apache2: update to 2.4.6

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
This commit is contained in:
Paul Eggleton
2013-08-19 14:45:55 +01:00
parent b7a91f226a
commit e25a025f9e
11 changed files with 4 additions and 4 deletions
@@ -0,0 +1,37 @@
# Author: echo <fei.geng@windriver.com>
# Date: April 28 2009
# Summary:Fix perl install directory to /usr/bin
#
# Upstream-Status: Inappropriate [configuration]
--- a/configure
+++ b/configure
@@ -22365,13 +22365,7 @@
#define APACHE_MPM_DIR "$MPM_DIR"
_ACEOF
-
-perlbin=`$ac_aux_dir/PrintPath perl`
-if test "x$perlbin" = "x"; then
- perlbin="/replace/with/path/to/perl/interpreter"
-fi
-
-
+perlbin='/usr/bin/perl'
BSD_MAKEFILE=no
ap_make_include=include
--- a/configure.in
+++ b/configure.in
@@ -638,10 +638,7 @@
AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR",
[Location of the source for the current MPM])
-perlbin=`$ac_aux_dir/PrintPath perl`
-if test "x$perlbin" = "x"; then
- perlbin="/replace/with/path/to/perl/interpreter"
-fi
+perlbin='/usr/bin/perl'
AC_SUBST(perlbin)
dnl If we are running on BSD/OS, we need to use the BSD .include syntax.
@@ -0,0 +1,76 @@
--- httpd-2.2.8.orig/build/ltmain.sh
+++ httpd-2.2.8/build/ltmain.sh
@@ -1515,7 +1515,7 @@ EOF
dir=`$echo "X$arg" | $Xsed -e 's/^-L//'`
# We need an absolute path.
case $dir in
- [\\/]* | [A-Za-z]:[\\/]*) ;;
+ =* | [\\/]* | [A-Za-z]:[\\/]*) ;;
*)
absdir=`cd "$dir" && pwd`
if test -z "$absdir"; then
@@ -2558,7 +2558,7 @@ EOF
$echo "*** $linklib is not portable!"
fi
if test "$linkmode" = lib &&
- test "$hardcode_into_libs" = yes; then
+ test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then
# Hardcode the library path.
# Skip directories that are in the system default run-time
# search path.
@@ -2832,7 +2832,7 @@ EOF
if test "$linkmode" = lib; then
if test -n "$dependency_libs" &&
- { test "$hardcode_into_libs" != yes ||
+ { test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" ||
test "$build_old_libs" = yes ||
test "$link_static" = yes; }; then
# Extract -R from dependency_libs
@@ -3426,7 +3426,8 @@ EOF
*) finalize_rpath="$finalize_rpath $libdir" ;;
esac
done
- if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
+ if test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" ||
+ test "$build_old_libs" = yes; then
dependency_libs="$temp_xrpath $dependency_libs"
fi
fi
@@ -3843,7 +3844,7 @@ EOF
case $archive_cmds in
*\$LD\ *) wl= ;;
esac
- if test "$hardcode_into_libs" = yes; then
+ if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then
# Hardcode the library paths
hardcode_libdirs=
dep_rpath=
@@ -4397,6 +4398,27 @@ EOF
# Now hardcode the library paths
rpath=
hardcode_libdirs=
+
+ # short circuit putting rpaths in executables
+ #
+ if test "x$wrs_use_rpaths" != "xyes" ; then
+ flag=
+ for libdir in $compile_rpath; do
+ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in
+ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;;
+ esac
+ done
+ compile_rpath="$flag"
+
+ flag=
+ for libdir in $finalize_rpath; do
+ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in
+ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;;
+ esac
+ done
+ finalize_rpath="$flag"
+ fi
+
for libdir in $compile_rpath $finalize_rpath; do
if test -n "$hardcode_libdir_flag_spec"; then
if test -n "$hardcode_libdir_separator"; then
@@ -0,0 +1,55 @@
Fix build scripts to use correct libtool filename
Upstream-Status: Inappropriate [configuration]
---
httpd-2.4.2/build/config_vars.sh.in | 2 +-
httpd-2.4.2/configure | 2 +-
httpd-2.4.2/configure.in | 2 +-
httpd-2.4.2/support/apxs.in | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
--- a/build/config_vars.sh.in
+++ b/build/config_vars.sh.in
@@ -35,7 +35,7 @@ else
APU_CONFIG=@APU_CONFIG@
fi
-APR_LIBTOOL="`${APR_CONFIG} --apr-libtool`"
+APR_LIBTOOL="`${APR_CONFIG} --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`"
APR_INCLUDEDIR="`${APR_CONFIG} --includedir`"
test -n "@APU_CONFIG@" && APU_INCLUDEDIR="`${APU_CONFIG} --includedir`"
--- a/configure
+++ b/configure
@@ -6205,7 +6205,7 @@ case $host in
if test "x$LTFLAGS" = "x"; then
LTFLAGS='--silent'
fi
- my_libtool=`$apr_config --apr-libtool`
+ my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`
LIBTOOL="$my_libtool \$(LTFLAGS)"
libtoolversion=`$my_libtool --version`
case $libtoolversion in
--- a/configure.in
+++ b/configure.in
@@ -264,7 +264,7 @@ case $host in
if test "x$LTFLAGS" = "x"; then
LTFLAGS='--silent'
fi
- my_libtool=`$apr_config --apr-libtool`
+ my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`
LIBTOOL="$my_libtool \$(LTFLAGS)"
libtoolversion=`$my_libtool --version`
case $libtoolversion in
--- a/support/apxs.in
+++ b/support/apxs.in
@@ -352,7 +352,7 @@ if ($apr_major_version < 2) {
}
}
-my $libtool = `$apr_config --apr-libtool`;
+my $libtool = `$apr_config --apr-libtool| sed -e s,libtool,${host_alias}-libtool,`;
chomp($libtool);
my $apr_includedir = `$apr_config --includes`;
@@ -0,0 +1,37 @@
Bump up the core size limit if CoreDumpDirectory is
configured.
Upstream-Status: Pending
Note: upstreaming was discussed but there are competing desires;
there are portability oddities here too.
--- httpd-2.4.1/server/core.c.corelimit
+++ httpd-2.4.1/server/core.c
@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t *
}
apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper,
apr_pool_cleanup_null);
+
+#ifdef RLIMIT_CORE
+ if (ap_coredumpdir_configured) {
+ struct rlimit lim;
+
+ if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) {
+ lim.rlim_cur = lim.rlim_max;
+ if (setrlimit(RLIMIT_CORE, &lim) == 0) {
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+ "core dump file size limit raised to %lu bytes",
+ lim.rlim_cur);
+ } else {
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL,
+ "core dump file size is zero, setrlimit failed");
+ }
+ }
+ }
+#endif
+
return OK;
}
@@ -0,0 +1,63 @@
Log the SELinux context at startup.
Upstream-Status: Inappropriate [other]
Note: unlikely to be any interest in this upstream
--- httpd-2.4.1/configure.in.selinux
+++ httpd-2.4.1/configure.in
@@ -458,6 +458,11 @@ fopen64
dnl confirm that a void pointer is large enough to store a long integer
APACHE_CHECK_VOID_PTR_LEN
+AC_CHECK_LIB(selinux, is_selinux_enabled, [
+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
+ APR_ADDTO(AP_LIBS, [-lselinux])
+])
+
AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
[AC_TRY_RUN(#define _GNU_SOURCE
#include <unistd.h>
--- httpd-2.4.1/server/core.c.selinux
+++ httpd-2.4.1/server/core.c
@@ -58,6 +58,10 @@
#include <unistd.h>
#endif
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
/* LimitRequestBody handling */
#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0)
@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t *
}
#endif
+#ifdef HAVE_SELINUX
+ {
+ static int already_warned = 0;
+ int is_enabled = is_selinux_enabled() > 0;
+
+ if (is_enabled && !already_warned) {
+ security_context_t con;
+
+ if (getcon(&con) == 0) {
+
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+ "SELinux policy enabled; "
+ "httpd running as context %s", con);
+
+ already_warned = 1;
+
+ freecon(con);
+ }
+ }
+ }
+#endif
+
return OK;
}
@@ -0,0 +1,22 @@
There is no need to "suck in" the apr/apr-util symbols when using
a shared libapr{,util}, it just bloats the symbol table; so don't.
Upstream-HEAD: needed
Upstream-2.0: omit
Upstream-Status: Pending
Note: EXPORT_DIRS change is conditional on using shared apr
--- httpd-2.4.4/server/Makefile.in.export
+++ httpd-2.4.4/server/Makefile.in
@@ -57,9 +57,6 @@ export_files:
( for dir in $(EXPORT_DIRS); do \
ls $$dir/*.h ; \
done; \
- for dir in $(EXPORT_DIRS_APR); do \
- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \
- done; \
) | sed -e s,//,/,g | sort -u > $@
exports.c: export_files
@@ -0,0 +1,260 @@
Add support for TLS Next Protocol Negotiation:
* modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new
hooks for next protocol advertisement/discovery.
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable
NPN advertisement callback in handshake.
* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke
next-protocol discovery hook.
* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos):
New callback.
* modules/ssl/ssl_private.h: Add prototype.
Submitted by: Matthew Steele <mdsteele google.com>
with slight tweaks by jorton
https://bugzilla.redhat.com//show_bug.cgi?id=809599
http://svn.apache.org/viewvc?view=revision&revision=1332643
Upstream-Status: Backport
--- httpd-2.4.4/modules/ssl/ssl_private.h
+++ httpd-2.4.4/modules/ssl/ssl_private.h
@@ -139,6 +139,11 @@
#define HAVE_FIPS
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \
+ && !defined(OPENSSL_NO_TLSEXT)
+#define HAVE_TLS_NPN
+#endif
+
#if (OPENSSL_VERSION_NUMBER >= 0x10000000)
#define MODSSL_SSL_CIPHER_CONST const
#define MODSSL_SSL_METHOD_CONST const
@@ -840,6 +845,7 @@ int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *,
EVP_CIPHER_CTX *, HMAC_CTX *, int);
#endif
+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg);
/** Session Cache Support */
void ssl_scache_init(server_rec *, apr_pool_t *);
--- httpd-2.4.4/modules/ssl/mod_ssl.c
+++ httpd-2.4.4/modules/ssl/mod_ssl.c
@@ -272,6 +272,18 @@ static const command_rec ssl_config_cmds[] = {
AP_END_CMD
};
+/* Implement 'modssl_run_npn_advertise_protos_hook'. */
+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
+ modssl, AP, int, npn_advertise_protos_hook,
+ (conn_rec *connection, apr_array_header_t *protos),
+ (connection, protos), OK, DECLINED);
+
+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
+ modssl, AP, int, npn_proto_negotiated_hook,
+ (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len),
+ (connection, proto_name, proto_name_len), OK, DECLINED);
+
/*
* the various processing hooks
*/
--- httpd-2.4.4/modules/ssl/mod_ssl.h
+++ httpd-2.4.4/modules/ssl/mod_ssl.h
@@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
+/** The npn_advertise_protos optional hook allows other modules to add entries
+ * to the list of protocol names advertised by the server during the Next
+ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is
+ * given the connection and an APR array; it should push one or more char*'s
+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
+ * the array and return OK, or do nothing and return DECLINED. */
+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
+ (conn_rec *connection, apr_array_header_t *protos));
+
+/** The npn_proto_negotiated optional hook allows other modules to discover the
+ * name of the protocol that was chosen during the Next Protocol Negotiation
+ * (NPN) portion of the SSL handshake. Note that this may be the empty string
+ * (in which case modules should probably assume HTTP), or it may be a protocol
+ * that was never even advertised by the server. The hook callee is given the
+ * connection, a non-null-terminated string containing the protocol name, and
+ * the length of the string; it should do something appropriate (i.e. insert or
+ * remove filters) and return OK, or do nothing and return DECLINED. */
+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
+ (conn_rec *connection, const char *proto_name,
+ apr_size_t proto_name_len));
+
#endif /* __MOD_SSL_H__ */
/** @} */
--- httpd-2.4.4/modules/ssl/ssl_engine_init.c
+++ httpd-2.4.4/modules/ssl/ssl_engine_init.c
@@ -725,6 +725,11 @@ static void ssl_init_ctx_callbacks(server_rec *s,
#endif
SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
+
+#ifdef HAVE_TLS_NPN
+ SSL_CTX_set_next_protos_advertised_cb(
+ ctx, ssl_callback_AdvertiseNextProtos, NULL);
+#endif
}
static void ssl_init_ctx_verify(server_rec *s,
--- httpd-2.4.4/modules/ssl/ssl_engine_io.c
+++ httpd-2.4.4/modules/ssl/ssl_engine_io.c
@@ -28,6 +28,7 @@
core keeps dumping.''
-- Unknown */
#include "ssl_private.h"
+#include "mod_ssl.h"
#include "apr_date.h"
/* _________________________________________________________________
@@ -297,6 +298,7 @@ typedef struct {
apr_pool_t *pool;
char buffer[AP_IOBUFSIZE];
ssl_filter_ctx_t *filter_ctx;
+ int npn_finished; /* 1 if NPN has finished, 0 otherwise */
} bio_filter_in_ctx_t;
/*
@@ -1385,6 +1387,27 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
APR_BRIGADE_INSERT_TAIL(bb, bucket);
}
+#ifdef HAVE_TLS_NPN
+ /* By this point, Next Protocol Negotiation (NPN) should be completed (if
+ * our version of OpenSSL supports it). If we haven't already, find out
+ * which protocol was decided upon and inform other modules by calling
+ * npn_proto_negotiated_hook. */
+ if (!inctx->npn_finished) {
+ const unsigned char *next_proto = NULL;
+ unsigned next_proto_len = 0;
+
+ SSL_get0_next_proto_negotiated(
+ inctx->ssl, &next_proto, &next_proto_len);
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c,
+ "SSL NPN negotiated protocol: '%s'",
+ apr_pstrmemdup(f->c->pool, (const char*)next_proto,
+ next_proto_len));
+ modssl_run_npn_proto_negotiated_hook(
+ f->c, (const char*)next_proto, next_proto_len);
+ inctx->npn_finished = 1;
+ }
+#endif
+
return APR_SUCCESS;
}
@@ -1866,6 +1889,7 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c,
inctx->block = APR_BLOCK_READ;
inctx->pool = c->pool;
inctx->filter_ctx = filter_ctx;
+ inctx->npn_finished = 0;
}
/* The request_rec pointer is passed in here only to ensure that the
--- httpd-2.4.4/modules/ssl/ssl_engine_kernel.c
+++ httpd-2.4.4/modules/ssl/ssl_engine_kernel.c
@@ -29,6 +29,7 @@
time I was too famous.''
-- Unknown */
#include "ssl_private.h"
+#include "mod_ssl.h"
#include "util_md5.h"
static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
@@ -2186,3 +2187,84 @@ int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg)
}
#endif /* OPENSSL_NO_SRP */
+
+#ifdef HAVE_TLS_NPN
+/*
+ * This callback function is executed when SSL needs to decide what protocols
+ * to advertise during Next Protocol Negotiation (NPN). It must produce a
+ * string in wire format -- a sequence of length-prefixed strings -- indicating
+ * the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb
+ * in OpenSSL for reference.
+ */
+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
+ unsigned int *size_out, void *arg)
+{
+ conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
+ apr_array_header_t *protos;
+ int num_protos;
+ unsigned int size;
+ int i;
+ unsigned char *data;
+ unsigned char *start;
+
+ *data_out = NULL;
+ *size_out = 0;
+
+ /* If the connection object is not available, then there's nothing for us
+ * to do. */
+ if (c == NULL) {
+ return SSL_TLSEXT_ERR_OK;
+ }
+
+ /* Invoke our npn_advertise_protos hook, giving other modules a chance to
+ * add alternate protocol names to advertise. */
+ protos = apr_array_make(c->pool, 0, sizeof(char*));
+ modssl_run_npn_advertise_protos_hook(c, protos);
+ num_protos = protos->nelts;
+
+ /* We now have a list of null-terminated strings; we need to concatenate
+ * them together into a single string, where each protocol name is prefixed
+ * by its length. First, calculate how long that string will be. */
+ size = 0;
+ for (i = 0; i < num_protos; ++i) {
+ const char *string = APR_ARRAY_IDX(protos, i, const char*);
+ unsigned int length = strlen(string);
+ /* If the protocol name is too long (the length must fit in one byte),
+ * then log an error and skip it. */
+ if (length > 255) {
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
+ "SSL NPN protocol name too long (length=%u): %s",
+ length, string);
+ continue;
+ }
+ /* Leave room for the length prefix (one byte) plus the protocol name
+ * itself. */
+ size += 1 + length;
+ }
+
+ /* If there is nothing to advertise (either because no modules added
+ * anything to the protos array, or because all strings added to the array
+ * were skipped), then we're done. */
+ if (size == 0) {
+ return SSL_TLSEXT_ERR_OK;
+ }
+
+ /* Now we can build the string. Copy each protocol name string into the
+ * larger string, prefixed by its length. */
+ data = apr_palloc(c->pool, size * sizeof(unsigned char));
+ start = data;
+ for (i = 0; i < num_protos; ++i) {
+ const char *string = APR_ARRAY_IDX(protos, i, const char*);
+ apr_size_t length = strlen(string);
+ *start = (unsigned char)length;
+ ++start;
+ memcpy(start, string, length * sizeof(unsigned char));
+ start += length;
+ }
+
+ /* Success. */
+ *data_out = data;
+ *size_out = size;
+ return SSL_TLSEXT_ERR_OK;
+}
+#endif
@@ -0,0 +1,52 @@
From 760ccbb2fb046621a2aeaecabb2b1ef9aa280cf1 Mon Sep 17 00:00:00 2001
From: Yulong Pei <Yulong.pei@windriver.com>
Date: Thu, 1 Sep 2011 01:03:14 +0800
Subject: [PATCH] replace lynx to curl in apachectl script
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Yulong Pei <Yulong.pei@windriver.com>
---
support/apachectl.in | 14 ++++++++++----
1 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/support/apachectl.in b/support/apachectl.in
index d4dff38..109ea13 100644
--- a/support/apachectl.in
+++ b/support/apachectl.in
@@ -51,11 +51,11 @@ fi
# a command that outputs a formatted text version of the HTML at the
# url given on the command line. Designed for lynx, however other
# programs may work.
-LYNX="@LYNX_PATH@ -dump"
+CURL="/usr/bin/curl"
#
# the URL to your server's mod_status status page. If you do not
# have one, then status and fullstatus will not work.
-STATUSURL="http://localhost:@PORT@/server-status"
+STATUSURL="http://localhost:@PORT@/"
#
# Set this variable to a command that increases the maximum
# number of file descriptors allowed per child process. This is
@@ -91,10 +91,16 @@ configtest)
ERROR=$?
;;
status)
- $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
+ $CURL -s $STATUSURL | grep -o "It works!"
+ if [ $? != 0 ] ; then
+ echo The httpd server does not work!
+ fi
;;
fullstatus)
- $LYNX $STATUSURL
+ $CURL -s $STATUSURL | grep -o "It works!"
+ if [ $? != 0 ] ; then
+ echo The httpd server does not work!
+ fi
;;
*)
$HTTPD $ARGV
--
1.6.4
@@ -0,0 +1,11 @@
--- http-2.0.54/server/Makefile.in-old 2005-12-20 13:26:56.000000000 -0500
+++ http-2.0.54/server/Makefile.in 2005-12-20 13:27:22.000000000 -0500
@@ -27,7 +27,7 @@
$(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS)
test_char.h: gen_test_char
- ./gen_test_char > test_char.h
+ gen_test_char > test_char.h
util.lo: test_char.h