pull from upstream:
* use TLS close_notify alert for dummy_connection (r1326980+) * cleanup symbol exports (r1327036+)
This commit is contained in:
parent
44a360e599
commit
c389c417e6
65
httpd-2.4.2-r1326980+.patch
Normal file
65
httpd-2.4.2-r1326980+.patch
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
|
||||||
|
http://svn.apache.org/viewvc?view=revision&revision=1326980
|
||||||
|
http://svn.apache.org/viewvc?view=revision&revision=1326984
|
||||||
|
http://svn.apache.org/viewvc?view=revision&revision=1326991
|
||||||
|
|
||||||
|
--- httpd-2.4.2/modules/loggers/mod_log_debug.c
|
||||||
|
+++ httpd-2.4.2/modules/loggers/mod_log_debug.c
|
||||||
|
@@ -35,8 +35,8 @@
|
||||||
|
apr_array_header_t *entries;
|
||||||
|
} log_debug_dirconf;
|
||||||
|
|
||||||
|
-const char *allhooks = "all";
|
||||||
|
-const char * const hooks[] = {
|
||||||
|
+static const char *allhooks = "all";
|
||||||
|
+static const char * const hooks[] = {
|
||||||
|
"log_transaction", /* 0 */
|
||||||
|
"quick_handler", /* 1 */
|
||||||
|
"handler", /* 2 */
|
||||||
|
--- httpd-2.4.2/modules/filters/sed1.c
|
||||||
|
+++ httpd-2.4.2/modules/filters/sed1.c
|
||||||
|
@@ -25,7 +25,7 @@
|
||||||
|
#include "apr_strings.h"
|
||||||
|
#include "regexp.h"
|
||||||
|
|
||||||
|
-char *trans[040] = {
|
||||||
|
+static const char *const trans[040] = {
|
||||||
|
"\\01",
|
||||||
|
"\\02",
|
||||||
|
"\\03",
|
||||||
|
@@ -58,7 +58,7 @@
|
||||||
|
"\\36",
|
||||||
|
"\\37"
|
||||||
|
};
|
||||||
|
-char rub[] = {"\\177"};
|
||||||
|
+static const char rub[] = {"\\177"};
|
||||||
|
|
||||||
|
extern int sed_step(char *p1, char *p2, int circf, step_vars_storage *vars);
|
||||||
|
static int substitute(sed_eval_t *eval, sed_reptr_t *ipc,
|
||||||
|
@@ -692,7 +692,8 @@
|
||||||
|
step_vars_storage *step_vars)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
- char *p1, *p2, *p3;
|
||||||
|
+ char *p1, *p2;
|
||||||
|
+ const char *p3;
|
||||||
|
int length;
|
||||||
|
char sz[32]; /* 32 bytes enough to store 64 bit integer in decimal */
|
||||||
|
apr_status_t rv = APR_SUCCESS;
|
||||||
|
--- httpd-2.4.2/modules/filters/config.m4
|
||||||
|
+++ httpd-2.4.2/modules/filters/config.m4
|
||||||
|
@@ -16,7 +16,13 @@
|
||||||
|
APACHE_MODULE(substitute, response content rewrite-like filtering, , , most)
|
||||||
|
|
||||||
|
sed_obj="mod_sed.lo sed0.lo sed1.lo regexp.lo"
|
||||||
|
-APACHE_MODULE(sed, filter request and/or response bodies through sed, $sed_obj, , most)
|
||||||
|
+APACHE_MODULE(sed, filter request and/or response bodies through sed, $sed_obj, , most, [
|
||||||
|
+ if test "x$enable_sed" = "xshared"; then
|
||||||
|
+ # The only symbol which needs to be exported is the module
|
||||||
|
+ # structure, so ask libtool to hide libsed internals:
|
||||||
|
+ APR_ADDTO(MOD_SED_LDADD, [-export-symbols-regex sed_module])
|
||||||
|
+ fi
|
||||||
|
+])
|
||||||
|
|
||||||
|
if test "$ac_cv_ebcdic" = "yes"; then
|
||||||
|
# mod_charset_lite can be very useful on an ebcdic system,
|
80
httpd-2.4.2-r1327036+.patch
Normal file
80
httpd-2.4.2-r1327036+.patch
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
|
||||||
|
http://svn.apache.org/viewvc?view=revision&revision=1327036
|
||||||
|
http://svn.apache.org/viewvc?view=revision&revision=1327080
|
||||||
|
|
||||||
|
--- httpd-2.4.2/server/mpm_unix.c
|
||||||
|
+++ httpd-2.4.2/server/mpm_unix.c
|
||||||
|
@@ -501,14 +501,14 @@
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
|
||||||
|
-/* This function connects to the server, then immediately closes the connection.
|
||||||
|
- * This permits the MPM to skip the poll when there is only one listening
|
||||||
|
- * socket, because it provides a alternate way to unblock an accept() when
|
||||||
|
- * the pod is used.
|
||||||
|
- */
|
||||||
|
+/* This function connects to the server and sends enough data to
|
||||||
|
+ * ensure the child wakes up and processes a new connection. This
|
||||||
|
+ * permits the MPM to skip the poll when there is only one listening
|
||||||
|
+ * socket, because it provides a alternate way to unblock an accept()
|
||||||
|
+ * when the pod is used. */
|
||||||
|
static apr_status_t dummy_connection(ap_pod_t *pod)
|
||||||
|
{
|
||||||
|
- char *srequest;
|
||||||
|
+ const char *data;
|
||||||
|
apr_status_t rv;
|
||||||
|
apr_socket_t *sock;
|
||||||
|
apr_pool_t *p;
|
||||||
|
@@ -574,24 +574,37 @@
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* Create the request string. We include a User-Agent so that
|
||||||
|
- * adminstrators can track down the cause of the odd-looking
|
||||||
|
- * requests in their logs.
|
||||||
|
- */
|
||||||
|
- srequest = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
|
||||||
|
+ if (lp->protocol && strcasecmp(lp->protocol, "https") == 0) {
|
||||||
|
+ /* Send a TLS 1.0 close_notify alert. This is perhaps the
|
||||||
|
+ * "least wrong" way to open and cleanly terminate an SSL
|
||||||
|
+ * connection. It should "work" without noisy error logs if
|
||||||
|
+ * the server actually expects SSLv3/TLSv1. With
|
||||||
|
+ * SSLv23_server_method() OpenSSL's SSL_accept() fails
|
||||||
|
+ * ungracefully on receipt of this message, since it requires
|
||||||
|
+ * an 11-byte ClientHello message and this is too short. */
|
||||||
|
+ static const unsigned char tls10_close_notify[7] = {
|
||||||
|
+ '\x15', /* TLSPlainText.type = Alert (21) */
|
||||||
|
+ '\x03', '\x01', /* TLSPlainText.version = {3, 1} */
|
||||||
|
+ '\x00', '\x02', /* TLSPlainText.length = 2 */
|
||||||
|
+ '\x01', /* Alert.level = warning (1) */
|
||||||
|
+ '\x00' /* Alert.description = close_notify (0) */
|
||||||
|
+ };
|
||||||
|
+ data = (const char *)tls10_close_notify;
|
||||||
|
+ len = sizeof(tls10_close_notify);
|
||||||
|
+ }
|
||||||
|
+ else /* ... XXX other request types here? */ {
|
||||||
|
+ /* Create an HTTP request string. We include a User-Agent so
|
||||||
|
+ * that adminstrators can track down the cause of the
|
||||||
|
+ * odd-looking requests in their logs. A complete request is
|
||||||
|
+ * used since kernel-level filtering may require that much
|
||||||
|
+ * data before returning from accept(). */
|
||||||
|
+ data = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
|
||||||
|
ap_get_server_description(),
|
||||||
|
" (internal dummy connection)\r\n\r\n", NULL);
|
||||||
|
+ len = strlen(data);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- /* Since some operating systems support buffering of data or entire
|
||||||
|
- * requests in the kernel, we send a simple request, to make sure
|
||||||
|
- * the server pops out of a blocking accept().
|
||||||
|
- */
|
||||||
|
- /* XXX: This is HTTP specific. We should look at the Protocol for each
|
||||||
|
- * listener, and send the correct type of request to trigger any Accept
|
||||||
|
- * Filters.
|
||||||
|
- */
|
||||||
|
- len = strlen(srequest);
|
||||||
|
- apr_socket_send(sock, srequest, &len);
|
||||||
|
+ apr_socket_send(sock, data, &len);
|
||||||
|
apr_socket_close(sock);
|
||||||
|
apr_pool_destroy(p);
|
||||||
|
|
11
httpd.spec
11
httpd.spec
@ -8,7 +8,7 @@
|
|||||||
Summary: Apache HTTP Server
|
Summary: Apache HTTP Server
|
||||||
Name: httpd
|
Name: httpd
|
||||||
Version: 2.4.2
|
Version: 2.4.2
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
URL: http://httpd.apache.org/
|
URL: http://httpd.apache.org/
|
||||||
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
||||||
Source1: index.html
|
Source1: index.html
|
||||||
@ -47,6 +47,8 @@ Patch25: httpd-2.4.1-selinux.patch
|
|||||||
Patch26: httpd-2.4.1-suenable.patch
|
Patch26: httpd-2.4.1-suenable.patch
|
||||||
# Bug fixes
|
# Bug fixes
|
||||||
Patch40: httpd-2.4.2-restart.patch
|
Patch40: httpd-2.4.2-restart.patch
|
||||||
|
Patch41: httpd-2.4.2-r1327036+.patch
|
||||||
|
Patch42: httpd-2.4.2-r1326980+.patch
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||||
@ -155,6 +157,8 @@ authentication to the Apache HTTP Server.
|
|||||||
%patch26 -p1 -b .suenable
|
%patch26 -p1 -b .suenable
|
||||||
|
|
||||||
%patch40 -p1 -b .restart
|
%patch40 -p1 -b .restart
|
||||||
|
%patch41 -p1 -b .r1327036+
|
||||||
|
%patch42 -p1 -b .r1326980+
|
||||||
|
|
||||||
# Patch in vendor/release string
|
# Patch in vendor/release string
|
||||||
sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
|
sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
|
||||||
@ -558,6 +562,11 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_sysconfdir}/rpm/macros.httpd
|
%{_sysconfdir}/rpm/macros.httpd
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-4
|
||||||
|
- pull from upstream:
|
||||||
|
* use TLS close_notify alert for dummy_connection (r1326980+)
|
||||||
|
* cleanup symbol exports (r1327036+)
|
||||||
|
|
||||||
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3
|
* Fri Apr 20 2012 Joe Orton <jorton@redhat.com> - 2.4.2-3
|
||||||
- really fix restart
|
- really fix restart
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user