Changeset 2422 for branches/fc19-dev


Ignore:
Timestamp:
May 29, 2013, 1:13:40 AM (9 years ago)
Author:
tboning
Message:
Rebase Scripts httpd patches for httpd 2.4:
Location:
branches/fc19-dev/server
Files:
2 added
6 deleted
3 edited

Legend:

Unmodified
Added
Removed
  • branches/fc19-dev/server/common/patches/httpd-fixup-vhost.patch

    r1602 r2422  
    1 commit 3b081163d6250d893838d69d9a83f217c341d657
    2 Author: Greg Brockman <gdb@mit.edu>
    3 Date:   Fri Aug 6 23:19:15 2010 -0400
     1From 2e62dad3d91280032b2130f02553c968d306edf5 Mon Sep 17 00:00:00 2001
     2From: Alexander Chernyakhovsky <achernya@mit.edu>
     3Date: Fri, 3 May 2013 22:43:28 -0400
     4Subject: [PATCH 4/4] Export method to fixup a single virtual host
    45
    5     Add method to merge virtual host with a main server_rec
     6Apache normally provides ap_fixup_virtual_hosts, which merges the
     7configuration from the main server into each virtual host.  Refactor
     8this code to allow merging the configuration into a single virtual
     9host, and export this method for use in mod_vhost_ldap.
     10
     11Additionally, call the newly created method in the loop in
     12ap_fixup_virtual_hosts.
     13---
     14 include/http_config.h |    9 ++++++++
     15 server/config.c       |   58 +++++++++++++++++++++++++++----------------------
     16 2 files changed, 41 insertions(+), 26 deletions(-)
    617
    718diff --git a/include/http_config.h b/include/http_config.h
    8 index 5e9fd51..8e6f247 100644
     19index 7ee3760..e3657ea 100644
    920--- a/include/http_config.h
    1021+++ b/include/http_config.h
    11 @@ -827,6 +827,16 @@ AP_DECLARE(void) ap_register_hooks(module *m, apr_pool_t *p);
    12  AP_DECLARE(void) ap_fixup_virtual_hosts(apr_pool_t *p,
     22@@ -1012,6 +1012,15 @@ AP_DECLARE(void) ap_register_hooks(module *m, apr_pool_t *p);
     23  */
     24 AP_DECLARE(void) ap_fixup_virtual_hosts(apr_pool_t *p,
    1325                                         server_rec *main_server);
    14  
    1526+/**
    16 + * Setup a single virtual host by merging the main server_rec into it.
     27+ * Setup all virtual hosts
    1728+ * @param p The pool to allocate from
    18 + * @param main_server The server_rec with which to merge
    19 + * @param virt The virtual host server_rec with some set of directives to override already set
     29+ * @param main_server The head of the server_rec list
     30+ * @param virt The individual virtual host to fix
    2031+ */
    2132+AP_DECLARE(void) ap_fixup_virtual_host(apr_pool_t *p,
    2233+                                      server_rec *main_server,
    2334+                                      server_rec *virt);
    24 +
    25  /* For http_request.c... */
    2635 
    2736 /**
     37  * Reserve some modules slots for modules loaded by other means than
    2838diff --git a/server/config.c b/server/config.c
    29 index 101d0e4..ef0f2ba 100644
     39index bc0804a..488954d 100644
    3040--- a/server/config.c
    3141+++ b/server/config.c
    32 @@ -1902,38 +1902,43 @@ AP_CORE_DECLARE(const char *) ap_init_virtual_host(apr_pool_t *p,
     42@@ -2246,46 +2246,52 @@ AP_DECLARE(void) ap_merge_log_config(const struct ap_logconf *old_conf,
     43     }
    3344 }
    34  
    3545 
    3646-AP_DECLARE(void) ap_fixup_virtual_hosts(apr_pool_t *p, server_rec *main_server)
    3747+AP_DECLARE(void) ap_fixup_virtual_host(apr_pool_t *p, server_rec *main_server,
    38 +                                       server_rec *virt)
     48+                                      server_rec *virt)
    3949 {
    4050-    server_rec *virt;
    41 +    merge_server_configs(p, main_server->module_config,
    42 +                         virt->module_config);
     51     core_dir_config *dconf =
     52         ap_get_core_module_config(main_server->lookup_defaults);
     53     dconf->log = &main_server->log;
    4354 
    4455-    for (virt = main_server->next; virt; virt = virt->next) {
    4556-        merge_server_configs(p, main_server->module_config,
    4657-                             virt->module_config);
    47 +    virt->lookup_defaults =
    48 +        ap_merge_per_dir_configs(p, main_server->lookup_defaults,
    49 +                                 virt->lookup_defaults);
     58+    merge_server_configs(p, main_server->module_config,
     59+                        virt->module_config);
    5060 
    5161-        virt->lookup_defaults =
    5262-            ap_merge_per_dir_configs(p, main_server->lookup_defaults,
    5363-                                     virt->lookup_defaults);
    54 +    if (virt->server_admin == NULL)
    55 +        virt->server_admin = main_server->server_admin;
     64+    virt->lookup_defaults =
     65+       ap_merge_per_dir_configs(p, main_server->lookup_defaults,
     66+                                virt->lookup_defaults);
    5667 
    5768-        if (virt->server_admin == NULL)
    5869-            virt->server_admin = main_server->server_admin;
    59 +    if (virt->timeout == 0)
    60 +        virt->timeout = main_server->timeout;
     70+    if (virt->server_admin == NULL)
     71+       virt->server_admin = main_server->server_admin;
    6172 
    6273-        if (virt->timeout == 0)
    6374-            virt->timeout = main_server->timeout;
    64 +    if (virt->keep_alive_timeout == 0)
    65 +        virt->keep_alive_timeout = main_server->keep_alive_timeout;
     75+    if (virt->timeout == 0)
     76+       virt->timeout = main_server->timeout;
    6677 
    6778-        if (virt->keep_alive_timeout == 0)
    6879-            virt->keep_alive_timeout = main_server->keep_alive_timeout;
    69 +    if (virt->keep_alive == -1)
    70 +        virt->keep_alive = main_server->keep_alive;
     80+    if (virt->keep_alive_timeout == 0)
     81+       virt->keep_alive_timeout = main_server->keep_alive_timeout;
    7182 
    7283-        if (virt->keep_alive == -1)
    7384-            virt->keep_alive = main_server->keep_alive;
    74 +    if (virt->keep_alive_max == -1)
    75 +        virt->keep_alive_max = main_server->keep_alive_max;
     85+    if (virt->keep_alive == -1)
     86+       virt->keep_alive = main_server->keep_alive;
    7687 
    7788-        if (virt->keep_alive_max == -1)
    7889-            virt->keep_alive_max = main_server->keep_alive_max;
    79 +    /* XXX: this is really something that should be dealt with by a
    80 +     * post-config api phase
    81 +     */
    82 +    ap_core_reorder_directories(p, virt);
    83 +}
     90+    if (virt->keep_alive_max == -1)
     91+       virt->keep_alive_max = main_server->keep_alive_max;
     92 
     93-        ap_merge_log_config(&main_server->log, &virt->log);
     94+    ap_merge_log_config(&main_server->log, &virt->log);
     95 
     96-        dconf = ap_get_core_module_config(virt->lookup_defaults);
     97-        dconf->log = &virt->log;
     98+    dconf = ap_get_core_module_config(virt->lookup_defaults);
     99+    dconf->log = &virt->log;
    84100 
    85101-        /* XXX: this is really something that should be dealt with by a
     
    88104-        ap_core_reorder_directories(p, virt);
    89105-    }
     106+    /* XXX: this is really something that should be dealt with by a
     107+     * post-config api phase
     108+     */
     109+    ap_core_reorder_directories(p, virt);
     110+}
     111+
    90112+AP_DECLARE(void) ap_fixup_virtual_hosts(apr_pool_t *p, server_rec *main_server)
    91113+{
    92114+    server_rec *virt;
    93 +
     115+   
    94116+    for (virt = main_server->next; virt; virt = virt->next)
    95117+        ap_fixup_virtual_host(p, main_server, virt);
     
    97119     ap_core_reorder_directories(p, main_server);
    98120 }
     121--
     1221.7.9.6 (Apple Git-31.1)
     123
  • branches/fc19-dev/server/common/patches/httpd-suexec-scripts.patch

    r2186 r2422  
    1 # scripts.mit.edu httpd suexec patch
    2 # Copyright (C) 2006, 2007, 2008  Jeff Arnold <jbarnold@mit.edu>,
    3 #                                 Joe Presbrey <presbrey@mit.edu>,
    4 #                                 Anders Kaseorg <andersk@mit.edu>,
    5 #                                 Geoffrey Thomas <geofft@mit.edu>
    6 #
    7 # This program is free software; you can redistribute it and/or
    8 # modify it under the terms of the GNU General Public License
    9 # as published by the Free Software Foundation; either version 2
    10 # of the License, or (at your option) any later version.
    11 #
    12 # This program is distributed in the hope that it will be useful,
    13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
    14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15 # GNU General Public License for more details.
    16 #
    17 # You should have received a copy of the GNU General Public License
    18 # along with this program; if not, write to the Free Software
    19 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
    20 #
    21 # See /COPYRIGHT in this repository for more information.
    22 #
    23 --- httpd-2.2.2/support/Makefile.in.old 2005-07-06 19:15:34.000000000 -0400
    24 +++ httpd-2.2.2/support/Makefile.in     2007-01-20 17:12:51.000000000 -0500
    25 @@ -60,7 +60,7 @@
    26 
    27  suexec_OBJECTS = suexec.lo
    28  suexec: $(suexec_OBJECTS)
    29 -       $(LINK) $(suexec_OBJECTS)
    30 +       $(LINK) -lselinux $(suexec_OBJECTS)
    31 
    32  htcacheclean_OBJECTS = htcacheclean.lo
    33  htcacheclean: $(htcacheclean_OBJECTS)
    34 --- httpd-2.2.2/configure.in.old        2007-07-17 10:48:25.000000000 -0400
    35 +++ httpd-2.2.2/configure.in    2008-08-29 08:15:41.000000000 -0400
    36 @@ -559,6 +559,10 @@
     1From 8445788d68230b2e18739166f4c3ae6434038421 Mon Sep 17 00:00:00 2001
     2From: Alexander Chernyakhovsky <achernya@mit.edu>
     3Date: Fri, 3 May 2013 21:38:58 -0400
     4Subject: [PATCH 1/4] Add scripts-specific support to suexec
     5
     6This patch make suexec aware of static-cat, Scripts' tool to serve
     7static content out of AFS.  Specifically, this introduces a whitelist
     8of extensions for which suexec is supposed to invoke static-cat as a
     9content-handler.
     10
     11Additionally, this patch also sets JAVA_TOOL_OPTIONS, to allow the JVM
     12to start up in Scripts' limited memory environment.
     13
     14Furthermore, this patch deals with some of suexec's paranoia being
     15incorrect in an AFS world, by ignoring some of the irrelevant stat
     16results.
     17
     18Finally, add support for invoking php-cgi for php files, in a safe
     19manner that will strip arguments passed by Apache to php-cgi.
     20---
     21 configure.in     |    4 ++
     22 support/suexec.c |  172 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
     23 2 files changed, 173 insertions(+), 3 deletions(-)
     24
     25diff --git a/configure.in b/configure.in
     26index d93f78c..14faccf 100644
     27--- a/configure.in
     28+++ b/configure.in
     29@@ -720,6 +720,10 @@ AC_ARG_WITH(suexec-userdir,
    3730 APACHE_HELP_STRING(--with-suexec-userdir,User subdirectory),[
    3831   AC_DEFINE_UNQUOTED(AP_USERDIR_SUFFIX, "$withval", [User subdirectory] ) ] )
     
    4538 APACHE_HELP_STRING(--with-suexec-docroot,SuExec root directory),[
    4639   AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] )
    47 --- httpd-2.2.11/support/suexec.c.old   2008-11-30 10:47:31.000000000 -0500
    48 +++ httpd-2.2.11/support/suexec.c       2009-06-08 09:02:17.000000000 -0400
     40diff --git a/support/suexec.c b/support/suexec.c
     41index 5b6b254..e377042 100644
     42--- a/support/suexec.c
     43+++ b/support/suexec.c
    4944@@ -30,6 +30,9 @@
    5045  *
     
    5752 #include "ap_config.h"
    5853 #include "suexec.h"
    59 @@ -46,6 +49,7 @@
    60  #include <stdio.h>
    61  #include <stdarg.h>
    62  #include <stdlib.h>
    63 +#include <selinux/selinux.h>
    64  
    65  #ifdef HAVE_PWD_H
    66  #include <pwd.h>
    67 @@ -95,6 +99,7 @@
     54@@ -92,6 +95,7 @@ static const char *const safe_env_lst[] =
    6855 {
    6956     /* variable name starts with */
     
    7360 
    7461     /* variable name is */
    75 @@ -245,9 +250,108 @@
     62@@ -264,9 +268,108 @@ static void clean_env(void)
    7663     environ = cleanenv;
    7764 }
     
    182169     gid_t gid;              /* target group placeholder  */
    183170     char *target_uname;     /* target user name          */
    184 @@ -268,6 +368,7 @@
     171@@ -286,6 +389,7 @@ int main(int argc, char *argv[])
    185172      * Start with a "clean" environment
    186173      */
     
    188175+    setenv("JAVA_TOOL_OPTIONS", "-Xmx128M", 1); /* scripts.mit.edu local hack */
    189176 
    190      prog = argv[0];
    191      /*
    192 @@ -350,6 +451,20 @@
     177     /*
     178      * Check existence/validity of the UID of the user
     179@@ -369,6 +473,20 @@ int main(int argc, char *argv[])
    193180 #endif /*_OSD_POSIX*/
    194181 
     
    211198      * or attempts to back up out of the current directory,
    212199      * to protect against attacks.  If any are
    213 @@ -371,6 +486,7 @@
     200@@ -390,6 +508,7 @@ int main(int argc, char *argv[])
    214201         userdir = 1;
    215202     }
     
    219206      * Error out if the target username is invalid.
    220207      */
    221 @@ -452,7 +568,7 @@
     208@@ -471,7 +590,7 @@ int main(int argc, char *argv[])
    222209      * Error out if attempt is made to execute as root or as
    223210      * a UID less than AP_UID_MIN.  Tsk tsk.
     
    225212-    if ((uid == 0) || (uid < AP_UID_MIN)) {
    226213+    if ((uid == 0) || (uid < AP_UID_MIN && uid != 102)) { /* uid 102 = signup  */
    227          log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd);
     214         log_err("cannot run as forbidden uid (%lu/%s)\n", (unsigned long)uid, cmd);
    228215         exit(107);
    229216     }
    230 @@ -484,6 +599,7 @@
    231          log_err("failed to setuid (%ld: %s)\n", uid, cmd);
     217@@ -503,6 +622,7 @@ int main(int argc, char *argv[])
     218         log_err("failed to setuid (%lu: %s)\n", (unsigned long)uid, cmd);
    232219         exit(110);
    233220     }
     
    236223     /*
    237224      * Get the current working directory, as well as the proper
    238 @@ -506,6 +637,21 @@
     225@@ -525,6 +645,21 @@ int main(int argc, char *argv[])
    239226             log_err("cannot get docroot information (%s)\n", target_homedir);
    240227             exit(112);
     
    258245     else {
    259246         if (((chdir(AP_DOC_ROOT)) != 0) ||
    260 @@ -532,15 +678,17 @@
     247@@ -551,15 +686,17 @@ int main(int argc, char *argv[])
    261248     /*
    262249      * Error out if cwd is writable by others.
     
    277264         exit(117);
    278265     }
    279 @@ -548,10 +696,12 @@
     266@@ -567,10 +704,12 @@ int main(int argc, char *argv[])
    280267     /*
    281268      * Error out if the program is writable by others.
     
    290277     /*
    291278      * Error out if the file is setuid or setgid.
    292 @@ -565,6 +715,7 @@
     279@@ -584,6 +723,7 @@ int main(int argc, char *argv[])
    293280      * Error out if the target name/group is different from
    294281      * the name/group of the cwd or the program.
     
    298285         (gid != dir_info.st_gid) ||
    299286         (uid != prg_info.st_uid) ||
    300 @@ -576,12 +727,14 @@
    301                  prg_info.st_uid, prg_info.st_gid);
     287@@ -595,12 +735,14 @@ int main(int argc, char *argv[])
     288                 (unsigned long)prg_info.st_uid, (unsigned long)prg_info.st_gid);
    302289         exit(120);
    303290     }
     
    314301         exit(121);
    315302     }
    316 @@ -614,6 +767,30 @@
     303@@ -649,6 +791,30 @@ int main(int argc, char *argv[])
    317304     /*
    318305      * Execute the command, replacing our image with its own.
     
    345332     /* We need the #! emulation when we want to execute scripts */
    346333     {
     334--
     3351.7.9.6 (Apple Git-31.1)
     336
  • branches/fc19-dev/server/fedora/specs/httpd.spec.patch

    r2377 r2422  
    1 --- /tmp/httpd/httpd.spec.orig  2013-02-14 17:53:29.967176396 -0500
    2 +++ /tmp/httpd/httpd.spec       2013-02-14 17:54:57.172521444 -0500
    3 @@ -9,7 +9,7 @@
     1--- httpd.spec.orig     2013-05-29 00:46:07.522169507 -0400
     2+++ httpd.spec  2013-05-29 00:46:37.905169507 -0400
     3@@ -14,7 +14,7 @@
    44 Summary: Apache HTTP Server
    55 Name: httpd
    6  Version: 2.2.23
    7 -Release: 1%{?dist}
    8 +Release: 1%{?dist}.scripts.%{scriptsversion}
     6 Version: 2.4.4
     7-Release: 4%{?dist}
     8+Release: 4%{?dist}.scripts.%{scriptsversion}
    99 URL: http://httpd.apache.org/
    1010 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
    1111 Source1: index.html
    12 @@ -57,6 +57,15 @@
     12@@ -79,6 +79,12 @@
    1313 Requires(postun): systemd-units
    1414 Requires(post): systemd-units
    1515 
    1616+Provides: scripts-httpd = %{version}-%{release}
    17 +Patch1000: httpd-suexec-scripts.patch
    18 +Patch1003: httpd-2.2.x-mod_status-security.patch
    19 +Patch1004: httpd-2.2.x-304.patch
    20 +Patch1005: httpd-2.2.x-mod_ssl-sessioncaching.patch
    21 +Patch1006: httpd-suexec-cloexec.patch
    22 +Patch1007: httpd-fixup-vhost.patch
    23 +Patch1008: httpd-SSLCompression.patch
     17+Patch1001: httpd-suexec-scripts.patch
     18+Patch1002: httpd-mod_status-security.patch
     19+Patch1003: httpd-304s.patch
     20+Patch1004: httpd-fixup-vhost.patch
    2421+
    2522 %description
    2623 The Apache HTTP Server is a powerful, efficient, and extensible
    2724 web server.
    28 @@ -67,6 +76,7 @@
     25@@ -89,6 +95,7 @@
    2926 Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
    3027 Requires: apr-devel, apr-util-devel, pkgconfig
     
    3431 %description devel
    3532 The httpd-devel package contains the APXS binary and other files
    36 @@ -105,6 +115,7 @@
     33@@ -127,6 +134,7 @@
    3734 Requires(post): openssl, /bin/cat
    3835 Requires(pre): httpd
     
    4239 
    4340 %description -n mod_ssl
    44 @@ -131,6 +142,14 @@
    45  # Patch in vendor/release string
    46  sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
     41@@ -189,6 +197,11 @@
     42 # Prevent use of setcap in "install-suexec-caps" target.
     43 sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in
    4744 
    48 +%patch1000 -p1 -b .scripts
    49 +%patch1003 -p1 -b .permitstatus
    50 +%patch1004 -p1 -b .scripts-304
    51 +%patch1005 -p1 -b .ssl-sessioncache
    52 +%patch1006 -p1 -b .cloexec
    53 +%patch1007 -p1 -b .fixup-vhost
    54 +%patch1008 -p1 -b .sslcompression
     45+%patch1001 -p1 -b .suexec-scripts
     46+%patch1002 -p1 -b .mod_status-security
     47+%patch1003 -p1 -b .scripts-304s
     48+%patch1004 -p1 -b .fixup-vhost
    5549+
    5650 # Safety check: prevent build if defined MMN does not equal upstream MMN.
    5751 vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
    5852 if test "x${vmmn}" != "x%{mmn}"; then
    59 @@ -191,10 +210,12 @@
    60          --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
     53@@ -235,11 +248,13 @@
    6154        --enable-suexec --with-suexec \
     55         --enable-suexec-capabilities \
    6256        --with-suexec-caller=%{suexec_caller} \
    63 -       --with-suexec-docroot=%{contentdir} \
     57-       --with-suexec-docroot=%{docroot} \
     58-       --without-suexec-logfile \
     59-        --with-suexec-syslog \
    6460+       --with-suexec-docroot=/ \
    6561+       --with-suexec-userdir=web_scripts \
    6662+       --with-suexec-trusteddir=/usr/libexec/scripts-trusted \
    67         --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
     63+       --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
     64+        --without-suexec-syslog \
    6865        --with-suexec-bin=%{_sbindir}/suexec \
    6966-       --with-suexec-uidmin=500 --with-suexec-gidmin=100 \
     
    7168         --enable-pie \
    7269         --with-pcre \
    73         $*
     70         --enable-mods-shared=all \
Note: See TracChangeset for help on using the changeset viewer.