source: trunk/server/fedora/specs/httpd.spec.patch @ 1348

Last change on this file since 1348 was 1348, checked in by mitchb, 13 years ago
Prompt for certs once, not five bajillion times (fix SSL session caching) Clients that support both the SNI extension and the TLS Session Tickets extension have problems that, among other things, result in many of our cert-protected sites requesting the user's certs an inordinate number of times. This will supposedly be fixed in later versions of openssl, but in the meantime, this applies the patch proposed here: with the following modifications: o Remove the documentation chunk of the patch (it applies to the source XML file which isn't part of the distribution tarball) o Expand the macro SSL_CTX_set_tlsext_ticket_keys in two places to work around the typo in our version of openssl corrected by this upstream commit:
File size: 2.0 KB
  • httpd.spec

    old new  
    77Summary: Apache HTTP Server
    88Name: httpd
    99Version: 2.2.13
    10 Release: 1%{?dist}
     10Release: 1.scripts.%{scriptsversion}%{?dist}
    1313Source1: index.html
    5555Conflicts: pcre < 4.0
    5656Requires: httpd-tools = %{version}-%{release}, apr-util-ldap
     58Provides: scripts-httpd
     59Patch1000: httpd-suexec-scripts.patch
     60Patch1003: httpd-2.2.x-mod_status-security.patch
     61Patch1004: httpd-2.2.x-304.patch
     62Patch1005: httpd-2.2.x-mod_ssl-sessioncaching.patch
    5965The Apache HTTP Server is a powerful, efficient, and extensible
    6066web server.
    101107BuildRequires: openssl-devel, distcache-devel
    102108Requires(post): openssl >= 0.9.7f-4, /bin/cat
    103109Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmn}
     110Provides: scripts-mod_ssl
    104111Obsoletes: stronghold-mod_ssl
    106113%description -n mod_ssl
    128135# Patch in vendor/release string
    129136sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
     138%patch1000 -p1 -b .scripts
     139%patch1003 -p1 -b .permitstatus
     140%patch1004 -p1 -b .scripts-304
     141%patch1005 -p1 -b .ssl-sessioncache
    131143# Safety check: prevent build if defined MMN does not equal upstream MMN.
    132144vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
    133145if test "x${vmmn}" != "x%{mmn}"; then
    176188        --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
    177189        --enable-suexec --with-suexec \
    178190        --with-suexec-caller=%{suexec_caller} \
    179         --with-suexec-docroot=%{contentdir} \
     191        --with-suexec-docroot=/ \
     192        --with-suexec-userdir=web_scripts \
     193        --with-suexec-trusteddir=/usr/libexec/scripts-trusted \
    180194        --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
    181195        --with-suexec-bin=%{_sbindir}/suexec \
    182         --with-suexec-uidmin=500 --with-suexec-gidmin=100 \
     196        --with-suexec-uidmin=50 --with-suexec-gidmin=50 \
    183197        --enable-pie \
    184198        --with-pcre \
    185199        $*
Note: See TracBrowser for help on using the repository browser.