rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

new version 2.4.28

Browse Source
This commit is contained in:
Luboš Uhliarik 2017-10-06 18:14:03 +02:00
parent 6d96e6a193
commit 01bcbc5642
5 changed files with 15 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
httpd-2.4.10-sigint.patch
View File

@ -1,28 +0,0 @@
diff --git a/server/mpm/prefork/prefork.c b/server/mpm/prefork/prefork.c
index 559f90a..a386a75 100644
--- a/server/mpm/prefork/prefork.c
+++ b/server/mpm/prefork/prefork.c
@@ -220,6 +220,9 @@ static void clean_child_exit(int code)
{
retained->mpm->mpm_state = AP_MPMQ_STOPPING;
+ apr_signal(SIGHUP, SIG_IGN);
+ apr_signal(SIGTERM, SIG_IGN);
+
if (pchild) {
apr_pool_destroy(pchild);
}
@@ -699,6 +702,13 @@ static int make_child(server_rec *s, int slot, int bucket)
*/
apr_signal(SIGHUP, just_die);
apr_signal(SIGTERM, just_die);
+ /* Ignore SIGINT in child. This fixes race-condition in signals
+ * handling when httpd is runnning on foreground and user hits ctrl+c.
+ * In this case, SIGINT is sent to all children followed by SIGTERM
+ * from the main process, which interrupts the SIGINT handler and
+ * leads to inconsistency.
+ */
+ apr_signal(SIGINT, SIG_IGN);
/* The child process just closes listeners on AP_SIG_GRACEFUL.
* The pod is used for signalling the graceful restart.
*/

19
httpd-2.4.17-socket-activation.patch
View File

@ -1,5 +1,5 @@
diff --git a/server/listen.c b/server/listen.c diff --git a/server/listen.c b/server/listen.c
index 1d9be83..f5f7754 100644 index a8e9e6f..1a6c1d3 100644
--- a/server/listen.c --- a/server/listen.c
+++ b/server/listen.c +++ b/server/listen.c
@@ -34,6 +34,10 @@ @@ -34,6 +34,10 @@
@ -100,11 +100,10 @@ index 1d9be83..f5f7754 100644
} }
#ifdef WIN32 #ifdef WIN32
@@ -277,6 +286,124 @@ static apr_status_t close_listeners_on_exec(void *v) @@ -315,6 +324,123 @@ static int find_listeners(ap_listen_rec **from, ap_listen_rec **to,
return APR_SUCCESS; return found;
} }
+
+#ifdef HAVE_SYSTEMD +#ifdef HAVE_SYSTEMD
+ +
+static int find_systemd_socket(process_rec * process, apr_port_t port) { +static int find_systemd_socket(process_rec * process, apr_port_t port) {
@ -222,10 +221,10 @@ index 1d9be83..f5f7754 100644
+ +
+#endif /* HAVE_SYSTEMD */ +#endif /* HAVE_SYSTEMD */
+ +
static const char *alloc_listener(process_rec *process, char *addr, static const char *alloc_listener(process_rec *process, const char *addr,
apr_port_t port, const char* proto, apr_port_t port, const char* proto,
void *slave) void *slave)
@@ -479,7 +606,7 @@ static int open_listeners(apr_pool_t *pool) @@ -495,7 +621,7 @@ static int open_listeners(apr_pool_t *pool)
} }
} }
#endif #endif
@ -234,7 +233,7 @@ index 1d9be83..f5f7754 100644
++num_open; ++num_open;
} }
else { else {
@@ -591,8 +718,28 @@ AP_DECLARE(int) ap_setup_listeners(server_rec *s) @@ -607,8 +733,28 @@ AP_DECLARE(int) ap_setup_listeners(server_rec *s)
} }
} }
@ -265,7 +264,7 @@ index 1d9be83..f5f7754 100644
} }
for (lr = ap_listeners; lr; lr = lr->next) { for (lr = ap_listeners; lr; lr = lr->next) {
@@ -682,7 +829,7 @@ AP_DECLARE(apr_status_t) ap_duplicate_listeners(apr_pool_t *p, server_rec *s, @@ -698,7 +844,7 @@ AP_DECLARE(apr_status_t) ap_duplicate_listeners(apr_pool_t *p, server_rec *s,
duplr->bind_addr); duplr->bind_addr);
return stat; return stat;
} }
@ -274,7 +273,7 @@ index 1d9be83..f5f7754 100644
#if AP_NONBLOCK_WHEN_MULTI_LISTEN #if AP_NONBLOCK_WHEN_MULTI_LISTEN
use_nonblock = (ap_listeners && ap_listeners->next); use_nonblock = (ap_listeners && ap_listeners->next);
stat = apr_socket_opt_set(duplr->sd, APR_SO_NONBLOCK, use_nonblock); stat = apr_socket_opt_set(duplr->sd, APR_SO_NONBLOCK, use_nonblock);
@@ -809,6 +956,11 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy, @@ -825,6 +971,11 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
if (argc < 1 || argc > 2) { if (argc < 1 || argc > 2) {
return "Listen requires 1 or 2 arguments."; return "Listen requires 1 or 2 arguments.";
} }
@ -286,7 +285,7 @@ index 1d9be83..f5f7754 100644
rv = apr_parse_addr_port(&host, &scope_id, &port, argv[0], cmd->pool); rv = apr_parse_addr_port(&host, &scope_id, &port, argv[0], cmd->pool);
if (rv != APR_SUCCESS) { if (rv != APR_SUCCESS) {
@@ -840,6 +992,12 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy, @@ -856,6 +1007,12 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
ap_str_tolower(proto); ap_str_tolower(proto);
} }

15
httpd-2.4.27-CVE-2017-9798.patch
View File

@ -1,15 +0,0 @@
--- httpd/httpd/branches/2.4.x/server/core.c 2017/08/16 16:50:29 1805223
+++ httpd/httpd/branches/2.4.x/server/core.c 2017/09/08 13:13:11 1807754
@@ -2266,6 +2266,12 @@
/* method has not been registered yet, but resource restriction
* is always checked before method handling, so register it.
*/
+ if (cmd->pool == cmd->temp_pool) {
+ /* In .htaccess, we can't globally register new methods. */
+ return apr_psprintf(cmd->pool, "Could not register method '%s' "
+ "for %s from .htaccess configuration",
+ method, cmd->cmd->name);
+ }
methnum = ap_method_register(cmd->pool,
apr_pstrdup(cmd->pool, method));
}

11
httpd.spec
View File

@ -12,8 +12,8 @@
Summary: Apache HTTP Server Summary: Apache HTTP Server
Name: httpd Name: httpd
Version: 2.4.27 Version: 2.4.28
Release: 14%{?dist} Release: 1%{?dist}
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html Source1: index.html
@ -71,10 +71,8 @@ Patch34: httpd-2.4.17-socket-activation.patch
Patch35: httpd-2.4.17-sslciphdefault.patch Patch35: httpd-2.4.17-sslciphdefault.patch
# Bug fixes # Bug fixes
Patch56: httpd-2.4.4-mod_unique_id.patch Patch56: httpd-2.4.4-mod_unique_id.patch
Patch57: httpd-2.4.10-sigint.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243 # https://bugzilla.redhat.com/show_bug.cgi?id=1397243
Patch58: httpd-2.4.25-r1738878.patch Patch58: httpd-2.4.25-r1738878.patch
Patch59: httpd-2.4.27-CVE-2017-9798.patch
Patch60: httpd-2.4.27-r1808230.patch Patch60: httpd-2.4.27-r1808230.patch
# Security fixes # Security fixes
@ -220,9 +218,7 @@ interface for storing and accessing per-user session data.
%patch35 -p1 -b .sslciphdefault %patch35 -p1 -b .sslciphdefault
%patch56 -p1 -b .uniqueid %patch56 -p1 -b .uniqueid
%patch57 -p1 -b .sigint
%patch58 -p1 -b .r1738878 %patch58 -p1 -b .r1738878
%patch59 -p4 -b .cve-2017-9798
%patch60 -p1 -b .r1808230 %patch60 -p1 -b .r1808230
# Patch in the vendor string # Patch in the vendor string
@ -691,6 +687,9 @@ rm -rf $RPM_BUILD_ROOT
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Fri Oct 06 2017 Luboš Uhliarik <luhliari@redhat.com> - 2.4.28-1
- new version 2.4.28
* Tue Oct 3 2017 Joe Orton <jorton@redhat.com> - 2.4.27-14 * Tue Oct 3 2017 Joe Orton <jorton@redhat.com> - 2.4.27-14
- add notes on enabling httpd_graceful_shutdown boolean for prefork - add notes on enabling httpd_graceful_shutdown boolean for prefork

2
sources
View File

@ -1 +1 @@
SHA512 (httpd-2.4.27.tar.bz2) = 7e7e8070715b74cb6890096a74e194f4c6a49c14bda685b1ad832e84312f1ac4316ea03a430e679502bfd8e1853aefa544ee002a20d0f7e994b9a590c74bc42c SHA512 (httpd-2.4.28.tar.bz2) = 8de8e32b87e6de220e492e74db9df0882fae11c3b9732f3d3316da048c04767ac4429c0433c36f87d8705263e3376f97a7e1f66a9d7a518632a67b6fe617590a