[arch-commits] Commit in apache/trunk (PKGBUILD httpd)
Date: Wednesday, June 23, 2010 @ 06:09:19 Author: jgc Revision: 83847 Fix FS#18767 Modified: apache/trunk/PKGBUILD apache/trunk/httpd --+ PKGBUILD | 46 +++--- httpd|8 2 files changed, 27 insertions(+), 27 deletions(-) Modified: PKGBUILD === --- PKGBUILD2010-06-23 08:48:35 UTC (rev 83846) +++ PKGBUILD2010-06-23 10:09:19 UTC (rev 83847) @@ -4,7 +4,7 @@ pkgname=apache pkgver=2.2.15 -pkgrel=2 +pkgrel=3 pkgdesc='A high performance Unix-based HTTP server' arch=('i686' 'x86_64') options=('!libtool') @@ -46,38 +46,38 @@ '4ac64df6e019edbe137017cba1ff2f51' '08b3c875f6260644f2f52b4056d656b0' 'f4d627c64024c1b7b95efb5ffbaa625e' - '9e001fbb082a08113e7f4bc431085c11' + 'c7e300a287ef7e2e066ac7639536f87e' '3d659d41276ba3bfcb20c231eb254e0c') build() { cd ${srcdir}/httpd-${pkgver} - patch -Np0 -i ${srcdir}/apachectl-confd.patch || return 1 + patch -Np0 -i ${srcdir}/apachectl-confd.patch # set default user sed -e 's#User daemon#User http#' \ -e 's#Group daemon#Group http#' \ - -i docs/conf/httpd.conf.in || return 1 + -i docs/conf/httpd.conf.in cat ${srcdir}/arch.layout config.layout for mpm in prefork worker itk; do if [ ${mpm} = itk ]; then mkdir -p server/mpm/experimental/itk - cp -r server/mpm/prefork/* server/mpm/experimental/itk/ || return 1 - mv server/mpm/experimental/itk/prefork.c server/mpm/experimental/itk/itk.c || return 1 + cp -r server/mpm/prefork/* server/mpm/experimental/itk/ + mv server/mpm/experimental/itk/prefork.c server/mpm/experimental/itk/itk.c - patch -Np1 -i ${srcdir}/02-rename-prefork-to-itk.patch || return 1 - patch -Np1 -i ${srcdir}/03-add-mpm-to-build-system.patch || return 1 - patch -Np1 -i ${srcdir}/04-correct-output-makefile-location.patch || return 1 - patch -Np1 -i ${srcdir}/05-add-copyright.patch || return 1 - patch -Np1 -i ${srcdir}/06-hook-just-after-merging-perdir-config.patch || return 1 - patch -Np1 -i ${srcdir}/07-base-functionality.patch || return 1 - patch -Np1 -i ${srcdir}/08-max-clients-per-vhost.patch || return 1 - patch -Np1 -i ${srcdir}/09-capabilities.patch || return 1 - patch -Np1 -i ${srcdir}/10-nice.patch || return 1 + patch -Np1 -i ${srcdir}/02-rename-prefork-to-itk.patch + patch -Np1 -i ${srcdir}/03-add-mpm-to-build-system.patch + patch -Np1 -i ${srcdir}/04-correct-output-makefile-location.patch + patch -Np1 -i ${srcdir}/05-add-copyright.patch + patch -Np1 -i ${srcdir}/06-hook-just-after-merging-perdir-config.patch + patch -Np1 -i ${srcdir}/07-base-functionality.patch + patch -Np1 -i ${srcdir}/08-max-clients-per-vhost.patch + patch -Np1 -i ${srcdir}/09-capabilities.patch + patch -Np1 -i ${srcdir}/10-nice.patch - autoconf || return 1 + autoconf fi mkdir build-${mpm} pushd build-${mpm} @@ -101,19 +101,19 @@ --with-apr=/usr/bin/apr-1-config \ --with-apr-util=/usr/bin/apu-1-config \ --with-pcre=/usr \ - --with-mpm=${mpm} || return 1 - make || return 1 + --with-mpm=${mpm} + make if [ ${mpm} = prefork ]; then - make DESTDIR=${pkgdir} install || return 1 + make DESTDIR=${pkgdir} install else install -m755 httpd ${pkgdir}/usr/sbin/httpd.${mpm} fi popd done - install -D -m755 ${srcdir}/httpd ${pkgdir}/etc/rc.d/httpd || return 1 - install -D -m644 ${srcdir}/httpd.logrotate ${pkgdir}/etc/logrotate.d/httpd || return 1 - install -D -m644 ${srcdir}/apache.conf.d ${pkgdir}/etc/conf.d/apache || return 1 + install -D -m755 ${srcdir}/httpd ${pkgdir}/etc/rc.d/httpd + install -D -m644 ${srcdir}/httpd.logrotate ${pkgdir}/etc/logrotate.d/httpd + install -D -m644 ${srcdir}/apache.conf.d ${pkgdir}/etc/conf.d/apache # symlinks for /etc/httpd ln -fs /var/log/httpd ${pkgdir}/etc/httpd/logs @@ -128,7 +128,7 @@ -e 's|#\(Include conf/extra/httpd-languages.conf\)|\1|' \ -e 's|#\(Include
[arch-commits] Commit in apache/trunk (PKGBUILD httpd-2.2.14-CVE-2009-3555.patch)
Date: Saturday, March 13, 2010 @ 15:37:40 Author: jgc Revision: 72250 upgpkg: apache 2.2.15-1 Update to 2.2.15, remove upstream-applied patch Modified: apache/trunk/PKGBUILD Deleted: apache/trunk/httpd-2.2.14-CVE-2009-3555.patch --+ PKGBUILD |9 - httpd-2.2.14-CVE-2009-3555.patch | 284 - 2 files changed, 3 insertions(+), 290 deletions(-) Modified: PKGBUILD === --- PKGBUILD2010-03-13 20:28:16 UTC (rev 72249) +++ PKGBUILD2010-03-13 20:37:40 UTC (rev 72250) @@ -3,8 +3,8 @@ # Contributor: Pierre Schmitz pie...@archlinux.de pkgname=apache -pkgver=2.2.14 -pkgrel=3 +pkgver=2.2.15 +pkgrel=1 pkgdesc='A high performance Unix-based HTTP server' arch=('i686' 'x86_64') options=('!libtool') @@ -28,13 +28,12 @@ ${_itkurl}/08-max-clients-per-vhost.patch ${_itkurl}/09-capabilities.patch ${_itkurl}/10-nice.patch -httpd-2.2.14-CVE-2009-3555.patch apachectl-confd.patch apache.conf.d httpd.logrotate httpd arch.layout) -md5sums=('a5226203aaf97e5b941c41a71c112704' +md5sums=('016cec97337eccead2aad6a7c27f2e14' 'db42cfcc18ae1c32aaaff2347e35b79d' '131408ad4dc7b18547b4e062e7e495ab' 'ee488f391054d528547c3a372faa2aa7' @@ -44,7 +43,6 @@ '9f7a8935f9cabc7b46d0052906634cef' '1b28e3363e1b0d05b738a21e7ddd264f' 'd9667fcd2ffecc63e446edd4d731' - '65df0a4f22728b84479dd59155ac940c' '4ac64df6e019edbe137017cba1ff2f51' '08b3c875f6260644f2f52b4056d656b0' 'f4d627c64024c1b7b95efb5ffbaa625e' @@ -54,7 +52,6 @@ build() { cd ${srcdir}/httpd-${pkgver} - patch -Np1 -i ${srcdir}/httpd-2.2.14-CVE-2009-3555.patch || return 1 patch -Np0 -i ${srcdir}/apachectl-confd.patch || return 1 # set default user Deleted: httpd-2.2.14-CVE-2009-3555.patch === --- httpd-2.2.14-CVE-2009-3555.patch2010-03-13 20:28:16 UTC (rev 72249) +++ httpd-2.2.14-CVE-2009-3555.patch2010-03-13 20:37:40 UTC (rev 72250) @@ -1,284 +0,0 @@ httpd-2.2.14/modules/ssl/ssl_engine_init.c.cve3555 -+++ httpd-2.2.14/modules/ssl/ssl_engine_init.c -@@ -501,10 +501,7 @@ static void ssl_init_ctx_callbacks(serve - SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA); - SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); - --if (s-loglevel = APLOG_DEBUG) { --/* this callback only logs if LogLevel = info */ --SSL_CTX_set_info_callback(ctx, ssl_callback_LogTracingState); --} -+SSL_CTX_set_info_callback(ctx, ssl_callback_Info); - } - - static void ssl_init_ctx_verify(server_rec *s, httpd-2.2.14/modules/ssl/ssl_engine_io.c.cve3555 -+++ httpd-2.2.14/modules/ssl/ssl_engine_io.c -@@ -103,6 +103,7 @@ typedef struct { - ap_filter_t*pInputFilter; - ap_filter_t*pOutputFilter; - intnobuffer; /* non-zero to prevent buffering */ -+SSLConnRec *config; - } ssl_filter_ctx_t; - - typedef struct { -@@ -193,7 +194,13 @@ static int bio_filter_out_read(BIO *bio, - static int bio_filter_out_write(BIO *bio, const char *in, int inl) - { - bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio-ptr); -- -+ -+/* Abort early if the client has initiated a renegotiation. */ -+if (outctx-filter_ctx-config-reneg_state == RENEG_ABORT) { -+outctx-rc = APR_ECONNABORTED; -+return -1; -+} -+ - /* when handshaking we'll have a small number of bytes. - * max size SSL will pass us here is about 16k. - * (16413 bytes to be exact) -@@ -466,6 +473,12 @@ static int bio_filter_in_read(BIO *bio, - if (!in) - return 0; - -+/* Abort early if the client has initiated a renegotiation. */ -+if (inctx-filter_ctx-config-reneg_state == RENEG_ABORT) { -+inctx-rc = APR_ECONNABORTED; -+return -1; -+} -+ - /* XXX: flush here only required for SSLv2; - * OpenSSL calls BIO_flush() at the appropriate times for - * the other protocols. -@@ -1724,6 +1737,8 @@ void ssl_io_filter_init(conn_rec *c, SSL - - filter_ctx = apr_palloc(c-pool, sizeof(ssl_filter_ctx_t)); - -+filter_ctx-config = myConnConfig(c); -+ - filter_ctx-nobuffer= 0; - filter_ctx-pOutputFilter = ap_add_output_filter(ssl_io_filter, -filter_ctx, NULL, c); httpd-2.2.14/modules/ssl/ssl_engine_kernel.c.cve3555 -+++ httpd-2.2.14/modules/ssl/ssl_engine_kernel.c -@@ -729,6 +729,10 @@ int ssl_hook_Access(request_rec *r) -(unsigned char *)id, -sizeof(id)); - -+/* Toggle the renegotiation state to allow the new -+ * handshake to proceed. */
[arch-commits] Commit in apache/trunk (PKGBUILD httpd-2.2.14-CVE-2009-3555.patch)
Date: Saturday, March 6, 2010 @ 13:17:38 Author: jgc Revision: 71325 upgpkg: apache 2.2.14-3 Add patch for CVE-2009-3555 to fix renegotiation issues Added: apache/trunk/httpd-2.2.14-CVE-2009-3555.patch Modified: apache/trunk/PKGBUILD --+ PKGBUILD |3 httpd-2.2.14-CVE-2009-3555.patch | 284 + 2 files changed, 287 insertions(+) Modified: PKGBUILD === --- PKGBUILD2010-03-06 17:46:02 UTC (rev 71324) +++ PKGBUILD2010-03-06 18:17:38 UTC (rev 71325) @@ -28,6 +28,7 @@ ${_itkurl}/08-max-clients-per-vhost.patch ${_itkurl}/09-capabilities.patch ${_itkurl}/10-nice.patch +httpd-2.2.14-CVE-2009-3555.patch apachectl-confd.patch apache.conf.d httpd.logrotate @@ -43,6 +44,7 @@ '9f7a8935f9cabc7b46d0052906634cef' '1b28e3363e1b0d05b738a21e7ddd264f' 'd9667fcd2ffecc63e446edd4d731' + '65df0a4f22728b84479dd59155ac940c' '4ac64df6e019edbe137017cba1ff2f51' '08b3c875f6260644f2f52b4056d656b0' 'f4d627c64024c1b7b95efb5ffbaa625e' @@ -52,6 +54,7 @@ build() { cd ${srcdir}/httpd-${pkgver} + patch -Np1 -i ${srcdir}/httpd-2.2.14-CVE-2009-3555.patch || return 1 patch -Np0 -i ${srcdir}/apachectl-confd.patch || return 1 # set default user Added: httpd-2.2.14-CVE-2009-3555.patch === --- httpd-2.2.14-CVE-2009-3555.patch(rev 0) +++ httpd-2.2.14-CVE-2009-3555.patch2010-03-06 18:17:38 UTC (rev 71325) @@ -0,0 +1,284 @@ +--- httpd-2.2.14/modules/ssl/ssl_engine_init.c.cve3555 httpd-2.2.14/modules/ssl/ssl_engine_init.c +@@ -501,10 +501,7 @@ static void ssl_init_ctx_callbacks(serve + SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA); + SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); + +-if (s-loglevel = APLOG_DEBUG) { +-/* this callback only logs if LogLevel = info */ +-SSL_CTX_set_info_callback(ctx, ssl_callback_LogTracingState); +-} ++SSL_CTX_set_info_callback(ctx, ssl_callback_Info); + } + + static void ssl_init_ctx_verify(server_rec *s, +--- httpd-2.2.14/modules/ssl/ssl_engine_io.c.cve3555 httpd-2.2.14/modules/ssl/ssl_engine_io.c +@@ -103,6 +103,7 @@ typedef struct { + ap_filter_t*pInputFilter; + ap_filter_t*pOutputFilter; + intnobuffer; /* non-zero to prevent buffering */ ++SSLConnRec *config; + } ssl_filter_ctx_t; + + typedef struct { +@@ -193,7 +194,13 @@ static int bio_filter_out_read(BIO *bio, + static int bio_filter_out_write(BIO *bio, const char *in, int inl) + { + bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio-ptr); +- ++ ++/* Abort early if the client has initiated a renegotiation. */ ++if (outctx-filter_ctx-config-reneg_state == RENEG_ABORT) { ++outctx-rc = APR_ECONNABORTED; ++return -1; ++} ++ + /* when handshaking we'll have a small number of bytes. + * max size SSL will pass us here is about 16k. + * (16413 bytes to be exact) +@@ -466,6 +473,12 @@ static int bio_filter_in_read(BIO *bio, + if (!in) + return 0; + ++/* Abort early if the client has initiated a renegotiation. */ ++if (inctx-filter_ctx-config-reneg_state == RENEG_ABORT) { ++inctx-rc = APR_ECONNABORTED; ++return -1; ++} ++ + /* XXX: flush here only required for SSLv2; + * OpenSSL calls BIO_flush() at the appropriate times for + * the other protocols. +@@ -1724,6 +1737,8 @@ void ssl_io_filter_init(conn_rec *c, SSL + + filter_ctx = apr_palloc(c-pool, sizeof(ssl_filter_ctx_t)); + ++filter_ctx-config = myConnConfig(c); ++ + filter_ctx-nobuffer= 0; + filter_ctx-pOutputFilter = ap_add_output_filter(ssl_io_filter, +filter_ctx, NULL, c); +--- httpd-2.2.14/modules/ssl/ssl_engine_kernel.c.cve3555 httpd-2.2.14/modules/ssl/ssl_engine_kernel.c +@@ -729,6 +729,10 @@ int ssl_hook_Access(request_rec *r) +(unsigned char *)id, +sizeof(id)); + ++/* Toggle the renegotiation state to allow the new ++ * handshake to proceed. */ ++sslconn-reneg_state = RENEG_ALLOW; ++ + SSL_renegotiate(ssl); + SSL_do_handshake(ssl); + +@@ -750,6 +754,8 @@ int ssl_hook_Access(request_rec *r) + SSL_set_state(ssl, SSL_ST_ACCEPT); + SSL_do_handshake(ssl); + ++sslconn-reneg_state = RENEG_REJECT; ++ + if (SSL_get_state(ssl) != SSL_ST_OK) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + Re-negotiation handshake failed:
[arch-commits] Commit in apache/trunk (PKGBUILD httpd)
Date: Monday, February 1, 2010 @ 14:07:11 Author: andrea Revision: 66834 check for /var/run/httpd dir before start (FS#17433) Modified: apache/trunk/PKGBUILD apache/trunk/httpd --+ PKGBUILD |7 +-- httpd|1 + 2 files changed, 6 insertions(+), 2 deletions(-) Modified: PKGBUILD === --- PKGBUILD2010-02-01 19:01:19 UTC (rev 66833) +++ PKGBUILD2010-02-01 19:07:11 UTC (rev 66834) @@ -18,10 +18,12 @@ depends=('openssl' 'zlib' 'apr-util' 'pcre') optdepends=('lynx: apachectl status') source=(http://www.apache.org/dist/httpd/httpd-${pkgver}.tar.bz2; -'httpd.logrotate' 'httpd' 'arch.layout') +'httpd.logrotate' + 'httpd' + 'arch.layout') md5sums=('a5226203aaf97e5b941c41a71c112704' 'f4d627c64024c1b7b95efb5ffbaa625e' - '3fb8b616e0b5f0118420edd26d8536bb' + '9e001fbb082a08113e7f4bc431085c11' '3d659d41276ba3bfcb20c231eb254e0c') build() { @@ -81,3 +83,4 @@ rm -rf ${pkgdir}/srv/http rmdir ${pkgdir}/usr/bin } + Modified: httpd === --- httpd 2010-02-01 19:01:19 UTC (rev 66833) +++ httpd 2010-02-01 19:07:11 UTC (rev 66834) @@ -10,6 +10,7 @@ case $1 in start) stat_busy Starting Apache Web Server +[ ! -d /var/run/httpd ] install -d /var/run/httpd if $APACHECTL start /dev/null ; then add_daemon $daemon_name stat_done
[arch-commits] Commit in apache/trunk (PKGBUILD httpd)
Date: Saturday, November 7, 2009 @ 07:17:38 Author: andrea Revision: 58370 rewritten rc.d script, the previous restart gave DONE with a wrong http.conf (FS#16994) Modified: apache/trunk/PKGBUILD apache/trunk/httpd --+ PKGBUILD |4 ++-- httpd| 51 ++- 2 files changed, 24 insertions(+), 31 deletions(-) Modified: PKGBUILD === --- PKGBUILD2009-11-07 11:16:42 UTC (rev 58369) +++ PKGBUILD2009-11-07 12:17:38 UTC (rev 58370) @@ -4,7 +4,7 @@ pkgname=apache pkgver=2.2.14 -pkgrel=1 +pkgrel=2 pkgdesc='A high performance Unix-based HTTP server' arch=('i686' 'x86_64') options=('!libtool') @@ -21,7 +21,7 @@ 'httpd.logrotate' 'httpd' 'arch.layout') md5sums=('a5226203aaf97e5b941c41a71c112704' 'f4d627c64024c1b7b95efb5ffbaa625e' - 'bddd84dafa770d74df1dc1f96bd71823' + 'a2f8d78b622384783fca8388931397fa' '3d659d41276ba3bfcb20c231eb254e0c') build() { Modified: httpd === --- httpd 2009-11-07 11:16:42 UTC (rev 58369) +++ httpd 2009-11-07 12:17:38 UTC (rev 58370) @@ -5,62 +5,55 @@ . /etc/rc.conf . /etc/rc.d/functions +APACHECTL=/usr/sbin/apachectl case $1 in start) -stat_busy Starting Apache Web Server -# RUN -/usr/sbin/apachectl start /dev/null -# -if [ $? -gt 0 ]; then - stat_fail - exit 1 -else +stat_busy Starting $daemon_name daemon +if $APACHECTL start /dev/null ; then add_daemon $daemon_name stat_done +else + stat_fail + exit 1 fi ;; stop) -stat_busy Stopping Apache Web Server -# KILL -/usr/sbin/apachectl stop /dev/null -# -if [ $? -gt 0 ]; then - stat_fail - exit 1 -else +stat_busy Stopping $daemon_name daemon +if $APACHECTL stop /dev/null ; then rm_daemon $daemon_name stat_done +else + stat_fail + exit 1 fi ;; reload) -stat_busy Reloading Apache Web Server -/usr/sbin/apachectl graceful /dev/null -if [ $? -gt 0 ]; then - stat_fail - exit 1 -else +stat_busy Reloading $daemon_name daemon +if $APACHECTL graceful /dev/null ; then add_daemon $daemon_name stat_done +else + stat_fail + exit 1 fi ;; restart) -stat_busy Restarting Apache Web Server -/usr/sbin/apachectl restart /dev/null -if [ $? -gt 0 ]; then - stat_fail - exit 1 -else +stat_busy Restarting $daemon_name daemon +if $APACHECTL restart /dev/null ; then add_daemon $daemon_name stat_done +else + stat_fail + exit 1 fi ;; status) -stat_busy Checking Apache Web Server status; +stat_busy Checking $daemon_name status; ck_status $daemon_name ;;
[arch-commits] Commit in apache/trunk (PKGBUILD httpd)
Date: Saturday, November 7, 2009 @ 07:22:43 Author: andrea Revision: 58371 upgpkg: apache 2.2.14-2 rewritten rc.d script, the previous restart gave DONE with a wrong http.conf (FS#16994) Modified: apache/trunk/PKGBUILD apache/trunk/httpd --+ PKGBUILD |2 +- httpd| 10 +- 2 files changed, 6 insertions(+), 6 deletions(-) Modified: PKGBUILD === --- PKGBUILD2009-11-07 12:17:38 UTC (rev 58370) +++ PKGBUILD2009-11-07 12:22:43 UTC (rev 58371) @@ -21,7 +21,7 @@ 'httpd.logrotate' 'httpd' 'arch.layout') md5sums=('a5226203aaf97e5b941c41a71c112704' 'f4d627c64024c1b7b95efb5ffbaa625e' - 'a2f8d78b622384783fca8388931397fa' + '3fb8b616e0b5f0118420edd26d8536bb' '3d659d41276ba3bfcb20c231eb254e0c') build() { Modified: httpd === --- httpd 2009-11-07 12:17:38 UTC (rev 58370) +++ httpd 2009-11-07 12:22:43 UTC (rev 58371) @@ -9,7 +9,7 @@ case $1 in start) -stat_busy Starting $daemon_name daemon +stat_busy Starting Apache Web Server if $APACHECTL start /dev/null ; then add_daemon $daemon_name stat_done @@ -20,7 +20,7 @@ ;; stop) -stat_busy Stopping $daemon_name daemon +stat_busy Stopping Apache Web Server if $APACHECTL stop /dev/null ; then rm_daemon $daemon_name stat_done @@ -31,7 +31,7 @@ ;; reload) -stat_busy Reloading $daemon_name daemon +stat_busy Reloading Apache Web Server if $APACHECTL graceful /dev/null ; then add_daemon $daemon_name stat_done @@ -42,7 +42,7 @@ ;; restart) -stat_busy Restarting $daemon_name daemon +stat_busy Restarting Apache Web Server if $APACHECTL restart /dev/null ; then add_daemon $daemon_name stat_done @@ -53,7 +53,7 @@ ;; status) -stat_busy Checking $daemon_name status; +stat_busy Checking Apache Web Server status; ck_status $daemon_name ;;