From 01bcbc5642a6ea61101e6af963e64175f7b307c5 Mon Sep 17 00:00:00 2001
From: Luboš Uhliarik <luhliari@redhat.com>
Date: Oct 06 2017 16:14:03 +0000
Subject: new version 2.4.28


---

diff --git a/httpd-2.4.10-sigint.patch b/httpd-2.4.10-sigint.patch
deleted file mode 100644
index ecdd82e..0000000
--- a/httpd-2.4.10-sigint.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-diff --git a/server/mpm/prefork/prefork.c b/server/mpm/prefork/prefork.c
-index 559f90a..a386a75 100644
---- a/server/mpm/prefork/prefork.c
-+++ b/server/mpm/prefork/prefork.c
-@@ -220,6 +220,9 @@ static void clean_child_exit(int code)
- {
-     retained->mpm->mpm_state = AP_MPMQ_STOPPING;
- 
-+    apr_signal(SIGHUP, SIG_IGN);
-+    apr_signal(SIGTERM, SIG_IGN);
-+
-     if (pchild) {
-         apr_pool_destroy(pchild);
-     }
-@@ -699,6 +702,13 @@ static int make_child(server_rec *s, int slot, int bucket)
-          */
-         apr_signal(SIGHUP, just_die);
-         apr_signal(SIGTERM, just_die);
-+        /* Ignore SIGINT in child. This fixes race-condition in signals
-+         * handling when httpd is runnning on foreground and user hits ctrl+c.
-+         * In this case, SIGINT is sent to all children followed by SIGTERM
-+         * from the main process, which interrupts the SIGINT handler and
-+         * leads to inconsistency.
-+         */
-+        apr_signal(SIGINT, SIG_IGN);
-         /* The child process just closes listeners on AP_SIG_GRACEFUL.
-          * The pod is used for signalling the graceful restart.
-          */
diff --git a/httpd-2.4.17-socket-activation.patch b/httpd-2.4.17-socket-activation.patch
index d5cbdf2..dbdd80c 100644
--- a/httpd-2.4.17-socket-activation.patch
+++ b/httpd-2.4.17-socket-activation.patch
@@ -1,5 +1,5 @@
 diff --git a/server/listen.c b/server/listen.c
-index 1d9be83..f5f7754 100644
+index a8e9e6f..1a6c1d3 100644
 --- a/server/listen.c
 +++ b/server/listen.c
 @@ -34,6 +34,10 @@
@@ -100,11 +100,10 @@ index 1d9be83..f5f7754 100644
      }
  
  #ifdef WIN32
-@@ -277,6 +286,124 @@ static apr_status_t close_listeners_on_exec(void *v)
-     return APR_SUCCESS;
+@@ -315,6 +324,123 @@ static int find_listeners(ap_listen_rec **from, ap_listen_rec **to,
+     return found;
  }
  
-+
 +#ifdef HAVE_SYSTEMD
 +
 +static int find_systemd_socket(process_rec * process, apr_port_t port) {
@@ -222,10 +221,10 @@ index 1d9be83..f5f7754 100644
 +
 +#endif /* HAVE_SYSTEMD */
 +
- static const char *alloc_listener(process_rec *process, char *addr,
+ static const char *alloc_listener(process_rec *process, const char *addr,
                                    apr_port_t port, const char* proto,
                                    void *slave)
-@@ -479,7 +606,7 @@ static int open_listeners(apr_pool_t *pool)
+@@ -495,7 +621,7 @@ static int open_listeners(apr_pool_t *pool)
                  }
              }
  #endif
@@ -234,7 +233,7 @@ index 1d9be83..f5f7754 100644
                  ++num_open;
              }
              else {
-@@ -591,8 +718,28 @@ AP_DECLARE(int) ap_setup_listeners(server_rec *s)
+@@ -607,8 +733,28 @@ AP_DECLARE(int) ap_setup_listeners(server_rec *s)
          }
      }
  
@@ -265,7 +264,7 @@ index 1d9be83..f5f7754 100644
      }
  
      for (lr = ap_listeners; lr; lr = lr->next) {
-@@ -682,7 +829,7 @@ AP_DECLARE(apr_status_t) ap_duplicate_listeners(apr_pool_t *p, server_rec *s,
+@@ -698,7 +844,7 @@ AP_DECLARE(apr_status_t) ap_duplicate_listeners(apr_pool_t *p, server_rec *s,
                              duplr->bind_addr);
                  return stat;
              }
@@ -274,7 +273,7 @@ index 1d9be83..f5f7754 100644
  #if AP_NONBLOCK_WHEN_MULTI_LISTEN
              use_nonblock = (ap_listeners && ap_listeners->next);
              stat = apr_socket_opt_set(duplr->sd, APR_SO_NONBLOCK, use_nonblock);
-@@ -809,6 +956,11 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
+@@ -825,6 +971,11 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
      if (argc < 1 || argc > 2) {
          return "Listen requires 1 or 2 arguments.";
      }
@@ -286,7 +285,7 @@ index 1d9be83..f5f7754 100644
  
      rv = apr_parse_addr_port(&host, &scope_id, &port, argv[0], cmd->pool);
      if (rv != APR_SUCCESS) {
-@@ -840,6 +992,12 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
+@@ -856,6 +1007,12 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
          ap_str_tolower(proto);
      }
  
diff --git a/httpd-2.4.27-CVE-2017-9798.patch b/httpd-2.4.27-CVE-2017-9798.patch
deleted file mode 100644
index be590f2..0000000
--- a/httpd-2.4.27-CVE-2017-9798.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- httpd/httpd/branches/2.4.x/server/core.c	2017/08/16 16:50:29	1805223
-+++ httpd/httpd/branches/2.4.x/server/core.c	2017/09/08 13:13:11	1807754
-@@ -2266,6 +2266,12 @@
-             /* method has not been registered yet, but resource restriction
-              * is always checked before method handling, so register it.
-              */
-+            if (cmd->pool == cmd->temp_pool) {
-+                /* In .htaccess, we can't globally register new methods. */
-+                return apr_psprintf(cmd->pool, "Could not register method '%s' "
-+                                   "for %s from .htaccess configuration",
-+                                    method, cmd->cmd->name);
-+            }
-             methnum = ap_method_register(cmd->pool,
-                                          apr_pstrdup(cmd->pool, method));
-         }
diff --git a/httpd.spec b/httpd.spec
index e9e4319..d780615 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -12,8 +12,8 @@
 
 Summary: Apache HTTP Server
 Name: httpd
-Version: 2.4.27
-Release: 14%{?dist}
+Version: 2.4.28
+Release: 1%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@@ -71,10 +71,8 @@ Patch34: httpd-2.4.17-socket-activation.patch
 Patch35: httpd-2.4.17-sslciphdefault.patch
 # Bug fixes
 Patch56: httpd-2.4.4-mod_unique_id.patch
-Patch57: httpd-2.4.10-sigint.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1397243
 Patch58: httpd-2.4.25-r1738878.patch
-Patch59: httpd-2.4.27-CVE-2017-9798.patch
 Patch60: httpd-2.4.27-r1808230.patch
 # Security fixes
 
@@ -220,9 +218,7 @@ interface for storing and accessing per-user session data.
 %patch35 -p1 -b .sslciphdefault
 
 %patch56 -p1 -b .uniqueid
-%patch57 -p1 -b .sigint
 %patch58 -p1 -b .r1738878
-%patch59 -p4 -b .cve-2017-9798
 %patch60 -p1 -b .r1808230
 
 # Patch in the vendor string
@@ -691,6 +687,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Fri Oct 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.28-1
+- new version 2.4.28
+
 * Tue Oct  3 2017 Joe Orton <jorton@redhat.com> - 2.4.27-14
 - add notes on enabling httpd_graceful_shutdown boolean for prefork
 
diff --git a/sources b/sources
index dafe33c..2db6285 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (httpd-2.4.27.tar.bz2) = 7e7e8070715b74cb6890096a74e194f4c6a49c14bda685b1ad832e84312f1ac4316ea03a430e679502bfd8e1853aefa544ee002a20d0f7e994b9a590c74bc42c
+SHA512 (httpd-2.4.28.tar.bz2) = 8de8e32b87e6de220e492e74db9df0882fae11c3b9732f3d3316da048c04767ac4429c0433c36f87d8705263e3376f97a7e1f66a9d7a518632a67b6fe617590a