diff --git a/.gitignore b/.gitignore index 29c6655..4f0a93f 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,4 @@ x86_64 /httpd-2.4.27.tar.bz2 /httpd-*.tar.bz2 /httpd*.8 +/results_httpd diff --git a/httpd-2.4.27-systemd.patch b/httpd-2.4.27-systemd.patch deleted file mode 100644 index 26aac48..0000000 --- a/httpd-2.4.27-systemd.patch +++ /dev/null @@ -1,188 +0,0 @@ -diff -uap httpd-2.4.27/modules/arch/unix/config5.m4.systemd httpd-2.4.27/modules/arch/unix/config5.m4 -diff -uap httpd-2.4.27/modules/arch/unix/config5.m4.systemd httpd-2.4.27/modules/arch/unix/config5.m4 -diff -uap httpd-2.4.27/modules/arch/unix/config5.m4.systemd httpd-2.4.27/modules/arch/unix/config5.m4 -diff -uap httpd-2.4.27/modules/arch/unix/config5.m4.systemd httpd-2.4.27/modules/arch/unix/config5.m4 ---- httpd-2.4.27/modules/arch/unix/config5.m4.systemd -+++ httpd-2.4.27/modules/arch/unix/config5.m4 -@@ -18,6 +18,16 @@ - fi - ]) - -+APACHE_MODULE(systemd, Systemd support, , , all, [ -+ if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then -+ AC_MSG_WARN([Your system does not support systemd.]) -+ enable_systemd="no" -+ else -+ APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS]) -+ enable_systemd="yes" -+ fi -+]) -+ - APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) - - APACHE_MODPATH_FINISH -diff -uap httpd-2.4.27/modules/arch/unix/mod_systemd.c.systemd httpd-2.4.27/modules/arch/unix/mod_systemd.c ---- httpd-2.4.27/modules/arch/unix/mod_systemd.c.systemd -+++ httpd-2.4.27/modules/arch/unix/mod_systemd.c -@@ -0,0 +1,161 @@ -+/* Licensed to the Apache Software Foundation (ASF) under one or more -+ * contributor license agreements. See the NOTICE file distributed with -+ * this work for additional information regarding copyright ownership. -+ * The ASF licenses this file to You under the Apache License, Version 2.0 -+ * (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ * -+ */ -+ -+#include -+#include -+#include "ap_mpm.h" -+#include -+#include -+#include -+#include -+#include -+#include -+#include "unixd.h" -+#include "scoreboard.h" -+#include "mpm_common.h" -+ -+#include "systemd/sd-daemon.h" -+ -+#if APR_HAVE_UNISTD_H -+#include -+#endif -+ -+static int shutdown_timer = 0; -+static int shutdown_counter = 0; -+static unsigned long bytes_served; -+static pid_t mainpid; -+ -+static int systemd_pre_config(apr_pool_t *pconf, apr_pool_t *plog, -+ apr_pool_t *ptemp) -+{ -+ sd_notify(0, -+ "RELOADING=1\n" -+ "STATUS=Reading configuration...\n"); -+ ap_extended_status = 1; -+ return OK; -+} -+ -+static int systemd_pre_mpm(apr_pool_t *p, ap_scoreboard_e sb_type) -+{ -+ int rv; -+ -+ mainpid = getpid(); -+ -+ rv = sd_notifyf(0, "READY=1\n" -+ "STATUS=Processing requests...\n" -+ "MAINPID=%" APR_PID_T_FMT, mainpid); -+ if (rv < 0) { -+ ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p, APLOGNO(02395) -+ "sd_notifyf returned an error %d", rv); -+ } -+ -+ return OK; -+} -+ -+static int systemd_monitor(apr_pool_t *p, server_rec *s) -+{ -+ ap_sload_t sload; -+ apr_interval_time_t up_time; -+ char bps[5]; -+ int rv; -+ -+ if (!ap_extended_status) { -+ /* Nothing useful to report if ExtendedStatus disabled. */ -+ return DECLINED; -+ } -+ -+ ap_get_sload(&sload); -+ /* up_time in seconds */ -+ up_time = (apr_uint32_t) apr_time_sec(apr_time_now() - -+ ap_scoreboard_image->global->restart_time); -+ -+ apr_strfsize((unsigned long)((float) (sload.bytes_served) -+ / (float) up_time), bps); -+ -+ rv = sd_notifyf(0, "READY=1\n" -+ "STATUS=Total requests: %lu; Idle/Busy workers %d/%d;" -+ "Requests/sec: %.3g; Bytes served/sec: %sB/sec\n", -+ sload.access_count, sload.idle, sload.busy, -+ ((float) sload.access_count) / (float) up_time, bps); -+ -+ if (rv < 0) { -+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02396) -+ "sd_notifyf returned an error %d", rv); -+ } -+ -+ /* Shutdown httpd when nothing is sent for shutdown_timer seconds. */ -+ if (sload.bytes_served == bytes_served) { -+ /* mpm_common.c: INTERVAL_OF_WRITABLE_PROBES is 10 */ -+ shutdown_counter += 10; -+ if (shutdown_timer > 0 && shutdown_counter >= shutdown_timer) { -+ rv = sd_notifyf(0, "READY=1\n" -+ "STATUS=Stopped as result of IdleShutdown " -+ "timeout."); -+ if (rv < 0) { -+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02804) -+ "sd_notifyf returned an error %d", rv); -+ } -+ kill(mainpid, AP_SIG_GRACEFUL); -+ } -+ } -+ else { -+ shutdown_counter = 0; -+ } -+ -+ bytes_served = sload.bytes_served; -+ -+ return DECLINED; -+} -+ -+static void systemd_register_hooks(apr_pool_t *p) -+{ -+ /* Enable ap_extended_status. */ -+ ap_hook_pre_config(systemd_pre_config, NULL, NULL, APR_HOOK_LAST); -+ /* We know the PID in this hook ... */ -+ ap_hook_pre_mpm(systemd_pre_mpm, NULL, NULL, APR_HOOK_LAST); -+ /* Used to update httpd's status line using sd_notifyf */ -+ ap_hook_monitor(systemd_monitor, NULL, NULL, APR_HOOK_MIDDLE); -+} -+ -+static const char *set_shutdown_timer(cmd_parms *cmd, void *dummy, -+ const char *arg) -+{ -+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); -+ if (err != NULL) { -+ return err; -+ } -+ -+ shutdown_timer = atoi(arg); -+ return NULL; -+} -+ -+static const command_rec systemd_cmds[] = -+{ -+AP_INIT_TAKE1("IdleShutdown", set_shutdown_timer, NULL, RSRC_CONF, -+ "Number of seconds in idle-state after which httpd is shutdown"), -+ {NULL} -+}; -+ -+AP_DECLARE_MODULE(systemd) = { -+ STANDARD20_MODULE_STUFF, -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+ systemd_cmds, -+ systemd_register_hooks, -+}; diff --git a/httpd-2.4.3-layout.patch b/httpd-2.4.3-layout.patch deleted file mode 100644 index 163c66b..0000000 --- a/httpd-2.4.3-layout.patch +++ /dev/null @@ -1,33 +0,0 @@ - -Add layout for Fedora. - ---- httpd-2.4.3/config.layout.layout -+++ httpd-2.4.3/config.layout -@@ -370,3 +370,27 @@ - logfiledir: ${localstatedir}/log/httpd - proxycachedir: ${localstatedir}/cache/httpd - -+ -+# Fedora/RHEL layout -+ -+ prefix: /usr -+ exec_prefix: ${prefix} -+ bindir: ${prefix}/bin -+ sbindir: ${prefix}/sbin -+ libdir: ${prefix}/lib -+ libexecdir: ${prefix}/libexec -+ mandir: ${prefix}/man -+ sysconfdir: /etc/httpd/conf -+ datadir: ${prefix}/share/httpd -+ installbuilddir: ${libdir}/httpd/build -+ errordir: ${datadir}/error -+ iconsdir: ${datadir}/icons -+ htdocsdir: /var/www/html -+ manualdir: ${datadir}/manual -+ cgidir: /var/www/cgi-bin -+ includedir: ${prefix}/include/httpd -+ localstatedir: /var -+ runtimedir: /run/httpd -+ logfiledir: ${localstatedir}/log/httpd -+ proxycachedir: ${localstatedir}/cache/httpd/proxy -+ diff --git a/httpd-2.4.33-r1738878.patch b/httpd-2.4.33-r1738878.patch deleted file mode 100644 index d7ef42f..0000000 --- a/httpd-2.4.33-r1738878.patch +++ /dev/null @@ -1,137 +0,0 @@ -diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h -index c119a7e..267150a 100644 -diff -uap httpd-2.4.33/modules/proxy/ajp_header.c.r1738878 httpd-2.4.33/modules/proxy/ajp_header.c ---- httpd-2.4.33/modules/proxy/ajp_header.c.r1738878 -+++ httpd-2.4.33/modules/proxy/ajp_header.c -@@ -213,7 +213,8 @@ - - static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg, - request_rec *r, -- apr_uri_t *uri) -+ apr_uri_t *uri, -+ const char *secret) - { - int method; - apr_uint32_t i, num_headers = 0; -@@ -293,17 +294,15 @@ - i, elts[i].key, elts[i].val); - } - --/* XXXX need to figure out how to do this -- if (s->secret) { -+ if (secret) { - if (ajp_msg_append_uint8(msg, SC_A_SECRET) || -- ajp_msg_append_string(msg, s->secret)) { -+ ajp_msg_append_string(msg, secret)) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(03228) -- "Error ajp_marshal_into_msgb - " -+ "ajp_marshal_into_msgb: " - "Error appending secret"); - return APR_EGENERAL; - } - } -- */ - - if (r->user) { - if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) || -@@ -671,7 +670,8 @@ - apr_status_t ajp_send_header(apr_socket_t *sock, - request_rec *r, - apr_size_t buffsize, -- apr_uri_t *uri) -+ apr_uri_t *uri, -+ const char *secret) - { - ajp_msg_t *msg; - apr_status_t rc; -@@ -683,7 +683,7 @@ - return rc; - } - -- rc = ajp_marshal_into_msgb(msg, r, uri); -+ rc = ajp_marshal_into_msgb(msg, r, uri, secret); - if (rc != APR_SUCCESS) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988) - "ajp_send_header: ajp_marshal_into_msgb failed"); -diff -uap httpd-2.4.33/modules/proxy/ajp.h.r1738878 httpd-2.4.33/modules/proxy/ajp.h ---- httpd-2.4.33/modules/proxy/ajp.h.r1738878 -+++ httpd-2.4.33/modules/proxy/ajp.h -@@ -413,12 +413,14 @@ - * @param sock backend socket - * @param r current request - * @param buffsize max size of the AJP packet. -+ * @param secret authentication secret - * @param uri requested uri - * @return APR_SUCCESS or error - */ - apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r, - apr_size_t buffsize, -- apr_uri_t *uri); -+ apr_uri_t *uri, -+ const char *secret); - - /** - * Read the ajp message and return the type of the message. -diff -uap httpd-2.4.33/modules/proxy/mod_proxy_ajp.c.r1738878 httpd-2.4.33/modules/proxy/mod_proxy_ajp.c ---- httpd-2.4.33/modules/proxy/mod_proxy_ajp.c.r1738878 -+++ httpd-2.4.33/modules/proxy/mod_proxy_ajp.c -@@ -193,6 +193,7 @@ - apr_off_t content_length = 0; - int original_status = r->status; - const char *original_status_line = r->status_line; -+ const char *secret = NULL; - - if (psf->io_buffer_size_set) - maxsize = psf->io_buffer_size; -@@ -202,12 +203,15 @@ - maxsize = AJP_MSG_BUFFER_SZ; - maxsize = APR_ALIGN(maxsize, 1024); - -+ if (*conn->worker->s->secret) -+ secret = conn->worker->s->secret; -+ - /* - * Send the AJP request to the remote server - */ - - /* send request headers */ -- status = ajp_send_header(conn->sock, r, maxsize, uri); -+ status = ajp_send_header(conn->sock, r, maxsize, uri, secret); - if (status != APR_SUCCESS) { - conn->close = 1; - ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868) -diff -uap httpd-2.4.33/modules/proxy/mod_proxy.c.r1738878 httpd-2.4.33/modules/proxy/mod_proxy.c ---- httpd-2.4.33/modules/proxy/mod_proxy.c.r1738878 -+++ httpd-2.4.33/modules/proxy/mod_proxy.c -@@ -318,6 +318,12 @@ - (int)sizeof(worker->s->upgrade)); - } - } -+ else if (!strcasecmp(key, "secret")) { -+ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) { -+ return apr_psprintf(p, "Secret length must be < %d characters", -+ (int)sizeof(worker->s->secret)); -+ } -+ } - else { - if (set_worker_hc_param_f) { - return set_worker_hc_param_f(p, s, worker, key, val, NULL); -diff -uap httpd-2.4.33/modules/proxy/mod_proxy.h.r1738878 httpd-2.4.33/modules/proxy/mod_proxy.h ---- httpd-2.4.33/modules/proxy/mod_proxy.h.r1738878 -+++ httpd-2.4.33/modules/proxy/mod_proxy.h -@@ -353,6 +353,7 @@ - #define PROXY_WORKER_MAX_HOSTNAME_SIZE 64 - #define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE - #define PROXY_BALANCER_MAX_STICKY_SIZE 64 -+#define PROXY_WORKER_MAX_SECRET_SIZE 64 - - #define PROXY_RFC1035_HOSTNAME_SIZE 256 - -@@ -447,6 +448,7 @@ - apr_interval_time_t interval; - char upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */ - char hostname_ex[PROXY_RFC1035_HOSTNAME_SIZE]; /* RFC1035 compliant version of the remote backend address */ -+ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */ - } proxy_worker_shared; - - #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared))) diff --git a/httpd-2.4.33-r1830819+.patch b/httpd-2.4.33-r1830819+.patch new file mode 100644 index 0000000..0b2d90d --- /dev/null +++ b/httpd-2.4.33-r1830819+.patch @@ -0,0 +1,690 @@ +# ./pullrev.sh 1830819 1830836 1830912 1830913 1830927 1831168 1831173 + +http://svn.apache.org/viewvc?view=revision&revision=1830819 +http://svn.apache.org/viewvc?view=revision&revision=1830912 +http://svn.apache.org/viewvc?view=revision&revision=1830913 +http://svn.apache.org/viewvc?view=revision&revision=1830927 +http://svn.apache.org/viewvc?view=revision&revision=1831168 +http://svn.apache.org/viewvc?view=revision&revision=1831173 +http://svn.apache.org/viewvc?view=revision&revision=1835240 +http://svn.apache.org/viewvc?view=revision&revision=1835242 + +--- httpd-2.4.33/modules/ssl/ssl_engine_config.c.r1830819+ ++++ httpd-2.4.33/modules/ssl/ssl_engine_config.c +@@ -891,7 +891,9 @@ + SSLSrvConfigRec *sc = mySrvConfig(cmd->server); + const char *err; + +- if ((err = ssl_cmd_check_file(cmd, &arg))) { ++ /* Only check for non-ENGINE based certs. */ ++ if (!modssl_is_engine_id(arg) ++ && (err = ssl_cmd_check_file(cmd, &arg))) { + return err; + } + +@@ -907,7 +909,9 @@ + SSLSrvConfigRec *sc = mySrvConfig(cmd->server); + const char *err; + +- if ((err = ssl_cmd_check_file(cmd, &arg))) { ++ /* Check keyfile exists for non-ENGINE keys. */ ++ if (!modssl_is_engine_id(arg) ++ && (err = ssl_cmd_check_file(cmd, &arg))) { + return err; + } + +--- httpd-2.4.33/modules/ssl/ssl_engine_init.c.r1830819+ ++++ httpd-2.4.33/modules/ssl/ssl_engine_init.c +@@ -1181,12 +1182,18 @@ + (certfile = APR_ARRAY_IDX(mctx->pks->cert_files, i, + const char *)); + i++) { ++ EVP_PKEY *pkey; ++ const char *engine_certfile = NULL; ++ + key_id = apr_psprintf(ptemp, "%s:%d", vhost_id, i); + + ERR_clear_error(); + + /* first the certificate (public key) */ +- if (mctx->cert_chain) { ++ if (modssl_is_engine_id(certfile)) { ++ engine_certfile = certfile; ++ } ++ else if (mctx->cert_chain) { + if ((SSL_CTX_use_certificate_file(mctx->ssl_ctx, certfile, + SSL_FILETYPE_PEM) < 1)) { + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02561) +@@ -1215,12 +1222,46 @@ + + ERR_clear_error(); + +- if ((SSL_CTX_use_PrivateKey_file(mctx->ssl_ctx, keyfile, +- SSL_FILETYPE_PEM) < 1) && +- (ERR_GET_FUNC(ERR_peek_last_error()) +- != X509_F_X509_CHECK_PRIVATE_KEY)) { ++ if (modssl_is_engine_id(keyfile)) { ++ apr_status_t rv; ++ ++ cert = NULL; ++ ++ if ((rv = modssl_load_engine_keypair(s, ptemp, vhost_id, ++ engine_certfile, keyfile, ++ &cert, &pkey))) { ++ return rv; ++ } ++ ++ if (cert) { ++ if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) < 1) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(10137) ++ "Failed to configure engine certificate %s, check %s", ++ key_id, certfile); ++ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ++ return APR_EGENERAL; ++ } ++ ++ /* SSL_CTX now owns the cert. */ ++ X509_free(cert); ++ } ++ ++ if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) < 1) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(10130) ++ "Failed to configure private key %s from engine", ++ keyfile); ++ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ++ return APR_EGENERAL; ++ } ++ ++ /* SSL_CTX now owns the key */ ++ EVP_PKEY_free(pkey); ++ } ++ else if ((SSL_CTX_use_PrivateKey_file(mctx->ssl_ctx, keyfile, ++ SSL_FILETYPE_PEM) < 1) ++ && (ERR_GET_FUNC(ERR_peek_last_error()) ++ != X509_F_X509_CHECK_PRIVATE_KEY)) { + ssl_asn1_t *asn1; +- EVP_PKEY *pkey; + const unsigned char *ptr; + + ERR_clear_error(); +@@ -1307,8 +1348,9 @@ + /* + * Try to read DH parameters from the (first) SSLCertificateFile + */ +- if ((certfile = APR_ARRAY_IDX(mctx->pks->cert_files, 0, const char *)) && +- (dhparams = ssl_dh_GetParamFromFile(certfile))) { ++ certfile = APR_ARRAY_IDX(mctx->pks->cert_files, 0, const char *); ++ if (certfile && !modssl_is_engine_id(certfile) ++ && (dhparams = ssl_dh_GetParamFromFile(certfile))) { + SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams); + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540) + "Custom DH parameters (%d bits) for %s loaded from %s", +@@ -1320,10 +1362,10 @@ + /* + * Similarly, try to read the ECDH curve name from SSLCertificateFile... + */ +- if ((certfile != NULL) && +- (ecparams = ssl_ec_GetParamFromFile(certfile)) && +- (nid = EC_GROUP_get_curve_name(ecparams)) && +- (eckey = EC_KEY_new_by_curve_name(nid))) { ++ if (certfile && !modssl_is_engine_id(certfile) ++ && (ecparams = ssl_ec_GetParamFromFile(certfile)) ++ && (nid = EC_GROUP_get_curve_name(ecparams)) ++ && (eckey = EC_KEY_new_by_curve_name(nid))) { + SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey); + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541) + "ECDH curve %s for %s specified in %s", +--- httpd-2.4.33/modules/ssl/ssl_engine_pphrase.c.r1830819+ ++++ httpd-2.4.33/modules/ssl/ssl_engine_pphrase.c +@@ -143,9 +143,6 @@ + const char *key_id = asn1_table_vhost_key(mc, p, sc->vhost_id, idx); + EVP_PKEY *pPrivateKey = NULL; + ssl_asn1_t *asn1; +- unsigned char *ucp; +- long int length; +- BOOL bReadable; + int nPassPhrase = (*pphrases)->nelts; + int nPassPhraseRetry = 0; + apr_time_t pkey_mtime = 0; +@@ -222,16 +219,12 @@ + * is not empty. */ + ERR_clear_error(); + +- bReadable = ((pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file, +- NULL, ssl_pphrase_Handle_CB, &ppcb_arg)) != NULL ? +- TRUE : FALSE); +- +- /* +- * when the private key file now was readable, +- * it's fine and we go out of the loop +- */ +- if (bReadable) +- break; ++ pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file, ++ ssl_pphrase_Handle_CB, &ppcb_arg); ++ /* If the private key was successfully read, nothing more to ++ do here. */ ++ if (pPrivateKey != NULL) ++ break; + + /* + * when we have more remembered pass phrases +@@ -356,19 +349,12 @@ + nPassPhrase++; + } + +- /* +- * Insert private key into the global module configuration +- * (we convert it to a stand-alone DER byte sequence +- * because the SSL library uses static variables inside a +- * RSA structure which do not survive DSO reloads!) +- */ +- length = i2d_PrivateKey(pPrivateKey, NULL); +- ucp = ssl_asn1_table_set(mc->tPrivateKey, key_id, length); +- (void)i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments */ ++ /* Cache the private key in the global module configuration so it ++ * can be used after subsequent reloads. */ ++ asn1 = ssl_asn1_table_set(mc->tPrivateKey, key_id, pPrivateKey); + + if (ppcb_arg.nPassPhraseDialogCur != 0) { + /* remember mtime of encrypted keys */ +- asn1 = ssl_asn1_table_get(mc->tPrivateKey, key_id); + asn1->source_mtime = pkey_mtime; + } + +@@ -619,3 +605,288 @@ + */ + return (len); + } ++ ++ ++#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) ++ ++/* OpenSSL UI implementation for passphrase entry; largely duplicated ++ * from ssl_pphrase_Handle_CB but adjusted for UI API. TODO: Might be ++ * worth trying to shift pphrase handling over to the UI API ++ * completely. */ ++static int passphrase_ui_open(UI *ui) ++{ ++ pphrase_cb_arg_t *ppcb = UI_get0_user_data(ui); ++ SSLSrvConfigRec *sc = mySrvConfig(ppcb->s); ++ ++ ppcb->nPassPhraseDialog++; ++ ppcb->nPassPhraseDialogCur++; ++ ++ /* ++ * Builtin or Pipe dialog ++ */ ++ if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN ++ || sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) { ++ if (sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) { ++ if (!readtty) { ++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ppcb->s, ++ APLOGNO(10143) ++ "Init: Creating pass phrase dialog pipe child " ++ "'%s'", sc->server->pphrase_dialog_path); ++ if (ssl_pipe_child_create(ppcb->p, ++ sc->server->pphrase_dialog_path) ++ != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ppcb->s, ++ APLOGNO(10144) ++ "Init: Failed to create pass phrase pipe '%s'", ++ sc->server->pphrase_dialog_path); ++ return 0; ++ } ++ } ++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ppcb->s, APLOGNO(10145) ++ "Init: Requesting pass phrase via piped dialog"); ++ } ++ else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */ ++#ifdef WIN32 ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ppcb->s, APLOGNO(10146) ++ "Init: Failed to create pass phrase pipe '%s'", ++ sc->server->pphrase_dialog_path); ++ return 0; ++#else ++ /* ++ * stderr has already been redirected to the error_log. ++ * rather than attempting to temporarily rehook it to the terminal, ++ * we print the prompt to stdout before EVP_read_pw_string turns ++ * off tty echo ++ */ ++ apr_file_open_stdout(&writetty, ppcb->p); ++ ++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ppcb->s, APLOGNO(10147) ++ "Init: Requesting pass phrase via builtin terminal " ++ "dialog"); ++#endif ++ } ++ ++ /* ++ * The first time display a header to inform the user about what ++ * program he actually speaks to, which module is responsible for ++ * this terminal dialog and why to the hell he has to enter ++ * something... ++ */ ++ if (ppcb->nPassPhraseDialog == 1) { ++ apr_file_printf(writetty, "%s mod_ssl (Pass Phrase Dialog)\n", ++ AP_SERVER_BASEVERSION); ++ apr_file_printf(writetty, ++ "A pass phrase is required to access the private key.\n"); ++ } ++ if (ppcb->bPassPhraseDialogOnce) { ++ ppcb->bPassPhraseDialogOnce = FALSE; ++ apr_file_printf(writetty, "\n"); ++ apr_file_printf(writetty, "Private key %s (%s)\n", ++ ppcb->key_id, ppcb->pkey_file); ++ } ++ } ++ ++ return 1; ++} ++ ++static int passphrase_ui_read(UI *ui, UI_STRING *uis) ++{ ++ pphrase_cb_arg_t *ppcb = UI_get0_user_data(ui); ++ SSLSrvConfigRec *sc = mySrvConfig(ppcb->s); ++ const char *prompt; ++ int i; ++ int bufsize; ++ int len; ++ char *buf; ++ ++ prompt = UI_get0_output_string(uis); ++ if (prompt == NULL) { ++ prompt = "Enter pass phrase:"; ++ } ++ ++ /* ++ * Get the maximum expected size and allocate the buffer ++ */ ++ bufsize = UI_get_result_maxsize(uis); ++ buf = apr_pcalloc(ppcb->p, bufsize); ++ ++ if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN ++ || sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) { ++ /* ++ * Get the pass phrase through a callback. ++ * Empty input is not accepted. ++ */ ++ for (;;) { ++ if (sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) { ++ i = pipe_get_passwd_cb(buf, bufsize, "", FALSE); ++ } ++ else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */ ++ i = EVP_read_pw_string(buf, bufsize, "", FALSE); ++ } ++ if (i != 0) { ++ OPENSSL_cleanse(buf, bufsize); ++ return 0; ++ } ++ len = strlen(buf); ++ if (len < 1){ ++ apr_file_printf(writetty, "Apache:mod_ssl:Error: Pass phrase" ++ "empty (needs to be at least 1 character).\n"); ++ apr_file_puts(prompt, writetty); ++ } ++ else { ++ break; ++ } ++ } ++ } ++ /* ++ * Filter program ++ */ ++ else if (sc->server->pphrase_dialog_type == SSL_PPTYPE_FILTER) { ++ const char *cmd = sc->server->pphrase_dialog_path; ++ const char **argv = apr_palloc(ppcb->p, sizeof(char *) * 3); ++ char *result; ++ ++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ppcb->s, APLOGNO(10148) ++ "Init: Requesting pass phrase from dialog filter " ++ "program (%s)", cmd); ++ ++ argv[0] = cmd; ++ argv[1] = ppcb->key_id; ++ argv[2] = NULL; ++ ++ result = ssl_util_readfilter(ppcb->s, ppcb->p, cmd, argv); ++ apr_cpystrn(buf, result, bufsize); ++ len = strlen(buf); ++ } ++ ++ /* ++ * Ok, we now have the pass phrase, so give it back ++ */ ++ ppcb->cpPassPhraseCur = apr_pstrdup(ppcb->p, buf); ++ UI_set_result(ui, uis, buf); ++ ++ /* Clear sensitive data. */ ++ OPENSSL_cleanse(buf, bufsize); ++ return 1; ++} ++ ++static int passphrase_ui_write(UI *ui, UI_STRING *uis) ++{ ++ pphrase_cb_arg_t *ppcb = UI_get0_user_data(ui); ++ SSLSrvConfigRec *sc; ++ const char *prompt; ++ ++ sc = mySrvConfig(ppcb->s); ++ ++ if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN ++ || sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) { ++ prompt = UI_get0_output_string(uis); ++ apr_file_puts(prompt, writetty); ++ } ++ ++ return 1; ++} ++ ++static int passphrase_ui_close(UI *ui) ++{ ++ /* ++ * Close the pipes if they were opened ++ */ ++ if (readtty) { ++ apr_file_close(readtty); ++ apr_file_close(writetty); ++ readtty = writetty = NULL; ++ } ++ return 1; ++} ++ ++static apr_status_t pp_ui_method_cleanup(void *uip) ++{ ++ UI_METHOD *uim = uip; ++ ++ UI_destroy_method(uim); ++ ++ return APR_SUCCESS; ++} ++ ++static UI_METHOD *get_passphrase_ui(apr_pool_t *p) ++{ ++ UI_METHOD *ui_method = UI_create_method("Passphrase UI"); ++ ++ UI_method_set_opener(ui_method, passphrase_ui_open); ++ UI_method_set_reader(ui_method, passphrase_ui_read); ++ UI_method_set_writer(ui_method, passphrase_ui_write); ++ UI_method_set_closer(ui_method, passphrase_ui_close); ++ ++ apr_pool_cleanup_register(p, ui_method, pp_ui_method_cleanup, ++ pp_ui_method_cleanup); ++ ++ return ui_method; ++} ++ ++ ++apr_status_t modssl_load_engine_keypair(server_rec *s, apr_pool_t *p, ++ const char *vhostid, ++ const char *certid, const char *keyid, ++ X509 **pubkey, EVP_PKEY **privkey) ++{ ++ SSLModConfigRec *mc = myModConfig(s); ++ ENGINE *e; ++ UI_METHOD *ui_method = get_passphrase_ui(p); ++ pphrase_cb_arg_t ppcb; ++ ++ memset(&ppcb, 0, sizeof ppcb); ++ ppcb.s = s; ++ ppcb.p = p; ++ ppcb.bPassPhraseDialogOnce = TRUE; ++ ppcb.key_id = vhostid; ++ ppcb.pkey_file = keyid; ++ ++ if (!mc->szCryptoDevice) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(10131) ++ "Init: Cannot load private key `%s' without engine", ++ keyid); ++ return ssl_die(s); ++ } ++ ++ if (!(e = ENGINE_by_id(mc->szCryptoDevice))) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(10132) ++ "Init: Failed to load Crypto Device API `%s'", ++ mc->szCryptoDevice); ++ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ++ return ssl_die(s); ++ } ++ ++ if (APLOGdebug(s)) { ++ ENGINE_ctrl_cmd_string(e, "VERBOSE", NULL, 0); ++ } ++ ++ if (certid) { ++ struct { ++ const char *cert_id; ++ X509 *cert; ++ } params = { certid, NULL }; ++ ++ if (!ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, ¶ms, NULL, 1)) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(10136) ++ "Init: Unable to get the certificate"); ++ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ++ return ssl_die(s); ++ } ++ ++ *pubkey = params.cert; ++ } ++ ++ *privkey = ENGINE_load_private_key(e, keyid, ui_method, &ppcb); ++ if (*privkey == NULL) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(10133) ++ "Init: Unable to get the private key"); ++ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ++ return ssl_die(s); ++ } ++ ++ ENGINE_free(e); ++ ++ return APR_SUCCESS; ++} ++#endif +--- httpd-2.4.33/modules/ssl/ssl_private.h.r1830819+ ++++ httpd-2.4.33/modules/ssl/ssl_private.h +@@ -976,21 +976,28 @@ + apr_status_t ssl_load_encrypted_pkey(server_rec *, apr_pool_t *, int, + const char *, apr_array_header_t **); + ++/* Load public and/or private key from the configured ENGINE. Private ++ * key returned as *pkey. certid can be NULL, in which case *pubkey ++ * is not altered. Errors logged on failure. */ ++apr_status_t modssl_load_engine_keypair(server_rec *s, apr_pool_t *p, ++ const char *vhostid, ++ const char *certid, const char *keyid, ++ X509 **pubkey, EVP_PKEY **privkey); ++ + /** Diffie-Hellman Parameter Support */ + DH *ssl_dh_GetParamFromFile(const char *); + #ifdef HAVE_ECC + EC_GROUP *ssl_ec_GetParamFromFile(const char *); + #endif + +-unsigned char *ssl_asn1_table_set(apr_hash_t *table, +- const char *key, +- long int length); +- +-ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table, +- const char *key); +- +-void ssl_asn1_table_unset(apr_hash_t *table, +- const char *key); ++/* Store the EVP_PKEY key (serialized into DER) in the hash table with ++ * key, returning the ssl_asn1_t structure pointer. */ ++ssl_asn1_t *ssl_asn1_table_set(apr_hash_t *table, const char *key, ++ EVP_PKEY *pkey); ++/* Retrieve the ssl_asn1_t structure with given key from the hash. */ ++ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table, const char *key); ++/* Remove and free the ssl_asn1_t structure with given key. */ ++void ssl_asn1_table_unset(apr_hash_t *table, const char *key); + + /** Mutex Support */ + int ssl_mutex_init(server_rec *, apr_pool_t *); +@@ -1078,6 +1085,10 @@ + int ssl_is_challenge(conn_rec *c, const char *servername, + X509 **pcert, EVP_PKEY **pkey); + ++/* Returns non-zero if the cert/key filename should be handled through ++ * the configured ENGINE. */ ++int modssl_is_engine_id(const char *name); ++ + #endif /* SSL_PRIVATE_H */ + /** @} */ + +--- httpd-2.4.33/modules/ssl/ssl_util.c.r1830819+ ++++ httpd-2.4.33/modules/ssl/ssl_util.c +@@ -181,45 +181,37 @@ + return TRUE; + } + +-/* +- * certain key data needs to survive restarts, +- * which are stored in the user data table of s->process->pool. +- * to prevent "leaking" of this data, we use malloc/free +- * rather than apr_palloc and these wrappers to help make sure +- * we do not leak the malloc-ed data. +- */ +-unsigned char *ssl_asn1_table_set(apr_hash_t *table, +- const char *key, +- long int length) ++/* Decrypted private keys are cached to survive restarts. The cached ++ * data must have lifetime of the process (hence malloc/free rather ++ * than pools), and uses raw DER since the EVP_PKEY structure ++ * internals may not survive across a module reload. */ ++ssl_asn1_t *ssl_asn1_table_set(apr_hash_t *table, const char *key, ++ EVP_PKEY *pkey) + { + apr_ssize_t klen = strlen(key); + ssl_asn1_t *asn1 = apr_hash_get(table, key, klen); ++ apr_size_t length = i2d_PrivateKey(pkey, NULL); ++ unsigned char *p; + +- /* +- * if a value for this key already exists, +- * reuse as much of the already malloc-ed data +- * as possible. +- */ ++ /* Re-use structure if cached previously. */ + if (asn1) { + if (asn1->nData != length) { +- free(asn1->cpData); /* XXX: realloc? */ +- asn1->cpData = NULL; ++ asn1->cpData = ap_realloc(asn1->cpData, length); + } + } + else { + asn1 = ap_malloc(sizeof(*asn1)); + asn1->source_mtime = 0; /* used as a note for encrypted private keys */ +- asn1->cpData = NULL; +- } +- +- asn1->nData = length; +- if (!asn1->cpData) { + asn1->cpData = ap_malloc(length); ++ ++ apr_hash_set(table, key, klen, asn1); + } + +- apr_hash_set(table, key, klen, asn1); ++ asn1->nData = length; ++ p = asn1->cpData; ++ i2d_PrivateKey(pkey, &p); /* increases p by length */ + +- return asn1->cpData; /* caller will assign a value to this */ ++ return asn1; + } + + ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table, +@@ -469,3 +461,13 @@ + } + + #endif /* #if APR_HAS_THREADS && MODSSL_USE_OPENSSL_PRE_1_1_API */ ++ ++int modssl_is_engine_id(const char *name) ++{ ++#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) ++ /* ### Can handle any other special ENGINE key names here? */ ++ return strncmp(name, "pkcs11:", 7) == 0; ++#else ++ return 0; ++#endif ++} +--- httpd-2.4.33/modules/ssl/ssl_util_ssl.c.r1830819+ ++++ httpd-2.4.33/modules/ssl/ssl_util_ssl.c +@@ -74,7 +74,7 @@ + ** _________________________________________________________________ + */ + +-EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_password_cb *cb, void *s) ++EVP_PKEY *modssl_read_privatekey(const char *filename, pem_password_cb *cb, void *s) + { + EVP_PKEY *rc; + BIO *bioS; +@@ -83,7 +83,7 @@ + /* 1. try PEM (= DER+Base64+headers) */ + if ((bioS=BIO_new_file(filename, "r")) == NULL) + return NULL; +- rc = PEM_read_bio_PrivateKey(bioS, key, cb, s); ++ rc = PEM_read_bio_PrivateKey(bioS, NULL, cb, s); + BIO_free(bioS); + + if (rc == NULL) { +@@ -107,41 +107,9 @@ + BIO_free(bioS); + } + } +- if (rc != NULL && key != NULL) { +- if (*key != NULL) +- EVP_PKEY_free(*key); +- *key = rc; +- } + return rc; + } + +-typedef struct { +- const char *pass; +- int pass_len; +-} pass_ctx; +- +-static int provide_pass(char *buf, int size, int rwflag, void *baton) +-{ +- pass_ctx *ctx = baton; +- if (ctx->pass_len > 0) { +- if (ctx->pass_len < size) { +- size = (int)ctx->pass_len; +- } +- memcpy(buf, ctx->pass, size); +- } +- return ctx->pass_len; +-} +- +-EVP_PKEY *modssl_read_encrypted_pkey(const char *filename, EVP_PKEY **key, +- const char *pass, apr_size_t pass_len) +-{ +- pass_ctx ctx; +- +- ctx.pass = pass; +- ctx.pass_len = pass_len; +- return modssl_read_privatekey(filename, key, provide_pass, &ctx); +-} +- + /* _________________________________________________________________ + ** + ** Smart shutdown +--- httpd-2.4.33/modules/ssl/ssl_util_ssl.h.r1830819+ ++++ httpd-2.4.33/modules/ssl/ssl_util_ssl.h +@@ -64,8 +64,11 @@ + void modssl_init_app_data2_idx(void); + void *modssl_get_app_data2(SSL *); + void modssl_set_app_data2(SSL *, void *); +-EVP_PKEY *modssl_read_privatekey(const char *, EVP_PKEY **, pem_password_cb *, void *); +-EVP_PKEY *modssl_read_encrypted_pkey(const char *, EVP_PKEY **, const char *, apr_size_t); ++ ++/* Read private key from filename in either PEM or raw base64(DER) ++ * format, using password entry callback cb and userdata. */ ++EVP_PKEY *modssl_read_privatekey(const char *filename, pem_password_cb *cb, void *ud); ++ + int modssl_smart_shutdown(SSL *ssl); + BOOL modssl_X509_getBC(X509 *, int *, int *); + char *modssl_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne, diff --git a/httpd-2.4.33-sslmerging.patch b/httpd-2.4.33-sslmerging.patch deleted file mode 100644 index 066b5c8..0000000 --- a/httpd-2.4.33-sslmerging.patch +++ /dev/null @@ -1,15 +0,0 @@ - -https://bugzilla.redhat.com/show_bug.cgi?id=1564537 - ---- httpd-2.4.33/modules/ssl/ssl_engine_init.c.sslmerging -+++ httpd-2.4.33/modules/ssl/ssl_engine_init.c -@@ -261,7 +261,8 @@ - * the protocol is https. */ - if (ap_get_server_protocol(s) - && strcmp("https", ap_get_server_protocol(s)) == 0 -- && sc->enabled == SSL_ENABLED_UNSET) { -+ && sc->enabled == SSL_ENABLED_UNSET -+ && (!apr_is_empty_array(sc->server->pks->cert_files))) { - sc->enabled = SSL_ENABLED_TRUE; - } - diff --git a/httpd-2.4.33-systemd.patch b/httpd-2.4.33-systemd.patch new file mode 100644 index 0000000..7f5ee3b --- /dev/null +++ b/httpd-2.4.33-systemd.patch @@ -0,0 +1,245 @@ +--- httpd-2.4.33/modules/arch/unix/config5.m4.systemd ++++ httpd-2.4.33/modules/arch/unix/config5.m4 +@@ -18,6 +18,16 @@ + fi + ]) + ++APACHE_MODULE(systemd, Systemd support, , , all, [ ++ if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then ++ AC_MSG_WARN([Your system does not support systemd.]) ++ enable_systemd="no" ++ else ++ APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS]) ++ enable_systemd="yes" ++ fi ++]) ++ + APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) + + APACHE_MODPATH_FINISH +--- httpd-2.4.33/modules/arch/unix/mod_systemd.c.systemd ++++ httpd-2.4.33/modules/arch/unix/mod_systemd.c +@@ -0,0 +1,223 @@ ++/* Licensed to the Apache Software Foundation (ASF) under one or more ++ * contributor license agreements. See the NOTICE file distributed with ++ * this work for additional information regarding copyright ownership. ++ * The ASF licenses this file to You under the Apache License, Version 2.0 ++ * (the "License"); you may not use this file except in compliance with ++ * the License. You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ * ++ */ ++ ++#include ++#include ++#include "ap_mpm.h" ++#include ++#include ++#include ++#include ++#include ++#include ++#include "unixd.h" ++#include "scoreboard.h" ++#include "mpm_common.h" ++ ++#include "systemd/sd-daemon.h" ++#include "systemd/sd-journal.h" ++ ++#if APR_HAVE_UNISTD_H ++#include ++#endif ++ ++static int shutdown_timer = 0; ++static int shutdown_counter = 0; ++static unsigned long bytes_served; ++static pid_t mainpid; ++static char describe_listeners[50]; ++ ++static int systemd_pre_config(apr_pool_t *pconf, apr_pool_t *plog, ++ apr_pool_t *ptemp) ++{ ++ sd_notify(0, ++ "RELOADING=1\n" ++ "STATUS=Reading configuration...\n"); ++ ap_extended_status = 1; ++ return OK; ++} ++ ++static char *dump_listener(ap_listen_rec *lr, apr_pool_t *p) ++{ ++ apr_sockaddr_t *sa = lr->bind_addr; ++ char addr[128]; ++ ++ if (apr_sockaddr_is_wildcard(sa)) { ++ return apr_pstrcat(p, "port ", apr_itoa(p, sa->port), NULL); ++ } ++ ++ apr_sockaddr_ip_getbuf(addr, sizeof addr, sa); ++ ++ return apr_psprintf(p, "%s port %u", addr, sa->port); ++} ++ ++static int systemd_post_config(apr_pool_t *pconf, apr_pool_t *plog, ++ apr_pool_t *ptemp, server_rec *s) ++{ ++ ap_listen_rec *lr; ++ apr_size_t plen = sizeof describe_listeners; ++ char *p = describe_listeners; ++ ++ if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG) ++ return OK; ++ ++ for (lr = ap_listeners; lr; lr = lr->next) { ++ char *s = dump_listener(lr, ptemp); ++ ++ if (strlen(s) + 3 < plen) { ++ char *newp = apr_cpystrn(p, s, plen); ++ if (lr->next) ++ newp = apr_cpystrn(newp, ", ", 3); ++ plen -= newp - p; ++ p = newp; ++ } ++ else { ++ if (plen < 4) { ++ p = describe_listeners + sizeof describe_listeners - 4; ++ plen = 4; ++ } ++ apr_cpystrn(p, "...", plen); ++ break; ++ } ++ } ++ ++ sd_journal_print(LOG_INFO, "Server configured, listening on: %s", describe_listeners); ++ ++ return OK; ++} ++ ++static int systemd_pre_mpm(apr_pool_t *p, ap_scoreboard_e sb_type) ++{ ++ int rv; ++ ++ mainpid = getpid(); ++ ++ rv = sd_notifyf(0, "READY=1\n" ++ "STATUS=Started, listening on: %s\n" ++ "MAINPID=%" APR_PID_T_FMT, ++ describe_listeners, mainpid); ++ if (rv < 0) { ++ ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p, APLOGNO(02395) ++ "sd_notifyf returned an error %d", rv); ++ } ++ ++ return OK; ++} ++ ++static int systemd_monitor(apr_pool_t *p, server_rec *s) ++{ ++ ap_sload_t sload; ++ apr_interval_time_t up_time; ++ char bps[5]; ++ int rv; ++ ++ if (!ap_extended_status) { ++ /* Nothing useful to report if ExtendedStatus disabled. */ ++ return DECLINED; ++ } ++ ++ ap_get_sload(&sload); ++ ++ if (sload.access_count == 0) { ++ rv = sd_notifyf(0, "READY=1\n" ++ "STATUS=Running, listening on: %s\n", ++ describe_listeners); ++ } ++ else { ++ /* up_time in seconds */ ++ up_time = (apr_uint32_t) apr_time_sec(apr_time_now() - ++ ap_scoreboard_image->global->restart_time); ++ ++ apr_strfsize((unsigned long)((float) (sload.bytes_served) ++ / (float) up_time), bps); ++ ++ rv = sd_notifyf(0, "READY=1\n" ++ "STATUS=Total requests: %lu; Idle/Busy workers %d/%d;" ++ "Requests/sec: %.3g; Bytes served/sec: %sB/sec\n", ++ sload.access_count, sload.idle, sload.busy, ++ ((float) sload.access_count) / (float) up_time, bps); ++ } ++ ++ if (rv < 0) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02396) ++ "sd_notifyf returned an error %d", rv); ++ } ++ ++ /* Shutdown httpd when nothing is sent for shutdown_timer seconds. */ ++ if (sload.bytes_served == bytes_served) { ++ /* mpm_common.c: INTERVAL_OF_WRITABLE_PROBES is 10 */ ++ shutdown_counter += 10; ++ if (shutdown_timer > 0 && shutdown_counter >= shutdown_timer) { ++ rv = sd_notifyf(0, "READY=1\n" ++ "STATUS=Stopped as result of IdleShutdown " ++ "timeout."); ++ if (rv < 0) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02804) ++ "sd_notifyf returned an error %d", rv); ++ } ++ kill(mainpid, AP_SIG_GRACEFUL); ++ } ++ } ++ else { ++ shutdown_counter = 0; ++ } ++ ++ bytes_served = sload.bytes_served; ++ ++ return DECLINED; ++} ++ ++static void systemd_register_hooks(apr_pool_t *p) ++{ ++ /* Enable ap_extended_status. */ ++ ap_hook_pre_config(systemd_pre_config, NULL, NULL, APR_HOOK_LAST); ++ /* Grab the listener config. */ ++ ap_hook_post_config(systemd_post_config, NULL, NULL, APR_HOOK_LAST); ++ /* We know the PID in this hook ... */ ++ ap_hook_pre_mpm(systemd_pre_mpm, NULL, NULL, APR_HOOK_LAST); ++ /* Used to update httpd's status line using sd_notifyf */ ++ ap_hook_monitor(systemd_monitor, NULL, NULL, APR_HOOK_MIDDLE); ++} ++ ++static const char *set_shutdown_timer(cmd_parms *cmd, void *dummy, ++ const char *arg) ++{ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ shutdown_timer = atoi(arg); ++ return NULL; ++} ++ ++static const command_rec systemd_cmds[] = ++{ ++AP_INIT_TAKE1("IdleShutdown", set_shutdown_timer, NULL, RSRC_CONF, ++ "Number of seconds in idle-state after which httpd is shutdown"), ++ {NULL} ++}; ++ ++AP_DECLARE_MODULE(systemd) = { ++ STANDARD20_MODULE_STUFF, ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ systemd_cmds, ++ systemd_register_hooks, ++}; diff --git a/httpd-2.4.34-r1555631.patch b/httpd-2.4.34-r1555631.patch new file mode 100644 index 0000000..7ca9478 --- /dev/null +++ b/httpd-2.4.34-r1555631.patch @@ -0,0 +1,14 @@ +# ./pullrev.sh 1555631 +http://svn.apache.org/viewvc?view=revision&revision=1555631 + +--- httpd-2.4.34/modules/ssl/ssl_engine_ocsp.c ++++ httpd-2.4.34/modules/ssl/ssl_engine_ocsp.c +@@ -61,7 +61,7 @@ + /* Use default responder URL if forced by configuration, else use + * certificate-specified responder, falling back to default if + * necessary and possible. */ +- if (sc->server->ocsp_force_default) { ++ if (sc->server->ocsp_force_default == TRUE) { + s = sc->server->ocsp_responder; + } + else { diff --git a/httpd-2.4.34-r1738878.patch b/httpd-2.4.34-r1738878.patch new file mode 100644 index 0000000..5af48f5 --- /dev/null +++ b/httpd-2.4.34-r1738878.patch @@ -0,0 +1,130 @@ +--- httpd-2.4.34/modules/proxy/ajp_header.c.r1738878 ++++ httpd-2.4.34/modules/proxy/ajp_header.c +@@ -213,7 +213,8 @@ + + static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg, + request_rec *r, +- apr_uri_t *uri) ++ apr_uri_t *uri, ++ const char *secret) + { + int method; + apr_uint32_t i, num_headers = 0; +@@ -293,17 +294,15 @@ + i, elts[i].key, elts[i].val); + } + +-/* XXXX need to figure out how to do this +- if (s->secret) { ++ if (secret) { + if (ajp_msg_append_uint8(msg, SC_A_SECRET) || +- ajp_msg_append_string(msg, s->secret)) { ++ ajp_msg_append_string(msg, secret)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(03228) +- "Error ajp_marshal_into_msgb - " ++ "ajp_marshal_into_msgb: " + "Error appending secret"); + return APR_EGENERAL; + } + } +- */ + + if (r->user) { + if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) || +@@ -671,7 +670,8 @@ + apr_status_t ajp_send_header(apr_socket_t *sock, + request_rec *r, + apr_size_t buffsize, +- apr_uri_t *uri) ++ apr_uri_t *uri, ++ const char *secret) + { + ajp_msg_t *msg; + apr_status_t rc; +@@ -683,7 +683,7 @@ + return rc; + } + +- rc = ajp_marshal_into_msgb(msg, r, uri); ++ rc = ajp_marshal_into_msgb(msg, r, uri, secret); + if (rc != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988) + "ajp_send_header: ajp_marshal_into_msgb failed"); +--- httpd-2.4.34/modules/proxy/ajp.h.r1738878 ++++ httpd-2.4.34/modules/proxy/ajp.h +@@ -413,12 +413,14 @@ + * @param sock backend socket + * @param r current request + * @param buffsize max size of the AJP packet. ++ * @param secret authentication secret + * @param uri requested uri + * @return APR_SUCCESS or error + */ + apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r, + apr_size_t buffsize, +- apr_uri_t *uri); ++ apr_uri_t *uri, ++ const char *secret); + + /** + * Read the ajp message and return the type of the message. +--- httpd-2.4.34/modules/proxy/mod_proxy_ajp.c.r1738878 ++++ httpd-2.4.34/modules/proxy/mod_proxy_ajp.c +@@ -193,6 +193,7 @@ + apr_off_t content_length = 0; + int original_status = r->status; + const char *original_status_line = r->status_line; ++ const char *secret = NULL; + + if (psf->io_buffer_size_set) + maxsize = psf->io_buffer_size; +@@ -202,12 +203,15 @@ + maxsize = AJP_MSG_BUFFER_SZ; + maxsize = APR_ALIGN(maxsize, 1024); + ++ if (*conn->worker->s->secret) ++ secret = conn->worker->s->secret; ++ + /* + * Send the AJP request to the remote server + */ + + /* send request headers */ +- status = ajp_send_header(conn->sock, r, maxsize, uri); ++ status = ajp_send_header(conn->sock, r, maxsize, uri, secret); + if (status != APR_SUCCESS) { + conn->close = 1; + ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868) +--- httpd-2.4.34/modules/proxy/mod_proxy.c.r1738878 ++++ httpd-2.4.34/modules/proxy/mod_proxy.c +@@ -319,6 +319,12 @@ + (int)sizeof(worker->s->upgrade)); + } + } ++ else if (!strcasecmp(key, "secret")) { ++ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) { ++ return apr_psprintf(p, "Secret length must be < %d characters", ++ (int)sizeof(worker->s->secret)); ++ } ++ } + else if (!strcasecmp(key, "responsefieldsize")) { + long s = atol(val); + if (s < 0) { +--- httpd-2.4.34/modules/proxy/mod_proxy.h.r1738878 ++++ httpd-2.4.34/modules/proxy/mod_proxy.h +@@ -357,6 +357,7 @@ + #define PROXY_WORKER_MAX_HOSTNAME_SIZE 64 + #define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE + #define PROXY_BALANCER_MAX_STICKY_SIZE 64 ++#define PROXY_WORKER_MAX_SECRET_SIZE 64 + + #define PROXY_RFC1035_HOSTNAME_SIZE 256 + +@@ -453,6 +454,7 @@ + char hostname_ex[PROXY_RFC1035_HOSTNAME_SIZE]; /* RFC1035 compliant version of the remote backend address */ + apr_size_t response_field_size; /* Size of proxy response buffer in bytes. */ + unsigned int response_field_size_set:1; ++ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */ + } proxy_worker_shared; + + #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared))) diff --git a/httpd-ssl-pass-dialog b/httpd-ssl-pass-dialog index 1e850cd..79318a6 100755 --- a/httpd-ssl-pass-dialog +++ b/httpd-ssl-pass-dialog @@ -1,3 +1,3 @@ #!/bin/sh -exec /bin/systemd-ask-password "Enter SSL pass phrase for $1 ($2) : " +exec /bin/systemd-ask-password "Enter TLS private key passphrase for $1 ($2) : " diff --git a/httpd.service.xml b/httpd.service.xml index 1e6a8ce..e079ca2 100644 --- a/httpd.service.xml +++ b/httpd.service.xml @@ -110,10 +110,10 @@ Environment=LD_LIBRARY_PATH=/opt/vendor/lib If httpd is configured to depend on any specific IP address (for example, with a "Listen" directive) which may only - become available during startup, or if httpd depends on other + become available during start-up, or if httpd depends on other services (such as a database daemon), the service must be configured to ensure correct - startup ordering. + start-up ordering. For example, to ensure httpd is only running after all configured network interfaces are configured, create a drop-in @@ -125,7 +125,7 @@ Wants=network-online.target See - for more information on startup ordering with systemd. + for more information on start-up ordering with systemd. @@ -264,10 +264,10 @@ Wants=network-online.target - Instatiated services + Instantiated services The httpd@.service unit is an - instatiated template service. An instance of this unit will be + instantiated template service. An instance of this unit will be started using the configuration file /etc/httpd/conf/INSTANCE.conf, where INSTANCE is replaced with the instance @@ -332,3 +332,6 @@ ReloadPropagatedFrom=httpd.service + + diff --git a/httpd.spec b/httpd.spec index 1bbe7fc..c90d5c5 100644 --- a/httpd.spec +++ b/httpd.spec @@ -12,8 +12,8 @@ Summary: Apache HTTP Server Name: httpd -Version: 2.4.33 -Release: 5%{?dist} +Version: 2.4.34 +Release: 3%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -24,6 +24,7 @@ Source5: httpd.tmpfiles Source6: httpd.service Source7: action-graceful.sh Source8: action-configtest.sh +Source9: server-status.conf Source10: httpd.conf Source11: 00-base.conf Source12: 00-mpm.conf @@ -57,7 +58,6 @@ Source44: httpd@.service Patch1: httpd-2.4.1-apctl.patch Patch2: httpd-2.4.9-apxs.patch Patch3: httpd-2.4.1-deplibs.patch -Patch5: httpd-2.4.3-layout.patch Patch6: httpd-2.4.3-apctl-systemd.patch # Needed for socket activation and mod_systemd patch Patch19: httpd-2.4.25-detect-systemd.patch @@ -68,26 +68,26 @@ Patch24: httpd-2.4.1-corelimit.patch Patch25: httpd-2.4.25-selinux.patch Patch26: httpd-2.4.4-r1337344+.patch Patch27: httpd-2.4.2-icons.patch -Patch29: httpd-2.4.27-systemd.patch +Patch29: httpd-2.4.33-systemd.patch Patch30: httpd-2.4.4-cachehardmax.patch Patch31: httpd-2.4.33-sslmultiproxy.patch Patch34: httpd-2.4.17-socket-activation.patch Patch35: httpd-2.4.33-sslciphdefault.patch +Patch36: httpd-2.4.33-r1830819+.patch # Bug fixes # https://bugzilla.redhat.com/show_bug.cgi?id=1397243 -Patch58: httpd-2.4.33-r1738878.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1564537 -Patch59: httpd-2.4.33-sslmerging.patch +Patch58: httpd-2.4.34-r1738878.patch +Patch59: httpd-2.4.34-r1555631.patch # Security fixes License: ASL 2.0 Group: System Environment/Daemons -BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto +BuildRequires: gcc, autoconf, pkgconfig, findutils, xmlto +BuildRequires: perl-interpreter, perl-generators, systemd-devel BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0 -BuildRequires: systemd-devel Requires: /etc/mime.types, system-logos-httpd Obsoletes: httpd-suexec Provides: webserver @@ -101,6 +101,8 @@ Requires(preun): systemd-units Requires(postun): systemd-units Requires(post): systemd-units Conflicts: apr < 1.5.0-1 +Provides: mod_proxy_uwsgi = %{version}-%{release} +Obsoletes: mod_proxy_uwsgi < 2.0.17.1-2 %description The Apache HTTP Server is a powerful, efficient, and extensible @@ -216,7 +218,6 @@ interface for storing and accessing per-user session data. %patch1 -p1 -b .apctl %patch2 -p1 -b .apxs %patch3 -p1 -b .deplibs -%patch5 -p1 -b .layout %patch6 -p1 -b .apctlsystemd %patch19 -p1 -b .detectsystemd @@ -225,15 +226,17 @@ interface for storing and accessing per-user session data. %patch23 -p1 -b .export %patch24 -p1 -b .corelimit %patch25 -p1 -b .selinux -%patch26 -p1 -b .r1337344+ +#patch26 -p1 -b .r1337344+ %patch27 -p1 -b .icons %patch29 -p1 -b .systemd %patch30 -p1 -b .cachehardmax -%patch31 -p1 -b .sslmultiproxy +#patch31 -p1 -b .sslmultiproxy %patch34 -p1 -b .socketactivation %patch35 -p1 -b .sslciphdefault +%patch36 -p1 -b .r1830819+ + %patch58 -p1 -b .r1738878 -%patch59 -p1 -b .sslmerging +%patch59 -p1 -b .r1555631 # Patch in the vendor string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h @@ -250,6 +253,7 @@ sed < $RPM_SOURCE_DIR/httpd.conf >> instance.conf ' /^ *ErrorLog .logs/s,logs/,logs/${HTTPD_INSTANCE}_, ' touch -r $RPM_SOURCE_DIR/instance.conf instance.conf +cp -p $RPM_SOURCE_DIR/server-status.conf server-status.conf # Safety check: prevent build if defined MMN does not equal upstream MMN. vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'` @@ -425,9 +429,12 @@ cat > $RPM_BUILD_ROOT%{_rpmconfigdir}/macros.d/macros.httpd </dev/null 2>&1 || : + /bin/systemctl try-restart --no-block httpd.service htcacheclean.service >/dev/null 2>&1 || : %check # Check the built modules are all PIC @@ -577,11 +584,10 @@ set -x exit $rv %files -%defattr(-,root,root) %doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE %doc docs/conf/extra/*.conf -%doc instance.conf +%doc instance.conf server-status.conf %{_sysconfdir}/httpd/modules %{_sysconfdir}/httpd/logs @@ -633,11 +639,13 @@ exit $rv %dir %{contentdir}/error %dir %{contentdir}/error/include %dir %{contentdir}/noindex +%dir %{contentdir}/server-status %{contentdir}/icons/* %{contentdir}/error/README %{contentdir}/error/*.var %{contentdir}/error/include/*.html %{contentdir}/noindex/index.html +%{contentdir}/server-status/* %attr(0710,root,apache) %dir /run/httpd %attr(0700,apache,apache) %dir /run/httpd/htcacheclean @@ -668,7 +676,6 @@ exit $rv %attr(755,root,root) %dir %{_unitdir}/httpd.socket.d %files tools -%defattr(-,root,root) %{_bindir}/* %{_mandir}/man1/* %doc LICENSE NOTICE @@ -676,12 +683,10 @@ exit $rv %exclude %{_mandir}/man1/apxs.1* %files manual -%defattr(-,root,root) %{contentdir}/manual %config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf %files -n mod_ssl -%defattr(-,root,root) %{_libdir}/httpd/modules/mod_ssl.so %config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf %config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf @@ -693,29 +698,24 @@ exit $rv %{_mandir}/man8/httpd-init.* %files -n mod_proxy_html -%defattr(-,root,root) %{_libdir}/httpd/modules/mod_proxy_html.so %{_libdir}/httpd/modules/mod_xml2enc.so %config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf %files -n mod_ldap -%defattr(-,root,root) %{_libdir}/httpd/modules/mod_*ldap.so %config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf %files -n mod_session -%defattr(-,root,root) %{_libdir}/httpd/modules/mod_session*.so %{_libdir}/httpd/modules/mod_auth_form.so %config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf %files -n mod_md -%defattr(-,root,root) %{_libdir}/httpd/modules/mod_md.so %config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-md.conf %files devel -%defattr(-,root,root) %{_includedir}/httpd %{_bindir}/apxs %{_mandir}/man1/apxs.1* @@ -725,6 +725,33 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Fri Jul 20 2018 Joe Orton - 2.4.34-3 +- mod_ssl: fix OCSP regression (upstream r1555631) + +* Wed Jul 18 2018 Joe Orton - 2.4.34-2 +- update Obsoletes for mod_proxy_uswgi (#1599113) + +* Wed Jul 18 2018 Joe Orton - 2.4.34-1 +- update to 2.4.34 (#1601160) + +* Mon Jul 16 2018 Joe Orton - 2.4.33-10 +- don't block on service try-restart in posttrans scriptlet +- add Lua-based /server-status example page to docs +- obsoletes: and provides: for mod_proxy_uswgi (#1599113) + +* Fri Jul 13 2018 Fedora Release Engineering - 2.4.33-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Jul 6 2018 Joe Orton - 2.4.33-8 +- add per-request memory leak fix (upstream r1833014) + +* Fri Jul 6 2018 Joe Orton - 2.4.33-7 +- mod_ssl: add PKCS#11 cert/key support (Anderson Sasaki) + +* Tue Jun 12 2018 Joe Orton - 2.4.33-6 +- mod_systemd: show bound ports in status and log to journal + at startup. + * Thu Apr 19 2018 Joe Orton - 2.4.33-5 - add httpd@.service; update httpd.service(8) and add new stub diff --git a/pullrev.sh b/pullrev.sh index c366613..dbb97a5 100755 --- a/pullrev.sh +++ b/pullrev.sh @@ -7,7 +7,7 @@ fi repo="https://svn.apache.org/repos/asf/httpd/httpd/trunk" #repo="https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x" -ver=2.4.27 +ver=2.4.34 prefix="httpd-${ver}" suffix="r$1${2:++}" fn="${prefix}-${suffix}.patch" @@ -35,7 +35,7 @@ prev=/dev/null for r in $*; do echo "+ fetching ${r}" this=`mktemp /tmp/pullrevXXXXXX` - svn diff -c ${r} ${repo} | filterdiff --remove-timestamps -x 'CHANGES' -x 'next-number' -x 'STATUS' \ + svn diff -c ${r} ${repo} | filterdiff --remove-timestamps --clean -x 'CHANGES' -x '*/next-number' -x 'STATUS' \ --addprefix="${prefix}/" > ${this} next=`mktemp /tmp/pullrevXXXXXX` combinediff --quiet ${prev} ${this} > ${next} diff --git a/server-status.conf b/server-status.conf new file mode 100644 index 0000000..be98f1b --- /dev/null +++ b/server-status.conf @@ -0,0 +1,10 @@ +# +# Lua-based server-status page; requires mod_lua to be loaded +# as per default configuration. +# +LuaMapHandler ^/server-status$ /usr/share/httpd/server-status/server-status.lua + + + AllowOverride None + Require local + diff --git a/sources b/sources index e8c3a89..1840642 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (httpd-2.4.33.tar.bz2) = e74b2b3346d67be45a8bc8a7cbb8eabf5c403a5cfe5797a976f94a539529843fbcdf03b9ca0548816b2cf37f4ce0eb301f8d5af25b1270fdf8dd9f5bf0585269 +SHA512 (httpd-2.4.34.tar.bz2) = 2bc09213f08a4722e305929fbac5f5060c7a8444704494894bb9b61f17e4d20bb6e3d663bb93fc5b2030b04a43fb12373d260cc291422b210b299725aaf3b5c8 diff --git a/tests/httpd-php-mysql-sanity-test/Makefile b/tests/httpd-php-mysql-sanity-test/Makefile index 17fb9d3..a688236 100644 --- a/tests/httpd-php-mysql-sanity-test/Makefile +++ b/tests/httpd-php-mysql-sanity-test/Makefile @@ -29,7 +29,7 @@ export TESTVERSION=1.0 BUILT_FILES= -FILES=$(METADATA) runtest.sh Makefile PURPOSE mysql.php php_mysql_test.sql php_mysql_test.conf +FILES=$(METADATA) runtest.sh Makefile PURPOSE new_mysql.php old_mysql.php php_mysql_test.sql php_mysql_test.conf .PHONY: all install download clean diff --git a/tests/httpd-php-mysql-sanity-test/runtest.sh b/tests/httpd-php-mysql-sanity-test/runtest.sh index e2239ad..6fa8315 100755 --- a/tests/httpd-php-mysql-sanity-test/runtest.sh +++ b/tests/httpd-php-mysql-sanity-test/runtest.sh @@ -57,7 +57,7 @@ rlJournalStart rlRun "rm -rvf $httpROOTDIR/php_mysql_test" rlRun "mkdir -v $httpROOTDIR/php_mysql_test" rlRun "cp -v php_mysql_test.conf $httpCONFDIR/conf.d/" - rlRun "php_version=`rlCheckRpm php`" + php_version=`rlCheckRpm php` if [[ $php_version =~ php-7* ]] || [[ $php_version =~ php-5.[5-6]* ]]; then rlRun "cp -v new_mysql.php $httpROOTDIR/php_mysql_test/mysql.php" else diff --git a/tests/tests.yml b/tests/tests.yml index 43c38e7..e0ef0be 100644 --- a/tests/tests.yml +++ b/tests/tests.yml @@ -1,13 +1,10 @@ --- # Tests that run in all contexts - hosts: localhost - vars: - use_beakerlib_libraries: true roles: - - role: standard-test-rhts + - role: standard-test-beakerlib tags: - classic - - container tests: - httpd-php-mysql-sanity-test required_packages: