diff --git a/httpd-2.4.1-selinux.patch b/httpd-2.4.1-selinux.patch deleted file mode 100644 index e97c5a4..0000000 --- a/httpd-2.4.1-selinux.patch +++ /dev/null @@ -1,61 +0,0 @@ - -Log the SELinux context at startup. - -Upstream-Status: unlikely to be any interest in this upstream - ---- httpd-2.4.1/configure.in.selinux -+++ httpd-2.4.1/configure.in -@@ -458,6 +458,11 @@ fopen64 - dnl confirm that a void pointer is large enough to store a long integer - APACHE_CHECK_VOID_PTR_LEN - -+AC_CHECK_LIB(selinux, is_selinux_enabled, [ -+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) -+ APR_ADDTO(AP_LIBS, [-lselinux]) -+]) -+ - AC_CACHE_CHECK([for gettid()], ac_cv_gettid, - [AC_TRY_RUN(#define _GNU_SOURCE - #include ---- httpd-2.4.1/server/core.c.selinux -+++ httpd-2.4.1/server/core.c -@@ -58,6 +58,10 @@ - #include - #endif - -+#ifdef HAVE_SELINUX -+#include -+#endif -+ - /* LimitRequestBody handling */ - #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) - #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) -@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * - } - #endif - -+#ifdef HAVE_SELINUX -+ { -+ static int already_warned = 0; -+ int is_enabled = is_selinux_enabled() > 0; -+ -+ if (is_enabled && !already_warned) { -+ security_context_t con; -+ -+ if (getcon(&con) == 0) { -+ -+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, -+ "SELinux policy enabled; " -+ "httpd running as context %s", con); -+ -+ already_warned = 1; -+ -+ freecon(con); -+ } -+ } -+ } -+#endif -+ - return OK; - } - diff --git a/httpd-2.4.10-detect-systemd.patch b/httpd-2.4.10-detect-systemd.patch deleted file mode 100644 index a22178b..0000000 --- a/httpd-2.4.10-detect-systemd.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff --git a/acinclude.m4 b/acinclude.m4 -index 580eb4a..bd7e2c9 100644 ---- a/acinclude.m4 -+++ b/acinclude.m4 -@@ -594,6 +594,30 @@ AC_DEFUN(APACHE_CHECK_OPENSSL,[ - fi - ]) - -+AC_DEFUN(APACHE_CHECK_SYSTEMD, [ -+dnl Check for systemd support for listen.c's socket activation. -+case $host in -+*-linux-*) -+ if test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd; then -+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd` -+ elif test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd-daemon; then -+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd-daemon` -+ else -+ AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon") -+ fi -+ if test -n "$SYSTEMD_LIBS"; then -+ AC_CHECK_HEADERS(systemd/sd-daemon.h) -+ if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then -+ AC_MSG_WARN([Your system does not support systemd.]) -+ else -+ APR_ADDTO(LIBS, [$SYSTEMD_LIBS]) -+ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if systemd is supported]) -+ fi -+ fi -+ ;; -+esac -+]) -+ - dnl - dnl APACHE_EXPORT_ARGUMENTS - dnl Export (via APACHE_SUBST) the various path-related variables that -diff --git a/configure.in b/configure.in -index 19a5f88..f096de3 100644 ---- a/configure.in -+++ b/configure.in -@@ -509,6 +509,8 @@ if test "$ac_cv_struct_tm_gmtoff" = "yes"; then - AC_DEFINE(HAVE_GMTOFF, 1, [Define if struct tm has a tm_gmtoff field]) - fi - -+APACHE_CHECK_SYSTEMD -+ - dnl ## Set up any appropriate OS-specific environment variables for apachectl - - case $host in diff --git a/httpd-2.4.25-detect-systemd.patch b/httpd-2.4.25-detect-systemd.patch new file mode 100644 index 0000000..f8e302b --- /dev/null +++ b/httpd-2.4.25-detect-systemd.patch @@ -0,0 +1,75 @@ +diff -uap httpd-2.4.25/acinclude.m4.detectsystemd httpd-2.4.25/acinclude.m4 +diff -uap httpd-2.4.25/acinclude.m4.detectsystemd httpd-2.4.25/acinclude.m4 +diff -uap httpd-2.4.25/acinclude.m4.detectsystemd httpd-2.4.25/acinclude.m4 +--- httpd-2.4.25/acinclude.m4.detectsystemd ++++ httpd-2.4.25/acinclude.m4 +@@ -604,6 +604,30 @@ + fi + ]) + ++AC_DEFUN(APACHE_CHECK_SYSTEMD, [ ++dnl Check for systemd support for listen.c's socket activation. ++case $host in ++*-linux-*) ++ if test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd; then ++ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd` ++ elif test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd-daemon; then ++ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd-daemon` ++ else ++ AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon") ++ fi ++ if test -n "$SYSTEMD_LIBS"; then ++ AC_CHECK_HEADERS(systemd/sd-daemon.h) ++ if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then ++ AC_MSG_WARN([Your system does not support systemd.]) ++ else ++ APR_ADDTO(HTTPD_LIBS, [$SYSTEMD_LIBS]) ++ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if systemd is supported]) ++ fi ++ fi ++ ;; ++esac ++]) ++ + dnl + dnl APACHE_EXPORT_ARGUMENTS + dnl Export (via APACHE_SUBST) the various path-related variables that +diff -uap httpd-2.4.25/configure.in.detectsystemd httpd-2.4.25/configure.in +--- httpd-2.4.25/configure.in.detectsystemd ++++ httpd-2.4.25/configure.in +@@ -234,6 +234,7 @@ + AC_MSG_NOTICE([Using external PCRE library from $PCRE_CONFIG]) + APR_ADDTO(PCRE_INCLUDES, [`$PCRE_CONFIG --cflags`]) + APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs`]) ++ APR_ADDTO(HTTPD_LIBS, [\$(PCRE_LIBS)]) + else + AC_MSG_ERROR([pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/]) + fi +@@ -504,6 +510,8 @@ + AC_DEFINE(HAVE_GMTOFF, 1, [Define if struct tm has a tm_gmtoff field]) + fi + ++APACHE_CHECK_SYSTEMD ++ + dnl ## Set up any appropriate OS-specific environment variables for apachectl + + case $host in +@@ -668,6 +676,7 @@ + APACHE_SUBST(BUILTIN_LIBS) + APACHE_SUBST(SHLIBPATH_VAR) + APACHE_SUBST(OS_SPECIFIC_VARS) ++APACHE_SUBST(HTTPD_LIBS) + + PRE_SHARED_CMDS='echo ""' + POST_SHARED_CMDS='echo ""' +--- httpd-2.4.25/Makefile.in.detectsystemd ++++ httpd-2.4.25/Makefile.in +@@ -4,7 +4,7 @@ + + PROGRAM_NAME = $(progname) + PROGRAM_SOURCES = modules.c +-PROGRAM_LDADD = buildmark.o $(HTTPD_LDFLAGS) $(PROGRAM_DEPENDENCIES) $(PCRE_LIBS) $(EXTRA_LIBS) $(AP_LIBS) $(LIBS) ++PROGRAM_LDADD = buildmark.o $(HTTPD_LDFLAGS) $(PROGRAM_DEPENDENCIES) $(HTTPD_LIBS) $(EXTRA_LIBS) $(AP_LIBS) $(LIBS) + PROGRAM_PRELINK = $(COMPILE) -c $(top_srcdir)/server/buildmark.c + PROGRAM_DEPENDENCIES = \ + server/libmain.la \ diff --git a/httpd-2.4.25-selinux.patch b/httpd-2.4.25-selinux.patch new file mode 100644 index 0000000..fa4614a --- /dev/null +++ b/httpd-2.4.25-selinux.patch @@ -0,0 +1,61 @@ + +Log the SELinux context at startup. + +Upstream-Status: unlikely to be any interest in this upstream + +--- httpd-2.4.1/configure.in.selinux ++++ httpd-2.4.1/configure.in +@@ -458,6 +458,11 @@ fopen64 + dnl confirm that a void pointer is large enough to store a long integer + APACHE_CHECK_VOID_PTR_LEN + ++AC_CHECK_LIB(selinux, is_selinux_enabled, [ ++ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) ++ APR_ADDTO(HTTPD_LIBS, [-lselinux]) ++]) ++ + AC_CACHE_CHECK([for gettid()], ac_cv_gettid, + [AC_TRY_RUN(#define _GNU_SOURCE + #include +--- httpd-2.4.1/server/core.c.selinux ++++ httpd-2.4.1/server/core.c +@@ -58,6 +58,10 @@ + #include + #endif + ++#ifdef HAVE_SELINUX ++#include ++#endif ++ + /* LimitRequestBody handling */ + #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) + #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) +@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * + } + #endif + ++#ifdef HAVE_SELINUX ++ { ++ static int already_warned = 0; ++ int is_enabled = is_selinux_enabled() > 0; ++ ++ if (is_enabled && !already_warned) { ++ security_context_t con; ++ ++ if (getcon(&con) == 0) { ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "SELinux policy enabled; " ++ "httpd running as context %s", con); ++ ++ already_warned = 1; ++ ++ freecon(con); ++ } ++ } ++ } ++#endif ++ + return OK; + } + diff --git a/httpd.spec b/httpd.spec index 6d764c6..de46f14 100644 --- a/httpd.spec +++ b/httpd.spec @@ -8,7 +8,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.25 -Release: 4%{?dist} +Release: 5%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -50,11 +50,11 @@ Patch5: httpd-2.4.3-layout.patch Patch6: httpd-2.4.3-apctl-systemd.patch Patch7: httpd-2.4.23-openssl11.patch # Needed for socket activation and mod_systemd patch -Patch19: httpd-2.4.10-detect-systemd.patch +Patch19: httpd-2.4.25-detect-systemd.patch # Features/functional changes Patch23: httpd-2.4.4-export.patch Patch24: httpd-2.4.1-corelimit.patch -Patch25: httpd-2.4.1-selinux.patch +Patch25: httpd-2.4.25-selinux.patch Patch26: httpd-2.4.4-r1337344+.patch Patch27: httpd-2.4.2-icons.patch Patch29: httpd-2.4.10-mod_systemd.patch @@ -684,6 +684,9 @@ rm -rf $RPM_BUILD_ROOT %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Fri Mar 24 2017 Joe Orton - 2.4.25-5 +- link only httpd, not support/* against -lselinux -lsystemd + * Fri Feb 10 2017 Fedora Release Engineering - 2.4.25-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild diff --git a/pullrev.sh b/pullrev.sh index a4e1421..8b60efa 100755 --- a/pullrev.sh +++ b/pullrev.sh @@ -6,8 +6,8 @@ if [ $# -lt 1 ]; then fi repo="https://svn.apache.org/repos/asf/httpd/httpd/trunk" -repo="https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x" -ver=2.4.6 +#repo="https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x" +ver=2.4.25 prefix="httpd-${ver}" suffix="r$1${2:++}" fn="${prefix}-${suffix}.patch"