From: Raphaƫl Gertz Date: Thu, 2 Sep 2021 01:38:28 +0000 (+0200) Subject: New 2.4.48 version X-Git-Tag: 2.4.48-1~1 X-Git-Url: https://git.rapsys.eu/ihttpd/commitdiff_plain/3384065809c951d0c019cd8919ab6c43c7b3b4df New 2.4.48 version Disable parallel build as it sometimes fail Update patches Cleanup --- diff --git a/SOURCES/httpd-2.2.10-ldap_auth_now_modular_in-apr-util-dbd-ldap_fix.diff b/SOURCES/httpd-2.2.10-ldap_auth_now_modular_in-apr-util-dbd-ldap_fix.diff new file mode 100644 index 0000000..502a35f --- /dev/null +++ b/SOURCES/httpd-2.2.10-ldap_auth_now_modular_in-apr-util-dbd-ldap_fix.diff @@ -0,0 +1,11 @@ +--- modules/ldap/util_ldap.c 2008-12-18 18:31:03.000000000 +0100 ++++ modules/ldap/util_ldap.c.oden 2009-07-23 17:00:18.000000000 +0200 +@@ -236,7 +236,7 @@ static int uldap_connection_init(request + /* something really bad happened */ + ldc->bound = 0; + if (NULL == ldc->reason) { +- ldc->reason = "LDAP: ldap initialization failed"; ++ ldc->reason = "LDAP: ldap initialization failed. Please try to install apr-util-dbd-ldap."; + } + return(APR_EGENERAL); + } diff --git a/SOURCES/httpd-2.4.10-detect-systemd.patch b/SOURCES/httpd-2.4.10-detect-systemd.patch index a22178b..ee1077f 100644 --- a/SOURCES/httpd-2.4.10-detect-systemd.patch +++ b/SOURCES/httpd-2.4.10-detect-systemd.patch @@ -1,48 +1,11 @@ -diff --git a/acinclude.m4 b/acinclude.m4 -index 580eb4a..bd7e2c9 100644 ---- a/acinclude.m4 -+++ b/acinclude.m4 -@@ -594,6 +594,30 @@ AC_DEFUN(APACHE_CHECK_OPENSSL,[ - fi - ]) - -+AC_DEFUN(APACHE_CHECK_SYSTEMD, [ -+dnl Check for systemd support for listen.c's socket activation. -+case $host in -+*-linux-*) -+ if test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd; then -+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd` -+ elif test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd-daemon; then -+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd-daemon` -+ else -+ AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon") -+ fi -+ if test -n "$SYSTEMD_LIBS"; then -+ AC_CHECK_HEADERS(systemd/sd-daemon.h) -+ if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then -+ AC_MSG_WARN([Your system does not support systemd.]) -+ else -+ APR_ADDTO(LIBS, [$SYSTEMD_LIBS]) -+ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if systemd is supported]) -+ fi -+ fi -+ ;; -+esac -+]) -+ - dnl - dnl APACHE_EXPORT_ARGUMENTS - dnl Export (via APACHE_SUBST) the various path-related variables that -diff --git a/configure.in b/configure.in -index 19a5f88..f096de3 100644 ---- a/configure.in -+++ b/configure.in -@@ -509,6 +509,8 @@ if test "$ac_cv_struct_tm_gmtoff" = "yes"; then - AC_DEFINE(HAVE_GMTOFF, 1, [Define if struct tm has a tm_gmtoff field]) - fi - -+APACHE_CHECK_SYSTEMD -+ - dnl ## Set up any appropriate OS-specific environment variables for apachectl - - case $host in +--- httpd-2.4.46/acinclude.m4.detectsystemd 2020-08-07 22:51:40.475205331 +0300 ++++ httpd-2.4.46/acinclude.m4 2020-08-07 22:54:08.828106207 +0300 +@@ -616,7 +616,7 @@ + elif test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd-daemon; then + SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd-daemon` + else +- AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon") ++ AC_CHECK_LIB(systemd, sd_notify, SYSTEMD_LIBS="-lsystemd") + fi + if test -n "$SYSTEMD_LIBS"; then + AC_CHECK_HEADERS(systemd/sd-daemon.h) diff --git a/SOURCES/httpd-2.4.17-socket-activation.patch b/SOURCES/httpd-2.4.17-socket-activation.patch new file mode 100644 index 0000000..3d27742 --- /dev/null +++ b/SOURCES/httpd-2.4.17-socket-activation.patch @@ -0,0 +1,605 @@ +--- httpd-2.4.28/server/listen.c.socketactivation 2017-08-16 19:48:29.000000000 +0300 ++++ httpd-2.4.28/server/listen.c 2017-10-14 18:48:36.275690612 +0300 +@@ -17,114 +17,107 @@ + #include "apr_network_io.h" + #include "apr_strings.h" + + #define APR_WANT_STRFUNC + #include "apr_want.h" + + #include "ap_config.h" + #include "httpd.h" + #include "http_main.h" + #include "http_config.h" + #include "http_core.h" + #include "ap_listen.h" + #include "http_log.h" + #include "mpm_common.h" + + #include + #if APR_HAVE_UNISTD_H + #include + #endif + ++#ifdef HAVE_SYSTEMD ++#include ++#endif ++ + /* we know core's module_index is 0 */ + #undef APLOG_MODULE_INDEX + #define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX + + AP_DECLARE_DATA ap_listen_rec *ap_listeners = NULL; + + /* Let ap_num_listen_buckets be global so that it can + * be printed by ap_log_mpm_common(), but keep the listeners + * buckets static since it is used only here to close them + * all (including duplicated) with ap_close_listeners(). + */ + AP_DECLARE_DATA int ap_num_listen_buckets; + static ap_listen_rec **ap_listen_buckets; + + /* Determine once, at runtime, whether or not SO_REUSEPORT + * is usable on this platform, and hence whether or not + * listeners can be duplicated (if configured). + */ + AP_DECLARE_DATA int ap_have_so_reuseport = -1; + + static ap_listen_rec *old_listeners; + static int ap_listenbacklog; + static int ap_listencbratio; + static int send_buffer_size; + static int receive_buffer_size; ++#ifdef HAVE_SYSTEMD ++static int use_systemd = -1; ++#endif + + /* TODO: make_sock is just begging and screaming for APR abstraction */ +-static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server) ++static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server, int do_bind_listen) + { + apr_socket_t *s = server->sd; + int one = 1; + #if APR_HAVE_IPV6 + #ifdef AP_ENABLE_V4_MAPPED + int v6only_setting = 0; + #else + int v6only_setting = 1; + #endif + #endif + apr_status_t stat; + + #ifndef WIN32 + stat = apr_socket_opt_set(s, APR_SO_REUSEADDR, one); + if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00067) + "make_sock: for address %pI, apr_socket_opt_set: (SO_REUSEADDR)", + server->bind_addr); + apr_socket_close(s); + return stat; + } + #endif + + stat = apr_socket_opt_set(s, APR_SO_KEEPALIVE, one); + if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00068) + "make_sock: for address %pI, apr_socket_opt_set: (SO_KEEPALIVE)", + server->bind_addr); + apr_socket_close(s); + return stat; + } + +-#if APR_HAVE_IPV6 +- if (server->bind_addr->family == APR_INET6) { +- stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); +- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { +- ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069) +- "make_sock: for address %pI, apr_socket_opt_set: " +- "(IPV6_V6ONLY)", +- server->bind_addr); +- apr_socket_close(s); +- return stat; +- } +- } +-#endif +- + /* + * To send data over high bandwidth-delay connections at full + * speed we must force the TCP window to open wide enough to keep the + * pipe full. The default window size on many systems + * is only 4kB. Cross-country WAN connections of 100ms + * at 1Mb/s are not impossible for well connected sites. + * If we assume 100ms cross-country latency, + * a 4kB buffer limits throughput to 40kB/s. + * + * To avoid this problem I've added the SendBufferSize directive + * to allow the web master to configure send buffer size. + * + * The trade-off of larger buffers is that more kernel memory + * is consumed. YMMV, know your customers and your network! + * + * -John Heidemann 25-Oct-96 + * + * If no size is specified, use the kernel default. + */ + if (send_buffer_size) { +@@ -152,55 +145,71 @@ + ap_sock_disable_nagle(s); + #endif + + #if defined(SO_REUSEPORT) + if (ap_have_so_reuseport && ap_listencbratio > 0) { + int thesock; + apr_os_sock_get(&thesock, s); + if (setsockopt(thesock, SOL_SOCKET, SO_REUSEPORT, + (void *)&one, sizeof(int)) < 0) { + stat = apr_get_netos_error(); + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02638) + "make_sock: for address %pI, apr_socket_opt_set: " + "(SO_REUSEPORT)", + server->bind_addr); + apr_socket_close(s); + return stat; + } + } + #endif + +- if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) { +- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072) +- "make_sock: could not bind to address %pI", +- server->bind_addr); +- apr_socket_close(s); +- return stat; +- } ++ if (do_bind_listen) { ++#if APR_HAVE_IPV6 ++ if (server->bind_addr->family == APR_INET6) { ++ stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); ++ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069) ++ "make_sock: for address %pI, apr_socket_opt_set: " ++ "(IPV6_V6ONLY)", ++ server->bind_addr); ++ apr_socket_close(s); ++ return stat; ++ } ++ } ++#endif + +- if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) { +- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073) +- "make_sock: unable to listen for connections " +- "on address %pI", +- server->bind_addr); +- apr_socket_close(s); +- return stat; ++ if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) { ++ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072) ++ "make_sock: could not bind to address %pI", ++ server->bind_addr); ++ apr_socket_close(s); ++ return stat; ++ } ++ ++ if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) { ++ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073) ++ "make_sock: unable to listen for connections " ++ "on address %pI", ++ server->bind_addr); ++ apr_socket_close(s); ++ return stat; ++ } + } + + #ifdef WIN32 + /* I seriously doubt that this would work on Unix; I have doubts that + * it entirely solves the problem on Win32. However, since setting + * reuseaddr on the listener -prior- to binding the socket has allowed + * us to attach to the same port as an already running instance of + * Apache, or even another web server, we cannot identify that this + * port was exclusively granted to this instance of Apache. + * + * So set reuseaddr, but do not attempt to do so until we have the + * parent listeners successfully bound. + */ + stat = apr_socket_opt_set(s, APR_SO_REUSEADDR, one); + if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00074) + "make_sock: for address %pI, apr_socket_opt_set: (SO_REUSEADDR)", + server->bind_addr); + apr_socket_close(s); + return stat; +@@ -260,40 +269,159 @@ + ap_log_perror(APLOG_MARK, APLOG_WARNING, rv, p, APLOGNO(00075) + "Failed to enable the '%s' Accept Filter", + accf); + } + #else + rv = apr_socket_opt_set(s, APR_TCP_DEFER_ACCEPT, 30); + if (rv != APR_SUCCESS && !APR_STATUS_IS_ENOTIMPL(rv)) { + ap_log_perror(APLOG_MARK, APLOG_WARNING, rv, p, APLOGNO(00076) + "Failed to enable APR_TCP_DEFER_ACCEPT"); + } + #endif + } + } + + static apr_status_t close_listeners_on_exec(void *v) + { + ap_close_listeners(); + return APR_SUCCESS; + } + ++ ++#ifdef HAVE_SYSTEMD ++ ++static int find_systemd_socket(process_rec * process, apr_port_t port) { ++ int fdcount, fd; ++ int sdc = sd_listen_fds(0); ++ ++ if (sdc < 0) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486) ++ "find_systemd_socket: Error parsing enviroment, sd_listen_fds returned %d", ++ sdc); ++ return -1; ++ } ++ ++ if (sdc == 0) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487) ++ "find_systemd_socket: At least one socket must be set."); ++ return -1; ++ } ++ ++ fdcount = atoi(getenv("LISTEN_FDS")); ++ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) { ++ if (sd_is_socket_inet(fd, 0, 0, -1, port) > 0) { ++ return fd; ++ } ++ } ++ ++ return -1; ++} ++ ++static apr_status_t alloc_systemd_listener(process_rec * process, ++ int fd, const char *proto, ++ ap_listen_rec **out_rec) ++{ ++ apr_status_t rv; ++ struct sockaddr sa; ++ socklen_t len = sizeof(struct sockaddr); ++ apr_os_sock_info_t si; ++ ap_listen_rec *rec; ++ *out_rec = NULL; ++ ++ memset(&si, 0, sizeof(si)); ++ ++ rv = getsockname(fd, &sa, &len); ++ ++ if (rv != 0) { ++ rv = apr_get_netos_error(); ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02489) ++ "getsockname on %d failed.", fd); ++ return rv; ++ } ++ ++ si.os_sock = &fd; ++ si.family = sa.sa_family; ++ si.local = &sa; ++ si.type = SOCK_STREAM; ++ si.protocol = APR_PROTO_TCP; ++ ++ rec = apr_palloc(process->pool, sizeof(ap_listen_rec)); ++ rec->active = 0; ++ rec->next = 0; ++ ++ ++ rv = apr_os_sock_make(&rec->sd, &si, process->pool); ++ if (rv != APR_SUCCESS) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02490) ++ "apr_os_sock_make on %d failed.", fd); ++ return rv; ++ } ++ ++ rv = apr_socket_addr_get(&rec->bind_addr, APR_LOCAL, rec->sd); ++ if (rv != APR_SUCCESS) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02491) ++ "apr_socket_addr_get on %d failed.", fd); ++ return rv; ++ } ++ ++ rec->protocol = apr_pstrdup(process->pool, proto); ++ ++ *out_rec = rec; ++ ++ return make_sock(process->pool, rec, 0); ++} ++ ++static const char *set_systemd_listener(process_rec *process, apr_port_t port, ++ const char *proto) ++{ ++ ap_listen_rec *last, *new; ++ apr_status_t rv; ++ int fd = find_systemd_socket(process, port); ++ if (fd < 0) { ++ return "Systemd socket activation is used, but this port is not " ++ "configured in systemd"; ++ } ++ ++ last = ap_listeners; ++ while (last && last->next) { ++ last = last->next; ++ } ++ ++ rv = alloc_systemd_listener(process, fd, proto, &new); ++ if (rv != APR_SUCCESS) { ++ return "Failed to setup socket passed by systemd using socket activation"; ++ } ++ ++ if (last == NULL) { ++ ap_listeners = last = new; ++ } ++ else { ++ last->next = new; ++ last = new; ++ } ++ ++ return NULL; ++} ++ ++#endif /* HAVE_SYSTEMD */ ++ ++ + static int find_listeners(ap_listen_rec **from, ap_listen_rec **to, + const char *addr, apr_port_t port) + { + int found = 0; + + while (*from) { + apr_sockaddr_t *sa = (*from)->bind_addr; + + /* Some listeners are not real so they will not have a bind_addr. */ + if (sa) { + ap_listen_rec *new; + apr_port_t oldport; + + oldport = sa->port; + /* If both ports are equivalent, then if their names are equivalent, + * then we will re-use the existing record. + */ + if (port == oldport && + ((!addr && !sa->hostname) || + ((addr && sa->hostname) && !strcmp(sa->hostname, addr)))) { +@@ -478,41 +606,41 @@ + if (lr->bind_addr->port == cur->bind_addr->port + && IS_IN6ADDR_ANY(cur->bind_addr) + && apr_socket_opt_get(cur->sd, APR_IPV6_V6ONLY, + &v6only_setting) == APR_SUCCESS + && v6only_setting == 0) { + + /* Remove the current listener from the list */ + previous->next = lr->next; + lr = previous; /* maintain current value of previous after + * post-loop expression is evaluated + */ + skip = 1; + break; + } + } + if (skip) { + continue; + } + } + #endif +- if (make_sock(pool, lr) == APR_SUCCESS) { ++ if (make_sock(pool, lr, 1) == APR_SUCCESS) { + ++num_open; + } + else { + #if APR_HAVE_IPV6 + /* If we tried to bind to ::, and the next listener is + * on 0.0.0.0 with the same port, don't give a fatal + * error. The user will still get a warning from make_sock + * though. + */ + if (lr->next != NULL + && IS_IN6ADDR_ANY(lr->bind_addr) + && lr->bind_addr->port == lr->next->bind_addr->port + && IS_INADDR_ANY(lr->next->bind_addr)) { + + /* Remove the current listener from the list */ + if (previous) { + previous->next = lr->next; + } + else { + ap_listeners = lr->next; +@@ -590,42 +718,62 @@ + * use the default for this listener. + */ + for (addr = ls->addrs; addr && !found; addr = addr->next) { + for (lr = ap_listeners; lr; lr = lr->next) { + if (apr_sockaddr_equal(lr->bind_addr, addr->host_addr) && + lr->bind_addr->port == addr->host_port) { + ap_set_server_protocol(ls, lr->protocol); + found = 1; + break; + } + } + } + + if (!found) { + /* TODO: set protocol defaults per-Port, eg 25=smtp */ + ap_set_server_protocol(ls, "http"); + } + } + } + +- if (open_listeners(s->process->pool)) { +- return 0; ++#ifdef HAVE_SYSTEMD ++ if (use_systemd) { ++ const char *userdata_key = "ap_open_systemd_listeners"; ++ void *data; ++ /* clear the enviroment on our second run ++ * so that none of our future children get confused. ++ */ ++ apr_pool_userdata_get(&data, userdata_key, s->process->pool); ++ if (!data) { ++ apr_pool_userdata_set((const void *)1, userdata_key, ++ apr_pool_cleanup_null, s->process->pool); ++ } ++ else { ++ sd_listen_fds(1); ++ } ++ } ++ else ++#endif ++ { ++ if (open_listeners(s->process->pool)) { ++ return 0; ++ } + } + + for (lr = ap_listeners; lr; lr = lr->next) { + num_listeners++; + found = 0; + for (ls = s; ls && !found; ls = ls->next) { + for (addr = ls->addrs; addr && !found; addr = addr->next) { + if (apr_sockaddr_equal(lr->bind_addr, addr->host_addr) && + lr->bind_addr->port == addr->host_port) { + found = 1; + ap_apply_accept_filter(s->process->pool, lr, ls); + } + } + } + + if (!found) { + ap_apply_accept_filter(s->process->pool, lr, s); + } + } + +@@ -681,41 +829,41 @@ + char *hostname; + apr_port_t port; + apr_sockaddr_t *sa; + duplr = apr_palloc(p, sizeof(ap_listen_rec)); + duplr->slave = NULL; + duplr->protocol = apr_pstrdup(p, lr->protocol); + hostname = apr_pstrdup(p, lr->bind_addr->hostname); + port = lr->bind_addr->port; + apr_sockaddr_info_get(&sa, hostname, APR_UNSPEC, port, 0, p); + duplr->bind_addr = sa; + duplr->next = NULL; + stat = apr_socket_create(&duplr->sd, duplr->bind_addr->family, + SOCK_STREAM, 0, p); + if (stat != APR_SUCCESS) { + ap_log_perror(APLOG_MARK, APLOG_CRIT, 0, p, APLOGNO(02640) + "ap_duplicate_listeners: for address %pI, " + "cannot duplicate a new socket!", + duplr->bind_addr); + return stat; + } +- make_sock(p, duplr); ++ make_sock(p, duplr, 1); + #if AP_NONBLOCK_WHEN_MULTI_LISTEN + use_nonblock = (ap_listeners && ap_listeners->next); + stat = apr_socket_opt_set(duplr->sd, APR_SO_NONBLOCK, use_nonblock); + if (stat != APR_SUCCESS) { + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02641) + "unable to control socket non-blocking status"); + return stat; + } + #endif + ap_apply_accept_filter(p, duplr, s); + + if (last == NULL) { + (*buckets)[i] = last = duplr; + } + else { + last->next = duplr; + last = duplr; + } + lr = lr->next; + } +@@ -808,71 +956,82 @@ + ap_have_so_reuseport = 0; + + } + } + + AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy, + int argc, char *const argv[]) + { + char *host, *scope_id, *proto; + apr_port_t port; + apr_status_t rv; + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + + if (err != NULL) { + return err; + } + + if (argc < 1 || argc > 2) { + return "Listen requires 1 or 2 arguments."; + } ++#ifdef HAVE_SYSTEMD ++ if (use_systemd == -1) { ++ use_systemd = sd_listen_fds(0) > 0; ++ } ++#endif + + rv = apr_parse_addr_port(&host, &scope_id, &port, argv[0], cmd->pool); + if (rv != APR_SUCCESS) { + return "Invalid address or port"; + } + + if (host && !strcmp(host, "*")) { + host = NULL; + } + + if (scope_id) { + /* XXX scope id support is useful with link-local IPv6 addresses */ + return "Scope id is not supported"; + } + + if (!port) { + return "Port must be specified"; + } + + if (argc != 2) { + if (port == 443) { + proto = "https"; + } else { + proto = "http"; + } + } + else { + proto = apr_pstrdup(cmd->pool, argv[1]); + ap_str_tolower(proto); + } + ++#ifdef HAVE_SYSTEMD ++ if (use_systemd) { ++ return set_systemd_listener(cmd->server->process, port, proto); ++ } ++#endif ++ + return alloc_listener(cmd->server->process, host, port, proto, NULL); + } + + AP_DECLARE_NONSTD(const char *) ap_set_listenbacklog(cmd_parms *cmd, + void *dummy, + const char *arg) + { + int b; + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + + if (err != NULL) { + return err; + } + + b = atoi(arg); + if (b < 1) { + return "ListenBacklog must be > 0"; + } + + ap_listenbacklog = b; diff --git a/SOURCES/httpd-2.4.25-ab_source_address.patch b/SOURCES/httpd-2.4.25-ab_source_address.patch new file mode 100644 index 0000000..a341477 --- /dev/null +++ b/SOURCES/httpd-2.4.25-ab_source_address.patch @@ -0,0 +1,72 @@ +--- httpd-2.4.35/docs/man/ab.1.bak 2018-10-21 16:10:11.161024133 +0000 ++++ httpd-2.4.35/docs/man/ab.1 2018-10-21 16:11:25.689793452 +0000 +@@ -130,6 +130,9 @@ + \fB-X \fIproxy\fR[:\fIport\fR]\fR + Use a proxy server for the requests\&. + .TP ++\fB-o \fIsrc_address\fR\fR ++Set the local source address\&. ++.TP + \fB-y \fI-attributes\fR\fR + String to use as attributes for \fB\fR\&. + .TP +--- httpd-2.4.33/support/ab.c.ab_source_address.droplet 2018-03-16 01:02:58.000000000 +0200 ++++ httpd-2.4.33/support/ab.c 2018-03-27 10:39:44.792971820 +0300 +@@ -313,6 +313,7 @@ + const char *connecthost; + const char *myhost; + apr_port_t connectport; ++char *src_address; + const char *gnuplot; /* GNUplot file */ + const char *csvperc; /* CSV Percentile file */ + const char *fullurl; +@@ -1299,6 +1300,7 @@ + static void start_connect(struct connection * c) + { + apr_status_t rv; ++ apr_sockaddr_t *from; + + if (!(started < requests)) + return; +@@ -1348,6 +1350,14 @@ + } + } + ++ if (src_address) { ++ if ((rv = apr_sockaddr_info_get(&from, src_address, destsa->family, ++ 0, 0, c->ctx)) != APR_SUCCESS) ++ apr_err("src_address get", rv); ++ if ((rv = apr_socket_bind(c->aprsock, from)) != APR_SUCCESS) ++ apr_err("src_address bind", rv); ++ } ++ + c->start = lasttime = apr_time_now(); + #ifdef USE_SSL + if (is_ssl) { +@@ -2085,6 +2095,7 @@ + fprintf(stderr, " -P attribute Add Basic Proxy Authentication, the attributes\n"); + fprintf(stderr, " are a colon separated username and password.\n"); + fprintf(stderr, " -X proxy:port Proxyserver and port number to use\n"); ++ fprintf(stderr, " -o src_address Set the local source address\n"); + fprintf(stderr, " -V Print version number and exit\n"); + fprintf(stderr, " -k Use HTTP KeepAlive feature\n"); + fprintf(stderr, " -d Do not show percentiles served table.\n"); +@@ -2351,7 +2351,7 @@ + myhost = NULL; /* 0.0.0.0 or :: */ + + apr_getopt_init(&opt, cntxt, argc, argv); +- while ((status = apr_getopt(opt, "n:c:t:s:b:T:p:u:v:lrkVhwiIx:y:z:C:H:P:A:g:X:de:SqB:m:" ++ while ((status = apr_getopt(opt, "o:n:c:t:s:b:T:p:u:v:lrkVhwiIx:y:z:C:H:P:A:g:X:de:SqB:m:" + #ifdef USE_SSL + "Z:f:E:" + #endif +@@ -2305,6 +2316,9 @@ + case 'k': + keepalive = 1; + break; ++ case 'o': ++ src_address = strdup(optarg); ++ break; + case 'q': + heartbeatres = 0; + break; diff --git a/SOURCES/httpd-2.4.27-systemd.patch b/SOURCES/httpd-2.4.27-systemd.patch new file mode 100644 index 0000000..5a8cc49 --- /dev/null +++ b/SOURCES/httpd-2.4.27-systemd.patch @@ -0,0 +1,20 @@ +diff -uap httpd-2.4.27/modules/arch/unix/config5.m4.systemd httpd-2.4.27/modules/arch/unix/config5.m4 +--- httpd-2.4.27/modules/arch/unix/config5.m4.systemd ++++ httpd-2.4.27/modules/arch/unix/config5.m4 +@@ -18,6 +18,16 @@ + fi + ]) + ++APACHE_MODULE(systemd, Systemd support, , , all, [ ++ if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then ++ AC_MSG_WARN([Your system does not support systemd.]) ++ enable_systemd="no" ++ else ++ APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS]) ++ enable_systemd="yes" ++ fi ++]) ++ + APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) + + APACHE_MODPATH_FINISH diff --git a/SOURCES/httpd-2.4.33-socket-activation.patch b/SOURCES/httpd-2.4.33-socket-activation.patch deleted file mode 100644 index 9158866..0000000 --- a/SOURCES/httpd-2.4.33-socket-activation.patch +++ /dev/null @@ -1,299 +0,0 @@ -diff -urNp a/server/listen.c.socketactivation b/server/listen.c ---- a/server/listen.c.socketactivation 2017-08-16 18:48:29.000000000 +0200 -+++ b/server/listen.c 2018-06-18 14:31:10.639221470 +0200 -@@ -34,6 +34,10 @@ - #include - #endif - -+#ifdef HAVE_SYSTEMD -+#include -+#endif -+ - /* we know core's module_index is 0 */ - #undef APLOG_MODULE_INDEX - #define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX -@@ -59,9 +63,12 @@ static int ap_listenbacklog; - static int ap_listencbratio; - static int send_buffer_size; - static int receive_buffer_size; -+#ifdef HAVE_SYSTEMD -+static int use_systemd = -1; -+#endif - - /* TODO: make_sock is just begging and screaming for APR abstraction */ --static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server) -+static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server, int do_bind_listen) - { - apr_socket_t *s = server->sd; - int one = 1; -@@ -94,20 +101,6 @@ static apr_status_t make_sock(apr_pool_t - return stat; - } - --#if APR_HAVE_IPV6 -- if (server->bind_addr->family == APR_INET6) { -- stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); -- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { -- ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069) -- "make_sock: for address %pI, apr_socket_opt_set: " -- "(IPV6_V6ONLY)", -- server->bind_addr); -- apr_socket_close(s); -- return stat; -- } -- } --#endif -- - /* - * To send data over high bandwidth-delay connections at full - * speed we must force the TCP window to open wide enough to keep the -@@ -169,21 +162,37 @@ static apr_status_t make_sock(apr_pool_t - } - #endif - -- if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) { -- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072) -- "make_sock: could not bind to address %pI", -- server->bind_addr); -- apr_socket_close(s); -- return stat; -- } -+ if (do_bind_listen) { -+#if APR_HAVE_IPV6 -+ if (server->bind_addr->family == APR_INET6) { -+ stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); -+ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069) -+ "make_sock: for address %pI, apr_socket_opt_set: " -+ "(IPV6_V6ONLY)", -+ server->bind_addr); -+ apr_socket_close(s); -+ return stat; -+ } -+ } -+#endif - -- if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) { -- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073) -- "make_sock: unable to listen for connections " -- "on address %pI", -- server->bind_addr); -- apr_socket_close(s); -- return stat; -+ if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) { -+ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072) -+ "make_sock: could not bind to address %pI", -+ server->bind_addr); -+ apr_socket_close(s); -+ return stat; -+ } -+ -+ if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) { -+ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073) -+ "make_sock: unable to listen for connections " -+ "on address %pI", -+ server->bind_addr); -+ apr_socket_close(s); -+ return stat; -+ } - } - - #ifdef WIN32 -@@ -277,6 +286,123 @@ static apr_status_t close_listeners_on_e - return APR_SUCCESS; - } - -+#ifdef HAVE_SYSTEMD -+ -+static int find_systemd_socket(process_rec * process, apr_port_t port) { -+ int fdcount, fd; -+ int sdc = sd_listen_fds(0); -+ -+ if (sdc < 0) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486) -+ "find_systemd_socket: Error parsing enviroment, sd_listen_fds returned %d", -+ sdc); -+ return -1; -+ } -+ -+ if (sdc == 0) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487) -+ "find_systemd_socket: At least one socket must be set."); -+ return -1; -+ } -+ -+ fdcount = atoi(getenv("LISTEN_FDS")); -+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) { -+ if (sd_is_socket_inet(fd, 0, 0, -1, port) > 0) { -+ return fd; -+ } -+ } -+ -+ return -1; -+} -+ -+static apr_status_t alloc_systemd_listener(process_rec * process, -+ int fd, const char *proto, -+ ap_listen_rec **out_rec) -+{ -+ apr_status_t rv; -+ struct sockaddr sa; -+ socklen_t len = sizeof(struct sockaddr); -+ apr_os_sock_info_t si; -+ ap_listen_rec *rec; -+ *out_rec = NULL; -+ -+ memset(&si, 0, sizeof(si)); -+ -+ rv = getsockname(fd, &sa, &len); -+ -+ if (rv != 0) { -+ rv = apr_get_netos_error(); -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02489) -+ "getsockname on %d failed.", fd); -+ return rv; -+ } -+ -+ si.os_sock = &fd; -+ si.family = sa.sa_family; -+ si.local = &sa; -+ si.type = SOCK_STREAM; -+ si.protocol = APR_PROTO_TCP; -+ -+ rec = apr_palloc(process->pool, sizeof(ap_listen_rec)); -+ rec->active = 0; -+ rec->next = 0; -+ -+ -+ rv = apr_os_sock_make(&rec->sd, &si, process->pool); -+ if (rv != APR_SUCCESS) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02490) -+ "apr_os_sock_make on %d failed.", fd); -+ return rv; -+ } -+ -+ rv = apr_socket_addr_get(&rec->bind_addr, APR_LOCAL, rec->sd); -+ if (rv != APR_SUCCESS) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02491) -+ "apr_socket_addr_get on %d failed.", fd); -+ return rv; -+ } -+ -+ rec->protocol = apr_pstrdup(process->pool, proto); -+ -+ *out_rec = rec; -+ -+ return make_sock(process->pool, rec, 0); -+} -+ -+static const char *set_systemd_listener(process_rec *process, apr_port_t port, -+ const char *proto) -+{ -+ ap_listen_rec *last, *new; -+ apr_status_t rv; -+ int fd = find_systemd_socket(process, port); -+ if (fd < 0) { -+ return "Systemd socket activation is used, but this port is not " -+ "configured in systemd"; -+ } -+ -+ last = ap_listeners; -+ while (last && last->next) { -+ last = last->next; -+ } -+ -+ rv = alloc_systemd_listener(process, fd, proto, &new); -+ if (rv != APR_SUCCESS) { -+ return "Failed to setup socket passed by systemd using socket activation"; -+ } -+ -+ if (last == NULL) { -+ ap_listeners = last = new; -+ } -+ else { -+ last->next = new; -+ last = new; -+ } -+ -+ return NULL; -+} -+ -+#endif /* HAVE_SYSTEMD */ -+ - static int find_listeners(ap_listen_rec **from, ap_listen_rec **to, - const char *addr, apr_port_t port) - { -@@ -495,7 +621,7 @@ static int open_listeners(apr_pool_t *po - } - } - #endif -- if (make_sock(pool, lr) == APR_SUCCESS) { -+ if (make_sock(pool, lr, 1) == APR_SUCCESS) { - ++num_open; - } - else { -@@ -607,8 +733,28 @@ AP_DECLARE(int) ap_setup_listeners(serve - } - } - -- if (open_listeners(s->process->pool)) { -- return 0; -+#ifdef HAVE_SYSTEMD -+ if (use_systemd) { -+ const char *userdata_key = "ap_open_systemd_listeners"; -+ void *data; -+ /* clear the enviroment on our second run -+ * so that none of our future children get confused. -+ */ -+ apr_pool_userdata_get(&data, userdata_key, s->process->pool); -+ if (!data) { -+ apr_pool_userdata_set((const void *)1, userdata_key, -+ apr_pool_cleanup_null, s->process->pool); -+ } -+ else { -+ sd_listen_fds(1); -+ } -+ } -+ else -+#endif -+ { -+ if (open_listeners(s->process->pool)) { -+ return 0; -+ } - } - - for (lr = ap_listeners; lr; lr = lr->next) { -@@ -698,7 +844,7 @@ AP_DECLARE(apr_status_t) ap_duplicate_li - duplr->bind_addr); - return stat; - } -- make_sock(p, duplr); -+ make_sock(p, duplr, 1); - #if AP_NONBLOCK_WHEN_MULTI_LISTEN - use_nonblock = (ap_listeners && ap_listeners->next); - stat = apr_socket_opt_set(duplr->sd, APR_SO_NONBLOCK, use_nonblock); -@@ -825,6 +971,11 @@ AP_DECLARE_NONSTD(const char *) ap_set_l - if (argc < 1 || argc > 2) { - return "Listen requires 1 or 2 arguments."; - } -+#ifdef HAVE_SYSTEMD -+ if (use_systemd == -1) { -+ use_systemd = sd_listen_fds(0) > 0; -+ } -+#endif - - rv = apr_parse_addr_port(&host, &scope_id, &port, argv[0], cmd->pool); - if (rv != APR_SUCCESS) { -@@ -856,6 +1007,12 @@ AP_DECLARE_NONSTD(const char *) ap_set_l - ap_str_tolower(proto); - } - -+#ifdef HAVE_SYSTEMD -+ if (use_systemd) { -+ return set_systemd_listener(cmd->server->process, port, proto); -+ } -+#endif -+ - return alloc_listener(cmd->server->process, host, port, proto, NULL); - } - diff --git a/SOURCES/httpd-2.4.38.tar.bz2 b/SOURCES/httpd-2.4.38.tar.bz2 deleted file mode 100644 index 319c18a..0000000 Binary files a/SOURCES/httpd-2.4.38.tar.bz2 and /dev/null differ diff --git a/SOURCES/httpd-2.4.4-export.patch b/SOURCES/httpd-2.4.4-export.patch deleted file mode 100644 index eb670c6..0000000 --- a/SOURCES/httpd-2.4.4-export.patch +++ /dev/null @@ -1,20 +0,0 @@ - -There is no need to "suck in" the apr/apr-util symbols when using -a shared libapr{,util}, it just bloats the symbol table; so don't. - -Upstream-HEAD: needed -Upstream-2.0: omit -Upstream-Status: EXPORT_DIRS change is conditional on using shared apr - ---- httpd-2.4.4/server/Makefile.in.export -+++ httpd-2.4.4/server/Makefile.in -@@ -57,9 +57,6 @@ export_files: - ( for dir in $(EXPORT_DIRS); do \ - ls $$dir/*.h ; \ - done; \ -- for dir in $(EXPORT_DIRS_APR); do \ -- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ -- done; \ - ) | sed -e s,//,/,g | sort -u > $@ - - exports.c: export_files diff --git a/SOURCES/httpd-2.4.48.tar.bz2 b/SOURCES/httpd-2.4.48.tar.bz2 new file mode 100644 index 0000000..df5af15 Binary files /dev/null and b/SOURCES/httpd-2.4.48.tar.bz2 differ diff --git a/SOURCES/httpd-2.4.9-apxs.patch b/SOURCES/httpd-2.4.9-apxs.patch index 7016dec..e2b65f7 100644 --- a/SOURCES/httpd-2.4.9-apxs.patch +++ b/SOURCES/httpd-2.4.9-apxs.patch @@ -1,8 +1,6 @@ -diff --git a/support/apxs.in b/support/apxs.in -index ad1287f..efcfcf6 100644 ---- a/support/apxs.in -+++ b/support/apxs.in -@@ -25,7 +25,18 @@ package apxs; +--- httpd-2.4.43/support/apxs.in.apxs 2020-03-20 15:00:44.000000000 +0200 ++++ httpd-2.4.43/support/apxs.in 2020-04-02 15:16:23.516349733 +0300 +@@ -35,7 +35,18 @@ my %config_vars = (); @@ -19,10 +17,10 @@ index ad1287f..efcfcf6 100644 + +my $installbuilddir = $libdir . "/httpd/build"; + - get_config_vars("$installbuilddir/config_vars.mk",\%config_vars); + get_config_vars($destdir . "$installbuilddir/config_vars.mk",\%config_vars); # read the configuration variables once -@@ -275,7 +286,7 @@ if ($opt_g) { +@@ -285,7 +296,7 @@ $data =~ s|%NAME%|$name|sg; $data =~ s|%TARGET%|$CFG_TARGET|sg; $data =~ s|%PREFIX%|$prefix|sg; @@ -31,7 +29,7 @@ index ad1287f..efcfcf6 100644 my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s); -@@ -453,11 +464,11 @@ if ($opt_c) { +@@ -463,11 +474,11 @@ my $ldflags = "$CFG_LDFLAGS"; if ($opt_p == 1) { @@ -45,7 +43,7 @@ index ad1287f..efcfcf6 100644 chomp($apu_libs); } -@@ -672,8 +683,8 @@ __DATA__ +@@ -682,8 +693,8 @@ builddir=. top_srcdir=%PREFIX% diff --git a/SPECS/ihttpd.spec b/SPECS/ihttpd.spec index 693e93a..72deabb 100644 --- a/SPECS/ihttpd.spec +++ b/SPECS/ihttpd.spec @@ -1,3 +1,5 @@ +# (luigiwalser, ngompa): httpd build hates parallelization +%define _smp_ncpus_max 8 %define contentdir %{_datadir}/httpd %define docroot /var/www @@ -5,8 +7,8 @@ %{?!serverlimit:%global serverlimit 1024} Name: ihttpd -Version: 2.4.38 -Release: %mkrel 6 +Version: 2.4.48 +Release: %mkrel 1 Summary: The most widely used Web server on the Internet License: Apache License Group: System/Servers @@ -28,19 +30,22 @@ Patch6: httpd-2.4.3-apctl-systemd.patch Patch7: httpd-2.4.10-detect-systemd.patch # Features/functional changes Patch20: httpd-2.4.3-release.patch +#Disable in ihttpd to avoid build fail #Patch23: httpd-2.4.4-export.patch Patch24: httpd-2.4.1-corelimit.patch #Patch26: httpd-2.4.4-r1337344+.patch Patch27: httpd-2.4.2-icons.patch Patch28: httpd-2.4.4-r1332643+.patch +# http://marc.info/?l=apache-httpd-dev&m=134867223818085&w=2 +Patch29: httpd-2.4.27-systemd.patch Patch30: httpd-2.4.4-cachehardmax.patch #Patch31: httpd-2.4.18-sslmultiproxy.patch -Patch34: httpd-2.4.33-socket-activation.patch +Patch34: httpd-2.4.17-socket-activation.patch #Patch35: httpd-2.4.33-sslciphdefault.patch # Bug fixes -#Patch55: httpd-2.4.4-malformed-host.patch -#Patch56: httpd-2.4.4-mod_unique_id.patch -#Patch57: httpd-2.4.10-sigint.patch +# http://issues.apache.org/bugzilla/show_bug.cgi?id=32524 +Patch100: httpd-2.4.25-ab_source_address.patch +Patch101: httpd-2.2.10-ldap_auth_now_modular_in-apr-util-dbd-ldap_fix.diff # For /var/www/html Requires: webserver-base @@ -71,18 +76,21 @@ This version of apache is fully static, and few modules are available built-in. %patch6 -p1 -b .apctlsystemd %patch7 -p1 -b .detectsystemd +#Disable in ihttpd to avoid build fail #%patch23 -p1 -b .export %patch24 -p1 -b .corelimit #%patch26 -p1 -b .r1337344+ %patch27 -p1 -b .icons +%patch29 -p1 -b .systemd %patch30 -p1 -b .cachehardmax +# No longer applies #%patch31 -p1 -b .sslmultiproxy %patch34 -p1 -b .socketactivation #%patch35 -p1 -b .sslciphdefault +#patch44 -p1 -b .luaresume -#%patch55 -p1 -b .malformedhost -#%patch56 -p1 -b .uniqueid -#%patch57 -p1 -b .sigint +%patch100 -p1 -b .ab_source_address.droplet +%patch101 -p0 -b .PR45994.droplet # Patch in vendor/release string sed "s/@RELEASE@/%{product_distribution}/" < %{PATCH20} | patch -p1 @@ -131,7 +139,8 @@ autoheader && autoconf || exit 1 # Required to be able to run as root export CFLAGS="$RPM_OPT_FLAGS -DBIG_SECURITY_HOLE" -export LDFLAGS="-Wl,-z,relro,-z,now" +ldflags_hacky_workaround_for_systemd_lib_not_added="-lsystemd " +export LDFLAGS="${ldflags_hacky_workaround_for_systemd_lib_not_added}-Wl,-z,relro,-z,now" # Hard-code path to links to avoid unnecessary builddep export LYNX_PATH=/usr/bin/links @@ -167,7 +176,8 @@ export LYNX_PATH=/usr/bin/links --enable-modules=none \ --enable-mods-static='unixd auth_basic authn_core authn_file authz_core authz_host authz_user rewrite socache_shmcb dir mime log_config cgi ssl' -%make_build +# parallel build fails on the build host +%__make export CFLAGS="$RPM_OPT_FLAGS" gcc index.bin.c -o index.bin