source: trunk/server/fedora/specs/httpd.spec.patch @ 2625

Last change on this file since 2625 was 2625, checked in by andersk, 9 years ago
Patch httpd crash when using SSL variables on non-SSL connections https://issues.apache.org/bugzilla/show_bug.cgi?id=57070
File size: 3.2 KB
RevLine 
[2625]1--- httpd.spec.~1~      2014-07-23 06:24:15.000000000 -0400
2+++ httpd.spec  2014-10-09 03:26:23.922059553 -0400
[2591]3@@ -15,7 +15,7 @@
[926]4 Summary: Apache HTTP Server
5 Name: httpd
[2591]6 Version: 2.4.10
[2377]7-Release: 1%{?dist}
8+Release: 1%{?dist}.scripts.%{scriptsversion}
[926]9 URL: http://httpd.apache.org/
[1738]10 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
[926]11 Source1: index.html
[2625]12@@ -65,6 +65,15 @@
[2591]13 # Bug fixes
14 Patch55: httpd-2.4.4-malformed-host.patch
15 Patch56: httpd-2.4.4-mod_unique_id.patch
16+
17+Patch1001: httpd-suexec-scripts.patch
18+Patch1002: httpd-mod_status-security.patch
19+Patch1003: httpd-304s.patch
20+Patch1004: httpd-fixup-vhost.patch
21+Patch1005: httpd-allow-null-user.patch
[2602]22+Patch1006: httpd-suexec-journald.patch
[2625]23+Patch1007: httpd-bug57070.patch
[2591]24+
25 License: ASL 2.0
26 Group: System Environment/Daemons
27 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
[2625]28@@ -77,6 +86,7 @@
[2591]29 Provides: webserver
30 Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
31 Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}, httpd-mmn = %{oldmmnisa}
[2066]32+Provides: scripts-httpd = %{version}-%{release}
[2591]33 Requires: httpd-tools = %{version}-%{release}
34 Requires(pre): /usr/sbin/useradd
35 Requires(preun): systemd-units
[2625]36@@ -94,6 +104,7 @@
[1607]37 Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
38 Requires: apr-devel, apr-util-devel, pkgconfig
39 Requires: httpd = %{version}-%{release}
[2066]40+Provides: scripts-httpd-devel = %{version}-%{release}
[1607]41 
42 %description devel
43 The httpd-devel package contains the APXS binary and other files
[2625]44@@ -132,6 +143,7 @@
[2066]45 Requires(post): openssl, /bin/cat
[1499]46 Requires(pre): httpd
[2066]47 Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
[925]48+Provides: scripts-mod_ssl
49 Obsoletes: stronghold-mod_ssl
50 
51 %description -n mod_ssl
[2625]52@@ -190,6 +202,14 @@
[2591]53 %patch55 -p1 -b .malformedhost
54 %patch56 -p1 -b .uniqueid
[1]55 
[2591]56+%patch1001 -p1 -b .suexec-scripts
57+%patch1002 -p1 -b .mod_status-security
58+%patch1003 -p1 -b .scripts-304s
59+%patch1004 -p1 -b .fixup-vhost
60+%patch1005 -p1 -b .allow-null-user
[2602]61+%patch1006 -p1 -b .journald
[2625]62+%patch1007 -p0 -b .bug57070
[1]63+
[2591]64 # Patch in the vendor string
65 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
66 
[2625]67@@ -242,11 +262,13 @@
[684]68        --enable-suexec --with-suexec \
[2591]69         --enable-suexec-capabilities \
[684]70        --with-suexec-caller=%{suexec_caller} \
[2591]71-       --with-suexec-docroot=%{docroot} \
72-       --without-suexec-logfile \
73-        --with-suexec-syslog \
[1288]74+       --with-suexec-docroot=/ \
[684]75+       --with-suexec-userdir=web_scripts \
[824]76+       --with-suexec-trusteddir=/usr/libexec/scripts-trusted \
[2591]77+       --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
78+        --without-suexec-syslog \
[684]79        --with-suexec-bin=%{_sbindir}/suexec \
80-       --with-suexec-uidmin=500 --with-suexec-gidmin=100 \
81+       --with-suexec-uidmin=50 --with-suexec-gidmin=50 \
82         --enable-pie \
83         --with-pcre \
[2591]84         --enable-mods-shared=all \
[2625]85@@ -542,7 +564,8 @@
[2591]86 %{_sbindir}/fcgistarter
87 %{_sbindir}/apachectl
88 %{_sbindir}/rotatelogs
89-%caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
90+# cap_dac_override needed to write to /var/log/httpd
91+%caps(cap_setuid,cap_setgid,cap_dac_override+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
92 
93 %dir %{_libdir}/httpd
94 %dir %{_libdir}/httpd/modules
Note: See TracBrowser for help on using the repository browser.