diff options
| -rwxr-xr-x | 2.2/init/apache2.initd | 2 | ||||
| -rw-r--r-- | 2.2/patches/03_all_gentoo_apache-tools.patch | 34 | ||||
| -rw-r--r-- | 2.2/patches/20_all_peruser_0.4.0-rc2.patch | 4 | ||||
| -rw-r--r-- | 2.2/patches/21_all-itk-20110321.patch (renamed from 2.2/patches/21_all_itk_20090114.patch) | 166 |
4 files changed, 128 insertions, 78 deletions
diff --git a/2.2/init/apache2.initd b/2.2/init/apache2.initd index 56f4391..df7374e 100755 --- a/2.2/init/apache2.initd +++ b/2.2/init/apache2.initd @@ -91,7 +91,7 @@ stop() { sleep 1 && i=$(expr $i + 1) done - test $i -le ${TIMEOUT} + test $i -lt ${TIMEOUT} eend $? } diff --git a/2.2/patches/03_all_gentoo_apache-tools.patch b/2.2/patches/03_all_gentoo_apache-tools.patch index f4b6612..4ac4253 100644 --- a/2.2/patches/03_all_gentoo_apache-tools.patch +++ b/2.2/patches/03_all_gentoo_apache-tools.patch @@ -1,13 +1,16 @@ ---- - Makefile.in | 10 ++++++++-- - support/Makefile.in | 18 ++++-------------- - 2 files changed, 12 insertions(+), 16 deletions(-) - -Index: httpd-2.2.6/Makefile.in -=================================================================== ---- httpd-2.2.6.orig/Makefile.in -+++ httpd-2.2.6/Makefile.in -@@ -198,14 +198,20 @@ install-include: +diff -pruN a/Makefile.in b/Makefile.in +--- a/Makefile.in 2011-08-24 00:34:55.000000000 +0300 ++++ b/Makefile.in 2011-08-24 00:29:01.000000000 +0300 +@@ -14,7 +14,7 @@ PROGRAM_DEPENDENCIES = \ + + PROGRAMS = $(PROGRAM_NAME) + TARGETS = $(PROGRAMS) $(shared_build) $(other_targets) +-INSTALL_TARGETS = install-htdocs install-error install-icons \ ++INSTALL_TARGETS = install-conf install-htdocs install-error install-icons \ + install-other install-cgi install-include install-suexec install-build \ + install-man + +@@ -202,14 +202,20 @@ install-include: $(INSTALL_DATA) $$hdr $(DESTDIR)$(includedir); \ done @@ -30,10 +33,9 @@ Index: httpd-2.2.6/Makefile.in @if test "x$(RSYNC)" != "x" && test -x $(RSYNC) ; then \ $(RSYNC) --exclude .svn -rlpt --numeric-ids $(top_srcdir)/docs/manual/ $(DESTDIR)$(manualdir)/; \ else \ -Index: httpd-2.2.6/support/Makefile.in -=================================================================== ---- httpd-2.2.6.orig/support/Makefile.in -+++ httpd-2.2.6/support/Makefile.in +diff -pruN a/support/Makefile.in b/support/Makefile.in +--- a/support/Makefile.in 2011-04-16 22:09:47.000000000 +0300 ++++ b/support/Makefile.in 2011-08-24 00:33:10.000000000 +0300 @@ -1,9 +1,8 @@ -DISTCLEAN_TARGETS = apxs apachectl dbmmanage log_server_status \ - logresolve.pl phf_abuse_log.cgi split-logfile envvars-std @@ -41,12 +43,12 @@ Index: httpd-2.2.6/support/Makefile.in CLEAN_TARGETS = suexec --PROGRAMS = htpasswd htdigest rotatelogs logresolve ab checkgid htdbm htcacheclean httxt2dbm +-PROGRAMS = htpasswd htdigest rotatelogs logresolve ab htdbm htcacheclean httxt2dbm $(NONPORTABLE_SUPPORT) +PROGRAMS = apxs TARGETS = $(PROGRAMS) PROGRAM_LDADD = $(UTIL_LDFLAGS) $(PROGRAM_DEPENDENCIES) $(EXTRA_LIBS) $(AP_LIBS) -@@ -12,22 +11,13 @@ PROGRAM_DEPENDENCIES = +@@ -12,22 +11,13 @@ PROGRAM_DEPENDENCIES = include $(top_builddir)/build/rules.mk install: diff --git a/2.2/patches/20_all_peruser_0.4.0-rc2.patch b/2.2/patches/20_all_peruser_0.4.0-rc2.patch index 3ad18bc..6784c78 100644 --- a/2.2/patches/20_all_peruser_0.4.0-rc2.patch +++ b/2.2/patches/20_all_peruser_0.4.0-rc2.patch @@ -123,8 +123,8 @@ diff -Nur httpd-2.2.16/server/mpm/config.m4 httpd-2.2.16-peruser/server/mpm/conf AC_MSG_CHECKING(which MPM to use) AC_ARG_WITH(mpm, APACHE_HELP_STRING(--with-mpm=MPM,Choose the process model for Apache to use. -- MPM={beos|event|worker|prefork|mpmt_os2}),[ -+ MPM={beos|event|worker|prefork|mpmt_os2|peruser}),[ +- MPM={beos|event|worker|prefork|mpmt_os2|winnt}),[ ++ MPM={beos|event|worker|prefork|mpmt_os2|winnt|peruser}),[ APACHE_MPM=$withval ],[ if test "x$APACHE_MPM" = "x"; then diff --git a/2.2/patches/21_all_itk_20090114.patch b/2.2/patches/21_all-itk-20110321.patch index 3a346cc..e9835d9 100644 --- a/2.2/patches/21_all_itk_20090114.patch +++ b/2.2/patches/21_all-itk-20110321.patch @@ -1,26 +1,23 @@ -Index: httpd-2.2.11/server/mpm/experimental/itk/Makefile.in -=================================================================== ---- /dev/null -+++ httpd-2.2.11/server/mpm/experimental/itk/Makefile.in +unchanged: +--- httpd-2.2.17/server/mpm/experimental/itk/Makefile.in ++++ httpd-2.2.17/server/mpm/experimental/itk/Makefile.in @@ -0,0 +1,5 @@ + +LTLIBRARY_NAME = libitk.la +LTLIBRARY_SOURCES = itk.c + +include $(top_srcdir)/build/ltlib.mk -Index: httpd-2.2.11/server/mpm/experimental/itk/config.m4 -=================================================================== ---- /dev/null -+++ httpd-2.2.11/server/mpm/experimental/itk/config.m4 +unchanged: +--- httpd-2.2.17/server/mpm/experimental/itk/config.m4 ++++ httpd-2.2.17/server/mpm/experimental/itk/config.m4 @@ -0,0 +1,3 @@ +if test "$MPM_NAME" = "itk" ; then + APACHE_FAST_OUTPUT(server/mpm/$MPM_SUBDIR_NAME/Makefile) +fi -Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c -=================================================================== ---- /dev/null -+++ httpd-2.2.11/server/mpm/experimental/itk/itk.c -@@ -0,0 +1,1740 @@ +unchanged: +--- httpd-2.2.17/server/mpm/experimental/itk/itk.c ++++ httpd-2.2.17/server/mpm/experimental/itk/itk.c +@@ -0,0 +1,1757 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. @@ -579,8 +576,12 @@ Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c + (void) ap_update_child_status(sbh, SERVER_READY, (request_rec *) NULL); + + /* Set up the pollfd array */ -+ /* ### check the status */ -+ (void) apr_pollset_create(&pollset, num_listensocks, pchild, 0); ++ status = apr_pollset_create(&pollset, num_listensocks, pchild, 0); ++ if (status != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, status, ap_server_conf, ++ "Couldn't create pollset in child; check system or user limits"); ++ clean_child_exit(APEXIT_CHILDSICK); /* assume temporary resource issue */ ++ } + + for (lr = ap_listeners, i = num_listensocks; i--; lr = lr->next) { + apr_pollfd_t pfd = { 0 }; @@ -651,19 +652,27 @@ Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c + apr_int32_t numdesc; + const apr_pollfd_t *pdesc; + -+ /* timeout == -1 == wait forever */ -+ status = apr_pollset_poll(pollset, -1, &numdesc, &pdesc); ++ /* check for termination first so we don't sleep for a while in ++ * poll if already signalled ++ */ ++ if (one_process && shutdown_pending) { ++ SAFE_ACCEPT(accept_mutex_off()); ++ return; ++ } ++ else if (die_now) { ++ /* In graceful stop/restart; drop the mutex ++ * and terminate the child. */ ++ SAFE_ACCEPT(accept_mutex_off()); ++ clean_child_exit(0); ++ } ++ /* timeout == 10 seconds to avoid a hang at graceful restart/stop ++ * caused by the closing of sockets by the signal handler ++ */ ++ status = apr_pollset_poll(pollset, apr_time_from_sec(10), ++ &numdesc, &pdesc); + if (status != APR_SUCCESS) { -+ if (APR_STATUS_IS_EINTR(status)) { -+ if (one_process && shutdown_pending) { -+ return; -+ } -+ else if (die_now) { -+ /* In graceful stop/restart; drop the mutex -+ * and terminate the child. */ -+ SAFE_ACCEPT(accept_mutex_off()); -+ clean_child_exit(0); -+ } ++ if (APR_STATUS_IS_TIMEUP(status) || ++ APR_STATUS_IS_EINTR(status)) { + continue; + } + /* Single Unix documents select as returning errnos @@ -777,6 +786,11 @@ Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c + if (getuid()) + die_now = 1; + } ++ /* This apr_pool_clear call is redundant, should be redundant, but compensates ++ * a flaw in the apr reslist code. This should be removed once that flaw has ++ * been addressed. ++ */ ++ apr_pool_clear(ptrans); + clean_child_exit(0); +} + @@ -1721,16 +1735,16 @@ Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +static void *itk_merge_dir_config(apr_pool_t *p, void *parent_ptr, void *child_ptr) +{ + itk_per_dir_conf *c = (itk_per_dir_conf *) -+ apr_pcalloc(p, sizeof(itk_per_dir_conf)); ++ itk_create_dir_config(p, NULL); + itk_per_dir_conf *parent = (itk_per_dir_conf *) parent_ptr; + itk_per_dir_conf *child = (itk_per_dir_conf *) child_ptr; + + if (child->username != NULL) { -+ c->username = apr_pstrdup(p, child->username); ++ c->username = child->username; + c->uid = child->uid; + c->gid = child->gid; -+ } else if (parent->username != NULL) { -+ c->username = apr_pstrdup(p, parent->username); ++ } else { ++ c->username = parent->username; + c->uid = parent->uid; + c->gid = parent->gid; + } @@ -1761,10 +1775,9 @@ Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c + itk_cmds, /* command apr_table_t */ + itk_hooks, /* register hooks */ +}; -Index: httpd-2.2.11/server/mpm/experimental/itk/mpm.h -=================================================================== ---- /dev/null -+++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h +unchanged: +--- httpd-2.2.17/server/mpm/experimental/itk/mpm.h ++++ httpd-2.2.17/server/mpm/experimental/itk/mpm.h @@ -0,0 +1,68 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with @@ -1834,10 +1847,9 @@ Index: httpd-2.2.11/server/mpm/experimental/itk/mpm.h +extern server_rec *ap_server_conf; +#endif /* APACHE_MPM_ITK_H */ +/** @} */ -Index: httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h -=================================================================== ---- /dev/null -+++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h +unchanged: +--- httpd-2.2.17/server/mpm/experimental/itk/mpm_default.h ++++ httpd-2.2.17/server/mpm/experimental/itk/mpm_default.h @@ -0,0 +1,80 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with @@ -1919,20 +1931,19 @@ Index: httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h + +#endif /* AP_MPM_DEFAULT_H */ +/** @} */ -Index: httpd-2.2.11/server/mpm/config.m4 -=================================================================== ---- httpd-2.2.11.orig/server/mpm/config.m4 -+++ httpd-2.2.11/server/mpm/config.m4 +unchanged: +--- httpd-2.2.17/server/mpm/config.m4 ++++ httpd-2.2.17/server/mpm/config.m4 @@ -1,7 +1,7 @@ AC_MSG_CHECKING(which MPM to use) AC_ARG_WITH(mpm, APACHE_HELP_STRING(--with-mpm=MPM,Choose the process model for Apache to use. -- MPM={beos|event|worker|prefork|mpmt_os2|peruser}),[ -+ MPM={beos|event|worker|prefork|mpmt_os2|peruser|itk}),[ +- MPM={beos|event|worker|prefork|mpmt_os2|winnt|peruser}),[ ++ MPM={beos|event|worker|prefork|mpmt_os2|winnt|peruser|itk}),[ APACHE_MPM=$withval ],[ if test "x$APACHE_MPM" = "x"; then -@@ -23,7 +23,7 @@ ap_mpm_is_threaded () +@@ -23,7 +23,7 @@ ap_mpm_is_experimental () { @@ -1941,7 +1952,7 @@ Index: httpd-2.2.11/server/mpm/config.m4 return 0 else return 1 -@@ -66,6 +66,11 @@ if ap_mpm_is_experimental; then +@@ -66,6 +66,11 @@ else MPM_SUBDIR_NAME=$MPM_NAME fi @@ -1953,10 +1964,9 @@ Index: httpd-2.2.11/server/mpm/config.m4 MPM_DIR=server/mpm/$MPM_SUBDIR_NAME MPM_LIB=$MPM_DIR/lib${MPM_NAME}.la -Index: httpd-2.2.11/include/http_request.h -=================================================================== ---- httpd-2.2.11.orig/include/http_request.h -+++ httpd-2.2.11/include/http_request.h +unchanged: +--- httpd-2.2.17/include/http_request.h ++++ httpd-2.2.17/include/http_request.h @@ -12,6 +12,12 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and @@ -1970,7 +1980,7 @@ Index: httpd-2.2.11/include/http_request.h */ /** -@@ -350,6 +356,15 @@ AP_DECLARE_HOOK(int,auth_checker,(reques +@@ -350,6 +356,15 @@ */ AP_DECLARE_HOOK(void,insert_filter,(request_rec *r)) @@ -1986,10 +1996,9 @@ Index: httpd-2.2.11/include/http_request.h AP_DECLARE(int) ap_location_walk(request_rec *r); AP_DECLARE(int) ap_directory_walk(request_rec *r); AP_DECLARE(int) ap_file_walk(request_rec *r); -Index: httpd-2.2.11/server/request.c -=================================================================== ---- httpd-2.2.11.orig/server/request.c -+++ httpd-2.2.11/server/request.c +unchanged: +--- httpd-2.2.17/server/request.c ++++ httpd-2.2.17/server/request.c @@ -12,6 +12,12 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and @@ -2003,7 +2012,7 @@ Index: httpd-2.2.11/server/request.c */ /* -@@ -61,6 +67,7 @@ APR_HOOK_STRUCT( +@@ -61,6 +67,7 @@ APR_HOOK_LINK(auth_checker) APR_HOOK_LINK(insert_filter) APR_HOOK_LINK(create_request) @@ -2011,7 +2020,7 @@ Index: httpd-2.2.11/server/request.c ) AP_IMPLEMENT_HOOK_RUN_FIRST(int,translate_name, -@@ -80,6 +87,8 @@ AP_IMPLEMENT_HOOK_RUN_FIRST(int,auth_che +@@ -80,6 +87,8 @@ AP_IMPLEMENT_HOOK_VOID(insert_filter, (request_rec *r), (r)) AP_IMPLEMENT_HOOK_RUN_ALL(int, create_request, (request_rec *r), (r), OK, DECLINED) @@ -2020,7 +2029,7 @@ Index: httpd-2.2.11/server/request.c static int decl_die(int status, char *phase, request_rec *r) -@@ -158,6 +167,13 @@ AP_DECLARE(int) ap_process_request_inter +@@ -158,6 +167,13 @@ return access_status; } @@ -2034,3 +2043,42 @@ Index: httpd-2.2.11/server/request.c /* Only on the main request! */ if (r->main == NULL) { if ((access_status = ap_run_header_parser(r))) { +only in patch2: +unchanged: +--- httpd-2.2.17.orig/server/config.c ++++ httpd-2.2.17/server/config.c +@@ -1840,6 +1840,34 @@ AP_CORE_DECLARE(int) ap_parse_htaccess(a + else { + if (!APR_STATUS_IS_ENOENT(status) + && !APR_STATUS_IS_ENOTDIR(status)) { ++#ifdef ITK_MPM ++ /* ++ * If we are in a persistent connection, we might end up in a state ++ * where we can no longer read .htaccess files because we have already ++ * setuid(). This can either be because the previous request was for ++ * another vhost (basically the same problem as when setuid() fails in ++ * itk.c), or it can be because a .htaccess file is readable only by ++ * root. ++ * ++ * In any case, we don't want to give out a 403, since the request has ++ * a very real chance of succeeding on a fresh connection (where ++ * presumably uid=0). Thus, we give up serving the request on this ++ * TCP connection, and do a hard close of the socket. As long as we're ++ * in a persistent connection (and there _should_ not be a way this ++ * would happen on the first request in a connection, save for subrequests, ++ * which we special-case), this is allowed, as it is what happens on ++ * a timeout. The browser will simply open a new connection and try ++ * again (there's of course a performance hit, though, both due to ++ * the new connection setup and the fork() of a new server child). ++ */ ++ if (r->main == NULL && getuid() != 0) { ++ ap_log_rerror(APLOG_MARK, APLOG_WARNING, status, r, ++ "Couldn't read %s, closing connection.", ++ filename); ++ ap_lingering_close(r->connection); ++ exit(0); ++ } ++#endif + ap_log_rerror(APLOG_MARK, APLOG_CRIT, status, r, + "%s pcfg_openfile: unable to check htaccess file, " + "ensure it is readable", |