diff --git a/.gitignore b/.gitignore index 28521d6..dbc83cb 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ x86_64 /httpd-2.4.4.tar.bz2 /httpd-2.4.6.tar.bz2 /httpd-2.4.7.tar.bz2 +/httpd-2.4.9.tar.bz2 diff --git a/action-graceful.sh b/action-graceful.sh index 3d28f0e..dc68b2e 100644 --- a/action-graceful.sh +++ b/action-graceful.sh @@ -1,2 +1,2 @@ #!/bin/sh -exec /sbin/apachectl -k graceful "$@" +exec /sbin/apachectl graceful "$@" diff --git a/httpd-2.4.3-apxs.patch b/httpd-2.4.3-apxs.patch deleted file mode 100644 index f4d2a87..0000000 --- a/httpd-2.4.3-apxs.patch +++ /dev/null @@ -1,56 +0,0 @@ ---- httpd-2.4.3/support/apxs.in.apxs -+++ httpd-2.4.3/support/apxs.in -@@ -25,7 +25,18 @@ package apxs; - - my %config_vars = (); - --my $installbuilddir = "@exp_installbuilddir@"; -+# Awful hack to make apxs libdir-agnostic: -+my $pkg_config = "/usr/bin/pkg-config"; -+if (! -x "$pkg_config") { -+ error("$pkg_config not found!"); -+ exit(1); -+} -+ -+my $libdir = `pkg-config --variable=libdir apr-1`; -+chomp $libdir; -+ -+my $installbuilddir = $libdir . "/httpd/build"; -+ - get_config_vars("$installbuilddir/config_vars.mk",\%config_vars); - - # read the configuration variables once -@@ -275,7 +286,7 @@ if ($opt_g) { - $data =~ s|%NAME%|$name|sg; - $data =~ s|%TARGET%|$CFG_TARGET|sg; - $data =~ s|%PREFIX%|$prefix|sg; -- $data =~ s|%INSTALLBUILDDIR%|$installbuilddir|sg; -+ $data =~ s|%LIBDIR%|$libdir|sg; - - my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s); - -@@ -453,11 +464,11 @@ if ($opt_c) { - my $ldflags = "$CFG_LDFLAGS"; - if ($opt_p == 1) { - -- my $apr_libs=`$apr_config --cflags --ldflags --link-libtool --libs`; -+ my $apr_libs=`$apr_config --cflags --ldflags --link-libtool`; - chomp($apr_libs); - my $apu_libs=""; - if ($apr_major_version < 2) { -- $apu_libs=`$apu_config --ldflags --link-libtool --libs`; -+ $apu_libs=`$apu_config --ldflags --link-libtool`; - chomp($apu_libs); - } - -@@ -672,8 +683,8 @@ __DATA__ - - builddir=. - top_srcdir=%PREFIX% --top_builddir=%PREFIX% --include %INSTALLBUILDDIR%/special.mk -+top_builddir=%LIBDIR%/httpd -+include %LIBDIR%/httpd/build/special.mk - - # the used tools - APXS=apxs diff --git a/httpd-2.4.4-dump-vhost-twice.patch b/httpd-2.4.4-dump-vhost-twice.patch deleted file mode 100644 index 945fd5e..0000000 --- a/httpd-2.4.4-dump-vhost-twice.patch +++ /dev/null @@ -1,45 +0,0 @@ ---- trunk/server/vhost.c 2013/05/11 11:51:28 1481305 -+++ trunk/server/vhost.c 2013/05/11 12:05:24 1481306 -@@ -577,14 +577,21 @@ - */ - - for (s = main_s->next; s; s = s->next) { -+ server_addr_rec *sar_prev = NULL; - has_default_vhost_addr = 0; - for (sar = s->addrs; sar; sar = sar->next) { - ipaddr_chain *ic; - char inaddr_any[16] = {0}; /* big enough to handle IPv4 or IPv6 */ -- -+ /* XXX: this treats 0.0.0.0 as a "default" server which matches no-exact-match for IPv6 */ - if (!memcmp(sar->host_addr->ipaddr_ptr, inaddr_any, sar->host_addr->ipaddr_len)) { - ic = find_default_server(sar->host_port); -- if (!ic || sar->host_port != ic->sar->host_port) { -+ -+ if (ic && sar->host_port == ic->sar->host_port) { /* we're a match for an existing "default server" */ -+ if (!sar_prev || memcmp(sar_prev->host_addr->ipaddr_ptr, inaddr_any, sar_prev->host_addr->ipaddr_len)) { -+ add_name_vhost_config(p, main_s, s, sar, ic); -+ } -+ } -+ else { - /* No default server, or we found a default server but - ** exactly one of us is a wildcard port, which means we want - ** two ip-based vhosts not an NVH with two names -@@ -592,6 +599,7 @@ - ic = new_ipaddr_chain(p, s, sar); - ic->next = default_list; - default_list = ic; -+ add_name_vhost_config(p, main_s, s, sar, ic); - } - has_default_vhost_addr = 1; - } -@@ -609,8 +617,9 @@ - ic->next = *iphash_table_tail[bucket]; - *iphash_table_tail[bucket] = ic; - } -+ add_name_vhost_config(p, main_s, s, sar, ic); - } -- add_name_vhost_config(p, main_s, s, sar, ic); -+ sar_prev = sar; - } - - /* Ok now we want to set up a server_hostname if the user was diff --git a/httpd-2.4.4-r1332643+.patch b/httpd-2.4.4-r1332643+.patch deleted file mode 100644 index 849f6d0..0000000 --- a/httpd-2.4.4-r1332643+.patch +++ /dev/null @@ -1,248 +0,0 @@ -# ./pullrev.sh 1332643 1345599 - -https://bugzilla.redhat.com//show_bug.cgi?id=809599 - -http://svn.apache.org/viewvc?view=revision&revision=1332643 - -http://svn.apache.org/viewvc?view=revision&revision=1345599 - ---- httpd-2.4.4/modules/ssl/mod_ssl.c.r1332643+ -+++ httpd-2.4.4/modules/ssl/mod_ssl.c -@@ -272,6 +272,18 @@ static const command_rec ssl_config_cmds - AP_END_CMD - }; - -+/* Implement 'modssl_run_npn_advertise_protos_hook'. */ -+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( -+ modssl, AP, int, npn_advertise_protos_hook, -+ (conn_rec *connection, apr_array_header_t *protos), -+ (connection, protos), OK, DECLINED); -+ -+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */ -+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( -+ modssl, AP, int, npn_proto_negotiated_hook, -+ (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len), -+ (connection, proto_name, proto_name_len), OK, DECLINED); -+ - /* - * the various processing hooks - */ ---- httpd-2.4.4/modules/ssl/mod_ssl.h.r1332643+ -+++ httpd-2.4.4/modules/ssl/mod_ssl.h -@@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_e - - APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); - -+/** The npn_advertise_protos optional hook allows other modules to add entries -+ * to the list of protocol names advertised by the server during the Next -+ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is -+ * given the connection and an APR array; it should push one or more char*'s -+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto -+ * the array and return OK, or do nothing and return DECLINED. */ -+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook, -+ (conn_rec *connection, apr_array_header_t *protos)); -+ -+/** The npn_proto_negotiated optional hook allows other modules to discover the -+ * name of the protocol that was chosen during the Next Protocol Negotiation -+ * (NPN) portion of the SSL handshake. Note that this may be the empty string -+ * (in which case modules should probably assume HTTP), or it may be a protocol -+ * that was never even advertised by the server. The hook callee is given the -+ * connection, a non-null-terminated string containing the protocol name, and -+ * the length of the string; it should do something appropriate (i.e. insert or -+ * remove filters) and return OK, or do nothing and return DECLINED. */ -+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook, -+ (conn_rec *connection, const char *proto_name, -+ apr_size_t proto_name_len)); -+ - #endif /* __MOD_SSL_H__ */ - /** @} */ ---- httpd-2.4.4/modules/ssl/ssl_engine_init.c.r1332643+ -+++ httpd-2.4.4/modules/ssl/ssl_engine_init.c -@@ -725,6 +725,11 @@ static void ssl_init_ctx_callbacks(serve - #endif - - SSL_CTX_set_info_callback(ctx, ssl_callback_Info); -+ -+#ifdef HAVE_TLS_NPN -+ SSL_CTX_set_next_protos_advertised_cb( -+ ctx, ssl_callback_AdvertiseNextProtos, NULL); -+#endif - } - - static void ssl_init_ctx_verify(server_rec *s, ---- httpd-2.4.4/modules/ssl/ssl_engine_io.c.r1332643+ -+++ httpd-2.4.4/modules/ssl/ssl_engine_io.c -@@ -28,6 +28,7 @@ - core keeps dumping.'' - -- Unknown */ - #include "ssl_private.h" -+#include "mod_ssl.h" - #include "apr_date.h" - - /* _________________________________________________________________ -@@ -297,6 +298,7 @@ typedef struct { - apr_pool_t *pool; - char buffer[AP_IOBUFSIZE]; - ssl_filter_ctx_t *filter_ctx; -+ int npn_finished; /* 1 if NPN has finished, 0 otherwise */ - } bio_filter_in_ctx_t; - - /* -@@ -1385,6 +1387,26 @@ static apr_status_t ssl_io_filter_input( - APR_BRIGADE_INSERT_TAIL(bb, bucket); - } - -+#ifdef HAVE_TLS_NPN -+ /* By this point, Next Protocol Negotiation (NPN) should be completed (if -+ * our version of OpenSSL supports it). If we haven't already, find out -+ * which protocol was decided upon and inform other modules by calling -+ * npn_proto_negotiated_hook. */ -+ if (!inctx->npn_finished) { -+ const unsigned char *next_proto = NULL; -+ unsigned next_proto_len = 0; -+ -+ SSL_get0_next_proto_negotiated( -+ inctx->ssl, &next_proto, &next_proto_len); -+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, -+ APLOGNO(02306) "SSL NPN negotiated protocol: '%*s'", -+ next_proto_len, (const char*)next_proto); -+ modssl_run_npn_proto_negotiated_hook( -+ f->c, (const char*)next_proto, next_proto_len); -+ inctx->npn_finished = 1; -+ } -+#endif -+ - return APR_SUCCESS; - } - -@@ -1866,6 +1888,7 @@ static void ssl_io_input_add_filter(ssl_ - inctx->block = APR_BLOCK_READ; - inctx->pool = c->pool; - inctx->filter_ctx = filter_ctx; -+ inctx->npn_finished = 0; - } - - /* The request_rec pointer is passed in here only to ensure that the ---- httpd-2.4.4/modules/ssl/ssl_engine_kernel.c.r1332643+ -+++ httpd-2.4.4/modules/ssl/ssl_engine_kernel.c -@@ -29,6 +29,7 @@ - time I was too famous.'' - -- Unknown */ - #include "ssl_private.h" -+#include "mod_ssl.h" - #include "util_md5.h" - - static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); -@@ -2161,6 +2162,90 @@ int ssl_callback_SessionTicket(SSL *ssl, - } - #endif /* HAVE_TLS_SESSION_TICKETS */ - -+#ifdef HAVE_TLS_NPN -+/* -+ * This callback function is executed when SSL needs to decide what protocols -+ * to advertise during Next Protocol Negotiation (NPN). It must produce a -+ * string in wire format -- a sequence of length-prefixed strings -- indicating -+ * the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb -+ * in OpenSSL for reference. -+ */ -+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out, -+ unsigned int *size_out, void *arg) -+{ -+ conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); -+ apr_array_header_t *protos; -+ int num_protos; -+ unsigned int size; -+ int i; -+ unsigned char *data; -+ unsigned char *start; -+ -+ *data_out = NULL; -+ *size_out = 0; -+ -+ /* If the connection object is not available, then there's nothing for us -+ * to do. */ -+ if (c == NULL) { -+ return SSL_TLSEXT_ERR_OK; -+ } -+ -+ /* Invoke our npn_advertise_protos hook, giving other modules a chance to -+ * add alternate protocol names to advertise. */ -+ protos = apr_array_make(c->pool, 0, sizeof(char*)); -+ modssl_run_npn_advertise_protos_hook(c, protos); -+ num_protos = protos->nelts; -+ -+ /* We now have a list of null-terminated strings; we need to concatenate -+ * them together into a single string, where each protocol name is prefixed -+ * by its length. First, calculate how long that string will be. */ -+ size = 0; -+ for (i = 0; i < num_protos; ++i) { -+ const char *string = APR_ARRAY_IDX(protos, i, const char*); -+ unsigned int length = strlen(string); -+ /* If the protocol name is too long (the length must fit in one byte), -+ * then log an error and skip it. */ -+ if (length > 255) { -+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02307) -+ "SSL NPN protocol name too long (length=%u): %s", -+ length, string); -+ continue; -+ } -+ /* Leave room for the length prefix (one byte) plus the protocol name -+ * itself. */ -+ size += 1 + length; -+ } -+ -+ /* If there is nothing to advertise (either because no modules added -+ * anything to the protos array, or because all strings added to the array -+ * were skipped), then we're done. */ -+ if (size == 0) { -+ return SSL_TLSEXT_ERR_OK; -+ } -+ -+ /* Now we can build the string. Copy each protocol name string into the -+ * larger string, prefixed by its length. */ -+ data = apr_palloc(c->pool, size * sizeof(unsigned char)); -+ start = data; -+ for (i = 0; i < num_protos; ++i) { -+ const char *string = APR_ARRAY_IDX(protos, i, const char*); -+ apr_size_t length = strlen(string); -+ if (length > 255) -+ continue; -+ *start = (unsigned char)length; -+ ++start; -+ memcpy(start, string, length * sizeof(unsigned char)); -+ start += length; -+ } -+ -+ /* Success. */ -+ *data_out = data; -+ *size_out = size; -+ return SSL_TLSEXT_ERR_OK; -+} -+ -+#endif /* HAVE_TLS_NPN */ -+ - #ifndef OPENSSL_NO_SRP - - int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg) ---- httpd-2.4.4/modules/ssl/ssl_private.h.r1332643+ -+++ httpd-2.4.4/modules/ssl/ssl_private.h -@@ -139,6 +139,11 @@ - #define HAVE_FIPS - #endif - -+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ -+ && !defined(OPENSSL_NO_TLSEXT) -+#define HAVE_TLS_NPN -+#endif -+ - #if (OPENSSL_VERSION_NUMBER >= 0x10000000) - #define MODSSL_SSL_CIPHER_CONST const - #define MODSSL_SSL_METHOD_CONST const -@@ -840,6 +845,7 @@ int ssl_callback_ServerNameIndi - int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, - EVP_CIPHER_CTX *, HMAC_CTX *, int); - #endif -+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); - - /** Session Cache Support */ - void ssl_scache_init(server_rec *, apr_pool_t *); diff --git a/httpd-2.4.6-r1534321.patch b/httpd-2.4.6-r1534321.patch deleted file mode 100644 index f165838..0000000 --- a/httpd-2.4.6-r1534321.patch +++ /dev/null @@ -1,15 +0,0 @@ -# ./pullrev.sh 1534321 - -http://svn.apache.org/viewvc?view=revision&revision=1534321 - ---- httpd-2.4.6/modules/proxy/mod_proxy_http.c -+++ httpd-2.4.6/modules/proxy/mod_proxy_http.c -@@ -710,7 +710,7 @@ - force10 = 0; - } - -- header_brigade = apr_brigade_create(p, origin->bucket_alloc); -+ header_brigade = apr_brigade_create(p, bucket_alloc); - rv = ap_proxy_create_hdrbrgd(p, header_brigade, r, p_conn, - worker, conf, uri, url, server_portstr, - &old_cl_val, &old_te_val); diff --git a/httpd-2.4.7-sslsninotreq.patch b/httpd-2.4.7-sslsninotreq.patch deleted file mode 100644 index 55d6fb3..0000000 --- a/httpd-2.4.7-sslsninotreq.patch +++ /dev/null @@ -1,76 +0,0 @@ - ---- httpd-2.4.7/modules/ssl/ssl_engine_config.c.sslsninotreq -+++ httpd-2.4.7/modules/ssl/ssl_engine_config.c -@@ -55,6 +55,7 @@ SSLModConfigRec *ssl_config_global_creat - mc = (SSLModConfigRec *)apr_palloc(pool, sizeof(*mc)); - mc->pPool = pool; - mc->bFixed = FALSE; -+ mc->sni_required = FALSE; - - /* - * initialize per-module configuration ---- httpd-2.4.7/modules/ssl/ssl_engine_init.c.sslsninotreq -+++ httpd-2.4.7/modules/ssl/ssl_engine_init.c -@@ -234,7 +234,7 @@ int ssl_init_Module(apr_pool_t *p, apr_p - /* - * Configuration consistency checks - */ -- ssl_init_CheckServers(base_server, ptemp); -+ ssl_init_CheckServers(mc, base_server, ptemp); - - /* - * Announce mod_ssl and SSL library in HTTP Server field -@@ -1322,7 +1322,7 @@ void ssl_init_ConfigureServer(server_rec - } - } - --void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p) -+void ssl_init_CheckServers(SSLModConfigRec *mc, server_rec *base_server, apr_pool_t *p) - { - server_rec *s, *ps; - SSLSrvConfigRec *sc; -@@ -1404,6 +1404,7 @@ void ssl_init_CheckServers(server_rec *b - } - - if (conflict) { -+ mc->sni_required = TRUE; - #ifndef HAVE_TLSEXT - ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01917) - "Init: You should not use name-based " ---- httpd-2.4.7/modules/ssl/ssl_engine_kernel.c.sslsninotreq -+++ httpd-2.4.7/modules/ssl/ssl_engine_kernel.c -@@ -164,6 +164,7 @@ int ssl_hook_ReadReq(request_rec *r) - } - #ifdef HAVE_TLSEXT - if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) { -+ if (myModConfig(r->server)->sni_required) { - char *host, *scope_id; - apr_port_t port; - apr_status_t rv; -@@ -205,6 +206,7 @@ int ssl_hook_ReadReq(request_rec *r) - " virtual host"); - return HTTP_FORBIDDEN; - } -+ } - #endif - SSL_set_app_data2(ssl, r); - ---- httpd-2.4.7/modules/ssl/ssl_private.h.sslsninotreq -+++ httpd-2.4.7/modules/ssl/ssl_private.h -@@ -520,6 +520,7 @@ typedef struct { - struct { - void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10; - } rCtx; -+ BOOL sni_required; - } SSLModConfigRec; - - /** Structure representing configured filenames for certs and keys for -@@ -765,7 +766,7 @@ const char *ssl_cmd_SSLFIPS(cmd_parms *c - int ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *); - void ssl_init_Engine(server_rec *, apr_pool_t *); - void ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *); --void ssl_init_CheckServers(server_rec *, apr_pool_t *); -+void ssl_init_CheckServers(SSLModConfigRec *mc, server_rec *, apr_pool_t *); - STACK_OF(X509_NAME) - *ssl_init_FindCAList(server_rec *, apr_pool_t *, const char *, const char *); - void ssl_init_Child(apr_pool_t *, server_rec *); diff --git a/httpd-2.4.9-apxs.patch b/httpd-2.4.9-apxs.patch new file mode 100644 index 0000000..7016dec --- /dev/null +++ b/httpd-2.4.9-apxs.patch @@ -0,0 +1,58 @@ +diff --git a/support/apxs.in b/support/apxs.in +index ad1287f..efcfcf6 100644 +--- a/support/apxs.in ++++ b/support/apxs.in +@@ -25,7 +25,18 @@ package apxs; + + my %config_vars = (); + +-my $installbuilddir = "@exp_installbuilddir@"; ++# Awful hack to make apxs libdir-agnostic: ++my $pkg_config = "/usr/bin/pkg-config"; ++if (! -x "$pkg_config") { ++ error("$pkg_config not found!"); ++ exit(1); ++} ++ ++my $libdir = `pkg-config --variable=libdir apr-1`; ++chomp $libdir; ++ ++my $installbuilddir = $libdir . "/httpd/build"; ++ + get_config_vars("$installbuilddir/config_vars.mk",\%config_vars); + + # read the configuration variables once +@@ -275,7 +286,7 @@ if ($opt_g) { + $data =~ s|%NAME%|$name|sg; + $data =~ s|%TARGET%|$CFG_TARGET|sg; + $data =~ s|%PREFIX%|$prefix|sg; +- $data =~ s|%INSTALLBUILDDIR%|$installbuilddir|sg; ++ $data =~ s|%LIBDIR%|$libdir|sg; + + my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s); + +@@ -453,11 +464,11 @@ if ($opt_c) { + my $ldflags = "$CFG_LDFLAGS"; + if ($opt_p == 1) { + +- my $apr_libs=`$apr_config --cflags --ldflags --link-libtool --libs`; ++ my $apr_libs=`$apr_config --cflags --ldflags --link-libtool`; + chomp($apr_libs); + my $apu_libs=""; + if ($apr_major_version < 2) { +- $apu_libs=`$apu_config --ldflags --link-libtool --libs`; ++ $apu_libs=`$apu_config --ldflags --link-libtool`; + chomp($apu_libs); + } + +@@ -672,8 +683,8 @@ __DATA__ + + builddir=. + top_srcdir=%PREFIX% +-top_builddir=%PREFIX% +-include %INSTALLBUILDDIR%/special.mk ++top_builddir=%LIBDIR%/httpd ++include %LIBDIR%/httpd/build/special.mk + + # the used tools + APACHECTL=apachectl diff --git a/httpd-2.4.9-r1573626.patch b/httpd-2.4.9-r1573626.patch new file mode 100644 index 0000000..58d116b --- /dev/null +++ b/httpd-2.4.9-r1573626.patch @@ -0,0 +1,29 @@ +--- a/modules/proxy/mod_proxy.c 2014/03/03 17:28:10 1573625 ++++ b/modules/proxy/mod_proxy.c 2014/03/03 17:28:17 1573626 +@@ -927,8 +927,25 @@ + struct dirconn_entry *list = (struct dirconn_entry *)conf->dirconn->elts; + + /* is this for us? */ +- if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0) ++ if (!r->filename) { + return DECLINED; ++ } ++ ++ if (!r->proxyreq) { ++ /* We may have forced the proxy handler via config or .htaccess */ ++ if (r->handler && ++ strncmp(r->handler, "proxy:", 6) == 0 && ++ strncmp(r->filename, "proxy:", 6) != 0) { ++ r->proxyreq = PROXYREQ_REVERSE; ++ r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL); ++ apr_table_setn(r->notes, "rewrite-proxy", "1"); ++ } ++ else { ++ return DECLINED; ++ } ++ } else if (strncmp(r->filename, "proxy:", 6) != 0) { ++ return DECLINED; ++ } + + /* handle max-forwards / OPTIONS / TRACE */ + if ((str = apr_table_get(r->headers_in, "Max-Forwards"))) { diff --git a/httpd.spec b/httpd.spec index 9c28e43..2f1ce08 100644 --- a/httpd.spec +++ b/httpd.spec @@ -13,7 +13,7 @@ Summary: Apache HTTP Server Name: httpd -Version: 2.4.7 +Version: 2.4.9 Release: 1%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 @@ -48,7 +48,7 @@ Source40: htcacheclean.service Source41: htcacheclean.sysconf # build/scripts patches Patch1: httpd-2.4.1-apctl.patch -Patch2: httpd-2.4.3-apxs.patch +Patch2: httpd-2.4.9-apxs.patch Patch3: httpd-2.4.1-deplibs.patch Patch5: httpd-2.4.3-layout.patch Patch6: httpd-2.4.3-apctl-systemd.patch @@ -62,17 +62,16 @@ Patch29: httpd-2.4.3-mod_systemd.patch Patch30: httpd-2.4.4-cachehardmax.patch Patch31: httpd-2.4.6-sslmultiproxy.patch Patch32: httpd-2.4.7-r1537535.patch +Patch33: httpd-2.4.9-r1573626.patch # Bug fixes -Patch51: httpd-2.4.7-sslsninotreq.patch Patch55: httpd-2.4.4-malformed-host.patch Patch56: httpd-2.4.4-mod_unique_id.patch -Patch58: httpd-2.4.6-r1534321.patch License: ASL 2.0 Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: autoconf, perl, pkgconfig, findutils, xmlto BuildRequires: zlib-devel, libselinux-devel, lua-devel -BuildRequires: apr-devel >= 1.4.0, apr-util-devel >= 1.2.0, pcre-devel >= 5.0 +BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.2.0, pcre-devel >= 5.0 BuildRequires: systemd-devel Requires: /etc/mime.types, system-logos >= 7.92.1-1 Obsoletes: httpd-suexec @@ -84,6 +83,7 @@ Requires(pre): /usr/sbin/useradd Requires(preun): systemd-units Requires(postun): systemd-units Requires(post): systemd-units +Conflicts: apr < 1.5.0-1 %description The Apache HTTP Server is a powerful, efficient, and extensible @@ -188,11 +188,10 @@ interface for storing and accessing per-user session data. %patch30 -p1 -b .cachehardmax %patch31 -p1 -b .sslmultiproxy %patch32 -p1 -b .r1537535 - -%patch51 -p1 -b .sslsninotreq +%patch33 -p1 -b .r1573626 + %patch55 -p1 -b .malformedhost %patch56 -p1 -b .uniqueid -%patch58 -p1 -b .r1534321 # Patch in the vendor string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h @@ -619,6 +618,12 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/rpm/macros.httpd %changelog +* Wed Apr 09 2014 Jan Kaluza - 2.4.9-1 +- update to 2.4.9 +- add support for SetHandler + proxy (#1078970) +- fix graceful restart using legacy actions +- conflict with pre-1.5.0 APR + * Mon Jan 27 2014 Jan Kaluza - 2.4.7-1 - update to 2.4.7 (#1034071) - mod_ssl: allow SSLEngine to override Listen-based default (r1537535) diff --git a/sources b/sources index f460c94..43c32ab 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -170d7fb6fe5f28b87d1878020a9ab94e httpd-2.4.7.tar.bz2 +2ef4e65353497606b24fa9bb3e5a3c40 httpd-2.4.9.tar.bz2