rpm/apache2
SHA256
1
0
Fork 0
forked from pool/apache2
Code Pull Requests Activity

Accepting request 184903 from Apache

Browse Source 
- provide and obsolete mod_macro 
- upgrade: some people complain that log_config module 
 is not enabled by default sometimes, fix that.
- upgrade : "SSLMutex" no longer exists.
- Toogle EnableSendfile on because now apache defaults to off
  due to kernel bugs. that's a silly thing to do here 
  as kernel bugs have to be fixed at their source, not worked around
  in applications. (forwarded request 184902 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/184903
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=69
This commit is contained in:
Stephan Kulow 2013-07-30 16:37:14 +00:00 committed by Git OBS Bridge
commit 07be0a94b2
16 changed files with 183 additions and 2218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apache-20-22-upgrade
View File

@ -75,4 +75,8 @@ if ! a2enmod -q authn_core; then
a2enmod authn_core
fi
if ! a2enmod -q log_config; then
a2enmod log_config
fi
echo 'Done.'

8
apache2-implicit-pointer-decl.patch
View File

@ -1,5 +1,5 @@
--- httpd-2.4.4.orig/server/request.c
+++ httpd-2.4.4/server/request.c
--- httpd-2.4.6.orig/server/request.c
+++ httpd-2.4.6/server/request.c
@@ -46,10 +46,13 @@
#include "util_script.h"
#include "ap_expr.h"
@ -15,8 +15,8 @@
#if APR_HAVE_STDARG_H
#include <stdarg.h>
#endif
--- httpd-2.4.4.orig/server/config.c
+++ httpd-2.4.4/server/config.c
--- httpd-2.4.6.orig/server/config.c
+++ httpd-2.4.6/server/config.c
@@ -48,10 +48,14 @@
#include "http_request.h" /* for default_handler (see invoke_handler) */
#include "http_main.h"

2
apache2-server-tuning.conf
View File

@ -114,7 +114,7 @@ KeepAliveTimeout 15
# filesystems. Please see
# http://httpd.apache.org/docs-2.2/mod/core.html#enablesendfile
#
#EnableSendfile off
EnableSendfile on
<IfModule mod_setenvif.c>
#

4
apache2-ssl-global.conf
View File

@ -48,10 +48,6 @@
SSLSessionCache shmcb:/var/lib/apache2/ssl_scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex "file:/var/lib/apache2/ssl_mutex"
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the

2159
apache2.4-mpm-itk-2.4.2-01.patch
View File

File diff suppressed because it is too large Load Diff

39
apache2.changes
View File

@ -1,3 +1,42 @@
-------------------------------------------------------------------
Mon Jul 29 19:53:48 UTC 2013 - crrodriguez@opensuse.org
- provide and obsolete mod_macro
- upgrade: some people complain that log_config module
is not enabled by default sometimes, fix that.
- upgrade : "SSLMutex" no longer exists.
- Toogle EnableSendfile on because now apache defaults to off
due to kernel bugs. that's a silly thing to do here
as kernel bugs have to be fixed at their source, not worked around
in applications.
-------------------------------------------------------------------
Mon Jul 22 21:57:40 UTC 2013 - crrodriguez@opensuse.org
- httpd-event-ssl.patch: from upstream
Lift the restriction that prevents mod_ssl taking
full advantage of the event MPM.
-------------------------------------------------------------------
Mon Jul 22 16:44:22 UTC 2013 - crrodriguez@opensuse.org
- Update to version 2.4.6
* SECURITY: CVE-2013-1896 (cve.mitre.org)
* SECURITY: CVE-2013-2249 (cve.mitre.org)
* Major updates to mod_lua
* Support for proxying websocket requests
* Higher performant shm-based cache implementation
* Addition of mod_macro for easier configuration management
* As well as several exciting fixes, especially those related to RFC edge
cases in mod_cache and mod_proxy.
- IMPORTANT : With the current packaging scheme, we can no longer
Include the ITK MPM, therefore it has been disabled. This is because
this MPM can now only be provided as a loadable module but we do
not currently build MPMs as shared modules but as independant
binaries and all helpers/startup scripts depend on that behaviour.
It will be fixed in the upcoming weeks/months.
-------------------------------------------------------------------
Tue Jun 18 07:41:36 UTC 2013 - crrodriguez@opensuse.org

19
apache2.spec
View File

@ -54,7 +54,7 @@ BuildRequires: expat-devel
%{!?prefork:%define prefork 1}
%{!?worker:%define worker 1}
%{!?event:%define event 1}
%{!?itk:%define itk 1}
%{!?itk:%define itk 0}
%define mpms_to_build %(test %prefork = 1 && printf prefork) %(test %worker = 1 && printf worker) %(test %event = 1 && printf event) %(test %itk = 1 && printf itk)
# dir names
%define datadir /srv/www
@ -81,8 +81,8 @@ BuildRequires: expat-devel
# "Server:" header
%define VENDOR SUSE
%define platform_string Linux/%VENDOR
%define realver 2.4.4
Version: 2.4.4
%define realver 2.4.6
Version: 2.4.6
Release: 0
#Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2
Source0: httpd-%{realver}.tar.bz2
@ -146,13 +146,12 @@ Patch67: httpd-2.2.0-apxs-a2enmod.dif
Patch68: httpd-2.x.x-logresolve.patch
Patch69: httpd-2.2.x-bnc690734.patch
Patch70: apache2-implicit-pointer-decl.patch
Patch100: apache2.4-mpm-itk-2.4.2-01.patch
Patch101: httpd-2.2.19-linux3.patch
# PATCH-FEATURE-UPSTREAM apache2-mod_ssl_npn.patch dimstar@opensuse.org -- Add npn support to mod_ssl (needed for spdy)
#Patch108: apache2-mod_ssl_npn.patch
#Provides: apache2(mod_ssl+npn)
# PATCH-FEATURE-UPSTREAM httpd-2.4.3-mod_systemd.patch crrodriguez@opensuse.org simple module provides systemd integration.
Patch109: httpd-2.4.3-mod_systemd.patch
Patch110: http://people.apache.org/~minfrin/httpd-event-ssl.patch
Url: http://httpd.apache.org/
Icon: Apache.xpm
Summary: The Apache Web Server Version 2.2
@ -162,6 +161,8 @@ Provides: %{apache_mmn}
Provides: http_daemon
Provides: httpd
Provides: suse_help_viewer
Provides: %{name}-mod_macro = %{version}
Obsoletes: %{name}-mod_macro <= 1.2.1
Requires: %{pname}-MPM
Requires: /etc/mime.types
PreReq: %{name}-utils
@ -365,18 +366,16 @@ to administrators of web servers in general.
#
%setup -q -n httpd-%{realver}
%patch2 -p1
%patch23
%patch23 -p1
#%patch65 -p1
%patch66
%patch66 -p1
%patch67 -p1
%patch68 -p1
#%patch69
%patch70 -p1
%patch100 -p1
%patch101
#%patch108 -p1
%patch109 -p1
#
%patch110
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
# install READMEs

4
httpd-2.0.54-envvars.dif
View File

@ -1,5 +1,5 @@
--- support/envvars-std.in.orig
+++ support/envvars-std.in
--- httpd-2.4.6.orig/support/envvars-std.in
+++ httpd-2.4.6/support/envvars-std.in
@@ -18,11 +18,9 @@
#
# This file is generated from envvars-std.in

6
httpd-2.1.3alpha-layout.dif
View File

@ -1,6 +1,6 @@
--- httpd-2.1.3-alpha.orig/config.layout
+++ httpd-2.1.3-alpha/config.layout
@@ -202,6 +202,54 @@
--- httpd-2.4.6.orig/config.layout
+++ httpd-2.4.6/config.layout
@@ -178,6 +178,54 @@
proxycachedir: /var/cache/httpd
</Layout>

4
httpd-2.1.9-apachectl.dif
View File

@ -1,5 +1,5 @@
--- support/apachectl.in.orig
+++ support/apachectl.in
--- httpd-2.4.6.orig/support/apachectl.in
+++ httpd-2.4.6/support/apachectl.in
@@ -42,17 +42,32 @@ ARGV="$@"
# -------------------- --------------------
#

8
httpd-2.2.0-apxs-a2enmod.dif
View File

@ -1,8 +1,6 @@
Index: httpd-2.2.16/support/apxs.in
===================================================================
--- httpd-2.2.16.orig/support/apxs.in
+++ httpd-2.2.16/support/apxs.in
@@ -526,108 +526,14 @@ if ($opt_i or $opt_e) {
--- httpd-2.4.6.orig/support/apxs.in
+++ httpd-2.4.6/support/apxs.in
@@ -550,108 +550,14 @@ if ($opt_i or $opt_e) {
# activate module via LoadModule/AddModule directive
if ($opt_a or $opt_A) {

17
httpd-2.2.19-linux3.patch
View File

@ -1,17 +0,0 @@
--- configure.in.orig
+++ configure.in
@@ -274,13 +274,7 @@ case $host in
APR_SETVAR(SINGLE_LISTEN_UNSERIALIZED_ACCEPT, [1])
;;
*-linux-*)
- case `uname -r` in
- 2.[[2-9]]* )
- APR_SETVAR(SINGLE_LISTEN_UNSERIALIZED_ACCEPT, [1])
- ;;
- * )
- ;;
- esac
+ APR_SETVAR(SINGLE_LISTEN_UNSERIALIZED_ACCEPT, [1])
;;
*486-*-bsdi* | *-netbsd* | *-freebsd* | *-apple-darwin* | *-dec-osf* | *-qnx)
APR_SETVAR(SINGLE_LISTEN_UNSERIALIZED_ACCEPT, [1])

3
httpd-2.4.4.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:92aabddeca76a4ac7330b143df1407bbf35574c7291c15172238ac598d97655c
size 4780289

3
httpd-2.4.6.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:dc9f3625ebc08bea55eeb0d16e71fba656f252e6cd0aa244ee7806dc3b022fea
size 4949897

15
httpd-2.x.x-logresolve.patch
View File

@ -1,7 +1,6 @@
diff -Naur ../httpd-2.2.4.orig/support/logresolve.pl.in ./support/logresolve.pl.in
--- ../httpd-2.2.4.orig/support/logresolve.pl.in 2006-07-12 05:38:44.000000000 +0200
+++ ./support/logresolve.pl.in 2007-10-23 13:59:27.000000000 +0200
@@ -57,6 +57,7 @@
--- httpd-2.4.6.orig/support/logresolve.pl.in
+++ httpd-2.4.6/support/logresolve.pl.in
@@ -57,6 +57,7 @@ $|=1;
use FileHandle;
use Socket;
@ -9,7 +8,7 @@ diff -Naur ../httpd-2.2.4.orig/support/logresolve.pl.in ./support/logresolve.pl.
use strict;
no strict 'refs';
@@ -71,11 +72,13 @@
@@ -71,11 +72,13 @@ my $filename;
my %hash = ();
my $parent = $$;
@ -24,7 +23,7 @@ diff -Naur ../httpd-2.2.4.orig/support/logresolve.pl.in ./support/logresolve.pl.
if (-e $filename) { unlink($filename) || warn "$filename .. $!\n";}
&child($child);
exit(0);
@@ -91,9 +94,9 @@
@@ -91,9 +94,9 @@ sub cleanup {
# die kiddies, die
kill(15, @children);
for (my $child = 1; $child <=$CHILDREN; $child++) {
@ -37,7 +36,7 @@ diff -Naur ../httpd-2.2.4.orig/support/logresolve.pl.in ./support/logresolve.pl.
}
}
}
@@ -113,7 +116,7 @@
@@ -113,7 +116,7 @@ sub parent {
if (!socket($CHILDSOCK{$child}, AF_UNIX, SOCK_STREAM, $PROTOCOL)) {
warn "parent socket to child failed $!";
}
@ -46,7 +45,7 @@ diff -Naur ../httpd-2.2.4.orig/support/logresolve.pl.in ./support/logresolve.pl.
my $response;
do {
$response = connect($CHILDSOCK{$child}, sockaddr_un($filename));
@@ -176,7 +179,7 @@
@@ -176,7 +179,7 @@ sub child {
# create a socket to communicate with parent
socket(INBOUND, AF_UNIX, SOCK_STREAM, $PROTOCOL)
|| die "Error with Socket: !$\n";

106
httpd-event-ssl.patch Normal file
View File

@ -0,0 +1,106 @@
--- include/httpd.h.orig
+++ include/httpd.h
@@ -1175,12 +1175,20 @@ typedef enum {
CONN_STATE_LINGER_SHORT /* MPM has started lingering close with short timeout */
} conn_state_e;
+typedef enum {
+ CONN_SENSE_DEFAULT,
+ CONN_SENSE_WANT_READ, /* next event must be read */
+ CONN_SENSE_WANT_WRITE /* next event must be write */
+} conn_sense_e;
+
/**
* @brief A structure to contain connection state information
*/
struct conn_state_t {
/** Current state of the connection */
conn_state_e state;
+ /** Whether to read instead of write, or write instead of read */
+ conn_sense_e sense;
};
/* Per-vhost config... */
--- modules/ssl/ssl_engine_io.c.orig
+++ modules/ssl/ssl_engine_io.c
@@ -775,6 +775,18 @@ static apr_status_t ssl_filter_write(ap_
*/
outctx->rc = APR_EAGAIN;
}
+ else if (ssl_err == SSL_ERROR_WANT_READ) {
+ /*
+ * If OpenSSL wants to read during write, and we were
+ * nonblocking, set the sense explicitly to read and
+ * report as an EAGAIN.
+ *
+ * (This is usually the case when the client forces an SSL
+ * renegotiation which is handled implicitly by OpenSSL.)
+ */
+ outctx->c->cs->sense = CONN_SENSE_WANT_READ;
+ outctx->rc = APR_EAGAIN;
+ }
else if (ssl_err == SSL_ERROR_SYSCALL) {
ap_log_cerror(APLOG_MARK, APLOG_INFO, outctx->rc, c, APLOGNO(01993)
"SSL output filter write failed.");
@@ -1902,8 +1914,10 @@ void ssl_io_filter_init(conn_rec *c, req
filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method);
filter_ctx->pbioWrite->ptr = (void *)bio_filter_out_ctx_new(filter_ctx, c);
- /* We insert a clogging input filter. Let the core know. */
- c->clogging_input_filters = 1;
+ /* write is non blocking for the benefit of async mpm */
+ if (c->cs) {
+ BIO_set_nbio(filter_ctx->pbioWrite, 1);
+ }
ssl_io_input_add_filter(filter_ctx, c, r, ssl);
--- server/mpm/event/event.c.orig
+++ server/mpm/event/event.c
@@ -790,7 +790,10 @@ static int start_lingering_close_common(
apr_atomic_inc32(&lingering_count);
apr_thread_mutex_lock(timeout_mutex);
TO_QUEUE_APPEND(*q, cs);
- cs->pfd.reqevents = APR_POLLIN | APR_POLLHUP | APR_POLLERR;
+ cs->pfd.reqevents = (
+ cs->pub.sense == CONN_SENSE_WANT_WRITE ? APR_POLLOUT :
+ APR_POLLIN) | APR_POLLHUP | APR_POLLERR;
+ cs->pub.sense = CONN_SENSE_DEFAULT;
rv = apr_pollset_add(event_pollset, &cs->pfd);
apr_thread_mutex_unlock(timeout_mutex);
if (rv != APR_SUCCESS && !APR_STATUS_IS_EEXIST(rv)) {
@@ -938,6 +941,7 @@ static void process_socket(apr_thread_t
*/
cs->pub.state = CONN_STATE_READ_REQUEST_LINE;
+ cs->pub.sense = CONN_SENSE_DEFAULT;
}
else {
c = cs->c;
@@ -946,9 +950,11 @@ static void process_socket(apr_thread_t
}
if (c->clogging_input_filters && !c->aborted) {
- /* Since we have an input filter which 'cloggs' the input stream,
- * like mod_ssl, lets just do the normal read from input filters,
- * like the Worker MPM does.
+ /* Since we have an input filter which 'clogs' the input stream,
+ * like mod_ssl used to, lets just do the normal read from input
+ * filters, like the Worker MPM does. Filters that need to write
+ * where they would otherwise read, or read where they would
+ * otherwise write, should set the sense appropriately.
*/
apr_atomic_inc32(&clogged_count);
ap_run_process_connection(c);
@@ -994,7 +1000,10 @@ read_request:
cs->expiration_time = ap_server_conf->timeout + apr_time_now();
apr_thread_mutex_lock(timeout_mutex);
TO_QUEUE_APPEND(write_completion_q, cs);
- cs->pfd.reqevents = APR_POLLOUT | APR_POLLHUP | APR_POLLERR;
+ cs->pfd.reqevents = (
+ cs->pub.sense == CONN_SENSE_WANT_READ ? APR_POLLIN :
+ APR_POLLOUT) | APR_POLLHUP | APR_POLLERR;
+ cs->pub.sense = CONN_SENSE_DEFAULT;
rc = apr_pollset_add(event_pollset, &cs->pfd);
apr_thread_mutex_unlock(timeout_mutex);
return;