source: trunk/server/fedora/specs/httpd.spec.patch @ 2212

Last change on this file since 2212 was 2157, checked in by ezyang, 14 years ago
Latest httpd fixes CVEs we were patching.
File size: 2.8 KB
RevLine 
[2153]1--- httpd.spec.~1~      2012-02-13 09:46:36.000000000 -0500
2+++ httpd.spec  2012-03-26 01:33:53.247271289 -0400
[2066]3@@ -8,7 +8,7 @@
[926]4 Summary: Apache HTTP Server
5 Name: httpd
[2153]6 Version: 2.2.22
[2066]7-Release: 1%{?dist}
8+Release: 1%{?dist}.scripts.%{scriptsversion}
[926]9 URL: http://httpd.apache.org/
[1738]10 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
[926]11 Source1: index.html
[2157]12@@ -54,6 +54,15 @@
[2066]13 Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
14 Requires: httpd-tools = %{version}-%{release}, apr-util-ldap, systemd-units
[1]15 
[2066]16+Provides: scripts-httpd = %{version}-%{release}
[1]17+Patch1000: httpd-suexec-scripts.patch
[795]18+Patch1003: httpd-2.2.x-mod_status-security.patch
[1035]19+Patch1004: httpd-2.2.x-304.patch
[1348]20+Patch1005: httpd-2.2.x-mod_ssl-sessioncaching.patch
[1356]21+Patch1006: httpd-suexec-cloexec.patch
[1602]22+Patch1007: httpd-fixup-vhost.patch
[2066]23+Patch1008: httpd-sysv-deps.patch
[1]24+
25 %description
26 The Apache HTTP Server is a powerful, efficient, and extensible
27 web server.
[2153]28@@ -64,6 +76,7 @@
[1607]29 Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
30 Requires: apr-devel, apr-util-devel, pkgconfig
31 Requires: httpd = %{version}-%{release}
[2066]32+Provides: scripts-httpd-devel = %{version}-%{release}
[1607]33 
34 %description devel
35 The httpd-devel package contains the APXS binary and other files
[2153]36@@ -102,6 +115,7 @@
[2066]37 Requires(post): openssl, /bin/cat
[1499]38 Requires(pre): httpd
[2066]39 Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
[925]40+Provides: scripts-mod_ssl
41 Obsoletes: stronghold-mod_ssl
42 
43 %description -n mod_ssl
[2153]44@@ -110,6 +124,11 @@
[2066]45 Security (TLS) protocols.
46 
47 %prep
48+
49+# Horrible hack to patch the httpd.init file
50+cd $RPM_SOURCE_DIR
51+%patch1008 -p1 -b .sysv-deps
52+
53 %setup -q
54 %patch1 -p1 -b .apctl
55 %patch2 -p1 -b .apxs
[2157]56@@ -128,6 +147,14 @@
[1]57 # Patch in vendor/release string
58 sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
59 
60+%patch1000 -p1 -b .scripts
[795]61+%patch1003 -p1 -b .permitstatus
[1035]62+%patch1004 -p1 -b .scripts-304
[1348]63+%patch1005 -p1 -b .ssl-sessioncache
[1356]64+%patch1006 -p1 -b .cloexec
[1602]65+%patch1007 -p1 -b .fixup-vhost
[2134]66+# Note that patch1008 is not here, as it patches the initscript elsewhere in this .spec
[1]67+
68 # Safety check: prevent build if defined MMN does not equal upstream MMN.
69 vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
70 if test "x${vmmn}" != "x%{mmn}"; then
[2153]71@@ -175,10 +205,12 @@
[684]72         --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
73        --enable-suexec --with-suexec \
74        --with-suexec-caller=%{suexec_caller} \
75-       --with-suexec-docroot=%{contentdir} \
[1288]76+       --with-suexec-docroot=/ \
[684]77+       --with-suexec-userdir=web_scripts \
[824]78+       --with-suexec-trusteddir=/usr/libexec/scripts-trusted \
[684]79        --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
80        --with-suexec-bin=%{_sbindir}/suexec \
81-       --with-suexec-uidmin=500 --with-suexec-gidmin=100 \
82+       --with-suexec-uidmin=50 --with-suexec-gidmin=50 \
83         --enable-pie \
84         --with-pcre \
85        $*
Note: See TracBrowser for help on using the repository browser.