rpms
/
httpd
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10-beta
rpms:i10c-beta
rpms:c10-beta
rpms:i9c
rpms:c9
rpms:i10cs
rpms:cs10
rpms:i9.5-beta
rpms:i8c-stream-2.4
rpms:c8-stream-2.4
rpms:i9
rpms:i8-beta-stream-2.4
rpms:i8c-beta-stream-2.4
rpms:c8-beta-stream-2.4
rpms:i9-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i8-stream-2.4
...
pull from: rpms:i10c-beta
Branches Tags
rpms:i10-beta
rpms:i10c-beta
rpms:c10-beta
rpms:i9c
rpms:c9
rpms:i10cs
rpms:cs10
rpms:i9.5-beta
rpms:i8c-stream-2.4
rpms:c8-stream-2.4
rpms:i9
rpms:i8-beta-stream-2.4
rpms:i8c-beta-stream-2.4
rpms:c8-beta-stream-2.4
rpms:i9-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i8-stream-2.4

No commits in common. 'c9' and 'i10c-beta' have entirely different histories.
c9 ... i10c-beta

20 changed files with 452 additions and 354 deletions
Show Stats

1
SOURCES/00-base.conf
Unescape View File

@ -15,6 +15,7 @@ LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_socache_module modules/mod_authn_socache.so LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_dbd_module modules/mod_authz_dbd.so LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_dbm_module modules/mod_authz_dbm.so

1
SOURCES/00-optional.conf
Unescape View File

@ -4,7 +4,6 @@
# #
#LoadModule asis_module modules/mod_asis.so #LoadModule asis_module modules/mod_asis.so
#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
#LoadModule buffer_module modules/mod_buffer.so #LoadModule buffer_module modules/mod_buffer.so
#LoadModule heartbeat_module modules/mod_heartbeat.so #LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so #LoadModule heartmonitor_module modules/mod_heartmonitor.so

7
SOURCES/apachectl.xml
Unescape View File

@ -5,6 +5,7 @@
]> ]>
<!-- <!--
Copyright 2020 Red Hat, Inc. Copyright 2020 Red Hat, Inc.
Copyright 2018 Frank Dana
Licensed to the Apache Software Foundation (ASF) under one or more Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with contributor license agreements. See the NOTICE file distributed with
@ -70,7 +71,7 @@
<para>The version of <command>apachectl</command> used on this <para>The version of <command>apachectl</command> used on this
system is a replacement script intended to be mostly (but not system is a replacement script intended to be mostly (but not
completely) compatible with version provided with completely) compatible with the version provided with
<emphasis>Apache httpd</emphasis>. This <emphasis>Apache httpd</emphasis>. This
<command>apachectl</command> mostly acts as a wrapper around <command>apachectl</command> mostly acts as a wrapper around
<command>systemctl</command> and manipulates the <command>systemctl</command> and manipulates the
@ -160,7 +161,7 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><option>configtest</option></term> <term><option>configtest</option> | <option>-t</option></term>
<listitem> <listitem>
<para>Run a configuration file syntax test. It parses the configuration <para>Run a configuration file syntax test. It parses the configuration
files and either reports <literal>Syntax OK</literal> files and either reports <literal>Syntax OK</literal>
@ -173,7 +174,7 @@
<refsect1 id='bugs'> <refsect1 id='bugs'>
<title>Bugs</title> <title>Bugs</title>
<para>Please report bugs by filing an issue in Bugzilla via <ulink url='https://bugzilla.redhat.com/'/>.</para> <para>Please report bugs by filing an issue in @BUG_REPORT_URL@.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>

3
SOURCES/httpd-2.4.43-apxs.patch
Unescape View File

@ -1,3 +1,6 @@
Upstream-Status: local customisation
diff --git a/support/apxs.in b/support/apxs.in diff --git a/support/apxs.in b/support/apxs.in
index b2705fa..c331631 100644 index b2705fa..c331631 100644
--- a/support/apxs.in --- a/support/apxs.in

3
SOURCES/httpd-2.4.43-corelimit.patch
Unescape View File

@ -1,3 +1,6 @@
Upstream-Status: local customisation
diff --git a/server/core.c b/server/core.c diff --git a/server/core.c b/server/core.c
index 79b2a82..dc0f17a 100644 index 79b2a82..dc0f17a 100644
--- a/server/core.c --- a/server/core.c

4
SOURCES/httpd-2.4.59-deplibs.patch → SOURCES/httpd-2.4.43-deplibs.patch
Unescape View File

@ -1,8 +1,8 @@
diff --git a/configure.in b/configure.in diff --git a/configure.in b/configure.in
index 7194de5..00e2369 100644 index f8f9442..f276550 100644
--- a/configure.in --- a/configure.in
+++ b/configure.in +++ b/configure.in
@@ -843,9 +843,9 @@ APACHE_SUBST(INSTALL_SUEXEC) @@ -786,9 +786,9 @@ APACHE_SUBST(INSTALL_SUEXEC)
dnl APR should go after the other libs, so the right symbols can be picked up dnl APR should go after the other libs, so the right symbols can be picked up
if test x${apu_found} != xobsolete; then if test x${apu_found} != xobsolete; then

0
SOURCES/httpd-2.4.62-socket-activation.patch → SOURCES/httpd-2.4.43-socket-activation.patch
Unescape View File

3
SOURCES/httpd-2.4.48-r1842929+.patch
Unescape View File

@ -1,3 +1,6 @@
Upstream-Status: in trunk, not proposed for 2.4.x
diff --git a/Makefile.in b/Makefile.in diff --git a/Makefile.in b/Makefile.in
index 6747aea..40c7076 100644 index 6747aea..40c7076 100644
--- a/Makefile.in --- a/Makefile.in

13
SOURCES/httpd-2.4.48-export.patch → SOURCES/httpd-2.4.53-export.patch
Unescape View File

@ -1,12 +1,5 @@
Reduce size of httpd binary by telling linker to export all symbols
from libmain.a, rather than bloating the symbol table with ap_hack_*
to do so indirectly.
Upstream: https://svn.apache.org/r1861685 (as new default-off configure option)
diff --git a/Makefile.in b/Makefile.in diff --git a/Makefile.in b/Makefile.in
index 40c7076..ac98e5f 100644 index bd8045c..d6733a5 100644
--- a/Makefile.in --- a/Makefile.in
+++ b/Makefile.in +++ b/Makefile.in
@@ -4,8 +4,15 @@ CLEAN_SUBDIRS = test @@ -4,8 +4,15 @@ CLEAN_SUBDIRS = test
@ -40,10 +33,10 @@ index 8111877..f00bb3f 100644
eoc_bucket.c eor_bucket.c core_filters.c \ eoc_bucket.c eor_bucket.c core_filters.c \
util_expr_parse.c util_expr_scan.c util_expr_eval.c util_expr_parse.c util_expr_scan.c util_expr_eval.c
diff --git a/server/main.c b/server/main.c diff --git a/server/main.c b/server/main.c
index 62e06df..17c09ee 100644 index 7da7aa2..e63d2eb 100644
--- a/server/main.c --- a/server/main.c
+++ b/server/main.c +++ b/server/main.c
@@ -835,17 +835,3 @@ int main(int argc, const char * const argv[]) @@ -857,17 +857,3 @@ int main(int argc, const char * const argv[])
return !OK; return !OK;
} }

0
SOURCES/httpd-2.4.53-icons.patch → SOURCES/httpd-2.4.54-icons.patch
Unescape View File

64
SOURCES/httpd-2.4.54-selinux.patch
Unescape View File

@ -0,0 +1,64 @@
Upstream-Status: in trunk not in 2.4.x
diff --git a/configure.in b/configure.in
index 74015ca..8c0ee10 100644
--- httpd-2.4.54/modules/arch/unix/config5.m4.selinux
+++ httpd-2.4.54/modules/arch/unix/config5.m4
@@ -23,6 +23,11 @@
AC_MSG_WARN([Your system does not support systemd.])
enable_systemd="no"
else
+ AC_CHECK_LIB(selinux, is_selinux_enabled, [
+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
+ APR_ADDTO(MOD_SYSTEMD_LDADD, [-lselinux])
+ ])
+
APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS])
fi
])
--- httpd-2.4.54/modules/arch/unix/mod_systemd.c.selinux
+++ httpd-2.4.54/modules/arch/unix/mod_systemd.c
@@ -35,6 +35,10 @@
#include <unistd.h>
#endif
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
APR_DECLARE_OPTIONAL_FN(int,
ap_find_systemd_socket, (process_rec *, apr_port_t));
@@ -70,6 +74,20 @@
return apr_psprintf(p, "%s port %u", addr, sa->port);
}
+#ifdef HAVE_SELINUX
+static void log_selinux_context(void)
+{
+ char *con;
+
+ if (is_selinux_enabled() && getcon(&con) == 0) {
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+ "SELinux policy enabled; "
+ "httpd running as context %s", con);
+ freecon(con);
+ }
+}
+#endif
+
/* Report the service is ready in post_config, which could be during
* startup or after a reload. The server could still hit a fatal
* startup error after this point during ap_run_mpm(), so this is
@@ -87,6 +105,10 @@
if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG)
return OK;
+#ifdef HAVE_SELINUX
+ log_selinux_context();
+#endif
+
for (lr = ap_listeners; lr; lr = lr->next) {
char *s = dump_listener(lr, ptemp);

60
SOURCES/httpd-2.4.57-selinux.patch
Unescape View File

@ -1,60 +0,0 @@
diff --git a/configure.in b/configure.in
index 3932407..00e2369 100644
--- a/configure.in
+++ b/configure.in
@@ -531,6 +531,11 @@ gettid
dnl confirm that a void pointer is large enough to store a long integer
APACHE_CHECK_VOID_PTR_LEN
+AC_CHECK_LIB(selinux, is_selinux_enabled, [
+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
+ APR_ADDTO(HTTPD_LIBS, [-lselinux])
+])
+
if test $ac_cv_func_gettid = no; then
# On Linux before glibc 2.30, gettid() is only usable via syscall()
AC_CACHE_CHECK([for gettid() via syscall], ap_cv_gettid,
diff --git a/server/core.c b/server/core.c
index 8970a50..ff1024d 100644
--- a/server/core.c
+++ b/server/core.c
@@ -65,6 +65,10 @@
#include <unistd.h>
#endif
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
/* LimitRequestBody handling */
#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */
@@ -5170,6 +5174,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
}
#endif
+#ifdef HAVE_SELINUX
+ {
+ static int already_warned = 0;
+ int is_enabled = is_selinux_enabled() > 0;
+
+ if (is_enabled && !already_warned) {
+ security_context_t con;
+
+ if (getcon(&con) == 0) {
+
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+ "SELinux policy enabled; "
+ "httpd running as context %s", con);
+
+ already_warned = 1;
+
+ freecon(con);
+ }
+ }
+ }
+#endif
+
return OK;
}

2
SOURCES/httpd-2.4.57-r1912477+.patch → SOURCES/httpd-2.4.58-r1912477+.patch
Unescape View File

@ -5,6 +5,8 @@ http://svn.apache.org/viewvc?view=revision&revision=1912718
http://svn.apache.org/viewvc?view=revision&revision=1913654 http://svn.apache.org/viewvc?view=revision&revision=1913654
http://svn.apache.org/viewvc?view=revision&revision=1914438 http://svn.apache.org/viewvc?view=revision&revision=1914438
Upstream-Status: in trunk, not proposed for 2.4.x
--- httpd-2.4.58/modules/dav/fs/config6.m4.r1912477+ --- httpd-2.4.58/modules/dav/fs/config6.m4.r1912477+
+++ httpd-2.4.58/modules/dav/fs/config6.m4 +++ httpd-2.4.58/modules/dav/fs/config6.m4
@@ -20,4 +20,10 @@ @@ -20,4 +20,10 @@

14
SOURCES/httpd-2.4.48-full-release.patch → SOURCES/httpd-2.4.59-full-release.patch
Unescape View File

@ -1,8 +1,6 @@
diff --git a/server/core.c b/server/core.c --- httpd-2.4.59/server/core.c.full-release
index c36ff26..621c82a 100644 +++ httpd-2.4.59/server/core.c
--- a/server/core.c @@ -3586,6 +3586,7 @@
+++ b/server/core.c
@@ -3569,6 +3569,7 @@ enum server_token_type {
SrvTk_MINIMAL, /* eg: Apache/2.0.41 */ SrvTk_MINIMAL, /* eg: Apache/2.0.41 */
SrvTk_OS, /* eg: Apache/2.0.41 (UNIX) */ SrvTk_OS, /* eg: Apache/2.0.41 (UNIX) */
SrvTk_FULL, /* eg: Apache/2.0.41 (UNIX) PHP/4.2.2 FooBar/1.2b */ SrvTk_FULL, /* eg: Apache/2.0.41 (UNIX) PHP/4.2.2 FooBar/1.2b */
@ -10,7 +8,7 @@ index c36ff26..621c82a 100644
SrvTk_PRODUCT_ONLY /* eg: Apache */ SrvTk_PRODUCT_ONLY /* eg: Apache */
}; };
static enum server_token_type ap_server_tokens = SrvTk_FULL; static enum server_token_type ap_server_tokens = SrvTk_FULL;
@@ -3645,7 +3646,10 @@ static void set_banner(apr_pool_t *pconf) @@ -3662,7 +3663,10 @@
else if (ap_server_tokens == SrvTk_MAJOR) { else if (ap_server_tokens == SrvTk_MAJOR) {
ap_add_version_component(pconf, AP_SERVER_BASEPRODUCT "/" AP_SERVER_MAJORVERSION); ap_add_version_component(pconf, AP_SERVER_BASEPRODUCT "/" AP_SERVER_MAJORVERSION);
} }
@ -22,7 +20,7 @@ index c36ff26..621c82a 100644
ap_add_version_component(pconf, AP_SERVER_BASEVERSION " (" PLATFORM ")"); ap_add_version_component(pconf, AP_SERVER_BASEVERSION " (" PLATFORM ")");
} }
@@ -3653,7 +3657,7 @@ static void set_banner(apr_pool_t *pconf) @@ -3670,7 +3674,7 @@
* Lock the server_banner string if we're not displaying * Lock the server_banner string if we're not displaying
* the full set of tokens * the full set of tokens
*/ */
@ -31,7 +29,7 @@ index c36ff26..621c82a 100644
banner_locked++; banner_locked++;
} }
server_description = AP_SERVER_BASEVERSION " (" PLATFORM ")"; server_description = AP_SERVER_BASEVERSION " (" PLATFORM ")";
@@ -3686,8 +3690,11 @@ static const char *set_serv_tokens(cmd_parms *cmd, void *dummy, @@ -3703,8 +3707,11 @@
else if (!ap_cstr_casecmp(arg, "Full")) { else if (!ap_cstr_casecmp(arg, "Full")) {
ap_server_tokens = SrvTk_FULL; ap_server_tokens = SrvTk_FULL;
} }

11
SOURCES/httpd-2.4.59-no-engine.patch
Unescape View File

@ -0,0 +1,11 @@
--- httpd-2.4.59/modules/ssl/ssl_private.h.no-engine
+++ httpd-2.4.59/modules/ssl/ssl_private.h
@@ -112,7 +112,7 @@
|| (defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL < 30000)) \
&& !defined(OPENSSL_NO_ENGINE)
#include <openssl/engine.h>
-#define MODSSL_HAVE_ENGINE_API 1
+#define MODSSL_HAVE_ENGINE_API 0
#endif
#ifndef MODSSL_HAVE_ENGINE_API
#define MODSSL_HAVE_ENGINE_API 0

16
SOURCES/httpd-2.4.48-proxy-ws-idle-timeout.patch → SOURCES/httpd-2.4.62-proxy-ws-idle-timeout.patch
Unescape View File

@ -1,8 +1,8 @@
diff --git a/docs/manual/mod/mod_proxy_wstunnel.html.en b/docs/manual/mod/mod_proxy_wstunnel.html.en diff --git a/docs/manual/mod/mod_proxy_wstunnel.html.en b/docs/manual/mod/mod_proxy_wstunnel.html.en
index 9f2c120..61ff7de 100644 index c5004b8..a0ae3c8 100644
--- a/docs/manual/mod/mod_proxy_wstunnel.html.en --- a/docs/manual/mod/mod_proxy_wstunnel.html.en
+++ b/docs/manual/mod/mod_proxy_wstunnel.html.en +++ b/docs/manual/mod/mod_proxy_wstunnel.html.en
@@ -83,6 +83,7 @@ in the response <code>Upgrade</code></p> @@ -96,6 +96,7 @@ WebSocket always happens.
<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><h3 class="directives">Directives</h3> <div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><h3 class="directives">Directives</h3>
<ul id="toc"> <ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#proxywebsocketfallbacktoproxyhttp">ProxyWebsocketFallbackToProxyHttp</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#proxywebsocketfallbacktoproxyhttp">ProxyWebsocketFallbackToProxyHttp</a></li>
@ -10,7 +10,7 @@ index 9f2c120..61ff7de 100644
</ul> </ul>
<h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&amp;list_id=144532&amp;product=Apache%20httpd-2&amp;query_format=specific&amp;order=changeddate%20DESC%2Cpriority%2Cbug_severity&amp;component=mod_proxy_wstunnel">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&amp;component=mod_proxy_wstunnel">Report a bug</a></li></ul><h3>See also</h3> <h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&amp;list_id=144532&amp;product=Apache%20httpd-2&amp;query_format=specific&amp;order=changeddate%20DESC%2Cpriority%2Cbug_severity&amp;component=mod_proxy_wstunnel">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&amp;component=mod_proxy_wstunnel">Report a bug</a></li></ul><h3>See also</h3>
<ul class="seealso"> <ul class="seealso">
@@ -108,6 +109,23 @@ in the response <code>Upgrade</code></p> @@ -121,6 +122,23 @@ WebSocket always happens.
WebSocket requests as in httpd 2.4.46 and earlier.</p> WebSocket requests as in httpd 2.4.46 and earlier.</p>
</div> </div>
@ -35,7 +35,7 @@ index 9f2c120..61ff7de 100644
<div class="bottomlang"> <div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_proxy_wstunnel.html" title="English">&nbsp;en&nbsp;</a> | <p><span>Available Languages: </span><a href="../en/mod/mod_proxy_wstunnel.html" title="English">&nbsp;en&nbsp;</a> |
diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c
index bcbba42..c29ded1 100644 index 30ba1b4..e27e6f8 100644
--- a/modules/proxy/mod_proxy_wstunnel.c --- a/modules/proxy/mod_proxy_wstunnel.c
+++ b/modules/proxy/mod_proxy_wstunnel.c +++ b/modules/proxy/mod_proxy_wstunnel.c
@@ -22,6 +22,7 @@ module AP_MODULE_DECLARE_DATA proxy_wstunnel_module; @@ -22,6 +22,7 @@ module AP_MODULE_DECLARE_DATA proxy_wstunnel_module;
@ -46,7 +46,7 @@ index bcbba42..c29ded1 100644
} proxyws_dir_conf; } proxyws_dir_conf;
static int can_fallback_to_proxy_http; static int can_fallback_to_proxy_http;
@@ -152,6 +153,8 @@ static int proxy_wstunnel_request(apr_pool_t *p, request_rec *r, @@ -176,6 +177,8 @@ static int proxy_wstunnel_request(apr_pool_t *p, request_rec *r,
conn_rec *c = r->connection; conn_rec *c = r->connection;
apr_socket_t *sock = conn->sock; apr_socket_t *sock = conn->sock;
conn_rec *backconn = conn->connection; conn_rec *backconn = conn->connection;
@ -55,7 +55,7 @@ index bcbba42..c29ded1 100644
char *buf; char *buf;
apr_bucket_brigade *header_brigade; apr_bucket_brigade *header_brigade;
apr_bucket *e; apr_bucket *e;
@@ -229,10 +232,13 @@ static int proxy_wstunnel_request(apr_pool_t *p, request_rec *r, @@ -253,10 +256,13 @@ static int proxy_wstunnel_request(apr_pool_t *p, request_rec *r,
c->keepalive = AP_CONN_CLOSE; c->keepalive = AP_CONN_CLOSE;
do { /* Loop until done (one side closes the connection, or an error) */ do { /* Loop until done (one side closes the connection, or an error) */
@ -70,7 +70,7 @@ index bcbba42..c29ded1 100644
} }
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(02444) "error apr_poll()"); ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(02444) "error apr_poll()");
return HTTP_INTERNAL_SERVER_ERROR; return HTTP_INTERNAL_SERVER_ERROR;
@@ -418,11 +424,26 @@ cleanup: @@ -442,11 +448,26 @@ cleanup:
return status; return status;
} }
@ -97,7 +97,7 @@ index bcbba42..c29ded1 100644
new->fallback_to_proxy_http = 1; new->fallback_to_proxy_http = 1;
return (void *) new; return (void *) new;
@@ -465,7 +486,8 @@ static const command_rec ws_proxy_cmds[] = @@ -489,7 +510,8 @@ static const command_rec ws_proxy_cmds[] =
proxyws_fallback_to_proxy_http, NULL, RSRC_CONF|ACCESS_CONF, proxyws_fallback_to_proxy_http, NULL, RSRC_CONF|ACCESS_CONF,
"whether to let mod_proxy_http handle the upgrade and tunneling, " "whether to let mod_proxy_http handle the upgrade and tunneling, "
"On by default"), "On by default"),

19
SOURCES/httpd.service
Unescape View File

@ -26,8 +26,25 @@ ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
# Send SIGWINCH for graceful stop # Send SIGWINCH for graceful stop
KillSignal=SIGWINCH KillSignal=SIGWINCH
KillMode=mixed KillMode=mixed
PrivateTmp=true DevicePolicy=closed
KeyringMode=private
LockPersonality=yes
MemoryDenyWriteExecute=yes
OOMPolicy=continue OOMPolicy=continue
PrivateDevices=yes
PrivateTmp=true
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=read-only
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=yes
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

38
SOURCES/httpd.service.xml
Unescape View File

@ -175,7 +175,7 @@ Wants=network-online.target</programlisting>
<para>System packages (including the httpd package itself) may <para>System packages (including the httpd package itself) may
restart the httpd service automatically after packages are restart the httpd service automatically after packages are
upgraded, installed, or removed. This is done using the upgraded, installed, or removed. This is done using the
<command>systemctl try-restart httpd.service</command>, which <command>systemctl try-restart httpd.service</command> command, which
stops then starts the service if it is running.</para> stops then starts the service if it is running.</para>
<para>To disable automatic restarts, create the file <para>To disable automatic restarts, create the file
@ -183,8 +183,9 @@ Wants=network-online.target</programlisting>
When <command>httpd</command> interfaces are added in an update, When <command>httpd</command> interfaces are added in an update,
it may not be safe to <emphasis>reload</emphasis> a running it may not be safe to <emphasis>reload</emphasis> a running
service after upgrading, if updated modules require interfaces service after upgrading, if updated modules require interfaces
only available in the updated httpd. It is recommended to allow only available in the updated <command>httpd</command> binary.
automatic restarts for this reason.</para> It is recommended to allow automatic restarts for this
reason.</para>
</refsect2> </refsect2>
<refsect2> <refsect2>
@ -230,7 +231,16 @@ Wants=network-online.target</programlisting>
<refsect2> <refsect2>
<title>Process policies and restrictions</title> <title>Process policies and restrictions</title>
<para>The httpd service uses the following options: <para>The <command>httpd.service</command> unit enables a
variety of sandboxing options. Many of these prevent the service
from changing the system configuration or attributes of the
kernel - such as <emphasis>ProtectClock</emphasis> and
<emphasis>ProtectKernelModules</emphasis>. See
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
and
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for more information on these options. Particular notice should
be taken of the following:
<itemizedlist> <itemizedlist>
<listitem><para><emphasis>PrivateTmp</emphasis> is enabled by <listitem><para><emphasis>PrivateTmp</emphasis> is enabled by
@ -246,13 +256,21 @@ Wants=network-online.target</programlisting>
the policy to <emphasis>continue</emphasis>, httpd will the policy to <emphasis>continue</emphasis>, httpd will
continue to run (and recover) if a single child is terminated continue to run (and recover) if a single child is terminated
because of excess memory consumption.</para></listitem> because of excess memory consumption.</para></listitem>
</itemizedlist>
See <listitem><para><emphasis>ProtectHome</emphasis> is set to
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> <emphasis>read-only</emphasis> by default. CGI scripts run via
and <emphasis>UserDir</emphasis> will not be able modify any
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> content in <filename>/home</filename> by
for more information.</para> default.</para></listitem>
<listitem><para><emphasis>ProtectSystem</emphasis> is set to
<emphasis>yes</emphasis> by default; this mounts various
system paths like <filename>/usr</filename> and
<filename>/boot</filename> as read-only by
default.</para></listitem>
</itemizedlist></para>
</refsect2> </refsect2>
<refsect2> <refsect2>

19
SOURCES/httpd@.service
Unescape View File

@ -19,8 +19,25 @@ ExecReload=/usr/sbin/httpd $OPTIONS -k graceful -f conf/%i.conf
# Send SIGWINCH for graceful stop # Send SIGWINCH for graceful stop
KillSignal=SIGWINCH KillSignal=SIGWINCH
KillMode=mixed KillMode=mixed
PrivateTmp=true DevicePolicy=closed
KeyringMode=private
LockPersonality=yes
MemoryDenyWriteExecute=yes
OOMPolicy=continue OOMPolicy=continue
PrivateDevices=yes
PrivateTmp=true
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=read-only
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=yes
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

528
SPECS/httpd.spec
Unescape View File

@ -4,16 +4,28 @@
%define mmn 20120211 %define mmn 20120211
%define mmnisa %{mmn}%{__isa_name}%{__isa_bits} %define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
%define vstring %(source /etc/os-release; echo ${NAME}) %define vstring %(source /etc/os-release; echo ${NAME})
%define bugurl %(source /etc/os-release; echo ${BUG_REPORT_URL})
%if 0%{?fedora} > 26 || 0%{?rhel} > 7 %if 0%{?fedora} > 26 || 0%{?rhel} > 7
%global mpm event %global mpm event
%else %else
%global mpm prefork %global mpm prefork
%endif %endif
%if 0%{?fedora} > 35 || 0%{?rhel} > 9
%bcond_without pcre2
%bcond_with pcre
%else
%bcond_with pcre2
%bcond_without pcre
%endif
# Similar issue to https://bugzilla.redhat.com/show_bug.cgi?id=2043092
%undefine _package_note_flags
Summary: Apache HTTP Server Summary: Apache HTTP Server
Name: httpd Name: httpd
Version: 2.4.62 Version: 2.4.62
Release: 1%{?dist} Release: 4%{?dist}
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@ -65,53 +77,60 @@ Source48: apache-poweredby.png
Source49: httpd.sysusers Source49: httpd.sysusers
# build/scripts patches # build/scripts patches
Patch1: httpd-2.4.59-full-release.patch
Patch2: httpd-2.4.43-apxs.patch Patch2: httpd-2.4.43-apxs.patch
Patch3: httpd-2.4.59-deplibs.patch Patch3: httpd-2.4.43-deplibs.patch
# Needed for socket activation and mod_systemd patch # Needed for socket activation and mod_systemd patch
Patch19: httpd-2.4.53-detect-systemd.patch Patch19: httpd-2.4.53-detect-systemd.patch
# Features/functional changes # Features/functional changes
Patch21: httpd-2.4.48-r1842929+.patch Patch20: httpd-2.4.48-r1842929+.patch
Patch22: httpd-2.4.43-mod_systemd.patch Patch21: httpd-2.4.43-mod_systemd.patch
Patch23: httpd-2.4.48-export.patch Patch22: httpd-2.4.53-export.patch
Patch24: httpd-2.4.43-corelimit.patch Patch23: httpd-2.4.43-corelimit.patch
Patch25: httpd-2.4.57-selinux.patch Patch24: httpd-2.4.54-icons.patch
Patch26: httpd-2.4.53-icons.patch Patch25: httpd-2.4.43-cachehardmax.patch
Patch27: httpd-2.4.43-cachehardmax.patch Patch26: httpd-2.4.43-socket-activation.patch
Patch28: httpd-2.4.62-socket-activation.patch Patch27: httpd-2.4.43-sslciphdefault.patch
Patch29: httpd-2.4.43-sslciphdefault.patch Patch29: httpd-2.4.43-sslprotdefault.patch
Patch30: httpd-2.4.43-sslprotdefault.patch Patch30: httpd-2.4.43-logjournal.patch
Patch31: httpd-2.4.43-logjournal.patch Patch31: httpd-2.4.53-separate-systemd-fns.patch
Patch32: httpd-2.4.48-proxy-ws-idle-timeout.patch Patch32: httpd-2.4.58-r1912477+.patch
Patch33: httpd-2.4.54-selinux.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1949606 # https://bugzilla.redhat.com/show_bug.cgi?id=1949606
Patch33: httpd-2.4.62-freebind.patch Patch34: httpd-2.4.62-freebind.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2065677 # https://bugzilla.redhat.com/show_bug.cgi?id=1947496
Patch34: httpd-2.4.53-separate-systemd-fns.patch Patch35: httpd-2.4.62-proxy-ws-idle-timeout.patch
# https://issues.redhat.com/browse/RHEL-5071
Patch35: httpd-2.4.57-r1912477+.patch
# Bug fixes # Bug fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243 # https://bugzilla.redhat.com/show_bug.cgi?id=1397243
Patch100: httpd-2.4.43-enable-sslv3.patch Patch60: httpd-2.4.43-enable-sslv3.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1932442 Patch61: httpd-2.4.59-no-engine.patch
Patch101: httpd-2.4.48-full-release.patch
# https://bz.apache.org/bugzilla/show_bug.cgi?id=69197 # https://bz.apache.org/bugzilla/show_bug.cgi?id=69197
Patch102: httpd-2.4.62-r1919325.patch Patch62: httpd-2.4.62-r1919325.patch
# Security fixes # Security fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=... # Patch200: ...
#
# https://bugzilla.redhat.com/show_bug.cgi?id=
# Patch200: httpd-2.4.X-CVE-XXXX-YYYYY.patch
# Apache-2.0: everything
# BSD-3-Clause: util_pcre.c, ap_regex.h
# metamail AND HPND-sell-variant:: server/util_md5.c:
# Spencer-94: modules/metadata/mod_mime_magic.c
License: Apache-2.0 AND (BSD-3-Clause AND metamail AND HPND-sell-variant AND Spencer-94)
License: ASL 2.0
BuildRequires: gcc, autoconf, pkgconfig, findutils, xmlto BuildRequires: gcc, autoconf, pkgconfig, findutils, xmlto
BuildRequires: perl-interpreter, perl-generators, systemd-devel BuildRequires: perl-interpreter, perl-generators, systemd-devel
BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel
BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0 BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0
BuildRequires: gnupg2 BuildRequires: openldap-devel
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
Requires: system-logos-httpd %if %{with pcre2}
BuildRequires: pcre2-devel
%endif
%if %{with pcre}
BuildRequires: pcre-devel > 5.0
%endif
BuildRequires: gnupg2
Requires: system-logos(httpd-logo-ng)
Provides: webserver Provides: webserver
Requires: httpd-core = 0:%{version}-%{release} Requires: httpd-core = 0:%{version}-%{release}
Recommends: mod_http2, mod_lua Recommends: mod_http2, mod_lua
@ -129,10 +148,12 @@ Provides: mod_proxy_uwsgi = %{version}-%{release}
Requires: /etc/mime.types Requires: /etc/mime.types
Requires: httpd-tools = %{version}-%{release} Requires: httpd-tools = %{version}-%{release}
Requires: httpd-filesystem = %{version}-%{release} Requires: httpd-filesystem = %{version}-%{release}
%if 0%{?fedora} > 39 || 0%{?rhel} > 9
Requires: apr-util-1(dbm)%{_isa}
%endif
Requires(pre): httpd-filesystem Requires(pre): httpd-filesystem
Conflicts: apr < 1.5.0-1 Conflicts: apr < 1.5.0-1
Conflicts: httpd < 2.4.53-3 Conflicts: httpd < 2.4.53-2
Conflicts: mod_http2 < 1.15.19-3
Obsoletes: mod_proxy_uwsgi < 2.0.17.1-2 Obsoletes: mod_proxy_uwsgi < 2.0.17.1-2
%description core %description core
@ -140,8 +161,8 @@ The httpd-core package contains essential httpd binaries.
%package devel %package devel
Summary: Development interfaces for the Apache HTTP Server Summary: Development interfaces for the Apache HTTP Server
Requires: apr-devel, apr-util-devel, pkgconfig Requires: apr-devel, apr-util-devel, pkgconfig, libtool
Requires: httpd-core = %{version}-%{release} Requires: httpd-core = 0:%{version}-%{release}
%description devel %description devel
The httpd-devel package contains the APXS binary and other files The httpd-devel package contains the APXS binary and other files
@ -185,9 +206,11 @@ Epoch: 1
BuildRequires: openssl-devel BuildRequires: openssl-devel
Requires(pre): httpd-filesystem Requires(pre): httpd-filesystem
Requires: httpd-core = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} Requires: httpd-core = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
Requires: sscg >= 3.0.0-7, /usr/bin/hostname Requires: sscg >= 3.0.3, /usr/bin/hostname
# Require an OpenSSL which supports PROFILE=SYSTEM # Require an OpenSSL which supports PROFILE=SYSTEM
Conflicts: openssl-libs < 1:1.0.1h-4 Conflicts: openssl-libs < 1:1.0.1h-4
# mod_ssl/mod_nss cannot both be loaded simultaneously
Conflicts: mod_nss
%description -n mod_ssl %description -n mod_ssl
The mod_ssl module provides strong cryptography for the Apache HTTP The mod_ssl module provides strong cryptography for the Apache HTTP
@ -233,31 +256,7 @@ written in the Lua programming language.
%prep %prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%setup -q %autosetup -p1 -S gendiff
%patch2 -p1 -b .apxs
%patch3 -p1 -b .deplibs
%patch19 -p1 -b .detectsystemd
%patch21 -p1 -b .r1842929+
%patch22 -p1 -b .mod_systemd
%patch23 -p1 -b .export
%patch24 -p1 -b .corelimit
%patch25 -p1 -b .selinux
%patch26 -p1 -b .icons
%patch27 -p1 -b .cachehardmax
%patch28 -p1 -b .socketactivation
%patch29 -p1 -b .sslciphdefault
%patch30 -p1 -b .sslprotdefault
%patch31 -p1 -b .logjournal
%patch32 -p1 -b .proxy-ws-idle-timeout
%patch33 -p1 -b .freebind
%patch34 -p1 -b .separatesystemd
%patch35 -p1 -b .r1912477+
%patch100 -p1 -b .enable-sslv3
%patch101 -p1 -b .full-release
%patch102 -p1 -b .r1919325
# Patch in the vendor string # Patch in the vendor string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@ -297,16 +296,16 @@ s,@DOCROOT@,%{docroot},g
s,@LOGDIR@,%{_localstatedir}/log/httpd,g s,@LOGDIR@,%{_localstatedir}/log/httpd,g
' < $RPM_SOURCE_DIR/httpd.conf.xml \ ' < $RPM_SOURCE_DIR/httpd.conf.xml \
> httpd.conf.xml > httpd.conf.xml
sed 's|@BUG_REPORT_URL@|%{bugurl}|g' < $RPM_SOURCE_DIR/apachectl.xml > apachectl.xml
xmlto man ./httpd.conf.xml xmlto man ./httpd.conf.xml
xmlto man $RPM_SOURCE_DIR/htcacheclean.service.xml xmlto man $RPM_SOURCE_DIR/htcacheclean.service.xml
xmlto man $RPM_SOURCE_DIR/httpd.service.xml xmlto man $RPM_SOURCE_DIR/httpd.service.xml
xmlto man apachectl.xml
# apachectl.xml => apachectl.8
xmlto man %{SOURCE47}
: Building with MMN %{mmn}, MMN-ISA %{mmnisa} : Building with MMN %{mmn}, MMN-ISA %{mmnisa}
: Default MPM is %{mpm}, vendor string is '%{vstring}' : Default MPM is %{mpm}, vendor string is '%{vstring}'
: Regex Engine: PCRE=%{with pcre} PCRE2=%{with pcre2}
%build %build
# forcibly prevent use of bundled apr, apr-util, pcre # forcibly prevent use of bundled apr, apr-util, pcre
@ -319,11 +318,7 @@ autoheader && autoconf || exit 1
%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \ %{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \
support/apxs.in support/apxs.in
export CFLAGS=$RPM_OPT_FLAGS %set_build_flags
export LDFLAGS="-Wl,-z,relro,-z,now"
# Hard-code path to links to avoid unnecessary builddep
export LYNX_PATH=/usr/bin/links
# Build the daemon # Build the daemon
./configure \ ./configure \
@ -351,22 +346,33 @@ export LYNX_PATH=/usr/bin/links
--with-suexec-uidmin=1000 --with-suexec-gidmin=1000 \ --with-suexec-uidmin=1000 --with-suexec-gidmin=1000 \
--with-brotli \ --with-brotli \
--enable-pie \ --enable-pie \
--with-pcre=/usr/bin/pcre-config \ %if %{with pcre2}
--with-pcre2=%{_bindir}/pcre2-config \
%endif
%if %{with pcre}
--with-pcre=%{_bindir}/pcre-config \
%endif
--enable-mods-shared=all \ --enable-mods-shared=all \
--enable-ssl --with-ssl --disable-distcache \ --enable-ssl --with-ssl --disable-distcache \
--enable-proxy --enable-proxy-fdpass \ --enable-proxy --enable-proxy-fdpass \
--enable-cache \ --enable-cache \
--enable-disk-cache \ --enable-disk-cache \
--enable-ldap --enable-authnz-ldap \ --enable-ldap --enable-authnz-ldap \
--enable-cgid --enable-cgi \ --enable-cgid --enable-cgi --enable-authnz-fcgi \
--enable-cgid-fdpassing \ --enable-cgid-fdpassing \
--enable-authn-anon --enable-authn-alias \ --enable-authn-anon --enable-authn-alias \
--enable-authnz-fcgi \
--enable-systemd \ --enable-systemd \
--disable-imagemap --disable-file-cache \ --disable-imagemap --disable-file-cache \
--disable-http2 \ --disable-http2 \
--disable-md \ --disable-md \
$* $*
if grep -q ac_cv_have_threadsafe_pollset=no config.log; then
cat config.log
: Failed to find thread-safe APR.
exit 1
fi
%make_build %make_build
%install %install
@ -405,8 +411,9 @@ touch -r $RPM_SOURCE_DIR/00-mpm.conf \
# install systemd override drop directory # install systemd override drop directory
# Web application packages can drop snippets into this location if # Web application packages can drop snippets into this location if
# they need ExecStart[pre|post]. # they need ExecStart[pre|post].
mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d \
mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/httpd.service.d
install -m 644 -p $RPM_SOURCE_DIR/10-listen443.conf \ install -m 644 -p $RPM_SOURCE_DIR/10-listen443.conf \
$RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d/10-listen443.conf $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d/10-listen443.conf
@ -471,6 +478,7 @@ cat > $RPM_BUILD_ROOT%{_rpmconfigdir}/macros.d/macros.httpd <<EOF
%%_httpd_contentdir %{contentdir} %%_httpd_contentdir %{contentdir}
%%_httpd_moddir %%{_libdir}/httpd/modules %%_httpd_moddir %%{_libdir}/httpd/modules
%%_httpd_requires Requires: httpd-mmn = %%{_httpd_mmn} %%_httpd_requires Requires: httpd-mmn = %%{_httpd_mmn}
%%_httpd_statedir %%{_localstatedir}/lib/httpd
EOF EOF
# Handle contentdir # Handle contentdir
@ -506,9 +514,10 @@ ln -s ../../pixmaps/poweredby.png \
$RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
# Symlink for the system logo # Symlink for the system logo
%if 0%{?rhel} >= 9
ln -s ../../pixmaps/system-noindex-logo.png \ ln -s ../../pixmaps/system-noindex-logo.png \
$RPM_BUILD_ROOT%{contentdir}/icons/system_noindex_logo.png $RPM_BUILD_ROOT%{contentdir}/icons/system_noindex_logo.png
%endif
# symlinks for /etc/httpd # symlinks for /etc/httpd
rmdir $RPM_BUILD_ROOT/etc/httpd/{state,run} rmdir $RPM_BUILD_ROOT/etc/httpd/{state,run}
@ -572,9 +581,12 @@ sed -i '/instdso/s,top_srcdir,top_builddir,' \
cp -p $RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk \ cp -p $RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk \
$RPM_BUILD_ROOT%{_libdir}/httpd/build/vendor_config_vars.mk $RPM_BUILD_ROOT%{_libdir}/httpd/build/vendor_config_vars.mk
# Sanitize CFLAGS in standard config_vars.mk # Sanitize CFLAGS & LIBTOOL in standard config_vars.mk
sed '/^CFLAGS/s,=.*$,= -O2 -g -Wall,' \ sed -e '/^[A-Z]*FLAGS = /s,-specs[^ ]*,,g' \
-e '/^LIBTOOL/s,/.*/libtool,%{_bindir}/libtool,' \
-i $RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk -i $RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk
diff -u $RPM_BUILD_ROOT%{_libdir}/httpd/build/vendor_config_vars.mk \
$RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk || true
sed 's/config_vars.mk/vendor_config_vars.mk/' \ sed 's/config_vars.mk/vendor_config_vars.mk/' \
$RPM_BUILD_ROOT%{_bindir}/apxs \ $RPM_BUILD_ROOT%{_bindir}/apxs \
@ -603,7 +615,6 @@ rm -rf $RPM_BUILD_ROOT/etc/httpd/conf/{original,extra}
%pre filesystem %pre filesystem
%sysusers_create_compat %{SOURCE49} %sysusers_create_compat %{SOURCE49}
%post %post
%systemd_post httpd.service htcacheclean.service httpd.socket %systemd_post httpd.service htcacheclean.service httpd.socket
@ -671,7 +682,6 @@ exit $rv
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-brotli.conf %config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-brotli.conf
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-systemd.conf %config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-systemd.conf
%{_libdir}/httpd/modules/mod_brotli.so %{_libdir}/httpd/modules/mod_brotli.so
%{_libdir}/httpd/modules/mod_systemd.so %{_libdir}/httpd/modules/mod_systemd.so
@ -681,7 +691,6 @@ exit $rv
%{_unitdir}/*.socket %{_unitdir}/*.socket
%files core %files core
%doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE %doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE
%doc docs/conf/extra/*.conf %doc docs/conf/extra/*.conf
%doc instance.conf server-status.conf %doc instance.conf server-status.conf
@ -691,6 +700,7 @@ exit $rv
%{_sysconfdir}/httpd/state %{_sysconfdir}/httpd/state
%{_sysconfdir}/httpd/run %{_sysconfdir}/httpd/run
%dir %{_sysconfdir}/httpd/conf %dir %{_sysconfdir}/httpd/conf
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf %config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
%config(noreplace) %{_sysconfdir}/httpd/conf/magic %config(noreplace) %{_sysconfdir}/httpd/conf/magic
@ -755,6 +765,7 @@ exit $rv
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd %attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy %attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
%files filesystem %files filesystem
%dir %{_sysconfdir}/httpd %dir %{_sysconfdir}/httpd
%dir %{_sysconfdir}/httpd/conf.d %dir %{_sysconfdir}/httpd/conf.d
@ -766,6 +777,7 @@ exit $rv
%dir %{contentdir}/icons %dir %{contentdir}/icons
%attr(755,root,root) %dir %{_unitdir}/httpd.service.d %attr(755,root,root) %dir %{_unitdir}/httpd.service.d
%attr(755,root,root) %dir %{_unitdir}/httpd.socket.d %attr(755,root,root) %dir %{_unitdir}/httpd.socket.d
%attr(755,root,root) %dir %{_sysconfdir}/systemd/system/httpd.service.d
%{_sysusersdir}/httpd.conf %{_sysusersdir}/httpd.conf
%files tools %files tools
@ -819,226 +831,242 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Sat Aug 03 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-1 * Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.4.62-4
- Rebuilt for MSVSphere 10
* Mon Aug 12 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-4
- Resolves: RHEL-50031 - httpd default config changes
* Thu Aug 08 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-3
- Resolves: RHEL-53632 - RFE: httpd, add IP_FREEBIND support for Listen
- Resolves: RHEL-53722 - [RFE] ProxyWebsocketIdleTimeout from
httpd mod_proxy_wstunnel
* Sat Aug 03 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-2
- Resolves: RHEL-52722 - Regression introduced by CVE-2024-38474 fix
* Fri Jul 19 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-1
- new version 2.4.62 - new version 2.4.62
- Resolves: RHEL-52724 - Regression introduced by CVE-2024-38474 fix - Resolves: RHEL-33446
* Wed Jul 03 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.61-1
- new version 2.4.61
- Resolves: RHEL-45753 - httpd: Potential SSRF in
mod_rewrite (CVE-2024-39573)
- Resolves: RHEL-45757 - httpd: null pointer dereference in
mod_proxy (CVE-2024-38477)
- Resolves: RHEL-45776 - httpd: Improper escaping of output in
mod_rewrite (CVE-2024-38475)
- Resolves: RHEL-45791 - httpd: Encoding problem in
mod_proxy (CVE-2024-38473)
- Resolves: RHEL-45811 - httpd: Substitution encoding issue in
mod_rewrite (CVE-2024-38474)
- Resolves: RHEL-46051 - httpd: Security issues via backend applications
whose response headers are malicious or exploitable (CVE-2024-38476)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.4.59-4.4
- Bump release for June 2024 mass rebuild
* Thu May 23 2024 Joe Orton <jorton@redhat.com> - 2.4.59-3.4
- mod_ssl: disable ENGINE support
Resolves: RHEL-33734
* Fri Jul 19 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.59-7 * Fri May 17 2024 Joe Orton <jorton@redhat.com> - 2.4.59-3.2
- Resolves: RHEL-49856: htcacheclean.service missing [Install] section - mod_ssl: use SSL_OP_NO_RENEGOTIATION
* Thu May 30 2024 Joe Orton <jorton@redhat.com> - 2.4.59-6 * Fri May 3 2024 Joe Orton <jorton@redhat.com> - 2.4.59-3.1
- mod_ssl: restore SSL_OP_NO_RENEGOTIATE support - apachectl(8): use BUG_REPORT_URL from /etc/os-release
Related: RHEL-14668 - apachectl(8): fix grammar (#2278748)
- httpd.service.xml(8): mention ProtectSystem= setting
* Tue May 21 2024 Joe Orton <jorton@redhat.com> - 2.4.59-5 * Wed May 1 2024 Joe Orton <jorton@redhat.com> - 2.4.59-3
- mod_ssl: defer ENGINE_finish() calls to a cleanup - add ServerTokens: Full-Release support
Resolves: RHEL-36755
* Mon May 20 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.59-4 * Mon Apr 15 2024 Joe Orton <jorton@redhat.com> - 2.4.59-2
- Resolves: RHEL-6575 - [RFE] httpd use systemd-sysusers - mod_ssl: add DH param handling fix (r1916863)
* Wed May 08 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.59-3 * Fri Apr 5 2024 Joe Orton <jorton@redhat.com> - 2.4.59-1
- Related: RHEL-14668 - RFE: httpd rebase to 2.4.59 - update to 2.4.59
* Wed May 8 2024 Joe Orton <jorton@redhat.com> - 2.4.59-2 * Thu Mar 28 2024 Joe Orton <jorton@redhat.com> - 2.4.58-8
- Resolves: RHEL-35870 - httpd mod_cgi/cgid unification - rebuild to fix changelog ordering
* Fri May 03 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.59-1 * Thu Mar 7 2024 Rahul Sundaram <sundaram@fedoraproject.org> - 2.4.58-7
- new version 2.4.59 - Update Systemd security settings as part of https://fedoraproject.org/wiki/Changes/SystemdSecurityHardening
- Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59 - updated httpd.service(5) (Joe Orton)
- Resolves: RHEL-31856 - httpd: HTTP response splitting
(CVE-2023-38709)
- Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple
modules (CVE-2024-24795)
* Wed Feb 7 2024 Joe Orton <jorton@redhat.com> - 2.4.57-8 * Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.58-6
- mod_xml2enc: fix media type handling - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
Resolves: RHEL-17686
- mod_dav: add DavBasePath
Resolves: RHEL-6600
* Mon Feb 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-7 * Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.58-5
- Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
vulnerability (CVE-2023-31122)
* Wed Oct 4 2023 Joe Orton <jorton@redhat.com> - 2.4.57-6 * Fri Jan 5 2024 Joe Orton <jorton@redhat.com> - 2.4.58-4
- Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType - fix OpenSSL 3.0 deprecation warnings (r1913912, r1915067)
- mod_dav_fs: add global mutex around lockdb interaction - mod_ssl: move to provider API for pkcs11 support (#2253014)
* Thu Jul 20 2023 Tomas Korbar <tkorbar@redhat.com> - 2.4.57-5 * Fri Dec 8 2023 Joe Orton <jorton@redhat.com> - 2.4.58-3
- Fix issue found by covscan - mod_dav_fs: add DAVLockDBType, use global lock around lockdb
- Related: #2222001 - fix build with libxml2 2.12
* Tue Jul 18 2023 Joe Orton <jorton@redhat.com> - 2.4.57-4 * Thu Nov 2 2023 Joe Orton <jorton@redhat.com> - 2.4.58-2
- Resolves: #2217726 - Make PROPFIND tolerant of deletion race - add dependency on apr-util-1(dbm) so a DBM provider is present
* Tue Jul 11 2023 Tomas Korbar <tkorbar@redhat.com> - 2.4.57-3 * Fri Oct 20 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.58-1
- Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice - new version 2.4.58
* Fri Apr 14 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-2 * Fri Oct 06 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-4
- Resolves: #2186645 - Fix issue found by covscan in httpd package - SPDX migration
- Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.57-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jul 5 2023 Joe Orton <jorton@redhat.com> - 2.4.57-2
- package /etc/systemd/httpd/httpd.service.d
- also sanitize LDFLAGS/CXXFLAGS in non-vendor config_vars.mk
* Tue Apr 11 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-1 * Tue Apr 11 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-1
- Resolves: #2184403 - rebase httpd to 2.4.57 - new version 2.4.57
- Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy
* Mon Jan 30 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-11
- Resolves: #2162500 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
of zero byte
- Resolves: #2162486 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2162510 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
smuggling
* Tue Jan 24 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-10
- Resolves: #2160667 - prevent sscg creating /dhparams.pem
* Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-9
- Resolves: #2143176 - Dependency from mod_http2 on httpd broken
* Tue Dec 06 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-8
- Resolves: #2151313 - reduce AH03408 log level from WARNING to INFO
* Wed Jul 20 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-7
- Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request
smuggling
- Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in
ap_strcmp_match()
- Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped
by hop-by-hop mechanism
- Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()
- Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody
- Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability
- Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure
with websockets
* Mon Jun 27 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-6
- Related: #2065677 - httpd minimisation for ubi-micro
* Fri Jun 24 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-5
- Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove()
* Thu Jun 16 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-4
- Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert()
* Wed Jun 01 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-3
- Resolves: #2065677 - httpd minimisation for ubi-micro
- minimize httpd dependencies (new httpd-core package)
- mod_systemd and mod_brotli are now packaged in the main httpd package
* Tue May 31 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-1
- new version 2.4.53
- Resolves: #2079939 - httpd rebase to 2.4.53
- Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending
with core
* Mon Apr 11 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-8 * Thu Mar 09 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.56-1
- Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using - new version 2.4.56
SetEnv or PassEnv
* Mon Mar 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-7 * Tue Mar 7 2023 Joe Orton <jorton@redhat.com> - 2.4.55-3
- Resolves: #2065251 - CVE-2022-22720 httpd: HTTP request smuggling - build and load mod_authnz_fcgi
vulnerability in Apache HTTP Server 2.4.52 and earlier
- Resolves: #2066311 - CVE-2021-44224 httpd: possible NULL dereference or SSRF
in forward proxy configurations
* Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-5 * Fri Feb 03 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.55-2
- Resolves: #2035064 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow - rebuilt with new apr/apr-util
when parsing multipart content
* Mon Dec 06 2021 Neal Gompa <ngompa@centosproject.org> - 2.4.51-4 * Wed Jan 25 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.55-1
- Use NAME from os-release(5) for vendor string - new version 2.4.55
Resolves: #2029071 - httpd on CentOS identifies as RHEL
* Fri Dec 3 2021 Joe Orton <jorton@redhat.com> - 2.4.51-3 * Tue Jan 24 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.54-12
- add fixes for static analyzer issues (#1938740) - prevent sscg writing /dhparams.pem
* Mon Nov 08 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-2 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.54-11
- Resolves: #2005416 - httpd default configuration changes - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Oct 19 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-1 * Tue Dec 20 2022 Joe Orton <jorton@redhat.com> - 2.4.54-10
- new version 2.4.51 (#2011090) - htcacheclean.service: add [Install] section, PrivateTmp=yes,
Environment=LANG=C (#2149714)
* Fri Sep 17 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.49-1 * Mon Dec 19 2022 Joe Orton <jorton@redhat.com> - 2.4.54-9
- new version 2.4.49 (#2005339) - move SELinux context logging to mod_systemd
* Wed Sep 15 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-18 * Mon Dec 19 2022 Joe Orton <jorton@redhat.com> - 2.4.54-8
- Resolves: #2004143 - RFE: mod_ssl: allow sending multiple CA names which - define _httpd_statedir macro
differ only in case
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.48-17 * Wed Nov 30 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.54-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - reduce AH03408 level to INFO in proxy_util.c
Related: rhbz#1991688
* Fri Aug 06 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-16 * Thu Oct 13 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.54-6
- Resolves: #1956386 - Apache trademark update - new logo - Provide a sysusers.d file to get user() and group() provides (#2134430)
* Fri Aug 6 2021 Florian Weimer <fweimer@redhat.com> - 2.4.48-14 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.54-5
- Rebuild to pick up new build flags from redhat-rpm-config (#1984652) - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jul 28 2021 Joe Orton <jorton@redhat.com> - 2.4.48-13 * Fri Jun 24 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.54-4
- mod_ssl: OpenSSL 3 compatibility update (#1986822) - fix downgrade/upgrade issues
- mod_ssl and other modules should depend only on httpd-core package
* Thu Jul 15 2021 Joe Orton <jorton@redhat.com> - 2.4.48-12 * Fri Jun 17 2022 Joe Orton <jorton@redhat.com> - 2.4.54-3
- mod_ssl: add SSLKEYLOGFILE support (#1982656) - update PCRE config selection
* Mon Jul 12 2021 Joe Orton <jorton@redhat.com> - 2.4.48-11 * Thu Jun 09 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.54-2
- mod_cgid: fix doubled script timeout (#1977234) - new version 2.4.54
* Fri Jul 9 2021 Joe Orton <jorton@redhat.com> - 2.4.48-10 * Mon May 16 2022 Joe Orton <jorton@redhat.com> - 2.4.53-7
- fix release in ServerTokens Full-Release (#1932442) - disable package notes
* Wed Jul 7 2021 Joe Orton <jorton@redhat.com> - 2.4.48-9 * Fri May 13 2022 Joe Orton <jorton@redhat.com> - 2.4.53-6
- use OOMPolicy=continue in httpd.service, httpd@.service (#1947475) - use %%set_build_flags macro
* Thu Jul 01 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-8 * Thu Apr 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-5
- Resolves: #1950021 - [RFE] Update httpd directive SSLProxyMachineCertificateFile - don't use bomb.gif icon for all files/dirs ending with core
to be able to handle certs without matching private key
* Thu Jul 01 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-7 * Wed Apr 20 2022 Joe Orton <jorton@redhat.com> - 2.4.53-4
- Resolves: #1950011 - unorderly connection close when client attempts - switch to PCRE2 for new releases
renegotiation
* Thu Jul 01 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-6 * Thu Apr 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-3
- Resolves: #1932442 - "ServerTokens Full-Release" support - Related: #2070517 - fix issue when mod_systemd is not loaded
* Fri Jun 25 2021 Joe Orton <jorton@redhat.com> - 2.4.48-5 * Wed Mar 30 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-2
- mod_ssl: fix loading encrypted privkeys with OpenSSL 3.0 (#1976080) - Resolves: #2070517 - Allow install httpd with smaller footprint
- try to minimize httpd dependencies (new httpd-core package)
- mod_systemd and mod_brotli are now in the main httpd package
* Fri Jun 25 2021 Joe Orton <jorton@redhat.com> - 2.4.48-4 * Thu Mar 17 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-1
- add OpenSSL v3 compatibility fixes (#1975201) - new version 2.4.53
- fixes CVE-2022-23943, CVE-2022-22721, CVE-2022-22720 and CVE-2022-22719
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.48-3 * Tue Feb 1 2022 Joe Orton <jorton@redhat.com> - 2.4.52-5
- Rebuilt for RHEL 9 BETA for openssl 3.0 - rebuild for new OpenLDAP (#2032699)
Related: rhbz#1971065
* Tue Jun 08 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-2 * Mon Jan 31 2022 Joe Orton <jorton@redhat.com> - 2.4.52-4
- Resolves: #1947099 - centralizing default index.html for httpd - add libtool to Requires: for httpd-devel (#2048281)
* Wed Jun 02 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-1 * Fri Jan 28 2022 Joe Orton <jorton@redhat.com> - 2.4.52-3
- new version 2.4.48 - use LIBTOOL=/usr/bin/libtool in the non-vendor config_vars.mk
- Resolves: #1952817 - rebase to 2.4.48
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.52-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Dec 22 2021 Joe Orton <jorton@redhat.com> - 2.4.52-1
- update to 2.4.52
* Wed May 26 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.46-15 * Mon Dec 06 2021 Neal Gompa <ngompa@fedoraproject.org> - 2.4.51-3
- Resolves: #1949606 - RFE: httpd, add IP_FREEBIND support for Listen - Use NAME from os-release(5) for vendor string
Related: #2029071 - httpd on CentOS identifies as RHEL
* Tue Oct 12 2021 Joe Orton <jorton@redhat.com> - 2.4.51-2
- mod_ssl: updated patch for OpenSSL 3.0 compatibility (#2007178)
- mod_deflate/core: add two brigade handling correctness fixes
* Thu Oct 07 2021 Patrick Uiterwijk <patrick@puiterwijk.org> - 2.4.51-1
- new version 2.4.51
* Tue Oct 05 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.50-1
- new version 2.4.50
* Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.49-3
- Rebuilt for CI testing
* Thu Sep 16 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.49-1
- new version 2.4.49 (#2004776)
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.4.48-8
- Rebuilt with OpenSSL 3.0.0
* Wed May 19 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-14 * Fri Aug 06 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-7
- Resolves: #1949969 - httpd : mod_proxy should allow to specify - add symlink to system logo for noindex test page
Proxy-Authorization in ProxyRemote directive
* Thu Apr 22 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-13 * Fri Aug 6 2021 Joe Orton <jorton@redhat.com> - 2.4.48-4
- Resolves: #1952546 - mod_proxy_wstunnel.html is a malformed XML - add OpenSSL 3.x compatibility patch
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.46-12 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.48-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Apr 13 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-11 * Fri Jul 16 2021 Joe Orton <jorton@redhat.com> - 2.4.48-2
- Resolves: #1947496 - [RFE] ProxyWebsocketIdleTimeout from httpd mod_proxy_wstunnel - mod_cgi/mod_cgid: update to unification from trunk
- httpd.conf: add note on care with Listen and starting at boot
* Wed Mar 31 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-10 * Wed Jun 02 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-1
- new version 2.4.48
- Resolves: #1964746 - httpd-2.4.48 is available
* Mon May 03 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-13
- Related: #1934739 - Apache trademark update - new logo
* Fri Apr 9 2021 Joe Orton <jorton@redhat.com> - 2.4.46-12
- use OOMPolicy=continue in httpd.service, httpd@.service (#1947475)
* Wed Mar 31 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-11
- Resolves: #1934739 - Apache trademark update - new logo - Resolves: #1934739 - Apache trademark update - new logo
* Tue Feb 23 2021 Joe Orton <jorton@redhat.com> - 2.4.46-10
- add Conflicts: with mod_nss
- drop use of apr_ldap_rebind (r1878890, #1847585)
* Mon Feb 01 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-9 * Mon Feb 01 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-9
- Resolves: #1914182 - RFE: CustomLog should be able to use journald - Resolves: #1914182 - RFE: CustomLog should be able to use journald

Write Preview
Loading…
Cancel
Save