From ad2289539025930128771f245b896a5ab6a20ea8 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Fri, 27 Apr 2012 17:21:14 +0200
Subject: httpd: sync with rawhide

---
 httpd-2.4.2-r1326980+.patch | 65 ++++++++++++++++++++++++++++++++++++
 httpd-2.4.2-r1327036+.patch | 80 +++++++++++++++++++++++++++++++++++++++++++++
 httpd.spec                  | 14 +++++++-
 pullrev.sh                  | 51 +++++++++++++++++++++++++++++
 4 files changed, 209 insertions(+), 1 deletion(-)
 create mode 100644 httpd-2.4.2-r1326980+.patch
 create mode 100644 httpd-2.4.2-r1327036+.patch
 create mode 100755 pullrev.sh

diff --git a/httpd-2.4.2-r1326980+.patch b/httpd-2.4.2-r1326980+.patch
new file mode 100644
index 0000000..3d37c3f
--- /dev/null
+++ b/httpd-2.4.2-r1326980+.patch
@@ -0,0 +1,65 @@
+
+http://svn.apache.org/viewvc?view=revision&revision=1326980
+http://svn.apache.org/viewvc?view=revision&revision=1326984
+http://svn.apache.org/viewvc?view=revision&revision=1326991
+
+--- httpd-2.4.2/modules/loggers/mod_log_debug.c
++++ httpd-2.4.2/modules/loggers/mod_log_debug.c
+@@ -35,8 +35,8 @@
+     apr_array_header_t *entries;
+ } log_debug_dirconf;
+ 
+-const char *allhooks = "all";
+-const char * const hooks[] = {
++static const char *allhooks = "all";
++static const char * const hooks[] = {
+     "log_transaction",      /*  0 */
+     "quick_handler",        /*  1 */
+     "handler",              /*  2 */
+--- httpd-2.4.2/modules/filters/sed1.c
++++ httpd-2.4.2/modules/filters/sed1.c
+@@ -25,7 +25,7 @@
+ #include "apr_strings.h"
+ #include "regexp.h"
+ 
+-char    *trans[040]  = {
++static const char *const trans[040]  = {
+     "\\01",
+     "\\02",
+     "\\03",
+@@ -58,7 +58,7 @@
+     "\\36",
+     "\\37"
+ };
+-char rub[] = {"\\177"};
++static const char rub[] = {"\\177"};
+ 
+ extern int sed_step(char *p1, char *p2, int circf, step_vars_storage *vars);
+ static int substitute(sed_eval_t *eval, sed_reptr_t *ipc,
+@@ -692,7 +692,8 @@
+                             step_vars_storage *step_vars)
+ {
+     int    i;
+-    char   *p1, *p2, *p3;
++    char   *p1, *p2;
++    const char *p3;
+     int length;
+     char sz[32]; /* 32 bytes enough to store 64 bit integer in decimal */
+     apr_status_t rv = APR_SUCCESS;
+--- httpd-2.4.2/modules/filters/config.m4
++++ httpd-2.4.2/modules/filters/config.m4
+@@ -16,7 +16,13 @@
+ APACHE_MODULE(substitute, response content rewrite-like filtering, , , most)
+ 
+ sed_obj="mod_sed.lo sed0.lo sed1.lo regexp.lo"
+-APACHE_MODULE(sed, filter request and/or response bodies through sed, $sed_obj, , most)
++APACHE_MODULE(sed, filter request and/or response bodies through sed, $sed_obj, , most, [
++    if test "x$enable_sed" = "xshared"; then
++        # The only symbol which needs to be exported is the module
++        # structure, so ask libtool to hide libsed internals:
++        APR_ADDTO(MOD_SED_LDADD, [-export-symbols-regex sed_module])
++    fi
++])
+ 
+ if test "$ac_cv_ebcdic" = "yes"; then
+ # mod_charset_lite can be very useful on an ebcdic system,
diff --git a/httpd-2.4.2-r1327036+.patch b/httpd-2.4.2-r1327036+.patch
new file mode 100644
index 0000000..63ef401
--- /dev/null
+++ b/httpd-2.4.2-r1327036+.patch
@@ -0,0 +1,80 @@
+
+http://svn.apache.org/viewvc?view=revision&revision=1327036
+http://svn.apache.org/viewvc?view=revision&revision=1327080
+
+--- httpd-2.4.2/server/mpm_unix.c
++++ httpd-2.4.2/server/mpm_unix.c
+@@ -501,14 +501,14 @@
+     return rv;
+ }
+ 
+-/* This function connects to the server, then immediately closes the connection.
+- * This permits the MPM to skip the poll when there is only one listening
+- * socket, because it provides a alternate way to unblock an accept() when
+- * the pod is used.
+- */
++/* This function connects to the server and sends enough data to
++ * ensure the child wakes up and processes a new connection.  This
++ * permits the MPM to skip the poll when there is only one listening
++ * socket, because it provides a alternate way to unblock an accept()
++ * when the pod is used.  */
+ static apr_status_t dummy_connection(ap_pod_t *pod)
+ {
+-    char *srequest;
++    const char *data;
+     apr_status_t rv;
+     apr_socket_t *sock;
+     apr_pool_t *p;
+@@ -574,24 +574,37 @@
+         return rv;
+     }
+ 
+-    /* Create the request string. We include a User-Agent so that
+-     * adminstrators can track down the cause of the odd-looking
+-     * requests in their logs.
+-     */
+-    srequest = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
++    if (lp->protocol && strcasecmp(lp->protocol, "https") == 0) {
++        /* Send a TLS 1.0 close_notify alert.  This is perhaps the
++         * "least wrong" way to open and cleanly terminate an SSL
++         * connection.  It should "work" without noisy error logs if
++         * the server actually expects SSLv3/TLSv1.  With
++         * SSLv23_server_method() OpenSSL's SSL_accept() fails
++         * ungracefully on receipt of this message, since it requires
++         * an 11-byte ClientHello message and this is too short. */
++        static const unsigned char tls10_close_notify[7] = {
++            '\x15',         /* TLSPlainText.type = Alert (21) */
++            '\x03', '\x01', /* TLSPlainText.version = {3, 1} */
++            '\x00', '\x02', /* TLSPlainText.length = 2 */
++            '\x01',         /* Alert.level = warning (1) */
++            '\x00'          /* Alert.description = close_notify (0) */
++        };
++        data = (const char *)tls10_close_notify;
++        len = sizeof(tls10_close_notify);
++    }
++    else /* ... XXX other request types here? */ {
++        /* Create an HTTP request string.  We include a User-Agent so
++         * that adminstrators can track down the cause of the
++         * odd-looking requests in their logs.  A complete request is
++         * used since kernel-level filtering may require that much
++         * data before returning from accept(). */
++        data = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
+                            ap_get_server_description(),
+                            " (internal dummy connection)\r\n\r\n", NULL);
++        len = strlen(data);
++    }
+ 
+-    /* Since some operating systems support buffering of data or entire
+-     * requests in the kernel, we send a simple request, to make sure
+-     * the server pops out of a blocking accept().
+-     */
+-    /* XXX: This is HTTP specific. We should look at the Protocol for each
+-     * listener, and send the correct type of request to trigger any Accept
+-     * Filters.
+-     */
+-    len = strlen(srequest);
+-    apr_socket_send(sock, srequest, &len);
++    apr_socket_send(sock, data, &len);
+     apr_socket_close(sock);
+     apr_pool_destroy(p);
+ 
diff --git a/httpd.spec b/httpd.spec
index c951af2..dff64b1 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -8,7 +8,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.2
-Release: 3%{?dist}
+Release: 4%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@@ -47,6 +47,8 @@ Patch25: httpd-2.4.1-selinux.patch
 Patch26: httpd-2.4.1-suenable.patch
 # Bug fixes
 Patch40: httpd-2.4.2-restart.patch
+Patch41: httpd-2.4.2-r1327036+.patch
+Patch42: httpd-2.4.2-r1326980+.patch
 License: ASL 2.0
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -155,6 +157,8 @@ authentication to the Apache HTTP Server.
 %patch26 -p1 -b .suenable
 
 %patch40 -p1 -b .restart
+%patch41 -p1 -b .r1327036+
+%patch42 -p1 -b .r1326980+
 
 # Patch in vendor/release string
 sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
@@ -558,6 +562,14 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/rpm/macros.httpd
 
 %changelog
+* Fri Apr 27 2012 Remi Collet <RPMS@FamilleCollet.com> - 2.4.2-4
+- sync with rawhide, rebuild for remi repo
+
+* Fri Apr 27 2012 Joe Orton <jorton@redhat.com> - 2.4.2-4
+- pull from upstream:
+  * use TLS close_notify alert for dummy_connection (r1326980+)
+  * cleanup symbol exports (r1327036+)
+
 * Fri Apr 20 2012 Remi Collet <RPMS@FamilleCollet.com> - 2.4.2-3
 - sync with rawhide, rebuild for remi repo
 
diff --git a/pullrev.sh b/pullrev.sh
new file mode 100755
index 0000000..14477ad
--- /dev/null
+++ b/pullrev.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+    echo "What?"
+    exit 1
+fi
+
+repo="https://svn.apache.org/repos/asf/httpd/httpd/trunk"
+ver=2.4.2
+prefix="httpd-${ver}"
+suffix="r$1${2:++}"
+fn="${prefix}-${suffix}.patch"
+vcurl="http://svn.apache.org/viewvc?view=revision&revision="
+
+if test -f ${fn}; then
+    mv -v -f ${fn} ${fn}\~
+    sed '/^--- /,$d' < ${fn}\~ > ${fn}
+else
+    echo > ${fn}
+fi
+
+new=0
+for r in $*; do
+   if ! grep -q "${vcurl}${r}" ${fn}; then
+       echo "${vcurl}${r}"
+       new=1
+   fi
+done >> ${fn}
+
+[ $new -eq 0 ] || echo >> ${fn}
+
+prev=/dev/null
+for r in $*; do
+    echo "+ fetching ${r}"
+    this=`mktemp /tmp/pullrevXXXXXX`
+    svn diff -c ${r} ${repo} | filterdiff --remove-timestamps --addprefix="${prefix}/" > ${this}
+    next=`mktemp /tmp/pullrevXXXXXX`
+    combinediff --quiet ${prev} ${this} > ${next}
+    rm -f "${this}"
+    [ "${prev}" = "/dev/null" ] || rm -f "${prev}"
+    prev=${next}
+done
+
+cat ${prev} >> ${fn}
+
+vi "${fn}"
+echo "+ git add ${fn}" 
+git add "${fn}"
+echo "+ spec template:"
+echo "PatchN: ${fn}"
+echo "%patchN -p1 -b .${suffix}"
-- 
cgit