source: trunk/server/fedora/specs/httpd.spec.patch @ 2157

Last change on this file since 2157 was 2157, checked in by ezyang, 10 years ago
Latest httpd fixes CVEs we were patching.
File size: 2.8 KB
  • httpd.spec

    old new  
    88Summary: Apache HTTP Server
    99Name: httpd
    1010Version: 2.2.22
    11 Release: 1%{?dist}
     11Release: 1%{?dist}.scripts.%{scriptsversion}
    1212URL: http://httpd.apache.org/
    1313Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
    1414Source1: index.html
     
    5454Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
    5555Requires: httpd-tools = %{version}-%{release}, apr-util-ldap, systemd-units
    5656
     57Provides: scripts-httpd = %{version}-%{release}
     58Patch1000: httpd-suexec-scripts.patch
     59Patch1003: httpd-2.2.x-mod_status-security.patch
     60Patch1004: httpd-2.2.x-304.patch
     61Patch1005: httpd-2.2.x-mod_ssl-sessioncaching.patch
     62Patch1006: httpd-suexec-cloexec.patch
     63Patch1007: httpd-fixup-vhost.patch
     64Patch1008: httpd-sysv-deps.patch
     65
    5766%description
    5867The Apache HTTP Server is a powerful, efficient, and extensible
    5968web server.
     
    6476Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
    6577Requires: apr-devel, apr-util-devel, pkgconfig
    6678Requires: httpd = %{version}-%{release}
     79Provides: scripts-httpd-devel = %{version}-%{release}
    6780
    6881%description devel
    6982The httpd-devel package contains the APXS binary and other files
     
    102115Requires(post): openssl, /bin/cat
    103116Requires(pre): httpd
    104117Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
     118Provides: scripts-mod_ssl
    105119Obsoletes: stronghold-mod_ssl
    106120
    107121%description -n mod_ssl
     
    110124Security (TLS) protocols.
    111125
    112126%prep
     127
     128# Horrible hack to patch the httpd.init file
     129cd $RPM_SOURCE_DIR
     130%patch1008 -p1 -b .sysv-deps
     131
    113132%setup -q
    114133%patch1 -p1 -b .apctl
    115134%patch2 -p1 -b .apxs
     
    128147# Patch in vendor/release string
    129148sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
    130149
     150%patch1000 -p1 -b .scripts
     151%patch1003 -p1 -b .permitstatus
     152%patch1004 -p1 -b .scripts-304
     153%patch1005 -p1 -b .ssl-sessioncache
     154%patch1006 -p1 -b .cloexec
     155%patch1007 -p1 -b .fixup-vhost
     156# Note that patch1008 is not here, as it patches the initscript elsewhere in this .spec
     157
    131158# Safety check: prevent build if defined MMN does not equal upstream MMN.
    132159vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
    133160if test "x${vmmn}" != "x%{mmn}"; then
     
    175205        --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
    176206        --enable-suexec --with-suexec \
    177207        --with-suexec-caller=%{suexec_caller} \
    178         --with-suexec-docroot=%{contentdir} \
     208        --with-suexec-docroot=/ \
     209        --with-suexec-userdir=web_scripts \
     210        --with-suexec-trusteddir=/usr/libexec/scripts-trusted \
    179211        --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
    180212        --with-suexec-bin=%{_sbindir}/suexec \
    181         --with-suexec-uidmin=500 --with-suexec-gidmin=100 \
     213        --with-suexec-uidmin=50 --with-suexec-gidmin=50 \
    182214        --enable-pie \
    183215        --with-pcre \
    184216        $*
Note: See TracBrowser for help on using the repository browser.