--- httpd.spec.orig 2010-02-28 05:01:55.000000000 -0500 +++ httpd.spec 2010-02-28 05:03:44.000000000 -0500 @@ -7,7 +7,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.2.14 -Release: 1%{?dist} +Release: 1.scripts.%{scriptsversion}%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz Source1: index.html @@ -57,6 +57,13 @@ Conflicts: pcre < 4.0 Requires: httpd-tools = %{version}-%{release}, apr-util-ldap +Provides: scripts-httpd +Patch1000: httpd-suexec-scripts.patch +Patch1003: httpd-2.2.x-mod_status-security.patch +Patch1004: httpd-2.2.x-304.patch +Patch1005: httpd-2.2.x-mod_ssl-sessioncaching.patch +Patch1006: httpd-suexec-cloexec.patch + %description The Apache HTTP Server is a powerful, efficient, and extensible web server. @@ -104,6 +111,7 @@ Requires(post): openssl >= 0.9.7f-4, /bin/cat Requires(pre): httpd Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmn} +Provides: scripts-mod_ssl Obsoletes: stronghold-mod_ssl %description -n mod_ssl @@ -133,6 +141,12 @@ # Patch in vendor/release string sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1 +%patch1000 -p1 -b .scripts +%patch1003 -p1 -b .permitstatus +%patch1004 -p1 -b .scripts-304 +%patch1005 -p1 -b .ssl-sessioncache +%patch1006 -p1 -b .cloexec + # Safety check: prevent build if defined MMN does not equal upstream MMN. vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'` if test "x${vmmn}" != "x%{mmn}"; then @@ -181,10 +195,12 @@ --with-apr=%{_prefix} --with-apr-util=%{_prefix} \ --enable-suexec --with-suexec \ --with-suexec-caller=%{suexec_caller} \ - --with-suexec-docroot=%{contentdir} \ + --with-suexec-docroot=/ \ + --with-suexec-userdir=web_scripts \ + --with-suexec-trusteddir=/usr/libexec/scripts-trusted \ --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \ --with-suexec-bin=%{_sbindir}/suexec \ - --with-suexec-uidmin=500 --with-suexec-gidmin=100 \ + --with-suexec-uidmin=50 --with-suexec-gidmin=50 \ --enable-pie \ --with-pcre \ $*