[2066] | 1 | --- httpd.spec.orig 2011-09-13 09:43:36.000000000 -0400 |
---|
| 2 | +++ httpd.spec 2011-11-05 20:57:13.910145847 -0400 |
---|
| 3 | @@ -8,7 +8,7 @@ |
---|
[926] | 4 | Summary: Apache HTTP Server |
---|
| 5 | Name: httpd |
---|
[2066] | 6 | Version: 2.2.21 |
---|
| 7 | -Release: 1%{?dist} |
---|
| 8 | +Release: 1%{?dist}.scripts.%{scriptsversion} |
---|
[926] | 9 | URL: http://httpd.apache.org/ |
---|
[1738] | 10 | Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 |
---|
[926] | 11 | Source1: index.html |
---|
[2134] | 12 | @@ -54,6 +54,18 @@ |
---|
[2066] | 13 | Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa} |
---|
| 14 | Requires: httpd-tools = %{version}-%{release}, apr-util-ldap, systemd-units |
---|
[1] | 15 | |
---|
[2066] | 16 | +Provides: scripts-httpd = %{version}-%{release} |
---|
[1] | 17 | +Patch1000: httpd-suexec-scripts.patch |
---|
[795] | 18 | +Patch1003: httpd-2.2.x-mod_status-security.patch |
---|
[1035] | 19 | +Patch1004: httpd-2.2.x-304.patch |
---|
[1348] | 20 | +Patch1005: httpd-2.2.x-mod_ssl-sessioncaching.patch |
---|
[1356] | 21 | +Patch1006: httpd-suexec-cloexec.patch |
---|
[1602] | 22 | +Patch1007: httpd-fixup-vhost.patch |
---|
[2066] | 23 | +Patch1008: httpd-sysv-deps.patch |
---|
[2134] | 24 | +Patch1009: httpd-2.2.x-CVE-2011-3607.patch |
---|
| 25 | +Patch1010: httpd-2.2.x-CVE-2012-0053.patch |
---|
| 26 | +Patch1011: httpd-2.2.x-CVE-2012-0031.patch |
---|
[1] | 27 | + |
---|
| 28 | %description |
---|
| 29 | The Apache HTTP Server is a powerful, efficient, and extensible |
---|
| 30 | web server. |
---|
[2066] | 31 | @@ -64,6 +73,7 @@ |
---|
[1607] | 32 | Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel |
---|
| 33 | Requires: apr-devel, apr-util-devel, pkgconfig |
---|
| 34 | Requires: httpd = %{version}-%{release} |
---|
[2066] | 35 | +Provides: scripts-httpd-devel = %{version}-%{release} |
---|
[1607] | 36 | |
---|
| 37 | %description devel |
---|
| 38 | The httpd-devel package contains the APXS binary and other files |
---|
[2066] | 39 | @@ -102,6 +112,7 @@ |
---|
| 40 | Requires(post): openssl, /bin/cat |
---|
[1499] | 41 | Requires(pre): httpd |
---|
[2066] | 42 | Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} |
---|
[925] | 43 | +Provides: scripts-mod_ssl |
---|
| 44 | Obsoletes: stronghold-mod_ssl |
---|
| 45 | |
---|
| 46 | %description -n mod_ssl |
---|
[2066] | 47 | @@ -110,6 +121,11 @@ |
---|
| 48 | Security (TLS) protocols. |
---|
| 49 | |
---|
| 50 | %prep |
---|
| 51 | + |
---|
| 52 | +# Horrible hack to patch the httpd.init file |
---|
| 53 | +cd $RPM_SOURCE_DIR |
---|
| 54 | +%patch1008 -p1 -b .sysv-deps |
---|
| 55 | + |
---|
| 56 | %setup -q |
---|
| 57 | %patch1 -p1 -b .apctl |
---|
| 58 | %patch2 -p1 -b .apxs |
---|
[2134] | 59 | @@ -128,6 +144,17 @@ |
---|
[1] | 60 | # Patch in vendor/release string |
---|
| 61 | sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1 |
---|
| 62 | |
---|
| 63 | +%patch1000 -p1 -b .scripts |
---|
[795] | 64 | +%patch1003 -p1 -b .permitstatus |
---|
[1035] | 65 | +%patch1004 -p1 -b .scripts-304 |
---|
[1348] | 66 | +%patch1005 -p1 -b .ssl-sessioncache |
---|
[1356] | 67 | +%patch1006 -p1 -b .cloexec |
---|
[1602] | 68 | +%patch1007 -p1 -b .fixup-vhost |
---|
[2134] | 69 | +# Note that patch1008 is not here, as it patches the initscript elsewhere in this .spec |
---|
| 70 | +%patch1009 -p4 -b .cve-2011-3607 |
---|
| 71 | +%patch1010 -p4 -b .cve-2012-0053 |
---|
| 72 | +%patch1011 -p4 -b .cve-2012-0031 |
---|
[1] | 73 | + |
---|
| 74 | # Safety check: prevent build if defined MMN does not equal upstream MMN. |
---|
| 75 | vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'` |
---|
| 76 | if test "x${vmmn}" != "x%{mmn}"; then |
---|
[2066] | 77 | @@ -175,10 +198,12 @@ |
---|
[684] | 78 | --with-apr=%{_prefix} --with-apr-util=%{_prefix} \ |
---|
| 79 | --enable-suexec --with-suexec \ |
---|
| 80 | --with-suexec-caller=%{suexec_caller} \ |
---|
| 81 | - --with-suexec-docroot=%{contentdir} \ |
---|
[1288] | 82 | + --with-suexec-docroot=/ \ |
---|
[684] | 83 | + --with-suexec-userdir=web_scripts \ |
---|
[824] | 84 | + --with-suexec-trusteddir=/usr/libexec/scripts-trusted \ |
---|
[684] | 85 | --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \ |
---|
| 86 | --with-suexec-bin=%{_sbindir}/suexec \ |
---|
| 87 | - --with-suexec-uidmin=500 --with-suexec-gidmin=100 \ |
---|
| 88 | + --with-suexec-uidmin=50 --with-suexec-gidmin=50 \ |
---|
| 89 | --enable-pie \ |
---|
| 90 | --with-pcre \ |
---|
| 91 | $* |
---|