source: branches/fc20-dev/server/fedora/specs/httpd.spec.patch @ 2583

--- rpmbuild/SPECS/httpd.spec.~1~       2014-07-23 06:24:15.000000000 -0400
+++ httpd.spec  2014-08-26 21:10:34.994027237 -0400
@@ -15,7 +15,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.10
-Release: 1%{?dist}
+Release: 1%{?dist}.scripts.%{scriptsversion}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@@ -65,6 +65,13 @@
 # Bug fixes
 Patch55: httpd-2.4.4-malformed-host.patch
 Patch56: httpd-2.4.4-mod_unique_id.patch
+
+Patch1001: httpd-suexec-scripts.patch
+Patch1002: httpd-mod_status-security.patch
+Patch1003: httpd-304s.patch
+Patch1004: httpd-fixup-vhost.patch
+Patch1005: httpd-allow-null-user.patch
+
 License: ASL 2.0
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -77,6 +84,7 @@
 Provides: webserver
 Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
 Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}, httpd-mmn = %{oldmmnisa}
+Provides: scripts-httpd = %{version}-%{release}
 Requires: httpd-tools = %{version}-%{release}
 Requires(pre): /usr/sbin/useradd
 Requires(preun): systemd-units
@@ -94,6 +102,7 @@
 Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
 Requires: apr-devel, apr-util-devel, pkgconfig
 Requires: httpd = %{version}-%{release}
+Provides: scripts-httpd-devel = %{version}-%{release}
 
 %description devel
 The httpd-devel package contains the APXS binary and other files
@@ -132,6 +141,7 @@
 Requires(post): openssl, /bin/cat
 Requires(pre): httpd
 Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
+Provides: scripts-mod_ssl
 Obsoletes: stronghold-mod_ssl
 
 %description -n mod_ssl
@@ -190,6 +200,12 @@
 %patch55 -p1 -b .malformedhost
 %patch56 -p1 -b .uniqueid
 
+%patch1001 -p1 -b .suexec-scripts
+%patch1002 -p1 -b .mod_status-security
+%patch1003 -p1 -b .scripts-304s
+%patch1004 -p1 -b .fixup-vhost
+%patch1005 -p1 -b .allow-null-user
+
 # Patch in the vendor string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
 
@@ -242,11 +258,13 @@
        --enable-suexec --with-suexec \
         --enable-suexec-capabilities \
        --with-suexec-caller=%{suexec_caller} \
-       --with-suexec-docroot=%{docroot} \
-       --without-suexec-logfile \
-        --with-suexec-syslog \
+       --with-suexec-docroot=/ \
+       --with-suexec-userdir=web_scripts \
+       --with-suexec-trusteddir=/usr/libexec/scripts-trusted \
+       --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
+        --without-suexec-syslog \
        --with-suexec-bin=%{_sbindir}/suexec \
-       --with-suexec-uidmin=500 --with-suexec-gidmin=100 \
+       --with-suexec-uidmin=50 --with-suexec-gidmin=50 \
         --enable-pie \
         --with-pcre \
         --enable-mods-shared=all \
@@ -542,7 +560,8 @@
 %{_sbindir}/fcgistarter
 %{_sbindir}/apachectl
 %{_sbindir}/rotatelogs
-%caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
+# cap_dac_override needed to write to /var/log/httpd
+%caps(cap_setuid,cap_setgid,cap_dac_override+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
 
 %dir %{_libdir}/httpd
 %dir %{_libdir}/httpd/modules
@@ -1014,3 +1033,8 @@
 * Sun Apr 04 2010 Robert Scheck <robert@fedoraproject.org> - 2.2.15-1
 - update to 2.2.15 (#572404, #579311)
 
+Patch1001: httpd-suexec-scripts.patch
+Patch1002: httpd-mod_status-security.patch
+Patch1003: httpd-304s.patch
+Patch1004: httpd-fixup-vhost.patch
+Patch1005: httpd-allow-null-user.patch