pool/apache2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 208347 from home:elvigia:branches:Apache

Browse Source 
- update to apache 2.4.7, important changes:
* This release requires both apr and apr-util 1.5.x series
  and therefore will no longer build in older released products
* mod_ssl: Improve handling of ephemeral DH and ECDH keys
 (obsoletes httpd-mod_ssl_ephemeralkeyhandling.patch)
*  event MPM: Fix possible crashes
*  mod_deflate: Improve error detection
* core: Add open_htaccess hook  in conjunction with dirwalk_stat.
* mod_rewrite: Make rewrite websocket-aware to allow proxying.
* mod_ssl: drop support for export-grade ciphers with ephemeral RSA
  keys, and unconditionally disable aNULL, eNULL and EXP ciphers
 (not overridable via SSLCipherSuite)
* see CHANGES for more details

OBS-URL: https://build.opensuse.org/request/show/208347
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=399
This commit is contained in:
Cristian Rodríguez 2013-11-25 22:26:02 +00:00 committed by Git OBS Bridge
parent 8ac24cac75
commit 74d7ddb780
6 changed files with 27 additions and 1736 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
apache2.changes
View File

@ -1,3 +1,21 @@
-------------------------------------------------------------------
Mon Nov 25 22:15:51 UTC 2013 - crrodriguez@opensuse.org
- update to apache 2.4.7, important changes:
* This release requires both apr and apr-util 1.5.x series
and therefore will no longer build in older released products
* mod_ssl: Improve handling of ephemeral DH and ECDH keys
(obsoletes httpd-mod_ssl_ephemeralkeyhandling.patch)
* event MPM: Fix possible crashes
* mod_deflate: Improve error detection
* core: Add open_htaccess hook in conjunction with dirwalk_stat.
* mod_rewrite: Make rewrite websocket-aware to allow proxying.
* mod_ssl: drop support for export-grade ciphers with ephemeral RSA
keys, and unconditionally disable aNULL, eNULL and EXP ciphers
(not overridable via SSLCipherSuite)
* see CHANGES for more details
-------------------------------------------------------------------
Sat Nov 16 00:52:15 UTC 2013 - crrodriguez@opensuse.org

14
apache2.spec
View File

@ -21,9 +21,11 @@ BuildRequires: automake
BuildRequires: db-devel
BuildRequires: ed
BuildRequires: libapr-util1-devel
BuildRequires: libapr1-devel >= 1.4.2
#Since 2.4.7 the event MPM requires apr 1.5.0 or later.
BuildRequires: libapr1-devel >= 1.5.0
#
BuildRequires: openldap2-devel
BuildRequires: openssl-devel
BuildRequires: openssl-devel >= 0.9.8a
BuildRequires: pcre-devel
BuildRequires: xz
BuildRequires: zlib-devel
@ -91,8 +93,8 @@ BuildRequires: expat-devel
# "Server:" header
%define VENDOR SUSE
%define platform_string Linux/%VENDOR
%define realver 2.4.6
Version: 2.4.6
%define realver 2.4.7
Version: 2.4.7
Release: 0
#Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2
Source0: httpd-%{realver}.tar.bz2
@ -161,9 +163,7 @@ Patch70: apache2-implicit-pointer-decl.patch
#Provides: apache2(mod_ssl+npn)
# PATCH-FEATURE-UPSTREAM httpd-2.4.3-mod_systemd.patch crrodriguez@opensuse.org simple module provides systemd integration.
Patch109: httpd-2.4.3-mod_systemd.patch
Patch110: http://people.apache.org/~minfrin/httpd-event-ssl.patch
Patch111: httpd-visibility.patch
Patch112: httpd-mod_ssl_ephemeralkeyhandling.patch
Url: http://httpd.apache.org/
Icon: Apache.xpm
Summary: The Apache Web Server Version 2.2
@ -385,9 +385,7 @@ to administrators of web servers in general.
%patch70 -p1
#%patch108 -p1
%patch109 -p1
%patch110
%patch111 -p1
%patch112 -p1
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
# install READMEs
a=$(basename %{S:22})

3
httpd-2.4.6.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:dc9f3625ebc08bea55eeb0d16e71fba656f252e6cd0aa244ee7806dc3b022fea
size 4949897

3
httpd-2.4.7.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:64368d8301836815ae237f2b62d909711c896c1bd34573771e0ee5ad808ce71b
size 5004719

106
httpd-event-ssl.patch
View File

@ -1,106 +0,0 @@
--- include/httpd.h.orig
+++ include/httpd.h
@@ -1175,12 +1175,20 @@ typedef enum {
CONN_STATE_LINGER_SHORT /* MPM has started lingering close with short timeout */
} conn_state_e;
+typedef enum {
+ CONN_SENSE_DEFAULT,
+ CONN_SENSE_WANT_READ, /* next event must be read */
+ CONN_SENSE_WANT_WRITE /* next event must be write */
+} conn_sense_e;
+
/**
* @brief A structure to contain connection state information
*/
struct conn_state_t {
/** Current state of the connection */
conn_state_e state;
+ /** Whether to read instead of write, or write instead of read */
+ conn_sense_e sense;
};
/* Per-vhost config... */
--- modules/ssl/ssl_engine_io.c.orig
+++ modules/ssl/ssl_engine_io.c
@@ -775,6 +775,18 @@ static apr_status_t ssl_filter_write(ap_
*/
outctx->rc = APR_EAGAIN;
}
+ else if (ssl_err == SSL_ERROR_WANT_READ) {
+ /*
+ * If OpenSSL wants to read during write, and we were
+ * nonblocking, set the sense explicitly to read and
+ * report as an EAGAIN.
+ *
+ * (This is usually the case when the client forces an SSL
+ * renegotiation which is handled implicitly by OpenSSL.)
+ */
+ outctx->c->cs->sense = CONN_SENSE_WANT_READ;
+ outctx->rc = APR_EAGAIN;
+ }
else if (ssl_err == SSL_ERROR_SYSCALL) {
ap_log_cerror(APLOG_MARK, APLOG_INFO, outctx->rc, c, APLOGNO(01993)
"SSL output filter write failed.");
@@ -1902,8 +1914,10 @@ void ssl_io_filter_init(conn_rec *c, req
filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method);
filter_ctx->pbioWrite->ptr = (void *)bio_filter_out_ctx_new(filter_ctx, c);
- /* We insert a clogging input filter. Let the core know. */
- c->clogging_input_filters = 1;
+ /* write is non blocking for the benefit of async mpm */
+ if (c->cs) {
+ BIO_set_nbio(filter_ctx->pbioWrite, 1);
+ }
ssl_io_input_add_filter(filter_ctx, c, r, ssl);
--- server/mpm/event/event.c.orig
+++ server/mpm/event/event.c
@@ -790,7 +790,10 @@ static int start_lingering_close_common(
apr_atomic_inc32(&lingering_count);
apr_thread_mutex_lock(timeout_mutex);
TO_QUEUE_APPEND(*q, cs);
- cs->pfd.reqevents = APR_POLLIN | APR_POLLHUP | APR_POLLERR;
+ cs->pfd.reqevents = (
+ cs->pub.sense == CONN_SENSE_WANT_WRITE ? APR_POLLOUT :
+ APR_POLLIN) | APR_POLLHUP | APR_POLLERR;
+ cs->pub.sense = CONN_SENSE_DEFAULT;
rv = apr_pollset_add(event_pollset, &cs->pfd);
apr_thread_mutex_unlock(timeout_mutex);
if (rv != APR_SUCCESS && !APR_STATUS_IS_EEXIST(rv)) {
@@ -938,6 +941,7 @@ static void process_socket(apr_thread_t
*/
cs->pub.state = CONN_STATE_READ_REQUEST_LINE;
+ cs->pub.sense = CONN_SENSE_DEFAULT;
}
else {
c = cs->c;
@@ -946,9 +950,11 @@ static void process_socket(apr_thread_t
}
if (c->clogging_input_filters && !c->aborted) {
- /* Since we have an input filter which 'cloggs' the input stream,
- * like mod_ssl, lets just do the normal read from input filters,
- * like the Worker MPM does.
+ /* Since we have an input filter which 'clogs' the input stream,
+ * like mod_ssl used to, lets just do the normal read from input
+ * filters, like the Worker MPM does. Filters that need to write
+ * where they would otherwise read, or read where they would
+ * otherwise write, should set the sense appropriately.
*/
apr_atomic_inc32(&clogged_count);
ap_run_process_connection(c);
@@ -994,7 +1000,10 @@ read_request:
cs->expiration_time = ap_server_conf->timeout + apr_time_now();
apr_thread_mutex_lock(timeout_mutex);
TO_QUEUE_APPEND(write_completion_q, cs);
- cs->pfd.reqevents = APR_POLLOUT | APR_POLLHUP | APR_POLLERR;
+ cs->pfd.reqevents = (
+ cs->pub.sense == CONN_SENSE_WANT_READ ? APR_POLLIN :
+ APR_POLLOUT) | APR_POLLHUP | APR_POLLERR;
+ cs->pub.sense = CONN_SENSE_DEFAULT;
rc = apr_pollset_add(event_pollset, &cs->pfd);
apr_thread_mutex_unlock(timeout_mutex);
return;

1619
httpd-mod_ssl_ephemeralkeyhandling.patch
View File

File diff suppressed because it is too large Load Diff