- merged 2.4.28 from PLD, TLDized

diff --git a/apache-common.conf b/apache-common.conf
index 8643668fb619b8f4be48370700fdfde7c44569d0..085c5e7ef242e475e2b4aa970cbc154e200d5737 100644 (file)
--- a/apache-common.conf
+++ b/apache-common.conf
@@ -18,8 +18,38 @@ DocumentRoot "/home/services/httpd/html"
        <IfModule mod_authz_host.c>
                Require all denied
        </IfModule>
+       <IfModule mod_access_compat.c>
+               Order deny,allow
+               Deny from all
+       </IfModule>
 </Directory>
 
+# Prevent access to:
+# - .htaccess and .htpasswd files
+# - backup files from being viewed
+# - PHP's .user.ini
+<FilesMatch  "^(\.ht.*|\.user\.ini|.*~|.*,v)$">
+       <IfModule mod_authz_host.c>
+               Require all denied
+       </IfModule>
+       <IfModule mod_access_compat.c>
+               Order deny,allow
+               Deny from all
+       </IfModule>
+</FilesMatch>
+
+# Prevent access to:
+# - version control directories
+<DirectoryMatch "/(\.(svn|git|hg|bzr)|CVS)/?">
+       <IfModule mod_authz_host.c>
+               Require all denied
+       </IfModule>
+       <IfModule mod_access_compat.c>
+               Order deny,allow
+               Deny from all
+       </IfModule>
+</DirectoryMatch>
+
 #
 # This should be changed to whatever you set DocumentRoot to.
 #
@@ -51,5 +81,9 @@ DocumentRoot "/home/services/httpd/html"
        <IfModule mod_authz_host.c>
                Require all granted
        </IfModule>
+       <IfModule mod_access_compat.c>
+               Order allow,deny
+               Allow from all
+       </IfModule>
 
 </Directory>

diff --git a/apache-httpd.conf b/apache-httpd.conf
index 28199f7fd7a4861baf92015000102ffe5fb0f1a6..31ff912f23c8996ca7896e4d72f99be8b15af186 100644 (file)
--- a/apache-httpd.conf
+++ b/apache-httpd.conf
@@ -2,15 +2,14 @@
 # It contains the configuration directives that give the server its instructions.
 #
 # This config aims to be clean and readable.
-# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
+# See <http://httpd.apache.org/docs/2.4> for detailed information.
 # In particular, see
-# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
+# <http://httpd.apache.org/docs/2.4/mod/directives.html>
 # for a discussion of each configuration directive.
 
 ServerRoot "/etc/httpd"
 
-LoadModule unixd_module   modules/mod_unixd.so
-
+LoadModule unixd_module modules/mod_unixd.so
 
 # User/Group: The name (or #number) of the user/group to run httpd as.
 # It is usually good practice to create a dedicated user and group for
@@ -28,8 +27,8 @@ Group http
 Listen 80
 
 # ServerAdmin: Your address, where problems with the server should be
-# e-mailed.  This address appears on some server-generated pages, such
-# as error documents.  e.g. admin@example.com
+# e-mailed. This address appears on some server-generated pages, such
+# as error documents. e.g. admin@example.com
 #
 ServerAdmin root@example.com
 
@@ -44,10 +43,17 @@ ServerName localhost
 # ErrorLog: The location of the error log file.
 # If you do not specify an ErrorLog directive within a <VirtualHost>
 # container, error messages relating to that virtual host will be
-# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# logged here. If you *do* define an error logfile for a <VirtualHost>
 # container, that host's errors will be logged there and not here.
 ErrorLog logs/error_log
 
+# ErrorLogFormat [connection|request] format
+# Format specification for error log entries
+# https://httpd.apache.org/docs/2.4/mod/core.html#errorlogformat
+# There is no default value, Apache uses different built in function if
+# ErrorLogFormat is not defined.
+#ErrorLogFormat "[%{u}t] [%m:%l] [pid\ %P] [client\ %a] [vhost\ %v] %M"
+
 # LogLevel: Control the number of messages logged to the error_log.
 # Possible values include: debug, info, notice, warn, error, crit,
 # alert, emerg.
@@ -66,6 +72,17 @@ HostnameLookups Off
 
 TraceEnable Off
 
+#
+# EnableMMAP and EnableSendfile: On systems that support it, memory-mapping or
+# the sendfile syscall may be used to deliver files.
+# This usually improves server performance, but must be turned off when serving
+# from networked-mounted filesystems or if support for these functions is
+# otherwise broken on your system.
+# Defaults if commented: EnableMMAP On, EnableSendfile Off
+#
+#EnableMMAP off
+EnableSendfile on
+
 # Include other modules and packages config.
 IncludeOptional conf.d/*.conf
 
@@ -84,7 +101,7 @@ IncludeOptional webapps.d/*.conf
 # To disable, set to header=0 body=0
 #
 <IfModule reqtimeout_module>
-  RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
+       RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
 </IfModule>
 
 <IfModule alias_module>
@@ -92,7 +109,7 @@ IncludeOptional webapps.d/*.conf
        # ScriptAliases are essentially the same as Aliases, except that
        # documents in the target directory are treated as applications and
        # run by the server when requested rather than as documents sent to the
-       # client.  The same rules about trailing "/" apply to ScriptAlias
+       # client. The same rules about trailing "/" apply to ScriptAlias
        # directives as to Alias.
        #
        ScriptAlias /cgi-bin/ "/home/services/httpd/cgi-bin/"
@@ -103,6 +120,10 @@ IncludeOptional webapps.d/*.conf
                <IfModule mod_authz_host.c>
                        Require all granted
                </IfModule>
+               <IfModule mod_access_compat.c>
+                       Order allow,deny
+                       Allow from all
+               </IfModule>
        </Directory>
 </IfModule>
 
@@ -116,7 +137,7 @@ IncludeOptional webapps.d/*.conf
 
 # Setup default vhost (first one defined in config) and include vhosts configuration
 <VirtualHost *:80>
-    ServerName localhost
+       ServerName localhost
 #      ServerAdmin webmaster@host.example.com
 #      DocumentRoot /www/docs/host.example.com
 #      ErrorLog logs/host.example.com-error_log

diff --git a/apache-manual.conf b/apache-manual.conf
index 709d97f229366b73af61399d5b8037614647ffb2..1ccd95f65fdbea29247e32f9fc6ebf88e22f20ac 100644 (file)
--- a/apache-manual.conf
+++ b/apache-manual.conf
@@ -14,6 +14,10 @@ AliasMatch ^/manual(?:/(?:da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn))?(/.*)?$ "/hom
        Options Indexes
        AllowOverride None
        Require all granted
+       <IfModule mod_access_compat.c>
+               Order allow,deny
+               Allow from all
+       </IfModule>
 
        <Files *.html>
                SetHandler type-map

diff --git a/apache-mod_authz_host.conf b/apache-mod_authz_host.conf
index 679203500d45df15ac23fa2637568478cb369bc1..e1a022f32cfcfeb6bf1900ad260b90e1db1bfcd6 100644 (file)
--- a/apache-mod_authz_host.conf
+++ b/apache-mod_authz_host.conf
@@ -1,10 +1 @@
 LoadModule authz_host_module modules/mod_authz_host.so
-
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
-#
-<IfModule authz_host_module>
-       <FilesMatch "^\.ht">
-               Require all denied
-       </FilesMatch>
-</IfModule>

diff --git a/apache-mod_autoindex.conf b/apache-mod_autoindex.conf
index 7b902c63842fd8efd76238915e6a0b9fe1134220..165fde4a5ea8bfba0f499efc4a12d046f2045fa8 100644 (file)
--- a/apache-mod_autoindex.conf
+++ b/apache-mod_autoindex.conf
@@ -22,11 +22,15 @@ IndexOptions FancyIndexing HTMLTable VersionSort Charset=UTF-8
 Alias /icons/ "/home/services/httpd/icons/"
 
 <Directory "/home/services/httpd/icons">
-       Options Indexes MultiViews
+       Options Indexes
        AllowOverride None
        <IfModule mod_authz_host.c>
                Require all granted
        </IfModule>
+       <IfModule mod_access_compat.c>
+               Order allow,deny
+               Allow from all
+       </IfModule>
 </Directory>
 
 #

diff --git a/apache-mod_http2.conf b/apache-mod_http2.conf
new file mode 100644 (file)
index 0000000..4e1a3b0
--- /dev/null
+++ b/apache-mod_http2.conf
@@ -0,0 +1,5 @@
+LoadModule http2_module modules/mod_http2.so
+
+<IfModule http2_module>
+       LogLevel http2:info
+</IfModule>

diff --git a/apache-mod_info.conf b/apache-mod_info.conf
index 9ba6d7a008bd4182d6acb5acad5d313dec5d2cd5..4dca4805d224afdd37614ad65620524dfef93021 100644 (file)
--- a/apache-mod_info.conf
+++ b/apache-mod_info.conf
@@ -16,6 +16,11 @@ LoadModule info_module               modules/mod_info.so
        # Require host .example.com
        # Require ip 127
        Require local
+       <IfModule mod_access_compat.c>
+               Order deny,allow
+               Deny from all
+               Allow from 127.0.0.1
+       </IfModule>
 </Location>
 
 </IfModule>

diff --git a/apache-mod_proxy.conf b/apache-mod_proxy.conf
index 2b0181de3d55290b8dfa7b3bf26bebc9624ef163..00f9a57347bbff744e3495f670a042925b54757e 100644 (file)
--- a/apache-mod_proxy.conf
+++ b/apache-mod_proxy.conf
@@ -16,7 +16,7 @@ LoadModule proxy_module                        modules/mod_proxy.so
 #LoadModule proxy_http_module          modules/mod_proxy_http.so
 #LoadModule proxy_scgi_module          modules/mod_proxy_scgi.so
 #LoadModule proxy_html_module          modules/mod_proxy_html.so
-#LoadModule proxy_wstunnel_module              modules/mod_proxy_wstunnel.so
+#LoadModule proxy_wstunnel_module              modules/mod_proxy_wstunnel.so
 
 # Proxy Server directives. Uncomment the following lines to
 # enable the proxy server:
@@ -25,12 +25,17 @@ LoadModule proxy_module                      modules/mod_proxy.so
 ProxyRequests On
 #
 #
-# This prevents spammers from using apache as a relay by posting to 
+# This prevents spammers from using apache as a relay by posting to
 # http://victim:25/ and sending raw data.
 #
 <Proxy *>
        Require all denied
 #      Require host .your-domain.com
+       <IfModule mod_access_compat.c>
+               Order deny,allow
+               Deny from all
+#              Allow from .your-domain.com
+       </IfModule>
 </Proxy>
 
 # enable local fcgi proxy request, e.x for php-fpm

diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf
index ea88204eef0671ee53b0966f3cdc61bbdd0a5fc5..5fdfa7e1ea3fd89af8c819a9cdccdf8db285e9bd 100644 (file)
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -54,24 +54,35 @@ SSLPassPhraseDialog  builtin
 #   Configure the SSL Session Cache: First the mechanism
 #   to use and second the expiring timeout (in seconds).
 #SSLSessionCache                dbm:/var/cache/httpd/ssl_scache
-#SSLSessionCache               shmcb:/var/cache/httpd/ssl_scache(512000)
-
-# Replace this with one of the above (addition apache-mod_socache 
-# needs to be installed and a apropriate module has to be loaded)
-SSLSessionCache                nonenotnull
+#SSLSessionCache               shmcb:/var/run/ssl_scache(512000)
+SSLSessionCache                shmcb:/var/cache/httpd/ssl_scache(512000)
 SSLSessionCacheTimeout  300
 
+# FOLLOW SECURE DEFAULTS: https://wiki.mozilla.org/Security/Server_Side_TLS
+
 #   Usable SSL protocol flavors:
 #   This directive can be used to control the SSL protocol flavors mod_ssl
 #   should use when establishing its server environment. Clients then can only
 #   connect with one of the provided protocols.
-SSLProtocol all -SSLv2
+SSLProtocol all -SSLv2 -SSLv3
 
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.
 #   See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXP:!LOW:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
+SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+
+SSLHonorCipherOrder on
 
+SSLCompression off
+
+# OCSP Stapling
+SSLUseStapling          off
+SSLStaplingResponderTimeout 5
+SSLStaplingReturnResponderErrors off
+SSLStaplingCache        shmcb:/var/cache/httpd/ocsp(128000)
+
+# Whether to allow non-SNI clients to access a name-based virtual host.
+#SSLStrictSNIVHostCheck on
 
 ##
 ## SSL Virtual Host Context
@@ -82,6 +93,10 @@ SSLCipherSuite ALL:!ADH:!EXP:!LOW:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
 #   Enable/Disable SSL for this virtual host.
 SSLEngine on
 
+# Enable, if you have real ssl cert and want to cache OCSP
+# https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
+SSLUseStapling          off
+
 #   Server Certificate:
 #   Point SSLCertificateFile at a PEM encoded certificate.  If
 #   the certificate is encrypted, then you will be prompted for a
@@ -212,7 +227,8 @@ SSLCertificateKeyFile /etc/httpd/ssl/server.key
 #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
 #   "force-response-1.0" for this.
 <IfModule mod_setenvif.c>
-       BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
+       BrowserMatch ".*MSIE [2-5]\..*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
+       BrowserMatch ".*MSIE [6-9]\..*" ssl-unclean-shutdown
 </IfModule>
 
 #   Per-Server Logging:

diff --git a/apache-mod_status.conf b/apache-mod_status.conf
index a5fd90b9bb65eccb6f680de00989d4d0f52b2c9a..6477a232966684203ebd6772a6030b24b6c9a917 100644 (file)
--- a/apache-mod_status.conf
+++ b/apache-mod_status.conf
@@ -17,6 +17,11 @@ LoadModule status_module             modules/mod_status.so
        # Require host .example.com
        # Require ip 127
        Require local
+       <IfModule mod_access_compat.c>
+               Order deny,allow
+               Deny from all
+               Allow from 127.0.0.1
+       </IfModule>
 </Location>
 
 #

diff --git a/apache-mod_userdir.conf b/apache-mod_userdir.conf
index 1bcff5d78509fd0ae568e89cfb9a28c215078711..534367a5cb354b6920f89da4b63ad957a423cabf 100644 (file)
--- a/apache-mod_userdir.conf
+++ b/apache-mod_userdir.conf
@@ -18,12 +18,20 @@ UserDir public_html
 #
 <Directory /home/users/*/public_html>
        AllowOverride FileInfo AuthConfig Limit Indexes
-       Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+       Options Indexes SymLinksIfOwnerMatch IncludesNoExec
        <Limit GET POST OPTIONS>
                Require all granted
+               <IfModule mod_access_compat.c>
+                       Order allow,deny
+                       Allow from all
+               </IfModule>
        </Limit>
        <LimitExcept GET POST OPTIONS>
                Require all denied
+               <IfModule mod_access_compat.c>
+                       Order deny,allow
+                       Deny from all
+               </IfModule>
        </LimitExcept>
        #<IfModule mod_php.c>
        #       php_admin_value open_basedir "/home/users:/usr/share/pear:/usr/share/php:/tmp"

diff --git a/apache-mpm.conf b/apache-mpm.conf
index 51cd43d19618d1f3f2b0f2a9d2305c9cb14b252b..5a1b75c0450d5b42b0753c5d72131abcc22de448 100644 (file)
--- a/apache-mpm.conf
+++ b/apache-mpm.conf
@@ -15,10 +15,14 @@ LoadModule mpm_prefork_module                modules/mod_mpm_prefork.so
 #
 PidFile /var/run/httpd.pid
 
+# Mutex: Allows you to set the mutex mechanism and mutex file directory
+# for individual mutexes, or change the global defaults
 #
-# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+# Uncomment and change the directory if mutexes are file-based and the default
+# mutex file directory is not on a local disk or is not appropriate for some
+# other reason.
 #
-Mutex file:/var/run/httpd/
+# Mutex default:/var/run/httpd/
 
 #
 # Only one of the below sections will be relevant on your

diff --git a/apache-multilang-errordoc.conf b/apache-multilang-errordoc.conf
index 0cc6af5427ba5e1b7acd61b2b857d714d148c0cc..b4bf2a350a605b9e948f80d85a5bd7bda246fb0d 100644 (file)
--- a/apache-multilang-errordoc.conf
+++ b/apache-multilang-errordoc.conf
@@ -27,6 +27,10 @@ Alias /error/ "/home/services/httpd/error/"
        AddOutputFilter Includes html
        AddHandler type-map var
        Require all granted
+       <IfModule mod_access_compat.c>
+               Order allow,deny
+               Allow from all
+       </IfModule>
        LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
        ForceLanguagePriority Prefer Fallback
 </Directory>

diff --git a/apache.init b/apache.init
old mode 100644 (file)
new mode 100755 (executable)
index 8ce5a86..00dd2f4
--- a/apache.init
+++ b/apache.init
@@ -127,6 +127,7 @@ condrestart() {
 
        checkconfig
        stop
+       [ "$RESTART_DELAY" ] && usleep $RESTART_DELAY
        start
 }
 
@@ -142,6 +143,7 @@ case "$1" in
   restart)
        checkconfig
        stop
+       [ "$RESTART_DELAY" ] && usleep $RESTART_DELAY
        start 0
        ;;
   try-restart)

diff --git a/apache.logrotate b/apache.logrotate
index 27ebbe548d6bd2a1204acfecad5f4bd72c5848cc..2d05b37679755e5e30d1bc5a1c426b2a75324613 100644 (file)
--- a/apache.logrotate
+++ b/apache.logrotate
@@ -9,6 +9,10 @@
     olddir /var/log/archive/httpd
     sharedscripts
     postrotate
-       /sbin/service httpd flush-logs > /dev/null
+       if /bin/systemd_booted; then
+               /bin/systemctl reload httpd.service
+       else
+               /sbin/service httpd flush-logs > /dev/null
+       fi
     endscript
 }

diff --git a/apache.spec b/apache.spec
index 3c6451ddea261fe59bff697394c883b98e70244f..b091e53ba12bb0bd68c07dfb4d4682fa9a5a922c 100644 (file)
--- a/apache.spec
+++ b/apache.spec
@@ -1,4 +1,4 @@
-# # TODO: 
+# TODO:
 # - config examples for mod_*
 # - --with-suexec-uidmin=500 or =1000 ?
 # - check those autn modules inner deps
@@ -14,15 +14,16 @@
 # Conditional build:
 %bcond_without ssl             # build without SSL support
 %bcond_without ldap            # build without LDAP support
-%bcond_with    itk             # ITK MPM
 %bcond_with    distcache       # distcache support
 %bcond_with    bucketeer       # debug one
+%bcond_without http2           # HTTP/2 support
 
 # this is internal macro, don't change to %%apache_modules_api
 %define                _apache_modules_api 20120211
 
-%define                openssl_ver     1.0.1f
-%define                apr_ver         1:1.5.0
+%define                openssl_ver     1.0.2
+%define                apr_ver         1:1.6.0
+%define                apr_util_ver    1:1.6.0
 
 %include       /usr/lib/rpm/macros.perl
 Summary:       The most widely used Web server on the Internet
@@ -34,12 +35,12 @@ Summary(pt_BR.UTF-8):       Servidor HTTPD para prover serviços WWW
 Summary(ru.UTF-8):     Самый популярный веб-сервер
 Summary(tr.UTF-8):     Lider WWW tarayıcı
 Name:          apache
-Version:       2.4.25
+Version:       2.4.28
 Release:       1
 License:       Apache v2.0
 Group:         Networking/Daemons/HTTP
-Source0:       http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
-# Source0-md5: 24fb8b9e36cf131d78caae864fea0f6a
+Source0:       http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
+# Source0-md5: 49007ffe8e37a0834255b279810edf24
 Source1:       %{name}.init
 Source2:       %{name}.logrotate
 Source3:       %{name}.sysconfig
@@ -69,13 +70,12 @@ Source26:   %{name}-mod_log_config.conf
 Source27:      %{name}-mod_mime_magic.conf
 Source28:      %{name}-mod_cache.conf
 Source29:      %{name}-example.net.conf
+Source32:      %{name}-mod_http2.conf
 Patch0:                %{name}-configdir_skip_backups.patch
 Patch1:                %{name}-layout.patch
 Patch2:                %{name}-suexec.patch
 Patch3:                %{name}-branding.patch
 Patch4:                %{name}-apr.patch
-Patch5:                httpd-dummy-connection-result.patch
-
 Patch7:                %{name}-syslibs.patch
 
 Patch10:       httpd-2.0.46-dav401dest.patch
@@ -84,22 +84,24 @@ Patch15:    httpd-2.0.48-debuglog.patch
 Patch18:       %{name}-v6only-ENOPROTOOPT.patch
 Patch19:       %{name}-conffile-path.patch
 Patch20:       %{name}-apxs.patch
+# Relaxed version of suexec. If called as suexec.fcgi don't check uid/gid against file owner.
+# Required by our patched mod_fcgid to run php as fcgi via suexec.
 Patch23:       %{name}-suexec_fcgi.patch
 # http://scripts.mit.edu/trac/browser/trunk/server/common/patches/httpd-2.2.x-mod_ssl-sessioncaching.patch?rev=1348
 Patch25:       httpd-2.2.x-mod_ssl-sessioncaching.patch
 Patch26:       %{name}-mod_vhost_alias_docroot.patch
-# http://mpm-itk.sesse.net/
-Patch28:       %{name}-mpm-itk.patch
 Patch29:       libtool-tag.patch
-Patch30:       lua-lib.patch
 URL:           http://httpd.apache.org/
 BuildRequires: apr-devel >= %{apr_ver}
-BuildRequires: apr-util-devel >= 1:1.3.10-2
+BuildRequires: apr-util-devel >= %{apr_util_ver}
 BuildRequires: autoconf >= 2.50
 BuildRequires: automake
 %{?with_distcache:BuildRequires:       distcache-devel}
+BuildRequires: libbrotli-devel >= 0.6.0
 BuildRequires: libtool >= 2:1.5
-BuildRequires: lua51-devel
+BuildRequires: libxml2-devel >= 2
+BuildRequires: lua53-devel >= 5.3
+%{?with_http2:BuildRequires:   nghttp2-devel >= 1.15.0}
 %{?with_ldap:BuildRequires:    openldap-devel >= 2.3.0}
 %{?with_ssl:BuildRequires:     openssl-devel >= %{openssl_ver}}
 %{?with_ssl:BuildRequires:     openssl-tools >= %{openssl_ver}}
@@ -114,13 +116,22 @@ BuildRequires:    zlib-devel
 Requires:      %{name}-errordocs = %{version}-%{release}
 Requires:      %{name}-mod_alias = %{version}-%{release}
 Requires:      %{name}-mod_auth = %{version}-%{release}
+Requires:      %{name}-mod_autoindex = %{version}-%{release}
+Requires:      %{name}-mod_deflate = %{version}-%{release}
+Requires:      %{name}-mod_dir = %{version}-%{release}
 Requires:      %{name}-mod_env = %{version}-%{release}
+Requires:      %{name}-mod_filter = %{version}-%{release}
+Requires:      %{name}-mod_headers = %{version}-%{release}
 Requires:      %{name}-mod_log_config = %{version}-%{release}
+Requires:      %{name}-mod_logio = %{version}-%{release}
 Requires:      %{name}-mod_mime = %{version}-%{release}
 Requires:      %{name}-mod_mime_magic = %{version}-%{release}
 Requires:      %{name}-mod_negotiation = %{version}-%{release}
+Requires:      %{name}-mod_reqtimeout = %{version}-%{release}
+Requires:      %{name}-mod_rewrite = %{version}-%{release}
 Requires:      %{name}-mod_setenvif = %{version}-%{release}
 Requires:      %{name}-mod_speling = %{version}-%{release}
+Requires:      %{name}-mod_status = %{version}-%{release}
 Requires:      %{name}-mod_userdir = %{version}-%{release}
 Requires:      %{name}-mod_version = %{version}-%{release}
 Requires:      %{name}-tools = %{version}-%{release}
@@ -187,6 +198,7 @@ Requires(pre):      /usr/sbin/groupadd
 Requires(pre): /usr/sbin/useradd
 Requires:      /sbin/chkconfig
 Requires:      apr >= %{apr_ver}
+Requires:      apr-util >= %{apr_util_ver}
 Requires:      psmisc >= 20.1
 Requires:      rc-scripts >= 0.4.1.23
 Requires:      sed >= 4.0
@@ -253,6 +265,9 @@ Summary(pl.UTF-8):  Pliki Apache index.html*
 Group:         Documentation
 Requires:      %{name}-base = %{version}-%{release}
 Obsoletes:     indexhtml
+%if "%{_rpmversion}" >= "5"
+BuildArch:     noarch
+%endif
 
 %description index
 Apache index.html* files.
@@ -269,6 +284,9 @@ Requires:   %{name}-mod_alias = %{version}-%{release}
 Requires:      %{name}-mod_dir = %{version}-%{release}
 Requires:      %{name}-mod_negotiation = %{version}-%{release}
 Requires:      %{name}-mod_setenvif = %{version}-%{release}
+%if "%{_rpmversion}" >= "5"
+BuildArch:     noarch
+%endif
 
 %description doc
 Apache manual.
@@ -286,6 +304,9 @@ Requires:   %{name}-mod_alias = %{version}-%{release}
 Requires:      %{name}-mod_authz_host = %{version}-%{release}
 Requires:      %{name}-mod_include = %{version}-%{release}
 Requires:      %{name}-mod_negotiation = %{version}-%{release}
+%if "%{_rpmversion}" >= "5"
+BuildArch:     noarch
+%endif
 
 %description errordocs
 Multi-language error messages.
@@ -301,7 +322,7 @@ Summary(pl.UTF-8):  Pliki nagłówkowe do tworzenia modułów rozszerzeń do serw
 Summary(pt_BR.UTF-8):  Arquivos de inclusão do Apache para desenvolvimento de módulos
 Summary(ru.UTF-8):     Средства разработки модулей для веб-сервера Apache
 Group:         Networking/Utilities
-Requires:      apr-util-devel >= 1:1.2
+Requires:      apr-util-devel >= %{apr_util_ver}
 Requires:      libtool
 Obsoletes:     apache-apxs
 Obsoletes:     apache-static
@@ -547,13 +568,10 @@ Requires: %{name}-base = %{version}-%{release}
 Provides:      apache(mod_auth_digest) = %{version}-%{release}
 
 %description mod_auth_digest
-This module implements HTTP Digest Authentication. However, it has not
-been extensively tested and is therefore marked experimental.
+This module implements HTTP Digest Authentication.
 
 %description mod_auth_digest -l pl.UTF-8
-Ten moduł implementuje uwierzytelnienie HTTP Digest. Nie został on
-jednak zbyt obszernie przetestowany, więc jest oznaczony jako
-eksperymentalny.
+Ten moduł implementuje uwierzytelnienie HTTP Digest.
 
 %package mod_auth_form
 Summary:       Form authentication
@@ -707,8 +725,9 @@ Summary(pl.UTF-8):  Moduł Apache'a umożliwiający przechowywanie danych dla uwi
 Group:         Networking/Daemons/HTTP
 URL:           http://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html
 Requires:      %{name}-base = %{version}-%{release}
+Requires:      %{name}-mod_authn_core = %{version}-%{release}
 Requires:      %{name}-mod_ldap = %{version}-%{release}
-Requires:      apr-util-ldap
+Requires:      apr-util-ldap >= %{apr_util_ver}
 Provides:      apache(mod_authnz_ldap) = %{version}-%{release}
 # compat
 Provides:      apache(mod_auth_ldap) = %{version}-%{release}
@@ -899,7 +918,7 @@ WWW dla uwierzytelnionych użytkowników.
 
 %package mod_autoindex
 Summary:       Apache module - display index of files
-Summary(pl.UTF-8):     Moduł apache do wyświetlania indeksu plików
+Summary(pl.UTF-8):     Moduł Apache'a do wyświetlania indeksu plików
 Group:         Networking/Daemons/HTTP
 URL:           http://httpd.apache.org/docs/2.4/en/mod/mod_autoindex.html
 Requires:      %{name}-base = %{version}-%{release}
@@ -913,8 +932,27 @@ index of files.
 %description mod_autoindex -l pl.UTF-8
 Ten pakiet dostarcza moduł autoindex, który generuje indeks plików.
 
+%package mod_brotli
+Summary:       Apache module: compress content via Brotli before it is delivered to the client
+Summary(pl.UTF-8):     Moduł Apache'a kompresujący treść przy użyciu formatu Brotli przed wysłaniem do klienta
+Group:         Networking/Daemons/HTTP
+URL:           http://httpd.apache.org/docs/2.4/mod/mod_brotli.html
+Requires:      %{name}-base = %{version}-%{release}
+Requires:      libbrotli >= 0.6.0
+Provides:      apache(mod_brotli) = %{version}-%{release}
+
+%description mod_brotli
+The mod_brotli module provides the BROTLI_COMPRESS output filter that
+allows output from your server to be compressed using the brotli
+compression format before being sent to the client over the network.
+
+%description mod_brotli -l pl.UTF-8
+Moduł mod_brotli udostępnia filtr wyjściowy BROTLI_COMPRESS,
+pozwalający na kompresowanie wyjścia z serwera przy użyciu formatu
+kompresji brotli przed wysłaniem przez sieć do klienta.
+
 %package mod_bucketeer
-Summary:       buckets manipulation filter
+Summary:       Buckets manipulation filter
 Summary(pl.UTF-8):     Dzielenie kubełków po znalezieniu znaku sterującego
 Group:         Networking/Daemons/HTTP
 Requires:      %{name}-base = %{version}-%{release}
@@ -1121,16 +1159,12 @@ Specify character set translation or recoding.
 This module provides a small subset of configuration mechanisms
 implemented by Russian Apache and its associated mod_charset.
 
-This is an experimental module and should be used with care.
-
 %description mod_charset_lite -l pl.UTF-8
 Translacja lub przekodowywanie znaków.
 
 Ten moduł udostępnia niewielki podzbiór mechanizmów konfiguracyjnych
 zaimplementowanych przez Russian Apache i powiązany z nim mod_charset.
 
-Jest to moduł eksperymentalny i należy używać go z uwagą.
-
 %package mod_data
 Summary:       Convert response body into an RFC2397 data URL
 Summary(pl.UTF-8):     Konwersja ciała odpowiedzi do URL-a danych RFC2397
@@ -1164,9 +1198,7 @@ Summary(pl.UTF-8):        Moduł Apache'a - rozproszone autorstwo i wersjonowanie
 Group:         Networking/Daemons/HTTP
 URL:           http://httpd.apache.org/docs/2.4/en/mod/mod_dav.html
 Requires:      %{name}-base = %{version}-%{release}
-Requires:      apache-mod_authn_file
-Requires:      apache-mod_setenvif
-Requires:      apr-util-dbm-db
+Requires:      apr-util-dbm-db >= %{apr_util_ver}
 Provides:      apache(mod_dav) = %{version}-%{release}
 
 %description mod_dav
@@ -1208,8 +1240,8 @@ Summary(pl.UTF-8):        Moduł Apache'a kompresujący dane przed przesłaniem ich do
 Group:         Networking/Daemons/HTTP
 URL:           http://httpd.apache.org/docs/2.4/mod/mod_deflate.html
 Requires:      %{name}-base = %{version}-%{release}
-Requires:      %{name}-mod_headers = %{version}-%{release}
 Requires:      %{name}-mod_filter = %{version}-%{release}
+Requires:      %{name}-mod_headers = %{version}-%{release}
 Provides:      apache(mod_deflate) = %{version}-%{release}
 
 %description mod_deflate
@@ -1433,6 +1465,7 @@ Group:            Networking/Daemons/HTTP
 URL:           http://httpd.apache.org/docs/2.4/mod/mod_headers.html
 Requires:      %{name}-base = %{version}-%{release}
 Provides:      apache(mod_headers) = %{version}-%{release}
+Provides:      webserver(headers)
 
 %description mod_headers
 This package contains mod_headers module. The module allows for the
@@ -1500,6 +1533,22 @@ Ten moduł wykorzystuje usługi modułu mod_slotmem_shm (jeśli jest
 dostępny) zamiast przechowywania danych w płaskich plikach. Do
 używania tego modułu nie jest wymagana żadna konfiguracja.
 
+%package mod_http2
+Summary:       Provide HTTP/2 support for the Apache HTTP Server
+Summary(pl.UTF-8):     Obsługa HTTP/2 dla serwera HTTP Apache
+Group:         Networking/Daemons/HTTP
+URL:           http://httpd.apache.org/docs/2.4/mod/mod_http2.html
+Requires:      %{name}-base = %{version}-%{release}
+Requires:      nghttp2 >= 1.15.0
+Provides:      apache(mod_http2) = %{version}-%{release}
+
+%description mod_http2
+This module provides HTTP/2 (RFC 7540) support for the Apache HTTP
+Server.
+
+%description mod_http2 -l pl.UTF-8
+Ten moduł zapewnia obsługę HTTP/2 (RFC 7540) dla serwera HTTP Apache.
+
 %package mod_ident
 Summary:       RFC 1413 ident lookups
 Summary(pl.UTF-8):     Sprawdzanie identyfikacji RFC 1413
@@ -1763,8 +1812,8 @@ This module allows the server to be extended with scripts written in
 the Lua programming language. The extension points (hooks) available
 with mod_lua include many of the hooks available to natively compiled
 Apache HTTP Server modules, such as mapping requests to files,
-generating dynamic responses, access control, authentication,
-and authorization.
+generating dynamic responses, access control, authentication, and
+authorization.
 
 %description mod_lua -l pl.UTF-8
 Ten moduł pozwala na rozszerzanie serwera poprzez skrypty napisane w
@@ -1775,24 +1824,24 @@ pliki, generowanie dynamicznych odpowiedzi, kontrola dostępu,
 uwierzytelnianie i autoryzacja.
 
 %package mod_macro
-Summary:       Provides macros within apache runtime configuration files
-Summary(pl.UTF-8):     Makra wewnątrz plików konfiguracyjnych apache
-Group:         Networking/Daemons/HTTP
-URL:           http://httpd.apache.org/docs/2.4/mod/mod_macro.html
-Requires:      %{name}-base = %{version}-%{release}
-Provides:      apache(mod_macro) = %{version}-%{release}
+Summary:       Provides macros within Apache runtime configuration files
+Summary(pl.UTF-8):     Makra wewnątrz klików konfiguracyjnych Apache'a
+Group:         Networking/Daemons/HTTP
+URL:           http://httpd.apache.org/docs/2.4/mod/mod_macro.html
+Requires:      %{name}-base = %{version}-%{release}
+Provides:      apache(mod_macro) = %{version}-%{release}
 
 %description mod_macro
-This module provides macros within apache runtime configuration files.
+This module provides macros within Apache runtime configuration files.
 These macros have parameters. They are expanded when used (parameters
 are substituted by their values given as an argument), and the result
 is processed normally.
 
 %description mod_macro -l pl.UTF-8
 Ten moduł umożliwia tworzenie makr wewnątrz plików konfiguracyjnych
-apache. Makra mogą mieć parametry. Makra są rozwijane w momencie
-użycia (argumenty makra są podstawiane za wartości parametrów) a wynik
-jest parsowany jak normalna konfiguracja.
+Apache'a. Makra mogą mieć parametry. Makra są rozwijane w momencie
+użycia (argumenty makra są podstawiane za wartości parametrów), a
+wynik jest przetwarzany jak normalna konfiguracja.
 
 %package mod_mime
 Summary:       Associates the requested filename's extensions with the file's behavior and content
@@ -1969,7 +2018,6 @@ Group:            Networking/Daemons/HTTP
 URL:           http://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html
 Requires:      %{name}-base = %{version}-%{release}
 Provides:      apache(mod_reqtimeout) = %{version}-%{release}
-Provides:      webserver(reqtimeout)
 
 %description mod_reqtimeout
 Apache module to set timeout and minimum data rate for receiving
@@ -2128,6 +2176,7 @@ Group:            Networking/Daemons/HTTP
 URL:           http://httpd.apache.org/docs/2.4/mod/mod_session_crypto.html
 Requires:      %{name}-base = %{version}-%{release}
 Requires:      %{name}-mod_session = %{version}-%{release}
+Requires:      apr-util-crypto-openssl >= %{apr_util_ver}
 Provides:      apache(mod_session_crypto) = %{version}-%{release}
 
 %description mod_session_crypto
@@ -2205,6 +2254,7 @@ części serwera do podejmowania decyzji o podejmowanych akcjach.
 
 %package mod_slotmem
 Summary:       Slot-based shared memory provider
+Summary(pl.UTF-8):     Moduł zapewniający pamięć dzieloną w oparciu o sloty
 Group:         Networking/Daemons/HTTP
 URL:           http://httpd.apache.org/docs/2.4/mod/mod_slotmem_plain.html
 #URL:          http://httpd.apache.org/docs/2.4/mod/mod_slotmem_shm.html
@@ -2216,14 +2266,44 @@ Obsoletes:      apache-mod_slotmem_plain
 Obsoletes:     apache-mod_slotmem_shm
 
 %description mod_slotmem
-Slot-based shared memory provider.
+mod_slotmem_plain is a memory provider which provides for creation and
+access to a plain memory segment in which the datasets are organized
+in "slots."
+
+If the memory needs to be shared between threads and processes, a
+better provider would be mod_slotmem_shm.
+
+mod_slotmem_shm is a memory provider which provides for creation and
+access to a shared memory segment in which the datasets are organized
+in "slots."
+
+All shared memory is cleared and cleaned with each restart, whether
+graceful or not. The data itself is stored and restored within a file
+noted by the name parameter in the create and attach calls.
+
+%description mod_slotmem -l pl.UTF-8
+mod_slotmem_plain to moduł dostarczający pamięć, pozwalający na
+tworzenie i dostęp do segmentu zwykłej pamięci, w której zbiory danych
+są zorganizowane w "sloty".
+
+Jeśli pamięć musi być dzielona między wątki i procesy, lepszym
+rozwiązaniem będzie mod_slotmem_shm.
+
+mod_slotmem_plain to moduł dostarczający pamięć, pozwalający na
+tworzenie i dostęp do segmentu pamięci dzielonej, w której zbiory
+danych są zorganizowane w "sloty".
+
+Cała pamięć współdzielona jest czyszczona przy każdym restarcie. Same
+dane są zapisywane i odtwarzane z pliku o nazwie podawanej jako
+parametr przy wywołaniach tworzenia i podłączania.
 
 %package mod_socache
 Summary:       Shared object cache provider
+Summary(pl.UTF-8):     Moduł zapewniający współdzieloną pamięć podręczną obiektów
 Group:         Networking/Daemons/HTTP
 URL:           http://httpd.apache.org/docs/2.4/mod/mod_socache_dbm.html
 #URL:          http://httpd.apache.org/docs/2.4/mod/mod_socache_memcache.html
-#URL:          http://httpd.apache.org/docs/2.4/mod/mod_socache_shmcb.html
+#URL:          http://httpd.apache.org/docs/2.4/mod/mod_socache_shmcb.htm
 Requires:      %{name}-base = %{version}-%{release}
 Provides:      apache(mod_socache) = %{version}-%{release}
 Provides:      apache(mod_socache_dbm) = %{version}-%{release}
@@ -2234,7 +2314,31 @@ Obsoletes:       apache-mod_socache_memcache
 Obsoletes:     apache-mod_socache_shmcb
 
 %description mod_socache
-Shared object cache provider.
+mod_socache_dbm is a shared object cache provider which provides for
+creation and access to a cache backed by a DBM database.
+
+mod_socache_memcache is a shared object cache provider which provides
+for creation and access to a cache backed by the memcached
+high-performance, distributed memory object caching system.
+
+mod_socache_shmcb is a shared object cache provider which provides for
+creation and access to a cache backed by a high-performance cyclic
+buffer inside a shared memory segment.
+
+%description mod_socache -l pl.UTF-8
+mod_socache_dbm to moduł dostarczający współdzieloną pamięć podręczną
+obiektów, zapewniający tworzenie i dostęp do cache'a zapisywanego w
+bazie DBM.
+
+mod_socache_dbm to moduł dostarczający współdzieloną pamięć podręczną
+obiektów, zapewniający tworzenie i dostęp do cache'a zapisywanego w
+systemie memcached - wysoko wydajnym, ozproszonym systemie pamięci
+podręcznej obiektów.
+
+mod_socache_dbm to moduł dostarczający współdzieloną pamięć podręczną
+obiektów, zapewniający tworzenie i dostęp do cache'a zapisywanego w
+wysoko wydajnym buforze cyklicznym wewnątrz segmentu pamięci
+dzielonej.
 
 %package mod_speling
 Summary:       Attempts to correct mistaken URLs by ignoring capitalization and by allowing up to one misspelling
@@ -2274,10 +2378,9 @@ Epoch:           1
 Group:         Networking/Daemons/HTTP
 URL:           http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
 Requires:      %{name}-base = %{version}-%{release}
-Suggests:      apache(mod_socache_shmcb) = %{version}-%{release}
-Suggests:      apache(mod_socache_dbm) = %{version}-%{release}
+Requires:      apr-util-dbm-db >= %{apr_util_ver}
 Requires:      openssl >= %{openssl_ver}
-Requires:      apr-util-dbm-db
+Suggests:      %{name}-mod_socache = %{version}-%{release}
 Provides:      apache(mod_ssl) = 1:%{version}-%{release}
 
 %description mod_ssl
@@ -2518,6 +2621,9 @@ Summary(pl.UTF-8):        Programy testowe/przykładowe cgi
 Group:         Networking/Utilities
 Requires:      %{name}-base = %{version}-%{release}
 Requires:      filesystem >= 2.0-1
+%if "%{_rpmversion}" >= "5"
+BuildArch:     noarch
+%endif
 
 %description cgi_test
 Two cgi test/demo programs: test-cgi and print-env.
@@ -2532,7 +2638,6 @@ Dwa programy testowe/przykładowe cgi: test-cgi and print-env.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
-%patch5 -p1
 
 %patch7 -p1
 
@@ -2549,10 +2654,7 @@ Dwa programy testowe/przykładowe cgi: test-cgi and print-env.
 #%patch25 -p1
 # ?
 #%patch26 -p1
-# probably drop
-#%patch28 -p1
 %patch29 -p1
-%patch30 -p1
 
 # sanity check
 MODULES_API=`awk '/#define MODULE_MAGIC_NUMBER_MAJOR/ {print $3}' include/ap_mmn.h`
@@ -2594,63 +2696,68 @@ install -d build; cd build
        --enable-auth-dbm \
        --enable-authn-dbd \
        --enable-authn-alias \
+       %{?with_ldap:--enable-authnz-ldap} \
        --enable-authz-dbm \
        --enable-authz-owner \
-       %{?with_ldap:--enable-authnz-ldap} \
        --enable-auth-digest \
-       --enable-file-cache \
+       %{?with_bucketeer:--enable-bucketeer} \
        --enable-cache \
        --enable-disk-cache \
+       --enable-file-cache \
        --enable-mem-cache \
-       --enable-dbd \
-       %{?with_bucketeer:--enable-bucketeer} \
-       --enable-dumpio \
-       --enable-echo \
+       --enable-cern-meta \
+       --enable-cgi \
+       --enable-cgid \
        --enable-charset-lite \
+       --enable-dbd \
        --enable-deflate \
-       %{?with_ldap:--enable-ldap} \
-       --enable-ext-filter \
+       --enable-dumpio \
        --enable-case-filter \
        --enable-case-filter-in \
+       --enable-dav \
+       --enable-dav-fs \
+       --enable-dav-lock \
+       --enable-echo \
+       --enable-ext-filter \
+       --enable-expires \
+       --enable-headers \
+       --enable-http \
+       %{__enable_disable http2} \
+       --enable-ident \
+       --enable-imagemap \
+       --enable-info \
+       %{?with_ldap:--enable-ldap} \
        --enable-log-forensic \
        --enable-logio \
        --enable-lua \
-       --with-z=%{_prefix} \
        --enable-mime-magic \
-       --enable-cern-meta \
-       --enable-expires \
-       --enable-headers \
-       --enable-ident \
-       --enable-usertrack \
-       --enable-unique-id \
+       --enable-mpms-shared=all \
+%ifarch %{ix86}
+%ifnarch i386 i486
+       --enable-nonportable-atomics=yes \
+%endif
+%endif
        --enable-proxy \
        --enable-proxy-connect \
-       --enable-proxy-fdpass \
        --enable-proxy-ftp \
        --enable-proxy-http \
+       --enable-proxy-http2 \
        --enable-proxy-ajp \
        --enable-proxy-balancer \
+       --enable-proxy-fdpass \
+       --enable-rewrite \
+       --enable-so \
+       --enable-speling \
        %{?with_ssl:--enable-ssl %{?with_distcache:--enable-distcache}} \
-       --enable-http \
-       --enable-dav \
-       --enable-info \
        --enable-suexec \
-       --enable-cgi \
-       --enable-cgid \
-       --enable-dav-fs \
-       --enable-dav-lock \
+       --enable-unique-id \
+       --enable-usertrack \
        --enable-vhost-alias \
-       --enable-imagemap \
-       --enable-speling \
-       --enable-rewrite \
-       --enable-so \
+       --with-apr=%{_bindir}/apr-1-config \
+       --with-apr-util=%{_bindir}/apu-1-config \
+       --with-lua=/usr \
+       --with-pcre \
        --with-program-name=httpd \
-       --enable-mpms-shared=all \
-%ifarch %{ix86}
-%ifnarch i386 i486
-       --enable-nonportable-atomics=yes \
-%endif
-%endif
        --with-suexec-bin=%{_sbindir}/suexec \
        --with-suexec-caller=http \
        --with-suexec-docroot=%{_datadir} \
@@ -2658,9 +2765,7 @@ install -d build; cd build
        --with-suexec-uidmin=500 \
        --with-suexec-gidmin=500 \
        --with-suexec-umask=077 \
-       --with-apr=%{_bindir}/apr-1-config \
-       --with-apr-util=%{_bindir}/apu-1-config \
-       --with-pcre
+       --with-z=%{_prefix}
 
 %{__make}
 
@@ -2682,7 +2787,6 @@ ln -s %{_localstatedir}/run/httpd $RPM_BUILD_ROOT%{_sysconfdir}/run
 ln -s %{_var}/log/httpd $RPM_BUILD_ROOT%{_sysconfdir}/logs
 # we have own apache.conf
 rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd.conf
-ln -s conf.d $RPM_BUILD_ROOT%{_sysconfdir}/httpd.conf
 
 install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/httpd
 cp -a %{SOURCE2} $RPM_BUILD_ROOT/etc/logrotate.d/httpd
@@ -2707,6 +2811,7 @@ cp -a %{SOURCE25} $CFG/01_mod_cgid.conf
 cp -a %{SOURCE26} $CFG/01_mod_log_config.conf
 cp -a %{SOURCE27} $CFG/01_mod_mime_magic.conf
 cp -a %{SOURCE28} $CFG/01_mod_cache.conf
+cp -a %{SOURCE32} $CFG/01_mod_http2.conf
 cp -a %{SOURCE8} $CFG/20_mod_vhost_alias.conf
 cp -a %{SOURCE9} $CFG/25_mod_status.conf
 cp -a %{SOURCE10} $CFG/30_mod_proxy.conf
@@ -2724,88 +2829,34 @@ cp -a %{SOURCE21} $CFG/10_mpm.conf
 cp -a %{SOURCE22} $CFG/20_languages.conf
 cp -a %{SOURCE29} $RPM_BUILD_ROOT%{_sysconfdir}/vhosts.d/example.net.conf
 
-echo "LoadModule access_compat_module   modules/mod_access_compat.so" > $CFG/00_mod_access_compat.conf
-echo "LoadModule actions_module        modules/mod_actions.so" > $CFG/00_mod_actions.conf
-echo "LoadModule alias_module modules/mod_alias.so" > $CFG/00_mod_alias.conf
-echo "LoadModule allowmethods_module    modules/mod_allowmethods.so" > $CFG/00_mod_allowmethods.conf
-echo "LoadModule asis_module   modules/mod_asis.so" > $CFG/00_mod_asis.conf
-echo "LoadModule auth_basic_module     modules/mod_auth_basic.so" > $CFG/00_mod_auth_basic.conf
-echo "LoadModule auth_digest_module    modules/mod_auth_digest.so" > $CFG/00_mod_auth_digest.conf
-echo "LoadModule auth_form_module       modules/mod_auth_form.so" > $CFG/00_mod_auth_form.conf
-echo "LoadModule authn_anon_module     modules/mod_authn_anon.so" > $CFG/00_mod_authn_anon.conf
-echo "LoadModule authn_core_module      modules/mod_authn_core.so" > $CFG/00_mod_authn_core.conf
-echo "LoadModule authn_dbd_module      modules/mod_authn_dbd.so" > $CFG/00_mod_authn_dbd.conf
-echo "LoadModule authn_dbm_module      modules/mod_authn_dbm.so" > $CFG/00_mod_authn_dbm.conf
-echo "LoadModule authn_file_module     modules/mod_authn_file.so" > $CFG/00_mod_authn_file.conf
-echo "LoadModule authn_socache_module      modules/mod_authn_socache.so" > $CFG/00_mod_authn_socache.conf
-echo "LoadModule authnz_ldap_module    modules/mod_authnz_ldap.so" > $CFG/00_mod_authnz_ldap.conf
-echo "LoadModule authz_core_module      modules/mod_authz_core.so" > $CFG/00_mod_authz_core.conf
-echo "LoadModule authz_dbd_module       modules/mod_authz_dbd.so" > $CFG/00_mod_authz_dbd.conf
-echo "LoadModule authz_dbm_module      modules/mod_authz_dbm.so" > $CFG/00_mod_authz_dbm.conf
-echo "LoadModule authz_groupfile_module        modules/mod_authz_groupfile.so" > $CFG/00_mod_authz_groupfile.conf
-echo "LoadModule authz_owner_module    modules/mod_authz_owner.so" > $CFG/00_mod_authz_owner.conf
-echo "LoadModule authz_user_module     modules/mod_authz_user.so" > $CFG/00_mod_authz_user.conf
-echo "LoadModule buffer_module  modules/mod_buffer.so" > $CFG/00_mod_buffer.conf
-%if %{with bucketeer}
-echo "LoadModule bucketeer_module      modules/mod_bucketeer.so" > $CFG/00_mod_bucketeer.conf
-%endif
-echo "LoadModule case_filter_in_module modules/mod_case_filter_in.so" > $CFG/00_mod_case_filter_in.conf
-echo "LoadModule case_filter_module    modules/mod_case_filter.so" > $CFG/00_mod_case_filter.conf
-echo "LoadModule cern_meta_module      modules/mod_cern_meta.so" > $CFG/00_mod_cern_meta.conf
-echo "LoadModule cgi_module    modules/mod_cgi.so" > $CFG/00_mod_cgi.conf
-echo "LoadModule charset_lite_module   modules/mod_charset_lite.so" > $CFG/00_mod_charset_lite.conf
-echo "LoadModule data_module    modules/mod_data.so" > $CFG/00_mod_data.conf
-echo "LoadModule dbd_module    modules/mod_dbd.so" > $CFG/00_mod_dbd.conf
-echo "LoadModule dialup_module  modules/mod_dialup.so" > $CFG/00_mod_dialup.conf
-echo "LoadModule dumpio_module modules/mod_dumpio.so" > $CFG/00_mod_dumpio.conf
-echo "LoadModule echo_module   modules/mod_echo.so" > $CFG/00_mod_echo.conf
-echo "LoadModule env_module    modules/mod_env.so" > $CFG/00_mod_env.conf
-echo "LoadModule expires_module        modules/mod_expires.so" > $CFG/00_mod_expires.conf
-echo "LoadModule ext_filter_module     modules/mod_ext_filter.so" > $CFG/00_mod_ext_filter.conf
-echo "LoadModule file_cache_module     modules/mod_file_cache.so" > $CFG/00_mod_file_cache.conf
-echo "LoadModule filter_module modules/mod_filter.so" > $CFG/00_mod_filter.conf
-echo "LoadModule headers_module        modules/mod_headers.so" > $CFG/00_mod_headers.conf
-echo "LoadModule heartbeat_module       modules/mod_heartbeat.so" > $CFG/01_mod_heartbeat.conf
-echo "LoadModule heartmonitor_module    modules/mod_heartmonitor.so" > $CFG/01_mod_heartmonitor.conf
-echo "LoadModule ident_module  modules/mod_ident.so" > $CFG/00_mod_ident.conf
-echo "LoadModule imagemap_module       modules/mod_imagemap.so" > $CFG/00_mod_imagemap.conf
-echo "LoadModule include_module        modules/mod_include.so" > $CFG/00_mod_include.conf
-echo "LoadModule lbmethod_bybusyness_module     modules/mod_lbmethod_bybusyness.so" > $CFG/00_mod_lbmethod_bybusyness.conf
-echo "LoadModule lbmethod_byrequests_module     modules/mod_lbmethod_byrequests.so" > $CFG/00_mod_lbmethod_byrequests.conf
-echo "LoadModule lbmethod_bytraffic_module      modules/mod_lbmethod_bytraffic.so" > $CFG/00_mod_lbmethod_bytraffic.conf
-echo "LoadModule lbmethod_heartbeat_module      modules/mod_lbmethod_heartbeat.so" > $CFG/00_mod_lbmethod_heartbeat.conf
-echo "LoadModule ldap_module   modules/mod_ldap.so" > $CFG/00_mod_ldap.conf
-echo "LoadModule log_debug_module       modules/mod_log_debug.so" > $CFG/00_mod_log_debug.conf
-echo "LoadModule log_forensic_module   modules/mod_log_forensic.so" > $CFG/00_mod_log_forensic.conf
-echo "LoadModule logio_module  modules/mod_logio.so" > $CFG/00_mod_logio.conf
-echo "LoadModule lua_module    modules/mod_lua.so" > $CFG/00_mod_lua.conf
-echo "LoadModule macro_module  modules/mod_macro.so" > $CFG/00_mod_macro.conf
-echo "LoadModule negotiation_module    modules/mod_negotiation.so" > $CFG/00_mod_negotiation.conf
-echo "LoadModule ratelimit_module       modules/mod_ratelimit.so" > $CFG/00_mod_ratelimit.conf
-echo "LoadModule reflector_module       modules/mod_reflector.so" > $CFG/00_mod_reflector.conf
-echo "LoadModule remoteip_module        modules/mod_remoteip.so" > $CFG/00_mod_remoteip.conf
-echo "LoadModule reqtimeout_module     modules/mod_reqtimeout.so" >> $CFG/00_mod_reqtimeout.conf
-echo "LoadModule request_module modules/mod_request.so" > $CFG/00_mod_request.conf
-echo "LoadModule rewrite_module        modules/mod_rewrite.so" > $CFG/00_mod_rewrite.conf
-echo "LoadModule sed_module     modules/mod_sed.so" > $CFG/00_mod_sed.conf
-echo "LoadModule session_cookie_module  modules/mod_session_cookie.so" > $CFG/00_mod_session_cookie.conf
-echo "LoadModule session_crypto_module  modules/mod_session_crypto.so" > $CFG/00_mod_session_crypto.conf
-echo "LoadModule session_dbd_module     modules/mod_session_dbd.so" > $CFG/00_mod_session_dbd.conf
-echo "LoadModule session_module modules/mod_session.so" > $CFG/00_mod_session.conf
-echo "LoadModule setenvif_module       modules/mod_setenvif.so" > $CFG/00_mod_setenvif.conf
-echo "LoadModule slotmem_plain_module   modules/mod_slotmem_plain.so" > $CFG/00_mod_slotmem.conf
-echo "#LoadModule slotmem_shm_module     modules/mod_slotmem_shm.so" >> $CFG/00_mod_slotmem.conf
-echo "#LoadModule socache_dbm_module   modules/mod_socache_dbm.so" > $CFG/00_mod_socache.conf
-echo "#LoadModule socache_memcache_module      modules/mod_socache_memcache.so" >> $CFG/00_mod_socache.conf
-echo "LoadModule socache_shmcb_module  modules/mod_socache_shmcb.so" >> $CFG/00_mod_socache.conf
-echo "LoadModule speling_module        modules/mod_speling.so" > $CFG/00_mod_speling.conf
-echo "LoadModule substitute_module     modules/mod_substitute.so" > $CFG/00_mod_substitute.conf
-echo "LoadModule unique_id_module      modules/mod_unique_id.so" > $CFG/00_mod_unique_id.conf
-echo "LoadModule usertrack_module      modules/mod_usertrack.so" > $CFG/00_mod_usertrack.conf
-echo "LoadModule version_module        modules/mod_version.so" > $CFG/00_mod_version.conf
-echo "LoadModule watchdog_module        modules/mod_watchdog.so" > $CFG/00_mod_watchdog.conf
-echo "LoadModule xml2enc_module modules/mod_xml2enc.so" > $CFG/00_mod_xml2enc.conf
-
+LoadModule() {
+       local index=$1 module=$2 conffile
+       conffile=${3:-$module}
+       echo "LoadModule ${module}_module modules/mod_$module.so" > $CFG/${index}_mod_${conffile}.conf
+}
+
+for module in access_compat actions alias allowmethods asis auth_basic \
+       auth_digest auth_form authn_anon authn_core authn_dbd authn_dbm \
+       authn_file authn_socache authnz_ldap authz_core authz_dbd \
+       authz_dbm authz_groupfile authz_owner authz_user brotli \
+       %{?with_bucketeer:bucketeer} buffer \
+       case_filter_in case_filter cern_meta cgi charset_lite \
+       data dbd dialup dumpio \
+       echo env expires ext_filter \
+       file_cache filter \
+       headers heartbeat heartmonitor \
+       ident imagemap include \
+       lbmethod_bybusyness lbmethod_byrequests lbmethod_bytraffic \
+       lbmethod_heartbeat ldap log_debug log_forensic logio lua \
+       macro negotiation \
+       ratelimit reflector remoteip reqtimeout request rewrite \
+       sed session_cookie session_crypto session_dbd session setenvif \
+       slotmem_plain slotmem_shm socache_dbm socache_memcache \
+       socache_shmcb speling substitute \
+       unique_id usertrack version watchdog xml2enc; do
+
+       LoadModule 00 $module
+done
 
 # anything in style dir not ending with .css is trash
 %{__rm} -r $RPM_BUILD_ROOT%{_datadir}/manual/style/{lang,latex,xsl}
@@ -2851,32 +2902,15 @@ rm -rf $RPM_BUILD_ROOT
 %useradd -u 51 -r -d /home/services/httpd -s /bin/false -c "HTTP User" -g http http
 
 %pretrans base
-# change httpd.conf from dir to symlink
-if [ ! -L /etc/httpd/httpd.conf ]; then
-       if [ -d /etc/httpd/httpd.conf ]; then
-               if [ -d /etc/httpd/conf.d ]; then
-                       mv /etc/httpd/httpd.conf/* /etc/httpd/conf.d
-                       rmdir /etc/httpd/httpd.conf 2>/dev/null || mv -v /etc/httpd/httpd.conf{,.rpmsave}
-               else
-                       mv /etc/httpd/httpd.conf /etc/httpd/conf.d
-               fi
-
-               # new module packages issue error as first installed over 2.0 installation
-               mv -f /var/lock/subsys/httpd{,.disabled} 2>/dev/null
-       fi
-
-       # always have httpd.conf symlink (until all packages from Ac use new dir)
-       install -d /etc/httpd
-       ln -s conf.d /etc/httpd/httpd.conf
-fi
+# handle $HTTPD_MPM from sysconfig
 if [ -f /etc/sysconfig/httpd ]; then
-        MPM=$(grep ^HTTPD_MPM /etc/sysconfig/httpd |sed 's,HTTPD_MPM=,,;s,",,g')
-        if [ -n "$MPM" ]; then
-                echo "LoadModule mpm_${MPM}_module                modules/mod_mpm_${MPM}.so" > /etc/httpd/conf.d/10_mpm.conf.rpmnew
-                cat /etc/httpd/conf.d/10_mpm.conf >> /etc/httpd/conf.d/10_mpm.conf.rpmnew
-                mv /etc/httpd/conf.d/10_mpm.conf.rpmnew /etc/httpd/conf.d/10_mpm.conf
-                sed -i -e 's,HTTPD_MPM.*,,g' /etc/sysconfig/httpd
-        fi
+       MPM=$(grep ^HTTPD_MPM /etc/sysconfig/httpd | sed 's,HTTPD_MPM=,,;s,",,g')
+       if [ -n "$MPM" ]; then
+               echo "LoadModule mpm_${MPM}_module      modules/mod_mpm_${MPM}.so" > /etc/httpd/conf.d/10_mpm.conf.rpmnew
+               cat /etc/httpd/conf.d/10_mpm.conf >> /etc/httpd/conf.d/10_mpm.conf.rpmnew
+               mv -f /etc/httpd/conf.d/10_mpm.conf.rpmnew /etc/httpd/conf.d/10_mpm.conf
+               sed -i -e 's,HTTPD_MPM.*,,g' /etc/sysconfig/httpd
+       fi
 fi
 
 exit 0
@@ -2898,111 +2932,13 @@ if [ "$1" = "0" ]; then
        %groupremove http
 fi
 
-%triggerpostun base -- %{name} < 2.0.50-6.9
-%banner %{name}-2.0.50-6 << EOF
-WARNING!!!
-Since apache-2.0.50-6 autoindex module has been separated to package
-%{name}-mod_autoindex If you want to have the same functionality do:
-poldek -Uv %{name}-mod_autoindex
-EOF
-
-%triggerpostun base -- %{name} < 2.0.54-4
-%banner %{name}-2.0.54-2 << EOF
-WARNING!!!
-CGI demo/test programs - printenv and test-cgi, have been released
-from package apache into separate subpackage apache-cgi_test. If you
-need printenv and/or test-cgi, please install apache-cgi_test package,
-e.g. by running poldek -Uv apache-cgi_test
-EOF
-
-# update /etc/sysconfig/apache -> httpd rename
-if [ -f /etc/sysconfig/apache.rpmsave ]; then
-       cp -f /etc/sysconfig/httpd{,.rpmnew}
-       mv -f /etc/sysconfig/{apache.rpmsave,httpd}
-fi
-
-%triggerpostun base -- %{name} < 2.0.55-3.1
-# check for config first as in 2.2 it's .rpmsave
-if [ -f /etc/httpd/httpd.conf/10_httpd.conf ]; then
-       if ! grep -q 'Include webapps.d/' /etc/httpd/httpd.conf/10_httpd.conf; then
-               # make sure webapps.d is included
-               cp -f /etc/httpd/httpd.conf/10_httpd.conf{,.rpmsave}
-               # this file is ugly, so just append new lines
-               cat <<-EOF >> /etc/httpd/httpd.conf/10_httpd.conf
-               # Include webapps config
-               Include webapps.d/*.conf
-EOF
-       fi
-fi
-
-%triggerpostun base -- %{name} < 2.4.0
-cp -f /etc/httpd/apache.conf{,.rpmsave}
-sed -i -e '
-        /^DefaultType.*/s,.*,,
-        /^Include /s,^Include ,IncludeOptional ,
-        /^NameVirtualHost.*/s,.*,,
-        /^User/s,^,LoadModule unixd_module modules/mod_unixd.so\n,
-' /etc/httpd/apache.conf
-sed -i -e '
-        s,^LockFile /var/run/httpd/accept.lock,Mutex file:/var/run/httpd/,g
-' /etc/httpd/conf.d/10_mpm.conf
-
-%triggerpostun base -- %{name} < 2.2.0
-# change HTTPD_CONF to point to new location. *only* if it's the
-# default config setting
-cp -f /etc/sysconfig/httpd{,.rpmorig}
-sed -i -e '/^HTTPD_CONF="\/etc\/httpd\/httpd.conf"/s,.*,HTTPD_CONF="/etc/httpd/apache.conf",' /etc/sysconfig/httpd
-
-if [ -f /etc/httpd/conf.d/10_httpd.conf.rpmsave ]; then
-       sed -e '
-       # as separate modules
-       /^LoadModule access_module/s,^,#,
-       /^LoadModule alias_module/s,^,#,
-       /^LoadModule asis_module/s,^,#,
-       /^LoadModule cern_meta_module/s,^,#,
-       /^LoadModule cgi_module/s,^,#,
-       /^LoadModule env_module/s,^,#,
-       /^LoadModule include_module/s,^,#,
-       /^LoadModule log_config_module/s,^,#,
-       /^LoadModule mime_magic_module/s,^,#,
-       /^LoadModule mime_module/s,^,#,
-       /^LoadModule negotiation_module/s,^,#,
-       /^LoadModule setenvif_module/s,^,#,
-       /^LoadModule speling_module/s,^,#,
-       /^LoadModule userdir_module/s,^,#,
-
-       # in 30_errordocs.conf
-       /<IfModule mod_include.c>/,/<\/IfModule>/s,^,#,
-
-       # in 57_mod_autoindex.conf
-       /^Alias \/icons\//s,^,#,
-
-       # in apache.conf
-       /^ScriptAlias \/cgi-bin\//s,^,#,
-       /^Listen 80/s,^,#,
-
-       # avoid loops
-       /Include conf.d\/\*.conf/s,^,#,
-       /Include webapps.d\/\*.conf/s,^,#,
-
-       ' < /etc/httpd/conf.d/10_httpd.conf.rpmsave > /etc/httpd/conf.d/10_httpd.conf
-fi
-
-%banner -e %{name} <<'EOF'
-NB! Apache main config has been changed to /etc/httpd/apache.conf
-
-There has been changed a lot, so many things could be broken.
-Please report bugs to <http://bugs.pld-linux.org/>.
-
-EOF
-
-%triggerpostun base -- %{name} < 2.2.22-2
+%triggerpostun base -- %{name}-base < 2.2.22-2
 . /etc/sysconfig/httpd
 if [ -z "$HTTPD_CONF" ]; then
        echo 'HTTPD_CONF="/etc/httpd/apache.conf"' >> /etc/sysconfig/httpd
 fi
 
-%triggerpostun base -- %{name} < 2.4.0
+%triggerpostun base -- %{name}-base < 2.4.0
 cp -f /etc/httpd/apache.conf{,.rpmsave}
 sed -i -e '
        /^DefaultType/d
@@ -3014,13 +2950,6 @@ sed -i -e '
        s,^LockFile /var/run/httpd/accept.lock,Mutex file:/var/run/httpd/,g
 ' /etc/httpd/conf.d/10_mpm.conf
 
-%triggerpostun mod_ssl -- %{name}-mod_ssl < 1:2.2.0-3.1
-cp -f /etc/httpd/conf.d/40_mod_ssl.conf{,.rpmsave}
-sed -i -e '
-       s,/var/run/apache,/var/run/httpd,g
-       s,/var/cache/apache,/var/cache/httpd,g
-' /etc/httpd/conf.d/40_mod_ssl.conf
-
 %triggerpostun mod_ssl -- %{name}-mod_ssl < 1:2.4.0
 cp -f /etc/httpd/conf.d/40_mod_ssl.conf{,.rpmsave}
 sed -i -e '
@@ -3088,6 +3017,7 @@ fi
 %module_scripts mod_authz_owner
 %module_scripts mod_authz_user
 %module_scripts mod_autoindex
+%module_scripts mod_brotli
 %module_scripts mod_bucketeer
 %module_scripts mod_buffer
 %module_scripts mod_cache
@@ -3113,6 +3043,7 @@ fi
 %module_scripts mod_headers
 %module_scripts mod_heartbeat
 %module_scripts mod_heartmonitor
+%module_scripts mod_http2
 %module_scripts mod_ident
 %module_scripts mod_imagemap
 %module_scripts mod_include
@@ -3191,7 +3122,6 @@ fi
 %{_sysconfdir}/modules
 %{_sysconfdir}/run
 %{_sysconfdir}/logs
-%ghost %{_sysconfdir}/httpd.conf
 %attr(750,root,root) %dir %{_sysconfdir}/conf.d
 %attr(750,root,root) %dir %{_sysconfdir}/vhosts.d
 %attr(750,root,root) %dir %{_sysconfdir}/webapps.d
@@ -3398,6 +3328,11 @@ fi
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_autoindex.conf
 %attr(755,root,root) %{_libexecdir}/mod_autoindex.so
 
+%files mod_brotli
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_brotli.conf
+%attr(755,root,root) %{_libexecdir}/mod_brotli.so
+
 %if %{with bucketeer}
 %files mod_bucketeer
 %defattr(644,root,root,755)
@@ -3530,6 +3465,13 @@ fi
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_heartmonitor.conf
 %attr(755,root,root) %{_libexecdir}/mod_heartmonitor.so
 
+%if %{with http2}
+%files mod_http2
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_http2.conf
+%attr(755,root,root) %{_libexecdir}/mod_http2.so
+%endif
+
 %files mod_ident
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_ident.conf
@@ -3634,8 +3576,10 @@ fi
 %attr(755,root,root) %{_libexecdir}/mod_proxy_fcgi.so
 %attr(755,root,root) %{_libexecdir}/mod_proxy_fdpass.so
 %attr(755,root,root) %{_libexecdir}/mod_proxy_ftp.so
+%attr(755,root,root) %{_libexecdir}/mod_proxy_hcheck.so
 %attr(755,root,root) %{_libexecdir}/mod_proxy_html.so
 %attr(755,root,root) %{_libexecdir}/mod_proxy_http.so
+%attr(755,root,root) %{_libexecdir}/mod_proxy_http2.so
 %attr(755,root,root) %{_libexecdir}/mod_proxy_scgi.so
 %attr(755,root,root) %{_libexecdir}/mod_proxy_wstunnel.so
 %attr(755,root,root) %{_libexecdir}/mod_proxy.so
@@ -3705,16 +3649,19 @@ fi
 
 %files mod_slotmem
 %defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_slotmem_plain.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_slotmem_shm.conf
 %attr(755,root,root) %{_libexecdir}/mod_slotmem_plain.so
 %attr(755,root,root) %{_libexecdir}/mod_slotmem_shm.so
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_slotmem.conf
 
 %files mod_socache
 %defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_socache_dbm.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_socache_memcache.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_socache_shmcb.conf
 %attr(755,root,root) %{_libexecdir}/mod_socache_dbm.so
-%attr(755,root,root) %{_libexecdir}/mod_socache_shmcb.so
 %attr(755,root,root) %{_libexecdir}/mod_socache_memcache.so
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_socache.conf
+%attr(755,root,root) %{_libexecdir}/mod_socache_shmcb.so
 
 %files mod_speling
 %defattr(644,root,root,755)

diff --git a/apache.sysconfig b/apache.sysconfig
index c76349c09e40a262cdc991d8ed4c10f9e43f6bdc..1a719d67171384fa89a3018879b1fa5338ea7547 100644 (file)
--- a/apache.sysconfig
+++ b/apache.sysconfig
@@ -1,5 +1,4 @@
 # Customized settings for Apache
-# $Id$
 
 # Nice level for apache
 SERVICE_RUN_NICE_LEVEL="+5"
@@ -16,3 +15,6 @@ HTTPD_OPTS=""
 
 # Skip apache restarts invoked from rpm installs.
 #RPM_SKIP_AUTO_RESTART=yes
+
+# Delay in microseconds between stop and start to mitigate problems of third party Apache modules (PHP session ext)
+RESTART_DELAY=100000

diff --git a/libtool-tag.patch b/libtool-tag.patch
index 03a7be282a822458ea8b82a0517bdb9b5d85777e..ff8fcb06c022c595d86076a5b7bbf67e2db16ffb 100644 (file)
--- a/libtool-tag.patch
+++ b/libtool-tag.patch
@@ -34,3 +34,38 @@
  
  #
  # Dependencies
+--- httpd-2.4.16/support/Makefile.in   2015-09-11 16:11:56.135519322 +0300
++++ httpd-2.4.16/support/Makefile.in   2015-09-11 16:16:16.075587666 +0300
+@@ -62,10 +62,10 @@
+ ab_OBJECTS = ab.lo
+ ab_LDADD = $(PROGRAM_LDADD) $(MATH_LIBS)
+ ab.lo: ab.c
+-      $(LIBTOOL) --mode=compile $(CC) $(ab_CFLAGS) $(ALL_CFLAGS) $(ALL_CPPFLAGS) \
++      $(LIBTOOL) --mode=compile --tag=CC $(CC) $(ab_CFLAGS) $(ALL_CFLAGS) $(ALL_CPPFLAGS) \
+           $(ALL_INCLUDES) $(PICFLAGS) $(LTCFLAGS) -c $< && touch $@
+ ab: $(ab_OBJECTS)
+-      $(LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) $(ab_LDFLAGS) $(PILDFLAGS) \
++      $(LIBTOOL) --mode=link --tag=CC $(CC) $(ALL_CFLAGS) $(ab_LDFLAGS) $(PILDFLAGS) \
+           $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@ $(ab_LTFLAGS) $(ab_OBJECTS) $(ab_LDADD)
+ 
+ checkgid_OBJECTS = checkgid.lo
+--- httpd-2.4.16/support/apxs.in~      2015-09-11 16:01:29.000000000 +0300
++++ httpd-2.4.16/support/apxs.in       2015-09-11 16:02:27.246251056 +0300
+@@ -430,7 +430,7 @@
+         $la =~ s|\.c$|.la|;
+         my $o = $s;
+         $o =~ s|\.c$|.o|;
+-        push(@cmds, "$libtool $ltflags --mode=compile $CFG_CC $cflags -I$CFG_INCLUDEDIR $apr_includedir $apu_includedir $opt -c -o $lo $s && touch $slo");
++        push(@cmds, "$libtool $ltflags --mode=compile --tag=CC $CFG_CC $cflags -I$CFG_INCLUDEDIR $apr_includedir $apu_includedir $opt -c -o $lo $s && touch $slo");
+         unshift(@objs, $lo);
+     }
+ 
+@@ -471,7 +471,7 @@
+         $opt .= " -rpath $CFG_LIBEXECDIR -module -avoid-version $apr_ldflags";
+     }
+ 
+-    push(@cmds, "$libtool $ltflags --mode=link $CFG_CC $ldflags -o $dso_file $opt $lo");
++    push(@cmds, "$libtool $ltflags --mode=link --tag=CC $CFG_CC $ldflags -o $dso_file $opt $lo");
+ 
+     #   execute the commands
+     &execute_cmds(@cmds);

diff --git a/lua-lib.patch b/lua-lib.patch
deleted file mode 100644 (file)
index 8cdc48a..0000000
--- a/lua-lib.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- httpd-2.4.2/modules/lua/config.m4~ 2011-07-24 21:14:25.000000000 +0200
-+++ httpd-2.4.2/modules/lua/config.m4  2012-06-24 12:50:48.078264944 +0200
-@@ -76,11 +76,8 @@
-         save_LDFLAGS=$LDFLAGS
-         CFLAGS="$CFLAGS"
-         LDFLAGS="-L$x/lib/lua51 $LDFLAGS $lib_m"
--        AC_CHECK_LIB(lua, luaL_newstate, [
--            LUA_LIBS="-L$x/lib/lua51 -llua $lib_m"
--            if test "x$ap_platform_runtime_link_flag" != "x"; then
--               APR_ADDTO(LUA_LIBS, [$ap_platform_runtime_link_flag$x/lib/lua51])
--            fi
-+        AC_CHECK_LIB(lua51, luaL_newstate, [
-+            LUA_LIBS="-llua51 $lib_m"
-             LUA_CFLAGS="-I$x/include/lua51"
-             ])
-         CFLAGS=$save_CFLAGS