From a3c2292edd3f4d8bc35ed6413cec210120ff8e3c Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Tue, 26 Feb 2013 09:37:09 +0000 Subject: [PATCH] update to 2.4.4 --- httpd-2.4.3-r1387633+.patch | 27 ----- ...1-export.patch => httpd-2.4.4-export.patch | 6 +- ...2643+.patch => httpd-2.4.4-r1332643+.patch | 48 ++++---- ...7344+.patch => httpd-2.4.4-r1337344+.patch | 105 +++--------------- httpd.spec | 15 +-- 5 files changed, 54 insertions(+), 147 deletions(-) delete mode 100644 httpd-2.4.3-r1387633+.patch rename httpd-2.4.1-export.patch => httpd-2.4.4-export.patch (81%) rename httpd-2.4.2-r1332643+.patch => httpd-2.4.4-r1332643+.patch (88%) rename httpd-2.4.3-r1337344+.patch => httpd-2.4.4-r1337344+.patch (69%) diff --git a/httpd-2.4.3-r1387633+.patch b/httpd-2.4.3-r1387633+.patch deleted file mode 100644 index b09b338..0000000 --- a/httpd-2.4.3-r1387633+.patch +++ /dev/null @@ -1,27 +0,0 @@ -# ./pullrev.sh 1387633 1392850 - -http://svn.apache.org/viewvc?view=revision&revision=1387633 -http://svn.apache.org/viewvc?view=revision&revision=1392850 - ---- httpd-2.4.3/server/mpm/prefork/prefork.c -+++ httpd-2.4.3/server/mpm/prefork/prefork.c -@@ -564,9 +564,16 @@ - - status = apr_pollset_add(pollset, &pfd); - if (status != APR_SUCCESS) { -- ap_log_error(APLOG_MARK, APLOG_EMERG, status, ap_server_conf, APLOGNO(00157) -- "Couldn't add listener to pollset; check system or user limits"); -- clean_child_exit(APEXIT_CHILDSICK); -+ /* If the child processed a SIGWINCH before setting up the -+ * pollset, this error path is expected and harmless, -+ * since the listener fd was already closed; so don't -+ * pollute the logs in that case. */ -+ if (!die_now) { -+ ap_log_error(APLOG_MARK, APLOG_EMERG, status, ap_server_conf, APLOGNO(00157) -+ "Couldn't add listener to pollset; check system or user limits"); -+ clean_child_exit(APEXIT_CHILDSICK); -+ } -+ clean_child_exit(0); - } - - lr->accept_func = ap_unixd_accept; diff --git a/httpd-2.4.1-export.patch b/httpd-2.4.4-export.patch similarity index 81% rename from httpd-2.4.1-export.patch rename to httpd-2.4.4-export.patch index 2c1a884..eb670c6 100644 --- a/httpd-2.4.1-export.patch +++ b/httpd-2.4.4-export.patch @@ -6,8 +6,8 @@ Upstream-HEAD: needed Upstream-2.0: omit Upstream-Status: EXPORT_DIRS change is conditional on using shared apr ---- httpd-2.4.1/server/Makefile.in.export -+++ httpd-2.4.1/server/Makefile.in +--- httpd-2.4.4/server/Makefile.in.export ++++ httpd-2.4.4/server/Makefile.in @@ -57,9 +57,6 @@ export_files: ( for dir in $(EXPORT_DIRS); do \ ls $$dir/*.h ; \ @@ -15,6 +15,6 @@ Upstream-Status: EXPORT_DIRS change is conditional on using shared apr - for dir in $(EXPORT_DIRS_APR); do \ - ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ - done; \ - ) | sort -u > $@ + ) | sed -e s,//,/,g | sort -u > $@ exports.c: export_files diff --git a/httpd-2.4.2-r1332643+.patch b/httpd-2.4.4-r1332643+.patch similarity index 88% rename from httpd-2.4.2-r1332643+.patch rename to httpd-2.4.4-r1332643+.patch index be9b984..849f6d0 100644 --- a/httpd-2.4.2-r1332643+.patch +++ b/httpd-2.4.4-r1332643+.patch @@ -6,9 +6,9 @@ http://svn.apache.org/viewvc?view=revision&revision=1332643 http://svn.apache.org/viewvc?view=revision&revision=1345599 ---- httpd-2.4.2/modules/ssl/mod_ssl.c.r1332643+ -+++ httpd-2.4.2/modules/ssl/mod_ssl.c -@@ -260,6 +260,18 @@ static const command_rec ssl_config_cmds +--- httpd-2.4.4/modules/ssl/mod_ssl.c.r1332643+ ++++ httpd-2.4.4/modules/ssl/mod_ssl.c +@@ -272,6 +272,18 @@ static const command_rec ssl_config_cmds AP_END_CMD }; @@ -27,8 +27,8 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 /* * the various processing hooks */ ---- httpd-2.4.2/modules/ssl/mod_ssl.h.r1332643+ -+++ httpd-2.4.2/modules/ssl/mod_ssl.h +--- httpd-2.4.4/modules/ssl/mod_ssl.h.r1332643+ ++++ httpd-2.4.4/modules/ssl/mod_ssl.h @@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_e APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); @@ -56,9 +56,9 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 + #endif /* __MOD_SSL_H__ */ /** @} */ ---- httpd-2.4.2/modules/ssl/ssl_engine_init.c.r1332643+ -+++ httpd-2.4.2/modules/ssl/ssl_engine_init.c -@@ -681,6 +681,11 @@ static void ssl_init_ctx_callbacks(serve +--- httpd-2.4.4/modules/ssl/ssl_engine_init.c.r1332643+ ++++ httpd-2.4.4/modules/ssl/ssl_engine_init.c +@@ -725,6 +725,11 @@ static void ssl_init_ctx_callbacks(serve #endif SSL_CTX_set_info_callback(ctx, ssl_callback_Info); @@ -70,8 +70,8 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 } static void ssl_init_ctx_verify(server_rec *s, ---- httpd-2.4.2/modules/ssl/ssl_engine_io.c.r1332643+ -+++ httpd-2.4.2/modules/ssl/ssl_engine_io.c +--- httpd-2.4.4/modules/ssl/ssl_engine_io.c.r1332643+ ++++ httpd-2.4.4/modules/ssl/ssl_engine_io.c @@ -28,6 +28,7 @@ core keeps dumping.'' -- Unknown */ @@ -88,7 +88,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 } bio_filter_in_ctx_t; /* -@@ -1364,6 +1366,26 @@ static apr_status_t ssl_io_filter_input( +@@ -1385,6 +1387,26 @@ static apr_status_t ssl_io_filter_input( APR_BRIGADE_INSERT_TAIL(bb, bucket); } @@ -115,7 +115,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 return APR_SUCCESS; } -@@ -1845,6 +1867,7 @@ static void ssl_io_input_add_filter(ssl_ +@@ -1866,6 +1888,7 @@ static void ssl_io_input_add_filter(ssl_ inctx->block = APR_BLOCK_READ; inctx->pool = c->pool; inctx->filter_ctx = filter_ctx; @@ -123,8 +123,8 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 } /* The request_rec pointer is passed in here only to ensure that the ---- httpd-2.4.2/modules/ssl/ssl_engine_kernel.c.r1332643+ -+++ httpd-2.4.2/modules/ssl/ssl_engine_kernel.c +--- httpd-2.4.4/modules/ssl/ssl_engine_kernel.c.r1332643+ ++++ httpd-2.4.4/modules/ssl/ssl_engine_kernel.c @@ -29,6 +29,7 @@ time I was too famous.'' -- Unknown */ @@ -133,11 +133,10 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 #include "util_md5.h" static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); -@@ -2164,3 +2165,86 @@ int ssl_callback_SessionTicket(SSL *ssl, - return -1; +@@ -2161,6 +2162,90 @@ int ssl_callback_SessionTicket(SSL *ssl, } - #endif -+ + #endif /* HAVE_TLS_SESSION_TICKETS */ + +#ifdef HAVE_TLS_NPN +/* + * This callback function is executed when SSL needs to decide what protocols @@ -219,9 +218,14 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 + *size_out = size; + return SSL_TLSEXT_ERR_OK; +} -+#endif ---- httpd-2.4.2/modules/ssl/ssl_private.h.r1332643+ -+++ httpd-2.4.2/modules/ssl/ssl_private.h ++ ++#endif /* HAVE_TLS_NPN */ ++ + #ifndef OPENSSL_NO_SRP + + int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg) +--- httpd-2.4.4/modules/ssl/ssl_private.h.r1332643+ ++++ httpd-2.4.4/modules/ssl/ssl_private.h @@ -139,6 +139,11 @@ #define HAVE_FIPS #endif @@ -234,7 +238,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 #if (OPENSSL_VERSION_NUMBER >= 0x10000000) #define MODSSL_SSL_CIPHER_CONST const #define MODSSL_SSL_METHOD_CONST const -@@ -807,6 +812,7 @@ int ssl_callback_ServerNameIndi +@@ -840,6 +845,7 @@ int ssl_callback_ServerNameIndi int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int); #endif diff --git a/httpd-2.4.3-r1337344+.patch b/httpd-2.4.4-r1337344+.patch similarity index 69% rename from httpd-2.4.3-r1337344+.patch rename to httpd-2.4.4-r1337344+.patch index e2d7ed1..6e5c3e7 100644 --- a/httpd-2.4.3-r1337344+.patch +++ b/httpd-2.4.4-r1337344+.patch @@ -10,9 +10,9 @@ http://svn.apache.org/viewvc?view=revision&revision=1341905 http://svn.apache.org/viewvc?view=revision&revision=1342065 http://svn.apache.org/viewvc?view=revision&revision=1341930 ---- httpd-2.4.3/configure.in.r1337344+ -+++ httpd-2.4.3/configure.in -@@ -717,7 +717,24 @@ APACHE_HELP_STRING(--with-suexec-gidmin, +--- httpd-2.4.4/configure.in.r1337344+ ++++ httpd-2.4.4/configure.in +@@ -734,7 +734,24 @@ APACHE_HELP_STRING(--with-suexec-gidmin, AC_ARG_WITH(suexec-logfile, APACHE_HELP_STRING(--with-suexec-logfile,Set the logfile),[ @@ -38,7 +38,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1341930 AC_ARG_WITH(suexec-safepath, APACHE_HELP_STRING(--with-suexec-safepath,Set the safepath),[ -@@ -727,6 +744,15 @@ AC_ARG_WITH(suexec-umask, +@@ -744,6 +761,15 @@ AC_ARG_WITH(suexec-umask, APACHE_HELP_STRING(--with-suexec-umask,umask for suexec'd process),[ AC_DEFINE_UNQUOTED(AP_SUEXEC_UMASK, 0$withval, [umask for suexec'd process] ) ] ) @@ -54,8 +54,8 @@ http://svn.apache.org/viewvc?view=revision&revision=1341930 dnl APR should go after the other libs, so the right symbols can be picked up if test x${apu_found} != xobsolete; then AP_LIBS="$AP_LIBS `$apu_config --avoid-ldap --link-libtool`" ---- httpd-2.4.3/docs/manual/suexec.html.en.r1337344+ -+++ httpd-2.4.3/docs/manual/suexec.html.en +--- httpd-2.4.4/docs/manual/suexec.html.en.r1337344+ ++++ httpd-2.4.4/docs/manual/suexec.html.en @@ -372,6 +372,21 @@ together with the --enable-suexec option to let APACI accept your request for using the suEXEC feature. @@ -114,9 +114,9 @@ http://svn.apache.org/viewvc?view=revision&revision=1341930 - \ No newline at end of file + ---- httpd-2.4.3/Makefile.in.r1337344+ -+++ httpd-2.4.3/Makefile.in -@@ -236,11 +236,22 @@ install-man: +--- httpd-2.4.4/Makefile.in.r1337344+ ++++ httpd-2.4.4/Makefile.in +@@ -238,11 +238,22 @@ install-man: cd $(DESTDIR)$(manualdir) && find . -name ".svn" -type d -print | xargs rm -rf 2>/dev/null || true; \ fi @@ -141,8 +141,8 @@ http://svn.apache.org/viewvc?view=revision&revision=1341930 fi suexec: ---- httpd-2.4.3/modules/arch/unix/mod_unixd.c.r1337344+ -+++ httpd-2.4.3/modules/arch/unix/mod_unixd.c +--- httpd-2.4.4/modules/arch/unix/mod_unixd.c.r1337344+ ++++ httpd-2.4.4/modules/arch/unix/mod_unixd.c @@ -284,6 +284,13 @@ unixd_set_suexec(cmd_parms *cmd, void *d return NULL; } @@ -166,8 +166,8 @@ http://svn.apache.org/viewvc?view=revision&revision=1341930 && (access(SUEXEC_BIN, R_OK|X_OK) == 0)) { ap_unixd_config.suexec_enabled = 1; ap_unixd_config.suexec_disabled_reason = ""; ---- httpd-2.4.3/support/suexec.c.r1337344+ -+++ httpd-2.4.3/support/suexec.c +--- httpd-2.4.4/support/suexec.c.r1337344+ ++++ httpd-2.4.4/support/suexec.c @@ -58,6 +58,10 @@ #include #endif @@ -200,16 +200,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1341930 static const char *const safe_env_lst[] = { -@@ -128,10 +145,23 @@ static const char *const safe_env_lst[] - NULL - }; - -+static void log_err(const char *fmt,...) -+ __attribute__((format(printf,1,2))); -+static void log_no_err(const char *fmt,...) -+ __attribute__((format(printf,1,2))); -+static void err_output(int is_error, const char *fmt, va_list ap) -+ __attribute__((format(printf,2,0))); +@@ -137,7 +154,14 @@ static void err_output(int is_error, con static void err_output(int is_error, const char *fmt, va_list ap) { @@ -225,16 +216,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1341930 time_t timevar; struct tm *lt; -@@ -263,7 +293,7 @@ int main(int argc, char *argv[]) - */ - uid = getuid(); - if ((pw = getpwuid(uid)) == NULL) { -- log_err("crit: invalid uid: (%ld)\n", uid); -+ log_err("crit: invalid uid: (%lu)\n", (unsigned long)uid); - exit(102); - } - /* -@@ -289,7 +319,9 @@ int main(int argc, char *argv[]) +@@ -295,7 +319,9 @@ int main(int argc, char *argv[]) #ifdef AP_HTTPD_USER fprintf(stderr, " -D AP_HTTPD_USER=\"%s\"\n", AP_HTTPD_USER); #endif @@ -245,60 +227,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1341930 fprintf(stderr, " -D AP_LOG_EXEC=\"%s\"\n", AP_LOG_EXEC); #endif #ifdef AP_SAFE_PATH -@@ -440,7 +472,7 @@ int main(int argc, char *argv[]) - * a UID less than AP_UID_MIN. Tsk tsk. - */ - if ((uid == 0) || (uid < AP_UID_MIN)) { -- log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd); -+ log_err("cannot run as forbidden uid (%lu/%s)\n", (unsigned long)uid, cmd); - exit(107); - } - -@@ -449,7 +481,7 @@ int main(int argc, char *argv[]) - * or as a GID less than AP_GID_MIN. Tsk tsk. - */ - if ((gid == 0) || (gid < AP_GID_MIN)) { -- log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd); -+ log_err("cannot run as forbidden gid (%lu/%s)\n", (unsigned long)gid, cmd); - exit(108); - } - -@@ -460,7 +492,7 @@ int main(int argc, char *argv[]) - * and setgid() to the target group. If unsuccessful, error out. - */ - if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) { -- log_err("failed to setgid (%ld: %s)\n", gid, cmd); -+ log_err("failed to setgid (%lu: %s)\n", (unsigned long)gid, cmd); - exit(109); - } - -@@ -468,7 +500,7 @@ int main(int argc, char *argv[]) - * setuid() to the target user. Error out on fail. - */ - if ((setuid(uid)) != 0) { -- log_err("failed to setuid (%ld: %s)\n", uid, cmd); -+ log_err("failed to setuid (%lu: %s)\n", (unsigned long)uid, cmd); - exit(110); - } - -@@ -556,11 +588,11 @@ int main(int argc, char *argv[]) - (gid != dir_info.st_gid) || - (uid != prg_info.st_uid) || - (gid != prg_info.st_gid)) { -- log_err("target uid/gid (%ld/%ld) mismatch " -- "with directory (%ld/%ld) or program (%ld/%ld)\n", -- uid, gid, -- dir_info.st_uid, dir_info.st_gid, -- prg_info.st_uid, prg_info.st_gid); -+ log_err("target uid/gid (%lu/%lu) mismatch " -+ "with directory (%lu/%lu) or program (%lu/%lu)\n", -+ (unsigned long)uid, (unsigned long)gid, -+ (unsigned long)dir_info.st_uid, (unsigned long)dir_info.st_gid, -+ (unsigned long)prg_info.st_uid, (unsigned long)prg_info.st_gid); - exit(120); - } - /* -@@ -585,6 +617,12 @@ int main(int argc, char *argv[]) +@@ -591,6 +617,12 @@ int main(int argc, char *argv[]) #endif /* AP_SUEXEC_UMASK */ /* Be sure to close the log file so the CGI can't mess with it. */ @@ -311,7 +240,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1341930 if (log != NULL) { #if APR_HAVE_FCNTL_H /* -@@ -606,6 +644,7 @@ int main(int argc, char *argv[]) +@@ -612,6 +644,7 @@ int main(int argc, char *argv[]) log = NULL; #endif } diff --git a/httpd.spec b/httpd.spec index cc08ec0..39c7a7e 100644 --- a/httpd.spec +++ b/httpd.spec @@ -13,8 +13,8 @@ Summary: Apache HTTP Server Name: httpd -Version: 2.4.3 -Release: 15%{?dist} +Version: 2.4.4 +Release: 1%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -51,16 +51,15 @@ Patch3: httpd-2.4.1-deplibs.patch Patch5: httpd-2.4.3-layout.patch Patch6: httpd-2.4.3-apctl-systemd.patch # Features/functional changes -Patch23: httpd-2.4.1-export.patch +Patch23: httpd-2.4.4-export.patch Patch24: httpd-2.4.1-corelimit.patch Patch25: httpd-2.4.1-selinux.patch -Patch26: httpd-2.4.3-r1337344+.patch +Patch26: httpd-2.4.4-r1337344+.patch Patch27: httpd-2.4.2-icons.patch -Patch28: httpd-2.4.2-r1332643+.patch +Patch28: httpd-2.4.4-r1332643+.patch Patch29: httpd-2.4.3-mod_systemd.patch # Bug fixes Patch50: httpd-2.4.2-r1374214+.patch -Patch51: httpd-2.4.3-r1387633+.patch License: ASL 2.0 Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -173,7 +172,6 @@ authentication to the Apache HTTP Server. %patch29 -p1 -b .systemd %patch50 -p1 -b .r1374214+ -%patch51 -p1 -b .r1387633 # Patch in the vendor string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h @@ -588,6 +586,9 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/rpm/macros.httpd %changelog +* Tue Feb 26 2013 Joe Orton - 2.4.4-1 +- update to 2.4.4 + * Tue Jan 8 2013 Joe Orton - 2.4.3-15 - add systemd service for htcacheclean