, RSRC_CON
+ "'Unsafe' or 'Strict' (default). Sets HTTP acceptance rules"),
+ AP_INIT_ITERATE("RegisterHttpMethod", set_http_method, NULL, RSRC_CONF,
+ "Registers non-standard HTTP methods"),
++AP_INIT_FLAG("MergeSlashes", set_core_server_flag,
++ (void *)APR_OFFSETOF(core_server_config, merge_slashes),
++ RSRC_CONF,
++ "Controls whether consecutive slashes in the URI path are merged"),
+ { NULL }
+ };
+
diff --git a/SOURCES/httpd-2.4.37-mod-md-perms.patch b/SOURCES/httpd-2.4.37-mod-md-perms.patch
new file mode 100644
index 0000000..78c0fc3
--- /dev/null
+++ b/SOURCES/httpd-2.4.37-mod-md-perms.patch
@@ -0,0 +1,44 @@
+diff --git a/modules/md/mod_md_os.c b/modules/md/mod_md_os.c
+index f96d566..8df0248 100644
+--- a/modules/md/mod_md_os.c
++++ b/modules/md/mod_md_os.c
+@@ -41,14 +41,20 @@
+
+ apr_status_t md_try_chown(const char *fname, unsigned int uid, int gid, apr_pool_t *p)
+ {
+-#if AP_NEED_SET_MUTEX_PERMS
+- if (-1 == chown(fname, (uid_t)uid, (gid_t)gid)) {
+- apr_status_t rv = APR_FROM_OS_ERROR(errno);
+- if (!APR_STATUS_IS_ENOENT(rv)) {
+- ap_log_perror(APLOG_MARK, APLOG_ERR, rv, p, APLOGNO(10082)
+- "Can't change owner of %s", fname);
++#if AP_NEED_SET_MUTEX_PERMS && HAVE_UNISTD_H
++ /* Since we only switch user when running as root, we only need to chown directories
++ * in that case. Otherwise, the server will ignore any "user/group" directives and
++ * child processes have the same privileges as the parent.
++ */
++ if (!geteuid()) {
++ if (-1 == chown(fname, (uid_t)uid, (gid_t)gid)) {
++ apr_status_t rv = APR_FROM_OS_ERROR(errno);
++ if (!APR_STATUS_IS_ENOENT(rv)) {
++ ap_log_perror(APLOG_MARK, APLOG_ERR, rv, p, APLOGNO(10082)
++ "Can't change owner of %s", fname);
++ }
++ return rv;
+ }
+- return rv;
+ }
+ return APR_SUCCESS;
+ #else
+@@ -58,11 +64,7 @@ apr_status_t md_try_chown(const char *fname, unsigned int uid, int gid, apr_pool
+
+ apr_status_t md_make_worker_accessible(const char *fname, apr_pool_t *p)
+ {
+-#if AP_NEED_SET_MUTEX_PERMS
+ return md_try_chown(fname, ap_unixd_config.user_id, -1, p);
+-#else
+- return APR_ENOTIMPL;
+-#endif
+ }
+
+ #ifdef WIN32
diff --git a/SOURCES/httpd-2.4.37-mod-mime-magic-strdup.patch b/SOURCES/httpd-2.4.37-mod-mime-magic-strdup.patch
new file mode 100644
index 0000000..e093818
--- /dev/null
+++ b/SOURCES/httpd-2.4.37-mod-mime-magic-strdup.patch
@@ -0,0 +1,24 @@
+diff --git a/docs/conf/magic b/docs/conf/magic
+index 7c56119..bc891d9 100644
+--- a/docs/conf/magic
++++ b/docs/conf/magic
+@@ -87,7 +87,7 @@
+ # Microsoft WAVE format (*.wav)
+ # [GRR 950115: probably all of the shorts and longs should be leshort/lelong]
+ # Microsoft RIFF
+-0 string RIFF audio/unknown
++0 string RIFF
+ # - WAVE format
+ >8 string WAVE audio/x-wav
+ # MPEG audio.
+--- a/modules/metadata/mod_mime_magic.c 2013/06/11 07:36:13 1491699
++++ b/modules/metadata/mod_mime_magic.c 2013/06/11 07:41:40 1491700
+@@ -606,7 +606,7 @@
+ /* high overhead for 1 char - just hope they don't do this much */
+ str[0] = c;
+ str[1] = '\0';
+- return magic_rsl_add(r, str);
++ return magic_rsl_add(r, apr_pstrdup(r->pool, str));
+ }
+
+ /* allocate and copy a contiguous string from a result string list */
diff --git a/SOURCES/httpd-2.4.37-r1840554.patch b/SOURCES/httpd-2.4.37-r1840554.patch
new file mode 100644
index 0000000..7b379e1
--- /dev/null
+++ b/SOURCES/httpd-2.4.37-r1840554.patch
@@ -0,0 +1,35 @@
+diff --git a/modules/arch/unix/mod_systemd.c b/modules/arch/unix/mod_systemd.c
+index 7a82a90..6c244b6 100644
+--- a/modules/arch/unix/mod_systemd.c
++++ b/modules/arch/unix/mod_systemd.c
+@@ -100,6 +100,21 @@ static int systemd_post_config(apr_pool_t *pconf, apr_pool_t *plog,
+ return OK;
+ }
+
++/* Report the service is ready in post_config, which could be during
++ * startup or after a reload. The server could still hit a fatal
++ * startup error after this point during ap_run_mpm(), so this is
++ * perhaps too early, but by post_config listen() has been called on
++ * the TCP ports so new connections will not be rejected. There will
++ * always be a possible async failure event simultaneous to the
++ * service reporting "ready", so this should be good enough. */
++static int systemd_post_config_last(apr_pool_t *p, apr_pool_t *plog,
++ apr_pool_t *ptemp, server_rec *main_server)
++{
++ sd_notify(0, "READY=1\n"
++ "STATUS=Configuration loaded.\n");
++ return OK;
++}
++
+ static int systemd_pre_mpm(apr_pool_t *p, ap_scoreboard_e sb_type)
+ {
+ int rv;
+@@ -187,6 +202,8 @@ static void systemd_register_hooks(apr_pool_t *p)
+ ap_hook_pre_config(systemd_pre_config, NULL, NULL, APR_HOOK_LAST);
+ /* Grab the listener config. */
+ ap_hook_post_config(systemd_post_config, NULL, NULL, APR_HOOK_LAST);
++ /* Signal service is ready. */
++ ap_hook_post_config(systemd_post_config_last, NULL, NULL, APR_HOOK_REALLY_LAST);
+ /* We know the PID in this hook ... */
+ ap_hook_pre_mpm(systemd_pre_mpm, NULL, NULL, APR_HOOK_LAST);
+ /* Used to update httpd's status line using sd_notifyf */
diff --git a/SOURCES/httpd-2.4.37-r1842929+.patch b/SOURCES/httpd-2.4.37-r1842929+.patch
index c34697e..ab5bba6 100644
--- a/SOURCES/httpd-2.4.37-r1842929+.patch
+++ b/SOURCES/httpd-2.4.37-r1842929+.patch
@@ -1,10 +1,27 @@
-# ./pullrev.sh 1842929 1842931
+# ./pullrev.sh 1842929 1842931 1852982 1853631 1857731
http://svn.apache.org/viewvc?view=revision&revision=1842929
http://svn.apache.org/viewvc?view=revision&revision=1842931
+http://svn.apache.org/viewvc?view=revision&revision=1852982
+http://svn.apache.org/viewvc?view=revision&revision=1857731
+http://svn.apache.org/viewvc?view=revision&revision=1853631
---- httpd-2.4.37/acinclude.m4.r1842929+
-+++ httpd-2.4.37/acinclude.m4
-@@ -45,6 +45,7 @@
+diff --git a/Makefile.in b/Makefile.in
+index 06b8c5a..9eeb5c7 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -213,6 +213,7 @@ install-cgi:
+ install-other:
+ @test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir)
+ @test -d $(DESTDIR)$(runtimedir) || $(MKINSTALLDIRS) $(DESTDIR)$(runtimedir)
++ @test -d $(DESTDIR)$(statedir) || $(MKINSTALLDIRS) $(DESTDIR)$(statedir)
+ @for ext in dll x; do \
+ file=apachecore.$$ext; \
+ if test -f $$file; then \
+diff --git a/acinclude.m4 b/acinclude.m4
+index 0ad0c13..a8c2804 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -45,6 +45,7 @@ AC_DEFUN([APACHE_GEN_CONFIG_VARS],[
APACHE_SUBST(installbuilddir)
APACHE_SUBST(runtimedir)
APACHE_SUBST(proxycachedir)
@@ -12,7 +29,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
APACHE_SUBST(other_targets)
APACHE_SUBST(progname)
APACHE_SUBST(prefix)
-@@ -663,6 +664,7 @@
+@@ -663,6 +664,7 @@ AC_DEFUN([APACHE_EXPORT_ARGUMENTS],[
APACHE_SUBST_EXPANDED_ARG(runtimedir)
APACHE_SUBST_EXPANDED_ARG(logfiledir)
APACHE_SUBST_EXPANDED_ARG(proxycachedir)
@@ -20,131 +37,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
])
dnl
---- httpd-2.4.37/config.layout.r1842929+
-+++ httpd-2.4.37/config.layout
-@@ -29,6 +29,7 @@
- includedir: ${prefix}/include
- localstatedir: ${prefix}
- runtimedir: ${localstatedir}/logs
-+ statedir: ${localstatedir}/state
- logfiledir: ${localstatedir}/logs
- proxycachedir: ${localstatedir}/proxy
-
-@@ -54,6 +55,7 @@
- includedir: ${prefix}/include+
- localstatedir: ${prefix}/var+
- runtimedir: ${localstatedir}/run
-+ statedir: ${localstatedir}/state
- logfiledir: ${localstatedir}/log
- proxycachedir: ${localstatedir}/proxy
-
-@@ -78,6 +80,7 @@
- includedir: /System/Library/Frameworks/Apache.framework/Versions/2.0/Headers
- localstatedir: /var
- runtimedir: ${prefix}/Logs
-+ statedir: ${prefix}/State
- logfiledir: ${prefix}/Logs
- proxycachedir: ${prefix}/ProxyCache
-
-@@ -102,6 +105,7 @@
- includedir: ${prefix}/include+
- localstatedir: /var
- runtimedir: ${localstatedir}/run
-+ statedir: ${localstatedir}/state
- logfiledir: ${localstatedir}/log+
- proxycachedir: ${runtimedir}/proxy
-
-@@ -126,6 +130,7 @@
- includedir: ${prefix}/include/apache
- localstatedir: /var
- runtimedir: ${localstatedir}/run
-+ statedir: ${localstatedir}/lib/httpd
- logfiledir: ${localstatedir}/log/httpd
- proxycachedir: ${localstatedir}/cache/httpd
-
-@@ -151,6 +156,7 @@
- includedir: ${prefix}/include/httpd
- runtimedir: /run/httpd
- logfiledir: ${localstatedir}/log/httpd
-+ statedir: ${localstatedir}/lib/httpd
- proxycachedir: ${localstatedir}/cache/httpd/proxy
-
-
-@@ -175,6 +181,7 @@
- localstatedir: /var${prefix}
- runtimedir: ${localstatedir}/run
- logfiledir: ${localstatedir}/logs
-+ statedir: ${localstatedir}/state
- proxycachedir: ${localstatedir}/proxy
-
-
-@@ -197,6 +204,7 @@
- cgidir: ${datadir}/cgi-bin
- includedir: ${prefix}/include/apache
- localstatedir: /var/lib/httpd
-+ statedir: ${localstatedir}
- runtimedir: /var/run
- logfiledir: /var/log/httpd
- proxycachedir: /var/cache/httpd
-@@ -223,6 +231,7 @@
- localstatedir: /var
- runtimedir: ${localstatedir}/run
- logfiledir: ${localstatedir}/log/httpd
-+ statedir: ${prefix}/state
- proxycachedir: ${localstatedir}/proxy
-
-
-@@ -246,6 +255,7 @@
- includedir: ${exec_prefix}/include
- localstatedir: ${prefix}
- runtimedir: /var/run
-+ statedir: ${datadir}/state
- logfiledir: ${datadir}/logs
- proxycachedir: ${datadir}/proxy
-
-@@ -271,6 +281,7 @@
- localstatedir: ${prefix}
- runtimedir: ${prefix}/logs
- logfiledir: ${prefix}/logs
-+ statedir: ${prefix}/state
- proxycachedir: ${prefix}/proxy
-
-
-@@ -315,6 +326,7 @@
- cgidir: ${prefix}/usr/lib/cgi-bin
- includedir: ${exec_prefix}/include/apache2
- localstatedir: ${prefix}/var/lock/apache2
-+ statedir: ${prefix}/var/lib/apache2
- runtimedir: ${prefix}/var/run/apache2
- logfiledir: ${prefix}/var/log/apache2
- proxycachedir: ${prefix}/var/cache/apache2/proxy
-@@ -343,6 +355,7 @@
- manualdir: ${datadir}/manual
- cgidir: ${datadir}/cgi-bin
- runtimedir: ${localstatedir}/run
-+ runtimedir: ${localstatedir}/lib/httpd
- logfiledir: ${localstatedir}/log/httpd
- proxycachedir: ${localstatedir}/cache/httpd/cache-root
-
-@@ -366,6 +379,7 @@
- manualdir: ${prefix}/manual
- includedir: ${prefix}/include
- localstatedir: /var/httpd
-+ statedir: ${localstatedir}/state
- runtimedir: ${localstatedir}/run
- logfiledir: ${localstatedir}/logs
- proxycachedir: ${localstatedir}/proxy
-@@ -391,6 +405,7 @@
- includedir: ${prefix}/include/httpd
- localstatedir: /var
- runtimedir: ${localstatedir}/run/httpd
-+ statedir: ${localstatedir}/lib/httpd
- logfiledir: ${localstatedir}/log/httpd
- proxycachedir: ${localstatedir}/cache/httpd
-
---- httpd-2.4.37/configure.in.r1842929+
-+++ httpd-2.4.37/configure.in
-@@ -41,7 +41,7 @@
+diff --git a/configure.in b/configure.in
+index a208b53..de6a8ad 100644
+--- a/configure.in
++++ b/configure.in
+@@ -41,7 +41,7 @@ dnl Something seems broken here.
AC_PREFIX_DEFAULT(/usr/local/apache2)
dnl Get the layout here, so we can pass the required variables to apr
@@ -153,8 +50,10 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
dnl reparse the configure arguments.
APR_PARSE_ARGUMENTS
---- httpd-2.4.37/include/ap_config_layout.h.in.r1842929+
-+++ httpd-2.4.37/include/ap_config_layout.h.in
+diff --git a/include/ap_config_layout.h.in b/include/ap_config_layout.h.in
+index 2b4a70c..e076f41 100644
+--- a/include/ap_config_layout.h.in
++++ b/include/ap_config_layout.h.in
@@ -60,5 +60,7 @@
#define DEFAULT_REL_LOGFILEDIR "@rel_logfiledir@"
#define DEFAULT_EXP_PROXYCACHEDIR "@exp_proxycachedir@"
@@ -163,9 +62,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
+#define DEFAULT_REL_STATEDIR "@rel_statedir@"
#endif /* AP_CONFIG_LAYOUT_H */
---- httpd-2.4.37/include/http_config.h.r1842929+
-+++ httpd-2.4.37/include/http_config.h
-@@ -757,6 +757,14 @@
+diff --git a/include/http_config.h b/include/http_config.h
+index adc5825..effccc1 100644
+--- a/include/http_config.h
++++ b/include/http_config.h
+@@ -757,6 +757,14 @@ AP_DECLARE(char *) ap_server_root_relative(apr_pool_t *p, const char *fname);
*/
AP_DECLARE(char *) ap_runtime_dir_relative(apr_pool_t *p, const char *fname);
@@ -180,19 +81,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
/* Finally, the hook for dynamically loading modules in... */
/**
---- httpd-2.4.37/Makefile.in.r1842929+
-+++ httpd-2.4.37/Makefile.in
-@@ -213,6 +213,7 @@
- install-other:
- @test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir)
- @test -d $(DESTDIR)$(runtimedir) || $(MKINSTALLDIRS) $(DESTDIR)$(runtimedir)
-+ @test -d $(DESTDIR)$(statedir) || $(MKINSTALLDIRS) $(DESTDIR)$(statedir)
- @for ext in dll x; do \
- file=apachecore.$$ext; \
- if test -f $$file; then \
---- httpd-2.4.37/modules/dav/fs/mod_dav_fs.c.r1842929+
-+++ httpd-2.4.37/modules/dav/fs/mod_dav_fs.c
-@@ -29,6 +29,10 @@
+diff --git a/modules/dav/fs/mod_dav_fs.c b/modules/dav/fs/mod_dav_fs.c
+index addfd7e..2389f8f 100644
+--- a/modules/dav/fs/mod_dav_fs.c
++++ b/modules/dav/fs/mod_dav_fs.c
+@@ -29,6 +29,10 @@ typedef struct {
extern module AP_MODULE_DECLARE_DATA dav_fs_module;
@@ -203,22 +96,45 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
const char *dav_get_lockdb_path(const request_rec *r)
{
dav_fs_server_conf *conf;
-@@ -39,7 +43,11 @@
+@@ -57,6 +61,24 @@ static void *dav_fs_merge_server_config(apr_pool_t *p,
+ return newconf;
+ }
- static void *dav_fs_create_server_config(apr_pool_t *p, server_rec *s)
- {
-- return apr_pcalloc(p, sizeof(dav_fs_server_conf));
-+ dav_fs_server_conf *conf = apr_pcalloc(p, sizeof(dav_fs_server_conf));
++static apr_status_t dav_fs_post_config(apr_pool_t *p, apr_pool_t *plog,
++ apr_pool_t *ptemp, server_rec *base_server)
++{
++ server_rec *s;
+
-+ conf->lockdb_path = ap_state_dir_relative(p, DEFAULT_DAV_LOCKDB);
++ for (s = base_server; s; s = s->next) {
++ dav_fs_server_conf *conf;
+
-+ return conf;
- }
++ conf = ap_get_module_config(s->module_config, &dav_fs_module);
++
++ if (!conf->lockdb_path) {
++ conf->lockdb_path = ap_state_dir_relative(p, DEFAULT_DAV_LOCKDB);
++ }
++ }
++
++ return OK;
++}
++
+ /*
+ * Command handler for the DAVLockDB directive, which is TAKE1
+ */
+@@ -87,6 +109,8 @@ static const command_rec dav_fs_cmds[] =
- static void *dav_fs_merge_server_config(apr_pool_t *p,
---- httpd-2.4.37/modules/md/mod_md_config.c.r1842929+
-+++ httpd-2.4.37/modules/md/mod_md_config.c
-@@ -54,10 +54,14 @@
+ static void register_hooks(apr_pool_t *p)
+ {
++ ap_hook_post_config(dav_fs_post_config, NULL, NULL, APR_HOOK_MIDDLE);
++
+ dav_hook_gather_propsets(dav_fs_gather_propsets, NULL, NULL,
+ APR_HOOK_MIDDLE);
+ dav_hook_find_liveprop(dav_fs_find_liveprop, NULL, NULL, APR_HOOK_MIDDLE);
+diff --git a/modules/md/mod_md_config.c b/modules/md/mod_md_config.c
+index 336a21b..4d50e26 100644
+--- a/modules/md/mod_md_config.c
++++ b/modules/md/mod_md_config.c
+@@ -54,10 +54,18 @@
#define DEF_VAL (-1)
@@ -230,21 +146,32 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
static md_mod_conf_t defmc = {
NULL,
- "md",
-+ NULL,
++#if 1
++ NULL, /* apply default state-dir-relative */
++#else
++ MD_DEFAULT_BASE_DIR,
++#endif
NULL,
NULL,
80,
-@@ -112,6 +116,7 @@
- memcpy(mod_md_config, &defmc, sizeof(*mod_md_config));
- mod_md_config->mds = apr_array_make(pool, 5, sizeof(const md_t *));
- mod_md_config->unused_names = apr_array_make(pool, 5, sizeof(const md_t *));
-+ mod_md_config->base_dir = ap_state_dir_relative(pool, MD_DEFAULT_BASE_DIR);
-
- apr_pool_cleanup_register(pool, NULL, cleanup_mod_config, apr_pool_cleanup_null);
+@@ -864,6 +872,12 @@ apr_status_t md_config_post_config(server_rec *s, apr_pool_t *p)
+ if (mc->hsts_max_age > 0) {
+ mc->hsts_header = apr_psprintf(p, "max-age=%d", mc->hsts_max_age);
}
---- httpd-2.4.37/server/core.c.r1842929+
-+++ httpd-2.4.37/server/core.c
-@@ -129,6 +129,8 @@
++
++#if 1
++ if (mc->base_dir == NULL) {
++ mc->base_dir = ap_state_dir_relative(p, MD_DEFAULT_BASE_DIR);
++ }
++#endif
+
+ return APR_SUCCESS;
+ }
+diff --git a/server/core.c b/server/core.c
+index bbe52e0..b5ab429 100644
+--- a/server/core.c
++++ b/server/core.c
+@@ -133,6 +133,8 @@ AP_DECLARE_DATA int ap_main_state = AP_SQ_MS_INITIAL_STARTUP;
AP_DECLARE_DATA int ap_run_mode = AP_SQ_RM_UNKNOWN;
AP_DECLARE_DATA int ap_config_generation = 0;
@@ -253,7 +180,25 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
static void *create_core_dir_config(apr_pool_t *a, char *dir)
{
core_dir_config *conf;
-@@ -3104,6 +3106,24 @@
+@@ -1411,12 +1413,15 @@ AP_DECLARE(const char *) ap_resolve_env(apr_pool_t *p, const char * word)
+ return res_buf;
+ }
+
+-static int reset_config_defines(void *dummy)
++/* pconf cleanup - clear global variables set from config here. */
++static apr_status_t reset_config(void *dummy)
+ {
+ ap_server_config_defines = saved_server_config_defines;
+ saved_server_config_defines = NULL;
+ server_config_defined_vars = NULL;
+- return OK;
++ core_state_dir = NULL;
++
++ return APR_SUCCESS;
+ }
+
+ /*
+@@ -3108,6 +3113,24 @@ static const char *set_runtime_dir(cmd_parms *cmd, void *dummy, const char *arg)
return NULL;
}
@@ -278,7 +223,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
static const char *set_timeout(cmd_parms *cmd, void *dummy, const char *arg)
{
const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_CONTEXT);
-@@ -4398,6 +4418,8 @@
+@@ -4409,6 +4432,8 @@ AP_INIT_TAKE1("ServerRoot", set_server_root, NULL, RSRC_CONF | EXEC_ON_READ,
"Common directory of server-related files (logs, confs, etc.)"),
AP_INIT_TAKE1("DefaultRuntimeDir", set_runtime_dir, NULL, RSRC_CONF | EXEC_ON_READ,
"Common directory for run-time files (shared memory, locks, etc.)"),
@@ -287,7 +232,17 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
AP_INIT_TAKE1("ErrorLog", set_server_string_slot,
(void *)APR_OFFSETOF(server_rec, error_fname), RSRC_CONF,
"The filename of the error log"),
-@@ -5150,6 +5172,27 @@
+@@ -4932,8 +4957,7 @@ static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptem
+
+ if (!saved_server_config_defines)
+ init_config_defines(pconf);
+- apr_pool_cleanup_register(pconf, NULL, reset_config_defines,
+- apr_pool_cleanup_null);
++ apr_pool_cleanup_register(pconf, NULL, reset_config, apr_pool_cleanup_null);
+
+ ap_regcomp_set_default_cflags(AP_REG_DOLLAR_ENDONLY);
+
+@@ -5202,6 +5226,27 @@ AP_DECLARE(int) ap_state_query(int query)
}
}
diff --git a/SOURCES/httpd-2.4.37-state-dir.patch b/SOURCES/httpd-2.4.37-state-dir.patch
deleted file mode 100644
index e6962c1..0000000
--- a/SOURCES/httpd-2.4.37-state-dir.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- a/server/core.c 2019/02/05 09:44:29 1852981
-+++ b/server/core.c 2019/02/05 10:11:44 1852982
-@@ -5293,6 +5293,7 @@
- ap_regcomp_set_default_cflags(AP_REG_DOLLAR_ENDONLY);
-
- mpm_common_pre_config(pconf);
-+ core_state_dir = NULL;
-
- return OK;
- }
diff --git a/SPECS/httpd.spec b/SPECS/httpd.spec
index fbbd8e9..295e757 100644
--- a/SPECS/httpd.spec
+++ b/SPECS/httpd.spec
@@ -13,10 +13,10 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.37
-Release: 12%{?dist}
+Release: 16%{?dist}
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-Source1: centos-noindex-8.0.tar.gz
+Source1: index.html
Source2: httpd.logrotate
Source3: instance.conf
Source4: httpd-ssl-pass-dialog
@@ -55,6 +55,7 @@ Source41: htcacheclean.sysconf
Source42: httpd-init.service
Source43: httpd-ssl-gencerts
Source44: httpd@.service
+Source45: config.layout
# build/scripts patches
# http://bugzilla.redhat.com/show_bug.cgi?id=1231924
@@ -63,7 +64,6 @@ Source44: httpd@.service
Patch1: httpd-2.4.35-apachectl.patch
Patch2: httpd-2.4.28-apxs.patch
Patch3: httpd-2.4.35-deplibs.patch
-Patch4: httpd-2.4.35-layout.patch
# Needed for socket activation and mod_systemd patch
Patch19: httpd-2.4.35-detect-systemd.patch
@@ -98,14 +98,19 @@ Patch63: httpd-2.4.28-r1811831.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1602548
Patch65: httpd-2.4.35-r1842888.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1653009
+# https://bugzilla.redhat.com/show_bug.cgi?id=1672977
+# https://bugzilla.redhat.com/show_bug.cgi?id=1673022
Patch66: httpd-2.4.37-r1842929+.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1630432
Patch67: httpd-2.4.35-r1825120.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1670716
Patch68: httpd-2.4.37-fips-segfault.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1672977
-Patch69: httpd-2.4.37-state-dir.patch
-
+# https://bugzilla.redhat.com/show_bug.cgi?id=1669221
+Patch70: httpd-2.4.37-r1840554.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1673022
+Patch71: httpd-2.4.37-mod-md-perms.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1724549
+Patch72: httpd-2.4.37-mod-mime-magic-strdup.patch
# Security fixes
Patch200: httpd-2.4.37-r1851471.patch
@@ -113,10 +118,14 @@ Patch200: httpd-2.4.37-r1851471.patch
Patch201: httpd-2.4.37-CVE-2019-0211.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1695025
Patch202: httpd-2.4.37-CVE-2019-0215.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1696141
+Patch203: httpd-2.4.37-CVE-2019-0217.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1696097
+Patch204: httpd-2.4.37-CVE-2019-0220.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1741860
# https://bugzilla.redhat.com/show_bug.cgi?id=1741864
# https://bugzilla.redhat.com/show_bug.cgi?id=1741868
-Patch203: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch
+Patch205: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch
License: ASL 2.0
Group: System Environment/Daemons
@@ -255,7 +264,6 @@ interface for storing and accessing per-user session data.
%patch1 -p1 -b .apctl
%patch2 -p1 -b .apxs
%patch3 -p1 -b .deplibs
-%patch4 -p1 -b .layout
%patch19 -p1 -b .detectsystemd
%patch20 -p1 -b .export
@@ -279,12 +287,16 @@ interface for storing and accessing per-user session data.
%patch66 -p1 -b .r1842929+
%patch67 -p1 -b .r1825120
%patch68 -p1 -b .fipscore
-%patch69 -p1 -b .statedir
+%patch70 -p1 -b .r1840554
+%patch71 -p1 -b .modmdperms
+%patch72 -p1 -b .mimemagic
%patch200 -p1 -b .r1851471
%patch201 -p1 -b .CVE-2019-0211
%patch202 -p1 -b .CVE-2019-0215
-%patch203 -p1 -b .CVE-2019-9511-and-9516-and-9517
+%patch203 -p1 -b .CVE-2019-0217
+%patch204 -p1 -b .CVE-2019-0220
+%patch205 -p1 -b .CVE-2019-9511-and-9516-and-9517
# Patch in the vendor string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@@ -311,6 +323,9 @@ if test "x${vmmn}" != "x%{mmn}"; then
exit 1
fi
+# Provide default layout
+cp $RPM_SOURCE_DIR/config.layout .
+
sed '
s,@MPM@,%{mpm},g
s,@DOCROOT@,%{docroot},g
@@ -334,7 +349,7 @@ autoheader && autoconf || exit 1
# Before configure; fix location of build dir in generated apxs
%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \
- support/apxs.in
+ support/apxs.in
export CFLAGS=$RPM_OPT_FLAGS
export LDFLAGS="-Wl,-z,relro,-z,now"
@@ -484,7 +499,8 @@ EOF
# Handle contentdir
mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
-tar xzf %{SOURCE1} -C $RPM_BUILD_ROOT%{contentdir}/noindex/ --strip-components=1
+install -m 644 -p $RPM_SOURCE_DIR/index.html \
+ $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
rm -rf %{contentdir}/htdocs
# remove manual sources
@@ -511,6 +527,7 @@ ln -s ../../pixmaps/poweredby.png \
$RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
# symlinks for /etc/httpd
+rmdir $RPM_BUILD_ROOT/etc/httpd/{state,run}
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
ln -s ../..%{_localstatedir}/lib/httpd $RPM_BUILD_ROOT/etc/httpd/state
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
@@ -519,11 +536,11 @@ ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
# install http-ssl-pass-dialog
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \
- $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog
+ $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog
# install http-ssl-gencerts
install -m755 $RPM_SOURCE_DIR/httpd-ssl-gencerts \
- $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-gencerts
+ $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-gencerts
# Install action scripts
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd
@@ -535,7 +552,7 @@ done
# Install logrotate config
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \
- $RPM_BUILD_ROOT/etc/logrotate.d/httpd
+ $RPM_BUILD_ROOT/etc/logrotate.d/httpd
# Install man pages
install -d $RPM_BUILD_ROOT%{_mandir}/man8 $RPM_BUILD_ROOT%{_mandir}/man5
@@ -699,7 +716,7 @@ rm -rf $RPM_BUILD_ROOT
%{contentdir}/error/README
%{contentdir}/error/*.var
%{contentdir}/error/include/*.html
-%{contentdir}/noindex/*
+%{contentdir}/noindex/index.html
%attr(0710,root,apache) %dir /run/httpd
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean
@@ -788,28 +805,34 @@ rm -rf $RPM_BUILD_ROOT
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
-* Mon Oct 07 2019 bstinson@centosproject.org - 2.4.37-12.el8.centos
-- Reapply debranding changes from areguera
-
-* Tue Sep 24 2019 CentOS Sources - 2.4.37-12.el8.centos
-- Apply debranding changes
-
-* Thu Aug 29 2019 Lubos Uhliarik - 2.4.37-12
-- Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
+* Thu Aug 29 2019 Lubos Uhliarik - 2.4.37-16
+- Resolves: #1744999 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
of data request leads to denial of service
-- Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
+- Resolves: #1745086 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
headers leads to denial of service
-- Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request
- for large response leads to denial of service
-
-* Sun May 26 2019 Alain Reguera Delgado - 2.4.37-11.el8.centos
-- Remove index.html, add centos-noindex-8.0.tar.gz
-- Update welcome.conf to support content negotiation based on locale
-
-* Wed Apr 03 2019 Lubos Uhliarik - 2.4.37-11
-- Resolves: #1695431 - CVE-2019-0211 httpd: privilege escalation
+- Resolves: #1745154 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for
+ large response leads to denial of service
+
+* Tue Jul 16 2019 Lubos Uhliarik - 2.4.37-15
+- Resolves: #1730721 - absolute path used for default state and runtime dir by
+ default
+
+* Thu Jun 27 2019 Lubos Uhliarik - 2.4.37-14
+- Resolves: #1724549 - httpd response contains garbage in Content-Type header
+
+* Wed Jun 12 2019 Lubos Uhliarik - 2.4.37-13
+- Resolves: #1696142 - CVE-2019-0217 httpd:2.4/httpd: mod_auth_digest: access
+ control bypass due to race condition
+- Resolves: #1696097 - CVE-2019-0220 httpd:2.4/httpd: URL normalization
+ inconsistency
+- Resolves: #1669221 - `ExtendedStatus Off` directive when using mod_systemd
+ causes systemctl to hang
+- Resolves: #1673022 - httpd can not be started with mod_md enabled
+
+* Mon Apr 08 2019 Lubos Uhliarik - 2.4.37-11
+- Resolves: #1695432 - CVE-2019-0211 httpd: privilege escalation
from modules scripts
-- Resolves: #1696090 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control
+- Resolves: #1696091 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control
bypass when using per-location client certification authentication
* Wed Feb 06 2019 Lubos Uhliarik - 2.4.37-10