%define contentdir /var/asl/www
%define suexec_caller tortix
%define mmn 20051115
%define vstring Atomicorp
%define distro Atomicorp
# ASL - for fc10+
%define _default_patch_fuzz 2
Summary: Apache HTTP Server
Name: tortixd
# based on 2.2.23-53 originally
Version: 2.2.31
Release: 18
URL: http://www.atomicorp.com
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
#
#Source1: centos_index.html
# Planned, this is partially implemented in the spec
#Source2: tortixd.service
Source3: tortixd.logrotate
Source4: tortixd.init
Source5: tortixd.sysconf
#Source8: centos_powered_by_rh.png
Source10: tortixd.conf
Source11: tortixd-ssl.conf
#
Source12: welcome.conf
Source13: manual.conf
#
#Source14: proxy_ajp.conf
#
# Documentation
Source30: migration.xml
Source31: migration.css
Source32: html.xsl
Source33: README.confd
Source34: tortixd-ssl-compression.conf
# build/scripts patches
Patch1: httpd-2.1.10-apctl.patch
#
Patch2: httpd-2.1.10-apxs-asl.patch
#
Patch4: httpd-2.1.10-disablemods.patch
Patch5: httpd-2.1.10-layout.patch
# Features/functional changes
Patch23: httpd-2.0.45-export.patch
Patch24: httpd-2.0.48-corelimit.patch
# Bug fixes
Patch54: httpd-2.2.0-authnoprov.patch
Patch57: httpd-2.0.52-logresline.patch
Patch64: httpd-2.2.3-proxysslhost.patch
Patch69: httpd-2.2.3-graceful-ebadf.patch
Patch72: httpd-2.2.3-extfiltereos.patch
Patch74: httpd-2.2.3-pngmagic.patch
Patch79: httpd-2.2.3-noxpad.patch
Patch86: httpd-2.2.3-aboverflow.patch
Patch88: httpd-2.2.3-davputfail.patch
Patch97: httpd-2.2.3-ssldupkeys.patch
# Security Fixes
# Rebases
# ASL
Patch10000: asl-apachectl.patch
Patch10001: httpd-disable-ssl-compression.patch
License: Apache Software License
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-root
BuildRequires: autoconf, perl, pkgconfig, xmlto >= 0.0.11, findutils
BuildRequires: db4-devel, expat-devel, zlib-devel, libselinux-devel
# el5
#BuildRequires: apr-devel >= 1.2.0, apr-util-devel >= 1.2.0, pcre-devel >= 5.0,
#Requires: initscripts >= 8.36
BuildRequires: apr-devel apr-util-devel pcre-devel
# fc9
BuildRequires: ed
Requires: initscripts
# fc11
%if 0%{?fedora} >= 11 || 0%{?rhel} >= 6
BuildRequires: libtool libtool-ltdl libtool-ltdl-devel
%endif
# el4
%if 0%{?el4}
BuildRequires: asl-apr asl-apr-devel asl-apr-util asl-apr-util-devel
Requires: asl-apr asl-apr-util
%endif
# FC10 does not use /usr/share/magic.mime
%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6
Requires: /etc/mime.types, gawk, /usr/bin/find
%else
Requires: /etc/mime.types, gawk, /usr/share/magic.mime, /usr/bin/find
%endif
#Obsoletes: httpd-suexec
#
Requires(pre): /sbin/chkconfig, /bin/mktemp, /bin/rm, /bin/mv
Requires(pre): sh-utils, textutils, /usr/sbin/useradd
#Provides: webserver
Provides: tortixd-mmn = %{mmn}
Provides: asl-httpd
Obsoletes: asl-httpd
Conflicts: pcre < 4.0
%if 0%{?rhel} >= 7
BuildRequires: systemd-units
BuildRequires: systemd-devel
Requires: systemd-units
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
# This is actually needed for the %%triggerun script but Requires(triggerun)
# is not valid. We can use %%post because this particular %%triggerun script
# should fire just after this package is installed.
Requires(post): systemd-sysv
%endif
%description
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
%package devel
Group: Development/Libraries
Summary: Development tools for the Apache HTTP server.
#Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
Provides: asl-httpd-devel
%if 0%{?el4}
Requires: asl-apr-devel, asl-apr-util-devel, pkgconfig
%else
Requires: apr-devel, apr-util-devel, pkgconfig
%endif
Requires: tortixd = %{version}-%{release}
%description devel
The httpd-devel package contains the APXS binary and other files
that you need to build Dynamic Shared Objects (DSOs) for the
Apache HTTP Server.
If you are installing the Apache HTTP server and you want to be
able to compile or develop additional modules for Apache, you need
to install this package.
%package manual
Group: Documentation
Summary: Documentation for the Apache HTTP server.
%description manual
The httpd-manual package contains the complete manual and
reference guide for the Apache HTTP server. The information can
also be found at http://httpd.apache.org/docs/2.2/.
%package -n tortixd-mod_ssl
Group: System Environment/Daemons
Summary: SSL/TLS module for the Apache HTTP server
Epoch: 1
BuildRequires: openssl-devel
Provides: asl-mod_ssl
Obsoletes: asl-mod_ssl
#Requires(post): openssl >= 0.9.7f-4, /bin/cat
# el4
Requires(post): openssl , /bin/cat
#
Requires: tortixd = 0:%{version}-%{release}, tortixd-mmn = %{mmn}
%description -n tortixd-mod_ssl
The mod_ssl module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols.
%prep
%setup -q -n httpd-%{version}
%patch1 -p1 -b .apctl
%patch2 -p1 -b .apxs
#ART %patch3 -p1 -b .deplibs
%patch4 -p1 -b .disablemods
%patch5 -p1 -b .layout
#ART %patch6 -p1 -b .ac260
%patch23 -p1 -b .export
%patch24 -p1 -b .corelimit
#ART %patch25 -p1 -b .selinux
%patch54 -p1 -b .authnoprov
# ART %patch55 -p1 -b .proxyopt
# ART %patch56 -p1 -b .proxyoride
%patch57 -p1 -b .logresline
%patch64 -p1 -b .proxysslhost
# ART %patch65 -p1 -b .pr46428
# ART %patch66 -p1 -b .cgierror
# ART %patch67 -p1 -b .pr43562
# ART %patch68 -p1 -b .logports
%patch69 -p1 -b .graceful-ebadf
# ART %patch70 -p1 -b .sslrenegredir
# ART %patch71 -p1 -b .rewritelll
%patch72 -p1 -b .extfiltereos
# ART %patch73 -p1 -b .cgierror2
%patch74 -p1 -b .pngmagic
# ART %patch75 -p1 -b .defpidlog
# ART %patch76 -p1 -b .rewritedpi
# ART %patch77 -p1 -b .ldapremuser
# ART %patch78 -p1 -b .ldappassauth
%patch79 -p1 -b .noxpad
#patch80 applied after proxy changes
# ART %patch81 -p1 -b .sslflush
#patch82 applied after proxy changes
# ART %patch83 -p1 -b .ssloidval
#patch84 applied after mod_ssl security fixes
# ART %patch85 -p1 -b .pr49328
%patch86 -p1 -b .aboverflow
# ART %patch87 -p1 -b .pr40232
%patch88 -p1 -b .davputfail
# ART %patch89 -p1 -b .dbdcleanup
# ART %patch90 -p1 -b .pr41743
# ART %patch91 -p1 -b .bbflush
#patch92 applied after proxy changes
#patch93 applied after proxy changes
#patch94 applied after proxy changes
# ART %patch95 -p1 -b .pr45444
#patch96 applied after proxy changes
# ART %patch97 -p1 -b .ssldupkeys
#patch98 applied after proxy changes
# ART %patch99 -p1 -b .filterhdr
# ART %patch300 -p1 -b .ldapcache
# ART %patch301 -p1 -b .pr45333
# ART %patch302 -p1 -b .pr44447
# ART %patch100 -p1 -b .cve5752
# ART %patch101 -p1 -b .cve1853
# ART %patch102 -p1 -b .cve3304
# ART %patch103 -p1 -b .cve3847
# ART %patch104 -p1 -b .cve5000
# ART %patch105 -p1 -b .cve4465
# ART %patch106 -p1 -b .cve6421
# ART %patch107 -p1 -b .cve6422
# ART %patch108 -p1 -b .cve6388
# ART %patch109 -p1 -b .prftpcset
# ART %patch110 -p1 -b .cve3304-update
# ART %patch111 -p1 -b .cve2939
# ART %patch112 -p1 -b .cve1195
# ART %patch113 -p1 -b .cve1678
# Not a security fix, but a fix for the -1195 patch:
# ART %patch114 -p1 -b .ssicompat
#patch115 applied after proxy changes
# ART %patch116 -p1 -b .cve1891
# ART %patch117 -p1 -b .cve3555
# ART %patch118 -p1 -b .cve3094
# ART %patch119 -p1 -b .cve3095
# ART %patch120 -p1 -b .cve3555-p2
# ART %patch121 -p1 -b .cve0434
# ART %patch122 -p1 -b .cve0408
# ART %patch123 -p1 -b .cve1452
#patch124 applied after proxy changes
# ART %patch125 -p1 -b .cve3192
# Rebases -- any changes to proxy/cache modules must come later:
# ART %patch200 -p1 -b .proxy229
# ART %patch201 -p1 -b .cache229
# ART %patch202 -p1 -b .deflate2215
# ART %patch32 -p1 -b .proxybybusy
# ART %patch80 -p1 -b .ajpbuffer
# ART %patch82 -p1 -b .expectnoka
# ART %patch92 -p1 -b .pr37770
# ART %patch93 -p1 -b .pr45792
# ART %patch94 -p1 -b .sslproxyio
# ART %patch96 -p1 -b .proxyconn
# ART %patch98 -p1 -b .pr45434
# ART %patch115 -p1 -b .cve1890
# ART %patch124 -p1 -b .cve2791
# ART %patch84 -p1 -b .sslreneg
# ART %patch303 -p1 -b .cachehardmax
# ASL
%patch10000 -p0 -b .apctl
# TODO: Revisit this
#%patch10001 -p4 -b .compression
#%patch10001 -p4 -b .libtool2
#%if 0%{?el6}%{?fc12}%{?fc13}%{?fc14}%{?fc15}
#%patch10002 -p0 -b .openssl-1
#%endif
# Patch in vendor/release string
#sed "s/@VENDOR@/%{vstring}/;s/@RELEASE@/%{release}/" < %{PATCH20} | patch -p1 -b -z .release
# Safety check: prevent build if defined MMN does not equal upstream MMN.
vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
if test "x${vmmn}" != "x%{mmn}"; then
: Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn}.
: Update the mmn macro and rebuild.
exit 1
fi
: Building for '%{distro}' with MMN %{mmn} and vendor string '%{vstring}'
%build
%define _aslhome /var/asl
%define _sysconfdir /var/asl/etc/
%define _prefix /var/asl/usr/
%define _bindir /var/asl/usr/bin/
%define _sbindir /var/asl/usr/sbin/
%define _includedir /var/asl/usr/include/
%define _mandir /var/asl/usr/share/man/
%define _libdir /var/asl/usr/lib
%ifarch x86_64
%define _libdir /var/asl/usr/lib64
%endif
# forcibly prevent use of bundled apr, apr-util, pcre
# -rf srclib/{apr,apr-util,pcre}
# regenerate configure scripts
autoheader && autoconf || exit 1
# Limit size of CHANGES to recent history
#echo '1,/Changes with Apache MPM/wq' | ed CHANGES
# Before configure; fix location of build dir in generated apxs
# This is interesting because the default apxs patch removes this, so it normally is irrelevant.
%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \
support/apxs.in
# update location of migration guide in apachectl
%{__perl} -pi -e "s:\@docdir\@:%{_docdir}/%{name}-%{version}:g" \
support/apachectl.in
# Build the migration guide
sed 's/@DISTRO@/%{distro}/' < $RPM_SOURCE_DIR/migration.xml > migration.xml
xmlto -x $RPM_SOURCE_DIR/html.xsl html-nochunks migration.xml
cp $RPM_SOURCE_DIR/migration.css . # make %%doc happy
export CFLAGS=$RPM_OPT_FLAGS
export LDFLAGS="-Wl,-z,relro,-z,now"
# Forcibly disable use of rsync to install (#557049)
export ac_cv_path_RSYNC=
# Hard-code path to links to avoid unnecessary builddep
export LYNX_PATH=/usr/bin/links
function mpmbuild()
{
mpm=$1; shift
#mkdir $mpm; pushd $mpm
./configure \
--prefix=%{_sysconfdir}/httpd \
--with-program-name=tortixd \
--exec-prefix=%{_prefix} \
--bindir=%{_bindir} \
--sbindir=%{_sbindir} \
--mandir=%{_mandir} \
--libdir=%{_libdir} \
--sysconfdir=%{_sysconfdir}/httpd/conf \
--includedir=%{_includedir}/httpd \
--libexecdir=%{_libdir}/httpd/modules \
--datadir=%{contentdir} \
--with-installbuilddir=%{_libdir}/httpd/build \
--with-mpm=$mpm \
--with-included-apr \
--enable-suexec --with-suexec \
--with-suexec-caller=%{suexec_caller} \
--with-suexec-docroot=%{contentdir} \
--with-suexec-logfile=%{_localstatedir}/log/tortixd/suexec.log \
--with-suexec-bin=%{_sbindir}/suexec \
--with-suexec-uidmin=500 --with-suexec-gidmin=100 \
--enable-pie \
--with-pcre \
$*
make
#popd
}
# Build everything and the kitchen sink with the prefork build
# --enable-ldap --enable-authnz-ldap \
mpmbuild prefork \
--enable-mods-shared=all \
--enable-ssl --with-ssl \
--enable-proxy \
--enable-cache --enable-mem-cache \
--enable-file-cache --enable-disk-cache \
--enable-cgid \
--enable-authn-anon --enable-authn-alias \
--disable-imagemap
# For the other MPMs, just build httpd and no optional modules
#mpmbuild worker --enable-modules=none
#mpmbuild event --enable-modules=none
%install
rm -rf $RPM_BUILD_ROOT
#%if 0%{?rhel} >= 7
#mkdir -p $RPM_BUILD_ROOT%{_unitdir}
#install -p -m 644 $RPM_SOURCE_DIR/tortixd.service $RPM_BUILD_ROOT%{_unitdir}/tortixd.service
#%endif
# Classify ab and logresolve as section 1 commands, as they are in /usr/bin
#mv docs/man/ab.8 docs/man/ab.1
#mv docs/man/logresolve.8 docs/man/logresolve.1
#pushd prefork
make DESTDIR=$RPM_BUILD_ROOT install
#popd
# install alternative MPMs
#install -m 755 worker/tortixd $RPM_BUILD_ROOT%{_sbindir}/tortixd.worker
#install -m 755 event/tortixd $RPM_BUILD_ROOT%{_sbindir}/tortixd.event
# install conf file/directory
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
#install -m 644 $RPM_SOURCE_DIR/README.confd \
# $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README
#for f in tortixd-ssl.conf welcome.conf manual.conf ; do
install -m 644 $RPM_SOURCE_DIR/tortixd-ssl.conf $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ssl.conf
install -m 644 $RPM_SOURCE_DIR/tortixd-ssl-compression.conf $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ssl-compression.conf
#done
rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf
install -m 644 $RPM_SOURCE_DIR/tortixd.conf \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/tortixd.conf
#
mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
install -m 644 $RPM_SOURCE_DIR/tortixd.sysconf \
$RPM_BUILD_ROOT/etc/sysconfig/tortixd
#
# for holding mod_dav lock database
#mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav
# create a prototype session cache
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/tortixd-mod_ssl
touch $RPM_BUILD_ROOT%{_localstatedir}/cache/tortixd-mod_ssl/scache.{dir,pag,sem}
# create cache root
mkdir $RPM_BUILD_ROOT%{_localstatedir}/cache/tortixd-mod_proxy
# move utilities to /usr/bin
mv $RPM_BUILD_ROOT%{_sbindir}/{ab,htdbm,logresolve,htpasswd,htdigest} \
$RPM_BUILD_ROOT%{_bindir}
# Make the MMN accessible to module packages
echo %{mmn} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn
#
# docroot
#mkdir $RPM_BUILD_ROOT%{contentdir}/html
#install -m 644 $RPM_SOURCE_DIR/centos_index.html \
# $RPM_BUILD_ROOT%{contentdir}/error/noindex.html
#
# remove manual sources
find $RPM_BUILD_ROOT%{contentdir}/manual \( \
-name \*.xml -o -name \*.xml.* -o -name \*.ent -o -name \*.xsl -o -name \*.dtd \
\) -print0 | xargs -0 rm -f
# added for branding
#
#install -m 644 %{SOURCE8} \
# $RPM_BUILD_ROOT%{contentdir}/icons/powered_by_rh.png
#
# Strip the manual down just to English and replace the typemaps with flat files:
set +x
for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do
if test -f ${f}.en; then
cp ${f}.en ${f}
rm ${f}.*
fi
done
set -x
# logs
rmdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/logs
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/tortixd/
#
# symlinks for /etc/httpd
ln -s ../../../../%{_localstatedir}/log/tortixd/ $RPM_BUILD_ROOT/var/asl/etc/httpd/logs
ln -s ../../../../%{_localstatedir}/run $RPM_BUILD_ROOT/var/asl/etc/httpd/run
ln -s ../../../../%{_libdir}/httpd/modules $RPM_BUILD_ROOT/var/asl/etc/httpd/modules
#
# install SYSV init stuff
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
install -m755 $RPM_SOURCE_DIR/tortixd.init \
$RPM_BUILD_ROOT/etc/rc.d/init.d/tortixd
%{__perl} -pi -e "s:\@docdir\@:%{_docdir}/%{name}-%{version}:g" \
$RPM_BUILD_ROOT/etc/rc.d/init.d/tortixd
# install log rotation stuff
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
install -m644 $RPM_SOURCE_DIR/tortixd.logrotate \
$RPM_BUILD_ROOT/etc/logrotate.d/tortixd
# fix man page paths
sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \
-e "s|/usr/local/apache2/conf/mime.types|/etc/mime.types|" \
-e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \
-e "s|/usr/local/apache2/logs/error_log|/var/log/tortixd/error_log|" \
-e "s|/usr/local/apache2/logs/access_log|/var/log/tortixd/access_log|" \
-e "s|/usr/local/apache2/logs/httpd.pid|/var/run/httpd.pid|" \
-e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \
> $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8
# Make ap_config_layout.h libdir-agnostic
sed -i '/.*DEFAULT_..._LIBEXECDIR/d;/DEFAULT_..._INSTALLBUILDDIR/d' \
$RPM_BUILD_ROOT%{_includedir}/httpd/ap_config_layout.h
# Fix path to instdso in special.mk
sed -i '/instdso/s,top_srcdir,top_builddir,' \
$RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk
#
# Remove unpackaged files
rm -f $RPM_BUILD_ROOT%{_libdir}/*.exp \
$RPM_BUILD_ROOT%{_aslhome}/etc/httpd/conf/mime.types \
$RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \
$RPM_BUILD_ROOT%{_libdir}/httpd/build/config.nice \
$RPM_BUILD_ROOT%{_bindir}/ap?-config \
$RPM_BUILD_ROOT%{_sbindir}/{checkgid,dbmmanage,envvars*} \
$RPM_BUILD_ROOT%{contentdir}/htdocs/* \
$RPM_BUILD_ROOT%{contentdir}/htdocs/* \
$RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \
$RPM_BUILD_ROOT%{contentdir}/cgi-bin/*
rm -rf $RPM_BUILD_ROOT%{contentdir}/cgi-bin \
$RPM_BUILD_ROOT%{contentdir}/icons \
$RPM_BUILD_ROOT%{contentdir}/error
rm -rf $RPM_BUILD_ROOT%{_aslhome}/etc/httpd/conf/{original,extra}
#
# Make suexec a+rw so it can be stripped. %%files lists real permissions
chmod 755 $RPM_BUILD_ROOT%{_sbindir}/suexec
%trigger -- asl-httpd
/sbin/service asl-httpd stop >/dev/null 2>&1 || :
/sbin/chkconfig --del asl-httpd || :
%pre
if ! grep -q asl-web /etc/passwd ; then
/usr/sbin/useradd -r -M -d /var/asl/www asl-web -s /sbin/nologin || :
fi
if ! grep -q tortix /etc/passwd ; then
/usr/sbin/useradd -r -M -d /var/asl tortix -s /sbin/nologin || :
fi
%post
#if 0%{?rhel} >= 7
#systemd_post tortixd.service
#else
# Register the httpd service
/sbin/chkconfig --add tortixd ||:
/sbin/chkconfig tortixd on ||:
/sbin/service tortixd restart >/dev/null 2>&1 || :
#%endif
#postun
#if 0%{?rhel} >= 7
#systemd_postun
#endif
%preun
#if 0%{?rhel} >= 7
#systemd_preun tortixd.service
#else
if [ $1 = 0 ]; then
/sbin/service tortixd stop > /dev/null 2>&1 || :
/sbin/chkconfig --del tortixd || :
fi
#endif
%define sslcert /var/asl/etc/httpd/conf/tortixd.crt
%define sslkey /var/asl/etc/httpd/conf/tortixd.key
%post -n tortixd-mod_ssl
umask 077
if [ ! -f %{sslkey} ] ; then
/usr/bin/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 2048 > %{sslkey} 2> /dev/null || :
fi
FQDN=`hostname`
if [ "x${FQDN}" = "x" ]; then
FQDN=localhost.localdomain
fi
if [ ! -f %{sslcert} ] ; then
cat << EOF | /usr/bin/openssl req -new -key %{sslkey} \
-x509 -days 1095 -set_serial $RANDOM \
-out %{sslcert} 2>/dev/null || :
--
AtomicState
AtomicCity
AtomicOrganization
AtomicOrganizationalUnit
${FQDN}
root@${FQDN}
EOF
fi
#
%check
# Check the built modules are all PIC
if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then
: modules contain non-relocatable code
exit 1
fi
# Verify that the same modules were built into the httpd binaries
#./tortixd -l | grep -v prefork > prefork.mods
#for mpm in worker; do
# ./tortixd -l | grep -v ${mpm} > ${mpm}.mods
# if ! diff -u prefork.mods ${mpm}.mods; then
# : Different modules built into httpd binaries, will not proceed
# exit 1
# fi
#done
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE
%doc migration.html migration.css
%dir %{_sysconfdir}/httpd
#
%{_sysconfdir}/httpd/modules
%{_sysconfdir}/httpd/logs
%{_sysconfdir}/httpd/run
#
%dir %{_sysconfdir}/httpd/conf
%config(noreplace) %{_sysconfdir}/httpd/conf/tortixd.conf
#%config(noreplace) %{_sysconfdir}/httpd/conf.d/welcome.conf
#
#%config(noreplace) %{_sysconfdir}/httpd/conf.d/proxy_ajp.conf
#
%config(noreplace) %{_sysconfdir}/httpd/conf/magic
#
%config(noreplace) /etc/logrotate.d/tortixd
%config /etc/rc.d/init.d/tortixd
#
%dir %{_sysconfdir}/httpd/conf.d
#
%config(noreplace) /etc/sysconfig/tortixd
#
%{_bindir}/*
%{_sbindir}/ht*
%{_sbindir}/tortixd*
%{_sbindir}/apachectl
%{_sbindir}/rotatelogs
%attr(4510,root,%{suexec_caller}) %{_sbindir}/suexec
%dir %{_libdir}/httpd
%dir %{_libdir}/httpd/modules
%{_libdir}/httpd/modules/mod*.so
%exclude %{_libdir}/httpd/modules/mod_ssl.so
#%{_libdir}/apr-util-1/*
%{_libdir}/libapr*
%{_libdir}/httpd/*
%{_libdir}/pkgconfig/apr*
%dir %{contentdir}
#
#%dir %{contentdir}/cgi-bin
#%dir %{contentdir}/html
#%dir %{contentdir}/icons
#%dir %{contentdir}/error
#%dir %{contentdir}/error/include
#%{contentdir}/icons/*
#%{contentdir}/error/README
#%{contentdir}/error/noindex.html
#%config %{contentdir}/error/*.var
#%config %{contentdir}/error/include/*.html
#
%attr(0700,root,root) %dir %{_localstatedir}/log/tortixd
#%attr(0700,tortix,tortix) %dir %{_localstatedir}/lib/dav
%attr(0700,tortix,tortix) %dir %{_localstatedir}/cache/tortixd-mod_proxy
%{_mandir}/man?/*
#%exclude %{_mandir}/man8/apxs.8*
%files manual
%defattr(-,root,root)
%{contentdir}/manual
#%config %{_sysconfdir}/httpd/conf.d/manual.conf
%files -n tortixd-mod_ssl
%defattr(-,root,root)
%{_libdir}/httpd/modules/mod_ssl.so
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl-compression.conf
%attr(0700,tortix,root) %dir %{_localstatedir}/cache/tortixd-mod_ssl
%attr(0600,tortix,root) %ghost %{_localstatedir}/cache/tortixd-mod_ssl/scache.dir
%attr(0600,tortix,root) %ghost %{_localstatedir}/cache/tortixd-mod_ssl/scache.pag
%attr(0600,tortix,root) %ghost %{_localstatedir}/cache/tortixd-mod_ssl/scache.sem
%files devel
%defattr(-,root,root)
%{_includedir}/httpd
%{_sbindir}/apxs
#%{_mandir}/man8/apxs.8*
%dir %{_libdir}/httpd/build
%{_libdir}/httpd/build/*.mk
%{_libdir}/httpd/build/*.sh
%changelog
* Mon Dec 21 2015 Support - 2.2.31-18
- Update to 2.2.31
* Thu Apr 16 2015 Support - 2.2.29-17
- Performance improvement for EL7
* Thu Jan 22 2015 Support - 2.2.29-16
- Bugfixes for EL7 systemd support
* Mon Sep 8 2014 Support - 2.2.29-15
- Update to 2.2.29
* Wed May 21 2014 Support - 2.2.27-14
- Update %pre/%post with || to fail safely during an install / update
* Tue Apr 8 2014 Support - 2.2.27-13
- Update to 2.2.27
* Tue Dec 3 2013 Support - 2.2.26-12
- FR#1249, enable PFS (openssl 1.0.1 only)
- FR#1323, enable TLS 1.1, 1.2 (openssl 1.0.1 only)
* Thu Nov 21 2013 Support - 2.2.26-11
- Update to 2.2.26
* Mon Jul 29 2013 Support - 2.2.25-10
- Update to 2.2.25
* Fri Jun 28 2013 Support - 2.2.24-9
- Bugfix #1199, change tortixd ssl session cache to /var/cache/tortixd-mod_ssl/
* Wed Apr 10 2013 Support - 2.2.24-8.4
- Update to 2.2.24
- Change logging path from /var/log/httpd to /var/log/tortixd
- Add tortixd logrotate
- Update ssl.conf to handle BEAST SSL attack conditions
* Wed Dec 12 2012 Support - 2.2.22-8
- Implement relro full against daemons
* Thu Oct 18 2012 Support - 2.2.22-7
- Update to Bugfix #936, separate config for disabling compression
* Mon Sep 10 2012 Support - 2.2.22-6
- Bugfix #936, add SSL compression disabling support
* Mon Sep 10 2012 Support - 2.2.22-4
- Create separate SSL certificate for tortixd, update to ssl path
* Tue Apr 24 2012 Support - 2.2.22-3
- Add wait into the reload case to handle reloads from ASL Web more gracefully
* Mon Mar 5 2012 Support - 2.2.22-1
- Update to 2.2.22
* Thu Sep 22 2011 Support - 2.2.3-53.1
- Resync with upstream -53 build
* Fri Sep 3 2010 Support - 2.2.3-43.1
- mod_ssl: improved fix for SSLRequire's OID() function (#625452)
- add security fixes for CVE-2010-1452, CVE-2010-2791 (#623210)
- mod_deflate: rebase to 2.2.15 (#625435)
- stop multiple invocations of filter init functions (#625451)
* Fri Jun 25 2010 Support - 2.2.3-43.0.3
- add security fixes for CVE-2010-0408, CVE-2010-0434 (#570441)
- require and BR a version of OpenSSL with the secure reneg API (#566659)
- mod_ssl: add SSLInsecureRenegotiation (#566659)
- mod_ssl: further fix for OID() handling (#552942)
- prevent use of rsync during "make install" (#557049)
- mod_ssl: fix additional case for OID() handling (#552942)
- mod_authnz_ldap: fix handling of empty filter in group defn (#252038)
- mod_ssl: use ASN1_STRING_print() in SSLRequire's OID() (#552942)
- mod_ssl: add further mitigation for CVE-2009-3555 (#534042)
- add mod_substitute (#539256)
- mod_authnz_ldap: dynamic group fixes (#252038)
- mod_authnz_ldap: add support for dynamic group lookup (#252038)
- add security fixes for CVE-2009-3555, CVE-2009-3094, CVE-2009-3095 (#534042)
* Sun Dec 31 2009 Scott R. Shinn - 2.2.3-32.5
- Added patch to support openssl 1.0 from Fedora 12
- Deprecated ldap modules for Fedora 11 and Fedora 12
* Sun Dec 6 2009 Scott R. Shinn - 2.2.3-32.1
- Removed mod_proxy_ajp
- Re-merge with centos, the following changes are inherited.
- add security fixes for CVE-2009-3094, CVE-2009-3095, CVE-2009-3555 (#534041)
- mod_rewrite: correct backport of URI escaping fix (#480604)
- add security fixes for CVE-2009-1890, CVE-2009-1891 (#509783)
- add image/png to conf/magic (#240844)
- fix backwards compat for CVE-2009-1195 fix (#502998)
- mod_cgi, mod_cgid: fix logging on input read error (#498170)
- mod_rewrite: don't serialize logfile access (#493023)
- mod_ext_filter: fix spurious error log output (#479463)
- add security fixes for CVE-2008-1678, CVE-2009-1195 (#499285)
- mod_rewrite: fix URI escaping with [P] in directory context (#480604)
- mod_cgi: fix headers/status in error responses (#480932)
- mod_speling: fix handling of directory names (#485524)
- init script: use ${pidfile} in more places (#491135)
- mod_log_config: support remote/local with 'p' format (#493070)
- remove Obsolete for mod_jk (#493592)
- mod_ssl: fix SSL per-dir-reneg buffering with internal redirects (#488886)
- fix spurious error messages on graceful restart (#233955)
- mod_ssl: add SSLRenegBufferSize directive (#479806)
- mod_proxy: set c->remote_host for backend SSL connection (#479410)
- add security fixes for CVE-2008-2939 (#468841)
- note that the mod_proxy 2.2.9 rebase fixed CVE-2008-2634
* Fri Oct 9 2009 Scott R. Shinn - 2.2.3-22.17.3
- Minor change to httpd.conf, disabled additional modules by default
* Mon Aug 31 2009 Scott R. Shinn - 2.2.3-22.17.2
- Bugid #223, logrotate has been disabled, this is currently covered by the httpd package
* Thu Aug 27 2009 Scott R. Shinn - 2.2.3-22.17
- Added patch for libtool 2.2 support (fedora 11)
- Dropped some prefork build flags, like mem-cache
- Bugfix #216, asl-httpd rotates the same files as /etc/logrotate.d/httpd.
* Wed Jun 17 2009 Scott R. Shinn 2.2.3-22.6
- Updated apachectl, ssl.conf, httpd.init
* Wed Jun 17 2009 Scott R. Shinn 2.2.3-22.0
- Re-spin for ASL management daemon