import httpd-2.4.37-16.module+el8.1.0+4134+e6bad0ed
This commit is contained in:
parent
b98ff77132
commit
58abeedc85
24
SOURCES/config.layout
Normal file
24
SOURCES/config.layout
Normal file
@ -0,0 +1,24 @@
|
||||
# Layout used in Fedora httpd packaging.
|
||||
<Layout Fedora>
|
||||
prefix: /etc/httpd
|
||||
localstatedir: /var
|
||||
exec_prefix: /usr
|
||||
bindir: ${exec_prefix}/bin
|
||||
sbindir: ${exec_prefix}/sbin
|
||||
libdir: ${exec_prefix}/lib
|
||||
libexecdir: ${exec_prefix}/libexec
|
||||
mandir: ${exec_prefix}/man
|
||||
sysconfdir: /etc/httpd/conf
|
||||
datadir: ${exec_prefix}/share/httpd
|
||||
installbuilddir: ${libdir}/httpd/build
|
||||
errordir: ${datadir}/error
|
||||
iconsdir: ${datadir}/icons
|
||||
htdocsdir: ${localstatedir}/www/html
|
||||
manualdir: ${datadir}/manual
|
||||
cgidir: ${localstatedir}/www/cgi-bin
|
||||
includedir: ${exec_prefix}/include/httpd
|
||||
runtimedir: ${prefix}/run
|
||||
logfiledir: ${localstatedir}/log/httpd
|
||||
statedir: ${prefix}/state
|
||||
proxycachedir: ${localstatedir}/cache/httpd/proxy
|
||||
</Layout>
|
@ -1,35 +0,0 @@
|
||||
|
||||
Add layout for Fedora.
|
||||
|
||||
diff --git a/config.layout b/config.layout
|
||||
index 8579587..79fbce7 100644
|
||||
--- a/config.layout
|
||||
+++ b/config.layout
|
||||
@@ -394,3 +394,27 @@
|
||||
logfiledir: ${localstatedir}/log/httpd
|
||||
proxycachedir: ${localstatedir}/cache/httpd
|
||||
</Layout>
|
||||
+
|
||||
+# Fedora/RHEL layout
|
||||
+<Layout Fedora>
|
||||
+ prefix: /usr
|
||||
+ exec_prefix: ${prefix}
|
||||
+ bindir: ${prefix}/bin
|
||||
+ sbindir: ${prefix}/sbin
|
||||
+ libdir: ${prefix}/lib
|
||||
+ libexecdir: ${prefix}/libexec
|
||||
+ mandir: ${prefix}/man
|
||||
+ sysconfdir: /etc/httpd/conf
|
||||
+ datadir: ${prefix}/share/httpd
|
||||
+ installbuilddir: ${libdir}/httpd/build
|
||||
+ errordir: ${datadir}/error
|
||||
+ iconsdir: ${datadir}/icons
|
||||
+ htdocsdir: /var/www/html
|
||||
+ manualdir: ${datadir}/manual
|
||||
+ cgidir: /var/www/cgi-bin
|
||||
+ includedir: ${prefix}/include/httpd
|
||||
+ localstatedir: /var
|
||||
+ runtimedir: /run/httpd
|
||||
+ logfiledir: ${localstatedir}/log/httpd
|
||||
+ proxycachedir: ${localstatedir}/cache/httpd/proxy
|
||||
+</Layout>
|
111
SOURCES/httpd-2.4.37-CVE-2019-0217.patch
Normal file
111
SOURCES/httpd-2.4.37-CVE-2019-0217.patch
Normal file
@ -0,0 +1,111 @@
|
||||
--- a/modules/aaa/mod_auth_digest.c 2019/03/12 09:24:19 1855297
|
||||
+++ b/modules/aaa/mod_auth_digest.c 2019/03/12 09:24:26 1855298
|
||||
@@ -92,7 +92,6 @@
|
||||
int check_nc;
|
||||
const char *algorithm;
|
||||
char *uri_list;
|
||||
- const char *ha1;
|
||||
} digest_config_rec;
|
||||
|
||||
|
||||
@@ -153,6 +152,7 @@
|
||||
apr_time_t nonce_time;
|
||||
enum hdr_sts auth_hdr_sts;
|
||||
int needed_auth;
|
||||
+ const char *ha1;
|
||||
client_entry *client;
|
||||
} digest_header_rec;
|
||||
|
||||
@@ -1304,7 +1304,7 @@
|
||||
*/
|
||||
|
||||
static authn_status get_hash(request_rec *r, const char *user,
|
||||
- digest_config_rec *conf)
|
||||
+ digest_config_rec *conf, const char **rethash)
|
||||
{
|
||||
authn_status auth_result;
|
||||
char *password;
|
||||
@@ -1356,7 +1356,7 @@
|
||||
} while (current_provider);
|
||||
|
||||
if (auth_result == AUTH_USER_FOUND) {
|
||||
- conf->ha1 = password;
|
||||
+ *rethash = password;
|
||||
}
|
||||
|
||||
return auth_result;
|
||||
@@ -1483,25 +1483,24 @@
|
||||
|
||||
/* RFC-2069 */
|
||||
static const char *old_digest(const request_rec *r,
|
||||
- const digest_header_rec *resp, const char *ha1)
|
||||
+ const digest_header_rec *resp)
|
||||
{
|
||||
const char *ha2;
|
||||
|
||||
ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":",
|
||||
resp->uri, NULL));
|
||||
return ap_md5(r->pool,
|
||||
- (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce,
|
||||
- ":", ha2, NULL));
|
||||
+ (unsigned char *)apr_pstrcat(r->pool, resp->ha1, ":",
|
||||
+ resp->nonce, ":", ha2, NULL));
|
||||
}
|
||||
|
||||
/* RFC-2617 */
|
||||
static const char *new_digest(const request_rec *r,
|
||||
- digest_header_rec *resp,
|
||||
- const digest_config_rec *conf)
|
||||
+ digest_header_rec *resp)
|
||||
{
|
||||
const char *ha1, *ha2, *a2;
|
||||
|
||||
- ha1 = conf->ha1;
|
||||
+ ha1 = resp->ha1;
|
||||
|
||||
a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL);
|
||||
ha2 = ap_md5(r->pool, (const unsigned char *)a2);
|
||||
@@ -1514,7 +1513,6 @@
|
||||
NULL));
|
||||
}
|
||||
|
||||
-
|
||||
static void copy_uri_components(apr_uri_t *dst,
|
||||
apr_uri_t *src, request_rec *r) {
|
||||
if (src->scheme && src->scheme[0] != '\0') {
|
||||
@@ -1759,7 +1757,7 @@
|
||||
return HTTP_UNAUTHORIZED;
|
||||
}
|
||||
|
||||
- return_code = get_hash(r, r->user, conf);
|
||||
+ return_code = get_hash(r, r->user, conf, &resp->ha1);
|
||||
|
||||
if (return_code == AUTH_USER_NOT_FOUND) {
|
||||
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01790)
|
||||
@@ -1789,7 +1787,7 @@
|
||||
|
||||
if (resp->message_qop == NULL) {
|
||||
/* old (rfc-2069) style digest */
|
||||
- if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) {
|
||||
+ if (strcmp(resp->digest, old_digest(r, resp))) {
|
||||
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01792)
|
||||
"user %s: password mismatch: %s", r->user,
|
||||
r->uri);
|
||||
@@ -1819,7 +1817,7 @@
|
||||
return HTTP_UNAUTHORIZED;
|
||||
}
|
||||
|
||||
- exp_digest = new_digest(r, resp, conf);
|
||||
+ exp_digest = new_digest(r, resp);
|
||||
if (!exp_digest) {
|
||||
/* we failed to allocate a client struct */
|
||||
return HTTP_INTERNAL_SERVER_ERROR;
|
||||
@@ -1903,7 +1901,7 @@
|
||||
|
||||
/* calculate rspauth attribute
|
||||
*/
|
||||
- ha1 = conf->ha1;
|
||||
+ ha1 = resp->ha1;
|
||||
|
||||
a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL);
|
||||
ha2 = ap_md5(r->pool, (const unsigned char *)a2);
|
235
SOURCES/httpd-2.4.37-CVE-2019-0220.patch
Normal file
235
SOURCES/httpd-2.4.37-CVE-2019-0220.patch
Normal file
@ -0,0 +1,235 @@
|
||||
diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
|
||||
index 0a24bc8..20d1e5a 100644
|
||||
--- a/docs/manual/mod/core.html.en
|
||||
+++ b/docs/manual/mod/core.html.en
|
||||
@@ -97,6 +97,7 @@ available</td></tr>
|
||||
<li><img alt="" src="../images/down.gif" /> <a href="#maxrangeoverlaps">MaxRangeOverlaps</a></li>
|
||||
<li><img alt="" src="../images/down.gif" /> <a href="#maxrangereversals">MaxRangeReversals</a></li>
|
||||
<li><img alt="" src="../images/down.gif" /> <a href="#maxranges">MaxRanges</a></li>
|
||||
+<li><img alt="" src="../images/down.gif" /> <a href="#mergeslashes">MergeSlashes</a></li>
|
||||
<li><img alt="" src="../images/down.gif" /> <a href="#mergetrailers">MergeTrailers</a></li>
|
||||
<li><img alt="" src="../images/down.gif" /> <a href="#mutex">Mutex</a></li>
|
||||
<li><img alt="" src="../images/down.gif" /> <a href="#namevirtualhost">NameVirtualHost</a></li>
|
||||
@@ -3465,6 +3466,30 @@ resource </td></tr>
|
||||
|
||||
</div>
|
||||
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
|
||||
+<div class="directive-section"><h2><a name="MergeSlashes" id="MergeSlashes">MergeSlashes</a> <a name="mergeslashes" id="mergeslashes">Directive</a></h2>
|
||||
+<table class="directive">
|
||||
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Controls whether the server merges consecutive slashes in URLs. </td></tr>
|
||||
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MergeSlashes ON | OFF</code></td></tr>
|
||||
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MergeSlashes ON</code></td></tr>
|
||||
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
|
||||
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
|
||||
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
|
||||
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.4.6 in Red Hat Enterprise Linux 7</td></tr>
|
||||
+</table>
|
||||
+ <p>By default, the server merges (or collapses) multiple consecutive slash
|
||||
+ ('/') characters in the path component of the request URL.</p>
|
||||
+
|
||||
+ <p>When mapping URL's to the filesystem, these multiple slashes are not
|
||||
+ significant. However, URL's handled other ways, such as by CGI or proxy,
|
||||
+ might prefer to retain the significance of multiple consecutive slashes.
|
||||
+ In these cases <code class="directive">MergeSlashes</code> can be set to
|
||||
+ <em>OFF</em> to retain the multiple consecutive slashes. In these
|
||||
+ configurations, regular expressions used in the configuration file that match
|
||||
+ the path component of the URL (<code class="directive">LocationMatch</code>,
|
||||
+ <code class="directive">RewriteRule</code>, ...) need to take into account multiple
|
||||
+ consecutive slashes.</p>
|
||||
+</div>
|
||||
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
|
||||
<div class="directive-section"><h2><a name="MergeTrailers" id="MergeTrailers">MergeTrailers</a> <a name="mergetrailers" id="mergetrailers">Directive</a></h2>
|
||||
<table class="directive">
|
||||
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines whether trailers are merged into headers</td></tr>
|
||||
--- a/include/http_core.h 2019/03/18 08:49:19 1855736
|
||||
+++ b/include/http_core.h 2019/03/18 08:49:59 1855737
|
||||
@@ -740,7 +740,7 @@
|
||||
#define AP_HTTP_METHODS_LENIENT 1
|
||||
#define AP_HTTP_METHODS_REGISTERED 2
|
||||
char http_methods;
|
||||
-
|
||||
+ unsigned int merge_slashes;
|
||||
} core_server_config;
|
||||
|
||||
/* for AddOutputFiltersByType in core.c */
|
||||
diff --git a/include/httpd.h b/include/httpd.h
|
||||
index 65392f8..99f7f04 100644
|
||||
--- a/include/httpd.h
|
||||
+++ b/include/httpd.h
|
||||
@@ -1697,11 +1697,21 @@ AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes);
|
||||
AP_DECLARE(int) ap_unescape_urlencoded(char *query);
|
||||
|
||||
/**
|
||||
- * Convert all double slashes to single slashes
|
||||
- * @param name The string to convert
|
||||
+ * Convert all double slashes to single slashes, except where significant
|
||||
+ * to the filesystem on the current platform.
|
||||
+ * @param name The string to convert, assumed to be a filesystem path
|
||||
*/
|
||||
AP_DECLARE(void) ap_no2slash(char *name);
|
||||
|
||||
+/**
|
||||
+ * Convert all double slashes to single slashes, except where significant
|
||||
+ * to the filesystem on the current platform.
|
||||
+ * @param name The string to convert
|
||||
+ * @param is_fs_path if set to 0, the significance of any double-slashes is
|
||||
+ * ignored.
|
||||
+ */
|
||||
+AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path);
|
||||
+
|
||||
/**
|
||||
* Remove all ./ and xx/../ substrings from a file name. Also remove
|
||||
* any leading ../ or /../ substrings.
|
||||
diff --git a/server/request.c b/server/request.c
|
||||
index dbe3e07..d5c558a 100644
|
||||
--- a/server/request.c
|
||||
+++ b/server/request.c
|
||||
@@ -167,6 +167,8 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
|
||||
int file_req = (r->main && r->filename);
|
||||
int access_status;
|
||||
core_dir_config *d;
|
||||
+ core_server_config *sconf =
|
||||
+ ap_get_core_module_config(r->server->module_config);
|
||||
|
||||
/* Ignore embedded %2F's in path for proxy requests */
|
||||
if (!r->proxyreq && r->parsed_uri.path) {
|
||||
@@ -191,6 +193,12 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
|
||||
}
|
||||
|
||||
ap_getparents(r->uri); /* OK --- shrinking transformations... */
|
||||
+ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
|
||||
+ ap_no2slash(r->uri);
|
||||
+ if (r->parsed_uri.path) {
|
||||
+ ap_no2slash(r->parsed_uri.path);
|
||||
+ }
|
||||
+ }
|
||||
|
||||
/* All file subrequests are a huge pain... they cannot bubble through the
|
||||
* next several steps. Only file subrequests are allowed an empty uri,
|
||||
@@ -1411,20 +1419,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
|
||||
|
||||
cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
|
||||
cached = (cache->cached != NULL);
|
||||
-
|
||||
- /* Location and LocationMatch differ on their behaviour w.r.t. multiple
|
||||
- * slashes. Location matches multiple slashes with a single slash,
|
||||
- * LocationMatch doesn't. An exception, for backwards brokenness is
|
||||
- * absoluteURIs... in which case neither match multiple slashes.
|
||||
- */
|
||||
- if (r->uri[0] != '/') {
|
||||
- entry_uri = r->uri;
|
||||
- }
|
||||
- else {
|
||||
- char *uri = apr_pstrdup(r->pool, r->uri);
|
||||
- ap_no2slash(uri);
|
||||
- entry_uri = uri;
|
||||
- }
|
||||
+ entry_uri = r->uri;
|
||||
|
||||
/* If we have an cache->cached location that matches r->uri,
|
||||
* and the vhost's list of locations hasn't changed, we can skip
|
||||
@@ -1491,7 +1486,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
|
||||
pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
|
||||
}
|
||||
|
||||
- if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
|
||||
+ if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -1501,7 +1496,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
|
||||
apr_table_setn(r->subprocess_env,
|
||||
((const char **)entry_core->refs->elts)[i],
|
||||
apr_pstrndup(r->pool,
|
||||
- r->uri + pmatch[i].rm_so,
|
||||
+ entry_uri + pmatch[i].rm_so,
|
||||
pmatch[i].rm_eo - pmatch[i].rm_so));
|
||||
}
|
||||
}
|
||||
diff --git a/server/util.c b/server/util.c
|
||||
index fd7a0a1..e0c558c 100644
|
||||
--- a/server/util.c
|
||||
+++ b/server/util.c
|
||||
@@ -561,16 +561,20 @@ AP_DECLARE(void) ap_getparents(char *name)
|
||||
name[l] = '\0';
|
||||
}
|
||||
}
|
||||
-
|
||||
-AP_DECLARE(void) ap_no2slash(char *name)
|
||||
+AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path)
|
||||
{
|
||||
+
|
||||
char *d, *s;
|
||||
|
||||
+ if (!*name) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
s = d = name;
|
||||
|
||||
#ifdef HAVE_UNC_PATHS
|
||||
/* Check for UNC names. Leave leading two slashes. */
|
||||
- if (s[0] == '/' && s[1] == '/')
|
||||
+ if (is_fs_path && s[0] == '/' && s[1] == '/')
|
||||
*d++ = *s++;
|
||||
#endif
|
||||
|
||||
@@ -587,6 +591,10 @@ AP_DECLARE(void) ap_no2slash(char *name)
|
||||
*d = '\0';
|
||||
}
|
||||
|
||||
+AP_DECLARE(void) ap_no2slash(char *name)
|
||||
+{
|
||||
+ ap_no2slash_ex(name, 1);
|
||||
+}
|
||||
|
||||
/*
|
||||
* copy at most n leading directories of s into d
|
||||
diff --git a/server/core.c b/server/core.c
|
||||
index b5ab429..a31f1e4 100644
|
||||
--- a/server/core.c
|
||||
+++ b/server/core.c
|
||||
@@ -493,6 +493,7 @@ static void *create_core_server_config(apr_pool_t *a, server_rec *s)
|
||||
*/
|
||||
|
||||
conf->trace_enable = AP_TRACE_UNSET;
|
||||
+ conf->merge_slashes = AP_CORE_CONFIG_UNSET;
|
||||
|
||||
conf->protocols = apr_array_make(a, 5, sizeof(const char *));
|
||||
conf->protocols_honor_order = -1;
|
||||
@@ -561,7 +562,9 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv)
|
||||
conf->protocols_honor_order = ((virt->protocols_honor_order < 0)?
|
||||
base->protocols_honor_order :
|
||||
virt->protocols_honor_order);
|
||||
-
|
||||
+
|
||||
+ AP_CORE_MERGE_FLAG(merge_slashes, conf, base, virt);
|
||||
+
|
||||
return conf;
|
||||
}
|
||||
|
||||
@@ -1872,6 +1875,13 @@ static const char *set_qualify_redirect_url(cmd_parms *cmd, void *d_, int flag)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+static const char *set_core_server_flag(cmd_parms *cmd, void *s_, int flag)
|
||||
+{
|
||||
+ core_server_config *conf =
|
||||
+ ap_get_core_module_config(cmd->server->module_config);
|
||||
+ return ap_set_flag_slot(cmd, conf, flag);
|
||||
+}
|
||||
+
|
||||
static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *const argv[])
|
||||
{
|
||||
core_dir_config *d = d_;
|
||||
@@ -4598,6 +4608,10 @@ AP_INIT_ITERATE("HttpProtocolOptions", set_http_protocol_options, NULL, RSRC_CON
|
||||
"'Unsafe' or 'Strict' (default). Sets HTTP acceptance rules"),
|
||||
AP_INIT_ITERATE("RegisterHttpMethod", set_http_method, NULL, RSRC_CONF,
|
||||
"Registers non-standard HTTP methods"),
|
||||
+AP_INIT_FLAG("MergeSlashes", set_core_server_flag,
|
||||
+ (void *)APR_OFFSETOF(core_server_config, merge_slashes),
|
||||
+ RSRC_CONF,
|
||||
+ "Controls whether consecutive slashes in the URI path are merged"),
|
||||
{ NULL }
|
||||
};
|
||||
|
44
SOURCES/httpd-2.4.37-mod-md-perms.patch
Normal file
44
SOURCES/httpd-2.4.37-mod-md-perms.patch
Normal file
@ -0,0 +1,44 @@
|
||||
diff --git a/modules/md/mod_md_os.c b/modules/md/mod_md_os.c
|
||||
index f96d566..8df0248 100644
|
||||
--- a/modules/md/mod_md_os.c
|
||||
+++ b/modules/md/mod_md_os.c
|
||||
@@ -41,14 +41,20 @@
|
||||
|
||||
apr_status_t md_try_chown(const char *fname, unsigned int uid, int gid, apr_pool_t *p)
|
||||
{
|
||||
-#if AP_NEED_SET_MUTEX_PERMS
|
||||
- if (-1 == chown(fname, (uid_t)uid, (gid_t)gid)) {
|
||||
- apr_status_t rv = APR_FROM_OS_ERROR(errno);
|
||||
- if (!APR_STATUS_IS_ENOENT(rv)) {
|
||||
- ap_log_perror(APLOG_MARK, APLOG_ERR, rv, p, APLOGNO(10082)
|
||||
- "Can't change owner of %s", fname);
|
||||
+#if AP_NEED_SET_MUTEX_PERMS && HAVE_UNISTD_H
|
||||
+ /* Since we only switch user when running as root, we only need to chown directories
|
||||
+ * in that case. Otherwise, the server will ignore any "user/group" directives and
|
||||
+ * child processes have the same privileges as the parent.
|
||||
+ */
|
||||
+ if (!geteuid()) {
|
||||
+ if (-1 == chown(fname, (uid_t)uid, (gid_t)gid)) {
|
||||
+ apr_status_t rv = APR_FROM_OS_ERROR(errno);
|
||||
+ if (!APR_STATUS_IS_ENOENT(rv)) {
|
||||
+ ap_log_perror(APLOG_MARK, APLOG_ERR, rv, p, APLOGNO(10082)
|
||||
+ "Can't change owner of %s", fname);
|
||||
+ }
|
||||
+ return rv;
|
||||
}
|
||||
- return rv;
|
||||
}
|
||||
return APR_SUCCESS;
|
||||
#else
|
||||
@@ -58,11 +64,7 @@ apr_status_t md_try_chown(const char *fname, unsigned int uid, int gid, apr_pool
|
||||
|
||||
apr_status_t md_make_worker_accessible(const char *fname, apr_pool_t *p)
|
||||
{
|
||||
-#if AP_NEED_SET_MUTEX_PERMS
|
||||
return md_try_chown(fname, ap_unixd_config.user_id, -1, p);
|
||||
-#else
|
||||
- return APR_ENOTIMPL;
|
||||
-#endif
|
||||
}
|
||||
|
||||
#ifdef WIN32
|
24
SOURCES/httpd-2.4.37-mod-mime-magic-strdup.patch
Normal file
24
SOURCES/httpd-2.4.37-mod-mime-magic-strdup.patch
Normal file
@ -0,0 +1,24 @@
|
||||
diff --git a/docs/conf/magic b/docs/conf/magic
|
||||
index 7c56119..bc891d9 100644
|
||||
--- a/docs/conf/magic
|
||||
+++ b/docs/conf/magic
|
||||
@@ -87,7 +87,7 @@
|
||||
# Microsoft WAVE format (*.wav)
|
||||
# [GRR 950115: probably all of the shorts and longs should be leshort/lelong]
|
||||
# Microsoft RIFF
|
||||
-0 string RIFF audio/unknown
|
||||
+0 string RIFF
|
||||
# - WAVE format
|
||||
>8 string WAVE audio/x-wav
|
||||
# MPEG audio.
|
||||
--- a/modules/metadata/mod_mime_magic.c 2013/06/11 07:36:13 1491699
|
||||
+++ b/modules/metadata/mod_mime_magic.c 2013/06/11 07:41:40 1491700
|
||||
@@ -606,7 +606,7 @@
|
||||
/* high overhead for 1 char - just hope they don't do this much */
|
||||
str[0] = c;
|
||||
str[1] = '\0';
|
||||
- return magic_rsl_add(r, str);
|
||||
+ return magic_rsl_add(r, apr_pstrdup(r->pool, str));
|
||||
}
|
||||
|
||||
/* allocate and copy a contiguous string from a result string list */
|
35
SOURCES/httpd-2.4.37-r1840554.patch
Normal file
35
SOURCES/httpd-2.4.37-r1840554.patch
Normal file
@ -0,0 +1,35 @@
|
||||
diff --git a/modules/arch/unix/mod_systemd.c b/modules/arch/unix/mod_systemd.c
|
||||
index 7a82a90..6c244b6 100644
|
||||
--- a/modules/arch/unix/mod_systemd.c
|
||||
+++ b/modules/arch/unix/mod_systemd.c
|
||||
@@ -100,6 +100,21 @@ static int systemd_post_config(apr_pool_t *pconf, apr_pool_t *plog,
|
||||
return OK;
|
||||
}
|
||||
|
||||
+/* Report the service is ready in post_config, which could be during
|
||||
+ * startup or after a reload. The server could still hit a fatal
|
||||
+ * startup error after this point during ap_run_mpm(), so this is
|
||||
+ * perhaps too early, but by post_config listen() has been called on
|
||||
+ * the TCP ports so new connections will not be rejected. There will
|
||||
+ * always be a possible async failure event simultaneous to the
|
||||
+ * service reporting "ready", so this should be good enough. */
|
||||
+static int systemd_post_config_last(apr_pool_t *p, apr_pool_t *plog,
|
||||
+ apr_pool_t *ptemp, server_rec *main_server)
|
||||
+{
|
||||
+ sd_notify(0, "READY=1\n"
|
||||
+ "STATUS=Configuration loaded.\n");
|
||||
+ return OK;
|
||||
+}
|
||||
+
|
||||
static int systemd_pre_mpm(apr_pool_t *p, ap_scoreboard_e sb_type)
|
||||
{
|
||||
int rv;
|
||||
@@ -187,6 +202,8 @@ static void systemd_register_hooks(apr_pool_t *p)
|
||||
ap_hook_pre_config(systemd_pre_config, NULL, NULL, APR_HOOK_LAST);
|
||||
/* Grab the listener config. */
|
||||
ap_hook_post_config(systemd_post_config, NULL, NULL, APR_HOOK_LAST);
|
||||
+ /* Signal service is ready. */
|
||||
+ ap_hook_post_config(systemd_post_config_last, NULL, NULL, APR_HOOK_REALLY_LAST);
|
||||
/* We know the PID in this hook ... */
|
||||
ap_hook_pre_mpm(systemd_pre_mpm, NULL, NULL, APR_HOOK_LAST);
|
||||
/* Used to update httpd's status line using sd_notifyf */
|
@ -1,10 +1,27 @@
|
||||
# ./pullrev.sh 1842929 1842931
|
||||
# ./pullrev.sh 1842929 1842931 1852982 1853631 1857731
|
||||
http://svn.apache.org/viewvc?view=revision&revision=1842929
|
||||
http://svn.apache.org/viewvc?view=revision&revision=1842931
|
||||
http://svn.apache.org/viewvc?view=revision&revision=1852982
|
||||
http://svn.apache.org/viewvc?view=revision&revision=1857731
|
||||
http://svn.apache.org/viewvc?view=revision&revision=1853631
|
||||
|
||||
--- httpd-2.4.37/acinclude.m4.r1842929+
|
||||
+++ httpd-2.4.37/acinclude.m4
|
||||
@@ -45,6 +45,7 @@
|
||||
diff --git a/Makefile.in b/Makefile.in
|
||||
index 06b8c5a..9eeb5c7 100644
|
||||
--- a/Makefile.in
|
||||
+++ b/Makefile.in
|
||||
@@ -213,6 +213,7 @@ install-cgi:
|
||||
install-other:
|
||||
@test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir)
|
||||
@test -d $(DESTDIR)$(runtimedir) || $(MKINSTALLDIRS) $(DESTDIR)$(runtimedir)
|
||||
+ @test -d $(DESTDIR)$(statedir) || $(MKINSTALLDIRS) $(DESTDIR)$(statedir)
|
||||
@for ext in dll x; do \
|
||||
file=apachecore.$$ext; \
|
||||
if test -f $$file; then \
|
||||
diff --git a/acinclude.m4 b/acinclude.m4
|
||||
index 0ad0c13..a8c2804 100644
|
||||
--- a/acinclude.m4
|
||||
+++ b/acinclude.m4
|
||||
@@ -45,6 +45,7 @@ AC_DEFUN([APACHE_GEN_CONFIG_VARS],[
|
||||
APACHE_SUBST(installbuilddir)
|
||||
APACHE_SUBST(runtimedir)
|
||||
APACHE_SUBST(proxycachedir)
|
||||
@ -12,7 +29,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
|
||||
APACHE_SUBST(other_targets)
|
||||
APACHE_SUBST(progname)
|
||||
APACHE_SUBST(prefix)
|
||||
@@ -663,6 +664,7 @@
|
||||
@@ -663,6 +664,7 @@ AC_DEFUN([APACHE_EXPORT_ARGUMENTS],[
|
||||
APACHE_SUBST_EXPANDED_ARG(runtimedir)
|
||||
APACHE_SUBST_EXPANDED_ARG(logfiledir)
|
||||
APACHE_SUBST_EXPANDED_ARG(proxycachedir)
|
||||
@ -20,131 +37,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
|
||||
])
|
||||
|
||||
dnl
|
||||
--- httpd-2.4.37/config.layout.r1842929+
|
||||
+++ httpd-2.4.37/config.layout
|
||||
@@ -29,6 +29,7 @@
|
||||
includedir: ${prefix}/include
|
||||
localstatedir: ${prefix}
|
||||
runtimedir: ${localstatedir}/logs
|
||||
+ statedir: ${localstatedir}/state
|
||||
logfiledir: ${localstatedir}/logs
|
||||
proxycachedir: ${localstatedir}/proxy
|
||||
</Layout>
|
||||
@@ -54,6 +55,7 @@
|
||||
includedir: ${prefix}/include+
|
||||
localstatedir: ${prefix}/var+
|
||||
runtimedir: ${localstatedir}/run
|
||||
+ statedir: ${localstatedir}/state
|
||||
logfiledir: ${localstatedir}/log
|
||||
proxycachedir: ${localstatedir}/proxy
|
||||
</Layout>
|
||||
@@ -78,6 +80,7 @@
|
||||
includedir: /System/Library/Frameworks/Apache.framework/Versions/2.0/Headers
|
||||
localstatedir: /var
|
||||
runtimedir: ${prefix}/Logs
|
||||
+ statedir: ${prefix}/State
|
||||
logfiledir: ${prefix}/Logs
|
||||
proxycachedir: ${prefix}/ProxyCache
|
||||
</Layout>
|
||||
@@ -102,6 +105,7 @@
|
||||
includedir: ${prefix}/include+
|
||||
localstatedir: /var
|
||||
runtimedir: ${localstatedir}/run
|
||||
+ statedir: ${localstatedir}/state
|
||||
logfiledir: ${localstatedir}/log+
|
||||
proxycachedir: ${runtimedir}/proxy
|
||||
</Layout>
|
||||
@@ -126,6 +130,7 @@
|
||||
includedir: ${prefix}/include/apache
|
||||
localstatedir: /var
|
||||
runtimedir: ${localstatedir}/run
|
||||
+ statedir: ${localstatedir}/lib/httpd
|
||||
logfiledir: ${localstatedir}/log/httpd
|
||||
proxycachedir: ${localstatedir}/cache/httpd
|
||||
</Layout>
|
||||
@@ -151,6 +156,7 @@
|
||||
includedir: ${prefix}/include/httpd
|
||||
runtimedir: /run/httpd
|
||||
logfiledir: ${localstatedir}/log/httpd
|
||||
+ statedir: ${localstatedir}/lib/httpd
|
||||
proxycachedir: ${localstatedir}/cache/httpd/proxy
|
||||
</Layout>
|
||||
|
||||
@@ -175,6 +181,7 @@
|
||||
localstatedir: /var${prefix}
|
||||
runtimedir: ${localstatedir}/run
|
||||
logfiledir: ${localstatedir}/logs
|
||||
+ statedir: ${localstatedir}/state
|
||||
proxycachedir: ${localstatedir}/proxy
|
||||
</Layout>
|
||||
|
||||
@@ -197,6 +204,7 @@
|
||||
cgidir: ${datadir}/cgi-bin
|
||||
includedir: ${prefix}/include/apache
|
||||
localstatedir: /var/lib/httpd
|
||||
+ statedir: ${localstatedir}
|
||||
runtimedir: /var/run
|
||||
logfiledir: /var/log/httpd
|
||||
proxycachedir: /var/cache/httpd
|
||||
@@ -223,6 +231,7 @@
|
||||
localstatedir: /var
|
||||
runtimedir: ${localstatedir}/run
|
||||
logfiledir: ${localstatedir}/log/httpd
|
||||
+ statedir: ${prefix}/state
|
||||
proxycachedir: ${localstatedir}/proxy
|
||||
</Layout>
|
||||
|
||||
@@ -246,6 +255,7 @@
|
||||
includedir: ${exec_prefix}/include
|
||||
localstatedir: ${prefix}
|
||||
runtimedir: /var/run
|
||||
+ statedir: ${datadir}/state
|
||||
logfiledir: ${datadir}/logs
|
||||
proxycachedir: ${datadir}/proxy
|
||||
</Layout>
|
||||
@@ -271,6 +281,7 @@
|
||||
localstatedir: ${prefix}
|
||||
runtimedir: ${prefix}/logs
|
||||
logfiledir: ${prefix}/logs
|
||||
+ statedir: ${prefix}/state
|
||||
proxycachedir: ${prefix}/proxy
|
||||
</Layout>
|
||||
|
||||
@@ -315,6 +326,7 @@
|
||||
cgidir: ${prefix}/usr/lib/cgi-bin
|
||||
includedir: ${exec_prefix}/include/apache2
|
||||
localstatedir: ${prefix}/var/lock/apache2
|
||||
+ statedir: ${prefix}/var/lib/apache2
|
||||
runtimedir: ${prefix}/var/run/apache2
|
||||
logfiledir: ${prefix}/var/log/apache2
|
||||
proxycachedir: ${prefix}/var/cache/apache2/proxy
|
||||
@@ -343,6 +355,7 @@
|
||||
manualdir: ${datadir}/manual
|
||||
cgidir: ${datadir}/cgi-bin
|
||||
runtimedir: ${localstatedir}/run
|
||||
+ runtimedir: ${localstatedir}/lib/httpd
|
||||
logfiledir: ${localstatedir}/log/httpd
|
||||
proxycachedir: ${localstatedir}/cache/httpd/cache-root
|
||||
</Layout>
|
||||
@@ -366,6 +379,7 @@
|
||||
manualdir: ${prefix}/manual
|
||||
includedir: ${prefix}/include
|
||||
localstatedir: /var/httpd
|
||||
+ statedir: ${localstatedir}/state
|
||||
runtimedir: ${localstatedir}/run
|
||||
logfiledir: ${localstatedir}/logs
|
||||
proxycachedir: ${localstatedir}/proxy
|
||||
@@ -391,6 +405,7 @@
|
||||
includedir: ${prefix}/include/httpd
|
||||
localstatedir: /var
|
||||
runtimedir: ${localstatedir}/run/httpd
|
||||
+ statedir: ${localstatedir}/lib/httpd
|
||||
logfiledir: ${localstatedir}/log/httpd
|
||||
proxycachedir: ${localstatedir}/cache/httpd
|
||||
</Layout>
|
||||
--- httpd-2.4.37/configure.in.r1842929+
|
||||
+++ httpd-2.4.37/configure.in
|
||||
@@ -41,7 +41,7 @@
|
||||
diff --git a/configure.in b/configure.in
|
||||
index a208b53..de6a8ad 100644
|
||||
--- a/configure.in
|
||||
+++ b/configure.in
|
||||
@@ -41,7 +41,7 @@ dnl Something seems broken here.
|
||||
AC_PREFIX_DEFAULT(/usr/local/apache2)
|
||||
|
||||
dnl Get the layout here, so we can pass the required variables to apr
|
||||
@ -153,8 +50,10 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
|
||||
|
||||
dnl reparse the configure arguments.
|
||||
APR_PARSE_ARGUMENTS
|
||||
--- httpd-2.4.37/include/ap_config_layout.h.in.r1842929+
|
||||
+++ httpd-2.4.37/include/ap_config_layout.h.in
|
||||
diff --git a/include/ap_config_layout.h.in b/include/ap_config_layout.h.in
|
||||
index 2b4a70c..e076f41 100644
|
||||
--- a/include/ap_config_layout.h.in
|
||||
+++ b/include/ap_config_layout.h.in
|
||||
@@ -60,5 +60,7 @@
|
||||
#define DEFAULT_REL_LOGFILEDIR "@rel_logfiledir@"
|
||||
#define DEFAULT_EXP_PROXYCACHEDIR "@exp_proxycachedir@"
|
||||
@ -163,9 +62,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
|
||||
+#define DEFAULT_REL_STATEDIR "@rel_statedir@"
|
||||
|
||||
#endif /* AP_CONFIG_LAYOUT_H */
|
||||
--- httpd-2.4.37/include/http_config.h.r1842929+
|
||||
+++ httpd-2.4.37/include/http_config.h
|
||||
@@ -757,6 +757,14 @@
|
||||
diff --git a/include/http_config.h b/include/http_config.h
|
||||
index adc5825..effccc1 100644
|
||||
--- a/include/http_config.h
|
||||
+++ b/include/http_config.h
|
||||
@@ -757,6 +757,14 @@ AP_DECLARE(char *) ap_server_root_relative(apr_pool_t *p, const char *fname);
|
||||
*/
|
||||
AP_DECLARE(char *) ap_runtime_dir_relative(apr_pool_t *p, const char *fname);
|
||||
|
||||
@ -180,19 +81,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
|
||||
/* Finally, the hook for dynamically loading modules in... */
|
||||
|
||||
/**
|
||||
--- httpd-2.4.37/Makefile.in.r1842929+
|
||||
+++ httpd-2.4.37/Makefile.in
|
||||
@@ -213,6 +213,7 @@
|
||||
install-other:
|
||||
@test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir)
|
||||
@test -d $(DESTDIR)$(runtimedir) || $(MKINSTALLDIRS) $(DESTDIR)$(runtimedir)
|
||||
+ @test -d $(DESTDIR)$(statedir) || $(MKINSTALLDIRS) $(DESTDIR)$(statedir)
|
||||
@for ext in dll x; do \
|
||||
file=apachecore.$$ext; \
|
||||
if test -f $$file; then \
|
||||
--- httpd-2.4.37/modules/dav/fs/mod_dav_fs.c.r1842929+
|
||||
+++ httpd-2.4.37/modules/dav/fs/mod_dav_fs.c
|
||||
@@ -29,6 +29,10 @@
|
||||
diff --git a/modules/dav/fs/mod_dav_fs.c b/modules/dav/fs/mod_dav_fs.c
|
||||
index addfd7e..2389f8f 100644
|
||||
--- a/modules/dav/fs/mod_dav_fs.c
|
||||
+++ b/modules/dav/fs/mod_dav_fs.c
|
||||
@@ -29,6 +29,10 @@ typedef struct {
|
||||
|
||||
extern module AP_MODULE_DECLARE_DATA dav_fs_module;
|
||||
|
||||
@ -203,22 +96,45 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
|
||||
const char *dav_get_lockdb_path(const request_rec *r)
|
||||
{
|
||||
dav_fs_server_conf *conf;
|
||||
@@ -39,7 +43,11 @@
|
||||
|
||||
static void *dav_fs_create_server_config(apr_pool_t *p, server_rec *s)
|
||||
{
|
||||
- return apr_pcalloc(p, sizeof(dav_fs_server_conf));
|
||||
+ dav_fs_server_conf *conf = apr_pcalloc(p, sizeof(dav_fs_server_conf));
|
||||
+
|
||||
+ conf->lockdb_path = ap_state_dir_relative(p, DEFAULT_DAV_LOCKDB);
|
||||
+
|
||||
+ return conf;
|
||||
@@ -57,6 +61,24 @@ static void *dav_fs_merge_server_config(apr_pool_t *p,
|
||||
return newconf;
|
||||
}
|
||||
|
||||
static void *dav_fs_merge_server_config(apr_pool_t *p,
|
||||
--- httpd-2.4.37/modules/md/mod_md_config.c.r1842929+
|
||||
+++ httpd-2.4.37/modules/md/mod_md_config.c
|
||||
@@ -54,10 +54,14 @@
|
||||
+static apr_status_t dav_fs_post_config(apr_pool_t *p, apr_pool_t *plog,
|
||||
+ apr_pool_t *ptemp, server_rec *base_server)
|
||||
+{
|
||||
+ server_rec *s;
|
||||
+
|
||||
+ for (s = base_server; s; s = s->next) {
|
||||
+ dav_fs_server_conf *conf;
|
||||
+
|
||||
+ conf = ap_get_module_config(s->module_config, &dav_fs_module);
|
||||
+
|
||||
+ if (!conf->lockdb_path) {
|
||||
+ conf->lockdb_path = ap_state_dir_relative(p, DEFAULT_DAV_LOCKDB);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return OK;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* Command handler for the DAVLockDB directive, which is TAKE1
|
||||
*/
|
||||
@@ -87,6 +109,8 @@ static const command_rec dav_fs_cmds[] =
|
||||
|
||||
static void register_hooks(apr_pool_t *p)
|
||||
{
|
||||
+ ap_hook_post_config(dav_fs_post_config, NULL, NULL, APR_HOOK_MIDDLE);
|
||||
+
|
||||
dav_hook_gather_propsets(dav_fs_gather_propsets, NULL, NULL,
|
||||
APR_HOOK_MIDDLE);
|
||||
dav_hook_find_liveprop(dav_fs_find_liveprop, NULL, NULL, APR_HOOK_MIDDLE);
|
||||
diff --git a/modules/md/mod_md_config.c b/modules/md/mod_md_config.c
|
||||
index 336a21b..4d50e26 100644
|
||||
--- a/modules/md/mod_md_config.c
|
||||
+++ b/modules/md/mod_md_config.c
|
||||
@@ -54,10 +54,18 @@
|
||||
|
||||
#define DEF_VAL (-1)
|
||||
|
||||
@ -230,21 +146,32 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
|
||||
static md_mod_conf_t defmc = {
|
||||
NULL,
|
||||
- "md",
|
||||
+ NULL,
|
||||
+#if 1
|
||||
+ NULL, /* apply default state-dir-relative */
|
||||
+#else
|
||||
+ MD_DEFAULT_BASE_DIR,
|
||||
+#endif
|
||||
NULL,
|
||||
NULL,
|
||||
80,
|
||||
@@ -112,6 +116,7 @@
|
||||
memcpy(mod_md_config, &defmc, sizeof(*mod_md_config));
|
||||
mod_md_config->mds = apr_array_make(pool, 5, sizeof(const md_t *));
|
||||
mod_md_config->unused_names = apr_array_make(pool, 5, sizeof(const md_t *));
|
||||
+ mod_md_config->base_dir = ap_state_dir_relative(pool, MD_DEFAULT_BASE_DIR);
|
||||
|
||||
apr_pool_cleanup_register(pool, NULL, cleanup_mod_config, apr_pool_cleanup_null);
|
||||
@@ -864,6 +872,12 @@ apr_status_t md_config_post_config(server_rec *s, apr_pool_t *p)
|
||||
if (mc->hsts_max_age > 0) {
|
||||
mc->hsts_header = apr_psprintf(p, "max-age=%d", mc->hsts_max_age);
|
||||
}
|
||||
--- httpd-2.4.37/server/core.c.r1842929+
|
||||
+++ httpd-2.4.37/server/core.c
|
||||
@@ -129,6 +129,8 @@
|
||||
+
|
||||
+#if 1
|
||||
+ if (mc->base_dir == NULL) {
|
||||
+ mc->base_dir = ap_state_dir_relative(p, MD_DEFAULT_BASE_DIR);
|
||||
+ }
|
||||
+#endif
|
||||
|
||||
return APR_SUCCESS;
|
||||
}
|
||||
diff --git a/server/core.c b/server/core.c
|
||||
index bbe52e0..b5ab429 100644
|
||||
--- a/server/core.c
|
||||
+++ b/server/core.c
|
||||
@@ -133,6 +133,8 @@ AP_DECLARE_DATA int ap_main_state = AP_SQ_MS_INITIAL_STARTUP;
|
||||
AP_DECLARE_DATA int ap_run_mode = AP_SQ_RM_UNKNOWN;
|
||||
AP_DECLARE_DATA int ap_config_generation = 0;
|
||||
|
||||
@ -253,7 +180,25 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
|
||||
static void *create_core_dir_config(apr_pool_t *a, char *dir)
|
||||
{
|
||||
core_dir_config *conf;
|
||||
@@ -3104,6 +3106,24 @@
|
||||
@@ -1411,12 +1413,15 @@ AP_DECLARE(const char *) ap_resolve_env(apr_pool_t *p, const char * word)
|
||||
return res_buf;
|
||||
}
|
||||
|
||||
-static int reset_config_defines(void *dummy)
|
||||
+/* pconf cleanup - clear global variables set from config here. */
|
||||
+static apr_status_t reset_config(void *dummy)
|
||||
{
|
||||
ap_server_config_defines = saved_server_config_defines;
|
||||
saved_server_config_defines = NULL;
|
||||
server_config_defined_vars = NULL;
|
||||
- return OK;
|
||||
+ core_state_dir = NULL;
|
||||
+
|
||||
+ return APR_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -3108,6 +3113,24 @@ static const char *set_runtime_dir(cmd_parms *cmd, void *dummy, const char *arg)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -278,7 +223,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
|
||||
static const char *set_timeout(cmd_parms *cmd, void *dummy, const char *arg)
|
||||
{
|
||||
const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_CONTEXT);
|
||||
@@ -4398,6 +4418,8 @@
|
||||
@@ -4409,6 +4432,8 @@ AP_INIT_TAKE1("ServerRoot", set_server_root, NULL, RSRC_CONF | EXEC_ON_READ,
|
||||
"Common directory of server-related files (logs, confs, etc.)"),
|
||||
AP_INIT_TAKE1("DefaultRuntimeDir", set_runtime_dir, NULL, RSRC_CONF | EXEC_ON_READ,
|
||||
"Common directory for run-time files (shared memory, locks, etc.)"),
|
||||
@ -287,7 +232,17 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
|
||||
AP_INIT_TAKE1("ErrorLog", set_server_string_slot,
|
||||
(void *)APR_OFFSETOF(server_rec, error_fname), RSRC_CONF,
|
||||
"The filename of the error log"),
|
||||
@@ -5150,6 +5172,27 @@
|
||||
@@ -4932,8 +4957,7 @@ static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptem
|
||||
|
||||
if (!saved_server_config_defines)
|
||||
init_config_defines(pconf);
|
||||
- apr_pool_cleanup_register(pconf, NULL, reset_config_defines,
|
||||
- apr_pool_cleanup_null);
|
||||
+ apr_pool_cleanup_register(pconf, NULL, reset_config, apr_pool_cleanup_null);
|
||||
|
||||
ap_regcomp_set_default_cflags(AP_REG_DOLLAR_ENDONLY);
|
||||
|
||||
@@ -5202,6 +5226,27 @@ AP_DECLARE(int) ap_state_query(int query)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,10 +0,0 @@
|
||||
--- a/server/core.c 2019/02/05 09:44:29 1852981
|
||||
+++ b/server/core.c 2019/02/05 10:11:44 1852982
|
||||
@@ -5293,6 +5293,7 @@
|
||||
ap_regcomp_set_default_cflags(AP_REG_DOLLAR_ENDONLY);
|
||||
|
||||
mpm_common_pre_config(pconf);
|
||||
+ core_state_dir = NULL;
|
||||
|
||||
return OK;
|
||||
}
|
@ -13,7 +13,7 @@
|
||||
Summary: Apache HTTP Server
|
||||
Name: httpd
|
||||
Version: 2.4.37
|
||||
Release: 12%{?dist}
|
||||
Release: 16%{?dist}
|
||||
URL: https://httpd.apache.org/
|
||||
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
||||
Source1: index.html
|
||||
@ -55,6 +55,7 @@ Source41: htcacheclean.sysconf
|
||||
Source42: httpd-init.service
|
||||
Source43: httpd-ssl-gencerts
|
||||
Source44: httpd@.service
|
||||
Source45: config.layout
|
||||
|
||||
# build/scripts patches
|
||||
# http://bugzilla.redhat.com/show_bug.cgi?id=1231924
|
||||
@ -63,7 +64,6 @@ Source44: httpd@.service
|
||||
Patch1: httpd-2.4.35-apachectl.patch
|
||||
Patch2: httpd-2.4.28-apxs.patch
|
||||
Patch3: httpd-2.4.35-deplibs.patch
|
||||
Patch4: httpd-2.4.35-layout.patch
|
||||
|
||||
# Needed for socket activation and mod_systemd patch
|
||||
Patch19: httpd-2.4.35-detect-systemd.patch
|
||||
@ -98,14 +98,19 @@ Patch63: httpd-2.4.28-r1811831.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1602548
|
||||
Patch65: httpd-2.4.35-r1842888.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1653009
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1672977
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1673022
|
||||
Patch66: httpd-2.4.37-r1842929+.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1630432
|
||||
Patch67: httpd-2.4.35-r1825120.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1670716
|
||||
Patch68: httpd-2.4.37-fips-segfault.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1672977
|
||||
Patch69: httpd-2.4.37-state-dir.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1669221
|
||||
Patch70: httpd-2.4.37-r1840554.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1673022
|
||||
Patch71: httpd-2.4.37-mod-md-perms.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1724549
|
||||
Patch72: httpd-2.4.37-mod-mime-magic-strdup.patch
|
||||
|
||||
# Security fixes
|
||||
Patch200: httpd-2.4.37-r1851471.patch
|
||||
@ -113,10 +118,14 @@ Patch200: httpd-2.4.37-r1851471.patch
|
||||
Patch201: httpd-2.4.37-CVE-2019-0211.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1695025
|
||||
Patch202: httpd-2.4.37-CVE-2019-0215.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1696141
|
||||
Patch203: httpd-2.4.37-CVE-2019-0217.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1696097
|
||||
Patch204: httpd-2.4.37-CVE-2019-0220.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1741860
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1741864
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1741868
|
||||
Patch203: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch
|
||||
Patch205: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch
|
||||
|
||||
License: ASL 2.0
|
||||
Group: System Environment/Daemons
|
||||
@ -255,7 +264,6 @@ interface for storing and accessing per-user session data.
|
||||
%patch1 -p1 -b .apctl
|
||||
%patch2 -p1 -b .apxs
|
||||
%patch3 -p1 -b .deplibs
|
||||
%patch4 -p1 -b .layout
|
||||
|
||||
%patch19 -p1 -b .detectsystemd
|
||||
%patch20 -p1 -b .export
|
||||
@ -279,12 +287,16 @@ interface for storing and accessing per-user session data.
|
||||
%patch66 -p1 -b .r1842929+
|
||||
%patch67 -p1 -b .r1825120
|
||||
%patch68 -p1 -b .fipscore
|
||||
%patch69 -p1 -b .statedir
|
||||
%patch70 -p1 -b .r1840554
|
||||
%patch71 -p1 -b .modmdperms
|
||||
%patch72 -p1 -b .mimemagic
|
||||
|
||||
%patch200 -p1 -b .r1851471
|
||||
%patch201 -p1 -b .CVE-2019-0211
|
||||
%patch202 -p1 -b .CVE-2019-0215
|
||||
%patch203 -p1 -b .CVE-2019-9511-and-9516-and-9517
|
||||
%patch203 -p1 -b .CVE-2019-0217
|
||||
%patch204 -p1 -b .CVE-2019-0220
|
||||
%patch205 -p1 -b .CVE-2019-9511-and-9516-and-9517
|
||||
|
||||
# Patch in the vendor string
|
||||
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
|
||||
@ -311,6 +323,9 @@ if test "x${vmmn}" != "x%{mmn}"; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Provide default layout
|
||||
cp $RPM_SOURCE_DIR/config.layout .
|
||||
|
||||
sed '
|
||||
s,@MPM@,%{mpm},g
|
||||
s,@DOCROOT@,%{docroot},g
|
||||
@ -334,7 +349,7 @@ autoheader && autoconf || exit 1
|
||||
|
||||
# Before configure; fix location of build dir in generated apxs
|
||||
%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \
|
||||
support/apxs.in
|
||||
support/apxs.in
|
||||
|
||||
export CFLAGS=$RPM_OPT_FLAGS
|
||||
export LDFLAGS="-Wl,-z,relro,-z,now"
|
||||
@ -512,6 +527,7 @@ ln -s ../../pixmaps/poweredby.png \
|
||||
$RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
|
||||
|
||||
# symlinks for /etc/httpd
|
||||
rmdir $RPM_BUILD_ROOT/etc/httpd/{state,run}
|
||||
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
|
||||
ln -s ../..%{_localstatedir}/lib/httpd $RPM_BUILD_ROOT/etc/httpd/state
|
||||
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
|
||||
@ -520,11 +536,11 @@ ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
|
||||
# install http-ssl-pass-dialog
|
||||
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
|
||||
install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \
|
||||
$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog
|
||||
$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog
|
||||
|
||||
# install http-ssl-gencerts
|
||||
install -m755 $RPM_SOURCE_DIR/httpd-ssl-gencerts \
|
||||
$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-gencerts
|
||||
$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-gencerts
|
||||
|
||||
# Install action scripts
|
||||
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd
|
||||
@ -536,7 +552,7 @@ done
|
||||
# Install logrotate config
|
||||
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
|
||||
install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \
|
||||
$RPM_BUILD_ROOT/etc/logrotate.d/httpd
|
||||
$RPM_BUILD_ROOT/etc/logrotate.d/httpd
|
||||
|
||||
# Install man pages
|
||||
install -d $RPM_BUILD_ROOT%{_mandir}/man8 $RPM_BUILD_ROOT%{_mandir}/man5
|
||||
@ -789,18 +805,34 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_rpmconfigdir}/macros.d/macros.httpd
|
||||
|
||||
%changelog
|
||||
* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-12
|
||||
- Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
|
||||
* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-16
|
||||
- Resolves: #1744999 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
|
||||
of data request leads to denial of service
|
||||
- Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
|
||||
- Resolves: #1745086 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
|
||||
headers leads to denial of service
|
||||
- Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request
|
||||
for large response leads to denial of service
|
||||
- Resolves: #1745154 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for
|
||||
large response leads to denial of service
|
||||
|
||||
* Wed Apr 03 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-11
|
||||
- Resolves: #1695431 - CVE-2019-0211 httpd: privilege escalation
|
||||
* Tue Jul 16 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-15
|
||||
- Resolves: #1730721 - absolute path used for default state and runtime dir by
|
||||
default
|
||||
|
||||
* Thu Jun 27 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-14
|
||||
- Resolves: #1724549 - httpd response contains garbage in Content-Type header
|
||||
|
||||
* Wed Jun 12 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-13
|
||||
- Resolves: #1696142 - CVE-2019-0217 httpd:2.4/httpd: mod_auth_digest: access
|
||||
control bypass due to race condition
|
||||
- Resolves: #1696097 - CVE-2019-0220 httpd:2.4/httpd: URL normalization
|
||||
inconsistency
|
||||
- Resolves: #1669221 - `ExtendedStatus Off` directive when using mod_systemd
|
||||
causes systemctl to hang
|
||||
- Resolves: #1673022 - httpd can not be started with mod_md enabled
|
||||
|
||||
* Mon Apr 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-11
|
||||
- Resolves: #1695432 - CVE-2019-0211 httpd: privilege escalation
|
||||
from modules scripts
|
||||
- Resolves: #1696090 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control
|
||||
- Resolves: #1696091 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control
|
||||
bypass when using per-location client certification authentication
|
||||
|
||||
* Wed Feb 06 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-10
|
||||
|
Loading…
Reference in New Issue
Block a user