From de403f23ce1212c6b2ba4b266b9e660ddf0930d0 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Thu, 19 Oct 2017 18:11:14 +0000 Subject: [PATCH] - merged 2.4.28 from PLD, TLDized --- apache-common.conf | 34 ++ apache-httpd.conf | 41 ++- apache-manual.conf | 4 + apache-mod_authz_host.conf | 9 - apache-mod_autoindex.conf | 6 +- apache-mod_http2.conf | 5 + apache-mod_info.conf | 5 + apache-mod_proxy.conf | 9 +- apache-mod_ssl.conf | 32 +- apache-mod_status.conf | 5 + apache-mod_userdir.conf | 10 +- apache-mpm.conf | 8 +- apache-multilang-errordoc.conf | 4 + apache.init | 2 + apache.logrotate | 6 +- apache.spec | 565 +++++++++++++++------------------ apache.sysconfig | 4 +- libtool-tag.patch | 35 ++ lua-lib.patch | 16 - 19 files changed, 440 insertions(+), 360 deletions(-) create mode 100644 apache-mod_http2.conf mode change 100644 => 100755 apache.init delete mode 100644 lua-lib.patch diff --git a/apache-common.conf b/apache-common.conf index 8643668..085c5e7 100644 --- a/apache-common.conf +++ b/apache-common.conf @@ -18,8 +18,38 @@ DocumentRoot "/home/services/httpd/html" Require all denied + + Order deny,allow + Deny from all + +# Prevent access to: +# - .htaccess and .htpasswd files +# - backup files from being viewed +# - PHP's .user.ini + + + Require all denied + + + Order deny,allow + Deny from all + + + +# Prevent access to: +# - version control directories + + + Require all denied + + + Order deny,allow + Deny from all + + + # # This should be changed to whatever you set DocumentRoot to. # @@ -51,5 +81,9 @@ DocumentRoot "/home/services/httpd/html" Require all granted + + Order allow,deny + Allow from all + diff --git a/apache-httpd.conf b/apache-httpd.conf index 28199f7..31ff912 100644 --- a/apache-httpd.conf +++ b/apache-httpd.conf @@ -2,15 +2,14 @@ # It contains the configuration directives that give the server its instructions. # # This config aims to be clean and readable. -# See for detailed information. +# See for detailed information. # In particular, see -# +# # for a discussion of each configuration directive. ServerRoot "/etc/httpd" -LoadModule unixd_module modules/mod_unixd.so - +LoadModule unixd_module modules/mod_unixd.so # User/Group: The name (or #number) of the user/group to run httpd as. # It is usually good practice to create a dedicated user and group for @@ -28,8 +27,8 @@ Group http Listen 80 # ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@example.com +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@example.com # ServerAdmin root@example.com @@ -44,10 +43,17 @@ ServerName localhost # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a # container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a +# logged here. If you *do* define an error logfile for a # container, that host's errors will be logged there and not here. ErrorLog logs/error_log +# ErrorLogFormat [connection|request] format +# Format specification for error log entries +# https://httpd.apache.org/docs/2.4/mod/core.html#errorlogformat +# There is no default value, Apache uses different built in function if +# ErrorLogFormat is not defined. +#ErrorLogFormat "[%{u}t] [%m:%l] [pid\ %P] [client\ %a] [vhost\ %v] %M" + # LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. @@ -66,6 +72,17 @@ HostnameLookups Off TraceEnable Off +# +# EnableMMAP and EnableSendfile: On systems that support it, memory-mapping or +# the sendfile syscall may be used to deliver files. +# This usually improves server performance, but must be turned off when serving +# from networked-mounted filesystems or if support for these functions is +# otherwise broken on your system. +# Defaults if commented: EnableMMAP On, EnableSendfile Off +# +#EnableMMAP off +EnableSendfile on + # Include other modules and packages config. IncludeOptional conf.d/*.conf @@ -84,7 +101,7 @@ IncludeOptional webapps.d/*.conf # To disable, set to header=0 body=0 # - RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 + RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 @@ -92,7 +109,7 @@ IncludeOptional webapps.d/*.conf # ScriptAliases are essentially the same as Aliases, except that # documents in the target directory are treated as applications and # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias + # client. The same rules about trailing "/" apply to ScriptAlias # directives as to Alias. # ScriptAlias /cgi-bin/ "/home/services/httpd/cgi-bin/" @@ -103,6 +120,10 @@ IncludeOptional webapps.d/*.conf Require all granted + + Order allow,deny + Allow from all + @@ -116,7 +137,7 @@ IncludeOptional webapps.d/*.conf # Setup default vhost (first one defined in config) and include vhosts configuration - ServerName localhost + ServerName localhost # ServerAdmin webmaster@host.example.com # DocumentRoot /www/docs/host.example.com # ErrorLog logs/host.example.com-error_log diff --git a/apache-manual.conf b/apache-manual.conf index 709d97f..1ccd95f 100644 --- a/apache-manual.conf +++ b/apache-manual.conf @@ -14,6 +14,10 @@ AliasMatch ^/manual(?:/(?:da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn))?(/.*)?$ "/hom Options Indexes AllowOverride None Require all granted + + Order allow,deny + Allow from all + SetHandler type-map diff --git a/apache-mod_authz_host.conf b/apache-mod_authz_host.conf index 6792035..e1a022f 100644 --- a/apache-mod_authz_host.conf +++ b/apache-mod_authz_host.conf @@ -1,10 +1 @@ LoadModule authz_host_module modules/mod_authz_host.so - -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - - Require all denied - - diff --git a/apache-mod_autoindex.conf b/apache-mod_autoindex.conf index 7b902c6..165fde4 100644 --- a/apache-mod_autoindex.conf +++ b/apache-mod_autoindex.conf @@ -22,11 +22,15 @@ IndexOptions FancyIndexing HTMLTable VersionSort Charset=UTF-8 Alias /icons/ "/home/services/httpd/icons/" - Options Indexes MultiViews + Options Indexes AllowOverride None Require all granted + + Order allow,deny + Allow from all + # diff --git a/apache-mod_http2.conf b/apache-mod_http2.conf new file mode 100644 index 0000000..4e1a3b0 --- /dev/null +++ b/apache-mod_http2.conf @@ -0,0 +1,5 @@ +LoadModule http2_module modules/mod_http2.so + + + LogLevel http2:info + diff --git a/apache-mod_info.conf b/apache-mod_info.conf index 9ba6d7a..4dca480 100644 --- a/apache-mod_info.conf +++ b/apache-mod_info.conf @@ -16,6 +16,11 @@ LoadModule info_module modules/mod_info.so # Require host .example.com # Require ip 127 Require local + + Order deny,allow + Deny from all + Allow from 127.0.0.1 + diff --git a/apache-mod_proxy.conf b/apache-mod_proxy.conf index 2b0181d..00f9a57 100644 --- a/apache-mod_proxy.conf +++ b/apache-mod_proxy.conf @@ -16,7 +16,7 @@ LoadModule proxy_module modules/mod_proxy.so #LoadModule proxy_http_module modules/mod_proxy_http.so #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so #LoadModule proxy_html_module modules/mod_proxy_html.so -#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so +#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so # Proxy Server directives. Uncomment the following lines to # enable the proxy server: @@ -25,12 +25,17 @@ LoadModule proxy_module modules/mod_proxy.so ProxyRequests On # # -# This prevents spammers from using apache as a relay by posting to +# This prevents spammers from using apache as a relay by posting to # http://victim:25/ and sending raw data. # Require all denied # Require host .your-domain.com + + Order deny,allow + Deny from all +# Allow from .your-domain.com + # enable local fcgi proxy request, e.x for php-fpm diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf index ea88204..5fdfa7e 100644 --- a/apache-mod_ssl.conf +++ b/apache-mod_ssl.conf @@ -54,24 +54,35 @@ SSLPassPhraseDialog builtin # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). #SSLSessionCache dbm:/var/cache/httpd/ssl_scache -#SSLSessionCache shmcb:/var/cache/httpd/ssl_scache(512000) - -# Replace this with one of the above (addition apache-mod_socache -# needs to be installed and a apropriate module has to be loaded) -SSLSessionCache nonenotnull +#SSLSessionCache shmcb:/var/run/ssl_scache(512000) +SSLSessionCache shmcb:/var/cache/httpd/ssl_scache(512000) SSLSessionCacheTimeout 300 +# FOLLOW SECURE DEFAULTS: https://wiki.mozilla.org/Security/Server_Side_TLS + # Usable SSL protocol flavors: # This directive can be used to control the SSL protocol flavors mod_ssl # should use when establishing its server environment. Clients then can only # connect with one of the provided protocols. -SSLProtocol all -SSLv2 +SSLProtocol all -SSLv2 -SSLv3 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. -SSLCipherSuite ALL:!ADH:!EXP:!LOW:!SSLv2:RC4+RSA:+HIGH:+MEDIUM +SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA + +SSLHonorCipherOrder on +SSLCompression off + +# OCSP Stapling +SSLUseStapling off +SSLStaplingResponderTimeout 5 +SSLStaplingReturnResponderErrors off +SSLStaplingCache shmcb:/var/cache/httpd/ocsp(128000) + +# Whether to allow non-SNI clients to access a name-based virtual host. +#SSLStrictSNIVHostCheck on ## ## SSL Virtual Host Context @@ -82,6 +93,10 @@ SSLCipherSuite ALL:!ADH:!EXP:!LOW:!SSLv2:RC4+RSA:+HIGH:+MEDIUM # Enable/Disable SSL for this virtual host. SSLEngine on +# Enable, if you have real ssl cert and want to cache OCSP +# https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx +SSLUseStapling off + # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a @@ -212,7 +227,8 @@ SSLCertificateKeyFile /etc/httpd/ssl/server.key # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. - BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 + BrowserMatch ".*MSIE [2-5]\..*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 + BrowserMatch ".*MSIE [6-9]\..*" ssl-unclean-shutdown # Per-Server Logging: diff --git a/apache-mod_status.conf b/apache-mod_status.conf index a5fd90b..6477a23 100644 --- a/apache-mod_status.conf +++ b/apache-mod_status.conf @@ -17,6 +17,11 @@ LoadModule status_module modules/mod_status.so # Require host .example.com # Require ip 127 Require local + + Order deny,allow + Deny from all + Allow from 127.0.0.1 + # diff --git a/apache-mod_userdir.conf b/apache-mod_userdir.conf index 1bcff5d..534367a 100644 --- a/apache-mod_userdir.conf +++ b/apache-mod_userdir.conf @@ -18,12 +18,20 @@ UserDir public_html # AllowOverride FileInfo AuthConfig Limit Indexes - Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + Options Indexes SymLinksIfOwnerMatch IncludesNoExec Require all granted + + Order allow,deny + Allow from all + Require all denied + + Order deny,allow + Deny from all + # # php_admin_value open_basedir "/home/users:/usr/share/pear:/usr/share/php:/tmp" diff --git a/apache-mpm.conf b/apache-mpm.conf index 51cd43d..5a1b75c 100644 --- a/apache-mpm.conf +++ b/apache-mpm.conf @@ -15,10 +15,14 @@ LoadModule mpm_prefork_module modules/mod_mpm_prefork.so # PidFile /var/run/httpd.pid +# Mutex: Allows you to set the mutex mechanism and mutex file directory +# for individual mutexes, or change the global defaults # -# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# Uncomment and change the directory if mutexes are file-based and the default +# mutex file directory is not on a local disk or is not appropriate for some +# other reason. # -Mutex file:/var/run/httpd/ +# Mutex default:/var/run/httpd/ # # Only one of the below sections will be relevant on your diff --git a/apache-multilang-errordoc.conf b/apache-multilang-errordoc.conf index 0cc6af5..b4bf2a3 100644 --- a/apache-multilang-errordoc.conf +++ b/apache-multilang-errordoc.conf @@ -27,6 +27,10 @@ Alias /error/ "/home/services/httpd/error/" AddOutputFilter Includes html AddHandler type-map var Require all granted + + Order allow,deny + Allow from all + LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr ForceLanguagePriority Prefer Fallback diff --git a/apache.init b/apache.init old mode 100644 new mode 100755 index 8ce5a86..00dd2f4 --- a/apache.init +++ b/apache.init @@ -127,6 +127,7 @@ condrestart() { checkconfig stop + [ "$RESTART_DELAY" ] && usleep $RESTART_DELAY start } @@ -142,6 +143,7 @@ case "$1" in restart) checkconfig stop + [ "$RESTART_DELAY" ] && usleep $RESTART_DELAY start 0 ;; try-restart) diff --git a/apache.logrotate b/apache.logrotate index 27ebbe5..2d05b37 100644 --- a/apache.logrotate +++ b/apache.logrotate @@ -9,6 +9,10 @@ olddir /var/log/archive/httpd sharedscripts postrotate - /sbin/service httpd flush-logs > /dev/null + if /bin/systemd_booted; then + /bin/systemctl reload httpd.service + else + /sbin/service httpd flush-logs > /dev/null + fi endscript } diff --git a/apache.spec b/apache.spec index 3c6451d..b091e53 100644 --- a/apache.spec +++ b/apache.spec @@ -1,4 +1,4 @@ -# # TODO: +# TODO: # - config examples for mod_* # - --with-suexec-uidmin=500 or =1000 ? # - check those autn modules inner deps @@ -14,15 +14,16 @@ # Conditional build: %bcond_without ssl # build without SSL support %bcond_without ldap # build without LDAP support -%bcond_with itk # ITK MPM %bcond_with distcache # distcache support %bcond_with bucketeer # debug one +%bcond_without http2 # HTTP/2 support # this is internal macro, don't change to %%apache_modules_api %define _apache_modules_api 20120211 -%define openssl_ver 1.0.1f -%define apr_ver 1:1.5.0 +%define openssl_ver 1.0.2 +%define apr_ver 1:1.6.0 +%define apr_util_ver 1:1.6.0 %include /usr/lib/rpm/macros.perl Summary: The most widely used Web server on the Internet @@ -34,12 +35,12 @@ Summary(pt_BR.UTF-8): Servidor HTTPD para prover serviços WWW Summary(ru.UTF-8): Самый популярный веб-сервер Summary(tr.UTF-8): Lider WWW tarayıcı Name: apache -Version: 2.4.25 +Version: 2.4.28 Release: 1 License: Apache v2.0 Group: Networking/Daemons/HTTP -Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz -# Source0-md5: 24fb8b9e36cf131d78caae864fea0f6a +Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 +# Source0-md5: 49007ffe8e37a0834255b279810edf24 Source1: %{name}.init Source2: %{name}.logrotate Source3: %{name}.sysconfig @@ -69,13 +70,12 @@ Source26: %{name}-mod_log_config.conf Source27: %{name}-mod_mime_magic.conf Source28: %{name}-mod_cache.conf Source29: %{name}-example.net.conf +Source32: %{name}-mod_http2.conf Patch0: %{name}-configdir_skip_backups.patch Patch1: %{name}-layout.patch Patch2: %{name}-suexec.patch Patch3: %{name}-branding.patch Patch4: %{name}-apr.patch -Patch5: httpd-dummy-connection-result.patch - Patch7: %{name}-syslibs.patch Patch10: httpd-2.0.46-dav401dest.patch @@ -84,22 +84,24 @@ Patch15: httpd-2.0.48-debuglog.patch Patch18: %{name}-v6only-ENOPROTOOPT.patch Patch19: %{name}-conffile-path.patch Patch20: %{name}-apxs.patch +# Relaxed version of suexec. If called as suexec.fcgi don't check uid/gid against file owner. +# Required by our patched mod_fcgid to run php as fcgi via suexec. Patch23: %{name}-suexec_fcgi.patch # http://scripts.mit.edu/trac/browser/trunk/server/common/patches/httpd-2.2.x-mod_ssl-sessioncaching.patch?rev=1348 Patch25: httpd-2.2.x-mod_ssl-sessioncaching.patch Patch26: %{name}-mod_vhost_alias_docroot.patch -# http://mpm-itk.sesse.net/ -Patch28: %{name}-mpm-itk.patch Patch29: libtool-tag.patch -Patch30: lua-lib.patch URL: http://httpd.apache.org/ BuildRequires: apr-devel >= %{apr_ver} -BuildRequires: apr-util-devel >= 1:1.3.10-2 +BuildRequires: apr-util-devel >= %{apr_util_ver} BuildRequires: autoconf >= 2.50 BuildRequires: automake %{?with_distcache:BuildRequires: distcache-devel} +BuildRequires: libbrotli-devel >= 0.6.0 BuildRequires: libtool >= 2:1.5 -BuildRequires: lua51-devel +BuildRequires: libxml2-devel >= 2 +BuildRequires: lua53-devel >= 5.3 +%{?with_http2:BuildRequires: nghttp2-devel >= 1.15.0} %{?with_ldap:BuildRequires: openldap-devel >= 2.3.0} %{?with_ssl:BuildRequires: openssl-devel >= %{openssl_ver}} %{?with_ssl:BuildRequires: openssl-tools >= %{openssl_ver}} @@ -114,13 +116,22 @@ BuildRequires: zlib-devel Requires: %{name}-errordocs = %{version}-%{release} Requires: %{name}-mod_alias = %{version}-%{release} Requires: %{name}-mod_auth = %{version}-%{release} +Requires: %{name}-mod_autoindex = %{version}-%{release} +Requires: %{name}-mod_deflate = %{version}-%{release} +Requires: %{name}-mod_dir = %{version}-%{release} Requires: %{name}-mod_env = %{version}-%{release} +Requires: %{name}-mod_filter = %{version}-%{release} +Requires: %{name}-mod_headers = %{version}-%{release} Requires: %{name}-mod_log_config = %{version}-%{release} +Requires: %{name}-mod_logio = %{version}-%{release} Requires: %{name}-mod_mime = %{version}-%{release} Requires: %{name}-mod_mime_magic = %{version}-%{release} Requires: %{name}-mod_negotiation = %{version}-%{release} +Requires: %{name}-mod_reqtimeout = %{version}-%{release} +Requires: %{name}-mod_rewrite = %{version}-%{release} Requires: %{name}-mod_setenvif = %{version}-%{release} Requires: %{name}-mod_speling = %{version}-%{release} +Requires: %{name}-mod_status = %{version}-%{release} Requires: %{name}-mod_userdir = %{version}-%{release} Requires: %{name}-mod_version = %{version}-%{release} Requires: %{name}-tools = %{version}-%{release} @@ -187,6 +198,7 @@ Requires(pre): /usr/sbin/groupadd Requires(pre): /usr/sbin/useradd Requires: /sbin/chkconfig Requires: apr >= %{apr_ver} +Requires: apr-util >= %{apr_util_ver} Requires: psmisc >= 20.1 Requires: rc-scripts >= 0.4.1.23 Requires: sed >= 4.0 @@ -253,6 +265,9 @@ Summary(pl.UTF-8): Pliki Apache index.html* Group: Documentation Requires: %{name}-base = %{version}-%{release} Obsoletes: indexhtml +%if "%{_rpmversion}" >= "5" +BuildArch: noarch +%endif %description index Apache index.html* files. @@ -269,6 +284,9 @@ Requires: %{name}-mod_alias = %{version}-%{release} Requires: %{name}-mod_dir = %{version}-%{release} Requires: %{name}-mod_negotiation = %{version}-%{release} Requires: %{name}-mod_setenvif = %{version}-%{release} +%if "%{_rpmversion}" >= "5" +BuildArch: noarch +%endif %description doc Apache manual. @@ -286,6 +304,9 @@ Requires: %{name}-mod_alias = %{version}-%{release} Requires: %{name}-mod_authz_host = %{version}-%{release} Requires: %{name}-mod_include = %{version}-%{release} Requires: %{name}-mod_negotiation = %{version}-%{release} +%if "%{_rpmversion}" >= "5" +BuildArch: noarch +%endif %description errordocs Multi-language error messages. @@ -301,7 +322,7 @@ Summary(pl.UTF-8): Pliki nagłówkowe do tworzenia modułów rozszerzeń do serw Summary(pt_BR.UTF-8): Arquivos de inclusão do Apache para desenvolvimento de módulos Summary(ru.UTF-8): Средства разработки модулей для веб-сервера Apache Group: Networking/Utilities -Requires: apr-util-devel >= 1:1.2 +Requires: apr-util-devel >= %{apr_util_ver} Requires: libtool Obsoletes: apache-apxs Obsoletes: apache-static @@ -547,13 +568,10 @@ Requires: %{name}-base = %{version}-%{release} Provides: apache(mod_auth_digest) = %{version}-%{release} %description mod_auth_digest -This module implements HTTP Digest Authentication. However, it has not -been extensively tested and is therefore marked experimental. +This module implements HTTP Digest Authentication. %description mod_auth_digest -l pl.UTF-8 -Ten moduł implementuje uwierzytelnienie HTTP Digest. Nie został on -jednak zbyt obszernie przetestowany, więc jest oznaczony jako -eksperymentalny. +Ten moduł implementuje uwierzytelnienie HTTP Digest. %package mod_auth_form Summary: Form authentication @@ -707,8 +725,9 @@ Summary(pl.UTF-8): Moduł Apache'a umożliwiający przechowywanie danych dla uwi Group: Networking/Daemons/HTTP URL: http://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_authn_core = %{version}-%{release} Requires: %{name}-mod_ldap = %{version}-%{release} -Requires: apr-util-ldap +Requires: apr-util-ldap >= %{apr_util_ver} Provides: apache(mod_authnz_ldap) = %{version}-%{release} # compat Provides: apache(mod_auth_ldap) = %{version}-%{release} @@ -899,7 +918,7 @@ WWW dla uwierzytelnionych użytkowników. %package mod_autoindex Summary: Apache module - display index of files -Summary(pl.UTF-8): Moduł apache do wyświetlania indeksu plików +Summary(pl.UTF-8): Moduł Apache'a do wyświetlania indeksu plików Group: Networking/Daemons/HTTP URL: http://httpd.apache.org/docs/2.4/en/mod/mod_autoindex.html Requires: %{name}-base = %{version}-%{release} @@ -913,8 +932,27 @@ index of files. %description mod_autoindex -l pl.UTF-8 Ten pakiet dostarcza moduł autoindex, który generuje indeks plików. +%package mod_brotli +Summary: Apache module: compress content via Brotli before it is delivered to the client +Summary(pl.UTF-8): Moduł Apache'a kompresujący treść przy użyciu formatu Brotli przed wysłaniem do klienta +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.4/mod/mod_brotli.html +Requires: %{name}-base = %{version}-%{release} +Requires: libbrotli >= 0.6.0 +Provides: apache(mod_brotli) = %{version}-%{release} + +%description mod_brotli +The mod_brotli module provides the BROTLI_COMPRESS output filter that +allows output from your server to be compressed using the brotli +compression format before being sent to the client over the network. + +%description mod_brotli -l pl.UTF-8 +Moduł mod_brotli udostępnia filtr wyjściowy BROTLI_COMPRESS, +pozwalający na kompresowanie wyjścia z serwera przy użyciu formatu +kompresji brotli przed wysłaniem przez sieć do klienta. + %package mod_bucketeer -Summary: buckets manipulation filter +Summary: Buckets manipulation filter Summary(pl.UTF-8): Dzielenie kubełków po znalezieniu znaku sterującego Group: Networking/Daemons/HTTP Requires: %{name}-base = %{version}-%{release} @@ -1121,16 +1159,12 @@ Specify character set translation or recoding. This module provides a small subset of configuration mechanisms implemented by Russian Apache and its associated mod_charset. -This is an experimental module and should be used with care. - %description mod_charset_lite -l pl.UTF-8 Translacja lub przekodowywanie znaków. Ten moduł udostępnia niewielki podzbiór mechanizmów konfiguracyjnych zaimplementowanych przez Russian Apache i powiązany z nim mod_charset. -Jest to moduł eksperymentalny i należy używać go z uwagą. - %package mod_data Summary: Convert response body into an RFC2397 data URL Summary(pl.UTF-8): Konwersja ciała odpowiedzi do URL-a danych RFC2397 @@ -1164,9 +1198,7 @@ Summary(pl.UTF-8): Moduł Apache'a - rozproszone autorstwo i wersjonowanie Group: Networking/Daemons/HTTP URL: http://httpd.apache.org/docs/2.4/en/mod/mod_dav.html Requires: %{name}-base = %{version}-%{release} -Requires: apache-mod_authn_file -Requires: apache-mod_setenvif -Requires: apr-util-dbm-db +Requires: apr-util-dbm-db >= %{apr_util_ver} Provides: apache(mod_dav) = %{version}-%{release} %description mod_dav @@ -1208,8 +1240,8 @@ Summary(pl.UTF-8): Moduł Apache'a kompresujący dane przed przesłaniem ich do Group: Networking/Daemons/HTTP URL: http://httpd.apache.org/docs/2.4/mod/mod_deflate.html Requires: %{name}-base = %{version}-%{release} -Requires: %{name}-mod_headers = %{version}-%{release} Requires: %{name}-mod_filter = %{version}-%{release} +Requires: %{name}-mod_headers = %{version}-%{release} Provides: apache(mod_deflate) = %{version}-%{release} %description mod_deflate @@ -1433,6 +1465,7 @@ Group: Networking/Daemons/HTTP URL: http://httpd.apache.org/docs/2.4/mod/mod_headers.html Requires: %{name}-base = %{version}-%{release} Provides: apache(mod_headers) = %{version}-%{release} +Provides: webserver(headers) %description mod_headers This package contains mod_headers module. The module allows for the @@ -1500,6 +1533,22 @@ Ten moduł wykorzystuje usługi modułu mod_slotmem_shm (jeśli jest dostępny) zamiast przechowywania danych w płaskich plikach. Do używania tego modułu nie jest wymagana żadna konfiguracja. +%package mod_http2 +Summary: Provide HTTP/2 support for the Apache HTTP Server +Summary(pl.UTF-8): Obsługa HTTP/2 dla serwera HTTP Apache +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.4/mod/mod_http2.html +Requires: %{name}-base = %{version}-%{release} +Requires: nghttp2 >= 1.15.0 +Provides: apache(mod_http2) = %{version}-%{release} + +%description mod_http2 +This module provides HTTP/2 (RFC 7540) support for the Apache HTTP +Server. + +%description mod_http2 -l pl.UTF-8 +Ten moduł zapewnia obsługę HTTP/2 (RFC 7540) dla serwera HTTP Apache. + %package mod_ident Summary: RFC 1413 ident lookups Summary(pl.UTF-8): Sprawdzanie identyfikacji RFC 1413 @@ -1763,8 +1812,8 @@ This module allows the server to be extended with scripts written in the Lua programming language. The extension points (hooks) available with mod_lua include many of the hooks available to natively compiled Apache HTTP Server modules, such as mapping requests to files, -generating dynamic responses, access control, authentication, -and authorization. +generating dynamic responses, access control, authentication, and +authorization. %description mod_lua -l pl.UTF-8 Ten moduł pozwala na rozszerzanie serwera poprzez skrypty napisane w @@ -1775,24 +1824,24 @@ pliki, generowanie dynamicznych odpowiedzi, kontrola dostępu, uwierzytelnianie i autoryzacja. %package mod_macro -Summary: Provides macros within apache runtime configuration files -Summary(pl.UTF-8): Makra wewnątrz plików konfiguracyjnych apache -Group: Networking/Daemons/HTTP -URL: http://httpd.apache.org/docs/2.4/mod/mod_macro.html -Requires: %{name}-base = %{version}-%{release} -Provides: apache(mod_macro) = %{version}-%{release} +Summary: Provides macros within Apache runtime configuration files +Summary(pl.UTF-8): Makra wewnątrz klików konfiguracyjnych Apache'a +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.4/mod/mod_macro.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_macro) = %{version}-%{release} %description mod_macro -This module provides macros within apache runtime configuration files. +This module provides macros within Apache runtime configuration files. These macros have parameters. They are expanded when used (parameters are substituted by their values given as an argument), and the result is processed normally. %description mod_macro -l pl.UTF-8 Ten moduł umożliwia tworzenie makr wewnątrz plików konfiguracyjnych -apache. Makra mogą mieć parametry. Makra są rozwijane w momencie -użycia (argumenty makra są podstawiane za wartości parametrów) a wynik -jest parsowany jak normalna konfiguracja. +Apache'a. Makra mogą mieć parametry. Makra są rozwijane w momencie +użycia (argumenty makra są podstawiane za wartości parametrów), a +wynik jest przetwarzany jak normalna konfiguracja. %package mod_mime Summary: Associates the requested filename's extensions with the file's behavior and content @@ -1969,7 +2018,6 @@ Group: Networking/Daemons/HTTP URL: http://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html Requires: %{name}-base = %{version}-%{release} Provides: apache(mod_reqtimeout) = %{version}-%{release} -Provides: webserver(reqtimeout) %description mod_reqtimeout Apache module to set timeout and minimum data rate for receiving @@ -2128,6 +2176,7 @@ Group: Networking/Daemons/HTTP URL: http://httpd.apache.org/docs/2.4/mod/mod_session_crypto.html Requires: %{name}-base = %{version}-%{release} Requires: %{name}-mod_session = %{version}-%{release} +Requires: apr-util-crypto-openssl >= %{apr_util_ver} Provides: apache(mod_session_crypto) = %{version}-%{release} %description mod_session_crypto @@ -2205,6 +2254,7 @@ części serwera do podejmowania decyzji o podejmowanych akcjach. %package mod_slotmem Summary: Slot-based shared memory provider +Summary(pl.UTF-8): Moduł zapewniający pamięć dzieloną w oparciu o sloty Group: Networking/Daemons/HTTP URL: http://httpd.apache.org/docs/2.4/mod/mod_slotmem_plain.html #URL: http://httpd.apache.org/docs/2.4/mod/mod_slotmem_shm.html @@ -2216,14 +2266,44 @@ Obsoletes: apache-mod_slotmem_plain Obsoletes: apache-mod_slotmem_shm %description mod_slotmem -Slot-based shared memory provider. +mod_slotmem_plain is a memory provider which provides for creation and +access to a plain memory segment in which the datasets are organized +in "slots." + +If the memory needs to be shared between threads and processes, a +better provider would be mod_slotmem_shm. + +mod_slotmem_shm is a memory provider which provides for creation and +access to a shared memory segment in which the datasets are organized +in "slots." + +All shared memory is cleared and cleaned with each restart, whether +graceful or not. The data itself is stored and restored within a file +noted by the name parameter in the create and attach calls. + +%description mod_slotmem -l pl.UTF-8 +mod_slotmem_plain to moduł dostarczający pamięć, pozwalający na +tworzenie i dostęp do segmentu zwykłej pamięci, w której zbiory danych +są zorganizowane w "sloty". + +Jeśli pamięć musi być dzielona między wątki i procesy, lepszym +rozwiązaniem będzie mod_slotmem_shm. + +mod_slotmem_plain to moduł dostarczający pamięć, pozwalający na +tworzenie i dostęp do segmentu pamięci dzielonej, w której zbiory +danych są zorganizowane w "sloty". + +Cała pamięć współdzielona jest czyszczona przy każdym restarcie. Same +dane są zapisywane i odtwarzane z pliku o nazwie podawanej jako +parametr przy wywołaniach tworzenia i podłączania. %package mod_socache Summary: Shared object cache provider +Summary(pl.UTF-8): Moduł zapewniający współdzieloną pamięć podręczną obiektów Group: Networking/Daemons/HTTP URL: http://httpd.apache.org/docs/2.4/mod/mod_socache_dbm.html #URL: http://httpd.apache.org/docs/2.4/mod/mod_socache_memcache.html -#URL: http://httpd.apache.org/docs/2.4/mod/mod_socache_shmcb.html +#URL: http://httpd.apache.org/docs/2.4/mod/mod_socache_shmcb.htm Requires: %{name}-base = %{version}-%{release} Provides: apache(mod_socache) = %{version}-%{release} Provides: apache(mod_socache_dbm) = %{version}-%{release} @@ -2234,7 +2314,31 @@ Obsoletes: apache-mod_socache_memcache Obsoletes: apache-mod_socache_shmcb %description mod_socache -Shared object cache provider. +mod_socache_dbm is a shared object cache provider which provides for +creation and access to a cache backed by a DBM database. + +mod_socache_memcache is a shared object cache provider which provides +for creation and access to a cache backed by the memcached +high-performance, distributed memory object caching system. + +mod_socache_shmcb is a shared object cache provider which provides for +creation and access to a cache backed by a high-performance cyclic +buffer inside a shared memory segment. + +%description mod_socache -l pl.UTF-8 +mod_socache_dbm to moduł dostarczający współdzieloną pamięć podręczną +obiektów, zapewniający tworzenie i dostęp do cache'a zapisywanego w +bazie DBM. + +mod_socache_dbm to moduł dostarczający współdzieloną pamięć podręczną +obiektów, zapewniający tworzenie i dostęp do cache'a zapisywanego w +systemie memcached - wysoko wydajnym, ozproszonym systemie pamięci +podręcznej obiektów. + +mod_socache_dbm to moduł dostarczający współdzieloną pamięć podręczną +obiektów, zapewniający tworzenie i dostęp do cache'a zapisywanego w +wysoko wydajnym buforze cyklicznym wewnątrz segmentu pamięci +dzielonej. %package mod_speling Summary: Attempts to correct mistaken URLs by ignoring capitalization and by allowing up to one misspelling @@ -2274,10 +2378,9 @@ Epoch: 1 Group: Networking/Daemons/HTTP URL: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html Requires: %{name}-base = %{version}-%{release} -Suggests: apache(mod_socache_shmcb) = %{version}-%{release} -Suggests: apache(mod_socache_dbm) = %{version}-%{release} +Requires: apr-util-dbm-db >= %{apr_util_ver} Requires: openssl >= %{openssl_ver} -Requires: apr-util-dbm-db +Suggests: %{name}-mod_socache = %{version}-%{release} Provides: apache(mod_ssl) = 1:%{version}-%{release} %description mod_ssl @@ -2518,6 +2621,9 @@ Summary(pl.UTF-8): Programy testowe/przykładowe cgi Group: Networking/Utilities Requires: %{name}-base = %{version}-%{release} Requires: filesystem >= 2.0-1 +%if "%{_rpmversion}" >= "5" +BuildArch: noarch +%endif %description cgi_test Two cgi test/demo programs: test-cgi and print-env. @@ -2532,7 +2638,6 @@ Dwa programy testowe/przykładowe cgi: test-cgi and print-env. %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 %patch7 -p1 @@ -2549,10 +2654,7 @@ Dwa programy testowe/przykładowe cgi: test-cgi and print-env. #%patch25 -p1 # ? #%patch26 -p1 -# probably drop -#%patch28 -p1 %patch29 -p1 -%patch30 -p1 # sanity check MODULES_API=`awk '/#define MODULE_MAGIC_NUMBER_MAJOR/ {print $3}' include/ap_mmn.h` @@ -2594,63 +2696,68 @@ install -d build; cd build --enable-auth-dbm \ --enable-authn-dbd \ --enable-authn-alias \ + %{?with_ldap:--enable-authnz-ldap} \ --enable-authz-dbm \ --enable-authz-owner \ - %{?with_ldap:--enable-authnz-ldap} \ --enable-auth-digest \ - --enable-file-cache \ + %{?with_bucketeer:--enable-bucketeer} \ --enable-cache \ --enable-disk-cache \ + --enable-file-cache \ --enable-mem-cache \ - --enable-dbd \ - %{?with_bucketeer:--enable-bucketeer} \ - --enable-dumpio \ - --enable-echo \ + --enable-cern-meta \ + --enable-cgi \ + --enable-cgid \ --enable-charset-lite \ + --enable-dbd \ --enable-deflate \ - %{?with_ldap:--enable-ldap} \ - --enable-ext-filter \ + --enable-dumpio \ --enable-case-filter \ --enable-case-filter-in \ + --enable-dav \ + --enable-dav-fs \ + --enable-dav-lock \ + --enable-echo \ + --enable-ext-filter \ + --enable-expires \ + --enable-headers \ + --enable-http \ + %{__enable_disable http2} \ + --enable-ident \ + --enable-imagemap \ + --enable-info \ + %{?with_ldap:--enable-ldap} \ --enable-log-forensic \ --enable-logio \ --enable-lua \ - --with-z=%{_prefix} \ --enable-mime-magic \ - --enable-cern-meta \ - --enable-expires \ - --enable-headers \ - --enable-ident \ - --enable-usertrack \ - --enable-unique-id \ + --enable-mpms-shared=all \ +%ifarch %{ix86} +%ifnarch i386 i486 + --enable-nonportable-atomics=yes \ +%endif +%endif --enable-proxy \ --enable-proxy-connect \ - --enable-proxy-fdpass \ --enable-proxy-ftp \ --enable-proxy-http \ + --enable-proxy-http2 \ --enable-proxy-ajp \ --enable-proxy-balancer \ + --enable-proxy-fdpass \ + --enable-rewrite \ + --enable-so \ + --enable-speling \ %{?with_ssl:--enable-ssl %{?with_distcache:--enable-distcache}} \ - --enable-http \ - --enable-dav \ - --enable-info \ --enable-suexec \ - --enable-cgi \ - --enable-cgid \ - --enable-dav-fs \ - --enable-dav-lock \ + --enable-unique-id \ + --enable-usertrack \ --enable-vhost-alias \ - --enable-imagemap \ - --enable-speling \ - --enable-rewrite \ - --enable-so \ + --with-apr=%{_bindir}/apr-1-config \ + --with-apr-util=%{_bindir}/apu-1-config \ + --with-lua=/usr \ + --with-pcre \ --with-program-name=httpd \ - --enable-mpms-shared=all \ -%ifarch %{ix86} -%ifnarch i386 i486 - --enable-nonportable-atomics=yes \ -%endif -%endif --with-suexec-bin=%{_sbindir}/suexec \ --with-suexec-caller=http \ --with-suexec-docroot=%{_datadir} \ @@ -2658,9 +2765,7 @@ install -d build; cd build --with-suexec-uidmin=500 \ --with-suexec-gidmin=500 \ --with-suexec-umask=077 \ - --with-apr=%{_bindir}/apr-1-config \ - --with-apr-util=%{_bindir}/apu-1-config \ - --with-pcre + --with-z=%{_prefix} %{__make} @@ -2682,7 +2787,6 @@ ln -s %{_localstatedir}/run/httpd $RPM_BUILD_ROOT%{_sysconfdir}/run ln -s %{_var}/log/httpd $RPM_BUILD_ROOT%{_sysconfdir}/logs # we have own apache.conf rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd.conf -ln -s conf.d $RPM_BUILD_ROOT%{_sysconfdir}/httpd.conf install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/httpd cp -a %{SOURCE2} $RPM_BUILD_ROOT/etc/logrotate.d/httpd @@ -2707,6 +2811,7 @@ cp -a %{SOURCE25} $CFG/01_mod_cgid.conf cp -a %{SOURCE26} $CFG/01_mod_log_config.conf cp -a %{SOURCE27} $CFG/01_mod_mime_magic.conf cp -a %{SOURCE28} $CFG/01_mod_cache.conf +cp -a %{SOURCE32} $CFG/01_mod_http2.conf cp -a %{SOURCE8} $CFG/20_mod_vhost_alias.conf cp -a %{SOURCE9} $CFG/25_mod_status.conf cp -a %{SOURCE10} $CFG/30_mod_proxy.conf @@ -2724,88 +2829,34 @@ cp -a %{SOURCE21} $CFG/10_mpm.conf cp -a %{SOURCE22} $CFG/20_languages.conf cp -a %{SOURCE29} $RPM_BUILD_ROOT%{_sysconfdir}/vhosts.d/example.net.conf -echo "LoadModule access_compat_module modules/mod_access_compat.so" > $CFG/00_mod_access_compat.conf -echo "LoadModule actions_module modules/mod_actions.so" > $CFG/00_mod_actions.conf -echo "LoadModule alias_module modules/mod_alias.so" > $CFG/00_mod_alias.conf -echo "LoadModule allowmethods_module modules/mod_allowmethods.so" > $CFG/00_mod_allowmethods.conf -echo "LoadModule asis_module modules/mod_asis.so" > $CFG/00_mod_asis.conf -echo "LoadModule auth_basic_module modules/mod_auth_basic.so" > $CFG/00_mod_auth_basic.conf -echo "LoadModule auth_digest_module modules/mod_auth_digest.so" > $CFG/00_mod_auth_digest.conf -echo "LoadModule auth_form_module modules/mod_auth_form.so" > $CFG/00_mod_auth_form.conf -echo "LoadModule authn_anon_module modules/mod_authn_anon.so" > $CFG/00_mod_authn_anon.conf -echo "LoadModule authn_core_module modules/mod_authn_core.so" > $CFG/00_mod_authn_core.conf -echo "LoadModule authn_dbd_module modules/mod_authn_dbd.so" > $CFG/00_mod_authn_dbd.conf -echo "LoadModule authn_dbm_module modules/mod_authn_dbm.so" > $CFG/00_mod_authn_dbm.conf -echo "LoadModule authn_file_module modules/mod_authn_file.so" > $CFG/00_mod_authn_file.conf -echo "LoadModule authn_socache_module modules/mod_authn_socache.so" > $CFG/00_mod_authn_socache.conf -echo "LoadModule authnz_ldap_module modules/mod_authnz_ldap.so" > $CFG/00_mod_authnz_ldap.conf -echo "LoadModule authz_core_module modules/mod_authz_core.so" > $CFG/00_mod_authz_core.conf -echo "LoadModule authz_dbd_module modules/mod_authz_dbd.so" > $CFG/00_mod_authz_dbd.conf -echo "LoadModule authz_dbm_module modules/mod_authz_dbm.so" > $CFG/00_mod_authz_dbm.conf -echo "LoadModule authz_groupfile_module modules/mod_authz_groupfile.so" > $CFG/00_mod_authz_groupfile.conf -echo "LoadModule authz_owner_module modules/mod_authz_owner.so" > $CFG/00_mod_authz_owner.conf -echo "LoadModule authz_user_module modules/mod_authz_user.so" > $CFG/00_mod_authz_user.conf -echo "LoadModule buffer_module modules/mod_buffer.so" > $CFG/00_mod_buffer.conf -%if %{with bucketeer} -echo "LoadModule bucketeer_module modules/mod_bucketeer.so" > $CFG/00_mod_bucketeer.conf -%endif -echo "LoadModule case_filter_in_module modules/mod_case_filter_in.so" > $CFG/00_mod_case_filter_in.conf -echo "LoadModule case_filter_module modules/mod_case_filter.so" > $CFG/00_mod_case_filter.conf -echo "LoadModule cern_meta_module modules/mod_cern_meta.so" > $CFG/00_mod_cern_meta.conf -echo "LoadModule cgi_module modules/mod_cgi.so" > $CFG/00_mod_cgi.conf -echo "LoadModule charset_lite_module modules/mod_charset_lite.so" > $CFG/00_mod_charset_lite.conf -echo "LoadModule data_module modules/mod_data.so" > $CFG/00_mod_data.conf -echo "LoadModule dbd_module modules/mod_dbd.so" > $CFG/00_mod_dbd.conf -echo "LoadModule dialup_module modules/mod_dialup.so" > $CFG/00_mod_dialup.conf -echo "LoadModule dumpio_module modules/mod_dumpio.so" > $CFG/00_mod_dumpio.conf -echo "LoadModule echo_module modules/mod_echo.so" > $CFG/00_mod_echo.conf -echo "LoadModule env_module modules/mod_env.so" > $CFG/00_mod_env.conf -echo "LoadModule expires_module modules/mod_expires.so" > $CFG/00_mod_expires.conf -echo "LoadModule ext_filter_module modules/mod_ext_filter.so" > $CFG/00_mod_ext_filter.conf -echo "LoadModule file_cache_module modules/mod_file_cache.so" > $CFG/00_mod_file_cache.conf -echo "LoadModule filter_module modules/mod_filter.so" > $CFG/00_mod_filter.conf -echo "LoadModule headers_module modules/mod_headers.so" > $CFG/00_mod_headers.conf -echo "LoadModule heartbeat_module modules/mod_heartbeat.so" > $CFG/01_mod_heartbeat.conf -echo "LoadModule heartmonitor_module modules/mod_heartmonitor.so" > $CFG/01_mod_heartmonitor.conf -echo "LoadModule ident_module modules/mod_ident.so" > $CFG/00_mod_ident.conf -echo "LoadModule imagemap_module modules/mod_imagemap.so" > $CFG/00_mod_imagemap.conf -echo "LoadModule include_module modules/mod_include.so" > $CFG/00_mod_include.conf -echo "LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so" > $CFG/00_mod_lbmethod_bybusyness.conf -echo "LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so" > $CFG/00_mod_lbmethod_byrequests.conf -echo "LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so" > $CFG/00_mod_lbmethod_bytraffic.conf -echo "LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so" > $CFG/00_mod_lbmethod_heartbeat.conf -echo "LoadModule ldap_module modules/mod_ldap.so" > $CFG/00_mod_ldap.conf -echo "LoadModule log_debug_module modules/mod_log_debug.so" > $CFG/00_mod_log_debug.conf -echo "LoadModule log_forensic_module modules/mod_log_forensic.so" > $CFG/00_mod_log_forensic.conf -echo "LoadModule logio_module modules/mod_logio.so" > $CFG/00_mod_logio.conf -echo "LoadModule lua_module modules/mod_lua.so" > $CFG/00_mod_lua.conf -echo "LoadModule macro_module modules/mod_macro.so" > $CFG/00_mod_macro.conf -echo "LoadModule negotiation_module modules/mod_negotiation.so" > $CFG/00_mod_negotiation.conf -echo "LoadModule ratelimit_module modules/mod_ratelimit.so" > $CFG/00_mod_ratelimit.conf -echo "LoadModule reflector_module modules/mod_reflector.so" > $CFG/00_mod_reflector.conf -echo "LoadModule remoteip_module modules/mod_remoteip.so" > $CFG/00_mod_remoteip.conf -echo "LoadModule reqtimeout_module modules/mod_reqtimeout.so" >> $CFG/00_mod_reqtimeout.conf -echo "LoadModule request_module modules/mod_request.so" > $CFG/00_mod_request.conf -echo "LoadModule rewrite_module modules/mod_rewrite.so" > $CFG/00_mod_rewrite.conf -echo "LoadModule sed_module modules/mod_sed.so" > $CFG/00_mod_sed.conf -echo "LoadModule session_cookie_module modules/mod_session_cookie.so" > $CFG/00_mod_session_cookie.conf -echo "LoadModule session_crypto_module modules/mod_session_crypto.so" > $CFG/00_mod_session_crypto.conf -echo "LoadModule session_dbd_module modules/mod_session_dbd.so" > $CFG/00_mod_session_dbd.conf -echo "LoadModule session_module modules/mod_session.so" > $CFG/00_mod_session.conf -echo "LoadModule setenvif_module modules/mod_setenvif.so" > $CFG/00_mod_setenvif.conf -echo "LoadModule slotmem_plain_module modules/mod_slotmem_plain.so" > $CFG/00_mod_slotmem.conf -echo "#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so" >> $CFG/00_mod_slotmem.conf -echo "#LoadModule socache_dbm_module modules/mod_socache_dbm.so" > $CFG/00_mod_socache.conf -echo "#LoadModule socache_memcache_module modules/mod_socache_memcache.so" >> $CFG/00_mod_socache.conf -echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" >> $CFG/00_mod_socache.conf -echo "LoadModule speling_module modules/mod_speling.so" > $CFG/00_mod_speling.conf -echo "LoadModule substitute_module modules/mod_substitute.so" > $CFG/00_mod_substitute.conf -echo "LoadModule unique_id_module modules/mod_unique_id.so" > $CFG/00_mod_unique_id.conf -echo "LoadModule usertrack_module modules/mod_usertrack.so" > $CFG/00_mod_usertrack.conf -echo "LoadModule version_module modules/mod_version.so" > $CFG/00_mod_version.conf -echo "LoadModule watchdog_module modules/mod_watchdog.so" > $CFG/00_mod_watchdog.conf -echo "LoadModule xml2enc_module modules/mod_xml2enc.so" > $CFG/00_mod_xml2enc.conf - +LoadModule() { + local index=$1 module=$2 conffile + conffile=${3:-$module} + echo "LoadModule ${module}_module modules/mod_$module.so" > $CFG/${index}_mod_${conffile}.conf +} + +for module in access_compat actions alias allowmethods asis auth_basic \ + auth_digest auth_form authn_anon authn_core authn_dbd authn_dbm \ + authn_file authn_socache authnz_ldap authz_core authz_dbd \ + authz_dbm authz_groupfile authz_owner authz_user brotli \ + %{?with_bucketeer:bucketeer} buffer \ + case_filter_in case_filter cern_meta cgi charset_lite \ + data dbd dialup dumpio \ + echo env expires ext_filter \ + file_cache filter \ + headers heartbeat heartmonitor \ + ident imagemap include \ + lbmethod_bybusyness lbmethod_byrequests lbmethod_bytraffic \ + lbmethod_heartbeat ldap log_debug log_forensic logio lua \ + macro negotiation \ + ratelimit reflector remoteip reqtimeout request rewrite \ + sed session_cookie session_crypto session_dbd session setenvif \ + slotmem_plain slotmem_shm socache_dbm socache_memcache \ + socache_shmcb speling substitute \ + unique_id usertrack version watchdog xml2enc; do + + LoadModule 00 $module +done # anything in style dir not ending with .css is trash %{__rm} -r $RPM_BUILD_ROOT%{_datadir}/manual/style/{lang,latex,xsl} @@ -2851,32 +2902,15 @@ rm -rf $RPM_BUILD_ROOT %useradd -u 51 -r -d /home/services/httpd -s /bin/false -c "HTTP User" -g http http %pretrans base -# change httpd.conf from dir to symlink -if [ ! -L /etc/httpd/httpd.conf ]; then - if [ -d /etc/httpd/httpd.conf ]; then - if [ -d /etc/httpd/conf.d ]; then - mv /etc/httpd/httpd.conf/* /etc/httpd/conf.d - rmdir /etc/httpd/httpd.conf 2>/dev/null || mv -v /etc/httpd/httpd.conf{,.rpmsave} - else - mv /etc/httpd/httpd.conf /etc/httpd/conf.d - fi - - # new module packages issue error as first installed over 2.0 installation - mv -f /var/lock/subsys/httpd{,.disabled} 2>/dev/null - fi - - # always have httpd.conf symlink (until all packages from Ac use new dir) - install -d /etc/httpd - ln -s conf.d /etc/httpd/httpd.conf -fi +# handle $HTTPD_MPM from sysconfig if [ -f /etc/sysconfig/httpd ]; then - MPM=$(grep ^HTTPD_MPM /etc/sysconfig/httpd |sed 's,HTTPD_MPM=,,;s,",,g') - if [ -n "$MPM" ]; then - echo "LoadModule mpm_${MPM}_module modules/mod_mpm_${MPM}.so" > /etc/httpd/conf.d/10_mpm.conf.rpmnew - cat /etc/httpd/conf.d/10_mpm.conf >> /etc/httpd/conf.d/10_mpm.conf.rpmnew - mv /etc/httpd/conf.d/10_mpm.conf.rpmnew /etc/httpd/conf.d/10_mpm.conf - sed -i -e 's,HTTPD_MPM.*,,g' /etc/sysconfig/httpd - fi + MPM=$(grep ^HTTPD_MPM /etc/sysconfig/httpd | sed 's,HTTPD_MPM=,,;s,",,g') + if [ -n "$MPM" ]; then + echo "LoadModule mpm_${MPM}_module modules/mod_mpm_${MPM}.so" > /etc/httpd/conf.d/10_mpm.conf.rpmnew + cat /etc/httpd/conf.d/10_mpm.conf >> /etc/httpd/conf.d/10_mpm.conf.rpmnew + mv -f /etc/httpd/conf.d/10_mpm.conf.rpmnew /etc/httpd/conf.d/10_mpm.conf + sed -i -e 's,HTTPD_MPM.*,,g' /etc/sysconfig/httpd + fi fi exit 0 @@ -2898,111 +2932,13 @@ if [ "$1" = "0" ]; then %groupremove http fi -%triggerpostun base -- %{name} < 2.0.50-6.9 -%banner %{name}-2.0.50-6 << EOF -WARNING!!! -Since apache-2.0.50-6 autoindex module has been separated to package -%{name}-mod_autoindex If you want to have the same functionality do: -poldek -Uv %{name}-mod_autoindex -EOF - -%triggerpostun base -- %{name} < 2.0.54-4 -%banner %{name}-2.0.54-2 << EOF -WARNING!!! -CGI demo/test programs - printenv and test-cgi, have been released -from package apache into separate subpackage apache-cgi_test. If you -need printenv and/or test-cgi, please install apache-cgi_test package, -e.g. by running poldek -Uv apache-cgi_test -EOF - -# update /etc/sysconfig/apache -> httpd rename -if [ -f /etc/sysconfig/apache.rpmsave ]; then - cp -f /etc/sysconfig/httpd{,.rpmnew} - mv -f /etc/sysconfig/{apache.rpmsave,httpd} -fi - -%triggerpostun base -- %{name} < 2.0.55-3.1 -# check for config first as in 2.2 it's .rpmsave -if [ -f /etc/httpd/httpd.conf/10_httpd.conf ]; then - if ! grep -q 'Include webapps.d/' /etc/httpd/httpd.conf/10_httpd.conf; then - # make sure webapps.d is included - cp -f /etc/httpd/httpd.conf/10_httpd.conf{,.rpmsave} - # this file is ugly, so just append new lines - cat <<-EOF >> /etc/httpd/httpd.conf/10_httpd.conf - # Include webapps config - Include webapps.d/*.conf -EOF - fi -fi - -%triggerpostun base -- %{name} < 2.4.0 -cp -f /etc/httpd/apache.conf{,.rpmsave} -sed -i -e ' - /^DefaultType.*/s,.*,, - /^Include /s,^Include ,IncludeOptional , - /^NameVirtualHost.*/s,.*,, - /^User/s,^,LoadModule unixd_module modules/mod_unixd.so\n, -' /etc/httpd/apache.conf -sed -i -e ' - s,^LockFile /var/run/httpd/accept.lock,Mutex file:/var/run/httpd/,g -' /etc/httpd/conf.d/10_mpm.conf - -%triggerpostun base -- %{name} < 2.2.0 -# change HTTPD_CONF to point to new location. *only* if it's the -# default config setting -cp -f /etc/sysconfig/httpd{,.rpmorig} -sed -i -e '/^HTTPD_CONF="\/etc\/httpd\/httpd.conf"/s,.*,HTTPD_CONF="/etc/httpd/apache.conf",' /etc/sysconfig/httpd - -if [ -f /etc/httpd/conf.d/10_httpd.conf.rpmsave ]; then - sed -e ' - # as separate modules - /^LoadModule access_module/s,^,#, - /^LoadModule alias_module/s,^,#, - /^LoadModule asis_module/s,^,#, - /^LoadModule cern_meta_module/s,^,#, - /^LoadModule cgi_module/s,^,#, - /^LoadModule env_module/s,^,#, - /^LoadModule include_module/s,^,#, - /^LoadModule log_config_module/s,^,#, - /^LoadModule mime_magic_module/s,^,#, - /^LoadModule mime_module/s,^,#, - /^LoadModule negotiation_module/s,^,#, - /^LoadModule setenvif_module/s,^,#, - /^LoadModule speling_module/s,^,#, - /^LoadModule userdir_module/s,^,#, - - # in 30_errordocs.conf - //,/<\/IfModule>/s,^,#, - - # in 57_mod_autoindex.conf - /^Alias \/icons\//s,^,#, - - # in apache.conf - /^ScriptAlias \/cgi-bin\//s,^,#, - /^Listen 80/s,^,#, - - # avoid loops - /Include conf.d\/\*.conf/s,^,#, - /Include webapps.d\/\*.conf/s,^,#, - - ' < /etc/httpd/conf.d/10_httpd.conf.rpmsave > /etc/httpd/conf.d/10_httpd.conf -fi - -%banner -e %{name} <<'EOF' -NB! Apache main config has been changed to /etc/httpd/apache.conf - -There has been changed a lot, so many things could be broken. -Please report bugs to . - -EOF - -%triggerpostun base -- %{name} < 2.2.22-2 +%triggerpostun base -- %{name}-base < 2.2.22-2 . /etc/sysconfig/httpd if [ -z "$HTTPD_CONF" ]; then echo 'HTTPD_CONF="/etc/httpd/apache.conf"' >> /etc/sysconfig/httpd fi -%triggerpostun base -- %{name} < 2.4.0 +%triggerpostun base -- %{name}-base < 2.4.0 cp -f /etc/httpd/apache.conf{,.rpmsave} sed -i -e ' /^DefaultType/d @@ -3014,13 +2950,6 @@ sed -i -e ' s,^LockFile /var/run/httpd/accept.lock,Mutex file:/var/run/httpd/,g ' /etc/httpd/conf.d/10_mpm.conf -%triggerpostun mod_ssl -- %{name}-mod_ssl < 1:2.2.0-3.1 -cp -f /etc/httpd/conf.d/40_mod_ssl.conf{,.rpmsave} -sed -i -e ' - s,/var/run/apache,/var/run/httpd,g - s,/var/cache/apache,/var/cache/httpd,g -' /etc/httpd/conf.d/40_mod_ssl.conf - %triggerpostun mod_ssl -- %{name}-mod_ssl < 1:2.4.0 cp -f /etc/httpd/conf.d/40_mod_ssl.conf{,.rpmsave} sed -i -e ' @@ -3088,6 +3017,7 @@ fi %module_scripts mod_authz_owner %module_scripts mod_authz_user %module_scripts mod_autoindex +%module_scripts mod_brotli %module_scripts mod_bucketeer %module_scripts mod_buffer %module_scripts mod_cache @@ -3113,6 +3043,7 @@ fi %module_scripts mod_headers %module_scripts mod_heartbeat %module_scripts mod_heartmonitor +%module_scripts mod_http2 %module_scripts mod_ident %module_scripts mod_imagemap %module_scripts mod_include @@ -3191,7 +3122,6 @@ fi %{_sysconfdir}/modules %{_sysconfdir}/run %{_sysconfdir}/logs -%ghost %{_sysconfdir}/httpd.conf %attr(750,root,root) %dir %{_sysconfdir}/conf.d %attr(750,root,root) %dir %{_sysconfdir}/vhosts.d %attr(750,root,root) %dir %{_sysconfdir}/webapps.d @@ -3398,6 +3328,11 @@ fi %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_autoindex.conf %attr(755,root,root) %{_libexecdir}/mod_autoindex.so +%files mod_brotli +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_brotli.conf +%attr(755,root,root) %{_libexecdir}/mod_brotli.so + %if %{with bucketeer} %files mod_bucketeer %defattr(644,root,root,755) @@ -3530,6 +3465,13 @@ fi %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_heartmonitor.conf %attr(755,root,root) %{_libexecdir}/mod_heartmonitor.so +%if %{with http2} +%files mod_http2 +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_http2.conf +%attr(755,root,root) %{_libexecdir}/mod_http2.so +%endif + %files mod_ident %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_ident.conf @@ -3634,8 +3576,10 @@ fi %attr(755,root,root) %{_libexecdir}/mod_proxy_fcgi.so %attr(755,root,root) %{_libexecdir}/mod_proxy_fdpass.so %attr(755,root,root) %{_libexecdir}/mod_proxy_ftp.so +%attr(755,root,root) %{_libexecdir}/mod_proxy_hcheck.so %attr(755,root,root) %{_libexecdir}/mod_proxy_html.so %attr(755,root,root) %{_libexecdir}/mod_proxy_http.so +%attr(755,root,root) %{_libexecdir}/mod_proxy_http2.so %attr(755,root,root) %{_libexecdir}/mod_proxy_scgi.so %attr(755,root,root) %{_libexecdir}/mod_proxy_wstunnel.so %attr(755,root,root) %{_libexecdir}/mod_proxy.so @@ -3705,16 +3649,19 @@ fi %files mod_slotmem %defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_slotmem_plain.conf +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_slotmem_shm.conf %attr(755,root,root) %{_libexecdir}/mod_slotmem_plain.so %attr(755,root,root) %{_libexecdir}/mod_slotmem_shm.so -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_slotmem.conf %files mod_socache %defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_socache_dbm.conf +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_socache_memcache.conf +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_socache_shmcb.conf %attr(755,root,root) %{_libexecdir}/mod_socache_dbm.so -%attr(755,root,root) %{_libexecdir}/mod_socache_shmcb.so %attr(755,root,root) %{_libexecdir}/mod_socache_memcache.so -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_socache.conf +%attr(755,root,root) %{_libexecdir}/mod_socache_shmcb.so %files mod_speling %defattr(644,root,root,755) diff --git a/apache.sysconfig b/apache.sysconfig index c76349c..1a719d6 100644 --- a/apache.sysconfig +++ b/apache.sysconfig @@ -1,5 +1,4 @@ # Customized settings for Apache -# $Id$ # Nice level for apache SERVICE_RUN_NICE_LEVEL="+5" @@ -16,3 +15,6 @@ HTTPD_OPTS="" # Skip apache restarts invoked from rpm installs. #RPM_SKIP_AUTO_RESTART=yes + +# Delay in microseconds between stop and start to mitigate problems of third party Apache modules (PHP session ext) +RESTART_DELAY=100000 diff --git a/libtool-tag.patch b/libtool-tag.patch index 03a7be2..ff8fcb0 100644 --- a/libtool-tag.patch +++ b/libtool-tag.patch @@ -34,3 +34,38 @@ # # Dependencies +--- httpd-2.4.16/support/Makefile.in 2015-09-11 16:11:56.135519322 +0300 ++++ httpd-2.4.16/support/Makefile.in 2015-09-11 16:16:16.075587666 +0300 +@@ -62,10 +62,10 @@ + ab_OBJECTS = ab.lo + ab_LDADD = $(PROGRAM_LDADD) $(MATH_LIBS) + ab.lo: ab.c +- $(LIBTOOL) --mode=compile $(CC) $(ab_CFLAGS) $(ALL_CFLAGS) $(ALL_CPPFLAGS) \ ++ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(ab_CFLAGS) $(ALL_CFLAGS) $(ALL_CPPFLAGS) \ + $(ALL_INCLUDES) $(PICFLAGS) $(LTCFLAGS) -c $< && touch $@ + ab: $(ab_OBJECTS) +- $(LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) $(ab_LDFLAGS) $(PILDFLAGS) \ ++ $(LIBTOOL) --mode=link --tag=CC $(CC) $(ALL_CFLAGS) $(ab_LDFLAGS) $(PILDFLAGS) \ + $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@ $(ab_LTFLAGS) $(ab_OBJECTS) $(ab_LDADD) + + checkgid_OBJECTS = checkgid.lo +--- httpd-2.4.16/support/apxs.in~ 2015-09-11 16:01:29.000000000 +0300 ++++ httpd-2.4.16/support/apxs.in 2015-09-11 16:02:27.246251056 +0300 +@@ -430,7 +430,7 @@ + $la =~ s|\.c$|.la|; + my $o = $s; + $o =~ s|\.c$|.o|; +- push(@cmds, "$libtool $ltflags --mode=compile $CFG_CC $cflags -I$CFG_INCLUDEDIR $apr_includedir $apu_includedir $opt -c -o $lo $s && touch $slo"); ++ push(@cmds, "$libtool $ltflags --mode=compile --tag=CC $CFG_CC $cflags -I$CFG_INCLUDEDIR $apr_includedir $apu_includedir $opt -c -o $lo $s && touch $slo"); + unshift(@objs, $lo); + } + +@@ -471,7 +471,7 @@ + $opt .= " -rpath $CFG_LIBEXECDIR -module -avoid-version $apr_ldflags"; + } + +- push(@cmds, "$libtool $ltflags --mode=link $CFG_CC $ldflags -o $dso_file $opt $lo"); ++ push(@cmds, "$libtool $ltflags --mode=link --tag=CC $CFG_CC $ldflags -o $dso_file $opt $lo"); + + # execute the commands + &execute_cmds(@cmds); diff --git a/lua-lib.patch b/lua-lib.patch deleted file mode 100644 index 8cdc48a..0000000 --- a/lua-lib.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- httpd-2.4.2/modules/lua/config.m4~ 2011-07-24 21:14:25.000000000 +0200 -+++ httpd-2.4.2/modules/lua/config.m4 2012-06-24 12:50:48.078264944 +0200 -@@ -76,11 +76,8 @@ - save_LDFLAGS=$LDFLAGS - CFLAGS="$CFLAGS" - LDFLAGS="-L$x/lib/lua51 $LDFLAGS $lib_m" -- AC_CHECK_LIB(lua, luaL_newstate, [ -- LUA_LIBS="-L$x/lib/lua51 -llua $lib_m" -- if test "x$ap_platform_runtime_link_flag" != "x"; then -- APR_ADDTO(LUA_LIBS, [$ap_platform_runtime_link_flag$x/lib/lua51]) -- fi -+ AC_CHECK_LIB(lua51, luaL_newstate, [ -+ LUA_LIBS="-llua51 $lib_m" - LUA_CFLAGS="-I$x/include/lua51" - ]) - CFLAGS=$save_CFLAGS -- 2.44.0