summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--httpd-2.4.2-r1326980+.patch65
-rw-r--r--httpd-2.4.2-r1327036+.patch80
-rw-r--r--httpd.spec14
-rwxr-xr-xpullrev.sh51
4 files changed, 209 insertions, 1 deletions
diff --git a/httpd-2.4.2-r1326980+.patch b/httpd-2.4.2-r1326980+.patch
new file mode 100644
index 0000000..3d37c3f
--- /dev/null
+++ b/httpd-2.4.2-r1326980+.patch
@@ -0,0 +1,65 @@
+
+http://svn.apache.org/viewvc?view=revision&revision=1326980
+http://svn.apache.org/viewvc?view=revision&revision=1326984
+http://svn.apache.org/viewvc?view=revision&revision=1326991
+
+--- httpd-2.4.2/modules/loggers/mod_log_debug.c
++++ httpd-2.4.2/modules/loggers/mod_log_debug.c
+@@ -35,8 +35,8 @@
+ apr_array_header_t *entries;
+ } log_debug_dirconf;
+
+-const char *allhooks = "all";
+-const char * const hooks[] = {
++static const char *allhooks = "all";
++static const char * const hooks[] = {
+ "log_transaction", /* 0 */
+ "quick_handler", /* 1 */
+ "handler", /* 2 */
+--- httpd-2.4.2/modules/filters/sed1.c
++++ httpd-2.4.2/modules/filters/sed1.c
+@@ -25,7 +25,7 @@
+ #include "apr_strings.h"
+ #include "regexp.h"
+
+-char *trans[040] = {
++static const char *const trans[040] = {
+ "\\01",
+ "\\02",
+ "\\03",
+@@ -58,7 +58,7 @@
+ "\\36",
+ "\\37"
+ };
+-char rub[] = {"\\177"};
++static const char rub[] = {"\\177"};
+
+ extern int sed_step(char *p1, char *p2, int circf, step_vars_storage *vars);
+ static int substitute(sed_eval_t *eval, sed_reptr_t *ipc,
+@@ -692,7 +692,8 @@
+ step_vars_storage *step_vars)
+ {
+ int i;
+- char *p1, *p2, *p3;
++ char *p1, *p2;
++ const char *p3;
+ int length;
+ char sz[32]; /* 32 bytes enough to store 64 bit integer in decimal */
+ apr_status_t rv = APR_SUCCESS;
+--- httpd-2.4.2/modules/filters/config.m4
++++ httpd-2.4.2/modules/filters/config.m4
+@@ -16,7 +16,13 @@
+ APACHE_MODULE(substitute, response content rewrite-like filtering, , , most)
+
+ sed_obj="mod_sed.lo sed0.lo sed1.lo regexp.lo"
+-APACHE_MODULE(sed, filter request and/or response bodies through sed, $sed_obj, , most)
++APACHE_MODULE(sed, filter request and/or response bodies through sed, $sed_obj, , most, [
++ if test "x$enable_sed" = "xshared"; then
++ # The only symbol which needs to be exported is the module
++ # structure, so ask libtool to hide libsed internals:
++ APR_ADDTO(MOD_SED_LDADD, [-export-symbols-regex sed_module])
++ fi
++])
+
+ if test "$ac_cv_ebcdic" = "yes"; then
+ # mod_charset_lite can be very useful on an ebcdic system,
diff --git a/httpd-2.4.2-r1327036+.patch b/httpd-2.4.2-r1327036+.patch
new file mode 100644
index 0000000..63ef401
--- /dev/null
+++ b/httpd-2.4.2-r1327036+.patch
@@ -0,0 +1,80 @@
+
+http://svn.apache.org/viewvc?view=revision&revision=1327036
+http://svn.apache.org/viewvc?view=revision&revision=1327080
+
+--- httpd-2.4.2/server/mpm_unix.c
++++ httpd-2.4.2/server/mpm_unix.c
+@@ -501,14 +501,14 @@
+ return rv;
+ }
+
+-/* This function connects to the server, then immediately closes the connection.
+- * This permits the MPM to skip the poll when there is only one listening
+- * socket, because it provides a alternate way to unblock an accept() when
+- * the pod is used.
+- */
++/* This function connects to the server and sends enough data to
++ * ensure the child wakes up and processes a new connection. This
++ * permits the MPM to skip the poll when there is only one listening
++ * socket, because it provides a alternate way to unblock an accept()
++ * when the pod is used. */
+ static apr_status_t dummy_connection(ap_pod_t *pod)
+ {
+- char *srequest;
++ const char *data;
+ apr_status_t rv;
+ apr_socket_t *sock;
+ apr_pool_t *p;
+@@ -574,24 +574,37 @@
+ return rv;
+ }
+
+- /* Create the request string. We include a User-Agent so that
+- * adminstrators can track down the cause of the odd-looking
+- * requests in their logs.
+- */
+- srequest = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
++ if (lp->protocol && strcasecmp(lp->protocol, "https") == 0) {
++ /* Send a TLS 1.0 close_notify alert. This is perhaps the
++ * "least wrong" way to open and cleanly terminate an SSL
++ * connection. It should "work" without noisy error logs if
++ * the server actually expects SSLv3/TLSv1. With
++ * SSLv23_server_method() OpenSSL's SSL_accept() fails
++ * ungracefully on receipt of this message, since it requires
++ * an 11-byte ClientHello message and this is too short. */
++ static const unsigned char tls10_close_notify[7] = {
++ '\x15', /* TLSPlainText.type = Alert (21) */
++ '\x03', '\x01', /* TLSPlainText.version = {3, 1} */
++ '\x00', '\x02', /* TLSPlainText.length = 2 */
++ '\x01', /* Alert.level = warning (1) */
++ '\x00' /* Alert.description = close_notify (0) */
++ };
++ data = (const char *)tls10_close_notify;
++ len = sizeof(tls10_close_notify);
++ }
++ else /* ... XXX other request types here? */ {
++ /* Create an HTTP request string. We include a User-Agent so
++ * that adminstrators can track down the cause of the
++ * odd-looking requests in their logs. A complete request is
++ * used since kernel-level filtering may require that much
++ * data before returning from accept(). */
++ data = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
+ ap_get_server_description(),
+ " (internal dummy connection)\r\n\r\n", NULL);
++ len = strlen(data);
++ }
+
+- /* Since some operating systems support buffering of data or entire
+- * requests in the kernel, we send a simple request, to make sure
+- * the server pops out of a blocking accept().
+- */
+- /* XXX: This is HTTP specific. We should look at the Protocol for each
+- * listener, and send the correct type of request to trigger any Accept
+- * Filters.
+- */
+- len = strlen(srequest);
+- apr_socket_send(sock, srequest, &len);
++ apr_socket_send(sock, data, &len);
+ apr_socket_close(sock);
+ apr_pool_destroy(p);
+
diff --git a/httpd.spec b/httpd.spec
index c951af2..dff64b1 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -8,7 +8,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.2
-Release: 3%{?dist}
+Release: 4%{?dist}
URL: http://httpd.apache.org/
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html
@@ -47,6 +47,8 @@ Patch25: httpd-2.4.1-selinux.patch
Patch26: httpd-2.4.1-suenable.patch
# Bug fixes
Patch40: httpd-2.4.2-restart.patch
+Patch41: httpd-2.4.2-r1327036+.patch
+Patch42: httpd-2.4.2-r1326980+.patch
License: ASL 2.0
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -155,6 +157,8 @@ authentication to the Apache HTTP Server.
%patch26 -p1 -b .suenable
%patch40 -p1 -b .restart
+%patch41 -p1 -b .r1327036+
+%patch42 -p1 -b .r1326980+
# Patch in vendor/release string
sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
@@ -558,6 +562,14 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/rpm/macros.httpd
%changelog
+* Fri Apr 27 2012 Remi Collet <RPMS@FamilleCollet.com> - 2.4.2-4
+- sync with rawhide, rebuild for remi repo
+
+* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-4
+- pull from upstream:
+ * use TLS close_notify alert for dummy_connection (r1326980+)
+ * cleanup symbol exports (r1327036+)
+
* Fri Apr 20 2012 Remi Collet <RPMS@FamilleCollet.com> - 2.4.2-3
- sync with rawhide, rebuild for remi repo
diff --git a/pullrev.sh b/pullrev.sh
new file mode 100755
index 0000000..14477ad
--- /dev/null
+++ b/pullrev.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+ echo "What?"
+ exit 1
+fi
+
+repo="https://svn.apache.org/repos/asf/httpd/httpd/trunk"
+ver=2.4.2
+prefix="httpd-${ver}"
+suffix="r$1${2:++}"
+fn="${prefix}-${suffix}.patch"
+vcurl="http://svn.apache.org/viewvc?view=revision&revision="
+
+if test -f ${fn}; then
+ mv -v -f ${fn} ${fn}\~
+ sed '/^--- /,$d' < ${fn}\~ > ${fn}
+else
+ echo > ${fn}
+fi
+
+new=0
+for r in $*; do
+ if ! grep -q "${vcurl}${r}" ${fn}; then
+ echo "${vcurl}${r}"
+ new=1
+ fi
+done >> ${fn}
+
+[ $new -eq 0 ] || echo >> ${fn}
+
+prev=/dev/null
+for r in $*; do
+ echo "+ fetching ${r}"
+ this=`mktemp /tmp/pullrevXXXXXX`
+ svn diff -c ${r} ${repo} | filterdiff --remove-timestamps --addprefix="${prefix}/" > ${this}
+ next=`mktemp /tmp/pullrevXXXXXX`
+ combinediff --quiet ${prev} ${this} > ${next}
+ rm -f "${this}"
+ [ "${prev}" = "/dev/null" ] || rm -f "${prev}"
+ prev=${next}
+done
+
+cat ${prev} >> ${fn}
+
+vi "${fn}"
+echo "+ git add ${fn}"
+git add "${fn}"
+echo "+ spec template:"
+echo "PatchN: ${fn}"
+echo "%patchN -p1 -b .${suffix}"