rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

update to 2.4.1

Browse Source 
- adopt upstream default httpd.conf (almost verbatim)
- split all LoadModules to conf.modules.d/*.conf
- include conf.d/*.conf at end of httpd.conf
- trim %changelog
This commit is contained in:
Joe Orton 2012-03-13 09:55:18 +00:00
parent 61679dd90c
commit 3a44ff7655
36 changed files with 666 additions and 2473 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
00-base.conf Normal file
View File

@ -0,0 +1,78 @@
#
# This file loads most of the modules included with the Apache HTTP
# Server itself.
#
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule allowmethods_module modules/mod_allowmethods.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cache_module modules/mod_cache.so
LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule data_module modules/mod_data.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
LoadModule dumpio_module modules/mod_dumpio.so
LoadModule echo_module modules/mod_echo.so
LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule filter_module modules/mod_filter.so
LoadModule headers_module modules/mod_headers.so
LoadModule include_module modules/mod_include.so
LoadModule info_module modules/mod_info.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule log_debug_module modules/mod_log_debug.so
LoadModule logio_module modules/mod_logio.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule remoteip_module modules/mod_remoteip.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule socache_dbm_module modules/mod_socache_dbm.so
LoadModule socache_memcache_module modules/mod_socache_memcache.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule status_module modules/mod_status.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule version_module modules/mod_version.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule dialup_module modules/mod_dialup.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule request_module modules/mod_request.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule xml2enc_module modules/mod_xml2enc.so

3
00-dav.conf Normal file
View File

@ -0,0 +1,3 @@
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_lock_module modules/mod_dav_lock.so

2
00-ldap.conf Normal file
View File

@ -0,0 +1,2 @@
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

1
00-lua.conf Normal file
View File

@ -0,0 +1 @@
LoadModule lua_module modules/mod_lua.so

19
00-mpm.conf Normal file
View File

@ -0,0 +1,19 @@
# Select the MPM module which should be used by uncommenting exactly
# one of the following LoadModule lines:
# prefork MPM: Implements a non-threaded, pre-forking web server
# See: http://httpd.apache.org/docs/2.4/mod/prefork.html
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
# worker MPM: Multi-Processing Module implementing a hybrid
# multi-threaded multi-process web server
# See: http://httpd.apache.org/docs/2.4/mod/worker.html
#
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
# event MPM: A variant of the worker MPM with the goal of consuming
# threads only for connections with active processing
# See: http://httpd.apache.org/docs/2.4/mod/event.html
#
#LoadModule mpm_event_module modules/mod_mpm_event.so

15
00-proxy.conf Normal file
View File

@ -0,0 +1,15 @@
# This file configures all the proxy modules:
LoadModule proxy_module modules/mod_proxy.so
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_express_module modules/mod_proxy_express.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so

1
00-ssl.conf Normal file
View File

@ -0,0 +1 @@
LoadModule ssl_module modules/mod_ssl.so

14
01-cgi.conf Normal file
View File

@ -0,0 +1,14 @@
# This configuration file loads a CGI module appropriate to the MPM
# which has been configured in 00-mpm.conf. mod_cgid should be used
# with a threaded MPM; mod_cgi with the prefork MPM.
<IfModule mpm_worker_module>
LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_event_module>
LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
LoadModule cgi_module modules/mod_cgi.so
</IfModule>

20
httpd-2.0.45-export.patch
View File

@ -1,20 +0,0 @@
There is no need to "suck in" the apr/apr-util symbols when using
a shared libapr{,util}, it just bloats the symbol table; so don't.
Upstream-HEAD: needed
Upstream-2.0: omit
Upstream-Status: EXPORT_DIRS change is conditional on using shared apr
--- httpd-2.2.2/server/Makefile.in.export
+++ httpd-2.2.2/server/Makefile.in
@@ -58,9 +58,6 @@
for dir in $(EXPORT_DIRS); do \
ls $$dir/*.h >> $$tmp; \
done; \
- for dir in $(EXPORT_DIRS_APR); do \
- (ls $$dir/ap[ru].h $$dir/ap[ru]_*.h >> $$tmp 2>/dev/null); \
- done; \
sort -u $$tmp > $@; \
rm -f $$tmp

97
httpd-2.1.10-apxs.patch
View File

@ -1,97 +0,0 @@
- remove unnecessary stuff which runs httpd during build
- drop unnecessary --libs output from ap?-?-config
- make multilib-safe
Upstream-Status: The is-mod_so-linked-in hack is done better on trunk.
The multilib hack is awful and can't go upstream.
--- httpd-2.2.2/support/apxs.in.apxs
+++ httpd-2.2.2/support/apxs.in
@@ -25,7 +25,18 @@
my %config_vars = ();
-my $installbuilddir = "@exp_installbuilddir@";
+# Awful hack to make apxs libdir-agnostic:
+my $pkg_config = "/usr/bin/pkg-config";
+if (! -x "$pkg_config") {
+ error("$pkg_config not found!");
+ exit(1);
+}
+
+my $libdir = `pkg-config --variable=libdir apr-1`;
+chomp $libdir;
+
+my $installbuilddir = $libdir . "/httpd/build";
+
get_config_vars("$installbuilddir/config_vars.mk",\%config_vars);
# read the configuration variables once
@@ -184,34 +195,6 @@
}
}
-##
-## Initial shared object support check
-##
-my $httpd = get_vars("sbindir") . "/" . get_vars("progname");
-$httpd = eval qq("$httpd");
-$httpd = eval qq("$httpd");
-my $envvars = get_vars("sbindir") . "/envvars";
-$envvars = eval qq("$envvars");
-$envvars = eval qq("$envvars");
-
-#allow apxs to be run from the source tree, before installation
-if ($0 =~ m:support/apxs$:) {
- ($httpd = $0) =~ s:support/apxs$::;
-}
-
-unless (-x "$httpd") {
- error("$httpd not found or not executable");
- exit 1;
-}
-
-unless (grep /mod_so/, `. $envvars && $httpd -l`) {
- error("Sorry, no shared object support for Apache");
- error("available under your platform. Make sure");
- error("the Apache module mod_so is compiled into");
- error("your server binary `$httpd'.");
- exit 1;
-}
-
sub get_config_vars{
my ($file, $rh_config) = @_;
@@ -291,7 +274,7 @@
$data =~ s|%NAME%|$name|sg;
$data =~ s|%TARGET%|$CFG_TARGET|sg;
$data =~ s|%PREFIX%|$prefix|sg;
- $data =~ s|%INSTALLBUILDDIR%|$installbuilddir|sg;
+ $data =~ s|%LIBDIR%|$libdir|sg;
my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s);
@@ -433,9 +416,9 @@
if ($opt_p == 1) {
- my $apr_libs=`$apr_config --cflags --ldflags --link-libtool --libs`;
+ my $apr_libs=`$apr_config --cflags --ldflags --link-libtool`;
chomp($apr_libs);
- my $apu_libs=`$apu_config --ldflags --link-libtool --libs`;
+ my $apu_libs=`$apu_config --ldflags --link-libtool`;
chomp($apu_libs);
$opt .= " ".$apu_libs." ".$apr_libs;
@@ -646,8 +629,8 @@
builddir=.
top_srcdir=%PREFIX%
-top_builddir=%PREFIX%
-include %INSTALLBUILDDIR%/special.mk
+top_builddir=%LIBDIR%/httpd
+include %LIBDIR%/httpd/build/special.mk
# the used tools
APXS=apxs

36
httpd-2.1.10-disablemods.patch
View File

@ -1,36 +0,0 @@
Support "--enable-modules=none" to build an httpd binary with
no optional modules enabled.
Upstream-Status: committed to trunk, r357168
--- httpd-2.1.10/acinclude.m4.disablemods
+++ httpd-2.1.10/acinclude.m4
@@ -289,14 +289,19 @@
AC_ARG_ENABLE(modules,
APACHE_HELP_STRING(--enable-modules=MODULE-LIST,Space-separated list of modules to enable | "all" | "most"),[
- for i in $enableval; do
- if test "$i" = "all" -o "$i" = "most"; then
- module_selection=$i
- else
- i=`echo $i | sed 's/-/_/g'`
- eval "enable_$i=yes"
- fi
- done
+ if test "$enableval" = "none"; then
+ module_default=no
+ module_selection=none
+ else
+ for i in $enableval; do
+ if test "$i" = "all" -o "$i" = "most"; then
+ module_selection=$i
+ else
+ i=`echo $i | sed 's/-/_/g'`
+ eval "enable_$i=yes"
+ fi
+ done
+ fi
])
AC_ARG_ENABLE(mods-shared,

17
httpd-2.1.10-layout.patch
View File

@ -1,17 +0,0 @@
Tweak the default config to get installbuilddir right.
Upstream-Status: should really make the "RedHat" layout DTRT again and
use that layout instead
--- httpd-2.1.10/config.layout.layout
+++ httpd-2.1.10/config.layout
@@ -20,7 +20,7 @@
mandir: ${prefix}/man
sysconfdir: ${prefix}/conf
datadir: ${prefix}
- installbuilddir: ${datadir}/build
+ installbuilddir: ${libdir}/httpd/build
errordir: ${datadir}/error
iconsdir: ${datadir}/icons
htdocsdir: ${datadir}/htdocs

53
httpd-2.1.10-pod.patch
View File

@ -1,53 +0,0 @@
Hack to send the dummy HTTP request only to the first listener
configured, to avoid spamming the SSL vhost in the default install.
In 2.2 lr->protocol could be used instead to do this properly, if
that was actually initialized properly by mod_ssl.
Upstream-Status: not submitted, ugly hack which only makes a difference
to the default configuration used in Fedora. Need to find
a way to do this properly.
--- httpd-2.1.10/server/mpm_common.c.pod
+++ httpd-2.1.10/server/mpm_common.c
@@ -583,6 +584,7 @@
apr_socket_t *sock;
apr_pool_t *p;
apr_size_t len;
+ ap_listen_rec *lr;
/* create a temporary pool for the socket. pconf stays around too long */
rv = apr_pool_create(&p, pod->p);
@@ -590,8 +592,11 @@
return rv;
}
- rv = apr_socket_create(&sock, ap_listeners->bind_addr->family,
- SOCK_STREAM, 0, p);
+ /* Find an HTTP listener specified first in the configuration. */
+ for (lr = ap_listeners; lr->next != NULL; lr = lr->next)
+ /* noop */;
+
+ rv = apr_socket_create(&sock, lr->bind_addr->family, SOCK_STREAM, 0, p);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
"get socket to connect to listener");
@@ -614,7 +619,7 @@
return rv;
}
- rv = apr_socket_connect(sock, ap_listeners->bind_addr);
+ rv = apr_socket_connect(sock, lr->bind_addr);
if (rv != APR_SUCCESS) {
int log_level = APLOG_WARNING;
@@ -627,7 +632,7 @@
}
ap_log_error(APLOG_MARK, log_level, rv, ap_server_conf,
- "connect to listener on %pI", ap_listeners->bind_addr);
+ "connect to listener on %pI", lr->bind_addr);
}
/* Create the request string. We include a User-Agent so that

580
httpd-2.2.19-logresolve-ipv6.patch
View File

@ -1,580 +0,0 @@
diff --git a/support/logresolve.c b/support/logresolve.c
index 1a36a18..612893a 100644
--- a/support/logresolve.c
+++ b/support/logresolve.c
@@ -15,12 +15,13 @@
*/
/*
- * logresolve 1.1
+ * logresolve 2.0
*
* Tom Rathborne - tomr uunet.ca - http://www.uunet.ca/~tomr/
* UUNET Canada, April 16, 1995
*
* Rewritten by David Robinson. (drtr ast.cam.ac.uk)
+ * Rewritten again, and ported to APR by Colm MacCarthaigh
*
* Usage: logresolve [-s filename] [-c] < access_log > new_log
*
@@ -28,7 +29,7 @@
* -s filename name of a file to record statistics
* -c check the DNS for a matching A record for the host.
*
- * Notes:
+ * Notes: (For historical interest)
*
* To generate meaningful statistics from an HTTPD log file, it's good
* to have the domain name of each machine that accessed your site, but
@@ -55,333 +56,269 @@
* that one of these matches the original address.
*/
+#include "apr.h"
#include "apr_lib.h"
-#if APR_HAVE_STDIO_H
-#include <stdio.h>
-#endif
+#include "apr_hash.h"
+#include "apr_getopt.h"
+#include "apr_strings.h"
+#include "apr_file_io.h"
+#include "apr_network_io.h"
+
#if APR_HAVE_STDLIB_H
#include <stdlib.h>
#endif
-#if APR_HAVE_CTYPE_H
-#include <ctype.h>
-#endif
-#if APR_HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#if APR_HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#if APR_HAVE_STRING_H
-#include <string.h>
-#endif
-#if APR_HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#if APR_HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-
-static void cgethost(struct in_addr ipnum, char *string, int check);
-static int get_line(char *s, int n);
-static void stats(FILE *output);
-
-#ifdef BEOS
-#define NO_ADDRESS NO_DATA
-#endif
-
-
-/* maximum line length */
-#ifndef MAXLINE
-#define MAXLINE 1024
-#endif
-
-/* maximum length of a domain name */
-#ifndef MAXDNAME
-#define MAXDNAME 256
-#endif
-
-/* number of buckets in cache hash apr_table_t */
-#define BUCKETS 256
-
-/*
- * struct nsrec - record of nameservice for cache linked list
- *
- * ipnum - IP number hostname - hostname noname - nonzero if IP number has no
- * hostname, i.e. hostname=IP number
- */
-
-struct nsrec {
- struct in_addr ipnum;
- char *hostname;
- int noname;
- struct nsrec *next;
-} *nscache[BUCKETS];
-
-/*
- * statistics - obvious
- */
-
-#ifndef h_errno
-#ifdef __CYGWIN__
-extern __declspec(dllimport) int h_errno;
-#else
-extern int h_errno; /* some machines don't have this in their headers */
-#endif
-#endif
-
-/* largest value for h_errno */
-
-#define MAX_ERR (NO_ADDRESS)
-#define UNKNOWN_ERR (MAX_ERR+1)
-#define NO_REVERSE (MAX_ERR+2)
+static apr_file_t *errfile;
+static const char *shortname = "logresolve";
+static apr_hash_t *cache;
+
+/* Statistics */
static int cachehits = 0;
static int cachesize = 0;
static int entries = 0;
static int resolves = 0;
static int withname = 0;
-static int errors[MAX_ERR + 3];
+static int doublefailed = 0;
+static int noreverse = 0;
/*
* cgethost - gets hostname by IP address, caching, and adding unresolvable
* IP numbers with their IP number as hostname, setting noname flag
- */
-
-static void cgethost (struct in_addr ipnum, char *string, int check)
-{
- struct nsrec **current, *new;
- struct hostent *hostdata;
- char *name;
-
- current = &nscache[((ipnum.s_addr + (ipnum.s_addr >> 8) +
- (ipnum.s_addr >> 16) + (ipnum.s_addr >> 24)) % BUCKETS)];
-
- while (*current != NULL && ipnum.s_addr != (*current)->ipnum.s_addr)
- current = &(*current)->next;
-
- if (*current == NULL) {
- cachesize++;
- new = (struct nsrec *) malloc(sizeof(struct nsrec));
- if (new == NULL) {
- perror("malloc");
- fprintf(stderr, "Insufficient memory\n");
- exit(1);
- }
- *current = new;
- new->next = NULL;
-
- new->ipnum = ipnum;
-
- hostdata = gethostbyaddr((const char *) &ipnum, sizeof(struct in_addr),
- AF_INET);
- if (hostdata == NULL) {
- if (h_errno > MAX_ERR)
- errors[UNKNOWN_ERR]++;
- else
- errors[h_errno]++;
- new->noname = h_errno;
- name = strdup(inet_ntoa(ipnum));
- }
- else {
- new->noname = 0;
- name = strdup(hostdata->h_name);
- if (check) {
- if (name == NULL) {
- perror("strdup");
- fprintf(stderr, "Insufficient memory\n");
- exit(1);
- }
- hostdata = gethostbyname(name);
- if (hostdata != NULL) {
- char **hptr;
-
- for (hptr = hostdata->h_addr_list; *hptr != NULL; hptr++)
- if (((struct in_addr *) (*hptr))->s_addr == ipnum.s_addr)
- break;
- if (*hptr == NULL)
- hostdata = NULL;
- }
- if (hostdata == NULL) {
- fprintf(stderr, "Bad host: %s != %s\n", name,
- inet_ntoa(ipnum));
- new->noname = NO_REVERSE;
- free(name);
- name = strdup(inet_ntoa(ipnum));
- errors[NO_REVERSE]++;
- }
- }
- }
- new->hostname = name;
- if (new->hostname == NULL) {
- perror("strdup");
- fprintf(stderr, "Insufficient memory\n");
- exit(1);
- }
- }
- else
- cachehits++;
-
- /* size of string == MAXDNAME +1 */
- strncpy(string, (*current)->hostname, MAXDNAME);
- string[MAXDNAME] = '\0';
-}
-
-/*
* prints various statistics to output
*/
-static void stats (FILE *output)
+#define NL APR_EOL_STR
+static void print_statistics (apr_file_t *output)
{
- int i;
- char *ipstring;
- struct nsrec *current;
- char *errstring[MAX_ERR + 3];
-
- for (i = 0; i < MAX_ERR + 3; i++)
- errstring[i] = "Unknown error";
- errstring[HOST_NOT_FOUND] = "Host not found";
- errstring[TRY_AGAIN] = "Try again";
- errstring[NO_RECOVERY] = "Non recoverable error";
- errstring[NO_DATA] = "No data record";
- errstring[NO_ADDRESS] = "No address";
- errstring[NO_REVERSE] = "No reverse entry";
-
- fprintf(output, "logresolve Statistics:\n");
-
- fprintf(output, "Entries: %d\n", entries);
- fprintf(output, " With name : %d\n", withname);
- fprintf(output, " Resolves : %d\n", resolves);
- if (errors[HOST_NOT_FOUND])
- fprintf(output, " - Not found : %d\n", errors[HOST_NOT_FOUND]);
- if (errors[TRY_AGAIN])
- fprintf(output, " - Try again : %d\n", errors[TRY_AGAIN]);
- if (errors[NO_DATA])
- fprintf(output, " - No data : %d\n", errors[NO_DATA]);
- if (errors[NO_ADDRESS])
- fprintf(output, " - No address: %d\n", errors[NO_ADDRESS]);
- if (errors[NO_REVERSE])
- fprintf(output, " - No reverse: %d\n", errors[NO_REVERSE]);
- fprintf(output, "Cache hits : %d\n", cachehits);
- fprintf(output, "Cache size : %d\n", cachesize);
- fprintf(output, "Cache buckets : IP number * hostname\n");
-
- for (i = 0; i < BUCKETS; i++)
- for (current = nscache[i]; current != NULL; current = current->next) {
- ipstring = inet_ntoa(current->ipnum);
- if (current->noname == 0)
- fprintf(output, " %3d %15s - %s\n", i, ipstring,
- current->hostname);
- else {
- if (current->noname > MAX_ERR + 2)
- fprintf(output, " %3d %15s : Unknown error\n", i,
- ipstring);
- else
- fprintf(output, " %3d %15s : %s\n", i, ipstring,
- errstring[current->noname]);
- }
- }
+ apr_file_printf(output, "logresolve Statistics:" NL);
+ apr_file_printf(output, "Entries: %d" NL, entries);
+ apr_file_printf(output, " With name : %d" NL, withname);
+ apr_file_printf(output, " Resolves : %d" NL, resolves);
+
+ if (noreverse) {
+ apr_file_printf(output, " - No reverse : %d" NL,
+ noreverse);
+ }
+
+ if (doublefailed) {
+ apr_file_printf(output, " - Double lookup failed : %d" NL,
+ doublefailed);
+ }
+ apr_file_printf(output, "Cache hits : %d" NL, cachehits);
+ apr_file_printf(output, "Cache size : %d" NL, cachesize);
}
/*
- * gets a line from stdin
+ * usage info
*/
-static int get_line (char *s, int n)
+static void usage(void)
{
- char *cp;
-
- if (!fgets(s, n, stdin))
- return (0);
- cp = strchr(s, '\n');
- if (cp)
- *cp = '\0';
- return (1);
+ apr_file_printf(errfile,
+ "%s -- Resolve IP-addresses to hostnames in Apache log files." NL
+ "Usage: %s [-s STATFILE] [-c]" NL
+ NL
+ "Options:" NL
+ " -s Record statistics to STATFILE when finished." NL
+ NL
+ " -c Perform double lookups when resolving IP addresses." NL,
+ shortname, shortname);
+ exit(1);
}
-int main (int argc, char *argv[])
+#undef NL
+
+int main(int argc, const char * const argv[])
{
- struct in_addr ipnum;
- char *bar, hoststring[MAXDNAME + 1], line[MAXLINE], *statfile;
- int i, check;
-
-#if defined(WIN32) || (defined(NETWARE) && defined(USE_WINSOCK))
- /* If we apr'ify this code, apr_pool_create/apr_pool_destroy
- * should perform the WSAStartup/WSACleanup for us.
- */
- WSADATA wsaData;
- WSAStartup(MAKEWORD(2, 0), &wsaData);
+ apr_file_t * outfile;
+ apr_file_t * infile;
+ apr_file_t * statsfile;
+ apr_sockaddr_t * ip;
+ apr_sockaddr_t * ipdouble;
+ apr_getopt_t * o;
+ apr_pool_t * pool;
+ apr_status_t status;
+ const char * arg;
+ char opt;
+ char * stats = NULL;
+ char * space;
+ char * hostname;
+#if APR_MAJOR_VERSION > 1 || (APR_MAJOR_VERSION == 1 && APR_MINOR_VERSION >= 3)
+ char * inbuffer;
+ char * outbuffer;
#endif
+ char line[2048];
+ int doublelookups = 0;
+
+ if (apr_app_initialize(&argc, &argv, NULL) != APR_SUCCESS) {
+ return 1;
+ }
- check = 0;
- statfile = NULL;
- for (i = 1; i < argc; i++) {
- if (strcmp(argv[i], "-c") == 0)
- check = 1;
- else if (strcmp(argv[i], "-s") == 0) {
- if (i == argc - 1) {
- fprintf(stderr, "logresolve: missing filename to -s\n");
- exit(1);
- }
- i++;
- statfile = argv[i];
+ atexit(apr_terminate);
+
+ if (argc) {
+ shortname = apr_filepath_name_get(argv[0]);
+ }
+
+ if (apr_pool_create(&pool, NULL) != APR_SUCCESS) {
+ return 1;
+ }
+ apr_file_open_stderr(&errfile, pool);
+ apr_getopt_init(&o, pool, argc, argv);
+
+ while (1) {
+ status = apr_getopt(o, "s:c", &opt, &arg);
+ if (status == APR_EOF) {
+ break;
}
- else {
- fprintf(stderr, "Usage: logresolve [-s statfile] [-c] < input > output\n");
- exit(0);
+ else if (status != APR_SUCCESS) {
+ usage();
}
+ else {
+ switch (opt) {
+ case 'c':
+ if (doublelookups) {
+ usage();
+ }
+ doublelookups = 1;
+ break;
+ case 's':
+ if (stats) {
+ usage();
+ }
+ stats = apr_pstrdup(pool, arg);
+ break;
+ } /* switch */
+ } /* else */
+ } /* while */
+
+ apr_file_open_stdout(&outfile, pool);
+ apr_file_open_stdin(&infile, pool);
+
+#if APR_MAJOR_VERSION > 1 || (APR_MAJOR_VERSION == 1 && APR_MINOR_VERSION >= 3)
+ /* Allocate two new 10k file buffers */
+ if ((outbuffer = apr_palloc(pool, 10240)) == NULL ||
+ (inbuffer = apr_palloc(pool, 10240)) == NULL) {
+ return 1;
}
+
+ /* Set the buffers */
+ apr_file_buffer_set(infile, inbuffer, 10240);
+ apr_file_buffer_set(outfile, outbuffer, 10240);
+#endif
+
+ cache = apr_hash_make(pool);
- for (i = 0; i < BUCKETS; i++)
- nscache[i] = NULL;
- for (i = 0; i < MAX_ERR + 2; i++)
- errors[i] = 0;
-
- while (get_line(line, MAXLINE)) {
- if (line[0] == '\0')
+ while(apr_file_gets(line, 2048, infile) == APR_SUCCESS) {
+ if (line[0] == '\0') {
continue;
+ }
+
+ /* Count our log entries */
entries++;
- if (!apr_isdigit(line[0])) { /* short cut */
- puts(line);
- withname++;
+
+ /* Check if this could even be an IP address */
+ if (!apr_isxdigit(line[0]) && line[0] != ':') {
+ withname++;
+ apr_file_puts(line, outfile);
+ continue;
+ }
+
+ /* Terminate the line at the next space */
+ if((space = strchr(line, ' ')) != NULL) {
+ *space = '\0';
+ }
+
+ /* See if we have it in our cache */
+ hostname = (char *) apr_hash_get(cache, (const void *)line,
+ strlen(line));
+ if (hostname) {
+ apr_file_printf(outfile, "%s %s", hostname, space + 1);
+ cachehits++;
+ continue;
+ }
+
+ /* Parse the IP address */
+ status = apr_sockaddr_info_get(&ip, line, APR_UNSPEC ,0, 0, pool);
+ if (status != APR_SUCCESS) {
+ /* Not an IP address */
+ withname++;
+ *space = ' ';
+ apr_file_puts(line, outfile);
continue;
}
- bar = strchr(line, ' ');
- if (bar != NULL)
- *bar = '\0';
- ipnum.s_addr = inet_addr(line);
- if (ipnum.s_addr == 0xffffffffu) {
- if (bar != NULL)
- *bar = ' ';
- puts(line);
- withname++;
+
+ /* This does not make much sense, but historically "resolves" means
+ * "parsed as an IP address". It does not mean we actually resolved
+ * the IP address into a hostname.
+ */
+ resolves++;
+
+ /* From here on our we cache each result, even if it was not
+ * succesful
+ */
+ cachesize++;
+
+ /* Try and perform a reverse lookup */
+ status = apr_getnameinfo(&hostname, ip, 0) != APR_SUCCESS;
+ if (status || hostname == NULL) {
+ /* Could not perform a reverse lookup */
+ *space = ' ';
+ apr_file_puts(line, outfile);
+ noreverse++;
+
+ /* Add to cache */
+ *space = '\0';
+ apr_hash_set(cache, (const void *) line, strlen(line),
+ (const void *) apr_pstrdup(pool, line));
continue;
}
- resolves++;
+ /* Perform a double lookup */
+ if (doublelookups) {
+ /* Do a forward lookup on our hostname, and see if that matches our
+ * original IP address.
+ */
+ status = apr_sockaddr_info_get(&ipdouble, hostname, ip->family, 0,
+ 0, pool);
+ if (status == APR_SUCCESS ||
+ memcmp(ipdouble->ipaddr_ptr, ip->ipaddr_ptr, ip->ipaddr_len)) {
+ /* Double-lookup failed */
+ *space = ' ';
+ apr_file_puts(line, outfile);
+ doublefailed++;
+
+ /* Add to cache */
+ *space = '\0';
+ apr_hash_set(cache, (const void *) line, strlen(line),
+ (const void *) apr_pstrdup(pool, line));
+ continue;
+ }
+ }
- cgethost(ipnum, hoststring, check);
- if (bar != NULL)
- printf("%s %s\n", hoststring, bar + 1);
- else
- puts(hoststring);
- }
+ /* Outout the resolved name */
+ apr_file_printf(outfile, "%s %s", hostname, space + 1);
-#if defined(WIN32) || (defined(NETWARE) && defined(USE_WINSOCK))
- WSACleanup();
-#endif
+ /* Store it in the cache */
+ apr_hash_set(cache, (const void *) line, strlen(line),
+ (const void *) apr_pstrdup(pool, hostname));
+ }
- if (statfile != NULL) {
- FILE *fp;
- fp = fopen(statfile, "w");
- if (fp == NULL) {
- fprintf(stderr, "logresolve: could not open statistics file '%s'\n"
- ,statfile);
- exit(1);
+ /* Flush any remaining output */
+ apr_file_flush(outfile);
+
+ if (stats) {
+ if (apr_file_open(&statsfile, stats,
+ APR_FOPEN_WRITE | APR_FOPEN_CREATE | APR_FOPEN_TRUNCATE,
+ APR_OS_DEFAULT, pool) != APR_SUCCESS) {
+ apr_file_printf(errfile, "%s: Could not open %s for writing.",
+ shortname, stats);
+ return 1;
}
- stats(fp);
- fclose(fp);
+ print_statistics(statsfile);
+ apr_file_close(statsfile);
}
- return (0);
+ return 0;
}

255
httpd-2.2.21-mod_proxy-change-state.patch
View File

@ -1,255 +0,0 @@
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index 1efe95c..5276cac 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -2242,14 +2242,7 @@ static int proxy_status_hook(request_rec *r, int flags)
char fbuf[50];
ap_rvputs(r, "<tr>\n<td>", worker->scheme, "</td>", NULL);
ap_rvputs(r, "<td>", worker->hostname, "</td><td>", NULL);
- if (worker->s->status & PROXY_WORKER_DISABLED)
- ap_rputs("Dis", r);
- else if (worker->s->status & PROXY_WORKER_IN_ERROR)
- ap_rputs("Err", r);
- else if (worker->s->status & PROXY_WORKER_INITIALIZED)
- ap_rputs("Ok", r);
- else
- ap_rputs("-", r);
+ ap_rvputs(r, ap_proxy_parse_wstatus(r->pool, worker), NULL);
ap_rvputs(r, "</td><td>", worker->s->route, NULL);
ap_rvputs(r, "</td><td>", worker->s->redirect, NULL);
ap_rprintf(r, "</td><td>%d</td>", worker->s->lbfactor);
diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
index 4a4bf17..1b4ba6d 100644
--- a/modules/proxy/mod_proxy.h
+++ b/modules/proxy/mod_proxy.h
@@ -274,6 +274,16 @@ struct proxy_conn_pool {
#define PROXY_WORKER_IN_ERROR 0x0080
#define PROXY_WORKER_HOT_STANDBY 0x0100
+/* worker status flags */
+#define PROXY_WORKER_INITIALIZED_FLAG 'O'
+#define PROXY_WORKER_IGNORE_ERRORS_FLAG 'I'
+#define PROXY_WORKER_IN_SHUTDOWN_FLAG 'U'
+#define PROXY_WORKER_DISABLED_FLAG 'D'
+#define PROXY_WORKER_STOPPED_FLAG 'S'
+#define PROXY_WORKER_IN_ERROR_FLAG 'E'
+#define PROXY_WORKER_HOT_STANDBY_FLAG 'H'
+#define PROXY_WORKER_FREE_FLAG 'F'
+
#define PROXY_WORKER_NOT_USABLE_BITMAP ( PROXY_WORKER_IN_SHUTDOWN | \
PROXY_WORKER_DISABLED | PROXY_WORKER_STOPPED | PROXY_WORKER_IN_ERROR )
@@ -776,6 +786,23 @@ PROXY_DECLARE(apr_status_t)
ap_proxy_buckets_lifetime_transform(request_rec *r, apr_bucket_brigade *from,
apr_bucket_brigade *to);
+/**
+ * Set/unset the worker status bitfield depending on flag
+ * @param c flag
+ * @param set set or unset bit
+ * @param w worker to use
+ * @return APR_SUCCESS if valid flag
+ */
+PROXY_DECLARE(apr_status_t) ap_proxy_set_wstatus(char c, int set, proxy_worker *w);
+
+/**
+ * Create readable representation of worker status bitfield
+ * @param p pool
+ * @param w worker to use
+ * @return string representation of status
+ */
+PROXY_DECLARE(char *) ap_proxy_parse_wstatus(apr_pool_t *p, proxy_worker *w);
+
#define PROXY_LBMETHOD "proxylbmethod"
/* The number of dynamic workers that can be added when reconfiguring.
diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
index 90f3d08..e58503f 100644
--- a/modules/proxy/mod_proxy_balancer.c
+++ b/modules/proxy/mod_proxy_balancer.c
@@ -675,6 +675,18 @@ static int balancer_init(apr_pool_t *p, apr_pool_t *plog,
return OK;
}
+static void create_radio(const char *name, unsigned int flag, proxy_worker *w,
+ request_rec *r)
+{
+ ap_rvputs(r, "<td>Set <input name='", name, "' value='1' type=radio", NULL);
+ if (w->s->status & flag)
+ ap_rputs(" checked", r);
+ ap_rvputs(r, "> <br/> Clear <input name='", name, "' value='0' type=radio", NULL);
+ if (!(w->s->status & flag))
+ ap_rputs(" checked", r);
+ ap_rputs("></td>\n", r);
+}
+
/* Manages the loadfactors and member status
*/
static int balancer_handler(request_rec *r)
@@ -770,11 +782,17 @@ static int balancer_handler(request_rec *r)
else
*wsel->s->redirect = '\0';
}
- if ((val = apr_table_get(params, "dw"))) {
- if (!strcasecmp(val, "Disable"))
- wsel->s->status |= PROXY_WORKER_DISABLED;
- else if (!strcasecmp(val, "Enable"))
- wsel->s->status &= ~PROXY_WORKER_DISABLED;
+ if ((val = apr_table_get(params, "status_I"))) {
+ ap_proxy_set_wstatus('I', atoi(val), wsel);
+ }
+ if ((val = apr_table_get(params, "status_N"))) {
+ ap_proxy_set_wstatus('N', atoi(val), wsel);
+ }
+ if ((val = apr_table_get(params, "status_D"))) {
+ ap_proxy_set_wstatus('D', atoi(val), wsel);
+ }
+ if ((val = apr_table_get(params, "status_H"))) {
+ ap_proxy_set_wstatus('H', atoi(val), wsel);
}
if ((val = apr_table_get(params, "ls"))) {
int ival = atoi(val);
@@ -784,10 +802,11 @@ static int balancer_handler(request_rec *r)
}
}
+
if (apr_table_get(params, "xml")) {
ap_set_content_type(r, "text/xml");
- ap_rputs("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n", r);
- ap_rputs("<httpd:manager xmlns:httpd=\"http://httpd.apache.org\">\n", r);
+ ap_rputs("<?xml version='1.0' encoding='UTF-8' ?>\n", r);
+ ap_rputs("<httpd:manager xmlns:httpd='http://httpd.apache.org'>\n", r);
ap_rputs(" <httpd:balancers>\n", r);
balancer = (proxy_balancer *)conf->balancers->elts;
for (i = 0; i < conf->balancers->nelts; i++) {
@@ -865,18 +884,7 @@ static int balancer_handler(request_rec *r)
ap_escape_html(r->pool, worker->s->redirect), NULL);
ap_rprintf(r, "</td><td>%d</td>", worker->s->lbfactor);
ap_rprintf(r, "<td>%d</td><td>", worker->s->lbset);
- if (worker->s->status & PROXY_WORKER_DISABLED)
- ap_rputs("Dis ", r);
- if (worker->s->status & PROXY_WORKER_IN_ERROR)
- ap_rputs("Err ", r);
- if (worker->s->status & PROXY_WORKER_STOPPED)
- ap_rputs("Stop ", r);
- if (worker->s->status & PROXY_WORKER_HOT_STANDBY)
- ap_rputs("Stby ", r);
- if (PROXY_WORKER_IS_USABLE(worker))
- ap_rputs("Ok", r);
- if (!PROXY_WORKER_IS_INITIALIZED(worker))
- ap_rputs("-", r);
+ ap_rvputs(r, ap_proxy_parse_wstatus(r->pool, worker), NULL);
ap_rputs("</td>", r);
ap_rprintf(r, "<td>%" APR_SIZE_T_FMT "</td><td>", worker->s->elected);
ap_rputs(apr_strfsize(worker->s->transferred, fbuf), r);
@@ -907,21 +915,20 @@ static int balancer_handler(request_rec *r)
ap_rvputs(r, "value=\"", ap_escape_html(r->pool, wsel->s->redirect),
NULL);
ap_rputs("\"></td></tr>\n", r);
- ap_rputs("<tr><td>Status:</td><td>Disabled: <input name=\"dw\" value=\"Disable\" type=radio", r);
- if (wsel->s->status & PROXY_WORKER_DISABLED)
- ap_rputs(" checked", r);
- ap_rputs("> | Enabled: <input name=\"dw\" value=\"Enable\" type=radio", r);
- if (!(wsel->s->status & PROXY_WORKER_DISABLED))
- ap_rputs(" checked", r);
- ap_rputs("></td></tr>\n", r);
- ap_rputs("<tr><td colspan=2><input type=submit value=\"Submit\"></td></tr>\n", r);
- ap_rvputs(r, "</table>\n<input type=hidden name=\"w\" ", NULL);
- ap_rvputs(r, "value=\"", ap_escape_uri(r->pool, wsel->name), "\">\n", NULL);
- ap_rvputs(r, "<input type=hidden name=\"b\" ", NULL);
- ap_rvputs(r, "value=\"", bsel->name + sizeof("balancer://") - 1,
- "\">\n", NULL);
- ap_rvputs(r, "<input type=hidden name=\"nonce\" value=\"",
- balancer_nonce, "\">\n", NULL);
+ ap_rputs("<tr><td>Status:</td>", r);
+ ap_rputs("<td><table border='1'><tr><th>Ign</th><th>Dis</th><th>Stby</th></tr>\n<tr>", r);
+ create_radio("status_I", PROXY_WORKER_IGNORE_ERRORS, wsel, r);
+ create_radio("status_D", PROXY_WORKER_DISABLED, wsel, r);
+ create_radio("status_H", PROXY_WORKER_HOT_STANDBY, wsel, r);
+ ap_rputs("</tr></table>\n", r);
+ ap_rputs("<tr><td colspan=2><input type=submit value='Submit'></td></tr>\n", r);
+ ap_rvputs(r, "</table>\n<input type=hidden name='w' ", NULL);
+ ap_rvputs(r, "value='", ap_escape_uri(r->pool, wsel->name), "'>\n", NULL);
+ ap_rvputs(r, "<input type=hidden name='b' ", NULL);
+ ap_rvputs(r, "value='", bsel->name + sizeof("balancer://") - 1,
+ "'>\n", NULL);
+ ap_rvputs(r, "<input type=hidden name='nonce' value='",
+ balancer_nonce, "'>\n", NULL);
ap_rvputs(r, "</form>\n", NULL);
ap_rputs("<hr />\n", r);
}
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index 95f4a78..58f630b 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -2678,3 +2678,69 @@ ap_proxy_buckets_lifetime_transform(request_rec *r, apr_bucket_brigade *from,
}
return rv;
}
+
+PROXY_DECLARE(apr_status_t) ap_proxy_set_wstatus(const char c, int set, proxy_worker *w)
+{
+ char bit = toupper(c);
+ switch (bit) {
+ case PROXY_WORKER_DISABLED_FLAG :
+ if (set)
+ w->s->status |= PROXY_WORKER_DISABLED;
+ else
+ w->s->status &= ~PROXY_WORKER_DISABLED;
+ break;
+ case PROXY_WORKER_STOPPED_FLAG :
+ if (set)
+ w->s->status |= PROXY_WORKER_STOPPED;
+ else
+ w->s->status &= ~PROXY_WORKER_STOPPED;
+ break;
+ case PROXY_WORKER_IN_ERROR_FLAG :
+ if (set)
+ w->s->status |= PROXY_WORKER_IN_ERROR;
+ else
+ w->s->status &= ~PROXY_WORKER_IN_ERROR;
+ break;
+ case PROXY_WORKER_HOT_STANDBY_FLAG :
+ if (set)
+ w->s->status |= PROXY_WORKER_HOT_STANDBY;
+ else
+ w->s->status &= ~PROXY_WORKER_HOT_STANDBY;
+ break;
+ case PROXY_WORKER_IGNORE_ERRORS_FLAG :
+ if (set)
+ w->s->status |= PROXY_WORKER_IGNORE_ERRORS;
+ else
+ w->s->status &= ~PROXY_WORKER_IGNORE_ERRORS;
+ break;
+ default:
+ return APR_EINVAL;
+ break;
+ }
+ return APR_SUCCESS;
+}
+
+PROXY_DECLARE(char *) ap_proxy_parse_wstatus(apr_pool_t *p, proxy_worker *w)
+{
+ char *ret = NULL;
+ unsigned int status = w->s->status;
+ if (status & PROXY_WORKER_INITIALIZED)
+ ret = apr_pstrcat(p, "Init ", NULL);
+ else
+ ret = apr_pstrcat(p, "!Init ", NULL);
+ if (status & PROXY_WORKER_IGNORE_ERRORS)
+ ret = apr_pstrcat(p, ret, "Ign ", NULL);
+ if (status & PROXY_WORKER_IN_SHUTDOWN)
+ ret = apr_pstrcat(p, ret, "Shut ", NULL);
+ if (status & PROXY_WORKER_DISABLED)
+ ret = apr_pstrcat(p, ret, "Dis ", NULL);
+ if (status & PROXY_WORKER_STOPPED)
+ ret = apr_pstrcat(p, ret, "Stop ", NULL);
+ if (status & PROXY_WORKER_IN_ERROR)
+ ret = apr_pstrcat(p, ret, "Err ", NULL);
+ if (status & PROXY_WORKER_HOT_STANDBY)
+ ret = apr_pstrcat(p, ret, "Stby ", NULL);
+ if (PROXY_WORKER_IS_USABLE(w))
+ ret = apr_pstrcat(p, ret, "Ok ", NULL);
+ return ret;
+}

24
httpd-2.2.22-pcre830.patch
View File

@ -1,24 +0,0 @@
http://svn.apache.org/viewvc?view=revision&revision=r1243176
--- httpd-2.2.22/server/util_pcre.c.pcre830
+++ httpd-2.2.22/server/util_pcre.c
@@ -128,6 +128,7 @@ AP_DECLARE(int) ap_regcomp(ap_regex_t *p
const char *errorptr;
int erroffset;
int options = 0;
+int nsub;
if ((cflags & AP_REG_ICASE) != 0) options |= PCRE_CASELESS;
if ((cflags & AP_REG_NEWLINE) != 0) options |= PCRE_MULTILINE;
@@ -137,7 +138,9 @@ preg->re_erroffset = erroffset;
if (preg->re_pcre == NULL) return AP_REG_INVARG;
-preg->re_nsub = pcre_info((const pcre *)preg->re_pcre, NULL, NULL);
+pcre_fullinfo((const pcre *)preg->re_pcre, NULL,
+ PCRE_INFO_CAPTURECOUNT, &nsub);
+preg->re_nsub = nsub;
return 0;
}

20
httpd-2.2.9-deplibs.patch
View File

@ -1,20 +0,0 @@
Link only against the libtool libraries to avoid pulling in
all dependencies if libapr/libaprutil.
Upstream-Status: probably breaks static builds, not desired
--- httpd-2.2.9/configure.in.deplibs
+++ httpd-2.2.9/configure.in
@@ -588,9 +588,8 @@ APACHE_HELP_STRING(--with-suexec-umask,u
AC_DEFINE_UNQUOTED(AP_SUEXEC_UMASK, 0$withval, [umask for suexec'd process] ) ] )
dnl APR should go after the other libs, so the right symbols can be picked up
-apulinklibs="`$apu_config --avoid-ldap --link-libtool --libs`" \
- || apulinklibs="`$apu_config --link-libtool --libs`"
-AP_LIBS="$AP_LIBS $apulinklibs `$apr_config --link-libtool --libs`"
+apulinklibs="`$apu_config --link-libtool`"
+AP_LIBS="$AP_LIBS $apulinklibs `$apr_config --link-libtool`"
APACHE_SUBST(AP_LIBS)
APACHE_SUBST(AP_BUILD_SRCLIB_DIRS)
APACHE_SUBST(AP_CLEAN_SRCLIB_DIRS)

21
httpd-2.2.9-suenable.patch
View File

@ -1,21 +0,0 @@
Removes setuid check because we are now using capabilities to ensure proper
suexec rights.
Upstream-status: Not acceptable for upstream in current status.
suexec_enabled part is in trunk,differently
diff --git a/os/unix/unixd.c b/os/unix/unixd.c
index 85d5a98..1ee1dfe 100644
--- a/os/unix/unixd.c
+++ b/os/unix/unixd.c
@@ -271,8 +271,8 @@ AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp)
return;
}
- if ((wrapper.protection & APR_USETID) && wrapper.user == 0) {
- unixd_config.suexec_enabled = 1;
+ if (wrapper.user == 0) {
+ unixd_config.suexec_enabled = access(SUEXEC_BIN, R_OK|X_OK) == 0;
}
}

41
httpd-2.1.10-apctl.patch → httpd-2.4.1-apctl.patch
View File

@ -2,16 +2,15 @@
- fail gracefully if links is not installed on target system
- source sysconfig/httpd for custom env. vars etc.
- make httpd -t work even in SELinux
- refuse to restart into a bad config
- pass $OPTIONS to all $HTTPD invocation
Upstream-HEAD: vendor
Upstream-2.0: vendor
Upstream-Status: Vendor-specific changes for better initscript integration
--- httpd-2.1.10/support/apachectl.in.apctl
+++ httpd-2.1.10/support/apachectl.in
@@ -43,19 +43,25 @@
--- httpd-2.4.1/support/apachectl.in.apctl
+++ httpd-2.4.1/support/apachectl.in
@@ -44,19 +44,25 @@ ARGV="$@"
# the path to your httpd binary, including options if necessary
HTTPD='@exp_sbindir@/@progname@'
#
@ -42,7 +41,7 @@ Upstream-Status: Vendor-specific changes for better initscript integration
#
# Set this variable to a command that increases the maximum
# number of file descriptors allowed per child process. This is
@@ -75,29 +81,51 @@
@@ -76,9 +82,27 @@ if [ "x$ARGV" = "x" ] ; then
ARGV="-h"
fi
@ -64,27 +63,15 @@ Upstream-Status: Vendor-specific changes for better initscript integration
+ERROR=$?
+}
+
case $ARGV in
-start|stop|restart|graceful|graceful-stop)
case $ACMD in
start|stop|restart|graceful|graceful-stop)
- $HTTPD -k $ARGV
- ERROR=$?
+restart|graceful)
+ if $HTTPD $OPTIONS -t >&/dev/null; then
+ $HTTPD $OPTIONS -k $ARGV
+ ERROR=$?
+ else
+ echo "apachectl: Configuration syntax error, will not run \"$ARGV\":"
+ testconfig
+ fi
;;
-startssl|sslstart|start-SSL)
- echo The startssl option is no longer supported.
- echo Please edit httpd.conf to include the SSL configuration settings
- echo and then use "apachectl start".
- ERROR=2
+start|stop|graceful-stop)
+ $HTTPD $OPTIONS -k $ARGV
+ ERROR=$?
ERROR=$?
;;
startssl|sslstart|start-SSL)
@@ -88,17 +112,18 @@ startssl|sslstart|start-SSL)
ERROR=2
;;
configtest)
- $HTTPD -t
@ -92,7 +79,7 @@ Upstream-Status: Vendor-specific changes for better initscript integration
+ testconfig
;;
status)
+ checklynx
+ checklynx
$LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
;;
fullstatus)
@ -100,8 +87,8 @@ Upstream-Status: Vendor-specific changes for better initscript integration
$LYNX $STATUSURL
;;
*)
- $HTTPD $ARGV
+ $HTTPD $OPTIONS $ARGV
- $HTTPD "$@"
+ $HTTPD $OPTIONS "$@"
ERROR=$?
esac

22
httpd-2.4.1-apr14.patch Normal file
View File

@ -0,0 +1,22 @@
--- httpd-2.4.1/support/rotatelogs.c.apr14
+++ httpd-2.4.1/support/rotatelogs.c
@@ -52,6 +52,7 @@
#if APR_FILES_AS_SOCKETS
#include "apr_poll.h"
#endif
+#include "apr_version.h"
#if APR_HAVE_STDLIB_H
#include <stdlib.h>
@@ -295,7 +296,11 @@ static void post_rotate(apr_pool_t *pool
if (config->verbose) {
fprintf(stderr,"Linking %s to %s\n", newlog->name, config->linkfile);
}
+#if APR_VERSION_AT_LEAST(1,4,0)
rv = apr_file_link(newlog->name, config->linkfile);
+#else
+ rv = APR_ENOTIMPL;
+#endif
if (rv != APR_SUCCESS) {
char error[120];
apr_strerror(rv, error, sizeof error);

56
httpd-2.4.1-apxs.patch Normal file
View File

@ -0,0 +1,56 @@
--- httpd-2.4.1/support/apxs.in.apxs
+++ httpd-2.4.1/support/apxs.in
@@ -25,7 +25,18 @@ package apxs;
my %config_vars = ();
-my $installbuilddir = "@exp_installbuilddir@";
+# Awful hack to make apxs libdir-agnostic:
+my $pkg_config = "/usr/bin/pkg-config";
+if (! -x "$pkg_config") {
+ error("$pkg_config not found!");
+ exit(1);
+}
+
+my $libdir = `pkg-config --variable=libdir apr-1`;
+chomp $libdir;
+
+my $installbuilddir = $libdir . "/httpd/build";
+
get_config_vars("$installbuilddir/config_vars.mk",\%config_vars);
# read the configuration variables once
@@ -273,7 +284,7 @@ if ($opt_g) {
$data =~ s|%NAME%|$name|sg;
$data =~ s|%TARGET%|$CFG_TARGET|sg;
$data =~ s|%PREFIX%|$prefix|sg;
- $data =~ s|%INSTALLBUILDDIR%|$installbuilddir|sg;
+ $data =~ s|%LIBDIR%|$libdir|sg;
my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s);
@@ -450,11 +461,11 @@ if ($opt_c) {
if ($opt_p == 1) {
- my $apr_libs=`$apr_config --cflags --ldflags --link-libtool --libs`;
+ my $apr_libs=`$apr_config --cflags --ldflags --link-libtool`;
chomp($apr_libs);
my $apu_libs="";
if ($apr_major_version < 2) {
- $apu_libs=`$apu_config --ldflags --link-libtool --libs`;
+ $apu_libs=`$apu_config --ldflags --link-libtool`;
chomp($apu_libs);
}
@@ -669,8 +680,8 @@ __DATA__
builddir=.
top_srcdir=%PREFIX%
-top_builddir=%PREFIX%
-include %INSTALLBUILDDIR%/special.mk
+top_builddir=%LIBDIR%/httpd
+include %LIBDIR%/httpd/build/special.mk
# the used tools
APXS=apxs

12
httpd-2.2.11-corelimit.patch → httpd-2.4.1-corelimit.patch
View File

@ -5,12 +5,12 @@ configured.
Upstream-Status: Was discussed but there are competing desires;
there are portability oddities here too.
--- httpd-2.2.11/server/core.c.corelimit
+++ httpd-2.2.11/server/core.c
@@ -3777,6 +3779,25 @@ static int core_post_config(apr_pool_t *
set_banner(pconf);
ap_setup_make_content_type(pconf);
--- httpd-2.4.1/server/core.c.corelimit
+++ httpd-2.4.1/server/core.c
@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t *
}
apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper,
apr_pool_cleanup_null);
+
+#ifdef RLIMIT_CORE
+ if (ap_coredumpdir_configured) {

19
httpd-2.4.1-deplibs.patch Normal file
View File

@ -0,0 +1,19 @@
Link straight against .la files.
Upstream-Status: vendor specific
--- httpd-2.4.1/configure.in.deplibs
+++ httpd-2.4.1/configure.in
@@ -707,9 +707,9 @@ APACHE_HELP_STRING(--with-suexec-umask,u
dnl APR should go after the other libs, so the right symbols can be picked up
if test x${apu_found} != xobsolete; then
- AP_LIBS="$AP_LIBS `$apu_config --avoid-ldap --link-libtool --libs`"
+ AP_LIBS="$AP_LIBS `$apu_config --avoid-ldap --link-libtool`"
fi
-AP_LIBS="$AP_LIBS `$apr_config --link-libtool --libs`"
+AP_LIBS="$AP_LIBS `$apr_config --link-libtool`"
APACHE_SUBST(AP_LIBS)
APACHE_SUBST(AP_BUILD_SRCLIB_DIRS)
APACHE_SUBST(AP_CLEAN_SRCLIB_DIRS)

20
httpd-2.4.1-export.patch Normal file
View File

@ -0,0 +1,20 @@
There is no need to "suck in" the apr/apr-util symbols when using
a shared libapr{,util}, it just bloats the symbol table; so don't.
Upstream-HEAD: needed
Upstream-2.0: omit
Upstream-Status: EXPORT_DIRS change is conditional on using shared apr
--- httpd-2.4.1/server/Makefile.in.export
+++ httpd-2.4.1/server/Makefile.in
@@ -57,9 +57,6 @@ export_files:
( for dir in $(EXPORT_DIRS); do \
ls $$dir/*.h ; \
done; \
- for dir in $(EXPORT_DIRS_APR); do \
- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \
- done; \
) | sort -u > $@
exports.c: export_files

29
httpd-2.4.1-layout.patch Normal file
View File

@ -0,0 +1,29 @@
--- httpd-2.4.1/config.layout.layout
+++ httpd-2.4.1/config.layout
@@ -347,3 +347,26 @@
proxycachedir: ${localstatedir}/proxy
</Layout>
+# Fedora/RHEL layout
+<Layout Fedora>
+ prefix: /usr
+ exec_prefix: ${prefix}
+ bindir: ${prefix}/bin
+ sbindir: ${prefix}/sbin
+ libdir: ${prefix}/lib
+ libexecdir: ${prefix}/libexec
+ mandir: ${prefix}/man
+ sysconfdir: /etc/httpd/conf
+ datadir: ${prefix}/share/httpd
+ installbuilddir: ${libdir}/httpd/build
+ errordir: ${datadir}/error
+ iconsdir: ${datadir}/icons
+ htdocsdir: /var/www/html
+ manualdir: ${datadir}/manual
+ cgidir: /var/www/cgi-bin
+ includedir: ${prefix}/include/httpd
+ localstatedir: /var
+ runtimedir: ${localstatedir}/run/httpd
+ logfiledir: ${localstatedir}/log/httpd
+ proxycachedir: ${localstatedir}/cache/httpd
+</Layout>

29
httpd-2.2.11-selinux.patch → httpd-2.4.1-selinux.patch
View File

@ -3,34 +3,38 @@ Log the SELinux context at startup.
Upstream-Status: unlikely to be any interest in this upstream
--- httpd-2.2.11/configure.in.selinux
+++ httpd-2.2.11/configure.in
@@ -412,6 +412,10 @@ getpgid
--- httpd-2.4.1/configure.in.selinux
+++ httpd-2.4.1/configure.in
@@ -458,6 +458,11 @@ fopen64
dnl confirm that a void pointer is large enough to store a long integer
APACHE_CHECK_VOID_PTR_LEN
+AC_CHECK_LIB(selinux, is_selinux_enabled, [
+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
+ APR_ADDTO(AP_LIBS, [-lselinux])
+])
+
dnl ## Check for the tm_gmtoff field in struct tm to get the timezone diffs
AC_CACHE_CHECK([for tm_gmtoff in struct tm], ac_cv_struct_tm_gmtoff,
[AC_TRY_COMPILE([#include <sys/types.h>
--- httpd-2.2.11/server/core.c.selinux
+++ httpd-2.2.11/server/core.c
@@ -51,6 +51,8 @@
#include "mod_so.h" /* for ap_find_loaded_module_symbol */
AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
[AC_TRY_RUN(#define _GNU_SOURCE
#include <unistd.h>
--- httpd-2.4.1/server/core.c.selinux
+++ httpd-2.4.1/server/core.c
@@ -58,6 +58,10 @@
#include <unistd.h>
#endif
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
/* LimitRequestBody handling */
#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0)
@@ -3796,6 +3798,26 @@ static int core_post_config(apr_pool_t *
@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t *
}
#endif
+#ifdef HAVE_SELINUX
+ {
+ static int already_warned = 0;
+ int is_enabled = is_selinux_enabled() > 0;
@ -50,6 +54,7 @@ Upstream-Status: unlikely to be any interest in this upstream
+ }
+ }
+ }
+#endif
+
return OK;
}

18
httpd-2.4.1-suenable.patch Normal file
View File

@ -0,0 +1,18 @@
Removes setuid check because we are now using capabilities to ensure proper
suexec rights.
Upstream-status: vendor specific.
diff --git a/os/unix/unixd.c b/os/unix/unixd.c
index 85d5a98..1ee1dfe 100644
--- httpd-2.4.1/modules/arch/unix/mod_unixd.c.suenable
+++ httpd-2.4.1/modules/arch/unix/mod_unixd.c
@@ -300,7 +300,7 @@ unixd_pre_config(apr_pool_t *pconf, apr_
ap_unixd_config.suexec_enabled = 0;
if ((apr_stat(&wrapper, SUEXEC_BIN, APR_FINFO_NORM, ptemp))
== APR_SUCCESS) {
- if ((wrapper.protection & APR_USETID) && wrapper.user == 0
+ if (wrapper.user == 0
&& (access(SUEXEC_BIN, R_OK|X_OK) == 0)) {
ap_unixd_config.suexec_enabled = 1;
ap_unixd_config.suexec_disabled_reason = "";

975
httpd.conf
View File

File diff suppressed because it is too large Load Diff

10
httpd.service
View File

@ -1,15 +1,15 @@
[Unit]
Description=The Apache HTTP Server (@NAME@ MPM)
Description=The Apache HTTP Server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/var/run/httpd/httpd.pid
EnvironmentFile=/etc/sysconfig/httpd
ExecStart=@EXEC@ $OPTIONS -k start
ExecReload=@EXEC@ $OPTIONS -t
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=@EXEC@ $OPTIONS -k stop
ExecStart=/usr/sbin/httpd $OPTIONS -k start
ExecReload=/usr/sbin/httpd $OPTIONS -t
ExecReload=/usr/sbin/httpd -HUP $MAINPID
ExecStop=/usr/sbin/httpd $OPTIONS -k graceful-stop
PrivateTmp=true
[Install]

545
httpd.spec
View File

@ -1,51 +1,54 @@
%define contentdir /var/www
%define contentdir %{_datadir}/httpd
%define docroot /var/www
%define suexec_caller apache
%define mmn 20051115
%define mmn 20120211
%define mmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
%define vstring Fedora
%define mpms worker event
%define all_services httpd.service httpd-worker.service httpd-event.service
Summary: Apache HTTP Server
Name: httpd
Version: 2.2.22
Release: 2%{?dist}
Version: 2.4.1
Release: 1%{?dist}
URL: http://httpd.apache.org/
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html
Source3: httpd.logrotate
Source5: httpd.sysconf
Source6: httpd-ssl-pass-dialog
Source7: httpd.tmpfiles
Source8: httpd.service
Source10: httpd.conf
Source11: ssl.conf
Source12: welcome.conf
Source13: manual.conf
Source14: httpd.tmpfiles
Source15: httpd.service
Source11: 00-base.conf
Source12: 00-mpm.conf
Source13: 00-lua.conf
Source14: 01-cgi.conf
Source15: 00-dav.conf
Source16: 00-proxy.conf
Source17: 00-ssl.conf
Source18: 00-ldap.conf
Source19: userdir.conf
Source20: ssl.conf
Source21: welcome.conf
Source22: manual.conf
# Documentation
Source31: httpd.mpm.xml
Source33: README.confd
# build/scripts patches
Patch1: httpd-2.1.10-apctl.patch
Patch2: httpd-2.1.10-apxs.patch
Patch3: httpd-2.2.9-deplibs.patch
Patch4: httpd-2.1.10-disablemods.patch
Patch5: httpd-2.1.10-layout.patch
Patch6: httpd-2.2.22-pcre830.patch
Patch1: httpd-2.4.1-apctl.patch
Patch2: httpd-2.4.1-apxs.patch
Patch3: httpd-2.4.1-deplibs.patch
Patch5: httpd-2.4.1-layout.patch
Patch6: httpd-2.4.1-apr14.patch
# Features/functional changes
Patch20: httpd-2.0.48-release.patch
Patch22: httpd-2.1.10-pod.patch
Patch23: httpd-2.0.45-export.patch
Patch24: httpd-2.2.11-corelimit.patch
Patch25: httpd-2.2.11-selinux.patch
Patch26: httpd-2.2.9-suenable.patch
Patch27: httpd-2.2.19-logresolve-ipv6.patch
Patch28: httpd-2.2.21-mod_proxy-change-state.patch
Patch23: httpd-2.4.1-export.patch
Patch24: httpd-2.4.1-corelimit.patch
Patch25: httpd-2.4.1-selinux.patch
Patch26: httpd-2.4.1-suenable.patch
License: ASL 2.0
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: autoconf, perl, pkgconfig, findutils, xmlto
BuildRequires: zlib-devel, libselinux-devel
BuildRequires: zlib-devel, libselinux-devel, lua-devel
BuildRequires: apr-devel >= 1.2.0, apr-util-devel >= 1.2.0, pcre-devel >= 5.0
Requires: /etc/mime.types, system-logos >= 7.92.1-1
Obsoletes: httpd-suexec
@ -118,17 +121,13 @@ Security (TLS) protocols.
%patch1 -p1 -b .apctl
%patch2 -p1 -b .apxs
%patch3 -p1 -b .deplibs
%patch4 -p1 -b .disablemods
%patch5 -p1 -b .layout
%patch6 -p1 -b .pcre830
%patch6 -p1 -b .apr14
%patch22 -p1 -b .pod
%patch23 -p1 -b .export
%patch24 -p1 -b .corelimit
%patch25 -p1 -b .selinux
%patch26 -p1 -b .suenable
%patch27 -p1 -b .logresolve-ipv6
%patch28 -p1 -b .mod_proxy-change-state
# Patch in vendor/release string
sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
@ -160,24 +159,8 @@ export LDFLAGS="-Wl,-z,relro,-z,now"
# Hard-code path to links to avoid unnecessary builddep
export LYNX_PATH=/usr/bin/links
function mpmbuild()
{
mpm=$1; shift
# Build the systemd file
sed "s,@NAME@,${mpm},g;s,@EXEC@,%{_sbindir}/httpd.${mpm},g" %{SOURCE15} > httpd-${mpm}.service
touch -r %{SOURCE15} httpd-${mpm}.service
# Build the man page
ymdate=`date +'%b %Y'`
sed "s/@PROGNAME@/httpd.${mpm}/g;s/@DATE@/${ymdate}/g;s/@VERSION@/%{version}/g;s/@MPM@/${mpm}/g;" \
< $RPM_SOURCE_DIR/httpd.mpm.xml > httpd.${mpm}.8.xml
xmlto man httpd.${mpm}.8.xml
test -f httpd.${mpm}.8 || mv man/man8/httpd.${mpm}.8 .
# Build the daemon
mkdir $mpm; pushd $mpm
../configure \
./configure \
--prefix=%{_sysconfdir}/httpd \
--exec-prefix=%{_prefix} \
--bindir=%{_bindir} \
@ -188,69 +171,55 @@ mkdir $mpm; pushd $mpm
--includedir=%{_includedir}/httpd \
--libexecdir=%{_libdir}/httpd/modules \
--datadir=%{contentdir} \
--enable-layout=Fedora \
--with-installbuilddir=%{_libdir}/httpd/build \
--with-mpm=$mpm \
--enable-mpms-shared=all \
--with-apr=%{_prefix} --with-apr-util=%{_prefix} \
--enable-suexec --with-suexec \
--with-suexec-caller=%{suexec_caller} \
--with-suexec-docroot=%{contentdir} \
--with-suexec-docroot=%{docroot} \
--with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
--with-suexec-bin=%{_sbindir}/suexec \
--with-suexec-uidmin=500 --with-suexec-gidmin=100 \
--enable-pie \
--with-pcre \
$*
make %{?_smp_mflags}
popd
}
# Build everything and the kitchen sink with the prefork build
mpmbuild prefork \
--enable-mods-shared=all \
--enable-ssl --with-ssl --disable-distcache \
--enable-proxy \
--enable-cache \
--enable-disk-cache \
--enable-ldap --enable-authnz-ldap \
--enable-cgid \
--enable-cgid --enable-cgi \
--enable-authn-anon --enable-authn-alias \
--disable-imagemap
# For the other MPMs, just build httpd and no optional modules
for f in %{mpms}; do
mpmbuild $f --enable-modules=none
done
# Create default/prefork service file for systemd
sed "s,@NAME@,prefork,g;s,@EXEC@,%{_sbindir}/httpd,g" %{SOURCE15} > httpd.service
touch -r %{SOURCE15} httpd.service
--disable-imagemap \
--disable-proxy-html \
--disable-xml2enc \
--disable-session
$*
make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
pushd prefork
make DESTDIR=$RPM_BUILD_ROOT install
popd
# install alternative MPMs; executables, man pages, and systemd service files
# Install systemd service files
mkdir -p $RPM_BUILD_ROOT/lib/systemd/system
for f in %{mpms}; do
install -m 755 ${f}/httpd $RPM_BUILD_ROOT%{_sbindir}/httpd.${f}
install -m 644 httpd.${f}.8 $RPM_BUILD_ROOT%{_mandir}/man8/httpd.${f}.8
install -p -m 644 httpd-${f}.service \
$RPM_BUILD_ROOT/lib/systemd/system/httpd-${f}.service
done
# Default httpd (prefork) service file
install -p -m 644 httpd.service \
install -p -m 644 $RPM_SOURCE_DIR/httpd.service \
$RPM_BUILD_ROOT/lib/systemd/system/httpd.service
# install conf file/directory
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d
install -m 644 $RPM_SOURCE_DIR/README.confd \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README
for f in ssl.conf welcome.conf manual.conf; do
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
00-proxy.conf 00-ssl.conf 00-ldap.conf; do
install -m 644 -p $RPM_SOURCE_DIR/$f \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
done
for f in welcome.conf manual.conf ssl.conf userdir.conf; do
install -m 644 -p $RPM_SOURCE_DIR/$f \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f
done
@ -278,19 +247,19 @@ touch $RPM_BUILD_ROOT%{_localstatedir}/cache/mod_ssl/scache.{dir,pag,sem}
# create cache root
mkdir $RPM_BUILD_ROOT%{_localstatedir}/cache/mod_proxy
# move utilities to /usr/bin
mv $RPM_BUILD_ROOT%{_sbindir}/{ab,htdbm,logresolve,htpasswd,htdigest} \
$RPM_BUILD_ROOT%{_bindir}
# Make the MMN accessible to module packages
echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm
echo "%%_httpd_mmn %{mmnisa}" > $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.httpd
cat > $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.httpd <<EOF
%%_httpd_mmn %{mmnisa}
%%_httpd_apxs %{_bindir}/apxs
EOF
# docroot
mkdir $RPM_BUILD_ROOT%{contentdir}/html
# Handle contentdir
mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
install -m 644 -p $RPM_SOURCE_DIR/index.html \
$RPM_BUILD_ROOT%{contentdir}/error/noindex.html
$RPM_BUILD_ROOT%{contentdir}/noindex/index.html
rm -rf %{contentdir}/htdocs
# remove manual sources
find $RPM_BUILD_ROOT%{contentdir}/manual \( \
@ -307,15 +276,14 @@ for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do
done
set -x
# Clean Document Root
rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
$RPM_BUILD_ROOT%{docroot}/cgi-bin/*
# Symlink for the powered-by-$DISTRO image:
ln -s ../../..%{_datadir}/pixmaps/poweredby.png \
$RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
# Set up /var directories
rmdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/logs
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/httpd
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/httpd
# symlinks for /etc/httpd
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
ln -s ../..%{_localstatedir}/run/httpd $RPM_BUILD_ROOT/etc/httpd/run
@ -399,7 +367,7 @@ fi
/sbin/chkconfig --del httpd >/dev/null 2>&1 || :
%posttrans
/bin/systemctl try-restart %{all_services} >/dev/null 2>&1 || :
/bin/systemctl try-restart httpd.service >/dev/null 2>&1 || :
%define sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt
%define sslkey %{_sysconfdir}/pki/tls/private/localhost.key
@ -437,16 +405,6 @@ if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then
exit 1
fi
# Verify that the same modules were built into the httpd binaries
./prefork/httpd -l | grep -v prefork > prefork.mods
for mpm in %{mpms}; do
./${mpm}/httpd -l | grep -v ${mpm} > ${mpm}.mods
if ! diff -u prefork.mods ${mpm}.mods; then
: Different modules built into httpd binaries, will not proceed
exit 1
fi
done
%clean
rm -rf $RPM_BUILD_ROOT
@ -461,18 +419,24 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/httpd/run
%dir %{_sysconfdir}/httpd/conf
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
%config(noreplace) %{_sysconfdir}/httpd/conf.d/welcome.conf
%config(noreplace) %{_sysconfdir}/httpd/conf/magic
%config(noreplace) %{_sysconfdir}/logrotate.d/httpd
%dir %{_sysconfdir}/httpd/conf.d
%{_sysconfdir}/httpd/conf.d/README
%config(noreplace) %{_sysconfdir}/httpd/conf.d/welcome.conf
%config(noreplace) %{_sysconfdir}/httpd/conf.d/userdir.conf
%dir %{_sysconfdir}/httpd/conf.modules.d
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
%config(noreplace) %{_sysconfdir}/sysconfig/httpd
%config %{_sysconfdir}/tmpfiles.d/httpd.conf
%{_sbindir}/ht*
%{_sbindir}/fcgistarter
%{_sbindir}/apachectl
%{_sbindir}/rotatelogs
# cap_dac_override needed to write to /var/log/httpd
@ -484,16 +448,18 @@ rm -rf $RPM_BUILD_ROOT
%exclude %{_libdir}/httpd/modules/mod_ssl.so
%dir %{contentdir}
%dir %{contentdir}/cgi-bin
%dir %{contentdir}/html
%dir %{contentdir}/icons
%dir %{contentdir}/error
%dir %{contentdir}/error/include
%dir %{contentdir}/noindex
%{contentdir}/icons/*
%{contentdir}/error/README
%{contentdir}/error/noindex.html
%config %{contentdir}/error/*.var
%config %{contentdir}/error/include/*.html
%{contentdir}/error/*.var
%{contentdir}/error/include/*.html
%{contentdir}/noindex/index.html
%dir %{docroot}/cgi-bin
%dir %{docroot}/html
%attr(0710,root,apache) %dir %{_localstatedir}/run/httpd
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd
@ -509,15 +475,17 @@ rm -rf $RPM_BUILD_ROOT
%{_bindir}/*
%{_mandir}/man1/*
%doc LICENSE NOTICE
%exclude %{_bindir}/apxs
%files manual
%defattr(-,root,root)
%{contentdir}/manual
%config %{_sysconfdir}/httpd/conf.d/manual.conf
%config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf
%files -n mod_ssl
%defattr(-,root,root)
%{_libdir}/httpd/modules/mod_ssl.so
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf
%attr(0700,apache,root) %dir %{_localstatedir}/cache/mod_ssl
%attr(0600,apache,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.dir
@ -528,7 +496,7 @@ rm -rf $RPM_BUILD_ROOT
%files devel
%defattr(-,root,root)
%{_includedir}/httpd
%{_sbindir}/apxs
%{_bindir}/apxs
%{_mandir}/man1/apxs.1*
%dir %{_libdir}/httpd/build
%{_libdir}/httpd/build/*.mk
@ -536,6 +504,13 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/rpm/macros.httpd
%changelog
* Tue Mar 6 2012 Joe Orton <jorton@redhat.com> - 2.4.1-1
- update to 2.4.1
- adopt upstream default httpd.conf (almost verbatim)
- split all LoadModules to conf.modules.d/*.conf
- include conf.d/*.conf at end of httpd.conf
- trim %%changelog
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2.2.22-2
- fix build against PCRE 8.30
@ -656,343 +631,3 @@ rm -rf $RPM_BUILD_ROOT
* Sun Apr 04 2010 Robert Scheck <robert@fedoraproject.org> - 2.2.15-1
- update to 2.2.15 (#572404, #579311)
* Thu Dec 3 2009 Joe Orton <jorton@redhat.com> - 2.2.14-1
- update to 2.2.14
- relax permissions on /var/run/httpd (#495780)
- Requires(pre): httpd in mod_ssl subpackage (#543275)
- add partial security fix for CVE-2009-3555 (#533125)
* Tue Oct 27 2009 Tom "spot" Callaway <tcallawa@redhat.com> 2.2.13-4
- add additional explanatory text to test page to help prevent legal emails to Fedora
* Tue Sep 8 2009 Joe Orton <jorton@redhat.com> 2.2.13-2
- restart service in posttrans (#491567)
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 2.2.13-2
- rebuilt with new openssl
* Tue Aug 18 2009 Joe Orton <jorton@redhat.com> 2.2.13-1
- update to 2.2.13
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.11-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Tue Jun 16 2009 Joe Orton <jorton@redhat.com> 2.2.11-9
- build -manual as noarch
* Tue Mar 17 2009 Joe Orton <jorton@redhat.com> 2.2.11-8
- fix pidfile in httpd.logrotate (thanks to Rainer Traut)
- don't build mod_mem_cache or mod_file_cache
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.11-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Thu Jan 22 2009 Joe Orton <jorton@redhat.com> 2.2.11-6
- Require: apr-util-ldap (#471898)
- init script changes: pass pidfile to status(), use status() in
condrestart (#480602), support try-restart as alias for
condrestart
- change /etc/httpd/run symlink to have destination /var/run/httpd,
and restore "run/httpd.conf" as default PidFile (#478688)
* Fri Jan 16 2009 Tomas Mraz <tmraz@redhat.com> 2.2.11-5
- rebuild with new openssl
* Sat Dec 27 2008 Robert Scheck <robert@fedoraproject.org> 2.2.11-4
- Made default configuration using /var/run/httpd for pid file
* Thu Dec 18 2008 Joe Orton <jorton@redhat.com> 2.2.11-3
- update to 2.2.11
- package new /var/run/httpd directory, and move default pidfile
location inside there
* Tue Oct 21 2008 Joe Orton <jorton@redhat.com> 2.2.10-2
- update to 2.2.10
* Tue Jul 15 2008 Joe Orton <jorton@redhat.com> 2.2.9-5
- move AddTypes for SSL cert/CRL types from ssl.conf to httpd.conf (#449979)
* Mon Jul 14 2008 Joe Orton <jorton@redhat.com> 2.2.9-4
- use Charset=UTF-8 in default httpd.conf (#455123)
- only enable suexec when appropriate (Jim Radford, #453697)
* Thu Jul 10 2008 Tom "spot" Callaway <tcallawa@redhat.com> 2.2.9-3
- rebuild against new db4 4.7
* Tue Jul 8 2008 Joe Orton <jorton@redhat.com> 2.2.9-2
- update to 2.2.9
- build event MPM too
* Wed Jun 4 2008 Joe Orton <jorton@redhat.com> 2.2.8-4
- correct UserDir directive in default config (#449815)
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 2.2.8-3
- Autorebuild for GCC 4.3
* Tue Jan 22 2008 Joe Orton <jorton@redhat.com> 2.2.8-2
- update to 2.2.8
- drop mod_imagemap
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 2.2.6-4
- Rebuild for openssl bump
* Mon Sep 17 2007 Joe Orton <jorton@redhat.com> 2.2.6-3
- add fix for SSL library string regression (PR 43334)
- use powered-by logo from system-logos (#250676)
- preserve timestamps for installed config files
* Fri Sep 7 2007 Joe Orton <jorton@redhat.com> 2.2.6-2
- update to 2.2.6 (#250757, #282761)
* Sun Sep 2 2007 Joe Orton <jorton@redhat.com> 2.2.4-10
- rebuild for fixed APR
* Wed Aug 22 2007 Joe Orton <jorton@redhat.com> 2.2.4-9
- rebuild for expat soname bump
* Tue Aug 21 2007 Joe Orton <jorton@redhat.com> 2.2.4-8
- fix License
- require /etc/mime.types (#249223)
* Thu Jul 26 2007 Joe Orton <jorton@redhat.com> 2.2.4-7
- drop -tools dependency on httpd (thanks to Matthias Saou)
* Wed Jul 25 2007 Joe Orton <jorton@redhat.com> 2.2.4-6
- split out utilities into -tools subpackage, based on patch
by Jason Tibbs (#238257)
* Tue Jul 24 2007 Joe Orton <jorton@redhat.com> 2.2.4-5
- spec file cleanups: provide httpd-suexec, mod_dav;
don't obsolete mod_jk; drop trailing dots from Summaries
- init script
* add LSB info header, support force-reload (#246944)
* update description
* drop 1.3 config check
* pass $pidfile to daemon and pidfile everywhere
* Wed May 9 2007 Joe Orton <jorton@redhat.com> 2.2.4-4
- update welcome page branding
* Tue Apr 3 2007 Joe Orton <jorton@redhat.com> 2.2.4-3
- drop old triggers, old Requires, xmlto BR
- use Requires(...) correctly
- use standard BuildRoot
- don't mark init script as config file
- trim CHANGES further
* Mon Mar 12 2007 Joe Orton <jorton@redhat.com> 2.2.4-2
- update to 2.2.4
- drop the migration guide (#223605)
* Thu Dec 7 2006 Joe Orton <jorton@redhat.com> 2.2.3-8
- fix path to instdso.sh in special.mk (#217677)
- fix detection of links in "apachectl fullstatus"
* Tue Dec 5 2006 Joe Orton <jorton@redhat.com> 2.2.3-7
- rebuild for libpq soname bump
* Sat Nov 11 2006 Joe Orton <jorton@redhat.com> 2.2.3-6
- rebuild for BDB soname bump
* Mon Sep 11 2006 Joe Orton <jorton@redhat.com> 2.2.3-5
- updated "powered by Fedora" logo (#205573, Diana Fong)
- tweak welcome page wording slightly (#205880)
* Fri Aug 18 2006 Jesse Keating <jkeating@redhat.com> - 2.2.3-4
- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc*
(#203001)
* Thu Aug 3 2006 Joe Orton <jorton@redhat.com> 2.2.3-3
- init: use killproc() delay to avoid race killing parent
* Fri Jul 28 2006 Joe Orton <jorton@redhat.com> 2.2.3-2
- update to 2.2.3
- trim %%changelog to >=2.0.52
* Thu Jul 20 2006 Joe Orton <jorton@redhat.com> 2.2.2-8
- fix segfault on dummy connection failure at graceful restart (#199429)
* Wed Jul 19 2006 Joe Orton <jorton@redhat.com> 2.2.2-7
- fix "apxs -g"-generated Makefile
- fix buildconf with autoconf 2.60
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.2.2-5.1
- rebuild
* Wed Jun 7 2006 Joe Orton <jorton@redhat.com> 2.2.2-5
- require pkgconfig for -devel (#194152)
- fixes for installed support makefiles (special.mk et al)
- BR autoconf
* Fri Jun 2 2006 Joe Orton <jorton@redhat.com> 2.2.2-4
- make -devel package multilib-safe (#192686)
* Thu May 11 2006 Joe Orton <jorton@redhat.com> 2.2.2-3
- build DSOs using -z relro linker flag
* Wed May 3 2006 Joe Orton <jorton@redhat.com> 2.2.2-2
- update to 2.2.2
* Thu Apr 6 2006 Joe Orton <jorton@redhat.com> 2.2.0-6
- rebuild to pick up apr-util LDAP interface fix (#188073)
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - (none):2.2.0-5.1.2
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - (none):2.2.0-5.1.1
- rebuilt for new gcc4.1 snapshot and glibc changes
* Mon Feb 6 2006 Joe Orton <jorton@redhat.com> 2.2.0-5.1
- mod_auth_basic/mod_authn_file: if no provider is configured,
and AuthUserFile is not configured, decline to handle authn
silently rather than failing noisily.
* Fri Feb 3 2006 Joe Orton <jorton@redhat.com> 2.2.0-5
- mod_ssl: add security fix for CVE-2005-3357 (#177914)
- mod_imagemap: add security fix for CVE-2005-3352 (#177913)
- add fix for AP_INIT_* designated initializers with C++ compilers
- httpd.conf: enable HTMLTable in default IndexOptions
- httpd.conf: add more "redirect-carefully" matches for DAV clients
* Thu Jan 5 2006 Joe Orton <jorton@redhat.com> 2.2.0-4
- mod_proxy_ajp: fix Cookie handling (Mladen Turk, r358769)
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
* Wed Dec 7 2005 Joe Orton <jorton@redhat.com> 2.2.0-3
- strip manual to just English content
* Mon Dec 5 2005 Joe Orton <jorton@redhat.com> 2.2.0-2
- don't strip C-L from HEAD responses (Greg Ames, #110552)
- load mod_proxy_balancer by default
- add proxy_ajp.conf to load/configure mod_proxy_ajp
- Obsolete mod_jk
- update docs URLs in httpd.conf/ssl.conf
* Fri Dec 2 2005 Joe Orton <jorton@redhat.com> 2.2.0-1
- update to 2.2.0
* Wed Nov 30 2005 Joe Orton <jorton@redhat.com> 2.1.10-2
- enable mod_authn_alias, mod_authn_anon
- update default httpd.conf
* Fri Nov 25 2005 Joe Orton <jorton@redhat.com> 2.1.10-1
- update to 2.1.10
- require apr >= 1.2.0, apr-util >= 1.2.0
* Wed Nov 9 2005 Tomas Mraz <tmraz@redhat.com> 2.0.54-16
- rebuilt against new openssl
* Thu Nov 3 2005 Joe Orton <jorton@redhat.com> 2.0.54-15
- log notice giving SELinux context at startup if enabled
- drop SSLv2 and restrict default cipher suite in default
SSL configuration
* Thu Oct 20 2005 Joe Orton <jorton@redhat.com> 2.0.54-14
- mod_ssl: add security fix for SSLVerifyClient (CVE-2005-2700)
- add security fix for byterange filter DoS (CVE-2005-2728)
- add security fix for C-L vs T-E handling (CVE-2005-2088)
- mod_ssl: add security fix for CRL overflow (CVE-2005-1268)
- mod_ldap/mod_auth_ldap: add fixes from 2.0.x branch (upstream #34209 etc)
- add fix for dummy connection handling (#167425)
- mod_auth_digest: fix hostinfo comparison in CONNECT requests
- mod_include: fix variable corruption in nested includes (upstream #12655)
- mod_ssl: add fix for handling non-blocking reads
- mod_ssl: fix to enable output buffering (upstream #35279)
- mod_ssl: buffer request bodies for per-location renegotiation (upstream #12355)
* Sat Aug 13 2005 Joe Orton <jorton@redhat.com> 2.0.54-13
- don't load by default: mod_cern_meta, mod_asis
- do load by default: mod_ext_filter (#165893)
* Thu Jul 28 2005 Joe Orton <jorton@redhat.com> 2.0.54-12
- drop broken epoch deps
* Thu Jun 30 2005 Joe Orton <jorton@redhat.com> 2.0.54-11
- mod_dav_fs: fix uninitialized variable (#162144)
- add epoch to dependencies as appropriate
- mod_ssl: drop dependencies on dev, make
- mod_ssl: mark post script dependencies as such
* Mon May 23 2005 Joe Orton <jorton@redhat.com> 2.0.54-10
- remove broken symlink (Robert Scheck, #158404)
* Wed May 18 2005 Joe Orton <jorton@redhat.com> 2.0.54-9
- add piped logger fixes (w/Jeff Trawick)
* Mon May 9 2005 Joe Orton <jorton@redhat.com> 2.0.54-8
- drop old "powered by Red Hat" logos
* Wed May 4 2005 Joe Orton <jorton@redhat.com> 2.0.54-7
- mod_userdir: fix memory allocation issue (upstream #34588)
- mod_ldap: fix memory corruption issue (Brad Nicholes, upstream #34618)
* Tue Apr 26 2005 Joe Orton <jorton@redhat.com> 2.0.54-6
- fix key/cert locations in post script
* Mon Apr 25 2005 Joe Orton <jorton@redhat.com> 2.0.54-5
- create default dummy cert in /etc/pki/tls
- use a pseudo-random serial number on the dummy cert
- change default ssl.conf to point at /etc/pki/tls
- merge back -suexec subpackage; SELinux policy can now be
used to persistently disable suexec (#155716)
- drop /etc/httpd/conf/ssl.* directories and Makefiles
- unconditionally enable PIE support
- mod_ssl: fix for picking up -shutdown options (upstream #34452)
* Mon Apr 18 2005 Joe Orton <jorton@redhat.com> 2.0.54-4
- replace PreReq with Requires(pre)
* Mon Apr 18 2005 Joe Orton <jorton@redhat.com> 2.0.54-3
- update to 2.0.54
* Tue Mar 29 2005 Joe Orton <jorton@redhat.com> 2.0.53-6
- update default httpd.conf:
* clarify the comments on AddDefaultCharset usage (#135821)
* remove all the AddCharset default extensions
* don't load mod_imap by default
* synch with upstream 2.0.53 httpd-std.conf
- mod_ssl: set user from SSLUserName in access hook (upstream #31418)
- htdigest: fix permissions of created files (upstream #33765)
- remove htsslpass
* Wed Mar 2 2005 Joe Orton <jorton@redhat.com> 2.0.53-5
- apachectl: restore use of $OPTIONS again
* Wed Feb 9 2005 Joe Orton <jorton@redhat.com> 2.0.53-4
- update to 2.0.53
- move prefork/worker modules comparison to %%check
* Mon Feb 7 2005 Joe Orton <jorton@redhat.com> 2.0.52-7
- fix cosmetic issues in "service httpd reload"
- move User/Group higher in httpd.conf (#146793)
- load mod_logio by default in httpd.conf
- apachectl: update for correct libselinux tools locations
* Tue Nov 16 2004 Joe Orton <jorton@redhat.com> 2.0.52-6
- add security fix for CVE CAN-2004-0942 (memory consumption DoS)
- SELinux: run httpd -t under runcon in configtest (Steven Smalley)
- fix SSLSessionCache comment for distcache in ssl.conf
- restart using SIGHUP not SIGUSR1 after logrotate
- add ap_save_brigade fix (upstream #31247)
- mod_ssl: fix possible segfault in auth hook (upstream #31848)
- add htsslpass(1) and configure as default SSLPassPhraseDialog (#128677)
- apachectl: restore use of $OPTIONS
- apachectl, httpd.init: refuse to restart if $HTTPD -t fails
- apachectl: run $HTTPD -t in user SELinux context for configtest
- update for pcre-5.0 header locations
* Sat Nov 13 2004 Jeff Johnson <jbj@redhat.com> 2.0.52-5
- rebuild against db-4.3.21 aware apr-util.
* Thu Nov 11 2004 Jeff Johnson <jbj@jbj.org> 2.0.52-4
- rebuild against db-4.3-21.
* Thu Sep 28 2004 Joe Orton <jorton@redhat.com> 2.0.52-3
- add dummy connection address fixes from HEAD
- mod_ssl: add security fix for CAN-2004-0885
* Tue Sep 28 2004 Joe Orton <jorton@redhat.com> 2.0.52-2
- update to 2.0.52

6
httpd.sysconf
View File

@ -1,4 +1,8 @@
# Configuration file for the httpd service.
#
# This file can be used to set additional environment variables
# for the httpd process, or pass additional options to the httpd
# executable
#
#
# To pass additional options (for instance, -D definitions) to the

7
manual.conf
View File

@ -2,11 +2,10 @@
# This configuration file allows the manual to be accessed at
# http://localhost/manual/
#
AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ "/var/www/manual$1"
AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ "/usr/share/httpd/manual$1"
<Directory "/var/www/manual">
<Directory "/usr/share/httpd/manual">
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>

2
sources
View File

@ -1 +1 @@
9fe3093194c8a57f085ff7c3fc43715f httpd-2.2.22.tar.bz2
7d3001c7a26b985d17caa367a868f11c httpd-2.4.1.tar.bz2

39
ssl.conf
View File

@ -1,21 +1,8 @@
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
LoadModule ssl_module modules/mod_ssl.so
#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
Listen 443
Listen 443 https
##
## SSL Global Context
@ -37,11 +24,6 @@ SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex default
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
@ -96,12 +78,19 @@ SSLProtocol all -SSLv2
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# SSL Cipher Honor Order:
# On a busy HTTPS server you may want to enable this directive
# to force clients to use one of the faster ciphers like RC4-SHA
# or AES128-SHA in the order defined by SSLCipherSuite.
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy - if the server's key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
# Server Certificate:
@ -215,7 +204,7 @@ SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

36
userdir.conf Normal file
View File

@ -0,0 +1,36 @@
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir disabled
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disabled" line above, and uncomment
# the following line instead:
#
#UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory "/home/*/public_html">
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>

17
welcome.conf
View File

@ -1,11 +1,18 @@
#
# This configuration file enables the default "Welcome"
# page if there is no default index page present for
# the root URL. To disable the Welcome page, comment
# out all the lines below.
# This configuration file enables the default "Welcome" page if there
# is no default index page present for the root URL. To disable the
# Welcome page, comment out all the lines below.
#
# NOTE: if this file is removed, it will be restored on upgrades.
#
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /error/noindex.html
ErrorDocument 403 /.noindex.html
</LocationMatch>
<Directory /usr/share/httpd/noindex>
AllowOverride None
Require all granted
</Directory>
Alias /.noindex.html /usr/share/httpd/noindex/index.html