From: Raphaƫl Gertz Date: Thu, 12 Oct 2023 00:04:04 +0000 (+0200) Subject: Replace egrep with grep -E X-Git-Url: https://git.rapsys.eu/ihttpd/commitdiff_plain/HEAD?hp=b3308fed6e266d448faa6299a4afd85654a5f5e6 Replace egrep with grep -E --- diff --git a/SOURCES/httpd-2.2.10-ldap_auth_now_modular_in-apr-util-dbd-ldap_fix.diff b/SOURCES/httpd-2.2.10-ldap_auth_now_modular_in-apr-util-dbd-ldap_fix.diff new file mode 100644 index 0000000..502a35f --- /dev/null +++ b/SOURCES/httpd-2.2.10-ldap_auth_now_modular_in-apr-util-dbd-ldap_fix.diff @@ -0,0 +1,11 @@ +--- modules/ldap/util_ldap.c 2008-12-18 18:31:03.000000000 +0100 ++++ modules/ldap/util_ldap.c.oden 2009-07-23 17:00:18.000000000 +0200 +@@ -236,7 +236,7 @@ static int uldap_connection_init(request + /* something really bad happened */ + ldc->bound = 0; + if (NULL == ldc->reason) { +- ldc->reason = "LDAP: ldap initialization failed"; ++ ldc->reason = "LDAP: ldap initialization failed. Please try to install apr-util-dbd-ldap."; + } + return(APR_EGENERAL); + } diff --git a/SOURCES/httpd-2.4.10-detect-systemd.patch b/SOURCES/httpd-2.4.10-detect-systemd.patch index a22178b..ee1077f 100644 --- a/SOURCES/httpd-2.4.10-detect-systemd.patch +++ b/SOURCES/httpd-2.4.10-detect-systemd.patch @@ -1,48 +1,11 @@ -diff --git a/acinclude.m4 b/acinclude.m4 -index 580eb4a..bd7e2c9 100644 ---- a/acinclude.m4 -+++ b/acinclude.m4 -@@ -594,6 +594,30 @@ AC_DEFUN(APACHE_CHECK_OPENSSL,[ - fi - ]) - -+AC_DEFUN(APACHE_CHECK_SYSTEMD, [ -+dnl Check for systemd support for listen.c's socket activation. -+case $host in -+*-linux-*) -+ if test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd; then -+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd` -+ elif test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd-daemon; then -+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd-daemon` -+ else -+ AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon") -+ fi -+ if test -n "$SYSTEMD_LIBS"; then -+ AC_CHECK_HEADERS(systemd/sd-daemon.h) -+ if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then -+ AC_MSG_WARN([Your system does not support systemd.]) -+ else -+ APR_ADDTO(LIBS, [$SYSTEMD_LIBS]) -+ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if systemd is supported]) -+ fi -+ fi -+ ;; -+esac -+]) -+ - dnl - dnl APACHE_EXPORT_ARGUMENTS - dnl Export (via APACHE_SUBST) the various path-related variables that -diff --git a/configure.in b/configure.in -index 19a5f88..f096de3 100644 ---- a/configure.in -+++ b/configure.in -@@ -509,6 +509,8 @@ if test "$ac_cv_struct_tm_gmtoff" = "yes"; then - AC_DEFINE(HAVE_GMTOFF, 1, [Define if struct tm has a tm_gmtoff field]) - fi - -+APACHE_CHECK_SYSTEMD -+ - dnl ## Set up any appropriate OS-specific environment variables for apachectl - - case $host in +--- httpd-2.4.46/acinclude.m4.detectsystemd 2020-08-07 22:51:40.475205331 +0300 ++++ httpd-2.4.46/acinclude.m4 2020-08-07 22:54:08.828106207 +0300 +@@ -616,7 +616,7 @@ + elif test -n "$PKGCONFIG" && $PKGCONFIG --exists libsystemd-daemon; then + SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd-daemon` + else +- AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon") ++ AC_CHECK_LIB(systemd, sd_notify, SYSTEMD_LIBS="-lsystemd") + fi + if test -n "$SYSTEMD_LIBS"; then + AC_CHECK_HEADERS(systemd/sd-daemon.h) diff --git a/SOURCES/httpd-2.4.17-socket-activation.patch b/SOURCES/httpd-2.4.17-socket-activation.patch new file mode 100644 index 0000000..3d27742 --- /dev/null +++ b/SOURCES/httpd-2.4.17-socket-activation.patch @@ -0,0 +1,605 @@ +--- httpd-2.4.28/server/listen.c.socketactivation 2017-08-16 19:48:29.000000000 +0300 ++++ httpd-2.4.28/server/listen.c 2017-10-14 18:48:36.275690612 +0300 +@@ -17,114 +17,107 @@ + #include "apr_network_io.h" + #include "apr_strings.h" + + #define APR_WANT_STRFUNC + #include "apr_want.h" + + #include "ap_config.h" + #include "httpd.h" + #include "http_main.h" + #include "http_config.h" + #include "http_core.h" + #include "ap_listen.h" + #include "http_log.h" + #include "mpm_common.h" + + #include + #if APR_HAVE_UNISTD_H + #include + #endif + ++#ifdef HAVE_SYSTEMD ++#include ++#endif ++ + /* we know core's module_index is 0 */ + #undef APLOG_MODULE_INDEX + #define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX + + AP_DECLARE_DATA ap_listen_rec *ap_listeners = NULL; + + /* Let ap_num_listen_buckets be global so that it can + * be printed by ap_log_mpm_common(), but keep the listeners + * buckets static since it is used only here to close them + * all (including duplicated) with ap_close_listeners(). + */ + AP_DECLARE_DATA int ap_num_listen_buckets; + static ap_listen_rec **ap_listen_buckets; + + /* Determine once, at runtime, whether or not SO_REUSEPORT + * is usable on this platform, and hence whether or not + * listeners can be duplicated (if configured). + */ + AP_DECLARE_DATA int ap_have_so_reuseport = -1; + + static ap_listen_rec *old_listeners; + static int ap_listenbacklog; + static int ap_listencbratio; + static int send_buffer_size; + static int receive_buffer_size; ++#ifdef HAVE_SYSTEMD ++static int use_systemd = -1; ++#endif + + /* TODO: make_sock is just begging and screaming for APR abstraction */ +-static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server) ++static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server, int do_bind_listen) + { + apr_socket_t *s = server->sd; + int one = 1; + #if APR_HAVE_IPV6 + #ifdef AP_ENABLE_V4_MAPPED + int v6only_setting = 0; + #else + int v6only_setting = 1; + #endif + #endif + apr_status_t stat; + + #ifndef WIN32 + stat = apr_socket_opt_set(s, APR_SO_REUSEADDR, one); + if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00067) + "make_sock: for address %pI, apr_socket_opt_set: (SO_REUSEADDR)", + server->bind_addr); + apr_socket_close(s); + return stat; + } + #endif + + stat = apr_socket_opt_set(s, APR_SO_KEEPALIVE, one); + if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00068) + "make_sock: for address %pI, apr_socket_opt_set: (SO_KEEPALIVE)", + server->bind_addr); + apr_socket_close(s); + return stat; + } + +-#if APR_HAVE_IPV6 +- if (server->bind_addr->family == APR_INET6) { +- stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); +- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { +- ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069) +- "make_sock: for address %pI, apr_socket_opt_set: " +- "(IPV6_V6ONLY)", +- server->bind_addr); +- apr_socket_close(s); +- return stat; +- } +- } +-#endif +- + /* + * To send data over high bandwidth-delay connections at full + * speed we must force the TCP window to open wide enough to keep the + * pipe full. The default window size on many systems + * is only 4kB. Cross-country WAN connections of 100ms + * at 1Mb/s are not impossible for well connected sites. + * If we assume 100ms cross-country latency, + * a 4kB buffer limits throughput to 40kB/s. + * + * To avoid this problem I've added the SendBufferSize directive + * to allow the web master to configure send buffer size. + * + * The trade-off of larger buffers is that more kernel memory + * is consumed. YMMV, know your customers and your network! + * + * -John Heidemann 25-Oct-96 + * + * If no size is specified, use the kernel default. + */ + if (send_buffer_size) { +@@ -152,55 +145,71 @@ + ap_sock_disable_nagle(s); + #endif + + #if defined(SO_REUSEPORT) + if (ap_have_so_reuseport && ap_listencbratio > 0) { + int thesock; + apr_os_sock_get(&thesock, s); + if (setsockopt(thesock, SOL_SOCKET, SO_REUSEPORT, + (void *)&one, sizeof(int)) < 0) { + stat = apr_get_netos_error(); + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02638) + "make_sock: for address %pI, apr_socket_opt_set: " + "(SO_REUSEPORT)", + server->bind_addr); + apr_socket_close(s); + return stat; + } + } + #endif + +- if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) { +- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072) +- "make_sock: could not bind to address %pI", +- server->bind_addr); +- apr_socket_close(s); +- return stat; +- } ++ if (do_bind_listen) { ++#if APR_HAVE_IPV6 ++ if (server->bind_addr->family == APR_INET6) { ++ stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); ++ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069) ++ "make_sock: for address %pI, apr_socket_opt_set: " ++ "(IPV6_V6ONLY)", ++ server->bind_addr); ++ apr_socket_close(s); ++ return stat; ++ } ++ } ++#endif + +- if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) { +- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073) +- "make_sock: unable to listen for connections " +- "on address %pI", +- server->bind_addr); +- apr_socket_close(s); +- return stat; ++ if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) { ++ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072) ++ "make_sock: could not bind to address %pI", ++ server->bind_addr); ++ apr_socket_close(s); ++ return stat; ++ } ++ ++ if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) { ++ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073) ++ "make_sock: unable to listen for connections " ++ "on address %pI", ++ server->bind_addr); ++ apr_socket_close(s); ++ return stat; ++ } + } + + #ifdef WIN32 + /* I seriously doubt that this would work on Unix; I have doubts that + * it entirely solves the problem on Win32. However, since setting + * reuseaddr on the listener -prior- to binding the socket has allowed + * us to attach to the same port as an already running instance of + * Apache, or even another web server, we cannot identify that this + * port was exclusively granted to this instance of Apache. + * + * So set reuseaddr, but do not attempt to do so until we have the + * parent listeners successfully bound. + */ + stat = apr_socket_opt_set(s, APR_SO_REUSEADDR, one); + if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00074) + "make_sock: for address %pI, apr_socket_opt_set: (SO_REUSEADDR)", + server->bind_addr); + apr_socket_close(s); + return stat; +@@ -260,40 +269,159 @@ + ap_log_perror(APLOG_MARK, APLOG_WARNING, rv, p, APLOGNO(00075) + "Failed to enable the '%s' Accept Filter", + accf); + } + #else + rv = apr_socket_opt_set(s, APR_TCP_DEFER_ACCEPT, 30); + if (rv != APR_SUCCESS && !APR_STATUS_IS_ENOTIMPL(rv)) { + ap_log_perror(APLOG_MARK, APLOG_WARNING, rv, p, APLOGNO(00076) + "Failed to enable APR_TCP_DEFER_ACCEPT"); + } + #endif + } + } + + static apr_status_t close_listeners_on_exec(void *v) + { + ap_close_listeners(); + return APR_SUCCESS; + } + ++ ++#ifdef HAVE_SYSTEMD ++ ++static int find_systemd_socket(process_rec * process, apr_port_t port) { ++ int fdcount, fd; ++ int sdc = sd_listen_fds(0); ++ ++ if (sdc < 0) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486) ++ "find_systemd_socket: Error parsing enviroment, sd_listen_fds returned %d", ++ sdc); ++ return -1; ++ } ++ ++ if (sdc == 0) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487) ++ "find_systemd_socket: At least one socket must be set."); ++ return -1; ++ } ++ ++ fdcount = atoi(getenv("LISTEN_FDS")); ++ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) { ++ if (sd_is_socket_inet(fd, 0, 0, -1, port) > 0) { ++ return fd; ++ } ++ } ++ ++ return -1; ++} ++ ++static apr_status_t alloc_systemd_listener(process_rec * process, ++ int fd, const char *proto, ++ ap_listen_rec **out_rec) ++{ ++ apr_status_t rv; ++ struct sockaddr sa; ++ socklen_t len = sizeof(struct sockaddr); ++ apr_os_sock_info_t si; ++ ap_listen_rec *rec; ++ *out_rec = NULL; ++ ++ memset(&si, 0, sizeof(si)); ++ ++ rv = getsockname(fd, &sa, &len); ++ ++ if (rv != 0) { ++ rv = apr_get_netos_error(); ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02489) ++ "getsockname on %d failed.", fd); ++ return rv; ++ } ++ ++ si.os_sock = &fd; ++ si.family = sa.sa_family; ++ si.local = &sa; ++ si.type = SOCK_STREAM; ++ si.protocol = APR_PROTO_TCP; ++ ++ rec = apr_palloc(process->pool, sizeof(ap_listen_rec)); ++ rec->active = 0; ++ rec->next = 0; ++ ++ ++ rv = apr_os_sock_make(&rec->sd, &si, process->pool); ++ if (rv != APR_SUCCESS) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02490) ++ "apr_os_sock_make on %d failed.", fd); ++ return rv; ++ } ++ ++ rv = apr_socket_addr_get(&rec->bind_addr, APR_LOCAL, rec->sd); ++ if (rv != APR_SUCCESS) { ++ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02491) ++ "apr_socket_addr_get on %d failed.", fd); ++ return rv; ++ } ++ ++ rec->protocol = apr_pstrdup(process->pool, proto); ++ ++ *out_rec = rec; ++ ++ return make_sock(process->pool, rec, 0); ++} ++ ++static const char *set_systemd_listener(process_rec *process, apr_port_t port, ++ const char *proto) ++{ ++ ap_listen_rec *last, *new; ++ apr_status_t rv; ++ int fd = find_systemd_socket(process, port); ++ if (fd < 0) { ++ return "Systemd socket activation is used, but this port is not " ++ "configured in systemd"; ++ } ++ ++ last = ap_listeners; ++ while (last && last->next) { ++ last = last->next; ++ } ++ ++ rv = alloc_systemd_listener(process, fd, proto, &new); ++ if (rv != APR_SUCCESS) { ++ return "Failed to setup socket passed by systemd using socket activation"; ++ } ++ ++ if (last == NULL) { ++ ap_listeners = last = new; ++ } ++ else { ++ last->next = new; ++ last = new; ++ } ++ ++ return NULL; ++} ++ ++#endif /* HAVE_SYSTEMD */ ++ ++ + static int find_listeners(ap_listen_rec **from, ap_listen_rec **to, + const char *addr, apr_port_t port) + { + int found = 0; + + while (*from) { + apr_sockaddr_t *sa = (*from)->bind_addr; + + /* Some listeners are not real so they will not have a bind_addr. */ + if (sa) { + ap_listen_rec *new; + apr_port_t oldport; + + oldport = sa->port; + /* If both ports are equivalent, then if their names are equivalent, + * then we will re-use the existing record. + */ + if (port == oldport && + ((!addr && !sa->hostname) || + ((addr && sa->hostname) && !strcmp(sa->hostname, addr)))) { +@@ -478,41 +606,41 @@ + if (lr->bind_addr->port == cur->bind_addr->port + && IS_IN6ADDR_ANY(cur->bind_addr) + && apr_socket_opt_get(cur->sd, APR_IPV6_V6ONLY, + &v6only_setting) == APR_SUCCESS + && v6only_setting == 0) { + + /* Remove the current listener from the list */ + previous->next = lr->next; + lr = previous; /* maintain current value of previous after + * post-loop expression is evaluated + */ + skip = 1; + break; + } + } + if (skip) { + continue; + } + } + #endif +- if (make_sock(pool, lr) == APR_SUCCESS) { ++ if (make_sock(pool, lr, 1) == APR_SUCCESS) { + ++num_open; + } + else { + #if APR_HAVE_IPV6 + /* If we tried to bind to ::, and the next listener is + * on 0.0.0.0 with the same port, don't give a fatal + * error. The user will still get a warning from make_sock + * though. + */ + if (lr->next != NULL + && IS_IN6ADDR_ANY(lr->bind_addr) + && lr->bind_addr->port == lr->next->bind_addr->port + && IS_INADDR_ANY(lr->next->bind_addr)) { + + /* Remove the current listener from the list */ + if (previous) { + previous->next = lr->next; + } + else { + ap_listeners = lr->next; +@@ -590,42 +718,62 @@ + * use the default for this listener. + */ + for (addr = ls->addrs; addr && !found; addr = addr->next) { + for (lr = ap_listeners; lr; lr = lr->next) { + if (apr_sockaddr_equal(lr->bind_addr, addr->host_addr) && + lr->bind_addr->port == addr->host_port) { + ap_set_server_protocol(ls, lr->protocol); + found = 1; + break; + } + } + } + + if (!found) { + /* TODO: set protocol defaults per-Port, eg 25=smtp */ + ap_set_server_protocol(ls, "http"); + } + } + } + +- if (open_listeners(s->process->pool)) { +- return 0; ++#ifdef HAVE_SYSTEMD ++ if (use_systemd) { ++ const char *userdata_key = "ap_open_systemd_listeners"; ++ void *data; ++ /* clear the enviroment on our second run ++ * so that none of our future children get confused. ++ */ ++ apr_pool_userdata_get(&data, userdata_key, s->process->pool); ++ if (!data) { ++ apr_pool_userdata_set((const void *)1, userdata_key, ++ apr_pool_cleanup_null, s->process->pool); ++ } ++ else { ++ sd_listen_fds(1); ++ } ++ } ++ else ++#endif ++ { ++ if (open_listeners(s->process->pool)) { ++ return 0; ++ } + } + + for (lr = ap_listeners; lr; lr = lr->next) { + num_listeners++; + found = 0; + for (ls = s; ls && !found; ls = ls->next) { + for (addr = ls->addrs; addr && !found; addr = addr->next) { + if (apr_sockaddr_equal(lr->bind_addr, addr->host_addr) && + lr->bind_addr->port == addr->host_port) { + found = 1; + ap_apply_accept_filter(s->process->pool, lr, ls); + } + } + } + + if (!found) { + ap_apply_accept_filter(s->process->pool, lr, s); + } + } + +@@ -681,41 +829,41 @@ + char *hostname; + apr_port_t port; + apr_sockaddr_t *sa; + duplr = apr_palloc(p, sizeof(ap_listen_rec)); + duplr->slave = NULL; + duplr->protocol = apr_pstrdup(p, lr->protocol); + hostname = apr_pstrdup(p, lr->bind_addr->hostname); + port = lr->bind_addr->port; + apr_sockaddr_info_get(&sa, hostname, APR_UNSPEC, port, 0, p); + duplr->bind_addr = sa; + duplr->next = NULL; + stat = apr_socket_create(&duplr->sd, duplr->bind_addr->family, + SOCK_STREAM, 0, p); + if (stat != APR_SUCCESS) { + ap_log_perror(APLOG_MARK, APLOG_CRIT, 0, p, APLOGNO(02640) + "ap_duplicate_listeners: for address %pI, " + "cannot duplicate a new socket!", + duplr->bind_addr); + return stat; + } +- make_sock(p, duplr); ++ make_sock(p, duplr, 1); + #if AP_NONBLOCK_WHEN_MULTI_LISTEN + use_nonblock = (ap_listeners && ap_listeners->next); + stat = apr_socket_opt_set(duplr->sd, APR_SO_NONBLOCK, use_nonblock); + if (stat != APR_SUCCESS) { + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02641) + "unable to control socket non-blocking status"); + return stat; + } + #endif + ap_apply_accept_filter(p, duplr, s); + + if (last == NULL) { + (*buckets)[i] = last = duplr; + } + else { + last->next = duplr; + last = duplr; + } + lr = lr->next; + } +@@ -808,71 +956,82 @@ + ap_have_so_reuseport = 0; + + } + } + + AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy, + int argc, char *const argv[]) + { + char *host, *scope_id, *proto; + apr_port_t port; + apr_status_t rv; + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + + if (err != NULL) { + return err; + } + + if (argc < 1 || argc > 2) { + return "Listen requires 1 or 2 arguments."; + } ++#ifdef HAVE_SYSTEMD ++ if (use_systemd == -1) { ++ use_systemd = sd_listen_fds(0) > 0; ++ } ++#endif + + rv = apr_parse_addr_port(&host, &scope_id, &port, argv[0], cmd->pool); + if (rv != APR_SUCCESS) { + return "Invalid address or port"; + } + + if (host && !strcmp(host, "*")) { + host = NULL; + } + + if (scope_id) { + /* XXX scope id support is useful with link-local IPv6 addresses */ + return "Scope id is not supported"; + } + + if (!port) { + return "Port must be specified"; + } + + if (argc != 2) { + if (port == 443) { + proto = "https"; + } else { + proto = "http"; + } + } + else { + proto = apr_pstrdup(cmd->pool, argv[1]); + ap_str_tolower(proto); + } + ++#ifdef HAVE_SYSTEMD ++ if (use_systemd) { ++ return set_systemd_listener(cmd->server->process, port, proto); ++ } ++#endif ++ + return alloc_listener(cmd->server->process, host, port, proto, NULL); + } + + AP_DECLARE_NONSTD(const char *) ap_set_listenbacklog(cmd_parms *cmd, + void *dummy, + const char *arg) + { + int b; + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + + if (err != NULL) { + return err; + } + + b = atoi(arg); + if (b < 1) { + return "ListenBacklog must be > 0"; + } + + ap_listenbacklog = b; diff --git a/SOURCES/httpd-2.4.25-ab_source_address.patch b/SOURCES/httpd-2.4.25-ab_source_address.patch new file mode 100644 index 0000000..a341477 --- /dev/null +++ b/SOURCES/httpd-2.4.25-ab_source_address.patch @@ -0,0 +1,72 @@ +--- httpd-2.4.35/docs/man/ab.1.bak 2018-10-21 16:10:11.161024133 +0000 ++++ httpd-2.4.35/docs/man/ab.1 2018-10-21 16:11:25.689793452 +0000 +@@ -130,6 +130,9 @@ + \fB-X \fIproxy\fR[:\fIport\fR]\fR + Use a proxy server for the requests\&. + .TP ++\fB-o \fIsrc_address\fR\fR ++Set the local source address\&. ++.TP + \fB-y \fI-attributes\fR\fR + String to use as attributes for \fB\fR\&. + .TP +--- httpd-2.4.33/support/ab.c.ab_source_address.droplet 2018-03-16 01:02:58.000000000 +0200 ++++ httpd-2.4.33/support/ab.c 2018-03-27 10:39:44.792971820 +0300 +@@ -313,6 +313,7 @@ + const char *connecthost; + const char *myhost; + apr_port_t connectport; ++char *src_address; + const char *gnuplot; /* GNUplot file */ + const char *csvperc; /* CSV Percentile file */ + const char *fullurl; +@@ -1299,6 +1300,7 @@ + static void start_connect(struct connection * c) + { + apr_status_t rv; ++ apr_sockaddr_t *from; + + if (!(started < requests)) + return; +@@ -1348,6 +1350,14 @@ + } + } + ++ if (src_address) { ++ if ((rv = apr_sockaddr_info_get(&from, src_address, destsa->family, ++ 0, 0, c->ctx)) != APR_SUCCESS) ++ apr_err("src_address get", rv); ++ if ((rv = apr_socket_bind(c->aprsock, from)) != APR_SUCCESS) ++ apr_err("src_address bind", rv); ++ } ++ + c->start = lasttime = apr_time_now(); + #ifdef USE_SSL + if (is_ssl) { +@@ -2085,6 +2095,7 @@ + fprintf(stderr, " -P attribute Add Basic Proxy Authentication, the attributes\n"); + fprintf(stderr, " are a colon separated username and password.\n"); + fprintf(stderr, " -X proxy:port Proxyserver and port number to use\n"); ++ fprintf(stderr, " -o src_address Set the local source address\n"); + fprintf(stderr, " -V Print version number and exit\n"); + fprintf(stderr, " -k Use HTTP KeepAlive feature\n"); + fprintf(stderr, " -d Do not show percentiles served table.\n"); +@@ -2351,7 +2351,7 @@ + myhost = NULL; /* 0.0.0.0 or :: */ + + apr_getopt_init(&opt, cntxt, argc, argv); +- while ((status = apr_getopt(opt, "n:c:t:s:b:T:p:u:v:lrkVhwiIx:y:z:C:H:P:A:g:X:de:SqB:m:" ++ while ((status = apr_getopt(opt, "o:n:c:t:s:b:T:p:u:v:lrkVhwiIx:y:z:C:H:P:A:g:X:de:SqB:m:" + #ifdef USE_SSL + "Z:f:E:" + #endif +@@ -2305,6 +2316,9 @@ + case 'k': + keepalive = 1; + break; ++ case 'o': ++ src_address = strdup(optarg); ++ break; + case 'q': + heartbeatres = 0; + break; diff --git a/SOURCES/httpd-2.4.27-systemd.patch b/SOURCES/httpd-2.4.27-systemd.patch new file mode 100644 index 0000000..5a8cc49 --- /dev/null +++ b/SOURCES/httpd-2.4.27-systemd.patch @@ -0,0 +1,20 @@ +diff -uap httpd-2.4.27/modules/arch/unix/config5.m4.systemd httpd-2.4.27/modules/arch/unix/config5.m4 +--- httpd-2.4.27/modules/arch/unix/config5.m4.systemd ++++ httpd-2.4.27/modules/arch/unix/config5.m4 +@@ -18,6 +18,16 @@ + fi + ]) + ++APACHE_MODULE(systemd, Systemd support, , , all, [ ++ if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then ++ AC_MSG_WARN([Your system does not support systemd.]) ++ enable_systemd="no" ++ else ++ APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS]) ++ enable_systemd="yes" ++ fi ++]) ++ + APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) + + APACHE_MODPATH_FINISH diff --git a/SOURCES/httpd-2.4.33-socket-activation.patch b/SOURCES/httpd-2.4.33-socket-activation.patch deleted file mode 100644 index 9158866..0000000 --- a/SOURCES/httpd-2.4.33-socket-activation.patch +++ /dev/null @@ -1,299 +0,0 @@ -diff -urNp a/server/listen.c.socketactivation b/server/listen.c ---- a/server/listen.c.socketactivation 2017-08-16 18:48:29.000000000 +0200 -+++ b/server/listen.c 2018-06-18 14:31:10.639221470 +0200 -@@ -34,6 +34,10 @@ - #include - #endif - -+#ifdef HAVE_SYSTEMD -+#include -+#endif -+ - /* we know core's module_index is 0 */ - #undef APLOG_MODULE_INDEX - #define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX -@@ -59,9 +63,12 @@ static int ap_listenbacklog; - static int ap_listencbratio; - static int send_buffer_size; - static int receive_buffer_size; -+#ifdef HAVE_SYSTEMD -+static int use_systemd = -1; -+#endif - - /* TODO: make_sock is just begging and screaming for APR abstraction */ --static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server) -+static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server, int do_bind_listen) - { - apr_socket_t *s = server->sd; - int one = 1; -@@ -94,20 +101,6 @@ static apr_status_t make_sock(apr_pool_t - return stat; - } - --#if APR_HAVE_IPV6 -- if (server->bind_addr->family == APR_INET6) { -- stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); -- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { -- ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069) -- "make_sock: for address %pI, apr_socket_opt_set: " -- "(IPV6_V6ONLY)", -- server->bind_addr); -- apr_socket_close(s); -- return stat; -- } -- } --#endif -- - /* - * To send data over high bandwidth-delay connections at full - * speed we must force the TCP window to open wide enough to keep the -@@ -169,21 +162,37 @@ static apr_status_t make_sock(apr_pool_t - } - #endif - -- if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) { -- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072) -- "make_sock: could not bind to address %pI", -- server->bind_addr); -- apr_socket_close(s); -- return stat; -- } -+ if (do_bind_listen) { -+#if APR_HAVE_IPV6 -+ if (server->bind_addr->family == APR_INET6) { -+ stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); -+ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069) -+ "make_sock: for address %pI, apr_socket_opt_set: " -+ "(IPV6_V6ONLY)", -+ server->bind_addr); -+ apr_socket_close(s); -+ return stat; -+ } -+ } -+#endif - -- if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) { -- ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073) -- "make_sock: unable to listen for connections " -- "on address %pI", -- server->bind_addr); -- apr_socket_close(s); -- return stat; -+ if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) { -+ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072) -+ "make_sock: could not bind to address %pI", -+ server->bind_addr); -+ apr_socket_close(s); -+ return stat; -+ } -+ -+ if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) { -+ ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073) -+ "make_sock: unable to listen for connections " -+ "on address %pI", -+ server->bind_addr); -+ apr_socket_close(s); -+ return stat; -+ } - } - - #ifdef WIN32 -@@ -277,6 +286,123 @@ static apr_status_t close_listeners_on_e - return APR_SUCCESS; - } - -+#ifdef HAVE_SYSTEMD -+ -+static int find_systemd_socket(process_rec * process, apr_port_t port) { -+ int fdcount, fd; -+ int sdc = sd_listen_fds(0); -+ -+ if (sdc < 0) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486) -+ "find_systemd_socket: Error parsing enviroment, sd_listen_fds returned %d", -+ sdc); -+ return -1; -+ } -+ -+ if (sdc == 0) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487) -+ "find_systemd_socket: At least one socket must be set."); -+ return -1; -+ } -+ -+ fdcount = atoi(getenv("LISTEN_FDS")); -+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) { -+ if (sd_is_socket_inet(fd, 0, 0, -1, port) > 0) { -+ return fd; -+ } -+ } -+ -+ return -1; -+} -+ -+static apr_status_t alloc_systemd_listener(process_rec * process, -+ int fd, const char *proto, -+ ap_listen_rec **out_rec) -+{ -+ apr_status_t rv; -+ struct sockaddr sa; -+ socklen_t len = sizeof(struct sockaddr); -+ apr_os_sock_info_t si; -+ ap_listen_rec *rec; -+ *out_rec = NULL; -+ -+ memset(&si, 0, sizeof(si)); -+ -+ rv = getsockname(fd, &sa, &len); -+ -+ if (rv != 0) { -+ rv = apr_get_netos_error(); -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02489) -+ "getsockname on %d failed.", fd); -+ return rv; -+ } -+ -+ si.os_sock = &fd; -+ si.family = sa.sa_family; -+ si.local = &sa; -+ si.type = SOCK_STREAM; -+ si.protocol = APR_PROTO_TCP; -+ -+ rec = apr_palloc(process->pool, sizeof(ap_listen_rec)); -+ rec->active = 0; -+ rec->next = 0; -+ -+ -+ rv = apr_os_sock_make(&rec->sd, &si, process->pool); -+ if (rv != APR_SUCCESS) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02490) -+ "apr_os_sock_make on %d failed.", fd); -+ return rv; -+ } -+ -+ rv = apr_socket_addr_get(&rec->bind_addr, APR_LOCAL, rec->sd); -+ if (rv != APR_SUCCESS) { -+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02491) -+ "apr_socket_addr_get on %d failed.", fd); -+ return rv; -+ } -+ -+ rec->protocol = apr_pstrdup(process->pool, proto); -+ -+ *out_rec = rec; -+ -+ return make_sock(process->pool, rec, 0); -+} -+ -+static const char *set_systemd_listener(process_rec *process, apr_port_t port, -+ const char *proto) -+{ -+ ap_listen_rec *last, *new; -+ apr_status_t rv; -+ int fd = find_systemd_socket(process, port); -+ if (fd < 0) { -+ return "Systemd socket activation is used, but this port is not " -+ "configured in systemd"; -+ } -+ -+ last = ap_listeners; -+ while (last && last->next) { -+ last = last->next; -+ } -+ -+ rv = alloc_systemd_listener(process, fd, proto, &new); -+ if (rv != APR_SUCCESS) { -+ return "Failed to setup socket passed by systemd using socket activation"; -+ } -+ -+ if (last == NULL) { -+ ap_listeners = last = new; -+ } -+ else { -+ last->next = new; -+ last = new; -+ } -+ -+ return NULL; -+} -+ -+#endif /* HAVE_SYSTEMD */ -+ - static int find_listeners(ap_listen_rec **from, ap_listen_rec **to, - const char *addr, apr_port_t port) - { -@@ -495,7 +621,7 @@ static int open_listeners(apr_pool_t *po - } - } - #endif -- if (make_sock(pool, lr) == APR_SUCCESS) { -+ if (make_sock(pool, lr, 1) == APR_SUCCESS) { - ++num_open; - } - else { -@@ -607,8 +733,28 @@ AP_DECLARE(int) ap_setup_listeners(serve - } - } - -- if (open_listeners(s->process->pool)) { -- return 0; -+#ifdef HAVE_SYSTEMD -+ if (use_systemd) { -+ const char *userdata_key = "ap_open_systemd_listeners"; -+ void *data; -+ /* clear the enviroment on our second run -+ * so that none of our future children get confused. -+ */ -+ apr_pool_userdata_get(&data, userdata_key, s->process->pool); -+ if (!data) { -+ apr_pool_userdata_set((const void *)1, userdata_key, -+ apr_pool_cleanup_null, s->process->pool); -+ } -+ else { -+ sd_listen_fds(1); -+ } -+ } -+ else -+#endif -+ { -+ if (open_listeners(s->process->pool)) { -+ return 0; -+ } - } - - for (lr = ap_listeners; lr; lr = lr->next) { -@@ -698,7 +844,7 @@ AP_DECLARE(apr_status_t) ap_duplicate_li - duplr->bind_addr); - return stat; - } -- make_sock(p, duplr); -+ make_sock(p, duplr, 1); - #if AP_NONBLOCK_WHEN_MULTI_LISTEN - use_nonblock = (ap_listeners && ap_listeners->next); - stat = apr_socket_opt_set(duplr->sd, APR_SO_NONBLOCK, use_nonblock); -@@ -825,6 +971,11 @@ AP_DECLARE_NONSTD(const char *) ap_set_l - if (argc < 1 || argc > 2) { - return "Listen requires 1 or 2 arguments."; - } -+#ifdef HAVE_SYSTEMD -+ if (use_systemd == -1) { -+ use_systemd = sd_listen_fds(0) > 0; -+ } -+#endif - - rv = apr_parse_addr_port(&host, &scope_id, &port, argv[0], cmd->pool); - if (rv != APR_SUCCESS) { -@@ -856,6 +1007,12 @@ AP_DECLARE_NONSTD(const char *) ap_set_l - ap_str_tolower(proto); - } - -+#ifdef HAVE_SYSTEMD -+ if (use_systemd) { -+ return set_systemd_listener(cmd->server->process, port, proto); -+ } -+#endif -+ - return alloc_listener(cmd->server->process, host, port, proto, NULL); - } - diff --git a/SOURCES/httpd-2.4.33.tar.bz2 b/SOURCES/httpd-2.4.33.tar.bz2 deleted file mode 100644 index 725aded..0000000 Binary files a/SOURCES/httpd-2.4.33.tar.bz2 and /dev/null differ diff --git a/SOURCES/httpd-2.4.4-export.patch b/SOURCES/httpd-2.4.4-export.patch deleted file mode 100644 index eb670c6..0000000 --- a/SOURCES/httpd-2.4.4-export.patch +++ /dev/null @@ -1,20 +0,0 @@ - -There is no need to "suck in" the apr/apr-util symbols when using -a shared libapr{,util}, it just bloats the symbol table; so don't. - -Upstream-HEAD: needed -Upstream-2.0: omit -Upstream-Status: EXPORT_DIRS change is conditional on using shared apr - ---- httpd-2.4.4/server/Makefile.in.export -+++ httpd-2.4.4/server/Makefile.in -@@ -57,9 +57,6 @@ export_files: - ( for dir in $(EXPORT_DIRS); do \ - ls $$dir/*.h ; \ - done; \ -- for dir in $(EXPORT_DIRS_APR); do \ -- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ -- done; \ - ) | sed -e s,//,/,g | sort -u > $@ - - exports.c: export_files diff --git a/SOURCES/httpd-2.4.57.tar.bz2 b/SOURCES/httpd-2.4.57.tar.bz2 new file mode 100644 index 0000000..19f1a43 Binary files /dev/null and b/SOURCES/httpd-2.4.57.tar.bz2 differ diff --git a/SOURCES/httpd-2.4.57.tar.bz2.asc b/SOURCES/httpd-2.4.57.tar.bz2.asc new file mode 100644 index 0000000..c15520b --- /dev/null +++ b/SOURCES/httpd-2.4.57.tar.bz2.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEZbLUT+dL1ePeOsPwgngd5G1ZVPoFAmQpqJUACgkQgngd5G1Z +VPrSqhAAge2udhX49FI9zwhoxeCND0dxB/DZ8vWc6MbDryYUYZBA2+o7cvwSRSdZ +fxghFliJUWDSDD7YFjIrsAKPcjdKS2vn6+vmNRU05dw+JoZuQuyzg9PMuEOo3qRN +poVd7SsxFhAT3ow6+j2ns3ei+B87BWrgkN6P2A4UNiUKKej+EACL3JnrOGbcPoLa +ThEdphd5B6qTegw3Sz3aHgJ06833mH5KdrUNXwjmhsZCdgmBORyepjAQFKQChOq6 +JExsk/PTPgy0KX27IWMgrgQohW0zEzr8BtrZsu+DXxuhjen7bKm06uEoYDCR6xF1 +gu/oGBLVuDkktnRfleGUtmXoJ+yVMyz06ILL/ka5Jy3ob8sdWqD37oAcGQJeZYog +uUnW+FoCmfv6uLRxZbFr2SCr2Jc8cnI45cPpppG0OraBJHHja99W60lInDpjFvHF +U9Ev+UNU3PwtYuIhwp8tJB61cnQzxyH0Frt5lQfXxPKWTuFY3MSuoNJi1x3IqZvx +fan2kxN0R0RyvXOhD6eJcQpydRHNDj/zgIo46gL7XRPB4aFBZRPyXwTVejcT6juL +CHX/AUk18DIlBd+X7wJ115UQg9m6bABrj+Jg6ujoTb62Vstuju3P6XJ/qbCpGQcY +ZyLOwbFiDD8CMm06ELQixDa9momkXXWH6mH+cEQDkPl+Scz5pf0= +=qbuf +-----END PGP SIGNATURE----- diff --git a/SOURCES/httpd-2.4.9-apxs.patch b/SOURCES/httpd-2.4.9-apxs.patch index 7016dec..e2b65f7 100644 --- a/SOURCES/httpd-2.4.9-apxs.patch +++ b/SOURCES/httpd-2.4.9-apxs.patch @@ -1,8 +1,6 @@ -diff --git a/support/apxs.in b/support/apxs.in -index ad1287f..efcfcf6 100644 ---- a/support/apxs.in -+++ b/support/apxs.in -@@ -25,7 +25,18 @@ package apxs; +--- httpd-2.4.43/support/apxs.in.apxs 2020-03-20 15:00:44.000000000 +0200 ++++ httpd-2.4.43/support/apxs.in 2020-04-02 15:16:23.516349733 +0300 +@@ -35,7 +35,18 @@ my %config_vars = (); @@ -19,10 +17,10 @@ index ad1287f..efcfcf6 100644 + +my $installbuilddir = $libdir . "/httpd/build"; + - get_config_vars("$installbuilddir/config_vars.mk",\%config_vars); + get_config_vars($destdir . "$installbuilddir/config_vars.mk",\%config_vars); # read the configuration variables once -@@ -275,7 +286,7 @@ if ($opt_g) { +@@ -285,7 +296,7 @@ $data =~ s|%NAME%|$name|sg; $data =~ s|%TARGET%|$CFG_TARGET|sg; $data =~ s|%PREFIX%|$prefix|sg; @@ -31,7 +29,7 @@ index ad1287f..efcfcf6 100644 my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s); -@@ -453,11 +464,11 @@ if ($opt_c) { +@@ -463,11 +474,11 @@ my $ldflags = "$CFG_LDFLAGS"; if ($opt_p == 1) { @@ -45,7 +43,7 @@ index ad1287f..efcfcf6 100644 chomp($apu_libs); } -@@ -672,8 +683,8 @@ __DATA__ +@@ -682,8 +693,8 @@ builddir=. top_srcdir=%PREFIX% diff --git a/SOURCES/ihttpd-2.4.20-layout.patch b/SOURCES/ihttpd-2.4.20-layout.patch index 8afcfdd..c42da73 100644 --- a/SOURCES/ihttpd-2.4.20-layout.patch +++ b/SOURCES/ihttpd-2.4.20-layout.patch @@ -3,12 +3,11 @@ Add layout for IHttpd. --- httpd-2.4.20/config.layout.orig +++ httpd-2.4.20/config.layout -@@ -370,3 +370,27 @@ - logfiledir: ${localstatedir}/log/httpd - proxycachedir: ${localstatedir}/cache/httpd +@@ -33,6 +33,30 @@ + proxycachedir: ${localstatedir}/proxy -+ -+# IHttpd layout + ++# IHttpd layout + + prefix: /usr + exec_prefix: ${prefix} @@ -31,3 +30,7 @@ Add layout for IHttpd. + logfiledir: ${localstatedir}/log/ihttpd + proxycachedir: ${localstatedir}/cache/ihttpd/proxy + ++ + # GNU standards conforming path layout. + # See FSF's GNU project `make-stds' document for details. + diff --git a/SOURCES/ihttpd.dracut b/SOURCES/ihttpd.dracut index abcafd1..4fa9ed1 100644 --- a/SOURCES/ihttpd.dracut +++ b/SOURCES/ihttpd.dracut @@ -1,4 +1,5 @@ -# Unomit mageia's omited network and systemd modules +# Unomit mageia's omited systemd module omit_dracutmodules=" network " -# Force dhcp and net in initramfs -#kernel_cmdline+=" ip=dhcp rd.neednet=1 " + +# Add various drivers +#add_drivers+=" vboxvideo vga16fb r8169 " diff --git a/SOURCES/ihttpd.module-setup b/SOURCES/ihttpd.module-setup index be1c658..3829829 100644 --- a/SOURCES/ihttpd.module-setup +++ b/SOURCES/ihttpd.module-setup @@ -1,28 +1,24 @@ -#!/bin/bash +#!/usr/bin/bash # called by dracut check() { - local fs - - # Fix tmpfiledir - #XXX: fix installation of /usr/lib/tmpfileS.d/{dracut-tmpfiles,systemd}.conf - #XXX: should be removed when bug 18642 (mageia) or 1343230 (fedora) will be fixed in /usr/bin/dracut +1262-1282 - [ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /usr/lib/tmpfiles.d ] && tmpfilesdir=/usr/lib/tmpfiles.d - [ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /etc/tmpfiles.d ] && tmpfilesdir=/etc/tmpfiles.d - [ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /lib/tmpfiles.d ] && tmpfilesdir=/lib/tmpfiles.d + local _fs # if cryptsetup is not installed, then we cannot support encrypted devices. require_binaries cryptsetup || return 1 - # if hostonly or mount_needs include if required by other module - # if one of fs types is crypto_LUKS include it - [[ $hostonly ]] || [[ $mount_needs ]] && { - for fs in "${host_fs_types[@]}"; do - [[ $fs = "crypto_LUKS" ]] && return 0 + # hostonly mode check + [[ $hostonly ]] && { + for _fs in "${host_fs_types[@]}"; do + # include when a crypto_LUKS fs is present + [[ $_fs = "crypto_LUKS" ]] && return 0 done + + # include if required by other module return 255 } + # include by default return 0 } @@ -30,16 +26,17 @@ check() { depends() { # depend on crypt for /etc/crypttab # depend on systemd-networkd for rd.neednet=1 - # depend on dracut-systemd for appending to $tmpfilesdir/dracut-tmpfiles.conf - echo crypt systemd-networkd dracut-systemd + echo crypt systemd-networkd + return 0 } # called by dracut cmdline() { - local fs - for fs in "${host_fs_types[@]}"; do - if [[ "$fs" == "crypto_LUKS" ]]; then + local _fs + + for _fs in "${host_fs_types[@]}"; do + if [[ "$_fs" == "crypto_LUKS" ]]; then #XXX we used to include ip=dhcp as well (replaced by systemd-networkd configuration) printf "%s" " rd.neednet=1" break @@ -50,16 +47,17 @@ cmdline() { # called by dracut install() { local _ihttpdconf=$(cmdline) - local fs + #XXX: rd.neednet=1 is mandatory to have active network in initrd [[ $_ihttpdconf ]] && printf "%s\n" "$_ihttpdconf" >> "${initdir}/etc/cmdline.d/99ihttpd.conf" - # Install cert dirs + # Install required dirs inst_dir \ /etc/pki/tls/certs \ /etc/pki/tls/private \ /etc/systemd/network \ $systemdsystemunitdir/ihttpd.service.wants \ + $systemdsystemunitdir/sysinit.target.wants \ /var/www/html # Install all files @@ -71,12 +69,7 @@ install() { /etc/nsswitch.conf \ /etc/pki/tls/certs/ihttpd.pem \ /etc/pki/tls/private/ihttpd.pem \ - /etc/systemd/resolved.conf \ $systemdsystemunitdir/systemd-networkd.service \ - $systemdsystemunitdir/systemd-resolved.service \ - $systemdsystemunitdir/systemd-tmpfiles-setup.service \ - $systemdutildir/systemd-resolved \ - $tmpfilesdir/ihttpd.conf \ '/sbin/cryptsetup' \ '/usr/bin/false' \ '/usr/bin/reboot' \ @@ -122,31 +115,20 @@ install() { done # Install resolv.conf as symlink - ln -fs '/run/systemd/resolve/resolv.conf' $initdir/etc/resolv.conf + grep -vE '^($|#|nameserver 127.0.0.1|nameserver ::1)' /etc/resolv.conf > $initdir/etc/resolv.conf # Install in ihttpd.service.wants ln -fs \ - ../systemd-resolved.service \ ../systemd-networkd.service \ - ../systemd-tmpfiles-setup.service \ $initdir$systemdsystemunitdir/ihttpd.service.wants/ - # Cleanup resolved.conf - perl -pne 'undef $_ if /^(?:#.*|Domains=|FallbackDNS=|DNS=(?:127.0.0.1|::1)$|$)/;/^DNS=/ && $_ =~ s/(?:127.0.0.1|::1)[ \t]*//g' \ - -i "$initdir/etc/systemd/resolved.conf" - # Cleanup nsswitch.conf perl -pne 'undef $_ if /^(?:#|$)/;s/compat/files/;s/ ?(?:nis|wins|mdns4_minimal |mdns4)( )?/\1/g' \ -i "$initdir/etc/nsswitch.conf" - # Require systemd-resolve user and group for our ihttpd process - `egrep -q '^systemd-resolve:' $initdir/etc/group` || egrep '^systemd-resolve:' /etc/group >> "$initdir/etc/group" - `egrep -q '^systemd-resolve:' $initdir/etc/passwd` || egrep '^systemd-resolve:' /etc/passwd >> "$initdir/etc/passwd" - #XXX: bug: fix /usr/lib/tmpfiles.d/{systemd,dracut-tmpfiles}.conf missing user and group - `egrep -q '^utmp:' $initdir/etc/group` || egrep '^utmp:' /etc/group >> "$initdir/etc/group" # Require root user and group for our ihttpd process - `egrep -q '^root:' $initdir/etc/group` || egrep '^root:' /etc/group >> "$initdir/etc/group" - `egrep -q '^root:' $initdir/etc/passwd` || egrep '^root:' /etc/passwd >> "$initdir/etc/passwd" + `grep -Eq '^root:' $initdir/etc/group` || grep -E '^root:' /etc/group >> "$initdir/etc/group" + `grep -Eq '^root:' $initdir/etc/passwd` || grep -E '^root:' /etc/passwd >> "$initdir/etc/passwd" # For debug only if false; then @@ -163,7 +145,6 @@ install() { $systemdsystemunitdir/basic.target.wants \ $systemdsystemunitdir/emergency.target.wants \ $systemdsystemunitdir/rescue.target.wants \ - $systemdsystemunitdir/sysinit.target.wants \ /usr/lib64/security \ /usr/share/terminfo/x \ /var/empty diff --git a/SOURCES/ihttpd.service b/SOURCES/ihttpd.service index 0c055f4..a177273 100644 --- a/SOURCES/ihttpd.service +++ b/SOURCES/ihttpd.service @@ -4,12 +4,13 @@ Description=The Apache HTTP Server answering password requests DefaultDependencies=no AllowIsolate=no IgnoreOnIsolate=yes -Before=cryptsetup-pre.target -After=systemd-networkd.service systemd-tmpfiles-setup.service +Before=cryptsetup.target +After=systemd-networkd.service [Service] Type=simple Environment=LANG=C +ExecStartPre=/usr/bin/mkdir -p /run/ihttpd /run/ihttpd/log ExecStart=/usr/sbin/ihttpd -DFOREGROUND KillSignal=SIGWINCH KillMode=mixed diff --git a/SOURCES/ihttpd.tmpfiles b/SOURCES/ihttpd.tmpfiles deleted file mode 100644 index b422ac9..0000000 --- a/SOURCES/ihttpd.tmpfiles +++ /dev/null @@ -1,2 +0,0 @@ -d /run/ihttpd 755 root root -d /run/ihttpd/log 755 root root diff --git a/SOURCES/index.bin.c b/SOURCES/index.bin.c index f0275a4..1eeed25 100644 --- a/SOURCES/index.bin.c +++ b/SOURCES/index.bin.c @@ -79,7 +79,7 @@ #define IHTTPDLOG "/run/ihttpd/log/child.ihttpd.log" //Define form uri -#define FORMID "" +#define FORMID "5903c738" #define FORMURI "/" FORMID ".html" //Create struct for http error status @@ -200,7 +200,7 @@ void showMaintenance() { printf("problems. Please try again later.

\r\n"); printf("

Error 503

\r\n"); printf("
%s
%s
\r\n", getenv("SERVER_NAME"), getenv("SERVER_SOFTWARE")); - printf("\r\n", FORMID); + printf("

Form

\r\n", FORMID); printf("\r\n"); printf("\r\n"); } diff --git a/SPECS/ihttpd.spec b/SPECS/ihttpd.spec index 856fef3..37b08fe 100644 --- a/SPECS/ihttpd.spec +++ b/SPECS/ihttpd.spec @@ -1,20 +1,24 @@ +%global __brp_check_rpaths %{nil} +%define _disable_ld_no_undefined 1 +# (luigiwalser, ngompa): httpd build hates parallelization +%define _smp_ncpus_max 8 %define contentdir %{_datadir}/httpd %define docroot /var/www +%define vstring Mageia %{?!maxmodules:%global maxmodules 128} %{?!serverlimit:%global serverlimit 1024} Name: ihttpd -Version: 2.4.38 +Version: 2.4.57 Release: %mkrel 1 Summary: The most widely used Web server on the Internet -License: Apache License +License: ASL 2.0 Group: System/Servers URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%version.tar.bz2 Source1: index.bin.c Source2: reboot.sh -Source14: ihttpd.tmpfiles Source15: ihttpd.service Source16: debug-sshd.service Source18: ihttpd.dracut @@ -29,19 +33,22 @@ Patch6: httpd-2.4.3-apctl-systemd.patch Patch7: httpd-2.4.10-detect-systemd.patch # Features/functional changes Patch20: httpd-2.4.3-release.patch +#Disable in ihttpd to avoid build fail #Patch23: httpd-2.4.4-export.patch Patch24: httpd-2.4.1-corelimit.patch #Patch26: httpd-2.4.4-r1337344+.patch Patch27: httpd-2.4.2-icons.patch Patch28: httpd-2.4.4-r1332643+.patch +# http://marc.info/?l=apache-httpd-dev&m=134867223818085&w=2 +Patch29: httpd-2.4.27-systemd.patch Patch30: httpd-2.4.4-cachehardmax.patch #Patch31: httpd-2.4.18-sslmultiproxy.patch -Patch34: httpd-2.4.33-socket-activation.patch +Patch34: httpd-2.4.17-socket-activation.patch #Patch35: httpd-2.4.33-sslciphdefault.patch # Bug fixes -#Patch55: httpd-2.4.4-malformed-host.patch -#Patch56: httpd-2.4.4-mod_unique_id.patch -#Patch57: httpd-2.4.10-sigint.patch +# http://issues.apache.org/bugzilla/show_bug.cgi?id=32524 +Patch100: httpd-2.4.25-ab_source_address.patch +Patch101: httpd-2.2.10-ldap_auth_now_modular_in-apr-util-dbd-ldap_fix.diff # For /var/www/html Requires: webserver-base @@ -53,6 +60,18 @@ Requires(post): rpm-helper >= 0.24.8-1 Requires(post): openssl makedev Requires(preun): rpm-helper >= 0.24.8-1 +BuildRequires: bison +BuildRequires: flex +BuildRequires: libcurl-devel +BuildRequires: libtool >= 1.4.2 +BuildRequires: multiarch-utils >= 1.0.3 +BuildRequires: pkgconfig(apr-1) >= 1.7.0-4 +BuildRequires: pkgconfig(apr-util-1) >= 1.6.1-5 +BuildRequires: pkgconfig(libpcre2-8) +BuildRequires: pkgconfig(openssl) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(zlib) + %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web @@ -70,21 +89,24 @@ This version of apache is fully static, and few modules are available built-in. %patch6 -p1 -b .apctlsystemd %patch7 -p1 -b .detectsystemd +#Disable in ihttpd to avoid build fail #%patch23 -p1 -b .export %patch24 -p1 -b .corelimit #%patch26 -p1 -b .r1337344+ %patch27 -p1 -b .icons +%patch29 -p1 -b .systemd %patch30 -p1 -b .cachehardmax +# No longer applies #%patch31 -p1 -b .sslmultiproxy %patch34 -p1 -b .socketactivation #%patch35 -p1 -b .sslciphdefault +#patch44 -p1 -b .luaresume -#%patch55 -p1 -b .malformedhost -#%patch56 -p1 -b .uniqueid -#%patch57 -p1 -b .sigint +%patch100 -p1 -b .ab_source_address.droplet +%patch101 -p0 -b .PR45994.droplet # Patch in vendor/release string -sed "s/@RELEASE@/%{product_distribution}/" < %{PATCH20} | patch -p1 +sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1 # forcibly prevent use of bundled apr, apr-util, pcre rm -rf srclib/{apr,apr-util,pcre} @@ -130,12 +152,13 @@ autoheader && autoconf || exit 1 # Required to be able to run as root export CFLAGS="$RPM_OPT_FLAGS -DBIG_SECURITY_HOLE" -export LDFLAGS="-Wl,-z,relro,-z,now" +ldflags_hacky_workaround_for_systemd_lib_not_added="-lsystemd " +export LDFLAGS="${ldflags_hacky_workaround_for_systemd_lib_not_added}-Wl,-z,relro,-z,now" # Hard-code path to links to avoid unnecessary builddep export LYNX_PATH=/usr/bin/links -%configure2_5x \ +%configure \ --enable-layout=IHttpd \ --sysconfdir='/etc' \ --includedir='/usr/include/ihttpd' \ @@ -166,7 +189,8 @@ export LYNX_PATH=/usr/bin/links --enable-modules=none \ --enable-mods-static='unixd auth_basic authn_core authn_file authz_core authz_host authz_user rewrite socache_shmcb dir mime log_config cgi ssl' -%make +# parallel build fails on the build host +%__make export CFLAGS="$RPM_OPT_FLAGS" gcc index.bin.c -o index.bin @@ -176,9 +200,6 @@ gcc index.bin.c -o index.bin #IHttpd sbin install -D -p -m 755 ihttpd %{buildroot}%{_sbindir}/ihttpd -#Tmpfiles.d config -install -D -p -m 644 %{SOURCE14} %{buildroot}%{_tmpfilesdir}/ihttpd.conf - #IHttpd dracut config install -D -p -m 644 %{SOURCE18} %{buildroot}%{_sysconfdir}/dracut.conf.d/99-%{name}.conf @@ -194,18 +215,13 @@ install -D -p -m 644 %{SOURCE20} %{buildroot}%{_prefix}/lib/%{name}/ install -D -p -m 644 %{SOURCE15} %{buildroot}%{_prefix}/lib/%{name}/ install -D -p -m 644 %{SOURCE16} %{buildroot}%{_prefix}/lib/%{name}/ - -#%find_lang %name - %post -%_tmpfilescreate %{name} %_create_ssl_certificate %{name} %files -n %name %config(noreplace) %{_prefix}/lib/%{name}/%{name}.conf %config(noreplace) %{_sysconfdir}/dracut.conf.d/99-%{name}.conf %{_sbindir}/%{name} -%{_tmpfilesdir}/%{name}.conf %dir %{_prefix}/lib/dracut/modules.d/99ihttpd %{_prefix}/lib/dracut/modules.d/99ihttpd/module-setup.sh %dir %{_prefix}/lib/%{name}