diff options
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | mod_revocator-32-bit-semaphore-fix.patch | 12 | ||||
-rw-r--r-- | mod_revocator-array-size.patch | 12 | ||||
-rw-r--r-- | mod_revocator-kill.patch | 245 | ||||
-rw-r--r-- | mod_revocator-libpath.patch | 9 | ||||
-rw-r--r-- | mod_revocator-segfault-fix.patch | 73 | ||||
-rw-r--r-- | mod_revocator.spec | 200 |
7 files changed, 555 insertions, 0 deletions
diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..1e65467 --- /dev/null +++ b/Makefile @@ -0,0 +1,4 @@ +SRCDIR := $(shell pwd) +NAME := $(shell basename $(SRCDIR)) +include ../common/Makefile + diff --git a/mod_revocator-32-bit-semaphore-fix.patch b/mod_revocator-32-bit-semaphore-fix.patch new file mode 100644 index 0000000..62b9fb5 --- /dev/null +++ b/mod_revocator-32-bit-semaphore-fix.patch @@ -0,0 +1,12 @@ +diff -rupN mod_revocator-1.0.3.patched/mod_rev.c mod_revocator-1.0.3/mod_rev.c +--- mod_revocator-1.0.3.patched/mod_rev.c 2011-10-21 16:21:44.862124000 -0700 ++++ mod_revocator-1.0.3/mod_rev.c 2011-10-21 16:23:11.028211000 -0700 +@@ -74,7 +74,7 @@ apr_status_t rev_module_kill(void *data) + + static void kill_apache(void) { + char buffer[1024]; +- PR_snprintf(buffer, sizeof(buffer), "%lld %s", 0, "kill"); ++ PR_snprintf(buffer, sizeof(buffer), "%ld %s", 0, "kill"); + write(outfd, buffer, strlen(buffer)); + } + diff --git a/mod_revocator-array-size.patch b/mod_revocator-array-size.patch new file mode 100644 index 0000000..d52c7eb --- /dev/null +++ b/mod_revocator-array-size.patch @@ -0,0 +1,12 @@ +diff -rupN mod_revocator-1.0.3.patched/mod_rev.c mod_revocator-1.0.3/mod_rev.c +--- mod_revocator-1.0.3.patched/mod_rev.c 2011-10-27 13:51:14.452000000 -0700 ++++ mod_revocator-1.0.3/mod_rev.c 2011-10-27 13:58:07.598000000 -0700 +@@ -374,7 +374,7 @@ init_Module(apr_pool_t *p, apr_pool_t *p + semctl(sc->semid,0,IPC_SET,&status); + } + } else if (sc->nInitCount == 2) { +- const char * child_argv[5]; ++ const char * child_argv[6]; + apr_status_t rv; + char sembuf[32]; + char pidbuf[32]; diff --git a/mod_revocator-kill.patch b/mod_revocator-kill.patch new file mode 100644 index 0000000..009bdcd --- /dev/null +++ b/mod_revocator-kill.patch @@ -0,0 +1,245 @@ +diff -upN --recursive mod_revocator-1.0.3/crlhelper.cpp mod_revocator-1.0.3-kill/crlhelper.cpp +--- mod_revocator-1.0.3/crlhelper.cpp 2010-04-13 10:11:12.000000000 -0400 ++++ mod_revocator-1.0.3-kill/crlhelper.cpp 2010-11-17 13:53:07.000000000 -0500 +@@ -18,6 +18,7 @@ + #include <sys/types.h> + #include <sys/ipc.h> + #include <sys/sem.h> ++#include <signal.h> + #include <nss.h> + #include <nspr.h> + #include <secitem.h> +@@ -107,6 +108,7 @@ int main(int argc, char ** argv) + PRPollDesc pd; + PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; + int semid; ++ pid_t parent_pid; + union semun semarg; + char buf[4096]; + char url[4096]; +@@ -124,18 +126,19 @@ int main(int argc, char ** argv) + while (fd < fdlimit) + close(fd++); + +- if (argc < 3 || argc > 4) { +- fprintf(stderr, "Usage: crlhelper <semid> <directory> <prefix>\n"); ++ if (argc < 4 || argc > 5) { ++ fprintf(stderr, "Usage: crlhelper <semid> <parentpid> <directory> <prefix>\n"); + exit(1); + } + + semid = strtol(argv[1], NULL, 10); ++ parent_pid = strtol(argv[2], NULL, 10); + + /* Initialize NSPR */ + PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256); + + /* Initialize NSS and open the certificate database read-only. */ +- rv = NSS_Initialize(argv[2], argc == 4 ? argv[3] : NULL, argc == 4 ? argv[3] : NULL, "secmod.db", NSS_INIT_READONLY); ++ rv = NSS_Initialize(argv[3], argc == 5 ? argv[4] : NULL, argc == 5 ? argv[4] : NULL, "secmod.db", NSS_INIT_READONLY); + + if (rv != SECSuccess) { + fprintf(stderr, "Unable to initialize NSS database: %d\n", rv); +@@ -187,6 +190,10 @@ int main(int argc, char ** argv) + continue; + } + #endif ++ if (!(strcmp(url, "kill"))) { ++ kill(parent_pid, SIGTERM); ++ continue; ++ } + + /* + * TODO: +diff -upN --recursive mod_revocator-1.0.3/crlmanager.cpp mod_revocator-1.0.3-kill/crlmanager.cpp +--- mod_revocator-1.0.3/crlmanager.cpp 2010-04-13 10:11:11.000000000 -0400 ++++ mod_revocator-1.0.3-kill/crlmanager.cpp 2010-11-17 13:53:07.000000000 -0500 +@@ -66,13 +66,19 @@ RevStatus CRLInstance :: DownloadCRL(con + sb.sem_op = -1; + sb.sem_flg = SEM_UNDO; + if (semop(crlm->semid, &sb, 1) == -1) { +- perror("semop reserve resource"); ++ mystatus.setDetailedError(REV_ERROR_SEMAPHORE_ERROR, ++ "Unable to reserve semaphore resource"); ++ return mystatus; ++ /* perror("semop reserve resource"); */ + } + void* data = get_crl(crlm->infd, crlm->outfd, inurl, timeout, lastfetchtime, &len, mystatus); + /* unlock the pipe */ + sb.sem_op = 1; + if (semop(crlm->semid, &sb, 1) == -1) { +- perror("semop free resource id"); ++ mystatus.setDetailedError(REV_ERROR_SEMAPHORE_ERROR, ++ "Unable to free semaphore resource"); ++ return mystatus; ++ /* perror("semop free resource id"); */ + } + + /* We have a special case. If we have an HTTP request and the server +diff -upN --recursive mod_revocator-1.0.3/mod_rev.c mod_revocator-1.0.3-kill/mod_rev.c +--- mod_revocator-1.0.3/mod_rev.c 2010-04-13 10:11:11.000000000 -0400 ++++ mod_revocator-1.0.3-kill/mod_rev.c 2010-11-19 18:43:08.000000000 -0500 +@@ -58,6 +58,8 @@ SECStatus ShutdownRevocation(void *data) + + static pid_t parent_pid; + ++int infd, outfd; /* file descriptors for our semaphore-controlled pipe */ ++ + apr_status_t rev_module_kill(void *data) + { + server_rec *s = (server_rec *)data; +@@ -70,6 +72,12 @@ apr_status_t rev_module_kill(void *data) + return APR_SUCCESS; + } + ++static void kill_apache(void) { ++ char buffer[1024]; ++ PR_snprintf(buffer, sizeof(buffer), "%lld %s", 0, "kill"); ++ write(outfd, buffer, strlen(buffer)); ++} ++ + /* + * Create the global config + */ +@@ -196,6 +204,7 @@ PRBool NESRevocationFailureNotification( + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, + "%s : %s %s", + errMsg, url, subject ? subject : ""); ++ return PR_TRUE; + } else { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, + "Error updating CRL %s %s : %s", +@@ -208,8 +217,8 @@ PRBool NESRevocationFailureNotification( + if (critical && revocatorInitialized) + { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, +- "Critical CRL update failure. Shutting down server. %d", parent_pid); +- kill(parent_pid, 15); ++ "Critical CRL update failure. Shutting down server pid %d", parent_pid); ++ kill_apache(); + } + } + return PR_TRUE; +@@ -298,11 +307,11 @@ PRBool NESRevocationDownloadNotification + { + /* this CRL is outdated, log it */ + ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, +- "CRL %s %s is outdated. Shutting down server. %d", ++ "CRL %s %s is outdated. Shutting down server pid %d", + url, subject, parent_pid); + + /* we have to shut down the web server */ +- kill(parent_pid, 15); ++ kill_apache(); + } + } + +@@ -335,6 +344,25 @@ init_Module(apr_pool_t *p, apr_pool_t *p + + sc->nInitCount++; + ++ if (sc->nInitCount == 1) { ++ struct sembuf sb; ++ sc->semid = semget(IPC_PRIVATE, 1, IPC_CREAT | IPC_EXCL | 0600); ++ if (sc->semid == -1) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, ++ "Unable to obtain semaphore."); ++ nss_die(); ++ } ++ ++ /* Initialize the semaphore */ ++ sb.sem_num = 0; ++ sb.sem_op = 1; ++ sb.sem_flg = 0; ++ if ((semop(sc->semid, &sb, 1)) == -1) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, ++ "Unable to initialize semaphore."); ++ nss_die(); ++ } ++ + /* The first pass through this function will create the semaphore that + * will be used to lock the pipe. The user is still root at that point + * so for any later calls the semaphore ops will fail with permission +@@ -345,12 +373,11 @@ init_Module(apr_pool_t *p, apr_pool_t *p + status.sem_perm.uid = user_id; + semctl(sc->semid,0,IPC_SET,&status); + } +- +- if (sc->nInitCount == 1) { ++ } else if (sc->nInitCount == 2) { + const char * child_argv[5]; + apr_status_t rv; +- struct sembuf sb; + char sembuf[32]; ++ char pidbuf[32]; + + if (sc->crlhelper == NULL) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, +@@ -358,29 +385,16 @@ init_Module(apr_pool_t *p, apr_pool_t *p + nss_die(); + } + +- sc->semid = semget(IPC_PRIVATE, 1, IPC_CREAT | IPC_EXCL | 0600); +- if (sc->semid == -1) { +- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, +- "Unable to obtain semaphore."); +- nss_die(); +- } +- +- /* Initialize the semaphore */ +- sb.sem_num = 0; +- sb.sem_op = 1; +- sb.sem_flg = 0; +- if ((semop(sc->semid, &sb, 1)) == -1) { +- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, +- "Unable to initialize semaphore."); +- nss_die(); +- } +- + PR_snprintf(sembuf, 32, "%d", sc->semid); ++ PR_snprintf(pidbuf, 32, "%d", parent_pid); + child_argv[0] = sc->crlhelper; + child_argv[1] = sembuf; +- child_argv[2] = sc->database; +- child_argv[3] = sc->dbprefix; +- child_argv[4] = NULL; ++ child_argv[2] = pidbuf; ++ child_argv[3] = sc->database; ++ child_argv[4] = sc->dbprefix; ++ child_argv[5] = NULL; ++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, ++ "Parent PID is %d", parent_pid); + + rv = apr_procattr_create(&sc->procattr, s->process->pool); + +@@ -428,7 +442,6 @@ InitRevocation(apr_pool_t *p, server_rec + void* critical = (void *)sc->crlcritical; + Rev_SetFailureCallbackEntryPoint setfcb = NULL; + Rev_SetDownloadCallbackEntryPoint setncb = NULL; +- int infd, outfd; + + /* Do nothing until Apache is ready to run */ + if (sc->nInitCount < 2) return APR_SUCCESS; +@@ -499,7 +512,10 @@ InitRevocation(apr_pool_t *p, server_rec + free(configstring); + apr_dso_unload(dlh); + ap_log_error(APLOG_MARK, APLOG_ERR, 0, base_server, +- "Unable to load secmod module: %d", PR_GetError()); ++ "Unable to load Revocation module, NSS error %d. %s", PR_GetError(), critical ? "" : "CRL retrieval will be disabled."); ++ if (critical) { ++ kill_apache(); ++ } + return APR_EGENERAL; + } + free(configstring); +diff -upN --recursive mod_revocator-1.0.3/reverror.h mod_revocator-1.0.3-kill/reverror.h +--- mod_revocator-1.0.3/reverror.h 2007-06-05 10:38:58.000000000 -0400 ++++ mod_revocator-1.0.3-kill/reverror.h 2010-11-17 13:53:07.000000000 -0500 +@@ -54,6 +54,7 @@ const PRInt32 REV_ERROR_BAD_ISSUER_USAGE + const PRInt32 REV_ERROR_MISSING_CRL_DATA = 1014; + const PRInt32 REV_ERROR_BAD_ISSUER_TRUST = 1015; + const PRInt32 REV_ERROR_NOUPDATE_AVAILABLE = 1016; ++const PRInt32 REV_ERROR_SEMAPHORE_ERROR = 1017; + + #endif + diff --git a/mod_revocator-libpath.patch b/mod_revocator-libpath.patch new file mode 100644 index 0000000..02ad727 --- /dev/null +++ b/mod_revocator-libpath.patch @@ -0,0 +1,9 @@ +diff -u mod_revocator-1.0.2.orig/revocator.conf mod_revocator-1.0.2/revocator.conf +--- mod_revocator-1.0.2.orig/revocator.conf 2006-08-04 14:49:33.000000000 -0400 ++++ mod_revocator-1.0.2/revocator.conf 2006-10-16 10:10:33.000000000 -0400 +@@ -1,4 +1,4 @@ +-LoadModule rev_module modules/libmodrev.so ++LoadModule rev_module modules/mod_rev.so + + # CRL Engine Switch: + # Enable/Disable CRL retrieval diff --git a/mod_revocator-segfault-fix.patch b/mod_revocator-segfault-fix.patch new file mode 100644 index 0000000..e32dd34 --- /dev/null +++ b/mod_revocator-segfault-fix.patch @@ -0,0 +1,73 @@ +diff -rupN mod_revocator-1.0.3.patched/Makefile.am mod_revocator-1.0.3.segfault/Makefile.am +--- mod_revocator-1.0.3.patched/Makefile.am 2010-04-13 07:11:09.000000000 -0700 ++++ mod_revocator-1.0.3.segfault/Makefile.am 2011-10-11 09:41:23.000000000 -0700 +@@ -10,7 +10,7 @@ libmodrev_la_SOURCES = mod_rev.c + libmodrev_la_LDFLAGS = -module -avoid-version + + INCLUDES = -I@apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@ -Imozilla/security/nss/lib/base @ldapsdk_inc@ -Imozilla/security/nss/lib/ckfw +-LIBS = @ldapsdk_lib@ @nspr_lib@ @nss_lib@ @ldapsdk_libs_ssl@ -lssl3 -lsmime3 -lnss3 -lnssb @ldapsdk_libs@ -lplc4 -lplds4 -lnspr4 -lpthread -ldl ++LIBS = @ldapsdk_lib@ @nspr_lib@ @nss_lib@ @ldapsdk_libs_ssl@ -lssl3 -lsmime3 -lnss3 -lnssutil3 -lnssb @ldapsdk_libs@ -lplc4 -lplds4 -lnspr4 -lpthread -ldl + DEFS = -D__REVOCATION_IMPLEMENTATION__=1 @extra_cppflags@ + + # Remove nsprstub.o from libnssckfw.a so we can use our own stub, then +diff -rupN mod_revocator-1.0.3.patched/crlhelper.cpp mod_revocator-1.0.3.segfault/crlhelper.cpp +--- mod_revocator-1.0.3.patched/crlhelper.cpp 2011-10-11 09:18:33.000000000 -0700 ++++ mod_revocator-1.0.3.segfault/crlhelper.cpp 2011-10-11 09:35:53.000000000 -0700 +@@ -229,7 +229,7 @@ int main(int argc, char ** argv) + } + if (NULL == data) { + data = fetch_url(url, 30, lastfetchtime, &len, &errnum); +- if (expired) ++ if (expired) { + if (errnum == CL_NOUPDATE_AVAILABLE) { + node->fetchtime = PR_Now(); + data = node->data; +@@ -243,6 +243,7 @@ int main(int argc, char ** argv) + urlcache = node->next; + } + freeNode(node); ++ } + } + if (data) { + node = (Node *)malloc(sizeof(Node)); +@@ -262,10 +263,11 @@ int main(int argc, char ** argv) + data = node->data; + node->fetchtime = PR_Now(); + node->errnum = errnum; +- if (urlcache) ++ if (urlcache) { + node->next = urlcache; +- else ++ } else { + node->next = NULL; ++ } + urlcache = node; + } + } +diff -rupN mod_revocator-1.0.3.patched/mod_rev.c mod_revocator-1.0.3.segfault/mod_rev.c +--- mod_revocator-1.0.3.patched/mod_rev.c 2011-10-11 09:18:33.000000000 -0700 ++++ mod_revocator-1.0.3.segfault/mod_rev.c 2011-10-11 11:15:37.000000000 -0700 +@@ -501,6 +501,23 @@ InitRevocation(apr_pool_t *p, server_rec + apr_os_file_get(&infd, sc->proc.out); + PR_snprintf(configstring, CONFIGLEN, "library=%s name=revocation parameters=\"%s %ld %d %d\"", revocation_library, sc->crlfile ? sc->crlfile : "", sc->semid, infd, outfd); + ++ /* Since NSS now separates some functionality into 'libnssutil3.so', ++ * to prevent a segmentation violation from occurring, it is now ++ * necessary to insure that all executables and libraries are ++ * linked against this library, and that the SECOID_Init() function ++ * is called prior to calling the SECMOD_LoadUserModule() function. ++ */ ++ if (SECOID_Init() != SECSuccess) { ++ free(configstring); ++ apr_dso_unload(dlh); ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, base_server, ++ "Unable to initialize SECOID, NSS error %d. %s", PR_GetError(), critical ? "" : "CRL retrieval will be disabled."); ++ if (critical) { ++ kill_apache(); ++ } ++ return APR_EGENERAL; ++ } ++ + mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE); + if (!mod || !mod->loaded) + { diff --git a/mod_revocator.spec b/mod_revocator.spec new file mode 100644 index 0000000..0943b26 --- /dev/null +++ b/mod_revocator.spec @@ -0,0 +1,200 @@ +%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}} +%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo missing-httpd-devel)}} +%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}} +# /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4 +%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}} + +Name: mod_revocator +Version: 1.0.3 +Release: 12%{?dist} +Summary: CRL retrieval module for the Apache HTTP server +Group: System Environment/Daemons +License: ASL 2.0 +URL: http://directory.fedora.redhat.com/wiki/Mod_revocator +Source: http://directory.fedora.redhat.com/sources/%{name}-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: nspr-devel >= 4.6, nss-devel >= 3.11.9 +BuildRequires: nss-pkcs11-devel >= 3.11 +BuildRequires: nss-pkcs11-devel-static +BuildRequires: httpd-devel >= 0:2.0.52, apr-devel, apr-util-devel +BuildRequires: pkgconfig, autoconf, automake, libtool +BuildRequires: openldap-devel >= 2.2.29 +Requires: mod_nss >= 1.0.8 +Requires: httpd-mmn = %{_httpd_mmn} +Patch1: mod_revocator-libpath.patch +Patch2: mod_revocator-kill.patch +Patch3: mod_revocator-segfault-fix.patch +Patch4: mod_revocator-32-bit-semaphore-fix.patch +Patch5: mod_revocator-array-size.patch + +%description +The mod_revocator module retrieves and installs remote +Certificate Revocate Lists (CRLs) into an Apache web server. + +%prep +%setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 + +%build +autoreconf -fvi + +# Needed for ppc64, automake can't be run here +for file in %{_datadir}/automake-*/config.{guess,sub} +do + cp -f $file . +done + +CFLAGS="$RPM_OPT_FLAGS" +export CFLAGS + +NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --variable=includedir nspr` +NSPR_LIB_DIR=`/usr/bin/pkg-config --variable=libdir nspr` + +NSS_INCLUDE_DIR=`/usr/bin/pkg-config --variable=includedir nss` +NSS_LIB_DIR=`/usr/bin/pkg-config --variable=libdir nss` + +NSS_BIN=`/usr/bin/pkg-config --variable=exec_prefix nss` + +%configure \ + --with-nss-lib=$NSS_LIB_DIR \ + --with-nss-inc=$NSS_INCLUDE_DIR \ + --with-nspr-lib=$NSPR_LIB_DIR \ + --with-nspr-inc=$NSPR_INCLUDE_DIR \ + --with-apr-config --enable-openldap \ + --with-apxs=%{_httpd_apxs} + +make %{?_smp_flags} all + +%install +# The install target of the Makefile isn't used because that uses apxs +# which tries to enable the module in the build host httpd instead of in +# the build root. +rm -rf $RPM_BUILD_ROOT + +mkdir -p $RPM_BUILD_ROOT%{_httpd_confdir} $RPM_BUILD_ROOT%{_httpd_modconfdir} \ + $RPM_BUILD_ROOT%{_libdir}/httpd/modules $RPM_BUILD_ROOT%{_bindir} + + +%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}" +# httpd >= 2.4.x +sed -n /^LoadModule/p revocator.conf > 11-revocator.conf +sed -i /^LoadModule/d revocator.conf +install -m 644 11-revocator.conf $RPM_BUILD_ROOT%{_httpd_modconfdir}/11-revocator.conf +%endif +install -m 644 revocator.conf $RPM_BUILD_ROOT%{_httpd_confdir}/revocator.conf +install -m 755 .libs/libmodrev.so $RPM_BUILD_ROOT%{_libdir}/httpd/modules/mod_rev.so +# Ugh, manually create the ldconfig symbolic links +version=`grep -v '^\#' ./libtool-version` +current=`echo $version | cut -d: -f1` +revision=`echo $version | cut -d: -f2` +age=`echo $version | cut -d: -f3` +install -m 755 .libs/librevocation.so.$current.$revision.$age $RPM_BUILD_ROOT%{_libdir}/ +(cd $RPM_BUILD_ROOT%{_libdir} && ln -s librevocation.so.$current.$revision.$age librevocation.so.0) +(cd $RPM_BUILD_ROOT%{_libdir} && ln -s librevocation.so.$current.$revision.$age librevocation.so) +install -m 755 ldapget $RPM_BUILD_ROOT%{_bindir}/ +install -m 755 crlhelper $RPM_BUILD_ROOT%{_bindir}/ + +%clean +rm -rf $RPM_BUILD_ROOT + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%defattr(-,root,root,-) +%doc README LICENSE docs/mod_revocator.html +%config(noreplace) %{_httpd_confdir}/*.conf +%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}" +%config(noreplace) %{_httpd_modconfdir}/*.conf +%endif +%{_libdir}/httpd/modules/mod_rev.so +# rpmlint will complain that librevocation.so is a shared library but this +# must be ignored because this file is loaded directly by name by the Apache +# module. +%{_libdir}/librevocation.*so* +%{_bindir}/ldapget +%{_bindir}/crlhelper + +%changelog +* Tue Apr 24 2012 Remi Collet <RPMS@FamilleCollet.com> - 1.0.3-12 +- rebuild for remi repo and httpd 2.4 + +* Mon Apr 23 2012 Joe Orton <jorton@redhat.com> - 1.0.3-12 +- use 11- prefix for config file w/2.4 + +* Wed Apr 18 2012 Remi Collet <RPMS@FamilleCollet.com> - 1.0.3-11 +- rebuild for remi repo and httpd 2.4 + +* Wed Apr 18 2012 Joe Orton <jorton@redhat.com> - 1.0.3-11 +- fix deps, packaging for 2.4 (#803074) + +* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.3-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Oct 27 2011 Matthew Harmsen <mharmsen@redhat.com> - 1.0.3-9 +- Bugzilla Bug #716874 - httpd (32 bit) failed to start if mod_revocator + (32 bit) is installed on ppc64 + +* Fri Oct 21 2011 Matthew Harmsen <mharmsen@redhat.com> - 1.0.3-7 +- Bugzilla Bug #716355 - mod_revocator does not shut down httpd server if + expired CRL is fetched +- Bugzilla Bug #716361 - mod_revocator does not bring down httpd server if + CRLUpdate fails + +* Tue Oct 11 2011 Matthew Harmsen <mharmsen@redhat.com> - 1.0.3-6 +- Bugzilla Bug #737556 - CRLS are not downloaded when mod_revocator module + is loaded successfully. And no error was thrown in httpd error_log - + mharmsen +- Add 'autoreconf -fvi' to build section - mharmsen +- Fix shutting down Apache if CRLUpdateCritical is on and a CRL + is not available at startup (#654378) - rcritten@redhat.com +- Updated mod_revocator-kill patch. The ownership of the semaphore used to + control access to crlhelper was not always changed to the Apache user + (#648546) - rcritten@redhat.com +- Actually apply the patch (#648546) - rcritten@redhat.com +- Fix killing the web server if updatecritical is set (#648546) - + rcritten@redhat.com + +* Mon Mar 7 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.3-4 +- Use correct package name, nss-pkcs11-devel-static (#640293) + +* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Oct 4 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.3-2 +- Add BuildRequires: nss-pkcs11-static (#640293) + +* Tue Apr 14 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.3-1 +- Update to upstream 1.0.3 + +* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.2-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Mar 04 2009 Robert Scheck <robert@fedoraproject.org> - 1.0.2-7 +- Solve the ppc64-redhat-linux-gnu configure target error + +* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Aug 11 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.0.2-5 +- fix license tag + +* Mon Feb 25 2008 Rob Crittenden <rcritten@redhat.com> 1.0.2-4 +- The nss package changed the location of the NSS shared libraries to /lib from + /usr/lib. Static libraries remained in /usr/lib. They then updated their + devel package to put symlinks back from /lib to /usr. Respin to pick that up. + BZ 434395. + +* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.0.2-3 +- Autorebuild for GCC 4.3 + +* Wed Dec 5 2007 Rob Crittenden <rcritten@redhat.com> 1.0.2-2 +- Respin to pick up new openldap + +* Mon Oct 16 2006 Rob Crittenden <rcritten@redhat.com> 1.0.2-1 +- Initial build |