source: trunk/server/fedora/specs/httpd.spec.patch @ 2134

Last change on this file since 2134 was 2134, checked in by achernya, 11 years ago
Patch httpd against some security vulnerabilities.
File size: 3.0 KB
  • httpd.spec

    old new  
    88Summary: Apache HTTP Server
    99Name: httpd
    1010Version: 2.2.21
    11 Release: 1%{?dist}
     11Release: 1%{?dist}.scripts.%{scriptsversion}
    1212URL: http://httpd.apache.org/
    1313Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
    1414Source1: index.html
     
    5454Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
    5555Requires: httpd-tools = %{version}-%{release}, apr-util-ldap, systemd-units
    5656
     57Provides: scripts-httpd = %{version}-%{release}
     58Patch1000: httpd-suexec-scripts.patch
     59Patch1003: httpd-2.2.x-mod_status-security.patch
     60Patch1004: httpd-2.2.x-304.patch
     61Patch1005: httpd-2.2.x-mod_ssl-sessioncaching.patch
     62Patch1006: httpd-suexec-cloexec.patch
     63Patch1007: httpd-fixup-vhost.patch
     64Patch1008: httpd-sysv-deps.patch
     65Patch1009: httpd-2.2.x-CVE-2011-3607.patch
     66Patch1010: httpd-2.2.x-CVE-2012-0053.patch
     67Patch1011: httpd-2.2.x-CVE-2012-0031.patch
     68
    5769%description
    5870The Apache HTTP Server is a powerful, efficient, and extensible
    5971web server.
     
    6473Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
    6574Requires: apr-devel, apr-util-devel, pkgconfig
    6675Requires: httpd = %{version}-%{release}
     76Provides: scripts-httpd-devel = %{version}-%{release}
    6777
    6878%description devel
    6979The httpd-devel package contains the APXS binary and other files
     
    102112Requires(post): openssl, /bin/cat
    103113Requires(pre): httpd
    104114Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
     115Provides: scripts-mod_ssl
    105116Obsoletes: stronghold-mod_ssl
    106117
    107118%description -n mod_ssl
     
    110121Security (TLS) protocols.
    111122
    112123%prep
     124
     125# Horrible hack to patch the httpd.init file
     126cd $RPM_SOURCE_DIR
     127%patch1008 -p1 -b .sysv-deps
     128
    113129%setup -q
    114130%patch1 -p1 -b .apctl
    115131%patch2 -p1 -b .apxs
     
    128144# Patch in vendor/release string
    129145sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
    130146
     147%patch1000 -p1 -b .scripts
     148%patch1003 -p1 -b .permitstatus
     149%patch1004 -p1 -b .scripts-304
     150%patch1005 -p1 -b .ssl-sessioncache
     151%patch1006 -p1 -b .cloexec
     152%patch1007 -p1 -b .fixup-vhost
     153# Note that patch1008 is not here, as it patches the initscript elsewhere in this .spec
     154%patch1009 -p4 -b .cve-2011-3607
     155%patch1010 -p4 -b .cve-2012-0053
     156%patch1011 -p4 -b .cve-2012-0031
     157
    131158# Safety check: prevent build if defined MMN does not equal upstream MMN.
    132159vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
    133160if test "x${vmmn}" != "x%{mmn}"; then
     
    175198        --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
    176199        --enable-suexec --with-suexec \
    177200        --with-suexec-caller=%{suexec_caller} \
    178         --with-suexec-docroot=%{contentdir} \
     201        --with-suexec-docroot=/ \
     202        --with-suexec-userdir=web_scripts \
     203        --with-suexec-trusteddir=/usr/libexec/scripts-trusted \
    179204        --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
    180205        --with-suexec-bin=%{_sbindir}/suexec \
    181         --with-suexec-uidmin=500 --with-suexec-gidmin=100 \
     206        --with-suexec-uidmin=50 --with-suexec-gidmin=50 \
    182207        --enable-pie \
    183208        --with-pcre \
    184209        $*
Note: See TracBrowser for help on using the repository browser.