diff --git a/.cvsignore b/.cvsignore index 056b466..4689655 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -httpd-2.0.40.tar.gz +httpd-2.0.47.tar.gz diff --git a/httpd-2.0.45-deplibs.patch b/httpd-2.0.45-deplibs.patch new file mode 100644 index 0000000..e4345d6 --- /dev/null +++ b/httpd-2.0.45-deplibs.patch @@ -0,0 +1,15 @@ + +apr and apr-util are patched to correctly depend on their deps, so +it's sufficient to just link httpd against the .la file. + +--- httpd-2.0.45/configure.in.deplibs 2003-04-29 10:27:05.000000000 +0100 ++++ httpd-2.0.45/configure.in 2003-04-29 10:26:45.000000000 +0100 +@@ -455,7 +455,7 @@ + AP_LIBS="$abs_builddir/srclib/pcre/libpcre.la $AP_LIBS" + + dnl APR should go after the other libs, so the right symbols can be picked up +-AP_LIBS="$AP_LIBS `$apu_config --link-libtool --libs` `$apr_config --link-libtool --libs`" ++AP_LIBS="$AP_LIBS `$apu_config --link-libtool` `$apr_config --link-libtool`" + APACHE_SUBST(AP_LIBS) + APACHE_SUBST(AP_BUILD_SRCLIB_DIRS) + APACHE_SUBST(AP_CLEAN_SRCLIB_DIRS) diff --git a/httpd.conf b/httpd.conf index c6a4fd0..4dabb4a 100644 --- a/httpd.conf +++ b/httpd.conf @@ -129,22 +129,6 @@ ThreadsPerChild 25 MaxRequestsPerChild 0 -# perchild MPM -# NumServers: constant number of server processes -# StartThreads: initial number of worker threads in each server process -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# MaxThreadsPerChild: maximum number of worker threads in each server process -# MaxRequestsPerChild: maximum number of connections per server process - -NumServers 5 -StartThreads 5 -MinSpareThreads 5 -MaxSpareThreads 10 -MaxThreadsPerChild 20 -MaxRequestsPerChild 0 - - # # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, in addition to the default. See also the @@ -157,11 +141,6 @@ MaxRequestsPerChild 0 Listen 80 # -# Load config files from the config directory "/etc/httpd/conf.d". -# -Include conf.d/*.conf - -# # Dynamic Shared Object (DSO) Support # # To be able to use the functionality of a module which was built as a DSO you @@ -178,12 +157,15 @@ LoadModule auth_module modules/mod_auth.so LoadModule auth_anon_module modules/mod_auth_anon.so LoadModule auth_dbm_module modules/mod_auth_dbm.so LoadModule auth_digest_module modules/mod_auth_digest.so +LoadModule ldap_module modules/mod_ldap.so +LoadModule auth_ldap_module modules/mod_auth_ldap.so LoadModule include_module modules/mod_include.so LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule cern_meta_module modules/mod_cern_meta.so LoadModule expires_module modules/mod_expires.so +LoadModule deflate_module modules/mod_deflate.so LoadModule headers_module modules/mod_headers.so LoadModule usertrack_module modules/mod_usertrack.so LoadModule unique_id_module modules/mod_unique_id.so @@ -208,14 +190,17 @@ LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_connect_module modules/mod_proxy_connect.so - - +LoadModule cache_module modules/mod_cache.so +LoadModule suexec_module modules/mod_suexec.so +LoadModule disk_cache_module modules/mod_disk_cache.so +LoadModule file_cache_module modules/mod_file_cache.so +LoadModule mem_cache_module modules/mod_mem_cache.so LoadModule cgi_module modules/mod_cgi.so - - -LoadModule cgid_module modules/mod_cgid.so - +# +# Load config files from the config directory "/etc/httpd/conf.d". +# +Include conf.d/*.conf # # ExtendedStatus controls whether Apache will generate "full" status @@ -316,7 +301,7 @@ DocumentRoot "/var/www/html" # # Possible values for the Options directive are "None", "All", # or any combination of: -# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI Multiviews +# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. @@ -342,15 +327,6 @@ DocumentRoot "/var/www/html" -# -# Disable autoindex for the root directory, and present a -# default Welcome page if no other index page is present. -# - - Options -Indexes - ErrorDocument 403 /error/noindex.html - - # # UserDir: The name of the directory that is appended onto a user's home # directory if a ~user request is received. @@ -409,7 +385,8 @@ DirectoryIndex index.html index.html.var # # AccessFileName: The name of the file to look for in each directory -# for access control information. See also the AllowOverride directive. +# for additional configuration directives. See also the AllowOverride +# directive. # AccessFileName .htaccess @@ -460,6 +437,25 @@ DefaultType text/plain HostnameLookups Off # +# EnableMMAP: Control whether memory-mapping is used to deliver +# files (assuming that the underlying OS supports it). +# The default is on; turn this off if you serve from NFS-mounted +# filesystems. On some systems, turning it off (regardless of +# filesystem) can improve performance; for details, please see +# http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap +# +#EnableMMAP off + +# +# EnableSendfile: Control whether the sendfile kernel support is +# used to deliver files (assuming that the OS supports it). +# The default is on; turn this off if you serve from NFS-mounted +# filesystems. Please see +# http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile +# +#EnableSendfile off + +# # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a # container, error messages relating to that virtual host will be @@ -509,8 +505,9 @@ CustomLog logs/access_log combined # # Optionally add a line containing the server version and virtual host -# name to server-generated pages (error documents, FTP directory listings, -# mod_status and mod_info output etc., but not CGI generated documents). +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail # @@ -543,13 +540,25 @@ Alias /icons/ "/var/www/icons/" # the manual, even if you choose to move your DocumentRoot. You may comment # this out if you do not care for the documentation. # -Alias /manual "/var/www/manual" +AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ "/var/www/manual$1" - Options Indexes FollowSymLinks MultiViews + Options Indexes AllowOverride None Order allow,deny Allow from all + + + SetHandler type-map + + + SetEnvIf Request_URI ^/manual/de/ prefer-language=de + SetEnvIf Request_URI ^/manual/en/ prefer-language=en + SetEnvIf Request_URI ^/manual/fr/ prefer-language=fr + SetEnvIf Request_URI ^/manual/ja/ prefer-language=ja + SetEnvIf Request_URI ^/manual/ko/ prefer-language=ko + SetEnvIf Request_URI ^/manual/ru/ prefer-language=ru + RedirectMatch 301 ^/manual(?:/(de|en|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2 @@ -567,14 +576,6 @@ Alias /manual "/var/www/manual" # ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - -# -# Additional to mod_cgid.c settings, mod_cgid has Scriptsock -# for setting UNIX socket for communicating with cgid. -# -Scriptsock run/httpd.cgid - - # # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. @@ -598,10 +599,8 @@ Scriptsock run/httpd.cgid # # -# FancyIndexing is whether you want fancy directory indexing or standard. -# VersionSort is whether files containing version numbers should be -# compared in the natural way, so that `apache-1.3.9.tar' is placed before -# `apache-1.3.12.tar'. +# IndexOptions: Controls the appearance of server-generated directory +# listings. # IndexOptions FancyIndexing VersionSort NameWidth=* @@ -671,15 +670,6 @@ HeaderName HEADER.html IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t # -# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have nothing -# to do with the FancyIndexing customization directives above. -# -AddEncoding x-compress Z -AddEncoding x-gzip gz tgz - -# # DefaultLanguage and AddLanguage allows you to specify the language of # a document. You can then use content negotiation to give a browser a # file in a language the user can understand. @@ -709,39 +699,40 @@ AddEncoding x-gzip gz tgz # specifier. There is 'work in progress' to fix this and get # the reference data for rfc1766 cleaned up. # -# Danish (da) - Dutch (nl) - English (en) - Estonian (et) -# French (fr) - German (de) - Greek-Modern (el) -# Italian (it) - Norwegian (no) - Norwegian Nynorsk (nn) - Korean (kr) -# Portugese (pt) - Luxembourgeois* (ltz) -# Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz) -# Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja) -# Russian (ru) - Croatian (hr) +# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) +# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) +# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) +# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) +# Norwegian (no) - Polish (pl) - Portugese (pt) +# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) +# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) # +AddLanguage ca .ca +AddLanguage cs .cz .cs AddLanguage da .dk -AddLanguage nl .nl +AddLanguage de .de +AddLanguage el .el AddLanguage en .en +AddLanguage eo .eo +AddLanguage es .es AddLanguage et .et AddLanguage fr .fr -AddLanguage de .de AddLanguage he .he -AddLanguage el .el +AddLanguage hr .hr AddLanguage it .it AddLanguage ja .ja -AddLanguage pl .po -AddLanguage kr .kr -AddLanguage pt .pt +AddLanguage ko .ko +AddLanguage ltz .ltz +AddLanguage nl .nl AddLanguage nn .nn AddLanguage no .no -AddLanguage pt-br .pt-br -AddLanguage ltz .ltz -AddLanguage ca .ca -AddLanguage es .es -AddLanguage sv .se -AddLanguage cz .cz +AddLanguage pl .po +AddLanguage pt .pt +AddLanguage pt-BR .pt-br AddLanguage ru .ru -AddLanguage tw .tw -AddLanguage zh-tw .tw -AddLanguage hr .hr +AddLanguage sv .sv +AddLanguage zh-CN .zh-cn +AddLanguage zh-TW .zh-tw # # LanguagePriority allows you to give precedence to some languages @@ -750,7 +741,7 @@ AddLanguage hr .hr # Just list the languages in decreasing order of preference. We have # more or less alphabetized them here. You probably want to change this. # -LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ltz ca es sv tw +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW # # ForceLanguagePriority allows you to serve a result page rather than @@ -769,14 +760,14 @@ ForceLanguagePriority Prefer Fallback # reasons in browsers, related to javascript and URL parsing # which encourage you to always set a default char set. # -AddDefaultCharset ISO-8859-1 +AddDefaultCharset UTF-8 # # Commonly used filename extensions to character sets. You probably # want to avoid clashes with the language extensions, unless you # are good at carefully testing your setup after each change. -# See ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets for -# the official list of charset names and their respective RFCs +# See http://www.iana.org/assignments/character-sets for the +# official list of charset names and their respective RFCs. # AddCharset ISO-8859-1 .iso8859-1 .latin1 AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen @@ -805,7 +796,7 @@ AddCharset UTF-8 .utf8 # capitalization actually matters (it should not, but it # does for some browsers). # -# See ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets +# See http://www.iana.org/assignments/character-sets # for a list of sorts. But browsers support few. # AddCharset GB2312 .gb2312 .gb @@ -821,7 +812,22 @@ AddCharset shift_jis .sjis # AddType allows you to add to or override the MIME configuration # file mime.types for specific file types. # -AddType application/x-tar .tgz +#AddType application/x-tar .tgz + +# +# AddEncoding allows you to have certain browsers uncompress +# information on the fly. Note: Not all browsers support this. +# Despite the name similarity, the following Add* directives have nothing +# to do with the FancyIndexing customization directives above. +# +#AddEncoding x-compress .Z +#AddEncoding x-gzip .gz .tgz + +# If the AddEncoding directives above are commented-out, then you +# probably should define those extensions to indicate media types: +# +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz # # AddHandler allows you to map certain file extensions to "handlers": @@ -850,11 +856,13 @@ AddHandler imap-file map # AddHandler type-map var +# # Filters allow you to process content before it is sent to the client. # # To parse .shtml files for server-side includes (SSI): # (You will also need to add "Includes" to the "Options" directive.) # +AddType text/html .shtml AddOutputFilter INCLUDES .shtml # @@ -877,14 +885,14 @@ AddOutputFilter INCLUDES .shtml # # -# Putting this all together, we can Internationalize error responses. +# Putting this all together, we can internationalize error responses. # # We use Alias to redirect any /error/HTTP_.html.var response to # our collection of by-error message multi-language collections. We use # includes to substitute the appropriate text. # # You can modify the messages' appearance without changing any of the -# default HTTP_.html.var files by adding the line; +# default HTTP_.html.var files by adding the line: # # Alias /error/include/ "/your/include/path/" # @@ -908,23 +916,23 @@ Alias /error/ "/var/www/error/" ForceLanguagePriority Prefer Fallback - ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var - ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var - ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var - ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var - ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var - ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var - ErrorDocument 410 /error/HTTP_GONE.html.var - ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var - ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var - ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var - ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var - ErrorDocument 415 /error/HTTP_SERVICE_UNAVAILABLE.html.var - ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var - ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var - ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var - ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var - ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var +# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +# ErrorDocument 410 /error/HTTP_GONE.html.var +# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var @@ -944,31 +952,35 @@ BrowserMatch "JDK/1\.0" force-response-1.0 # a directory that does not include the trailing slash. This fixes a # problem with Microsoft WebFolders which does not appropriately handle # redirects for folders with DAV methods. +# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. # BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully +BrowserMatch "^gnome-vfs" redirect-carefully # -# Allow server status reports, with the URL of http://servername/server-status -# Change the ".your-domain.com" to match your domain to enable. +# Allow server status reports generated by mod_status, +# with the URL of http://servername/server-status +# Change the ".example.com" to match your domain to enable. # # # SetHandler server-status # Order deny,allow # Deny from all -# Allow from .your-domain.com +# Allow from .example.com # # # Allow remote server configuration reports, with the URL of # http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".your-domain.com" to match your domain to enable. +# Change the ".example.com" to match your domain to enable. # # # SetHandler server-info # Order deny,allow # Deny from all -# Allow from .your-domain.com +# Allow from .example.com # # @@ -981,7 +993,7 @@ BrowserMatch "^WebDrive" redirect-carefully # # Order deny,allow # Deny from all -# Allow from .your-domain.com +# Allow from .example.com # # @@ -992,16 +1004,14 @@ BrowserMatch "^WebDrive" redirect-carefully #ProxyVia On # -# To enable the cache as well, edit and uncomment the following lines: -# (no cacheing without CacheRoot) +# To enable a cache of proxied content, uncomment the following lines. +# See http://httpd.apache.org/docs-2.0/mod/mod_cache.html for more details. +# +# +# CacheEnable disk / +# CacheRoot "/var/cache/mod_proxy" +# # -#CacheRoot "/etc/httpd/proxy" -#CacheSize 5 -#CacheGcInterval 4 -#CacheMaxExpire 24 -#CacheLastModifiedFactor 0.1 -#CacheDefaultExpire 1 -#NoCache a-domain.com another-domain.edu joes.garage-sale.com # # End of proxy directives. @@ -1023,7 +1033,7 @@ BrowserMatch "^WebDrive" redirect-carefully # # Use name-based virtual hosting. # -#NameVirtualHost * +#NameVirtualHost *:80 # # VirtualHost example: @@ -1031,7 +1041,7 @@ BrowserMatch "^WebDrive" redirect-carefully # The first VirtualHost section is used for requests without a known # server name. # -# +# # ServerAdmin webmaster@dummy-host.example.com # DocumentRoot /www/docs/dummy-host.example.com # ServerName dummy-host.example.com diff --git a/httpd.spec b/httpd.spec index 578e6bb..9f9c3d6 100644 --- a/httpd.spec +++ b/httpd.spec @@ -1,24 +1,21 @@ %define contentdir /var/www %define suexec_caller apache -%define mmn 20020628 - -%ifarch ia64 -# disable debuginfo on IA64 -%define debug_package %{nil} -%endif +%define mmn 20020903 Summary: Apache HTTP Server Name: httpd -Version: 2.0.40 -Release: 21.11 +Version: 2.0.47 +Release: 10 URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz Source1: index.html Source3: httpd.logrotate Source4: httpd.init Source6: powered_by.gif +Source7: powered_by_fedora.png Source10: httpd.conf Source11: ssl.conf +Source12: welcome.conf Source14: mod_ssl-Makefile.crt Source15: mod_ssl-Makefile.crl # Documentation @@ -30,59 +27,39 @@ Source33: README.confd Patch1: httpd-2.0.40-apctl.patch Patch2: httpd-2.0.36-apxs.patch Patch3: httpd-2.0.36-sslink.patch +Patch4: httpd-2.0.45-parallel.patch +Patch5: httpd-2.0.45-deplibs.patch +Patch6: httpd-2.0.47-pie.patch +Patch7: httpd-2.0.45-syspcre.patch # Bug fixes -Patch20: httpd-2.0.40-davsegv.patch -Patch21: httpd-2.0.40-glibc23.patch -Patch22: httpd-2.0.40-nphcgi.patch -Patch23: httpd-2.0.40-leaks.patch -Patch24: httpd-2.0.40-proxy.patch -Patch25: httpd-2.0.40-range.patch -Patch26: httpd-2.0.40-pipelog.patch -Patch27: httpd-2.0.40-rwmap.patch -Patch28: httpd-2.0.40-stream.patch -Patch29: httpd-2.0.40-subreq.patch -Patch30: httpd-2.0.40-sslexcl.patch -Patch31: httpd-2.0.40-include.patch -Patch32: httpd-2.0.46-graceful.patch -Patch33: httpd-2.0.40-rand.patch -Patch34: httpd-2.0.40-deflate.patch -Patch35: httpd-2.0.46-metharray.patch -Patch36: httpd-2.0.46-miscfix.patch +Patch20: httpd-2.0.45-encode.patch +Patch21: httpd-2.0.45-davfs.patch +Patch22: httpd-2.0.45-davetag.patch +Patch23: httpd-headusage.patch +Patch24: httpd-2.0.47-sslcleanup.patch +Patch25: httpd-2.0.47-include.patch +Patch26: httpd-2.0.47-ldapshm.patch +Patch27: httpd-2.0.46-shmcb.patch +Patch32: httpd-2.0.46-sslmutex.patch +Patch34: httpd-2.0.46-sslio.patch +Patch36: httpd-2.0.46-graceful.patch # features/functional changes -Patch40: httpd-2.0.36-cnfdir.patch +Patch40: httpd-2.0.45-cnfdir.patch Patch41: httpd-2.0.36-redhat.patch Patch42: httpd-2.0.40-xfsz.patch Patch43: httpd-2.0.40-pod.patch Patch44: httpd-2.0.40-noshmht.patch -Patch45: httpd-2.0.40-prctl.patch -Patch46: httpd-2.0.48-fdsetsize.patch -Patch47: httpd-2.0.40-sendfile.patch -# Security fixes -Patch60: httpd-2.0.40-CAN-2002-0840.patch -Patch61: httpd-2.0.40-CAN-2002-0843.patch -Patch62: httpd-2.0.40-CAN-2003-0020.patch -Patch63: httpd-2.0.40-CAN-2003-0083.patch -Patch64: httpd-2.0.40-CAN-2003-0132.patch -Patch65: httpd-2.0.40-fdleak.patch -Patch66: httpd-2.0.40-CAN-2003-0245.patch -Patch67: httpd-2.0.40-CAN-2003-0189.patch -Patch68: httpd-2.0.40-CAN-2003-0192.patch -Patch69: httpd-2.0.40-CAN-2003-0253.patch -Patch70: httpd-2.0.40-CAN-2003-0254.patch -Patch71: httpd-2.0.40-VU379828.patch -Patch72: httpd-2.0.40-CAN-2003-0542.patch -Patch73: httpd-2.0.40-CAN-2003-0789.patch -Patch74: httpd-2.0.40-CAN-2004-0113.patch +Patch45: httpd-2.0.45-proxy.patch License: Apache Software License Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-root BuildPrereq: db4-devel, expat-devel, findutils, perl, pkgconfig, xmlto >= 0.0.11 +BuildPrereq: apr-devel >= 0.9.3-10, apr-util-devel, pcre-devel Requires: /etc/mime.types, gawk, /usr/share/magic.mime, /usr/bin/find Prereq: /sbin/chkconfig, /bin/mktemp, /bin/rm, /bin/mv Prereq: sh-utils, textutils, /usr/sbin/useradd Provides: webserver Provides: httpd-mmn = %{mmn} -Conflicts: thttpd Obsoletes: apache, secureweb, mod_dav %description @@ -94,7 +71,7 @@ Internet. Group: Development/Libraries Summary: Development tools for the Apache HTTP server. Obsoletes: secureweb-devel, apache-devel -Requires: libtool, httpd = %{version} +Requires: apr-devel, apr-util-devel, httpd = %{version} %description devel The httpd-devel package contains the APXS binary and other files @@ -112,7 +89,7 @@ Obsoletes: secureweb-manual, apache-manual %description manual The httpd-manual package contains the complete manual and reference guide for the Apache HTTP server. The information can -also be found at http://httpd.apache.org/docs/. +also be found at http://httpd.apache.org/docs-2.0/. %package -n mod_ssl Group: System Environment/Daemons @@ -129,53 +106,37 @@ Security (TLS) protocols. %prep %setup -q -%patch1 -p1 -b .apctl +%patch1 -p0 -b .apctl %patch2 -p1 -b .apxs %patch3 -p0 -b .sslink +%patch4 -p0 -b .parallel +%patch5 -p1 -b .deplibs +%patch7 -p1 -b .syspcre + +# Conditionally enable PIE support +if echo 'int main () { return 0; }' | gcc -pie -fpie -O2 -xc - -o pietest 2>/dev/null; then +%patch6 -p1 -b .pie +fi -%patch20 -p1 -b .davsegv -%patch21 -p1 -b .glibc23 -%patch22 -p1 -b .nphcgi -%patch23 -p0 -b .leaks -%patch24 -p1 -b .proxy -%patch25 -p1 -b .range -%patch26 -p1 -b .pipelog -%patch27 -p1 -b .rwmap -%patch28 -p1 -b .stream -%patch29 -p1 -b .subreq -%patch30 -p1 -b .sslexcl -%patch31 -p1 -b .include -%patch32 -p1 -b .graceful -%patch33 -p1 -b .rand -%patch34 -p1 -b .deflate -%patch35 -p1 -b .metharray -%patch36 -p1 -b .miscfix - -%patch40 -p0 -b .cnfdir +# no -b to prevent droplets in install root +%patch20 -p1 +%patch21 -p1 -b .davfs +%patch22 -p1 -b .davetag +%patch23 -p1 -b .head +%patch24 -p1 -b .sslcleanup +%patch25 -p1 -b .include +%patch26 -p1 -b .ldapshm +%patch27 -p1 -b .shmcb +%patch32 -p1 -b .sslmutex +%patch34 -p1 -b .sslio +%patch36 -p1 -b .graceful + +%patch40 -p1 -b .cnfdir %patch41 -p0 -b .redhat %patch42 -p0 -b .xfsz -%patch43 -p1 -b .pod -%patch44 -p0 -b .noshmht -%patch45 -p1 -b .prctl -%patch46 -p1 -b .fdsetsize -%patch47 -p1 -b .sendfile - -# no -b to prevent droplets in install root. -%patch60 -p1 -%patch61 -p1 -b .can0843 -%patch62 -p1 -b .can0020 -%patch63 -p1 -b .can0083 -%patch64 -p1 -b .can0132 -%patch65 -p1 -b .fdleak -%patch66 -p1 -b .can0245 -%patch67 -p1 -b .can0189 -%patch68 -p1 -b .can0192 -%patch69 -p1 -b .can0253 -%patch70 -p1 -b .can0254 -%patch71 -p1 -b .vu379828 -%patch72 -p1 -b .can0542 -%patch73 -p1 -b .can0789 -%patch74 -p1 -b .can0113 +%patch43 -p0 -b .pod +%patch44 -p1 -b .noshmht +%patch45 -p1 -b .proxy # Safety check: prevent build if defined MMN does not equal upstream MMN. vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include \`pwd\`/include/ap_mmn.h | grep -v '#'` @@ -186,22 +147,21 @@ if test "x${vmmn}" != "x%{mmn}"; then fi %build -# update location of migration guide in apachectl -%{__perl} -pi -e "s:\@docdir\@:%{_docdir}/%{name}-%{version}:g" \ - support/apachectl.in - # regenerate configure scripts ./buildconf # Before configure; fix location of build dir in generated apxs %{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \ support/apxs.in +# update location of migration guide in apachectl +%{__perl} -pi -e "s:\@docdir\@:%{_docdir}/%{name}-%{version}:g" \ + support/apachectl.in # build the migration guide xmlto --skip-validation -x $RPM_SOURCE_DIR/html.xsl html-nochunks $RPM_SOURCE_DIR/migration.xml cp $RPM_SOURCE_DIR/migration.css . # make %%doc happy -CFLAGS="$RPM_OPT_FLAGS" +CFLAGS="$RPM_OPT_FLAGS -DSSL_EXPERIMENTAL_ENGINE" if pkg-config openssl ; then # configure -C barfs with trailing spaces in CFLAGS CFLAGS="$CFLAGS `pkg-config --cflags openssl | sed 's/ *$//'`" @@ -209,7 +169,8 @@ if pkg-config openssl ; then else AP_LIBS="-lssl -lcrypto" fi -export CFLAGS AP_LIBS +export CFLAGS +export AP_LIBS function mpmbuild() { @@ -230,14 +191,15 @@ EOF --includedir=%{_includedir}/httpd \ --libexecdir=%{_libdir}/httpd/modules \ --datadir=%{contentdir} \ + --with-installbuilddir=%{_libdir}/httpd/build \ --with-mpm=$mpm \ + --with-apr=%{_prefix} --with-apr-util=%{_prefix} \ --enable-suexec --with-suexec \ --with-suexec-caller=%{suexec_caller} \ --with-suexec-docroot=%{contentdir} \ --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \ --with-suexec-bin=%{_sbindir}/suexec \ - --with-suexec-uidmin=500 --with-suexec-gidmin=500 \ - --with-devrandom=/dev/urandom \ + --with-suexec-uidmin=500 --with-suexec-gidmin=100 \ $* make %{?_smp_mflags} @@ -247,9 +209,14 @@ popd # Only bother enabling optional modules for main build. mpmbuild prefork --enable-mods-shared=all \ --enable-ssl --with-ssl \ - --enable-deflate --enable-cgid \ + --enable-deflate \ --enable-proxy --enable-proxy-connect \ - --enable-proxy-http --enable-proxy-ftp + --enable-proxy-http --enable-proxy-ftp \ + --disable-ext-filter \ + --enable-cache --enable-mem-cache \ + --enable-file-cache --enable-disk-cache \ + --enable-ldap --enable-auth-ldap \ + --enable-logio # To prevent most modules being built statically into httpd.worker, # easiest way seems to be enable them shared. @@ -276,7 +243,7 @@ pushd prefork make DESTDIR=$RPM_BUILD_ROOT install popd # install worker binary -install -m 755 worker/.libs/httpd $RPM_BUILD_ROOT%{_sbindir}/httpd.worker +install -m 755 worker/httpd $RPM_BUILD_ROOT%{_sbindir}/httpd.worker # install conf file/directory mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d @@ -284,6 +251,8 @@ install -m 644 $RPM_SOURCE_DIR/README.confd \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README install -m 644 $RPM_SOURCE_DIR/ssl.conf \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ssl.conf +install -m 644 $RPM_SOURCE_DIR/welcome.conf \ + $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/welcome.conf rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf install -m 644 $RPM_SOURCE_DIR/httpd.conf \ @@ -308,21 +277,23 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/mod_ssl touch $RPM_BUILD_ROOT%{_localstatedir}/cache/mod_ssl/scache.{dir,pag,sem} +# create cache root +mkdir $RPM_BUILD_ROOT%{_localstatedir}/cache/mod_proxy + # move utilities to /usr/bin mv $RPM_BUILD_ROOT%{_sbindir}/{ab,htdbm,logresolve,htpasswd,htdigest} \ $RPM_BUILD_ROOT%{_bindir} -# make libtool a symlink +# move builddir to the right place mv $RPM_BUILD_ROOT%{contentdir}/build $RPM_BUILD_ROOT%{_libdir}/httpd/build -rm $RPM_BUILD_ROOT%{_libdir}/httpd/build/libtool ln -s ../../../..%{_bindir}/libtool $RPM_BUILD_ROOT%{_libdir}/httpd/build/libtool -# fix up config_vars file: relocate the build directory into libdir; -# reference correct libtool; remove references to RPM build root. +# Install and sanitize config_vars file: relocate the build directory into +# libdir; reference correct libtool; fix EXTRA_INCLUDES sed -e "s|%{contentdir}/build|%{_libdir}/httpd/build|g" \ -e "/AP_LIBS/d" -e "/abs_srcdir/d" \ - -e "/^LIBTOOL/s|/[^ ]*/libtool|%{_bindir}/libtool|" \ - -e "s|^EXTRA_INCLUDES.*$|EXTRA_INCLUDES = -I\$(includedir) -I%{_includedir}/openssl|g" \ + -e "/^LIBTOOL/s|/bin/sh /[^ ]*/libtool|`apr-config --apr-libtool`|" \ + -e "s|^EXTRA_INCLUDES.*$|EXTRA_INCLUDES = -I\$(includedir) -I\$(APR_INCLUDEDIR) -I%{_includedir}/openssl|g" \ < prefork/build/config_vars.mk \ > $RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk install -m 644 build/special.mk \ @@ -335,11 +306,16 @@ echo %{mmn} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn mkdir $RPM_BUILD_ROOT%{contentdir}/html install -m 644 $RPM_SOURCE_DIR/index.html \ $RPM_BUILD_ROOT%{contentdir}/error/noindex.html -rm -r $RPM_BUILD_ROOT%{contentdir}/manual/style -rm $RPM_BUILD_ROOT%{contentdir}/manual/*/*.xml + +# remove manual sources +find $RPM_BUILD_ROOT%{contentdir}/manual \( \ + -name \*.xml -o -name \*.xml.* -o -name \*.ent -o -name \*.xsl -o -name \*.dtd \ + \) -print0 | xargs -0 rm -f install -m 644 $RPM_SOURCE_DIR/powered_by.gif \ $RPM_BUILD_ROOT%{contentdir}/icons +install -m 644 $RPM_SOURCE_DIR/powered_by_fedora.png \ + $RPM_BUILD_ROOT%{contentdir}/icons # logs rmdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/logs @@ -374,8 +350,7 @@ sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \ > $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8 # Remove unpackaged files -rm -f $RPM_BUILD_ROOT%{_libdir}/libapr{,util}.{a,la} \ - $RPM_BUILD_ROOT%{_libdir}/APRVARS $RPM_BUILD_ROOT%{_libdir}/*.exp \ +rm -f $RPM_BUILD_ROOT%{_libdir}/*.exp \ $RPM_BUILD_ROOT/etc/httpd/conf/mime.types \ $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \ $RPM_BUILD_ROOT%{_bindir}/ap?-config \ @@ -383,6 +358,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libapr{,util}.{a,la} \ $RPM_BUILD_ROOT%{contentdir}/htdocs/* \ $RPM_BUILD_ROOT%{contentdir}/cgi-bin/* +# Remove headers which needn't be public +rm -f $RPM_BUILD_ROOT%{_includedir}/httpd/{mpm*.h,ssl_expr_parse.h,ssl_util_table.h} + %pre # Add the "apache" user /usr/sbin/useradd -c "Apache" -u 48 \ @@ -426,13 +404,20 @@ root@${FQDN} EOF fi +%check +# Check the built modules are all PIC +if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then + : modules contain non-relocatable code + exit 1 +fi + %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) -%doc ABOUT_APACHE README CHANGES ROADMAP LICENSE +%doc ABOUT_APACHE README CHANGES LICENSE VERSIONING %doc migration.html migration.css %dir %{_sysconfdir}/httpd @@ -441,9 +426,10 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/httpd/run %dir %{_sysconfdir}/httpd/conf %config(noreplace) %{_sysconfdir}/httpd/conf/*.conf +%config(noreplace) %{_sysconfdir}/httpd/conf.d/welcome.conf %config(noreplace) %{_sysconfdir}/httpd/conf/magic -%config %{_sysconfdir}/logrotate.d/httpd +%config(noreplace) %{_sysconfdir}/logrotate.d/httpd %config %{_sysconfdir}/rc.d/init.d/httpd %dir %{_sysconfdir}/httpd/conf.d @@ -458,9 +444,6 @@ rm -rf $RPM_BUILD_ROOT %{_sbindir}/rotatelogs %attr(4510,root,%{suexec_caller}) %{_sbindir}/suexec -%{_libdir}/libapr.so.* -%{_libdir}/libaprutil.so.* - %dir %{_libdir}/httpd %dir %{_libdir}/httpd/modules # everything but mod_ssl.so: @@ -477,12 +460,12 @@ rm -rf $RPM_BUILD_ROOT %{contentdir}/icons/* %{contentdir}/error/README %{contentdir}/error/noindex.html -%config(noreplace) %{contentdir}/error/*.var -%config(noreplace) %{contentdir}/error/include/*.html +%config %{contentdir}/error/*.var +%config %{contentdir}/error/include/*.html %attr(0700,root,root) %dir %{_localstatedir}/log/httpd - %attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav +%attr(0700,apache,apache) %dir %{_localstatedir}/cache/mod_proxy %{_mandir}/man1/* @@ -509,8 +492,6 @@ rm -rf $RPM_BUILD_ROOT %files devel %defattr(-,root,root) -%{_libdir}/libapr.so -%{_libdir}/libaprutil.so %{_includedir}/httpd %{_sysconfdir}/httpd/build %{_sbindir}/apxs @@ -518,44 +499,114 @@ rm -rf $RPM_BUILD_ROOT %dir %{_libdir}/httpd/build %{_libdir}/httpd/build/*.mk %{_libdir}/httpd/build/instdso.sh -%{_libdir}/httpd/build/libtool %changelog -* Thu Mar 25 2004 Joe Orton 2.0.40-21.11 -- add security fix for CVE CAN-2004-0113 -- add fix for slow graceful restarts in prefork -- mod_deflate: update to recent version (#115280) -- mod_ssl: misc bug fixes -- core: add EnableSendfile directive (#78224) - -* Wed Feb 25 2004 Joe Orton 2.0.40-21.10 -- remove test that accept returns fd < FD_SETSIZE (#116576) - -* Tue Oct 28 2003 Joe Orton 2.0.40-21.9 -- add security fixes for CVE CAN-2003-0542, CAN-2003-0789 -- return test page for "/+" in default httpd.conf -- add bug fixes for #103049, #105725, #106454 -- further fixes for CGI regressions in -21.5 (#103744) - -* Thu Sep 11 2003 Joe Orton 2.0.40-21.6 -- fix for streaming CGIs (#103744) - -* Thu Jul 31 2003 Joe Orton 2.0.40-21.5 -- fix EXTRA_INCLUDES for #92313 +* Thu Oct 23 2003 Joe Orton 2.0.47-10 +- httpd.conf: configure test page in welcome.conf, load suexec, + don't use custom error docs by default, sync with upstream. +- add "Powered by Fedora" icon (Garrett LeSage) +- migration guide updates +- drop mod_cgid +- enable SSL_EXPERIMENTAL_ENGINE (#106858) +- drop minimum suexec gid to 100 (#74753, #107083) +- speed up graceful restarts in prefork (#105725) +- mod_ssl fixes + +* Wed Oct 22 2003 Joe Orton 2.0.47-9 +- updated index.html (Matt Wilson, #107378) +- change server version string comment to "(Fedora)" + +* Wed Oct 8 2003 Joe Orton 2.0.47-8 +- use -fPIE not -fpie to fix s390x (Florian La Roche) +- include VERSIONING in docdir + +* Mon Oct 6 2003 Joe Orton 2.0.47-7 +- enable PIE support +- include bug fix for #78019 + +* Mon Sep 8 2003 Joe Orton 2.0.47-6 +- update httpd.conf for manual changes (alietss@yahoo.com, #101015) +- use anonymous shm for LDAP auth cache (#103566) + +* Sun Sep 7 2003 Joe Orton 2.0.47-5 +- include unixd.h again +- fix EXTRA_INCLUDES + +* Mon Jul 28 2003 Joe Orton 2.0.47-4 - add mod_include fixes from upstream +- httpd.conf updates: wording fixes from upstream; load + mod_deflate by default, update AddLanguage section (#98455) +- don't add eNULL cipher in default ssl.conf (#98401) +- only bind to IPv4 addresses in default config (#98916) -* Wed Jul 9 2003 Joe Orton 2.0.40-21.4 -- add security fixes for CVE CAN-2003-0192, CAN-2003-0253, - CAN-2003-0254, CERT VU#379828 -- add bug fixes for #78019, #82985, #85022, #97111, #98545, #98653 -- install special.mk, fix apxs -q LIBTOOL (#92313) +* Thu Jul 24 2003 Joe Orton 2.0.47-3 +- fix for segfaults in php-snmp init (#97207) -* Tue May 20 2003 Joe Orton 2.0.40-21.3 -- add security fix for CAN-2003-0189 +* Wed Jul 23 2003 Joe Orton 2.0.47-2 +- fix apxs -c again + +* Mon Jul 14 2003 Joe Orton 2.0.47-1 +- update to 2.0.47 +- add mod_logio (#100436) +- remove Vendor tag + +* Thu Jul 10 2003 Joe Orton 2.0.45-14 +- use libtool script included in apr +- fix apxs -q LIBTOOL (more #92313) + +* Tue Jul 8 2003 Joe Orton 2.0.45-13 +- use system pcre library + +* Thu Jul 3 2003 Joe Orton 2.0.45-12 +- remove some installed headers +- fix for use of libtool 1.5 + +* Wed Jun 5 2003 Elliot Lee +- rebuilt -* Mon May 12 2003 Joe Orton 2.0.40-21.2 -- add security fix for CAN-2003-0245 -- add bug fixes for #88575, #89086, #89170, #89179 +* Thu Jun 5 2003 Joe Orton 2.0.45-10 +- fix apxs -g (#92313) + +* Sat May 31 2003 Joe Orton 2.0.45-9 +- trim manual sources properly +- remove ExcludeArch + +* Thu May 29 2003 Joe Orton 2.0.45-8 +- rebuild + +* Mon May 19 2003 Joe Orton 2.0.45-6 +- don't load /usr/sbin/envvars from apxs +- add fix for mod_dav_fs namespace handling +- add fix for mod_dav If header etag comparison +- remove irrelevant warning from mod_proxy +- don't conflict with thttpd (#91422) + +* Sun May 18 2003 Joe Orton 2.0.45-5 +- don't package any XML sources in httpd-manual +- fix examples in default httpd.conf for enabling caching + +* Sun May 18 2003 Joe Orton 2.0.45-4 +- change default charset to UTF-8 (#88964) + +* Thu May 15 2003 Joe Orton 2.0.45-3 +- update httpd.conf for changes from default in 2.0.45 +- include conf.d/*.conf after loading standard modules +- include LDAP and cache modules (#75370, #88277) +- run buildconf in %%build not %%prep + +* Tue May 13 2003 Joe Orton 2.0.45-2 +- have apxs always use /usr/bin/libtool + +* Mon May 5 2003 Joe Orton 2.0.45-1 +- update to 2.0.45 (#82227) +- use separate apr, apr-util packages (#74951) +- mark logrotate file as noreplace (#85654) +- mark all of /var/www/error as %%config-not-noreplace +- remove dates from error pages (#86474) +- don't enable mod_cgid for worker MPM (#88819) + +* Wed Apr 30 2003 Elliot Lee 2.0.40-22 +- headusage patch to fix build on ppc64 etc. * Tue Apr 1 2003 Joe Orton 2.0.40-21.1 - add security fixes for CAN-2003-0020, CAN-2003-0132, CAN-2003-0083 diff --git a/index.html b/index.html index dd02a9b..89ad8d4 100644 --- a/index.html +++ b/index.html @@ -1,86 +1,127 @@ - - - - Test Page for the Apache Web Server on Red Hat Linux - - - + -

Test Page

- This page is used to test the proper operation of the Apache Web server after - it has been installed. If you can read this page, it means that the Apache - Web server installed at this site is working properly. + + + Test Page for the Apache HTTP Server on Fedora Core -
+ + -

If you are the administrator of this website:

-

- You may now add content to this directory, and replace this page. Note that - until you do so, people visiting your website will see this page, and not your - content. -

+ +

Fedora Core Test Page

-

If you have upgraded from Red Hat Linux 6.2 and earlier, then you are - seeing this page because the default DocumentRoot - set in /etc/httpd/conf/httpd.conf has changed. Any subdirectories - which existed under /home/httpd should now be moved to - /var/www. Alternatively, the contents of /var/www can be - moved to /home/httpd, and the configuration file can be updated - accordingly. -

+
+
+

This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the Apache HTTP server installed at this site is working properly.

+
+
-
-

If you are a member of the general public:

+
+
+

If you are a member of the general public:

-

- The fact that you are seeing this page indicates that the website you just - visited is either experiencing problems, or is undergoing routine maintenance. -

+

The fact that you are seeing this page indicates that the website you just visited is either experiencing problems, or is undergoing routine maintenance.

-

- If you would like to let the administrators of this website know that you've - seen this page instead of the page you expected, you should send them e-mail. - In general, mail sent to the name "webmaster" and directed to the website's - domain should reach the appropriate person. -

+

If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.

-

- For example, if you experienced problems while visiting www.example.com, - you should send e-mail to "webmaster@example.com". -

+

For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".

-
+

For information on Fedora Core, please visit the Fedora Project website.

+
+
-

- The Apache documentation has been included - with this distribution. -

+
+

If you are the website administrator:

-

- For documentation and information on Red Hat Linux, please visit the - Red Hat, Inc. website. The manual for - Red Hat Linux is available here. -

+

You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.

-

- You are free to use the image below on an Apache-powered Web - server. Thanks for using Apache! -

+
+

You are free to use the image below on Apache and Fedora Core powered HTTP server. Thanks for using Apache and Fedora Core!

-

- [ Powered -by Apache ] -

- -

- You are free to use the image below on a Red Hat Linux-powered Web - server. Thanks for using Red Hat Linux! -

- -

- [ Powered -by Red Hat Linux ] -

- - +

[ Powered by Apache ] [ Powered by Fedora Core ]

+
+
+
+
+ + diff --git a/migration.xml b/migration.xml index ebeacdd..db5d5e3 100644 --- a/migration.xml +++ b/migration.xml @@ -16,6 +16,11 @@ htdbm"> dbmmanage"> + + +prefork"> +worker"> + ]>
@@ -25,11 +30,11 @@ -This HOWTO covers the migration of Red Hat Linux webservers from -Red Hat's Apache 1.3 packages to Red Hat's Apache 2.0 packages. It -explains the relevant differences between the 1.3 and 2.0 packages, -and describes the process required to migrate your server's -configuration from 1.3 to 2.0. +This HOWTO covers the migration of &distro; web servers from +version 1.3 of the Apache HTTP server to version 2.0. It explains the +relevant differences between the 1.3 and 2.0 packages, and describes +the process required to migrate the server configuration from 1.3 to +2.0. @@ -77,19 +82,14 @@ linkend="mod_auth_dbm"/>); the logrotate configuration file has been renamed from /etc/logrotate.d/apache to /etc/logrotate.d/httpd. - - Migrating your configuration -If you have upgraded your server from a previous version of Red -Hat Linux upon which Apache was installed then the stock configuration +If you have upgraded your server from a previous version of +&distro; upon which Apache was installed then the stock configuration file from the Apache 2.0 package will have been created as /etc/httpd/conf/httpd.conf.rpmnew, leaving your original &httpdconf; untouched. It is, of course, entirely up to you @@ -101,8 +101,8 @@ for both 1.3 and 2.0 are divided into three sections, and for each of these this document will suggest what is hopefully the easiest route. -If your &httpdconf; is a modified version of the default Red Hat -one and you have saved a copy of the original then you may find the +If your &httpdconf; has been modified from the default +and you have saved a copy of the original then you may find the diff command comes in handy. Invoked as: @@ -190,19 +190,25 @@ url="http://httpd.apache.org/docs-2.0/mod/core.html#servername">ServerN In Apache 2.0, the responsibility for accepting requests and dispatching children to handle them has been abstracted into a group of modules called Multi-Processing Modules (MPMs); the original Apache -1.3 behaviour has now been moved into the prefork MPM. +1.3 behaviour has now been moved into the &prefork; MPM. -The MPM supplied by default on Red Hat Linux is prefork which +The MPM used by default on &distro; is &prefork; which accepts the same directives (StartServers, MinSpareServers, MaxSpareServers, MaxClients and MaxRequestsPerChild) as Apache 1.3 and as such the values of these directives may be migrated across directly. -In the stock Apache 2.0 configuration file you may notice -directives for two other MPMs: worker and perchild. Currently only -the prefork MPM is available on Red Hat Linux, although other MPMs may -be made available at some later date. +An alternative, thread-based MPM called &worker; is also available; +to use this MPM, add the line: + + + +HTTPD=/usr/sbin/httpd.worker + + + +to the file /etc/sysconfig/httpd. See also: @@ -220,8 +226,8 @@ Multi-Processing Modules There are many changes required here and it is highly recommended that anyone trying to modify an Apache 1.3 configuration to suit Apache 2.0 (as opposed to migrating your changes into the -Apache 2.0 configuration) simply copy this section from the stock Red -Hat Linux Apache 2.0 configuration. If you do decide to try and +Apache 2.0 configuration) simply copy this section from the stock +&distro; Apache 2.0 configuration. If you do decide to try and modify your original file, please note that it is of paramount importance that your &httpdconf; contains the following directive: @@ -285,7 +291,7 @@ replace these with Include directives. To ensure that the files are read in the order implied by the older directives the Include directives should be placed at the end of &httpdconf;, with the one corresponding to -ResourceConfig preceeding the one corresponding to +ResourceConfig preceding the one corresponding to AccessConfig. If you were making use of the default values you will need to include them explicitly as conf/srm.conf and @@ -351,7 +357,7 @@ url="http://httpd.apache.org/docs-2.0/mod/mod_userdir.html#userdir">Use The AgentLog, RefererLog and RefererIgnore directives have been removed. -Agent and referer logs are still available using the +Agent and referrer logs are still available using the CustomLog and LogFormat directives. @@ -483,7 +489,7 @@ imagination. The way this actually works is that each request is served by exactly one handler module followed by zero or more filter modules. Under Apache 1.3, for -example, a PHP script would be handled in it's entirity by the PHP +example, a PHP script would be handled entirely by the PHP module; under Apache 2.0 the request is initially handled by the core module (which serves static files) and subsequently filtered by the PHP @@ -847,7 +853,7 @@ example: <Directory /var/www/perl> SetHandler perl-script - PerlHandler ModPerl::Registry::handler + PerlResponseHandler ModPerl::Registry Options +ExecCGI </Directory> @@ -879,6 +885,33 @@ have the statement Include conf.d/*.conf in your &httpdconf; as described in . + + +suexec + +In Apache 2.0, suexec is configured using the new +SuexecUserGroup directive rather than +User and Group. + + +Apache 1.3 suexec configuration + +<VirtualHost vhost.example.com:80> + User someone + Group somegroup +</VirtualHost> + + + + +Equivalent Apache 2.0 suexec configuration + +<VirtualHost vhost.example.com:80> + SuexecUserGroup someone somegroup +</VirtualHost> + + + @@ -912,13 +945,4 @@ version than &mod_ssl; package for 1.3. - -
diff --git a/powered_by_fedora.png b/powered_by_fedora.png new file mode 100644 index 0000000..2b5b7d3 Binary files /dev/null and b/powered_by_fedora.png differ diff --git a/sources b/sources index acc6529..e77b55b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -fdb35bc3b5b7833e45a455b56a0d0be5 httpd-2.0.40.tar.gz +63f16638c18b140b649fab32b54d7f9c httpd-2.0.47.tar.gz diff --git a/ssl.conf b/ssl.conf index c8c3eb9..abf13bc 100644 --- a/ssl.conf +++ b/ssl.conf @@ -56,9 +56,8 @@ SSLPassPhraseDialog builtin # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). #SSLSessionCache none -#SSLSessionCache shmht:/var/cache/mod_ssl/scache(512000) -#SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) -SSLSessionCache dbm:/var/cache/mod_ssl/scache +#SSLSessionCache dbm:/var/cache/mod_ssl/scache(512000) +SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 # Semaphore: @@ -83,16 +82,28 @@ SSLRandomSeed connect builtin #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec + ## ## SSL Virtual Host Context ## -# General setup for the virtual host -DocumentRoot "/var/www/html" -ServerName new.host.name:443 -ServerAdmin you@your.address +# General setup for the virtual host, inherited from global configuration +#DocumentRoot "/var/www/html" +#ServerName new.host.name:443 +#ServerAdmin you@your.address + +# Use separate log files: ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log @@ -103,7 +114,7 @@ SSLEngine on # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. -SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL +SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If @@ -141,7 +152,7 @@ SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCACertificatePath /etc/httpd/conf/ssl.crt -#SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt +#SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt # Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client @@ -196,10 +207,6 @@ SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key # because the extraction step is an expensive operation and is usually # useless for serving static content. So one usually enables the # exportation for CGI and SSI requests only. -# o CompatEnvVars: -# This exports obsolete environment variables for backward compatibility -# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this -# to provide compatibility to existing CGI scripts. # o StrictRequire: # This denies access when "SSLRequireSSL" or "SSLRequire" applied even # under a "Satisfy any" situation, i.e. when it applies access is denied diff --git a/welcome.conf b/welcome.conf new file mode 100644 index 0000000..c1d23c5 --- /dev/null +++ b/welcome.conf @@ -0,0 +1,11 @@ +# +# This configuration file enables the default "Welcome" +# page if there is no default index page present for +# the root URL. To disable the Welcome page, comment +# out all the lines below. +# + + Options -Indexes + ErrorDocument 403 /error/noindex.html + +