On 05/22/2015 04:37 AM, Vijendra Agarwal (vijagarw) wrote: > Hi All, > Currently my system is using httpd 2.2.27. As there were many Vulnerability fixes released under 2.2.29, I would like to upgrade the Apache httpd. > My system is having CentOS 6.5. > > I checked on CentOS Repos using yum but could not find the latest httpd rpm from there. So I am building the httpd rpm from the source tar ball downloaded from apache site. > I am able to build the rpm successfully but after installation I am facing lot many different issues such as > 1. new rpm does not show anything for below command > rpm –q httpd —changelog > 2. If I check the compiler option used in httpd 2.2.27 and 2.2.29 are very different. > For 2.2.27 :- httpd: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic (Build by CentOS) > For 2.2.29 :- httpd: -O2 –g (Build by myself) > > Query > ===== > > > 1. How to provide the above compiler option so that the rpm get build with them? > 2. Is it possible to get httpd.spec file using which CentOS has build the httpd rpm? > As Leon said earlier .. You need to read his link about backporting. Red Hat backports security changes to older versions, so if you think you are vulnerable to a security issue, please look it up here: https://access.redhat.com/security/cve/ And you will find the RH version that fixes the specific CVE. As to your original question, all CentOS RPMs are build using 'rpmbuild -ba <srpm>' in a chroot system called mock. If you look at the command "rpmbuild --showrc" you can see what is going to be passed in as variables: rpmbuild --showrc | grep ^optflags That is what would be passed into all packages .. plus whatever is set up in the SPEC file, which you can see from looking at it. All sources live on: http://vault.centos.org/ under the specific version (5.11, 6.5, etc) and branch (os, updates, extras, etc.). You would get the SRPM and then install or extract it to get the spec file. Note: CentOS has not released any httpd-2.2.27 that I cane see. CentOS-5 is httpd-2.2.3 CentOS-6 is httpd-2.2.15 CentOS-7 is httpd-2.4.6 So you likely did not get those 2.2.27 packages from CentOS Linux. From CentOS-7 on, we publish all build logs as well on: http://buildlogs.centos.org/ In the c7* directories .. you can look at any build. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20150522/a3998147/attachment-0004.sig>