source: trunk/server/fedora/specs/httpd.spec.patch @ 2371

Last change on this file since 2371 was 2321, checked in by geofft, 12 years ago
Disable SSL compression to defend against rumored side-channel attack
File size: 2.5 KB
  • httpd.spec

    old new  
    99Summary: Apache HTTP Server
    1010Name: httpd
    1111Version: 2.2.22
    12 Release: 4%{?dist}
     12Release: 4%{?dist}.scripts.%{scriptsversion}
    1313URL: http://httpd.apache.org/
    1414Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
    1515Source1: index.html
     
    5858Requires(postun): systemd-units
    5959Requires(post): systemd-units
    6060
     61Provides: scripts-httpd = %{version}-%{release}
     62Patch1000: httpd-suexec-scripts.patch
     63Patch1003: httpd-2.2.x-mod_status-security.patch
     64Patch1004: httpd-2.2.x-304.patch
     65Patch1005: httpd-2.2.x-mod_ssl-sessioncaching.patch
     66Patch1006: httpd-suexec-cloexec.patch
     67Patch1007: httpd-fixup-vhost.patch
     68Patch1008: httpd-SSLCompression.patch
     69
    6170%description
    6271The Apache HTTP Server is a powerful, efficient, and extensible
    6372web server.
     
    6878Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
    6979Requires: apr-devel, apr-util-devel, pkgconfig
    7080Requires: httpd = %{version}-%{release}
     81Provides: scripts-httpd-devel = %{version}-%{release}
    7182
    7283%description devel
    7384The httpd-devel package contains the APXS binary and other files
     
    106117Requires(post): openssl, /bin/cat
    107118Requires(pre): httpd
    108119Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
     120Provides: scripts-mod_ssl
    109121Obsoletes: stronghold-mod_ssl
    110122
    111123%description -n mod_ssl
     
    133150# Patch in vendor/release string
    134151sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
    135152
     153%patch1000 -p1 -b .scripts
     154%patch1003 -p1 -b .permitstatus
     155%patch1004 -p1 -b .scripts-304
     156%patch1005 -p1 -b .ssl-sessioncache
     157%patch1006 -p1 -b .cloexec
     158%patch1007 -p1 -b .fixup-vhost
     159%patch1008 -p1 -b .sslcompression
     160
    136161# Safety check: prevent build if defined MMN does not equal upstream MMN.
    137162vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
    138163if test "x${vmmn}" != "x%{mmn}"; then
     
    193219        --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
    194220        --enable-suexec --with-suexec \
    195221        --with-suexec-caller=%{suexec_caller} \
    196         --with-suexec-docroot=%{contentdir} \
     222        --with-suexec-docroot=/ \
     223        --with-suexec-userdir=web_scripts \
     224        --with-suexec-trusteddir=/usr/libexec/scripts-trusted \
    197225        --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
    198226        --with-suexec-bin=%{_sbindir}/suexec \
    199         --with-suexec-uidmin=500 --with-suexec-gidmin=100 \
     227        --with-suexec-uidmin=50 --with-suexec-gidmin=50 \
    200228        --enable-pie \
    201229        --with-pcre \
    202230        $*
Note: See TracBrowser for help on using the repository browser.