The commit e789c3837c tries to create
log/run directory in initscript/systemd unit file. This is not a correct
method. We should create them in pkg_postinst.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
reproduce steps:
1. boot up target
2. scp apache2-2.4.41-r0.1.aarch64.rpm on target
3. rpm -i apache2-2.4.41-r0.1.aarch64.rpm
4. systemctl status apache2
Error:
httpd[7767]: (2)No such file or directory: AH02291: Cannot access directory '/var/log/apache2/' for main error log
with the old way, /var/log/apache2/ is created by service
systemd-tmpfiles-setup during boot, so only works when apache2
already installed before boot, in above scenario,
/var/log/apache2/ will not created. fix by creating it in the
service file. similar fix for sysV system
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
apache2 added cross-compilation support after 2.4.41, but
this conflicts with our own cross-compilation setup and causes
related recipes like apache-websocket to fail to find config
files (due to incorrect file paths) during build:
| cannot open
/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot//usr/share/apache2/build/config_vars.mk:
No such file or directory at
/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/usr/bin/crossscripts/apxs
line 213.
Add this patch to ensure that the $destdir
variable used in apache2's cross-compilation scheme is always
the empty string so that apache-websocket can find the right
files.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are errors of apache2 about files conflicts when multilib enabled:
| Error: Transaction check error:
| file /etc/apache2/extra/httpd-ssl.conf conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
| file /etc/apache2/httpd.conf conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
| file /usr/sbin/envvars conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
| file /usr/sbin/envvars-std conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
It makes libexecdir point to ${libdir}. Reset to ${libexecdir} which could
eliminate file conflicts of the conf files. And remove /usr/sbin/envvars and
/usr/sbin/envvars-std which only used by apachectl. They only add standard
library path ${libdir} to LD_LIBRARY_PATH, so remove them to avoid multilib
file conflicts.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add back this patch. Without this patch, apxs's shebang will use
perl under hosttools, which can be too long for shebang, and cause
error:
bad interpreter: No such file or directory
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The build related files (${datadir}/${BPN}/build and ${bindir}/apxs)
belong in the -dev package, and the manual belong in the -doc package.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
A missing space lead to problems if something else was already added to
SYSROOT_PREPROCESS_FUNCS.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default layout installs log files to /var/apache2/logs. But we
assume the log directory is /var/log/apache2 in volatile.conf. Specify
the layout to debian style to set the correct the log directory.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Security fixes:
CVE-2018-8011
mod_md: DoS via Coredumps on specially crafted requests
CVE-2018-1333
mod_http2: DoS for HTTP/2 connections by specially crafted requests
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* License-Update: Correctly identify origin of util_pcre.c/ap_regex.h as
pcreposix[.ch] and correct LICENSE/NOTICE to match.
* Refresh patches with devtool
* Drop useless patch apache-ssl-ltmain-rpath.patch
* Move all patches to one directory
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The configure options '--enable-deflate' or '--with-z' make
the package depends on zlib. PACKAGECONFIG should be defined
to clear the dependency.
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is a failure to install both of sthttpd-doc and
apache2-doc to rootfs.
...
|Error: Transaction check error:
| file /usr/share/man/man1/htpasswd.1 conflicts
between attempted installs of sthttpd-doc-2.27.1
-r0.0.armv7ahf_neon and apache2-doc-2.4.27
-r0.0.armv7ahf_neon
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
WARNING: apache2-2.4.29-r0 do_patch:
Some of the context lines in patches were ignored. This can lead to incorrectly applied patches.
The context lines in the patches can be updated with devtool:
devtool modify <recipe>
devtool finish --force-patch-refresh <recipe> <layer_path>
Then the updated patches and the source tree (in devtool's workspace)
should be reviewed to make sure the patches apply in the correct place
and don't introduce duplicate lines (which can, and does happen
when some of the context is ignored). Further information:
http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.htmlhttps://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
Details:
Applying patch apache-configure_perlbin.patch
patching file configure.in
Hunk #1 succeeded at 855 with fuzz 2 (offset 217 lines).
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The default layout installs log files and pid files into /var/apache2/logs.
This is odd and also will cause security issues because selinux does not know
how to label the security contexts for the files.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The change to use ${APACHE_MIRROR} in the SRC_URI in dfbe6cf214 did
not take into account that ${APACHE_MIRROR} already contains "/dist".
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
According to other Linux distributes like Ubuntu, the modules
are usually included by 'LoadModule' command in *.load files
in mods-enable directory, as *.conf files in this directory
are usually used for special configurations for each module.
Include *.load in apache2 top conf file to be compatible with
customer's normal usage habits.
Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
libtool-cross recipe install it as ${HOST_SYS}-libtool
Signed-off-by: Kirill Esipov <yesipov@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Some apache module recipes like the newly introduced apache-websocket
also need apachectl at build in the sysroot besides apxs.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
It shows warnings when build apache2 such as:
| WARNING: QA Issue: apache2: /apache2-dev/usr/share/apache2/icons/small/movie.gif
| is owned by uid 1785, which is the same as the user running bitbake.
| This may be due to host contamination [host-user-contaminated]
Set the owner and group to root to fix it.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Replace contaminated paths with staging paths so apxs can be successfully used
in other recipes to build modules when host and target arch differ.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Those buildpaths were generated from configure substitutions, they are
required for cross-compiling, but obviously they should be cleaned up
from target stuffs.
Cleanup buildpaths from config_vars.mk and config.nice:
* remove ${STAGING_DIR_HOST} from CC, CFLAGS ...
* set APU_INCLUDEDIR, APU_CONFIG as empty
* remove buildpath from configure line
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Change start, stop, and restart functions in apache2 init script to return only
after completion (i.e. the server has started/stopped, not just received a kill
signal). Starting and stopping the server in quick sucession results in an error
because the server will attempt to stop before it has had time to start and vice
versa.
Signed-off-by: Adam Chappell <adam.chappell@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2.4.16 includes fixes for CVE-2015-3185, CVE-2015-0253 and CVE-2015-3183
remove a backport patch 0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
WARNING: QA Issue: /usr/bin/apxs_apache2-dev contained in package apache2-dev requires /usr/bin/perl, but no providers found in its RDEPENDS [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Remove apache-CVE-2014-0117.patch which apache2 2.4.12 has it
Update the apache-ssl-ltmain-rpath.patch
Backport the patch to fix CVE-2015-0228
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
fix a typos to remove a warning:
systemd[1]: [/lib/systemd/system/apache2.service:2] Unknown lvalue
'Decription' in section 'Unit'
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Add PACKAGECONFIG for 'selinux', otherwise there would be warnings like
below:
WARN: apache2: apache2 rdepends on libselinux, but it isn't a build dependency?
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The patch comes from upstream:
http://svn.apache.org/viewvc?view=revision&revision=1610674
SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse proxy
configuration, a remote attacker could send a carefully crafted request which
could crash a server process, resulting in denial of service.
Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting
this issue.
Submitted by: Edward Lu, breser, covener
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Sakib Sajal
Yi Zhao
Changqing Li
Trevor Gamblin
Kai Kang
Alejandro del Castillo
Peter Kjellerstedt
Qi.Chen@windriver.com
Mingli Yu
Haiqing Bai
Hongxu Jia
Armin Kuster
Derek Straka
dengke.du@windriver.com
Oleksandr Kravchuk
Junxian.Xiao
Joe Slater
Martin Jansa
Kirill Esipov
Ross Burton
Ioan-Adrian Ratiu
fan.xin
George McCollister
Wenzong Fan
Adam Chappell
Roy Li