#New ADVX macros
%define ADVXdir %{_datadir}/ADVX
%{expand:%(cat %{ADVXdir}/ADVX-build)}
%{expand:%%define apache_version %(rpm -q apache-devel|sed 's/apache-devel-\([0-9].*\)-.*$/\1/')}
%{expand:%%define apache_release %(rpm -q apache-devel|sed 's/apache-devel-[0-9].*-\(.*\)$/\1/')}
%{expand:%%define mm_major %(mm-config --version|sed 's/MM \([0-9]\)\.\([0-9.].*\) \(.*\)$/\1/')}
%{expand:%%define mm_minor %(mm-config --version|sed 's/MM \([0-9]\)\.\([0-9.].*\) \(.*\)$/\2/')}
%define mm_version %{mm_major}.%{mm_minor}
%define sysconfdir /etc
Summary: An SSL module for the Apache Web server
Name: mod_ssl
Version: 2.8.19
Release: 1.1.101mdk
Group: System/Servers
URL: http://www.modssl.org
Source0: http://www.modssl.org/source/mod_ssl-%{version}-%{apache_version}.tar.bz2
Source1: mod_ssl.conf
Source2: server.crt
Source3: server.key
Source5: ssl.default-vhost.conf
Source7: gentestcrt.sh
Source8: mod_ssl.conf.ppc
Patch0: ssl.patch.bz2
Patch1: mod_ssl-2.8.2-cca.sh.patch.bz2
Patch2: mod_ssl-2.8.12-1.3.27-lib64.patch.bz2
Patch3: mod_ssl-2.8.20-CAN-2004-0885.patch
License: Apache License
Prereq: apache = %{apache_version}
Prereq: apache-common >= %{apache_version}
Prereq: apache-conf >= %{apache_version}
Prereq: mm = %{mm_major}.%{mm_minor}
Prereq: openssl >= 0.9.7
BuildRequires: ADVX-build >= 1.2
BuildRequires: apache-devel, openssl-devel >= 0.9.7, openssl >= 0.9.7
BuildRoot: %_tmppath/%name-%version-%release-root
%description
The mod_ssl project provides strong cryptography for the Apache 1.3 webserver
via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is
based on SSLeay from Eric A. Young and Tim J. Hudson.
The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was
originally derived from software developed by Ben Laurie for use in the
Apache-SSL HTTP server project. The mod_ssl package is licensed under a
BSD-style licence, which basically means that you are free to get and use it
for commercial and non-commercial purposes.
%prep
%setup -q -n mod_ssl-%{version}-%{apache_version}
%patch1 -p0 -b .cca.sh
%patch2 -p1 -b .lib64
%patch3 -p0 -b .can-2004-0885
cd pkg.sslmod
%patch -p1
cd ../..
pwd
cd mod_ssl-%{version}-%{apache_version}
perl -pi -e "s|Apache/|Apache-AdvancedExtranetServer/|g;" configure
%build
#Hack to build without apache, just apache-devel.
perl -pi -e "s|APV=|APV=%{apache_version}\nAP2=|;" configure
PATH="$PATH:`pwd`" SSL_BASE=SYSTEM CFLAGS="`%{_sbindir}/apxs -q CFLAGS`" \
./configure --with-apxs=%{_sbindir}/apxs --libdir=%{_libdir}
### Ugly hack because of conflict between SunOS includes and gcc includes
if [ `uname` = "SunOS" ]; then
mkdir /tmp/include
ln -s %{includedir}/openssl/ /tmp/include/openssl
SSL_INCDIR=/tmp/include CFLAGS_SHLIB="-fPIC -DSHARED_MODULE -DSSL_USE_SDBM" make -e
rm -rf /tmp/include
fi
if [ `uname` = "Linux" ]; then
CFLAGS_SHLIB="-fPIC -DSHARED_MODULE -DSSL_USE_SDBM" make -e
fi
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}%{_libdir}/apache-extramodules
install -m 755 pkg.sslmod/libssl.so \
%{buildroot}%{_libdir}/apache-extramodules
mkdir -p %{buildroot}%{_libdir}/ssl/mod_ssl
install -m 755 pkg.contrib/*.sh %{buildroot}%{_libdir}/ssl/mod_ssl
install -m 755 %{SOURCE7} %{buildroot}%{_libdir}/ssl/mod_ssl
mkdir -p %{buildroot}{%{ap_base}/conf/ssl,%{_sysconfdir}/ssl/apache}
# install mod_ssl.conf
%ifarch ppc
install -m 644 %{SOURCE8} %{buildroot}%{ap_base}/conf/ssl/mod_ssl.conf
%else
install -m 644 %{SOURCE1} %{buildroot}%{ap_base}/conf/ssl
%endif
# install server.crt
install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/ssl/apache
# install server.key
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/ssl/apache
# install ssl.default-vhost.conf
install -m 644 %{SOURCE5} %{buildroot}%{ap_base}/conf/ssl
mkdir -p %{buildroot}%{ap_webdoc}
pushd %{buildroot}%{ap_webdoc}
ln -s ../../../..%{_docdir}/mod_ssl-%{version} mod_ssl-%{version}
popd
%pre
#Check config file sanity
%AP13pre
%post
if [ $1 = "1" ]; then
#We're in Install mode, add module to the config files
for config in %{ap_base}/conf/{httpd,httpd-perl}.conf; do
if [ -x %{_sbindir}/advxaddmod -a -e $config ]; then
%{_sbindir}/advxaddmod $config \
extramodules/libssl.so mod_ssl.c ssl_module \
define=HAVE_SSL addconf=conf/ssl/mod_ssl.conf
fi
echo "Include conf/ssl/ssl.default-vhost.conf" >> $config
done
#Create a self-signed server key and certificate
#this will overwrite the dummy certificate
echo "Generating self-signed certificate"
pushd %{_sysconfdir}/ssl/apache/ >/dev/null
yes ""|%{_libdir}/ssl/mod_ssl/gentestcrt.sh >/dev/null 2>/dev/null
popd > /dev/null
%ADVXpost
fi
alias FIXME="perl -pi -e"
if [ $1 -gt 1 ]; then
#We're in *upgrade mode*. Since we can't be sure the configuration files
#are sane, remove module from the conf files to clean them, re-add again
#in a way that the older module we're replacing won't try to erase (the
#post scripts were broken on some packages), and finally clean the module
#specific config file so it's compatible with the upgrade.
for config in %{ap_base}/conf/{httpd,httpd-perl}.conf; do
if [ -x %{_sbindir}/advxdelmod -a -e $config ]; then
%{_sbindir}/advxdelmod $config \
extramodules/libssl.so mod_ssl.c ssl_module \
define=HAVE_SSL addconf=conf/ssl/mod_ssl.conf
FIXME 's|^#*Include\s+conf/ssl/ssl.default-vhost.conf\n||g;' \
$config
fi
if [ -x %{_sbindir}/advxaddmod -a -e $config ]; then
%{_sbindir}/advxaddmod $config \
extramodules/libssl.so mod_ssl.c ssl_module \
define=HAVE_SSL addconf=conf/ssl/mod_ssl.conf
echo "Include conf/ssl/ssl.default-vhost.conf" >> $config
fi
done
if [ -x %{_sbindir}/advxfixconf ]; then
%{_sbindir}/advxfixconf \
%{ap_base}/conf/ssl/mod_ssl.conf \
libssl.so mod_ssl.c ssl_module ifmodule
%{_sbindir}/advxfixconf \
%{ap_base}/conf/ssl/ssl.default-vhost.conf \
libssl.so mod_ssl.c ssl_module ifmodule
fi
%ifnarch ppc
FIXME 's|file:logs/ssl_mutex|sem|g;' \
%{ap_base}/conf/ssl/mod_ssl.conf
%endif
#Create a self-signed server key and certificate
#this will overwrite the dummy certificate, but will
#not overwrite a user-generated certificate, since we
#use config noreplace and it checks the mdsum
echo "Generating self-signed certificate"
pushd %{_sysconfdir}/ssl/apache/ > /dev/null
yes ""|%{_libdir}/ssl/mod_ssl/gentestcrt.sh >/dev/null 2>/dev/null
popd > /dev/null
if [ ! -e %{_libdir}/apache/libssl.so ]; then
%ADVXpost
fi
fi
%postun
alias FIXME="perl -pi -e"
if [ $1 = "0" ]; then
for config in %{ap_base}/conf/{httpd,httpd-perl}.conf; do
if [ -x %{_sbindir}/advxdelmod -a -e $config ]; then
%{_sbindir}/advxdelmod $config \
extramodules/libssl.so mod_ssl.c ssl_module \
define=HAVE_SSL addconf=conf/ssl/mod_ssl.conf
FIXME 's|^#*Include\s+conf/ssl/ssl.default-vhost.conf\n||g;' \
$config
fi
done
%ADVXpost
fi
%files
%defattr(-,root,root)
%dir %{ap_base}/conf/ssl
%dir %{_sysconfdir}/ssl/apache
%config(noreplace) %{_sysconfdir}/ssl/apache/server.crt
%config(noreplace) %{_sysconfdir}/ssl/apache/server.key
%config(noreplace) %{ap_base}/conf/ssl/mod_ssl.conf
%config(noreplace) %{ap_base}/conf/ssl/ssl.default-vhost.conf
%{ap_webdoc}/*
%doc pkg.ssldoc/*
%doc ANNOUNCE
%doc CHANGES
%doc CREDITS
%doc LICENSE
%doc NEWS
%doc README
%doc README.GlobalID
%doc README.Support
%doc README.Versions
%doc README.Wishes
%{_libdir}/apache-extramodules/libssl.so
%dir %{_libdir}/ssl/mod_ssl
%{_libdir}/ssl/mod_ssl/*.sh
%clean
rm -rf %{buildroot}
%changelog
* Wed Oct 27 2004 Vincent Danen <vdanen@mandrakesoft.com> 2.8.19-1.1.101mdk
- security fix for CAN-2004-0885
* Sun Jul 18 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.8.19-1mdk
- 2.8.19 (Minor security fixes)
* Tue Jul 13 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.8.18-2mdk
- remove redundant provides
* Thu Jun 10 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.8.18-1mdk
- www.modssl.org wasn't availible last night, so update
mod_ssl to v2.8.18 today
* Wed Jun 09 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.8.17-1mdk
- 2.8.17
- built for apache 1.3.31
* Sun Nov 09 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.8.16-1mdk
- 2.8.16
- built for apache 1.3.29
* Mon Sep 15 2003 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.8.15-1mdk
- security release and bugfixes
* Fri Jul 18 2003 Per Øyvind Karlsen <peroyvind@sintrax.net> 2.8.12-9mdk
- added openssl to buildrequires, the test scripts need it
* Thu Feb 13 2003 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.8.12-8mdk
- new macros from ADVX-build
* Sat Jan 18 2003 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.8.12-7mdk
- rebuild with new openssl
* Tue Jan 7 2003 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.8.12-6mdk
- Fix post scripts a bit, but need major rewrite eventually.
* Mon Jan 6 2003 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.8.12-5mdk
- Rebuild
- Add Provides: ADVXpackage, all ADVX package will have this tag,
so we can easily do a rpm --whatprovides ADVXpackage to find out
what ADVX packages a user has installed on his system.
* Wed Nov 27 2002 Gwenole Beauchesne <gbeauchesne@mandrakesoft.com> 2.8.12-4mdk
- Update Patch2 (lib64) to really use $CC in case that one has -m32 flag in
* Wed Nov 27 2002 Gwenole Beauchesne <gbeauchesne@mandrakesoft.com> 2.8.12-3mdk
- BuildPrereq: /usr/sbin/httpd
- Patch2: Make it lib64 aware.
* Fri Nov 8 2002 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.8.12-2mdk
- Rebuild for Cooker
* Mon Oct 28 2002 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.8.12-1mdk
- New Security version
- Rebuild with new apache
* Fri Aug 16 2002 Christian Belisle <cbelisle@mandrakesoft.com> 2.8.10-5mdk
- rebuild against latest openssl.
* Mon Aug 12 2002 Christian Belisle <cbelisle@mandrakesoft.com> 2.8.10-4mdk
- rebuild against latest openssl.
* Tue Jul 9 2002 Pixel <pixel@mandrakesoft.com> 2.8.10-3mdk
- rebuild (so that it builds with "-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64")
=> fix segfault
* Wed Jul 03 2002 Vincent Danen <vdanen@mandrakesoft.com> 2.8.10-2mdk
- certs go in /etc/ssl/apache
- PPC fix for SSLMutex (use file, not semaphore for PPC)
* Wed Jun 26 2002 Christian Belisle <cbelisle@mandrakesoft.com> 2.8.10-1mdk
- rebuild against new apache.
- new version 2.8.10.
* Thu May 16 2002 Christian Belisle <cbelisle@mandrakesoft.com> 2.8.8-2mdk
- Rebuild with gcc 3.1.
- Rebuild against new openssl.
* Mon Apr 15 2002 Christian Belisle <cbelisle@mandrakesoft.com> 2.8.8-1mdk
- Apache 1.3.24.
- mod_ssl 2.8.8.
* Sat Mar 23 2002 David BAUDENS <baudens@mandrakesoft.com> 2.8.7-3mdk
- Fix BuildRequires
* Mon Mar 02 2002 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.8.7-2mdk
- Rebuild against apache to ensure 100% EAPI compatibility
* Tue Feb 28 2002 Christian Belisle <cbelisle@mandrakesoft.com> 2.8.7-1mdk
- 2.8.7.
* Mon Feb 04 2002 Christian Belisle <cbelisle@mandrakesoft.com> 2.8.6-1mdk
- 2.8.6.
- Rebuild against latest apache.
* Mon Jan 22 2002 Christian Belisle <cbelisle@mandrakesoft.com> 2.8.5-4mdk
- Rebuild against latest openssl.
* Mon Dec 3 2001 Stefan van der Eijk <stefan@eijk.nu> 2.8.5-3mdk
- Remove %%dir %%{_libdir}/ssl (dir owned by openssl)
* Thu Nov 22 2001 Christian Belisle <cbelisle@mandrakesoft.com> 2.8.5-2mdk
- Fix invalid-packager and no-url warnings (rpmlint).
- apply -q option to setup
* Tue Oct 16 2001 Christian Belisle <cbelisle@mandrakesoft.com> 2.8.5-1mdk
- 2.8.5.
- apache 1.3.22.
* Fri Oct 12 2001 Stefan van der Eijk <stefan@eijk.nu> 2.8.4-3mdk
- BuildRequires: openssl --> openssl-devel
- Replaced entries of RPM SOURCE DIR (make rpmlint happy)
* Tue Sep 04 2001 Christian Belisle <cbelisle@mandrakesoft.com> 2.8.4-2mdk
- rebuild against latest version of OpenSSL.
* Wed Jul 11 2001 Philippe Libat <philippe@mandrakesoft.com> 2.8.4-1mdk
- new version
* Wed May 16 2001 Geoffrey Lee <snailtalk@mandrakesoft.com> 2.8.2-6mdk
- Fix cca.sh OpenSSL binary location.
* Sat Apr 14 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.8.2-5mdk
- fixed config with proxied perl
* Fri Apr 13 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.8.2-4mdk
- fixed prereqs
- fixed post script that was too verbose
* Fri Apr 13 2001 David Baudens <baudens@mandrakesoft.com> 2.8.2-3mdk
- Use %_tmppath for BuildRoot (allow build as user)
* Mon Apr 9 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.8.2-2mdk
- removed mod_ssl-sxnet, will be in a separate package
- fixed the post scripts, updates should work now
- got rid of the static server certificate and key, we now generate a
self-signed test certificate during install (as discussed on the
security mailing list)
- fix the SSLMutex directive to get rid of the Mutex temporary file
that "spammed" the error_log.
* Sun Apr 08 2001 Stefan van der Eijk <stefan@eijk.nu> 2.8.2-1mdk
- updated to 2.8.2
- adjusted mod_ssl.patch
* Wed Mar 07 2001 Geoffrey Lee <snailtalk@mandrakesoft.com> 2.7.1-3mdk
- Rebuild, a long time request of cookers.
* Tue Oct 24 2000 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.7.1-2mdk
- fixed packager tag
* Sat Oct 21 2000 Jean-Michel Dailt <jmdault@mandrakesoft.com> 2.7.1-1mdk
- bugfix release for apache bugfix and security release
* Thu Aug 24 2000 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.6.6-1mdk
- new and shiny 2.6.6
* Wed Aug 09 2000 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.6.5-3mdk
- Fixed ssl.default-vhost.conf for FHS
* Wed Aug 09 2000 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.6.5-2mdk
- Macroize
- FHS compliance
- Now in cooker because there is no cooker-crypto and it depends heavily
on the openssl version in cooker
* Fri Jul 14 2000 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.6.5-1mdk
- 2.6.5
- use new AESctl for %post scripts
* Mon May 08 2000 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.6.4-1mdk
- 2.6.4 (more bugfixes)
* Mon Apr 17 2000 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.6.3-1mdk
- 2.6.3 (bug fixes)
- re-made documentation
* Sun Apr 02 2000 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.6.2-2mdk
- fixed defattr
* Sun Apr 02 2000 Jean-Michel Dault <jmdault@mandrakesoft.com> 2.6.2-1mdk
- 2.6.2
- fix group
* Tue Feb 29 2000 Jean-Michel Dault <jmdault@netrevolution.com> 2.6.1-1mdk
- update to 2.6.1
* Mon Feb 28 2000 Jean-Michel Dault <jmdault@netrevolution.com> 2.6.0-3mdk
- added Thawte logo in mod_sxnet documentation
* Sun Feb 27 2000 Jean-Michel Dault <jmdault@netrevolution.com> 2.6.0-2mdk
- fixed segfault in CustomLogs
* Sun Feb 27 2000 Jean-Michel Dault <jmdault@netrevolution.com> 2.6.0-1mdk
- updated to 2.6.0
* Sun Jan 23 2000 Jean-Michel Dault <jmdault@netrevolution.com>
- updated to 2.5.0
* Wed Jan 19 2000 Jean-Michel Dault <jmdault@netrevolution.com>
- updated to 2.4.10
* Mon Jan 3 2000 Jean-Michel Dault <jmdault@netrevolution.com>
- final cleanup for Mandrake 7
* Thu Dec 30 1999 Jean-Michel Dault <jmdault@netrevolution.com>
- rebuilt for Mandrake 7.0
* Sat Dec 12 1999 Jean-Michel Dault <jmdault@netrevolution.com>
- updated to 2.4.9
* Mon Sep 06 1999 Jean-Michel Dault <jmdault@netrevolution.com>
- re-build for mm 1.0.11
- changed post script to stop, then start httpd, instead of restart,
because it didn't restart cleanly
* Fri Sep 3 1999 Jean-Michel Dault <jmdault@netrevolution.com>
- modified config file
- rebuilt for new mm-1.0.10 module in Apache
* Wed Sep 1 1999 Jean-Michel Dault <jmdault@netrevolution.com>
- updated to 2.4.1
* Wed Aug 18 1999 Jean-Michel Dault <jmdault@netrevolution.com>
- updated to 2.4.0
* Mon Aug 16 1999 Jean-Michel Dault <jmdault@netrevolution.com>
- build for apache 1.3.9
* Sun Aug 15 1999 Jean-Michel Dault <jmdault@netrevolution.com>
- updated to 2.3.11
- cleaned SPEC file, Solaris/UltraSparc adaptation
* Sat Jul 31 1999 Jean-Michel Dault <jmdault@netrevolution.com>
- updated to 2.3.10
- changed postun script
* Thu Jul 29 1999 Jean-Michel Dault <jmdault@netrevolution.com>
- updated again to 2.3.9
* Tue Jul 22 1999 Jean-Michel Dault <jmdault@netrevolution.com>
- updated to 2.3.6
- modified config so Linuxconf could manage it (I hope...)
* Sat Jun 05 1999 Jean-Michel Dault <jmdault@netrevolution.com>
- moved documentation in html
- rebuilt for the new optimized apache
* Sun May 30 1999 Jean-Michel Dault <jmdault@netrevolution.com>
- updated to 2.3.1
- add fr locale
- added sxnet (Secure ExtraNet) package from Thawte
* Sun May 23 1999 Bernhard Rosenkränzer <bero@mandrakesoft.com>
- handle RPM_OPT_FLAGS
- add de locale
- don't require openssl-devel
