diff options
Diffstat (limited to 'meta-webserver/recipes-httpd/apache2/apache2')
10 files changed, 914 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch new file mode 100644 index 000000000..8585f0bb3 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch | |||
@@ -0,0 +1,289 @@ | |||
1 | apache: CVE-2014-0117 | ||
2 | |||
3 | The patch comes from upstream: | ||
4 | http://svn.apache.org/viewvc?view=revision&revision=1610674 | ||
5 | |||
6 | SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a | ||
7 | reverse proxy configuration, a remote attacker could send a carefully crafted | ||
8 | request which could crash a server process, resulting in denial of service. | ||
9 | |||
10 | Thanks to Marek Kroemeke working with HP's Zero Day Initiative for | ||
11 | reporting this issue. | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | |||
15 | Submitted by: Edward Lu, breser, covener | ||
16 | Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> | ||
17 | --- | ||
18 | modules/proxy/mod_proxy_http.c | 8 +++- | ||
19 | include/httpd.h | 17 ++++++++ | ||
20 | modules/proxy/proxy_util.c | 67 ++++++++++++++---------------- | ||
21 | server/util.c | 89 ++++++++++++++++++++++++++++++++++++++++++ | ||
22 | 4 files changed, 143 insertions(+), 38 deletions(-) | ||
23 | |||
24 | diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c | ||
25 | index cffad2e..f11c16f 100644 | ||
26 | --- a/modules/proxy/mod_proxy_http.c | ||
27 | +++ b/modules/proxy/mod_proxy_http.c | ||
28 | @@ -1362,6 +1362,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, | ||
29 | */ | ||
30 | if (apr_date_checkmask(buffer, "HTTP/#.# ###*")) { | ||
31 | int major, minor; | ||
32 | + int toclose; | ||
33 | |||
34 | major = buffer[5] - '0'; | ||
35 | minor = buffer[7] - '0'; | ||
36 | @@ -1470,7 +1471,12 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, | ||
37 | te = apr_table_get(r->headers_out, "Transfer-Encoding"); | ||
38 | |||
39 | /* strip connection listed hop-by-hop headers from response */ | ||
40 | - backend->close = ap_proxy_clear_connection_fn(r, r->headers_out); | ||
41 | + toclose = ap_proxy_clear_connection_fn(r, r->headers_out); | ||
42 | + backend->close = (toclose != 0); | ||
43 | + if (toclose < 0) { | ||
44 | + return ap_proxyerror(r, HTTP_BAD_REQUEST, | ||
45 | + "Malformed connection header"); | ||
46 | + } | ||
47 | |||
48 | if ((buf = apr_table_get(r->headers_out, "Content-Type"))) { | ||
49 | ap_set_content_type(r, apr_pstrdup(p, buf)); | ||
50 | diff --git a/include/httpd.h b/include/httpd.h | ||
51 | index 36cd58d..9a2cf5c 100644 | ||
52 | --- a/include/httpd.h | ||
53 | +++ b/include/httpd.h | ||
54 | @@ -1528,6 +1528,23 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t *p, const char *line, const char *t | ||
55 | AP_DECLARE(int) ap_find_etag_strong(apr_pool_t *p, const char *line, const char *tok); | ||
56 | |||
57 | /** | ||
58 | + * Retrieve an array of tokens in the format "1#token" defined in RFC2616. Only | ||
59 | + * accepts ',' as a delimiter, does not accept quoted strings, and errors on | ||
60 | + * any separator. | ||
61 | + * @param p The pool to allocate from | ||
62 | + * @param tok The line to read tokens from | ||
63 | + * @param tokens Pointer to an array of tokens. If not NULL, must be an array | ||
64 | + * of char*, otherwise it will be allocated on @a p when a token is found | ||
65 | + * @param skip_invalid If true, when an invalid separator is encountered, it | ||
66 | + * will be ignored. | ||
67 | + * @return NULL on success, an error string otherwise. | ||
68 | + * @remark *tokens may be NULL on output if NULL in input and no token is found | ||
69 | + */ | ||
70 | +AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, const char *tok, | ||
71 | + apr_array_header_t **tokens, | ||
72 | + int skip_invalid); | ||
73 | + | ||
74 | +/** | ||
75 | * Retrieve a token, spacing over it and adjusting the pointer to | ||
76 | * the first non-white byte afterwards. Note that these tokens | ||
77 | * are delimited by semis and commas and can also be delimited | ||
78 | diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c | ||
79 | index 67dc939..58daa21 100644 | ||
80 | --- a/modules/proxy/proxy_util.c | ||
81 | +++ b/modules/proxy/proxy_util.c | ||
82 | @@ -2847,68 +2847,59 @@ PROXY_DECLARE(proxy_balancer_shared *) ap_proxy_find_balancershm(ap_slotmem_prov | ||
83 | typedef struct header_connection { | ||
84 | apr_pool_t *pool; | ||
85 | apr_array_header_t *array; | ||
86 | - const char *first; | ||
87 | - unsigned int closed:1; | ||
88 | + const char *error; | ||
89 | + int is_req; | ||
90 | } header_connection; | ||
91 | |||
92 | static int find_conn_headers(void *data, const char *key, const char *val) | ||
93 | { | ||
94 | header_connection *x = data; | ||
95 | - const char *name; | ||
96 | - | ||
97 | - do { | ||
98 | - while (*val == ',' || *val == ';') { | ||
99 | - val++; | ||
100 | - } | ||
101 | - name = ap_get_token(x->pool, &val, 0); | ||
102 | - if (!strcasecmp(name, "close")) { | ||
103 | - x->closed = 1; | ||
104 | - } | ||
105 | - if (!x->first) { | ||
106 | - x->first = name; | ||
107 | - } | ||
108 | - else { | ||
109 | - const char **elt; | ||
110 | - if (!x->array) { | ||
111 | - x->array = apr_array_make(x->pool, 4, sizeof(char *)); | ||
112 | - } | ||
113 | - elt = apr_array_push(x->array); | ||
114 | - *elt = name; | ||
115 | - } | ||
116 | - } while (*val); | ||
117 | |||
118 | - return 1; | ||
119 | + x->error = ap_parse_token_list_strict(x->pool, val, &x->array, !x->is_req); | ||
120 | + return !x->error; | ||
121 | } | ||
122 | |||
123 | /** | ||
124 | * Remove all headers referred to by the Connection header. | ||
125 | + * Returns -1 on error. Otherwise, returns 1 if 'Close' was seen in | ||
126 | + * the Connection header tokens, and 0 if not. | ||
127 | */ | ||
128 | static int ap_proxy_clear_connection(request_rec *r, apr_table_t *headers) | ||
129 | { | ||
130 | - const char **name; | ||
131 | + int closed = 0; | ||
132 | header_connection x; | ||
133 | |||
134 | x.pool = r->pool; | ||
135 | x.array = NULL; | ||
136 | - x.first = NULL; | ||
137 | - x.closed = 0; | ||
138 | + x.error = NULL; | ||
139 | + x.is_req = (headers == r->headers_in); | ||
140 | |||
141 | apr_table_unset(headers, "Proxy-Connection"); | ||
142 | |||
143 | apr_table_do(find_conn_headers, &x, headers, "Connection", NULL); | ||
144 | - if (x.first) { | ||
145 | - /* fast path - no memory allocated for one header */ | ||
146 | - apr_table_unset(headers, "Connection"); | ||
147 | - apr_table_unset(headers, x.first); | ||
148 | + apr_table_unset(headers, "Connection"); | ||
149 | + | ||
150 | + if (x.error) { | ||
151 | + ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, APLOGNO() | ||
152 | + "Error parsing Connection header: %s", x.error); | ||
153 | + return -1; | ||
154 | } | ||
155 | + | ||
156 | if (x.array) { | ||
157 | - /* two or more headers */ | ||
158 | - while ((name = apr_array_pop(x.array))) { | ||
159 | - apr_table_unset(headers, *name); | ||
160 | + int i; | ||
161 | + for (i = 0; i < x.array->nelts; i++) { | ||
162 | + const char *name = APR_ARRAY_IDX(x.array, i, const char *); | ||
163 | + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO() | ||
164 | + "Removing header '%s' listed in Connection header", | ||
165 | + name); | ||
166 | + if (!strcasecmp(name, "close")) { | ||
167 | + closed = 1; | ||
168 | + } | ||
169 | + apr_table_unset(headers, name); | ||
170 | } | ||
171 | } | ||
172 | |||
173 | - return x.closed; | ||
174 | + return closed; | ||
175 | } | ||
176 | |||
177 | PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p, | ||
178 | @@ -3095,7 +3086,9 @@ PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p, | ||
179 | * apr is compiled with APR_POOL_DEBUG. | ||
180 | */ | ||
181 | headers_in_copy = apr_table_copy(r->pool, r->headers_in); | ||
182 | - ap_proxy_clear_connection(r, headers_in_copy); | ||
183 | + if (ap_proxy_clear_connection(r, headers_in_copy) < 0) { | ||
184 | + return HTTP_BAD_REQUEST; | ||
185 | + } | ||
186 | /* send request headers */ | ||
187 | headers_in_array = apr_table_elts(headers_in_copy); | ||
188 | headers_in = (const apr_table_entry_t *) headers_in_array->elts; | ||
189 | diff --git a/server/util.c b/server/util.c | ||
190 | index e0ba5c2..541c9f0 100644 | ||
191 | --- a/server/util.c | ||
192 | +++ b/server/util.c | ||
193 | @@ -1449,6 +1449,95 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t *p, const char *line, | ||
194 | return find_list_item(p, line, tok, AP_ETAG_WEAK); | ||
195 | } | ||
196 | |||
197 | +/* Grab a list of tokens of the format 1#token (from RFC7230) */ | ||
198 | +AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, | ||
199 | + const char *str_in, | ||
200 | + apr_array_header_t **tokens, | ||
201 | + int skip_invalid) | ||
202 | +{ | ||
203 | + int in_leading_space = 1; | ||
204 | + int in_trailing_space = 0; | ||
205 | + int string_end = 0; | ||
206 | + const char *tok_begin; | ||
207 | + const char *cur; | ||
208 | + | ||
209 | + if (!str_in) { | ||
210 | + return NULL; | ||
211 | + } | ||
212 | + | ||
213 | + tok_begin = cur = str_in; | ||
214 | + | ||
215 | + while (!string_end) { | ||
216 | + const unsigned char c = (unsigned char)*cur; | ||
217 | + | ||
218 | + if (!TEST_CHAR(c, T_HTTP_TOKEN_STOP) && c != '\0') { | ||
219 | + /* Non-separator character; we are finished with leading | ||
220 | + * whitespace. We must never have encountered any trailing | ||
221 | + * whitespace before the delimiter (comma) */ | ||
222 | + in_leading_space = 0; | ||
223 | + if (in_trailing_space) { | ||
224 | + return "Encountered illegal whitespace in token"; | ||
225 | + } | ||
226 | + } | ||
227 | + else if (c == ' ' || c == '\t') { | ||
228 | + /* "Linear whitespace" only includes ASCII CRLF, space, and tab; | ||
229 | + * we can't get a CRLF since headers are split on them already, | ||
230 | + * so only look for a space or a tab */ | ||
231 | + if (in_leading_space) { | ||
232 | + /* We're still in leading whitespace */ | ||
233 | + ++tok_begin; | ||
234 | + } | ||
235 | + else { | ||
236 | + /* We must be in trailing whitespace */ | ||
237 | + ++in_trailing_space; | ||
238 | + } | ||
239 | + } | ||
240 | + else if (c == ',' || c == '\0') { | ||
241 | + if (!in_leading_space) { | ||
242 | + /* If we're out of the leading space, we know we've read some | ||
243 | + * characters of a token */ | ||
244 | + if (*tokens == NULL) { | ||
245 | + *tokens = apr_array_make(p, 4, sizeof(char *)); | ||
246 | + } | ||
247 | + APR_ARRAY_PUSH(*tokens, char *) = | ||
248 | + apr_pstrmemdup((*tokens)->pool, tok_begin, | ||
249 | + (cur - tok_begin) - in_trailing_space); | ||
250 | + } | ||
251 | + /* We're allowed to have null elements, just don't add them to the | ||
252 | + * array */ | ||
253 | + | ||
254 | + tok_begin = cur + 1; | ||
255 | + in_leading_space = 1; | ||
256 | + in_trailing_space = 0; | ||
257 | + string_end = (c == '\0'); | ||
258 | + } | ||
259 | + else { | ||
260 | + /* Encountered illegal separator char */ | ||
261 | + if (skip_invalid) { | ||
262 | + /* Skip to the next separator */ | ||
263 | + const char *temp; | ||
264 | + temp = ap_strchr_c(cur, ','); | ||
265 | + if(!temp) { | ||
266 | + temp = ap_strchr_c(cur, '\0'); | ||
267 | + } | ||
268 | + | ||
269 | + /* Act like we haven't seen a token so we reset */ | ||
270 | + cur = temp - 1; | ||
271 | + in_leading_space = 1; | ||
272 | + in_trailing_space = 0; | ||
273 | + } | ||
274 | + else { | ||
275 | + return apr_psprintf(p, "Encountered illegal separator " | ||
276 | + "'\\x%.2x'", (unsigned int)c); | ||
277 | + } | ||
278 | + } | ||
279 | + | ||
280 | + ++cur; | ||
281 | + } | ||
282 | + | ||
283 | + return NULL; | ||
284 | +} | ||
285 | + | ||
286 | /* Retrieve a token, spacing over it and returning a pointer to | ||
287 | * the first non-white byte afterwards. Note that these tokens | ||
288 | * are delimited by semis and commas; and can also be delimited | ||
289 | -- | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch new file mode 100644 index 000000000..c90279d44 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch | |||
@@ -0,0 +1,20 @@ | |||
1 | # Author: echo <fei.geng@windriver.com> | ||
2 | # Date: April 28 2009 | ||
3 | # Summary:Fix perl install directory to /usr/bin | ||
4 | # | ||
5 | # Upstream-Status: Inappropriate [configuration] | ||
6 | |||
7 | --- a/configure.in | ||
8 | +++ b/configure.in | ||
9 | @@ -638,10 +638,7 @@ | ||
10 | AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR", | ||
11 | [Location of the source for the current MPM]) | ||
12 | |||
13 | -perlbin=`$ac_aux_dir/PrintPath perl` | ||
14 | -if test "x$perlbin" = "x"; then | ||
15 | - perlbin="/replace/with/path/to/perl/interpreter" | ||
16 | -fi | ||
17 | +perlbin='/usr/bin/perl' | ||
18 | AC_SUBST(perlbin) | ||
19 | |||
20 | dnl If we are running on BSD/OS, we need to use the BSD .include syntax. | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch new file mode 100644 index 000000000..3a59fb079 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch | |||
@@ -0,0 +1,76 @@ | |||
1 | --- httpd-2.2.8.orig/build/ltmain.sh | ||
2 | +++ httpd-2.2.8/build/ltmain.sh | ||
3 | @@ -1515,7 +1515,7 @@ EOF | ||
4 | dir=`$echo "X$arg" | $Xsed -e 's/^-L//'` | ||
5 | # We need an absolute path. | ||
6 | case $dir in | ||
7 | - [\\/]* | [A-Za-z]:[\\/]*) ;; | ||
8 | + =* | [\\/]* | [A-Za-z]:[\\/]*) ;; | ||
9 | *) | ||
10 | absdir=`cd "$dir" && pwd` | ||
11 | if test -z "$absdir"; then | ||
12 | @@ -2558,7 +2558,7 @@ EOF | ||
13 | $echo "*** $linklib is not portable!" | ||
14 | fi | ||
15 | if test "$linkmode" = lib && | ||
16 | - test "$hardcode_into_libs" = yes; then | ||
17 | + test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then | ||
18 | # Hardcode the library path. | ||
19 | # Skip directories that are in the system default run-time | ||
20 | # search path. | ||
21 | @@ -2832,7 +2832,7 @@ EOF | ||
22 | |||
23 | if test "$linkmode" = lib; then | ||
24 | if test -n "$dependency_libs" && | ||
25 | - { test "$hardcode_into_libs" != yes || | ||
26 | + { test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || | ||
27 | test "$build_old_libs" = yes || | ||
28 | test "$link_static" = yes; }; then | ||
29 | # Extract -R from dependency_libs | ||
30 | @@ -3426,7 +3426,8 @@ EOF | ||
31 | *) finalize_rpath="$finalize_rpath $libdir" ;; | ||
32 | esac | ||
33 | done | ||
34 | - if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then | ||
35 | + if test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || | ||
36 | + test "$build_old_libs" = yes; then | ||
37 | dependency_libs="$temp_xrpath $dependency_libs" | ||
38 | fi | ||
39 | fi | ||
40 | @@ -3843,7 +3844,7 @@ EOF | ||
41 | case $archive_cmds in | ||
42 | *\$LD\ *) wl= ;; | ||
43 | esac | ||
44 | - if test "$hardcode_into_libs" = yes; then | ||
45 | + if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then | ||
46 | # Hardcode the library paths | ||
47 | hardcode_libdirs= | ||
48 | dep_rpath= | ||
49 | @@ -4397,6 +4398,27 @@ EOF | ||
50 | # Now hardcode the library paths | ||
51 | rpath= | ||
52 | hardcode_libdirs= | ||
53 | + | ||
54 | + # short circuit putting rpaths in executables | ||
55 | + # | ||
56 | + if test "x$wrs_use_rpaths" != "xyes" ; then | ||
57 | + flag= | ||
58 | + for libdir in $compile_rpath; do | ||
59 | + case $(echo $libdir | ${SED} 's,/[/]*,/,g') in | ||
60 | + /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; | ||
61 | + esac | ||
62 | + done | ||
63 | + compile_rpath="$flag" | ||
64 | + | ||
65 | + flag= | ||
66 | + for libdir in $finalize_rpath; do | ||
67 | + case $(echo $libdir | ${SED} 's,/[/]*,/,g') in | ||
68 | + /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; | ||
69 | + esac | ||
70 | + done | ||
71 | + finalize_rpath="$flag" | ||
72 | + fi | ||
73 | + | ||
74 | for libdir in $compile_rpath $finalize_rpath; do | ||
75 | if test -n "$hardcode_libdir_flag_spec"; then | ||
76 | if test -n "$hardcode_libdir_separator"; then | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch b/meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch new file mode 100644 index 000000000..027af04c3 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch | |||
@@ -0,0 +1,55 @@ | |||
1 | Fix build scripts to use correct libtool filename | ||
2 | |||
3 | Upstream-Status: Inappropriate [configuration] | ||
4 | |||
5 | --- | ||
6 | httpd-2.4.2/build/config_vars.sh.in | 2 +- | ||
7 | httpd-2.4.2/configure | 2 +- | ||
8 | httpd-2.4.2/configure.in | 2 +- | ||
9 | httpd-2.4.2/support/apxs.in | 2 +- | ||
10 | 4 files changed, 4 insertions(+), 4 deletions(-) | ||
11 | |||
12 | --- a/build/config_vars.sh.in | ||
13 | +++ b/build/config_vars.sh.in | ||
14 | @@ -35,7 +35,7 @@ else | ||
15 | APU_CONFIG=@APU_CONFIG@ | ||
16 | fi | ||
17 | |||
18 | -APR_LIBTOOL="`${APR_CONFIG} --apr-libtool`" | ||
19 | +APR_LIBTOOL="`${APR_CONFIG} --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`" | ||
20 | APR_INCLUDEDIR="`${APR_CONFIG} --includedir`" | ||
21 | test -n "@APU_CONFIG@" && APU_INCLUDEDIR="`${APU_CONFIG} --includedir`" | ||
22 | |||
23 | --- a/configure | ||
24 | +++ b/configure | ||
25 | @@ -6205,7 +6205,7 @@ case $host in | ||
26 | if test "x$LTFLAGS" = "x"; then | ||
27 | LTFLAGS='--silent' | ||
28 | fi | ||
29 | - my_libtool=`$apr_config --apr-libtool` | ||
30 | + my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` | ||
31 | LIBTOOL="$my_libtool \$(LTFLAGS)" | ||
32 | libtoolversion=`$my_libtool --version` | ||
33 | case $libtoolversion in | ||
34 | --- a/configure.in | ||
35 | +++ b/configure.in | ||
36 | @@ -264,7 +264,7 @@ case $host in | ||
37 | if test "x$LTFLAGS" = "x"; then | ||
38 | LTFLAGS='--silent' | ||
39 | fi | ||
40 | - my_libtool=`$apr_config --apr-libtool` | ||
41 | + my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` | ||
42 | LIBTOOL="$my_libtool \$(LTFLAGS)" | ||
43 | libtoolversion=`$my_libtool --version` | ||
44 | case $libtoolversion in | ||
45 | --- a/support/apxs.in | ||
46 | +++ b/support/apxs.in | ||
47 | @@ -352,7 +352,7 @@ if ($apr_major_version < 2) { | ||
48 | } | ||
49 | } | ||
50 | |||
51 | -my $libtool = `$apr_config --apr-libtool`; | ||
52 | +my $libtool = `$apr_config --apr-libtool| sed -e s,libtool,${host_alias}-libtool,`; | ||
53 | chomp($libtool); | ||
54 | |||
55 | my $apr_includedir = `$apr_config --includes`; | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch new file mode 100644 index 000000000..18e4107ec --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | |||
2 | Bump up the core size limit if CoreDumpDirectory is | ||
3 | configured. | ||
4 | |||
5 | Upstream-Status: Pending | ||
6 | |||
7 | Note: upstreaming was discussed but there are competing desires; | ||
8 | there are portability oddities here too. | ||
9 | |||
10 | --- httpd-2.4.1/server/core.c.corelimit | ||
11 | +++ httpd-2.4.1/server/core.c | ||
12 | @@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t * | ||
13 | } | ||
14 | apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper, | ||
15 | apr_pool_cleanup_null); | ||
16 | + | ||
17 | +#ifdef RLIMIT_CORE | ||
18 | + if (ap_coredumpdir_configured) { | ||
19 | + struct rlimit lim; | ||
20 | + | ||
21 | + if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) { | ||
22 | + lim.rlim_cur = lim.rlim_max; | ||
23 | + if (setrlimit(RLIMIT_CORE, &lim) == 0) { | ||
24 | + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, | ||
25 | + "core dump file size limit raised to %lu bytes", | ||
26 | + lim.rlim_cur); | ||
27 | + } else { | ||
28 | + ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL, | ||
29 | + "core dump file size is zero, setrlimit failed"); | ||
30 | + } | ||
31 | + } | ||
32 | + } | ||
33 | +#endif | ||
34 | + | ||
35 | return OK; | ||
36 | } | ||
37 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch new file mode 100644 index 000000000..873328d9b --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch | |||
@@ -0,0 +1,63 @@ | |||
1 | |||
2 | Log the SELinux context at startup. | ||
3 | |||
4 | Upstream-Status: Inappropriate [other] | ||
5 | |||
6 | Note: unlikely to be any interest in this upstream | ||
7 | |||
8 | --- httpd-2.4.1/configure.in.selinux | ||
9 | +++ httpd-2.4.1/configure.in | ||
10 | @@ -458,6 +458,11 @@ fopen64 | ||
11 | dnl confirm that a void pointer is large enough to store a long integer | ||
12 | APACHE_CHECK_VOID_PTR_LEN | ||
13 | |||
14 | +AC_CHECK_LIB(selinux, is_selinux_enabled, [ | ||
15 | + AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) | ||
16 | + APR_ADDTO(AP_LIBS, [-lselinux]) | ||
17 | +]) | ||
18 | + | ||
19 | AC_CACHE_CHECK([for gettid()], ac_cv_gettid, | ||
20 | [AC_TRY_RUN(#define _GNU_SOURCE | ||
21 | #include <unistd.h> | ||
22 | --- httpd-2.4.1/server/core.c.selinux | ||
23 | +++ httpd-2.4.1/server/core.c | ||
24 | @@ -58,6 +58,10 @@ | ||
25 | #include <unistd.h> | ||
26 | #endif | ||
27 | |||
28 | +#ifdef HAVE_SELINUX | ||
29 | +#include <selinux/selinux.h> | ||
30 | +#endif | ||
31 | + | ||
32 | /* LimitRequestBody handling */ | ||
33 | #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) | ||
34 | #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) | ||
35 | @@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * | ||
36 | } | ||
37 | #endif | ||
38 | |||
39 | +#ifdef HAVE_SELINUX | ||
40 | + { | ||
41 | + static int already_warned = 0; | ||
42 | + int is_enabled = is_selinux_enabled() > 0; | ||
43 | + | ||
44 | + if (is_enabled && !already_warned) { | ||
45 | + security_context_t con; | ||
46 | + | ||
47 | + if (getcon(&con) == 0) { | ||
48 | + | ||
49 | + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, | ||
50 | + "SELinux policy enabled; " | ||
51 | + "httpd running as context %s", con); | ||
52 | + | ||
53 | + already_warned = 1; | ||
54 | + | ||
55 | + freecon(con); | ||
56 | + } | ||
57 | + } | ||
58 | + } | ||
59 | +#endif | ||
60 | + | ||
61 | return OK; | ||
62 | } | ||
63 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch new file mode 100644 index 000000000..afbed8e55 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch | |||
@@ -0,0 +1,22 @@ | |||
1 | |||
2 | There is no need to "suck in" the apr/apr-util symbols when using | ||
3 | a shared libapr{,util}, it just bloats the symbol table; so don't. | ||
4 | |||
5 | Upstream-HEAD: needed | ||
6 | Upstream-2.0: omit | ||
7 | Upstream-Status: Pending | ||
8 | |||
9 | Note: EXPORT_DIRS change is conditional on using shared apr | ||
10 | |||
11 | --- httpd-2.4.4/server/Makefile.in.export | ||
12 | +++ httpd-2.4.4/server/Makefile.in | ||
13 | @@ -57,9 +57,6 @@ export_files: | ||
14 | ( for dir in $(EXPORT_DIRS); do \ | ||
15 | ls $$dir/*.h ; \ | ||
16 | done; \ | ||
17 | - for dir in $(EXPORT_DIRS_APR); do \ | ||
18 | - ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ | ||
19 | - done; \ | ||
20 | ) | sed -e s,//,/,g | sort -u > $@ | ||
21 | |||
22 | exports.c: export_files | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/npn-patch-2.4.7.patch b/meta-webserver/recipes-httpd/apache2/apache2/npn-patch-2.4.7.patch new file mode 100644 index 000000000..a4f185501 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/npn-patch-2.4.7.patch | |||
@@ -0,0 +1,289 @@ | |||
1 | Add support for TLS Next Protocol Negotiation: | ||
2 | |||
3 | * modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new | ||
4 | hooks for next protocol advertisement/discovery. | ||
5 | |||
6 | * modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable | ||
7 | NPN advertisement callback in handshake. | ||
8 | |||
9 | * modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke | ||
10 | next-protocol discovery hook. | ||
11 | |||
12 | * modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos): | ||
13 | New callback. | ||
14 | |||
15 | * modules/ssl/ssl_private.h: Add prototype. | ||
16 | |||
17 | Submitted by: Matthew Steele <mdsteele google.com> | ||
18 | with slight tweaks by jorton | ||
19 | |||
20 | http://svn.apache.org/viewvc?view=revision&revision=1332643 | ||
21 | https://bugzilla.redhat.com//show_bug.cgi?id=809599 | ||
22 | Upstream-Status: Backport | ||
23 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
24 | --- | ||
25 | CHANGES | 2 + | ||
26 | modules/ssl/mod_ssl.c | 12 ++++++ | ||
27 | modules/ssl/mod_ssl.h | 21 +++++++++++ | ||
28 | modules/ssl/ssl_engine_init.c | 5 +++ | ||
29 | modules/ssl/ssl_engine_io.c | 24 ++++++++++++ | ||
30 | modules/ssl/ssl_engine_kernel.c | 82 +++++++++++++++++++++++++++++++++++++++++ | ||
31 | modules/ssl/ssl_private.h | 6 +++ | ||
32 | 7 files changed, 152 insertions(+) | ||
33 | |||
34 | diff --git a/CHANGES b/CHANGES | ||
35 | --- a/CHANGES | ||
36 | +++ b/CHANGES | ||
37 | @@ -1,6 +1,8 @@ | ||
38 | -*- coding: utf-8 -*- | ||
39 | |||
40 | Changes with Apache 2.4.7 | ||
41 | + *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210. | ||
42 | + [Matthew Steele <mdsteele google.com>] | ||
43 | |||
44 | *) APR 1.5.0 or later is now required for the event MPM. | ||
45 | |||
46 | diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c | ||
47 | --- a/modules/ssl/mod_ssl.c | ||
48 | +++ b/modules/ssl/mod_ssl.c | ||
49 | @@ -275,6 +275,18 @@ static const command_rec ssl_config_cmds[] = { | ||
50 | AP_END_CMD | ||
51 | }; | ||
52 | |||
53 | +/* Implement 'modssl_run_npn_advertise_protos_hook'. */ | ||
54 | +APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( | ||
55 | + modssl, AP, int, npn_advertise_protos_hook, | ||
56 | + (conn_rec *connection, apr_array_header_t *protos), | ||
57 | + (connection, protos), OK, DECLINED); | ||
58 | + | ||
59 | +/* Implement 'modssl_run_npn_proto_negotiated_hook'. */ | ||
60 | +APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( | ||
61 | + modssl, AP, int, npn_proto_negotiated_hook, | ||
62 | + (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len), | ||
63 | + (connection, proto_name, proto_name_len), OK, DECLINED); | ||
64 | + | ||
65 | /* | ||
66 | * the various processing hooks | ||
67 | */ | ||
68 | diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h | ||
69 | --- a/modules/ssl/mod_ssl.h | ||
70 | +++ b/modules/ssl/mod_ssl.h | ||
71 | @@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *)); | ||
72 | |||
73 | APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); | ||
74 | |||
75 | +/** The npn_advertise_protos optional hook allows other modules to add entries | ||
76 | + * to the list of protocol names advertised by the server during the Next | ||
77 | + * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is | ||
78 | + * given the connection and an APR array; it should push one or more char*'s | ||
79 | + * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto | ||
80 | + * the array and return OK, or do nothing and return DECLINED. */ | ||
81 | +APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook, | ||
82 | + (conn_rec *connection, apr_array_header_t *protos)); | ||
83 | + | ||
84 | +/** The npn_proto_negotiated optional hook allows other modules to discover the | ||
85 | + * name of the protocol that was chosen during the Next Protocol Negotiation | ||
86 | + * (NPN) portion of the SSL handshake. Note that this may be the empty string | ||
87 | + * (in which case modules should probably assume HTTP), or it may be a protocol | ||
88 | + * that was never even advertised by the server. The hook callee is given the | ||
89 | + * connection, a non-null-terminated string containing the protocol name, and | ||
90 | + * the length of the string; it should do something appropriate (i.e. insert or | ||
91 | + * remove filters) and return OK, or do nothing and return DECLINED. */ | ||
92 | +APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook, | ||
93 | + (conn_rec *connection, const char *proto_name, | ||
94 | + apr_size_t proto_name_len)); | ||
95 | + | ||
96 | #endif /* __MOD_SSL_H__ */ | ||
97 | /** @} */ | ||
98 | diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c | ||
99 | --- a/modules/ssl/ssl_engine_init.c | ||
100 | +++ b/modules/ssl/ssl_engine_init.c | ||
101 | @@ -546,6 +546,11 @@ static void ssl_init_ctx_callbacks(server_rec *s, | ||
102 | SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); | ||
103 | |||
104 | SSL_CTX_set_info_callback(ctx, ssl_callback_Info); | ||
105 | + | ||
106 | +#ifdef HAVE_TLS_NPN | ||
107 | + SSL_CTX_set_next_protos_advertised_cb( | ||
108 | + ctx, ssl_callback_AdvertiseNextProtos, NULL); | ||
109 | +#endif | ||
110 | } | ||
111 | |||
112 | static void ssl_init_ctx_verify(server_rec *s, | ||
113 | diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c | ||
114 | --- a/modules/ssl/ssl_engine_io.c | ||
115 | +++ b/modules/ssl/ssl_engine_io.c | ||
116 | @@ -28,6 +28,7 @@ | ||
117 | core keeps dumping.'' | ||
118 | -- Unknown */ | ||
119 | #include "ssl_private.h" | ||
120 | +#include "mod_ssl.h" | ||
121 | #include "apr_date.h" | ||
122 | |||
123 | /* _________________________________________________________________ | ||
124 | @@ -297,6 +298,7 @@ typedef struct { | ||
125 | apr_pool_t *pool; | ||
126 | char buffer[AP_IOBUFSIZE]; | ||
127 | ssl_filter_ctx_t *filter_ctx; | ||
128 | + int npn_finished; /* 1 if NPN has finished, 0 otherwise */ | ||
129 | } bio_filter_in_ctx_t; | ||
130 | |||
131 | /* | ||
132 | @@ -1412,6 +1414,27 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f, | ||
133 | APR_BRIGADE_INSERT_TAIL(bb, bucket); | ||
134 | } | ||
135 | |||
136 | +#ifdef HAVE_TLS_NPN | ||
137 | + /* By this point, Next Protocol Negotiation (NPN) should be completed (if | ||
138 | + * our version of OpenSSL supports it). If we haven't already, find out | ||
139 | + * which protocol was decided upon and inform other modules by calling | ||
140 | + * npn_proto_negotiated_hook. */ | ||
141 | + if (!inctx->npn_finished) { | ||
142 | + const unsigned char *next_proto = NULL; | ||
143 | + unsigned next_proto_len = 0; | ||
144 | + | ||
145 | + SSL_get0_next_proto_negotiated( | ||
146 | + inctx->ssl, &next_proto, &next_proto_len); | ||
147 | + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, | ||
148 | + "SSL NPN negotiated protocol: '%s'", | ||
149 | + apr_pstrmemdup(f->c->pool, (const char*)next_proto, | ||
150 | + next_proto_len)); | ||
151 | + modssl_run_npn_proto_negotiated_hook( | ||
152 | + f->c, (const char*)next_proto, next_proto_len); | ||
153 | + inctx->npn_finished = 1; | ||
154 | + } | ||
155 | +#endif | ||
156 | + | ||
157 | return APR_SUCCESS; | ||
158 | } | ||
159 | |||
160 | @@ -1893,6 +1916,7 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c, | ||
161 | inctx->block = APR_BLOCK_READ; | ||
162 | inctx->pool = c->pool; | ||
163 | inctx->filter_ctx = filter_ctx; | ||
164 | + inctx->npn_finished = 0; | ||
165 | } | ||
166 | |||
167 | /* The request_rec pointer is passed in here only to ensure that the | ||
168 | diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c | ||
169 | --- a/modules/ssl/ssl_engine_kernel.c | ||
170 | +++ b/modules/ssl/ssl_engine_kernel.c | ||
171 | @@ -29,6 +29,7 @@ | ||
172 | time I was too famous.'' | ||
173 | -- Unknown */ | ||
174 | #include "ssl_private.h" | ||
175 | +#include "mod_ssl.h" | ||
176 | #include "util_md5.h" | ||
177 | |||
178 | static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); | ||
179 | @@ -2139,3 +2140,84 @@ int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg) | ||
180 | } | ||
181 | |||
182 | #endif /* HAVE_SRP */ | ||
183 | + | ||
184 | +#ifdef HAVE_TLS_NPN | ||
185 | +/* | ||
186 | + * This callback function is executed when SSL needs to decide what protocols | ||
187 | + * to advertise during Next Protocol Negotiation (NPN). It must produce a | ||
188 | + * string in wire format -- a sequence of length-prefixed strings -- indicating | ||
189 | + * the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb | ||
190 | + * in OpenSSL for reference. | ||
191 | + */ | ||
192 | +int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out, | ||
193 | + unsigned int *size_out, void *arg) | ||
194 | +{ | ||
195 | + conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); | ||
196 | + apr_array_header_t *protos; | ||
197 | + int num_protos; | ||
198 | + unsigned int size; | ||
199 | + int i; | ||
200 | + unsigned char *data; | ||
201 | + unsigned char *start; | ||
202 | + | ||
203 | + *data_out = NULL; | ||
204 | + *size_out = 0; | ||
205 | + | ||
206 | + /* If the connection object is not available, then there's nothing for us | ||
207 | + * to do. */ | ||
208 | + if (c == NULL) { | ||
209 | + return SSL_TLSEXT_ERR_OK; | ||
210 | + } | ||
211 | + | ||
212 | + /* Invoke our npn_advertise_protos hook, giving other modules a chance to | ||
213 | + * add alternate protocol names to advertise. */ | ||
214 | + protos = apr_array_make(c->pool, 0, sizeof(char*)); | ||
215 | + modssl_run_npn_advertise_protos_hook(c, protos); | ||
216 | + num_protos = protos->nelts; | ||
217 | + | ||
218 | + /* We now have a list of null-terminated strings; we need to concatenate | ||
219 | + * them together into a single string, where each protocol name is prefixed | ||
220 | + * by its length. First, calculate how long that string will be. */ | ||
221 | + size = 0; | ||
222 | + for (i = 0; i < num_protos; ++i) { | ||
223 | + const char *string = APR_ARRAY_IDX(protos, i, const char*); | ||
224 | + unsigned int length = strlen(string); | ||
225 | + /* If the protocol name is too long (the length must fit in one byte), | ||
226 | + * then log an error and skip it. */ | ||
227 | + if (length > 255) { | ||
228 | + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, | ||
229 | + "SSL NPN protocol name too long (length=%u): %s", | ||
230 | + length, string); | ||
231 | + continue; | ||
232 | + } | ||
233 | + /* Leave room for the length prefix (one byte) plus the protocol name | ||
234 | + * itself. */ | ||
235 | + size += 1 + length; | ||
236 | + } | ||
237 | + | ||
238 | + /* If there is nothing to advertise (either because no modules added | ||
239 | + * anything to the protos array, or because all strings added to the array | ||
240 | + * were skipped), then we're done. */ | ||
241 | + if (size == 0) { | ||
242 | + return SSL_TLSEXT_ERR_OK; | ||
243 | + } | ||
244 | + | ||
245 | + /* Now we can build the string. Copy each protocol name string into the | ||
246 | + * larger string, prefixed by its length. */ | ||
247 | + data = apr_palloc(c->pool, size * sizeof(unsigned char)); | ||
248 | + start = data; | ||
249 | + for (i = 0; i < num_protos; ++i) { | ||
250 | + const char *string = APR_ARRAY_IDX(protos, i, const char*); | ||
251 | + apr_size_t length = strlen(string); | ||
252 | + *start = (unsigned char)length; | ||
253 | + ++start; | ||
254 | + memcpy(start, string, length * sizeof(unsigned char)); | ||
255 | + start += length; | ||
256 | + } | ||
257 | + | ||
258 | + /* Success. */ | ||
259 | + *data_out = data; | ||
260 | + *size_out = size; | ||
261 | + return SSL_TLSEXT_ERR_OK; | ||
262 | +} | ||
263 | +#endif /* HAVE_TLS_NPN */ | ||
264 | diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h | ||
265 | --- a/modules/ssl/ssl_private.h | ||
266 | +++ b/modules/ssl/ssl_private.h | ||
267 | @@ -123,6 +123,11 @@ | ||
268 | #define MODSSL_SSL_METHOD_CONST | ||
269 | #endif | ||
270 | |||
271 | +#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ | ||
272 | + && !defined(OPENSSL_NO_TLSEXT) | ||
273 | +#define HAVE_TLS_NPN | ||
274 | +#endif | ||
275 | + | ||
276 | #if defined(OPENSSL_FIPS) | ||
277 | #define HAVE_FIPS | ||
278 | #endif | ||
279 | @@ -800,6 +805,7 @@ int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *); | ||
280 | int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, | ||
281 | EVP_CIPHER_CTX *, HMAC_CTX *, int); | ||
282 | #endif | ||
283 | +int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); | ||
284 | |||
285 | /** Session Cache Support */ | ||
286 | void ssl_scache_init(server_rec *, apr_pool_t *); | ||
287 | -- | ||
288 | 1.8.1.2 | ||
289 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch b/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch new file mode 100644 index 000000000..584ddc8d9 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From 760ccbb2fb046621a2aeaecabb2b1ef9aa280cf1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yulong Pei <Yulong.pei@windriver.com> | ||
3 | Date: Thu, 1 Sep 2011 01:03:14 +0800 | ||
4 | Subject: [PATCH] replace lynx to curl in apachectl script | ||
5 | |||
6 | Upstream-Status: Inappropriate [configuration] | ||
7 | |||
8 | Signed-off-by: Yulong Pei <Yulong.pei@windriver.com> | ||
9 | --- | ||
10 | support/apachectl.in | 14 ++++++++++---- | ||
11 | 1 files changed, 10 insertions(+), 4 deletions(-) | ||
12 | |||
13 | diff --git a/support/apachectl.in b/support/apachectl.in | ||
14 | index d4dff38..109ea13 100644 | ||
15 | --- a/support/apachectl.in | ||
16 | +++ b/support/apachectl.in | ||
17 | @@ -51,11 +51,11 @@ fi | ||
18 | # a command that outputs a formatted text version of the HTML at the | ||
19 | # url given on the command line. Designed for lynx, however other | ||
20 | # programs may work. | ||
21 | -LYNX="@LYNX_PATH@ -dump" | ||
22 | +CURL="/usr/bin/curl" | ||
23 | # | ||
24 | # the URL to your server's mod_status status page. If you do not | ||
25 | # have one, then status and fullstatus will not work. | ||
26 | -STATUSURL="http://localhost:@PORT@/server-status" | ||
27 | +STATUSURL="http://localhost:@PORT@/" | ||
28 | # | ||
29 | # Set this variable to a command that increases the maximum | ||
30 | # number of file descriptors allowed per child process. This is | ||
31 | @@ -91,10 +91,16 @@ configtest) | ||
32 | ERROR=$? | ||
33 | ;; | ||
34 | status) | ||
35 | - $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' | ||
36 | + $CURL -s $STATUSURL | grep -o "It works!" | ||
37 | + if [ $? != 0 ] ; then | ||
38 | + echo The httpd server does not work! | ||
39 | + fi | ||
40 | ;; | ||
41 | fullstatus) | ||
42 | - $LYNX $STATUSURL | ||
43 | + $CURL -s $STATUSURL | grep -o "It works!" | ||
44 | + if [ $? != 0 ] ; then | ||
45 | + echo The httpd server does not work! | ||
46 | + fi | ||
47 | ;; | ||
48 | *) | ||
49 | $HTTPD $ARGV | ||
50 | -- | ||
51 | 1.6.4 | ||
52 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch b/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch new file mode 100644 index 000000000..f1349cb6a --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch | |||
@@ -0,0 +1,11 @@ | |||
1 | --- http-2.0.54/server/Makefile.in-old 2005-12-20 13:26:56.000000000 -0500 | ||
2 | +++ http-2.0.54/server/Makefile.in 2005-12-20 13:27:22.000000000 -0500 | ||
3 | @@ -27,7 +27,7 @@ | ||
4 | $(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS) | ||
5 | |||
6 | test_char.h: gen_test_char | ||
7 | - ./gen_test_char > test_char.h | ||
8 | + gen_test_char > test_char.h | ||
9 | |||
10 | util.lo: test_char.h | ||
11 | |||