source: trunk/server/fedora/specs/httpd.spec.patch @ 1355

Last change on this file since 1355 was 1348, checked in by mitchb, 15 years ago
Prompt for certs once, not five bajillion times (fix SSL session caching) Clients that support both the SNI extension and the TLS Session Tickets extension have problems that, among other things, result in many of our cert-protected sites requesting the user's certs an inordinate number of times. This will supposedly be fixed in later versions of openssl, but in the meantime, this applies the patch proposed here: http://mail-archives.apache.org/mod_mbox/httpd-dev/200911.mbox/ajax/%3c4AF58A80.5080101@velox.ch%3e with the following modifications: o Remove the documentation chunk of the patch (it applies to the source XML file which isn't part of the distribution tarball) o Expand the macro SSL_CTX_set_tlsext_ticket_keys in two places to work around the typo in our version of openssl corrected by this upstream commit: http://marc.info/?l=openssl-cvs&m=124638969912935&w=2
File size: 2.0 KB
RevLine 
[1348]1--- httpd.spec.orig     2009-11-08 08:58:40.000000000 -0500
2+++ httpd.spec  2009-11-08 09:00:43.000000000 -0500
[1259]3@@ -7,7 +7,7 @@
[926]4 Summary: Apache HTTP Server
5 Name: httpd
[1306]6 Version: 2.2.13
7-Release: 1%{?dist}
8+Release: 1.scripts.%{scriptsversion}%{?dist}
[926]9 URL: http://httpd.apache.org/
10 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
11 Source1: index.html
[1348]12@@ -55,6 +55,12 @@
[1]13 Conflicts: pcre < 4.0
[1259]14 Requires: httpd-tools = %{version}-%{release}, apr-util-ldap
[1]15 
[925]16+Provides: scripts-httpd
[1]17+Patch1000: httpd-suexec-scripts.patch
[795]18+Patch1003: httpd-2.2.x-mod_status-security.patch
[1035]19+Patch1004: httpd-2.2.x-304.patch
[1348]20+Patch1005: httpd-2.2.x-mod_ssl-sessioncaching.patch
[1]21+
22 %description
23 The Apache HTTP Server is a powerful, efficient, and extensible
24 web server.
[1348]25@@ -101,6 +107,7 @@
[925]26 BuildRequires: openssl-devel, distcache-devel
27 Requires(post): openssl >= 0.9.7f-4, /bin/cat
28 Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmn}
29+Provides: scripts-mod_ssl
30 Obsoletes: stronghold-mod_ssl
31 
32 %description -n mod_ssl
[1348]33@@ -128,6 +135,11 @@
[1]34 # Patch in vendor/release string
35 sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
36 
37+%patch1000 -p1 -b .scripts
[795]38+%patch1003 -p1 -b .permitstatus
[1035]39+%patch1004 -p1 -b .scripts-304
[1348]40+%patch1005 -p1 -b .ssl-sessioncache
[1]41+
42 # Safety check: prevent build if defined MMN does not equal upstream MMN.
43 vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
44 if test "x${vmmn}" != "x%{mmn}"; then
[1348]45@@ -176,10 +188,12 @@
[684]46         --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
47        --enable-suexec --with-suexec \
48        --with-suexec-caller=%{suexec_caller} \
49-       --with-suexec-docroot=%{contentdir} \
[1288]50+       --with-suexec-docroot=/ \
[684]51+       --with-suexec-userdir=web_scripts \
[824]52+       --with-suexec-trusteddir=/usr/libexec/scripts-trusted \
[684]53        --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
54        --with-suexec-bin=%{_sbindir}/suexec \
55-       --with-suexec-uidmin=500 --with-suexec-gidmin=100 \
56+       --with-suexec-uidmin=50 --with-suexec-gidmin=50 \
57         --enable-pie \
58         --with-pcre \
59        $*
Note: See TracBrowser for help on using the repository browser.