diff options
Diffstat (limited to 'meta-webserver/recipes-httpd/apache2')
17 files changed, 1281 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.10.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.10.bb new file mode 100644 index 000000000..5963b7943 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.10.bb | |||
@@ -0,0 +1,45 @@ | |||
1 | DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ | ||
2 | extensible web server." | ||
3 | SUMMARY = "Apache HTTP Server" | ||
4 | HOMEPAGE = "http://httpd.apache.org/" | ||
5 | DEPENDS = "expat-native pcre-native apr-native apr-util-native" | ||
6 | SECTION = "net" | ||
7 | LICENSE = "Apache-2.0" | ||
8 | |||
9 | inherit autotools pkgconfig native | ||
10 | |||
11 | SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \ | ||
12 | file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ | ||
13 | " | ||
14 | |||
15 | S = "${WORKDIR}/httpd-${PV}" | ||
16 | |||
17 | LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83" | ||
18 | SRC_URI[md5sum] = "44543dff14a4ebc1e9e2d86780507156" | ||
19 | SRC_URI[sha256sum] = "176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a" | ||
20 | |||
21 | EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ | ||
22 | --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ | ||
23 | --prefix=${prefix} --datadir=${datadir}/apache2 \ | ||
24 | " | ||
25 | |||
26 | do_install () { | ||
27 | install -d ${D}${bindir} ${D}${libdir} | ||
28 | cp server/gen_test_char ${D}${bindir} | ||
29 | install -m 755 support/apxs ${D}${bindir}/ | ||
30 | install -m 755 httpd ${D}${bindir}/ | ||
31 | install -d ${D}${datadir}/apache2/build | ||
32 | cp ${S}/build/*.mk ${D}${datadir}/apache2/build | ||
33 | cp build/*.mk ${D}${datadir}/apache2/build | ||
34 | cp ${S}/build/instdso.sh ${D}${datadir}/apache2/build | ||
35 | |||
36 | install -d ${D}${includedir}/apache2 | ||
37 | cp ${S}/include/* ${D}${includedir}/apache2 | ||
38 | cp include/* ${D}${includedir}/apache2 | ||
39 | cp ${S}/os/unix/os.h ${D}${includedir}/apache2 | ||
40 | cp ${S}/os/unix/unixd.h ${D}${includedir}/apache2 | ||
41 | |||
42 | cp support/envvars-std ${D}${bindir}/envvars | ||
43 | chmod 755 ${D}${bindir}/envvars | ||
44 | } | ||
45 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch new file mode 100644 index 000000000..8585f0bb3 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch | |||
@@ -0,0 +1,289 @@ | |||
1 | apache: CVE-2014-0117 | ||
2 | |||
3 | The patch comes from upstream: | ||
4 | http://svn.apache.org/viewvc?view=revision&revision=1610674 | ||
5 | |||
6 | SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a | ||
7 | reverse proxy configuration, a remote attacker could send a carefully crafted | ||
8 | request which could crash a server process, resulting in denial of service. | ||
9 | |||
10 | Thanks to Marek Kroemeke working with HP's Zero Day Initiative for | ||
11 | reporting this issue. | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | |||
15 | Submitted by: Edward Lu, breser, covener | ||
16 | Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> | ||
17 | --- | ||
18 | modules/proxy/mod_proxy_http.c | 8 +++- | ||
19 | include/httpd.h | 17 ++++++++ | ||
20 | modules/proxy/proxy_util.c | 67 ++++++++++++++---------------- | ||
21 | server/util.c | 89 ++++++++++++++++++++++++++++++++++++++++++ | ||
22 | 4 files changed, 143 insertions(+), 38 deletions(-) | ||
23 | |||
24 | diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c | ||
25 | index cffad2e..f11c16f 100644 | ||
26 | --- a/modules/proxy/mod_proxy_http.c | ||
27 | +++ b/modules/proxy/mod_proxy_http.c | ||
28 | @@ -1362,6 +1362,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, | ||
29 | */ | ||
30 | if (apr_date_checkmask(buffer, "HTTP/#.# ###*")) { | ||
31 | int major, minor; | ||
32 | + int toclose; | ||
33 | |||
34 | major = buffer[5] - '0'; | ||
35 | minor = buffer[7] - '0'; | ||
36 | @@ -1470,7 +1471,12 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, | ||
37 | te = apr_table_get(r->headers_out, "Transfer-Encoding"); | ||
38 | |||
39 | /* strip connection listed hop-by-hop headers from response */ | ||
40 | - backend->close = ap_proxy_clear_connection_fn(r, r->headers_out); | ||
41 | + toclose = ap_proxy_clear_connection_fn(r, r->headers_out); | ||
42 | + backend->close = (toclose != 0); | ||
43 | + if (toclose < 0) { | ||
44 | + return ap_proxyerror(r, HTTP_BAD_REQUEST, | ||
45 | + "Malformed connection header"); | ||
46 | + } | ||
47 | |||
48 | if ((buf = apr_table_get(r->headers_out, "Content-Type"))) { | ||
49 | ap_set_content_type(r, apr_pstrdup(p, buf)); | ||
50 | diff --git a/include/httpd.h b/include/httpd.h | ||
51 | index 36cd58d..9a2cf5c 100644 | ||
52 | --- a/include/httpd.h | ||
53 | +++ b/include/httpd.h | ||
54 | @@ -1528,6 +1528,23 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t *p, const char *line, const char *t | ||
55 | AP_DECLARE(int) ap_find_etag_strong(apr_pool_t *p, const char *line, const char *tok); | ||
56 | |||
57 | /** | ||
58 | + * Retrieve an array of tokens in the format "1#token" defined in RFC2616. Only | ||
59 | + * accepts ',' as a delimiter, does not accept quoted strings, and errors on | ||
60 | + * any separator. | ||
61 | + * @param p The pool to allocate from | ||
62 | + * @param tok The line to read tokens from | ||
63 | + * @param tokens Pointer to an array of tokens. If not NULL, must be an array | ||
64 | + * of char*, otherwise it will be allocated on @a p when a token is found | ||
65 | + * @param skip_invalid If true, when an invalid separator is encountered, it | ||
66 | + * will be ignored. | ||
67 | + * @return NULL on success, an error string otherwise. | ||
68 | + * @remark *tokens may be NULL on output if NULL in input and no token is found | ||
69 | + */ | ||
70 | +AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, const char *tok, | ||
71 | + apr_array_header_t **tokens, | ||
72 | + int skip_invalid); | ||
73 | + | ||
74 | +/** | ||
75 | * Retrieve a token, spacing over it and adjusting the pointer to | ||
76 | * the first non-white byte afterwards. Note that these tokens | ||
77 | * are delimited by semis and commas and can also be delimited | ||
78 | diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c | ||
79 | index 67dc939..58daa21 100644 | ||
80 | --- a/modules/proxy/proxy_util.c | ||
81 | +++ b/modules/proxy/proxy_util.c | ||
82 | @@ -2847,68 +2847,59 @@ PROXY_DECLARE(proxy_balancer_shared *) ap_proxy_find_balancershm(ap_slotmem_prov | ||
83 | typedef struct header_connection { | ||
84 | apr_pool_t *pool; | ||
85 | apr_array_header_t *array; | ||
86 | - const char *first; | ||
87 | - unsigned int closed:1; | ||
88 | + const char *error; | ||
89 | + int is_req; | ||
90 | } header_connection; | ||
91 | |||
92 | static int find_conn_headers(void *data, const char *key, const char *val) | ||
93 | { | ||
94 | header_connection *x = data; | ||
95 | - const char *name; | ||
96 | - | ||
97 | - do { | ||
98 | - while (*val == ',' || *val == ';') { | ||
99 | - val++; | ||
100 | - } | ||
101 | - name = ap_get_token(x->pool, &val, 0); | ||
102 | - if (!strcasecmp(name, "close")) { | ||
103 | - x->closed = 1; | ||
104 | - } | ||
105 | - if (!x->first) { | ||
106 | - x->first = name; | ||
107 | - } | ||
108 | - else { | ||
109 | - const char **elt; | ||
110 | - if (!x->array) { | ||
111 | - x->array = apr_array_make(x->pool, 4, sizeof(char *)); | ||
112 | - } | ||
113 | - elt = apr_array_push(x->array); | ||
114 | - *elt = name; | ||
115 | - } | ||
116 | - } while (*val); | ||
117 | |||
118 | - return 1; | ||
119 | + x->error = ap_parse_token_list_strict(x->pool, val, &x->array, !x->is_req); | ||
120 | + return !x->error; | ||
121 | } | ||
122 | |||
123 | /** | ||
124 | * Remove all headers referred to by the Connection header. | ||
125 | + * Returns -1 on error. Otherwise, returns 1 if 'Close' was seen in | ||
126 | + * the Connection header tokens, and 0 if not. | ||
127 | */ | ||
128 | static int ap_proxy_clear_connection(request_rec *r, apr_table_t *headers) | ||
129 | { | ||
130 | - const char **name; | ||
131 | + int closed = 0; | ||
132 | header_connection x; | ||
133 | |||
134 | x.pool = r->pool; | ||
135 | x.array = NULL; | ||
136 | - x.first = NULL; | ||
137 | - x.closed = 0; | ||
138 | + x.error = NULL; | ||
139 | + x.is_req = (headers == r->headers_in); | ||
140 | |||
141 | apr_table_unset(headers, "Proxy-Connection"); | ||
142 | |||
143 | apr_table_do(find_conn_headers, &x, headers, "Connection", NULL); | ||
144 | - if (x.first) { | ||
145 | - /* fast path - no memory allocated for one header */ | ||
146 | - apr_table_unset(headers, "Connection"); | ||
147 | - apr_table_unset(headers, x.first); | ||
148 | + apr_table_unset(headers, "Connection"); | ||
149 | + | ||
150 | + if (x.error) { | ||
151 | + ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, APLOGNO() | ||
152 | + "Error parsing Connection header: %s", x.error); | ||
153 | + return -1; | ||
154 | } | ||
155 | + | ||
156 | if (x.array) { | ||
157 | - /* two or more headers */ | ||
158 | - while ((name = apr_array_pop(x.array))) { | ||
159 | - apr_table_unset(headers, *name); | ||
160 | + int i; | ||
161 | + for (i = 0; i < x.array->nelts; i++) { | ||
162 | + const char *name = APR_ARRAY_IDX(x.array, i, const char *); | ||
163 | + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO() | ||
164 | + "Removing header '%s' listed in Connection header", | ||
165 | + name); | ||
166 | + if (!strcasecmp(name, "close")) { | ||
167 | + closed = 1; | ||
168 | + } | ||
169 | + apr_table_unset(headers, name); | ||
170 | } | ||
171 | } | ||
172 | |||
173 | - return x.closed; | ||
174 | + return closed; | ||
175 | } | ||
176 | |||
177 | PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p, | ||
178 | @@ -3095,7 +3086,9 @@ PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p, | ||
179 | * apr is compiled with APR_POOL_DEBUG. | ||
180 | */ | ||
181 | headers_in_copy = apr_table_copy(r->pool, r->headers_in); | ||
182 | - ap_proxy_clear_connection(r, headers_in_copy); | ||
183 | + if (ap_proxy_clear_connection(r, headers_in_copy) < 0) { | ||
184 | + return HTTP_BAD_REQUEST; | ||
185 | + } | ||
186 | /* send request headers */ | ||
187 | headers_in_array = apr_table_elts(headers_in_copy); | ||
188 | headers_in = (const apr_table_entry_t *) headers_in_array->elts; | ||
189 | diff --git a/server/util.c b/server/util.c | ||
190 | index e0ba5c2..541c9f0 100644 | ||
191 | --- a/server/util.c | ||
192 | +++ b/server/util.c | ||
193 | @@ -1449,6 +1449,95 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t *p, const char *line, | ||
194 | return find_list_item(p, line, tok, AP_ETAG_WEAK); | ||
195 | } | ||
196 | |||
197 | +/* Grab a list of tokens of the format 1#token (from RFC7230) */ | ||
198 | +AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, | ||
199 | + const char *str_in, | ||
200 | + apr_array_header_t **tokens, | ||
201 | + int skip_invalid) | ||
202 | +{ | ||
203 | + int in_leading_space = 1; | ||
204 | + int in_trailing_space = 0; | ||
205 | + int string_end = 0; | ||
206 | + const char *tok_begin; | ||
207 | + const char *cur; | ||
208 | + | ||
209 | + if (!str_in) { | ||
210 | + return NULL; | ||
211 | + } | ||
212 | + | ||
213 | + tok_begin = cur = str_in; | ||
214 | + | ||
215 | + while (!string_end) { | ||
216 | + const unsigned char c = (unsigned char)*cur; | ||
217 | + | ||
218 | + if (!TEST_CHAR(c, T_HTTP_TOKEN_STOP) && c != '\0') { | ||
219 | + /* Non-separator character; we are finished with leading | ||
220 | + * whitespace. We must never have encountered any trailing | ||
221 | + * whitespace before the delimiter (comma) */ | ||
222 | + in_leading_space = 0; | ||
223 | + if (in_trailing_space) { | ||
224 | + return "Encountered illegal whitespace in token"; | ||
225 | + } | ||
226 | + } | ||
227 | + else if (c == ' ' || c == '\t') { | ||
228 | + /* "Linear whitespace" only includes ASCII CRLF, space, and tab; | ||
229 | + * we can't get a CRLF since headers are split on them already, | ||
230 | + * so only look for a space or a tab */ | ||
231 | + if (in_leading_space) { | ||
232 | + /* We're still in leading whitespace */ | ||
233 | + ++tok_begin; | ||
234 | + } | ||
235 | + else { | ||
236 | + /* We must be in trailing whitespace */ | ||
237 | + ++in_trailing_space; | ||
238 | + } | ||
239 | + } | ||
240 | + else if (c == ',' || c == '\0') { | ||
241 | + if (!in_leading_space) { | ||
242 | + /* If we're out of the leading space, we know we've read some | ||
243 | + * characters of a token */ | ||
244 | + if (*tokens == NULL) { | ||
245 | + *tokens = apr_array_make(p, 4, sizeof(char *)); | ||
246 | + } | ||
247 | + APR_ARRAY_PUSH(*tokens, char *) = | ||
248 | + apr_pstrmemdup((*tokens)->pool, tok_begin, | ||
249 | + (cur - tok_begin) - in_trailing_space); | ||
250 | + } | ||
251 | + /* We're allowed to have null elements, just don't add them to the | ||
252 | + * array */ | ||
253 | + | ||
254 | + tok_begin = cur + 1; | ||
255 | + in_leading_space = 1; | ||
256 | + in_trailing_space = 0; | ||
257 | + string_end = (c == '\0'); | ||
258 | + } | ||
259 | + else { | ||
260 | + /* Encountered illegal separator char */ | ||
261 | + if (skip_invalid) { | ||
262 | + /* Skip to the next separator */ | ||
263 | + const char *temp; | ||
264 | + temp = ap_strchr_c(cur, ','); | ||
265 | + if(!temp) { | ||
266 | + temp = ap_strchr_c(cur, '\0'); | ||
267 | + } | ||
268 | + | ||
269 | + /* Act like we haven't seen a token so we reset */ | ||
270 | + cur = temp - 1; | ||
271 | + in_leading_space = 1; | ||
272 | + in_trailing_space = 0; | ||
273 | + } | ||
274 | + else { | ||
275 | + return apr_psprintf(p, "Encountered illegal separator " | ||
276 | + "'\\x%.2x'", (unsigned int)c); | ||
277 | + } | ||
278 | + } | ||
279 | + | ||
280 | + ++cur; | ||
281 | + } | ||
282 | + | ||
283 | + return NULL; | ||
284 | +} | ||
285 | + | ||
286 | /* Retrieve a token, spacing over it and returning a pointer to | ||
287 | * the first non-white byte afterwards. Note that these tokens | ||
288 | * are delimited by semis and commas; and can also be delimited | ||
289 | -- | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch new file mode 100644 index 000000000..c90279d44 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch | |||
@@ -0,0 +1,20 @@ | |||
1 | # Author: echo <fei.geng@windriver.com> | ||
2 | # Date: April 28 2009 | ||
3 | # Summary:Fix perl install directory to /usr/bin | ||
4 | # | ||
5 | # Upstream-Status: Inappropriate [configuration] | ||
6 | |||
7 | --- a/configure.in | ||
8 | +++ b/configure.in | ||
9 | @@ -638,10 +638,7 @@ | ||
10 | AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR", | ||
11 | [Location of the source for the current MPM]) | ||
12 | |||
13 | -perlbin=`$ac_aux_dir/PrintPath perl` | ||
14 | -if test "x$perlbin" = "x"; then | ||
15 | - perlbin="/replace/with/path/to/perl/interpreter" | ||
16 | -fi | ||
17 | +perlbin='/usr/bin/perl' | ||
18 | AC_SUBST(perlbin) | ||
19 | |||
20 | dnl If we are running on BSD/OS, we need to use the BSD .include syntax. | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch new file mode 100644 index 000000000..3a59fb079 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch | |||
@@ -0,0 +1,76 @@ | |||
1 | --- httpd-2.2.8.orig/build/ltmain.sh | ||
2 | +++ httpd-2.2.8/build/ltmain.sh | ||
3 | @@ -1515,7 +1515,7 @@ EOF | ||
4 | dir=`$echo "X$arg" | $Xsed -e 's/^-L//'` | ||
5 | # We need an absolute path. | ||
6 | case $dir in | ||
7 | - [\\/]* | [A-Za-z]:[\\/]*) ;; | ||
8 | + =* | [\\/]* | [A-Za-z]:[\\/]*) ;; | ||
9 | *) | ||
10 | absdir=`cd "$dir" && pwd` | ||
11 | if test -z "$absdir"; then | ||
12 | @@ -2558,7 +2558,7 @@ EOF | ||
13 | $echo "*** $linklib is not portable!" | ||
14 | fi | ||
15 | if test "$linkmode" = lib && | ||
16 | - test "$hardcode_into_libs" = yes; then | ||
17 | + test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then | ||
18 | # Hardcode the library path. | ||
19 | # Skip directories that are in the system default run-time | ||
20 | # search path. | ||
21 | @@ -2832,7 +2832,7 @@ EOF | ||
22 | |||
23 | if test "$linkmode" = lib; then | ||
24 | if test -n "$dependency_libs" && | ||
25 | - { test "$hardcode_into_libs" != yes || | ||
26 | + { test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || | ||
27 | test "$build_old_libs" = yes || | ||
28 | test "$link_static" = yes; }; then | ||
29 | # Extract -R from dependency_libs | ||
30 | @@ -3426,7 +3426,8 @@ EOF | ||
31 | *) finalize_rpath="$finalize_rpath $libdir" ;; | ||
32 | esac | ||
33 | done | ||
34 | - if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then | ||
35 | + if test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || | ||
36 | + test "$build_old_libs" = yes; then | ||
37 | dependency_libs="$temp_xrpath $dependency_libs" | ||
38 | fi | ||
39 | fi | ||
40 | @@ -3843,7 +3844,7 @@ EOF | ||
41 | case $archive_cmds in | ||
42 | *\$LD\ *) wl= ;; | ||
43 | esac | ||
44 | - if test "$hardcode_into_libs" = yes; then | ||
45 | + if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then | ||
46 | # Hardcode the library paths | ||
47 | hardcode_libdirs= | ||
48 | dep_rpath= | ||
49 | @@ -4397,6 +4398,27 @@ EOF | ||
50 | # Now hardcode the library paths | ||
51 | rpath= | ||
52 | hardcode_libdirs= | ||
53 | + | ||
54 | + # short circuit putting rpaths in executables | ||
55 | + # | ||
56 | + if test "x$wrs_use_rpaths" != "xyes" ; then | ||
57 | + flag= | ||
58 | + for libdir in $compile_rpath; do | ||
59 | + case $(echo $libdir | ${SED} 's,/[/]*,/,g') in | ||
60 | + /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; | ||
61 | + esac | ||
62 | + done | ||
63 | + compile_rpath="$flag" | ||
64 | + | ||
65 | + flag= | ||
66 | + for libdir in $finalize_rpath; do | ||
67 | + case $(echo $libdir | ${SED} 's,/[/]*,/,g') in | ||
68 | + /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; | ||
69 | + esac | ||
70 | + done | ||
71 | + finalize_rpath="$flag" | ||
72 | + fi | ||
73 | + | ||
74 | for libdir in $compile_rpath $finalize_rpath; do | ||
75 | if test -n "$hardcode_libdir_flag_spec"; then | ||
76 | if test -n "$hardcode_libdir_separator"; then | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch b/meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch new file mode 100644 index 000000000..027af04c3 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch | |||
@@ -0,0 +1,55 @@ | |||
1 | Fix build scripts to use correct libtool filename | ||
2 | |||
3 | Upstream-Status: Inappropriate [configuration] | ||
4 | |||
5 | --- | ||
6 | httpd-2.4.2/build/config_vars.sh.in | 2 +- | ||
7 | httpd-2.4.2/configure | 2 +- | ||
8 | httpd-2.4.2/configure.in | 2 +- | ||
9 | httpd-2.4.2/support/apxs.in | 2 +- | ||
10 | 4 files changed, 4 insertions(+), 4 deletions(-) | ||
11 | |||
12 | --- a/build/config_vars.sh.in | ||
13 | +++ b/build/config_vars.sh.in | ||
14 | @@ -35,7 +35,7 @@ else | ||
15 | APU_CONFIG=@APU_CONFIG@ | ||
16 | fi | ||
17 | |||
18 | -APR_LIBTOOL="`${APR_CONFIG} --apr-libtool`" | ||
19 | +APR_LIBTOOL="`${APR_CONFIG} --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`" | ||
20 | APR_INCLUDEDIR="`${APR_CONFIG} --includedir`" | ||
21 | test -n "@APU_CONFIG@" && APU_INCLUDEDIR="`${APU_CONFIG} --includedir`" | ||
22 | |||
23 | --- a/configure | ||
24 | +++ b/configure | ||
25 | @@ -6205,7 +6205,7 @@ case $host in | ||
26 | if test "x$LTFLAGS" = "x"; then | ||
27 | LTFLAGS='--silent' | ||
28 | fi | ||
29 | - my_libtool=`$apr_config --apr-libtool` | ||
30 | + my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` | ||
31 | LIBTOOL="$my_libtool \$(LTFLAGS)" | ||
32 | libtoolversion=`$my_libtool --version` | ||
33 | case $libtoolversion in | ||
34 | --- a/configure.in | ||
35 | +++ b/configure.in | ||
36 | @@ -264,7 +264,7 @@ case $host in | ||
37 | if test "x$LTFLAGS" = "x"; then | ||
38 | LTFLAGS='--silent' | ||
39 | fi | ||
40 | - my_libtool=`$apr_config --apr-libtool` | ||
41 | + my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` | ||
42 | LIBTOOL="$my_libtool \$(LTFLAGS)" | ||
43 | libtoolversion=`$my_libtool --version` | ||
44 | case $libtoolversion in | ||
45 | --- a/support/apxs.in | ||
46 | +++ b/support/apxs.in | ||
47 | @@ -352,7 +352,7 @@ if ($apr_major_version < 2) { | ||
48 | } | ||
49 | } | ||
50 | |||
51 | -my $libtool = `$apr_config --apr-libtool`; | ||
52 | +my $libtool = `$apr_config --apr-libtool| sed -e s,libtool,${host_alias}-libtool,`; | ||
53 | chomp($libtool); | ||
54 | |||
55 | my $apr_includedir = `$apr_config --includes`; | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch new file mode 100644 index 000000000..18e4107ec --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | |||
2 | Bump up the core size limit if CoreDumpDirectory is | ||
3 | configured. | ||
4 | |||
5 | Upstream-Status: Pending | ||
6 | |||
7 | Note: upstreaming was discussed but there are competing desires; | ||
8 | there are portability oddities here too. | ||
9 | |||
10 | --- httpd-2.4.1/server/core.c.corelimit | ||
11 | +++ httpd-2.4.1/server/core.c | ||
12 | @@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t * | ||
13 | } | ||
14 | apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper, | ||
15 | apr_pool_cleanup_null); | ||
16 | + | ||
17 | +#ifdef RLIMIT_CORE | ||
18 | + if (ap_coredumpdir_configured) { | ||
19 | + struct rlimit lim; | ||
20 | + | ||
21 | + if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) { | ||
22 | + lim.rlim_cur = lim.rlim_max; | ||
23 | + if (setrlimit(RLIMIT_CORE, &lim) == 0) { | ||
24 | + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, | ||
25 | + "core dump file size limit raised to %lu bytes", | ||
26 | + lim.rlim_cur); | ||
27 | + } else { | ||
28 | + ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL, | ||
29 | + "core dump file size is zero, setrlimit failed"); | ||
30 | + } | ||
31 | + } | ||
32 | + } | ||
33 | +#endif | ||
34 | + | ||
35 | return OK; | ||
36 | } | ||
37 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch new file mode 100644 index 000000000..873328d9b --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch | |||
@@ -0,0 +1,63 @@ | |||
1 | |||
2 | Log the SELinux context at startup. | ||
3 | |||
4 | Upstream-Status: Inappropriate [other] | ||
5 | |||
6 | Note: unlikely to be any interest in this upstream | ||
7 | |||
8 | --- httpd-2.4.1/configure.in.selinux | ||
9 | +++ httpd-2.4.1/configure.in | ||
10 | @@ -458,6 +458,11 @@ fopen64 | ||
11 | dnl confirm that a void pointer is large enough to store a long integer | ||
12 | APACHE_CHECK_VOID_PTR_LEN | ||
13 | |||
14 | +AC_CHECK_LIB(selinux, is_selinux_enabled, [ | ||
15 | + AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) | ||
16 | + APR_ADDTO(AP_LIBS, [-lselinux]) | ||
17 | +]) | ||
18 | + | ||
19 | AC_CACHE_CHECK([for gettid()], ac_cv_gettid, | ||
20 | [AC_TRY_RUN(#define _GNU_SOURCE | ||
21 | #include <unistd.h> | ||
22 | --- httpd-2.4.1/server/core.c.selinux | ||
23 | +++ httpd-2.4.1/server/core.c | ||
24 | @@ -58,6 +58,10 @@ | ||
25 | #include <unistd.h> | ||
26 | #endif | ||
27 | |||
28 | +#ifdef HAVE_SELINUX | ||
29 | +#include <selinux/selinux.h> | ||
30 | +#endif | ||
31 | + | ||
32 | /* LimitRequestBody handling */ | ||
33 | #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) | ||
34 | #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) | ||
35 | @@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * | ||
36 | } | ||
37 | #endif | ||
38 | |||
39 | +#ifdef HAVE_SELINUX | ||
40 | + { | ||
41 | + static int already_warned = 0; | ||
42 | + int is_enabled = is_selinux_enabled() > 0; | ||
43 | + | ||
44 | + if (is_enabled && !already_warned) { | ||
45 | + security_context_t con; | ||
46 | + | ||
47 | + if (getcon(&con) == 0) { | ||
48 | + | ||
49 | + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, | ||
50 | + "SELinux policy enabled; " | ||
51 | + "httpd running as context %s", con); | ||
52 | + | ||
53 | + already_warned = 1; | ||
54 | + | ||
55 | + freecon(con); | ||
56 | + } | ||
57 | + } | ||
58 | + } | ||
59 | +#endif | ||
60 | + | ||
61 | return OK; | ||
62 | } | ||
63 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch new file mode 100644 index 000000000..afbed8e55 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch | |||
@@ -0,0 +1,22 @@ | |||
1 | |||
2 | There is no need to "suck in" the apr/apr-util symbols when using | ||
3 | a shared libapr{,util}, it just bloats the symbol table; so don't. | ||
4 | |||
5 | Upstream-HEAD: needed | ||
6 | Upstream-2.0: omit | ||
7 | Upstream-Status: Pending | ||
8 | |||
9 | Note: EXPORT_DIRS change is conditional on using shared apr | ||
10 | |||
11 | --- httpd-2.4.4/server/Makefile.in.export | ||
12 | +++ httpd-2.4.4/server/Makefile.in | ||
13 | @@ -57,9 +57,6 @@ export_files: | ||
14 | ( for dir in $(EXPORT_DIRS); do \ | ||
15 | ls $$dir/*.h ; \ | ||
16 | done; \ | ||
17 | - for dir in $(EXPORT_DIRS_APR); do \ | ||
18 | - ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ | ||
19 | - done; \ | ||
20 | ) | sed -e s,//,/,g | sort -u > $@ | ||
21 | |||
22 | exports.c: export_files | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/npn-patch-2.4.7.patch b/meta-webserver/recipes-httpd/apache2/apache2/npn-patch-2.4.7.patch new file mode 100644 index 000000000..a4f185501 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/npn-patch-2.4.7.patch | |||
@@ -0,0 +1,289 @@ | |||
1 | Add support for TLS Next Protocol Negotiation: | ||
2 | |||
3 | * modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new | ||
4 | hooks for next protocol advertisement/discovery. | ||
5 | |||
6 | * modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable | ||
7 | NPN advertisement callback in handshake. | ||
8 | |||
9 | * modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke | ||
10 | next-protocol discovery hook. | ||
11 | |||
12 | * modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos): | ||
13 | New callback. | ||
14 | |||
15 | * modules/ssl/ssl_private.h: Add prototype. | ||
16 | |||
17 | Submitted by: Matthew Steele <mdsteele google.com> | ||
18 | with slight tweaks by jorton | ||
19 | |||
20 | http://svn.apache.org/viewvc?view=revision&revision=1332643 | ||
21 | https://bugzilla.redhat.com//show_bug.cgi?id=809599 | ||
22 | Upstream-Status: Backport | ||
23 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
24 | --- | ||
25 | CHANGES | 2 + | ||
26 | modules/ssl/mod_ssl.c | 12 ++++++ | ||
27 | modules/ssl/mod_ssl.h | 21 +++++++++++ | ||
28 | modules/ssl/ssl_engine_init.c | 5 +++ | ||
29 | modules/ssl/ssl_engine_io.c | 24 ++++++++++++ | ||
30 | modules/ssl/ssl_engine_kernel.c | 82 +++++++++++++++++++++++++++++++++++++++++ | ||
31 | modules/ssl/ssl_private.h | 6 +++ | ||
32 | 7 files changed, 152 insertions(+) | ||
33 | |||
34 | diff --git a/CHANGES b/CHANGES | ||
35 | --- a/CHANGES | ||
36 | +++ b/CHANGES | ||
37 | @@ -1,6 +1,8 @@ | ||
38 | -*- coding: utf-8 -*- | ||
39 | |||
40 | Changes with Apache 2.4.7 | ||
41 | + *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210. | ||
42 | + [Matthew Steele <mdsteele google.com>] | ||
43 | |||
44 | *) APR 1.5.0 or later is now required for the event MPM. | ||
45 | |||
46 | diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c | ||
47 | --- a/modules/ssl/mod_ssl.c | ||
48 | +++ b/modules/ssl/mod_ssl.c | ||
49 | @@ -275,6 +275,18 @@ static const command_rec ssl_config_cmds[] = { | ||
50 | AP_END_CMD | ||
51 | }; | ||
52 | |||
53 | +/* Implement 'modssl_run_npn_advertise_protos_hook'. */ | ||
54 | +APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( | ||
55 | + modssl, AP, int, npn_advertise_protos_hook, | ||
56 | + (conn_rec *connection, apr_array_header_t *protos), | ||
57 | + (connection, protos), OK, DECLINED); | ||
58 | + | ||
59 | +/* Implement 'modssl_run_npn_proto_negotiated_hook'. */ | ||
60 | +APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( | ||
61 | + modssl, AP, int, npn_proto_negotiated_hook, | ||
62 | + (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len), | ||
63 | + (connection, proto_name, proto_name_len), OK, DECLINED); | ||
64 | + | ||
65 | /* | ||
66 | * the various processing hooks | ||
67 | */ | ||
68 | diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h | ||
69 | --- a/modules/ssl/mod_ssl.h | ||
70 | +++ b/modules/ssl/mod_ssl.h | ||
71 | @@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *)); | ||
72 | |||
73 | APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); | ||
74 | |||
75 | +/** The npn_advertise_protos optional hook allows other modules to add entries | ||
76 | + * to the list of protocol names advertised by the server during the Next | ||
77 | + * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is | ||
78 | + * given the connection and an APR array; it should push one or more char*'s | ||
79 | + * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto | ||
80 | + * the array and return OK, or do nothing and return DECLINED. */ | ||
81 | +APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook, | ||
82 | + (conn_rec *connection, apr_array_header_t *protos)); | ||
83 | + | ||
84 | +/** The npn_proto_negotiated optional hook allows other modules to discover the | ||
85 | + * name of the protocol that was chosen during the Next Protocol Negotiation | ||
86 | + * (NPN) portion of the SSL handshake. Note that this may be the empty string | ||
87 | + * (in which case modules should probably assume HTTP), or it may be a protocol | ||
88 | + * that was never even advertised by the server. The hook callee is given the | ||
89 | + * connection, a non-null-terminated string containing the protocol name, and | ||
90 | + * the length of the string; it should do something appropriate (i.e. insert or | ||
91 | + * remove filters) and return OK, or do nothing and return DECLINED. */ | ||
92 | +APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook, | ||
93 | + (conn_rec *connection, const char *proto_name, | ||
94 | + apr_size_t proto_name_len)); | ||
95 | + | ||
96 | #endif /* __MOD_SSL_H__ */ | ||
97 | /** @} */ | ||
98 | diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c | ||
99 | --- a/modules/ssl/ssl_engine_init.c | ||
100 | +++ b/modules/ssl/ssl_engine_init.c | ||
101 | @@ -546,6 +546,11 @@ static void ssl_init_ctx_callbacks(server_rec *s, | ||
102 | SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); | ||
103 | |||
104 | SSL_CTX_set_info_callback(ctx, ssl_callback_Info); | ||
105 | + | ||
106 | +#ifdef HAVE_TLS_NPN | ||
107 | + SSL_CTX_set_next_protos_advertised_cb( | ||
108 | + ctx, ssl_callback_AdvertiseNextProtos, NULL); | ||
109 | +#endif | ||
110 | } | ||
111 | |||
112 | static void ssl_init_ctx_verify(server_rec *s, | ||
113 | diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c | ||
114 | --- a/modules/ssl/ssl_engine_io.c | ||
115 | +++ b/modules/ssl/ssl_engine_io.c | ||
116 | @@ -28,6 +28,7 @@ | ||
117 | core keeps dumping.'' | ||
118 | -- Unknown */ | ||
119 | #include "ssl_private.h" | ||
120 | +#include "mod_ssl.h" | ||
121 | #include "apr_date.h" | ||
122 | |||
123 | /* _________________________________________________________________ | ||
124 | @@ -297,6 +298,7 @@ typedef struct { | ||
125 | apr_pool_t *pool; | ||
126 | char buffer[AP_IOBUFSIZE]; | ||
127 | ssl_filter_ctx_t *filter_ctx; | ||
128 | + int npn_finished; /* 1 if NPN has finished, 0 otherwise */ | ||
129 | } bio_filter_in_ctx_t; | ||
130 | |||
131 | /* | ||
132 | @@ -1412,6 +1414,27 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f, | ||
133 | APR_BRIGADE_INSERT_TAIL(bb, bucket); | ||
134 | } | ||
135 | |||
136 | +#ifdef HAVE_TLS_NPN | ||
137 | + /* By this point, Next Protocol Negotiation (NPN) should be completed (if | ||
138 | + * our version of OpenSSL supports it). If we haven't already, find out | ||
139 | + * which protocol was decided upon and inform other modules by calling | ||
140 | + * npn_proto_negotiated_hook. */ | ||
141 | + if (!inctx->npn_finished) { | ||
142 | + const unsigned char *next_proto = NULL; | ||
143 | + unsigned next_proto_len = 0; | ||
144 | + | ||
145 | + SSL_get0_next_proto_negotiated( | ||
146 | + inctx->ssl, &next_proto, &next_proto_len); | ||
147 | + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, | ||
148 | + "SSL NPN negotiated protocol: '%s'", | ||
149 | + apr_pstrmemdup(f->c->pool, (const char*)next_proto, | ||
150 | + next_proto_len)); | ||
151 | + modssl_run_npn_proto_negotiated_hook( | ||
152 | + f->c, (const char*)next_proto, next_proto_len); | ||
153 | + inctx->npn_finished = 1; | ||
154 | + } | ||
155 | +#endif | ||
156 | + | ||
157 | return APR_SUCCESS; | ||
158 | } | ||
159 | |||
160 | @@ -1893,6 +1916,7 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c, | ||
161 | inctx->block = APR_BLOCK_READ; | ||
162 | inctx->pool = c->pool; | ||
163 | inctx->filter_ctx = filter_ctx; | ||
164 | + inctx->npn_finished = 0; | ||
165 | } | ||
166 | |||
167 | /* The request_rec pointer is passed in here only to ensure that the | ||
168 | diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c | ||
169 | --- a/modules/ssl/ssl_engine_kernel.c | ||
170 | +++ b/modules/ssl/ssl_engine_kernel.c | ||
171 | @@ -29,6 +29,7 @@ | ||
172 | time I was too famous.'' | ||
173 | -- Unknown */ | ||
174 | #include "ssl_private.h" | ||
175 | +#include "mod_ssl.h" | ||
176 | #include "util_md5.h" | ||
177 | |||
178 | static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); | ||
179 | @@ -2139,3 +2140,84 @@ int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg) | ||
180 | } | ||
181 | |||
182 | #endif /* HAVE_SRP */ | ||
183 | + | ||
184 | +#ifdef HAVE_TLS_NPN | ||
185 | +/* | ||
186 | + * This callback function is executed when SSL needs to decide what protocols | ||
187 | + * to advertise during Next Protocol Negotiation (NPN). It must produce a | ||
188 | + * string in wire format -- a sequence of length-prefixed strings -- indicating | ||
189 | + * the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb | ||
190 | + * in OpenSSL for reference. | ||
191 | + */ | ||
192 | +int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out, | ||
193 | + unsigned int *size_out, void *arg) | ||
194 | +{ | ||
195 | + conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); | ||
196 | + apr_array_header_t *protos; | ||
197 | + int num_protos; | ||
198 | + unsigned int size; | ||
199 | + int i; | ||
200 | + unsigned char *data; | ||
201 | + unsigned char *start; | ||
202 | + | ||
203 | + *data_out = NULL; | ||
204 | + *size_out = 0; | ||
205 | + | ||
206 | + /* If the connection object is not available, then there's nothing for us | ||
207 | + * to do. */ | ||
208 | + if (c == NULL) { | ||
209 | + return SSL_TLSEXT_ERR_OK; | ||
210 | + } | ||
211 | + | ||
212 | + /* Invoke our npn_advertise_protos hook, giving other modules a chance to | ||
213 | + * add alternate protocol names to advertise. */ | ||
214 | + protos = apr_array_make(c->pool, 0, sizeof(char*)); | ||
215 | + modssl_run_npn_advertise_protos_hook(c, protos); | ||
216 | + num_protos = protos->nelts; | ||
217 | + | ||
218 | + /* We now have a list of null-terminated strings; we need to concatenate | ||
219 | + * them together into a single string, where each protocol name is prefixed | ||
220 | + * by its length. First, calculate how long that string will be. */ | ||
221 | + size = 0; | ||
222 | + for (i = 0; i < num_protos; ++i) { | ||
223 | + const char *string = APR_ARRAY_IDX(protos, i, const char*); | ||
224 | + unsigned int length = strlen(string); | ||
225 | + /* If the protocol name is too long (the length must fit in one byte), | ||
226 | + * then log an error and skip it. */ | ||
227 | + if (length > 255) { | ||
228 | + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, | ||
229 | + "SSL NPN protocol name too long (length=%u): %s", | ||
230 | + length, string); | ||
231 | + continue; | ||
232 | + } | ||
233 | + /* Leave room for the length prefix (one byte) plus the protocol name | ||
234 | + * itself. */ | ||
235 | + size += 1 + length; | ||
236 | + } | ||
237 | + | ||
238 | + /* If there is nothing to advertise (either because no modules added | ||
239 | + * anything to the protos array, or because all strings added to the array | ||
240 | + * were skipped), then we're done. */ | ||
241 | + if (size == 0) { | ||
242 | + return SSL_TLSEXT_ERR_OK; | ||
243 | + } | ||
244 | + | ||
245 | + /* Now we can build the string. Copy each protocol name string into the | ||
246 | + * larger string, prefixed by its length. */ | ||
247 | + data = apr_palloc(c->pool, size * sizeof(unsigned char)); | ||
248 | + start = data; | ||
249 | + for (i = 0; i < num_protos; ++i) { | ||
250 | + const char *string = APR_ARRAY_IDX(protos, i, const char*); | ||
251 | + apr_size_t length = strlen(string); | ||
252 | + *start = (unsigned char)length; | ||
253 | + ++start; | ||
254 | + memcpy(start, string, length * sizeof(unsigned char)); | ||
255 | + start += length; | ||
256 | + } | ||
257 | + | ||
258 | + /* Success. */ | ||
259 | + *data_out = data; | ||
260 | + *size_out = size; | ||
261 | + return SSL_TLSEXT_ERR_OK; | ||
262 | +} | ||
263 | +#endif /* HAVE_TLS_NPN */ | ||
264 | diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h | ||
265 | --- a/modules/ssl/ssl_private.h | ||
266 | +++ b/modules/ssl/ssl_private.h | ||
267 | @@ -123,6 +123,11 @@ | ||
268 | #define MODSSL_SSL_METHOD_CONST | ||
269 | #endif | ||
270 | |||
271 | +#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ | ||
272 | + && !defined(OPENSSL_NO_TLSEXT) | ||
273 | +#define HAVE_TLS_NPN | ||
274 | +#endif | ||
275 | + | ||
276 | #if defined(OPENSSL_FIPS) | ||
277 | #define HAVE_FIPS | ||
278 | #endif | ||
279 | @@ -800,6 +805,7 @@ int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *); | ||
280 | int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, | ||
281 | EVP_CIPHER_CTX *, HMAC_CTX *, int); | ||
282 | #endif | ||
283 | +int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); | ||
284 | |||
285 | /** Session Cache Support */ | ||
286 | void ssl_scache_init(server_rec *, apr_pool_t *); | ||
287 | -- | ||
288 | 1.8.1.2 | ||
289 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch b/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch new file mode 100644 index 000000000..584ddc8d9 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From 760ccbb2fb046621a2aeaecabb2b1ef9aa280cf1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yulong Pei <Yulong.pei@windriver.com> | ||
3 | Date: Thu, 1 Sep 2011 01:03:14 +0800 | ||
4 | Subject: [PATCH] replace lynx to curl in apachectl script | ||
5 | |||
6 | Upstream-Status: Inappropriate [configuration] | ||
7 | |||
8 | Signed-off-by: Yulong Pei <Yulong.pei@windriver.com> | ||
9 | --- | ||
10 | support/apachectl.in | 14 ++++++++++---- | ||
11 | 1 files changed, 10 insertions(+), 4 deletions(-) | ||
12 | |||
13 | diff --git a/support/apachectl.in b/support/apachectl.in | ||
14 | index d4dff38..109ea13 100644 | ||
15 | --- a/support/apachectl.in | ||
16 | +++ b/support/apachectl.in | ||
17 | @@ -51,11 +51,11 @@ fi | ||
18 | # a command that outputs a formatted text version of the HTML at the | ||
19 | # url given on the command line. Designed for lynx, however other | ||
20 | # programs may work. | ||
21 | -LYNX="@LYNX_PATH@ -dump" | ||
22 | +CURL="/usr/bin/curl" | ||
23 | # | ||
24 | # the URL to your server's mod_status status page. If you do not | ||
25 | # have one, then status and fullstatus will not work. | ||
26 | -STATUSURL="http://localhost:@PORT@/server-status" | ||
27 | +STATUSURL="http://localhost:@PORT@/" | ||
28 | # | ||
29 | # Set this variable to a command that increases the maximum | ||
30 | # number of file descriptors allowed per child process. This is | ||
31 | @@ -91,10 +91,16 @@ configtest) | ||
32 | ERROR=$? | ||
33 | ;; | ||
34 | status) | ||
35 | - $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' | ||
36 | + $CURL -s $STATUSURL | grep -o "It works!" | ||
37 | + if [ $? != 0 ] ; then | ||
38 | + echo The httpd server does not work! | ||
39 | + fi | ||
40 | ;; | ||
41 | fullstatus) | ||
42 | - $LYNX $STATUSURL | ||
43 | + $CURL -s $STATUSURL | grep -o "It works!" | ||
44 | + if [ $? != 0 ] ; then | ||
45 | + echo The httpd server does not work! | ||
46 | + fi | ||
47 | ;; | ||
48 | *) | ||
49 | $HTTPD $ARGV | ||
50 | -- | ||
51 | 1.6.4 | ||
52 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch b/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch new file mode 100644 index 000000000..f1349cb6a --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch | |||
@@ -0,0 +1,11 @@ | |||
1 | --- http-2.0.54/server/Makefile.in-old 2005-12-20 13:26:56.000000000 -0500 | ||
2 | +++ http-2.0.54/server/Makefile.in 2005-12-20 13:27:22.000000000 -0500 | ||
3 | @@ -27,7 +27,7 @@ | ||
4 | $(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS) | ||
5 | |||
6 | test_char.h: gen_test_char | ||
7 | - ./gen_test_char > test_char.h | ||
8 | + gen_test_char > test_char.h | ||
9 | |||
10 | util.lo: test_char.h | ||
11 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb new file mode 100644 index 000000000..d79d40bd2 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb | |||
@@ -0,0 +1,160 @@ | |||
1 | DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ | ||
2 | extensible web server." | ||
3 | SUMMARY = "Apache HTTP Server" | ||
4 | HOMEPAGE = "http://httpd.apache.org/" | ||
5 | DEPENDS = "libtool-native apache2-native openssl expat pcre apr apr-util" | ||
6 | SECTION = "net" | ||
7 | LICENSE = "Apache-2.0" | ||
8 | |||
9 | SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \ | ||
10 | file://server-makefile.patch \ | ||
11 | file://httpd-2.4.1-corelimit.patch \ | ||
12 | file://httpd-2.4.4-export.patch \ | ||
13 | file://httpd-2.4.1-selinux.patch \ | ||
14 | file://apache-configure_perlbin.patch \ | ||
15 | file://replace-lynx-to-curl-in-apachectl-script.patch \ | ||
16 | file://apache-ssl-ltmain-rpath.patch \ | ||
17 | file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \ | ||
18 | file://npn-patch-2.4.7.patch \ | ||
19 | file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ | ||
20 | file://init \ | ||
21 | file://apache2-volatile.conf \ | ||
22 | file://apache2.service \ | ||
23 | file://apache-CVE-2014-0117.patch \ | ||
24 | " | ||
25 | |||
26 | LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83" | ||
27 | SRC_URI[md5sum] = "44543dff14a4ebc1e9e2d86780507156" | ||
28 | SRC_URI[sha256sum] = "176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a" | ||
29 | |||
30 | S = "${WORKDIR}/httpd-${PV}" | ||
31 | |||
32 | inherit autotools update-rc.d pkgconfig systemd | ||
33 | |||
34 | SYSTEMD_SERVICE_${PN} = "apache2.service" | ||
35 | SYSTEMD_AUTO_ENABLE_${PN} = "disable" | ||
36 | |||
37 | SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" | ||
38 | |||
39 | CFLAGS_append = " -DPATH_MAX=4096" | ||
40 | CFLAGS_prepend = "-I${STAGING_INCDIR}/openssl " | ||
41 | EXTRA_OECONF = "--enable-ssl \ | ||
42 | --with-ssl=${STAGING_LIBDIR}/.. \ | ||
43 | --with-expat=${STAGING_LIBDIR}/.. \ | ||
44 | --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ | ||
45 | --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ | ||
46 | --enable-info \ | ||
47 | --enable-rewrite \ | ||
48 | --with-dbm=sdbm \ | ||
49 | --with-berkeley-db=no \ | ||
50 | --localstatedir=/var/${BPN} \ | ||
51 | --with-gdbm=no \ | ||
52 | --with-ndbm=no \ | ||
53 | --includedir=${includedir}/${BPN} \ | ||
54 | --datadir=${datadir}/${BPN} \ | ||
55 | --sysconfdir=${sysconfdir}/${BPN} \ | ||
56 | --libexecdir=${libdir}/${BPN}/modules \ | ||
57 | ap_cv_void_ptr_lt_long=no \ | ||
58 | --enable-mpms-shared \ | ||
59 | ac_cv_have_threadsafe_pollset=no" | ||
60 | |||
61 | do_install_append() { | ||
62 | install -d ${D}/${sysconfdir}/init.d | ||
63 | cat ${WORKDIR}/init | \ | ||
64 | sed -e 's,/usr/sbin/,${sbindir}/,g' \ | ||
65 | -e 's,/usr/bin/,${bindir}/,g' \ | ||
66 | -e 's,/usr/lib,${libdir}/,g' \ | ||
67 | -e 's,/etc/,${sysconfdir}/,g' \ | ||
68 | -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${BPN} | ||
69 | chmod 755 ${D}/${sysconfdir}/init.d/${BPN} | ||
70 | # remove the goofy original files... | ||
71 | rm -rf ${D}/${sysconfdir}/${BPN}/original | ||
72 | # Expat should be found in the staging area via DEPENDS... | ||
73 | rm -f ${D}/${libdir}/libexpat.* | ||
74 | |||
75 | install -d ${D}${sysconfdir}/${BPN}/conf.d | ||
76 | install -d ${D}${sysconfdir}/${BPN}/modules.d | ||
77 | |||
78 | # Ensure configuration file pulls in conf.d and modules.d | ||
79 | printf "\nIncludeOptional ${sysconfdir}/${BPN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${BPN}/httpd.conf | ||
80 | printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${BPN}/httpd.conf | ||
81 | # match with that is in init script | ||
82 | printf "\nPidFile /run/httpd.pid" >> ${D}/${sysconfdir}/${BPN}/httpd.conf | ||
83 | # Set 'ServerName' to fix error messages when restart apache service | ||
84 | sed -i 's/^#ServerName www.example.com/ServerName localhost/' ${D}/${sysconfdir}/${BPN}/httpd.conf | ||
85 | |||
86 | if ${@base_contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then | ||
87 | install -d ${D}${sysconfdir}/tmpfiles.d/ | ||
88 | install -m 0644 ${WORKDIR}/apache2-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ | ||
89 | fi | ||
90 | |||
91 | install -d ${D}${systemd_unitdir}/system | ||
92 | install -m 0644 ${WORKDIR}/apache2.service ${D}${systemd_unitdir}/system | ||
93 | sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/apache2.service | ||
94 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' ${D}${systemd_unitdir}/system/apache2.service | ||
95 | } | ||
96 | |||
97 | SYSROOT_PREPROCESS_FUNCS += "apache_sysroot_preprocess" | ||
98 | |||
99 | apache_sysroot_preprocess () { | ||
100 | install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ | ||
101 | install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}/ | ||
102 | sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${BPN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs | ||
103 | sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${TARGET_PREFIX}libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs | ||
104 | |||
105 | sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk | ||
106 | sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk | ||
107 | sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk | ||
108 | } | ||
109 | |||
110 | # | ||
111 | # implications - used by update-rc.d scripts | ||
112 | # | ||
113 | INITSCRIPT_NAME = "apache2" | ||
114 | INITSCRIPT_PARAMS = "defaults 91 20" | ||
115 | LEAD_SONAME = "libapr-1.so.0" | ||
116 | |||
117 | PACKAGES = "${PN}-scripts ${PN}-doc ${PN}-dev ${PN}-dbg ${PN}" | ||
118 | |||
119 | CONFFILES_${PN} = "${sysconfdir}/${BPN}/httpd.conf \ | ||
120 | ${sysconfdir}/${BPN}/magic \ | ||
121 | ${sysconfdir}/${BPN}/mime.types \ | ||
122 | ${sysconfdir}/init.d/${BPN} " | ||
123 | |||
124 | # we override here rather than append so that .so links are | ||
125 | # included in the runtime package rather than here (-dev) | ||
126 | # and to get build, icons, error into the -dev package | ||
127 | FILES_${PN}-dev = "${datadir}/${BPN}/build \ | ||
128 | ${datadir}/${BPN}/icons \ | ||
129 | ${datadir}/${BPN}/error \ | ||
130 | ${bindir}/apr-config ${bindir}/apu-config \ | ||
131 | ${libdir}/apr*.exp \ | ||
132 | ${includedir}/${BPN} \ | ||
133 | ${libdir}/*.la \ | ||
134 | ${libdir}/*.a \ | ||
135 | ${bindir}/apxs \ | ||
136 | " | ||
137 | |||
138 | |||
139 | # manual to manual | ||
140 | FILES_${PN}-doc += " ${datadir}/${BPN}/manual" | ||
141 | |||
142 | FILES_${PN}-scripts += "${bindir}/dbmmanage" | ||
143 | |||
144 | # | ||
145 | # override this too - here is the default, less datadir | ||
146 | # | ||
147 | FILES_${PN} = "${bindir} ${sbindir} ${libexecdir} ${libdir}/lib*.so.* ${sysconfdir} \ | ||
148 | ${sharedstatedir} ${localstatedir} /bin /sbin /lib/*.so* \ | ||
149 | ${libdir}/${BPN}" | ||
150 | |||
151 | # we want htdocs and cgi-bin to go with the binary | ||
152 | FILES_${PN} += "${datadir}/${BPN}/htdocs ${datadir}/${BPN}/cgi-bin" | ||
153 | |||
154 | #make sure the lone .so links also get wrapped in the base package | ||
155 | FILES_${PN} += "${libdir}/lib*.so ${libdir}/pkgconfig/*" | ||
156 | |||
157 | FILES_${PN}-dbg += "${libdir}/${BPN}/modules/.debug" | ||
158 | |||
159 | RDEPENDS_${PN} += "openssl libgcc" | ||
160 | RDEPENDS_${PN}-scripts += "perl ${PN}" | ||
diff --git a/meta-webserver/recipes-httpd/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch b/meta-webserver/recipes-httpd/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch new file mode 100644 index 000000000..63096db0a --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From d8837756f2a48adcfe5d645c39cf163d96eac76c Mon Sep 17 00:00:00 2001 | ||
2 | From: Koen Kooi <koen.kooi@linaro.org> | ||
3 | Date: Tue, 17 Jun 2014 09:10:57 +0200 | ||
4 | Subject: [PATCH] configure: use pkg-config for PCRE detection | ||
5 | |||
6 | Signed-off-by: Koen Kooi <koen.kooi@linaro.org> | ||
7 | Upstream-Status: pending | ||
8 | --- | ||
9 | configure.in | 27 +++++---------------------- | ||
10 | 1 file changed, 5 insertions(+), 22 deletions(-) | ||
11 | |||
12 | diff --git a/configure.in b/configure.in | ||
13 | index 864d7c7..da4138e 100644 | ||
14 | --- a/configure.in | ||
15 | +++ b/configure.in | ||
16 | @@ -215,28 +215,11 @@ fi | ||
17 | AC_ARG_WITH(pcre, | ||
18 | APACHE_HELP_STRING(--with-pcre=PATH,Use external PCRE library)) | ||
19 | |||
20 | -AC_PATH_PROG(PCRE_CONFIG, pcre-config, false) | ||
21 | -if test -d "$with_pcre" && test -x "$with_pcre/bin/pcre-config"; then | ||
22 | - PCRE_CONFIG=$with_pcre/bin/pcre-config | ||
23 | -elif test -x "$with_pcre"; then | ||
24 | - PCRE_CONFIG=$with_pcre | ||
25 | -fi | ||
26 | - | ||
27 | -if test "$PCRE_CONFIG" != "false"; then | ||
28 | - if $PCRE_CONFIG --version >/dev/null 2>&1; then :; else | ||
29 | - AC_MSG_ERROR([Did not find pcre-config script at $PCRE_CONFIG]) | ||
30 | - fi | ||
31 | - case `$PCRE_CONFIG --version` in | ||
32 | - [[1-5].*]) | ||
33 | - AC_MSG_ERROR([Need at least pcre version 6.0]) | ||
34 | - ;; | ||
35 | - esac | ||
36 | - AC_MSG_NOTICE([Using external PCRE library from $PCRE_CONFIG]) | ||
37 | - APR_ADDTO(PCRE_INCLUDES, [`$PCRE_CONFIG --cflags`]) | ||
38 | - APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs`]) | ||
39 | -else | ||
40 | - AC_MSG_ERROR([pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/]) | ||
41 | -fi | ||
42 | +PKG_CHECK_MODULES([PCRE], [libpcre], [ | ||
43 | + AC_DEFINE([HAVE_PCRE], [1], [Define if you have PCRE library]) | ||
44 | +], [ | ||
45 | + AC_MSG_ERROR([$PCRE_PKG_ERRORS]) | ||
46 | +]) | ||
47 | APACHE_SUBST(PCRE_LIBS) | ||
48 | |||
49 | AC_MSG_NOTICE([]) | ||
50 | -- | ||
51 | 1.9.3 | ||
52 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf b/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf new file mode 100644 index 000000000..ff2c58704 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf | |||
@@ -0,0 +1,2 @@ | |||
1 | d /var/run/apache2 0755 root root - | ||
2 | d /var/log/apache2 0755 root root - | ||
diff --git a/meta-webserver/recipes-httpd/apache2/files/apache2.service b/meta-webserver/recipes-httpd/apache2/files/apache2.service new file mode 100644 index 000000000..f4bcf9efa --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/files/apache2.service | |||
@@ -0,0 +1,14 @@ | |||
1 | [Unit] | ||
2 | Decription=The Apache HTTP Server | ||
3 | After=network.target remote-fs.target nss-lookup.target | ||
4 | |||
5 | [Service] | ||
6 | Type=simple | ||
7 | Environment=LANG=C | ||
8 | ExecStart=@SBINDIR@/httpd -DFOREGROUND -D SSL -D PHP5 -k start | ||
9 | ExecStop=@BASE_BINDIR@/kill -WINCH ${MAINPID} | ||
10 | KillSignal=SIGCONT | ||
11 | PrivateTmp=true | ||
12 | |||
13 | [Install] | ||
14 | WantedBy=multi-user.target | ||
diff --git a/meta-webserver/recipes-httpd/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch b/meta-webserver/recipes-httpd/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch new file mode 100644 index 000000000..b948753b4 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch | |||
@@ -0,0 +1,21 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | fix following race issue when do parallel install | ||
4 | | mkdir: cannot create directory `/home/mypc/workspace/poky/build_p4080ds_release/tmp/work/ppce500mc-fsl_networking-linux/apache2/2.4.3-r1/image/usr/share/apache2': File exists | ||
5 | ... | ||
6 | | mkdir: cannot create directory `/home/mypc/workspace/poky/build_p4080ds_release/tmp/work/ppce500mc-fsl_networking-linux/apache2/2.4.3-r1/image/usr/share/apache2': File exists | ||
7 | | make[1]: *** [install-man] Error 1 | ||
8 | | make[1]: *** Waiting for unfinished jobs.... | ||
9 | |||
10 | -Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com> | ||
11 | --- httpd-2.4.3/build/mkdir.sh.orig 2013-01-25 03:47:21.565255420 -0600 | ||
12 | +++ httpd-2.4.3/build/mkdir.sh 2013-01-25 03:46:17.833051230 -0600 | ||
13 | @@ -39,7 +39,7 @@ | ||
14 | esac | ||
15 | if test ! -d "$pathcomp"; then | ||
16 | echo "mkdir $pathcomp" 1>&2 | ||
17 | - mkdir "$pathcomp" || errstatus=$? | ||
18 | + mkdir -p "$pathcomp" || errstatus=$? | ||
19 | fi | ||
20 | pathcomp="$pathcomp/" | ||
21 | done | ||
diff --git a/meta-webserver/recipes-httpd/apache2/files/init b/meta-webserver/recipes-httpd/apache2/files/init new file mode 100755 index 000000000..a1adbd74f --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/files/init | |||
@@ -0,0 +1,73 @@ | |||
1 | #!/bin/sh | ||
2 | ### BEGIN INIT INFO | ||
3 | # Provides: httpd | ||
4 | # Required-Start: $local_fs $remote_fs $network $named | ||
5 | # Required-Stop: $local_fs $remote_fs $network | ||
6 | # Should-Start: distcache | ||
7 | # Short-Description: start and stop Apache HTTP Server | ||
8 | # Description: The Apache HTTP Server is an extensible server | ||
9 | # implementing the current HTTP standards. | ||
10 | ### END INIT INFO | ||
11 | |||
12 | ARGS="-D SSL -D PHP5 -k start" | ||
13 | NAME=apache2 | ||
14 | PATH=/bin:/usr/bin:/sbin:/usr/sbin | ||
15 | DAEMON=/usr/sbin/httpd | ||
16 | SUEXEC=/usr/lib/apache/suexec | ||
17 | PIDFILE=/run/httpd.pid | ||
18 | CONF=/etc/apache2/httpd.conf | ||
19 | APACHECTL=/usr/sbin/apachectl | ||
20 | |||
21 | trap "" 1 | ||
22 | export LANG=C | ||
23 | export PATH | ||
24 | |||
25 | test -f $DAEMON || exit 0 | ||
26 | test -f $APACHECTL || exit 0 | ||
27 | |||
28 | # ensure we don't leak environment vars into apachectl | ||
29 | APACHECTL="env -i LANG=${LANG} PATH=${PATH} $APACHECTL" | ||
30 | |||
31 | case "$1" in | ||
32 | start) | ||
33 | echo -n "Starting web server: $NAME" | ||
34 | $APACHECTL $ARGS | ||
35 | ;; | ||
36 | |||
37 | stop) | ||
38 | $APACHECTL stop | ||
39 | ;; | ||
40 | |||
41 | reload) | ||
42 | echo -n "Reloading $NAME configuration" | ||
43 | kill -HUP `cat $PIDFILE` | ||
44 | ;; | ||
45 | |||
46 | reload-modules) | ||
47 | echo -n "Reloading $NAME modules" | ||
48 | $APACHECTL restart | ||
49 | ;; | ||
50 | |||
51 | restart) | ||
52 | $APACHECTL restart | ||
53 | exit $? | ||
54 | ;; | ||
55 | |||
56 | force-reload) | ||
57 | $0 reload-modules | ||
58 | exit $? | ||
59 | ;; | ||
60 | |||
61 | *) | ||
62 | echo "Usage: /etc/init.d/$NAME {start|stop|reload|reload-modules|force-reload|restart}" | ||
63 | exit 1 | ||
64 | ;; | ||
65 | esac | ||
66 | |||
67 | if [ $? = 0 ]; then | ||
68 | echo . | ||
69 | exit 0 | ||
70 | else | ||
71 | echo failed | ||
72 | exit 1 | ||
73 | fi | ||