CentOS - May 2015 - can i get .spec file for apache httpd of centos?

Hi All,
Currently my system is using httpd 2.2.27. As there were many Vulnerability
fixes released under 2.2.29, I would like to upgrade the Apache httpd.
My system is having CentOS 6.5.

I checked on CentOS Repos using yum but could not find the latest httpd rpm from
there. So I am building the httpd rpm from the source tar ball downloaded from
apache site.
I am able to build the rpm successfully but after installation I am facing lot
many different issues such as
1. new rpm does not show anything for below command
rpm ?q httpd ?changelog
2. If I check the compiler option used in httpd 2.2.27 and 2.2.29 are very
different.
For 2.2.27 :- httpd: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic (Build by
CentOS)
For 2.2.29 :- httpd: -O2 ?g (Build by myself)

Query
====

  1.  How to provide the above compiler option so that the rpm get build with
them?
  2.  Is it possible to get httpd.spec file using which CentOS has build the
httpd rpm?

Thanks
Vijendra.

Am 22.05.2015 um 11:37 schrieb Vijendra Agarwal (vijagarw) <vijagarw at
cisco.com>:
> Hi All,
> Currently my system is using httpd 2.2.27. As there were many Vulnerability
fixes released under 2.2.29, I would like to upgrade the Apache httpd.
> My system is having CentOS 6.5.
> 
> I checked on CentOS Repos using yum but could not find the latest httpd rpm
from there. So I am building the httpd rpm from the source tar ball downloaded
from apache site.
> I am able to build the rpm successfully but after installation I am facing
lot many different issues such as
> 1. new rpm does not show anything for below command
> rpm ?q httpd ?changelog
> 2. If I check the compiler option used in httpd 2.2.27 and 2.2.29 are very
different.
> For 2.2.27 :- httpd: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic
(Build by CentOS)
> For 2.2.29 :- httpd: -O2 ?g (Build by myself)
> 
> Query
> ====> 
> 
>  1.  How to provide the above compiler option so that the rpm get build
with them?
>  2.  Is it possible to get httpd.spec file using which CentOS has build the
httpd rpm?


Your primary goal is to stay secure, right? Then I suggest to 
keep your OS current and take also a look at: 

https://access.redhat.com/security/updates/backporting/

--
LF

On 05/22/2015 04:37 AM, Vijendra Agarwal (vijagarw)
wrote:
> Hi All,
> Currently my system is using httpd 2.2.27. As there were many Vulnerability
fixes released under 2.2.29, I would like to upgrade the Apache httpd.
> My system is having CentOS 6.5.
> 
> I checked on CentOS Repos using yum but could not find the latest httpd rpm
from there. So I am building the httpd rpm from the source tar ball downloaded
from apache site.
> I am able to build the rpm successfully but after installation I am facing
lot many different issues such as
> 1. new rpm does not show anything for below command
> rpm ?q httpd ?changelog
> 2. If I check the compiler option used in httpd 2.2.27 and 2.2.29 are very
different.
> For 2.2.27 :- httpd: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic
(Build by CentOS)
> For 2.2.29 :- httpd: -O2 ?g (Build by myself)
> 
> Query
> ====> 
> 
>   1.  How to provide the above compiler option so that the rpm get build
with them?
>   2.  Is it possible to get httpd.spec file using which CentOS has build
the httpd rpm?
> 
As Leon said earlier ..

You need to read his link about backporting.  Red Hat backports security
changes to older versions, so if you think you are vulnerable to a
security issue, please look it up here:

https://access.redhat.com/security/cve/

And you will find the RH version that fixes the specific CVE.

As to your original question, all CentOS RPMs are build using 'rpmbuild
-ba <srpm>' in a chroot system called mock.

If you look at the  command "rpmbuild --showrc" you can see what is
going to be passed in as variables:

rpmbuild --showrc | grep ^optflags

That is what would be passed into all packages .. plus whatever is set
up in the SPEC file, which you can see from looking at it.

All sources live on:  http://vault.centos.org/ under the specific
version (5.11, 6.5, etc) and branch (os, updates, extras, etc.).  You
would get the SRPM and then install or extract it to get the spec file.

Note:  CentOS has not released any httpd-2.2.27 that I cane see.
CentOS-5 is httpd-2.2.3
CentOS-6 is httpd-2.2.15
CentOS-7 is httpd-2.4.6

So you likely did not get those 2.2.27 packages from CentOS Linux.

From CentOS-7 on, we publish all build logs as well on:

http://buildlogs.centos.org/

In the c7* directories .. you can look at any build.

Thanks,
Johnny Hughes



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20150522/a3998147/attachment-0001.sig>

Thanks for the response. I will look into the details.

Thanks
Vijendra. 
On 22/05/15 6:42 pm, "Johnny Hughes" <johnny at centos.org>
wrote:
>On 05/22/2015 04:37 AM, Vijendra Agarwal (vijagarw) wrote:
>> Hi All,
>> Currently my system is using httpd 2.2.27. As there were many
>>Vulnerability fixes released under 2.2.29, I would like to upgrade the
>>Apache httpd.
>> My system is having CentOS 6.5.
>> 
>> I checked on CentOS Repos using yum but could not find the latest httpd
>>rpm from there. So I am building the httpd rpm from the source tar ball
>>downloaded from apache site.
>> I am able to build the rpm successfully but after installation I am
>>facing lot many different issues such as
>> 1. new rpm does not show anything for below command
>> rpm ?q httpd ?changelog
>> 2. If I check the compiler option used in httpd 2.2.27 and 2.2.29 are
>>very different.
>> For 2.2.27 :- httpd: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
>>-fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64
>>-mtune=generic (Build by CentOS)
>> For 2.2.29 :- httpd: -O2 ?g (Build by myself)
>> 
>> Query
>> ====>> 
>> 
>>   1.  How to provide the above compiler option so that the rpm get
>>build with them?
>>   2.  Is it possible to get httpd.spec file using which CentOS has
>>build the httpd rpm?
>> 
>
>As Leon said earlier ..
>
>You need to read his link about backporting.  Red Hat backports security
>changes to older versions, so if you think you are vulnerable to a
>security issue, please look it up here:
>
>https://access.redhat.com/security/cve/
>
>And you will find the RH version that fixes the specific CVE.
>
>As to your original question, all CentOS RPMs are build using 'rpmbuild
>-ba <srpm>' in a chroot system called mock.
>
>If you look at the  command "rpmbuild --showrc" you can see what
is
>going to be passed in as variables:
>
>rpmbuild --showrc | grep ^optflags
>
>That is what would be passed into all packages .. plus whatever is set
>up in the SPEC file, which you can see from looking at it.
>
>All sources live on:  http://vault.centos.org/ under the specific
>version (5.11, 6.5, etc) and branch (os, updates, extras, etc.).  You
>would get the SRPM and then install or extract it to get the spec file.
>
>Note:  CentOS has not released any httpd-2.2.27 that I cane see.
>CentOS-5 is httpd-2.2.3
>CentOS-6 is httpd-2.2.15
>CentOS-7 is httpd-2.4.6
>
>So you likely did not get those 2.2.27 packages from CentOS Linux.
>
>From CentOS-7 on, we publish all build logs as well on:
>
>http://buildlogs.centos.org/
>
>In the c7* directories .. you can look at any build.
>
>Thanks,
>Johnny Hughes
>
>
>