%define contentdir /var/asl/www %define suexec_caller tortix %define mmn 20120211 %define vstring Atomicorp %define distro Atomicorp # ASL - for fc10+ %define _default_patch_fuzz 2 Summary: Apache HTTP Server Name: tortixd Version: 2.4.1 # based on 53 Release: 0.1 URL: http://www.atomicorp.com Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 # #Source1: centos_index.html #Source3: httpd.logrotate Source4: tortixd.init Source5: tortixd.sysconf #Source8: centos_powered_by_rh.png Source10: tortixd.conf Source11: tortixd-ssl.conf # Source12: welcome.conf Source13: manual.conf # #Source14: proxy_ajp.conf # # Documentation Source30: migration.xml Source31: migration.css Source32: html.xsl Source33: README.confd # build/scripts patches Patch1: httpd-2.1.10-apctl.patch # Patch2: httpd-2.1.10-apxs-asl.patch # Patch3: httpd-2.0.45-deplibs.patch Patch4: httpd-2.1.10-disablemods.patch Patch5: httpd-2.1.10-layout.patch Patch6: httpd-2.2.2-ac260.patch # Features/functional changes Patch20: httpd-2.0.48-release.patch Patch21: httpd-2.0.40-xfsz.patch Patch22: httpd-2.1.10-pod.patch Patch23: httpd-2.0.45-export.patch Patch24: httpd-2.0.48-corelimit.patch Patch25: httpd-2.0.54-selinux.patch Patch26: httpd-2.2.3-proxysessid.patch Patch27: httpd-2.2.3-proxypmatch.patch Patch28: httpd-2.2.3-nbchunk.patch Patch29: httpd-2.2.3-sslrenegsize.patch Patch30: httpd-2.2.3-ldapdyngrp.patch Patch31: httpd-2.2.3-modsubst.patch Patch32: httpd-2.2.3-proxybybusy.patch Patch33: httpd-2.2.3-ldaprefer.patch Patch34: httpd-2.2.3-reqtimeout.patch # Bug fixes Patch50: httpd-2.0.45-encode.patch Patch54: httpd-2.2.0-authnoprov.patch Patch55: httpd-2.2.3-proxyopt.patch Patch56: httpd-2.2.3-proxyoride.patch Patch57: httpd-2.0.52-logresline.patch Patch58: httpd-2.2.3-ldappool.patch Patch59: httpd-2.2.3-ssldynlock.patch Patch60: httpd-2.0.52-escaperrs.patch Patch61: httpd-2.2.3-eventdlock.patch Patch62: httpd-2.2.3-hdrsedit.patch Patch63: httpd-2.2.3-dummyreq.patch Patch64: httpd-2.2.3-proxysslhost.patch Patch65: httpd-2.2.3-pr46428.patch Patch66: httpd-2.2.3-cgierror.patch Patch67: httpd-2.2.3-pr43562.patch Patch68: httpd-2.2.3-logports.patch Patch69: httpd-2.2.3-graceful-ebadf.patch Patch70: httpd-2.2.3-sslrenegredir.patch Patch71: httpd-2.2.3-rewritelll.patch Patch72: httpd-2.2.3-extfiltereos.patch Patch73: httpd-2.2.3-cgierror2.patch Patch74: httpd-2.2.3-pngmagic.patch Patch75: httpd-2.2.3-defpidlog.patch Patch76: httpd-2.2.3-rewritedpi.patch Patch77: httpd-2.2.3-ldapremuser.patch Patch78: httpd-2.2.3-ldappassauth.patch Patch79: httpd-2.2.3-noxpad.patch Patch80: httpd-2.2.3-ajpbuffer.patch Patch81: httpd-2.2.3-sslflush.patch Patch82: httpd-2.2.3-expectnoka.patch Patch83: httpd-2.2.3-ssloidval.patch Patch84: httpd-2.2.3-sslreneg.patch Patch85: httpd-2.2.3-pr49328.patch Patch86: httpd-2.2.3-aboverflow.patch Patch87: httpd-2.2.3-pr40232.patch Patch88: httpd-2.2.3-davputfail.patch Patch89: httpd-2.2.3-dbdcleanup.patch Patch90: httpd-2.2.3-pr41743.patch Patch91: httpd-2.2.3-bbflush.patch Patch92: httpd-2.2.3-pr37770.patch Patch93: httpd-2.2.3-pr45792.patch Patch94: httpd-2.2.3-sslproxyio.patch Patch95: httpd-2.2.3-pr45444.patch Patch96: httpd-2.2.3-proxyconn.patch Patch97: httpd-2.2.3-ssldupkeys.patch Patch98: httpd-2.2.3-pr45434.patch Patch99: httpd-2.2.3-filterhdr.patch Patch300: httpd-2.2.3-ldapcache.patch Patch301: httpd-2.2.3-pr45333.patch Patch302: httpd-2.2.3-pr44447.patch Patch303: httpd-2.2.3-cachehardmax.patch # Security Fixes Patch100: httpd-2.2.3-CVE-2006-5752.patch Patch101: httpd-2.2.3-CVE-2007-1863.patch Patch102: httpd-2.2.3-CVE-2007-3304.patch Patch103: httpd-2.2.3-CVE-2007-3847.patch Patch104: httpd-2.2.3-CVE-2007-5000.patch Patch105: httpd-2.2.3-CVE-2007-4465.patch Patch106: httpd-2.2.3-CVE-2007-6421.patch Patch107: httpd-2.2.3-CVE-2007-6422.patch Patch108: httpd-2.2.3-CVE-2007-6388.patch Patch109: httpd-2.2.3-prftpcset.patch Patch110: httpd-2.2.3-CVE-2007-3304-update.patch Patch111: httpd-2.2.3-CVE-2008-2939.patch Patch112: httpd-2.2.3-CVE-2008-1678.patch Patch113: httpd-2.2.3-CVE-2009-1195.patch Patch114: httpd-2.2.3-ssicompat.patch Patch115: httpd-2.2.10-CVE-2009-1890.patch Patch116: httpd-2.2.10-CVE-2009-1891.patch Patch117: httpd-2.2.3-CVE-2009-3555.patch Patch118: httpd-2.2.3-CVE-2009-3094.patch Patch119: httpd-2.2.3-CVE-2009-3095.patch Patch120: httpd-2.2.3-CVE-2009-3555-p2.patch Patch121: httpd-2.2.3-CVE-2010-0434.patch Patch122: httpd-2.2.3-CVE-2010-0408.patch Patch123: httpd-2.2.3-CVE-2010-1452.patch Patch124: httpd-2.2.3-CVE-2010-2791.patch Patch125: httpd-2.2.3-CVE-2011-3192.patch # Rebases Patch200: httpd-2.2.3-proxy229.patch Patch201: httpd-2.2.3-cache229.patch Patch202: httpd-2.2.3-deflate2215.patch # ASL Patch10000: asl-apachectl.patch Patch10001: httpd-2.2.3-libtool2.patch Patch10002: openssl-1.0-mod_ssl.patch License: Apache Software License Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-root BuildRequires: autoconf, perl, pkgconfig, xmlto >= 0.0.11, findutils BuildRequires: db4-devel, expat-devel, zlib-devel, libselinux-devel # el5 #BuildRequires: apr-devel >= 1.2.0, apr-util-devel >= 1.2.0, pcre-devel >= 5.0, #Requires: initscripts >= 8.36 BuildRequires: apr-devel apr-util-devel pcre-devel # fc9 BuildRequires: ed Requires: initscripts # fc11 %if 0%{?el6}%{?fc11}%{?fc12}%{?fc13}%{?fc14}%{?fc15} BuildRequires: libtool libtool-ltdl libtool-ltdl-devel %endif # el4 %if 0%{?el4} BuildRequires: asl-apr asl-apr-devel asl-apr-util asl-apr-util-devel Requires: asl-apr asl-apr-util %endif # FC10 does not use /usr/share/magic.mime %if 0%{?el6}%{?fc10}%{?fc11}%{?fc12}%{?fc13}%{?fc14}%{?fc15} Requires: /etc/mime.types, gawk, /usr/bin/find %else Requires: /etc/mime.types, gawk, /usr/share/magic.mime, /usr/bin/find %endif #Obsoletes: httpd-suexec # # new Requires(pre): /usr/sbin/useradd Requires(post): chkconfig # /new #Provides: webserver Provides: tortixd-mmn = %{mmn} Provides: asl-httpd Obsoletes: asl-httpd Conflicts: pcre < 4.0 %description The Apache HTTP Server is a powerful, efficient, and extensible web server. %package devel Group: Development/Libraries Summary: Development tools for the Apache HTTP server. #Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel Provides: asl-httpd-devel %if 0%{?el4} Requires: asl-apr-devel, asl-apr-util-devel, pkgconfig %else Requires: apr-devel, apr-util-devel, pkgconfig %endif Requires: tortixd = %{version}-%{release} %description devel The httpd-devel package contains the APXS binary and other files that you need to build Dynamic Shared Objects (DSOs) for the Apache HTTP Server. If you are installing the Apache HTTP server and you want to be able to compile or develop additional modules for Apache, you need to install this package. %package manual Group: Documentation Summary: Documentation for the Apache HTTP server. %description manual The httpd-manual package contains the complete manual and reference guide for the Apache HTTP server. The information can also be found at http://httpd.apache.org/docs/2.2/. %package -n tortixd-mod_ssl Group: System Environment/Daemons Summary: SSL/TLS module for the Apache HTTP server Epoch: 1 BuildRequires: openssl-devel Provides: asl-mod_ssl Obsoletes: asl-mod_ssl #Requires(post): openssl >= 0.9.7f-4, /bin/cat # el4 Requires(post): openssl , /bin/cat # Requires: tortixd = 0:%{version}-%{release}, tortixd-mmn = %{mmn} %description -n tortixd-mod_ssl The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. %prep %setup -q -n httpd-%{version} vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n ' /^2/p'` if test "x${vmmn}" != "x%{mmn}"; then : Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn}. : Update the mmn macro and rebuild. exit 1 fi # %build %define _aslhome /var/asl %define _sysconfdir /var/asl/etc/ %define _prefix /var/asl/usr/ %define _bindir /var/asl/usr/bin/ %define _sbindir /var/asl/usr/sbin/ %define _includedir /var/asl/usr/include/ %define _mandir /var/asl/usr/share/man/ %define _libdir /var/asl/usr/lib/ %ifarch x86_64 %define _libdir /var/asl/usr/lib64/ %endif # forcibly prevent use of bundled apr, apr-util, pcre rm -rf srclib/{apr,apr-util,pcre} # regenerate configure scripts #autoheader && autoconf || exit 1 # Limit size of CHANGES to recent history #echo '1,/Changes with Apache MPM/wq' | ed CHANGES # Before configure; fix location of build dir in generated apxs # This is interesting because the default apxs patch removes this, so it normally is irrelevant. %{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \ support/apxs.in # update location of migration guide in apachectl %{__perl} -pi -e "s:\@docdir\@:%{_docdir}/%{name}-%{version}:g" \ support/apachectl.in # Build the migration guide sed 's/@DISTRO@/%{distro}/' < $RPM_SOURCE_DIR/migration.xml > migration.xml xmlto -x $RPM_SOURCE_DIR/html.xsl html-nochunks migration.xml cp $RPM_SOURCE_DIR/migration.css . # make %%doc happy CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" SH_LDFLAGS="-Wl,-z,relro" export CFLAGS SH_LDFLAGS # Forcibly disable use of rsync to install (#557049) export ac_cv_path_RSYNC= # Hard-code path to links to avoid unnecessary builddep export LYNX_PATH=/usr/bin/links function mpmbuild() { mpm=$1; shift mkdir $mpm; pushd $mpm ../configure \ --prefix=%{_sysconfdir}/httpd \ --with-program-name=tortixd \ --exec-prefix=%{_prefix} \ --bindir=%{_bindir} \ --sbindir=%{_sbindir} \ --mandir=%{_mandir} \ --libdir=%{_libdir} \ --sysconfdir=%{_sysconfdir}/httpd/conf \ --includedir=%{_includedir}/httpd \ --libexecdir=%{_libdir}/httpd/modules \ --datadir=%{contentdir} \ --with-installbuilddir=%{_libdir}/httpd/build \ --with-mpm=$mpm \ --with-apr=/usr --with-apr-util=/usr \ --enable-suexec --with-suexec \ --with-suexec-caller=%{suexec_caller} \ --with-suexec-docroot=%{contentdir} \ --with-suexec-logfile=%{_localstatedir}/log/tortixd/suexec.log \ --with-suexec-bin=%{_sbindir}/suexec \ --with-suexec-uidmin=500 --with-suexec-gidmin=100 \ --enable-pie \ --with-pcre \ $* make %{?_smp_mflags} popd } # Build everything and the kitchen sink with the prefork build mpmbuild prefork \ --enable-mods-shared=all \ --enable-ssl --with-ssl \ --enable-proxy \ --enable-cache --enable-mem-cache \ --enable-file-cache --enable-disk-cache \ --enable-ldap --enable-authnz-ldap \ --enable-cgid \ --enable-authn-anon --enable-authn-alias \ --disable-imagemap # For the other MPMs, just build httpd and no optional modules mpmbuild worker --enable-modules=none mpmbuild event --enable-modules=none %install rm -rf $RPM_BUILD_ROOT # Classify ab and logresolve as section 1 commands, as they are in /usr/bin #mv docs/man/ab.8 docs/man/ab.1 #mv docs/man/logresolve.8 docs/man/logresolve.1 pushd prefork make DESTDIR=$RPM_BUILD_ROOT install popd # install alternative MPMs install -m 755 worker/tortixd $RPM_BUILD_ROOT%{_sbindir}/tortixd.worker install -m 755 event/tortixd $RPM_BUILD_ROOT%{_sbindir}/tortixd.event # install conf file/directory mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d install -m 644 $RPM_SOURCE_DIR/README.confd \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README #for f in tortixd-ssl.conf welcome.conf manual.conf ; do install -m 644 $RPM_SOURCE_DIR/tortixd-ssl.conf $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ssl.conf #done rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf install -m 644 $RPM_SOURCE_DIR/tortixd.conf \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/tortixd.conf # mkdir -p $RPM_BUILD_ROOT/etc/sysconfig install -m 644 $RPM_SOURCE_DIR/tortixd.sysconf \ $RPM_BUILD_ROOT/etc/sysconfig/tortixd # # for holding mod_dav lock database mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav # create a prototype session cache mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/mod_ssl touch $RPM_BUILD_ROOT%{_localstatedir}/cache/mod_ssl/scache.{dir,pag,sem} # create cache root mkdir $RPM_BUILD_ROOT%{_localstatedir}/cache/mod_proxy # move utilities to /usr/bin #mv $RPM_BUILD_ROOT%{_sbindir}/{ab,htdbm,logresolve,htpasswd,htdigest} \ # $RPM_BUILD_ROOT%{_bindir} # Make the MMN accessible to module packages echo %{mmn} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn # # docroot #mkdir $RPM_BUILD_ROOT%{contentdir}/html #install -m 644 $RPM_SOURCE_DIR/centos_index.html \ # $RPM_BUILD_ROOT%{contentdir}/error/noindex.html # # remove manual sources find $RPM_BUILD_ROOT%{contentdir}/manual \( \ -name \*.xml -o -name \*.xml.* -o -name \*.ent -o -name \*.xsl -o -name \*.dtd \ \) -print0 | xargs -0 rm -f # added for branding # #install -m 644 %{SOURCE8} \ # $RPM_BUILD_ROOT%{contentdir}/icons/powered_by_rh.png # # Strip the manual down just to English and replace the typemaps with flat files: set +x for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do if test -f ${f}.en; then cp ${f}.en ${f} rm ${f}.* fi done set -x # logs rmdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/logs mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/httpd # # symlinks for /etc/httpd ln -s ../../../../%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/var/asl/etc/httpd/logs ln -s ../../../../%{_localstatedir}/run $RPM_BUILD_ROOT/var/asl/etc/httpd/run ln -s ../../../../%{_libdir}/httpd/modules $RPM_BUILD_ROOT/var/asl/etc/httpd/modules # # install SYSV init stuff mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d install -m755 $RPM_SOURCE_DIR/tortixd.init \ $RPM_BUILD_ROOT/etc/rc.d/init.d/tortixd %{__perl} -pi -e "s:\@docdir\@:%{_docdir}/%{name}-%{version}:g" \ $RPM_BUILD_ROOT/etc/rc.d/init.d/tortixd # # install log rotation stuff #mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d #install -m644 $RPM_SOURCE_DIR/httpd.logrotate \ # $RPM_BUILD_ROOT/etc/logrotate.d/tortixd # # fix man page paths sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \ -e "s|/usr/local/apache2/conf/mime.types|/etc/mime.types|" \ -e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \ -e "s|/usr/local/apache2/logs/error_log|/var/log/httpd/error_log|" \ -e "s|/usr/local/apache2/logs/access_log|/var/log/httpd/access_log|" \ -e "s|/usr/local/apache2/logs/httpd.pid|/var/run/httpd.pid|" \ -e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \ > $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8 # Make ap_config_layout.h libdir-agnostic sed -i '/.*DEFAULT_..._LIBEXECDIR/d;/DEFAULT_..._INSTALLBUILDDIR/d' \ $RPM_BUILD_ROOT%{_includedir}/httpd/ap_config_layout.h # Fix path to instdso in special.mk #sed -i '/instdso/s,top_srcdir,top_builddir,' \ # $RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk # # Remove unpackaged files rm -f $RPM_BUILD_ROOT%{_libdir}/*.exp \ $RPM_BUILD_ROOT%{_aslhome}/etc/httpd/conf/mime.types \ $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \ $RPM_BUILD_ROOT%{_libdir}/httpd/build/config.nice \ $RPM_BUILD_ROOT%{_bindir}/ap?-config \ $RPM_BUILD_ROOT%{_sbindir}/{checkgid,dbmmanage,envvars*} \ $RPM_BUILD_ROOT%{contentdir}/htdocs/* \ $RPM_BUILD_ROOT%{contentdir}/htdocs/* \ $RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \ $RPM_BUILD_ROOT%{contentdir}/cgi-bin/* rm -rf $RPM_BUILD_ROOT%{contentdir}/cgi-bin \ $RPM_BUILD_ROOT%{contentdir}/icons \ $RPM_BUILD_ROOT%{contentdir}/error rm -rf $RPM_BUILD_ROOT%{_aslhome}/etc/httpd/conf/{original,extra} # # Make suexec a+rw so it can be stripped. %%files lists real permissions chmod 755 $RPM_BUILD_ROOT%{_sbindir}/suexec %trigger -- asl-httpd /sbin/service asl-httpd stop >/dev/null 2>&1 || : /sbin/chkconfig --del asl-httpd %pre if ! grep -q asl-web /etc/passwd ; then /usr/sbin/useradd -r -M -d /var/asl/www asl-web -s /sbin/nologin fi if ! grep -q tortix /etc/passwd ; then /usr/sbin/useradd -r -M -d /var/asl tortix -s /sbin/nologin fi %post # Register the httpd service /sbin/chkconfig --add tortixd /sbin/chkconfig tortixd on /sbin/service tortixd restart >/dev/null 2>&1 || : %preun if [ $1 = 0 ]; then /sbin/service tortixd stop > /dev/null 2>&1 /sbin/chkconfig --del tortixd fi %define sslcert /etc/pki/tls/certs/localhost.crt %define sslkey /etc/pki/tls/private/localhost.key %post -n tortixd-mod_ssl umask 077 # if [ ! -d /etc/pki/tls/private ]; then mkdir -p /etc/pki/tls/private fi if [ ! -f %{sslkey} ] ; then /usr/bin/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 1024 > %{sslkey} 2> /dev/null fi FQDN=`hostname` if [ "x${FQDN}" = "x" ]; then FQDN=localhost.localdomain fi # if [ ! -d /etc/pki/tls/certs ]; then mkdir -p /etc/pki/tls/certs fi if [ ! -f %{sslcert} ] ; then cat << EOF | /usr/bin/openssl req -new -key %{sslkey} \ -x509 -days 365 -set_serial $RANDOM \ -out %{sslcert} 2>/dev/null -- SomeState SomeCity SomeOrganization SomeOrganizationalUnit ${FQDN} root@${FQDN} EOF fi # %check # Check the built modules are all PIC if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then : modules contain non-relocatable code exit 1 fi # Verify that the same modules were built into the httpd binaries ./prefork/tortixd -l | grep -v prefork > prefork.mods for mpm in worker; do ./${mpm}/tortixd -l | grep -v ${mpm} > ${mpm}.mods if ! diff -u prefork.mods ${mpm}.mods; then : Different modules built into httpd binaries, will not proceed exit 1 fi done %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) %doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE %doc migration.html migration.css %dir %{_sysconfdir}/httpd # %{_sysconfdir}/httpd/modules %{_sysconfdir}/httpd/logs %{_sysconfdir}/httpd/run # %dir %{_sysconfdir}/httpd/conf %config(noreplace) %{_sysconfdir}/httpd/conf/tortixd.conf #%config(noreplace) %{_sysconfdir}/httpd/conf.d/welcome.conf # #%config(noreplace) %{_sysconfdir}/httpd/conf.d/proxy_ajp.conf # %config(noreplace) %{_sysconfdir}/httpd/conf/magic # #%config(noreplace) /etc/logrotate.d/tortixd %config /etc/rc.d/init.d/tortixd # %dir %{_sysconfdir}/httpd/conf.d %{_sysconfdir}/httpd/conf.d/README # %config(noreplace) /etc/sysconfig/tortixd # %{_bindir}/* %{_sbindir}/ht* %{_sbindir}/tortixd* %{_sbindir}/apachectl %{_sbindir}/rotatelogs %attr(4510,root,%{suexec_caller}) %{_sbindir}/suexec %dir %{_libdir}/httpd %dir %{_libdir}/httpd/modules %{_libdir}/httpd/modules/mod*.so %exclude %{_libdir}/httpd/modules/mod_ssl.so %dir %{contentdir} # #%dir %{contentdir}/cgi-bin #%dir %{contentdir}/html #%dir %{contentdir}/icons #%dir %{contentdir}/error #%dir %{contentdir}/error/include #%{contentdir}/icons/* #%{contentdir}/error/README #%{contentdir}/error/noindex.html #%config %{contentdir}/error/*.var #%config %{contentdir}/error/include/*.html # %attr(0700,root,root) %dir %{_localstatedir}/log/httpd %attr(0700,tortix,tortix) %dir %{_localstatedir}/lib/dav %attr(0700,tortix,tortix) %dir %{_localstatedir}/cache/mod_proxy %{_mandir}/man?/* %files manual %defattr(-,root,root) %{contentdir}/manual #%config %{_sysconfdir}/httpd/conf.d/manual.conf %files -n tortixd-mod_ssl %defattr(-,root,root) %{_libdir}/httpd/modules/mod_ssl.so %config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf %attr(0700,tortix,root) %dir %{_localstatedir}/cache/mod_ssl %attr(0600,tortix,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.dir %attr(0600,tortix,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.pag %attr(0600,tortix,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.sem %files devel %defattr(-,root,root) %{_includedir}/httpd %{_sbindir}/apxs %dir %{_libdir}/httpd/build %{_libdir}/httpd/build/*.mk %{_libdir}/httpd/build/*.sh %changelog * Thu Sep 22 2011 Support - 2.2.3-53.1 - Resync with upstream -53 build * Fri Sep 3 2010 Support - 2.2.3-43.1 - mod_ssl: improved fix for SSLRequire's OID() function (#625452) - add security fixes for CVE-2010-1452, CVE-2010-2791 (#623210) - mod_deflate: rebase to 2.2.15 (#625435) - stop multiple invocations of filter init functions (#625451) * Fri Jun 25 2010 Support - 2.2.3-43.0.3 - add security fixes for CVE-2010-0408, CVE-2010-0434 (#570441) - require and BR a version of OpenSSL with the secure reneg API (#566659) - mod_ssl: add SSLInsecureRenegotiation (#566659) - mod_ssl: further fix for OID() handling (#552942) - prevent use of rsync during "make install" (#557049) - mod_ssl: fix additional case for OID() handling (#552942) - mod_authnz_ldap: fix handling of empty filter in group defn (#252038) - mod_ssl: use ASN1_STRING_print() in SSLRequire's OID() (#552942) - mod_ssl: add further mitigation for CVE-2009-3555 (#534042) - add mod_substitute (#539256) - mod_authnz_ldap: dynamic group fixes (#252038) - mod_authnz_ldap: add support for dynamic group lookup (#252038) - add security fixes for CVE-2009-3555, CVE-2009-3094, CVE-2009-3095 (#534042) * Sun Dec 31 2009 Scott R. Shinn - 2.2.3-32.5 - Added patch to support openssl 1.0 from Fedora 12 - Deprecated ldap modules for Fedora 11 and Fedora 12 * Sun Dec 6 2009 Scott R. Shinn - 2.2.3-32.1 - Removed mod_proxy_ajp - Re-merge with centos, the following changes are inherited. - add security fixes for CVE-2009-3094, CVE-2009-3095, CVE-2009-3555 (#534041) - mod_rewrite: correct backport of URI escaping fix (#480604) - add security fixes for CVE-2009-1890, CVE-2009-1891 (#509783) - add image/png to conf/magic (#240844) - fix backwards compat for CVE-2009-1195 fix (#502998) - mod_cgi, mod_cgid: fix logging on input read error (#498170) - mod_rewrite: don't serialize logfile access (#493023) - mod_ext_filter: fix spurious error log output (#479463) - add security fixes for CVE-2008-1678, CVE-2009-1195 (#499285) - mod_rewrite: fix URI escaping with [P] in directory context (#480604) - mod_cgi: fix headers/status in error responses (#480932) - mod_speling: fix handling of directory names (#485524) - init script: use ${pidfile} in more places (#491135) - mod_log_config: support remote/local with 'p' format (#493070) - remove Obsolete for mod_jk (#493592) - mod_ssl: fix SSL per-dir-reneg buffering with internal redirects (#488886) - fix spurious error messages on graceful restart (#233955) - mod_ssl: add SSLRenegBufferSize directive (#479806) - mod_proxy: set c->remote_host for backend SSL connection (#479410) - add security fixes for CVE-2008-2939 (#468841) - note that the mod_proxy 2.2.9 rebase fixed CVE-2008-2634 * Fri Oct 9 2009 Scott R. Shinn - 2.2.3-22.17.3 - Minor change to httpd.conf, disabled additional modules by default * Mon Aug 31 2009 Scott R. Shinn - 2.2.3-22.17.2 - Bugid #223, logrotate has been disabled, this is currently covered by the httpd package * Thu Aug 27 2009 Scott R. Shinn - 2.2.3-22.17 - Added patch for libtool 2.2 support (fedora 11) - Dropped some prefork build flags, like mem-cache - Bugfix #216, asl-httpd rotates the same files as /etc/logrotate.d/httpd. * Wed Jun 17 2009 Scott R. Shinn 2.2.3-22.6 - Updated apachectl, ssl.conf, httpd.init * Wed Jun 17 2009 Scott R. Shinn 2.2.3-22.0 - Re-spin for ASL management daemon