From 5b3749ca143c5e2a957d1509d65164e191a92883 Mon Sep 17 00:00:00 2001
From: Eric Bénard
Date: Sun, 25 Nov 2012 18:25:05 +0100
Subject: apache2: upgrade to 2.4.3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Eric Bénard
---
.../apache2-2.4.2/apache-configure_perlbin.patch | 37 ---
.../apache2-2.4.2/apache-ssl-ltmain-rpath.patch | 76 -----
.../apache2/apache2-2.4.2/fix-libtool-name.patch | 55 ----
.../apache2-2.4.2/httpd-2.4.1-corelimit.patch | 37 ---
.../apache2/apache2-2.4.2/httpd-2.4.1-export.patch | 22 --
.../apache2-2.4.2/httpd-2.4.1-selinux.patch | 63 ----
.../apache2-2.4.2/httpd-2.4.2-r1326980+.patch | 74 -----
.../apache2-2.4.2/httpd-2.4.2-r1327036+.patch | 87 -----
.../apache2-2.4.2/httpd-2.4.2-r1332643.patch | 260 ---------------
.../apache2-2.4.2/httpd-2.4.2-r1337344+.patch | 350 ---------------------
.../apache2-2.4.2/httpd-2.4.2-restart.patch | 35 ---
.../replace-lynx-to-curl-in-apachectl-script.patch | 52 ---
.../apache2/apache2-2.4.2/server-makefile.patch | 11 -
.../apache2-2.4.3/apache-configure_perlbin.patch | 37 +++
.../apache2-2.4.3/apache-ssl-ltmain-rpath.patch | 76 +++++
.../apache2/apache2-2.4.3/fix-libtool-name.patch | 55 ++++
.../apache2-2.4.3/httpd-2.4.1-corelimit.patch | 37 +++
.../apache2/apache2-2.4.3/httpd-2.4.1-export.patch | 22 ++
.../apache2-2.4.3/httpd-2.4.1-selinux.patch | 63 ++++
.../apache2-2.4.3/httpd-2.4.2-r1332643.patch | 260 +++++++++++++++
.../replace-lynx-to-curl-in-apachectl-script.patch | 52 +++
.../apache2/apache2-2.4.3/server-makefile.patch | 11 +
.../recipes-httpd/apache2/apache2-native_2.4.2.bb | 43 ---
.../recipes-httpd/apache2/apache2-native_2.4.3.bb | 43 +++
.../recipes-httpd/apache2/apache2_2.4.2.bb | 144 ---------
.../recipes-httpd/apache2/apache2_2.4.3.bb | 140 +++++++++
26 files changed, 796 insertions(+), 1346 deletions(-)
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-configure_perlbin.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-ssl-ltmain-rpath.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/fix-libtool-name.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-corelimit.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-export.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-selinux.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1326980+.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1332643.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1337344+.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-restart.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/replace-lynx-to-curl-in-apachectl-script.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/server-makefile.patch
create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/apache-configure_perlbin.patch
create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/apache-ssl-ltmain-rpath.patch
create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/fix-libtool-name.patch
create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-corelimit.patch
create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-export.patch
create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-selinux.patch
create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.2-r1332643.patch
create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/replace-lynx-to-curl-in-apachectl-script.patch
create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/server-makefile.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-native_2.4.2.bb
create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-native_2.4.3.bb
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2_2.4.2.bb
create mode 100644 meta-webserver/recipes-httpd/apache2/apache2_2.4.3.bb
(limited to 'meta-webserver')
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-configure_perlbin.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-configure_perlbin.patch
deleted file mode 100644
index baa739fd44..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-configure_perlbin.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-# Author: echo
-# Date: April 28 2009
-# Summary:Fix perl install directory to /usr/bin
-#
-# Upstream-Status: Inappropriate [configuration]
-
---- a/configure
-+++ b/configure
-@@ -22365,13 +22365,7 @@
- #define APACHE_MPM_DIR "$MPM_DIR"
- _ACEOF
-
--
--perlbin=`$ac_aux_dir/PrintPath perl`
--if test "x$perlbin" = "x"; then
-- perlbin="/replace/with/path/to/perl/interpreter"
--fi
--
--
-+perlbin='/usr/bin/perl'
-
- BSD_MAKEFILE=no
- ap_make_include=include
---- a/configure.in
-+++ b/configure.in
-@@ -638,10 +638,7 @@
- AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR",
- [Location of the source for the current MPM])
-
--perlbin=`$ac_aux_dir/PrintPath perl`
--if test "x$perlbin" = "x"; then
-- perlbin="/replace/with/path/to/perl/interpreter"
--fi
-+perlbin='/usr/bin/perl'
- AC_SUBST(perlbin)
-
- dnl If we are running on BSD/OS, we need to use the BSD .include syntax.
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-ssl-ltmain-rpath.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-ssl-ltmain-rpath.patch
deleted file mode 100644
index 3a59fb0799..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-ssl-ltmain-rpath.patch
+++ /dev/null
@@ -1,76 +0,0 @@
---- httpd-2.2.8.orig/build/ltmain.sh
-+++ httpd-2.2.8/build/ltmain.sh
-@@ -1515,7 +1515,7 @@ EOF
- dir=`$echo "X$arg" | $Xsed -e 's/^-L//'`
- # We need an absolute path.
- case $dir in
-- [\\/]* | [A-Za-z]:[\\/]*) ;;
-+ =* | [\\/]* | [A-Za-z]:[\\/]*) ;;
- *)
- absdir=`cd "$dir" && pwd`
- if test -z "$absdir"; then
-@@ -2558,7 +2558,7 @@ EOF
- $echo "*** $linklib is not portable!"
- fi
- if test "$linkmode" = lib &&
-- test "$hardcode_into_libs" = yes; then
-+ test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then
- # Hardcode the library path.
- # Skip directories that are in the system default run-time
- # search path.
-@@ -2832,7 +2832,7 @@ EOF
-
- if test "$linkmode" = lib; then
- if test -n "$dependency_libs" &&
-- { test "$hardcode_into_libs" != yes ||
-+ { test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" ||
- test "$build_old_libs" = yes ||
- test "$link_static" = yes; }; then
- # Extract -R from dependency_libs
-@@ -3426,7 +3426,8 @@ EOF
- *) finalize_rpath="$finalize_rpath $libdir" ;;
- esac
- done
-- if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
-+ if test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" ||
-+ test "$build_old_libs" = yes; then
- dependency_libs="$temp_xrpath $dependency_libs"
- fi
- fi
-@@ -3843,7 +3844,7 @@ EOF
- case $archive_cmds in
- *\$LD\ *) wl= ;;
- esac
-- if test "$hardcode_into_libs" = yes; then
-+ if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then
- # Hardcode the library paths
- hardcode_libdirs=
- dep_rpath=
-@@ -4397,6 +4398,27 @@ EOF
- # Now hardcode the library paths
- rpath=
- hardcode_libdirs=
-+
-+ # short circuit putting rpaths in executables
-+ #
-+ if test "x$wrs_use_rpaths" != "xyes" ; then
-+ flag=
-+ for libdir in $compile_rpath; do
-+ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in
-+ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;;
-+ esac
-+ done
-+ compile_rpath="$flag"
-+
-+ flag=
-+ for libdir in $finalize_rpath; do
-+ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in
-+ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;;
-+ esac
-+ done
-+ finalize_rpath="$flag"
-+ fi
-+
- for libdir in $compile_rpath $finalize_rpath; do
- if test -n "$hardcode_libdir_flag_spec"; then
- if test -n "$hardcode_libdir_separator"; then
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/fix-libtool-name.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/fix-libtool-name.patch
deleted file mode 100644
index 027af04c3b..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/fix-libtool-name.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Fix build scripts to use correct libtool filename
-
-Upstream-Status: Inappropriate [configuration]
-
----
- httpd-2.4.2/build/config_vars.sh.in | 2 +-
- httpd-2.4.2/configure | 2 +-
- httpd-2.4.2/configure.in | 2 +-
- httpd-2.4.2/support/apxs.in | 2 +-
- 4 files changed, 4 insertions(+), 4 deletions(-)
-
---- a/build/config_vars.sh.in
-+++ b/build/config_vars.sh.in
-@@ -35,7 +35,7 @@ else
- APU_CONFIG=@APU_CONFIG@
- fi
-
--APR_LIBTOOL="`${APR_CONFIG} --apr-libtool`"
-+APR_LIBTOOL="`${APR_CONFIG} --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`"
- APR_INCLUDEDIR="`${APR_CONFIG} --includedir`"
- test -n "@APU_CONFIG@" && APU_INCLUDEDIR="`${APU_CONFIG} --includedir`"
-
---- a/configure
-+++ b/configure
-@@ -6205,7 +6205,7 @@ case $host in
- if test "x$LTFLAGS" = "x"; then
- LTFLAGS='--silent'
- fi
-- my_libtool=`$apr_config --apr-libtool`
-+ my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`
- LIBTOOL="$my_libtool \$(LTFLAGS)"
- libtoolversion=`$my_libtool --version`
- case $libtoolversion in
---- a/configure.in
-+++ b/configure.in
-@@ -264,7 +264,7 @@ case $host in
- if test "x$LTFLAGS" = "x"; then
- LTFLAGS='--silent'
- fi
-- my_libtool=`$apr_config --apr-libtool`
-+ my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`
- LIBTOOL="$my_libtool \$(LTFLAGS)"
- libtoolversion=`$my_libtool --version`
- case $libtoolversion in
---- a/support/apxs.in
-+++ b/support/apxs.in
-@@ -352,7 +352,7 @@ if ($apr_major_version < 2) {
- }
- }
-
--my $libtool = `$apr_config --apr-libtool`;
-+my $libtool = `$apr_config --apr-libtool| sed -e s,libtool,${host_alias}-libtool,`;
- chomp($libtool);
-
- my $apr_includedir = `$apr_config --includes`;
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-corelimit.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-corelimit.patch
deleted file mode 100644
index 18e4107ec7..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-corelimit.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-
-Bump up the core size limit if CoreDumpDirectory is
-configured.
-
-Upstream-Status: Pending
-
-Note: upstreaming was discussed but there are competing desires;
- there are portability oddities here too.
-
---- httpd-2.4.1/server/core.c.corelimit
-+++ httpd-2.4.1/server/core.c
-@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t *
- }
- apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper,
- apr_pool_cleanup_null);
-+
-+#ifdef RLIMIT_CORE
-+ if (ap_coredumpdir_configured) {
-+ struct rlimit lim;
-+
-+ if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) {
-+ lim.rlim_cur = lim.rlim_max;
-+ if (setrlimit(RLIMIT_CORE, &lim) == 0) {
-+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
-+ "core dump file size limit raised to %lu bytes",
-+ lim.rlim_cur);
-+ } else {
-+ ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL,
-+ "core dump file size is zero, setrlimit failed");
-+ }
-+ }
-+ }
-+#endif
-+
- return OK;
- }
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-export.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-export.patch
deleted file mode 100644
index ed629bfc81..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-export.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-
-There is no need to "suck in" the apr/apr-util symbols when using
-a shared libapr{,util}, it just bloats the symbol table; so don't.
-
-Upstream-HEAD: needed
-Upstream-2.0: omit
-Upstream-Status: Pending
-
-Note: EXPORT_DIRS change is conditional on using shared apr
-
---- httpd-2.4.1/server/Makefile.in.export
-+++ httpd-2.4.1/server/Makefile.in
-@@ -57,9 +57,6 @@ export_files:
- ( for dir in $(EXPORT_DIRS); do \
- ls $$dir/*.h ; \
- done; \
-- for dir in $(EXPORT_DIRS_APR); do \
-- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \
-- done; \
- ) | sort -u > $@
-
- exports.c: export_files
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-selinux.patch
deleted file mode 100644
index 873328d9b5..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-selinux.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-
-Log the SELinux context at startup.
-
-Upstream-Status: Inappropriate [other]
-
-Note: unlikely to be any interest in this upstream
-
---- httpd-2.4.1/configure.in.selinux
-+++ httpd-2.4.1/configure.in
-@@ -458,6 +458,11 @@ fopen64
- dnl confirm that a void pointer is large enough to store a long integer
- APACHE_CHECK_VOID_PTR_LEN
-
-+AC_CHECK_LIB(selinux, is_selinux_enabled, [
-+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
-+ APR_ADDTO(AP_LIBS, [-lselinux])
-+])
-+
- AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
- [AC_TRY_RUN(#define _GNU_SOURCE
- #include
---- httpd-2.4.1/server/core.c.selinux
-+++ httpd-2.4.1/server/core.c
-@@ -58,6 +58,10 @@
- #include
- #endif
-
-+#ifdef HAVE_SELINUX
-+#include
-+#endif
-+
- /* LimitRequestBody handling */
- #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
- #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0)
-@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t *
- }
- #endif
-
-+#ifdef HAVE_SELINUX
-+ {
-+ static int already_warned = 0;
-+ int is_enabled = is_selinux_enabled() > 0;
-+
-+ if (is_enabled && !already_warned) {
-+ security_context_t con;
-+
-+ if (getcon(&con) == 0) {
-+
-+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
-+ "SELinux policy enabled; "
-+ "httpd running as context %s", con);
-+
-+ already_warned = 1;
-+
-+ freecon(con);
-+ }
-+ }
-+ }
-+#endif
-+
- return OK;
- }
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1326980+.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1326980+.patch
deleted file mode 100644
index 98b226bf90..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1326980+.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-
-* modules/loggers/mod_log_debug.c: Mark private globals as static.
-http://svn.apache.org/viewvc?view=revision&revision=1326980
-
-* modules/filters/sed1.c: Mark private globals as static const.
- (command): Change p3 pointer to const.
-http://svn.apache.org/viewvc?view=revision&revision=1326984
-
-* modules/filters/config.m4: Prevent libsed internals from polluting
- the global symbol namespace.
-http://svn.apache.org/viewvc?view=revision&revision=1326991
-
-Upstream-Status: Backport
-
---- httpd-2.4.2/modules/loggers/mod_log_debug.c
-+++ httpd-2.4.2/modules/loggers/mod_log_debug.c
-@@ -35,8 +35,8 @@
- apr_array_header_t *entries;
- } log_debug_dirconf;
-
--const char *allhooks = "all";
--const char * const hooks[] = {
-+static const char *allhooks = "all";
-+static const char * const hooks[] = {
- "log_transaction", /* 0 */
- "quick_handler", /* 1 */
- "handler", /* 2 */
---- httpd-2.4.2/modules/filters/sed1.c
-+++ httpd-2.4.2/modules/filters/sed1.c
-@@ -25,7 +25,7 @@
- #include "apr_strings.h"
- #include "regexp.h"
-
--char *trans[040] = {
-+static const char *const trans[040] = {
- "\\01",
- "\\02",
- "\\03",
-@@ -58,7 +58,7 @@
- "\\36",
- "\\37"
- };
--char rub[] = {"\\177"};
-+static const char rub[] = {"\\177"};
-
- extern int sed_step(char *p1, char *p2, int circf, step_vars_storage *vars);
- static int substitute(sed_eval_t *eval, sed_reptr_t *ipc,
-@@ -692,7 +692,8 @@
- step_vars_storage *step_vars)
- {
- int i;
-- char *p1, *p2, *p3;
-+ char *p1, *p2;
-+ const char *p3;
- int length;
- char sz[32]; /* 32 bytes enough to store 64 bit integer in decimal */
- apr_status_t rv = APR_SUCCESS;
---- httpd-2.4.2/modules/filters/config.m4
-+++ httpd-2.4.2/modules/filters/config.m4
-@@ -16,7 +16,13 @@
- APACHE_MODULE(substitute, response content rewrite-like filtering, , , most)
-
- sed_obj="mod_sed.lo sed0.lo sed1.lo regexp.lo"
--APACHE_MODULE(sed, filter request and/or response bodies through sed, $sed_obj, , most)
-+APACHE_MODULE(sed, filter request and/or response bodies through sed, $sed_obj, , most, [
-+ if test "x$enable_sed" = "xshared"; then
-+ # The only symbol which needs to be exported is the module
-+ # structure, so ask libtool to hide libsed internals:
-+ APR_ADDTO(MOD_SED_LDADD, [-export-symbols-regex sed_module])
-+ fi
-+])
-
- if test "$ac_cv_ebcdic" = "yes"; then
- # mod_charset_lite can be very useful on an ebcdic system,
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch
deleted file mode 100644
index 57b5155c35..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-
-* server/mpm_unix.c (dummy_connection): Use a TLS 1.0 close_notify
- alert if the chosen listener is configured for https; not perfect
- but better than sending an HTTP request. Adjust comments.
-http://svn.apache.org/viewvc?view=revision&revision=1327036
-
-* server/mpm_unix.c (dummy_connection): Fix spello.
-http://svn.apache.org/viewvc?view=revision&revision=1327080
-
-Upstream-Status: Backport
-
---- httpd-2.4.2/server/mpm_unix.c
-+++ httpd-2.4.2/server/mpm_unix.c
-@@ -501,14 +501,14 @@
- return rv;
- }
-
--/* This function connects to the server, then immediately closes the connection.
-- * This permits the MPM to skip the poll when there is only one listening
-- * socket, because it provides a alternate way to unblock an accept() when
-- * the pod is used.
-- */
-+/* This function connects to the server and sends enough data to
-+ * ensure the child wakes up and processes a new connection. This
-+ * permits the MPM to skip the poll when there is only one listening
-+ * socket, because it provides a alternate way to unblock an accept()
-+ * when the pod is used. */
- static apr_status_t dummy_connection(ap_pod_t *pod)
- {
-- char *srequest;
-+ const char *data;
- apr_status_t rv;
- apr_socket_t *sock;
- apr_pool_t *p;
-@@ -574,24 +574,37 @@
- return rv;
- }
-
-- /* Create the request string. We include a User-Agent so that
-- * adminstrators can track down the cause of the odd-looking
-- * requests in their logs.
-- */
-- srequest = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
-+ if (lp->protocol && strcasecmp(lp->protocol, "https") == 0) {
-+ /* Send a TLS 1.0 close_notify alert. This is perhaps the
-+ * "least wrong" way to open and cleanly terminate an SSL
-+ * connection. It should "work" without noisy error logs if
-+ * the server actually expects SSLv3/TLSv1. With
-+ * SSLv23_server_method() OpenSSL's SSL_accept() fails
-+ * ungracefully on receipt of this message, since it requires
-+ * an 11-byte ClientHello message and this is too short. */
-+ static const unsigned char tls10_close_notify[7] = {
-+ '\x15', /* TLSPlainText.type = Alert (21) */
-+ '\x03', '\x01', /* TLSPlainText.version = {3, 1} */
-+ '\x00', '\x02', /* TLSPlainText.length = 2 */
-+ '\x01', /* Alert.level = warning (1) */
-+ '\x00' /* Alert.description = close_notify (0) */
-+ };
-+ data = (const char *)tls10_close_notify;
-+ len = sizeof(tls10_close_notify);
-+ }
-+ else /* ... XXX other request types here? */ {
-+ /* Create an HTTP request string. We include a User-Agent so
-+ * that adminstrators can track down the cause of the
-+ * odd-looking requests in their logs. A complete request is
-+ * used since kernel-level filtering may require that much
-+ * data before returning from accept(). */
-+ data = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
- ap_get_server_description(),
- " (internal dummy connection)\r\n\r\n", NULL);
-+ len = strlen(data);
-+ }
-
-- /* Since some operating systems support buffering of data or entire
-- * requests in the kernel, we send a simple request, to make sure
-- * the server pops out of a blocking accept().
-- */
-- /* XXX: This is HTTP specific. We should look at the Protocol for each
-- * listener, and send the correct type of request to trigger any Accept
-- * Filters.
-- */
-- len = strlen(srequest);
-- apr_socket_send(sock, srequest, &len);
-+ apr_socket_send(sock, data, &len);
- apr_socket_close(sock);
- apr_pool_destroy(p);
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1332643.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1332643.patch
deleted file mode 100644
index 16fd7d75b6..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1332643.patch
+++ /dev/null
@@ -1,260 +0,0 @@
-Add support for TLS Next Protocol Negotiation:
-
-* modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new
- hooks for next protocol advertisement/discovery.
-
-* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable
- NPN advertisement callback in handshake.
-
-* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke
- next-protocol discovery hook.
-
-* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos):
- New callback.
-
-* modules/ssl/ssl_private.h: Add prototype.
-
-Submitted by: Matthew Steele
- with slight tweaks by jorton
-
-https://bugzilla.redhat.com//show_bug.cgi?id=809599
-
-http://svn.apache.org/viewvc?view=revision&revision=1332643
-
-Upstream-Status: Backport
-
---- httpd-2.4.2/modules/ssl/ssl_private.h
-+++ httpd-2.4.2/modules/ssl/ssl_private.h
-@@ -139,6 +139,11 @@
- #define HAVE_FIPS
- #endif
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \
-+ && !defined(OPENSSL_NO_TLSEXT)
-+#define HAVE_TLS_NPN
-+#endif
-+
- #if (OPENSSL_VERSION_NUMBER >= 0x10000000)
- #define MODSSL_SSL_CIPHER_CONST const
- #define MODSSL_SSL_METHOD_CONST const
-@@ -811,6 +816,7 @@
- int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *,
- EVP_CIPHER_CTX *, HMAC_CTX *, int);
- #endif
-+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg);
-
- /** Session Cache Support */
- void ssl_scache_init(server_rec *, apr_pool_t *);
---- httpd-2.4.2/modules/ssl/mod_ssl.c
-+++ httpd-2.4.2/modules/ssl/mod_ssl.c
-@@ -260,6 +260,18 @@
- AP_END_CMD
- };
-
-+/* Implement 'modssl_run_npn_advertise_protos_hook'. */
-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
-+ modssl, AP, int, npn_advertise_protos_hook,
-+ (conn_rec *connection, apr_array_header_t *protos),
-+ (connection, protos), OK, DECLINED);
-+
-+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
-+ modssl, AP, int, npn_proto_negotiated_hook,
-+ (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len),
-+ (connection, proto_name, proto_name_len), OK, DECLINED);
-+
- /*
- * the various processing hooks
- */
---- httpd-2.4.2/modules/ssl/mod_ssl.h
-+++ httpd-2.4.2/modules/ssl/mod_ssl.h
-@@ -63,5 +63,26 @@
-
- APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
-
-+/** The npn_advertise_protos optional hook allows other modules to add entries
-+ * to the list of protocol names advertised by the server during the Next
-+ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is
-+ * given the connection and an APR array; it should push one or more char*'s
-+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
-+ * the array and return OK, or do nothing and return DECLINED. */
-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
-+ (conn_rec *connection, apr_array_header_t *protos));
-+
-+/** The npn_proto_negotiated optional hook allows other modules to discover the
-+ * name of the protocol that was chosen during the Next Protocol Negotiation
-+ * (NPN) portion of the SSL handshake. Note that this may be the empty string
-+ * (in which case modules should probably assume HTTP), or it may be a protocol
-+ * that was never even advertised by the server. The hook callee is given the
-+ * connection, a non-null-terminated string containing the protocol name, and
-+ * the length of the string; it should do something appropriate (i.e. insert or
-+ * remove filters) and return OK, or do nothing and return DECLINED. */
-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
-+ (conn_rec *connection, const char *proto_name,
-+ apr_size_t proto_name_len));
-+
- #endif /* __MOD_SSL_H__ */
- /** @} */
---- httpd-2.4.2/modules/ssl/ssl_engine_init.c
-+++ httpd-2.4.2/modules/ssl/ssl_engine_init.c
-@@ -681,6 +681,11 @@
- #endif
-
- SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
-+
-+#ifdef HAVE_TLS_NPN
-+ SSL_CTX_set_next_protos_advertised_cb(
-+ ctx, ssl_callback_AdvertiseNextProtos, NULL);
-+#endif
- }
-
- static void ssl_init_ctx_verify(server_rec *s,
---- httpd-2.4.2/modules/ssl/ssl_engine_io.c
-+++ httpd-2.4.2/modules/ssl/ssl_engine_io.c
-@@ -28,6 +28,7 @@
- core keeps dumping.''
- -- Unknown */
- #include "ssl_private.h"
-+#include "mod_ssl.h"
- #include "apr_date.h"
-
- /* _________________________________________________________________
-@@ -297,6 +298,7 @@
- apr_pool_t *pool;
- char buffer[AP_IOBUFSIZE];
- ssl_filter_ctx_t *filter_ctx;
-+ int npn_finished; /* 1 if NPN has finished, 0 otherwise */
- } bio_filter_in_ctx_t;
-
- /*
-@@ -1374,6 +1376,27 @@
- APR_BRIGADE_INSERT_TAIL(bb, bucket);
- }
-
-+#ifdef HAVE_TLS_NPN
-+ /* By this point, Next Protocol Negotiation (NPN) should be completed (if
-+ * our version of OpenSSL supports it). If we haven't already, find out
-+ * which protocol was decided upon and inform other modules by calling
-+ * npn_proto_negotiated_hook. */
-+ if (!inctx->npn_finished) {
-+ const unsigned char *next_proto = NULL;
-+ unsigned next_proto_len = 0;
-+
-+ SSL_get0_next_proto_negotiated(
-+ inctx->ssl, &next_proto, &next_proto_len);
-+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c,
-+ "SSL NPN negotiated protocol: '%s'",
-+ apr_pstrmemdup(f->c->pool, (const char*)next_proto,
-+ next_proto_len));
-+ modssl_run_npn_proto_negotiated_hook(
-+ f->c, (const char*)next_proto, next_proto_len);
-+ inctx->npn_finished = 1;
-+ }
-+#endif
-+
- return APR_SUCCESS;
- }
-
-@@ -1855,6 +1878,7 @@
- inctx->block = APR_BLOCK_READ;
- inctx->pool = c->pool;
- inctx->filter_ctx = filter_ctx;
-+ inctx->npn_finished = 0;
- }
-
- /* The request_rec pointer is passed in here only to ensure that the
---- httpd-2.4.2/modules/ssl/ssl_engine_kernel.c
-+++ httpd-2.4.2/modules/ssl/ssl_engine_kernel.c
-@@ -29,6 +29,7 @@
- time I was too famous.''
- -- Unknown */
- #include "ssl_private.h"
-+#include "mod_ssl.h"
- #include "util_md5.h"
-
- static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
-@@ -2143,3 +2144,84 @@
- return -1;
- }
- #endif
-+
-+#ifdef HAVE_TLS_NPN
-+/*
-+ * This callback function is executed when SSL needs to decide what protocols
-+ * to advertise during Next Protocol Negotiation (NPN). It must produce a
-+ * string in wire format -- a sequence of length-prefixed strings -- indicating
-+ * the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb
-+ * in OpenSSL for reference.
-+ */
-+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
-+ unsigned int *size_out, void *arg)
-+{
-+ conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
-+ apr_array_header_t *protos;
-+ int num_protos;
-+ unsigned int size;
-+ int i;
-+ unsigned char *data;
-+ unsigned char *start;
-+
-+ *data_out = NULL;
-+ *size_out = 0;
-+
-+ /* If the connection object is not available, then there's nothing for us
-+ * to do. */
-+ if (c == NULL) {
-+ return SSL_TLSEXT_ERR_OK;
-+ }
-+
-+ /* Invoke our npn_advertise_protos hook, giving other modules a chance to
-+ * add alternate protocol names to advertise. */
-+ protos = apr_array_make(c->pool, 0, sizeof(char*));
-+ modssl_run_npn_advertise_protos_hook(c, protos);
-+ num_protos = protos->nelts;
-+
-+ /* We now have a list of null-terminated strings; we need to concatenate
-+ * them together into a single string, where each protocol name is prefixed
-+ * by its length. First, calculate how long that string will be. */
-+ size = 0;
-+ for (i = 0; i < num_protos; ++i) {
-+ const char *string = APR_ARRAY_IDX(protos, i, const char*);
-+ unsigned int length = strlen(string);
-+ /* If the protocol name is too long (the length must fit in one byte),
-+ * then log an error and skip it. */
-+ if (length > 255) {
-+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
-+ "SSL NPN protocol name too long (length=%u): %s",
-+ length, string);
-+ continue;
-+ }
-+ /* Leave room for the length prefix (one byte) plus the protocol name
-+ * itself. */
-+ size += 1 + length;
-+ }
-+
-+ /* If there is nothing to advertise (either because no modules added
-+ * anything to the protos array, or because all strings added to the array
-+ * were skipped), then we're done. */
-+ if (size == 0) {
-+ return SSL_TLSEXT_ERR_OK;
-+ }
-+
-+ /* Now we can build the string. Copy each protocol name string into the
-+ * larger string, prefixed by its length. */
-+ data = apr_palloc(c->pool, size * sizeof(unsigned char));
-+ start = data;
-+ for (i = 0; i < num_protos; ++i) {
-+ const char *string = APR_ARRAY_IDX(protos, i, const char*);
-+ apr_size_t length = strlen(string);
-+ *start = (unsigned char)length;
-+ ++start;
-+ memcpy(start, string, length * sizeof(unsigned char));
-+ start += length;
-+ }
-+
-+ /* Success. */
-+ *data_out = data;
-+ *size_out = size;
-+ return SSL_TLSEXT_ERR_OK;
-+}
-+#endif
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1337344+.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1337344+.patch
deleted file mode 100644
index 646976a0fd..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1337344+.patch
+++ /dev/null
@@ -1,350 +0,0 @@
-
-* support/suexec.c: Add gcc format-string attributes to logging
- functions.
- (main): Always print uid/gid as unsigned long, and cast to avoid
- warnings (which somewhat defeats the point of the format string
- attrs, but is necessary since the size of gid/uid varies).
-http://svn.apache.org/viewvc?view=revision&revision=1337344
-
-
-
-suexec: Add support for logging to syslog as an alternative to a
-logfile.
-
-* support/suexec.c (err_output) [AP_LOG_SYSLOG]: Log to syslog.
- (main): Close syslog fd if open, before execv. Add -V output
- for AP_LOG_SYSLOG.
-
-* configure.in: Add --with-suexec-syslog argument; allow
- --without-suexec-logfile to omit definition of AP_LOG_EXEC.
-
-http://svn.apache.org/viewvc?view=revision&revision=1341905
-
-
-
-suexec: Support use of setgid/setuid capability bits on Linux, a
-weaker set of privileges than the full setuid/setgid root binary.
-
-* configure.in: Add --enable-suexec-capabilites flag.
-
-* Makefile.in: If configured, use setcap instead of chmod 7555 on
- installed suexec binary.
-
-* modules/arch/unix/mod_unixd.c (unixd_pre_config): Drop test for
- setuid bit if capability bits are used.
-
-* docs/manual/: Add docs.
-
-http://svn.apache.org/viewvc?view=revision&revision=1342065
-
-
-
-* docs/manual/suexec.html.en: Update for syslog logging.
-
-http://svn.apache.org/viewvc?view=revision&revision=1341930
-
-
-
-Upstream-Status: Backport
-
---- httpd-2.4.2/configure.in.r1337344+
-+++ httpd-2.4.2/configure.in
-@@ -700,7 +700,24 @@ APACHE_HELP_STRING(--with-suexec-gidmin,
-
- AC_ARG_WITH(suexec-logfile,
- APACHE_HELP_STRING(--with-suexec-logfile,Set the logfile),[
-- AC_DEFINE_UNQUOTED(AP_LOG_EXEC, "$withval", [SuExec log file] ) ] )
-+ if test "x$withval" = "xyes"; then
-+ AC_DEFINE_UNQUOTED(AP_LOG_EXEC, "$withval", [SuExec log file])
-+ fi
-+])
-+
-+AC_ARG_WITH(suexec-syslog,
-+APACHE_HELP_STRING(--with-suexec-syslog,Set the logfile),[
-+ if test $withval = "yes"; then
-+ if test "x${with_suexec_logfile}" != "xno"; then
-+ AC_MSG_NOTICE([hint: use "--without-suexec-logfile --with-suexec-syslog"])
-+ AC_MSG_ERROR([suexec does not support both logging to file and syslog])
-+ fi
-+ AC_CHECK_FUNCS([vsyslog], [], [
-+ AC_MSG_ERROR([cannot support syslog from suexec without vsyslog()])])
-+ AC_DEFINE(AP_LOG_SYSLOG, 1, [SuExec log to syslog])
-+ fi
-+])
-+
-
- AC_ARG_WITH(suexec-safepath,
- APACHE_HELP_STRING(--with-suexec-safepath,Set the safepath),[
-@@ -710,6 +727,15 @@ AC_ARG_WITH(suexec-umask,
- APACHE_HELP_STRING(--with-suexec-umask,umask for suexec'd process),[
- AC_DEFINE_UNQUOTED(AP_SUEXEC_UMASK, 0$withval, [umask for suexec'd process] ) ] )
-
-+INSTALL_SUEXEC=setuid
-+AC_ARG_ENABLE([suexec-capabilities],
-+APACHE_HELP_STRING(--enable-suexec-capabilities,Use Linux capability bits not setuid root suexec), [
-+INSTALL_SUEXEC=caps
-+AC_DEFINE(AP_SUEXEC_CAPABILITIES, 1,
-+ [Enable if suexec is installed with Linux capabilities, not setuid])
-+])
-+APACHE_SUBST(INSTALL_SUEXEC)
-+
- dnl APR should go after the other libs, so the right symbols can be picked up
- if test x${apu_found} != xobsolete; then
- AP_LIBS="$AP_LIBS `$apu_config --avoid-ldap --link-libtool`"
---- httpd-2.4.2/docs/manual/suexec.html.en.r1337344+
-+++ httpd-2.4.2/docs/manual/suexec.html.en
-@@ -369,6 +369,21 @@
- together with the --enable-suexec
option to let
- APACI accept your request for using the suEXEC feature.
-
-+ --enable-suexec-capabilities
-+
-+ Linux specific: Normally,
-+ the suexec
binary is installed "setuid/setgid
-+ root", which allows it to run with the full privileges of the
-+ root user. If this option is used, the suexec
-+ binary will instead be installed with only the setuid/setgid
-+ "capability" bits set, which is the subset of full root
-+ priviliges required for suexec operation. Note that
-+ the suexec
binary may not be able to write to a log
-+ file in this mode; it is recommended that the
-+ --with-suexec-syslog --without-suexec-logfile
-+ options are used in conjunction with this mode, so that syslog
-+ logging is used instead.
-+
- --with-suexec-bin=PATH
-
- The path to the suexec
binary must be hard-coded
-@@ -430,6 +445,12 @@
- "suexec_log
" and located in your standard logfile
- directory (--logfiledir
).
-
-+ --with-suexec-syslog
-+
-+ If defined, suexec will log notices and errors to syslog
-+ instead of a logfile. This option must be combined
-+ with --without-suexec-logfile
.
-+
- --with-suexec-safepath=PATH
-
- Define a safe PATH environment to pass to CGI
-@@ -546,9 +567,12 @@
-
- The suEXEC wrapper will write log information
- to the file defined with the --with-suexec-logfile
-- option as indicated above. If you feel you have configured and
-- installed the wrapper properly, have a look at this log and the
-- error_log for the server to see where you may have gone astray.
-+ option as indicated above, or to syslog if --with-suexec-syslog
-+ is used. If you feel you have configured and
-+ installed the wrapper properly, have a look at the log and the
-+ error_log for the server to see where you may have gone astray.
-+ The output of "suexec -V"
will show the options
-+ used to compile suexec, if using a binary distribution.
-
-
-
-@@ -615,4 +639,4 @@
-
--