Accepting request 129508 from home:elvigia:branches:Apache

- Upgrade to apache 2.4.2 ** ATTENTION, before installing this update YOU MUST READ http://httpd.apache.org/docs/2.4/upgrading.html CAREFULLY otherwise your server will most likely fail to start due to backward incompatible changes. * You can read the huge complete list of changes at http://httpd.apache.org/docs/2.4/new_features_2_4.html OBS-URL: https://build.opensuse.org/request/show/129508 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=370
2012-08-01 01:54:19 +00:00 · 2012-08-01 01:54:19 +00:00 · e249e1729b
commit e249e1729b
parent 9386014e7c
17 changed files with 3513 additions and 319 deletions
--- a/8
+++ b/8
@ -13,7 +13,6 @@ if a2enmod -q auth; then
 	a2enmod authz_groupfile
 	a2enmod authz_default
 	a2enmod authz_user
-
 	cat <<-EOF
 	
 	
@ -61,4 +60,11 @@ if a2enmod -q auth_ldap; then
 	a2enmod mod_authnz_ldap
 fi

+for module in mod_authn_default mod_authz_default mod_mem_cache; do
+	if a2enmod -q "$module"; then
+	echo "!!ATTENTION! $module was removed from apache version 2.4 or later, CHECK YOUR CONFIGURATION!!!"
+	a2dismod "$module"
+	fi
+done
+
 echo 'Done.'
--- a/apache2-default-server.conf
+++ b/apache2-default-server.conf
@ -102,5 +102,5 @@ ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/"
 Include /etc/apache2/conf.d/*.conf

 # The manual... if it is installed ('?' means it won't complain)
-Include /etc/apache2/conf.d/apache2-manual?conf
+IncludeOptional /etc/apache2/conf.d/apache2-manual?conf

--- a/apache2-httpd.conf
+++ b/apache2-httpd.conf
@ -202,7 +202,7 @@ Include /etc/apache2/sysconfig.d/include.conf
 # You may use the command line option '-S' to verify your virtual host
 # configuration.
 #
-Include /etc/apache2/vhosts.d/*.conf
+IncludeOptional /etc/apache2/vhosts.d/*.conf


 # Note: instead of adding your own configuration here, consider 
--- a/apache2-mod_ssl_npn.patch
+++ b/apache2-mod_ssl_npn.patch
--- a/apache2.4-mpm-itk-2.4.2-01.patch
+++ b/apache2.4-mpm-itk-2.4.2-01.patch
--- a/apache2.changes
+++ b/apache2.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Wed Aug  1 01:14:35 UTC 2012 - crrodriguez@opensuse.org
+
+- Upgrade to apache 2.4.2
+** ATTENTION, before installing this update YOU MUST
+READ http://httpd.apache.org/docs/2.4/upgrading.html
+CAREFULLY otherwise your server will most likely
+fail to start due to backward incompatible changes.
+
+* You can read the huge complete list of changes
+  at http://httpd.apache.org/docs/2.4/new_features_2_4.html 
+
 -------------------------------------------------------------------
 Wed Jul 25 11:32:34 UTC 2012 - saschpe@suse.de

--- a/apache2.spec
+++ b/apache2.spec
@ -47,7 +47,7 @@ BuildRequires:  expat-devel
 %define pname 		apache2
 %define vers   		2
 %define httpd 		httpd2
-%define apache_mmn	%(test -s %{S:0} && { echo -n apache_mmn_; bzcat %{S:0} | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; })
+%define apache_mmn	%(test -s %{S:0} && { echo -n apache_mmn_; xzcat %{S:0} | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; })
 %define	default_mpm	prefork
 %{!?prefork:%define prefork 1}
 %{!?worker:%define worker 1}
@ -74,14 +74,13 @@ BuildRequires:  expat-devel
 # "Server:" header
 %define VENDOR SUSE
 %define platform_string	Linux/%VENDOR
-%define realver 2.2.22
-Version:        2.2.22
+%define realver 2.4.2
+Version:        2.4.2
 Release:        0
 #Source0:      http://www.apache.org/dist/httpd-%{version}.tar.bz2
-Source0:        http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2
+Source0:        http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.xz
 # Add file to take mtime from it in prep section
 Source1:        apache2.changes
-Source5:        http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2.asc
 Source6:        60C5442D.key
 Source10:       SUSE-NOTICE
 Source11:       rc.%{pname}
@ -139,14 +138,8 @@ Patch66:        httpd-2.0.54-envvars.dif
 Patch67:        httpd-2.2.0-apxs-a2enmod.dif
 Patch68:        httpd-2.x.x-logresolve.patch
 Patch69:        httpd-2.2.x-bnc690734.patch
-Patch100:       apache2.2-mpm-itk-20090414-00.patch
+Patch100:       apache2.4-mpm-itk-2.4.2-01.patch
 Patch101:       httpd-2.2.19-linux3.patch
-Patch102:       httpd-keepalivetimeout-millisecs.patch
-Patch104:       httpd-mod_deflate_head.patch
-Patch105:       ssl-mode-release-buffers.patch
-Patch106:       httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff
-# PATCH-FIX-UPSTREAM https://issues.apache.org/bugzilla/show_bug.cgi?id=52623
-Patch107:       httpd-new_pcre.patch
 # PATCH-FEATURE-UPSTREAM apache2-mod_ssl_npn.patch dimstar@opensuse.org -- Add npn support to mod_ssl (needed for spdy)
 Patch108:       apache2-mod_ssl_npn.patch
 Provides:       apache2(mod_ssl+npn)
@ -362,22 +355,15 @@ to administrators of web servers in general.
 #  
 %setup -q -n httpd-%{realver}
 %patch2 -p1
-%patch23 -p1
+%patch23
 %patch65 -p1
-%patch66 -p1
+%patch66
 %patch67 -p1
 %patch68 -p1
 %patch69
-%patch100
+%patch100 -p1
 %patch101
-%patch102
-%patch104
-%patch105
-%patch106
-%if 0%{?suse_version} >= 1220
-%patch107
-%endif
-%patch108
+%patch108 -p1
 #
 cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE

@ -480,7 +466,8 @@ function configure {
 		--with-suexec-userdir=%{userdir} \
 		--with-suexec-uidmin=96 \
 		--with-suexec-gidmin=96 \
-		--with-suexec-safepath=%{suexec_safepath}
+		--with-suexec-safepath=%{suexec_safepath} \
+		--disable-heartbeat
 }

 #	
@ -737,17 +724,21 @@ pushd $RPM_BUILD_ROOT/%{_mandir}
 		mv $i ${i%.*}%{vers}.${i#*.*.} || true
 	done
 popd
+
+pushd $RPM_BUILD_ROOT/%{_bindir}
+for i in ab dbmmanage htdbm htdigest htpasswd logresolve;do 
+mv $i ${i}%{vers} || true
+done
+popd
+
 pushd $RPM_BUILD_ROOT/%{_sbindir}
-	for i in ab dbmmanage htdbm htdigest htpasswd logresolve rotatelogs suexec; do
+	for i in rotatelogs suexec; do
 		mv $i ${i}%{vers} || true
 	done
 	mv apachectl apachectl.tmp; mv apachectl.tmp apache%{vers}ctl
-	for i in dbmmanage htdbm htdigest htpasswd; do
-		mv ${i}%{vers} ../bin/
-	done
 popd
 # fix up apxs
-pushd $RPM_BUILD_ROOT/%{_sbindir}
+pushd $RPM_BUILD_ROOT/%{_bindir}
 	for mpm in %{mpms_to_build}; do
 		cat <<-EOT_ED | ed -s apxs
 			H
@ -785,7 +776,7 @@ for mpm in %{mpms_to_build}; do
 	echo %dir %{_libdir}/%{pname}-$mpm >> filelist
 	(
 	echo %dir %{includedir}-$mpm 
-	echo %{_sbindir}/apxs%{vers}-$mpm
+	echo %{_bindir}/apxs%{vers}-$mpm
 	) >> filelist-devel
 done
 find $RPM_BUILD_ROOT/%{includedir}/.. -type f -o -type l \
@ -827,6 +818,7 @@ sed -e 's+/usr/%_lib+'$RPM_BUILD_ROOT'/usr/%_lib+' \
    -e 's+%{sysconfdir}+'$RPM_BUILD_ROOT'%{sysconfdir}+' \
    -e 's+%{datadir}+'$RPM_BUILD_ROOT'%{datadir}+' \
    -e 's+\.conf$+&.test+' \
+    -e 's+/var/log+'$RPM_BUILD_ROOT'/var/log+' \
 		httpd.conf > httpd.conf.test
 sed -e 's+%{sysconfdir}+'$RPM_BUILD_ROOT'%{sysconfdir}+' \
 		default-server.conf > default-server.conf.test
@ -973,7 +965,7 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
 %dir %{_prefix}/share/%{pname}
 %dir %{installbuilddir}
 %dir %{includedir}
-%{_sbindir}/apxs%{vers}
+%{_bindir}/apxs%{vers}

 %files doc
 %defattr(-,root,root)
@ -999,6 +991,8 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
 %doc %{_mandir}/man?/logresolve%{vers}.?.*
 %doc %{_mandir}/man?/rotatelogs%{vers}.?.*
 %doc %{_mandir}/man?/suexec%{vers}.?.*
+%{_sbindir}/fcgistarter
+%{_mandir}/man8/fcgistarter2.8.*
 %{_bindir}/check_forensic%{vers}
 %{_bindir}/dbmmanage%{vers}
 %{_bindir}/gensslcert
@ -1006,10 +1000,10 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
 %{_bindir}/htdigest%{vers}
 %{_bindir}/htpasswd%{vers}
 %{_bindir}/split-logfile%{vers}
-%{_sbindir}/ab%{vers}
-%{_sbindir}/httxt2dbm
+%{_bindir}/ab%{vers}
+%{_bindir}/httxt2dbm
 %{_sbindir}/logresolve.pl%{vers}
-%{_sbindir}/logresolve%{vers}
+%{_bindir}/logresolve%{vers}
 %{_sbindir}/rotatelogs%{vers}
 %verify(not mode) %attr(0755,root,root) %_sbindir/suexec2
 %if %prefork
--- a/httpd-2.0.54-envvars.dif
+++ b/httpd-2.0.54-envvars.dif
@ -1,11 +1,17 @@
-diff -uNr httpd-2.0.54.orig/support/envvars-std.in httpd-2.0.54/support/envvars-std.in
--- httpd-2.0.54.orig/support/envvars-std.in	2005-02-04 21:21:18.000000000 +0100
-+++ httpd-2.0.54/support/envvars-std.in	2005-10-07 13:56:49.223546288 +0200
-@@ -19,6 +19,6 @@
+--- support/envvars-std.in.orig
+++ support/envvars-std.in
+@@ -18,11 +18,9 @@
+ #
 # This file is generated from envvars-std.in
 #
-@SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
+-if test "x$@SHLIBPATH_VAR@" != "x" ; then
+-  @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
+-else
+-  @SHLIBPATH_VAR@="@exp_libdir@"
+-fi
+
 +@SHLIBPATH_VAR@="@exp_libdir@${@SHLIBPATH_VAR@+:$@SHLIBPATH_VAR@}"
+
 export @SHLIBPATH_VAR@
 #
 @OS_SPECIFIC_VARS@
--- a/httpd-2.1.9-apachectl.dif
+++ b/httpd-2.1.9-apachectl.dif
@ -1,7 +1,6 @@
-diff -uNr httpd-2.1.3-alpha.orig/support/apachectl.in httpd-2.1.3-alpha/support/apachectl.in
--- httpd-2.1.3-alpha.orig/support/apachectl.in	2005-02-04 21:28:49.000000000 +0100
-+++ httpd-2.1.3-alpha/support/apachectl.in	2005-02-25 02:52:49.203566813 +0100
-@@ -41,17 +41,32 @@
+--- support/apachectl.in.orig
+++ support/apachectl.in
+@@ -42,17 +42,32 @@ ARGV="$@"
 # --------------------                              --------------------
 # 
 # the path to your httpd binary, including options if necessary
@ -36,16 +35,16 @@ diff -uNr httpd-2.1.3-alpha.orig/support/apachectl.in httpd-2.1.3-alpha/support/
 #
 # the URL to your server's mod_status status page.  If you do not
 # have one, then status and fullstatus will not work.
-@@ -77,7 +92,7 @@
+@@ -78,7 +93,7 @@ fi
 
- case $ARGV in
+ case $ACMD in
 start|stop|restart|graceful|graceful-stop)
 -    $HTTPD -k $ARGV
 +    $HTTPD ${httpd_conf+-f $httpd_conf} -k $ARGV
     ERROR=$?
     ;;
 startssl|sslstart|start-SSL)
-@@ -87,7 +102,7 @@
+@@ -88,7 +103,7 @@ startssl|sslstart|start-SSL)
     ERROR=2
     ;;
 configtest)
@ -54,12 +53,3 @@ diff -uNr httpd-2.1.3-alpha.orig/support/apachectl.in httpd-2.1.3-alpha/support/
     ERROR=$?
     ;;
 status)
-@@ -97,7 +112,7 @@
-     $LYNX $STATUSURL
-     ;;
- *)
-    $HTTPD $ARGV
-+    $HTTPD ${httpd_conf+-f $httpd_conf} $ARGV
-     ERROR=$?
- esac
- 
--- a/httpd-2.2.22.tar.bz2
+++ b/httpd-2.2.22.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:dcdc9f1dc722f84798caf69d69dca78daa5e09a4269060045aeca7e4f44cb231
-size 5378934
--- a/httpd-2.2.22.tar.bz2.asc
+++ b/httpd-2.2.22.tar.bz2.asc
--- a/httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff
+++ b/httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff
@ -1,68 +0,0 @@
-diff -rNU 20 ../httpd-2.2.21-o/server/protocol.c ./server/protocol.c
--- ../httpd-2.2.21-o/server/protocol.c	2011-05-07 13:39:29.000000000 +0200
-+++ ./server/protocol.c	2011-10-07 17:10:46.000000000 +0200
-@@ -623,40 +623,64 @@
- 
- #if 0
- /* XXX If we want to keep track of the Method, the protocol module should do
-  * it.  That support isn't in the scoreboard yet.  Hopefully next week
-  * sometime.   rbb */
-     ap_update_connection_status(AP_CHILD_THREAD_FROM_ID(conn->id), "Method",
-                                 r->method);
- #endif
- 
-     uri = ap_getword_white(r->pool, &ll);
- 
-     /* Provide quick information about the request method as soon as known */
- 
-     r->method_number = ap_method_number_of(r->method);
-     if (r->method_number == M_GET && r->method[0] == 'H') {
-         r->header_only = 1;
-     }
- 
-     ap_parse_uri(r, uri);
- 
-+/* 
-+	https://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?r1=1178566&r2=1179239&pathrev=1179239&view=patch
-+	This is the fix for CVE-2011-3368; via bnc#722545.
-+ */
-+
-+    /* RFC 2616:
-+     *   Request-URI    = "*" | absoluteURI | abs_path | authority
-+     *
-+     * authority is a special case for CONNECT.  If the request is not
-+     * using CONNECT, and the parsed URI does not have scheme, and
-+     * it does not begin with '/', and it is not '*', then, fail
-+     * and give a 400 response. */
-+    if (r->method_number != M_CONNECT 
-+        && !r->parsed_uri.scheme 
-+        && uri[0] != '/'
-+        && !(uri[0] == '*' && uri[1] == '\0')) {
-+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-+                      "invalid request-URI %s", uri);
-+        r->args = NULL;
-+        r->hostname = NULL;
-+        r->status = HTTP_BAD_REQUEST;
-+        r->uri = apr_pstrdup(r->pool, uri);
-+    }
-+
-     if (ll[0]) {
-         r->assbackwards = 0;
-         pro = ll;
-         len = strlen(ll);
-     } else {
-         r->assbackwards = 1;
-         pro = "HTTP/0.9";
-         len = 8;
-     }
-     r->protocol = apr_pstrmemdup(r->pool, pro, len);
- 
-     /* XXX ap_update_connection_status(conn->id, "Protocol", r->protocol); */
- 
-     /* Avoid sscanf in the common case */
-     if (len == 8
-         && pro[0] == 'H' && pro[1] == 'T' && pro[2] == 'T' && pro[3] == 'P'
-         && pro[4] == '/' && apr_isdigit(pro[5]) && pro[6] == '.'
-         && apr_isdigit(pro[7])) {
-         r->proto_num = HTTP_VERSION(pro[5] - '0', pro[7] - '0');
-     }
--- a/httpd-2.2.x-bnc690734.patch
+++ b/httpd-2.2.x-bnc690734.patch
@ -1,7 +1,6 @@
-diff -ruN ../httpd-2.2.17-o/server/util_script.c ./server/util_script.c
--- ../httpd-2.2.17-o/server/util_script.c	2009-01-12 14:59:56.000000000 +0100
-+++ ./server/util_script.c	2011-07-26 15:39:50.000000000 +0200
-@@ -406,6 +406,7 @@
+--- server/util_script.c.orig
+++ server/util_script.c
+@@ -415,6 +415,7 @@ AP_DECLARE(int) ap_scan_script_header_er
 {
     char x[MAX_STRING_LEN];
     char *w, *l;
@ -9,7 +8,7 @@ diff -ruN ../httpd-2.2.17-o/server/util_script.c ./server/util_script.c
     int p;
     int cgi_status = HTTP_UNSET;
     apr_table_t *merge;
-@@ -414,7 +415,14 @@
+@@ -425,7 +426,14 @@ AP_DECLARE(int) ap_scan_script_header_er
     if (buffer) {
         *buffer = '\0';
     }
@ -25,17 +24,17 @@ diff -ruN ../httpd-2.2.17-o/server/util_script.c ./server/util_script.c
 
     /* temporary place to hold headers to merge in later */
     merge = apr_table_make(r->pool, 10);
-@@ -430,7 +438,7 @@
+@@ -441,7 +449,7 @@ AP_DECLARE(int) ap_scan_script_header_er
 
     while (1) {
 
 -        int rv = (*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data);
 +        int rv = (*getsfunc) (w, wlen - 1, getsfunc_data);
         if (rv == 0) {
-             ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,
-                           "Premature end of script headers: %s",
-@@ -537,9 +545,12 @@
- 
+             const char *msg = "Premature end of script headers";
+             if (first_header)
+@@ -553,9 +561,12 @@ AP_DECLARE(int) ap_scan_script_header_er
+         if (!(l = strchr(w, ':'))) {
             if (!buffer) {
                 /* Soak up all the script output - may save an outright kill */
 -                while ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data)) {
@ -47,4 +46,4 @@ diff -ruN ../httpd-2.2.17-o/server/util_script.c ./server/util_script.c
 +		buffer[MAX_STRING_LEN - 1] = 0;
             }
 
-             ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,
+             ap_log_rerror(SCRIPT_LOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,
--- a/httpd-2.4.2.tar.xz
+++ b/httpd-2.4.2.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:932c695ff1ff7c907f67bed7462faf567d99744306b8491ba9db6bb0e8135905
+size 3645528
--- a/httpd-keepalivetimeout-millisecs.patch
+++ b/httpd-keepalivetimeout-millisecs.patch
@ -1,20 +0,0 @@
--- modules/http/http_core.c.orig
-+++ modules/http/http_core.c
-@@ -47,12 +47,15 @@ static int ap_process_http_connection(co
- static const char *set_keep_alive_timeout(cmd_parms *cmd, void *dummy,
-                                           const char *arg)
- {
-+    apr_interval_time_t timeout;
-     const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-     if (err != NULL) {
-         return err;
-     }
-
-    cmd->server->keep_alive_timeout = apr_time_from_sec(atoi(arg));
-+    /* Stolen from mod_proxy.c */
-+    if (ap_timeout_parameter_parse(arg, &timeout, "s") != APR_SUCCESS)
-+        return "KeepAliveTimeout has wrong format";
-+    cmd->server->keep_alive_timeout = timeout;
-     return NULL;
- }
- 
--- a/httpd-mod_deflate_head.patch
+++ b/httpd-mod_deflate_head.patch
@ -1,23 +0,0 @@
--- modules/filters/mod_deflate.c.orig
-+++ modules/filters/mod_deflate.c
-@@ -582,6 +582,20 @@ static apr_status_t deflate_out_filter(a
-         apr_bucket *b;
-         apr_size_t len;
- 
-+        /*
-+         * Optimization: If we are a HEAD request and bytes_sent is not zero
-+         * it means that we have passed the content-length filter once and
-+         * have more data to sent. This means that the content-length filter
-+         * could not determine our content-length for the response to the
-+         * HEAD request anyway (the associated GET request would deliver the
-+         * body in chunked encoding) and we can stop compressing.
-+         */
-+        if (r->header_only && r->bytes_sent) {
-+            ap_remove_output_filter(f);
-+            return ap_pass_brigade(f->next, bb);
-+        }
-+
-+
-         e = APR_BRIGADE_FIRST(bb);
- 
-         if (APR_BUCKET_IS_EOS(e)) {
--- a/ssl-mode-release-buffers.patch
+++ b/ssl-mode-release-buffers.patch
@ -1,13 +0,0 @@
--- modules/ssl/ssl_engine_init.c.orig
-+++ modules/ssl/ssl_engine_init.c
-@@ -482,7 +482,9 @@ static void ssl_init_ctx_protocol(server
-     }
- 
-     mctx->ssl_ctx = ctx;
-
-+#ifdef SSL_MODE_RELEASE_BUFFERS
-+    SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
-+#endif
-     SSL_CTX_set_options(ctx, SSL_OP_ALL);
- 
-     if (!(protocol & SSL_PROTOCOL_SSLV2)) {