From 35be91f9ec4348d4ea7a249fff3bf7e116c6405e Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 1 Oct 2010 19:13:28 +0200 Subject: httpd 2.3.8 first work --- httpd-2.1.10-apctl.patch | 107 ----------------------------------------- httpd-2.1.10-apxs.patch | 97 ------------------------------------- httpd-2.1.10-disablemods.patch | 36 -------------- httpd-2.2.11-selinux.patch | 51 -------------------- httpd-2.2.9-deplibs.patch | 14 ------ httpd-2.2.9-suenable.patch | 11 ----- httpd-2.3.8-apctl.patch | 97 +++++++++++++++++++++++++++++++++++++ httpd-2.3.8-apxs.patch | 57 ++++++++++++++++++++++ httpd-2.3.8-deplibs.patch | 15 ++++++ httpd-2.3.8-selinux.patch | 54 +++++++++++++++++++++ 10 files changed, 223 insertions(+), 316 deletions(-) delete mode 100644 httpd-2.1.10-apctl.patch delete mode 100644 httpd-2.1.10-apxs.patch delete mode 100644 httpd-2.1.10-disablemods.patch delete mode 100644 httpd-2.2.11-selinux.patch delete mode 100644 httpd-2.2.9-deplibs.patch delete mode 100644 httpd-2.2.9-suenable.patch create mode 100644 httpd-2.3.8-apctl.patch create mode 100644 httpd-2.3.8-apxs.patch create mode 100644 httpd-2.3.8-deplibs.patch create mode 100644 httpd-2.3.8-selinux.patch diff --git a/httpd-2.1.10-apctl.patch b/httpd-2.1.10-apctl.patch deleted file mode 100644 index 4e34ea6..0000000 --- a/httpd-2.1.10-apctl.patch +++ /dev/null @@ -1,107 +0,0 @@ - -- fail gracefully if links is not installed on target system -- source sysconfig/httpd for custom env. vars etc. -- make httpd -t work even in SELinux -- refuse to restart into a bad config -- pass $OPTIONS to all $HTTPD invocation - -Upstream-HEAD: vendor -Upstream-2.0: vendor -Upstream-Status: Vendor-specific changes for better initscript integration - ---- httpd-2.1.10/support/apachectl.in.apctl -+++ httpd-2.1.10/support/apachectl.in -@@ -43,19 +43,25 @@ - # the path to your httpd binary, including options if necessary - HTTPD='@exp_sbindir@/@progname@' - # --# pick up any necessary environment variables --if test -f @exp_sbindir@/envvars; then -- . @exp_sbindir@/envvars --fi - # - # a command that outputs a formatted text version of the HTML at the - # url given on the command line. Designed for lynx, however other - # programs may work. --LYNX="@LYNX_PATH@ -dump" -+if [ -x "@LYNX_PATH@" ]; then -+ LYNX="@LYNX_PATH@ -dump" -+else -+ LYNX=none -+fi - # - # the URL to your server's mod_status status page. If you do not - # have one, then status and fullstatus will not work. - STATUSURL="http://localhost:@PORT@/server-status" -+ -+# Source /etc/sysconfig/httpd for $HTTPD setting, etc. -+if [ -r /etc/sysconfig/httpd ]; then -+ . /etc/sysconfig/httpd -+fi -+ - # - # Set this variable to a command that increases the maximum - # number of file descriptors allowed per child process. This is -@@ -75,29 +81,51 @@ - ARGV="-h" - fi - -+function checklynx() { -+if [ "$LYNX" = "none" ]; then -+ echo "The 'links' package is required for this functionality." -+ exit 8 -+fi -+} -+ -+function testconfig() { -+# httpd is denied terminal access in SELinux, so run in the -+# current context to get stdout from $HTTPD -t. -+if test -x /usr/sbin/selinuxenabled && /usr/sbin/selinuxenabled; then -+ runcon -- `id -Z` $HTTPD $OPTIONS -t -+else -+ $HTTPD $OPTIONS -t -+fi -+ERROR=$? -+} -+ - case $ARGV in --start|stop|restart|graceful|graceful-stop) -- $HTTPD -k $ARGV -- ERROR=$? -+restart|graceful) -+ if $HTTPD $OPTIONS -t >&/dev/null; then -+ $HTTPD $OPTIONS -k $ARGV -+ ERROR=$? -+ else -+ echo "apachectl: Configuration syntax error, will not run \"$ARGV\":" -+ testconfig -+ fi - ;; --startssl|sslstart|start-SSL) -- echo The startssl option is no longer supported. -- echo Please edit httpd.conf to include the SSL configuration settings -- echo and then use "apachectl start". -- ERROR=2 -+start|stop|graceful-stop) -+ $HTTPD $OPTIONS -k $ARGV -+ ERROR=$? - ;; - configtest) -- $HTTPD -t -- ERROR=$? -+ testconfig - ;; - status) -+ checklynx - $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' - ;; - fullstatus) -+ checklynx - $LYNX $STATUSURL - ;; - *) -- $HTTPD $ARGV -+ $HTTPD $OPTIONS $ARGV - ERROR=$? - esac - diff --git a/httpd-2.1.10-apxs.patch b/httpd-2.1.10-apxs.patch deleted file mode 100644 index 5881276..0000000 --- a/httpd-2.1.10-apxs.patch +++ /dev/null @@ -1,97 +0,0 @@ - -- remove unnecessary stuff which runs httpd during build -- drop unnecessary --libs output from ap?-?-config -- make multilib-safe - -Upstream-Status: The is-mod_so-linked-in hack is done better on trunk. - The multilib hack is awful and can't go upstream. - ---- httpd-2.2.2/support/apxs.in.apxs -+++ httpd-2.2.2/support/apxs.in -@@ -25,7 +25,18 @@ - - my %config_vars = (); - --my $installbuilddir = "@exp_installbuilddir@"; -+# Awful hack to make apxs libdir-agnostic: -+my $pkg_config = "/usr/bin/pkg-config"; -+if (! -x "$pkg_config") { -+ error("$pkg_config not found!"); -+ exit(1); -+} -+ -+my $libdir = `pkg-config --variable=libdir apr-1`; -+chomp $libdir; -+ -+my $installbuilddir = $libdir . "/httpd/build"; -+ - get_config_vars("$installbuilddir/config_vars.mk",\%config_vars); - - # read the configuration variables once -@@ -184,34 +195,6 @@ - } - } - --## --## Initial shared object support check --## --my $httpd = get_vars("sbindir") . "/" . get_vars("progname"); --$httpd = eval qq("$httpd"); --$httpd = eval qq("$httpd"); --my $envvars = get_vars("sbindir") . "/envvars"; --$envvars = eval qq("$envvars"); --$envvars = eval qq("$envvars"); -- --#allow apxs to be run from the source tree, before installation --if ($0 =~ m:support/apxs$:) { -- ($httpd = $0) =~ s:support/apxs$::; --} -- --unless (-x "$httpd") { -- error("$httpd not found or not executable"); -- exit 1; --} -- --unless (grep /mod_so/, `. $envvars && $httpd -l`) { -- error("Sorry, no shared object support for Apache"); -- error("available under your platform. Make sure"); -- error("the Apache module mod_so is compiled into"); -- error("your server binary `$httpd'."); -- exit 1; --} -- - sub get_config_vars{ - my ($file, $rh_config) = @_; - -@@ -291,7 +274,7 @@ - $data =~ s|%NAME%|$name|sg; - $data =~ s|%TARGET%|$CFG_TARGET|sg; - $data =~ s|%PREFIX%|$prefix|sg; -- $data =~ s|%INSTALLBUILDDIR%|$installbuilddir|sg; -+ $data =~ s|%LIBDIR%|$libdir|sg; - - my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s); - -@@ -433,9 +416,9 @@ - - if ($opt_p == 1) { - -- my $apr_libs=`$apr_config --cflags --ldflags --link-libtool --libs`; -+ my $apr_libs=`$apr_config --cflags --ldflags --link-libtool`; - chomp($apr_libs); -- my $apu_libs=`$apu_config --ldflags --link-libtool --libs`; -+ my $apu_libs=`$apu_config --ldflags --link-libtool`; - chomp($apu_libs); - - $opt .= " ".$apu_libs." ".$apr_libs; -@@ -646,8 +629,8 @@ - - builddir=. - top_srcdir=%PREFIX% --top_builddir=%PREFIX% --include %INSTALLBUILDDIR%/special.mk -+top_builddir=%LIBDIR%/httpd -+include %LIBDIR%/httpd/build/special.mk - - # the used tools - APXS=apxs diff --git a/httpd-2.1.10-disablemods.patch b/httpd-2.1.10-disablemods.patch deleted file mode 100644 index 7e938e4..0000000 --- a/httpd-2.1.10-disablemods.patch +++ /dev/null @@ -1,36 +0,0 @@ - -Support "--enable-modules=none" to build an httpd binary with -no optional modules enabled. - -Upstream-Status: committed to trunk, r357168 - ---- httpd-2.1.10/acinclude.m4.disablemods -+++ httpd-2.1.10/acinclude.m4 -@@ -289,14 +289,19 @@ - - AC_ARG_ENABLE(modules, - APACHE_HELP_STRING(--enable-modules=MODULE-LIST,Space-separated list of modules to enable | "all" | "most"),[ -- for i in $enableval; do -- if test "$i" = "all" -o "$i" = "most"; then -- module_selection=$i -- else -- i=`echo $i | sed 's/-/_/g'` -- eval "enable_$i=yes" -- fi -- done -+ if test "$enableval" = "none"; then -+ module_default=no -+ module_selection=none -+ else -+ for i in $enableval; do -+ if test "$i" = "all" -o "$i" = "most"; then -+ module_selection=$i -+ else -+ i=`echo $i | sed 's/-/_/g'` -+ eval "enable_$i=yes" -+ fi -+ done -+ fi - ]) - - AC_ARG_ENABLE(mods-shared, diff --git a/httpd-2.2.11-selinux.patch b/httpd-2.2.11-selinux.patch deleted file mode 100644 index 7b1b3cb..0000000 --- a/httpd-2.2.11-selinux.patch +++ /dev/null @@ -1,51 +0,0 @@ ---- httpd-2.2.11/configure.in.selinux -+++ httpd-2.2.11/configure.in -@@ -412,6 +412,10 @@ getpgid - dnl confirm that a void pointer is large enough to store a long integer - APACHE_CHECK_VOID_PTR_LEN - -+AC_CHECK_LIB(selinux, is_selinux_enabled, [ -+ APR_ADDTO(AP_LIBS, [-lselinux]) -+]) -+ - dnl ## Check for the tm_gmtoff field in struct tm to get the timezone diffs - AC_CACHE_CHECK([for tm_gmtoff in struct tm], ac_cv_struct_tm_gmtoff, - [AC_TRY_COMPILE([#include ---- httpd-2.2.11/server/core.c.selinux -+++ httpd-2.2.11/server/core.c -@@ -51,6 +51,8 @@ - - #include "mod_so.h" /* for ap_find_loaded_module_symbol */ - -+#include -+ - /* LimitRequestBody handling */ - #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) - #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) -@@ -3796,6 +3798,26 @@ static int core_post_config(apr_pool_t * - } - #endif - -+ { -+ static int already_warned = 0; -+ int is_enabled = is_selinux_enabled() > 0; -+ -+ if (is_enabled && !already_warned) { -+ security_context_t con; -+ -+ if (getcon(&con) == 0) { -+ -+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, -+ "SELinux policy enabled; " -+ "httpd running as context %s", con); -+ -+ already_warned = 1; -+ -+ freecon(con); -+ } -+ } -+ } -+ - return OK; - } - diff --git a/httpd-2.2.9-deplibs.patch b/httpd-2.2.9-deplibs.patch deleted file mode 100644 index def61ed..0000000 --- a/httpd-2.2.9-deplibs.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- httpd-2.2.9/configure.in.deplibs -+++ httpd-2.2.9/configure.in -@@ -588,9 +588,8 @@ APACHE_HELP_STRING(--with-suexec-umask,u - AC_DEFINE_UNQUOTED(AP_SUEXEC_UMASK, 0$withval, [umask for suexec'd process] ) ] ) - - dnl APR should go after the other libs, so the right symbols can be picked up --apulinklibs="`$apu_config --avoid-ldap --link-libtool --libs`" \ -- || apulinklibs="`$apu_config --link-libtool --libs`" --AP_LIBS="$AP_LIBS $apulinklibs `$apr_config --link-libtool --libs`" -+apulinklibs="`$apu_config --link-libtool`" -+AP_LIBS="$AP_LIBS $apulinklibs `$apr_config --link-libtool`" - APACHE_SUBST(AP_LIBS) - APACHE_SUBST(AP_BUILD_SRCLIB_DIRS) - APACHE_SUBST(AP_CLEAN_SRCLIB_DIRS) diff --git a/httpd-2.2.9-suenable.patch b/httpd-2.2.9-suenable.patch deleted file mode 100644 index 2227632..0000000 --- a/httpd-2.2.9-suenable.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- httpd-2.2.9/os/unix/unixd.c.suenable -+++ httpd-2.2.9/os/unix/unixd.c -@@ -215,7 +215,7 @@ AP_DECLARE(void) unixd_pre_config(apr_po - } - - if ((wrapper.protection & APR_USETID) && wrapper.user == 0) { -- unixd_config.suexec_enabled = 1; -+ unixd_config.suexec_enabled = access(SUEXEC_BIN, R_OK|X_OK) == 0; - } - } - diff --git a/httpd-2.3.8-apctl.patch b/httpd-2.3.8-apctl.patch new file mode 100644 index 0000000..174d100 --- /dev/null +++ b/httpd-2.3.8-apctl.patch @@ -0,0 +1,97 @@ +diff -up httpd-2.3.8/support/apachectl.in.apctl httpd-2.3.8/support/apachectl.in +--- httpd-2.3.8/support/apachectl.in.apctl 2009-04-23 19:45:41.000000000 +0200 ++++ httpd-2.3.8/support/apachectl.in 2010-10-01 18:25:41.040624098 +0200 +@@ -44,19 +44,25 @@ ARGV="$@" + # the path to your httpd binary, including options if necessary + HTTPD='@exp_sbindir@/@progname@' + # +-# pick up any necessary environment variables +-if test -f @exp_sbindir@/envvars; then +- . @exp_sbindir@/envvars +-fi + # + # a command that outputs a formatted text version of the HTML at the + # url given on the command line. Designed for lynx, however other + # programs may work. +-LYNX="@LYNX_PATH@ -dump" ++if [ -x "@LYNX_PATH@" ]; then ++ LYNX="@LYNX_PATH@ -dump" ++else ++ LYNX=none ++fi + # + # the URL to your server's mod_status status page. If you do not + # have one, then status and fullstatus will not work. + STATUSURL="http://localhost:@PORT@/server-status" ++ ++# Source /etc/sysconfig/httpd for $HTTPD setting, etc. ++if [ -r /etc/sysconfig/httpd ]; then ++ . /etc/sysconfig/httpd ++fi ++ + # + # Set this variable to a command that increases the maximum + # number of file descriptors allowed per child process. This is +@@ -76,29 +82,51 @@ if [ "x$ARGV" = "x" ] ; then + ARGV="-h" + fi + ++function checklynx() { ++if [ "$LYNX" = "none" ]; then ++ echo "The 'links' package is required for this functionality." ++ exit 8 ++fi ++} ++ ++function testconfig() { ++# httpd is denied terminal access in SELinux, so run in the ++# current context to get stdout from $HTTPD -t. ++if test -x /usr/sbin/selinuxenabled && /usr/sbin/selinuxenabled; then ++ runcon -- `id -Z` $HTTPD $OPTIONS -t ++else ++ $HTTPD $OPTIONS -t ++fi ++ERROR=$? ++} ++ + case $ACMD in +-start|stop|restart|graceful|graceful-stop) +- $HTTPD -k $ARGV +- ERROR=$? ++restart|graceful) ++ if $HTTPD $OPTIONS -t >&/dev/null; then ++ $HTTPD $OPTIONS -k $ARGV ++ ERROR=$? ++ else ++ echo "apachectl: Configuration syntax error, will not run \"$ARGV\":" ++ testconfig ++ fi + ;; +-startssl|sslstart|start-SSL) +- echo The startssl option is no longer supported. +- echo Please edit httpd.conf to include the SSL configuration settings +- echo and then use "apachectl start". +- ERROR=2 ++start|stop|graceful-stop) ++ $HTTPD $OPTIONS -k $ARGV ++ ERROR=$? + ;; + configtest) +- $HTTPD -t +- ERROR=$? ++ testconfig + ;; + status) ++ checklynx + $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' + ;; + fullstatus) ++ checklynx + $LYNX $STATUSURL + ;; + *) +- $HTTPD "$@" ++ $HTTPD $OPTIONS "$@" + ERROR=$? + esac + diff --git a/httpd-2.3.8-apxs.patch b/httpd-2.3.8-apxs.patch new file mode 100644 index 0000000..e30702f --- /dev/null +++ b/httpd-2.3.8-apxs.patch @@ -0,0 +1,57 @@ +diff -up httpd-2.3.8/support/apxs.in.apxs httpd-2.3.8/support/apxs.in +--- httpd-2.3.8/support/apxs.in.apxs 2010-06-22 19:12:44.000000000 +0200 ++++ httpd-2.3.8/support/apxs.in 2010-10-01 18:32:32.292091906 +0200 +@@ -25,7 +25,18 @@ package apxs; + + my %config_vars = (); + +-my $installbuilddir = "@exp_installbuilddir@"; ++# Awful hack to make apxs libdir-agnostic: ++my $pkg_config = "/usr/bin/pkg-config"; ++if (! -x "$pkg_config") { ++ error("$pkg_config not found!"); ++ exit(1); ++} ++ ++my $libdir = `pkg-config --variable=libdir apr-1`; ++chomp $libdir; ++ ++my $installbuilddir = $libdir . "/httpd/build"; ++ + get_config_vars("$installbuilddir/config_vars.mk",\%config_vars); + + # read the configuration variables once +@@ -273,7 +284,7 @@ if ($opt_g) { + $data =~ s|%NAME%|$name|sg; + $data =~ s|%TARGET%|$CFG_TARGET|sg; + $data =~ s|%PREFIX%|$prefix|sg; +- $data =~ s|%INSTALLBUILDDIR%|$installbuilddir|sg; ++ $data =~ s|%LIBDIR%|$libdir|sg; + + my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s); + +@@ -450,11 +461,11 @@ if ($opt_c) { + + if ($opt_p == 1) { + +- my $apr_libs=`$apr_config --cflags --ldflags --link-libtool --libs`; ++ my $apr_libs=`$apr_config --cflags --ldflags --link-libtool`; + chomp($apr_libs); + my $apu_libs=""; + if ($apr_major_version < 2) { +- $apu_libs=`$apu_config --ldflags --link-libtool --libs`; ++ $apu_libs=`$apu_config --ldflags --link-libtool`; + chomp($apu_libs); + } + +@@ -669,8 +680,8 @@ __DATA__ + + builddir=. + top_srcdir=%PREFIX% +-top_builddir=%PREFIX% +-include %INSTALLBUILDDIR%/special.mk ++top_builddir=%LIBDIR%/httpd ++include %LIBDIR%/httpd/build/special.mk + + # the used tools + APXS=apxs diff --git a/httpd-2.3.8-deplibs.patch b/httpd-2.3.8-deplibs.patch new file mode 100644 index 0000000..705dad1 --- /dev/null +++ b/httpd-2.3.8-deplibs.patch @@ -0,0 +1,15 @@ +diff -up httpd-2.3.8/configure.in.deplibs httpd-2.3.8/configure.in +--- httpd-2.3.8/configure.in.deplibs 2010-08-22 12:34:20.000000000 +0200 ++++ httpd-2.3.8/configure.in 2010-10-01 18:36:46.106973515 +0200 +@@ -649,9 +649,9 @@ APACHE_HELP_STRING(--with-suexec-umask,u + + dnl APR should go after the other libs, so the right symbols can be picked up + if test x${apu_found} != xobsolete; then +- AP_LIBS="$AP_LIBS `$apu_config --avoid-ldap --link-libtool --libs`" ++ AP_LIBS="$AP_LIBS `$apu_config --link-libtool`" + fi +-AP_LIBS="$AP_LIBS `$apr_config --link-libtool --libs`" ++AP_LIBS="$AP_LIBS `$apr_config --link-libtool`" + APACHE_SUBST(AP_LIBS) + APACHE_SUBST(AP_BUILD_SRCLIB_DIRS) + APACHE_SUBST(AP_CLEAN_SRCLIB_DIRS) diff --git a/httpd-2.3.8-selinux.patch b/httpd-2.3.8-selinux.patch new file mode 100644 index 0000000..87c28fb --- /dev/null +++ b/httpd-2.3.8-selinux.patch @@ -0,0 +1,54 @@ +diff -up httpd-2.3.8/configure.in.selinux httpd-2.3.8/configure.in +--- httpd-2.3.8/configure.in.selinux 2010-10-01 18:51:36.960826530 +0200 ++++ httpd-2.3.8/configure.in 2010-10-01 18:51:36.984827554 +0200 +@@ -430,6 +430,10 @@ fopen64 + dnl confirm that a void pointer is large enough to store a long integer + APACHE_CHECK_VOID_PTR_LEN + ++AC_CHECK_LIB(selinux, is_selinux_enabled, [ ++ APR_ADDTO(AP_LIBS, [-lselinux]) ++]) ++ + dnl ## Check for the tm_gmtoff field in struct tm to get the timezone diffs + AC_CACHE_CHECK([for tm_gmtoff in struct tm], ac_cv_struct_tm_gmtoff, + [AC_TRY_COMPILE([#include +diff -up httpd-2.3.8/server/core.c.selinux httpd-2.3.8/server/core.c +--- httpd-2.3.8/server/core.c.selinux 2010-08-22 12:26:18.000000000 +0200 ++++ httpd-2.3.8/server/core.c 2010-10-01 18:55:18.178025465 +0200 +@@ -50,6 +50,8 @@ + + #include "mod_so.h" /* for ap_find_loaded_module_symbol */ + ++#include ++ + #if defined(RLIMIT_CPU) || defined (RLIMIT_DATA) || defined (RLIMIT_VMEM) || defined(RLIMIT_AS) || defined (RLIMIT_NPROC) + #include "unixd.h" + #endif +@@ -3655,6 +3657,27 @@ static int core_post_config(apr_pool_t * + "or other system security module is loaded."); + return !OK; + } ++ { ++ static int already_warned = 0; ++ int is_enabled = is_selinux_enabled() > 0; ++ ++ if (is_enabled && !already_warned) { ++ security_context_t con; ++ ++ if (getcon(&con) == 0) { ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "SELinux policy enabled; " ++ "httpd running as context %s", con); ++ ++ already_warned = 1; ++ ++ freecon(con); ++ } ++ } ++ } ++ ++ + return OK; + } + -- cgit