Compare commits

...

No commits in common. 'i10c-beta' and 'c9' have entirely different histories.

@ -15,7 +15,6 @@ LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_socache_module modules/mod_authn_socache.so LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_dbd_module modules/mod_authz_dbd.so LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_dbm_module modules/mod_authz_dbm.so

@ -4,6 +4,7 @@
# #
#LoadModule asis_module modules/mod_asis.so #LoadModule asis_module modules/mod_asis.so
#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
#LoadModule buffer_module modules/mod_buffer.so #LoadModule buffer_module modules/mod_buffer.so
#LoadModule heartbeat_module modules/mod_heartbeat.so #LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so #LoadModule heartmonitor_module modules/mod_heartmonitor.so

@ -5,7 +5,6 @@
]> ]>
<!-- <!--
Copyright 2020 Red Hat, Inc. Copyright 2020 Red Hat, Inc.
Copyright 2018 Frank Dana
Licensed to the Apache Software Foundation (ASF) under one or more Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with contributor license agreements. See the NOTICE file distributed with
@ -71,7 +70,7 @@
<para>The version of <command>apachectl</command> used on this <para>The version of <command>apachectl</command> used on this
system is a replacement script intended to be mostly (but not system is a replacement script intended to be mostly (but not
completely) compatible with the version provided with completely) compatible with version provided with
<emphasis>Apache httpd</emphasis>. This <emphasis>Apache httpd</emphasis>. This
<command>apachectl</command> mostly acts as a wrapper around <command>apachectl</command> mostly acts as a wrapper around
<command>systemctl</command> and manipulates the <command>systemctl</command> and manipulates the
@ -161,7 +160,7 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><option>configtest</option> | <option>-t</option></term> <term><option>configtest</option></term>
<listitem> <listitem>
<para>Run a configuration file syntax test. It parses the configuration <para>Run a configuration file syntax test. It parses the configuration
files and either reports <literal>Syntax OK</literal> files and either reports <literal>Syntax OK</literal>
@ -174,7 +173,7 @@
<refsect1 id='bugs'> <refsect1 id='bugs'>
<title>Bugs</title> <title>Bugs</title>
<para>Please report bugs by filing an issue in @BUG_REPORT_URL@.</para> <para>Please report bugs by filing an issue in Bugzilla via <ulink url='https://bugzilla.redhat.com/'/>.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>

@ -1,6 +1,3 @@
Upstream-Status: local customisation
diff --git a/support/apxs.in b/support/apxs.in diff --git a/support/apxs.in b/support/apxs.in
index b2705fa..c331631 100644 index b2705fa..c331631 100644
--- a/support/apxs.in --- a/support/apxs.in

@ -1,6 +1,3 @@
Upstream-Status: local customisation
diff --git a/server/core.c b/server/core.c diff --git a/server/core.c b/server/core.c
index 79b2a82..dc0f17a 100644 index 79b2a82..dc0f17a 100644
--- a/server/core.c --- a/server/core.c

@ -1,5 +1,12 @@
Reduce size of httpd binary by telling linker to export all symbols
from libmain.a, rather than bloating the symbol table with ap_hack_*
to do so indirectly.
Upstream: https://svn.apache.org/r1861685 (as new default-off configure option)
diff --git a/Makefile.in b/Makefile.in diff --git a/Makefile.in b/Makefile.in
index bd8045c..d6733a5 100644 index 40c7076..ac98e5f 100644
--- a/Makefile.in --- a/Makefile.in
+++ b/Makefile.in +++ b/Makefile.in
@@ -4,8 +4,15 @@ CLEAN_SUBDIRS = test @@ -4,8 +4,15 @@ CLEAN_SUBDIRS = test
@ -33,10 +40,10 @@ index 8111877..f00bb3f 100644
eoc_bucket.c eor_bucket.c core_filters.c \ eoc_bucket.c eor_bucket.c core_filters.c \
util_expr_parse.c util_expr_scan.c util_expr_eval.c util_expr_parse.c util_expr_scan.c util_expr_eval.c
diff --git a/server/main.c b/server/main.c diff --git a/server/main.c b/server/main.c
index 7da7aa2..e63d2eb 100644 index 62e06df..17c09ee 100644
--- a/server/main.c --- a/server/main.c
+++ b/server/main.c +++ b/server/main.c
@@ -857,17 +857,3 @@ int main(int argc, const char * const argv[]) @@ -835,17 +835,3 @@ int main(int argc, const char * const argv[])
return !OK; return !OK;
} }

@ -1,6 +1,8 @@
--- httpd-2.4.59/server/core.c.full-release diff --git a/server/core.c b/server/core.c
+++ httpd-2.4.59/server/core.c index c36ff26..621c82a 100644
@@ -3586,6 +3586,7 @@ --- a/server/core.c
+++ b/server/core.c
@@ -3569,6 +3569,7 @@ enum server_token_type {
SrvTk_MINIMAL, /* eg: Apache/2.0.41 */ SrvTk_MINIMAL, /* eg: Apache/2.0.41 */
SrvTk_OS, /* eg: Apache/2.0.41 (UNIX) */ SrvTk_OS, /* eg: Apache/2.0.41 (UNIX) */
SrvTk_FULL, /* eg: Apache/2.0.41 (UNIX) PHP/4.2.2 FooBar/1.2b */ SrvTk_FULL, /* eg: Apache/2.0.41 (UNIX) PHP/4.2.2 FooBar/1.2b */
@ -8,7 +10,7 @@
SrvTk_PRODUCT_ONLY /* eg: Apache */ SrvTk_PRODUCT_ONLY /* eg: Apache */
}; };
static enum server_token_type ap_server_tokens = SrvTk_FULL; static enum server_token_type ap_server_tokens = SrvTk_FULL;
@@ -3662,7 +3663,10 @@ @@ -3645,7 +3646,10 @@ static void set_banner(apr_pool_t *pconf)
else if (ap_server_tokens == SrvTk_MAJOR) { else if (ap_server_tokens == SrvTk_MAJOR) {
ap_add_version_component(pconf, AP_SERVER_BASEPRODUCT "/" AP_SERVER_MAJORVERSION); ap_add_version_component(pconf, AP_SERVER_BASEPRODUCT "/" AP_SERVER_MAJORVERSION);
} }
@ -20,7 +22,7 @@
ap_add_version_component(pconf, AP_SERVER_BASEVERSION " (" PLATFORM ")"); ap_add_version_component(pconf, AP_SERVER_BASEVERSION " (" PLATFORM ")");
} }
@@ -3670,7 +3674,7 @@ @@ -3653,7 +3657,7 @@ static void set_banner(apr_pool_t *pconf)
* Lock the server_banner string if we're not displaying * Lock the server_banner string if we're not displaying
* the full set of tokens * the full set of tokens
*/ */
@ -29,7 +31,7 @@
banner_locked++; banner_locked++;
} }
server_description = AP_SERVER_BASEVERSION " (" PLATFORM ")"; server_description = AP_SERVER_BASEVERSION " (" PLATFORM ")";
@@ -3703,8 +3707,11 @@ @@ -3686,8 +3690,11 @@ static const char *set_serv_tokens(cmd_parms *cmd, void *dummy,
else if (!ap_cstr_casecmp(arg, "Full")) { else if (!ap_cstr_casecmp(arg, "Full")) {
ap_server_tokens = SrvTk_FULL; ap_server_tokens = SrvTk_FULL;
} }

@ -1,8 +1,8 @@
diff --git a/docs/manual/mod/mod_proxy_wstunnel.html.en b/docs/manual/mod/mod_proxy_wstunnel.html.en diff --git a/docs/manual/mod/mod_proxy_wstunnel.html.en b/docs/manual/mod/mod_proxy_wstunnel.html.en
index c5004b8..a0ae3c8 100644 index 9f2c120..61ff7de 100644
--- a/docs/manual/mod/mod_proxy_wstunnel.html.en --- a/docs/manual/mod/mod_proxy_wstunnel.html.en
+++ b/docs/manual/mod/mod_proxy_wstunnel.html.en +++ b/docs/manual/mod/mod_proxy_wstunnel.html.en
@@ -96,6 +96,7 @@ WebSocket always happens. @@ -83,6 +83,7 @@ in the response <code>Upgrade</code></p>
<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><h3 class="directives">Directives</h3> <div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><h3 class="directives">Directives</h3>
<ul id="toc"> <ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#proxywebsocketfallbacktoproxyhttp">ProxyWebsocketFallbackToProxyHttp</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#proxywebsocketfallbacktoproxyhttp">ProxyWebsocketFallbackToProxyHttp</a></li>
@ -10,7 +10,7 @@ index c5004b8..a0ae3c8 100644
</ul> </ul>
<h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&amp;list_id=144532&amp;product=Apache%20httpd-2&amp;query_format=specific&amp;order=changeddate%20DESC%2Cpriority%2Cbug_severity&amp;component=mod_proxy_wstunnel">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&amp;component=mod_proxy_wstunnel">Report a bug</a></li></ul><h3>See also</h3> <h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&amp;list_id=144532&amp;product=Apache%20httpd-2&amp;query_format=specific&amp;order=changeddate%20DESC%2Cpriority%2Cbug_severity&amp;component=mod_proxy_wstunnel">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&amp;component=mod_proxy_wstunnel">Report a bug</a></li></ul><h3>See also</h3>
<ul class="seealso"> <ul class="seealso">
@@ -121,6 +122,23 @@ WebSocket always happens. @@ -108,6 +109,23 @@ in the response <code>Upgrade</code></p>
WebSocket requests as in httpd 2.4.46 and earlier.</p> WebSocket requests as in httpd 2.4.46 and earlier.</p>
</div> </div>
@ -35,7 +35,7 @@ index c5004b8..a0ae3c8 100644
<div class="bottomlang"> <div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_proxy_wstunnel.html" title="English">&nbsp;en&nbsp;</a> | <p><span>Available Languages: </span><a href="../en/mod/mod_proxy_wstunnel.html" title="English">&nbsp;en&nbsp;</a> |
diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c
index 30ba1b4..e27e6f8 100644 index bcbba42..c29ded1 100644
--- a/modules/proxy/mod_proxy_wstunnel.c --- a/modules/proxy/mod_proxy_wstunnel.c
+++ b/modules/proxy/mod_proxy_wstunnel.c +++ b/modules/proxy/mod_proxy_wstunnel.c
@@ -22,6 +22,7 @@ module AP_MODULE_DECLARE_DATA proxy_wstunnel_module; @@ -22,6 +22,7 @@ module AP_MODULE_DECLARE_DATA proxy_wstunnel_module;
@ -46,7 +46,7 @@ index 30ba1b4..e27e6f8 100644
} proxyws_dir_conf; } proxyws_dir_conf;
static int can_fallback_to_proxy_http; static int can_fallback_to_proxy_http;
@@ -176,6 +177,8 @@ static int proxy_wstunnel_request(apr_pool_t *p, request_rec *r, @@ -152,6 +153,8 @@ static int proxy_wstunnel_request(apr_pool_t *p, request_rec *r,
conn_rec *c = r->connection; conn_rec *c = r->connection;
apr_socket_t *sock = conn->sock; apr_socket_t *sock = conn->sock;
conn_rec *backconn = conn->connection; conn_rec *backconn = conn->connection;
@ -55,7 +55,7 @@ index 30ba1b4..e27e6f8 100644
char *buf; char *buf;
apr_bucket_brigade *header_brigade; apr_bucket_brigade *header_brigade;
apr_bucket *e; apr_bucket *e;
@@ -253,10 +256,13 @@ static int proxy_wstunnel_request(apr_pool_t *p, request_rec *r, @@ -229,10 +232,13 @@ static int proxy_wstunnel_request(apr_pool_t *p, request_rec *r,
c->keepalive = AP_CONN_CLOSE; c->keepalive = AP_CONN_CLOSE;
do { /* Loop until done (one side closes the connection, or an error) */ do { /* Loop until done (one side closes the connection, or an error) */
@ -70,7 +70,7 @@ index 30ba1b4..e27e6f8 100644
} }
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(02444) "error apr_poll()"); ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(02444) "error apr_poll()");
return HTTP_INTERNAL_SERVER_ERROR; return HTTP_INTERNAL_SERVER_ERROR;
@@ -442,11 +448,26 @@ cleanup: @@ -418,11 +424,26 @@ cleanup:
return status; return status;
} }
@ -97,7 +97,7 @@ index 30ba1b4..e27e6f8 100644
new->fallback_to_proxy_http = 1; new->fallback_to_proxy_http = 1;
return (void *) new; return (void *) new;
@@ -489,7 +510,8 @@ static const command_rec ws_proxy_cmds[] = @@ -465,7 +486,8 @@ static const command_rec ws_proxy_cmds[] =
proxyws_fallback_to_proxy_http, NULL, RSRC_CONF|ACCESS_CONF, proxyws_fallback_to_proxy_http, NULL, RSRC_CONF|ACCESS_CONF,
"whether to let mod_proxy_http handle the upgrade and tunneling, " "whether to let mod_proxy_http handle the upgrade and tunneling, "
"On by default"), "On by default"),

@ -1,6 +1,3 @@
Upstream-Status: in trunk, not proposed for 2.4.x
diff --git a/Makefile.in b/Makefile.in diff --git a/Makefile.in b/Makefile.in
index 6747aea..40c7076 100644 index 6747aea..40c7076 100644
--- a/Makefile.in --- a/Makefile.in

@ -1,64 +0,0 @@
Upstream-Status: in trunk not in 2.4.x
diff --git a/configure.in b/configure.in
index 74015ca..8c0ee10 100644
--- httpd-2.4.54/modules/arch/unix/config5.m4.selinux
+++ httpd-2.4.54/modules/arch/unix/config5.m4
@@ -23,6 +23,11 @@
AC_MSG_WARN([Your system does not support systemd.])
enable_systemd="no"
else
+ AC_CHECK_LIB(selinux, is_selinux_enabled, [
+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
+ APR_ADDTO(MOD_SYSTEMD_LDADD, [-lselinux])
+ ])
+
APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS])
fi
])
--- httpd-2.4.54/modules/arch/unix/mod_systemd.c.selinux
+++ httpd-2.4.54/modules/arch/unix/mod_systemd.c
@@ -35,6 +35,10 @@
#include <unistd.h>
#endif
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
APR_DECLARE_OPTIONAL_FN(int,
ap_find_systemd_socket, (process_rec *, apr_port_t));
@@ -70,6 +74,20 @@
return apr_psprintf(p, "%s port %u", addr, sa->port);
}
+#ifdef HAVE_SELINUX
+static void log_selinux_context(void)
+{
+ char *con;
+
+ if (is_selinux_enabled() && getcon(&con) == 0) {
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+ "SELinux policy enabled; "
+ "httpd running as context %s", con);
+ freecon(con);
+ }
+}
+#endif
+
/* Report the service is ready in post_config, which could be during
* startup or after a reload. The server could still hit a fatal
* startup error after this point during ap_run_mpm(), so this is
@@ -87,6 +105,10 @@
if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG)
return OK;
+#ifdef HAVE_SELINUX
+ log_selinux_context();
+#endif
+
for (lr = ap_listeners; lr; lr = lr->next) {
char *s = dump_listener(lr, ptemp);

@ -5,8 +5,6 @@ http://svn.apache.org/viewvc?view=revision&revision=1912718
http://svn.apache.org/viewvc?view=revision&revision=1913654 http://svn.apache.org/viewvc?view=revision&revision=1913654
http://svn.apache.org/viewvc?view=revision&revision=1914438 http://svn.apache.org/viewvc?view=revision&revision=1914438
Upstream-Status: in trunk, not proposed for 2.4.x
--- httpd-2.4.58/modules/dav/fs/config6.m4.r1912477+ --- httpd-2.4.58/modules/dav/fs/config6.m4.r1912477+
+++ httpd-2.4.58/modules/dav/fs/config6.m4 +++ httpd-2.4.58/modules/dav/fs/config6.m4
@@ -20,4 +20,10 @@ @@ -20,4 +20,10 @@

@ -0,0 +1,60 @@
diff --git a/configure.in b/configure.in
index 3932407..00e2369 100644
--- a/configure.in
+++ b/configure.in
@@ -531,6 +531,11 @@ gettid
dnl confirm that a void pointer is large enough to store a long integer
APACHE_CHECK_VOID_PTR_LEN
+AC_CHECK_LIB(selinux, is_selinux_enabled, [
+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
+ APR_ADDTO(HTTPD_LIBS, [-lselinux])
+])
+
if test $ac_cv_func_gettid = no; then
# On Linux before glibc 2.30, gettid() is only usable via syscall()
AC_CACHE_CHECK([for gettid() via syscall], ap_cv_gettid,
diff --git a/server/core.c b/server/core.c
index 8970a50..ff1024d 100644
--- a/server/core.c
+++ b/server/core.c
@@ -65,6 +65,10 @@
#include <unistd.h>
#endif
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
/* LimitRequestBody handling */
#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */
@@ -5170,6 +5174,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
}
#endif
+#ifdef HAVE_SELINUX
+ {
+ static int already_warned = 0;
+ int is_enabled = is_selinux_enabled() > 0;
+
+ if (is_enabled && !already_warned) {
+ security_context_t con;
+
+ if (getcon(&con) == 0) {
+
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+ "SELinux policy enabled; "
+ "httpd running as context %s", con);
+
+ already_warned = 1;
+
+ freecon(con);
+ }
+ }
+ }
+#endif
+
return OK;
}

@ -1,8 +1,8 @@
diff --git a/configure.in b/configure.in diff --git a/configure.in b/configure.in
index f8f9442..f276550 100644 index 7194de5..00e2369 100644
--- a/configure.in --- a/configure.in
+++ b/configure.in +++ b/configure.in
@@ -786,9 +786,9 @@ APACHE_SUBST(INSTALL_SUEXEC) @@ -843,9 +843,9 @@ APACHE_SUBST(INSTALL_SUEXEC)
dnl APR should go after the other libs, so the right symbols can be picked up dnl APR should go after the other libs, so the right symbols can be picked up
if test x${apu_found} != xobsolete; then if test x${apu_found} != xobsolete; then

@ -1,11 +0,0 @@
--- httpd-2.4.59/modules/ssl/ssl_private.h.no-engine
+++ httpd-2.4.59/modules/ssl/ssl_private.h
@@ -112,7 +112,7 @@
|| (defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL < 30000)) \
&& !defined(OPENSSL_NO_ENGINE)
#include <openssl/engine.h>
-#define MODSSL_HAVE_ENGINE_API 1
+#define MODSSL_HAVE_ENGINE_API 0
#endif
#ifndef MODSSL_HAVE_ENGINE_API
#define MODSSL_HAVE_ENGINE_API 0

@ -26,25 +26,8 @@ ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
# Send SIGWINCH for graceful stop # Send SIGWINCH for graceful stop
KillSignal=SIGWINCH KillSignal=SIGWINCH
KillMode=mixed KillMode=mixed
DevicePolicy=closed
KeyringMode=private
LockPersonality=yes
MemoryDenyWriteExecute=yes
OOMPolicy=continue
PrivateDevices=yes
PrivateTmp=true PrivateTmp=true
ProtectClock=yes OOMPolicy=continue
ProtectControlGroups=yes
ProtectHome=read-only
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=yes
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

@ -175,7 +175,7 @@ Wants=network-online.target</programlisting>
<para>System packages (including the httpd package itself) may <para>System packages (including the httpd package itself) may
restart the httpd service automatically after packages are restart the httpd service automatically after packages are
upgraded, installed, or removed. This is done using the upgraded, installed, or removed. This is done using the
<command>systemctl try-restart httpd.service</command> command, which <command>systemctl try-restart httpd.service</command>, which
stops then starts the service if it is running.</para> stops then starts the service if it is running.</para>
<para>To disable automatic restarts, create the file <para>To disable automatic restarts, create the file
@ -183,9 +183,8 @@ Wants=network-online.target</programlisting>
When <command>httpd</command> interfaces are added in an update, When <command>httpd</command> interfaces are added in an update,
it may not be safe to <emphasis>reload</emphasis> a running it may not be safe to <emphasis>reload</emphasis> a running
service after upgrading, if updated modules require interfaces service after upgrading, if updated modules require interfaces
only available in the updated <command>httpd</command> binary. only available in the updated httpd. It is recommended to allow
It is recommended to allow automatic restarts for this automatic restarts for this reason.</para>
reason.</para>
</refsect2> </refsect2>
<refsect2> <refsect2>
@ -231,16 +230,7 @@ Wants=network-online.target</programlisting>
<refsect2> <refsect2>
<title>Process policies and restrictions</title> <title>Process policies and restrictions</title>
<para>The <command>httpd.service</command> unit enables a <para>The httpd service uses the following options:
variety of sandboxing options. Many of these prevent the service
from changing the system configuration or attributes of the
kernel - such as <emphasis>ProtectClock</emphasis> and
<emphasis>ProtectKernelModules</emphasis>. See
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
and
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for more information on these options. Particular notice should
be taken of the following:
<itemizedlist> <itemizedlist>
<listitem><para><emphasis>PrivateTmp</emphasis> is enabled by <listitem><para><emphasis>PrivateTmp</emphasis> is enabled by
@ -256,21 +246,13 @@ Wants=network-online.target</programlisting>
the policy to <emphasis>continue</emphasis>, httpd will the policy to <emphasis>continue</emphasis>, httpd will
continue to run (and recover) if a single child is terminated continue to run (and recover) if a single child is terminated
because of excess memory consumption.</para></listitem> because of excess memory consumption.</para></listitem>
</itemizedlist>
<listitem><para><emphasis>ProtectHome</emphasis> is set to See
<emphasis>read-only</emphasis> by default. CGI scripts run via <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
<emphasis>UserDir</emphasis> will not be able modify any and
content in <filename>/home</filename> by <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
default.</para></listitem> for more information.</para>
<listitem><para><emphasis>ProtectSystem</emphasis> is set to
<emphasis>yes</emphasis> by default; this mounts various
system paths like <filename>/usr</filename> and
<filename>/boot</filename> as read-only by
default.</para></listitem>
</itemizedlist></para>
</refsect2> </refsect2>
<refsect2> <refsect2>

@ -19,25 +19,8 @@ ExecReload=/usr/sbin/httpd $OPTIONS -k graceful -f conf/%i.conf
# Send SIGWINCH for graceful stop # Send SIGWINCH for graceful stop
KillSignal=SIGWINCH KillSignal=SIGWINCH
KillMode=mixed KillMode=mixed
DevicePolicy=closed
KeyringMode=private
LockPersonality=yes
MemoryDenyWriteExecute=yes
OOMPolicy=continue
PrivateDevices=yes
PrivateTmp=true PrivateTmp=true
ProtectClock=yes OOMPolicy=continue
ProtectControlGroups=yes
ProtectHome=read-only
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=yes
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

@ -4,28 +4,16 @@
%define mmn 20120211 %define mmn 20120211
%define mmnisa %{mmn}%{__isa_name}%{__isa_bits} %define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
%define vstring %(source /etc/os-release; echo ${NAME}) %define vstring %(source /etc/os-release; echo ${NAME})
%define bugurl %(source /etc/os-release; echo ${BUG_REPORT_URL})
%if 0%{?fedora} > 26 || 0%{?rhel} > 7 %if 0%{?fedora} > 26 || 0%{?rhel} > 7
%global mpm event %global mpm event
%else %else
%global mpm prefork %global mpm prefork
%endif %endif
%if 0%{?fedora} > 35 || 0%{?rhel} > 9
%bcond_without pcre2
%bcond_with pcre
%else
%bcond_with pcre2
%bcond_without pcre
%endif
# Similar issue to https://bugzilla.redhat.com/show_bug.cgi?id=2043092
%undefine _package_note_flags
Summary: Apache HTTP Server Summary: Apache HTTP Server
Name: httpd Name: httpd
Version: 2.4.62 Version: 2.4.62
Release: 4%{?dist} Release: 1%{?dist}
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@ -77,60 +65,53 @@ Source48: apache-poweredby.png
Source49: httpd.sysusers Source49: httpd.sysusers
# build/scripts patches # build/scripts patches
Patch1: httpd-2.4.59-full-release.patch
Patch2: httpd-2.4.43-apxs.patch Patch2: httpd-2.4.43-apxs.patch
Patch3: httpd-2.4.43-deplibs.patch Patch3: httpd-2.4.59-deplibs.patch
# Needed for socket activation and mod_systemd patch # Needed for socket activation and mod_systemd patch
Patch19: httpd-2.4.53-detect-systemd.patch Patch19: httpd-2.4.53-detect-systemd.patch
# Features/functional changes # Features/functional changes
Patch20: httpd-2.4.48-r1842929+.patch Patch21: httpd-2.4.48-r1842929+.patch
Patch21: httpd-2.4.43-mod_systemd.patch Patch22: httpd-2.4.43-mod_systemd.patch
Patch22: httpd-2.4.53-export.patch Patch23: httpd-2.4.48-export.patch
Patch23: httpd-2.4.43-corelimit.patch Patch24: httpd-2.4.43-corelimit.patch
Patch24: httpd-2.4.54-icons.patch Patch25: httpd-2.4.57-selinux.patch
Patch25: httpd-2.4.43-cachehardmax.patch Patch26: httpd-2.4.53-icons.patch
Patch26: httpd-2.4.43-socket-activation.patch Patch27: httpd-2.4.43-cachehardmax.patch
Patch27: httpd-2.4.43-sslciphdefault.patch Patch28: httpd-2.4.62-socket-activation.patch
Patch29: httpd-2.4.43-sslprotdefault.patch Patch29: httpd-2.4.43-sslciphdefault.patch
Patch30: httpd-2.4.43-logjournal.patch Patch30: httpd-2.4.43-sslprotdefault.patch
Patch31: httpd-2.4.53-separate-systemd-fns.patch Patch31: httpd-2.4.43-logjournal.patch
Patch32: httpd-2.4.58-r1912477+.patch Patch32: httpd-2.4.48-proxy-ws-idle-timeout.patch
Patch33: httpd-2.4.54-selinux.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1949606 # https://bugzilla.redhat.com/show_bug.cgi?id=1949606
Patch34: httpd-2.4.62-freebind.patch Patch33: httpd-2.4.62-freebind.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1947496 # https://bugzilla.redhat.com/show_bug.cgi?id=2065677
Patch35: httpd-2.4.62-proxy-ws-idle-timeout.patch Patch34: httpd-2.4.53-separate-systemd-fns.patch
# https://issues.redhat.com/browse/RHEL-5071
Patch35: httpd-2.4.57-r1912477+.patch
# Bug fixes # Bug fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243 # https://bugzilla.redhat.com/show_bug.cgi?id=1397243
Patch60: httpd-2.4.43-enable-sslv3.patch Patch100: httpd-2.4.43-enable-sslv3.patch
Patch61: httpd-2.4.59-no-engine.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1932442
Patch101: httpd-2.4.48-full-release.patch
# https://bz.apache.org/bugzilla/show_bug.cgi?id=69197 # https://bz.apache.org/bugzilla/show_bug.cgi?id=69197
Patch62: httpd-2.4.62-r1919325.patch Patch102: httpd-2.4.62-r1919325.patch
# Security fixes # Security fixes
# Patch200: ... # https://bugzilla.redhat.com/show_bug.cgi?id=...
#
# https://bugzilla.redhat.com/show_bug.cgi?id=
# Patch200: httpd-2.4.X-CVE-XXXX-YYYYY.patch
# Apache-2.0: everything
# BSD-3-Clause: util_pcre.c, ap_regex.h
# metamail AND HPND-sell-variant:: server/util_md5.c:
# Spencer-94: modules/metadata/mod_mime_magic.c
License: Apache-2.0 AND (BSD-3-Clause AND metamail AND HPND-sell-variant AND Spencer-94)
License: ASL 2.0
BuildRequires: gcc, autoconf, pkgconfig, findutils, xmlto BuildRequires: gcc, autoconf, pkgconfig, findutils, xmlto
BuildRequires: perl-interpreter, perl-generators, systemd-devel BuildRequires: perl-interpreter, perl-generators, systemd-devel
BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel
BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0 BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
BuildRequires: openldap-devel
BuildRequires: systemd-rpm-macros
%if %{with pcre2}
BuildRequires: pcre2-devel
%endif
%if %{with pcre}
BuildRequires: pcre-devel > 5.0
%endif
BuildRequires: gnupg2 BuildRequires: gnupg2
Requires: system-logos(httpd-logo-ng) BuildRequires: systemd-rpm-macros
Requires: system-logos-httpd
Provides: webserver Provides: webserver
Requires: httpd-core = 0:%{version}-%{release} Requires: httpd-core = 0:%{version}-%{release}
Recommends: mod_http2, mod_lua Recommends: mod_http2, mod_lua
@ -148,12 +129,10 @@ Provides: mod_proxy_uwsgi = %{version}-%{release}
Requires: /etc/mime.types Requires: /etc/mime.types
Requires: httpd-tools = %{version}-%{release} Requires: httpd-tools = %{version}-%{release}
Requires: httpd-filesystem = %{version}-%{release} Requires: httpd-filesystem = %{version}-%{release}
%if 0%{?fedora} > 39 || 0%{?rhel} > 9
Requires: apr-util-1(dbm)%{_isa}
%endif
Requires(pre): httpd-filesystem Requires(pre): httpd-filesystem
Conflicts: apr < 1.5.0-1 Conflicts: apr < 1.5.0-1
Conflicts: httpd < 2.4.53-2 Conflicts: httpd < 2.4.53-3
Conflicts: mod_http2 < 1.15.19-3
Obsoletes: mod_proxy_uwsgi < 2.0.17.1-2 Obsoletes: mod_proxy_uwsgi < 2.0.17.1-2
%description core %description core
@ -161,8 +140,8 @@ The httpd-core package contains essential httpd binaries.
%package devel %package devel
Summary: Development interfaces for the Apache HTTP Server Summary: Development interfaces for the Apache HTTP Server
Requires: apr-devel, apr-util-devel, pkgconfig, libtool Requires: apr-devel, apr-util-devel, pkgconfig
Requires: httpd-core = 0:%{version}-%{release} Requires: httpd-core = %{version}-%{release}
%description devel %description devel
The httpd-devel package contains the APXS binary and other files The httpd-devel package contains the APXS binary and other files
@ -206,11 +185,9 @@ Epoch: 1
BuildRequires: openssl-devel BuildRequires: openssl-devel
Requires(pre): httpd-filesystem Requires(pre): httpd-filesystem
Requires: httpd-core = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} Requires: httpd-core = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
Requires: sscg >= 3.0.3, /usr/bin/hostname Requires: sscg >= 3.0.0-7, /usr/bin/hostname
# Require an OpenSSL which supports PROFILE=SYSTEM # Require an OpenSSL which supports PROFILE=SYSTEM
Conflicts: openssl-libs < 1:1.0.1h-4 Conflicts: openssl-libs < 1:1.0.1h-4
# mod_ssl/mod_nss cannot both be loaded simultaneously
Conflicts: mod_nss
%description -n mod_ssl %description -n mod_ssl
The mod_ssl module provides strong cryptography for the Apache HTTP The mod_ssl module provides strong cryptography for the Apache HTTP
@ -256,7 +233,31 @@ written in the Lua programming language.
%prep %prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p1 -S gendiff %setup -q
%patch2 -p1 -b .apxs
%patch3 -p1 -b .deplibs
%patch19 -p1 -b .detectsystemd
%patch21 -p1 -b .r1842929+
%patch22 -p1 -b .mod_systemd
%patch23 -p1 -b .export
%patch24 -p1 -b .corelimit
%patch25 -p1 -b .selinux
%patch26 -p1 -b .icons
%patch27 -p1 -b .cachehardmax
%patch28 -p1 -b .socketactivation
%patch29 -p1 -b .sslciphdefault
%patch30 -p1 -b .sslprotdefault
%patch31 -p1 -b .logjournal
%patch32 -p1 -b .proxy-ws-idle-timeout
%patch33 -p1 -b .freebind
%patch34 -p1 -b .separatesystemd
%patch35 -p1 -b .r1912477+
%patch100 -p1 -b .enable-sslv3
%patch101 -p1 -b .full-release
%patch102 -p1 -b .r1919325
# Patch in the vendor string # Patch in the vendor string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@ -296,16 +297,16 @@ s,@DOCROOT@,%{docroot},g
s,@LOGDIR@,%{_localstatedir}/log/httpd,g s,@LOGDIR@,%{_localstatedir}/log/httpd,g
' < $RPM_SOURCE_DIR/httpd.conf.xml \ ' < $RPM_SOURCE_DIR/httpd.conf.xml \
> httpd.conf.xml > httpd.conf.xml
sed 's|@BUG_REPORT_URL@|%{bugurl}|g' < $RPM_SOURCE_DIR/apachectl.xml > apachectl.xml
xmlto man ./httpd.conf.xml xmlto man ./httpd.conf.xml
xmlto man $RPM_SOURCE_DIR/htcacheclean.service.xml xmlto man $RPM_SOURCE_DIR/htcacheclean.service.xml
xmlto man $RPM_SOURCE_DIR/httpd.service.xml xmlto man $RPM_SOURCE_DIR/httpd.service.xml
xmlto man apachectl.xml
# apachectl.xml => apachectl.8
xmlto man %{SOURCE47}
: Building with MMN %{mmn}, MMN-ISA %{mmnisa} : Building with MMN %{mmn}, MMN-ISA %{mmnisa}
: Default MPM is %{mpm}, vendor string is '%{vstring}' : Default MPM is %{mpm}, vendor string is '%{vstring}'
: Regex Engine: PCRE=%{with pcre} PCRE2=%{with pcre2}
%build %build
# forcibly prevent use of bundled apr, apr-util, pcre # forcibly prevent use of bundled apr, apr-util, pcre
@ -318,7 +319,11 @@ autoheader && autoconf || exit 1
%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \ %{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \
support/apxs.in support/apxs.in
%set_build_flags export CFLAGS=$RPM_OPT_FLAGS
export LDFLAGS="-Wl,-z,relro,-z,now"
# Hard-code path to links to avoid unnecessary builddep
export LYNX_PATH=/usr/bin/links
# Build the daemon # Build the daemon
./configure \ ./configure \
@ -346,33 +351,22 @@ autoheader && autoconf || exit 1
--with-suexec-uidmin=1000 --with-suexec-gidmin=1000 \ --with-suexec-uidmin=1000 --with-suexec-gidmin=1000 \
--with-brotli \ --with-brotli \
--enable-pie \ --enable-pie \
%if %{with pcre2} --with-pcre=/usr/bin/pcre-config \
--with-pcre2=%{_bindir}/pcre2-config \
%endif
%if %{with pcre}
--with-pcre=%{_bindir}/pcre-config \
%endif
--enable-mods-shared=all \ --enable-mods-shared=all \
--enable-ssl --with-ssl --disable-distcache \ --enable-ssl --with-ssl --disable-distcache \
--enable-proxy --enable-proxy-fdpass \ --enable-proxy --enable-proxy-fdpass \
--enable-cache \ --enable-cache \
--enable-disk-cache \ --enable-disk-cache \
--enable-ldap --enable-authnz-ldap \ --enable-ldap --enable-authnz-ldap \
--enable-cgid --enable-cgi --enable-authnz-fcgi \ --enable-cgid --enable-cgi \
--enable-cgid-fdpassing \ --enable-cgid-fdpassing \
--enable-authn-anon --enable-authn-alias \ --enable-authn-anon --enable-authn-alias \
--enable-authnz-fcgi \
--enable-systemd \ --enable-systemd \
--disable-imagemap --disable-file-cache \ --disable-imagemap --disable-file-cache \
--disable-http2 \ --disable-http2 \
--disable-md \ --disable-md \
$* $*
if grep -q ac_cv_have_threadsafe_pollset=no config.log; then
cat config.log
: Failed to find thread-safe APR.
exit 1
fi
%make_build %make_build
%install %install
@ -411,9 +405,8 @@ touch -r $RPM_SOURCE_DIR/00-mpm.conf \
# install systemd override drop directory # install systemd override drop directory
# Web application packages can drop snippets into this location if # Web application packages can drop snippets into this location if
# they need ExecStart[pre|post]. # they need ExecStart[pre|post].
mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d \ mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d
$RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/httpd.service.d
install -m 644 -p $RPM_SOURCE_DIR/10-listen443.conf \ install -m 644 -p $RPM_SOURCE_DIR/10-listen443.conf \
$RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d/10-listen443.conf $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d/10-listen443.conf
@ -478,7 +471,6 @@ cat > $RPM_BUILD_ROOT%{_rpmconfigdir}/macros.d/macros.httpd <<EOF
%%_httpd_contentdir %{contentdir} %%_httpd_contentdir %{contentdir}
%%_httpd_moddir %%{_libdir}/httpd/modules %%_httpd_moddir %%{_libdir}/httpd/modules
%%_httpd_requires Requires: httpd-mmn = %%{_httpd_mmn} %%_httpd_requires Requires: httpd-mmn = %%{_httpd_mmn}
%%_httpd_statedir %%{_localstatedir}/lib/httpd
EOF EOF
# Handle contentdir # Handle contentdir
@ -514,10 +506,9 @@ ln -s ../../pixmaps/poweredby.png \
$RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
# Symlink for the system logo # Symlink for the system logo
%if 0%{?rhel} >= 9
ln -s ../../pixmaps/system-noindex-logo.png \ ln -s ../../pixmaps/system-noindex-logo.png \
$RPM_BUILD_ROOT%{contentdir}/icons/system_noindex_logo.png $RPM_BUILD_ROOT%{contentdir}/icons/system_noindex_logo.png
%endif
# symlinks for /etc/httpd # symlinks for /etc/httpd
rmdir $RPM_BUILD_ROOT/etc/httpd/{state,run} rmdir $RPM_BUILD_ROOT/etc/httpd/{state,run}
@ -581,12 +572,9 @@ sed -i '/instdso/s,top_srcdir,top_builddir,' \
cp -p $RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk \ cp -p $RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk \
$RPM_BUILD_ROOT%{_libdir}/httpd/build/vendor_config_vars.mk $RPM_BUILD_ROOT%{_libdir}/httpd/build/vendor_config_vars.mk
# Sanitize CFLAGS & LIBTOOL in standard config_vars.mk # Sanitize CFLAGS in standard config_vars.mk
sed -e '/^[A-Z]*FLAGS = /s,-specs[^ ]*,,g' \ sed '/^CFLAGS/s,=.*$,= -O2 -g -Wall,' \
-e '/^LIBTOOL/s,/.*/libtool,%{_bindir}/libtool,' \
-i $RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk -i $RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk
diff -u $RPM_BUILD_ROOT%{_libdir}/httpd/build/vendor_config_vars.mk \
$RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk || true
sed 's/config_vars.mk/vendor_config_vars.mk/' \ sed 's/config_vars.mk/vendor_config_vars.mk/' \
$RPM_BUILD_ROOT%{_bindir}/apxs \ $RPM_BUILD_ROOT%{_bindir}/apxs \
@ -615,6 +603,7 @@ rm -rf $RPM_BUILD_ROOT/etc/httpd/conf/{original,extra}
%pre filesystem %pre filesystem
%sysusers_create_compat %{SOURCE49} %sysusers_create_compat %{SOURCE49}
%post %post
%systemd_post httpd.service htcacheclean.service httpd.socket %systemd_post httpd.service htcacheclean.service httpd.socket
@ -682,6 +671,7 @@ exit $rv
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-brotli.conf %config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-brotli.conf
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-systemd.conf %config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-systemd.conf
%{_libdir}/httpd/modules/mod_brotli.so %{_libdir}/httpd/modules/mod_brotli.so
%{_libdir}/httpd/modules/mod_systemd.so %{_libdir}/httpd/modules/mod_systemd.so
@ -691,6 +681,7 @@ exit $rv
%{_unitdir}/*.socket %{_unitdir}/*.socket
%files core %files core
%doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE %doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE
%doc docs/conf/extra/*.conf %doc docs/conf/extra/*.conf
%doc instance.conf server-status.conf %doc instance.conf server-status.conf
@ -700,7 +691,6 @@ exit $rv
%{_sysconfdir}/httpd/state %{_sysconfdir}/httpd/state
%{_sysconfdir}/httpd/run %{_sysconfdir}/httpd/run
%dir %{_sysconfdir}/httpd/conf %dir %{_sysconfdir}/httpd/conf
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf %config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
%config(noreplace) %{_sysconfdir}/httpd/conf/magic %config(noreplace) %{_sysconfdir}/httpd/conf/magic
@ -765,7 +755,6 @@ exit $rv
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd %attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy %attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
%files filesystem %files filesystem
%dir %{_sysconfdir}/httpd %dir %{_sysconfdir}/httpd
%dir %{_sysconfdir}/httpd/conf.d %dir %{_sysconfdir}/httpd/conf.d
@ -777,7 +766,6 @@ exit $rv
%dir %{contentdir}/icons %dir %{contentdir}/icons
%attr(755,root,root) %dir %{_unitdir}/httpd.service.d %attr(755,root,root) %dir %{_unitdir}/httpd.service.d
%attr(755,root,root) %dir %{_unitdir}/httpd.socket.d %attr(755,root,root) %dir %{_unitdir}/httpd.socket.d
%attr(755,root,root) %dir %{_sysconfdir}/systemd/system/httpd.service.d
%{_sysusersdir}/httpd.conf %{_sysusersdir}/httpd.conf
%files tools %files tools
@ -831,242 +819,226 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.4.62-4 * Sat Aug 03 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-1
- Rebuilt for MSVSphere 10
* Mon Aug 12 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-4
- Resolves: RHEL-50031 - httpd default config changes
* Thu Aug 08 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-3
- Resolves: RHEL-53632 - RFE: httpd, add IP_FREEBIND support for Listen
- Resolves: RHEL-53722 - [RFE] ProxyWebsocketIdleTimeout from
httpd mod_proxy_wstunnel
* Sat Aug 03 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-2
- Resolves: RHEL-52722 - Regression introduced by CVE-2024-38474 fix
* Fri Jul 19 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-1
- new version 2.4.62 - new version 2.4.62
- Resolves: RHEL-33446 - Resolves: RHEL-52724 - Regression introduced by CVE-2024-38474 fix
* Wed Jul 03 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.61-1
- new version 2.4.61
- Resolves: RHEL-45753 - httpd: Potential SSRF in
mod_rewrite (CVE-2024-39573)
- Resolves: RHEL-45757 - httpd: null pointer dereference in
mod_proxy (CVE-2024-38477)
- Resolves: RHEL-45776 - httpd: Improper escaping of output in
mod_rewrite (CVE-2024-38475)
- Resolves: RHEL-45791 - httpd: Encoding problem in
mod_proxy (CVE-2024-38473)
- Resolves: RHEL-45811 - httpd: Substitution encoding issue in
mod_rewrite (CVE-2024-38474)
- Resolves: RHEL-46051 - httpd: Security issues via backend applications
whose response headers are malicious or exploitable (CVE-2024-38476)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.4.59-4.4
- Bump release for June 2024 mass rebuild
* Thu May 23 2024 Joe Orton <jorton@redhat.com> - 2.4.59-3.4
- mod_ssl: disable ENGINE support
Resolves: RHEL-33734
* Fri May 17 2024 Joe Orton <jorton@redhat.com> - 2.4.59-3.2 * Fri Jul 19 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.59-7
- mod_ssl: use SSL_OP_NO_RENEGOTIATION - Resolves: RHEL-49856: htcacheclean.service missing [Install] section
* Fri May 3 2024 Joe Orton <jorton@redhat.com> - 2.4.59-3.1 * Thu May 30 2024 Joe Orton <jorton@redhat.com> - 2.4.59-6
- apachectl(8): use BUG_REPORT_URL from /etc/os-release - mod_ssl: restore SSL_OP_NO_RENEGOTIATE support
- apachectl(8): fix grammar (#2278748) Related: RHEL-14668
- httpd.service.xml(8): mention ProtectSystem= setting
* Wed May 1 2024 Joe Orton <jorton@redhat.com> - 2.4.59-3 * Tue May 21 2024 Joe Orton <jorton@redhat.com> - 2.4.59-5
- add ServerTokens: Full-Release support - mod_ssl: defer ENGINE_finish() calls to a cleanup
Resolves: RHEL-36755
* Mon Apr 15 2024 Joe Orton <jorton@redhat.com> - 2.4.59-2 * Mon May 20 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.59-4
- mod_ssl: add DH param handling fix (r1916863) - Resolves: RHEL-6575 - [RFE] httpd use systemd-sysusers
* Fri Apr 5 2024 Joe Orton <jorton@redhat.com> - 2.4.59-1 * Wed May 08 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.59-3
- update to 2.4.59 - Related: RHEL-14668 - RFE: httpd rebase to 2.4.59
* Thu Mar 28 2024 Joe Orton <jorton@redhat.com> - 2.4.58-8 * Wed May 8 2024 Joe Orton <jorton@redhat.com> - 2.4.59-2
- rebuild to fix changelog ordering - Resolves: RHEL-35870 - httpd mod_cgi/cgid unification
* Thu Mar 7 2024 Rahul Sundaram <sundaram@fedoraproject.org> - 2.4.58-7 * Fri May 03 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.59-1
- Update Systemd security settings as part of https://fedoraproject.org/wiki/Changes/SystemdSecurityHardening - new version 2.4.59
- updated httpd.service(5) (Joe Orton) - Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59
- Resolves: RHEL-31856 - httpd: HTTP response splitting
(CVE-2023-38709)
- Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple
modules (CVE-2024-24795)
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.58-6 * Wed Feb 7 2024 Joe Orton <jorton@redhat.com> - 2.4.57-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - mod_xml2enc: fix media type handling
Resolves: RHEL-17686
- mod_dav: add DavBasePath
Resolves: RHEL-6600
* Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.58-5 * Mon Feb 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read
vulnerability (CVE-2023-31122)
* Fri Jan 5 2024 Joe Orton <jorton@redhat.com> - 2.4.58-4 * Wed Oct 4 2023 Joe Orton <jorton@redhat.com> - 2.4.57-6
- fix OpenSSL 3.0 deprecation warnings (r1913912, r1915067) - Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType
- mod_ssl: move to provider API for pkcs11 support (#2253014) - mod_dav_fs: add global mutex around lockdb interaction
* Fri Dec 8 2023 Joe Orton <jorton@redhat.com> - 2.4.58-3 * Thu Jul 20 2023 Tomas Korbar <tkorbar@redhat.com> - 2.4.57-5
- mod_dav_fs: add DAVLockDBType, use global lock around lockdb - Fix issue found by covscan
- fix build with libxml2 2.12 - Related: #2222001
* Thu Nov 2 2023 Joe Orton <jorton@redhat.com> - 2.4.58-2 * Tue Jul 18 2023 Joe Orton <jorton@redhat.com> - 2.4.57-4
- add dependency on apr-util-1(dbm) so a DBM provider is present - Resolves: #2217726 - Make PROPFIND tolerant of deletion race
* Fri Oct 20 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.58-1 * Tue Jul 11 2023 Tomas Korbar <tkorbar@redhat.com> - 2.4.57-3
- new version 2.4.58 - Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice
* Fri Oct 06 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-4 * Fri Apr 14 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-2
- SPDX migration - Resolves: #2186645 - Fix issue found by covscan in httpd package
- Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.57-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jul 5 2023 Joe Orton <jorton@redhat.com> - 2.4.57-2
- package /etc/systemd/httpd/httpd.service.d
- also sanitize LDFLAGS/CXXFLAGS in non-vendor config_vars.mk
* Tue Apr 11 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-1 * Tue Apr 11 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-1
- new version 2.4.57 - Resolves: #2184403 - rebase httpd to 2.4.57
- Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
* Thu Mar 09 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.56-1 mod_rewrite and mod_proxy
- new version 2.4.56
* Mon Jan 30 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-11
* Tue Mar 7 2023 Joe Orton <jorton@redhat.com> - 2.4.55-3 - Resolves: #2162500 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
- build and load mod_authnz_fcgi of zero byte
- Resolves: #2162486 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
* Fri Feb 03 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.55-2 - Resolves: #2162510 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
- rebuilt with new apr/apr-util smuggling
* Wed Jan 25 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.55-1 * Tue Jan 24 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-10
- new version 2.4.55 - Resolves: #2160667 - prevent sscg creating /dhparams.pem
* Tue Jan 24 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.54-12 * Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-9
- prevent sscg writing /dhparams.pem - Resolves: #2143176 - Dependency from mod_http2 on httpd broken
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.54-11 * Tue Dec 06 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - Resolves: #2151313 - reduce AH03408 log level from WARNING to INFO
* Tue Dec 20 2022 Joe Orton <jorton@redhat.com> - 2.4.54-10 * Wed Jul 20 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-7
- htcacheclean.service: add [Install] section, PrivateTmp=yes, - Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request
Environment=LANG=C (#2149714) smuggling
- Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in
* Mon Dec 19 2022 Joe Orton <jorton@redhat.com> - 2.4.54-9 ap_strcmp_match()
- move SELinux context logging to mod_systemd - Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped
by hop-by-hop mechanism
* Mon Dec 19 2022 Joe Orton <jorton@redhat.com> - 2.4.54-8 - Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()
- define _httpd_statedir macro - Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody
- Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability
* Wed Nov 30 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.54-7 - Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure
- reduce AH03408 level to INFO in proxy_util.c with websockets
* Thu Oct 13 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.54-6 * Mon Jun 27 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-6
- Provide a sysusers.d file to get user() and group() provides (#2134430) - Related: #2065677 - httpd minimisation for ubi-micro
* Fri Jun 24 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-5
- Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove()
* Thu Jun 16 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-4
- Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert()
* Wed Jun 01 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-3
- Resolves: #2065677 - httpd minimisation for ubi-micro
- minimize httpd dependencies (new httpd-core package)
- mod_systemd and mod_brotli are now packaged in the main httpd package
* Tue May 31 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-1
- new version 2.4.53
- Resolves: #2079939 - httpd rebase to 2.4.53
- Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending
with core
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.54-5 * Mon Apr 11 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using
SetEnv or PassEnv
* Fri Jun 24 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.54-4 * Mon Mar 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-7
- fix downgrade/upgrade issues - Resolves: #2065251 - CVE-2022-22720 httpd: HTTP request smuggling
- mod_ssl and other modules should depend only on httpd-core package vulnerability in Apache HTTP Server 2.4.52 and earlier
- Resolves: #2066311 - CVE-2021-44224 httpd: possible NULL dereference or SSRF
in forward proxy configurations
* Fri Jun 17 2022 Joe Orton <jorton@redhat.com> - 2.4.54-3 * Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-5
- update PCRE config selection - Resolves: #2035064 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow
when parsing multipart content
* Thu Jun 09 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.54-2 * Mon Dec 06 2021 Neal Gompa <ngompa@centosproject.org> - 2.4.51-4
- new version 2.4.54 - Use NAME from os-release(5) for vendor string
Resolves: #2029071 - httpd on CentOS identifies as RHEL
* Mon May 16 2022 Joe Orton <jorton@redhat.com> - 2.4.53-7 * Fri Dec 3 2021 Joe Orton <jorton@redhat.com> - 2.4.51-3
- disable package notes - add fixes for static analyzer issues (#1938740)
* Fri May 13 2022 Joe Orton <jorton@redhat.com> - 2.4.53-6 * Mon Nov 08 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-2
- use %%set_build_flags macro - Resolves: #2005416 - httpd default configuration changes
* Thu Apr 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-5 * Tue Oct 19 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-1
- don't use bomb.gif icon for all files/dirs ending with core - new version 2.4.51 (#2011090)
* Wed Apr 20 2022 Joe Orton <jorton@redhat.com> - 2.4.53-4 * Fri Sep 17 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.49-1
- switch to PCRE2 for new releases - new version 2.4.49 (#2005339)
* Thu Apr 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-3 * Wed Sep 15 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-18
- Related: #2070517 - fix issue when mod_systemd is not loaded - Resolves: #2004143 - RFE: mod_ssl: allow sending multiple CA names which
differ only in case
* Wed Mar 30 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-2 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.48-17
- Resolves: #2070517 - Allow install httpd with smaller footprint - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
- try to minimize httpd dependencies (new httpd-core package) Related: rhbz#1991688
- mod_systemd and mod_brotli are now in the main httpd package
* Thu Mar 17 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-1 * Fri Aug 06 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-16
- new version 2.4.53 - Resolves: #1956386 - Apache trademark update - new logo
- fixes CVE-2022-23943, CVE-2022-22721, CVE-2022-22720 and CVE-2022-22719
* Tue Feb 1 2022 Joe Orton <jorton@redhat.com> - 2.4.52-5 * Fri Aug 6 2021 Florian Weimer <fweimer@redhat.com> - 2.4.48-14
- rebuild for new OpenLDAP (#2032699) - Rebuild to pick up new build flags from redhat-rpm-config (#1984652)
* Mon Jan 31 2022 Joe Orton <jorton@redhat.com> - 2.4.52-4 * Wed Jul 28 2021 Joe Orton <jorton@redhat.com> - 2.4.48-13
- add libtool to Requires: for httpd-devel (#2048281) - mod_ssl: OpenSSL 3 compatibility update (#1986822)
* Fri Jan 28 2022 Joe Orton <jorton@redhat.com> - 2.4.52-3 * Thu Jul 15 2021 Joe Orton <jorton@redhat.com> - 2.4.48-12
- use LIBTOOL=/usr/bin/libtool in the non-vendor config_vars.mk - mod_ssl: add SSLKEYLOGFILE support (#1982656)
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.52-2 * Mon Jul 12 2021 Joe Orton <jorton@redhat.com> - 2.4.48-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - mod_cgid: fix doubled script timeout (#1977234)
* Wed Dec 22 2021 Joe Orton <jorton@redhat.com> - 2.4.52-1 * Fri Jul 9 2021 Joe Orton <jorton@redhat.com> - 2.4.48-10
- update to 2.4.52 - fix release in ServerTokens Full-Release (#1932442)
* Mon Dec 06 2021 Neal Gompa <ngompa@fedoraproject.org> - 2.4.51-3 * Wed Jul 7 2021 Joe Orton <jorton@redhat.com> - 2.4.48-9
- Use NAME from os-release(5) for vendor string - use OOMPolicy=continue in httpd.service, httpd@.service (#1947475)
Related: #2029071 - httpd on CentOS identifies as RHEL
* Tue Oct 12 2021 Joe Orton <jorton@redhat.com> - 2.4.51-2 * Thu Jul 01 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-8
- mod_ssl: updated patch for OpenSSL 3.0 compatibility (#2007178) - Resolves: #1950021 - [RFE] Update httpd directive SSLProxyMachineCertificateFile
- mod_deflate/core: add two brigade handling correctness fixes to be able to handle certs without matching private key
* Thu Oct 07 2021 Patrick Uiterwijk <patrick@puiterwijk.org> - 2.4.51-1 * Thu Jul 01 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-7
- new version 2.4.51 - Resolves: #1950011 - unorderly connection close when client attempts
renegotiation
* Tue Oct 05 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.50-1 * Thu Jul 01 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-6
- new version 2.4.50 - Resolves: #1932442 - "ServerTokens Full-Release" support
* Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.49-3 * Fri Jun 25 2021 Joe Orton <jorton@redhat.com> - 2.4.48-5
- Rebuilt for CI testing - mod_ssl: fix loading encrypted privkeys with OpenSSL 3.0 (#1976080)
* Thu Sep 16 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.49-1 * Fri Jun 25 2021 Joe Orton <jorton@redhat.com> - 2.4.48-4
- new version 2.4.49 (#2004776) - add OpenSSL v3 compatibility fixes (#1975201)
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.4.48-8 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.48-3
- Rebuilt with OpenSSL 3.0.0 - Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Fri Aug 06 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-7 * Tue Jun 08 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-2
- add symlink to system logo for noindex test page - Resolves: #1947099 - centralizing default index.html for httpd
* Fri Aug 6 2021 Joe Orton <jorton@redhat.com> - 2.4.48-4 * Wed Jun 02 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-1
- add OpenSSL 3.x compatibility patch - new version 2.4.48
- Resolves: #1952817 - rebase to 2.4.48
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.48-3 * Wed May 26 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.46-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - Resolves: #1949606 - RFE: httpd, add IP_FREEBIND support for Listen
* Fri Jul 16 2021 Joe Orton <jorton@redhat.com> - 2.4.48-2 * Wed May 19 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-14
- mod_cgi/mod_cgid: update to unification from trunk - Resolves: #1949969 - httpd : mod_proxy should allow to specify
- httpd.conf: add note on care with Listen and starting at boot Proxy-Authorization in ProxyRemote directive
* Wed Jun 02 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-1 * Thu Apr 22 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-13
- new version 2.4.48 - Resolves: #1952546 - mod_proxy_wstunnel.html is a malformed XML
- Resolves: #1964746 - httpd-2.4.48 is available
* Mon May 03 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-13 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.46-12
- Related: #1934739 - Apache trademark update - new logo - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Apr 9 2021 Joe Orton <jorton@redhat.com> - 2.4.46-12 * Tue Apr 13 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-11
- use OOMPolicy=continue in httpd.service, httpd@.service (#1947475) - Resolves: #1947496 - [RFE] ProxyWebsocketIdleTimeout from httpd mod_proxy_wstunnel
* Wed Mar 31 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-11 * Wed Mar 31 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-10
- Resolves: #1934739 - Apache trademark update - new logo - Resolves: #1934739 - Apache trademark update - new logo
* Tue Feb 23 2021 Joe Orton <jorton@redhat.com> - 2.4.46-10
- add Conflicts: with mod_nss
- drop use of apr_ldap_rebind (r1878890, #1847585)
* Mon Feb 01 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-9 * Mon Feb 01 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-9
- Resolves: #1914182 - RFE: CustomLog should be able to use journald - Resolves: #1914182 - RFE: CustomLog should be able to use journald

Loading…
Cancel
Save