[httpd] update to 2.4.1
jorton
jorton at fedoraproject.org
Fri Mar 23 14:51:07 UTC 2012
commit 3a44ff765502ac564b64b4958239d30e8566dcaf
Author: Joe Orton <jorton at redhat.com>
Date: Tue Mar 13 09:55:18 2012 +0000
update to 2.4.1
- adopt upstream default httpd.conf (almost verbatim)
- split all LoadModules to conf.modules.d/*.conf
- include conf.d/*.conf at end of httpd.conf
- trim %changelog
00-base.conf | 78 ++
00-dav.conf | 3 +
00-ldap.conf | 2 +
00-lua.conf | 1 +
00-mpm.conf | 19 +
00-proxy.conf | 15 +
00-ssl.conf | 1 +
01-cgi.conf | 14 +
httpd-2.0.45-export.patch | 20 -
httpd-2.1.10-apxs.patch | 97 --
httpd-2.1.10-disablemods.patch | 36 -
httpd-2.1.10-layout.patch | 17 -
httpd-2.1.10-pod.patch | 53 --
httpd-2.2.19-logresolve-ipv6.patch | 580 ------------
httpd-2.2.21-mod_proxy-change-state.patch | 255 -----
httpd-2.2.22-pcre830.patch | 24 -
httpd-2.2.9-deplibs.patch | 20 -
httpd-2.2.9-suenable.patch | 21 -
...d-2.1.10-apctl.patch => httpd-2.4.1-apctl.patch | 41 +-
httpd-2.4.1-apr14.patch | 22 +
httpd-2.4.1-apxs.patch | 56 ++
...-corelimit.patch => httpd-2.4.1-corelimit.patch | 12 +-
httpd-2.4.1-deplibs.patch | 19 +
httpd-2.4.1-export.patch | 20 +
httpd-2.4.1-layout.patch | 29 +
...2.11-selinux.patch => httpd-2.4.1-selinux.patch | 29 +-
httpd-2.4.1-suenable.patch | 18 +
httpd.conf | 967 ++++----------------
httpd.service | 10 +-
httpd.spec | 545 ++---------
httpd.sysconf | 6 +-
manual.conf | 7 +-
sources | 2 +-
ssl.conf | 41 +-
userdir.conf | 36 +
welcome.conf | 17 +-
36 files changed, 663 insertions(+), 2470 deletions(-)
---
diff --git a/00-base.conf b/00-base.conf
new file mode 100644
index 0000000..8bbf425
--- /dev/null
+++ b/00-base.conf
@@ -0,0 +1,78 @@
+#
+# This file loads most of the modules included with the Apache HTTP
+# Server itself.
+#
+
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule actions_module modules/mod_actions.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule allowmethods_module modules/mod_allowmethods.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule auth_digest_module modules/mod_auth_digest.so
+LoadModule authn_anon_module modules/mod_authn_anon.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authn_dbd_module modules/mod_authn_dbd.so
+LoadModule authn_dbm_module modules/mod_authn_dbm.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authn_socache_module modules/mod_authn_socache.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_dbd_module modules/mod_authz_dbd.so
+LoadModule authz_dbm_module modules/mod_authz_dbm.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_owner_module modules/mod_authz_owner.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule cache_module modules/mod_cache.so
+LoadModule cache_disk_module modules/mod_cache_disk.so
+LoadModule data_module modules/mod_data.so
+LoadModule dbd_module modules/mod_dbd.so
+LoadModule deflate_module modules/mod_deflate.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule dumpio_module modules/mod_dumpio.so
+LoadModule echo_module modules/mod_echo.so
+LoadModule env_module modules/mod_env.so
+LoadModule expires_module modules/mod_expires.so
+LoadModule ext_filter_module modules/mod_ext_filter.so
+LoadModule filter_module modules/mod_filter.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule include_module modules/mod_include.so
+LoadModule info_module modules/mod_info.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule log_debug_module modules/mod_log_debug.so
+LoadModule logio_module modules/mod_logio.so
+LoadModule mime_magic_module modules/mod_mime_magic.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule ratelimit_module modules/mod_ratelimit.so
+LoadModule remoteip_module modules/mod_remoteip.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
+LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
+LoadModule socache_dbm_module modules/mod_socache_dbm.so
+LoadModule socache_memcache_module modules/mod_socache_memcache.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule status_module modules/mod_status.so
+LoadModule substitute_module modules/mod_substitute.so
+LoadModule suexec_module modules/mod_suexec.so
+LoadModule unique_id_module modules/mod_unique_id.so
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule userdir_module modules/mod_userdir.so
+LoadModule version_module modules/mod_version.so
+LoadModule vhost_alias_module modules/mod_vhost_alias.so
+
+#LoadModule auth_form_module modules/mod_auth_form.so
+#LoadModule buffer_module modules/mod_buffer.so
+#LoadModule watchdog_module modules/mod_watchdog.so
+#LoadModule heartbeat_module modules/mod_heartbeat.so
+#LoadModule heartmonitor_module modules/mod_heartmonitor.so
+#LoadModule usertrack_module modules/mod_usertrack.so
+#LoadModule dialup_module modules/mod_dialup.so
+#LoadModule charset_lite_module modules/mod_charset_lite.so
+#LoadModule reflector_module modules/mod_reflector.so
+#LoadModule request_module modules/mod_request.so
+#LoadModule sed_module modules/mod_sed.so
+#LoadModule speling_module modules/mod_speling.so
+#LoadModule xml2enc_module modules/mod_xml2enc.so
diff --git a/00-dav.conf b/00-dav.conf
new file mode 100644
index 0000000..e6af8de
--- /dev/null
+++ b/00-dav.conf
@@ -0,0 +1,3 @@
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule dav_lock_module modules/mod_dav_lock.so
diff --git a/00-ldap.conf b/00-ldap.conf
new file mode 100644
index 0000000..81fe42f
--- /dev/null
+++ b/00-ldap.conf
@@ -0,0 +1,2 @@
+LoadModule ldap_module modules/mod_ldap.so
+LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
diff --git a/00-lua.conf b/00-lua.conf
new file mode 100644
index 0000000..9e0d0db
--- /dev/null
+++ b/00-lua.conf
@@ -0,0 +1 @@
+LoadModule lua_module modules/mod_lua.so
diff --git a/00-mpm.conf b/00-mpm.conf
new file mode 100644
index 0000000..7bfd1d4
--- /dev/null
+++ b/00-mpm.conf
@@ -0,0 +1,19 @@
+# Select the MPM module which should be used by uncommenting exactly
+# one of the following LoadModule lines:
+
+# prefork MPM: Implements a non-threaded, pre-forking web server
+# See: http://httpd.apache.org/docs/2.4/mod/prefork.html
+LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+
+# worker MPM: Multi-Processing Module implementing a hybrid
+# multi-threaded multi-process web server
+# See: http://httpd.apache.org/docs/2.4/mod/worker.html
+#
+#LoadModule mpm_worker_module modules/mod_mpm_worker.so
+
+# event MPM: A variant of the worker MPM with the goal of consuming
+# threads only for connections with active processing
+# See: http://httpd.apache.org/docs/2.4/mod/event.html
+#
+#LoadModule mpm_event_module modules/mod_mpm_event.so
+
diff --git a/00-proxy.conf b/00-proxy.conf
new file mode 100644
index 0000000..a446822
--- /dev/null
+++ b/00-proxy.conf
@@ -0,0 +1,15 @@
+# This file configures all the proxy modules:
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
+LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
+LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
+LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
+LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
+LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+LoadModule proxy_connect_module modules/mod_proxy_connect.so
+LoadModule proxy_express_module modules/mod_proxy_express.so
+LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
+LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
+LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
diff --git a/00-ssl.conf b/00-ssl.conf
new file mode 100644
index 0000000..53235cd
--- /dev/null
+++ b/00-ssl.conf
@@ -0,0 +1 @@
+LoadModule ssl_module modules/mod_ssl.so
diff --git a/01-cgi.conf b/01-cgi.conf
new file mode 100644
index 0000000..5b8b936
--- /dev/null
+++ b/01-cgi.conf
@@ -0,0 +1,14 @@
+# This configuration file loads a CGI module appropriate to the MPM
+# which has been configured in 00-mpm.conf. mod_cgid should be used
+# with a threaded MPM; mod_cgi with the prefork MPM.
+
+<IfModule mpm_worker_module>
+ LoadModule cgid_module modules/mod_cgid.so
+</IfModule>
+<IfModule mpm_event_module>
+ LoadModule cgid_module modules/mod_cgid.so
+</IfModule>
+<IfModule mpm_prefork_module>
+ LoadModule cgi_module modules/mod_cgi.so
+</IfModule>
+
diff --git a/httpd-2.1.10-apctl.patch b/httpd-2.4.1-apctl.patch
similarity index 72%
rename from httpd-2.1.10-apctl.patch
rename to httpd-2.4.1-apctl.patch
index 4e34ea6..b31c3c5 100644
--- a/httpd-2.1.10-apctl.patch
+++ b/httpd-2.4.1-apctl.patch
@@ -2,16 +2,15 @@
- fail gracefully if links is not installed on target system
- source sysconfig/httpd for custom env. vars etc.
- make httpd -t work even in SELinux
-- refuse to restart into a bad config
- pass $OPTIONS to all $HTTPD invocation
Upstream-HEAD: vendor
Upstream-2.0: vendor
Upstream-Status: Vendor-specific changes for better initscript integration
---- httpd-2.1.10/support/apachectl.in.apctl
-+++ httpd-2.1.10/support/apachectl.in
-@@ -43,19 +43,25 @@
+--- httpd-2.4.1/support/apachectl.in.apctl
++++ httpd-2.4.1/support/apachectl.in
+@@ -44,19 +44,25 @@ ARGV="$@"
# the path to your httpd binary, including options if necessary
HTTPD='@exp_sbindir@/@progname@'
#
@@ -42,7 +41,7 @@ Upstream-Status: Vendor-specific changes for better initscript integration
#
# Set this variable to a command that increases the maximum
# number of file descriptors allowed per child process. This is
-@@ -75,29 +81,51 @@
+@@ -76,9 +82,27 @@ if [ "x$ARGV" = "x" ] ; then
ARGV="-h"
fi
@@ -64,27 +63,15 @@ Upstream-Status: Vendor-specific changes for better initscript integration
+ERROR=$?
+}
+
- case $ARGV in
--start|stop|restart|graceful|graceful-stop)
+ case $ACMD in
+ start|stop|restart|graceful|graceful-stop)
- $HTTPD -k $ARGV
-- ERROR=$?
-+restart|graceful)
-+ if $HTTPD $OPTIONS -t >&/dev/null; then
-+ $HTTPD $OPTIONS -k $ARGV
-+ ERROR=$?
-+ else
-+ echo "apachectl: Configuration syntax error, will not run \"$ARGV\":"
-+ testconfig
-+ fi
- ;;
--startssl|sslstart|start-SSL)
-- echo The startssl option is no longer supported.
-- echo Please edit httpd.conf to include the SSL configuration settings
-- echo and then use "apachectl start".
-- ERROR=2
-+start|stop|graceful-stop)
+ $HTTPD $OPTIONS -k $ARGV
-+ ERROR=$?
+ ERROR=$?
+ ;;
+ startssl|sslstart|start-SSL)
+@@ -88,17 +112,18 @@ startssl|sslstart|start-SSL)
+ ERROR=2
;;
configtest)
- $HTTPD -t
@@ -92,7 +79,7 @@ Upstream-Status: Vendor-specific changes for better initscript integration
+ testconfig
;;
status)
-+ checklynx
++ checklynx
$LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
;;
fullstatus)
@@ -100,8 +87,8 @@ Upstream-Status: Vendor-specific changes for better initscript integration
$LYNX $STATUSURL
;;
*)
-- $HTTPD $ARGV
-+ $HTTPD $OPTIONS $ARGV
+- $HTTPD "$@"
++ $HTTPD $OPTIONS "$@"
ERROR=$?
esac
diff --git a/httpd-2.4.1-apr14.patch b/httpd-2.4.1-apr14.patch
new file mode 100644
index 0000000..4f685f3
--- /dev/null
+++ b/httpd-2.4.1-apr14.patch
@@ -0,0 +1,22 @@
+--- httpd-2.4.1/support/rotatelogs.c.apr14
++++ httpd-2.4.1/support/rotatelogs.c
+@@ -52,6 +52,7 @@
+ #if APR_FILES_AS_SOCKETS
+ #include "apr_poll.h"
+ #endif
++#include "apr_version.h"
+
+ #if APR_HAVE_STDLIB_H
+ #include <stdlib.h>
+@@ -295,7 +296,11 @@ static void post_rotate(apr_pool_t *pool
+ if (config->verbose) {
+ fprintf(stderr,"Linking %s to %s\n", newlog->name, config->linkfile);
+ }
++#if APR_VERSION_AT_LEAST(1,4,0)
+ rv = apr_file_link(newlog->name, config->linkfile);
++#else
++ rv = APR_ENOTIMPL;
++#endif
+ if (rv != APR_SUCCESS) {
+ char error[120];
+ apr_strerror(rv, error, sizeof error);
diff --git a/httpd-2.4.1-apxs.patch b/httpd-2.4.1-apxs.patch
new file mode 100644
index 0000000..62003ec
--- /dev/null
+++ b/httpd-2.4.1-apxs.patch
@@ -0,0 +1,56 @@
+--- httpd-2.4.1/support/apxs.in.apxs
++++ httpd-2.4.1/support/apxs.in
+@@ -25,7 +25,18 @@ package apxs;
+
+ my %config_vars = ();
+
+-my $installbuilddir = "@exp_installbuilddir@";
++# Awful hack to make apxs libdir-agnostic:
++my $pkg_config = "/usr/bin/pkg-config";
++if (! -x "$pkg_config") {
++ error("$pkg_config not found!");
++ exit(1);
++}
++
++my $libdir = `pkg-config --variable=libdir apr-1`;
++chomp $libdir;
++
++my $installbuilddir = $libdir . "/httpd/build";
++
+ get_config_vars("$installbuilddir/config_vars.mk",\%config_vars);
+
+ # read the configuration variables once
+@@ -273,7 +284,7 @@ if ($opt_g) {
+ $data =~ s|%NAME%|$name|sg;
+ $data =~ s|%TARGET%|$CFG_TARGET|sg;
+ $data =~ s|%PREFIX%|$prefix|sg;
+- $data =~ s|%INSTALLBUILDDIR%|$installbuilddir|sg;
++ $data =~ s|%LIBDIR%|$libdir|sg;
+
+ my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s);
+
+@@ -450,11 +461,11 @@ if ($opt_c) {
+
+ if ($opt_p == 1) {
+
+- my $apr_libs=`$apr_config --cflags --ldflags --link-libtool --libs`;
++ my $apr_libs=`$apr_config --cflags --ldflags --link-libtool`;
+ chomp($apr_libs);
+ my $apu_libs="";
+ if ($apr_major_version < 2) {
+- $apu_libs=`$apu_config --ldflags --link-libtool --libs`;
++ $apu_libs=`$apu_config --ldflags --link-libtool`;
+ chomp($apu_libs);
+ }
+
+@@ -669,8 +680,8 @@ __DATA__
+
+ builddir=.
+ top_srcdir=%PREFIX%
+-top_builddir=%PREFIX%
+-include %INSTALLBUILDDIR%/special.mk
++top_builddir=%LIBDIR%/httpd
++include %LIBDIR%/httpd/build/special.mk
+
+ # the used tools
+ APXS=apxs
diff --git a/httpd-2.2.11-corelimit.patch b/httpd-2.4.1-corelimit.patch
similarity index 76%
rename from httpd-2.2.11-corelimit.patch
rename to httpd-2.4.1-corelimit.patch
index 0c8d72a..96f8486 100644
--- a/httpd-2.2.11-corelimit.patch
+++ b/httpd-2.4.1-corelimit.patch
@@ -5,12 +5,12 @@ configured.
Upstream-Status: Was discussed but there are competing desires;
there are portability oddities here too.
---- httpd-2.2.11/server/core.c.corelimit
-+++ httpd-2.2.11/server/core.c
-@@ -3777,6 +3779,25 @@ static int core_post_config(apr_pool_t *
-
- set_banner(pconf);
- ap_setup_make_content_type(pconf);
+--- httpd-2.4.1/server/core.c.corelimit
++++ httpd-2.4.1/server/core.c
+@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t *
+ }
+ apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper,
+ apr_pool_cleanup_null);
+
+#ifdef RLIMIT_CORE
+ if (ap_coredumpdir_configured) {
diff --git a/httpd-2.4.1-deplibs.patch b/httpd-2.4.1-deplibs.patch
new file mode 100644
index 0000000..b73c21d
--- /dev/null
+++ b/httpd-2.4.1-deplibs.patch
@@ -0,0 +1,19 @@
+
+Link straight against .la files.
+
+Upstream-Status: vendor specific
+
+--- httpd-2.4.1/configure.in.deplibs
++++ httpd-2.4.1/configure.in
+@@ -707,9 +707,9 @@ APACHE_HELP_STRING(--with-suexec-umask,u
+
+ dnl APR should go after the other libs, so the right symbols can be picked up
+ if test x${apu_found} != xobsolete; then
+- AP_LIBS="$AP_LIBS `$apu_config --avoid-ldap --link-libtool --libs`"
++ AP_LIBS="$AP_LIBS `$apu_config --avoid-ldap --link-libtool`"
+ fi
+-AP_LIBS="$AP_LIBS `$apr_config --link-libtool --libs`"
++AP_LIBS="$AP_LIBS `$apr_config --link-libtool`"
+ APACHE_SUBST(AP_LIBS)
+ APACHE_SUBST(AP_BUILD_SRCLIB_DIRS)
+ APACHE_SUBST(AP_CLEAN_SRCLIB_DIRS)
diff --git a/httpd-2.4.1-export.patch b/httpd-2.4.1-export.patch
new file mode 100644
index 0000000..2c1a884
--- /dev/null
+++ b/httpd-2.4.1-export.patch
@@ -0,0 +1,20 @@
+
+There is no need to "suck in" the apr/apr-util symbols when using
+a shared libapr{,util}, it just bloats the symbol table; so don't.
+
+Upstream-HEAD: needed
+Upstream-2.0: omit
+Upstream-Status: EXPORT_DIRS change is conditional on using shared apr
+
+--- httpd-2.4.1/server/Makefile.in.export
++++ httpd-2.4.1/server/Makefile.in
+@@ -57,9 +57,6 @@ export_files:
+ ( for dir in $(EXPORT_DIRS); do \
+ ls $$dir/*.h ; \
+ done; \
+- for dir in $(EXPORT_DIRS_APR); do \
+- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \
+- done; \
+ ) | sort -u > $@
+
+ exports.c: export_files
diff --git a/httpd-2.4.1-layout.patch b/httpd-2.4.1-layout.patch
new file mode 100644
index 0000000..b1dcf5c
--- /dev/null
+++ b/httpd-2.4.1-layout.patch
@@ -0,0 +1,29 @@
+--- httpd-2.4.1/config.layout.layout
++++ httpd-2.4.1/config.layout
+@@ -347,3 +347,26 @@
+ proxycachedir: ${localstatedir}/proxy
+ </Layout>
+
++# Fedora/RHEL layout
++<Layout Fedora>
++ prefix: /usr
++ exec_prefix: ${prefix}
++ bindir: ${prefix}/bin
++ sbindir: ${prefix}/sbin
++ libdir: ${prefix}/lib
++ libexecdir: ${prefix}/libexec
++ mandir: ${prefix}/man
++ sysconfdir: /etc/httpd/conf
++ datadir: ${prefix}/share/httpd
++ installbuilddir: ${libdir}/httpd/build
++ errordir: ${datadir}/error
++ iconsdir: ${datadir}/icons
++ htdocsdir: /var/www/html
++ manualdir: ${datadir}/manual
++ cgidir: /var/www/cgi-bin
++ includedir: ${prefix}/include/httpd
++ localstatedir: /var
++ runtimedir: ${localstatedir}/run/httpd
++ logfiledir: ${localstatedir}/log/httpd
++ proxycachedir: ${localstatedir}/cache/httpd
++</Layout>
diff --git a/httpd-2.2.11-selinux.patch b/httpd-2.4.1-selinux.patch
similarity index 68%
rename from httpd-2.2.11-selinux.patch
rename to httpd-2.4.1-selinux.patch
index 09da889..e97c5a4 100644
--- a/httpd-2.2.11-selinux.patch
+++ b/httpd-2.4.1-selinux.patch
@@ -3,34 +3,38 @@ Log the SELinux context at startup.
Upstream-Status: unlikely to be any interest in this upstream
---- httpd-2.2.11/configure.in.selinux
-+++ httpd-2.2.11/configure.in
-@@ -412,6 +412,10 @@ getpgid
+--- httpd-2.4.1/configure.in.selinux
++++ httpd-2.4.1/configure.in
+@@ -458,6 +458,11 @@ fopen64
dnl confirm that a void pointer is large enough to store a long integer
APACHE_CHECK_VOID_PTR_LEN
+AC_CHECK_LIB(selinux, is_selinux_enabled, [
++ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
+ APR_ADDTO(AP_LIBS, [-lselinux])
+])
+
- dnl ## Check for the tm_gmtoff field in struct tm to get the timezone diffs
- AC_CACHE_CHECK([for tm_gmtoff in struct tm], ac_cv_struct_tm_gmtoff,
- [AC_TRY_COMPILE([#include <sys/types.h>
---- httpd-2.2.11/server/core.c.selinux
-+++ httpd-2.2.11/server/core.c
-@@ -51,6 +51,8 @@
-
- #include "mod_so.h" /* for ap_find_loaded_module_symbol */
+ AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
+ [AC_TRY_RUN(#define _GNU_SOURCE
+ #include <unistd.h>
+--- httpd-2.4.1/server/core.c.selinux
++++ httpd-2.4.1/server/core.c
+@@ -58,6 +58,10 @@
+ #include <unistd.h>
+ #endif
++#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
++#endif
+
/* LimitRequestBody handling */
#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0)
-@@ -3796,6 +3798,26 @@ static int core_post_config(apr_pool_t *
+@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t *
}
#endif
++#ifdef HAVE_SELINUX
+ {
+ static int already_warned = 0;
+ int is_enabled = is_selinux_enabled() > 0;
@@ -50,6 +54,7 @@ Upstream-Status: unlikely to be any interest in this upstream
+ }
+ }
+ }
++#endif
+
return OK;
}
diff --git a/httpd-2.4.1-suenable.patch b/httpd-2.4.1-suenable.patch
new file mode 100644
index 0000000..f2287fd
--- /dev/null
+++ b/httpd-2.4.1-suenable.patch
@@ -0,0 +1,18 @@
+Removes setuid check because we are now using capabilities to ensure proper
+suexec rights.
+
+Upstream-status: vendor specific.
+
+diff --git a/os/unix/unixd.c b/os/unix/unixd.c
+index 85d5a98..1ee1dfe 100644
+--- httpd-2.4.1/modules/arch/unix/mod_unixd.c.suenable
++++ httpd-2.4.1/modules/arch/unix/mod_unixd.c
+@@ -300,7 +300,7 @@ unixd_pre_config(apr_pool_t *pconf, apr_
+ ap_unixd_config.suexec_enabled = 0;
+ if ((apr_stat(&wrapper, SUEXEC_BIN, APR_FINFO_NORM, ptemp))
+ == APR_SUCCESS) {
+- if ((wrapper.protection & APR_USETID) && wrapper.user == 0
++ if (wrapper.user == 0
+ && (access(SUEXEC_BIN, R_OK|X_OK) == 0)) {
+ ap_unixd_config.suexec_enabled = 1;
+ ap_unixd_config.suexec_disabled_reason = "";
diff --git a/httpd.conf b/httpd.conf
index 5c5fb50..ebffd61 100644
--- a/httpd.conf
+++ b/httpd.conf
@@ -1,127 +1,44 @@
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
-# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
+# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
-# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
+# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
-# The configuration directives are grouped into three basic sections:
-# 1. Directives that control the operation of the Apache server process as a
-# whole (the 'global environment').
-# 2. Directives that define the parameters of the 'main' or 'default' server,
-# which responds to requests that aren't handled by a virtual host.
-# These directives also provide default values for the settings
-# of all virtual hosts.
-# 3. Settings for virtual hosts, which allow Web requests to be sent to
-# different IP addresses or hostnames and have them handled by the
-# same Apache server process.
-#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
-# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
-# with ServerRoot set to "/etc/httpd" will be interpreted by the
-# server as "/etc/httpd/logs/foo.log".
-#
-
-### Section 1: Global Environment
-#
-# The directives in this section affect the overall operation of Apache,
-# such as the number of concurrent requests it can handle or where it
-# can find its configuration files.
-#
-
-#
-# Don't give away too much information about all the subcomponents
-# we are running. Comment out this line if you don't mind remote sites
-# finding out what major optional modules you are running
-ServerTokens OS
+# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
+# with ServerRoot set to '/www' will be interpreted by the
+# server as '/www/log/access_log', where as '/log/access_log' will be
+# interpreted as '/log/access_log'.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
-# NOTE! If you intend to place this on an NFS (or otherwise network)
-# mounted filesystem then please read the LockFile documentation
-# (available at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
-# you will save yourself a lot of trouble.
-#
-# Do NOT add a slash at the end of the directory path.
+# Do not add a slash at the end of the directory path. If you point
+# ServerRoot at a non-local disk, be sure to specify a local disk on the
+# Mutex directive, if file-based mutexes are used. If you wish to share the
+# same ServerRoot for multiple httpd daemons, you will need to change at
+# least PidFile.
#
ServerRoot "/etc/httpd"
#
-# PidFile: The file in which the server should record its process
-# identification number when it starts. Note the PIDFILE variable in
-# /etc/sysconfig/httpd must be set appropriately if this location is
-# changed.
-#
-PidFile run/httpd.pid
-
-#
-# Timeout: The number of seconds before receives and sends time out.
-#
-Timeout 60
-
-#
-# KeepAlive: Whether or not to allow persistent connections (more than
-# one request per connection). Set to "Off" to deactivate.
-#
-KeepAlive Off
-
+# Mutex: Allows you to set the mutex mechanism and mutex file directory
+# for individual mutexes, or change the global defaults
#
-# MaxKeepAliveRequests: The maximum number of requests to allow
-# during a persistent connection. Set to 0 to allow an unlimited amount.
-# We recommend you leave this number high, for maximum performance.
+# Uncomment and change the directory if mutexes are file-based and the default
+# mutex file directory is not on a local disk or is not appropriate for some
+# other reason.
#
-MaxKeepAliveRequests 100
-
-#
-# KeepAliveTimeout: Number of seconds to wait for the next request from the
-# same client on the same connection.
-#
-KeepAliveTimeout 5
-
-##
-## Server-Pool Size Regulation (MPM specific)
-##
-
-# prefork MPM
-# StartServers: number of server processes to start
-# MinSpareServers: minimum number of server processes which are kept spare
-# MaxSpareServers: maximum number of server processes which are kept spare
-# ServerLimit: maximum value for MaxClients for the lifetime of the server
-# MaxClients: maximum number of server processes allowed to start
-# MaxRequestsPerChild: maximum number of requests a server process serves
-<IfModule prefork.c>
-StartServers 8
-MinSpareServers 5
-MaxSpareServers 20
-ServerLimit 256
-MaxClients 256
-MaxRequestsPerChild 4000
-</IfModule>
-
-# worker MPM
-# StartServers: initial number of server processes to start
-# MaxClients: maximum number of simultaneous client connections
-# MinSpareThreads: minimum number of worker threads which are kept spare
-# MaxSpareThreads: maximum number of worker threads which are kept spare
-# ThreadsPerChild: constant number of worker threads in each server process
-# MaxRequestsPerChild: maximum number of requests a server process serves
-<IfModule worker.c>
-StartServers 4
-MaxClients 300
-MinSpareThreads 25
-MaxSpareThreads 75
-ThreadsPerChild 25
-MaxRequestsPerChild 0
-</IfModule>
+# Mutex default:logs
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
@@ -146,102 +63,20 @@ Listen 80
# Example:
# LoadModule foo_module modules/mod_foo.so
#
-LoadModule auth_basic_module modules/mod_auth_basic.so
-LoadModule auth_digest_module modules/mod_auth_digest.so
-LoadModule authn_file_module modules/mod_authn_file.so
-LoadModule authn_alias_module modules/mod_authn_alias.so
-LoadModule authn_anon_module modules/mod_authn_anon.so
-LoadModule authn_dbm_module modules/mod_authn_dbm.so
-LoadModule authn_default_module modules/mod_authn_default.so
-LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule authz_user_module modules/mod_authz_user.so
-LoadModule authz_owner_module modules/mod_authz_owner.so
-LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
-LoadModule authz_dbm_module modules/mod_authz_dbm.so
-LoadModule authz_default_module modules/mod_authz_default.so
-LoadModule authn_dbd_module modules/mod_authn_dbd.so
-LoadModule dbd_module modules/mod_dbd.so
-LoadModule ldap_module modules/mod_ldap.so
-LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
-LoadModule include_module modules/mod_include.so
-LoadModule log_config_module modules/mod_log_config.so
-LoadModule logio_module modules/mod_logio.so
-LoadModule env_module modules/mod_env.so
-LoadModule ext_filter_module modules/mod_ext_filter.so
-LoadModule mime_magic_module modules/mod_mime_magic.so
-LoadModule expires_module modules/mod_expires.so
-LoadModule deflate_module modules/mod_deflate.so
-LoadModule headers_module modules/mod_headers.so
-LoadModule usertrack_module modules/mod_usertrack.so
-LoadModule setenvif_module modules/mod_setenvif.so
-LoadModule mime_module modules/mod_mime.so
-LoadModule dav_module modules/mod_dav.so
-LoadModule status_module modules/mod_status.so
-LoadModule autoindex_module modules/mod_autoindex.so
-LoadModule info_module modules/mod_info.so
-LoadModule dav_fs_module modules/mod_dav_fs.so
-LoadModule vhost_alias_module modules/mod_vhost_alias.so
-LoadModule negotiation_module modules/mod_negotiation.so
-LoadModule dir_module modules/mod_dir.so
-LoadModule actions_module modules/mod_actions.so
-LoadModule speling_module modules/mod_speling.so
-LoadModule userdir_module modules/mod_userdir.so
-LoadModule alias_module modules/mod_alias.so
-LoadModule substitute_module modules/mod_substitute.so
-LoadModule rewrite_module modules/mod_rewrite.so
-LoadModule proxy_module modules/mod_proxy.so
-LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
-LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
-LoadModule proxy_http_module modules/mod_proxy_http.so
-LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
-LoadModule proxy_connect_module modules/mod_proxy_connect.so
-LoadModule cache_module modules/mod_cache.so
-LoadModule suexec_module modules/mod_suexec.so
-LoadModule disk_cache_module modules/mod_disk_cache.so
-LoadModule cgi_module modules/mod_cgi.so
-LoadModule version_module modules/mod_version.so
-
-#
-# The following modules are not loaded by default:
-#
-#LoadModule asis_module modules/mod_asis.so
-#LoadModule cern_meta_module modules/mod_cern_meta.so
-#LoadModule cgid_module modules/mod_cgid.so
-#LoadModule dumpio_module modules/mod_dumpio.so
-#LoadModule filter_module modules/mod_filter.so
-#LoadModule ident_module modules/mod_ident.so
-#LoadModule log_forensic_module modules/mod_log_forensic.so
-#LoadModule unique_id_module modules/mod_unique_id.so
-#
-
-#
-# Load config files from the config directory "/etc/httpd/conf.d".
-#
-Include conf.d/*.conf
-
-#
-# ExtendedStatus controls whether Apache will generate "full" status
-# information (ExtendedStatus On) or just basic information (ExtendedStatus
-# Off) when the "server-status" handler is called. The default is Off.
-#
-#ExtendedStatus On
+Include conf.modules.d/*.conf
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
-# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
-# . On HPUX you may not be able to use shared memory as nobody, and the
-# suggested workaround is to create a user www and use that user.
-# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
-# when the value of (unsigned)Group is above 60000;
-# don't use Group #-1 on these systems!
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
#
User apache
Group apache
-### Section 2: 'Main' server configuration
+# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
@@ -265,42 +100,18 @@ ServerAdmin root at localhost
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
-# If this is not set to valid DNS name for your host, server-generated
-# redirections will not work. See also the UseCanonicalName directive.
-#
# If your host doesn't have a registered DNS name, enter its IP address here.
-# You will have to access it by its address anyway, and this will make
-# redirections work in a sensible way.
#
#ServerName www.example.com:80
#
-# UseCanonicalName: Determines how Apache constructs self-referencing
-# URLs and the SERVER_NAME and SERVER_PORT variables.
-# When set "Off", Apache will use the Hostname and Port supplied
-# by the client. When set "On", Apache will use the value of the
-# ServerName directive.
-#
-UseCanonicalName Off
-
-#
-# DocumentRoot: The directory out of which you will serve your
-# documents. By default, all requests are taken from this directory, but
-# symbolic links and aliases may be used to point to other locations.
-#
-DocumentRoot "/var/www/html"
-
-#
-# Each directory to which Apache has access can be configured with respect
-# to which services and features are allowed and/or disabled in that
-# directory (and its subdirectories).
-#
-# First, we configure the "default" to be a very restrictive set of
-# features.
+# Deny access to the entirety of your server's filesystem. You must
+# explicitly permit access to web content directories in other
+# <Directory> blocks below.
#
<Directory />
- Options FollowSymLinks
- AllowOverride None
+ AllowOverride none
+ Require all denied
</Directory>
#
@@ -311,10 +122,12 @@ DocumentRoot "/var/www/html"
#
#
-# This should be changed to whatever you set DocumentRoot to.
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
#
+DocumentRoot "/var/www/html"
<Directory "/var/www/html">
-
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
@@ -324,7 +137,7 @@ DocumentRoot "/var/www/html"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
- # http://httpd.apache.org/docs/2.2/mod/core.html#options
+ # http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
@@ -339,139 +152,24 @@ DocumentRoot "/var/www/html"
#
# Controls who can get stuff from this server.
#
- Order allow,deny
- Allow from all
-
+ Require all granted
</Directory>
#
-# UserDir: The name of the directory that is appended onto a user's home
-# directory if a ~user request is received.
-#
-# The path to the end user account 'public_html' directory must be
-# accessible to the webserver userid. This usually means that ~userid
-# must have permissions of 711, ~userid/public_html must have permissions
-# of 755, and documents contained therein must be world-readable.
-# Otherwise, the client will only receive a "403 Forbidden" message.
-#
-# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
-#
-<IfModule mod_userdir.c>
- #
- # UserDir is disabled by default since it can confirm the presence
- # of a username on the system (depending on home directory
- # permissions).
- #
- UserDir disabled
-
- #
- # To enable requests to /~user/ to serve the user's public_html
- # directory, remove the "UserDir disabled" line above, and uncomment
- # the following line instead:
- #
- #UserDir public_html
-
-</IfModule>
-
-#
-# Control access to UserDir directories. The following is an example
-# for a site where these directories are restricted to read-only.
-#
-#<Directory /home/*/public_html>
-# AllowOverride FileInfo AuthConfig Limit
-# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
-# <Limit GET POST OPTIONS>
-# Order allow,deny
-# Allow from all
-# </Limit>
-# <LimitExcept GET POST OPTIONS>
-# Order deny,allow
-# Deny from all
-# </LimitExcept>
-#</Directory>
-
-#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
-# The index.html.var file (a type-map) is used to deliver content-
-# negotiated documents. The MultiViews Option can be used for the
-# same purpose, but it is much slower.
-#
-DirectoryIndex index.html index.html.var
-
-#
-# AccessFileName: The name of the file to look for in each directory
-# for additional configuration directives. See also the AllowOverride
-# directive.
-#
-AccessFileName .htaccess
+<IfModule dir_module>
+ DirectoryIndex index.html
+</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
-<FilesMatch "^\.ht">
- Order allow,deny
- Deny from all
- Satisfy All
-</FilesMatch>
-
-#
-# TypesConfig describes where the mime.types file (or equivalent) is
-# to be found.
-#
-TypesConfig /etc/mime.types
-
-#
-# DefaultType is the default MIME type the server will use for a document
-# if it cannot otherwise determine one, such as from filename extensions.
-# If your server contains mostly text or HTML documents, "text/plain" is
-# a good value. If most of your content is binary, such as applications
-# or images, you may want to use "application/octet-stream" instead to
-# keep browsers from trying to display binary files as though they are
-# text.
-#
-DefaultType text/plain
-
-#
-# The mod_mime_magic module allows the server to use various hints from the
-# contents of the file itself to determine its type. The MIMEMagicFile
-# directive tells the module where the hint definitions are located.
-#
-<IfModule mod_mime_magic.c>
-# MIMEMagicFile /usr/share/magic.mime
- MIMEMagicFile conf/magic
-</IfModule>
-
-#
-# HostnameLookups: Log the names of clients or just their IP addresses
-# e.g., www.apache.org (on) or 204.62.129.132 (off).
-# The default is off because it'd be overall better for the net if people
-# had to knowingly turn this feature on, since enabling it means that
-# each client request will result in AT LEAST one lookup request to the
-# nameserver.
-#
-HostnameLookups Off
-
-#
-# EnableMMAP: Control whether memory-mapping is used to deliver
-# files (assuming that the underlying OS supports it).
-# The default is on; turn this off if you serve from NFS-mounted
-# filesystems. On some systems, turning it off (regardless of
-# filesystem) can improve performance; for details, please see
-# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap
-#
-#EnableMMAP off
-
-#
-# EnableSendfile: Control whether the sendfile kernel support is
-# used to deliver files (assuming that the OS supports it).
-# The default is on; turn this off if you serve from NFS-mounted
-# filesystems. Please see
-# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
-#
-#EnableSendfile off
+<Files ".ht*">
+ Require all denied
+</Files>
#
# ErrorLog: The location of the error log file.
@@ -480,7 +178,7 @@ HostnameLookups Off
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
-ErrorLog logs/error_log
+ErrorLog "logs/error_log"
#
# LogLevel: Control the number of messages logged to the error_log.
@@ -489,90 +187,73 @@ ErrorLog logs/error_log
#
LogLevel warn
-#
-# The following directives define some format nicknames for use with
-# a CustomLog directive (see below).
-#
-LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-LogFormat "%h %l %u %t \"%r\" %>s %b" common
-LogFormat "%{Referer}i -> %U" referer
-LogFormat "%{User-agent}i" agent
-
-# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this
-# requires the mod_logio module to be loaded.
-#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+<IfModule log_config_module>
+ #
+ # The following directives define some format nicknames for use with
+ # a CustomLog directive (see below).
+ #
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
-#
-# The location and format of the access logfile (Common Logfile Format).
-# If you do not define any access logfiles within a <VirtualHost>
-# container, they will be logged here. Contrariwise, if you *do*
-# define per-<VirtualHost> access logfiles, transactions will be
-# logged therein and *not* in this file.
-#
-#CustomLog logs/access_log common
+ <IfModule logio_module>
+ # You need to enable mod_logio.c to use %I and %O
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+ </IfModule>
-#
-# If you would like to have separate agent and referer logfiles, uncomment
-# the following directives.
-#
-#CustomLog logs/referer_log referer
-#CustomLog logs/agent_log agent
+ #
+ # The location and format of the access logfile (Common Logfile Format).
+ # If you do not define any access logfiles within a <VirtualHost>
+ # container, they will be logged here. Contrariwise, if you *do*
+ # define per-<VirtualHost> access logfiles, transactions will be
+ # logged therein and *not* in this file.
+ #
+ #CustomLog "logs/access_log" common
-#
-# For a single logfile with access, agent, and referer information
-# (Combined Logfile Format), use the following directive:
-#
-CustomLog logs/access_log combined
+ #
+ # If you prefer a logfile with access, agent, and referer information
+ # (Combined Logfile Format) you can use the following directive.
+ #
+ CustomLog "logs/access_log" combined
+</IfModule>
-#
-# Optionally add a line containing the server version and virtual host
-# name to server-generated pages (internal error documents, FTP directory
-# listings, mod_status and mod_info output etc., but not CGI generated
-# documents or custom error documents).
-# Set to "EMail" to also include a mailto: link to the ServerAdmin.
-# Set to one of: On | Off | EMail
-#
-ServerSignature On
+<IfModule alias_module>
+ #
+ # Redirect: Allows you to tell clients about documents that used to
+ # exist in your server's namespace, but do not anymore. The client
+ # will make a new request for the document at its new location.
+ # Example:
+ # Redirect permanent /foo http://www.example.com/bar
-#
-# Aliases: Add here as many aliases as you need (with no limit). The format is
-# Alias fakename realname
-#
-# Note that if you include a trailing / on fakename then the server will
-# require it to be present in the URL. So "/icons" isn't aliased in this
-# example, only "/icons/". If the fakename is slash-terminated, then the
-# realname must also be slash terminated, and if the fakename omits the
-# trailing slash, the realname must also omit it.
-#
-# We include the /icons/ alias for FancyIndexed directory listings. If you
-# do not use FancyIndexing, you may comment this out.
-#
-Alias /icons/ "/var/www/icons/"
+ #
+ # Alias: Maps web paths into filesystem paths and is used to
+ # access content that does not live under the DocumentRoot.
+ # Example:
+ # Alias /webpath /full/filesystem/path
+ #
+ # If you include a trailing / on /webpath then the server will
+ # require it to be present in the URL. You will also likely
+ # need to provide a <Directory> section to allow access to
+ # the filesystem path.
-<Directory "/var/www/icons">
- Options Indexes MultiViews FollowSymLinks
- AllowOverride None
- Order allow,deny
- Allow from all
-</Directory>
+ #
+ # ScriptAlias: This controls which directories contain server scripts.
+ # ScriptAliases are essentially the same as Aliases, except that
+ # documents in the target directory are treated as applications and
+ # run by the server when requested rather than as documents sent to the
+ # client. The same rules about trailing "/" apply to ScriptAlias
+ # directives as to Alias.
+ #
+ ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
-#
-# WebDAV module configuration section.
-#
-<IfModule mod_dav_fs.c>
- # Location of the WebDAV lock database.
- DAVLockDB /var/lib/dav/lockdb
</IfModule>
-#
-# ScriptAlias: This controls which directories contain server scripts.
-# ScriptAliases are essentially the same as Aliases, except that
-# documents in the realname directory are treated as applications and
-# run by the server when requested rather than as documents sent to the client.
-# The same rules about trailing "/" apply to ScriptAlias directives as to
-# Alias.
-#
-ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
+<IfModule cgid_module>
+ #
+ # ScriptSock: On threaded servers, designate the path to the UNIX
+ # socket used to communicate with the CGI daemon of mod_cgid.
+ #
+ #Scriptsock logs/cgisock
+</IfModule>
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
@@ -581,172 +262,56 @@ ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
- Order allow,deny
- Allow from all
+ Require all granted
</Directory>
-#
-# Redirect allows you to tell clients about documents which used to exist in
-# your server's namespace, but do not anymore. This allows you to tell the
-# clients where to look for the relocated document.
-# Example:
-# Redirect permanent /foo http://www.example.com/bar
-
-#
-# Directives controlling the display of server-generated directory listings.
-#
-
-#
-# IndexOptions: Controls the appearance of server-generated directory
-# listings.
-#
-IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
-
-#
-# AddIcon* directives tell the server which icon to show for different
-# files or filename extensions. These are only displayed for
-# FancyIndexed directories.
-#
-AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
-
-AddIconByType (TXT,/icons/text.gif) text/*
-AddIconByType (IMG,/icons/image2.gif) image/*
-AddIconByType (SND,/icons/sound2.gif) audio/*
-AddIconByType (VID,/icons/movie.gif) video/*
-
-AddIcon /icons/binary.gif .bin .exe
-AddIcon /icons/binhex.gif .hqx
-AddIcon /icons/tar.gif .tar
-AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
-AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
-AddIcon /icons/a.gif .ps .ai .eps
-AddIcon /icons/layout.gif .html .shtml .htm .pdf
-AddIcon /icons/text.gif .txt
-AddIcon /icons/c.gif .c
-AddIcon /icons/p.gif .pl .py
-AddIcon /icons/f.gif .for
-AddIcon /icons/dvi.gif .dvi
-AddIcon /icons/uuencoded.gif .uu
-AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
-AddIcon /icons/tex.gif .tex
-AddIcon /icons/bomb.gif core
-
-AddIcon /icons/back.gif ..
-AddIcon /icons/hand.right.gif README
-AddIcon /icons/folder.gif ^^DIRECTORY^^
-AddIcon /icons/blank.gif ^^BLANKICON^^
-
-#
-# DefaultIcon is which icon to show for files which do not have an icon
-# explicitly set.
-#
-DefaultIcon /icons/unknown.gif
-
-#
-# AddDescription allows you to place a short description after a file in
-# server-generated indexes. These are only displayed for FancyIndexed
-# directories.
-# Format: AddDescription "description" filename
-#
-#AddDescription "GZIP compressed document" .gz
-#AddDescription "tar archive" .tar
-#AddDescription "GZIP compressed tar archive" .tgz
-
-#
-# ReadmeName is the name of the README file the server will look for by
-# default, and append to directory listings.
-#
-# HeaderName is the name of a file which should be prepended to
-# directory indexes.
-ReadmeName README.html
-HeaderName HEADER.html
+<IfModule mime_module>
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
+ TypesConfig /etc/mime.types
-#
-# IndexIgnore is a set of filenames which directory indexing should ignore
-# and not include in the listing. Shell-style wildcarding is permitted.
-#
-IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file specified in TypesConfig for specific file types.
+ #
+ #AddType application/x-gzip .tgz
+ #
+ # AddEncoding allows you to have certain browsers uncompress
+ # information on the fly. Note: Not all browsers support this.
+ #
+ #AddEncoding x-compress .Z
+ #AddEncoding x-gzip .gz .tgz
+ #
+ # If the AddEncoding directives above are commented-out, then you
+ # probably should define those extensions to indicate media types:
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
-#
-# DefaultLanguage and AddLanguage allows you to specify the language of
-# a document. You can then use content negotiation to give a browser a
-# file in a language the user can understand.
-#
-# Specify a default language. This means that all data
-# going out without a specific language tag (see below) will
-# be marked with this one. You probably do NOT want to set
-# this unless you are sure it is correct for all cases.
-#
-# * It is generally better to not mark a page as
-# * being a certain language than marking it with the wrong
-# * language!
-#
-# DefaultLanguage nl
-#
-# Note 1: The suffix does not have to be the same as the language
-# keyword --- those with documents in Polish (whose net-standard
-# language code is pl) may wish to use "AddLanguage pl .po" to
-# avoid the ambiguity with the common suffix for perl scripts.
-#
-# Note 2: The example entries below illustrate that in some cases
-# the two character 'Language' abbreviation is not identical to
-# the two character 'Country' code for its country,
-# E.g. 'Danmark/dk' versus 'Danish/da'.
-#
-# Note 3: In the case of 'ltz' we violate the RFC by using a three char
-# specifier. There is 'work in progress' to fix this and get
-# the reference data for rfc1766 cleaned up.
-#
-# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
-# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
-# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
-# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
-# Norwegian (no) - Polish (pl) - Portugese (pt)
-# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
-# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
-#
-AddLanguage ca .ca
-AddLanguage cs .cz .cs
-AddLanguage da .dk
-AddLanguage de .de
-AddLanguage el .el
-AddLanguage en .en
-AddLanguage eo .eo
-AddLanguage es .es
-AddLanguage et .et
-AddLanguage fr .fr
-AddLanguage he .he
-AddLanguage hr .hr
-AddLanguage it .it
-AddLanguage ja .ja
-AddLanguage ko .ko
-AddLanguage ltz .ltz
-AddLanguage nl .nl
-AddLanguage nn .nn
-AddLanguage no .no
-AddLanguage pl .po
-AddLanguage pt .pt
-AddLanguage pt-BR .pt-br
-AddLanguage ru .ru
-AddLanguage sv .sv
-AddLanguage zh-CN .zh-cn
-AddLanguage zh-TW .zh-tw
+ #
+ # AddHandler allows you to map certain file extensions to "handlers":
+ # actions unrelated to filetype. These can be either built into the server
+ # or added with the Action directive (see below)
+ #
+ # To use CGI scripts outside of ScriptAliased directories:
+ # (You will also need to add "ExecCGI" to the "Options" directive.)
+ #
+ #AddHandler cgi-script .cgi
-#
-# LanguagePriority allows you to give precedence to some languages
-# in case of a tie during content negotiation.
-#
-# Just list the languages in decreasing order of preference. We have
-# more or less alphabetized them here. You probably want to change this.
-#
-LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
+ # For type maps (negotiated resources):
+ #AddHandler type-map var
-#
-# ForceLanguagePriority allows you to serve a result page rather than
-# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
-# [in case no accepted languages matched the available variants]
-#
-ForceLanguagePriority Prefer Fallback
+ #
+ # Filters allow you to process content before it is sent to the client.
+ #
+ # To parse .shtml files for server-side includes (SSI):
+ # (You will also need to add "Includes" to the "Options" directive.)
+ #
+ AddType text/html .shtml
+ AddOutputFilter INCLUDES .shtml
+</IfModule>
#
# Specify a default charset for all content served; this enables
@@ -758,70 +323,11 @@ ForceLanguagePriority Prefer Fallback
AddDefaultCharset UTF-8
#
-# AddType allows you to add to or override the MIME configuration
-# file mime.types for specific file types.
-#
-#AddType application/x-tar .tgz
-
-#
-# AddEncoding allows you to have certain browsers uncompress
-# information on the fly. Note: Not all browsers support this.
-# Despite the name similarity, the following Add* directives have nothing
-# to do with the FancyIndexing customization directives above.
-#
-#AddEncoding x-compress .Z
-#AddEncoding x-gzip .gz .tgz .svgz
-
-# If the AddEncoding directives above are commented-out, then you
-# probably should define those extensions to indicate media types:
-#
-AddType application/x-compress .Z
-AddType application/x-gzip .gz .tgz
-
-#
-# MIME-types for downloading Certificates and CRLs
-#
-AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl .crl
-
-#
-# AddHandler allows you to map certain file extensions to "handlers":
-# actions unrelated to filetype. These can be either built into the server
-# or added with the Action directive (see below)
-#
-# To use CGI scripts outside of ScriptAliased directories:
-# (You will also need to add "ExecCGI" to the "Options" directive.)
-#
-#AddHandler cgi-script .cgi
-
-#
-# For files that include their own HTTP headers:
-#
-#AddHandler send-as-is asis
-
-#
-# For type maps (negotiated resources):
-# (This is enabled by default to allow the Apache "It Worked" page
-# to be distributed in multiple languages.)
-#
-AddHandler type-map var
-
-#
-# Filters allow you to process content before it is sent to the client.
-#
-# To parse .shtml files for server-side includes (SSI):
-# (You will also need to add "Includes" to the "Options" directive.)
-#
-AddType text/html .shtml
-AddOutputFilter INCLUDES .shtml
-
-#
-# Action lets you define media types that will execute a script whenever
-# a matching file is called. This eliminates the need for repeated URL
-# pathnames for oft-used CGI file processors.
-# Format: Action media/type /cgi-script/location
-# Format: Action handler-name /cgi-script/location
+# The mod_mime_magic module allows the server to use various hints from the
+# contents of the file itself to determine its type. The MIMEMagicFile
+# directive tells the module where the hint definitions are located.
#
+MIMEMagicFile conf/magic
#
# Customizable error responses come in three flavors:
@@ -835,174 +341,25 @@ AddOutputFilter INCLUDES .shtml
#
#
-# Putting this all together, we can internationalize error responses.
-#
-# We use Alias to redirect any /error/HTTP_<error>.html.var response to
-# our collection of by-error message multi-language collections. We use
-# includes to substitute the appropriate text.
-#
-# You can modify the messages' appearance without changing any of the
-# default HTTP_<error>.html.var files by adding the line:
-#
-# Alias /error/include/ "/your/include/path/"
-#
-# which allows you to create your own set of files by starting with the
-# /var/www/error/include/ files and
-# copying them to /your/include/path/, even on a per-VirtualHost basis.
-#
-
-Alias /error/ "/var/www/error/"
-
-<IfModule mod_negotiation.c>
-<IfModule mod_include.c>
- <Directory "/var/www/error">
- AllowOverride None
- Options IncludesNoExec
- AddOutputFilter Includes html
- AddHandler type-map var
- Order allow,deny
- Allow from all
- LanguagePriority en es de fr
- ForceLanguagePriority Prefer Fallback
- </Directory>
-
-# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
-# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
-# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
-# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
-# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
-# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
-# ErrorDocument 410 /error/HTTP_GONE.html.var
-# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
-# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
-# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
-# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
-# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
-# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
-# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
-# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
-# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
-# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
-
-</IfModule>
-</IfModule>
-
-#
-# The following directives modify normal HTTP response behavior to
-# handle known problems with browser implementations.
-#
-BrowserMatch "Mozilla/2" nokeepalive
-BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
-BrowserMatch "RealPlayer 4\.0" force-response-1.0
-BrowserMatch "Java/1\.0" force-response-1.0
-BrowserMatch "JDK/1\.0" force-response-1.0
-
-#
-# The following directive disables redirects on non-GET requests for
-# a directory that does not include the trailing slash. This fixes a
-# problem with Microsoft WebFolders which does not appropriately handle
-# redirects for folders with DAV methods.
-# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
-#
-BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
-BrowserMatch "MS FrontPage" redirect-carefully
-BrowserMatch "^WebDrive" redirect-carefully
-BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
-BrowserMatch "^gnome-vfs/1.0" redirect-carefully
-BrowserMatch "^XML Spy" redirect-carefully
-BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
-
-#
-# Allow server status reports generated by mod_status,
-# with the URL of http://servername/server-status
-# Change the ".example.com" to match your domain to enable.
-#
-#<Location /server-status>
-# SetHandler server-status
-# Order deny,allow
-# Deny from all
-# Allow from .example.com
-#</Location>
-
-#
-# Allow remote server configuration reports, with the URL of
-# http://servername/server-info (requires that mod_info.c be loaded).
-# Change the ".example.com" to match your domain to enable.
-#
-#<Location /server-info>
-# SetHandler server-info
-# Order deny,allow
-# Deny from all
-# Allow from .example.com
-#</Location>
-
-#
-# Proxy Server directives. Uncomment the following lines to
-# enable the proxy server:
-#
-#<IfModule mod_proxy.c>
-#ProxyRequests On
-#
-#<Proxy *>
-# Order deny,allow
-# Deny from all
-# Allow from .example.com
-#</Proxy>
-
-#
-# Enable/disable the handling of HTTP/1.1 "Via:" headers.
-# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
-# Set to one of: Off | On | Full | Block
-#
-#ProxyVia On
-
-#
-# To enable a cache of proxied content, uncomment the following lines.
-# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details.
-#
-#<IfModule mod_disk_cache.c>
-# CacheEnable disk /
-# CacheRoot "/var/cache/mod_proxy"
-#</IfModule>
-#
-
-#</IfModule>
-# End of proxy directives.
+# MaxRanges: Maximum number of Ranges in a request before
+# returning the entire resource, or one of the special
+# values 'default', 'none' or 'unlimited'.
+# Default setting is to accept 200 Ranges.
+#MaxRanges unlimited
-### Section 3: Virtual Hosts
#
-# VirtualHost: If you want to maintain multiple domains/hostnames on your
-# machine you can setup VirtualHost containers for them. Most configurations
-# use only name-based virtual hosts so the server doesn't need to worry about
-# IP addresses. This is indicated by the asterisks in the directives below.
-#
-# Please see the documentation at
-# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
-# for further details before you try to setup virtual hosts.
-#
-# You may use the command line option '-S' to verify your virtual host
-# configuration.
-
-#
-# Use name-based virtual hosting.
-#
-#NameVirtualHost *:80
-#
-# NOTE: NameVirtualHost cannot be used without a port specifier
-# (e.g. :80) if mod_ssl is being used, due to the nature of the
-# SSL protocol.
+# EnableMMAP and EnableSendfile: On systems that support it,
+# memory-mapping or the sendfile syscall may be used to deliver
+# files. This usually improves server performance, but must
+# be turned off when serving from networked-mounted
+# filesystems or if support for these functions is otherwise
+# broken on your system.
+# Defaults if commented: EnableMMAP On, EnableSendfile Off
#
+#EnableMMAP off
+EnableSendfile on
+# Supplemental configuration
#
-# VirtualHost example:
-# Almost any Apache directive may go into a VirtualHost container.
-# The first VirtualHost section is used for requests without a known
-# server name.
-#
-#<VirtualHost *:80>
-# ServerAdmin webmaster at dummy-host.example.com
-# DocumentRoot /www/docs/dummy-host.example.com
-# ServerName dummy-host.example.com
-# ErrorLog logs/dummy-host.example.com-error_log
-# CustomLog logs/dummy-host.example.com-access_log common
-#</VirtualHost>
+# Load conf files in the "/etc/httpd/conf.d" directory.
+Include conf.d/*.conf
diff --git a/httpd.service b/httpd.service
index 2119062..9c63421 100644
--- a/httpd.service
+++ b/httpd.service
@@ -1,15 +1,15 @@
[Unit]
-Description=The Apache HTTP Server (@NAME@ MPM)
+Description=The Apache HTTP Server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/var/run/httpd/httpd.pid
EnvironmentFile=/etc/sysconfig/httpd
-ExecStart=@EXEC@ $OPTIONS -k start
-ExecReload=@EXEC@ $OPTIONS -t
-ExecReload=/bin/kill -HUP $MAINPID
-ExecStop=@EXEC@ $OPTIONS -k stop
+ExecStart=/usr/sbin/httpd $OPTIONS -k start
+ExecReload=/usr/sbin/httpd $OPTIONS -t
+ExecReload=/usr/sbin/httpd -HUP $MAINPID
+ExecStop=/usr/sbin/httpd $OPTIONS -k graceful-stop
PrivateTmp=true
[Install]
diff --git a/httpd.spec b/httpd.spec
index 4c3a853..191bcc8 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -1,51 +1,54 @@
-%define contentdir /var/www
+%define contentdir %{_datadir}/httpd
+%define docroot /var/www
%define suexec_caller apache
-%define mmn 20051115
+%define mmn 20120211
%define mmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
%define vstring Fedora
-%define mpms worker event
-%define all_services httpd.service httpd-worker.service httpd-event.service
Summary: Apache HTTP Server
Name: httpd
-Version: 2.2.22
-Release: 2%{?dist}
+Version: 2.4.1
+Release: 1%{?dist}
URL: http://httpd.apache.org/
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html
Source3: httpd.logrotate
Source5: httpd.sysconf
Source6: httpd-ssl-pass-dialog
+Source7: httpd.tmpfiles
+Source8: httpd.service
Source10: httpd.conf
-Source11: ssl.conf
-Source12: welcome.conf
-Source13: manual.conf
-Source14: httpd.tmpfiles
-Source15: httpd.service
+Source11: 00-base.conf
+Source12: 00-mpm.conf
+Source13: 00-lua.conf
+Source14: 01-cgi.conf
+Source15: 00-dav.conf
+Source16: 00-proxy.conf
+Source17: 00-ssl.conf
+Source18: 00-ldap.conf
+Source19: userdir.conf
+Source20: ssl.conf
+Source21: welcome.conf
+Source22: manual.conf
# Documentation
-Source31: httpd.mpm.xml
Source33: README.confd
# build/scripts patches
-Patch1: httpd-2.1.10-apctl.patch
-Patch2: httpd-2.1.10-apxs.patch
-Patch3: httpd-2.2.9-deplibs.patch
-Patch4: httpd-2.1.10-disablemods.patch
-Patch5: httpd-2.1.10-layout.patch
-Patch6: httpd-2.2.22-pcre830.patch
+Patch1: httpd-2.4.1-apctl.patch
+Patch2: httpd-2.4.1-apxs.patch
+Patch3: httpd-2.4.1-deplibs.patch
+Patch5: httpd-2.4.1-layout.patch
+Patch6: httpd-2.4.1-apr14.patch
# Features/functional changes
Patch20: httpd-2.0.48-release.patch
-Patch22: httpd-2.1.10-pod.patch
-Patch23: httpd-2.0.45-export.patch
-Patch24: httpd-2.2.11-corelimit.patch
-Patch25: httpd-2.2.11-selinux.patch
-Patch26: httpd-2.2.9-suenable.patch
-Patch27: httpd-2.2.19-logresolve-ipv6.patch
-Patch28: httpd-2.2.21-mod_proxy-change-state.patch
+Patch23: httpd-2.4.1-export.patch
+Patch24: httpd-2.4.1-corelimit.patch
+Patch25: httpd-2.4.1-selinux.patch
+Patch26: httpd-2.4.1-suenable.patch
License: ASL 2.0
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: autoconf, perl, pkgconfig, findutils, xmlto
-BuildRequires: zlib-devel, libselinux-devel
+BuildRequires: zlib-devel, libselinux-devel, lua-devel
BuildRequires: apr-devel >= 1.2.0, apr-util-devel >= 1.2.0, pcre-devel >= 5.0
Requires: /etc/mime.types, system-logos >= 7.92.1-1
Obsoletes: httpd-suexec
@@ -118,17 +121,13 @@ Security (TLS) protocols.
%patch1 -p1 -b .apctl
%patch2 -p1 -b .apxs
%patch3 -p1 -b .deplibs
-%patch4 -p1 -b .disablemods
%patch5 -p1 -b .layout
-%patch6 -p1 -b .pcre830
+%patch6 -p1 -b .apr14
-%patch22 -p1 -b .pod
%patch23 -p1 -b .export
%patch24 -p1 -b .corelimit
%patch25 -p1 -b .selinux
%patch26 -p1 -b .suenable
-%patch27 -p1 -b .logresolve-ipv6
-%patch28 -p1 -b .mod_proxy-change-state
# Patch in vendor/release string
sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
@@ -160,24 +159,8 @@ export LDFLAGS="-Wl,-z,relro,-z,now"
# Hard-code path to links to avoid unnecessary builddep
export LYNX_PATH=/usr/bin/links
-function mpmbuild()
-{
-mpm=$1; shift
-
-# Build the systemd file
-sed "s, at NAME@,${mpm},g;s, at EXEC@,%{_sbindir}/httpd.${mpm},g" %{SOURCE15} > httpd-${mpm}.service
-touch -r %{SOURCE15} httpd-${mpm}.service
-
-# Build the man page
-ymdate=`date +'%b %Y'`
-sed "s/@PROGNAME@/httpd.${mpm}/g;s/@DATE@/${ymdate}/g;s/@VERSION@/%{version}/g;s/@MPM@/${mpm}/g;" \
- < $RPM_SOURCE_DIR/httpd.mpm.xml > httpd.${mpm}.8.xml
-xmlto man httpd.${mpm}.8.xml
-test -f httpd.${mpm}.8 || mv man/man8/httpd.${mpm}.8 .
-
# Build the daemon
-mkdir $mpm; pushd $mpm
-../configure \
+./configure \
--prefix=%{_sysconfdir}/httpd \
--exec-prefix=%{_prefix} \
--bindir=%{_bindir} \
@@ -188,69 +171,55 @@ mkdir $mpm; pushd $mpm
--includedir=%{_includedir}/httpd \
--libexecdir=%{_libdir}/httpd/modules \
--datadir=%{contentdir} \
+ --enable-layout=Fedora \
--with-installbuilddir=%{_libdir}/httpd/build \
- --with-mpm=$mpm \
+ --enable-mpms-shared=all \
--with-apr=%{_prefix} --with-apr-util=%{_prefix} \
--enable-suexec --with-suexec \
--with-suexec-caller=%{suexec_caller} \
- --with-suexec-docroot=%{contentdir} \
+ --with-suexec-docroot=%{docroot} \
--with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
--with-suexec-bin=%{_sbindir}/suexec \
--with-suexec-uidmin=500 --with-suexec-gidmin=100 \
--enable-pie \
--with-pcre \
- $*
-
-make %{?_smp_mflags}
-popd
-}
-
-# Build everything and the kitchen sink with the prefork build
-mpmbuild prefork \
--enable-mods-shared=all \
--enable-ssl --with-ssl --disable-distcache \
--enable-proxy \
--enable-cache \
--enable-disk-cache \
--enable-ldap --enable-authnz-ldap \
- --enable-cgid \
+ --enable-cgid --enable-cgi \
--enable-authn-anon --enable-authn-alias \
- --disable-imagemap
-
-# For the other MPMs, just build httpd and no optional modules
-for f in %{mpms}; do
- mpmbuild $f --enable-modules=none
-done
-
-# Create default/prefork service file for systemd
-sed "s, at NAME@,prefork,g;s, at EXEC@,%{_sbindir}/httpd,g" %{SOURCE15} > httpd.service
-touch -r %{SOURCE15} httpd.service
+ --disable-imagemap \
+ --disable-proxy-html \
+ --disable-xml2enc \
+ --disable-session
+ $*
+make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
-pushd prefork
make DESTDIR=$RPM_BUILD_ROOT install
-popd
-# install alternative MPMs; executables, man pages, and systemd service files
+# Install systemd service files
mkdir -p $RPM_BUILD_ROOT/lib/systemd/system
-for f in %{mpms}; do
- install -m 755 ${f}/httpd $RPM_BUILD_ROOT%{_sbindir}/httpd.${f}
- install -m 644 httpd.${f}.8 $RPM_BUILD_ROOT%{_mandir}/man8/httpd.${f}.8
- install -p -m 644 httpd-${f}.service \
- $RPM_BUILD_ROOT/lib/systemd/system/httpd-${f}.service
-done
-
-# Default httpd (prefork) service file
-install -p -m 644 httpd.service \
+install -p -m 644 $RPM_SOURCE_DIR/httpd.service \
$RPM_BUILD_ROOT/lib/systemd/system/httpd.service
# install conf file/directory
-mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
+mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \
+ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d
install -m 644 $RPM_SOURCE_DIR/README.confd \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README
-for f in ssl.conf welcome.conf manual.conf; do
+for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
+ 00-proxy.conf 00-ssl.conf 00-ldap.conf; do
+ install -m 644 -p $RPM_SOURCE_DIR/$f \
+ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
+done
+
+for f in welcome.conf manual.conf ssl.conf userdir.conf; do
install -m 644 -p $RPM_SOURCE_DIR/$f \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f
done
@@ -278,19 +247,19 @@ touch $RPM_BUILD_ROOT%{_localstatedir}/cache/mod_ssl/scache.{dir,pag,sem}
# create cache root
mkdir $RPM_BUILD_ROOT%{_localstatedir}/cache/mod_proxy
-# move utilities to /usr/bin
-mv $RPM_BUILD_ROOT%{_sbindir}/{ab,htdbm,logresolve,htpasswd,htdigest} \
- $RPM_BUILD_ROOT%{_bindir}
-
# Make the MMN accessible to module packages
echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm
-echo "%%_httpd_mmn %{mmnisa}" > $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.httpd
+cat > $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.httpd <<EOF
+%%_httpd_mmn %{mmnisa}
+%%_httpd_apxs %{_bindir}/apxs
+EOF
-# docroot
-mkdir $RPM_BUILD_ROOT%{contentdir}/html
+# Handle contentdir
+mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
install -m 644 -p $RPM_SOURCE_DIR/index.html \
- $RPM_BUILD_ROOT%{contentdir}/error/noindex.html
+ $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
+rm -rf %{contentdir}/htdocs
# remove manual sources
find $RPM_BUILD_ROOT%{contentdir}/manual \( \
@@ -307,15 +276,14 @@ for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do
done
set -x
+# Clean Document Root
+rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
+ $RPM_BUILD_ROOT%{docroot}/cgi-bin/*
+
# Symlink for the powered-by-$DISTRO image:
ln -s ../../..%{_datadir}/pixmaps/poweredby.png \
$RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
-# Set up /var directories
-rmdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/logs
-mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/httpd
-mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/httpd
-
# symlinks for /etc/httpd
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
ln -s ../..%{_localstatedir}/run/httpd $RPM_BUILD_ROOT/etc/httpd/run
@@ -399,7 +367,7 @@ fi
/sbin/chkconfig --del httpd >/dev/null 2>&1 || :
%posttrans
-/bin/systemctl try-restart %{all_services} >/dev/null 2>&1 || :
+/bin/systemctl try-restart httpd.service >/dev/null 2>&1 || :
%define sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt
%define sslkey %{_sysconfdir}/pki/tls/private/localhost.key
@@ -437,16 +405,6 @@ if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then
exit 1
fi
-# Verify that the same modules were built into the httpd binaries
-./prefork/httpd -l | grep -v prefork > prefork.mods
-for mpm in %{mpms}; do
- ./${mpm}/httpd -l | grep -v ${mpm} > ${mpm}.mods
- if ! diff -u prefork.mods ${mpm}.mods; then
- : Different modules built into httpd binaries, will not proceed
- exit 1
- fi
-done
-
%clean
rm -rf $RPM_BUILD_ROOT
@@ -461,18 +419,24 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/httpd/run
%dir %{_sysconfdir}/httpd/conf
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
-%config(noreplace) %{_sysconfdir}/httpd/conf.d/welcome.conf
%config(noreplace) %{_sysconfdir}/httpd/conf/magic
%config(noreplace) %{_sysconfdir}/logrotate.d/httpd
%dir %{_sysconfdir}/httpd/conf.d
%{_sysconfdir}/httpd/conf.d/README
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/welcome.conf
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/userdir.conf
+
+%dir %{_sysconfdir}/httpd/conf.modules.d
+%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf
+%exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
%config(noreplace) %{_sysconfdir}/sysconfig/httpd
%config %{_sysconfdir}/tmpfiles.d/httpd.conf
%{_sbindir}/ht*
+%{_sbindir}/fcgistarter
%{_sbindir}/apachectl
%{_sbindir}/rotatelogs
# cap_dac_override needed to write to /var/log/httpd
@@ -484,16 +448,18 @@ rm -rf $RPM_BUILD_ROOT
%exclude %{_libdir}/httpd/modules/mod_ssl.so
%dir %{contentdir}
-%dir %{contentdir}/cgi-bin
-%dir %{contentdir}/html
%dir %{contentdir}/icons
%dir %{contentdir}/error
%dir %{contentdir}/error/include
+%dir %{contentdir}/noindex
%{contentdir}/icons/*
%{contentdir}/error/README
-%{contentdir}/error/noindex.html
-%config %{contentdir}/error/*.var
-%config %{contentdir}/error/include/*.html
+%{contentdir}/error/*.var
+%{contentdir}/error/include/*.html
+%{contentdir}/noindex/index.html
+
+%dir %{docroot}/cgi-bin
+%dir %{docroot}/html
%attr(0710,root,apache) %dir %{_localstatedir}/run/httpd
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd
@@ -509,15 +475,17 @@ rm -rf $RPM_BUILD_ROOT
%{_bindir}/*
%{_mandir}/man1/*
%doc LICENSE NOTICE
+%exclude %{_bindir}/apxs
%files manual
%defattr(-,root,root)
%{contentdir}/manual
-%config %{_sysconfdir}/httpd/conf.d/manual.conf
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf
%files -n mod_ssl
%defattr(-,root,root)
%{_libdir}/httpd/modules/mod_ssl.so
+%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf
%attr(0700,apache,root) %dir %{_localstatedir}/cache/mod_ssl
%attr(0600,apache,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.dir
@@ -528,7 +496,7 @@ rm -rf $RPM_BUILD_ROOT
%files devel
%defattr(-,root,root)
%{_includedir}/httpd
-%{_sbindir}/apxs
+%{_bindir}/apxs
%{_mandir}/man1/apxs.1*
%dir %{_libdir}/httpd/build
%{_libdir}/httpd/build/*.mk
@@ -536,6 +504,13 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/rpm/macros.httpd
%changelog
+* Tue Mar 6 2012 Joe Orton <jorton at redhat.com> - 2.4.1-1
+- update to 2.4.1
+- adopt upstream default httpd.conf (almost verbatim)
+- split all LoadModules to conf.modules.d/*.conf
+- include conf.d/*.conf at end of httpd.conf
+- trim %%changelog
+
* Mon Feb 13 2012 Joe Orton <jorton at redhat.com> - 2.2.22-2
- fix build against PCRE 8.30
@@ -656,343 +631,3 @@ rm -rf $RPM_BUILD_ROOT
* Sun Apr 04 2010 Robert Scheck <robert at fedoraproject.org> - 2.2.15-1
- update to 2.2.15 (#572404, #579311)
-* Thu Dec 3 2009 Joe Orton <jorton at redhat.com> - 2.2.14-1
-- update to 2.2.14
-- relax permissions on /var/run/httpd (#495780)
-- Requires(pre): httpd in mod_ssl subpackage (#543275)
-- add partial security fix for CVE-2009-3555 (#533125)
-
-* Tue Oct 27 2009 Tom "spot" Callaway <tcallawa at redhat.com> 2.2.13-4
-- add additional explanatory text to test page to help prevent legal emails to Fedora
-
-* Tue Sep 8 2009 Joe Orton <jorton at redhat.com> 2.2.13-2
-- restart service in posttrans (#491567)
-
-* Fri Aug 21 2009 Tomas Mraz <tmraz at redhat.com> - 2.2.13-2
-- rebuilt with new openssl
-
-* Tue Aug 18 2009 Joe Orton <jorton at redhat.com> 2.2.13-1
-- update to 2.2.13
-
-* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.2.11-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
-
-* Tue Jun 16 2009 Joe Orton <jorton at redhat.com> 2.2.11-9
-- build -manual as noarch
-
-* Tue Mar 17 2009 Joe Orton <jorton at redhat.com> 2.2.11-8
-- fix pidfile in httpd.logrotate (thanks to Rainer Traut)
-- don't build mod_mem_cache or mod_file_cache
-
-* Tue Feb 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.2.11-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
-
-* Thu Jan 22 2009 Joe Orton <jorton at redhat.com> 2.2.11-6
-- Require: apr-util-ldap (#471898)
-- init script changes: pass pidfile to status(), use status() in
- condrestart (#480602), support try-restart as alias for
- condrestart
-- change /etc/httpd/run symlink to have destination /var/run/httpd,
- and restore "run/httpd.conf" as default PidFile (#478688)
-
-* Fri Jan 16 2009 Tomas Mraz <tmraz at redhat.com> 2.2.11-5
-- rebuild with new openssl
-
-* Sat Dec 27 2008 Robert Scheck <robert at fedoraproject.org> 2.2.11-4
-- Made default configuration using /var/run/httpd for pid file
-
-* Thu Dec 18 2008 Joe Orton <jorton at redhat.com> 2.2.11-3
-- update to 2.2.11
-- package new /var/run/httpd directory, and move default pidfile
- location inside there
-
-* Tue Oct 21 2008 Joe Orton <jorton at redhat.com> 2.2.10-2
-- update to 2.2.10
-
-* Tue Jul 15 2008 Joe Orton <jorton at redhat.com> 2.2.9-5
-- move AddTypes for SSL cert/CRL types from ssl.conf to httpd.conf (#449979)
-
-* Mon Jul 14 2008 Joe Orton <jorton at redhat.com> 2.2.9-4
-- use Charset=UTF-8 in default httpd.conf (#455123)
-- only enable suexec when appropriate (Jim Radford, #453697)
-
-* Thu Jul 10 2008 Tom "spot" Callaway <tcallawa at redhat.com> 2.2.9-3
-- rebuild against new db4 4.7
-
-* Tue Jul 8 2008 Joe Orton <jorton at redhat.com> 2.2.9-2
-- update to 2.2.9
-- build event MPM too
-
-* Wed Jun 4 2008 Joe Orton <jorton at redhat.com> 2.2.8-4
-- correct UserDir directive in default config (#449815)
-
-* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 2.2.8-3
-- Autorebuild for GCC 4.3
-
-* Tue Jan 22 2008 Joe Orton <jorton at redhat.com> 2.2.8-2
-- update to 2.2.8
-- drop mod_imagemap
-
-* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 2.2.6-4
- - Rebuild for openssl bump
-
-* Mon Sep 17 2007 Joe Orton <jorton at redhat.com> 2.2.6-3
-- add fix for SSL library string regression (PR 43334)
-- use powered-by logo from system-logos (#250676)
-- preserve timestamps for installed config files
-
-* Fri Sep 7 2007 Joe Orton <jorton at redhat.com> 2.2.6-2
-- update to 2.2.6 (#250757, #282761)
-
-* Sun Sep 2 2007 Joe Orton <jorton at redhat.com> 2.2.4-10
-- rebuild for fixed APR
-
-* Wed Aug 22 2007 Joe Orton <jorton at redhat.com> 2.2.4-9
-- rebuild for expat soname bump
-
-* Tue Aug 21 2007 Joe Orton <jorton at redhat.com> 2.2.4-8
-- fix License
-- require /etc/mime.types (#249223)
-
-* Thu Jul 26 2007 Joe Orton <jorton at redhat.com> 2.2.4-7
-- drop -tools dependency on httpd (thanks to Matthias Saou)
-
-* Wed Jul 25 2007 Joe Orton <jorton at redhat.com> 2.2.4-6
-- split out utilities into -tools subpackage, based on patch
- by Jason Tibbs (#238257)
-
-* Tue Jul 24 2007 Joe Orton <jorton at redhat.com> 2.2.4-5
-- spec file cleanups: provide httpd-suexec, mod_dav;
- don't obsolete mod_jk; drop trailing dots from Summaries
-- init script
- * add LSB info header, support force-reload (#246944)
- * update description
- * drop 1.3 config check
- * pass $pidfile to daemon and pidfile everywhere
-
-* Wed May 9 2007 Joe Orton <jorton at redhat.com> 2.2.4-4
-- update welcome page branding
-
-* Tue Apr 3 2007 Joe Orton <jorton at redhat.com> 2.2.4-3
-- drop old triggers, old Requires, xmlto BR
-- use Requires(...) correctly
-- use standard BuildRoot
-- don't mark init script as config file
-- trim CHANGES further
-
-* Mon Mar 12 2007 Joe Orton <jorton at redhat.com> 2.2.4-2
-- update to 2.2.4
-- drop the migration guide (#223605)
-
-* Thu Dec 7 2006 Joe Orton <jorton at redhat.com> 2.2.3-8
-- fix path to instdso.sh in special.mk (#217677)
-- fix detection of links in "apachectl fullstatus"
-
-* Tue Dec 5 2006 Joe Orton <jorton at redhat.com> 2.2.3-7
-- rebuild for libpq soname bump
-
-* Sat Nov 11 2006 Joe Orton <jorton at redhat.com> 2.2.3-6
-- rebuild for BDB soname bump
-
-* Mon Sep 11 2006 Joe Orton <jorton at redhat.com> 2.2.3-5
-- updated "powered by Fedora" logo (#205573, Diana Fong)
-- tweak welcome page wording slightly (#205880)
-
-* Fri Aug 18 2006 Jesse Keating <jkeating at redhat.com> - 2.2.3-4
-- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc*
- (#203001)
-
-* Thu Aug 3 2006 Joe Orton <jorton at redhat.com> 2.2.3-3
-- init: use killproc() delay to avoid race killing parent
-
-* Fri Jul 28 2006 Joe Orton <jorton at redhat.com> 2.2.3-2
-- update to 2.2.3
-- trim %%changelog to >=2.0.52
-
-* Thu Jul 20 2006 Joe Orton <jorton at redhat.com> 2.2.2-8
-- fix segfault on dummy connection failure at graceful restart (#199429)
-
-* Wed Jul 19 2006 Joe Orton <jorton at redhat.com> 2.2.2-7
-- fix "apxs -g"-generated Makefile
-- fix buildconf with autoconf 2.60
-
-* Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 2.2.2-5.1
-- rebuild
-
-* Wed Jun 7 2006 Joe Orton <jorton at redhat.com> 2.2.2-5
-- require pkgconfig for -devel (#194152)
-- fixes for installed support makefiles (special.mk et al)
-- BR autoconf
-
-* Fri Jun 2 2006 Joe Orton <jorton at redhat.com> 2.2.2-4
-- make -devel package multilib-safe (#192686)
-
-* Thu May 11 2006 Joe Orton <jorton at redhat.com> 2.2.2-3
-- build DSOs using -z relro linker flag
-
-* Wed May 3 2006 Joe Orton <jorton at redhat.com> 2.2.2-2
-- update to 2.2.2
-
-* Thu Apr 6 2006 Joe Orton <jorton at redhat.com> 2.2.0-6
-- rebuild to pick up apr-util LDAP interface fix (#188073)
-
-* Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - (none):2.2.0-5.1.2
-- bump again for double-long bug on ppc(64)
-
-* Tue Feb 07 2006 Jesse Keating <jkeating at redhat.com> - (none):2.2.0-5.1.1
-- rebuilt for new gcc4.1 snapshot and glibc changes
-
-* Mon Feb 6 2006 Joe Orton <jorton at redhat.com> 2.2.0-5.1
-- mod_auth_basic/mod_authn_file: if no provider is configured,
- and AuthUserFile is not configured, decline to handle authn
- silently rather than failing noisily.
-
-* Fri Feb 3 2006 Joe Orton <jorton at redhat.com> 2.2.0-5
-- mod_ssl: add security fix for CVE-2005-3357 (#177914)
-- mod_imagemap: add security fix for CVE-2005-3352 (#177913)
-- add fix for AP_INIT_* designated initializers with C++ compilers
-- httpd.conf: enable HTMLTable in default IndexOptions
-- httpd.conf: add more "redirect-carefully" matches for DAV clients
-
-* Thu Jan 5 2006 Joe Orton <jorton at redhat.com> 2.2.0-4
-- mod_proxy_ajp: fix Cookie handling (Mladen Turk, r358769)
-
-* Fri Dec 09 2005 Jesse Keating <jkeating at redhat.com>
-- rebuilt
-
-* Wed Dec 7 2005 Joe Orton <jorton at redhat.com> 2.2.0-3
-- strip manual to just English content
-
-* Mon Dec 5 2005 Joe Orton <jorton at redhat.com> 2.2.0-2
-- don't strip C-L from HEAD responses (Greg Ames, #110552)
-- load mod_proxy_balancer by default
-- add proxy_ajp.conf to load/configure mod_proxy_ajp
-- Obsolete mod_jk
-- update docs URLs in httpd.conf/ssl.conf
-
-* Fri Dec 2 2005 Joe Orton <jorton at redhat.com> 2.2.0-1
-- update to 2.2.0
-
-* Wed Nov 30 2005 Joe Orton <jorton at redhat.com> 2.1.10-2
-- enable mod_authn_alias, mod_authn_anon
-- update default httpd.conf
-
-* Fri Nov 25 2005 Joe Orton <jorton at redhat.com> 2.1.10-1
-- update to 2.1.10
-- require apr >= 1.2.0, apr-util >= 1.2.0
-
-* Wed Nov 9 2005 Tomas Mraz <tmraz at redhat.com> 2.0.54-16
-- rebuilt against new openssl
-
-* Thu Nov 3 2005 Joe Orton <jorton at redhat.com> 2.0.54-15
-- log notice giving SELinux context at startup if enabled
-- drop SSLv2 and restrict default cipher suite in default
- SSL configuration
-
-* Thu Oct 20 2005 Joe Orton <jorton at redhat.com> 2.0.54-14
-- mod_ssl: add security fix for SSLVerifyClient (CVE-2005-2700)
-- add security fix for byterange filter DoS (CVE-2005-2728)
-- add security fix for C-L vs T-E handling (CVE-2005-2088)
-- mod_ssl: add security fix for CRL overflow (CVE-2005-1268)
-- mod_ldap/mod_auth_ldap: add fixes from 2.0.x branch (upstream #34209 etc)
-- add fix for dummy connection handling (#167425)
-- mod_auth_digest: fix hostinfo comparison in CONNECT requests
-- mod_include: fix variable corruption in nested includes (upstream #12655)
-- mod_ssl: add fix for handling non-blocking reads
-- mod_ssl: fix to enable output buffering (upstream #35279)
-- mod_ssl: buffer request bodies for per-location renegotiation (upstream #12355)
-
-* Sat Aug 13 2005 Joe Orton <jorton at redhat.com> 2.0.54-13
-- don't load by default: mod_cern_meta, mod_asis
-- do load by default: mod_ext_filter (#165893)
-
-* Thu Jul 28 2005 Joe Orton <jorton at redhat.com> 2.0.54-12
-- drop broken epoch deps
-
-* Thu Jun 30 2005 Joe Orton <jorton at redhat.com> 2.0.54-11
-- mod_dav_fs: fix uninitialized variable (#162144)
-- add epoch to dependencies as appropriate
-- mod_ssl: drop dependencies on dev, make
-- mod_ssl: mark post script dependencies as such
-
-* Mon May 23 2005 Joe Orton <jorton at redhat.com> 2.0.54-10
-- remove broken symlink (Robert Scheck, #158404)
-
-* Wed May 18 2005 Joe Orton <jorton at redhat.com> 2.0.54-9
-- add piped logger fixes (w/Jeff Trawick)
-
-* Mon May 9 2005 Joe Orton <jorton at redhat.com> 2.0.54-8
-- drop old "powered by Red Hat" logos
-
-* Wed May 4 2005 Joe Orton <jorton at redhat.com> 2.0.54-7
-- mod_userdir: fix memory allocation issue (upstream #34588)
-- mod_ldap: fix memory corruption issue (Brad Nicholes, upstream #34618)
-
-* Tue Apr 26 2005 Joe Orton <jorton at redhat.com> 2.0.54-6
-- fix key/cert locations in post script
-
-* Mon Apr 25 2005 Joe Orton <jorton at redhat.com> 2.0.54-5
-- create default dummy cert in /etc/pki/tls
-- use a pseudo-random serial number on the dummy cert
-- change default ssl.conf to point at /etc/pki/tls
-- merge back -suexec subpackage; SELinux policy can now be
- used to persistently disable suexec (#155716)
-- drop /etc/httpd/conf/ssl.* directories and Makefiles
-- unconditionally enable PIE support
-- mod_ssl: fix for picking up -shutdown options (upstream #34452)
-
-* Mon Apr 18 2005 Joe Orton <jorton at redhat.com> 2.0.54-4
-- replace PreReq with Requires(pre)
-
-* Mon Apr 18 2005 Joe Orton <jorton at redhat.com> 2.0.54-3
-- update to 2.0.54
-
-* Tue Mar 29 2005 Joe Orton <jorton at redhat.com> 2.0.53-6
-- update default httpd.conf:
- * clarify the comments on AddDefaultCharset usage (#135821)
- * remove all the AddCharset default extensions
- * don't load mod_imap by default
- * synch with upstream 2.0.53 httpd-std.conf
-- mod_ssl: set user from SSLUserName in access hook (upstream #31418)
-- htdigest: fix permissions of created files (upstream #33765)
-- remove htsslpass
-
-* Wed Mar 2 2005 Joe Orton <jorton at redhat.com> 2.0.53-5
-- apachectl: restore use of $OPTIONS again
-
-* Wed Feb 9 2005 Joe Orton <jorton at redhat.com> 2.0.53-4
-- update to 2.0.53
-- move prefork/worker modules comparison to %%check
-
-* Mon Feb 7 2005 Joe Orton <jorton at redhat.com> 2.0.52-7
-- fix cosmetic issues in "service httpd reload"
-- move User/Group higher in httpd.conf (#146793)
-- load mod_logio by default in httpd.conf
-- apachectl: update for correct libselinux tools locations
-
-* Tue Nov 16 2004 Joe Orton <jorton at redhat.com> 2.0.52-6
-- add security fix for CVE CAN-2004-0942 (memory consumption DoS)
-- SELinux: run httpd -t under runcon in configtest (Steven Smalley)
-- fix SSLSessionCache comment for distcache in ssl.conf
-- restart using SIGHUP not SIGUSR1 after logrotate
-- add ap_save_brigade fix (upstream #31247)
-- mod_ssl: fix possible segfault in auth hook (upstream #31848)
-- add htsslpass(1) and configure as default SSLPassPhraseDialog (#128677)
-- apachectl: restore use of $OPTIONS
-- apachectl, httpd.init: refuse to restart if $HTTPD -t fails
-- apachectl: run $HTTPD -t in user SELinux context for configtest
-- update for pcre-5.0 header locations
-
-* Sat Nov 13 2004 Jeff Johnson <jbj at redhat.com> 2.0.52-5
-- rebuild against db-4.3.21 aware apr-util.
-
-* Thu Nov 11 2004 Jeff Johnson <jbj at jbj.org> 2.0.52-4
-- rebuild against db-4.3-21.
-
-* Thu Sep 28 2004 Joe Orton <jorton at redhat.com> 2.0.52-3
-- add dummy connection address fixes from HEAD
-- mod_ssl: add security fix for CAN-2004-0885
-
-* Tue Sep 28 2004 Joe Orton <jorton at redhat.com> 2.0.52-2
-- update to 2.0.52
-
diff --git a/httpd.sysconf b/httpd.sysconf
index 46230e4..dbfa265 100644
--- a/httpd.sysconf
+++ b/httpd.sysconf
@@ -1,4 +1,8 @@
-# Configuration file for the httpd service.
+#
+# This file can be used to set additional environment variables
+# for the httpd process, or pass additional options to the httpd
+# executable
+#
#
# To pass additional options (for instance, -D definitions) to the
diff --git a/manual.conf b/manual.conf
index f2cbc8f..d09757d 100644
--- a/manual.conf
+++ b/manual.conf
@@ -2,11 +2,10 @@
# This configuration file allows the manual to be accessed at
# http://localhost/manual/
#
-AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ "/var/www/manual$1"
+AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ "/usr/share/httpd/manual$1"
-<Directory "/var/www/manual">
+<Directory "/usr/share/httpd/manual">
Options Indexes
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all granted
</Directory>
diff --git a/sources b/sources
index c130096..bc05f96 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-9fe3093194c8a57f085ff7c3fc43715f httpd-2.2.22.tar.bz2
+7d3001c7a26b985d17caa367a868f11c httpd-2.4.1.tar.bz2
diff --git a/ssl.conf b/ssl.conf
index d335c89..5791eaf 100644
--- a/ssl.conf
+++ b/ssl.conf
@@ -1,21 +1,8 @@
#
-# This is the Apache server configuration file providing SSL support.
-# It contains the configuration directives to instruct the server how to
-# serve pages over an https connection. For detailing information about these
-# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
-#
-# Do NOT simply read the instructions in here without understanding
-# what they do. They're here only as hints or reminders. If you are unsure
-# consult the online docs. You have been warned.
-#
-
-LoadModule ssl_module modules/mod_ssl.so
-
-#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
-Listen 443
+Listen 443 https
##
## SSL Global Context
@@ -37,11 +24,6 @@ SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
-# Semaphore:
-# Configure the path to the mutual exclusion semaphore the
-# SSL engine uses internally for inter-process synchronization.
-SSLMutex default
-
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
@@ -96,12 +78,19 @@ SSLProtocol all -SSLv2
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
-SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
-
-# SSL Cipher Honor Order:
-# On a busy HTTPS server you may want to enable this directive
-# to force clients to use one of the faster ciphers like RC4-SHA
-# or AES128-SHA in the order defined by SSLCipherSuite.
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
+
+# Speed-optimized SSL Cipher configuration:
+# If speed is your main concern (on busy HTTPS servers e.g.),
+# you might want to force clients to specific, performance
+# optimized ciphers. In this case, prepend those ciphers
+# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
+# Caveat: by giving precedence to RC4-SHA and AES128-SHA
+# (as in the example below), most connections will no longer
+# have perfect forward secrecy - if the server's key is
+# compromised, captures of past or future traffic must be
+# considered compromised, too.
+#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
# Server Certificate:
@@ -215,7 +204,7 @@ SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
-SetEnvIf User-Agent ".*MSIE.*" \
+BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
diff --git a/userdir.conf b/userdir.conf
new file mode 100644
index 0000000..b5d7a49
--- /dev/null
+++ b/userdir.conf
@@ -0,0 +1,36 @@
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received.
+#
+# The path to the end user account 'public_html' directory must be
+# accessible to the webserver userid. This usually means that ~userid
+# must have permissions of 711, ~userid/public_html must have permissions
+# of 755, and documents contained therein must be world-readable.
+# Otherwise, the client will only receive a "403 Forbidden" message.
+#
+<IfModule mod_userdir.c>
+ #
+ # UserDir is disabled by default since it can confirm the presence
+ # of a username on the system (depending on home directory
+ # permissions).
+ #
+ UserDir disabled
+
+ #
+ # To enable requests to /~user/ to serve the user's public_html
+ # directory, remove the "UserDir disabled" line above, and uncomment
+ # the following line instead:
+ #
+ #UserDir public_html
+</IfModule>
+
+#
+# Control access to UserDir directories. The following is an example
+# for a site where these directories are restricted to read-only.
+#
+<Directory "/home/*/public_html">
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ Require method GET POST OPTIONS
+</Directory>
+
diff --git a/welcome.conf b/welcome.conf
index c1d23c5..5d1e452 100644
--- a/welcome.conf
+++ b/welcome.conf
@@ -1,11 +1,18 @@
#
-# This configuration file enables the default "Welcome"
-# page if there is no default index page present for
-# the root URL. To disable the Welcome page, comment
-# out all the lines below.
+# This configuration file enables the default "Welcome" page if there
+# is no default index page present for the root URL. To disable the
+# Welcome page, comment out all the lines below.
+#
+# NOTE: if this file is removed, it will be restored on upgrades.
#
<LocationMatch "^/+$">
Options -Indexes
- ErrorDocument 403 /error/noindex.html
+ ErrorDocument 403 /.noindex.html
</LocationMatch>
+<Directory /usr/share/httpd/noindex>
+ AllowOverride None
+ Require all granted
+</Directory>
+
+Alias /.noindex.html /usr/share/httpd/noindex/index.html
More information about the scm-commits
mailing list