diff options
| -rw-r--r-- | httpd-2.4.1-layout.patch | 2 | ||||
| -rw-r--r-- | httpd-2.4.2-iconlink.patch | 14 | ||||
| -rw-r--r-- | httpd-2.4.2-icons.patch | 25 | ||||
| -rw-r--r-- | httpd-2.4.2-r1332643+.patch (renamed from httpd-2.4.2-r1332643.patch) | 80 | ||||
| -rw-r--r-- | httpd-2.4.2-r1346905.patch | 65 | ||||
| -rw-r--r-- | httpd.service | 4 | ||||
| -rw-r--r-- | httpd.spec | 55 | ||||
| -rw-r--r-- | httpd.tmpfiles | 2 | ||||
| -rwxr-xr-x | pullrev.sh | 2 | ||||
| -rw-r--r-- | ssl.conf | 2 |
10 files changed, 179 insertions, 72 deletions
diff --git a/httpd-2.4.1-layout.patch b/httpd-2.4.1-layout.patch index b1dcf5c..57cf13b 100644 --- a/httpd-2.4.1-layout.patch +++ b/httpd-2.4.1-layout.patch @@ -23,7 +23,7 @@ + cgidir: /var/www/cgi-bin + includedir: ${prefix}/include/httpd + localstatedir: /var -+ runtimedir: ${localstatedir}/run/httpd ++ runtimedir: /run/httpd + logfiledir: ${localstatedir}/log/httpd + proxycachedir: ${localstatedir}/cache/httpd +</Layout> diff --git a/httpd-2.4.2-iconlink.patch b/httpd-2.4.2-iconlink.patch deleted file mode 100644 index 4ef8dd9..0000000 --- a/httpd-2.4.2-iconlink.patch +++ /dev/null @@ -1,14 +0,0 @@ - -Fix config for /icons/ dir to allow symlink to poweredby.png. - ---- httpd-2.4.2/docs/conf/extra/httpd-autoindex.conf.in.iconlink -+++ httpd-2.4.2/docs/conf/extra/httpd-autoindex.conf.in -@@ -21,7 +21,7 @@ IndexOptions FancyIndexing HTMLTable Ver - Alias /icons/ "@exp_iconsdir@/" - - <Directory "@exp_iconsdir@"> -- Options Indexes MultiViews -+ Options Indexes MultiViews FollowSymlinks - AllowOverride None - Require all granted - </Directory> diff --git a/httpd-2.4.2-icons.patch b/httpd-2.4.2-icons.patch new file mode 100644 index 0000000..9f26494 --- /dev/null +++ b/httpd-2.4.2-icons.patch @@ -0,0 +1,25 @@ + +- Fix config for /icons/ dir to allow symlink to poweredby.png. + +- Avoid using coredump GIF for a directory called "core" + +--- httpd-2.4.2/docs/conf/extra/httpd-autoindex.conf.in.icons ++++ httpd-2.4.2/docs/conf/extra/httpd-autoindex.conf.in +@@ -21,7 +21,7 @@ IndexOptions FancyIndexing HTMLTable Ver + Alias /icons/ "@exp_iconsdir@/" + + <Directory "@exp_iconsdir@"> +- Options Indexes MultiViews ++ Options Indexes MultiViews FollowSymlinks + AllowOverride None + Require all granted + </Directory> +@@ -53,7 +53,7 @@ AddIcon /icons/dvi.gif .dvi + AddIcon /icons/uuencoded.gif .uu + AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl + AddIcon /icons/tex.gif .tex +-AddIcon /icons/bomb.gif core ++AddIcon /icons/bomb.gif core. + + AddIcon /icons/back.gif .. + AddIcon /icons/hand.right.gif README diff --git a/httpd-2.4.2-r1332643.patch b/httpd-2.4.2-r1332643+.patch index c408d29..be9b984 100644 --- a/httpd-2.4.2-r1332643.patch +++ b/httpd-2.4.2-r1332643+.patch @@ -1,33 +1,14 @@ +# ./pullrev.sh 1332643 1345599 https://bugzilla.redhat.com//show_bug.cgi?id=809599 http://svn.apache.org/viewvc?view=revision&revision=1332643 ---- httpd-2.4.2/modules/ssl/ssl_private.h -+++ httpd-2.4.2/modules/ssl/ssl_private.h -@@ -139,6 +139,11 @@ - #define HAVE_FIPS - #endif - -+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ -+ && !defined(OPENSSL_NO_TLSEXT) -+#define HAVE_TLS_NPN -+#endif -+ - #if (OPENSSL_VERSION_NUMBER >= 0x10000000) - #define MODSSL_SSL_CIPHER_CONST const - #define MODSSL_SSL_METHOD_CONST const -@@ -811,6 +816,7 @@ - int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, - EVP_CIPHER_CTX *, HMAC_CTX *, int); - #endif -+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); - - /** Session Cache Support */ - void ssl_scache_init(server_rec *, apr_pool_t *); ---- httpd-2.4.2/modules/ssl/mod_ssl.c +http://svn.apache.org/viewvc?view=revision&revision=1345599 + +--- httpd-2.4.2/modules/ssl/mod_ssl.c.r1332643+ +++ httpd-2.4.2/modules/ssl/mod_ssl.c -@@ -260,6 +260,18 @@ +@@ -260,6 +260,18 @@ static const command_rec ssl_config_cmds AP_END_CMD }; @@ -46,9 +27,9 @@ http://svn.apache.org/viewvc?view=revision&revision=1332643 /* * the various processing hooks */ ---- httpd-2.4.2/modules/ssl/mod_ssl.h +--- httpd-2.4.2/modules/ssl/mod_ssl.h.r1332643+ +++ httpd-2.4.2/modules/ssl/mod_ssl.h -@@ -63,5 +63,26 @@ +@@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_e APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); @@ -75,9 +56,9 @@ http://svn.apache.org/viewvc?view=revision&revision=1332643 + #endif /* __MOD_SSL_H__ */ /** @} */ ---- httpd-2.4.2/modules/ssl/ssl_engine_init.c +--- httpd-2.4.2/modules/ssl/ssl_engine_init.c.r1332643+ +++ httpd-2.4.2/modules/ssl/ssl_engine_init.c -@@ -681,6 +681,11 @@ +@@ -681,6 +681,11 @@ static void ssl_init_ctx_callbacks(serve #endif SSL_CTX_set_info_callback(ctx, ssl_callback_Info); @@ -89,7 +70,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1332643 } static void ssl_init_ctx_verify(server_rec *s, ---- httpd-2.4.2/modules/ssl/ssl_engine_io.c +--- httpd-2.4.2/modules/ssl/ssl_engine_io.c.r1332643+ +++ httpd-2.4.2/modules/ssl/ssl_engine_io.c @@ -28,6 +28,7 @@ core keeps dumping.'' @@ -99,7 +80,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1332643 #include "apr_date.h" /* _________________________________________________________________ -@@ -297,6 +298,7 @@ +@@ -297,6 +298,7 @@ typedef struct { apr_pool_t *pool; char buffer[AP_IOBUFSIZE]; ssl_filter_ctx_t *filter_ctx; @@ -107,7 +88,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1332643 } bio_filter_in_ctx_t; /* -@@ -1374,6 +1376,27 @@ +@@ -1364,6 +1366,26 @@ static apr_status_t ssl_io_filter_input( APR_BRIGADE_INSERT_TAIL(bb, bucket); } @@ -123,9 +104,8 @@ http://svn.apache.org/viewvc?view=revision&revision=1332643 + SSL_get0_next_proto_negotiated( + inctx->ssl, &next_proto, &next_proto_len); + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, -+ "SSL NPN negotiated protocol: '%s'", -+ apr_pstrmemdup(f->c->pool, (const char*)next_proto, -+ next_proto_len)); ++ APLOGNO(02306) "SSL NPN negotiated protocol: '%*s'", ++ next_proto_len, (const char*)next_proto); + modssl_run_npn_proto_negotiated_hook( + f->c, (const char*)next_proto, next_proto_len); + inctx->npn_finished = 1; @@ -135,7 +115,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1332643 return APR_SUCCESS; } -@@ -1855,6 +1878,7 @@ +@@ -1845,6 +1867,7 @@ static void ssl_io_input_add_filter(ssl_ inctx->block = APR_BLOCK_READ; inctx->pool = c->pool; inctx->filter_ctx = filter_ctx; @@ -143,7 +123,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1332643 } /* The request_rec pointer is passed in here only to ensure that the ---- httpd-2.4.2/modules/ssl/ssl_engine_kernel.c +--- httpd-2.4.2/modules/ssl/ssl_engine_kernel.c.r1332643+ +++ httpd-2.4.2/modules/ssl/ssl_engine_kernel.c @@ -29,6 +29,7 @@ time I was too famous.'' @@ -153,7 +133,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1332643 #include "util_md5.h" static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); -@@ -2143,3 +2144,84 @@ +@@ -2164,3 +2165,86 @@ int ssl_callback_SessionTicket(SSL *ssl, return -1; } #endif @@ -202,7 +182,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1332643 + /* If the protocol name is too long (the length must fit in one byte), + * then log an error and skip it. */ + if (length > 255) { -+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, ++ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02307) + "SSL NPN protocol name too long (length=%u): %s", + length, string); + continue; @@ -226,6 +206,8 @@ http://svn.apache.org/viewvc?view=revision&revision=1332643 + for (i = 0; i < num_protos; ++i) { + const char *string = APR_ARRAY_IDX(protos, i, const char*); + apr_size_t length = strlen(string); ++ if (length > 255) ++ continue; + *start = (unsigned char)length; + ++start; + memcpy(start, string, length * sizeof(unsigned char)); @@ -238,3 +220,25 @@ http://svn.apache.org/viewvc?view=revision&revision=1332643 + return SSL_TLSEXT_ERR_OK; +} +#endif +--- httpd-2.4.2/modules/ssl/ssl_private.h.r1332643+ ++++ httpd-2.4.2/modules/ssl/ssl_private.h +@@ -139,6 +139,11 @@ + #define HAVE_FIPS + #endif + ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ ++ && !defined(OPENSSL_NO_TLSEXT) ++#define HAVE_TLS_NPN ++#endif ++ + #if (OPENSSL_VERSION_NUMBER >= 0x10000000) + #define MODSSL_SSL_CIPHER_CONST const + #define MODSSL_SSL_METHOD_CONST const +@@ -807,6 +812,7 @@ int ssl_callback_ServerNameIndi + int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, + EVP_CIPHER_CTX *, HMAC_CTX *, int); + #endif ++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); + + /** Session Cache Support */ + void ssl_scache_init(server_rec *, apr_pool_t *); diff --git a/httpd-2.4.2-r1346905.patch b/httpd-2.4.2-r1346905.patch new file mode 100644 index 0000000..e94558e --- /dev/null +++ b/httpd-2.4.2-r1346905.patch @@ -0,0 +1,65 @@ +# ./pullrev.sh 1346905 + +https://bugzilla.redhat.com/show_bug.cgi?id=818684 + +http://svn.apache.org/viewvc?view=revision&revision=1346905 + +--- httpd-2.4.2/support/htdbm.c ++++ httpd-2.4.2/support/htdbm.c +@@ -288,6 +288,9 @@ + { + char cpw[MAX_STRING_LEN]; + char salt[9]; ++#if (!(defined(WIN32) || defined(NETWARE))) ++ char *cbuf; ++#endif + + switch (htdbm->alg) { + case ALG_APSHA: +@@ -315,7 +318,15 @@ + (void) srand((int) time((time_t *) NULL)); + to64(&salt[0], rand(), 8); + salt[8] = '\0'; +- apr_cpystrn(cpw, crypt(htdbm->userpass, salt), sizeof(cpw) - 1); ++ cbuf = crypt(htdbm->userpass, salt); ++ if (cbuf == NULL) { ++ char errbuf[128]; ++ ++ fprintf(stderr, "crypt() failed: %s\n", ++ apr_strerror(errno, errbuf, sizeof errbuf)); ++ exit(ERR_PWMISMATCH); ++ } ++ apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1); + fprintf(stderr, "CRYPT is now deprecated, use MD5 instead!\n"); + #endif + default: +--- httpd-2.4.2/support/htpasswd.c ++++ httpd-2.4.2/support/htpasswd.c +@@ -174,6 +174,9 @@ + char pwv[MAX_STRING_LEN]; + char salt[9]; + apr_size_t bufsize; ++#if CRYPT_ALGO_SUPPORTED ++ char *cbuf; ++#endif + + if (passwd != NULL) { + pw = passwd; +@@ -226,7 +229,16 @@ + to64(&salt[0], rand(), 8); + salt[8] = '\0'; + +- apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1); ++ cbuf = crypt(pw, salt); ++ if (cbuf == NULL) { ++ char errbuf[128]; ++ ++ apr_snprintf(record, rlen-1, "crypt() failed: %s", ++ apr_strerror(errno, errbuf, sizeof errbuf)); ++ return ERR_PWMISMATCH; ++ } ++ ++ apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1); + if (strlen(pw) > 8) { + char *truncpw = strdup(pw); + truncpw[8] = '\0'; diff --git a/httpd.service b/httpd.service index c1172b4..0e9f0c0 100644 --- a/httpd.service +++ b/httpd.service @@ -1,10 +1,10 @@ [Unit] Description=The Apache HTTP Server -After=syslog.target network.target remote-fs.target nss-lookup.target +After=network.target remote-fs.target nss-lookup.target [Service] Type=forking -PIDFile=/var/run/httpd/httpd.pid +PIDFile=/run/httpd/httpd.pid EnvironmentFile=/etc/sysconfig/httpd ExecStart=/usr/sbin/httpd $OPTIONS ExecReload=/usr/sbin/httpd $OPTIONS -k graceful @@ -8,7 +8,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.2 -Release: 12%{?dist} +Release: 18%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -44,12 +44,13 @@ Patch23: httpd-2.4.1-export.patch Patch24: httpd-2.4.1-corelimit.patch Patch25: httpd-2.4.1-selinux.patch Patch26: httpd-2.4.2-r1337344+.patch -Patch27: httpd-2.4.2-iconlink.patch +Patch27: httpd-2.4.2-icons.patch # Bug fixes Patch40: httpd-2.4.2-restart.patch Patch41: httpd-2.4.2-r1327036+.patch Patch42: httpd-2.4.2-r1326980+.patch -Patch43: httpd-2.4.2-r1332643.patch +Patch43: httpd-2.4.2-r1332643+.patch +Patch44: httpd-2.4.2-r1346905.patch License: ASL 2.0 Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -155,12 +156,13 @@ authentication to the Apache HTTP Server. %patch24 -p1 -b .corelimit %patch25 -p1 -b .selinux %patch26 -p1 -b .r1337344+ -%patch27 -p1 -b .iconlink +%patch27 -p1 -b .icons %patch40 -p1 -b .restart %patch41 -p1 -b .r1327036+ %patch42 -p1 -b .r1326980+ -%patch43 -p1 -b .r1332643 +%patch43 -p1 -b .r1332643+ +%patch44 -p1 -b .r1346905 # Patch in vendor/release string sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1 @@ -240,9 +242,9 @@ rm -rf $RPM_BUILD_ROOT make DESTDIR=$RPM_BUILD_ROOT install # Install systemd service files -mkdir -p $RPM_BUILD_ROOT/lib/systemd/system +mkdir -p $RPM_BUILD_ROOT%{_unitdir} install -p -m 644 $RPM_SOURCE_DIR/httpd.service \ - $RPM_BUILD_ROOT/lib/systemd/system/httpd.service + $RPM_BUILD_ROOT%{_unitdir}/httpd.service # install conf file/directory mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \ @@ -279,9 +281,9 @@ install -m 644 -p $RPM_SOURCE_DIR/httpd.sysconf \ $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/httpd # tmpfiles.d configuration -mkdir $RPM_BUILD_ROOT%{_sysconfdir}/tmpfiles.d +mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \ - $RPM_BUILD_ROOT%{_sysconfdir}/tmpfiles.d/httpd.conf + $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/httpd.conf # for holding mod_dav lock database mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav @@ -334,7 +336,7 @@ ln -s ../../pixmaps/poweredby.png \ # symlinks for /etc/httpd ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs -ln -s ../..%{_localstatedir}/run/httpd $RPM_BUILD_ROOT/etc/httpd/run +ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules # install http-ssl-pass-dialog @@ -353,7 +355,7 @@ sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \ -e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \ -e "s|/usr/local/apache2/logs/error_log|/var/log/httpd/error_log|" \ -e "s|/usr/local/apache2/logs/access_log|/var/log/httpd/access_log|" \ - -e "s|/usr/local/apache2/logs/httpd.pid|/var/run/httpd/httpd.pid|" \ + -e "s|/usr/local/apache2/logs/httpd.pid|/run/httpd/httpd.pid|" \ -e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \ > $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8 @@ -483,7 +485,7 @@ rm -rf $RPM_BUILD_ROOT %exclude %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf %config(noreplace) %{_sysconfdir}/sysconfig/httpd -%config %{_sysconfdir}/tmpfiles.d/httpd.conf +%{_prefix}/lib/tmpfiles.d/httpd.conf %{_sbindir}/ht* %{_sbindir}/fcgistarter @@ -513,7 +515,7 @@ rm -rf $RPM_BUILD_ROOT %dir %{docroot}/cgi-bin %dir %{docroot}/html -%attr(0710,root,apache) %dir %{_localstatedir}/run/httpd +%attr(0710,root,apache) %dir /run/httpd %attr(0700,root,root) %dir %{_localstatedir}/log/httpd %attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav %attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd @@ -521,7 +523,7 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/* -/lib/systemd/system/*.service +%{_unitdir}/*.service %files tools %defattr(-,root,root) @@ -565,6 +567,31 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/rpm/macros.httpd %changelog +* Sat Jun 09 2012 Remi Collet <RPMS@FamilleCollet.com> - 2.4.2-18 +- sync with rawhide, rebuild for remi repo + +* Fri Jun 8 2012 Joe Orton <jorton@redhat.com> - 2.4.2-18 +- avoid use of "core" GIF for a "core" directory (#168776) +- drop use of "syslog.target" in systemd unit file + +* Thu Jun 7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-17 +- use _unitdir for systemd unit file +- use /run in unit file, ssl.conf + +* Thu Jun 7 2012 Joe Orton <jorton@redhat.com> - 2.4.2-16 +- mod_ssl: fix NPN patch merge + +* Wed Jun 6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-15 +- move tmpfiles.d fragment into /usr/lib per new guidelines +- package /run/httpd not /var/run/httpd +- set runtimedir to /run/httpd likewise + +* Wed Jun 6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-14 +- fix htdbm/htpasswd crash on crypt() failure (#818684) + +* Wed Jun 6 2012 Joe Orton <jorton@redhat.com> - 2.4.2-13 +- pull fix for NPN patch from upstream (r1345599) + * Sat Jun 02 2012 Remi Collet <RPMS@FamilleCollet.com> - 2.4.2-12 - sync with rawhide, rebuild for remi repo diff --git a/httpd.tmpfiles b/httpd.tmpfiles index 0cad373..49be6b8 100644 --- a/httpd.tmpfiles +++ b/httpd.tmpfiles @@ -1 +1 @@ -d /var/run/httpd 710 root apache +d /run/httpd 710 root apache @@ -34,7 +34,7 @@ prev=/dev/null for r in $*; do echo "+ fetching ${r}" this=`mktemp /tmp/pullrevXXXXXX` - svn diff -c ${r} ${repo} | filterdiff --remove-timestamps -x 'CHANGES' \ + svn diff -c ${r} ${repo} | filterdiff --remove-timestamps -x 'CHANGES' -x 'next-number' \ --addprefix="${prefix}/" > ${this} next=`mktemp /tmp/pullrevXXXXXX` combinediff --quiet ${prev} ${this} > ${next} @@ -20,7 +20,7 @@ SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). -SSLSessionCache shmcb:/var/run/httpd/sslcache(512000) +SSLSessionCache shmcb:/run/httpd/sslcache(512000) SSLSessionCacheTimeout 300 # Pseudo Random Number Generator (PRNG): |