diff --git a/apache2-mod_proxy_uwsgi-fix-crash.patch b/apache2-mod_proxy_uwsgi-fix-crash.patch deleted file mode 100644 index f25a040..0000000 --- a/apache2-mod_proxy_uwsgi-fix-crash.patch +++ /dev/null @@ -1,28 +0,0 @@ -Index: httpd-2.4.46/modules/proxy/mod_proxy_uwsgi.c -=================================================================== ---- httpd-2.4.46.orig/modules/proxy/mod_proxy_uwsgi.c 2020-07-24 11:35:25.000000000 +0200 -+++ httpd-2.4.46/modules/proxy/mod_proxy_uwsgi.c 2020-11-10 16:38:14.507125446 +0100 -@@ -175,7 +175,7 @@ static int uwsgi_send_headers(request_re - env = (apr_table_entry_t *) env_table->elts; - - for (j = 0; j < env_table->nelts; ++j) { -- headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val); -+ headerlen += 2 + strlen(env[j].key) + 2 + (env[j].val ? strlen(env[j].val) : 0); - } - - pktsize = headerlen - 4; -@@ -198,10 +198,12 @@ static int uwsgi_send_headers(request_re - memcpy(ptr, env[j].key, keylen); - ptr += keylen; - -- vallen = strlen(env[j].val); -+ vallen = env[j].val ? strlen(env[j].val) : 0; - *ptr++ = (apr_byte_t) (vallen & 0xff); - *ptr++ = (apr_byte_t) ((vallen >> 8) & 0xff); -- memcpy(ptr, env[j].val, vallen); -+ if (env[j].val) { -+ memcpy(ptr, env[j].val, vallen); -+ } - ptr += vallen; - } - diff --git a/apache2.changes b/apache2.changes index e903b6e..a6a0c9f 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,273 @@ +------------------------------------------------------------------- +Wed Jun 2 07:31:14 UTC 2021 - pgajdos@suse.com + +- version update to 2.4.48 + + Changes with Apache 2.4.48 + + *) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the + fallback to mod_proxy_http for WebSocket upgrade and tunneling. + [Yann Ylavic] + + *) mod_proxy: Fix flushing of THRESHOLD_MIN_WRITE data while tunneling. + BZ 65294. [Yann Ylavic] + + *) core: Fix a regression that stripped the ETag header from 304 responses. + PR 61820 [Ruediger Pluem, Roy T. Fielding] + + *) core: Adding SSL related inquiry functions to the server API. + These function are always available, even when no module providing + SSL is loaded. They provide their own "shadowing" implementation for + the optional functions of similar name that mod_ssl and impersonators + of mod_ssl provide. + This enables loading of several SSL providing modules when all but + one of them registers itself into the new hooks. Two old-style SSL + modules will not work, as they replace the others optional functions + with their own. + Modules using the old-style optional functions will continue to work + as core supplies its own versions of those. + The following has been added so far: + - ap_ssl_conn_is_ssl() to query if a connection is using SSL. + - ap_ssl_var_lookup() to query SSL related variables for a + server/connection/request. + - Hooks for 'ssl_conn_is_ssl' and 'ssl_var_lookup' where modules + providing SSL can install their own value supplying functions. + - ap_ssl_add_cert_files() to enable other modules like mod_md to provide + certificate and keys for an SSL module like mod_ssl. + - ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to + provide a fallback certificate in case no 'proper' certificate is + available for an SSL module like mod_ssl. + - ap_ssl_answer_challenge() to enable other modules like mod_md to + provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge + for the ACME protocol for an SSL module like mod_ssl. The function + and its hook provide PEM encoded data instead of file names. + - Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and + 'ssl_answer_challenge' where modules like mod_md can provide providers + to the above mentioned functions. + - These functions reside in the new 'http_ssl.h' header file. + [Stefan Eissing] + *) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This + allows modules to access and provide OCSP response data without being tied + of each other. The data is exchanged in standard, portable formats (PEM encoded + certificates and DER encoded responses), so that the actual SSL/crypto + implementations used by the modules are independant of each other. + Registration and retrieval happen in the context of a server (server_rec) + which modules may use to decide if they are configured for this or not. + The area of changes: + 1. core: defines 2 functions in include/http_ssl.h, so that modules may + register a certificate, together with its issuer certificate for OCSP + response provisioning and ask for current response data (DER bytes) later. + Also, 2 hooks are defined that allow modules to implement this OCSP + provisioning. + 2. mod_ssl uses the new functions, in addition to what it did already, to + register its certificates this way. If no one is interested in providing + OCSP, it falls back to its own (if configured) stapling implementation. + 3. mod_md registers itself at the core hooks for OCSP provisioning. Depending + on configuration, it will accept registrations of its own certificates only, + all certificates or none. + [Stefan Eissing] + *) mod_md: v2.4.0 with improvements and bugfixes + - MDPrivateKeys allows the specification of several types. Beside "RSA" plus + optional key lengths elliptic curves can be configured. This means you can + have multiple certificates for a Managed Domain with different key types. + With ```MDPrivateKeys secp384r1 rsa2048``` you get one ECDSA and one RSA + certificate and all modern client will use the shorter ECDSA, while older + client will get the RSA certificate. + Many thanks to @tlhackque who pushed and helped on this. + - Support added for MDomains consisting of a wildcard. Configuring + ```MDomain *.host.net``` will match all virtual hosts matching that pattern + and obtain one certificate for it (assuming you have 'dns-01' challenge + support configured). Addresses #239. + - Removed support for ACMEv1 servers. The only known installation used to + be Let's Encrypt which has disabled that version more than a year ago for + new accounts. + - Andreas Ulm () implemented the + ```renewing``` call to ```MDMessageCmd``` that can deny a certificate + renewal attempt. This is useful in clustered installations, as + discussed in #233). + - New event ```challenge-setup::```, triggered when the + challenge data for a domain has been created. This is invoked before the + ACME server is told to check for it. The type is one of the ACME challenge + types. This is invoked for every DNS name in a MDomain. + - The max delay for retries has been raised to daily (this is like all + retries jittered somewhat to avoid repeats at fixed time of day). + - Certain error codes reported by the ACME server that indicate a problem + with the configured data now immediately switch to daily retries. For + example: if the ACME server rejects a contact email or a domain name, + frequent retries will most likely not solve the problem. But daily retries + still make sense as there might be an error at the server and un-supervised + certificate renewal is the goal. Refs #222. + - Test case and work around for domain names > 64 octets. Fixes #227. + When the first DNS name of an MD is longer than 63 octets, the certificate + request will not contain a CN field, but leave it up to the CA to choose one. + Currently, Lets Encrypt looks for a shorter name in the SAN list given and + fails the request if none is found. But it is really up to the CA (and what + browsers/libs accept here) and may change over the years. That is why + the decision is best made at the CA. + - Retry delays now have a random +/-[0-50]% modification applied to let + retries from several servers spread out more, should they have been + restarted at the same time of day. + - Fixed several places where the 'badNonce' return code from an ACME server + was not handled correctly. The test server 'pebble' simulates this behaviour + by default and helps nicely in verifying this behaviour. Thanks, pebble! + - Set the default `MDActivationDelay` to 0. This was confusing to users that + new certificates were deemed not usably before a day of delay. When clocks are + correct, using a new certificate right away should not pose a problem. + - When handling ACME authorization resources, the module no longer requires + the server to return a "Location" header, as was necessary in ACMEv1. + Fixes #216. + - Fixed a theoretical uninitialized read when testing for JSON error responses + from the ACME CA. Reported at . + - ACME problem reports from CAs that include parameters in the Content-Type + header are handled correctly. (Previously, the problem text would not be + reported and retries could exceed CA limits.) + - Account Update transactions to V2 CAs now use the correct POST-AS-GET method. + Previously, an empty JSON object was sent - which apparently LE accepted, + but others reject. + [Stefan Eissing, @tlhackque, Andreas Ulm] + + Changes with Apache 2.4.47 + + *) mod_dav_fs: Improve logging output when failing to open files for + writing. PR 64413. [Bingyu Shen ] + + *) mod_http2: Fixed a race condition that could lead to streams being + aborted (RST to the client), although a response had been produced. + [Stefan Eissing] + + *) mod_lua: Add support to Lua 5.4 [Joe Orton, Giovanni Bechis, Ruediger Pluem] + + *) MPM event/worker: Fix possible crash in child process on early signal + delivery. PR 64533. [Ruediger Pluem] + + *) mod_http2: sync with github standalone version 1.15.17 + - Log requests and sent the configured error response in case of early detected + errors like too many or too long headers. [Ruediger Pluem] + - new option 'H2OutputBuffering on/off' which controls the buffering of stream output. + The default is on, which is the behaviour of older mod-h2 versions. When off, all + bytes are made available immediately to the main connection for sending them + out to the client. This fixes interop issues with certain flavours of gRPC, see + also . + [Stefan Eissing] + + *) mod_unique_id: Fix potential duplicated ID generation under heavy load. + PR 65159 + [Jonas Müntener , Christophe Jaillet] + + *) "[mod_dav_fs etag handling] should really honor the FileETag setting". + - It now does. + - Add "Digest" to FileETag directive, allowing a strong ETag to be + generated using a file digest. + - Add ap_make_etag_ex() and ap_set_etag_fd() to allow full control over + ETag generation. + - Add concept of "binary notes" to request_rec, allowing packed bit flags + to be added to a request. + - First binary note - AP_REQUEST_STRONG_ETAG - allows modules to force + the ETag to a strong ETag to comply with RFC requirements, such as those + mandated by various WebDAV extensions. + [Graham Leggett] + + *) mod_proxy_http: Fix a possibly crash when the origin connection gets + interrupted before completion. PR 64234. + [Barnim Dzwillo , Ruediger Pluem] + + *) mod_ssl: Do not keep connections to OCSP responders alive when doing + OCSP requests. PR 64135. [Ruediger Pluem] + + *) mod_ssl: Improve the coalescing filter to buffer into larger TLS + records, and avoid revealing the HTTP header size via TLS record + boundaries (for common response generators). + [Joe Orton, Ruediger Pluem] + + *) mod_proxy_hcheck: Don't pile up health checks if the previous one did + not finish before hcinterval. PR 63010. [Yann Ylavic] + + *) mod_session: Improve session parsing. [Yann Yalvic] + + *) mod_authnz_ldap: Prevent authentications with empty passwords for the + initial bind to fail with status 500. [Ruediger Pluem] + + *) mod_auth_digest: Fast validation of the nonce's base64 to fail early if + the format can't match anyway. [Yann Ylavic] + + *) mod_proxy_fcgi: Honor "SetEnv proxy-sendcl" to forward a chunked + Transfer-Encoding from the client, spooling the request body when needed + to provide a Content-Length to the backend. PR 57087. [Yann Ylavic] + + *) mod_proxy: Put mod_proxy_{connect,wstunnel} tunneling code in common in + proxy_util. [Yann Ylavic] + + *) mod_proxy: Improve tunneling loop to support half closed connections and + pending data draining (for protocols like rsync). PR 61616. [Yann Ylavic] + + *) mod_proxy_http: handle Upgrade request, 101 (Switching Protocol) response + and switched protocol forwarding. [Yann Ylavic] + + *) mod_proxy_wstunnel: Leave Upgrade requests handling to mod_proxy_http, + allowing for (non-)Upgrade negotiation with the origin server. + [Yann Ylavic] + + *) mod_proxy: Allow ProxyErrorOverride to be restricted to specific status + codes. PR63628. [Martin Drößler ] + + *) core: Add ReadBufferSize, FlushMaxThreshold and FlushMaxPipelined + directives. [Yann Ylavic] + + *) core: Ensure that aborted connections are logged as such. PR 62823 + [Arnaud Grandville ] + + *) http: Allow unknown response status' lines returned in the form of + "HTTP/x.x xxx Status xxx". [Yann Ylavic] + + *) mod_proxy_http: Fix 100-continue deadlock for spooled request bodies, + leading to Request Timeout (408). PR 63855. [Yann Ylavic] + *) core: Remove headers on 304 Not Modified as specified by RFC7234, as + opposed to passing an explicit subset of headers. PR 61820. + [Giovanni Bechis] + + *) mpm_event: Don't reset connections after lingering close, restoring prior + to 2.4.28 behaviour. [Yann Ylavic] + + *) mpm_event: Kill connections in keepalive state only when there is no more + workers available, not when the maximum number of connections is reached, + restoring prior to 2.4.30 behaviour. [Yann Ylavic] + + *) mod_unique_id: Use base64url encoding for UNIQUE_ID variable, + avoiding the use of '@'. PR 57044. + [Michael Kaufmann ] + + *) mod_rewrite: Extend the [CO] (cookie) flag of RewriteRule to accept a + SameSite attribute. [Eric Covener] + + *) mod_proxy: Add proxy check_trans hook. This allows proxy + modules to decline request handling at early stage. + + *) mod_proxy_wstunnel: Decline requests without an Upgrade + header so ws/wss can be enabled overlapping with later + http/https. + + *) mod_http2: Log requests and sent the configured error response in case of + early detected errors like too many or too long headers. + [Ruediger Pluem, Stefan Eissing] + + *) mod_md: Lowered the required minimal libcurl version from 7.50 to 7.29 + as proposed by . [Stefan Eissing] + + *) mod_ssl: Fix request body buffering with PHA in TLSv1.3. [Joe Orton] + + *) mod_proxy_uwsgi: Fix a crash when sending environment variables with no + value. PR 64598 [Ruediger Pluem] + + *) mod_proxy: Recognize parameters from ProxyPassMatch workers with dollar + substitution, such that they apply to the backend connection. Note that + connection reuse is disabled by default to avoid compatibility issues. + [Takashi Sato, Jan Kaluza, Eric Covener, Yann Ylavic, Jean-Frederic Clere] +- modified sources + % apache2.keyring +- deleted patches + - apache2-mod_proxy_uwsgi-fix-crash.patch (upstreamed) + - lua54.patch (upstreamed) + ------------------------------------------------------------------- Wed Jan 27 17:42:09 UTC 2021 - Callum Farmer diff --git a/apache2.keyring b/apache2.keyring index d6ecb22..45c22e9 100644 --- a/apache2.keyring +++ b/apache2.keyring @@ -389,3 +389,55 @@ LOWYTa4k7o8o =w/hc -----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGCAei8BEADKUPoj6I2OjdZ44486xLrZoApbXP3hOadau8DgXXPO84b0dnCS +NqvV3aDSXULtSdh+48pVdv0yBtqCeo6pWNBR/aURxxh3vDJNyQVzhDZsdePITwmV +qkpICUXeuTpyow3ir1+05p0DU6F33TynhZsyHltKmu+GqvxYYrzud+bw9zTN0Z45 +Br/cKF/YE2uVEjq/x440qtSQmFhM7eSQvTv9lo9QgMO+eQXK0Dt4bsfyAZ1q2HAt +XGup0iwQpoxS1ofdkSxpvCBWklAiNXH0+qHGdVTJlqCp70xpsC2DXhbckCeLi2w7 +GGa3jCNuf6P5uxW+tPlyFm5aFBSDd/3gAsU8G/a3ng3+78peKjatpmTkBJmXpA1E +cDWFZNKLlS5eE1c2LG+Hgu0yZrvArsJ8dvjbAuYn7uCWLll/Pjy26L9mKwLlJdcl +TX2rgx7a+yi2nfJwtj0rWWqX95HudUcWRxBVtpCjg6NKzv97dm3wOUOm15xcp0r0 +QAzNtjllOjr3RwTgE4B3j4GFXof92HKS8H+B1/z9ZBbz399fs/wS9o/sDyMVevNP +88IGihaxPkfTw0UKZz5cR6X1BWlcH3404bVB/LHcq7+c1NUqvRfIlwwwsKGjMCWf +vv3cDVUvb3mMhvQs0rBEyb71bbKCe3qb10CvOJAmocp1c+YHo5vpQYeMJQARAQAB +tDJDaHJpc3RvcGhlIEpBSUxMRVQgPGNocmlzdG9waGUuamFpbGxldEB3YW5hZG9v +LmZyPokCTgQTAQoAOBYhBMVat7kTnrImPNGqvBmwM9F2DCJ7BQJggHovAhsDBQsJ +CAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEBmwM9F2DCJ7E4MP/iVC7ZglH2sLi5wv +YZaXqMib7dau1NmGUocaz57U6lR2WpfhTIiHELtFnmb8eVuJGzzmYaDwaIN/knOw +vudUGrMI5TjAmgAdj3BswXoJQNGhKhLwtf3yzvabFbp6oPfxq+PgXRMWnDojQ0cC ++VdfavJt4dOq1TrcH20B1GhJUiNxdkwAlVu3hcpdJ4pgIPVxxeozLAU3hLjMXxeo +j9eVmzTaM/fd0ykbIkMUHfPEdqnmbTPwk2lIMFwcoa7iUdcYIDDWbHvnvVZ+4Uae +pX6st8QHDva+etW/illgYRGMVsCL6FEtYRe+nTJLdvT81QoovVeoeyKtZNzCdNJb +WUfqoCoLDQza8ibRpHLleRIQS4zn/TtXpvVwMG5wjZCnEBypmBzriKSt9QrcvVKu +ROjR9Bizzwj1QUL3fMFoVWLLCt5TkGszZWvfmcjsq4gZhcgCrRp59BpuBa8Khvnf +l5OgVqttmM6PQcFwJTHKUc5Ltzh0xTXwYl6uSEGSn1DoDlmUSnK3R+x0u61FfiHh +KvkO/PIdTeA05ihkMRqMtDbPwsghmdXV2wlkcApdr4wXHsuYffvxN1daoUDQXDix +GgPFRG4eYORYY2hlAo7a4ahUzeCJJQGfrF/E3YojXsIgVIbp+UjlH4kkR9J6F/wl +NVgU2JF03YSZ9zyq4lSrP6lji2ehuQINBGCAei8BEACvQQIc89CwDOiKAeJCL9WW +U4O3XX1LwQCzz6W519PrFnQy3194ddT7L0E4gEB9cNBczxSpvMHUiYkynMLZ7i6a +X4BIVDzOyrN/5S6ZkOddpu9/zGJtupzN68SIpJrIry1zeXVm8Ex3VzfikVFDsxQg +OkTu4b0YWts4hJbJMa3cTh+pLQQ+vHqKe4z6L3hVfdL2LZ8W9xmDvCBh3Ysz/mZF +2dI47XdGGgGY/t50MpFJYrPy0JMfyeHdXHwF90pY/MwWr8QeHjlX589P1MMc/5UB +c1ScFfy40gUryUnRQudN12KEQZDMb4G/8Bz6t4mm8nOspDwwbdHjeZhyrWYZpEd/ +ZV6iywoZ7IBzrdaWzgVs5+DhvJZVudpKlqVip37E9pUYKgMJ2A/asD85HV+yODiF +uub9t7quSWgKKkP75BfBzKCp0T0y+wRnKWUdnlEg2wK0QJxOjkhKw3uC84tr2dlx +CHWF0TLKjkUBqnDT3uSY8DMwZxqEyAEQWzBeP7MFsAy2yZChSHrSKN4ZMx57KYxj +1lsxqFYZo9h9bpar5L77JMkgUtqh+reZYAhMSpk33rgRH5dPpfvn3nkCKgngsxtf +gD9fPpVQgANTEj6rdvtOIFn1Z1U4B4GonaFTGPr771+6ZolLmpylbJp5kviiAz3f +CMJ1cVWhIvr/5G88X4jEMQARAQABiQI2BBgBCgAgFiEExVq3uROesiY80aq8GbAz +0XYMInsFAmCAei8CGwwACgkQGbAz0XYMInsbqA/9HFdq+s1Tk6rluxM3hjnx1HQ8 +R9TStbZqBPrKllOPVNnBpjAShoBKCJ9XbSgzaGVlsDMOXe0wZMjW6TF18igVcA+T +wMTMcgy8Sq8vL7tv5JRtnhZzpM27Db3floWJMCmQtK7aGBC7MpyiHImRvieuDO9P +mwhx9mVDx6+VHb8PCnECg9TMQVEtP9Y0E8qgNy1R+axLShwgO1y/g+u3gPJwGr31 +xiR3icaoMuvb+PEFOZk5L1Dh8rIExqbMH5yH9MeJXiGC2w1QX8KH194UbWRtS3zq +6FrZJ0ZVgoYCvn42icBVt51Nrgl1sqHINBH8ysgK6WvZlw9x22g0tErx3AwGNkrl +lPZ4ctQOxMQ541nN3IJoywxGfsOst2M4je+wNj6USNmAkg1WaezjqyQScw/oIKYj +o18dtGUf6Q3MMHe4O550+upz9bJ0eksCYvC0X2jTNuGdfZo9ZDNh3dxBkoNNbHK5 +hc3m7qU68pdYPzqDkmDFIHyXSYXbmB1wTrrZZL1LQ6jE4a3mRT2v61CRglMUuQK7 +yrZTrPOyuBsZSC//PxK93RgH1xfYR8G8dJPlv0pqF6jD1OjBb6nyU8slRsYfataR +ekJ4VhpVUYgDv8+EzGS9SkgY/DpiyLvPtuhqLXos4ABSwQOEYfG3RhGy7h2B404e +Ot6BQHeyFl0mtrYT1mI= +=L7j3 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/apache2.spec b/apache2.spec index bb256ea..e0a0fe2 100644 --- a/apache2.spec +++ b/apache2.spec @@ -1,5 +1,5 @@ # -# spec file for package apache2 +# spec file for package apache2%{psuffix} # # Copyright (c) 2021 SUSE LLC # @@ -115,7 +115,7 @@ %endif Name: apache2%{psuffix} -Version: 2.4.46 +Version: 2.4.48 Release: 0 Summary: The Apache HTTPD Server License: Apache-2.0 @@ -189,17 +189,13 @@ Patch2: apache2-logresolve-tmp-security.patch Patch3: apache2-LimitRequestFieldSize-limits-headers.patch # [fate317766] backport of an upstream commit Patch4: apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch -# [bsc#1174052] picked upstream commit -Patch5: apache2-mod_proxy_uwsgi-fix-crash.patch -# PATCH: https://svn.apache.org/viewvc?view=revision&revision=1880678 -Patch6: lua54.patch # PATCH: https://marc.info/?l=apache-httpd-users&m=147448312531134&w=2 Patch100: apache-test-application-xml-type.patch # PATCH: /test_ssl_var_lookup?SSL_SERVER_SAN_DNS_0 returns # /test_ssl_var_lookup?SSL_SERVER_SAN_OTHER_dnsSRV_0 _https. # but Apache::Test::vars()->{servername} returns 'localhost' instead of # (see $san_dns and $san_dnssrv variables in t/ssl/varlookup.t) -# even if in live system I do not experience this inconsistency, let's turn off +# even if in live system I do not experience this inconsistency, let's turn off # these variables from the test Patch101: apache-test-turn-off-variables-in-ssl-var-lookup.patch BuildRequires: apache-rpm-macros-control @@ -309,7 +305,7 @@ Requires(pre): permissions Requires(post): %fillup_prereq Requires(post): grep Requires(post): update-alternatives -Requires(postun): update-alternatives +Requires(postun):update-alternatives %endif %if %{test} || "%{flavor}" == "manual" BuildArch: noarch @@ -329,8 +325,6 @@ provides HTTP services in sync with the current HTTP standards. %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 -%patch6 -p1 %patch100 -p1 %patch101 -p1 @@ -358,7 +352,7 @@ export CPPFLAGS="%{optflags} -DSSL_EXPERIMENTAL_ENGINE -DMAX_SERVER_LIMIT=200000 cat > config.layout <<-EOF # SUSE Layout - prefix: %{datadir} +Prefix: %{datadir} exec_prefix: %{_prefix} bindir: %{_bindir} sbindir: %{_sbindir} @@ -439,7 +433,7 @@ EOF --enable-proxy-http \ %if %{build_http2} --enable-proxy-http2 \ -%endif +%endif --enable-proxy-fdpass \ --enable-cache \ --enable-disk-cache \ @@ -480,7 +474,7 @@ popd %if "%{flavor}" == "utils" pushd support make %{?_smp_mflags} -cp %{SOURCE130} gensslcert +cp %{SOURCE130} gensslcert cp %{SOURCE131} check_forensic cp %{SOURCE132} find_directives popd @@ -720,6 +714,7 @@ mkdir -p $PWD{%{_sysconfdir}/sysconfig,%{localstatedir},%{runtimedir},%{logfiled cp %{_sysconfdir}/sysconfig/apache2 $PWD%{_sysconfdir}/sysconfig/ sed -i -e "s:\(APACHE_HTTPD_CONF=\).*:\1$PWD%{sysconfdir}/httpd.conf:" \ -e "s:\(%{_localstatedir}\):$PWD\1:" $PWD%{_sysconfdir}/sysconfig/apache2 +sed -i 's:\(APACHE_MPM=\).*:\1"prefork":' $PWD%{_sysconfdir}/sysconfig/apache2 # copy and adjust configuration (paths and Listen) cp -r %{_sysconfdir}/apache2/ %{_sysconfdir}/mime.types etc 2>/dev/null || true find etc/apache2 -name *.conf | xargs sed -i "s:\(%{_localstatedir}\):$PWD\1:" @@ -944,7 +939,7 @@ exit 0 if [ "$1" = 1 ]; then %apache_request_restart fi -if [ "$1" = 0 ]; then +if [ "$1" = 0 ]; then %{_sbindir}/update-alternatives --quiet --force --remove httpd %{_sbindir}/httpd for module in %{dynamic_modules}; do %{_sbindir}/update-alternatives --quiet --force --remove mod_$module.so %{_libdir}/apache2/mod_$module.so @@ -981,6 +976,7 @@ exit 0 %posttrans %apache_restart_if_needed + %verifyscript %verify_permissions -e %{_sbindir}/suexec diff --git a/httpd-2.4.46.tar.bz2 b/httpd-2.4.46.tar.bz2 deleted file mode 100644 index 694597d..0000000 --- a/httpd-2.4.46.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea -size 7187805 diff --git a/httpd-2.4.46.tar.bz2.asc b/httpd-2.4.46.tar.bz2.asc deleted file mode 100644 index 92968ba..0000000 --- a/httpd-2.4.46.tar.bz2.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJIBAABCAAyFiEE40gAQ1lWIf5WEF8RKrEqetxVwAMFAl8leDsUHGRydWdnZXJp -QGFwYWNoZS5vcmcACgkQKrEqetxVwAOXtA//ZECDsKBN5OdjreBMIOpuYzj2tpBz -oBE0ExOGY8uQg4FGEG5MyHc5pvFz5rl7zLikTpaZKboBNGH7WBh22Rx5yg/hAkMH -ZV8AgBfiL8c3uTff8/piTU2kVyQYZV4Rr2oVtgz+/ZObkI+ngQZMmvGsCdSU0On4 -zbyUGjh5W1gnl3MEoM/Whzv/2TbEwtnTk0mNdwjnojqlTXoDccyWpB+SlaAwQajW -8NUND2oXFt3m80NcLKsXqTHz2DbVgFm2PYScO2JO2Xc02aX09AtXR5mKYxKOw8gP -evF3nA0KbQdjUBQNAVv6LcV43Lk21OrU+Aqfeko44WmOsmVG7qHRmd6K+67HHvTW -3SaWISPmlWcDvmRCVBJuynxYWXhpGCmeXgnnQgIe7vXSSVjsNWD9YMof6y07CPrQ -BdMvfGBF0B/8qax22aM/xX6MnwpiKlkJ4wbB1e+UCGRNSdsOupCi2ok4IDN5Z/mv -1maMsgctVPxoUaT25qPBckUbbVIhPdJ8b8fbnLJjcaTdWyvtQSIzwOnWnUQ18Tdi -ur9fkQL9qnJF2OoLdidf0m6EMLGIs3YoE22SDZGNxkC2B1o2ozDCR9rV6x9LTSlN -6l3LQfIBOGfsseqv4Q7w58G0IW3sLMJbqbjnYZSD0OFF4SaBtvFwDhDyfP5NLCSv -5R+AAvdV+kvEif4= -=zTsU ------END PGP SIGNATURE----- diff --git a/httpd-2.4.48.tar.bz2 b/httpd-2.4.48.tar.bz2 new file mode 100644 index 0000000..4edec32 --- /dev/null +++ b/httpd-2.4.48.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1bc826e7b2e88108c7e4bf43c026636f77a41d849cfb667aa7b5c0b86dbf966c +size 7194385 diff --git a/httpd-2.4.48.tar.bz2.asc b/httpd-2.4.48.tar.bz2.asc new file mode 100644 index 0000000..25ea66c --- /dev/null +++ b/httpd-2.4.48.tar.bz2.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJSBAABCgA8FiEExVq3uROesiY80aq8GbAz0XYMInsFAmCi3n8eHGNocmlzdG9w +aGUuamFpbGxldEB3YW5hZG9vLmZyAAoJEBmwM9F2DCJ7jtwP/R/k4OULx5uQFxyN +cc4yzClTRK1wK3q5RgGyRH6+eYX6tVOtpPTY0pjLuPaOp05gPg0Ega3tIleEMYvq +q0oX3yzLKvlHUSFmJuZUACeNYp+ekzEa031SXGWXGQQIh5H3PSmMOTEB/o/3NZuY +zQmHbuSdQspNmOF7P6q+ZeM3ojZBVnXTWabV4dCEMAFV3iseeB3ZeeXOE1dzcXlA +Z4nslAC+/ZE1q8eZ17P2t/cD2INVO9rbjSqX2VBjoIG/M57rR/1IAGuktyrMohh+ +ZWBBg2ZRpljTWQpMh+V5fd9inxkDr1DYpML+XkZN+FoE6W1TcXiPeFyp6n6blzWN +EY1lUGCqBuWsX8F1CRQSyNtQWOF0Wn+XHb1WSepCCBBZ0CPr/hEWQlmHDclO0O6R +w6H1+xEOFRwa8Mpz1qS0N3Q4WyNeEm66ShNGIqBt1sdiUc4/u0aWyXiKjwPWAs2w +GWOYnej41jgAn6GNXGfRTeQZrP1o0jDylYLJxDGxC+dS7Z7UXo+P8QK6YuSHqrF+ +0oTSgbYKkCLE3+B9MvCzqSRrvx5zk57gqZl1iMhOj85X5Pv4hSpcokoalrhTy+PQ +q4v3LK4q4hORS+Jz/jvXB+8HTa6D5A0PdOdlQtXOMlAjLc0PMw2QKgfAoq0jaUyV +Y4Nh8QSEPWiMKNQgsotZon7c6glp +=h1iL +-----END PGP SIGNATURE----- diff --git a/lua54.patch b/lua54.patch deleted file mode 100644 index 8644fd6..0000000 --- a/lua54.patch +++ /dev/null @@ -1,141 +0,0 @@ ---- a/modules/lua/config.m4 -+++ b/modules/lua/config.m4 -@@ -34,7 +34,7 @@ - fi - ]) - --dnl Check for Lua 5.3/5.2/5.1 Libraries -+dnl Check for Lua Libraries - dnl CHECK_LUA(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]) - dnl Sets: - dnl LUA_CFLAGS -@@ -44,7 +44,7 @@ - - AC_ARG_WITH( - lua, -- [AC_HELP_STRING([--with-lua=PATH],[Path to the Lua 5.3/5.2/5.1 prefix])], -+ [AC_HELP_STRING([--with-lua=PATH],[Path to the Lua installation prefix])], - lua_path="$withval", - :) - -@@ -65,6 +65,10 @@ - AC_CHECK_LIB(m, pow, lib_m="-lm") - AC_CHECK_LIB(m, sqrt, lib_m="-lm") - for x in $test_paths ; do -+ CHECK_LUA_PATH([${x}], [include/lua-5.4], [lib/lua-5.4], [lua-5.4]) -+ CHECK_LUA_PATH([${x}], [include/lua5.4], [lib], [lua5.4]) -+ CHECK_LUA_PATH([${x}], [include/lua54], [lib/lua54], [lua]) -+ - CHECK_LUA_PATH([${x}], [include/lua-5.3], [lib/lua-5.3], [lua-5.3]) - CHECK_LUA_PATH([${x}], [include/lua5.3], [lib], [lua5.3]) - CHECK_LUA_PATH([${x}], [include/lua53], [lib/lua53], [lua]) -@@ -85,13 +89,13 @@ - AC_SUBST(LUA_CFLAGS) - - if test -z "${LUA_LIBS}"; then -- AC_MSG_WARN([*** Lua 5.3 5.2 or 5.1 library not found.]) -+ AC_MSG_WARN([*** Lua 5.4 5.3 5.2 or 5.1 library not found.]) - ifelse([$2], , - enable_lua="no" - if test -z "${lua_path}"; then -- AC_MSG_WARN([Lua 5.3 5.2 or 5.1 library is required]) -+ AC_MSG_WARN([Lua 5.4 5.3 5.2 or 5.1 library is required]) - else -- AC_MSG_ERROR([Lua 5.3 5.2 or 5.1 library is required]) -+ AC_MSG_ERROR([Lua 5.4 5.3 5.2 or 5.1 library is required]) - fi, - $2) - else ---- a/modules/lua/mod_lua.c -+++ b/modules/lua/mod_lua.c -@@ -342,7 +342,7 @@ - { - apr_pool_t *pool; - ap_lua_vm_spec *spec; -- int n, rc; -+ int n, rc, nres; - lua_State *L; - lua_filter_ctx *ctx; - ap_lua_server_cfg *server_cfg = ap_get_module_config(r->server->module_config, -@@ -410,7 +410,7 @@ - /* If a Lua filter is interested in filtering a request, it must first do a yield, - * otherwise we'll assume that it's not interested and pretend we didn't find it. - */ -- rc = lua_resume(L, 1); -+ rc = lua_resume(L, 1, &nres); - if (rc == LUA_YIELD) { - if (f->frec->providers == NULL) { - /* Not wired by mod_filter */ -@@ -432,7 +432,7 @@ - static apr_status_t lua_output_filter_handle(ap_filter_t *f, apr_bucket_brigade *pbbIn) - { - request_rec *r = f->r; -- int rc; -+ int rc, nres; - lua_State *L; - lua_filter_ctx* ctx; - conn_rec *c = r->connection; -@@ -492,7 +492,7 @@ - lua_setglobal(L, "bucket"); - - /* If Lua yielded, it means we have something to pass on */ -- if (lua_resume(L, 0) == LUA_YIELD) { -+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) { - size_t olen; - const char* output = lua_tolstring(L, 1, &olen); - if (olen > 0) { -@@ -524,7 +524,7 @@ - apr_bucket *pbktEOS; - lua_pushnil(L); - lua_setglobal(L, "bucket"); -- if (lua_resume(L, 0) == LUA_YIELD) { -+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) { - apr_bucket *pbktOut; - size_t olen; - const char* output = lua_tolstring(L, 1, &olen); -@@ -558,7 +558,7 @@ - apr_off_t nBytes) - { - request_rec *r = f->r; -- int rc, lastCall = 0; -+ int rc, lastCall = 0, nres; - lua_State *L; - lua_filter_ctx* ctx; - conn_rec *c = r->connection; -@@ -621,7 +621,7 @@ - lua_setglobal(L, "bucket"); - - /* If Lua yielded, it means we have something to pass on */ -- if (lua_resume(L, 0) == LUA_YIELD) { -+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) { - size_t olen; - const char* output = lua_tolstring(L, 1, &olen); - pbktOut = apr_bucket_heap_create(output, olen, 0, c->bucket_alloc); -@@ -643,7 +643,7 @@ - apr_bucket *pbktEOS = apr_bucket_eos_create(c->bucket_alloc); - lua_pushnil(L); - lua_setglobal(L, "bucket"); -- if (lua_resume(L, 0) == LUA_YIELD) { -+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) { - apr_bucket *pbktOut; - size_t olen; - const char* output = lua_tolstring(L, 1, &olen); ---- a/modules/lua/mod_lua.h -+++ b/modules/lua/mod_lua.h -@@ -48,7 +48,15 @@ - #if LUA_VERSION_NUM > 501 - /* Load mode for lua_load() */ - #define lua_load(a,b,c,d) lua_load(a,b,c,d,NULL) --#define lua_resume(a,b) lua_resume(a, NULL, b) -+ -+#if LUA_VERSION_NUM > 503 -+#define lua_resume(a,b,c) lua_resume(a, NULL, b, c) -+#else -+/* ### For version < 5.4, assume that exactly one stack item is on the -+ * stack, which is what the code did before but seems dubious. */ -+#define lua_resume(a,b,c) (*(c) = 1, lua_resume(a, NULL, b)) -+#endif -+ - #define luaL_setfuncs_compat(a,b) luaL_setfuncs(a,b,0) - #else - #define lua_rawlen(L,i) lua_objlen(L, (i))