Hello community, here is the log from the commit of package apache2 for openSUSE:Factory checked in at 2013-07-02 12:20:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apache2 (Old) and /work/SRC/openSUSE:Factory/.apache2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2" Changes: -------- --- /work/SRC/openSUSE:Factory/apache2/apache2.changes 2013-03-08 09:50:02.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.apache2.new/apache2.changes 2013-07-02 12:20:14.000000000 +0200 @@ -1,0 +2,40 @@ +Tue Jun 18 07:41:36 UTC 2013 - [email protected] + +- apache-20-22-upgrade: still no cookie, module authn_file + is ok and must not be disabled on update. + authn_core must however be enabled too. + +------------------------------------------------------------------- +Tue Jun 18 06:42:33 UTC 2013 - [email protected] + +- fix apache_mmn spec macro, otherwise all modules down + the chain will have broken dependencies + +------------------------------------------------------------------- +Tue Jun 18 05:53:31 UTC 2013 - [email protected] + +- remove After=mysql.service php-fpm.service postgresql.service + which were added in the previous change, those must be added + as Before=apache2.service in the respective services. + +------------------------------------------------------------------- +Fri Jun 14 21:51:09 UTC 2013 - [email protected] + +- Include mod_systemd for more complete integration with + systemd, turn the service to Typé=notify as required + +- Disable SSL NPN patch for now, it is required for mod_spdy + but mod_spdy does not support apache 2.4 + +------------------------------------------------------------------- +Sat Jun 1 03:54:50 UTC 2013 - [email protected] + +- apache 2.4.4 +* fix for CVE-2012-3499 +* fix for the CRIME attack (disable ssl compression by default) +* many other bugfies + +* build access_compat amd unixd as static modules and solve + some other upgrade quirks (bnc#813705) + +------------------------------------------------------------------- Old: ---- httpd-2.4.3.tar.xz New: ---- apache2-implicit-pointer-decl.patch httpd-2.4.3-mod_systemd.patch httpd-2.4.4.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache2.spec ++++++ --- /var/tmp/diff_new_pack.SUKItQ/_old 2013-07-02 12:20:16.000000000 +0200 +++ /var/tmp/diff_new_pack.SUKItQ/_new 2013-07-02 12:20:16.000000000 +0200 @@ -33,7 +33,8 @@ BuildRequires: libcap-devel %endif %if 0%{?suse_version} >= 1210 -BuildRequires: systemd +BuildRequires: pkgconfig(systemd) +BuildRequires: pkgconfig(libsystemd-daemon) %endif %if %{?suse_version:1}0 @@ -48,7 +49,7 @@ %define pname apache2 %define vers 2 %define httpd httpd2 -%define apache_mmn %(test -s %{S:0} && { echo -n apache_mmn_; xzcat %{S:0} | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; }) +%define apache_mmn %(test -s %{S:0} && { echo -n apache_mmn_; bzcat %{S:0} | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; }) %define default_mpm prefork %{!?prefork:%define prefork 1} %{!?worker:%define worker 1} @@ -80,11 +81,11 @@ # "Server:" header %define VENDOR SUSE %define platform_string Linux/%VENDOR -%define realver 2.4.3 -Version: 2.4.3 +%define realver 2.4.4 +Version: 2.4.4 Release: 0 #Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2 -Source0: httpd-%{realver}.tar.xz +Source0: httpd-%{realver}.tar.bz2 # Add file to take mtime from it in prep section Source1: apache2.changes Source6: 60C5442D.key @@ -144,11 +145,14 @@ Patch67: httpd-2.2.0-apxs-a2enmod.dif Patch68: httpd-2.x.x-logresolve.patch Patch69: httpd-2.2.x-bnc690734.patch +Patch70: apache2-implicit-pointer-decl.patch Patch100: apache2.4-mpm-itk-2.4.2-01.patch Patch101: httpd-2.2.19-linux3.patch # PATCH-FEATURE-UPSTREAM apache2-mod_ssl_npn.patch [email protected] -- Add npn support to mod_ssl (needed for spdy) -Patch108: apache2-mod_ssl_npn.patch -Provides: apache2(mod_ssl+npn) +#Patch108: apache2-mod_ssl_npn.patch +#Provides: apache2(mod_ssl+npn) +# PATCH-FEATURE-UPSTREAM httpd-2.4.3-mod_systemd.patch [email protected] simple module provides systemd integration. +Patch109: httpd-2.4.3-mod_systemd.patch Url: http://httpd.apache.org/ Icon: Apache.xpm Summary: The Apache Web Server Version 2.2 @@ -367,9 +371,11 @@ %patch67 -p1 %patch68 -p1 #%patch69 +%patch70 -p1 %patch100 -p1 %patch101 -%patch108 -p1 +#%patch108 -p1 +%patch109 -p1 # cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE @@ -429,6 +435,7 @@ --enable-pie \ %endif --enable-mods-shared=all \ + --enable-mods-static="access_compat unixd" \ --enable-ssl=shared \ \ --disable-isapi \ @@ -723,7 +730,7 @@ # ln -sf ../mime.types $RPM_BUILD_ROOT/%{sysconfdir}/mime.types -mv $RPM_BUILD_ROOT/%{cgidir}/printenv . +mv $RPM_BUILD_ROOT/%{cgidir}/printenv* . mv $RPM_BUILD_ROOT/%{cgidir}/test-cgi . pushd $RPM_BUILD_ROOT/%{_mandir} for i in $(find . -type f); do ++++++ apache-20-22-upgrade ++++++ --- /var/tmp/diff_new_pack.SUKItQ/_old 2013-07-02 12:20:16.000000000 +0200 +++ /var/tmp/diff_new_pack.SUKItQ/_new 2013-07-02 12:20:16.000000000 +0200 @@ -60,11 +60,19 @@ a2enmod mod_authnz_ldap fi -for module in mod_authn_default mod_authz_default mod_mem_cache; do +for module in mod_authn_default mod_authz_default mod_mem_cache authz_default; do if a2enmod -q "$module"; then echo "!!ATTENTION! $module was removed from apache version 2.4 or later, CHECK YOUR CONFIGURATION!!!" a2dismod "$module" fi done +if [ -x /usr/bin/systemd-notify ] && /usr/bin/systemd-notify --booted && ! a2enmod -q systemd; then + a2enmod systemd +fi + +if ! a2enmod -q authn_core; then + a2enmod authn_core +fi + echo 'Done.' ++++++ apache2-implicit-pointer-decl.patch ++++++ --- httpd-2.4.4.orig/server/request.c +++ httpd-2.4.4/server/request.c @@ -46,10 +46,13 @@ #include "util_script.h" #include "ap_expr.h" #include "mod_request.h" - +#include "http_connection.h" #include "mod_core.h" #include "mod_auth.h" +#include <unistd.h> +#include <sys/types.h> + #if APR_HAVE_STDARG_H #include <stdarg.h> #endif --- httpd-2.4.4.orig/server/config.c +++ httpd-2.4.4/server/config.c @@ -48,10 +48,14 @@ #include "http_request.h" /* for default_handler (see invoke_handler) */ #include "http_main.h" #include "http_vhost.h" +#include "http_connection.h" #include "util_cfgtree.h" #include "util_varbuf.h" #include "mpm_common.h" +#include <unistd.h> +#include <sys/types.h> + #define APLOG_UNSET (APLOG_NO_MODULE - 1) /* we know core's module_index is 0 */ #undef APLOG_MODULE_INDEX ++++++ apache2-mod_ssl_npn.patch ++++++ --- /var/tmp/diff_new_pack.SUKItQ/_old 2013-07-02 12:20:16.000000000 +0200 +++ /var/tmp/diff_new_pack.SUKItQ/_new 2013-07-02 12:20:16.000000000 +0200 @@ -1,5 +1,5 @@ ---- httpd-2.4.3.orig/modules/ssl/mod_ssl.c -+++ httpd-2.4.3/modules/ssl/mod_ssl.c +--- httpd-2.4.4.orig/modules/ssl/mod_ssl.c ++++ httpd-2.4.4/modules/ssl/mod_ssl.c @@ -94,6 +94,15 @@ static const command_rec ssl_config_cmds SSL_CMD_SRV(PKCS7CertificateFile, TAKE1, "PKCS#7 file containing server certificate and chain" @@ -16,9 +16,9 @@ #ifdef HAVE_TLS_SESSION_TICKETS SSL_CMD_SRV(SessionTicketKeyFile, TAKE1, "TLS session ticket encryption/decryption key file (RFC 5077) " -@@ -148,6 +157,15 @@ static const command_rec ssl_config_cmds - SSL_CMD_SRV(StrictSNIVHostCheck, FLAG, - "Strict SNI virtual host checking") +@@ -157,6 +166,15 @@ static const command_rec ssl_config_cmds + "('some secret text')") + #endif +#ifndef OPENSSL_NO_SRP + SSL_CMD_SRV(SRPVerifierFile, TAKE1, @@ -32,7 +32,7 @@ /* * Proxy configuration for remote SSL connections */ -@@ -263,6 +281,18 @@ static const command_rec ssl_config_cmds +@@ -272,6 +290,18 @@ static const command_rec ssl_config_cmds AP_END_CMD }; @@ -51,8 +51,8 @@ /* * the various processing hooks */ ---- httpd-2.4.3.orig/modules/ssl/mod_ssl.h -+++ httpd-2.4.3/modules/ssl/mod_ssl.h +--- httpd-2.4.4.orig/modules/ssl/mod_ssl.h ++++ httpd-2.4.4/modules/ssl/mod_ssl.h @@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_e APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); @@ -80,8 +80,8 @@ + #endif /* __MOD_SSL_H__ */ /** @} */ ---- httpd-2.4.3.orig/modules/ssl/ssl_engine_config.c -+++ httpd-2.4.3/modules/ssl/ssl_engine_config.c +--- httpd-2.4.4.orig/modules/ssl/ssl_engine_config.c ++++ httpd-2.4.4/modules/ssl/ssl_engine_config.c @@ -125,6 +125,10 @@ static void modssl_ctx_init(modssl_ctx_t mctx->crl_file = NULL; mctx->crl_check_mode = SSL_CRLCHECK_UNSET; @@ -93,9 +93,9 @@ mctx->auth.ca_cert_path = NULL; mctx->auth.ca_cert_file = NULL; mctx->auth.cipher_suite = NULL; -@@ -149,6 +153,12 @@ static void modssl_ctx_init(modssl_ctx_t - mctx->stapling_responder_timeout = UNSET; - mctx->stapling_force_url = NULL; +@@ -155,6 +159,12 @@ static void modssl_ctx_init(modssl_ctx_t + mctx->srp_unknown_user_seed = NULL; + mctx->srp_vbase = NULL; #endif + +#ifndef OPENSSL_NO_SRP @@ -106,7 +106,7 @@ } static void modssl_ctx_init_proxy(SSLSrvConfigRec *sc, -@@ -251,6 +264,10 @@ static void modssl_ctx_cfg_merge(modssl_ +@@ -257,6 +267,10 @@ static void modssl_ctx_cfg_merge(modssl_ cfgMerge(crl_file, NULL); cfgMerge(crl_check_mode, SSL_CRLCHECK_UNSET); @@ -117,22 +117,11 @@ cfgMergeString(auth.ca_cert_path); cfgMergeString(auth.ca_cert_file); cfgMergeString(auth.cipher_suite); -@@ -274,6 +291,11 @@ static void modssl_ctx_cfg_merge(modssl_ - cfgMergeInt(stapling_responder_timeout); - cfgMerge(stapling_force_url, NULL); - #endif -+ -+#ifndef OPENSSL_NO_SRP -+ cfgMergeString(srp_vfile); -+ cfgMergeString(srp_unknown_user_seed); -+#endif - } +@@ -839,6 +853,54 @@ const char *ssl_cmd_SSLPKCS7CertificateF - static void modssl_ctx_cfg_merge_proxy(modssl_ctx_t *base, -@@ -829,6 +871,54 @@ const char *ssl_cmd_SSLPKCS7CertificateF return NULL; } - ++ +const char *ssl_cmd_SSLRSAAuthzFile(cmd_parms *cmd, + void *dcfg, + const char *arg) @@ -180,45 +169,11 @@ + + return NULL; +} -+ + #ifdef HAVE_TLS_SESSION_TICKETS const char *ssl_cmd_SSLSessionTicketKeyFile(cmd_parms *cmd, - void *dcfg, -@@ -1782,6 +1872,32 @@ const char *ssl_cmd_SSLStaplingForceURL( - - #endif /* HAVE_OCSP_STAPLING */ - -+#ifndef OPENSSL_NO_SRP -+ -+const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg, -+ const char *arg) -+{ -+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); -+ const char *err; -+ -+ if ((err = ssl_cmd_check_file(cmd, &arg))) -+ return err; -+ /* SRP_VBASE_init takes char*, not const char* */ -+ sc->server->srp_vfile = apr_pstrdup(cmd->pool, arg); -+ return NULL; -+} -+ -+const char *ssl_cmd_SSLSRPUnknownUserSeed(cmd_parms *cmd, void *dcfg, -+ const char *arg) -+{ -+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); -+ /* SRP_VBASE_new takes char*, not const char* */ -+ sc->server->srp_unknown_user_seed = apr_pstrdup(cmd->pool, arg); -+ return NULL; -+} -+ -+#endif /* OPENSSL_NO_SRP */ -+ - void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s) - { - apr_file_t *out = NULL; ---- httpd-2.4.3.orig/modules/ssl/ssl_engine_io.c -+++ httpd-2.4.3/modules/ssl/ssl_engine_io.c +--- httpd-2.4.4.orig/modules/ssl/ssl_engine_io.c ++++ httpd-2.4.4/modules/ssl/ssl_engine_io.c @@ -28,6 +28,7 @@ core keeps dumping.'' -- Unknown */ @@ -235,7 +190,7 @@ } bio_filter_in_ctx_t; /* -@@ -1374,6 +1376,26 @@ static apr_status_t ssl_io_filter_input( +@@ -1385,6 +1387,26 @@ static apr_status_t ssl_io_filter_input( APR_BRIGADE_INSERT_TAIL(bb, bucket); } @@ -262,7 +217,7 @@ return APR_SUCCESS; } -@@ -1855,6 +1877,7 @@ static void ssl_io_input_add_filter(ssl_ +@@ -1866,6 +1888,7 @@ static void ssl_io_input_add_filter(ssl_ inctx->block = APR_BLOCK_READ; inctx->pool = c->pool; inctx->filter_ctx = filter_ctx; @@ -270,8 +225,8 @@ } /* The request_rec pointer is passed in here only to ensure that the ---- httpd-2.4.3.orig/modules/ssl/ssl_engine_kernel.c -+++ httpd-2.4.3/modules/ssl/ssl_engine_kernel.c +--- httpd-2.4.4.orig/modules/ssl/ssl_engine_kernel.c ++++ httpd-2.4.4/modules/ssl/ssl_engine_kernel.c @@ -29,6 +29,7 @@ time I was too famous.'' -- Unknown */ @@ -280,8 +235,8 @@ #include "util_md5.h" static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); -@@ -329,6 +330,19 @@ int ssl_hook_Access(request_rec *r) - return DECLINED; +@@ -320,6 +321,19 @@ int ssl_hook_Access(request_rec *r) + return HTTP_FORBIDDEN; } +#ifndef OPENSSL_NO_SRP @@ -298,167 +253,19 @@ +#endif + /* - * Support for per-directory reconfigured SSL connection parameters. - * -@@ -1088,6 +1102,10 @@ static const char *ssl_hook_Fixup_vars[] - "SSL_SERVER_A_SIG", - "SSL_SESSION_ID", - "SSL_SESSION_RESUMED", -+#ifndef OPENSSL_NO_SRP -+ "SSL_SRP_USER", -+ "SSL_SRP_USERINFO", -+#endif - NULL - }; + * Check to see whether SSL is in use; if it's not, then no + * further access control checks are relevant. (the test for +@@ -1397,7 +1411,7 @@ EC_KEY *ssl_callback_TmpECDH(SSL *ssl, i -@@ -2072,7 +2090,7 @@ static int ssl_find_vhost(void *serverna - - return 0; + return (EC_KEY *)mc->pTmpKeys[idx]; } -#endif +#endif /* OPENSSL_NO_TLSEXT */ - #ifdef HAVE_TLS_SESSION_TICKETS /* -@@ -2142,4 +2160,114 @@ int ssl_callback_SessionTicket(SSL *ssl, - /* OpenSSL is not expected to call us with modes other than 1 or 0 */ - return -1; - } --#endif -+#endif /* HAVE_TLS_SESSION_TICKETS */ -+ -+#ifdef HAVE_TLS_NPN -+/* -+ * This callback function is executed when SSL needs to decide what protocols -+ * to advertise during Next Protocol Negotiation (NPN). It must produce a -+ * string in wire format -- a sequence of length-prefixed strings -- indicating -+ * the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb -+ * in OpenSSL for reference. -+ */ -+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out, -+ unsigned int *size_out, void *arg) -+{ -+ conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); -+ apr_array_header_t *protos; -+ int num_protos; -+ unsigned int size; -+ int i; -+ unsigned char *data; -+ unsigned char *start; -+ -+ *data_out = NULL; -+ *size_out = 0; -+ -+ /* If the connection object is not available, then there's nothing for us -+ * to do. */ -+ if (c == NULL) { -+ return SSL_TLSEXT_ERR_OK; -+ } -+ -+ /* Invoke our npn_advertise_protos hook, giving other modules a chance to -+ * add alternate protocol names to advertise. */ -+ protos = apr_array_make(c->pool, 0, sizeof(char*)); -+ modssl_run_npn_advertise_protos_hook(c, protos); -+ num_protos = protos->nelts; -+ -+ /* We now have a list of null-terminated strings; we need to concatenate -+ * them together into a single string, where each protocol name is prefixed -+ * by its length. First, calculate how long that string will be. */ -+ size = 0; -+ for (i = 0; i < num_protos; ++i) { -+ const char *string = APR_ARRAY_IDX(protos, i, const char*); -+ unsigned int length = strlen(string); -+ /* If the protocol name is too long (the length must fit in one byte), -+ * then log an error and skip it. */ -+ if (length > 255) { -+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02307) -+ "SSL NPN protocol name too long (length=%u): %s", -+ length, string); -+ continue; -+ } -+ /* Leave room for the length prefix (one byte) plus the protocol name -+ * itself. */ -+ size += 1 + length; -+ } -+ -+ /* If there is nothing to advertise (either because no modules added -+ * anything to the protos array, or because all strings added to the array -+ * were skipped), then we're done. */ -+ if (size == 0) { -+ return SSL_TLSEXT_ERR_OK; -+ } -+ -+ /* Now we can build the string. Copy each protocol name string into the -+ * larger string, prefixed by its length. */ -+ data = apr_palloc(c->pool, size * sizeof(unsigned char)); -+ start = data; -+ for (i = 0; i < num_protos; ++i) { -+ const char *string = APR_ARRAY_IDX(protos, i, const char*); -+ apr_size_t length = strlen(string); -+ if (length > 255) -+ continue; -+ *start = (unsigned char)length; -+ ++start; -+ memcpy(start, string, length * sizeof(unsigned char)); -+ start += length; -+ } -+ -+ /* Success. */ -+ *data_out = data; -+ *size_out = size; -+ return SSL_TLSEXT_ERR_OK; -+} -+ -+#endif /* HAVE_TLS_NPN */ -+ -+#ifndef OPENSSL_NO_SRP -+ -+int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg) -+{ -+ modssl_ctx_t *mctx = (modssl_ctx_t *)arg; -+ char *username = SSL_get_srp_username(ssl); -+ SRP_user_pwd *u; -+ -+ if (username == NULL -+ || (u = SRP_VBASE_get_by_user(mctx->srp_vbase, username)) == NULL) { -+ *ad = SSL_AD_UNKNOWN_PSK_IDENTITY; -+ return SSL3_AL_FATAL; -+ } -+ -+ if (SSL_set_srp_server_param(ssl, u->N, u->g, u->s, u->v, u->info) < 0) { -+ *ad = SSL_AD_INTERNAL_ERROR; -+ return SSL3_AL_FATAL; -+ } -+ -+ /* reset all other options */ -+ SSL_set_verify(ssl, SSL_VERIFY_NONE, ssl_callback_SSLVerify); -+ return SSL_ERROR_NONE; -+} -+ -+#endif /* OPENSSL_NO_SRP */ ---- httpd-2.4.3.orig/modules/ssl/ssl_engine_vars.c -+++ httpd-2.4.3/modules/ssl/ssl_engine_vars.c -@@ -395,6 +395,18 @@ static char *ssl_var_lookup_ssl(apr_pool - #endif - result = apr_pstrdup(p, flag ? "true" : "false"); - } -+#ifndef OPENSSL_NO_SRP -+ else if (ssl != NULL && strcEQ(var, "SRP_USER")) { -+ if ((result = SSL_get_srp_username(ssl)) != NULL) { -+ result = apr_pstrdup(p, result); -+ } -+ } -+ else if (ssl != NULL && strcEQ(var, "SRP_USERINFO")) { -+ if ((result = SSL_get_srp_userinfo(ssl)) != NULL) { -+ result = apr_pstrdup(p, result); -+ } -+ } -+#endif - - return result; - } ---- httpd-2.4.3.orig/modules/ssl/ssl_private.h -+++ httpd-2.4.3/modules/ssl/ssl_private.h + * This OpenSSL callback function is called when OpenSSL +--- httpd-2.4.4.orig/modules/ssl/ssl_private.h ++++ httpd-2.4.4/modules/ssl/ssl_private.h @@ -139,6 +139,11 @@ #define HAVE_FIPS #endif @@ -471,8 +278,8 @@ #if (OPENSSL_VERSION_NUMBER >= 0x10000000) #define MODSSL_SSL_CIPHER_CONST const #define MODSSL_SSL_METHOD_CONST const -@@ -185,6 +190,20 @@ - #define OPENSSL_NO_COMP +@@ -194,6 +199,20 @@ + #endif #endif +#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \ @@ -492,16 +299,10 @@ /* mod_ssl headers */ #include "ssl_util_ssl.h" -@@ -647,6 +666,17 @@ typedef struct { - const char *stapling_force_url; +@@ -662,6 +681,11 @@ typedef struct { + SRP_VBASE *srp_vbase; #endif -+#ifndef OPENSSL_NO_SRP -+ char *srp_vfile; -+ char *srp_unknown_user_seed; -+ SRP_VBASE *srp_vbase; -+#endif -+ + /** RFC 5878 */ + const char *rsa_authz_file; + const char *dsa_authz_file; @@ -510,7 +311,7 @@ modssl_auth_ctx_t auth; BOOL ocsp_enabled; /* true if OCSP verification enabled */ -@@ -723,6 +756,9 @@ const char *ssl_cmd_SSLCryptoDevice(cmd +@@ -738,6 +762,9 @@ const char *ssl_cmd_SSLCryptoDevice(cmd const char *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *); const char *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *); @@ -520,9 +321,9 @@ const char *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *); -@@ -775,6 +811,11 @@ const char *ssl_cmd_SSLOCSPResponseMaxAg - const char *ssl_cmd_SSLOCSPResponderTimeout(cmd_parms *cmd, void *dcfg, const char *arg); - const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, int flag); +@@ -795,6 +822,11 @@ const char *ssl_cmd_SSLSRPVerifierFile(c + const char *ssl_cmd_SSLSRPUnknownUserSeed(cmd_parms *cmd, void *dcfg, const char *arg); + #endif +#ifndef OPENSSL_NO_SRP +const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg, const char *arg); @@ -532,7 +333,7 @@ const char *ssl_cmd_SSLFIPS(cmd_parms *cmd, void *dcfg, int flag); /** module initialization */ -@@ -820,6 +861,7 @@ int ssl_callback_ServerNameIndi +@@ -840,6 +872,7 @@ int ssl_callback_ServerNameIndi int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int); #endif @@ -540,13 +341,13 @@ /** Session Cache Support */ void ssl_scache_init(server_rec *, apr_pool_t *); -@@ -851,6 +893,9 @@ void modssl_init_stapling(server - void ssl_stapling_ex_init(void); - int ssl_stapling_init_cert(server_rec *s, modssl_ctx_t *mctx, X509 *x); +@@ -873,6 +906,9 @@ int ssl_stapling_init_cert(serv #endif + #ifndef OPENSSL_NO_SRP + int ssl_callback_SRPServerParams(SSL *, int *, void *); ++#endif +#ifndef OPENSSL_NO_SRP +int ssl_callback_SRPServerParams(SSL *, int *, void *); -+#endif + #endif /** I/O */ - void ssl_io_filter_init(conn_rec *, request_rec *r, SSL *); ++++++ apache2.service ++++++ --- /var/tmp/diff_new_pack.SUKItQ/_old 2013-07-02 12:20:16.000000000 +0200 +++ /var/tmp/diff_new_pack.SUKItQ/_new 2013-07-02 12:20:16.000000000 +0200 @@ -1,9 +1,11 @@ [Unit] Description=The Apache Webserver -After=network.target remote-fs.target nss-lookup.target +Wants=network.target nss-lookup.target +After=network.target nss-lookup.target [email protected] [Service] +Type=notify PrivateTmp=true EnvironmentFile=/etc/sysconfig/apache2 ExecStart=/usr/sbin/start_apache2 -D SYSTEMD -DNO_DETACH -k start ++++++ httpd-2.4.3-mod_systemd.patch ++++++ --- httpd-2.4.3/modules/arch/unix/config5.m4.systemd +++ httpd-2.4.3/modules/arch/unix/config5.m4 @@ -18,6 +18,19 @@ APACHE_MODULE(privileges, Per-virtualhos fi ]) + +APACHE_MODULE(systemd, Systemd support, , , $unixd_mods_enabled, [ + AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon") + AC_CHECK_HEADERS(systemd/sd-daemon.h, [ap_HAVE_SD_DAEMON_H="yes"], [ap_HAVE_SD_DAEMON_H="no"]) + if test $ap_HAVE_SD_DAEMON_H = "no" || test -z "${SYSTEMD_LIBS}"; then + AC_MSG_WARN([Your system does not support systemd.]) + enable_systemd="no" + else + APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS]) + enable_systemd="yes" + fi +]) + APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) APACHE_MODPATH_FINISH --- httpd-2.4.3/modules/arch/unix/mod_systemd.c.systemd +++ httpd-2.4.3/modules/arch/unix/mod_systemd.c @@ -0,0 +1,138 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <stdint.h> +#include <ap_config.h> +#include "ap_mpm.h" +#include <http_core.h> +#include <http_log.h> +#include <apr_version.h> +#include <apr_pools.h> +#include <apr_strings.h> +#include "unixd.h" +#include "scoreboard.h" +#include "mpm_common.h" + +#include "systemd/sd-daemon.h" + +#if APR_HAVE_UNISTD_H +#include <unistd.h> +#endif + +#define KBYTE 1024 + +static pid_t pid; /* PID of the main httpd instance */ +static int server_limit, thread_limit, threads_per_child, max_servers; +static time_t last_update_time; +static unsigned long last_update_access; +static unsigned long last_update_kbytes; + +static int systemd_pre_mpm(apr_pool_t *p, ap_scoreboard_e sb_type) +{ + int rv; + last_update_time = time(0); + + ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit); + ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit); + ap_mpm_query(AP_MPMQ_MAX_THREADS, &threads_per_child); + /* work around buggy MPMs */ + if (threads_per_child == 0) + threads_per_child = 1; + ap_mpm_query(AP_MPMQ_MAX_DAEMONS, &max_servers); + + pid = getpid(); + + rv = sd_notifyf(0, "READY=1\n" + "STATUS=Processing requests...\n" + "MAINPID=%lu", + (unsigned long) pid); + if (rv < 0) { + ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p, + "sd_notifyf returned an error %d", rv); + } + + return OK; +} + +static int systemd_monitor(apr_pool_t *p, server_rec *s) +{ + int i, j, res, rv; + process_score *ps_record; + worker_score *ws_record; + unsigned long access = 0; + unsigned long bytes = 0; + unsigned long kbytes = 0; + char bps[5]; + time_t now = time(0); + time_t elapsed = now - last_update_time; + + for (i = 0; i < server_limit; ++i) { + ps_record = ap_get_scoreboard_process(i); + for (j = 0; j < thread_limit; ++j) { + ws_record = ap_get_scoreboard_worker_from_indexes(i, j); + if (ap_extended_status && !ps_record->quiescing && ps_record->pid) { + res = ws_record->status; + if (ws_record->access_count != 0 || + (res != SERVER_READY && res != SERVER_DEAD)) { + access += ws_record->access_count; + bytes += ws_record->bytes_served; + if (bytes >= KBYTE) { + kbytes += (bytes >> 10); + bytes = bytes & 0x3ff; + } + } + } + } + } + + apr_strfsize((unsigned long)(KBYTE *(float) (kbytes - last_update_kbytes) + / (float) elapsed), bps); + + rv = sd_notifyf(0, "READY=1\n" + "STATUS=Total requests: %lu; Current requests/sec: %.3g; " + "Current traffic: %sB/sec\n", access, + ((float)access - last_update_access) / (float) elapsed, bps); + if (rv < 0) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00000) + "sd_notifyf returned an error %d", rv); + } + + last_update_access = access; + last_update_kbytes = kbytes; + last_update_time = now; + + return DECLINED; +} + +static void systemd_register_hooks(apr_pool_t *p) +{ + /* We know the PID in this hook ... */ + ap_hook_pre_mpm(systemd_pre_mpm, NULL, NULL, APR_HOOK_LAST); + /* Used to update httpd's status line using sd_notifyf */ + ap_hook_monitor(systemd_monitor, NULL, NULL, APR_HOOK_MIDDLE); +} + +module AP_MODULE_DECLARE_DATA systemd_module = +{ + STANDARD20_MODULE_STUFF, + NULL, + NULL, + NULL, + NULL, + NULL, + systemd_register_hooks, +}; ++++++ httpd-2.4.3.tar.xz -> httpd-2.4.4.tar.bz2 ++++++ ++++ 72854 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
