2.4.26 and

update Patch19 and Patch25 from Fedora
  http://pkgs.fedoraproject.org/cgit/rpms/httpd.git/commit/?id=59afc1533e764a1108136ae1aab3671632aa3797
refresh Patch28
update Patch57 from Fedora
  http://pkgs.fedoraproject.org/cgit/rpms/httpd.git/commit/?id=fd6452a0f2d4aa85e5f8e757be7f0b89511cdf0e
update Source6 and Source27 and add latest version of Source32 from Fedora
  http://pkgs.fedoraproject.org/cgit/rpms/httpd.git/commit/?id=fce414a1c1f39ab4631e9747b212e037276d295d
remove Patch58, fixed upstream

SOURCES/httpd-2.4.10-sigint.patch

@@ -1,32 +1,18 @@
-From 20656c3b77cc548b59fea3bde5e2b7705d71c427 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jan=20Kalu=C5=BEa?= <[email protected]>
-Date: Mon, 18 Aug 2014 07:43:43 +0000
-Subject: [PATCH] prefork: Ignore SIGINT in child. This fixes race-condition in
- signals handling when httpd is runnning on foreground and user hits ctrl+c.
- In this case, SIGINT is sent to all children followed by SIGTERM from the
- main process, which interrupts the SIGINT handler and leads to inconsistency
- (process freezes or crashes).
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1618555 13f79535-47bb-0310-9956-ffa450edef68
----
- server/mpm/prefork/prefork.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
 diff --git a/server/mpm/prefork/prefork.c b/server/mpm/prefork/prefork.c
-index 8790ec0..d6c038b 100644
+index 559f90a..a386a75 100644
 --- a/server/mpm/prefork/prefork.c
 +++ b/server/mpm/prefork/prefork.c
-@@ -222,6 +222,9 @@ static void clean_child_exit(int code)
+@@ -220,6 +220,9 @@ static void clean_child_exit(int code)
  {
-     mpm_state = AP_MPMQ_STOPPING;
+     retained->mpm->mpm_state = AP_MPMQ_STOPPING;
 
 +    apr_signal(SIGHUP, SIG_IGN);
 +    apr_signal(SIGTERM, SIG_IGN);
 +
      if (pchild) {
          apr_pool_destroy(pchild);
      }
-@@ -817,6 +820,13 @@ static int make_child(server_rec *s, int slot)
+@@ -699,6 +702,13 @@ static int make_child(server_rec *s, int slot, int bucket)
           */
          apr_signal(SIGHUP, just_die);
          apr_signal(SIGTERM, just_die);
@@ -40,6 +26,3 @@ index 8790ec0..d6c038b 100644
          /* The child process just closes listeners on AP_SIG_GRACEFUL.
           * The pod is used for signalling the graceful restart.
           */
--- 
-2.0.4
-

SOURCES/httpd-2.4.25-detect-systemd.patch

@@ -0,0 +1,75 @@
+diff -uap httpd-2.4.25/acinclude.m4.detectsystemd httpd-2.4.25/acinclude.m4
+diff -uap httpd-2.4.25/acinclude.m4.detectsystemd httpd-2.4.25/acinclude.m4
+diff -uap httpd-2.4.25/acinclude.m4.detectsystemd httpd-2.4.25/acinclude.m4
+--- httpd-2.4.25/acinclude.m4.detectsystemd
++++ httpd-2.4.25/acinclude.m4
+@@ -604,6 +604,30 @@
+   fi
+ ])
+
++AC_DEFUN(APACHE_CHECK_SYSTEMD, [                                                                        
++dnl Check for systemd support for listen.c's socket activation.
++case $host in
++*-linux-*)
++   if test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd; then
++      SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
++   elif test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd-daemon; then
++      SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd-daemon`
++   else
++      AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon")
++   fi
++   if test -n "$SYSTEMD_LIBS"; then
++      AC_CHECK_HEADERS(systemd/sd-daemon.h)
++      if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then
++        AC_MSG_WARN([Your system does not support systemd.])
++      else
++        APR_ADDTO(HTTPD_LIBS, [$SYSTEMD_LIBS])
++        AC_DEFINE(HAVE_SYSTEMD, 1, [Define if systemd is supported])
++      fi
++   fi
++   ;;
++esac
++])
++
+ dnl
+ dnl APACHE_EXPORT_ARGUMENTS
+ dnl Export (via APACHE_SUBST) the various path-related variables that
+diff -uap httpd-2.4.25/configure.in.detectsystemd httpd-2.4.25/configure.in
+--- httpd-2.4.25/configure.in.detectsystemd
++++ httpd-2.4.25/configure.in
+@@ -234,6 +234,7 @@
+   AC_MSG_NOTICE([Using external PCRE library from $PCRE_CONFIG])
+   APR_ADDTO(PCRE_INCLUDES, [`$PCRE_CONFIG --cflags`])
+   APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs`])
++  APR_ADDTO(HTTPD_LIBS, [\$(PCRE_LIBS)])
+ else
+   AC_MSG_ERROR([pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/])
+ fi
+@@ -504,6 +510,8 @@
+     AC_DEFINE(HAVE_GMTOFF, 1, [Define if struct tm has a tm_gmtoff field])
+ fi
+
++APACHE_CHECK_SYSTEMD
++
+ dnl ## Set up any appropriate OS-specific environment variables for apachectl
+
+ case $host in
+@@ -668,6 +676,7 @@
+ APACHE_SUBST(BUILTIN_LIBS)
+ APACHE_SUBST(SHLIBPATH_VAR)
+ APACHE_SUBST(OS_SPECIFIC_VARS)
++APACHE_SUBST(HTTPD_LIBS)
+
+ PRE_SHARED_CMDS='echo ""'
+ POST_SHARED_CMDS='echo ""'
+--- httpd-2.4.25/Makefile.in.detectsystemd
++++ httpd-2.4.25/Makefile.in
+@@ -4,7 +4,7 @@
+
+ PROGRAM_NAME         = $(progname)
+ PROGRAM_SOURCES      = modules.c
+-PROGRAM_LDADD        = buildmark.o $(HTTPD_LDFLAGS) $(PROGRAM_DEPENDENCIES) $(PCRE_LIBS) $(EXTRA_LIBS) $(AP_LIBS) $(LIBS)
++PROGRAM_LDADD        = buildmark.o $(HTTPD_LDFLAGS) $(PROGRAM_DEPENDENCIES) $(HTTPD_LIBS) $(EXTRA_LIBS) $(AP_LIBS) $(LIBS)
+ PROGRAM_PRELINK      = $(COMPILE) -c $(top_srcdir)/server/buildmark.c
+ PROGRAM_DEPENDENCIES = \
+   server/libmain.la \

SOURCES/httpd-2.4.1-selinux.patch → SOURCES/httpd-2.4.25-selinux.patch

@@ -11,7 +11,7 @@ Upstream-Status: unlikely to be any interest in this upstream
 
 +AC_CHECK_LIB(selinux, is_selinux_enabled, [
 +   AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
-+   APR_ADDTO(AP_LIBS, [-lselinux])
++   APR_ADDTO(HTTPD_LIBS, [-lselinux])
 +])
 +
  AC_CACHE_CHECK([for gettid()], ac_cv_gettid,

SOURCES/httpd-2.4.6-r1332643+.patch

@@ -96,21 +96,20 @@ diff -uap httpd-2.4.18/modules/ssl/ssl_engine_init.c.r1332643+ httpd-2.4.18/modu
  }
 
  static apr_status_t ssl_init_ctx_verify(server_rec *s,
-diff -uap httpd-2.4.18/modules/ssl/ssl_engine_io.c.r1332643+ httpd-2.4.18/modules/ssl/ssl_engine_io.c
---- httpd-2.4.18/modules/ssl/ssl_engine_io.c.r1332643+
-+++ httpd-2.4.18/modules/ssl/ssl_engine_io.c
-@@ -319,6 +319,7 @@ typedef struct {
+--- httpd-2.4.26/modules/ssl/ssl_engine_io.c	2017-05-30 12:26:05.000000000 +0000
++++ httpd-2.4.26/modules/ssl/ssl_engine_io.c.patch	2017-06-19 16:37:00.387134234 +0000
+@@ -317,6 +317,7 @@ typedef struct {
      apr_pool_t *pool;
      char buffer[AP_IOBUFSIZE];
      ssl_filter_ctx_t *filter_ctx;
 +    int npn_finished;  /* 1 if NPN has finished, 0 otherwise */
  } bio_filter_in_ctx_t;
 
  /*
-@@ -1377,6 +1378,38 @@ static apr_status_t ssl_io_filter_input(
-         return ssl_io_filter_error(f, bb, status, is_init);
+@@ -1516,6 +1517,37 @@ static apr_status_t ssl_io_filter_input(
+     if ((status = ssl_io_filter_handshake(inctx->filter_ctx)) != APR_SUCCESS) {
+         return ssl_io_filter_error(inctx, bb, status, is_init);
      }
-
 +#ifdef HAVE_TLS_NPN
 +    /* By this point, Next Protocol Negotiation (NPN) should be completed (if
 +     * our version of OpenSSL supports it).  If we haven't already, find out
@@ -123,7 +122,7 @@ diff -uap httpd-2.4.18/modules/ssl/ssl_engine_io.c.r1332643+ httpd-2.4.18/module
 +        unsigned next_proto_len = 0;
 +        const unsigned char *out;
 +        unsigned char outlen;
-+        
++
 +        SSL_get0_next_proto_negotiated(inctx->ssl, &next_proto, &next_proto_len);
 +        if (next_proto_len) {
 +            ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c,
@@ -132,21 +131,20 @@ diff -uap httpd-2.4.18/modules/ssl/ssl_engine_io.c.r1332643+ httpd-2.4.18/module
 +
 +            APR_ARRAY_PUSH(protos, char *) =
 +              apr_pstrmemdup(f->c->pool, (const char *)next_proto, next_proto_len);
-+            
++
 +            if (modssl_select_protocol(inctx->ssl, f->c, sslconn, protos,
 +                                       &out, &outlen) != SSL_TLSEXT_ERR_OK)
 +                ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c,
 +                              "SSL NPN negotiation failed");
 +        }
-+            
++
 +        inctx->npn_finished = 1;
 +    }
 +#endif
-+
+ 
      if (is_init) {
          /* protocol module needs to handshake before sending
-          * data to client (e.g. NNTP or FTP)
-@@ -1899,6 +1932,7 @@ static void ssl_io_input_add_filter(ssl_
+@@ -2041,6 +2073,7 @@ static void ssl_io_input_add_filter(ssl_
      inctx->block = APR_BLOCK_READ;
      inctx->pool = c->pool;
      inctx->filter_ctx = filter_ctx;

SOURCES/httpd.service

@@ -1,17 +1,21 @@
-# It is not recommended to modify this file in-place, because it will be
-# overwritten during package upgrades.  If you want to customize, the best
-# way is to use the "systemctl edit" command to create an override unit.
+# See httpd.service(8) for more information on using the httpd service.
 
-# For example, to pass additional options (for instance, -D
-# definitions) to the httpd binary at startup, create an override unit
-# (as is done by systemctl edit) and enter the following:
+# Modifying this file in-place is not recommended, because changes
+# will be overwritten during package upgrades.  If you want to
+# customize the behaviour, the best way is to use "systemctl edit"
+# command to create an override unit.
+
+# For example, to pass additional options (such as -D definitions) to
+# the httpd binary at startup, create an override unit (as is done by
+# systemctl edit) and enter the following:
 
 #	[Service]
 #	Environment=OPTIONS=-DMY_DEFINE
 
 [Unit]
 Description=The Apache HTTP Server
 After=network.target remote-fs.target nss-lookup.target
+Documentation=man:httpd.service(8)
 
 [Service]
 Type=notify