| [2551] | 1 | --- httpd.spec.orig     2014-07-23 06:24:15.000000000 -0400 | 
|---|
|  | 2 | +++ httpd.spec  2014-07-27 17:38:45.622914152 -0400 | 
|---|
| [2525] | 3 | @@ -15,7 +15,7 @@ | 
|---|
| [926] | 4 | Summary: Apache HTTP Server | 
|---|
|  | 5 | Name: httpd | 
|---|
| [2543] | 6 | Version: 2.4.10 | 
|---|
|  | 7 | -Release: 1%{?dist} | 
|---|
|  | 8 | +Release: 1%{?dist}.scripts.%{scriptsversion} | 
|---|
| [926] | 9 | URL: http://httpd.apache.org/ | 
|---|
| [1738] | 10 | Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 | 
|---|
| [926] | 11 | Source1: index.html | 
|---|
| [2551] | 12 | @@ -84,6 +84,12 @@ | 
|---|
| [2431] | 13 | Requires(post): systemd-units | 
|---|
| [2525] | 14 | Conflicts: apr < 1.5.0-1 | 
|---|
| [2431] | 15 |  | 
|---|
|  | 16 | +Provides: scripts-httpd = %{version}-%{release} | 
|---|
|  | 17 | +Patch1001: httpd-suexec-scripts.patch | 
|---|
|  | 18 | +Patch1002: httpd-mod_status-security.patch | 
|---|
|  | 19 | +Patch1003: httpd-304s.patch | 
|---|
|  | 20 | +Patch1004: httpd-fixup-vhost.patch | 
|---|
|  | 21 | + | 
|---|
|  | 22 | %description | 
|---|
|  | 23 | The Apache HTTP Server is a powerful, efficient, and extensible | 
|---|
|  | 24 | web server. | 
|---|
| [2551] | 25 | @@ -94,6 +100,7 @@ | 
|---|
| [2431] | 26 | Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel | 
|---|
|  | 27 | Requires: apr-devel, apr-util-devel, pkgconfig | 
|---|
|  | 28 | Requires: httpd = %{version}-%{release} | 
|---|
|  | 29 | +Provides: scripts-httpd-devel = %{version}-%{release} | 
|---|
|  | 30 |  | 
|---|
|  | 31 | %description devel | 
|---|
|  | 32 | The httpd-devel package contains the APXS binary and other files | 
|---|
| [2551] | 33 | @@ -132,6 +139,7 @@ | 
|---|
| [2431] | 34 | Requires(post): openssl, /bin/cat | 
|---|
|  | 35 | Requires(pre): httpd | 
|---|
|  | 36 | Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} | 
|---|
|  | 37 | +Provides: scripts-mod_ssl | 
|---|
|  | 38 | Obsoletes: stronghold-mod_ssl | 
|---|
|  | 39 |  | 
|---|
|  | 40 | %description -n mod_ssl | 
|---|
| [2551] | 41 | @@ -196,6 +204,11 @@ | 
|---|
| [2431] | 42 | # Prevent use of setcap in "install-suexec-caps" target. | 
|---|
|  | 43 | sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in | 
|---|
|  | 44 |  | 
|---|
|  | 45 | +%patch1001 -p1 -b .suexec-scripts | 
|---|
|  | 46 | +%patch1002 -p1 -b .mod_status-security | 
|---|
|  | 47 | +%patch1003 -p1 -b .scripts-304s | 
|---|
|  | 48 | +%patch1004 -p1 -b .fixup-vhost | 
|---|
|  | 49 | + | 
|---|
|  | 50 | # Safety check: prevent build if defined MMN does not equal upstream MMN. | 
|---|
|  | 51 | vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'` | 
|---|
|  | 52 | if test "x${vmmn}" != "x%{mmn}"; then | 
|---|
| [2551] | 53 | @@ -242,11 +255,13 @@ | 
|---|
| [2431] | 54 | --enable-suexec --with-suexec \ | 
|---|
|  | 55 | --enable-suexec-capabilities \ | 
|---|
|  | 56 | --with-suexec-caller=%{suexec_caller} \ | 
|---|
|  | 57 | -       --with-suexec-docroot=%{docroot} \ | 
|---|
|  | 58 | -       --without-suexec-logfile \ | 
|---|
|  | 59 | -        --with-suexec-syslog \ | 
|---|
|  | 60 | +       --with-suexec-docroot=/ \ | 
|---|
|  | 61 | +       --with-suexec-userdir=web_scripts \ | 
|---|
|  | 62 | +       --with-suexec-trusteddir=/usr/libexec/scripts-trusted \ | 
|---|
|  | 63 | +       --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \ | 
|---|
|  | 64 | +        --without-suexec-syslog \ | 
|---|
|  | 65 | --with-suexec-bin=%{_sbindir}/suexec \ | 
|---|
|  | 66 | -       --with-suexec-uidmin=500 --with-suexec-gidmin=100 \ | 
|---|
|  | 67 | +       --with-suexec-uidmin=50 --with-suexec-gidmin=50 \ | 
|---|
|  | 68 | --enable-pie \ | 
|---|
|  | 69 | --with-pcre \ | 
|---|
|  | 70 | --enable-mods-shared=all \ | 
|---|
| [2551] | 71 | @@ -542,7 +557,8 @@ | 
|---|
|  | 72 | %{_sbindir}/fcgistarter | 
|---|
|  | 73 | %{_sbindir}/apachectl | 
|---|
|  | 74 | %{_sbindir}/rotatelogs | 
|---|
|  | 75 | -%caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec | 
|---|
|  | 76 | +# cap_dac_override needed to write to /var/log/httpd | 
|---|
|  | 77 | +%caps(cap_setuid,cap_setgid,cap_dac_override+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec | 
|---|
|  | 78 |  | 
|---|
|  | 79 | %dir %{_libdir}/httpd | 
|---|
|  | 80 | %dir %{_libdir}/httpd/modules | 
|---|