--- /dev/null
+--- modules/ldap/util_ldap.c 2008-12-18 18:31:03.000000000 +0100
++++ modules/ldap/util_ldap.c.oden 2009-07-23 17:00:18.000000000 +0200
+@@ -236,7 +236,7 @@ static int uldap_connection_init(request
+ /* something really bad happened */
+ ldc->bound = 0;
+ if (NULL == ldc->reason) {
+- ldc->reason = "LDAP: ldap initialization failed";
++ ldc->reason = "LDAP: ldap initialization failed. Please try to install apr-util-dbd-ldap.";
+ }
+ return(APR_EGENERAL);
+ }
-diff --git a/acinclude.m4 b/acinclude.m4
-index 580eb4a..bd7e2c9 100644
---- a/acinclude.m4
-+++ b/acinclude.m4
-@@ -594,6 +594,30 @@ AC_DEFUN(APACHE_CHECK_OPENSSL,[
- fi
- ])
-
-+AC_DEFUN(APACHE_CHECK_SYSTEMD, [
-+dnl Check for systemd support for listen.c's socket activation.
-+case $host in
-+*-linux-*)
-+ if test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd; then
-+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
-+ elif test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd-daemon; then
-+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd-daemon`
-+ else
-+ AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon")
-+ fi
-+ if test -n "$SYSTEMD_LIBS"; then
-+ AC_CHECK_HEADERS(systemd/sd-daemon.h)
-+ if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then
-+ AC_MSG_WARN([Your system does not support systemd.])
-+ else
-+ APR_ADDTO(LIBS, [$SYSTEMD_LIBS])
-+ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if systemd is supported])
-+ fi
-+ fi
-+ ;;
-+esac
-+])
-+
- dnl
- dnl APACHE_EXPORT_ARGUMENTS
- dnl Export (via APACHE_SUBST) the various path-related variables that
-diff --git a/configure.in b/configure.in
-index 19a5f88..f096de3 100644
---- a/configure.in
-+++ b/configure.in
-@@ -509,6 +509,8 @@ if test "$ac_cv_struct_tm_gmtoff" = "yes"; then
- AC_DEFINE(HAVE_GMTOFF, 1, [Define if struct tm has a tm_gmtoff field])
- fi
-
-+APACHE_CHECK_SYSTEMD
-+
- dnl ## Set up any appropriate OS-specific environment variables for apachectl
-
- case $host in
+--- httpd-2.4.46/acinclude.m4.detectsystemd 2020-08-07 22:51:40.475205331 +0300
++++ httpd-2.4.46/acinclude.m4 2020-08-07 22:54:08.828106207 +0300
+@@ -616,7 +616,7 @@
+ elif test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd-daemon; then
+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd-daemon`
+ else
+- AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon")
++ AC_CHECK_LIB(systemd, sd_notify, SYSTEMD_LIBS="-lsystemd")
+ fi
+ if test -n "$SYSTEMD_LIBS"; then
+ AC_CHECK_HEADERS(systemd/sd-daemon.h)
--- /dev/null
+--- httpd-2.4.28/server/listen.c.socketactivation 2017-08-16 19:48:29.000000000 +0300
++++ httpd-2.4.28/server/listen.c 2017-10-14 18:48:36.275690612 +0300
+@@ -17,114 +17,107 @@
+ #include "apr_network_io.h"
+ #include "apr_strings.h"
+
+ #define APR_WANT_STRFUNC
+ #include "apr_want.h"
+
+ #include "ap_config.h"
+ #include "httpd.h"
+ #include "http_main.h"
+ #include "http_config.h"
+ #include "http_core.h"
+ #include "ap_listen.h"
+ #include "http_log.h"
+ #include "mpm_common.h"
+
+ #include <stdlib.h>
+ #if APR_HAVE_UNISTD_H
+ #include <unistd.h>
+ #endif
+
++#ifdef HAVE_SYSTEMD
++#include <systemd/sd-daemon.h>
++#endif
++
+ /* we know core's module_index is 0 */
+ #undef APLOG_MODULE_INDEX
+ #define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
+
+ AP_DECLARE_DATA ap_listen_rec *ap_listeners = NULL;
+
+ /* Let ap_num_listen_buckets be global so that it can
+ * be printed by ap_log_mpm_common(), but keep the listeners
+ * buckets static since it is used only here to close them
+ * all (including duplicated) with ap_close_listeners().
+ */
+ AP_DECLARE_DATA int ap_num_listen_buckets;
+ static ap_listen_rec **ap_listen_buckets;
+
+ /* Determine once, at runtime, whether or not SO_REUSEPORT
+ * is usable on this platform, and hence whether or not
+ * listeners can be duplicated (if configured).
+ */
+ AP_DECLARE_DATA int ap_have_so_reuseport = -1;
+
+ static ap_listen_rec *old_listeners;
+ static int ap_listenbacklog;
+ static int ap_listencbratio;
+ static int send_buffer_size;
+ static int receive_buffer_size;
++#ifdef HAVE_SYSTEMD
++static int use_systemd = -1;
++#endif
+
+ /* TODO: make_sock is just begging and screaming for APR abstraction */
+-static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server)
++static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server, int do_bind_listen)
+ {
+ apr_socket_t *s = server->sd;
+ int one = 1;
+ #if APR_HAVE_IPV6
+ #ifdef AP_ENABLE_V4_MAPPED
+ int v6only_setting = 0;
+ #else
+ int v6only_setting = 1;
+ #endif
+ #endif
+ apr_status_t stat;
+
+ #ifndef WIN32
+ stat = apr_socket_opt_set(s, APR_SO_REUSEADDR, one);
+ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00067)
+ "make_sock: for address %pI, apr_socket_opt_set: (SO_REUSEADDR)",
+ server->bind_addr);
+ apr_socket_close(s);
+ return stat;
+ }
+ #endif
+
+ stat = apr_socket_opt_set(s, APR_SO_KEEPALIVE, one);
+ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00068)
+ "make_sock: for address %pI, apr_socket_opt_set: (SO_KEEPALIVE)",
+ server->bind_addr);
+ apr_socket_close(s);
+ return stat;
+ }
+
+-#if APR_HAVE_IPV6
+- if (server->bind_addr->family == APR_INET6) {
+- stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting);
+- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
+- ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069)
+- "make_sock: for address %pI, apr_socket_opt_set: "
+- "(IPV6_V6ONLY)",
+- server->bind_addr);
+- apr_socket_close(s);
+- return stat;
+- }
+- }
+-#endif
+-
+ /*
+ * To send data over high bandwidth-delay connections at full
+ * speed we must force the TCP window to open wide enough to keep the
+ * pipe full. The default window size on many systems
+ * is only 4kB. Cross-country WAN connections of 100ms
+ * at 1Mb/s are not impossible for well connected sites.
+ * If we assume 100ms cross-country latency,
+ * a 4kB buffer limits throughput to 40kB/s.
+ *
+ * To avoid this problem I've added the SendBufferSize directive
+ * to allow the web master to configure send buffer size.
+ *
+ * The trade-off of larger buffers is that more kernel memory
+ * is consumed. YMMV, know your customers and your network!
+ *
+ * -John Heidemann <johnh@isi.edu> 25-Oct-96
+ *
+ * If no size is specified, use the kernel default.
+ */
+ if (send_buffer_size) {
+@@ -152,55 +145,71 @@
+ ap_sock_disable_nagle(s);
+ #endif
+
+ #if defined(SO_REUSEPORT)
+ if (ap_have_so_reuseport && ap_listencbratio > 0) {
+ int thesock;
+ apr_os_sock_get(&thesock, s);
+ if (setsockopt(thesock, SOL_SOCKET, SO_REUSEPORT,
+ (void *)&one, sizeof(int)) < 0) {
+ stat = apr_get_netos_error();
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02638)
+ "make_sock: for address %pI, apr_socket_opt_set: "
+ "(SO_REUSEPORT)",
+ server->bind_addr);
+ apr_socket_close(s);
+ return stat;
+ }
+ }
+ #endif
+
+- if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) {
+- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072)
+- "make_sock: could not bind to address %pI",
+- server->bind_addr);
+- apr_socket_close(s);
+- return stat;
+- }
++ if (do_bind_listen) {
++#if APR_HAVE_IPV6
++ if (server->bind_addr->family == APR_INET6) {
++ stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting);
++ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
++ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069)
++ "make_sock: for address %pI, apr_socket_opt_set: "
++ "(IPV6_V6ONLY)",
++ server->bind_addr);
++ apr_socket_close(s);
++ return stat;
++ }
++ }
++#endif
+
+- if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) {
+- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073)
+- "make_sock: unable to listen for connections "
+- "on address %pI",
+- server->bind_addr);
+- apr_socket_close(s);
+- return stat;
++ if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) {
++ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072)
++ "make_sock: could not bind to address %pI",
++ server->bind_addr);
++ apr_socket_close(s);
++ return stat;
++ }
++
++ if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) {
++ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073)
++ "make_sock: unable to listen for connections "
++ "on address %pI",
++ server->bind_addr);
++ apr_socket_close(s);
++ return stat;
++ }
+ }
+
+ #ifdef WIN32
+ /* I seriously doubt that this would work on Unix; I have doubts that
+ * it entirely solves the problem on Win32. However, since setting
+ * reuseaddr on the listener -prior- to binding the socket has allowed
+ * us to attach to the same port as an already running instance of
+ * Apache, or even another web server, we cannot identify that this
+ * port was exclusively granted to this instance of Apache.
+ *
+ * So set reuseaddr, but do not attempt to do so until we have the
+ * parent listeners successfully bound.
+ */
+ stat = apr_socket_opt_set(s, APR_SO_REUSEADDR, one);
+ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00074)
+ "make_sock: for address %pI, apr_socket_opt_set: (SO_REUSEADDR)",
+ server->bind_addr);
+ apr_socket_close(s);
+ return stat;
+@@ -260,40 +269,159 @@
+ ap_log_perror(APLOG_MARK, APLOG_WARNING, rv, p, APLOGNO(00075)
+ "Failed to enable the '%s' Accept Filter",
+ accf);
+ }
+ #else
+ rv = apr_socket_opt_set(s, APR_TCP_DEFER_ACCEPT, 30);
+ if (rv != APR_SUCCESS && !APR_STATUS_IS_ENOTIMPL(rv)) {
+ ap_log_perror(APLOG_MARK, APLOG_WARNING, rv, p, APLOGNO(00076)
+ "Failed to enable APR_TCP_DEFER_ACCEPT");
+ }
+ #endif
+ }
+ }
+
+ static apr_status_t close_listeners_on_exec(void *v)
+ {
+ ap_close_listeners();
+ return APR_SUCCESS;
+ }
+
++
++#ifdef HAVE_SYSTEMD
++
++static int find_systemd_socket(process_rec * process, apr_port_t port) {
++ int fdcount, fd;
++ int sdc = sd_listen_fds(0);
++
++ if (sdc < 0) {
++ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486)
++ "find_systemd_socket: Error parsing enviroment, sd_listen_fds returned %d",
++ sdc);
++ return -1;
++ }
++
++ if (sdc == 0) {
++ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487)
++ "find_systemd_socket: At least one socket must be set.");
++ return -1;
++ }
++
++ fdcount = atoi(getenv("LISTEN_FDS"));
++ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) {
++ if (sd_is_socket_inet(fd, 0, 0, -1, port) > 0) {
++ return fd;
++ }
++ }
++
++ return -1;
++}
++
++static apr_status_t alloc_systemd_listener(process_rec * process,
++ int fd, const char *proto,
++ ap_listen_rec **out_rec)
++{
++ apr_status_t rv;
++ struct sockaddr sa;
++ socklen_t len = sizeof(struct sockaddr);
++ apr_os_sock_info_t si;
++ ap_listen_rec *rec;
++ *out_rec = NULL;
++
++ memset(&si, 0, sizeof(si));
++
++ rv = getsockname(fd, &sa, &len);
++
++ if (rv != 0) {
++ rv = apr_get_netos_error();
++ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02489)
++ "getsockname on %d failed.", fd);
++ return rv;
++ }
++
++ si.os_sock = &fd;
++ si.family = sa.sa_family;
++ si.local = &sa;
++ si.type = SOCK_STREAM;
++ si.protocol = APR_PROTO_TCP;
++
++ rec = apr_palloc(process->pool, sizeof(ap_listen_rec));
++ rec->active = 0;
++ rec->next = 0;
++
++
++ rv = apr_os_sock_make(&rec->sd, &si, process->pool);
++ if (rv != APR_SUCCESS) {
++ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02490)
++ "apr_os_sock_make on %d failed.", fd);
++ return rv;
++ }
++
++ rv = apr_socket_addr_get(&rec->bind_addr, APR_LOCAL, rec->sd);
++ if (rv != APR_SUCCESS) {
++ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02491)
++ "apr_socket_addr_get on %d failed.", fd);
++ return rv;
++ }
++
++ rec->protocol = apr_pstrdup(process->pool, proto);
++
++ *out_rec = rec;
++
++ return make_sock(process->pool, rec, 0);
++}
++
++static const char *set_systemd_listener(process_rec *process, apr_port_t port,
++ const char *proto)
++{
++ ap_listen_rec *last, *new;
++ apr_status_t rv;
++ int fd = find_systemd_socket(process, port);
++ if (fd < 0) {
++ return "Systemd socket activation is used, but this port is not "
++ "configured in systemd";
++ }
++
++ last = ap_listeners;
++ while (last && last->next) {
++ last = last->next;
++ }
++
++ rv = alloc_systemd_listener(process, fd, proto, &new);
++ if (rv != APR_SUCCESS) {
++ return "Failed to setup socket passed by systemd using socket activation";
++ }
++
++ if (last == NULL) {
++ ap_listeners = last = new;
++ }
++ else {
++ last->next = new;
++ last = new;
++ }
++
++ return NULL;
++}
++
++#endif /* HAVE_SYSTEMD */
++
++
+ static int find_listeners(ap_listen_rec **from, ap_listen_rec **to,
+ const char *addr, apr_port_t port)
+ {
+ int found = 0;
+
+ while (*from) {
+ apr_sockaddr_t *sa = (*from)->bind_addr;
+
+ /* Some listeners are not real so they will not have a bind_addr. */
+ if (sa) {
+ ap_listen_rec *new;
+ apr_port_t oldport;
+
+ oldport = sa->port;
+ /* If both ports are equivalent, then if their names are equivalent,
+ * then we will re-use the existing record.
+ */
+ if (port == oldport &&
+ ((!addr && !sa->hostname) ||
+ ((addr && sa->hostname) && !strcmp(sa->hostname, addr)))) {
+@@ -478,41 +606,41 @@
+ if (lr->bind_addr->port == cur->bind_addr->port
+ && IS_IN6ADDR_ANY(cur->bind_addr)
+ && apr_socket_opt_get(cur->sd, APR_IPV6_V6ONLY,
+ &v6only_setting) == APR_SUCCESS
+ && v6only_setting == 0) {
+
+ /* Remove the current listener from the list */
+ previous->next = lr->next;
+ lr = previous; /* maintain current value of previous after
+ * post-loop expression is evaluated
+ */
+ skip = 1;
+ break;
+ }
+ }
+ if (skip) {
+ continue;
+ }
+ }
+ #endif
+- if (make_sock(pool, lr) == APR_SUCCESS) {
++ if (make_sock(pool, lr, 1) == APR_SUCCESS) {
+ ++num_open;
+ }
+ else {
+ #if APR_HAVE_IPV6
+ /* If we tried to bind to ::, and the next listener is
+ * on 0.0.0.0 with the same port, don't give a fatal
+ * error. The user will still get a warning from make_sock
+ * though.
+ */
+ if (lr->next != NULL
+ && IS_IN6ADDR_ANY(lr->bind_addr)
+ && lr->bind_addr->port == lr->next->bind_addr->port
+ && IS_INADDR_ANY(lr->next->bind_addr)) {
+
+ /* Remove the current listener from the list */
+ if (previous) {
+ previous->next = lr->next;
+ }
+ else {
+ ap_listeners = lr->next;
+@@ -590,42 +718,62 @@
+ * use the default for this listener.
+ */
+ for (addr = ls->addrs; addr && !found; addr = addr->next) {
+ for (lr = ap_listeners; lr; lr = lr->next) {
+ if (apr_sockaddr_equal(lr->bind_addr, addr->host_addr) &&
+ lr->bind_addr->port == addr->host_port) {
+ ap_set_server_protocol(ls, lr->protocol);
+ found = 1;
+ break;
+ }
+ }
+ }
+
+ if (!found) {
+ /* TODO: set protocol defaults per-Port, eg 25=smtp */
+ ap_set_server_protocol(ls, "http");
+ }
+ }
+ }
+
+- if (open_listeners(s->process->pool)) {
+- return 0;
++#ifdef HAVE_SYSTEMD
++ if (use_systemd) {
++ const char *userdata_key = "ap_open_systemd_listeners";
++ void *data;
++ /* clear the enviroment on our second run
++ * so that none of our future children get confused.
++ */
++ apr_pool_userdata_get(&data, userdata_key, s->process->pool);
++ if (!data) {
++ apr_pool_userdata_set((const void *)1, userdata_key,
++ apr_pool_cleanup_null, s->process->pool);
++ }
++ else {
++ sd_listen_fds(1);
++ }
++ }
++ else
++#endif
++ {
++ if (open_listeners(s->process->pool)) {
++ return 0;
++ }
+ }
+
+ for (lr = ap_listeners; lr; lr = lr->next) {
+ num_listeners++;
+ found = 0;
+ for (ls = s; ls && !found; ls = ls->next) {
+ for (addr = ls->addrs; addr && !found; addr = addr->next) {
+ if (apr_sockaddr_equal(lr->bind_addr, addr->host_addr) &&
+ lr->bind_addr->port == addr->host_port) {
+ found = 1;
+ ap_apply_accept_filter(s->process->pool, lr, ls);
+ }
+ }
+ }
+
+ if (!found) {
+ ap_apply_accept_filter(s->process->pool, lr, s);
+ }
+ }
+
+@@ -681,41 +829,41 @@
+ char *hostname;
+ apr_port_t port;
+ apr_sockaddr_t *sa;
+ duplr = apr_palloc(p, sizeof(ap_listen_rec));
+ duplr->slave = NULL;
+ duplr->protocol = apr_pstrdup(p, lr->protocol);
+ hostname = apr_pstrdup(p, lr->bind_addr->hostname);
+ port = lr->bind_addr->port;
+ apr_sockaddr_info_get(&sa, hostname, APR_UNSPEC, port, 0, p);
+ duplr->bind_addr = sa;
+ duplr->next = NULL;
+ stat = apr_socket_create(&duplr->sd, duplr->bind_addr->family,
+ SOCK_STREAM, 0, p);
+ if (stat != APR_SUCCESS) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, 0, p, APLOGNO(02640)
+ "ap_duplicate_listeners: for address %pI, "
+ "cannot duplicate a new socket!",
+ duplr->bind_addr);
+ return stat;
+ }
+- make_sock(p, duplr);
++ make_sock(p, duplr, 1);
+ #if AP_NONBLOCK_WHEN_MULTI_LISTEN
+ use_nonblock = (ap_listeners && ap_listeners->next);
+ stat = apr_socket_opt_set(duplr->sd, APR_SO_NONBLOCK, use_nonblock);
+ if (stat != APR_SUCCESS) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02641)
+ "unable to control socket non-blocking status");
+ return stat;
+ }
+ #endif
+ ap_apply_accept_filter(p, duplr, s);
+
+ if (last == NULL) {
+ (*buckets)[i] = last = duplr;
+ }
+ else {
+ last->next = duplr;
+ last = duplr;
+ }
+ lr = lr->next;
+ }
+@@ -808,71 +956,82 @@
+ ap_have_so_reuseport = 0;
+
+ }
+ }
+
+ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
+ int argc, char *const argv[])
+ {
+ char *host, *scope_id, *proto;
+ apr_port_t port;
+ apr_status_t rv;
+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+
+ if (err != NULL) {
+ return err;
+ }
+
+ if (argc < 1 || argc > 2) {
+ return "Listen requires 1 or 2 arguments.";
+ }
++#ifdef HAVE_SYSTEMD
++ if (use_systemd == -1) {
++ use_systemd = sd_listen_fds(0) > 0;
++ }
++#endif
+
+ rv = apr_parse_addr_port(&host, &scope_id, &port, argv[0], cmd->pool);
+ if (rv != APR_SUCCESS) {
+ return "Invalid address or port";
+ }
+
+ if (host && !strcmp(host, "*")) {
+ host = NULL;
+ }
+
+ if (scope_id) {
+ /* XXX scope id support is useful with link-local IPv6 addresses */
+ return "Scope id is not supported";
+ }
+
+ if (!port) {
+ return "Port must be specified";
+ }
+
+ if (argc != 2) {
+ if (port == 443) {
+ proto = "https";
+ } else {
+ proto = "http";
+ }
+ }
+ else {
+ proto = apr_pstrdup(cmd->pool, argv[1]);
+ ap_str_tolower(proto);
+ }
+
++#ifdef HAVE_SYSTEMD
++ if (use_systemd) {
++ return set_systemd_listener(cmd->server->process, port, proto);
++ }
++#endif
++
+ return alloc_listener(cmd->server->process, host, port, proto, NULL);
+ }
+
+ AP_DECLARE_NONSTD(const char *) ap_set_listenbacklog(cmd_parms *cmd,
+ void *dummy,
+ const char *arg)
+ {
+ int b;
+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+
+ if (err != NULL) {
+ return err;
+ }
+
+ b = atoi(arg);
+ if (b < 1) {
+ return "ListenBacklog must be > 0";
+ }
+
+ ap_listenbacklog = b;
--- /dev/null
+--- httpd-2.4.35/docs/man/ab.1.bak 2018-10-21 16:10:11.161024133 +0000
++++ httpd-2.4.35/docs/man/ab.1 2018-10-21 16:11:25.689793452 +0000
+@@ -130,6 +130,9 @@
+ \fB-X \fIproxy\fR[:\fIport\fR]\fR
+ Use a proxy server for the requests\&.
+ .TP
++\fB-o \fIsrc_address\fR\fR
++Set the local source address\&.
++.TP
+ \fB-y \fI<tr>-attributes\fR\fR
+ String to use as attributes for \fB<tr>\fR\&.
+ .TP
+--- httpd-2.4.33/support/ab.c.ab_source_address.droplet 2018-03-16 01:02:58.000000000 +0200
++++ httpd-2.4.33/support/ab.c 2018-03-27 10:39:44.792971820 +0300
+@@ -313,6 +313,7 @@
+ const char *connecthost;
+ const char *myhost;
+ apr_port_t connectport;
++char *src_address;
+ const char *gnuplot; /* GNUplot file */
+ const char *csvperc; /* CSV Percentile file */
+ const char *fullurl;
+@@ -1299,6 +1300,7 @@
+ static void start_connect(struct connection * c)
+ {
+ apr_status_t rv;
++ apr_sockaddr_t *from;
+
+ if (!(started < requests))
+ return;
+@@ -1348,6 +1350,14 @@
+ }
+ }
+
++ if (src_address) {
++ if ((rv = apr_sockaddr_info_get(&from, src_address, destsa->family,
++ 0, 0, c->ctx)) != APR_SUCCESS)
++ apr_err("src_address get", rv);
++ if ((rv = apr_socket_bind(c->aprsock, from)) != APR_SUCCESS)
++ apr_err("src_address bind", rv);
++ }
++
+ c->start = lasttime = apr_time_now();
+ #ifdef USE_SSL
+ if (is_ssl) {
+@@ -2085,6 +2095,7 @@
+ fprintf(stderr, " -P attribute Add Basic Proxy Authentication, the attributes\n");
+ fprintf(stderr, " are a colon separated username and password.\n");
+ fprintf(stderr, " -X proxy:port Proxyserver and port number to use\n");
++ fprintf(stderr, " -o src_address Set the local source address\n");
+ fprintf(stderr, " -V Print version number and exit\n");
+ fprintf(stderr, " -k Use HTTP KeepAlive feature\n");
+ fprintf(stderr, " -d Do not show percentiles served table.\n");
+@@ -2351,7 +2351,7 @@
+ myhost = NULL; /* 0.0.0.0 or :: */
+
+ apr_getopt_init(&opt, cntxt, argc, argv);
+- while ((status = apr_getopt(opt, "n:c:t:s:b:T:p:u:v:lrkVhwiIx:y:z:C:H:P:A:g:X:de:SqB:m:"
++ while ((status = apr_getopt(opt, "o:n:c:t:s:b:T:p:u:v:lrkVhwiIx:y:z:C:H:P:A:g:X:de:SqB:m:"
+ #ifdef USE_SSL
+ "Z:f:E:"
+ #endif
+@@ -2305,6 +2316,9 @@
+ case 'k':
+ keepalive = 1;
+ break;
++ case 'o':
++ src_address = strdup(optarg);
++ break;
+ case 'q':
+ heartbeatres = 0;
+ break;
--- /dev/null
+diff -uap httpd-2.4.27/modules/arch/unix/config5.m4.systemd httpd-2.4.27/modules/arch/unix/config5.m4
+--- httpd-2.4.27/modules/arch/unix/config5.m4.systemd
++++ httpd-2.4.27/modules/arch/unix/config5.m4
+@@ -18,6 +18,16 @@
+ fi
+ ])
+
++APACHE_MODULE(systemd, Systemd support, , , all, [
++ if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then
++ AC_MSG_WARN([Your system does not support systemd.])
++ enable_systemd="no"
++ else
++ APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS])
++ enable_systemd="yes"
++ fi
++])
++
+ APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current])
+
+ APACHE_MODPATH_FINISH
+++ /dev/null
-diff -urNp a/server/listen.c.socketactivation b/server/listen.c
---- a/server/listen.c.socketactivation 2017-08-16 18:48:29.000000000 +0200
-+++ b/server/listen.c 2018-06-18 14:31:10.639221470 +0200
-@@ -34,6 +34,10 @@
- #include <unistd.h>
- #endif
-
-+#ifdef HAVE_SYSTEMD
-+#include <systemd/sd-daemon.h>
-+#endif
-+
- /* we know core's module_index is 0 */
- #undef APLOG_MODULE_INDEX
- #define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
-@@ -59,9 +63,12 @@ static int ap_listenbacklog;
- static int ap_listencbratio;
- static int send_buffer_size;
- static int receive_buffer_size;
-+#ifdef HAVE_SYSTEMD
-+static int use_systemd = -1;
-+#endif
-
- /* TODO: make_sock is just begging and screaming for APR abstraction */
--static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server)
-+static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server, int do_bind_listen)
- {
- apr_socket_t *s = server->sd;
- int one = 1;
-@@ -94,20 +101,6 @@ static apr_status_t make_sock(apr_pool_t
- return stat;
- }
-
--#if APR_HAVE_IPV6
-- if (server->bind_addr->family == APR_INET6) {
-- stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting);
-- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
-- ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069)
-- "make_sock: for address %pI, apr_socket_opt_set: "
-- "(IPV6_V6ONLY)",
-- server->bind_addr);
-- apr_socket_close(s);
-- return stat;
-- }
-- }
--#endif
--
- /*
- * To send data over high bandwidth-delay connections at full
- * speed we must force the TCP window to open wide enough to keep the
-@@ -169,21 +162,37 @@ static apr_status_t make_sock(apr_pool_t
- }
- #endif
-
-- if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) {
-- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072)
-- "make_sock: could not bind to address %pI",
-- server->bind_addr);
-- apr_socket_close(s);
-- return stat;
-- }
-+ if (do_bind_listen) {
-+#if APR_HAVE_IPV6
-+ if (server->bind_addr->family == APR_INET6) {
-+ stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting);
-+ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
-+ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069)
-+ "make_sock: for address %pI, apr_socket_opt_set: "
-+ "(IPV6_V6ONLY)",
-+ server->bind_addr);
-+ apr_socket_close(s);
-+ return stat;
-+ }
-+ }
-+#endif
-
-- if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) {
-- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073)
-- "make_sock: unable to listen for connections "
-- "on address %pI",
-- server->bind_addr);
-- apr_socket_close(s);
-- return stat;
-+ if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) {
-+ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072)
-+ "make_sock: could not bind to address %pI",
-+ server->bind_addr);
-+ apr_socket_close(s);
-+ return stat;
-+ }
-+
-+ if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) {
-+ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073)
-+ "make_sock: unable to listen for connections "
-+ "on address %pI",
-+ server->bind_addr);
-+ apr_socket_close(s);
-+ return stat;
-+ }
- }
-
- #ifdef WIN32
-@@ -277,6 +286,123 @@ static apr_status_t close_listeners_on_e
- return APR_SUCCESS;
- }
-
-+#ifdef HAVE_SYSTEMD
-+
-+static int find_systemd_socket(process_rec * process, apr_port_t port) {
-+ int fdcount, fd;
-+ int sdc = sd_listen_fds(0);
-+
-+ if (sdc < 0) {
-+ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486)
-+ "find_systemd_socket: Error parsing enviroment, sd_listen_fds returned %d",
-+ sdc);
-+ return -1;
-+ }
-+
-+ if (sdc == 0) {
-+ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487)
-+ "find_systemd_socket: At least one socket must be set.");
-+ return -1;
-+ }
-+
-+ fdcount = atoi(getenv("LISTEN_FDS"));
-+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) {
-+ if (sd_is_socket_inet(fd, 0, 0, -1, port) > 0) {
-+ return fd;
-+ }
-+ }
-+
-+ return -1;
-+}
-+
-+static apr_status_t alloc_systemd_listener(process_rec * process,
-+ int fd, const char *proto,
-+ ap_listen_rec **out_rec)
-+{
-+ apr_status_t rv;
-+ struct sockaddr sa;
-+ socklen_t len = sizeof(struct sockaddr);
-+ apr_os_sock_info_t si;
-+ ap_listen_rec *rec;
-+ *out_rec = NULL;
-+
-+ memset(&si, 0, sizeof(si));
-+
-+ rv = getsockname(fd, &sa, &len);
-+
-+ if (rv != 0) {
-+ rv = apr_get_netos_error();
-+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02489)
-+ "getsockname on %d failed.", fd);
-+ return rv;
-+ }
-+
-+ si.os_sock = &fd;
-+ si.family = sa.sa_family;
-+ si.local = &sa;
-+ si.type = SOCK_STREAM;
-+ si.protocol = APR_PROTO_TCP;
-+
-+ rec = apr_palloc(process->pool, sizeof(ap_listen_rec));
-+ rec->active = 0;
-+ rec->next = 0;
-+
-+
-+ rv = apr_os_sock_make(&rec->sd, &si, process->pool);
-+ if (rv != APR_SUCCESS) {
-+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02490)
-+ "apr_os_sock_make on %d failed.", fd);
-+ return rv;
-+ }
-+
-+ rv = apr_socket_addr_get(&rec->bind_addr, APR_LOCAL, rec->sd);
-+ if (rv != APR_SUCCESS) {
-+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02491)
-+ "apr_socket_addr_get on %d failed.", fd);
-+ return rv;
-+ }
-+
-+ rec->protocol = apr_pstrdup(process->pool, proto);
-+
-+ *out_rec = rec;
-+
-+ return make_sock(process->pool, rec, 0);
-+}
-+
-+static const char *set_systemd_listener(process_rec *process, apr_port_t port,
-+ const char *proto)
-+{
-+ ap_listen_rec *last, *new;
-+ apr_status_t rv;
-+ int fd = find_systemd_socket(process, port);
-+ if (fd < 0) {
-+ return "Systemd socket activation is used, but this port is not "
-+ "configured in systemd";
-+ }
-+
-+ last = ap_listeners;
-+ while (last && last->next) {
-+ last = last->next;
-+ }
-+
-+ rv = alloc_systemd_listener(process, fd, proto, &new);
-+ if (rv != APR_SUCCESS) {
-+ return "Failed to setup socket passed by systemd using socket activation";
-+ }
-+
-+ if (last == NULL) {
-+ ap_listeners = last = new;
-+ }
-+ else {
-+ last->next = new;
-+ last = new;
-+ }
-+
-+ return NULL;
-+}
-+
-+#endif /* HAVE_SYSTEMD */
-+
- static int find_listeners(ap_listen_rec **from, ap_listen_rec **to,
- const char *addr, apr_port_t port)
- {
-@@ -495,7 +621,7 @@ static int open_listeners(apr_pool_t *po
- }
- }
- #endif
-- if (make_sock(pool, lr) == APR_SUCCESS) {
-+ if (make_sock(pool, lr, 1) == APR_SUCCESS) {
- ++num_open;
- }
- else {
-@@ -607,8 +733,28 @@ AP_DECLARE(int) ap_setup_listeners(serve
- }
- }
-
-- if (open_listeners(s->process->pool)) {
-- return 0;
-+#ifdef HAVE_SYSTEMD
-+ if (use_systemd) {
-+ const char *userdata_key = "ap_open_systemd_listeners";
-+ void *data;
-+ /* clear the enviroment on our second run
-+ * so that none of our future children get confused.
-+ */
-+ apr_pool_userdata_get(&data, userdata_key, s->process->pool);
-+ if (!data) {
-+ apr_pool_userdata_set((const void *)1, userdata_key,
-+ apr_pool_cleanup_null, s->process->pool);
-+ }
-+ else {
-+ sd_listen_fds(1);
-+ }
-+ }
-+ else
-+#endif
-+ {
-+ if (open_listeners(s->process->pool)) {
-+ return 0;
-+ }
- }
-
- for (lr = ap_listeners; lr; lr = lr->next) {
-@@ -698,7 +844,7 @@ AP_DECLARE(apr_status_t) ap_duplicate_li
- duplr->bind_addr);
- return stat;
- }
-- make_sock(p, duplr);
-+ make_sock(p, duplr, 1);
- #if AP_NONBLOCK_WHEN_MULTI_LISTEN
- use_nonblock = (ap_listeners && ap_listeners->next);
- stat = apr_socket_opt_set(duplr->sd, APR_SO_NONBLOCK, use_nonblock);
-@@ -825,6 +971,11 @@ AP_DECLARE_NONSTD(const char *) ap_set_l
- if (argc < 1 || argc > 2) {
- return "Listen requires 1 or 2 arguments.";
- }
-+#ifdef HAVE_SYSTEMD
-+ if (use_systemd == -1) {
-+ use_systemd = sd_listen_fds(0) > 0;
-+ }
-+#endif
-
- rv = apr_parse_addr_port(&host, &scope_id, &port, argv[0], cmd->pool);
- if (rv != APR_SUCCESS) {
-@@ -856,6 +1007,12 @@ AP_DECLARE_NONSTD(const char *) ap_set_l
- ap_str_tolower(proto);
- }
-
-+#ifdef HAVE_SYSTEMD
-+ if (use_systemd) {
-+ return set_systemd_listener(cmd->server->process, port, proto);
-+ }
-+#endif
-+
- return alloc_listener(cmd->server->process, host, port, proto, NULL);
- }
-
+++ /dev/null
-
-There is no need to "suck in" the apr/apr-util symbols when using
-a shared libapr{,util}, it just bloats the symbol table; so don't.
-
-Upstream-HEAD: needed
-Upstream-2.0: omit
-Upstream-Status: EXPORT_DIRS change is conditional on using shared apr
-
---- httpd-2.4.4/server/Makefile.in.export
-+++ httpd-2.4.4/server/Makefile.in
-@@ -57,9 +57,6 @@ export_files:
- ( for dir in $(EXPORT_DIRS); do \
- ls $$dir/*.h ; \
- done; \
-- for dir in $(EXPORT_DIRS_APR); do \
-- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \
-- done; \
- ) | sed -e s,//,/,g | sort -u > $@
-
- exports.c: export_files
-diff --git a/support/apxs.in b/support/apxs.in
-index ad1287f..efcfcf6 100644
---- a/support/apxs.in
-+++ b/support/apxs.in
-@@ -25,7 +25,18 @@ package apxs;
+--- httpd-2.4.43/support/apxs.in.apxs 2020-03-20 15:00:44.000000000 +0200
++++ httpd-2.4.43/support/apxs.in 2020-04-02 15:16:23.516349733 +0300
+@@ -35,7 +35,18 @@
my %config_vars = ();
+
+my $installbuilddir = $libdir . "/httpd/build";
+
- get_config_vars("$installbuilddir/config_vars.mk",\%config_vars);
+ get_config_vars($destdir . "$installbuilddir/config_vars.mk",\%config_vars);
# read the configuration variables once
-@@ -275,7 +286,7 @@ if ($opt_g) {
+@@ -285,7 +296,7 @@
$data =~ s|%NAME%|$name|sg;
$data =~ s|%TARGET%|$CFG_TARGET|sg;
$data =~ s|%PREFIX%|$prefix|sg;
my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s);
-@@ -453,11 +464,11 @@ if ($opt_c) {
+@@ -463,11 +474,11 @@
my $ldflags = "$CFG_LDFLAGS";
if ($opt_p == 1) {
chomp($apu_libs);
}
-@@ -672,8 +683,8 @@ __DATA__
+@@ -682,8 +693,8 @@
builddir=.
top_srcdir=%PREFIX%
+# (luigiwalser, ngompa): httpd build hates parallelization
+%define _smp_ncpus_max 8
%define contentdir %{_datadir}/httpd
%define docroot /var/www
%{?!serverlimit:%global serverlimit 1024}
Name: ihttpd
-Version: 2.4.38
-Release: %mkrel 6
+Version: 2.4.48
+Release: %mkrel 1
Summary: The most widely used Web server on the Internet
License: Apache License
Group: System/Servers
Patch7: httpd-2.4.10-detect-systemd.patch
# Features/functional changes
Patch20: httpd-2.4.3-release.patch
+#Disable in ihttpd to avoid build fail
#Patch23: httpd-2.4.4-export.patch
Patch24: httpd-2.4.1-corelimit.patch
#Patch26: httpd-2.4.4-r1337344+.patch
Patch27: httpd-2.4.2-icons.patch
Patch28: httpd-2.4.4-r1332643+.patch
+# http://marc.info/?l=apache-httpd-dev&m=134867223818085&w=2
+Patch29: httpd-2.4.27-systemd.patch
Patch30: httpd-2.4.4-cachehardmax.patch
#Patch31: httpd-2.4.18-sslmultiproxy.patch
-Patch34: httpd-2.4.33-socket-activation.patch
+Patch34: httpd-2.4.17-socket-activation.patch
#Patch35: httpd-2.4.33-sslciphdefault.patch
# Bug fixes
-#Patch55: httpd-2.4.4-malformed-host.patch
-#Patch56: httpd-2.4.4-mod_unique_id.patch
-#Patch57: httpd-2.4.10-sigint.patch
+# http://issues.apache.org/bugzilla/show_bug.cgi?id=32524
+Patch100: httpd-2.4.25-ab_source_address.patch
+Patch101: httpd-2.2.10-ldap_auth_now_modular_in-apr-util-dbd-ldap_fix.diff
# For /var/www/html
Requires: webserver-base
%patch6 -p1 -b .apctlsystemd
%patch7 -p1 -b .detectsystemd
+#Disable in ihttpd to avoid build fail
#%patch23 -p1 -b .export
%patch24 -p1 -b .corelimit
#%patch26 -p1 -b .r1337344+
%patch27 -p1 -b .icons
+%patch29 -p1 -b .systemd
%patch30 -p1 -b .cachehardmax
+# No longer applies
#%patch31 -p1 -b .sslmultiproxy
%patch34 -p1 -b .socketactivation
#%patch35 -p1 -b .sslciphdefault
+#patch44 -p1 -b .luaresume
-#%patch55 -p1 -b .malformedhost
-#%patch56 -p1 -b .uniqueid
-#%patch57 -p1 -b .sigint
+%patch100 -p1 -b .ab_source_address.droplet
+%patch101 -p0 -b .PR45994.droplet
# Patch in vendor/release string
sed "s/@RELEASE@/%{product_distribution}/" < %{PATCH20} | patch -p1
# Required to be able to run as root
export CFLAGS="$RPM_OPT_FLAGS -DBIG_SECURITY_HOLE"
-export LDFLAGS="-Wl,-z,relro,-z,now"
+ldflags_hacky_workaround_for_systemd_lib_not_added="-lsystemd "
+export LDFLAGS="${ldflags_hacky_workaround_for_systemd_lib_not_added}-Wl,-z,relro,-z,now"
# Hard-code path to links to avoid unnecessary builddep
export LYNX_PATH=/usr/bin/links
--enable-modules=none \
--enable-mods-static='unixd auth_basic authn_core authn_file authz_core authz_host authz_user rewrite socache_shmcb dir mime log_config cgi ssl'
-%make_build
+# parallel build fails on the build host
+%__make
export CFLAGS="$RPM_OPT_FLAGS"
gcc index.bin.c -o index.bin
Rapsys Git / ihttpd / commitdiff