diff --git a/.gitignore b/.gitignore index 654f469..2abdf3f 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ x86_64 /httpd-2.4.10.tar.bz2 /httpd-2.4.12.tar.bz2 /httpd-2.4.16.tar.bz2 +/httpd-2.4.17.tar.bz2 diff --git a/00-base.conf b/00-base.conf index 964de69..c109de6 100644 --- a/00-base.conf +++ b/00-base.conf @@ -25,6 +25,7 @@ LoadModule authz_user_module modules/mod_authz_user.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule cache_module modules/mod_cache.so LoadModule cache_disk_module modules/mod_cache_disk.so +LoadModule cache_socache_module modules/mod_cache_socache.so LoadModule data_module modules/mod_data.so LoadModule dbd_module modules/mod_dbd.so LoadModule deflate_module modules/mod_deflate.so @@ -36,6 +37,7 @@ LoadModule expires_module modules/mod_expires.so LoadModule ext_filter_module modules/mod_ext_filter.so LoadModule filter_module modules/mod_filter.so LoadModule headers_module modules/mod_headers.so +LoadModule http2_module modules/mod_http2.so LoadModule include_module modules/mod_include.so LoadModule info_module modules/mod_info.so LoadModule log_config_module modules/mod_log_config.so diff --git a/00-optional.conf b/00-optional.conf index b8c43c6..208a48e 100644 --- a/00-optional.conf +++ b/00-optional.conf @@ -11,6 +11,7 @@ #LoadModule dialup_module modules/mod_dialup.so #LoadModule charset_lite_module modules/mod_charset_lite.so #LoadModule log_debug_module modules/mod_log_debug.so +#LoadModule log_forensic_module modules/mod_log_forensic.so #LoadModule ratelimit_module modules/mod_ratelimit.so #LoadModule reflector_module modules/mod_reflector.so #LoadModule sed_module modules/mod_sed.so diff --git a/00-proxy.conf b/00-proxy.conf index a446822..cc0bca0 100644 --- a/00-proxy.conf +++ b/00-proxy.conf @@ -13,3 +13,4 @@ LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_scgi_module modules/mod_proxy_scgi.so +LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so diff --git a/httpd-2.4.10-sslciphdefault.patch b/httpd-2.4.10-sslciphdefault.patch deleted file mode 100644 index 37a74e3..0000000 --- a/httpd-2.4.10-sslciphdefault.patch +++ /dev/null @@ -1,20 +0,0 @@ - -https://bugzilla.redhat.com/show_bug.cgi?id=1109119 - -Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite. - ---- httpd-2.4.10/modules/ssl/ssl_engine_config.c.sslciphdefault -+++ httpd-2.4.10/modules/ssl/ssl_engine_config.c -@@ -692,8 +692,10 @@ const char *ssl_cmd_SSLCipherSuite(cmd_p - SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; - -- /* always disable null and export ciphers */ -- arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL); -+ /* Disable null and export ciphers by default, except for PROFILE= -+ * configs where the parser doesn't cope. */ -+ if (strncmp(arg, "PROFILE=", 8) != 0) -+ arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL); - - if (cmd->path) { - dc->szCipherSuite = arg; diff --git a/httpd-2.4.17-debug-crash.patch b/httpd-2.4.17-debug-crash.patch new file mode 100644 index 0000000..5bac505 --- /dev/null +++ b/httpd-2.4.17-debug-crash.patch @@ -0,0 +1,42 @@ +diff --git a/server/mpm/event/event.c b/server/mpm/event/event.c +index cd70b7d..94813af 100644 +--- a/server/mpm/event/event.c ++++ b/server/mpm/event/event.c +@@ -3042,8 +3042,7 @@ static int event_open_logs(apr_pool_t * p, apr_pool_t * plog, + + all_buckets = apr_pcalloc(pconf, num_buckets * sizeof(*all_buckets)); + for (i = 0; i < num_buckets; i++) { +- if (!one_process && /* no POD in one_process mode */ +- (rv = ap_mpm_podx_open(pconf, &all_buckets[i].pod))) { ++ if (rv = ap_mpm_podx_open(pconf, &all_buckets[i].pod)) { + ap_log_error(APLOG_MARK, APLOG_CRIT | level_flags, rv, + (startup ? NULL : s), + "could not open pipe-of-death"); +diff --git a/server/mpm/prefork/prefork.c b/server/mpm/prefork/prefork.c +index 343e51d..f4c3dbe 100644 +--- a/server/mpm/prefork/prefork.c ++++ b/server/mpm/prefork/prefork.c +@@ -1326,8 +1326,7 @@ static int prefork_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, + all_buckets = apr_pcalloc(pconf, num_buckets * + sizeof(prefork_child_bucket)); + for (i = 0; i < num_buckets; i++) { +- if (!one_process && /* no POD in one_process mode */ +- (rv = ap_mpm_pod_open(pconf, &all_buckets[i].pod))) { ++ if (rv = ap_mpm_pod_open(pconf, &all_buckets[i].pod)) { + ap_log_error(APLOG_MARK, APLOG_CRIT | level_flags, rv, + (startup ? NULL : s), + "could not open pipe-of-death"); +diff --git a/server/mpm/worker/worker.c b/server/mpm/worker/worker.c +index 4a729c0..8a59219 100644 +--- a/server/mpm/worker/worker.c ++++ b/server/mpm/worker/worker.c +@@ -2051,8 +2051,7 @@ static int worker_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, + + all_buckets = apr_pcalloc(pconf, num_buckets * sizeof(*all_buckets)); + for (i = 0; i < num_buckets; i++) { +- if (!one_process && /* no POD in one_process mode */ +- (rv = ap_mpm_podx_open(pconf, &all_buckets[i].pod))) { ++ if (rv = ap_mpm_podx_open(pconf, &all_buckets[i].pod)) { + ap_log_error(APLOG_MARK, APLOG_CRIT | level_flags, rv, + (startup ? NULL : s), + "could not open pipe-of-death"); diff --git a/httpd-2.4.17-socket-activation.patch b/httpd-2.4.17-socket-activation.patch new file mode 100644 index 0000000..d5cbdf2 --- /dev/null +++ b/httpd-2.4.17-socket-activation.patch @@ -0,0 +1,301 @@ +diff --git a/server/listen.c b/server/listen.c +index 1d9be83..f5f7754 100644 +--- a/server/listen.c ++++ b/server/listen.c +@@ -34,6 +34,10 @@ + #include + #endif + ++#ifdef HAVE_SYSTEMD ++#include ++#endif ++ + /* we know core's module_index is 0 */ + #undef APLOG_MODULE_INDEX + #define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX +@@ -59,9 +63,12 @@ static int ap_listenbacklog; + static int ap_listencbratio; + static int send_buffer_size; + static int receive_buffer_size; ++#ifdef HAVE_SYSTEMD ++static int use_systemd = -1; ++#endif + + /* TODO: make_sock is just begging and screaming for APR abstraction */ +-static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server) ++static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server, int do_bind_listen) + { + apr_socket_t *s = server->sd; + int one = 1; +@@ -94,20 +101,6 @@ static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server) + return stat; + } + +-#if APR_HAVE_IPV6 +- if (server->bind_addr->family == APR_INET6) { +- stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); +- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { +- ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069) +- "make_sock: for address %pI, apr_socket_opt_set: " +- "(IPV6_V6ONLY)", +- server->bind_addr); +- apr_socket_close(s); +- return stat; +- } +- } +-#endif +- + /* + * To send data over high bandwidth-delay connections at full + * speed we must force the TCP window to open wide enough to keep the +@@ -169,21 +162,37 @@ static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server) + } + #endif + +- if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) { +- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072) +- "make_sock: could not bind to address %pI", +- server->bind_addr); +- apr_socket_close(s); +- return stat; +- } ++ if (do_bind_listen) { ++#if APR_HAVE_IPV6 ++ if (server->bind_addr->family == APR_INET6) { ++ stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); ++ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069) ++ "make_sock: for address %pI, apr_socket_opt_set: " ++ "(IPV6_V6ONLY)", ++ server->bind_addr); ++ apr_socket_close(s); ++ return stat; ++ } ++ } ++#endif + +- if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) { +- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073) +- "make_sock: unable to listen for connections " +- "on address %pI", +- server->bind_addr); +- apr_socket_close(s); +- return stat; ++ if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) { ++ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072) ++ "make_sock: could not bind to address %pI", ++ server->bind_addr); ++ apr_socket_close(s); ++ return stat; ++ } ++ ++ if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) { ++ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073) ++ "make_sock: unable to listen for connections " ++ "on address %pI", ++ server->bind_addr); ++ apr_socket_close(s); ++ return stat; ++ } + } + + #ifdef WIN32 +@@ -277,6 +286,124 @@ static apr_status_t close_listeners_on_exec(void *v) + return APR_SUCCESS; + } + ++ ++#ifdef HAVE_SYSTEMD ++ ++static int find_systemd_socket(process_rec * process, apr_port_t port) { ++ int fdcount, fd; ++ int sdc = sd_listen_fds(0); ++ ++ if (sdc < 0) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486) ++ "find_systemd_socket: Error parsing enviroment, sd_listen_fds returned %d", ++ sdc); ++ return -1; ++ } ++ ++ if (sdc == 0) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487) ++ "find_systemd_socket: At least one socket must be set."); ++ return -1; ++ } ++ ++ fdcount = atoi(getenv("LISTEN_FDS")); ++ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) { ++ if (sd_is_socket_inet(fd, 0, 0, -1, port) > 0) { ++ return fd; ++ } ++ } ++ ++ return -1; ++} ++ ++static apr_status_t alloc_systemd_listener(process_rec * process, ++ int fd, const char *proto, ++ ap_listen_rec **out_rec) ++{ ++ apr_status_t rv; ++ struct sockaddr sa; ++ socklen_t len = sizeof(struct sockaddr); ++ apr_os_sock_info_t si; ++ ap_listen_rec *rec; ++ *out_rec = NULL; ++ ++ memset(&si, 0, sizeof(si)); ++ ++ rv = getsockname(fd, &sa, &len); ++ ++ if (rv != 0) { ++ rv = apr_get_netos_error(); ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02489) ++ "getsockname on %d failed.", fd); ++ return rv; ++ } ++ ++ si.os_sock = &fd; ++ si.family = sa.sa_family; ++ si.local = &sa; ++ si.type = SOCK_STREAM; ++ si.protocol = APR_PROTO_TCP; ++ ++ rec = apr_palloc(process->pool, sizeof(ap_listen_rec)); ++ rec->active = 0; ++ rec->next = 0; ++ ++ ++ rv = apr_os_sock_make(&rec->sd, &si, process->pool); ++ if (rv != APR_SUCCESS) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02490) ++ "apr_os_sock_make on %d failed.", fd); ++ return rv; ++ } ++ ++ rv = apr_socket_addr_get(&rec->bind_addr, APR_LOCAL, rec->sd); ++ if (rv != APR_SUCCESS) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02491) ++ "apr_socket_addr_get on %d failed.", fd); ++ return rv; ++ } ++ ++ rec->protocol = apr_pstrdup(process->pool, proto); ++ ++ *out_rec = rec; ++ ++ return make_sock(process->pool, rec, 0); ++} ++ ++static const char *set_systemd_listener(process_rec *process, apr_port_t port, ++ const char *proto) ++{ ++ ap_listen_rec *last, *new; ++ apr_status_t rv; ++ int fd = find_systemd_socket(process, port); ++ if (fd < 0) { ++ return "Systemd socket activation is used, but this port is not " ++ "configured in systemd"; ++ } ++ ++ last = ap_listeners; ++ while (last && last->next) { ++ last = last->next; ++ } ++ ++ rv = alloc_systemd_listener(process, fd, proto, &new); ++ if (rv != APR_SUCCESS) { ++ return "Failed to setup socket passed by systemd using socket activation"; ++ } ++ ++ if (last == NULL) { ++ ap_listeners = last = new; ++ } ++ else { ++ last->next = new; ++ last = new; ++ } ++ ++ return NULL; ++} ++ ++#endif /* HAVE_SYSTEMD */ ++ + static const char *alloc_listener(process_rec *process, char *addr, + apr_port_t port, const char* proto, + void *slave) +@@ -479,7 +606,7 @@ static int open_listeners(apr_pool_t *pool) + } + } + #endif +- if (make_sock(pool, lr) == APR_SUCCESS) { ++ if (make_sock(pool, lr, 1) == APR_SUCCESS) { + ++num_open; + } + else { +@@ -591,8 +718,28 @@ AP_DECLARE(int) ap_setup_listeners(server_rec *s) + } + } + +- if (open_listeners(s->process->pool)) { +- return 0; ++#ifdef HAVE_SYSTEMD ++ if (use_systemd) { ++ const char *userdata_key = "ap_open_systemd_listeners"; ++ void *data; ++ /* clear the enviroment on our second run ++ * so that none of our future children get confused. ++ */ ++ apr_pool_userdata_get(&data, userdata_key, s->process->pool); ++ if (!data) { ++ apr_pool_userdata_set((const void *)1, userdata_key, ++ apr_pool_cleanup_null, s->process->pool); ++ } ++ else { ++ sd_listen_fds(1); ++ } ++ } ++ else ++#endif ++ { ++ if (open_listeners(s->process->pool)) { ++ return 0; ++ } + } + + for (lr = ap_listeners; lr; lr = lr->next) { +@@ -682,7 +829,7 @@ AP_DECLARE(apr_status_t) ap_duplicate_listeners(apr_pool_t *p, server_rec *s, + duplr->bind_addr); + return stat; + } +- make_sock(p, duplr); ++ make_sock(p, duplr, 1); + #if AP_NONBLOCK_WHEN_MULTI_LISTEN + use_nonblock = (ap_listeners && ap_listeners->next); + stat = apr_socket_opt_set(duplr->sd, APR_SO_NONBLOCK, use_nonblock); +@@ -809,6 +956,11 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy, + if (argc < 1 || argc > 2) { + return "Listen requires 1 or 2 arguments."; + } ++#ifdef HAVE_SYSTEMD ++ if (use_systemd == -1) { ++ use_systemd = sd_listen_fds(0) > 0; ++ } ++#endif + + rv = apr_parse_addr_port(&host, &scope_id, &port, argv[0], cmd->pool); + if (rv != APR_SUCCESS) { +@@ -840,6 +992,12 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy, + ap_str_tolower(proto); + } + ++#ifdef HAVE_SYSTEMD ++ if (use_systemd) { ++ return set_systemd_listener(cmd->server->process, port, proto); ++ } ++#endif ++ + return alloc_listener(cmd->server->process, host, port, proto, NULL); + } + diff --git a/httpd-2.4.17-sslciphdefault.patch b/httpd-2.4.17-sslciphdefault.patch new file mode 100644 index 0000000..8efc461 --- /dev/null +++ b/httpd-2.4.17-sslciphdefault.patch @@ -0,0 +1,33 @@ + +https://bugzilla.redhat.com/show_bug.cgi?id=1109119 + +Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite. + +--- httpd-2.4.17/modules/ssl/ssl_engine_config.c.sslciphdefault ++++ httpd-2.4.17/modules/ssl/ssl_engine_config.c +@@ -708,8 +708,10 @@ const char *ssl_cmd_SSLCipherSuite(cmd_p + SSLSrvConfigRec *sc = mySrvConfig(cmd->server); + SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; + +- /* always disable null and export ciphers */ +- arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL); ++ /* Disable null and export ciphers by default, except for PROFILE= ++ * configs where the parser doesn't cope. */ ++ if (strncmp(arg, "PROFILE=", 8) != 0) ++ arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL); + + if (cmd->path) { + dc->szCipherSuite = arg; +@@ -1428,8 +1430,10 @@ const char *ssl_cmd_SSLProxyCipherSuite( + { + SSLSrvConfigRec *sc = mySrvConfig(cmd->server); + +- /* always disable null and export ciphers */ +- arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL); ++ /* Disable null and export ciphers by default, except for PROFILE= ++ * configs where the parser doesn't cope. */ ++ if (strncmp(arg, "PROFILE=", 8) != 0) ++ arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL); + + sc->proxy->auth.cipher_suite = arg; + diff --git a/httpd-2.4.9-socket-activation.patch b/httpd-2.4.9-socket-activation.patch deleted file mode 100644 index fa62573..0000000 --- a/httpd-2.4.9-socket-activation.patch +++ /dev/null @@ -1,301 +0,0 @@ -diff --git a/server/listen.c b/server/listen.c -index 7950a10..428fa5e 100644 ---- a/server/listen.c -+++ b/server/listen.c -@@ -28,6 +28,10 @@ - #include "http_log.h" - #include "mpm_common.h" - -+#ifdef HAVE_SYSTEMD -+#include -+#endif -+ - /* we know core's module_index is 0 */ - #undef APLOG_MODULE_INDEX - #define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX -@@ -38,9 +42,12 @@ static ap_listen_rec *old_listeners; - static int ap_listenbacklog; - static int send_buffer_size; - static int receive_buffer_size; -+#ifdef HAVE_SYSTEMD -+static int use_systemd = -1; -+#endif - - /* TODO: make_sock is just begging and screaming for APR abstraction */ --static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server) -+static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server, int do_bind_listen) - { - apr_socket_t *s = server->sd; - int one = 1; -@@ -73,20 +80,6 @@ static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server) - return stat; - } - --#if APR_HAVE_IPV6 -- if (server->bind_addr->family == APR_INET6) { -- stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); -- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { -- ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069) -- "make_sock: for address %pI, apr_socket_opt_set: " -- "(IPV6_V6ONLY)", -- server->bind_addr); -- apr_socket_close(s); -- return stat; -- } -- } --#endif -- - /* - * To send data over high bandwidth-delay connections at full - * speed we must force the TCP window to open wide enough to keep the -@@ -131,21 +124,37 @@ static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server) - ap_sock_disable_nagle(s); - #endif - -- if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) { -- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072) -- "make_sock: could not bind to address %pI", -- server->bind_addr); -- apr_socket_close(s); -- return stat; -- } -+ if (do_bind_listen) { -+#if APR_HAVE_IPV6 -+ if (server->bind_addr->family == APR_INET6) { -+ stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); -+ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069) -+ "make_sock: for address %pI, apr_socket_opt_set: " -+ "(IPV6_V6ONLY)", -+ server->bind_addr); -+ apr_socket_close(s); -+ return stat; -+ } -+ } -+#endif - -- if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) { -- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073) -- "make_sock: unable to listen for connections " -- "on address %pI", -- server->bind_addr); -- apr_socket_close(s); -- return stat; -+ if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) { -+ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072) -+ "make_sock: could not bind to address %pI", -+ server->bind_addr); -+ apr_socket_close(s); -+ return stat; -+ } -+ -+ if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) { -+ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073) -+ "make_sock: unable to listen for connections " -+ "on address %pI", -+ server->bind_addr); -+ apr_socket_close(s); -+ return stat; -+ } - } - - #ifdef WIN32 -@@ -239,6 +248,124 @@ static apr_status_t close_listeners_on_exec(void *v) - return APR_SUCCESS; - } - -+ -+#ifdef HAVE_SYSTEMD -+ -+static int find_systemd_socket(process_rec * process, apr_port_t port) { -+ int fdcount, fd; -+ int sdc = sd_listen_fds(0); -+ -+ if (sdc < 0) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486) -+ "find_systemd_socket: Error parsing enviroment, sd_listen_fds returned %d", -+ sdc); -+ return -1; -+ } -+ -+ if (sdc == 0) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487) -+ "find_systemd_socket: At least one socket must be set."); -+ return -1; -+ } -+ -+ fdcount = atoi(getenv("LISTEN_FDS")); -+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) { -+ if (sd_is_socket_inet(fd, 0, 0, -1, port) > 0) { -+ return fd; -+ } -+ } -+ -+ return -1; -+} -+ -+static apr_status_t alloc_systemd_listener(process_rec * process, -+ int fd, const char *proto, -+ ap_listen_rec **out_rec) -+{ -+ apr_status_t rv; -+ struct sockaddr sa; -+ socklen_t len = sizeof(struct sockaddr); -+ apr_os_sock_info_t si; -+ ap_listen_rec *rec; -+ *out_rec = NULL; -+ -+ memset(&si, 0, sizeof(si)); -+ -+ rv = getsockname(fd, &sa, &len); -+ -+ if (rv != 0) { -+ rv = apr_get_netos_error(); -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02489) -+ "getsockname on %d failed.", fd); -+ return rv; -+ } -+ -+ si.os_sock = &fd; -+ si.family = sa.sa_family; -+ si.local = &sa; -+ si.type = SOCK_STREAM; -+ si.protocol = APR_PROTO_TCP; -+ -+ rec = apr_palloc(process->pool, sizeof(ap_listen_rec)); -+ rec->active = 0; -+ rec->next = 0; -+ -+ -+ rv = apr_os_sock_make(&rec->sd, &si, process->pool); -+ if (rv != APR_SUCCESS) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02490) -+ "apr_os_sock_make on %d failed.", fd); -+ return rv; -+ } -+ -+ rv = apr_socket_addr_get(&rec->bind_addr, APR_LOCAL, rec->sd); -+ if (rv != APR_SUCCESS) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02491) -+ "apr_socket_addr_get on %d failed.", fd); -+ return rv; -+ } -+ -+ rec->protocol = apr_pstrdup(process->pool, proto); -+ -+ *out_rec = rec; -+ -+ return make_sock(process->pool, rec, 0); -+} -+ -+static const char *set_systemd_listener(process_rec *process, apr_port_t port, -+ const char *proto) -+{ -+ ap_listen_rec *last, *new; -+ apr_status_t rv; -+ int fd = find_systemd_socket(process, port); -+ if (fd < 0) { -+ return "Systemd socket activation is used, but this port is not " -+ "configured in systemd"; -+ } -+ -+ last = ap_listeners; -+ while (last && last->next) { -+ last = last->next; -+ } -+ -+ rv = alloc_systemd_listener(process, fd, proto, &new); -+ if (rv != APR_SUCCESS) { -+ return "Failed to setup socket passed by systemd using socket activation"; -+ } -+ -+ if (last == NULL) { -+ ap_listeners = last = new; -+ } -+ else { -+ last->next = new; -+ last = new; -+ } -+ -+ return NULL; -+} -+ -+#endif /* HAVE_SYSTEMD */ -+ - static const char *alloc_listener(process_rec *process, char *addr, - apr_port_t port, const char* proto, - void *slave) -@@ -441,7 +568,7 @@ static int open_listeners(apr_pool_t *pool) - } - } - #endif -- if (make_sock(pool, lr) == APR_SUCCESS) { -+ if (make_sock(pool, lr, 1) == APR_SUCCESS) { - ++num_open; - } - else { -@@ -557,8 +684,29 @@ AP_DECLARE(int) ap_setup_listeners(server_rec *s) - } - } - -- if (open_listeners(s->process->pool)) { -- return 0; -+ -+#ifdef HAVE_SYSTEMD -+ if (use_systemd) { -+ const char *userdata_key = "ap_open_systemd_listeners"; -+ void *data; -+ /* clear the enviroment on our second run -+ * so that none of our future children get confused. -+ */ -+ apr_pool_userdata_get(&data, userdata_key, s->process->pool); -+ if (!data) { -+ apr_pool_userdata_set((const void *)1, userdata_key, -+ apr_pool_cleanup_null, s->process->pool); -+ } -+ else { -+ sd_listen_fds(1); -+ } -+ } -+ else -+#endif -+ { -+ if (open_listeners(s->process->pool)) { -+ return 0; -+ } - } - - for (lr = ap_listeners; lr; lr = lr->next) { -@@ -591,6 +739,7 @@ AP_DECLARE_NONSTD(void) ap_close_listeners(void) - lr->active = 0; - } - } -+ - AP_DECLARE_NONSTD(int) ap_close_selected_listeners(ap_slave_t *slave) - { - ap_listen_rec *lr; -@@ -630,6 +779,11 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy, - if (argc < 1 || argc > 2) { - return "Listen requires 1 or 2 arguments."; - } -+#ifdef HAVE_SYSTEMD -+ if (use_systemd == -1) { -+ use_systemd = sd_listen_fds(0) > 0; -+ } -+#endif - - rv = apr_parse_addr_port(&host, &scope_id, &port, argv[0], cmd->pool); - if (rv != APR_SUCCESS) { -@@ -661,6 +815,12 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy, - ap_str_tolower(proto); - } - -+#ifdef HAVE_SYSTEMD -+ if (use_systemd) { -+ return set_systemd_listener(cmd->server->process, port, proto); -+ } -+#endif -+ - return alloc_listener(cmd->server->process, host, port, proto, NULL); - } - diff --git a/httpd.spec b/httpd.spec index 1d62390..bca4b66 100644 --- a/httpd.spec +++ b/httpd.spec @@ -7,7 +7,7 @@ Summary: Apache HTTP Server Name: httpd -Version: 2.4.16 +Version: 2.4.17 Release: 1%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 @@ -60,12 +60,13 @@ Patch27: httpd-2.4.2-icons.patch Patch29: httpd-2.4.10-mod_systemd.patch Patch30: httpd-2.4.4-cachehardmax.patch Patch31: httpd-2.4.6-sslmultiproxy.patch -Patch34: httpd-2.4.9-socket-activation.patch -Patch35: httpd-2.4.10-sslciphdefault.patch +Patch34: httpd-2.4.17-socket-activation.patch +Patch35: httpd-2.4.17-sslciphdefault.patch # Bug fixes Patch55: httpd-2.4.4-malformed-host.patch Patch56: httpd-2.4.4-mod_unique_id.patch Patch57: httpd-2.4.10-sigint.patch +Patch58: httpd-2.4.17-debug-crash.patch # Security fixes License: ASL 2.0 Group: System Environment/Daemons @@ -73,7 +74,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: autoconf, perl, pkgconfig, findutils, xmlto BuildRequires: zlib-devel, libselinux-devel, lua-devel BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0 -BuildRequires: systemd-devel +BuildRequires: systemd-devel, libnghttp2-devel Requires: /etc/mime.types, system-logos-httpd Obsoletes: httpd-suexec Provides: webserver @@ -204,12 +205,13 @@ interface for storing and accessing per-user session data. %patch29 -p1 -b .systemd %patch30 -p1 -b .cachehardmax %patch31 -p1 -b .sslmultiproxy -%patch34 -p1 -b .socketactivation +#patch34 -p1 -b .socketactivation %patch35 -p1 -b .sslciphdefault %patch55 -p1 -b .malformedhost %patch56 -p1 -b .uniqueid %patch57 -p1 -b .sigint +%patch58 -p1 -b .debugcrash # Patch in the vendor string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h @@ -665,7 +667,13 @@ rm -rf $RPM_BUILD_ROOT %{_rpmconfigdir}/macros.d/macros.httpd %changelog -* Wed Jul 15 2015 Jan Kaluza - 2.4.12-4 +* Thu Oct 29 2015 Jan Kaluza - 2.4.17-1 +- update to 2.4.17 (#1271224) +- build, load mod_http2 +- load mod_cache_socache, mod_proxy_wstunnel by default +- fix crash when using -X argument (#1272234) + +* Wed Jul 15 2015 Jan Kaluza - 2.4.16-1 - update to 2.4.16 * Tue Jul 7 2015 Joe Orton - 2.4.12-3 diff --git a/sources b/sources index 820ee71..c7410a8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2b19cd338fd526dd5a63c57b1e9bfee2 httpd-2.4.16.tar.bz2 +cf4dfee11132cde836022f196611a8b7 httpd-2.4.17.tar.bz2