From: Marcin Krol Date: Wed, 13 Aug 2025 11:47:27 +0000 (+0200) Subject: - updated to 2.4.65 X-Git-Url: https://git.tld-linux.org/?a=commitdiff_plain;h=9d96d97fe15401c80c7bc2bf96d83d644e8df79a;p=packages%2Fapache.git - updated to 2.4.65 --- diff --git a/apache-v6only-ENOPROTOOPT.patch b/apache-v6only-ENOPROTOOPT.patch index ba6da25..418d6ca 100644 --- a/apache-v6only-ENOPROTOOPT.patch +++ b/apache-v6only-ENOPROTOOPT.patch @@ -1,12 +1,12 @@ ---- httpd-2.0.48/server/listen.c.orig Mon Mar 31 06:30:52 2003 -+++ httpd-2.0.48/server/listen.c Wed Mar 3 12:05:09 2004 -@@ -76,7 +76,7 @@ +diff -ruNp httpd-2.4.64.orig/server/listen.c httpd-2.4.64/server/listen.c +--- httpd-2.4.64.orig/server/listen.c 2025-06-04 11:41:25.000000000 +0200 ++++ httpd-2.4.64/server/listen.c 2025-07-10 20:14:55.139703494 +0200 +@@ -163,7 +163,7 @@ static apr_status_t make_sock(apr_pool_t #if APR_HAVE_IPV6 - if (server->bind_addr->family == APR_INET6) { - stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); -- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { -+ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL && stat != ENOPROTOOPT) { - ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069) - "make_sock: for address %pI, apr_socket_opt_set: " - "(IPV6_V6ONLY)", - + if (server->bind_addr->family == APR_INET6) { + stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); +- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { ++ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL && stat != ENOPROTOOPT) { + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069) + "make_sock: for address %pI, apr_socket_opt_set: " + "(IPV6_V6ONLY)", diff --git a/apache.spec b/apache.spec index 430f3b7..7ac2f0b 100644 --- a/apache.spec +++ b/apache.spec @@ -34,12 +34,12 @@ Summary(pt_BR.UTF-8): Servidor HTTPD para prover serviços WWW Summary(ru.UTF-8): Самый популярный веб-сервер Summary(tr.UTF-8): Lider WWW tarayıcı Name: apache -Version: 2.4.63 +Version: 2.4.65 Release: 1 License: Apache v2.0 Group: Networking/Daemons/HTTP Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 -# Source0-md5: 8b5ee2a61d569a3eacec5778e7f20e13 +# Source0-md5: 7274bb6fa215925fd697451a0f133483 Source1: %{name}.init Source2: %{name}.logrotate Source3: %{name}.sysconfig @@ -87,9 +87,6 @@ Patch20: %{name}-apxs.patch # Relaxed version of suexec. If called as suexec.fcgi don't check uid/gid against file owner. # Required by our patched mod_fcgid to run php as fcgi via suexec. Patch23: %{name}-suexec_fcgi.patch -# http://scripts.mit.edu/trac/browser/trunk/server/common/patches/httpd-2.2.x-mod_ssl-sessioncaching.patch?rev=1348 -Patch25: httpd-2.2.x-mod_ssl-sessioncaching.patch -Patch26: %{name}-mod_vhost_alias_docroot.patch Patch29: libtool-tag.patch URL: http://httpd.apache.org/ BuildRequires: apr-devel >= %{apr_ver} @@ -112,7 +109,7 @@ BuildRequires: pkgconfig BuildRequires: rpm >= 4.4.9-56 BuildRequires: rpm-build >= 4.4.0 BuildRequires: rpm-perlprov >= 4.1-13 -BuildRequires: rpmbuild(macros) >= 1.647 +BuildRequires: rpmbuild(macros) >= 2.043 BuildRequires: sed >= 4.0 BuildRequires: zlib-devel Requires: %{name}-errordocs = %{version}-%{release} @@ -2667,28 +2664,24 @@ Dwa programy testowe/przykładowe cgi: test-cgi and print-env. %prep %setup -q -n httpd-%{version} -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 +%patch -P0 -p1 +%patch -P1 -p1 +%patch -P2 -p1 +%patch -P3 -p1 +%patch -P4 -p1 -%patch7 -p1 +%patch -P7 -p1 -%patch10 -p1 +%patch -P10 -p1 -%patch14 -p1 -%patch15 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch23 -p1 +%patch -P14 -p1 +%patch -P15 -p1 +%patch -P18 -p1 +%patch -P19 -p1 +%patch -P20 -p1 +%patch -P23 -p1 -# ? -#%patch25 -p1 -# ? -#%patch26 -p1 -%patch29 -p1 +%patch -P29 -p1 # sanity check MODULES_API=`awk '/#define MODULE_MAGIC_NUMBER_MAJOR/ {print $3}' include/ap_mmn.h` @@ -2720,7 +2713,8 @@ cd ../.. CPPFLAGS="-DMAX_SERVER_LIMIT=200000 -DBIG_SECURITY_HOLE=1" install -d build; cd build -../%configure \ +%define configuredir .. +%configure \ --enable-layout=TLD \ --disable-systemd \ --disable-v4-mapped \ diff --git a/httpd-2.2.x-mod_ssl-sessioncaching.patch b/httpd-2.2.x-mod_ssl-sessioncaching.patch deleted file mode 100644 index f0ee0a3..0000000 --- a/httpd-2.2.x-mod_ssl-sessioncaching.patch +++ /dev/null @@ -1,176 +0,0 @@ -Index: httpd-2.2.x/modules/ssl/ssl_private.h -=================================================================== ---- httpd-2.2.x/modules/ssl/ssl_private.h (revision 833672) -+++ httpd-2.2.x/modules/ssl/ssl_private.h (working copy) -@@ -395,6 +395,9 @@ typedef struct { - #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) - const char *szCryptoDevice; - #endif -+#ifndef OPENSSL_NO_TLSEXT -+ ssl_enabled_t session_tickets_enabled; -+#endif - struct { - void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10; - } rCtx; -@@ -545,6 +548,7 @@ const char *ssl_cmd_SSLRequire(cmd_parm - const char *ssl_cmd_SSLRenegBufferSize(cmd_parms *cmd, void *dcfg, const char *arg); - const char *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag); - const char *ssl_cmd_SSLInsecureRenegotiation(cmd_parms *cmd, void *dcfg, int flag); -+const char *ssl_cmd_SSLSessionTicketExtension(cmd_parms *cmd, void *cdfg, int flag); - - const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag); - const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *); -Index: httpd-2.2.x/modules/ssl/ssl_engine_init.c -=================================================================== ---- httpd-2.2.x/modules/ssl/ssl_engine_init.c (revision 833672) -+++ httpd-2.2.x/modules/ssl/ssl_engine_init.c (working copy) -@@ -382,6 +382,15 @@ static void ssl_init_ctx_tls_extensions( - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); - } -+ -+ /* -+ * Session tickets (stateless resumption) -+ */ -+ if ((myModConfig(s))->session_tickets_enabled == SSL_ENABLED_FALSE) { -+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, -+ "Disabling TLS session ticket support"); -+ SSL_CTX_set_options(mctx->ssl_ctx, SSL_OP_NO_TICKET); -+ } - } - #endif - -@@ -1018,6 +1027,11 @@ void ssl_init_CheckServers(server_rec *b - - BOOL conflict = FALSE; - -+#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER < 0x009080d0 -+ unsigned char *tlsext_tick_keys = NULL; -+ long tick_keys_len; -+#endif -+ - /* - * Give out warnings when a server has HTTPS configured - * for the HTTP port or vice versa -@@ -1042,6 +1056,25 @@ void ssl_init_CheckServers(server_rec *b - ssl_util_vhostid(p, s), - DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT); - } -+ -+#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER < 0x009080d0 -+ /* -+ * When using OpenSSL versions 0.9.8f through 0.9.8l, configure -+ * the same ticket encryption parameters for every SSL_CTX (workaround -+ * for SNI+SessionTicket extension interoperability issue in these versions) -+ */ -+ if ((sc->enabled == SSL_ENABLED_TRUE) || -+ (sc->enabled == SSL_ENABLED_OPTIONAL)) { -+ if (!tlsext_tick_keys) { -+ tick_keys_len = SSL_CTX_ctrl((sc->server->ssl_ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS, -+ (-1),(NULL)); -+ tlsext_tick_keys = (unsigned char *)apr_palloc(p, tick_keys_len); -+ RAND_bytes(tlsext_tick_keys, tick_keys_len); -+ } -+ SSL_CTX_ctrl((sc->server->ssl_ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS, -+ (tick_keys_len),(tlsext_tick_keys)); -+ } -+#endif - } - - /* -Index: httpd-2.2.x/modules/ssl/ssl_engine_config.c -=================================================================== ---- httpd-2.2.x/modules/ssl/ssl_engine_config.c (revision 833672) -+++ httpd-2.2.x/modules/ssl/ssl_engine_config.c (working copy) -@@ -75,6 +75,9 @@ SSLModConfigRec *ssl_config_global_creat - #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) - mc->szCryptoDevice = NULL; - #endif -+#ifndef OPENSSL_NO_TLSEXT -+ mc->session_tickets_enabled = SSL_ENABLED_UNSET; -+#endif - - memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys)); - -@@ -1471,6 +1474,26 @@ const char *ssl_cmd_SSLStrictSNIVHostCh - #endif - } - -+const char *ssl_cmd_SSLSessionTicketExtension(cmd_parms *cmd, void *dcfg, int flag) -+{ -+#ifndef OPENSSL_NO_TLSEXT -+ const char *err; -+ SSLModConfigRec *mc = myModConfig(cmd->server); -+ -+ if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { -+ return err; -+ } -+ -+ mc->session_tickets_enabled = flag ? SSL_ENABLED_TRUE : SSL_ENABLED_FALSE; -+ -+ return NULL; -+#else -+ return "SSLSessionTicketExtension failed; OpenSSL is not built with support " -+ "for TLS extensions. Refer to the documentation, and build " -+ "a compatible version of OpenSSL."; -+#endif -+} -+ - void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s) - { - if (!ap_exists_config_define("DUMP_CERTS")) { -Index: httpd-2.2.x/modules/ssl/ssl_engine_kernel.c -=================================================================== ---- httpd-2.2.x/modules/ssl/ssl_engine_kernel.c (revision 833672) -+++ httpd-2.2.x/modules/ssl/ssl_engine_kernel.c (working copy) -@@ -29,6 +29,7 @@ - time I was too famous.'' - -- Unknown */ - #include "ssl_private.h" -+#include "util_md5.h" - - static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); - #ifndef OPENSSL_NO_TLSEXT -@@ -2010,6 +2011,7 @@ static int ssl_find_vhost(void *serverna - apr_array_header_t *names; - int i; - SSLConnRec *sslcon; -+ char *sid_ctx; - - /* check ServerName */ - if (!strcasecmp(servername, s->server_hostname)) { -@@ -2074,6 +2076,21 @@ static int ssl_find_vhost(void *serverna - SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx), - SSL_CTX_get_verify_callback(ssl->ctx)); - } -+ /* -+ * Adjust the session id context. ssl_init_ssl_connection() -+ * always picks the configuration of the first vhost when -+ * calling SSL_new(), but we want to tie the session to the -+ * vhost we have just switched to. Again, we have to make sure -+ * that we're not overwriting a session id context which was -+ * possibly set in ssl_hook_Access(), before triggering -+ * a renegotation. -+ */ -+ if (!SSL_num_renegotiations(ssl)) { -+ sid_ctx = ap_md5_binary(c->pool, (unsigned char*)sc->vhost_id, -+ sc->vhost_id_len); -+ SSL_set_session_id_context(ssl, (unsigned char *)sid_ctx, -+ APR_MD5_DIGESTSIZE*2); -+ } - - /* - * Save the found server into our SSLConnRec for later -Index: httpd-2.2.x/modules/ssl/mod_ssl.c -=================================================================== ---- httpd-2.2.x/modules/ssl/mod_ssl.c (revision 833672) -+++ httpd-2.2.x/modules/ssl/mod_ssl.c (working copy) -@@ -92,6 +92,8 @@ static const command_rec ssl_config_cmds - SSL_CMD_SRV(RandomSeed, TAKE23, - "SSL Pseudo Random Number Generator (PRNG) seeding source " - "(`startup|connect builtin|file:/path|exec:/path [bytes]')") -+ SSL_CMD_SRV(SessionTicketExtension, FLAG, -+ "TLS Session Ticket extension support") - - /* - * Per-server context configuration directives