rpm/apache2
SHA256
1
0
Fork 0
forked from pool/apache2
Code Pull Requests Activity

Accepting request 179384 from Apache

Browse Source 
- apache-20-22-upgrade: still no cookie, module authn_file 
  is ok and must not be disabled on update.
  authn_core must however be enabled too. (forwarded request 179383 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/179384
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=68
This commit is contained in:
Stephan Kulow 2013-07-02 10:20:12 +00:00 committed by Git OBS Bridge
commit e055a10949
9 changed files with 314 additions and 259 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apache-20-22-upgrade
View File

@ -60,11 +60,19 @@ if a2enmod -q auth_ldap; then
a2enmod mod_authnz_ldap
fi
for module in mod_authn_default mod_authz_default mod_mem_cache; do
for module in mod_authn_default mod_authz_default mod_mem_cache authz_default; do
if a2enmod -q "$module"; then
echo "!!ATTENTION! $module was removed from apache version 2.4 or later, CHECK YOUR CONFIGURATION!!!"
a2dismod "$module"
fi
done
if [ -x /usr/bin/systemd-notify ] && /usr/bin/systemd-notify --booted && ! a2enmod -q systemd; then
a2enmod systemd
fi
if ! a2enmod -q authn_core; then
a2enmod authn_core
fi
echo 'Done.'

34
apache2-implicit-pointer-decl.patch Normal file
View File

@ -0,0 +1,34 @@
--- httpd-2.4.4.orig/server/request.c
+++ httpd-2.4.4/server/request.c
@@ -46,10 +46,13 @@
#include "util_script.h"
#include "ap_expr.h"
#include "mod_request.h"
-
+#include "http_connection.h"
#include "mod_core.h"
#include "mod_auth.h"
+#include <unistd.h>
+#include <sys/types.h>
+
#if APR_HAVE_STDARG_H
#include <stdarg.h>
#endif
--- httpd-2.4.4.orig/server/config.c
+++ httpd-2.4.4/server/config.c
@@ -48,10 +48,14 @@
#include "http_request.h" /* for default_handler (see invoke_handler) */
#include "http_main.h"
#include "http_vhost.h"
+#include "http_connection.h"
#include "util_cfgtree.h"
#include "util_varbuf.h"
#include "mpm_common.h"
+#include <unistd.h>
+#include <sys/types.h>
+
#define APLOG_UNSET (APLOG_NO_MODULE - 1)
/* we know core's module_index is 0 */
#undef APLOG_MODULE_INDEX

291
apache2-mod_ssl_npn.patch
View File

@ -1,5 +1,5 @@
--- httpd-2.4.3.orig/modules/ssl/mod_ssl.c
+++ httpd-2.4.3/modules/ssl/mod_ssl.c
--- httpd-2.4.4.orig/modules/ssl/mod_ssl.c
+++ httpd-2.4.4/modules/ssl/mod_ssl.c
@@ -94,6 +94,15 @@ static const command_rec ssl_config_cmds
SSL_CMD_SRV(PKCS7CertificateFile, TAKE1,
"PKCS#7 file containing server certificate and chain"
@ -16,9 +16,9 @@
#ifdef HAVE_TLS_SESSION_TICKETS
SSL_CMD_SRV(SessionTicketKeyFile, TAKE1,
"TLS session ticket encryption/decryption key file (RFC 5077) "
@@ -148,6 +157,15 @@ static const command_rec ssl_config_cmds
SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
"Strict SNI virtual host checking")
@@ -157,6 +166,15 @@ static const command_rec ssl_config_cmds
"('some secret text')")
#endif
+#ifndef OPENSSL_NO_SRP
+ SSL_CMD_SRV(SRPVerifierFile, TAKE1,
@ -32,7 +32,7 @@
/*
* Proxy configuration for remote SSL connections
*/
@@ -263,6 +281,18 @@ static const command_rec ssl_config_cmds
@@ -272,6 +290,18 @@ static const command_rec ssl_config_cmds
AP_END_CMD
};
@ -51,8 +51,8 @@
/*
* the various processing hooks
*/
--- httpd-2.4.3.orig/modules/ssl/mod_ssl.h
+++ httpd-2.4.3/modules/ssl/mod_ssl.h
--- httpd-2.4.4.orig/modules/ssl/mod_ssl.h
+++ httpd-2.4.4/modules/ssl/mod_ssl.h
@@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_e
APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
@ -80,8 +80,8 @@
+
#endif /* __MOD_SSL_H__ */
/** @} */
--- httpd-2.4.3.orig/modules/ssl/ssl_engine_config.c
+++ httpd-2.4.3/modules/ssl/ssl_engine_config.c
--- httpd-2.4.4.orig/modules/ssl/ssl_engine_config.c
+++ httpd-2.4.4/modules/ssl/ssl_engine_config.c
@@ -125,6 +125,10 @@ static void modssl_ctx_init(modssl_ctx_t
mctx->crl_file = NULL;
mctx->crl_check_mode = SSL_CRLCHECK_UNSET;
@ -93,9 +93,9 @@
mctx->auth.ca_cert_path = NULL;
mctx->auth.ca_cert_file = NULL;
mctx->auth.cipher_suite = NULL;
@@ -149,6 +153,12 @@ static void modssl_ctx_init(modssl_ctx_t
mctx->stapling_responder_timeout = UNSET;
mctx->stapling_force_url = NULL;
@@ -155,6 +159,12 @@ static void modssl_ctx_init(modssl_ctx_t
mctx->srp_unknown_user_seed = NULL;
mctx->srp_vbase = NULL;
#endif
+
+#ifndef OPENSSL_NO_SRP
@ -106,7 +106,7 @@
}
static void modssl_ctx_init_proxy(SSLSrvConfigRec *sc,
@@ -251,6 +264,10 @@ static void modssl_ctx_cfg_merge(modssl_
@@ -257,6 +267,10 @@ static void modssl_ctx_cfg_merge(modssl_
cfgMerge(crl_file, NULL);
cfgMerge(crl_check_mode, SSL_CRLCHECK_UNSET);
@ -117,22 +117,11 @@
cfgMergeString(auth.ca_cert_path);
cfgMergeString(auth.ca_cert_file);
cfgMergeString(auth.cipher_suite);
@@ -274,6 +291,11 @@ static void modssl_ctx_cfg_merge(modssl_
cfgMergeInt(stapling_responder_timeout);
cfgMerge(stapling_force_url, NULL);
#endif
+
+#ifndef OPENSSL_NO_SRP
+ cfgMergeString(srp_vfile);
+ cfgMergeString(srp_unknown_user_seed);
+#endif
}
@@ -839,6 +853,54 @@ const char *ssl_cmd_SSLPKCS7CertificateF
static void modssl_ctx_cfg_merge_proxy(modssl_ctx_t *base,
@@ -829,6 +871,54 @@ const char *ssl_cmd_SSLPKCS7CertificateF
return NULL;
}
+
+const char *ssl_cmd_SSLRSAAuthzFile(cmd_parms *cmd,
+ void *dcfg,
+ const char *arg)
@ -180,45 +169,11 @@
+
+ return NULL;
+}
+
#ifdef HAVE_TLS_SESSION_TICKETS
const char *ssl_cmd_SSLSessionTicketKeyFile(cmd_parms *cmd,
void *dcfg,
@@ -1782,6 +1872,32 @@ const char *ssl_cmd_SSLStaplingForceURL(
#endif /* HAVE_OCSP_STAPLING */
+#ifndef OPENSSL_NO_SRP
+
+const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg,
+ const char *arg)
+{
+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+ const char *err;
+
+ if ((err = ssl_cmd_check_file(cmd, &arg)))
+ return err;
+ /* SRP_VBASE_init takes char*, not const char* */
+ sc->server->srp_vfile = apr_pstrdup(cmd->pool, arg);
+ return NULL;
+}
+
+const char *ssl_cmd_SSLSRPUnknownUserSeed(cmd_parms *cmd, void *dcfg,
+ const char *arg)
+{
+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+ /* SRP_VBASE_new takes char*, not const char* */
+ sc->server->srp_unknown_user_seed = apr_pstrdup(cmd->pool, arg);
+ return NULL;
+}
+
+#endif /* OPENSSL_NO_SRP */
+
void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
{
apr_file_t *out = NULL;
--- httpd-2.4.3.orig/modules/ssl/ssl_engine_io.c
+++ httpd-2.4.3/modules/ssl/ssl_engine_io.c
--- httpd-2.4.4.orig/modules/ssl/ssl_engine_io.c
+++ httpd-2.4.4/modules/ssl/ssl_engine_io.c
@@ -28,6 +28,7 @@
core keeps dumping.''
-- Unknown */
@ -235,7 +190,7 @@
} bio_filter_in_ctx_t;
/*
@@ -1374,6 +1376,26 @@ static apr_status_t ssl_io_filter_input(
@@ -1385,6 +1387,26 @@ static apr_status_t ssl_io_filter_input(
APR_BRIGADE_INSERT_TAIL(bb, bucket);
}
@ -262,7 +217,7 @@
return APR_SUCCESS;
}
@@ -1855,6 +1877,7 @@ static void ssl_io_input_add_filter(ssl_
@@ -1866,6 +1888,7 @@ static void ssl_io_input_add_filter(ssl_
inctx->block = APR_BLOCK_READ;
inctx->pool = c->pool;
inctx->filter_ctx = filter_ctx;
@ -270,8 +225,8 @@
}
/* The request_rec pointer is passed in here only to ensure that the
--- httpd-2.4.3.orig/modules/ssl/ssl_engine_kernel.c
+++ httpd-2.4.3/modules/ssl/ssl_engine_kernel.c
--- httpd-2.4.4.orig/modules/ssl/ssl_engine_kernel.c
+++ httpd-2.4.4/modules/ssl/ssl_engine_kernel.c
@@ -29,6 +29,7 @@
time I was too famous.''
-- Unknown */
@ -280,8 +235,8 @@
#include "util_md5.h"
static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
@@ -329,6 +330,19 @@ int ssl_hook_Access(request_rec *r)
return DECLINED;
@@ -320,6 +321,19 @@ int ssl_hook_Access(request_rec *r)
return HTTP_FORBIDDEN;
}
+#ifndef OPENSSL_NO_SRP
@ -298,167 +253,19 @@
+#endif
+
/*
* Support for per-directory reconfigured SSL connection parameters.
*
@@ -1088,6 +1102,10 @@ static const char *ssl_hook_Fixup_vars[]
"SSL_SERVER_A_SIG",
"SSL_SESSION_ID",
"SSL_SESSION_RESUMED",
+#ifndef OPENSSL_NO_SRP
+ "SSL_SRP_USER",
+ "SSL_SRP_USERINFO",
+#endif
NULL
};
* Check to see whether SSL is in use; if it's not, then no
* further access control checks are relevant. (the test for
@@ -1397,7 +1411,7 @@ EC_KEY *ssl_callback_TmpECDH(SSL *ssl, i
@@ -2072,7 +2090,7 @@ static int ssl_find_vhost(void *serverna
return 0;
return (EC_KEY *)mc->pTmpKeys[idx];
}
-#endif
+#endif /* OPENSSL_NO_TLSEXT */
#ifdef HAVE_TLS_SESSION_TICKETS
/*
@@ -2142,4 +2160,114 @@ int ssl_callback_SessionTicket(SSL *ssl,
/* OpenSSL is not expected to call us with modes other than 1 or 0 */
return -1;
}
-#endif
+#endif /* HAVE_TLS_SESSION_TICKETS */
+
+#ifdef HAVE_TLS_NPN
+/*
+ * This callback function is executed when SSL needs to decide what protocols
+ * to advertise during Next Protocol Negotiation (NPN). It must produce a
+ * string in wire format -- a sequence of length-prefixed strings -- indicating
+ * the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb
+ * in OpenSSL for reference.
+ */
+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
+ unsigned int *size_out, void *arg)
+{
+ conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
+ apr_array_header_t *protos;
+ int num_protos;
+ unsigned int size;
+ int i;
+ unsigned char *data;
+ unsigned char *start;
+
+ *data_out = NULL;
+ *size_out = 0;
+
+ /* If the connection object is not available, then there's nothing for us
+ * to do. */
+ if (c == NULL) {
+ return SSL_TLSEXT_ERR_OK;
+ }
+
+ /* Invoke our npn_advertise_protos hook, giving other modules a chance to
+ * add alternate protocol names to advertise. */
+ protos = apr_array_make(c->pool, 0, sizeof(char*));
+ modssl_run_npn_advertise_protos_hook(c, protos);
+ num_protos = protos->nelts;
+
+ /* We now have a list of null-terminated strings; we need to concatenate
+ * them together into a single string, where each protocol name is prefixed
+ * by its length. First, calculate how long that string will be. */
+ size = 0;
+ for (i = 0; i < num_protos; ++i) {
+ const char *string = APR_ARRAY_IDX(protos, i, const char*);
+ unsigned int length = strlen(string);
+ /* If the protocol name is too long (the length must fit in one byte),
+ * then log an error and skip it. */
+ if (length > 255) {
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02307)
+ "SSL NPN protocol name too long (length=%u): %s",
+ length, string);
+ continue;
+ }
+ /* Leave room for the length prefix (one byte) plus the protocol name
+ * itself. */
+ size += 1 + length;
+ }
+
+ /* If there is nothing to advertise (either because no modules added
+ * anything to the protos array, or because all strings added to the array
+ * were skipped), then we're done. */
+ if (size == 0) {
+ return SSL_TLSEXT_ERR_OK;
+ }
+
+ /* Now we can build the string. Copy each protocol name string into the
+ * larger string, prefixed by its length. */
+ data = apr_palloc(c->pool, size * sizeof(unsigned char));
+ start = data;
+ for (i = 0; i < num_protos; ++i) {
+ const char *string = APR_ARRAY_IDX(protos, i, const char*);
+ apr_size_t length = strlen(string);
+ if (length > 255)
+ continue;
+ *start = (unsigned char)length;
+ ++start;
+ memcpy(start, string, length * sizeof(unsigned char));
+ start += length;
+ }
+
+ /* Success. */
+ *data_out = data;
+ *size_out = size;
+ return SSL_TLSEXT_ERR_OK;
+}
+
+#endif /* HAVE_TLS_NPN */
+
+#ifndef OPENSSL_NO_SRP
+
+int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg)
+{
+ modssl_ctx_t *mctx = (modssl_ctx_t *)arg;
+ char *username = SSL_get_srp_username(ssl);
+ SRP_user_pwd *u;
+
+ if (username == NULL
+ || (u = SRP_VBASE_get_by_user(mctx->srp_vbase, username)) == NULL) {
+ *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
+ return SSL3_AL_FATAL;
+ }
+
+ if (SSL_set_srp_server_param(ssl, u->N, u->g, u->s, u->v, u->info) < 0) {
+ *ad = SSL_AD_INTERNAL_ERROR;
+ return SSL3_AL_FATAL;
+ }
+
+ /* reset all other options */
+ SSL_set_verify(ssl, SSL_VERIFY_NONE, ssl_callback_SSLVerify);
+ return SSL_ERROR_NONE;
+}
+
+#endif /* OPENSSL_NO_SRP */
--- httpd-2.4.3.orig/modules/ssl/ssl_engine_vars.c
+++ httpd-2.4.3/modules/ssl/ssl_engine_vars.c
@@ -395,6 +395,18 @@ static char *ssl_var_lookup_ssl(apr_pool
#endif
result = apr_pstrdup(p, flag ? "true" : "false");
}
+#ifndef OPENSSL_NO_SRP
+ else if (ssl != NULL && strcEQ(var, "SRP_USER")) {
+ if ((result = SSL_get_srp_username(ssl)) != NULL) {
+ result = apr_pstrdup(p, result);
+ }
+ }
+ else if (ssl != NULL && strcEQ(var, "SRP_USERINFO")) {
+ if ((result = SSL_get_srp_userinfo(ssl)) != NULL) {
+ result = apr_pstrdup(p, result);
+ }
+ }
+#endif
return result;
}
--- httpd-2.4.3.orig/modules/ssl/ssl_private.h
+++ httpd-2.4.3/modules/ssl/ssl_private.h
* This OpenSSL callback function is called when OpenSSL
--- httpd-2.4.4.orig/modules/ssl/ssl_private.h
+++ httpd-2.4.4/modules/ssl/ssl_private.h
@@ -139,6 +139,11 @@
#define HAVE_FIPS
#endif
@ -471,8 +278,8 @@
#if (OPENSSL_VERSION_NUMBER >= 0x10000000)
#define MODSSL_SSL_CIPHER_CONST const
#define MODSSL_SSL_METHOD_CONST const
@@ -185,6 +190,20 @@
#define OPENSSL_NO_COMP
@@ -194,6 +199,20 @@
#endif
#endif
+#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \
@ -492,16 +299,10 @@
/* mod_ssl headers */
#include "ssl_util_ssl.h"
@@ -647,6 +666,17 @@ typedef struct {
const char *stapling_force_url;
@@ -662,6 +681,11 @@ typedef struct {
SRP_VBASE *srp_vbase;
#endif
+#ifndef OPENSSL_NO_SRP
+ char *srp_vfile;
+ char *srp_unknown_user_seed;
+ SRP_VBASE *srp_vbase;
+#endif
+
+ /** RFC 5878 */
+ const char *rsa_authz_file;
+ const char *dsa_authz_file;
@ -510,7 +311,7 @@
modssl_auth_ctx_t auth;
BOOL ocsp_enabled; /* true if OCSP verification enabled */
@@ -723,6 +756,9 @@ const char *ssl_cmd_SSLCryptoDevice(cmd
@@ -738,6 +762,9 @@ const char *ssl_cmd_SSLCryptoDevice(cmd
const char *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
const char *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
@ -520,9 +321,9 @@
const char *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
@@ -775,6 +811,11 @@ const char *ssl_cmd_SSLOCSPResponseMaxAg
const char *ssl_cmd_SSLOCSPResponderTimeout(cmd_parms *cmd, void *dcfg, const char *arg);
const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, int flag);
@@ -795,6 +822,11 @@ const char *ssl_cmd_SSLSRPVerifierFile(c
const char *ssl_cmd_SSLSRPUnknownUserSeed(cmd_parms *cmd, void *dcfg, const char *arg);
#endif
+#ifndef OPENSSL_NO_SRP
+const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg, const char *arg);
@ -532,7 +333,7 @@
const char *ssl_cmd_SSLFIPS(cmd_parms *cmd, void *dcfg, int flag);
/** module initialization */
@@ -820,6 +861,7 @@ int ssl_callback_ServerNameIndi
@@ -840,6 +872,7 @@ int ssl_callback_ServerNameIndi
int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *,
EVP_CIPHER_CTX *, HMAC_CTX *, int);
#endif
@ -540,13 +341,13 @@
/** Session Cache Support */
void ssl_scache_init(server_rec *, apr_pool_t *);
@@ -851,6 +893,9 @@ void modssl_init_stapling(server
void ssl_stapling_ex_init(void);
int ssl_stapling_init_cert(server_rec *s, modssl_ctx_t *mctx, X509 *x);
@@ -873,6 +906,9 @@ int ssl_stapling_init_cert(serv
#endif
#ifndef OPENSSL_NO_SRP
int ssl_callback_SRPServerParams(SSL *, int *, void *);
+#endif
+#ifndef OPENSSL_NO_SRP
+int ssl_callback_SRPServerParams(SSL *, int *, void *);
+#endif
#endif
/** I/O */
void ssl_io_filter_init(conn_rec *, request_rec *r, SSL *);

40
apache2.changes
View File

@ -1,3 +1,43 @@
-------------------------------------------------------------------
Tue Jun 18 07:41:36 UTC 2013 - crrodriguez@opensuse.org
- apache-20-22-upgrade: still no cookie, module authn_file
is ok and must not be disabled on update.
authn_core must however be enabled too.
-------------------------------------------------------------------
Tue Jun 18 06:42:33 UTC 2013 - crrodriguez@opensuse.org
- fix apache_mmn spec macro, otherwise all modules down
the chain will have broken dependencies
-------------------------------------------------------------------
Tue Jun 18 05:53:31 UTC 2013 - crrodriguez@opensuse.org
- remove After=mysql.service php-fpm.service postgresql.service
which were added in the previous change, those must be added
as Before=apache2.service in the respective services.
-------------------------------------------------------------------
Fri Jun 14 21:51:09 UTC 2013 - crrodriguez@opensuse.org
- Include mod_systemd for more complete integration with
systemd, turn the service to Typé=notify as required
- Disable SSL NPN patch for now, it is required for mod_spdy
but mod_spdy does not support apache 2.4
-------------------------------------------------------------------
Sat Jun 1 03:54:50 UTC 2013 - crrodriguez@opensuse.org
- apache 2.4.4
* fix for CVE-2012-3499
* fix for the CRIME attack (disable ssl compression by default)
* many other bugfies
* build access_compat amd unixd as static modules and solve
some other upgrade quirks (bnc#813705)
-------------------------------------------------------------------
Mon Feb 25 08:19:41 UTC 2013 - mlin@suse.com

4
apache2.service
View File

@ -1,9 +1,11 @@
[Unit]
Description=The Apache Webserver
After=network.target remote-fs.target nss-lookup.target
Wants=network.target nss-lookup.target
After=network.target nss-lookup.target
Before=getty@tty1.service
[Service]
Type=notify
PrivateTmp=true
EnvironmentFile=/etc/sysconfig/apache2
ExecStart=/usr/sbin/start_apache2 -D SYSTEMD -DNO_DETACH -k start

25
apache2.spec
View File

@ -33,7 +33,8 @@ BuildRequires: libcap
BuildRequires: libcap-devel
%endif
%if 0%{?suse_version} >= 1210
BuildRequires: systemd
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(libsystemd-daemon)
%endif
%if %{?suse_version:1}0
@ -48,7 +49,7 @@ BuildRequires: expat-devel
%define pname apache2
%define vers 2
%define httpd httpd2
%define apache_mmn %(test -s %{S:0} && { echo -n apache_mmn_; xzcat %{S:0} | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; })
%define apache_mmn %(test -s %{S:0} && { echo -n apache_mmn_; bzcat %{S:0} | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; })
%define default_mpm prefork
%{!?prefork:%define prefork 1}
%{!?worker:%define worker 1}
@ -80,11 +81,11 @@ BuildRequires: expat-devel
# "Server:" header
%define VENDOR SUSE
%define platform_string Linux/%VENDOR
%define realver 2.4.3
Version: 2.4.3
%define realver 2.4.4
Version: 2.4.4
Release: 0
#Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2
Source0: httpd-%{realver}.tar.xz
Source0: httpd-%{realver}.tar.bz2
# Add file to take mtime from it in prep section
Source1: apache2.changes
Source6: 60C5442D.key
@ -144,11 +145,14 @@ Patch66: httpd-2.0.54-envvars.dif
Patch67: httpd-2.2.0-apxs-a2enmod.dif
Patch68: httpd-2.x.x-logresolve.patch
Patch69: httpd-2.2.x-bnc690734.patch
Patch70: apache2-implicit-pointer-decl.patch
Patch100: apache2.4-mpm-itk-2.4.2-01.patch
Patch101: httpd-2.2.19-linux3.patch
# PATCH-FEATURE-UPSTREAM apache2-mod_ssl_npn.patch dimstar@opensuse.org -- Add npn support to mod_ssl (needed for spdy)
Patch108: apache2-mod_ssl_npn.patch
Provides: apache2(mod_ssl+npn)
#Patch108: apache2-mod_ssl_npn.patch
#Provides: apache2(mod_ssl+npn)
# PATCH-FEATURE-UPSTREAM httpd-2.4.3-mod_systemd.patch crrodriguez@opensuse.org simple module provides systemd integration.
Patch109: httpd-2.4.3-mod_systemd.patch
Url: http://httpd.apache.org/
Icon: Apache.xpm
Summary: The Apache Web Server Version 2.2
@ -367,9 +371,11 @@ to administrators of web servers in general.
%patch67 -p1
%patch68 -p1
#%patch69
%patch70 -p1
%patch100 -p1
%patch101
%patch108 -p1
#%patch108 -p1
%patch109 -p1
#
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
@ -429,6 +435,7 @@ function configure {
--enable-pie \
%endif
--enable-mods-shared=all \
--enable-mods-static="access_compat unixd" \
--enable-ssl=shared \
\
--disable-isapi \
@ -723,7 +730,7 @@ EOF
#
ln -sf ../mime.types $RPM_BUILD_ROOT/%{sysconfdir}/mime.types
mv $RPM_BUILD_ROOT/%{cgidir}/printenv .
mv $RPM_BUILD_ROOT/%{cgidir}/printenv* .
mv $RPM_BUILD_ROOT/%{cgidir}/test-cgi .
pushd $RPM_BUILD_ROOT/%{_mandir}
for i in $(find . -type f); do

163
httpd-2.4.3-mod_systemd.patch Normal file
View File

@ -0,0 +1,163 @@
--- httpd-2.4.3/modules/arch/unix/config5.m4.systemd
+++ httpd-2.4.3/modules/arch/unix/config5.m4
@@ -18,6 +18,19 @@ APACHE_MODULE(privileges, Per-virtualhos
fi
])
+
+APACHE_MODULE(systemd, Systemd support, , , $unixd_mods_enabled, [
+ AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon")
+ AC_CHECK_HEADERS(systemd/sd-daemon.h, [ap_HAVE_SD_DAEMON_H="yes"], [ap_HAVE_SD_DAEMON_H="no"])
+ if test $ap_HAVE_SD_DAEMON_H = "no" || test -z "${SYSTEMD_LIBS}"; then
+ AC_MSG_WARN([Your system does not support systemd.])
+ enable_systemd="no"
+ else
+ APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS])
+ enable_systemd="yes"
+ fi
+])
+
APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current])
APACHE_MODPATH_FINISH
--- httpd-2.4.3/modules/arch/unix/mod_systemd.c.systemd
+++ httpd-2.4.3/modules/arch/unix/mod_systemd.c
@@ -0,0 +1,138 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdint.h>
+#include <ap_config.h>
+#include "ap_mpm.h"
+#include <http_core.h>
+#include <http_log.h>
+#include <apr_version.h>
+#include <apr_pools.h>
+#include <apr_strings.h>
+#include "unixd.h"
+#include "scoreboard.h"
+#include "mpm_common.h"
+
+#include "systemd/sd-daemon.h"
+
+#if APR_HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#define KBYTE 1024
+
+static pid_t pid; /* PID of the main httpd instance */
+static int server_limit, thread_limit, threads_per_child, max_servers;
+static time_t last_update_time;
+static unsigned long last_update_access;
+static unsigned long last_update_kbytes;
+
+static int systemd_pre_mpm(apr_pool_t *p, ap_scoreboard_e sb_type)
+{
+ int rv;
+ last_update_time = time(0);
+
+ ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit);
+ ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit);
+ ap_mpm_query(AP_MPMQ_MAX_THREADS, &threads_per_child);
+ /* work around buggy MPMs */
+ if (threads_per_child == 0)
+ threads_per_child = 1;
+ ap_mpm_query(AP_MPMQ_MAX_DAEMONS, &max_servers);
+
+ pid = getpid();
+
+ rv = sd_notifyf(0, "READY=1\n"
+ "STATUS=Processing requests...\n"
+ "MAINPID=%lu",
+ (unsigned long) pid);
+ if (rv < 0) {
+ ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p,
+ "sd_notifyf returned an error %d", rv);
+ }
+
+ return OK;
+}
+
+static int systemd_monitor(apr_pool_t *p, server_rec *s)
+{
+ int i, j, res, rv;
+ process_score *ps_record;
+ worker_score *ws_record;
+ unsigned long access = 0;
+ unsigned long bytes = 0;
+ unsigned long kbytes = 0;
+ char bps[5];
+ time_t now = time(0);
+ time_t elapsed = now - last_update_time;
+
+ for (i = 0; i < server_limit; ++i) {
+ ps_record = ap_get_scoreboard_process(i);
+ for (j = 0; j < thread_limit; ++j) {
+ ws_record = ap_get_scoreboard_worker_from_indexes(i, j);
+ if (ap_extended_status && !ps_record->quiescing && ps_record->pid) {
+ res = ws_record->status;
+ if (ws_record->access_count != 0 ||
+ (res != SERVER_READY && res != SERVER_DEAD)) {
+ access += ws_record->access_count;
+ bytes += ws_record->bytes_served;
+ if (bytes >= KBYTE) {
+ kbytes += (bytes >> 10);
+ bytes = bytes & 0x3ff;
+ }
+ }
+ }
+ }
+ }
+
+ apr_strfsize((unsigned long)(KBYTE *(float) (kbytes - last_update_kbytes)
+ / (float) elapsed), bps);
+
+ rv = sd_notifyf(0, "READY=1\n"
+ "STATUS=Total requests: %lu; Current requests/sec: %.3g; "
+ "Current traffic: %sB/sec\n", access,
+ ((float)access - last_update_access) / (float) elapsed, bps);
+ if (rv < 0) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00000)
+ "sd_notifyf returned an error %d", rv);
+ }
+
+ last_update_access = access;
+ last_update_kbytes = kbytes;
+ last_update_time = now;
+
+ return DECLINED;
+}
+
+static void systemd_register_hooks(apr_pool_t *p)
+{
+ /* We know the PID in this hook ... */
+ ap_hook_pre_mpm(systemd_pre_mpm, NULL, NULL, APR_HOOK_LAST);
+ /* Used to update httpd's status line using sd_notifyf */
+ ap_hook_monitor(systemd_monitor, NULL, NULL, APR_HOOK_MIDDLE);
+}
+
+module AP_MODULE_DECLARE_DATA systemd_module =
+{
+ STANDARD20_MODULE_STUFF,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ systemd_register_hooks,
+};

3
httpd-2.4.3.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:89ba3db446faa929206ed3f5a1bef7133e034ad8f8abfc5e8f8eb41f3cc61074
size 4032716

3
httpd-2.4.4.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:92aabddeca76a4ac7330b143df1407bbf35574c7291c15172238ac598d97655c
size 4780289