From 5b3749ca143c5e2a957d1509d65164e191a92883 Mon Sep 17 00:00:00 2001
From: Eric Bénard <eric@eukrea.com>
Date: Sun, 25 Nov 2012 18:25:05 +0100
Subject: apache2: upgrade to 2.4.3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Eric Bénard <eric@eukrea.com>
---
 .../apache2-2.4.2/apache-configure_perlbin.patch   |  37 ---
 .../apache2-2.4.2/apache-ssl-ltmain-rpath.patch    |  76 -----
 .../apache2/apache2-2.4.2/fix-libtool-name.patch   |  55 ----
 .../apache2-2.4.2/httpd-2.4.1-corelimit.patch      |  37 ---
 .../apache2/apache2-2.4.2/httpd-2.4.1-export.patch |  22 --
 .../apache2-2.4.2/httpd-2.4.1-selinux.patch        |  63 ----
 .../apache2-2.4.2/httpd-2.4.2-r1326980+.patch      |  74 -----
 .../apache2-2.4.2/httpd-2.4.2-r1327036+.patch      |  87 -----
 .../apache2-2.4.2/httpd-2.4.2-r1332643.patch       | 260 ---------------
 .../apache2-2.4.2/httpd-2.4.2-r1337344+.patch      | 350 ---------------------
 .../apache2-2.4.2/httpd-2.4.2-restart.patch        |  35 ---
 .../replace-lynx-to-curl-in-apachectl-script.patch |  52 ---
 .../apache2/apache2-2.4.2/server-makefile.patch    |  11 -
 .../apache2-2.4.3/apache-configure_perlbin.patch   |  37 +++
 .../apache2-2.4.3/apache-ssl-ltmain-rpath.patch    |  76 +++++
 .../apache2/apache2-2.4.3/fix-libtool-name.patch   |  55 ++++
 .../apache2-2.4.3/httpd-2.4.1-corelimit.patch      |  37 +++
 .../apache2/apache2-2.4.3/httpd-2.4.1-export.patch |  22 ++
 .../apache2-2.4.3/httpd-2.4.1-selinux.patch        |  63 ++++
 .../apache2-2.4.3/httpd-2.4.2-r1332643.patch       | 260 +++++++++++++++
 .../replace-lynx-to-curl-in-apachectl-script.patch |  52 +++
 .../apache2/apache2-2.4.3/server-makefile.patch    |  11 +
 .../recipes-httpd/apache2/apache2-native_2.4.2.bb  |  43 ---
 .../recipes-httpd/apache2/apache2-native_2.4.3.bb  |  43 +++
 .../recipes-httpd/apache2/apache2_2.4.2.bb         | 144 ---------
 .../recipes-httpd/apache2/apache2_2.4.3.bb         | 140 +++++++++
 26 files changed, 796 insertions(+), 1346 deletions(-)
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-configure_perlbin.patch
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-ssl-ltmain-rpath.patch
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/fix-libtool-name.patch
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-corelimit.patch
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-export.patch
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-selinux.patch
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1326980+.patch
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1332643.patch
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1337344+.patch
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-restart.patch
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/replace-lynx-to-curl-in-apachectl-script.patch
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.2/server-makefile.patch
 create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/apache-configure_perlbin.patch
 create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/apache-ssl-ltmain-rpath.patch
 create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/fix-libtool-name.patch
 create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-corelimit.patch
 create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-export.patch
 create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-selinux.patch
 create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.2-r1332643.patch
 create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/replace-lynx-to-curl-in-apachectl-script.patch
 create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.3/server-makefile.patch
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-native_2.4.2.bb
 create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-native_2.4.3.bb
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2_2.4.2.bb
 create mode 100644 meta-webserver/recipes-httpd/apache2/apache2_2.4.3.bb

(limited to 'meta-webserver')

diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-configure_perlbin.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-configure_perlbin.patch
deleted file mode 100644
index baa739fd44..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-configure_perlbin.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-# Author: echo <fei.geng@windriver.com>
-# Date: April 28 2009
-# Summary:Fix perl install directory to /usr/bin
-#
-# Upstream-Status: Inappropriate [configuration]
-
---- a/configure
-+++ b/configure
-@@ -22365,13 +22365,7 @@
- #define APACHE_MPM_DIR "$MPM_DIR"
- _ACEOF
-
--
--perlbin=`$ac_aux_dir/PrintPath perl`
--if test "x$perlbin" = "x"; then
--    perlbin="/replace/with/path/to/perl/interpreter"
--fi
--
--
-+perlbin='/usr/bin/perl'
-
- BSD_MAKEFILE=no
- ap_make_include=include
---- a/configure.in
-+++ b/configure.in
-@@ -638,10 +638,7 @@
- AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR",
- 	[Location of the source for the current MPM])
- 
--perlbin=`$ac_aux_dir/PrintPath perl`
--if test "x$perlbin" = "x"; then
--    perlbin="/replace/with/path/to/perl/interpreter"
--fi
-+perlbin='/usr/bin/perl'
- AC_SUBST(perlbin)
- 
- dnl If we are running on BSD/OS, we need to use the BSD .include syntax.
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-ssl-ltmain-rpath.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-ssl-ltmain-rpath.patch
deleted file mode 100644
index 3a59fb0799..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-ssl-ltmain-rpath.patch
+++ /dev/null
@@ -1,76 +0,0 @@
---- httpd-2.2.8.orig/build/ltmain.sh
-+++ httpd-2.2.8/build/ltmain.sh
-@@ -1515,7 +1515,7 @@ EOF
- 	dir=`$echo "X$arg" | $Xsed -e 's/^-L//'`
- 	# We need an absolute path.
- 	case $dir in
--	[\\/]* | [A-Za-z]:[\\/]*) ;;
-+	=* | [\\/]* | [A-Za-z]:[\\/]*) ;;
- 	*)
- 	  absdir=`cd "$dir" && pwd`
- 	  if test -z "$absdir"; then
-@@ -2558,7 +2558,7 @@ EOF
- 	    $echo "*** $linklib is not portable!"
- 	  fi
- 	  if test "$linkmode" = lib &&
--	     test "$hardcode_into_libs" = yes; then
-+             test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then
- 	    # Hardcode the library path.
- 	    # Skip directories that are in the system default run-time
- 	    # search path.
-@@ -2832,7 +2832,7 @@ EOF
- 
- 	if test "$linkmode" = lib; then
- 	  if test -n "$dependency_libs" &&
--	     { test "$hardcode_into_libs" != yes ||
-+             { test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" ||
- 	       test "$build_old_libs" = yes ||
- 	       test "$link_static" = yes; }; then
- 	    # Extract -R from dependency_libs
-@@ -3426,7 +3426,8 @@ EOF
- 	  *) finalize_rpath="$finalize_rpath $libdir" ;;
- 	  esac
- 	done
--	if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
-+        if test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" ||
-+           test "$build_old_libs" = yes; then
- 	  dependency_libs="$temp_xrpath $dependency_libs"
- 	fi
-       fi
-@@ -3843,7 +3844,7 @@ EOF
-         case $archive_cmds in
-           *\$LD\ *) wl= ;;
-         esac
--	if test "$hardcode_into_libs" = yes; then
-+        if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then
- 	  # Hardcode the library paths
- 	  hardcode_libdirs=
- 	  dep_rpath=
-@@ -4397,6 +4398,27 @@ EOF
-       # Now hardcode the library paths
-       rpath=
-       hardcode_libdirs=
-+
-+      # short circuit putting rpaths in executables
-+      #
-+      if test "x$wrs_use_rpaths" != "xyes" ; then
-+        flag=
-+        for libdir in $compile_rpath; do
-+          case $(echo $libdir | ${SED} 's,/[/]*,/,g') in
-+            /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;;
-+          esac
-+        done
-+        compile_rpath="$flag"
-+
-+        flag=
-+        for libdir in $finalize_rpath; do
-+          case $(echo $libdir | ${SED} 's,/[/]*,/,g') in
-+            /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;;
-+          esac
-+        done
-+        finalize_rpath="$flag"
-+      fi
-+
-       for libdir in $compile_rpath $finalize_rpath; do
- 	if test -n "$hardcode_libdir_flag_spec"; then
- 	  if test -n "$hardcode_libdir_separator"; then
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/fix-libtool-name.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/fix-libtool-name.patch
deleted file mode 100644
index 027af04c3b..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/fix-libtool-name.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Fix build scripts to use correct libtool filename
-
-Upstream-Status: Inappropriate [configuration]
-
----
- httpd-2.4.2/build/config_vars.sh.in |    2 +-
- httpd-2.4.2/configure               |    2 +-
- httpd-2.4.2/configure.in            |    2 +-
- httpd-2.4.2/support/apxs.in         |    2 +-
- 4 files changed, 4 insertions(+), 4 deletions(-)
-
---- a/build/config_vars.sh.in
-+++ b/build/config_vars.sh.in
-@@ -35,7 +35,7 @@ else
-    APU_CONFIG=@APU_CONFIG@
- fi
- 
--APR_LIBTOOL="`${APR_CONFIG} --apr-libtool`"
-+APR_LIBTOOL="`${APR_CONFIG} --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`"
- APR_INCLUDEDIR="`${APR_CONFIG} --includedir`"
- test -n "@APU_CONFIG@" && APU_INCLUDEDIR="`${APU_CONFIG} --includedir`"
- 
---- a/configure
-+++ b/configure
-@@ -6205,7 +6205,7 @@ case $host in
-       if test "x$LTFLAGS" = "x"; then
-           LTFLAGS='--silent'
-       fi
--      my_libtool=`$apr_config --apr-libtool`
-+      my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`
-       LIBTOOL="$my_libtool \$(LTFLAGS)"
-       libtoolversion=`$my_libtool --version`
-       case $libtoolversion in
---- a/configure.in
-+++ b/configure.in
-@@ -264,7 +264,7 @@ case $host in
-       if test "x$LTFLAGS" = "x"; then
-           LTFLAGS='--silent'
-       fi
--      my_libtool=`$apr_config --apr-libtool`
-+      my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`
-       LIBTOOL="$my_libtool \$(LTFLAGS)"
-       libtoolversion=`$my_libtool --version`
-       case $libtoolversion in
---- a/support/apxs.in
-+++ b/support/apxs.in
-@@ -352,7 +352,7 @@ if ($apr_major_version < 2) {
-     }
- }
- 
--my $libtool = `$apr_config --apr-libtool`;
-+my $libtool = `$apr_config --apr-libtool| sed -e s,libtool,${host_alias}-libtool,`;
- chomp($libtool);
- 
- my $apr_includedir = `$apr_config --includes`;
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-corelimit.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-corelimit.patch
deleted file mode 100644
index 18e4107ec7..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-corelimit.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-
-Bump up the core size limit if CoreDumpDirectory is
-configured.
-
-Upstream-Status: Pending 
-
-Note: upstreaming was discussed but there are competing desires;
-	there are portability oddities here too.
-
---- httpd-2.4.1/server/core.c.corelimit
-+++ httpd-2.4.1/server/core.c
-@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t *
-     }
-     apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper,
-                               apr_pool_cleanup_null);
-+
-+#ifdef RLIMIT_CORE
-+    if (ap_coredumpdir_configured) {
-+        struct rlimit lim;
-+
-+        if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) {
-+            lim.rlim_cur = lim.rlim_max;
-+            if (setrlimit(RLIMIT_CORE, &lim) == 0) {
-+                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
-+                             "core dump file size limit raised to %lu bytes",
-+                             lim.rlim_cur);
-+            } else {
-+                ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL,
-+                             "core dump file size is zero, setrlimit failed");
-+            }
-+        }
-+    }
-+#endif
-+
-     return OK;
- }
- 
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-export.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-export.patch
deleted file mode 100644
index ed629bfc81..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-export.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-
-There is no need to "suck in" the apr/apr-util symbols when using
-a shared libapr{,util}, it just bloats the symbol table; so don't.
-
-Upstream-HEAD: needed
-Upstream-2.0: omit
-Upstream-Status: Pending
-
-Note: EXPORT_DIRS change is conditional on using shared apr
-
---- httpd-2.4.1/server/Makefile.in.export
-+++ httpd-2.4.1/server/Makefile.in
-@@ -57,9 +57,6 @@ export_files:
- 	( for dir in $(EXPORT_DIRS); do \
- 	      ls $$dir/*.h ; \
- 	  done; \
--	  for dir in $(EXPORT_DIRS_APR); do \
--	      ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \
--	  done; \
- 	) | sort -u > $@
- 
- exports.c: export_files
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-selinux.patch
deleted file mode 100644
index 873328d9b5..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-selinux.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-
-Log the SELinux context at startup.
-
-Upstream-Status: Inappropriate [other]
-
-Note: unlikely to be any interest in this upstream
-
---- httpd-2.4.1/configure.in.selinux
-+++ httpd-2.4.1/configure.in
-@@ -458,6 +458,11 @@ fopen64
- dnl confirm that a void pointer is large enough to store a long integer
- APACHE_CHECK_VOID_PTR_LEN
- 
-+AC_CHECK_LIB(selinux, is_selinux_enabled, [
-+   AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
-+   APR_ADDTO(AP_LIBS, [-lselinux])
-+])
-+
- AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
- [AC_TRY_RUN(#define _GNU_SOURCE
- #include <unistd.h>
---- httpd-2.4.1/server/core.c.selinux
-+++ httpd-2.4.1/server/core.c
-@@ -58,6 +58,10 @@
- #include <unistd.h>
- #endif
- 
-+#ifdef HAVE_SELINUX
-+#include <selinux/selinux.h>
-+#endif
-+
- /* LimitRequestBody handling */
- #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)
- #define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 0)
-@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t *
-     }
- #endif
- 
-+#ifdef HAVE_SELINUX
-+    {
-+        static int already_warned = 0;
-+        int is_enabled = is_selinux_enabled() > 0;
-+        
-+        if (is_enabled && !already_warned) {
-+            security_context_t con;
-+            
-+            if (getcon(&con) == 0) {
-+                
-+                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
-+                             "SELinux policy enabled; "
-+                             "httpd running as context %s", con);
-+                
-+                already_warned = 1;
-+                
-+                freecon(con);
-+            }
-+        }
-+    }
-+#endif
-+
-     return OK;
- }
- 
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1326980+.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1326980+.patch
deleted file mode 100644
index 98b226bf90..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1326980+.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-
-* modules/loggers/mod_log_debug.c: Mark private globals as static.
-http://svn.apache.org/viewvc?view=revision&revision=1326980
-
-* modules/filters/sed1.c: Mark private globals as static const.
-  (command): Change p3 pointer to const. 
-http://svn.apache.org/viewvc?view=revision&revision=1326984
-
-* modules/filters/config.m4: Prevent libsed internals from polluting
-  the global symbol namespace.
-http://svn.apache.org/viewvc?view=revision&revision=1326991
-
-Upstream-Status: Backport
-
---- httpd-2.4.2/modules/loggers/mod_log_debug.c
-+++ httpd-2.4.2/modules/loggers/mod_log_debug.c
-@@ -35,8 +35,8 @@
-     apr_array_header_t *entries;
- } log_debug_dirconf;
- 
--const char *allhooks = "all";
--const char * const hooks[] = {
-+static const char *allhooks = "all";
-+static const char * const hooks[] = {
-     "log_transaction",      /*  0 */
-     "quick_handler",        /*  1 */
-     "handler",              /*  2 */
---- httpd-2.4.2/modules/filters/sed1.c
-+++ httpd-2.4.2/modules/filters/sed1.c
-@@ -25,7 +25,7 @@
- #include "apr_strings.h"
- #include "regexp.h"
- 
--char    *trans[040]  = {
-+static const char *const trans[040]  = {
-     "\\01",
-     "\\02",
-     "\\03",
-@@ -58,7 +58,7 @@
-     "\\36",
-     "\\37"
- };
--char rub[] = {"\\177"};
-+static const char rub[] = {"\\177"};
- 
- extern int sed_step(char *p1, char *p2, int circf, step_vars_storage *vars);
- static int substitute(sed_eval_t *eval, sed_reptr_t *ipc,
-@@ -692,7 +692,8 @@
-                             step_vars_storage *step_vars)
- {
-     int    i;
--    char   *p1, *p2, *p3;
-+    char   *p1, *p2;
-+    const char *p3;
-     int length;
-     char sz[32]; /* 32 bytes enough to store 64 bit integer in decimal */
-     apr_status_t rv = APR_SUCCESS;
---- httpd-2.4.2/modules/filters/config.m4
-+++ httpd-2.4.2/modules/filters/config.m4
-@@ -16,7 +16,13 @@
- APACHE_MODULE(substitute, response content rewrite-like filtering, , , most)
- 
- sed_obj="mod_sed.lo sed0.lo sed1.lo regexp.lo"
--APACHE_MODULE(sed, filter request and/or response bodies through sed, $sed_obj, , most)
-+APACHE_MODULE(sed, filter request and/or response bodies through sed, $sed_obj, , most, [
-+    if test "x$enable_sed" = "xshared"; then
-+        # The only symbol which needs to be exported is the module
-+        # structure, so ask libtool to hide libsed internals:
-+        APR_ADDTO(MOD_SED_LDADD, [-export-symbols-regex sed_module])
-+    fi
-+])
- 
- if test "$ac_cv_ebcdic" = "yes"; then
- # mod_charset_lite can be very useful on an ebcdic system,
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch
deleted file mode 100644
index 57b5155c35..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-
-* server/mpm_unix.c (dummy_connection): Use a TLS 1.0 close_notify
-  alert if the chosen listener is configured for https; not perfect
-  but better than sending an HTTP request.  Adjust comments.
-http://svn.apache.org/viewvc?view=revision&revision=1327036
-
-* server/mpm_unix.c (dummy_connection): Fix spello.
-http://svn.apache.org/viewvc?view=revision&revision=1327080
-
-Upstream-Status: Backport
-
---- httpd-2.4.2/server/mpm_unix.c
-+++ httpd-2.4.2/server/mpm_unix.c
-@@ -501,14 +501,14 @@
-     return rv;
- }
- 
--/* This function connects to the server, then immediately closes the connection.
-- * This permits the MPM to skip the poll when there is only one listening
-- * socket, because it provides a alternate way to unblock an accept() when
-- * the pod is used.
-- */
-+/* This function connects to the server and sends enough data to
-+ * ensure the child wakes up and processes a new connection.  This
-+ * permits the MPM to skip the poll when there is only one listening
-+ * socket, because it provides a alternate way to unblock an accept()
-+ * when the pod is used.  */
- static apr_status_t dummy_connection(ap_pod_t *pod)
- {
--    char *srequest;
-+    const char *data;
-     apr_status_t rv;
-     apr_socket_t *sock;
-     apr_pool_t *p;
-@@ -574,24 +574,37 @@
-         return rv;
-     }
- 
--    /* Create the request string. We include a User-Agent so that
--     * adminstrators can track down the cause of the odd-looking
--     * requests in their logs.
--     */
--    srequest = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
-+    if (lp->protocol && strcasecmp(lp->protocol, "https") == 0) {
-+        /* Send a TLS 1.0 close_notify alert.  This is perhaps the
-+         * "least wrong" way to open and cleanly terminate an SSL
-+         * connection.  It should "work" without noisy error logs if
-+         * the server actually expects SSLv3/TLSv1.  With
-+         * SSLv23_server_method() OpenSSL's SSL_accept() fails
-+         * ungracefully on receipt of this message, since it requires
-+         * an 11-byte ClientHello message and this is too short. */
-+        static const unsigned char tls10_close_notify[7] = {
-+            '\x15',         /* TLSPlainText.type = Alert (21) */
-+            '\x03', '\x01', /* TLSPlainText.version = {3, 1} */
-+            '\x00', '\x02', /* TLSPlainText.length = 2 */
-+            '\x01',         /* Alert.level = warning (1) */
-+            '\x00'          /* Alert.description = close_notify (0) */
-+        };
-+        data = (const char *)tls10_close_notify;
-+        len = sizeof(tls10_close_notify);
-+    }
-+    else /* ... XXX other request types here? */ {
-+        /* Create an HTTP request string.  We include a User-Agent so
-+         * that adminstrators can track down the cause of the
-+         * odd-looking requests in their logs.  A complete request is
-+         * used since kernel-level filtering may require that much
-+         * data before returning from accept(). */
-+        data = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
-                            ap_get_server_description(),
-                            " (internal dummy connection)\r\n\r\n", NULL);
-+        len = strlen(data);
-+    }
- 
--    /* Since some operating systems support buffering of data or entire
--     * requests in the kernel, we send a simple request, to make sure
--     * the server pops out of a blocking accept().
--     */
--    /* XXX: This is HTTP specific. We should look at the Protocol for each
--     * listener, and send the correct type of request to trigger any Accept
--     * Filters.
--     */
--    len = strlen(srequest);
--    apr_socket_send(sock, srequest, &len);
-+    apr_socket_send(sock, data, &len);
-     apr_socket_close(sock);
-     apr_pool_destroy(p);
- 
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1332643.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1332643.patch
deleted file mode 100644
index 16fd7d75b6..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1332643.patch
+++ /dev/null
@@ -1,260 +0,0 @@
-Add support for TLS Next Protocol Negotiation:
-
-* modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new
-  hooks for next protocol advertisement/discovery.
-
-* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable
-  NPN advertisement callback in handshake.
-
-* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke
-  next-protocol discovery hook.
-
-* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos): 
-  New callback.
-
-* modules/ssl/ssl_private.h: Add prototype.
-
-Submitted by: Matthew Steele <mdsteele google.com>
-  with slight tweaks by jorton
-
-https://bugzilla.redhat.com//show_bug.cgi?id=809599
-
-http://svn.apache.org/viewvc?view=revision&revision=1332643
-
-Upstream-Status: Backport
-
---- httpd-2.4.2/modules/ssl/ssl_private.h
-+++ httpd-2.4.2/modules/ssl/ssl_private.h
-@@ -139,6 +139,11 @@
- #define HAVE_FIPS
- #endif
- 
-+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \
-+    && !defined(OPENSSL_NO_TLSEXT)
-+#define HAVE_TLS_NPN
-+#endif
-+
- #if (OPENSSL_VERSION_NUMBER >= 0x10000000)
- #define MODSSL_SSL_CIPHER_CONST const
- #define MODSSL_SSL_METHOD_CONST const
-@@ -811,6 +816,7 @@
- int         ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *,
-                                        EVP_CIPHER_CTX *, HMAC_CTX *, int);
- #endif
-+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg);
- 
- /**  Session Cache Support  */
- void         ssl_scache_init(server_rec *, apr_pool_t *);
---- httpd-2.4.2/modules/ssl/mod_ssl.c
-+++ httpd-2.4.2/modules/ssl/mod_ssl.c
-@@ -260,6 +260,18 @@
-     AP_END_CMD
- };
- 
-+/* Implement 'modssl_run_npn_advertise_protos_hook'. */
-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
-+    modssl, AP, int, npn_advertise_protos_hook,
-+    (conn_rec *connection, apr_array_header_t *protos),
-+    (connection, protos), OK, DECLINED);
-+
-+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
-+    modssl, AP, int, npn_proto_negotiated_hook,
-+    (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len),
-+    (connection, proto_name, proto_name_len), OK, DECLINED);
-+
- /*
-  *  the various processing hooks
-  */
---- httpd-2.4.2/modules/ssl/mod_ssl.h
-+++ httpd-2.4.2/modules/ssl/mod_ssl.h
-@@ -63,5 +63,26 @@
- 
- APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
- 
-+/** The npn_advertise_protos optional hook allows other modules to add entries
-+ * to the list of protocol names advertised by the server during the Next
-+ * Protocol Negotiation (NPN) portion of the SSL handshake.  The hook callee is
-+ * given the connection and an APR array; it should push one or more char*'s
-+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
-+ * the array and return OK, or do nothing and return DECLINED. */
-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
-+                          (conn_rec *connection, apr_array_header_t *protos));
-+
-+/** The npn_proto_negotiated optional hook allows other modules to discover the
-+ * name of the protocol that was chosen during the Next Protocol Negotiation
-+ * (NPN) portion of the SSL handshake.  Note that this may be the empty string
-+ * (in which case modules should probably assume HTTP), or it may be a protocol
-+ * that was never even advertised by the server.  The hook callee is given the
-+ * connection, a non-null-terminated string containing the protocol name, and
-+ * the length of the string; it should do something appropriate (i.e. insert or
-+ * remove filters) and return OK, or do nothing and return DECLINED. */
-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
-+                          (conn_rec *connection, const char *proto_name,
-+                           apr_size_t proto_name_len));
-+
- #endif /* __MOD_SSL_H__ */
- /** @} */
---- httpd-2.4.2/modules/ssl/ssl_engine_init.c
-+++ httpd-2.4.2/modules/ssl/ssl_engine_init.c
-@@ -681,6 +681,11 @@
- #endif
- 
-     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
-+
-+#ifdef HAVE_TLS_NPN
-+    SSL_CTX_set_next_protos_advertised_cb(
-+        ctx, ssl_callback_AdvertiseNextProtos, NULL);
-+#endif
- }
- 
- static void ssl_init_ctx_verify(server_rec *s,
---- httpd-2.4.2/modules/ssl/ssl_engine_io.c
-+++ httpd-2.4.2/modules/ssl/ssl_engine_io.c
-@@ -28,6 +28,7 @@
-                                   core keeps dumping.''
-                                             -- Unknown    */
- #include "ssl_private.h"
-+#include "mod_ssl.h"
- #include "apr_date.h"
- 
- /*  _________________________________________________________________
-@@ -297,6 +298,7 @@
-     apr_pool_t *pool;
-     char buffer[AP_IOBUFSIZE];
-     ssl_filter_ctx_t *filter_ctx;
-+    int npn_finished;  /* 1 if NPN has finished, 0 otherwise */
- } bio_filter_in_ctx_t;
- 
- /*
-@@ -1374,6 +1376,27 @@
-         APR_BRIGADE_INSERT_TAIL(bb, bucket);
-     }
- 
-+#ifdef HAVE_TLS_NPN
-+    /* By this point, Next Protocol Negotiation (NPN) should be completed (if
-+     * our version of OpenSSL supports it).  If we haven't already, find out
-+     * which protocol was decided upon and inform other modules by calling
-+     * npn_proto_negotiated_hook. */
-+    if (!inctx->npn_finished) {
-+        const unsigned char *next_proto = NULL;
-+        unsigned next_proto_len = 0;
-+
-+        SSL_get0_next_proto_negotiated(
-+            inctx->ssl, &next_proto, &next_proto_len);
-+        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c,
-+                      "SSL NPN negotiated protocol: '%s'",
-+                      apr_pstrmemdup(f->c->pool, (const char*)next_proto,
-+                                     next_proto_len));
-+        modssl_run_npn_proto_negotiated_hook(
-+            f->c, (const char*)next_proto, next_proto_len);
-+        inctx->npn_finished = 1;
-+    }
-+#endif
-+
-     return APR_SUCCESS;
- }
- 
-@@ -1855,6 +1878,7 @@
-     inctx->block = APR_BLOCK_READ;
-     inctx->pool = c->pool;
-     inctx->filter_ctx = filter_ctx;
-+    inctx->npn_finished = 0;
- }
- 
- /* The request_rec pointer is passed in here only to ensure that the
---- httpd-2.4.2/modules/ssl/ssl_engine_kernel.c
-+++ httpd-2.4.2/modules/ssl/ssl_engine_kernel.c
-@@ -29,6 +29,7 @@
-                                   time I was too famous.''
-                                             -- Unknown                */
- #include "ssl_private.h"
-+#include "mod_ssl.h"
- #include "util_md5.h"
- 
- static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
-@@ -2143,3 +2144,84 @@
-     return -1;
- }
- #endif
-+
-+#ifdef HAVE_TLS_NPN
-+/*
-+ * This callback function is executed when SSL needs to decide what protocols
-+ * to advertise during Next Protocol Negotiation (NPN).  It must produce a
-+ * string in wire format -- a sequence of length-prefixed strings -- indicating
-+ * the advertised protocols.  Refer to SSL_CTX_set_next_protos_advertised_cb
-+ * in OpenSSL for reference.
-+ */
-+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
-+                                     unsigned int *size_out, void *arg)
-+{
-+    conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
-+    apr_array_header_t *protos;
-+    int num_protos;
-+    unsigned int size;
-+    int i;
-+    unsigned char *data;
-+    unsigned char *start;
-+
-+    *data_out = NULL;
-+    *size_out = 0;
-+
-+    /* If the connection object is not available, then there's nothing for us
-+     * to do. */
-+    if (c == NULL) {
-+        return SSL_TLSEXT_ERR_OK;
-+    }
-+
-+    /* Invoke our npn_advertise_protos hook, giving other modules a chance to
-+     * add alternate protocol names to advertise. */
-+    protos = apr_array_make(c->pool, 0, sizeof(char*));
-+    modssl_run_npn_advertise_protos_hook(c, protos);
-+    num_protos = protos->nelts;
-+
-+    /* We now have a list of null-terminated strings; we need to concatenate
-+     * them together into a single string, where each protocol name is prefixed
-+     * by its length.  First, calculate how long that string will be. */
-+    size = 0;
-+    for (i = 0; i < num_protos; ++i) {
-+        const char *string = APR_ARRAY_IDX(protos, i, const char*);
-+        unsigned int length = strlen(string);
-+        /* If the protocol name is too long (the length must fit in one byte),
-+         * then log an error and skip it. */
-+        if (length > 255) {
-+            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
-+                          "SSL NPN protocol name too long (length=%u): %s",
-+                          length, string);
-+            continue;
-+        }
-+        /* Leave room for the length prefix (one byte) plus the protocol name
-+         * itself. */
-+        size += 1 + length;
-+    }
-+
-+    /* If there is nothing to advertise (either because no modules added
-+     * anything to the protos array, or because all strings added to the array
-+     * were skipped), then we're done. */
-+    if (size == 0) {
-+        return SSL_TLSEXT_ERR_OK;
-+    }
-+
-+    /* Now we can build the string.  Copy each protocol name string into the
-+     * larger string, prefixed by its length. */
-+    data = apr_palloc(c->pool, size * sizeof(unsigned char));
-+    start = data;
-+    for (i = 0; i < num_protos; ++i) {
-+        const char *string = APR_ARRAY_IDX(protos, i, const char*);
-+        apr_size_t length = strlen(string);
-+        *start = (unsigned char)length;
-+        ++start;
-+        memcpy(start, string, length * sizeof(unsigned char));
-+        start += length;
-+    }
-+
-+    /* Success. */
-+    *data_out = data;
-+    *size_out = size;
-+    return SSL_TLSEXT_ERR_OK;
-+}
-+#endif
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1337344+.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1337344+.patch
deleted file mode 100644
index 646976a0fd..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1337344+.patch
+++ /dev/null
@@ -1,350 +0,0 @@
-
-* support/suexec.c: Add gcc format-string attributes to logging
-  functions.  
-  (main): Always print uid/gid as unsigned long, and cast to avoid
-  warnings (which somewhat defeats the point of the format string
-  attrs, but is necessary since the size of gid/uid varies).
-http://svn.apache.org/viewvc?view=revision&revision=1337344
-
-
-
-suexec: Add support for logging to syslog as an alternative to a
-logfile.
-
-* support/suexec.c (err_output) [AP_LOG_SYSLOG]: Log to syslog.
-  (main): Close syslog fd if open, before execv.  Add -V output
-  for AP_LOG_SYSLOG.
-
-* configure.in: Add --with-suexec-syslog argument; allow
-  --without-suexec-logfile to omit definition of AP_LOG_EXEC.
-
-http://svn.apache.org/viewvc?view=revision&revision=1341905
-
-
-
-suexec: Support use of setgid/setuid capability bits on Linux, a
-weaker set of privileges than the full setuid/setgid root binary.
-
-* configure.in: Add --enable-suexec-capabilites flag.
-
-* Makefile.in: If configured, use setcap instead of chmod 7555 on
-  installed suexec binary.
-
-* modules/arch/unix/mod_unixd.c (unixd_pre_config): Drop test for
-  setuid bit if capability bits are used.
-
-* docs/manual/: Add docs.
-
-http://svn.apache.org/viewvc?view=revision&revision=1342065
-
-
-
-* docs/manual/suexec.html.en: Update for syslog logging.
-
-http://svn.apache.org/viewvc?view=revision&revision=1341930
-
-
-
-Upstream-Status: Backport
-
---- httpd-2.4.2/configure.in.r1337344+
-+++ httpd-2.4.2/configure.in
-@@ -700,7 +700,24 @@ APACHE_HELP_STRING(--with-suexec-gidmin,
- 
- AC_ARG_WITH(suexec-logfile,
- APACHE_HELP_STRING(--with-suexec-logfile,Set the logfile),[
--  AC_DEFINE_UNQUOTED(AP_LOG_EXEC, "$withval", [SuExec log file] ) ] )
-+  if test "x$withval" = "xyes"; then
-+    AC_DEFINE_UNQUOTED(AP_LOG_EXEC, "$withval", [SuExec log file])
-+  fi
-+])
-+
-+AC_ARG_WITH(suexec-syslog,
-+APACHE_HELP_STRING(--with-suexec-syslog,Set the logfile),[
-+  if test $withval = "yes"; then
-+    if test "x${with_suexec_logfile}" != "xno"; then
-+      AC_MSG_NOTICE([hint: use "--without-suexec-logfile --with-suexec-syslog"])
-+      AC_MSG_ERROR([suexec does not support both logging to file and syslog])
-+    fi
-+    AC_CHECK_FUNCS([vsyslog], [], [
-+       AC_MSG_ERROR([cannot support syslog from suexec without vsyslog()])])
-+    AC_DEFINE(AP_LOG_SYSLOG, 1, [SuExec log to syslog])
-+  fi    
-+])
-+
- 
- AC_ARG_WITH(suexec-safepath,
- APACHE_HELP_STRING(--with-suexec-safepath,Set the safepath),[
-@@ -710,6 +727,15 @@ AC_ARG_WITH(suexec-umask,
- APACHE_HELP_STRING(--with-suexec-umask,umask for suexec'd process),[
-   AC_DEFINE_UNQUOTED(AP_SUEXEC_UMASK, 0$withval, [umask for suexec'd process] ) ] )
- 
-+INSTALL_SUEXEC=setuid
-+AC_ARG_ENABLE([suexec-capabilities], 
-+APACHE_HELP_STRING(--enable-suexec-capabilities,Use Linux capability bits not setuid root suexec), [
-+INSTALL_SUEXEC=caps
-+AC_DEFINE(AP_SUEXEC_CAPABILITIES, 1, 
-+          [Enable if suexec is installed with Linux capabilities, not setuid])
-+])
-+APACHE_SUBST(INSTALL_SUEXEC)
-+
- dnl APR should go after the other libs, so the right symbols can be picked up
- if test x${apu_found} != xobsolete; then
-   AP_LIBS="$AP_LIBS `$apu_config --avoid-ldap --link-libtool`"
---- httpd-2.4.2/docs/manual/suexec.html.en.r1337344+
-+++ httpd-2.4.2/docs/manual/suexec.html.en
-@@ -369,6 +369,21 @@
-       together with the <code>--enable-suexec</code> option to let
-       APACI accept your request for using the suEXEC feature.</dd>
- 
-+      <dt><code>--enable-suexec-capabilities</code></dt>
-+
-+      <dd><strong>Linux specific:</strong> Normally,
-+      the <code>suexec</code> binary is installed "setuid/setgid
-+      root", which allows it to run with the full privileges of the
-+      root user.  If this option is used, the <code>suexec</code>
-+      binary will instead be installed with only the setuid/setgid
-+      "capability" bits set, which is the subset of full root
-+      priviliges required for suexec operation.  Note that
-+      the <code>suexec</code> binary may not be able to write to a log
-+      file in this mode; it is recommended that the
-+      <code>--with-suexec-syslog --without-suexec-logfile</code>
-+      options are used in conjunction with this mode, so that syslog
-+      logging is used instead.</dd>
-+
-       <dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
- 
-       <dd>The path to the <code>suexec</code> binary must be hard-coded
-@@ -430,6 +445,12 @@
-       "<code>suexec_log</code>" and located in your standard logfile
-       directory (<code>--logfiledir</code>).</dd>
- 
-+      <dt><code>--with-suexec-syslog</code></dt>
-+
-+      <dd>If defined, suexec will log notices and errors to syslog
-+      instead of a logfile.  This option must be combined
-+      with <code>--without-suexec-logfile</code>.</dd>
-+
-       <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
- 
-       <dd>Define a safe PATH environment to pass to CGI
-@@ -546,9 +567,12 @@
- 
-     <p>The suEXEC wrapper will write log information
-     to the file defined with the <code>--with-suexec-logfile</code>
--    option as indicated above. If you feel you have configured and
--    installed the wrapper properly, have a look at this log and the
--    error_log for the server to see where you may have gone astray.</p>
-+    option as indicated above, or to syslog if <code>--with-suexec-syslog</code>
-+    is used. If you feel you have configured and
-+    installed the wrapper properly, have a look at the log and the
-+    error_log for the server to see where you may have gone astray. 
-+    The output of <code>"suexec -V"</code> will show the options
-+    used to compile suexec, if using a binary distribution.</p>
- 
- </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
- <div class="section">
-@@ -615,4 +639,4 @@
- </div><div id="footer">
- <p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
- <p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="./faq/">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p></div>
--</body></html>
-\ No newline at end of file
-+</body></html>
---- httpd-2.4.2/Makefile.in.r1337344+
-+++ httpd-2.4.2/Makefile.in
-@@ -236,11 +236,22 @@ install-man:
- 	  cd $(DESTDIR)$(manualdir) && find . -name ".svn" -type d -print | xargs rm -rf 2>/dev/null || true; \
- 	fi
- 
--install-suexec:
-+install-suexec: install-suexec-binary install-suexec-$(INSTALL_SUEXEC)
-+
-+install-suexec-binary:
- 	@if test -f $(builddir)/support/suexec; then \
-             test -d $(DESTDIR)$(sbindir) || $(MKINSTALLDIRS) $(DESTDIR)$(sbindir); \
-             $(INSTALL_PROGRAM) $(top_builddir)/support/suexec $(DESTDIR)$(sbindir); \
--            chmod 4755 $(DESTDIR)$(sbindir)/suexec; \
-+	fi
-+
-+install-suexec-setuid:
-+	@if test -f $(builddir)/support/suexec; then \
-+	    chmod 4755 $(DESTDIR)$(sbindir)/suexec; \
-+	fi
-+
-+install-suexec-caps:
-+	@if test -f $(builddir)/support/suexec; then \
-+            setcap 'cap_setuid,cap_setgid+pe' $(DESTDIR)$(sbindir)/suexec; \
- 	fi
- 
- suexec:
---- httpd-2.4.2/modules/arch/unix/mod_unixd.c.r1337344+
-+++ httpd-2.4.2/modules/arch/unix/mod_unixd.c
-@@ -284,6 +284,13 @@ unixd_set_suexec(cmd_parms *cmd, void *d
-     return NULL;
- }
- 
-+#ifdef AP_SUEXEC_CAPABILITIES
-+/* If suexec is using capabilities, don't test for the setuid bit. */
-+#define SETUID_TEST(finfo) (1)
-+#else
-+#define SETUID_TEST(finfo) (finfo.protection & APR_USETID)
-+#endif
-+
- static int
- unixd_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
-                  apr_pool_t *ptemp)
-@@ -300,7 +307,7 @@ unixd_pre_config(apr_pool_t *pconf, apr_
-     ap_unixd_config.suexec_enabled = 0;
-     if ((apr_stat(&wrapper, SUEXEC_BIN, APR_FINFO_NORM, ptemp))
-          == APR_SUCCESS) {
--        if ((wrapper.protection & APR_USETID) && wrapper.user == 0
-+        if (SETUID_TEST(wrapper) && wrapper.user == 0
-             && (access(SUEXEC_BIN, R_OK|X_OK) == 0)) {
-             ap_unixd_config.suexec_enabled = 1;
-             ap_unixd_config.suexec_disabled_reason = "";
---- httpd-2.4.2/support/suexec.c.r1337344+
-+++ httpd-2.4.2/support/suexec.c
-@@ -58,6 +58,10 @@
- #include <grp.h>
- #endif
- 
-+#ifdef AP_LOG_SYSLOG
-+#include <syslog.h>
-+#endif
-+
- #if defined(PATH_MAX)
- #define AP_MAXPATH PATH_MAX
- #elif defined(MAXPATHLEN)
-@@ -69,7 +73,12 @@
- #define AP_ENVBUF 256
- 
- extern char **environ;
-+
-+#ifdef AP_LOG_SYSLOG
-+static int log_open;
-+#else
- static FILE *log = NULL;
-+#endif
- 
- static const char *const safe_env_lst[] =
- {
-@@ -128,10 +137,23 @@ static const char *const safe_env_lst[]
-     NULL
- };
- 
-+static void log_err(const char *fmt,...) 
-+    __attribute__((format(printf,1,2)));
-+static void log_no_err(const char *fmt,...)  
-+    __attribute__((format(printf,1,2)));
-+static void err_output(int is_error, const char *fmt, va_list ap) 
-+    __attribute__((format(printf,2,0)));
- 
- static void err_output(int is_error, const char *fmt, va_list ap)
- {
--#ifdef AP_LOG_EXEC
-+#if defined(AP_LOG_SYSLOG)
-+    if (!log_open) {
-+        openlog("suexec", LOG_PID, LOG_DAEMON);
-+        log_open = 1;
-+    }
-+
-+    vsyslog(is_error ? LOG_ERR : LOG_INFO, fmt, ap);
-+#elif defined(AP_LOG_EXEC)
-     time_t timevar;
-     struct tm *lt;
- 
-@@ -263,7 +285,7 @@ int main(int argc, char *argv[])
-      */
-     uid = getuid();
-     if ((pw = getpwuid(uid)) == NULL) {
--        log_err("crit: invalid uid: (%ld)\n", uid);
-+        log_err("crit: invalid uid: (%lu)\n", (unsigned long)uid);
-         exit(102);
-     }
-     /*
-@@ -289,7 +311,9 @@ int main(int argc, char *argv[])
- #ifdef AP_HTTPD_USER
-         fprintf(stderr, " -D AP_HTTPD_USER=\"%s\"\n", AP_HTTPD_USER);
- #endif
--#ifdef AP_LOG_EXEC
-+#if defined(AP_LOG_SYSLOG)
-+        fprintf(stderr, " -D AP_LOG_SYSLOG\n");
-+#elif defined(AP_LOG_EXEC)
-         fprintf(stderr, " -D AP_LOG_EXEC=\"%s\"\n", AP_LOG_EXEC);
- #endif
- #ifdef AP_SAFE_PATH
-@@ -440,7 +464,7 @@ int main(int argc, char *argv[])
-      * a UID less than AP_UID_MIN.  Tsk tsk.
-      */
-     if ((uid == 0) || (uid < AP_UID_MIN)) {
--        log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd);
-+        log_err("cannot run as forbidden uid (%lu/%s)\n", (unsigned long)uid, cmd);
-         exit(107);
-     }
- 
-@@ -449,7 +473,7 @@ int main(int argc, char *argv[])
-      * or as a GID less than AP_GID_MIN.  Tsk tsk.
-      */
-     if ((gid == 0) || (gid < AP_GID_MIN)) {
--        log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd);
-+        log_err("cannot run as forbidden gid (%lu/%s)\n", (unsigned long)gid, cmd);
-         exit(108);
-     }
- 
-@@ -460,7 +484,7 @@ int main(int argc, char *argv[])
-      * and setgid() to the target group. If unsuccessful, error out.
-      */
-     if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) {
--        log_err("failed to setgid (%ld: %s)\n", gid, cmd);
-+        log_err("failed to setgid (%lu: %s)\n", (unsigned long)gid, cmd);
-         exit(109);
-     }
- 
-@@ -468,7 +492,7 @@ int main(int argc, char *argv[])
-      * setuid() to the target user.  Error out on fail.
-      */
-     if ((setuid(uid)) != 0) {
--        log_err("failed to setuid (%ld: %s)\n", uid, cmd);
-+        log_err("failed to setuid (%lu: %s)\n", (unsigned long)uid, cmd);
-         exit(110);
-     }
- 
-@@ -556,11 +580,11 @@ int main(int argc, char *argv[])
-         (gid != dir_info.st_gid) ||
-         (uid != prg_info.st_uid) ||
-         (gid != prg_info.st_gid)) {
--        log_err("target uid/gid (%ld/%ld) mismatch "
--                "with directory (%ld/%ld) or program (%ld/%ld)\n",
--                uid, gid,
--                dir_info.st_uid, dir_info.st_gid,
--                prg_info.st_uid, prg_info.st_gid);
-+        log_err("target uid/gid (%lu/%lu) mismatch "
-+                "with directory (%lu/%lu) or program (%lu/%lu)\n",
-+                (unsigned long)uid, (unsigned long)gid,
-+                (unsigned long)dir_info.st_uid, (unsigned long)dir_info.st_gid,
-+                (unsigned long)prg_info.st_uid, (unsigned long)prg_info.st_gid);
-         exit(120);
-     }
-     /*
-@@ -585,6 +609,12 @@ int main(int argc, char *argv[])
- #endif /* AP_SUEXEC_UMASK */
- 
-     /* Be sure to close the log file so the CGI can't mess with it. */
-+#ifdef AP_LOG_SYSLOG
-+    if (log_open) {
-+        closelog();
-+        log_open = 0;
-+    }
-+#else
-     if (log != NULL) {
- #if APR_HAVE_FCNTL_H
-         /*
-@@ -606,6 +636,7 @@ int main(int argc, char *argv[])
-         log = NULL;
- #endif
-     }
-+#endif
- 
-     /*
-      * Execute the command, replacing our image with its own.
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-restart.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-restart.patch
deleted file mode 100644
index 42254d2f8c..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-restart.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-
-* server/main.c (main): Bail out *before* signalling the server
-  if the config is bad. (as per the claim in the docs!)
-
-https://bugzilla.redhat.com/show_bug.cgi?id=814645
-http://svn.apache.org/viewvc?view=revision&revision=1328345
-
-Upstream-Status: Backport
-
---- httpd-2.4.2/server/main.c.restart
-+++ httpd-2.4.2/server/main.c
-@@ -671,6 +671,11 @@ int main(int argc, const char * const ar
-         }
-     }
- 
-+    /* If our config failed, deal with that here. */
-+    if (rv != OK) {
-+        destroy_and_exit_process(process, 1);
-+    }
-+
-     signal_server = APR_RETRIEVE_OPTIONAL_FN(ap_signal_server);
-     if (signal_server) {
-         int exit_status;
-@@ -680,11 +685,6 @@ int main(int argc, const char * const ar
-         }
-     }
- 
--    /* If our config failed, deal with that here. */
--    if (rv != OK) {
--        destroy_and_exit_process(process, 1);
--    }
--
-     apr_pool_clear(plog);
- 
-     if ( ap_run_open_logs(pconf, plog, ptemp, ap_server_conf) != OK) {
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/replace-lynx-to-curl-in-apachectl-script.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/replace-lynx-to-curl-in-apachectl-script.patch
deleted file mode 100644
index 584ddc8d94..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/replace-lynx-to-curl-in-apachectl-script.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 760ccbb2fb046621a2aeaecabb2b1ef9aa280cf1 Mon Sep 17 00:00:00 2001
-From: Yulong Pei <Yulong.pei@windriver.com>
-Date: Thu, 1 Sep 2011 01:03:14 +0800
-Subject: [PATCH] replace lynx to curl in apachectl script
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Yulong Pei <Yulong.pei@windriver.com>
----
- support/apachectl.in |   14 ++++++++++----
- 1 files changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/support/apachectl.in b/support/apachectl.in
-index d4dff38..109ea13 100644
---- a/support/apachectl.in
-+++ b/support/apachectl.in
-@@ -51,11 +51,11 @@ fi
- # a command that outputs a formatted text version of the HTML at the
- # url given on the command line.  Designed for lynx, however other
- # programs may work.  
--LYNX="@LYNX_PATH@ -dump"
-+CURL="/usr/bin/curl"
- #
- # the URL to your server's mod_status status page.  If you do not
- # have one, then status and fullstatus will not work.
--STATUSURL="http://localhost:@PORT@/server-status"
-+STATUSURL="http://localhost:@PORT@/"
- #
- # Set this variable to a command that increases the maximum
- # number of file descriptors allowed per child process. This is
-@@ -91,10 +91,16 @@ configtest)
-     ERROR=$?
-     ;;
- status)
--    $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
-+    $CURL -s $STATUSURL | grep -o "It works!"
-+    if [ $? != 0 ] ; then
-+        echo The httpd server does not work!
-+    fi
-     ;;
- fullstatus)
--    $LYNX $STATUSURL
-+    $CURL -s $STATUSURL | grep -o "It works!"
-+    if [ $? != 0 ] ; then
-+        echo The httpd server does not work!
-+    fi
-     ;;
- *)
-     $HTTPD $ARGV
--- 
-1.6.4
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/server-makefile.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/server-makefile.patch
deleted file mode 100644
index f1349cb6a4..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/server-makefile.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- http-2.0.54/server/Makefile.in-old	2005-12-20 13:26:56.000000000 -0500
-+++ http-2.0.54/server/Makefile.in	2005-12-20 13:27:22.000000000 -0500
-@@ -27,7 +27,7 @@
- 	$(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS)
- 
- test_char.h: gen_test_char
--	./gen_test_char > test_char.h
-+	gen_test_char > test_char.h
- 
- util.lo: test_char.h
- 
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/apache-configure_perlbin.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/apache-configure_perlbin.patch
new file mode 100644
index 0000000000..baa739fd44
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/apache-configure_perlbin.patch
@@ -0,0 +1,37 @@
+# Author: echo <fei.geng@windriver.com>
+# Date: April 28 2009
+# Summary:Fix perl install directory to /usr/bin
+#
+# Upstream-Status: Inappropriate [configuration]
+
+--- a/configure
++++ b/configure
+@@ -22365,13 +22365,7 @@
+ #define APACHE_MPM_DIR "$MPM_DIR"
+ _ACEOF
+
+-
+-perlbin=`$ac_aux_dir/PrintPath perl`
+-if test "x$perlbin" = "x"; then
+-    perlbin="/replace/with/path/to/perl/interpreter"
+-fi
+-
+-
++perlbin='/usr/bin/perl'
+
+ BSD_MAKEFILE=no
+ ap_make_include=include
+--- a/configure.in
++++ b/configure.in
+@@ -638,10 +638,7 @@
+ AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR",
+ 	[Location of the source for the current MPM])
+ 
+-perlbin=`$ac_aux_dir/PrintPath perl`
+-if test "x$perlbin" = "x"; then
+-    perlbin="/replace/with/path/to/perl/interpreter"
+-fi
++perlbin='/usr/bin/perl'
+ AC_SUBST(perlbin)
+ 
+ dnl If we are running on BSD/OS, we need to use the BSD .include syntax.
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/apache-ssl-ltmain-rpath.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/apache-ssl-ltmain-rpath.patch
new file mode 100644
index 0000000000..3a59fb0799
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/apache-ssl-ltmain-rpath.patch
@@ -0,0 +1,76 @@
+--- httpd-2.2.8.orig/build/ltmain.sh
++++ httpd-2.2.8/build/ltmain.sh
+@@ -1515,7 +1515,7 @@ EOF
+ 	dir=`$echo "X$arg" | $Xsed -e 's/^-L//'`
+ 	# We need an absolute path.
+ 	case $dir in
+-	[\\/]* | [A-Za-z]:[\\/]*) ;;
++	=* | [\\/]* | [A-Za-z]:[\\/]*) ;;
+ 	*)
+ 	  absdir=`cd "$dir" && pwd`
+ 	  if test -z "$absdir"; then
+@@ -2558,7 +2558,7 @@ EOF
+ 	    $echo "*** $linklib is not portable!"
+ 	  fi
+ 	  if test "$linkmode" = lib &&
+-	     test "$hardcode_into_libs" = yes; then
++             test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then
+ 	    # Hardcode the library path.
+ 	    # Skip directories that are in the system default run-time
+ 	    # search path.
+@@ -2832,7 +2832,7 @@ EOF
+ 
+ 	if test "$linkmode" = lib; then
+ 	  if test -n "$dependency_libs" &&
+-	     { test "$hardcode_into_libs" != yes ||
++             { test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" ||
+ 	       test "$build_old_libs" = yes ||
+ 	       test "$link_static" = yes; }; then
+ 	    # Extract -R from dependency_libs
+@@ -3426,7 +3426,8 @@ EOF
+ 	  *) finalize_rpath="$finalize_rpath $libdir" ;;
+ 	  esac
+ 	done
+-	if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
++        if test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" ||
++           test "$build_old_libs" = yes; then
+ 	  dependency_libs="$temp_xrpath $dependency_libs"
+ 	fi
+       fi
+@@ -3843,7 +3844,7 @@ EOF
+         case $archive_cmds in
+           *\$LD\ *) wl= ;;
+         esac
+-	if test "$hardcode_into_libs" = yes; then
++        if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then
+ 	  # Hardcode the library paths
+ 	  hardcode_libdirs=
+ 	  dep_rpath=
+@@ -4397,6 +4398,27 @@ EOF
+       # Now hardcode the library paths
+       rpath=
+       hardcode_libdirs=
++
++      # short circuit putting rpaths in executables
++      #
++      if test "x$wrs_use_rpaths" != "xyes" ; then
++        flag=
++        for libdir in $compile_rpath; do
++          case $(echo $libdir | ${SED} 's,/[/]*,/,g') in
++            /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;;
++          esac
++        done
++        compile_rpath="$flag"
++
++        flag=
++        for libdir in $finalize_rpath; do
++          case $(echo $libdir | ${SED} 's,/[/]*,/,g') in
++            /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;;
++          esac
++        done
++        finalize_rpath="$flag"
++      fi
++
+       for libdir in $compile_rpath $finalize_rpath; do
+ 	if test -n "$hardcode_libdir_flag_spec"; then
+ 	  if test -n "$hardcode_libdir_separator"; then
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/fix-libtool-name.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/fix-libtool-name.patch
new file mode 100644
index 0000000000..027af04c3b
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/fix-libtool-name.patch
@@ -0,0 +1,55 @@
+Fix build scripts to use correct libtool filename
+
+Upstream-Status: Inappropriate [configuration]
+
+---
+ httpd-2.4.2/build/config_vars.sh.in |    2 +-
+ httpd-2.4.2/configure               |    2 +-
+ httpd-2.4.2/configure.in            |    2 +-
+ httpd-2.4.2/support/apxs.in         |    2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/build/config_vars.sh.in
++++ b/build/config_vars.sh.in
+@@ -35,7 +35,7 @@ else
+    APU_CONFIG=@APU_CONFIG@
+ fi
+ 
+-APR_LIBTOOL="`${APR_CONFIG} --apr-libtool`"
++APR_LIBTOOL="`${APR_CONFIG} --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`"
+ APR_INCLUDEDIR="`${APR_CONFIG} --includedir`"
+ test -n "@APU_CONFIG@" && APU_INCLUDEDIR="`${APU_CONFIG} --includedir`"
+ 
+--- a/configure
++++ b/configure
+@@ -6205,7 +6205,7 @@ case $host in
+       if test "x$LTFLAGS" = "x"; then
+           LTFLAGS='--silent'
+       fi
+-      my_libtool=`$apr_config --apr-libtool`
++      my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`
+       LIBTOOL="$my_libtool \$(LTFLAGS)"
+       libtoolversion=`$my_libtool --version`
+       case $libtoolversion in
+--- a/configure.in
++++ b/configure.in
+@@ -264,7 +264,7 @@ case $host in
+       if test "x$LTFLAGS" = "x"; then
+           LTFLAGS='--silent'
+       fi
+-      my_libtool=`$apr_config --apr-libtool`
++      my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`
+       LIBTOOL="$my_libtool \$(LTFLAGS)"
+       libtoolversion=`$my_libtool --version`
+       case $libtoolversion in
+--- a/support/apxs.in
++++ b/support/apxs.in
+@@ -352,7 +352,7 @@ if ($apr_major_version < 2) {
+     }
+ }
+ 
+-my $libtool = `$apr_config --apr-libtool`;
++my $libtool = `$apr_config --apr-libtool| sed -e s,libtool,${host_alias}-libtool,`;
+ chomp($libtool);
+ 
+ my $apr_includedir = `$apr_config --includes`;
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-corelimit.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-corelimit.patch
new file mode 100644
index 0000000000..18e4107ec7
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-corelimit.patch
@@ -0,0 +1,37 @@
+
+Bump up the core size limit if CoreDumpDirectory is
+configured.
+
+Upstream-Status: Pending 
+
+Note: upstreaming was discussed but there are competing desires;
+	there are portability oddities here too.
+
+--- httpd-2.4.1/server/core.c.corelimit
++++ httpd-2.4.1/server/core.c
+@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t *
+     }
+     apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper,
+                               apr_pool_cleanup_null);
++
++#ifdef RLIMIT_CORE
++    if (ap_coredumpdir_configured) {
++        struct rlimit lim;
++
++        if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) {
++            lim.rlim_cur = lim.rlim_max;
++            if (setrlimit(RLIMIT_CORE, &lim) == 0) {
++                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
++                             "core dump file size limit raised to %lu bytes",
++                             lim.rlim_cur);
++            } else {
++                ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL,
++                             "core dump file size is zero, setrlimit failed");
++            }
++        }
++    }
++#endif
++
+     return OK;
+ }
+ 
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-export.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-export.patch
new file mode 100644
index 0000000000..ed629bfc81
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-export.patch
@@ -0,0 +1,22 @@
+
+There is no need to "suck in" the apr/apr-util symbols when using
+a shared libapr{,util}, it just bloats the symbol table; so don't.
+
+Upstream-HEAD: needed
+Upstream-2.0: omit
+Upstream-Status: Pending
+
+Note: EXPORT_DIRS change is conditional on using shared apr
+
+--- httpd-2.4.1/server/Makefile.in.export
++++ httpd-2.4.1/server/Makefile.in
+@@ -57,9 +57,6 @@ export_files:
+ 	( for dir in $(EXPORT_DIRS); do \
+ 	      ls $$dir/*.h ; \
+ 	  done; \
+-	  for dir in $(EXPORT_DIRS_APR); do \
+-	      ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \
+-	  done; \
+ 	) | sort -u > $@
+ 
+ exports.c: export_files
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-selinux.patch
new file mode 100644
index 0000000000..873328d9b5
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.1-selinux.patch
@@ -0,0 +1,63 @@
+
+Log the SELinux context at startup.
+
+Upstream-Status: Inappropriate [other]
+
+Note: unlikely to be any interest in this upstream
+
+--- httpd-2.4.1/configure.in.selinux
++++ httpd-2.4.1/configure.in
+@@ -458,6 +458,11 @@ fopen64
+ dnl confirm that a void pointer is large enough to store a long integer
+ APACHE_CHECK_VOID_PTR_LEN
+ 
++AC_CHECK_LIB(selinux, is_selinux_enabled, [
++   AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
++   APR_ADDTO(AP_LIBS, [-lselinux])
++])
++
+ AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
+ [AC_TRY_RUN(#define _GNU_SOURCE
+ #include <unistd.h>
+--- httpd-2.4.1/server/core.c.selinux
++++ httpd-2.4.1/server/core.c
+@@ -58,6 +58,10 @@
+ #include <unistd.h>
+ #endif
+ 
++#ifdef HAVE_SELINUX
++#include <selinux/selinux.h>
++#endif
++
+ /* LimitRequestBody handling */
+ #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)
+ #define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 0)
+@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t *
+     }
+ #endif
+ 
++#ifdef HAVE_SELINUX
++    {
++        static int already_warned = 0;
++        int is_enabled = is_selinux_enabled() > 0;
++        
++        if (is_enabled && !already_warned) {
++            security_context_t con;
++            
++            if (getcon(&con) == 0) {
++                
++                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
++                             "SELinux policy enabled; "
++                             "httpd running as context %s", con);
++                
++                already_warned = 1;
++                
++                freecon(con);
++            }
++        }
++    }
++#endif
++
+     return OK;
+ }
+ 
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.2-r1332643.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.2-r1332643.patch
new file mode 100644
index 0000000000..16fd7d75b6
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/httpd-2.4.2-r1332643.patch
@@ -0,0 +1,260 @@
+Add support for TLS Next Protocol Negotiation:
+
+* modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new
+  hooks for next protocol advertisement/discovery.
+
+* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable
+  NPN advertisement callback in handshake.
+
+* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke
+  next-protocol discovery hook.
+
+* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos): 
+  New callback.
+
+* modules/ssl/ssl_private.h: Add prototype.
+
+Submitted by: Matthew Steele <mdsteele google.com>
+  with slight tweaks by jorton
+
+https://bugzilla.redhat.com//show_bug.cgi?id=809599
+
+http://svn.apache.org/viewvc?view=revision&revision=1332643
+
+Upstream-Status: Backport
+
+--- httpd-2.4.2/modules/ssl/ssl_private.h
++++ httpd-2.4.2/modules/ssl/ssl_private.h
+@@ -139,6 +139,11 @@
+ #define HAVE_FIPS
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \
++    && !defined(OPENSSL_NO_TLSEXT)
++#define HAVE_TLS_NPN
++#endif
++
+ #if (OPENSSL_VERSION_NUMBER >= 0x10000000)
+ #define MODSSL_SSL_CIPHER_CONST const
+ #define MODSSL_SSL_METHOD_CONST const
+@@ -811,6 +816,7 @@
+ int         ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *,
+                                        EVP_CIPHER_CTX *, HMAC_CTX *, int);
+ #endif
++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg);
+ 
+ /**  Session Cache Support  */
+ void         ssl_scache_init(server_rec *, apr_pool_t *);
+--- httpd-2.4.2/modules/ssl/mod_ssl.c
++++ httpd-2.4.2/modules/ssl/mod_ssl.c
+@@ -260,6 +260,18 @@
+     AP_END_CMD
+ };
+ 
++/* Implement 'modssl_run_npn_advertise_protos_hook'. */
++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
++    modssl, AP, int, npn_advertise_protos_hook,
++    (conn_rec *connection, apr_array_header_t *protos),
++    (connection, protos), OK, DECLINED);
++
++/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
++    modssl, AP, int, npn_proto_negotiated_hook,
++    (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len),
++    (connection, proto_name, proto_name_len), OK, DECLINED);
++
+ /*
+  *  the various processing hooks
+  */
+--- httpd-2.4.2/modules/ssl/mod_ssl.h
++++ httpd-2.4.2/modules/ssl/mod_ssl.h
+@@ -63,5 +63,26 @@
+ 
+ APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
+ 
++/** The npn_advertise_protos optional hook allows other modules to add entries
++ * to the list of protocol names advertised by the server during the Next
++ * Protocol Negotiation (NPN) portion of the SSL handshake.  The hook callee is
++ * given the connection and an APR array; it should push one or more char*'s
++ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
++ * the array and return OK, or do nothing and return DECLINED. */
++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
++                          (conn_rec *connection, apr_array_header_t *protos));
++
++/** The npn_proto_negotiated optional hook allows other modules to discover the
++ * name of the protocol that was chosen during the Next Protocol Negotiation
++ * (NPN) portion of the SSL handshake.  Note that this may be the empty string
++ * (in which case modules should probably assume HTTP), or it may be a protocol
++ * that was never even advertised by the server.  The hook callee is given the
++ * connection, a non-null-terminated string containing the protocol name, and
++ * the length of the string; it should do something appropriate (i.e. insert or
++ * remove filters) and return OK, or do nothing and return DECLINED. */
++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
++                          (conn_rec *connection, const char *proto_name,
++                           apr_size_t proto_name_len));
++
+ #endif /* __MOD_SSL_H__ */
+ /** @} */
+--- httpd-2.4.2/modules/ssl/ssl_engine_init.c
++++ httpd-2.4.2/modules/ssl/ssl_engine_init.c
+@@ -681,6 +681,11 @@
+ #endif
+ 
+     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
++
++#ifdef HAVE_TLS_NPN
++    SSL_CTX_set_next_protos_advertised_cb(
++        ctx, ssl_callback_AdvertiseNextProtos, NULL);
++#endif
+ }
+ 
+ static void ssl_init_ctx_verify(server_rec *s,
+--- httpd-2.4.2/modules/ssl/ssl_engine_io.c
++++ httpd-2.4.2/modules/ssl/ssl_engine_io.c
+@@ -28,6 +28,7 @@
+                                   core keeps dumping.''
+                                             -- Unknown    */
+ #include "ssl_private.h"
++#include "mod_ssl.h"
+ #include "apr_date.h"
+ 
+ /*  _________________________________________________________________
+@@ -297,6 +298,7 @@
+     apr_pool_t *pool;
+     char buffer[AP_IOBUFSIZE];
+     ssl_filter_ctx_t *filter_ctx;
++    int npn_finished;  /* 1 if NPN has finished, 0 otherwise */
+ } bio_filter_in_ctx_t;
+ 
+ /*
+@@ -1374,6 +1376,27 @@
+         APR_BRIGADE_INSERT_TAIL(bb, bucket);
+     }
+ 
++#ifdef HAVE_TLS_NPN
++    /* By this point, Next Protocol Negotiation (NPN) should be completed (if
++     * our version of OpenSSL supports it).  If we haven't already, find out
++     * which protocol was decided upon and inform other modules by calling
++     * npn_proto_negotiated_hook. */
++    if (!inctx->npn_finished) {
++        const unsigned char *next_proto = NULL;
++        unsigned next_proto_len = 0;
++
++        SSL_get0_next_proto_negotiated(
++            inctx->ssl, &next_proto, &next_proto_len);
++        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c,
++                      "SSL NPN negotiated protocol: '%s'",
++                      apr_pstrmemdup(f->c->pool, (const char*)next_proto,
++                                     next_proto_len));
++        modssl_run_npn_proto_negotiated_hook(
++            f->c, (const char*)next_proto, next_proto_len);
++        inctx->npn_finished = 1;
++    }
++#endif
++
+     return APR_SUCCESS;
+ }
+ 
+@@ -1855,6 +1878,7 @@
+     inctx->block = APR_BLOCK_READ;
+     inctx->pool = c->pool;
+     inctx->filter_ctx = filter_ctx;
++    inctx->npn_finished = 0;
+ }
+ 
+ /* The request_rec pointer is passed in here only to ensure that the
+--- httpd-2.4.2/modules/ssl/ssl_engine_kernel.c
++++ httpd-2.4.2/modules/ssl/ssl_engine_kernel.c
+@@ -29,6 +29,7 @@
+                                   time I was too famous.''
+                                             -- Unknown                */
+ #include "ssl_private.h"
++#include "mod_ssl.h"
+ #include "util_md5.h"
+ 
+ static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
+@@ -2143,3 +2144,84 @@
+     return -1;
+ }
+ #endif
++
++#ifdef HAVE_TLS_NPN
++/*
++ * This callback function is executed when SSL needs to decide what protocols
++ * to advertise during Next Protocol Negotiation (NPN).  It must produce a
++ * string in wire format -- a sequence of length-prefixed strings -- indicating
++ * the advertised protocols.  Refer to SSL_CTX_set_next_protos_advertised_cb
++ * in OpenSSL for reference.
++ */
++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
++                                     unsigned int *size_out, void *arg)
++{
++    conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
++    apr_array_header_t *protos;
++    int num_protos;
++    unsigned int size;
++    int i;
++    unsigned char *data;
++    unsigned char *start;
++
++    *data_out = NULL;
++    *size_out = 0;
++
++    /* If the connection object is not available, then there's nothing for us
++     * to do. */
++    if (c == NULL) {
++        return SSL_TLSEXT_ERR_OK;
++    }
++
++    /* Invoke our npn_advertise_protos hook, giving other modules a chance to
++     * add alternate protocol names to advertise. */
++    protos = apr_array_make(c->pool, 0, sizeof(char*));
++    modssl_run_npn_advertise_protos_hook(c, protos);
++    num_protos = protos->nelts;
++
++    /* We now have a list of null-terminated strings; we need to concatenate
++     * them together into a single string, where each protocol name is prefixed
++     * by its length.  First, calculate how long that string will be. */
++    size = 0;
++    for (i = 0; i < num_protos; ++i) {
++        const char *string = APR_ARRAY_IDX(protos, i, const char*);
++        unsigned int length = strlen(string);
++        /* If the protocol name is too long (the length must fit in one byte),
++         * then log an error and skip it. */
++        if (length > 255) {
++            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
++                          "SSL NPN protocol name too long (length=%u): %s",
++                          length, string);
++            continue;
++        }
++        /* Leave room for the length prefix (one byte) plus the protocol name
++         * itself. */
++        size += 1 + length;
++    }
++
++    /* If there is nothing to advertise (either because no modules added
++     * anything to the protos array, or because all strings added to the array
++     * were skipped), then we're done. */
++    if (size == 0) {
++        return SSL_TLSEXT_ERR_OK;
++    }
++
++    /* Now we can build the string.  Copy each protocol name string into the
++     * larger string, prefixed by its length. */
++    data = apr_palloc(c->pool, size * sizeof(unsigned char));
++    start = data;
++    for (i = 0; i < num_protos; ++i) {
++        const char *string = APR_ARRAY_IDX(protos, i, const char*);
++        apr_size_t length = strlen(string);
++        *start = (unsigned char)length;
++        ++start;
++        memcpy(start, string, length * sizeof(unsigned char));
++        start += length;
++    }
++
++    /* Success. */
++    *data_out = data;
++    *size_out = size;
++    return SSL_TLSEXT_ERR_OK;
++}
++#endif
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/replace-lynx-to-curl-in-apachectl-script.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/replace-lynx-to-curl-in-apachectl-script.patch
new file mode 100644
index 0000000000..584ddc8d94
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/replace-lynx-to-curl-in-apachectl-script.patch
@@ -0,0 +1,52 @@
+From 760ccbb2fb046621a2aeaecabb2b1ef9aa280cf1 Mon Sep 17 00:00:00 2001
+From: Yulong Pei <Yulong.pei@windriver.com>
+Date: Thu, 1 Sep 2011 01:03:14 +0800
+Subject: [PATCH] replace lynx to curl in apachectl script
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Yulong Pei <Yulong.pei@windriver.com>
+---
+ support/apachectl.in |   14 ++++++++++----
+ 1 files changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/support/apachectl.in b/support/apachectl.in
+index d4dff38..109ea13 100644
+--- a/support/apachectl.in
++++ b/support/apachectl.in
+@@ -51,11 +51,11 @@ fi
+ # a command that outputs a formatted text version of the HTML at the
+ # url given on the command line.  Designed for lynx, however other
+ # programs may work.  
+-LYNX="@LYNX_PATH@ -dump"
++CURL="/usr/bin/curl"
+ #
+ # the URL to your server's mod_status status page.  If you do not
+ # have one, then status and fullstatus will not work.
+-STATUSURL="http://localhost:@PORT@/server-status"
++STATUSURL="http://localhost:@PORT@/"
+ #
+ # Set this variable to a command that increases the maximum
+ # number of file descriptors allowed per child process. This is
+@@ -91,10 +91,16 @@ configtest)
+     ERROR=$?
+     ;;
+ status)
+-    $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
++    $CURL -s $STATUSURL | grep -o "It works!"
++    if [ $? != 0 ] ; then
++        echo The httpd server does not work!
++    fi
+     ;;
+ fullstatus)
+-    $LYNX $STATUSURL
++    $CURL -s $STATUSURL | grep -o "It works!"
++    if [ $? != 0 ] ; then
++        echo The httpd server does not work!
++    fi
+     ;;
+ *)
+     $HTTPD $ARGV
+-- 
+1.6.4
+
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/server-makefile.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/server-makefile.patch
new file mode 100644
index 0000000000..f1349cb6a4
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.3/server-makefile.patch
@@ -0,0 +1,11 @@
+--- http-2.0.54/server/Makefile.in-old	2005-12-20 13:26:56.000000000 -0500
++++ http-2.0.54/server/Makefile.in	2005-12-20 13:27:22.000000000 -0500
+@@ -27,7 +27,7 @@
+ 	$(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS)
+ 
+ test_char.h: gen_test_char
+-	./gen_test_char > test_char.h
++	gen_test_char > test_char.h
+ 
+ util.lo: test_char.h
+ 
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.2.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.2.bb
deleted file mode 100644
index 17482ae0e1..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.2.bb
+++ /dev/null
@@ -1,43 +0,0 @@
-DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \
-extensible web server."
-SUMMARY = "Apache HTTP Server"
-HOMEPAGE = "http://httpd.apache.org/"
-DEPENDS = "expat-native pcre-native apr-native apr-util-native"
-SECTION = "net"
-LICENSE = "Apache-2.0"
-PR = "r0"
-
-inherit native
-
-SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2"
-
-S = "${WORKDIR}/httpd-${PV}"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=eff226ae95d0516d6210ed77dfdf2dcc"
-SRC_URI[md5sum] = "6bb12f726e22656f0ad2baf91f1f8329"
-SRC_URI[sha256sum] = "5382f9c507d3d02706e33d6308ea041f39e8511b5948aef0ca188df8f90159b8"
-
-do_configure () {
-	./configure --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
-		--with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \
-		--prefix=${prefix} --datadir=${datadir}/apache2
-}
-
-do_install () {
-	install -d ${D}${bindir} ${D}${libdir}
-	cp server/gen_test_char ${D}${bindir}
-	install -m 755 support/apxs ${D}${bindir}/
-	install -m 755 httpd ${D}${bindir}/
-	install -d ${D}${datadir}/apache2/build
-	cp build/*.mk ${D}${datadir}/apache2/build
-	cp build/instdso.sh ${D}${datadir}/apache2/build
-
-	install -d ${D}${includedir}/apache2
-	cp include/* ${D}${includedir}/apache2
-	cp os/unix/os.h ${D}${includedir}/apache2
-	cp os/unix/unixd.h ${D}${includedir}/apache2
-
-	cp support/envvars-std ${D}${bindir}/envvars
-	chmod 755 ${D}${bindir}/envvars
-}
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.3.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.3.bb
new file mode 100644
index 0000000000..230510c05e
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.3.bb
@@ -0,0 +1,43 @@
+DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \
+extensible web server."
+SUMMARY = "Apache HTTP Server"
+HOMEPAGE = "http://httpd.apache.org/"
+DEPENDS = "expat-native pcre-native apr-native apr-util-native"
+SECTION = "net"
+LICENSE = "Apache-2.0"
+PR = "r0"
+
+inherit native
+
+SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2"
+
+S = "${WORKDIR}/httpd-${PV}"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=eff226ae95d0516d6210ed77dfdf2dcc"
+SRC_URI[md5sum] = "87aaf7bc7e8715f0455997bb8c6791aa"
+SRC_URI[sha256sum] = "d82102b9c111f1892fb20a2bccf4370de579c6521b2f172ed0b36f2759fb249e"
+
+do_configure () {
+	./configure --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
+		--with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \
+		--prefix=${prefix} --datadir=${datadir}/apache2
+}
+
+do_install () {
+	install -d ${D}${bindir} ${D}${libdir}
+	cp server/gen_test_char ${D}${bindir}
+	install -m 755 support/apxs ${D}${bindir}/
+	install -m 755 httpd ${D}${bindir}/
+	install -d ${D}${datadir}/apache2/build
+	cp build/*.mk ${D}${datadir}/apache2/build
+	cp build/instdso.sh ${D}${datadir}/apache2/build
+
+	install -d ${D}${includedir}/apache2
+	cp include/* ${D}${includedir}/apache2
+	cp os/unix/os.h ${D}${includedir}/apache2
+	cp os/unix/unixd.h ${D}${includedir}/apache2
+
+	cp support/envvars-std ${D}${bindir}/envvars
+	chmod 755 ${D}${bindir}/envvars
+}
+
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.2.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.2.bb
deleted file mode 100644
index af7840d1a5..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.2.bb
+++ /dev/null
@@ -1,144 +0,0 @@
-DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \
-extensible web server."
-SUMMARY = "Apache HTTP Server"
-HOMEPAGE = "http://httpd.apache.org/"
-DEPENDS = "libtool-native apache2-native openssl expat pcre apr apr-util"
-SECTION = "net"
-LICENSE = "Apache-2.0"
-PR = "r3"
-
-SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
-           file://server-makefile.patch \
-           file://httpd-2.4.1-corelimit.patch \
-           file://httpd-2.4.1-export.patch \
-           file://httpd-2.4.1-selinux.patch \
-           file://httpd-2.4.2-r1326980+.patch \
-           file://httpd-2.4.2-r1327036+.patch \
-           file://httpd-2.4.2-r1332643.patch \
-           file://httpd-2.4.2-r1337344+.patch \
-           file://httpd-2.4.2-restart.patch \
-           file://apache-configure_perlbin.patch \
-           file://replace-lynx-to-curl-in-apachectl-script.patch \
-           file://apache-ssl-ltmain-rpath.patch \
-           file://init"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=eff226ae95d0516d6210ed77dfdf2dcc"
-SRC_URI[md5sum] = "6bb12f726e22656f0ad2baf91f1f8329"
-SRC_URI[sha256sum] = "5382f9c507d3d02706e33d6308ea041f39e8511b5948aef0ca188df8f90159b8"
-
-S = "${WORKDIR}/httpd-${PV}"
-
-inherit autotools update-rc.d
-
-CFLAGS_append = " -DPATH_MAX=4096"
-CFLAGS_prepend = "-I${STAGING_INCDIR}/openssl "
-EXTRA_OECONF = "--enable-ssl \
-		--with-ssl=${STAGING_LIBDIR}/.. \
-		--with-expat=${STAGING_LIBDIR}/.. \
-		--with-apr=${WORKDIR}/apr-1-config \
-		--with-apr-util=${WORKDIR}/apu-1-config \
-		--enable-info \
-		--enable-rewrite \
-		--with-dbm=sdbm \
-		--with-berkeley-db=no \
-		--localstatedir=/var/${PN} \
-		--with-gdbm=no \
-		--with-ndbm=no \
-		--includedir=${includedir}/${PN} \
-		--datadir=${datadir}/${PN} \
-		--sysconfdir=${sysconfdir}/${PN} \
-                --libexecdir=${libdir}/${PN}/modules \
-		ap_cv_void_ptr_lt_long=no \
-		--enable-mpms-shared \
-		ac_cv_have_threadsafe_pollset=no"
-
-do_configure_prepend() {
-	# FIXME: this hack is required to work around an issue with apr/apr-util
-	# Can be removed when fixed in OE-Core (also revert --with-* options above)
-	# see http://bugzilla.yoctoproject.org/show_bug.cgi?id=3267
-	cp ${STAGING_BINDIR_CROSS}/apr-1-config ${STAGING_BINDIR_CROSS}/apu-1-config ${WORKDIR}
-	sed -i -e 's:location=source:location=installed:' ${WORKDIR}/apr-1-config
-	sed -i -e 's:location=source:location=installed:' ${WORKDIR}/apu-1-config
-}
-
-do_install_append() {
-	install -d ${D}/${sysconfdir}/init.d
-	cat ${WORKDIR}/init | \
-		sed -e 's,/usr/sbin/,${sbindir}/,g' \
-		    -e 's,/usr/bin/,${bindir}/,g' \
-		    -e 's,/usr/lib,${libdir}/,g' \
-		    -e 's,/etc/,${sysconfdir}/,g' \
-		    -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${PN}
-	chmod 755 ${D}/${sysconfdir}/init.d/${PN}
-	# remove the goofy original files...
-	rm -rf ${D}/${sysconfdir}/${PN}/original
-	# Expat should be found in the staging area via DEPENDS...
-	rm -f ${D}/${libdir}/libexpat.*
-
-	install -d ${D}${sysconfdir}/${PN}/conf.d
-	install -d ${D}${sysconfdir}/${PN}/modules.d
-
-	# Ensure configuration file pulls in conf.d and modules.d
-	printf "\nIncludeOptional ${sysconfdir}/${PN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${PN}/httpd.conf
-	printf "\nIncludeOptional ${sysconfdir}/${PN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${PN}/httpd.conf
-}
-
-SYSROOT_PREPROCESS_FUNCS += "apache_sysroot_preprocess"
-
-apache_sysroot_preprocess () {
-	install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/
-	install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}/
-	sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${PN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs
-	sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${TARGET_PREFIX}libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs
-
-	sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${PN}/build/config_vars.mk
-	sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${PN}/build/config_vars.mk
-	sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${PN}/build/config_vars.mk
-}
-
-#
-# implications - used by update-rc.d scripts
-#
-INITSCRIPT_NAME = "apache2"
-INITSCRIPT_PARAMS = "defaults 91 20"
-LEAD_SONAME = "libapr-1.so.0"
-
-PACKAGES = "${PN}-doc ${PN}-dev ${PN}-dbg ${PN}"
-
-CONFFILES_${PN} = "${sysconfdir}/${PN}/httpd.conf \
-		   ${sysconfdir}/${PN}/magic \
-		   ${sysconfdir}/${PN}/mime.types \
-		   ${sysconfdir}/init.d/${PN} "
-
-# we override here rather than append so that .so links are
-# included in the runtime package rather than here (-dev)
-# and to get build, icons, error into the -dev package
-FILES_${PN}-dev = "${datadir}/${PN}/build \
-		${datadir}/${PN}/icons \
-		${datadir}/${PN}/error \
-		${bindir}/apr-config ${bindir}/apu-config \
-		${libdir}/apr*.exp \
-		${includedir}/${PN} \
-		${libdir}/*.la \
-		${libdir}/*.a"
-
-# manual to manual
-FILES_${PN}-doc += " ${datadir}/${PN}/manual"
-
-#
-# override this too - here is the default, less datadir
-#
-FILES_${PN} =  "${bindir} ${sbindir} ${libexecdir} ${libdir}/lib*.so.* ${sysconfdir} \
-		${sharedstatedir} ${localstatedir} /bin /sbin /lib/*.so* \
-		${libdir}/${PN}"
-
-# we want htdocs and cgi-bin to go with the binary
-FILES_${PN} += "${datadir}/${PN}/htdocs ${datadir}/${PN}/cgi-bin"
-
-#make sure the lone .so links also get wrapped in the base package
-FILES_${PN} += "${libdir}/lib*.so ${libdir}/pkgconfig/*"
-
-FILES_${PN}-dbg += "${libdir}/${PN}/modules/.debug"
-
-RDEPENDS_${PN} += "openssl libgcc"
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.3.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.3.bb
new file mode 100644
index 0000000000..9179bcacb1
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.3.bb
@@ -0,0 +1,140 @@
+DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \
+extensible web server."
+SUMMARY = "Apache HTTP Server"
+HOMEPAGE = "http://httpd.apache.org/"
+DEPENDS = "libtool-native apache2-native openssl expat pcre apr apr-util"
+SECTION = "net"
+LICENSE = "Apache-2.0"
+PR = "r0"
+
+SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
+           file://server-makefile.patch \
+           file://httpd-2.4.1-corelimit.patch \
+           file://httpd-2.4.1-export.patch \
+           file://httpd-2.4.1-selinux.patch \
+           file://httpd-2.4.2-r1332643.patch \
+           file://apache-configure_perlbin.patch \
+           file://replace-lynx-to-curl-in-apachectl-script.patch \
+           file://apache-ssl-ltmain-rpath.patch \
+           file://init"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=eff226ae95d0516d6210ed77dfdf2dcc"
+SRC_URI[md5sum] = "87aaf7bc7e8715f0455997bb8c6791aa"
+SRC_URI[sha256sum] = "d82102b9c111f1892fb20a2bccf4370de579c6521b2f172ed0b36f2759fb249e"
+
+S = "${WORKDIR}/httpd-${PV}"
+
+inherit autotools update-rc.d
+
+CFLAGS_append = " -DPATH_MAX=4096"
+CFLAGS_prepend = "-I${STAGING_INCDIR}/openssl "
+EXTRA_OECONF = "--enable-ssl \
+		--with-ssl=${STAGING_LIBDIR}/.. \
+		--with-expat=${STAGING_LIBDIR}/.. \
+		--with-apr=${WORKDIR}/apr-1-config \
+		--with-apr-util=${WORKDIR}/apu-1-config \
+		--enable-info \
+		--enable-rewrite \
+		--with-dbm=sdbm \
+		--with-berkeley-db=no \
+		--localstatedir=/var/${PN} \
+		--with-gdbm=no \
+		--with-ndbm=no \
+		--includedir=${includedir}/${PN} \
+		--datadir=${datadir}/${PN} \
+		--sysconfdir=${sysconfdir}/${PN} \
+                --libexecdir=${libdir}/${PN}/modules \
+		ap_cv_void_ptr_lt_long=no \
+		--enable-mpms-shared \
+		ac_cv_have_threadsafe_pollset=no"
+
+do_configure_prepend() {
+	# FIXME: this hack is required to work around an issue with apr/apr-util
+	# Can be removed when fixed in OE-Core (also revert --with-* options above)
+	# see http://bugzilla.yoctoproject.org/show_bug.cgi?id=3267
+	cp ${STAGING_BINDIR_CROSS}/apr-1-config ${STAGING_BINDIR_CROSS}/apu-1-config ${WORKDIR}
+	sed -i -e 's:location=source:location=installed:' ${WORKDIR}/apr-1-config
+	sed -i -e 's:location=source:location=installed:' ${WORKDIR}/apu-1-config
+}
+
+do_install_append() {
+	install -d ${D}/${sysconfdir}/init.d
+	cat ${WORKDIR}/init | \
+		sed -e 's,/usr/sbin/,${sbindir}/,g' \
+		    -e 's,/usr/bin/,${bindir}/,g' \
+		    -e 's,/usr/lib,${libdir}/,g' \
+		    -e 's,/etc/,${sysconfdir}/,g' \
+		    -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${PN}
+	chmod 755 ${D}/${sysconfdir}/init.d/${PN}
+	# remove the goofy original files...
+	rm -rf ${D}/${sysconfdir}/${PN}/original
+	# Expat should be found in the staging area via DEPENDS...
+	rm -f ${D}/${libdir}/libexpat.*
+
+	install -d ${D}${sysconfdir}/${PN}/conf.d
+	install -d ${D}${sysconfdir}/${PN}/modules.d
+
+	# Ensure configuration file pulls in conf.d and modules.d
+	printf "\nIncludeOptional ${sysconfdir}/${PN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${PN}/httpd.conf
+	printf "\nIncludeOptional ${sysconfdir}/${PN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${PN}/httpd.conf
+}
+
+SYSROOT_PREPROCESS_FUNCS += "apache_sysroot_preprocess"
+
+apache_sysroot_preprocess () {
+	install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/
+	install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}/
+	sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${PN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs
+	sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${TARGET_PREFIX}libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs
+
+	sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${PN}/build/config_vars.mk
+	sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${PN}/build/config_vars.mk
+	sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${PN}/build/config_vars.mk
+}
+
+#
+# implications - used by update-rc.d scripts
+#
+INITSCRIPT_NAME = "apache2"
+INITSCRIPT_PARAMS = "defaults 91 20"
+LEAD_SONAME = "libapr-1.so.0"
+
+PACKAGES = "${PN}-doc ${PN}-dev ${PN}-dbg ${PN}"
+
+CONFFILES_${PN} = "${sysconfdir}/${PN}/httpd.conf \
+		   ${sysconfdir}/${PN}/magic \
+		   ${sysconfdir}/${PN}/mime.types \
+		   ${sysconfdir}/init.d/${PN} "
+
+# we override here rather than append so that .so links are
+# included in the runtime package rather than here (-dev)
+# and to get build, icons, error into the -dev package
+FILES_${PN}-dev = "${datadir}/${PN}/build \
+		${datadir}/${PN}/icons \
+		${datadir}/${PN}/error \
+		${bindir}/apr-config ${bindir}/apu-config \
+		${libdir}/apr*.exp \
+		${includedir}/${PN} \
+		${libdir}/*.la \
+		${libdir}/*.a"
+
+# manual to manual
+FILES_${PN}-doc += " ${datadir}/${PN}/manual"
+
+#
+# override this too - here is the default, less datadir
+#
+FILES_${PN} =  "${bindir} ${sbindir} ${libexecdir} ${libdir}/lib*.so.* ${sysconfdir} \
+		${sharedstatedir} ${localstatedir} /bin /sbin /lib/*.so* \
+		${libdir}/${PN}"
+
+# we want htdocs and cgi-bin to go with the binary
+FILES_${PN} += "${datadir}/${PN}/htdocs ${datadir}/${PN}/cgi-bin"
+
+#make sure the lone .so links also get wrapped in the base package
+FILES_${PN} += "${libdir}/lib*.so ${libdir}/pkgconfig/*"
+
+FILES_${PN}-dbg += "${libdir}/${PN}/modules/.debug"
+
+RDEPENDS_${PN} += "openssl libgcc"
+
-- 
cgit 1.2.3-korg