public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
To: git-commits@fedoraproject.org
Subject: [rpms/httpd] rawhide: new version 2.4.68
Date: Tue, 09 Jun 2026 13:10:14 GMT [thread overview]
Message-ID: <178101061402.1.3915568250211349366.rpms-httpd-edde1b3ed6ba@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/httpd
Branch : rawhide
Commit : edde1b3ed6badac9b92b54ea24b0a0f57da97067
Author : Luboš Uhliarik <luhliari@redhat.com>
Date : 2026-06-09T14:00:21+02:00
Stats : +7/-481 in 5 file(s)
URL : https://src.fedoraproject.org/rpms/httpd/c/edde1b3ed6badac9b92b54ea24b0a0f57da97067?branch=rawhide
Log:
new version 2.4.68
---
diff --git a/.gitignore b/.gitignore
index 0fbc08a..1392a68 100644
--- a/.gitignore
+++ b/.gitignore
@@ -57,3 +57,4 @@ x86_64
/httpd-2.4.65.tar.bz2.asc
/httpd-2.4.66.tar.bz2.asc
/httpd-2.4.67.tar.bz2.asc
+/httpd-2.4.68.tar.bz2.asc
diff --git a/httpd-2.4.65-hcheck-stuck.patch b/httpd-2.4.65-hcheck-stuck.patch
deleted file mode 100644
index 315b9c2..0000000
--- a/httpd-2.4.65-hcheck-stuck.patch
+++ /dev/null
@@ -1,66 +0,0 @@
---- a/modules/proxy/mod_proxy_hcheck.c
-+++ b/modules/proxy/mod_proxy_hcheck.c
-@@ -989,12 +989,30 @@ static apr_status_t hc_watchdog_callback(int state
- sctx_t *ctx = (sctx_t *)data;
- server_rec *s = ctx->s;
- proxy_server_conf *conf;
-+ proxy_worker **workers;
-+ proxy_worker *worker;
-+ apr_time_t now;
-+ int i, n;
-
-+ conf = (proxy_server_conf *) ap_get_module_config(s->module_config, &proxy_module);
-+ balancer = (proxy_balancer *)conf->balancers->elts;
-+
- switch (state) {
- case AP_WATCHDOG_STATE_STARTING:
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(03258)
- "%s watchdog started.",
- HCHECK_WATHCHDOG_NAME);
-+ /* set last update time for all workers */
-+ now = apr_time_now();
-+ for (i = 0; i < conf->balancers->nelts; i++, balancer++) {
-+ workers = (proxy_worker **)balancer->workers->elts;
-+ for (n = 0; n < balancer->workers->nelts; n++, ++workers) {
-+ worker = *workers;
-+ if (worker->s->updated == 0) {
-+ worker->s->updated = now;
-+ }
-+ }
-+ }
- #if HC_USE_THREADS
- if (tpsize && hctp == NULL) {
- rv = apr_thread_pool_create(&hctp, tpsize,
-@@ -1020,21 +1038,13 @@ static apr_status_t hc_watchdog_callback(int state
-
- case AP_WATCHDOG_STATE_RUNNING:
- /* loop thru all workers */
-- if (s) {
-- int i;
-- conf = (proxy_server_conf *) ap_get_module_config(s->module_config, &proxy_module);
-- balancer = (proxy_balancer *)conf->balancers->elts;
-- ctx->s = s;
-+ {
-+ now = apr_time_now();
- for (i = 0; i < conf->balancers->nelts; i++, balancer++) {
-- int n;
-- apr_time_t now;
-- proxy_worker **workers;
-- proxy_worker *worker;
- /* Have any new balancers or workers been added dynamically? */
- ap_proxy_sync_balancer(balancer, s, conf);
- workers = (proxy_worker **)balancer->workers->elts;
-- now = apr_time_now();
-- for (n = 0; n < balancer->workers->nelts; n++) {
-+ for (n = 0; n < balancer->workers->nelts; n++, workers++) {
- worker = *workers;
- if (!PROXY_WORKER_IS(worker, PROXY_WORKER_STOPPED) &&
- (worker->s->method != NONE) &&
-@@ -1074,7 +1084,6 @@ static apr_status_t hc_watchdog_callback(int state
- hc_check(NULL, baton);
- }
- }
-- workers++;
- }
- }
- }
diff --git a/httpd-2.4.66-openssl4.patch b/httpd-2.4.66-openssl4.patch
deleted file mode 100644
index 4d53f7c..0000000
--- a/httpd-2.4.66-openssl4.patch
+++ /dev/null
@@ -1,410 +0,0 @@
-
-https://github.com/apache/httpd/pull/642
-
-curl -L 'https://github.com/apache/httpd/pull/642.patch' | filterdiff --clean -x '*/.github/*' -x '*/test/*'
-
-diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
-index 83ae90edebc..7d06f396edd 100644
---- a/modules/ssl/ssl_engine_kernel.c
-+++ b/modules/ssl/ssl_engine_kernel.c
-@@ -1254,7 +1254,7 @@
- }
-
- if (!sslconn->client_dn) {
-- X509_NAME *name = X509_get_subject_name(sslconn->client_cert);
-+ const X509_NAME *name = X509_get_subject_name(sslconn->client_cert);
- char *cp = X509_NAME_oneline(name, NULL, 0);
- sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
- OPENSSL_free(cp);
-@@ -1778,7 +1778,7 @@
- server_rec *s = mySrvFromConn(c);
- SSLSrvConfigRec *sc = mySrvConfig(s);
- SSLDirConfigRec *dc = myDirConfigFromConn(c);
-- X509_NAME *ca_name, *issuer, *ca_issuer;
-+ const X509_NAME *ca_name, *issuer, *ca_issuer;
- X509_INFO *info;
- X509 *ca_cert;
- STACK_OF(X509_NAME) *ca_list;
-diff --git a/modules/ssl/ssl_engine_log.c b/modules/ssl/ssl_engine_log.c
-index 3b3ceacf0a5..341cc0d3e68 100644
---- a/modules/ssl/ssl_engine_log.c
-+++ b/modules/ssl/ssl_engine_log.c
-@@ -126,7 +126,7 @@
- static void ssl_log_cert_error(const char *file, int line, int level,
- apr_status_t rv, const server_rec *s,
- const conn_rec *c, const request_rec *r,
-- apr_pool_t *p, X509 *cert, const char *format,
-+ apr_pool_t *p, const X509 *cert, const char *format,
- va_list ap)
- {
- char buf[HUGE_STRING_LEN];
-@@ -167,14 +167,14 @@
- }
-
- BIO_puts(bio, " / serial: ");
-- if (i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert)) == -1)
-+ if (i2a_ASN1_INTEGER(bio, X509_get0_serialNumber(cert)) == -1)
- BIO_puts(bio, "(ERROR)");
-
- BIO_puts(bio, " / notbefore: ");
-- ASN1_TIME_print(bio, X509_get_notBefore(cert));
-+ ASN1_TIME_print(bio, X509_get0_notBefore(cert));
-
- BIO_puts(bio, " / notafter: ");
-- ASN1_TIME_print(bio, X509_get_notAfter(cert));
-+ ASN1_TIME_print(bio, X509_get0_notAfter(cert));
-
- BIO_puts(bio, "]");
-
-@@ -209,7 +209,7 @@
- * in the other cases we use the connection and request pool, respectively).
- */
- void ssl_log_xerror(const char *file, int line, int level, apr_status_t rv,
-- apr_pool_t *ptemp, server_rec *s, X509 *cert,
-+ apr_pool_t *ptemp, server_rec *s, const X509 *cert,
- const char *fmt, ...)
- {
- if (APLOG_IS_LEVEL(s,level)) {
-@@ -222,7 +222,7 @@
- }
-
- void ssl_log_cxerror(const char *file, int line, int level, apr_status_t rv,
-- conn_rec *c, X509 *cert, const char *fmt, ...)
-+ conn_rec *c, const X509 *cert, const char *fmt, ...)
- {
- if (APLOG_IS_LEVEL(mySrvFromConn(c),level)) {
- va_list ap;
-@@ -234,7 +234,7 @@
- }
-
- void ssl_log_rxerror(const char *file, int line, int level, apr_status_t rv,
-- request_rec *r, X509 *cert, const char *fmt, ...)
-+ request_rec *r, const X509 *cert, const char *fmt, ...)
- {
- if (APLOG_R_IS_LEVEL(r,level)) {
- va_list ap;
-diff --git a/modules/ssl/ssl_engine_ocsp.c b/modules/ssl/ssl_engine_ocsp.c
-index 5e045125585..539ed103eae 100644
---- a/modules/ssl/ssl_engine_ocsp.c
-+++ b/modules/ssl/ssl_engine_ocsp.c
-@@ -38,8 +38,8 @@
- /* Name found in extension, and is a URI: */
- if (OBJ_obj2nid(value->method) == NID_ad_OCSP
- && value->location->type == GEN_URI) {
-- result = apr_pstrdup(pool,
-- (char *)value->location->d.uniformResourceIdentifier->data);
-+ const ASN1_STRING *uri = value->location->d.uniformResourceIdentifier;
-+ result = modssl_ASN1_STRING_convert(pool, uri, 0);
- }
- }
-
-diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
-index 4060c0f6a63..d629b583608 100644
---- a/modules/ssl/ssl_engine_vars.c
-+++ b/modules/ssl/ssl_engine_vars.c
-@@ -41,10 +41,10 @@
-
- static char *ssl_var_lookup_ssl(apr_pool_t *p, SSLConnRec *sslconn, request_rec *r, char *var);
- static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, request_rec *r, X509 *xs, char *var);
--static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname, const char *var);
-+static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, const X509_NAME *xsname, const char *var);
- static char *ssl_var_lookup_ssl_cert_san(apr_pool_t *p, X509 *xs, char *var);
--static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, ASN1_TIME *tm);
--static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, ASN1_TIME *tm);
-+static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, const ASN1_TIME *tm);
-+static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, const ASN1_TIME *tm);
- static char *ssl_var_lookup_ssl_cert_serial(apr_pool_t *p, X509 *xs);
- static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, STACK_OF(X509) *sk, char *var);
- static char *ssl_var_lookup_ssl_cert_rfc4523_cea(apr_pool_t *p, SSL *ssl);
-@@ -444,7 +444,7 @@
- }
-
- static char *ssl_var_lookup_ssl_cert_dn_oneline(apr_pool_t *p, request_rec *r,
-- X509_NAME *xsname)
-+ const X509_NAME *xsname)
- {
- char *result = NULL;
- SSLDirConfigRec *dc;
-@@ -476,7 +476,7 @@
- {
- char *result;
- BOOL resdup;
-- X509_NAME *xsname;
-+ const X509_NAME *xsname;
- int nid;
-
- result = NULL;
-@@ -490,13 +490,13 @@
- result = ssl_var_lookup_ssl_cert_serial(p, xs);
- }
- else if (strcEQ(var, "V_START")) {
-- result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs));
-+ result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notBefore(xs));
- }
- else if (strcEQ(var, "V_END")) {
-- result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs));
-+ result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notAfter(xs));
- }
- else if (strcEQ(var, "V_REMAIN")) {
-- result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs));
-+ result = ssl_var_lookup_ssl_cert_remain(p, X509_get0_notAfter(xs));
- resdup = FALSE;
- }
- else if (*var && strcEQ(var+1, "_DN")) {
-@@ -583,12 +583,12 @@
- { NULL, 0, 0 }
- };
-
--static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname,
-+static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, const X509_NAME *xsname,
- const char *var)
- {
- const char *ptr;
- char *result;
-- X509_NAME_ENTRY *xsne;
-+ const X509_NAME_ENTRY *xsne;
- int i, j, n, idx = 0, raw = 0;
- apr_size_t varlen;
-
-@@ -615,7 +615,7 @@
- for (j = 0; j < X509_NAME_entry_count(xsname); j++) {
- xsne = X509_NAME_get_entry(xsname, j);
-
-- n =OBJ_obj2nid((ASN1_OBJECT *)X509_NAME_ENTRY_get_object(xsne));
-+ n = OBJ_obj2nid(X509_NAME_ENTRY_get_object(xsne));
-
- if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid && idx-- == 0) {
- result = modssl_X509_NAME_ENTRY_to_string(p, xsne, raw);
-@@ -672,7 +672,7 @@
- return NULL;
- }
-
--static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, ASN1_TIME *tm)
-+static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, const ASN1_TIME *tm)
- {
- BIO* bio;
-
-@@ -687,8 +687,15 @@
-
- /* Return a string giving the number of days remaining until 'tm', or
- * "0" if this can't be determined. */
--static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, ASN1_TIME *tm)
-+static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, const ASN1_TIME *tm)
- {
-+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
-+ int diff;
-+
-+ if (ASN1_TIME_check(tm) != 1 || ASN1_TIME_diff(&diff, NULL, NULL, tm) != 1) {
-+ return "0";
-+ }
-+#else
- apr_time_t then, now = apr_time_now();
- apr_time_exp_t exp = {0};
- long diff;
-@@ -723,6 +730,7 @@
- }
-
- diff = (long)((apr_time_sec(then) - apr_time_sec(now)) / (60*60*24));
-+#endif
-
- return diff > 0 ? apr_ltoa(p, diff) : apr_pstrdup(p, "0");
- }
-@@ -772,7 +780,7 @@
-
- serialNumber = X509_get_serialNumber(xs);
- if (serialNumber) {
-- X509_NAME *issuer = X509_get_issuer_name(xs);
-+ const X509_NAME *issuer = X509_get_issuer_name(xs);
- if (issuer) {
- BIGNUM *bn = ASN1_INTEGER_to_BN(serialNumber, NULL);
- char *decimal = BN_bn2dec(bn);
-@@ -896,9 +904,9 @@
- /* Add each RDN in 'xn' to the table 't' where the NID is present in
- * 'nids', using key prefix 'pfx'. */
- static void extract_dn(apr_table_t *t, apr_hash_t *nids, const char *pfx,
-- X509_NAME *xn, apr_pool_t *p)
-+ const X509_NAME *xn, apr_pool_t *p)
- {
-- X509_NAME_ENTRY *xsne;
-+ const X509_NAME_ENTRY *xsne;
- apr_hash_t *count;
- int i, nid;
-
-@@ -913,7 +921,7 @@
-
- /* Retrieve the nid, and check whether this is one of the nids
- * which are to be extracted. */
-- nid = OBJ_obj2nid((ASN1_OBJECT *)X509_NAME_ENTRY_get_object(xsne));
-+ nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(xsne));
-
- tag = apr_hash_get(nids, &nid, sizeof nid);
- if (tag) {
-@@ -1026,15 +1034,19 @@
- * parse the extension type as a primitive string. This will fail for
- * any structured extension type per the docs. Returns non-zero on
- * success and writes the string to the given bio. */
--static int dump_extn_value(BIO *bio, ASN1_OCTET_STRING *str)
-+static int dump_extn_value(BIO *bio, const ASN1_OCTET_STRING *str)
- {
-- const unsigned char *pp = str->data;
-+ const unsigned char *pp = ASN1_STRING_get0_data(str);
- ASN1_STRING *ret = ASN1_STRING_new();
- int rv = 0;
-
-+ if (!ret) {
-+ return rv;
-+ }
-+
- /* This allows UTF8String, IA5String, VisibleString, or BMPString;
- * conversion to UTF-8 is forced. */
-- if (d2i_DISPLAYTEXT(&ret, &pp, str->length)) {
-+ if (d2i_DISPLAYTEXT(&ret, &pp, ASN1_STRING_length(str))) {
- ASN1_STRING_print_ex(bio, ret, ASN1_STRFLGS_UTF8_CONVERT);
- rv = 1;
- }
-@@ -1081,7 +1093,7 @@
- */
- array = apr_array_make(p, count, sizeof(char *));
- for (j = 0; j < count; j++) {
-- X509_EXTENSION *ext = X509_get_ext(xs, j);
-+ MODSSL_X509_EXT_CONST X509_EXTENSION *ext = X509_get_ext(xs, j);
-
- if (OBJ_cmp(X509_EXTENSION_get_object(ext), oid) == 0) {
- BIO *bio = BIO_new(BIO_s_mem());
-diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
-index 1ec02f31aef..b2f5dfd385f 100644
---- a/modules/ssl/ssl_private.h
-+++ b/modules/ssl/ssl_private.h
-@@ -145,6 +145,12 @@
- #define MODSSL_SSL_METHOD_CONST
- #endif
-
-+#if OPENSSL_VERSION_NUMBER >= 0x40000000L
-+#define MODSSL_X509_EXT_CONST const
-+#else
-+#define MODSSL_X509_EXT_CONST
-+#endif
-+
- #if defined(LIBRESSL_VERSION_NUMBER)
- /* Missing from LibreSSL */
- #if LIBRESSL_VERSION_NUMBER < 0x2060000f
-@@ -266,6 +272,12 @@
- #define BIO_get_shutdown(x) (x->shutdown)
- #define BIO_set_shutdown(x,v) (x->shutdown=v)
- #define DH_bits(x) (BN_num_bits(x->p))
-+#define X509_up_ref(x) (CRYPTO_add(&(x)->references, +1, CRYPTO_LOCK_X509))
-+#define EVP_PKEY_up_ref(pk) (CRYPTO_add(&(pk)->references, +1, CRYPTO_LOCK_EVP_PKEY))
-+#define ASN1_STRING_get0_data(x) ((x)->data)
-+#define ASN1_STRING_length(x) ((int)(x)->length)
-+#define X509_get0_before(x) X509_get_before(x)
-+#define X509_get0_after(x) X509_get_after(x)
- #else
- void init_bio_methods(void);
- void free_bio_methods(void);
-@@ -1164,16 +1176,16 @@
- * counterparts. */
- void ssl_log_xerror(const char *file, int line, int level,
- apr_status_t rv, apr_pool_t *p, server_rec *s,
-- X509 *cert, const char *format, ...)
-+ const X509 *cert, const char *format, ...)
- __attribute__((format(printf,8,9)));
-
- void ssl_log_cxerror(const char *file, int line, int level,
-- apr_status_t rv, conn_rec *c, X509 *cert,
-+ apr_status_t rv, conn_rec *c, const X509 *cert,
- const char *format, ...)
- __attribute__((format(printf,7,8)));
-
- void ssl_log_rxerror(const char *file, int line, int level,
-- apr_status_t rv, request_rec *r, X509 *cert,
-+ apr_status_t rv, request_rec *r, const X509 *cert,
- const char *format, ...)
- __attribute__((format(printf,7,8)));
-
-diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
-index 8bd9c8a2d23..85d571207c3 100644
---- a/modules/ssl/ssl_util_ssl.c
-+++ b/modules/ssl/ssl_util_ssl.c
-@@ -202,7 +202,7 @@
- /* Convert ASN.1 string to a pool-allocated char * string, escaping
- * control characters. If raw is zero, convert to UTF-8, otherwise
- * unchanged from the character set. */
--static char *asn1_string_convert(apr_pool_t *p, ASN1_STRING *asn1str, int raw)
-+char *modssl_ASN1_STRING_convert(apr_pool_t *p, const ASN1_STRING *asn1str, int raw)
- {
- BIO *bio;
- int flags = ASN1_STRFLGS_ESC_CTRL;
-@@ -217,13 +217,13 @@
- return modssl_bio_free_read(p, bio);
- }
-
--#define asn1_string_to_utf8(p, a) asn1_string_convert(p, a, 0)
-+#define asn1_string_to_utf8(p, a) modssl_ASN1_STRING_convert(p, a, 0)
-
- /* convert a NAME_ENTRY to UTF8 string */
--char *modssl_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne,
-+char *modssl_X509_NAME_ENTRY_to_string(apr_pool_t *p, const X509_NAME_ENTRY *xsne,
- int raw)
- {
-- char *result = asn1_string_convert(p, X509_NAME_ENTRY_get_data(xsne), raw);
-+ char *result = modssl_ASN1_STRING_convert(p, X509_NAME_ENTRY_get_data(xsne), raw);
- ap_xlate_proto_from_ascii(result, len);
- return result;
- }
-@@ -232,7 +232,7 @@
- * convert an X509_NAME to an RFC 2253 formatted string, optionally truncated
- * to maxlen characters (specify a maxlen of 0 for no length limit)
- */
--char *modssl_X509_NAME_to_string(apr_pool_t *p, X509_NAME *dn, int maxlen)
-+char *modssl_X509_NAME_to_string(apr_pool_t *p, const X509_NAME *dn, int maxlen)
- {
- char *result = NULL;
- BIO *bio;
-@@ -362,7 +362,7 @@
- /* return an array of (RFC 6125 coined) DNS-IDs and CN-IDs in a certificate */
- static BOOL getIDs(apr_pool_t *p, X509 *x509, apr_array_header_t **ids)
- {
-- X509_NAME *subj;
-+ const X509_NAME *subj;
- int i = -1;
-
- /* First, the DNS-IDs (dNSName entries in the subjectAltName extension) */
-diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h
-index 443c1b7ee73..f5ed3c23aac 100644
---- a/modules/ssl/ssl_util_ssl.h
-+++ b/modules/ssl/ssl_util_ssl.h
-@@ -71,13 +71,19 @@
-
- int modssl_smart_shutdown(SSL *ssl);
- BOOL modssl_X509_getBC(X509 *, int *, int *);
--char *modssl_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne,
-+char *modssl_X509_NAME_ENTRY_to_string(apr_pool_t *p, const X509_NAME_ENTRY *xsne,
- int raw);
--char *modssl_X509_NAME_to_string(apr_pool_t *, X509_NAME *, int);
-+char *modssl_X509_NAME_to_string(apr_pool_t *, const X509_NAME *, int);
- BOOL modssl_X509_getSAN(apr_pool_t *, X509 *, int, const char *, int, apr_array_header_t **);
- BOOL modssl_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL, server_rec *);
- char *modssl_SSL_SESSION_id2sz(IDCONST unsigned char *, int, char *, int);
-
-+/* Convert ASN.1 string to a pool-allocated char * string, escaping
-+ * control characters. If raw is zero, convert to UTF-8, otherwise
-+ * unchanged from the character set. */
-+char *modssl_ASN1_STRING_convert(apr_pool_t *p, const ASN1_STRING *asn1str,
-+ int raw);
-+
- /* Reads the remaining data in BIO, if not empty, and copies it into a
- * pool-allocated string. If empty, returns NULL. BIO_free(bio) is
- * called for both cases. */
-diff --git a/support/ab.c b/support/ab.c
-index bee3812d9f4..aa92d116f56 100644
---- a/support/ab.c
-+++ b/support/ab.c
-@@ -675,7 +675,7 @@
-
- static void ssl_print_cert_info(BIO *bio, X509 *cert)
- {
-- X509_NAME *dn;
-+ const X509_NAME *dn;
- EVP_PKEY *pk;
- char buf[1024];
-
diff --git a/httpd.spec b/httpd.spec
index f20fd6a..6c44c47 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -27,7 +27,7 @@
Summary: Apache HTTP Server
Name: httpd
-Version: 2.4.67
+Version: 2.4.68
Release: 1%{?dist}
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@@ -96,12 +96,10 @@ Patch27: httpd-2.4.64-sslprotdefault.patch
Patch28: httpd-2.4.43-logjournal.patch
Patch29: httpd-2.4.63-r1912477+.patch
Patch30: httpd-2.4.64-separate-systemd-fns.patch
-Patch31: httpd-2.4.66-openssl4.patch
# Bug fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243
Patch60: httpd-2.4.43-enable-sslv3.patch
-Patch61: httpd-2.4.65-hcheck-stuck.patch
# Security fixes
# Patch200: ...
@@ -852,6 +850,9 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
+* Tue Jun 09 2026 Luboš Uhliarik <luhliari@redhat.com> - 2.4.68-1
+- new version 2.4.68
+
* Wed May 06 2026 Luboš Uhliarik <luhliari@redhat.com> - 2.4.67-1
- new version 2.4.67
diff --git a/sources b/sources
index 473192b..b4244b5 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (httpd-2.4.67.tar.bz2) = 5ae29fc8edb253453271613cb18754de0d943d1f82361059c81f8ebe1f057b894675506550bd1341bfa9416226b569a7bac08f497c53e8bb6dede87f4f41eae4
-SHA512 (httpd-2.4.67.tar.bz2.asc) = 1c91218b7811ec8c8f99960bdf607317fda3b7f8aab00115735345128990c5594839a003cf4672dcbb982eaa06beff7a322ba1435ec8145480ec1257c4336422
+SHA512 (httpd-2.4.68.tar.bz2) = 134a5bbd3ffe97523ac750490531bcb9441c532cedf0229aa006aa1368e9d25040507c6f519bed6754044f62c371f7c7f9a11b6a311f79b9680d478bf4373eb3
+SHA512 (httpd-2.4.68.tar.bz2.asc) = 87bf940f5041a9550726ca426162aaf5fb1c0433e4ecdb6777cd280751ac3938f40dc5ece44e2ed39642435039b4865fc2bbb5141df15fe4c3a16a748c8061a4
SHA512 (KEYS) = 88c848b7ab9e4915d6625dcad3e8328673b0448f2ce76f2c44eecc612cf6afbce3287a4ee7219a44c6fcc61d5ecb2a1a8545456a4a16b90400263d7249cbf192
reply other threads:[~2026-06-09 13:10 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178101061402.1.3915568250211349366.rpms-httpd-edde1b3ed6ba@fedoraproject.org \
--to=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox