rpm/apache2
SHA256
1
0
Fork 0
forked from pool/apache2
Code Pull Requests Activity

Accepting request 896869 from Apache

Browse Source 
- version update to 2.4.48
  
  Changes with Apache 2.4.48
  *) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the
     fallback to mod_proxy_http for WebSocket upgrade and tunneling.
     [Yann Ylavic]
  *) mod_proxy: Fix flushing of THRESHOLD_MIN_WRITE data while tunneling.
     BZ 65294.  [Yann Ylavic]
  *) core: Fix a regression that stripped the ETag header from 304 responses.
     PR 61820 [Ruediger Pluem, Roy T. Fielding]
  *) core: Adding SSL related inquiry functions to the server API.
     These function are always available, even when no module providing
     SSL is loaded. They provide their own "shadowing" implementation for
     the optional functions of similar name that mod_ssl and impersonators
     of mod_ssl provide.
     This enables loading of several SSL providing modules when all but
     one of them registers itself into the new hooks. Two old-style SSL
     modules will not work, as they replace the others optional functions
     with their own.
     Modules using the old-style optional functions will continue to work
     as core supplies its own versions of those.
     The following has been added so far:
     - ap_ssl_conn_is_ssl() to query if a connection is using SSL.
     - ap_ssl_var_lookup() to query SSL related variables for a
       server/connection/request.
     - Hooks for 'ssl_conn_is_ssl' and 'ssl_var_lookup' where modules
       providing SSL can install their own value supplying functions.
     - ap_ssl_add_cert_files() to enable other modules like mod_md to provide
       certificate and keys for an SSL module like mod_ssl.
     - ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to

OBS-URL: https://build.opensuse.org/request/show/896869
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=183
This commit is contained in:
Dominique Leuenberger 2021-06-04 20:42:34 +00:00 committed by Git OBS Bridge
commit e6f40adbe1
9 changed files with 352 additions and 203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
apache2-mod_proxy_uwsgi-fix-crash.patch
View File

@ -1,28 +0,0 @@
Index: httpd-2.4.46/modules/proxy/mod_proxy_uwsgi.c
===================================================================
--- httpd-2.4.46.orig/modules/proxy/mod_proxy_uwsgi.c 2020-07-24 11:35:25.000000000 +0200
+++ httpd-2.4.46/modules/proxy/mod_proxy_uwsgi.c 2020-11-10 16:38:14.507125446 +0100
@@ -175,7 +175,7 @@ static int uwsgi_send_headers(request_re
env = (apr_table_entry_t *) env_table->elts;
for (j = 0; j < env_table->nelts; ++j) {
- headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val);
+ headerlen += 2 + strlen(env[j].key) + 2 + (env[j].val ? strlen(env[j].val) : 0);
}
pktsize = headerlen - 4;
@@ -198,10 +198,12 @@ static int uwsgi_send_headers(request_re
memcpy(ptr, env[j].key, keylen);
ptr += keylen;
- vallen = strlen(env[j].val);
+ vallen = env[j].val ? strlen(env[j].val) : 0;
*ptr++ = (apr_byte_t) (vallen & 0xff);
*ptr++ = (apr_byte_t) ((vallen >> 8) & 0xff);
- memcpy(ptr, env[j].val, vallen);
+ if (env[j].val) {
+ memcpy(ptr, env[j].val, vallen);
+ }
ptr += vallen;
}

270
apache2.changes
View File

@ -1,3 +1,273 @@
-------------------------------------------------------------------
Wed Jun 2 07:31:14 UTC 2021 - pgajdos@suse.com
- version update to 2.4.48
Changes with Apache 2.4.48
*) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the
fallback to mod_proxy_http for WebSocket upgrade and tunneling.
[Yann Ylavic]
*) mod_proxy: Fix flushing of THRESHOLD_MIN_WRITE data while tunneling.
BZ 65294. [Yann Ylavic]
*) core: Fix a regression that stripped the ETag header from 304 responses.
PR 61820 [Ruediger Pluem, Roy T. Fielding]
*) core: Adding SSL related inquiry functions to the server API.
These function are always available, even when no module providing
SSL is loaded. They provide their own "shadowing" implementation for
the optional functions of similar name that mod_ssl and impersonators
of mod_ssl provide.
This enables loading of several SSL providing modules when all but
one of them registers itself into the new hooks. Two old-style SSL
modules will not work, as they replace the others optional functions
with their own.
Modules using the old-style optional functions will continue to work
as core supplies its own versions of those.
The following has been added so far:
- ap_ssl_conn_is_ssl() to query if a connection is using SSL.
- ap_ssl_var_lookup() to query SSL related variables for a
server/connection/request.
- Hooks for 'ssl_conn_is_ssl' and 'ssl_var_lookup' where modules
providing SSL can install their own value supplying functions.
- ap_ssl_add_cert_files() to enable other modules like mod_md to provide
certificate and keys for an SSL module like mod_ssl.
- ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to
provide a fallback certificate in case no 'proper' certificate is
available for an SSL module like mod_ssl.
- ap_ssl_answer_challenge() to enable other modules like mod_md to
provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge
for the ACME protocol for an SSL module like mod_ssl. The function
and its hook provide PEM encoded data instead of file names.
- Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and
'ssl_answer_challenge' where modules like mod_md can provide providers
to the above mentioned functions.
- These functions reside in the new 'http_ssl.h' header file.
[Stefan Eissing]
*) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This
allows modules to access and provide OCSP response data without being tied
of each other. The data is exchanged in standard, portable formats (PEM encoded
certificates and DER encoded responses), so that the actual SSL/crypto
implementations used by the modules are independant of each other.
Registration and retrieval happen in the context of a server (server_rec)
which modules may use to decide if they are configured for this or not.
The area of changes:
1. core: defines 2 functions in include/http_ssl.h, so that modules may
register a certificate, together with its issuer certificate for OCSP
response provisioning and ask for current response data (DER bytes) later.
Also, 2 hooks are defined that allow modules to implement this OCSP
provisioning.
2. mod_ssl uses the new functions, in addition to what it did already, to
register its certificates this way. If no one is interested in providing
OCSP, it falls back to its own (if configured) stapling implementation.
3. mod_md registers itself at the core hooks for OCSP provisioning. Depending
on configuration, it will accept registrations of its own certificates only,
all certificates or none.
[Stefan Eissing]
*) mod_md: v2.4.0 with improvements and bugfixes
- MDPrivateKeys allows the specification of several types. Beside "RSA" plus
optional key lengths elliptic curves can be configured. This means you can
have multiple certificates for a Managed Domain with different key types.
With ```MDPrivateKeys secp384r1 rsa2048``` you get one ECDSA and one RSA
certificate and all modern client will use the shorter ECDSA, while older
client will get the RSA certificate.
Many thanks to @tlhackque who pushed and helped on this.
- Support added for MDomains consisting of a wildcard. Configuring
```MDomain *.host.net``` will match all virtual hosts matching that pattern
and obtain one certificate for it (assuming you have 'dns-01' challenge
support configured). Addresses #239.
- Removed support for ACMEv1 servers. The only known installation used to
be Let's Encrypt which has disabled that version more than a year ago for
new accounts.
- Andreas Ulm (<https://github.com/root360-AndreasUlm>) implemented the
```renewing``` call to ```MDMessageCmd``` that can deny a certificate
renewal attempt. This is useful in clustered installations, as
discussed in #233).
- New event ```challenge-setup:<type>:<domain>```, triggered when the
challenge data for a domain has been created. This is invoked before the
ACME server is told to check for it. The type is one of the ACME challenge
types. This is invoked for every DNS name in a MDomain.
- The max delay for retries has been raised to daily (this is like all
retries jittered somewhat to avoid repeats at fixed time of day).
- Certain error codes reported by the ACME server that indicate a problem
with the configured data now immediately switch to daily retries. For
example: if the ACME server rejects a contact email or a domain name,
frequent retries will most likely not solve the problem. But daily retries
still make sense as there might be an error at the server and un-supervised
certificate renewal is the goal. Refs #222.
- Test case and work around for domain names > 64 octets. Fixes #227.
When the first DNS name of an MD is longer than 63 octets, the certificate
request will not contain a CN field, but leave it up to the CA to choose one.
Currently, Lets Encrypt looks for a shorter name in the SAN list given and
fails the request if none is found. But it is really up to the CA (and what
browsers/libs accept here) and may change over the years. That is why
the decision is best made at the CA.
- Retry delays now have a random +/-[0-50]% modification applied to let
retries from several servers spread out more, should they have been
restarted at the same time of day.
- Fixed several places where the 'badNonce' return code from an ACME server
was not handled correctly. The test server 'pebble' simulates this behaviour
by default and helps nicely in verifying this behaviour. Thanks, pebble!
- Set the default `MDActivationDelay` to 0. This was confusing to users that
new certificates were deemed not usably before a day of delay. When clocks are
correct, using a new certificate right away should not pose a problem.
- When handling ACME authorization resources, the module no longer requires
the server to return a "Location" header, as was necessary in ACMEv1.
Fixes #216.
- Fixed a theoretical uninitialized read when testing for JSON error responses
from the ACME CA. Reported at <https://bz.apache.org/bugzilla/show_bug.cgi?id=64297>.
- ACME problem reports from CAs that include parameters in the Content-Type
header are handled correctly. (Previously, the problem text would not be
reported and retries could exceed CA limits.)
- Account Update transactions to V2 CAs now use the correct POST-AS-GET method.
Previously, an empty JSON object was sent - which apparently LE accepted,
but others reject.
[Stefan Eissing, @tlhackque, Andreas Ulm]
Changes with Apache 2.4.47
*) mod_dav_fs: Improve logging output when failing to open files for
writing. PR 64413. [Bingyu Shen <ahshenbingyu gmail.com>]
*) mod_http2: Fixed a race condition that could lead to streams being
aborted (RST to the client), although a response had been produced.
[Stefan Eissing]
*) mod_lua: Add support to Lua 5.4 [Joe Orton, Giovanni Bechis, Ruediger Pluem]
*) MPM event/worker: Fix possible crash in child process on early signal
delivery. PR 64533. [Ruediger Pluem]
*) mod_http2: sync with github standalone version 1.15.17
- Log requests and sent the configured error response in case of early detected
errors like too many or too long headers. [Ruediger Pluem]
- new option 'H2OutputBuffering on/off' which controls the buffering of stream output.
The default is on, which is the behaviour of older mod-h2 versions. When off, all
bytes are made available immediately to the main connection for sending them
out to the client. This fixes interop issues with certain flavours of gRPC, see
also <https://github.com/icing/mod_h2/issues/207>.
[Stefan Eissing]
*) mod_unique_id: Fix potential duplicated ID generation under heavy load.
PR 65159
[Jonas Müntener <jonas.muentener ergon.ch>, Christophe Jaillet]
*) "[mod_dav_fs etag handling] should really honor the FileETag setting".
- It now does.
- Add "Digest" to FileETag directive, allowing a strong ETag to be
generated using a file digest.
- Add ap_make_etag_ex() and ap_set_etag_fd() to allow full control over
ETag generation.
- Add concept of "binary notes" to request_rec, allowing packed bit flags
to be added to a request.
- First binary note - AP_REQUEST_STRONG_ETAG - allows modules to force
the ETag to a strong ETag to comply with RFC requirements, such as those
mandated by various WebDAV extensions.
[Graham Leggett]
*) mod_proxy_http: Fix a possibly crash when the origin connection gets
interrupted before completion. PR 64234.
[Barnim Dzwillo <dzwillo strato.de>, Ruediger Pluem]
*) mod_ssl: Do not keep connections to OCSP responders alive when doing
OCSP requests. PR 64135. [Ruediger Pluem]
*) mod_ssl: Improve the coalescing filter to buffer into larger TLS
records, and avoid revealing the HTTP header size via TLS record
boundaries (for common response generators).
[Joe Orton, Ruediger Pluem]
*) mod_proxy_hcheck: Don't pile up health checks if the previous one did
not finish before hcinterval. PR 63010. [Yann Ylavic]
*) mod_session: Improve session parsing. [Yann Yalvic]
*) mod_authnz_ldap: Prevent authentications with empty passwords for the
initial bind to fail with status 500. [Ruediger Pluem]
*) mod_auth_digest: Fast validation of the nonce's base64 to fail early if
the format can't match anyway. [Yann Ylavic]
*) mod_proxy_fcgi: Honor "SetEnv proxy-sendcl" to forward a chunked
Transfer-Encoding from the client, spooling the request body when needed
to provide a Content-Length to the backend. PR 57087. [Yann Ylavic]
*) mod_proxy: Put mod_proxy_{connect,wstunnel} tunneling code in common in
proxy_util. [Yann Ylavic]
*) mod_proxy: Improve tunneling loop to support half closed connections and
pending data draining (for protocols like rsync). PR 61616. [Yann Ylavic]
*) mod_proxy_http: handle Upgrade request, 101 (Switching Protocol) response
and switched protocol forwarding. [Yann Ylavic]
*) mod_proxy_wstunnel: Leave Upgrade requests handling to mod_proxy_http,
allowing for (non-)Upgrade negotiation with the origin server.
[Yann Ylavic]
*) mod_proxy: Allow ProxyErrorOverride to be restricted to specific status
codes. PR63628. [Martin Drößler <mail martindroessler.de>]
*) core: Add ReadBufferSize, FlushMaxThreshold and FlushMaxPipelined
directives. [Yann Ylavic]
*) core: Ensure that aborted connections are logged as such. PR 62823
[Arnaud Grandville <contact@grandville.net>]
*) http: Allow unknown response status' lines returned in the form of
"HTTP/x.x xxx Status xxx". [Yann Ylavic]
*) mod_proxy_http: Fix 100-continue deadlock for spooled request bodies,
leading to Request Timeout (408). PR 63855. [Yann Ylavic]
*) core: Remove headers on 304 Not Modified as specified by RFC7234, as
opposed to passing an explicit subset of headers. PR 61820.
[Giovanni Bechis]
*) mpm_event: Don't reset connections after lingering close, restoring prior
to 2.4.28 behaviour. [Yann Ylavic]
*) mpm_event: Kill connections in keepalive state only when there is no more
workers available, not when the maximum number of connections is reached,
restoring prior to 2.4.30 behaviour. [Yann Ylavic]
*) mod_unique_id: Use base64url encoding for UNIQUE_ID variable,
avoiding the use of '@'. PR 57044.
[Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>]
*) mod_rewrite: Extend the [CO] (cookie) flag of RewriteRule to accept a
SameSite attribute. [Eric Covener]
*) mod_proxy: Add proxy check_trans hook. This allows proxy
modules to decline request handling at early stage.
*) mod_proxy_wstunnel: Decline requests without an Upgrade
header so ws/wss can be enabled overlapping with later
http/https.
*) mod_http2: Log requests and sent the configured error response in case of
early detected errors like too many or too long headers.
[Ruediger Pluem, Stefan Eissing]
*) mod_md: Lowered the required minimal libcurl version from 7.50 to 7.29
as proposed by <alexander.gerasimov codeit.pro>. [Stefan Eissing]
*) mod_ssl: Fix request body buffering with PHA in TLSv1.3. [Joe Orton]
*) mod_proxy_uwsgi: Fix a crash when sending environment variables with no
value. PR 64598 [Ruediger Pluem]
*) mod_proxy: Recognize parameters from ProxyPassMatch workers with dollar
substitution, such that they apply to the backend connection. Note that
connection reuse is disabled by default to avoid compatibility issues.
[Takashi Sato, Jan Kaluza, Eric Covener, Yann Ylavic, Jean-Frederic Clere]
- modified sources
% apache2.keyring
- deleted patches
- apache2-mod_proxy_uwsgi-fix-crash.patch (upstreamed)
- lua54.patch (upstreamed)
-------------------------------------------------------------------
Wed Jan 27 17:42:09 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>

52
apache2.keyring
View File

@ -389,3 +389,55 @@ LOWYTa4k7o8o
=w/hc
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGCAei8BEADKUPoj6I2OjdZ44486xLrZoApbXP3hOadau8DgXXPO84b0dnCS
NqvV3aDSXULtSdh+48pVdv0yBtqCeo6pWNBR/aURxxh3vDJNyQVzhDZsdePITwmV
qkpICUXeuTpyow3ir1+05p0DU6F33TynhZsyHltKmu+GqvxYYrzud+bw9zTN0Z45
Br/cKF/YE2uVEjq/x440qtSQmFhM7eSQvTv9lo9QgMO+eQXK0Dt4bsfyAZ1q2HAt
XGup0iwQpoxS1ofdkSxpvCBWklAiNXH0+qHGdVTJlqCp70xpsC2DXhbckCeLi2w7
GGa3jCNuf6P5uxW+tPlyFm5aFBSDd/3gAsU8G/a3ng3+78peKjatpmTkBJmXpA1E
cDWFZNKLlS5eE1c2LG+Hgu0yZrvArsJ8dvjbAuYn7uCWLll/Pjy26L9mKwLlJdcl
TX2rgx7a+yi2nfJwtj0rWWqX95HudUcWRxBVtpCjg6NKzv97dm3wOUOm15xcp0r0
QAzNtjllOjr3RwTgE4B3j4GFXof92HKS8H+B1/z9ZBbz399fs/wS9o/sDyMVevNP
88IGihaxPkfTw0UKZz5cR6X1BWlcH3404bVB/LHcq7+c1NUqvRfIlwwwsKGjMCWf
vv3cDVUvb3mMhvQs0rBEyb71bbKCe3qb10CvOJAmocp1c+YHo5vpQYeMJQARAQAB
tDJDaHJpc3RvcGhlIEpBSUxMRVQgPGNocmlzdG9waGUuamFpbGxldEB3YW5hZG9v
LmZyPokCTgQTAQoAOBYhBMVat7kTnrImPNGqvBmwM9F2DCJ7BQJggHovAhsDBQsJ
CAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEBmwM9F2DCJ7E4MP/iVC7ZglH2sLi5wv
YZaXqMib7dau1NmGUocaz57U6lR2WpfhTIiHELtFnmb8eVuJGzzmYaDwaIN/knOw
vudUGrMI5TjAmgAdj3BswXoJQNGhKhLwtf3yzvabFbp6oPfxq+PgXRMWnDojQ0cC
+VdfavJt4dOq1TrcH20B1GhJUiNxdkwAlVu3hcpdJ4pgIPVxxeozLAU3hLjMXxeo
j9eVmzTaM/fd0ykbIkMUHfPEdqnmbTPwk2lIMFwcoa7iUdcYIDDWbHvnvVZ+4Uae
pX6st8QHDva+etW/illgYRGMVsCL6FEtYRe+nTJLdvT81QoovVeoeyKtZNzCdNJb
WUfqoCoLDQza8ibRpHLleRIQS4zn/TtXpvVwMG5wjZCnEBypmBzriKSt9QrcvVKu
ROjR9Bizzwj1QUL3fMFoVWLLCt5TkGszZWvfmcjsq4gZhcgCrRp59BpuBa8Khvnf
l5OgVqttmM6PQcFwJTHKUc5Ltzh0xTXwYl6uSEGSn1DoDlmUSnK3R+x0u61FfiHh
KvkO/PIdTeA05ihkMRqMtDbPwsghmdXV2wlkcApdr4wXHsuYffvxN1daoUDQXDix
GgPFRG4eYORYY2hlAo7a4ahUzeCJJQGfrF/E3YojXsIgVIbp+UjlH4kkR9J6F/wl
NVgU2JF03YSZ9zyq4lSrP6lji2ehuQINBGCAei8BEACvQQIc89CwDOiKAeJCL9WW
U4O3XX1LwQCzz6W519PrFnQy3194ddT7L0E4gEB9cNBczxSpvMHUiYkynMLZ7i6a
X4BIVDzOyrN/5S6ZkOddpu9/zGJtupzN68SIpJrIry1zeXVm8Ex3VzfikVFDsxQg
OkTu4b0YWts4hJbJMa3cTh+pLQQ+vHqKe4z6L3hVfdL2LZ8W9xmDvCBh3Ysz/mZF
2dI47XdGGgGY/t50MpFJYrPy0JMfyeHdXHwF90pY/MwWr8QeHjlX589P1MMc/5UB
c1ScFfy40gUryUnRQudN12KEQZDMb4G/8Bz6t4mm8nOspDwwbdHjeZhyrWYZpEd/
ZV6iywoZ7IBzrdaWzgVs5+DhvJZVudpKlqVip37E9pUYKgMJ2A/asD85HV+yODiF
uub9t7quSWgKKkP75BfBzKCp0T0y+wRnKWUdnlEg2wK0QJxOjkhKw3uC84tr2dlx
CHWF0TLKjkUBqnDT3uSY8DMwZxqEyAEQWzBeP7MFsAy2yZChSHrSKN4ZMx57KYxj
1lsxqFYZo9h9bpar5L77JMkgUtqh+reZYAhMSpk33rgRH5dPpfvn3nkCKgngsxtf
gD9fPpVQgANTEj6rdvtOIFn1Z1U4B4GonaFTGPr771+6ZolLmpylbJp5kviiAz3f
CMJ1cVWhIvr/5G88X4jEMQARAQABiQI2BBgBCgAgFiEExVq3uROesiY80aq8GbAz
0XYMInsFAmCAei8CGwwACgkQGbAz0XYMInsbqA/9HFdq+s1Tk6rluxM3hjnx1HQ8
R9TStbZqBPrKllOPVNnBpjAShoBKCJ9XbSgzaGVlsDMOXe0wZMjW6TF18igVcA+T
wMTMcgy8Sq8vL7tv5JRtnhZzpM27Db3floWJMCmQtK7aGBC7MpyiHImRvieuDO9P
mwhx9mVDx6+VHb8PCnECg9TMQVEtP9Y0E8qgNy1R+axLShwgO1y/g+u3gPJwGr31
xiR3icaoMuvb+PEFOZk5L1Dh8rIExqbMH5yH9MeJXiGC2w1QX8KH194UbWRtS3zq
6FrZJ0ZVgoYCvn42icBVt51Nrgl1sqHINBH8ysgK6WvZlw9x22g0tErx3AwGNkrl
lPZ4ctQOxMQ541nN3IJoywxGfsOst2M4je+wNj6USNmAkg1WaezjqyQScw/oIKYj
o18dtGUf6Q3MMHe4O550+upz9bJ0eksCYvC0X2jTNuGdfZo9ZDNh3dxBkoNNbHK5
hc3m7qU68pdYPzqDkmDFIHyXSYXbmB1wTrrZZL1LQ6jE4a3mRT2v61CRglMUuQK7
yrZTrPOyuBsZSC//PxK93RgH1xfYR8G8dJPlv0pqF6jD1OjBb6nyU8slRsYfataR
ekJ4VhpVUYgDv8+EzGS9SkgY/DpiyLvPtuhqLXos4ABSwQOEYfG3RhGy7h2B404e
Ot6BQHeyFl0mtrYT1mI=
=L7j3
-----END PGP PUBLIC KEY BLOCK-----

24
apache2.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package apache2
# spec file for package apache2%{psuffix}
#
# Copyright (c) 2021 SUSE LLC
#
@ -115,7 +115,7 @@
%endif
Name: apache2%{psuffix}
Version: 2.4.46
Version: 2.4.48
Release: 0
Summary: The Apache HTTPD Server
License: Apache-2.0
@ -189,17 +189,13 @@ Patch2: apache2-logresolve-tmp-security.patch
Patch3: apache2-LimitRequestFieldSize-limits-headers.patch
# [fate317766] backport of an upstream commit
Patch4: apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch
# [bsc#1174052] picked upstream commit
Patch5: apache2-mod_proxy_uwsgi-fix-crash.patch
# PATCH: https://svn.apache.org/viewvc?view=revision&revision=1880678
Patch6: lua54.patch
# PATCH: https://marc.info/?l=apache-httpd-users&m=147448312531134&w=2
Patch100: apache-test-application-xml-type.patch
# PATCH: /test_ssl_var_lookup?SSL_SERVER_SAN_DNS_0 returns <build-host-name>
# /test_ssl_var_lookup?SSL_SERVER_SAN_OTHER_dnsSRV_0 _https.<build-host-name>
# but Apache::Test::vars()->{servername} returns 'localhost' instead of <build-host-name>
# (see $san_dns and $san_dnssrv variables in t/ssl/varlookup.t)
# even if in live system I do not experience this inconsistency, let's turn off
# even if in live system I do not experience this inconsistency, let's turn off
# these variables from the test
Patch101: apache-test-turn-off-variables-in-ssl-var-lookup.patch
BuildRequires: apache-rpm-macros-control
@ -309,7 +305,7 @@ Requires(pre): permissions
Requires(post): %fillup_prereq
Requires(post): grep
Requires(post): update-alternatives
Requires(postun): update-alternatives
Requires(postun):update-alternatives
%endif
%if %{test} || "%{flavor}" == "manual"
BuildArch: noarch
@ -329,8 +325,6 @@ provides HTTP services in sync with the current HTTP standards.
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch100 -p1
%patch101 -p1
@ -358,7 +352,7 @@ export CPPFLAGS="%{optflags} -DSSL_EXPERIMENTAL_ENGINE -DMAX_SERVER_LIMIT=200000
cat > config.layout <<-EOF
# SUSE Layout
<Layout SUSE>
prefix: %{datadir}
Prefix: %{datadir}
exec_prefix: %{_prefix}
bindir: %{_bindir}
sbindir: %{_sbindir}
@ -439,7 +433,7 @@ EOF
--enable-proxy-http \
%if %{build_http2}
--enable-proxy-http2 \
%endif
%endif
--enable-proxy-fdpass \
--enable-cache \
--enable-disk-cache \
@ -480,7 +474,7 @@ popd
%if "%{flavor}" == "utils"
pushd support
make %{?_smp_mflags}
cp %{SOURCE130} gensslcert
cp %{SOURCE130} gensslcert
cp %{SOURCE131} check_forensic
cp %{SOURCE132} find_directives
popd
@ -720,6 +714,7 @@ mkdir -p $PWD{%{_sysconfdir}/sysconfig,%{localstatedir},%{runtimedir},%{logfiled
cp %{_sysconfdir}/sysconfig/apache2 $PWD%{_sysconfdir}/sysconfig/
sed -i -e "s:\(APACHE_HTTPD_CONF=\).*:\1$PWD%{sysconfdir}/httpd.conf:" \
-e "s:\(%{_localstatedir}\):$PWD\1:" $PWD%{_sysconfdir}/sysconfig/apache2
sed -i 's:\(APACHE_MPM=\).*:\1"prefork":' $PWD%{_sysconfdir}/sysconfig/apache2
# copy and adjust configuration (paths and Listen)
cp -r %{_sysconfdir}/apache2/ %{_sysconfdir}/mime.types etc 2>/dev/null || true
find etc/apache2 -name *.conf | xargs sed -i "s:\(%{_localstatedir}\):$PWD\1:"
@ -944,7 +939,7 @@ exit 0
if [ "$1" = 1 ]; then
%apache_request_restart
fi
if [ "$1" = 0 ]; then
if [ "$1" = 0 ]; then
%{_sbindir}/update-alternatives --quiet --force --remove httpd %{_sbindir}/httpd
for module in %{dynamic_modules}; do
%{_sbindir}/update-alternatives --quiet --force --remove mod_$module.so %{_libdir}/apache2/mod_$module.so
@ -981,6 +976,7 @@ exit 0
%posttrans
%apache_restart_if_needed
%verifyscript
%verify_permissions -e %{_sbindir}/suexec

3
httpd-2.4.46.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea
size 7187805

17
httpd-2.4.46.tar.bz2.asc
View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQJIBAABCAAyFiEE40gAQ1lWIf5WEF8RKrEqetxVwAMFAl8leDsUHGRydWdnZXJp
QGFwYWNoZS5vcmcACgkQKrEqetxVwAOXtA//ZECDsKBN5OdjreBMIOpuYzj2tpBz
oBE0ExOGY8uQg4FGEG5MyHc5pvFz5rl7zLikTpaZKboBNGH7WBh22Rx5yg/hAkMH
ZV8AgBfiL8c3uTff8/piTU2kVyQYZV4Rr2oVtgz+/ZObkI+ngQZMmvGsCdSU0On4
zbyUGjh5W1gnl3MEoM/Whzv/2TbEwtnTk0mNdwjnojqlTXoDccyWpB+SlaAwQajW
8NUND2oXFt3m80NcLKsXqTHz2DbVgFm2PYScO2JO2Xc02aX09AtXR5mKYxKOw8gP
evF3nA0KbQdjUBQNAVv6LcV43Lk21OrU+Aqfeko44WmOsmVG7qHRmd6K+67HHvTW
3SaWISPmlWcDvmRCVBJuynxYWXhpGCmeXgnnQgIe7vXSSVjsNWD9YMof6y07CPrQ
BdMvfGBF0B/8qax22aM/xX6MnwpiKlkJ4wbB1e+UCGRNSdsOupCi2ok4IDN5Z/mv
1maMsgctVPxoUaT25qPBckUbbVIhPdJ8b8fbnLJjcaTdWyvtQSIzwOnWnUQ18Tdi
ur9fkQL9qnJF2OoLdidf0m6EMLGIs3YoE22SDZGNxkC2B1o2ozDCR9rV6x9LTSlN
6l3LQfIBOGfsseqv4Q7w58G0IW3sLMJbqbjnYZSD0OFF4SaBtvFwDhDyfP5NLCSv
5R+AAvdV+kvEif4=
=zTsU
-----END PGP SIGNATURE-----

3
httpd-2.4.48.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1bc826e7b2e88108c7e4bf43c026636f77a41d849cfb667aa7b5c0b86dbf966c
size 7194385

17
httpd-2.4.48.tar.bz2.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
iQJSBAABCgA8FiEExVq3uROesiY80aq8GbAz0XYMInsFAmCi3n8eHGNocmlzdG9w
aGUuamFpbGxldEB3YW5hZG9vLmZyAAoJEBmwM9F2DCJ7jtwP/R/k4OULx5uQFxyN
cc4yzClTRK1wK3q5RgGyRH6+eYX6tVOtpPTY0pjLuPaOp05gPg0Ega3tIleEMYvq
q0oX3yzLKvlHUSFmJuZUACeNYp+ekzEa031SXGWXGQQIh5H3PSmMOTEB/o/3NZuY
zQmHbuSdQspNmOF7P6q+ZeM3ojZBVnXTWabV4dCEMAFV3iseeB3ZeeXOE1dzcXlA
Z4nslAC+/ZE1q8eZ17P2t/cD2INVO9rbjSqX2VBjoIG/M57rR/1IAGuktyrMohh+
ZWBBg2ZRpljTWQpMh+V5fd9inxkDr1DYpML+XkZN+FoE6W1TcXiPeFyp6n6blzWN
EY1lUGCqBuWsX8F1CRQSyNtQWOF0Wn+XHb1WSepCCBBZ0CPr/hEWQlmHDclO0O6R
w6H1+xEOFRwa8Mpz1qS0N3Q4WyNeEm66ShNGIqBt1sdiUc4/u0aWyXiKjwPWAs2w
GWOYnej41jgAn6GNXGfRTeQZrP1o0jDylYLJxDGxC+dS7Z7UXo+P8QK6YuSHqrF+
0oTSgbYKkCLE3+B9MvCzqSRrvx5zk57gqZl1iMhOj85X5Pv4hSpcokoalrhTy+PQ
q4v3LK4q4hORS+Jz/jvXB+8HTa6D5A0PdOdlQtXOMlAjLc0PMw2QKgfAoq0jaUyV
Y4Nh8QSEPWiMKNQgsotZon7c6glp
=h1iL
-----END PGP SIGNATURE-----

141
lua54.patch
View File

@ -1,141 +0,0 @@
--- a/modules/lua/config.m4
+++ b/modules/lua/config.m4
@@ -34,7 +34,7 @@
fi
])
-dnl Check for Lua 5.3/5.2/5.1 Libraries
+dnl Check for Lua Libraries
dnl CHECK_LUA(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
dnl Sets:
dnl LUA_CFLAGS
@@ -44,7 +44,7 @@
AC_ARG_WITH(
lua,
- [AC_HELP_STRING([--with-lua=PATH],[Path to the Lua 5.3/5.2/5.1 prefix])],
+ [AC_HELP_STRING([--with-lua=PATH],[Path to the Lua installation prefix])],
lua_path="$withval",
:)
@@ -65,6 +65,10 @@
AC_CHECK_LIB(m, pow, lib_m="-lm")
AC_CHECK_LIB(m, sqrt, lib_m="-lm")
for x in $test_paths ; do
+ CHECK_LUA_PATH([${x}], [include/lua-5.4], [lib/lua-5.4], [lua-5.4])
+ CHECK_LUA_PATH([${x}], [include/lua5.4], [lib], [lua5.4])
+ CHECK_LUA_PATH([${x}], [include/lua54], [lib/lua54], [lua])
+
CHECK_LUA_PATH([${x}], [include/lua-5.3], [lib/lua-5.3], [lua-5.3])
CHECK_LUA_PATH([${x}], [include/lua5.3], [lib], [lua5.3])
CHECK_LUA_PATH([${x}], [include/lua53], [lib/lua53], [lua])
@@ -85,13 +89,13 @@
AC_SUBST(LUA_CFLAGS)
if test -z "${LUA_LIBS}"; then
- AC_MSG_WARN([*** Lua 5.3 5.2 or 5.1 library not found.])
+ AC_MSG_WARN([*** Lua 5.4 5.3 5.2 or 5.1 library not found.])
ifelse([$2], ,
enable_lua="no"
if test -z "${lua_path}"; then
- AC_MSG_WARN([Lua 5.3 5.2 or 5.1 library is required])
+ AC_MSG_WARN([Lua 5.4 5.3 5.2 or 5.1 library is required])
else
- AC_MSG_ERROR([Lua 5.3 5.2 or 5.1 library is required])
+ AC_MSG_ERROR([Lua 5.4 5.3 5.2 or 5.1 library is required])
fi,
$2)
else
--- a/modules/lua/mod_lua.c
+++ b/modules/lua/mod_lua.c
@@ -342,7 +342,7 @@
{
apr_pool_t *pool;
ap_lua_vm_spec *spec;
- int n, rc;
+ int n, rc, nres;
lua_State *L;
lua_filter_ctx *ctx;
ap_lua_server_cfg *server_cfg = ap_get_module_config(r->server->module_config,
@@ -410,7 +410,7 @@
/* If a Lua filter is interested in filtering a request, it must first do a yield,
* otherwise we'll assume that it's not interested and pretend we didn't find it.
*/
- rc = lua_resume(L, 1);
+ rc = lua_resume(L, 1, &nres);
if (rc == LUA_YIELD) {
if (f->frec->providers == NULL) {
/* Not wired by mod_filter */
@@ -432,7 +432,7 @@
static apr_status_t lua_output_filter_handle(ap_filter_t *f, apr_bucket_brigade *pbbIn)
{
request_rec *r = f->r;
- int rc;
+ int rc, nres;
lua_State *L;
lua_filter_ctx* ctx;
conn_rec *c = r->connection;
@@ -492,7 +492,7 @@
lua_setglobal(L, "bucket");
/* If Lua yielded, it means we have something to pass on */
- if (lua_resume(L, 0) == LUA_YIELD) {
+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) {
size_t olen;
const char* output = lua_tolstring(L, 1, &olen);
if (olen > 0) {
@@ -524,7 +524,7 @@
apr_bucket *pbktEOS;
lua_pushnil(L);
lua_setglobal(L, "bucket");
- if (lua_resume(L, 0) == LUA_YIELD) {
+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) {
apr_bucket *pbktOut;
size_t olen;
const char* output = lua_tolstring(L, 1, &olen);
@@ -558,7 +558,7 @@
apr_off_t nBytes)
{
request_rec *r = f->r;
- int rc, lastCall = 0;
+ int rc, lastCall = 0, nres;
lua_State *L;
lua_filter_ctx* ctx;
conn_rec *c = r->connection;
@@ -621,7 +621,7 @@
lua_setglobal(L, "bucket");
/* If Lua yielded, it means we have something to pass on */
- if (lua_resume(L, 0) == LUA_YIELD) {
+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) {
size_t olen;
const char* output = lua_tolstring(L, 1, &olen);
pbktOut = apr_bucket_heap_create(output, olen, 0, c->bucket_alloc);
@@ -643,7 +643,7 @@
apr_bucket *pbktEOS = apr_bucket_eos_create(c->bucket_alloc);
lua_pushnil(L);
lua_setglobal(L, "bucket");
- if (lua_resume(L, 0) == LUA_YIELD) {
+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) {
apr_bucket *pbktOut;
size_t olen;
const char* output = lua_tolstring(L, 1, &olen);
--- a/modules/lua/mod_lua.h
+++ b/modules/lua/mod_lua.h
@@ -48,7 +48,15 @@
#if LUA_VERSION_NUM > 501
/* Load mode for lua_load() */
#define lua_load(a,b,c,d) lua_load(a,b,c,d,NULL)
-#define lua_resume(a,b) lua_resume(a, NULL, b)
+
+#if LUA_VERSION_NUM > 503
+#define lua_resume(a,b,c) lua_resume(a, NULL, b, c)
+#else
+/* ### For version < 5.4, assume that exactly one stack item is on the
+ * stack, which is what the code did before but seems dubious. */
+#define lua_resume(a,b,c) (*(c) = 1, lua_resume(a, NULL, b))
+#endif
+
#define luaL_setfuncs_compat(a,b) luaL_setfuncs(a,b,0)
#else
#define lua_rawlen(L,i) lua_objlen(L, (i))