From 03fa0e1eac0d3851c5ae1ab08a02cc3a5ee4eb69 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bartosz=20=C5=9Awi=C4=85tek?= Date: Sun, 12 Feb 2012 22:36:47 +0100 Subject: [PATCH 1/1] - shit happens, systemd happend to plds apache --- apache-apr.patch | 12 + apache-apxs.patch | 62 + apache-branding.patch | 11 + apache-bug-48094.patch | 122 + apache-common.conf | 57 + apache-conffile-path.patch | 15 + apache-configdir_skip_backups.patch | 26 + apache-example.net.conf | 24 + apache-httpd.conf | 113 + apache-languages.conf | 139 ++ apache-layout.patch | 32 + apache-manual.conf | 27 + apache-mod_authz_host.conf | 12 + apache-mod_autoindex.conf | 99 + apache-mod_cache.conf | 38 + apache-mod_cgid.conf | 10 + apache-mod_dav.conf | 55 + apache-mod_deflate.conf | 35 + apache-mod_dir.conf | 9 + apache-mod_info.conf | 22 + apache-mod_log_config.conf | 31 + apache-mod_mime.conf | 56 + apache-mod_mime_magic.conf | 10 + apache-mod_proxy.conf | 37 + apache-mod_ssl.conf | 228 ++ apache-mod_status.conf | 30 + apache-mod_suexec.conf | 2 + apache-mod_userdir.conf | 36 + apache-mod_vhost_alias.conf | 15 + apache-mod_vhost_alias_docroot.patch | 100 + apache-mpm-itk.patch | 2041 ++++++++++++++++ apache-mpm.conf | 52 + apache-multilang-errordoc.conf | 51 + apache-paths.patch | 8 + apache-server.crt | 17 + apache-server.key | 18 + apache-suexec.patch | 11 + apache-suexec_fcgi.patch | 105 + apache-syslibs.patch | 23 + apache-v6only-ENOPROTOOPT.patch | 11 + apache.init | 168 ++ apache.logrotate | 14 + apache.spec | 2777 ++++++++++++++++++++++ apache.sysconfig | 23 + apache.tmpfiles | 1 + httpd-2.0.40-xfsz.patch | 15 + httpd-2.0.45-encode.patch | 34 + httpd-2.0.46-dav401dest.patch | 18 + httpd-2.0.46-sslmutex.patch | 14 + httpd-2.0.48-corelimit.patch | 32 + httpd-2.0.48-debuglog.patch | 25 + httpd-2.2.x-mod_ssl-sessioncaching.patch | 176 ++ libtool-tag.patch | 36 + 53 files changed, 7135 insertions(+) create mode 100644 apache-apr.patch create mode 100644 apache-apxs.patch create mode 100644 apache-branding.patch create mode 100644 apache-bug-48094.patch create mode 100644 apache-common.conf create mode 100644 apache-conffile-path.patch create mode 100644 apache-configdir_skip_backups.patch create mode 100644 apache-example.net.conf create mode 100644 apache-httpd.conf create mode 100644 apache-languages.conf create mode 100644 apache-layout.patch create mode 100644 apache-manual.conf create mode 100644 apache-mod_authz_host.conf create mode 100644 apache-mod_autoindex.conf create mode 100644 apache-mod_cache.conf create mode 100644 apache-mod_cgid.conf create mode 100644 apache-mod_dav.conf create mode 100644 apache-mod_deflate.conf create mode 100644 apache-mod_dir.conf create mode 100644 apache-mod_info.conf create mode 100644 apache-mod_log_config.conf create mode 100644 apache-mod_mime.conf create mode 100644 apache-mod_mime_magic.conf create mode 100644 apache-mod_proxy.conf create mode 100644 apache-mod_ssl.conf create mode 100644 apache-mod_status.conf create mode 100644 apache-mod_suexec.conf create mode 100644 apache-mod_userdir.conf create mode 100644 apache-mod_vhost_alias.conf create mode 100644 apache-mod_vhost_alias_docroot.patch create mode 100644 apache-mpm-itk.patch create mode 100644 apache-mpm.conf create mode 100644 apache-multilang-errordoc.conf create mode 100644 apache-paths.patch create mode 100644 apache-server.crt create mode 100644 apache-server.key create mode 100644 apache-suexec.patch create mode 100644 apache-suexec_fcgi.patch create mode 100644 apache-syslibs.patch create mode 100644 apache-v6only-ENOPROTOOPT.patch create mode 100755 apache.init create mode 100644 apache.logrotate create mode 100644 apache.spec create mode 100644 apache.sysconfig create mode 100644 apache.tmpfiles create mode 100644 httpd-2.0.40-xfsz.patch create mode 100644 httpd-2.0.45-encode.patch create mode 100644 httpd-2.0.46-dav401dest.patch create mode 100644 httpd-2.0.46-sslmutex.patch create mode 100644 httpd-2.0.48-corelimit.patch create mode 100644 httpd-2.0.48-debuglog.patch create mode 100644 httpd-2.2.x-mod_ssl-sessioncaching.patch create mode 100644 libtool-tag.patch diff --git a/apache-apr.patch b/apache-apr.patch new file mode 100644 index 0000000..4fa5132 --- /dev/null +++ b/apache-apr.patch @@ -0,0 +1,12 @@ +diff -urN httpd-2.0.47.org/configure.in httpd-2.0.47/configure.in +--- httpd-2.0.47.org/configure.in 2003-09-13 14:18:35.000000000 +0200 ++++ httpd-2.0.47/configure.in 2003-09-13 14:18:50.000000000 +0200 +@@ -76,8 +76,6 @@ + AP_CLEAN_SRCLIB_DIRS="$AP_CLEAN_SRCLIB_DIRS apr" + fi + +-APR_SETIFNULL(CC, `$apr_config --cc`) +-APR_SETIFNULL(CPP, `$apr_config --cpp`) + APR_ADDTO(CFLAGS, `$apr_config --cflags`) + APR_ADDTO(CPPFLAGS, `$apr_config --cppflags`) + APR_ADDTO(LDFLAGS, `$apr_config --ldflags`) diff --git a/apache-apxs.patch b/apache-apxs.patch new file mode 100644 index 0000000..7ee05ad --- /dev/null +++ b/apache-apxs.patch @@ -0,0 +1,62 @@ +--- httpd-2.2.3/support/apxs.in-orig 2006-11-01 00:59:27.000000000 +0100 ++++ httpd-2.2.3/support/apxs.in 2006-11-01 00:59:54.000000000 +0100 +@@ -35,6 +35,7 @@ + my $exec_prefix = get_vars("exec_prefix"); + my $datadir = get_vars("datadir"); + my $localstatedir = get_vars("localstatedir"); ++my $libdir = get_vars("libdir"); + my $CFG_TARGET = get_vars("progname"); + my $CFG_SYSCONFDIR = get_vars("sysconfdir"); + my $CFG_CFLAGS = join ' ', map { get_vars($_) } +@@ -44,6 +45,7 @@ + my $CFG_CC = get_vars("CC"); + my $libexecdir = get_vars("libexecdir"); + my $CFG_LIBEXECDIR = eval qq("$libexecdir"); ++my $CFG_DESTDIR = ''; + my $sbindir = get_vars("sbindir"); + my $CFG_SBINDIR = eval qq("$sbindir"); + my $ltflags = $ENV{'LTFLAGS'}; +@@ -171,7 +173,7 @@ + my ($val) = $2; + my $oldval = eval "\$CFG_$var"; + +- unless ($var and $oldval) { ++ unless ($var and defined $oldval) { + print STDERR "apxs:Error: no config variable $var\n"; + &usage; + } +@@ -199,11 +201,10 @@ + ($httpd = $0) =~ s:support/apxs$::; + } + +-unless (-x "$httpd") { +- error("$httpd not found or not executable"); +- exit 1; ++if (not -x "$httpd") { ++ print STDERR "Note: $httpd not found or not executable.\n"; + } +- ++else { + unless (grep /mod_so/, `. $envvars && $httpd -l`) { + error("Sorry, no shared object support for Apache"); + error("available under your platform. Make sure"); +@@ -211,7 +212,7 @@ + error("your server binary `$httpd'."); + exit 1; + } +- ++} + sub get_config_vars{ + my ($file, $rh_config) = @_; + +@@ -479,8 +480,8 @@ + $t =~ s|\.[^./\\]+$|\.so|; + if ($opt_i) { + push(@cmds, "$installbuilddir/instdso.sh SH_LIBTOOL='" . +- "$libtool' $f $CFG_LIBEXECDIR"); +- push(@cmds, "chmod 755 $CFG_LIBEXECDIR/$t"); ++ "$libtool' $f $CFG_DESTDIR$CFG_LIBEXECDIR"); ++ push(@cmds, "chmod 755 $CFG_DESTDIR$CFG_LIBEXECDIR/$t"); + } + + # determine module symbolname and filename diff --git a/apache-branding.patch b/apache-branding.patch new file mode 100644 index 0000000..e198b13 --- /dev/null +++ b/apache-branding.patch @@ -0,0 +1,11 @@ +--- httpd-2.2.4/server/core.c~ 2007-04-09 12:44:44.498312561 +0300 ++++ httpd-2.2.4/server/core.c 2007-04-09 13:51:55.259792868 +0300 +@@ -2733,7 +2733,7 @@ + AP_DECLARE(const char *) ap_get_server_description(void) + { + return server_description ? server_description : +- AP_SERVER_BASEVERSION " (" PLATFORM ")"; ++ AP_SERVER_BASEVERSION " (PLD/Linux)"; + } + + AP_DECLARE(const char *) ap_get_server_banner(void) diff --git a/apache-bug-48094.patch b/apache-bug-48094.patch new file mode 100644 index 0000000..48360c1 --- /dev/null +++ b/apache-bug-48094.patch @@ -0,0 +1,122 @@ +--- httpd-2.2.14-v/server/mpm/worker/worker.c 2007-07-18 00:48:25.000000000 +1000 ++++ httpd-2.2.14/server/mpm/worker/worker.c 2009-11-02 09:40:23.129750043 +1100 +@@ -32,6 +32,7 @@ + #include "apr_poll.h" + #define APR_WANT_STRFUNC + #include "apr_want.h" ++#include "apr_atomic.h" + + #if APR_HAVE_UNISTD_H + #include +@@ -226,10 +227,73 @@ + */ + #define WORKER_SIGNAL AP_SIG_GRACEFUL + ++#ifdef HAVE_PTHREAD_KILL ++/* Variables for suspending the worker threads. */ ++static volatile sig_atomic_t suspend_workers = 0; ++static apr_uint32_t suspended_workers; ++static apr_os_thread_t **worker_os_threads; ++#endif ++ + /* An array of socket descriptors in use by each thread used to + * perform a non-graceful (forced) shutdown of the server. */ + static apr_socket_t **worker_sockets; + ++#ifdef HAVE_PTHREAD_KILL ++static void worker_signal_handler(int sig) ++{ ++ /* wait here if we are being suspended, otherwise just exit */ ++ if (suspend_workers) { ++ sigset_t sigset; ++ ++ apr_atomic_inc32(&suspended_workers); ++ ++ sigfillset(&sigset); ++ sigdelset(&sigset, WORKER_SIGNAL); ++ sigsuspend(&sigset); ++ } ++} ++ ++static void close_worker_sockets(void) ++{ ++ int i, csd; ++ ++ suspend_workers = 1; ++ apr_atomic_set32(&suspended_workers, 0); ++ ++ /* suspend worker threads */ ++ for (i = 0; i < ap_threads_per_child; i++) { ++ if (worker_os_threads[i]) { ++ pthread_kill(*worker_os_threads[i], WORKER_SIGNAL); ++ } ++ } ++ ++ /* wait for threads to suspend, but press ahead after a while anyway */ ++ for (i = 0; ++ apr_atomic_read32(&suspended_workers) < ap_threads_per_child && i < 25; ++ i++) { ++ apr_sleep(apr_time_from_sec(1) / 5); ++ } ++ ++ /* shut down all client sockets */ ++ for (i = 0; i < ap_threads_per_child; i++) { ++ if (worker_sockets[i]) { ++ apr_os_sock_get(&csd, worker_sockets[i]); ++ if (csd != -1) { ++ shutdown(csd, SHUT_RDWR); ++ } ++ } ++ } ++ ++ suspend_workers = 0; ++ ++ /* resume worker threads */ ++ for (i = 0; i < ap_threads_per_child; i++) { ++ if (worker_os_threads[i]) { ++ pthread_kill(*worker_os_threads[i], WORKER_SIGNAL); ++ } ++ } ++} ++#else + static void close_worker_sockets(void) + { + int i; +@@ -240,6 +304,7 @@ + } + } + } ++#endif + + static void wakeup_listener(void) + { +@@ -836,7 +901,7 @@ + + #ifdef HAVE_PTHREAD_KILL + unblock_signal(WORKER_SIGNAL); +- apr_signal(WORKER_SIGNAL, dummy_signal_handler); ++ apr_signal(WORKER_SIGNAL, worker_signal_handler); + #endif + + while (!workers_may_exit) { +@@ -977,6 +1042,10 @@ + + worker_sockets = apr_pcalloc(pchild, ap_threads_per_child + * sizeof(apr_socket_t *)); ++#ifdef HAVE_PTHREAD_KILL ++ worker_os_threads = apr_pcalloc(pchild, ap_threads_per_child ++ * sizeof(*worker_os_threads)); ++#endif + + loops = prev_threads_created = 0; + while (1) { +@@ -1012,6 +1081,9 @@ + /* let the parent decide how bad this really is */ + clean_child_exit(APEXIT_CHILDSICK); + } ++#ifdef HAVE_PTHREAD_KILL ++ apr_os_thread_get(&worker_os_threads[i], threads[i]); ++#endif + threads_created++; + } + /* Start the listener only when there are workers available */ diff --git a/apache-common.conf b/apache-common.conf new file mode 100644 index 0000000..05686e9 --- /dev/null +++ b/apache-common.conf @@ -0,0 +1,57 @@ + +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/home/services/httpd/html" + +# Each directory to which Apache has access can be configured with respect +# to which services and features are allowed and/or disabled in that +# directory (and its subdirectories). +# +# First, we configure the "default" to be a very restrictive set of +# features. +# + + Options FollowSymLinks + AllowOverride None + + Order deny,allow + Deny from all + + + +# +# This should be changed to whatever you set DocumentRoot to. +# + + # + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.2/mod/core.html#options + # for more information. + # + Options Indexes FollowSymLinks + + # + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # Options FileInfo AuthConfig Limit + # + AllowOverride None + + # + # Controls who can get stuff from this server. + # + + Order allow,deny + Allow from all + + + diff --git a/apache-conffile-path.patch b/apache-conffile-path.patch new file mode 100644 index 0000000..9fa0d31 --- /dev/null +++ b/apache-conffile-path.patch @@ -0,0 +1,15 @@ +diff -ur httpd-2.0.49-orig/configure.in httpd-2.0.49/configure.in +--- httpd-2.0.49-orig/configure.in 2004-04-02 15:04:49.000000000 -0700 ++++ httpd-2.0.49/configure.in 2004-04-02 15:07:26.319486516 -0700 +@@ -541,9 +541,9 @@ + APR_EXPAND_VAR(ap_prefix, $prefix) + AC_DEFINE_UNQUOTED(HTTPD_ROOT, "${ap_prefix}", + [Root directory of the Apache install area]) +-AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf", ++AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${exp_sysconfdir}/apache.conf", + [Location of the config file, relative to the Apache root directory]) +-AC_DEFINE_UNQUOTED(AP_TYPES_CONFIG_FILE, "${rel_sysconfdir}/mime.types", ++AC_DEFINE_UNQUOTED(AP_TYPES_CONFIG_FILE, "${exp_sysconfdir}/mime.types", + [Location of the MIME types config file, relative to the Apache root directory]) + AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR", + [Location of the source for the current MPM]) diff --git a/apache-configdir_skip_backups.patch b/apache-configdir_skip_backups.patch new file mode 100644 index 0000000..a0ff92e --- /dev/null +++ b/apache-configdir_skip_backups.patch @@ -0,0 +1,26 @@ +diff -ur httpd-2.2.0.org/server/config.c httpd-2.2.0/server/config.c +--- httpd-2.2.0.org/server/config.c 2005-11-17 14:39:15.000000000 +0100 ++++ httpd-2.2.0/server/config.c 2005-12-21 16:04:35.970963000 +0100 +@@ -1537,6 +1537,7 @@ + apr_dir_t *dirp; + apr_finfo_t dirent; + int current; ++ size_t slen; + apr_array_header_t *candidates = NULL; + fnames *fnew; + char *path = apr_pstrdup(p, fname); +@@ -1562,8 +1563,13 @@ + + candidates = apr_array_make(p, 1, sizeof(fnames)); + while (apr_dir_read(&dirent, APR_FINFO_DIRENT, dirp) == APR_SUCCESS) { ++ slen = strlen(dirent.name); + /* strip out '.' and '..' */ +- if (strcmp(dirent.name, ".") ++ if (strcmp(dirent.name, ".") && (dirent.name)[slen-1] != '~' ++ && (dirent.name)[0] != '.' ++ && (slen < 8 || strcmp((dirent.name + slen - 7), ".rpmnew")) ++ && (slen < 9 || ( strcmp((dirent.name + slen - 8), ".rpmorig") ++ && strcmp((dirent.name + slen - 8), ".rpmsave"))) + && strcmp(dirent.name, "..")) { + fnew = (fnames *) apr_array_push(candidates); + fnew->fname = ap_make_full_path(p, path, dirent.name); diff --git a/apache-example.net.conf b/apache-example.net.conf new file mode 100644 index 0000000..2d65d7f --- /dev/null +++ b/apache-example.net.conf @@ -0,0 +1,24 @@ +# This is example config file for virtual host "example.net" + +# Redirect only vhost. Use permanent url for same resource. +# +# ServerAlias example.net +# RedirectPermanent / http://www.example.net +# + +# +# ServerName www.example.net +# ServerAdmin webmaster@example.net +# DocumentRoot /home/services/httpd/vhosts/example.net +# ErrorLog logs/example.net-error_log +# TransferLog logs/example.net-access_log +# + +# +# AllowOverride None +# Options None +# +# Order allow,deny +# Allow from all +# +# diff --git a/apache-httpd.conf b/apache-httpd.conf new file mode 100644 index 0000000..ec2c372 --- /dev/null +++ b/apache-httpd.conf @@ -0,0 +1,113 @@ +# $Id: apache-httpd.conf,v 1.58 2011/10/25 09:40:41 psz Exp $ +# +# This is the main Apache HTTP server configuration file. +# It contains the configuration directives that give the server its instructions. +# +# This config aims to be clean and readable. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. + +ServerRoot "/etc/httpd" +DefaultType text/plain + +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +User http +Group http + +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses. +#Listen 192.168.1.1:80 +Listen 80 + +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@example.com +# +ServerAdmin root@example.com + +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# +ServerName localhost + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +ErrorLog logs/error_log + +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +LogLevel warn + +Timeout 300 +KeepAlive On +MaxKeepAliveRequests 100 +KeepAliveTimeout 5 +UseCanonicalName Off +AccessFileName .htaccess +ServerTokens Prod +ServerSignature On +HostnameLookups Off +#AddDefaultCharset UTF-8 + +TraceEnable Off + +# Include other modules and packages config. +Include conf.d/*.conf + +# Include webapps config +Include webapps.d/*.conf + + + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + # + ScriptAlias /cgi-bin/ "/home/services/httpd/cgi-bin/" + + + AllowOverride None + Options None + + Order allow,deny + Allow from all + + + + +# VirtualHost: Allows the daemon to respond to requests for more than one +# server address, if your server machine is configured to accept IP packets +# for multiple addresses. This can be accomplished with the ifconfig +# alias flag, or through kernel patches like VIF. + +# Any apache.conf conf directive may go into a VirtualHost command. +# See also the BindAddress entry. + +# Setup default vhost (first one defined in config) and include vhosts configuration +NameVirtualHost *:80 + + ServerName localhost +# ServerAdmin webmaster@host.example.com +# DocumentRoot /www/docs/host.example.com +# ErrorLog logs/host.example.com-error_log +# TransferLog logs/host.example.com-access_log + + +Include vhosts.d/*.conf diff --git a/apache-languages.conf b/apache-languages.conf new file mode 100644 index 0000000..c3716e3 --- /dev/null +++ b/apache-languages.conf @@ -0,0 +1,139 @@ +# +# Settings for hosting different languages. +# +# Required modules: mod_mime, mod_negotiation + +# DefaultLanguage and AddLanguage allows you to specify the language of +# a document. You can then use content negotiation to give a browser a +# file in a language the user can understand. +# +# Specify a default language. This means that all data +# going out without a specific language tag (see below) will +# be marked with this one. You probably do NOT want to set +# this unless you are sure it is correct for all cases. +# +# * It is generally better to not mark a page as +# * being a certain language than marking it with the wrong +# * language! +# +# DefaultLanguage nl +# +# Note 1: The suffix does not have to be the same as the language +# keyword --- those with documents in Polish (whose net-standard +# language code is pl) may wish to use "AddLanguage pl .po" to +# avoid the ambiguity with the common suffix for perl scripts. +# +# Note 2: The example entries below illustrate that in some cases +# the two character 'Language' abbreviation is not identical to +# the two character 'Country' code for its country, +# E.g. 'Danmark/dk' versus 'Danish/da'. +# +# Note 3: In the case of 'ltz' we violate the RFC by using a three char +# specifier. There is 'work in progress' to fix this and get +# the reference data for rfc1766 cleaned up. +# +# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) +# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) +# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) +# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) +# Norwegian (no) - Polish (pl) - Portugese (pt) +# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) +# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) +# +AddLanguage ca .ca +AddLanguage cs .cz .cs +AddLanguage da .dk +AddLanguage de .de +AddLanguage el .el +AddLanguage en .en +AddLanguage eo .eo +AddLanguage es .es +AddLanguage et .et +AddLanguage fr .fr +AddLanguage he .he +AddLanguage hr .hr +AddLanguage it .it +AddLanguage ja .ja +AddLanguage ko .ko +AddLanguage ltz .ltz +AddLanguage nl .nl +AddLanguage nn .nn +AddLanguage no .no +AddLanguage pl .po +AddLanguage pt .pt +AddLanguage pt-BR .pt-br +AddLanguage ru .ru +AddLanguage sv .sv +AddLanguage zh-CN .zh-cn +AddLanguage zh-TW .zh-tw + +# LanguagePriority allows you to give precedence to some languages +# in case of a tie during content negotiation. +# +# Just list the languages in decreasing order of preference. We have +# more or less alphabetized them here. You probably want to change this. +# +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW + +# +# ForceLanguagePriority allows you to serve a result page rather than +# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) +# [in case no accepted languages matched the available variants] +# +ForceLanguagePriority Prefer Fallback + +# +# Commonly used filename extensions to character sets. You probably +# want to avoid clashes with the language extensions, unless you +# are good at carefully testing your setup after each change. +# See http://www.iana.org/assignments/character-sets for the +# official list of charset names and their respective RFCs. +# +AddCharset us-ascii.ascii .us-ascii +AddCharset ISO-8859-1 .iso8859-1 .latin1 +AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen +AddCharset ISO-8859-3 .iso8859-3 .latin3 +AddCharset ISO-8859-4 .iso8859-4 .latin4 +AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru +AddCharset ISO-8859-6 .iso8859-6 .arb .arabic +AddCharset ISO-8859-7 .iso8859-7 .grk .greek +AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew +AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk +AddCharset ISO-8859-10 .iso8859-10 .latin6 +AddCharset ISO-8859-13 .iso8859-13 +AddCharset ISO-8859-14 .iso8859-14 .latin8 +AddCharset ISO-8859-15 .iso8859-15 .latin9 +AddCharset ISO-8859-16 .iso8859-16 .latin10 +AddCharset ISO-2022-JP .iso2022-jp .jis +AddCharset ISO-2022-KR .iso2022-kr .kis +AddCharset ISO-2022-CN .iso2022-cn .cis +AddCharset Big5.Big5 .big5 .b5 +AddCharset cn-Big5 .cn-big5 +# For russian, more than one charset is used (depends on client, mostly): +AddCharset WINDOWS-1251 .cp-1251 .win-1251 +AddCharset CP866 .cp866 +AddCharset KOI8 .koi8 +AddCharset KOI8-E .koi8-e +AddCharset KOI8-r .koi8-r .koi8-ru +AddCharset KOI8-U .koi8-u +AddCharset KOI8-ru .koi8-uk .ua +AddCharset ISO-10646-UCS-2 .ucs2 +AddCharset ISO-10646-UCS-4 .ucs4 +AddCharset UTF-7 .utf7 +AddCharset UTF-8 .utf8 +AddCharset UTF-16 .utf16 +AddCharset UTF-16BE .utf16be +AddCharset UTF-16LE .utf16le +AddCharset UTF-32 .utf32 +AddCharset UTF-32BE .utf32be +AddCharset UTF-32LE .utf32le +AddCharset euc-cn .euc-cn +AddCharset euc-gb .euc-gb +AddCharset euc-jp .euc-jp +AddCharset euc-kr .euc-kr +#Not sure how euc-tw got in - IANA doesn't list it??? +AddCharset EUC-TW .euc-tw +AddCharset gb2312 .gb2312 .gb +AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 +AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 +AddCharset shift_jis .shift_jis .sjis diff --git a/apache-layout.patch b/apache-layout.patch new file mode 100644 index 0000000..91d96df --- /dev/null +++ b/apache-layout.patch @@ -0,0 +1,32 @@ +diff -urN httpd-2.0.45.org/config.layout httpd-2.0.45/config.layout +--- httpd-2.0.45.org/config.layout Thu Apr 3 09:27:42 2003 ++++ httpd-2.0.45/config.layout Thu Apr 3 09:27:59 2003 +@@ -298,3 +298,28 @@ + installbuilddir: ${prefix}/etc/apache2/build + errordir: ${datadir}/error + ++ ++# PLD layout ++ ++ prefix: /usr ++ exec_prefix: ${prefix} ++ bindir: ${exec_prefix}/bin ++ sbindir: ${exec_prefix}/sbin ++ libdir: ${exec_prefix}/lib ++ libexecdir: ${libdir}/apache ++ mandir: /usr/share/man ++ infodir: /usr/share/info ++ sysconfdir: /etc/httpd ++ datadir: /home/services/httpd ++ iconsdir: ${datadir}/icons ++ htdocsdir: ${datadir}/html ++ manualdir: ${datadir}/manual ++ errordir: ${datadir}/error ++ cgidir: ${prefix}/lib/cgi-bin/apache ++ includedir: ${prefix}/include/apache ++ localstatedir: /var/lib/httpd ++ runtimedir: /var/run ++ logfiledir: /var/log/httpd ++ proxycachedir: /var/cache/httpd ++ installbuilddir: ${libexecdir}/build ++ diff --git a/apache-manual.conf b/apache-manual.conf new file mode 100644 index 0000000..a94735d --- /dev/null +++ b/apache-manual.conf @@ -0,0 +1,27 @@ +# +# Provide access to the documentation on your server as +# http://yourserver.example.com/manual/ +# The documentation is always available at +# http://httpd.apache.org/docs/2.2/ +# +# Required modules: mod_alias, mod_setenvif, mod_negotiation +# + +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru))?(/.*)?$ "/home/services/httpd/manual$1" + + + Options Indexes + AllowOverride None + Order allow,deny + Allow from all + + + SetHandler type-map + + + SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br|ru)/ prefer-language=$1 + RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br|ru)){2,}(/.*)?$ /manual/$1$2 + + LanguagePriority en de es fr ja ko pt-br ru + ForceLanguagePriority Prefer Fallback + diff --git a/apache-mod_authz_host.conf b/apache-mod_authz_host.conf new file mode 100644 index 0000000..b64bd54 --- /dev/null +++ b/apache-mod_authz_host.conf @@ -0,0 +1,12 @@ +# $Id: apache-mod_authz_host.conf,v 1.2 2005/12/21 13:20:11 glen Exp $ +LoadModule authz_host_module modules/mod_authz_host.so + +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + + Order allow,deny + Deny from all + + diff --git a/apache-mod_autoindex.conf b/apache-mod_autoindex.conf new file mode 100644 index 0000000..9cf9faa --- /dev/null +++ b/apache-mod_autoindex.conf @@ -0,0 +1,99 @@ +# $Id: apache-mod_autoindex.conf,v 1.10 2011/04/03 13:22:25 glen Exp $ +LoadModule autoindex_module modules/mod_autoindex.so + +# +# Directives controlling the display of server-generated directory listings. +# + +# Required modules: mod_autoindex, mod_alias +# +# To see the listing of a directory, the Options directive for the +# directory must include "Indexes", and the directory must not contain +# a file matching those listed in the DirectoryIndex directive. + + +# IndexOptions: Controls the appearance of server-generated directory +# listings. +# +IndexOptions FancyIndexing VersionSort Charset=UTF-8 + +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "/home/services/httpd/icons/" + + + Options Indexes MultiViews + AllowOverride None + + Order allow,deny + Allow from all + + + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif core + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + + diff --git a/apache-mod_cache.conf b/apache-mod_cache.conf new file mode 100644 index 0000000..9718fd6 --- /dev/null +++ b/apache-mod_cache.conf @@ -0,0 +1,38 @@ +LoadModule cache_module modules/mod_cache.so + +# +# Sample Cache Configuration +# + + + # If you want to use mod_disk_cache instead of mod_mem_cache, + # just swap the two loadmodule comments. +# LoadModule disk_cache_module modules/mod_disk_cache.so + LoadModule mem_cache_module modules/mod_mem_cache.so + + # prevent apache from cacheing cookies + CacheIgnoreHeaders Set-Cookie + + + CacheRoot "/var/cache/httpd" + CacheEnable disk / + CacheDirLevels 5 + CacheDirLength 3 + +# CacheDefaultExpire 3600 +# CacheMinExpire 3600 +# CacheMinFileSize 64 +# CacheMaxFileSize 64000 + + + + CacheEnable mem / + MCacheSize 4096 + MCacheMaxObjectCount 100 + MCacheMinObjectSize 1 + MCacheMaxObjectSize 2048 + + + # When acting as a proxy, don't cache the list of security updates +# CacheDisable http://security.update.server/update-list/ + diff --git a/apache-mod_cgid.conf b/apache-mod_cgid.conf new file mode 100644 index 0000000..4d05526 --- /dev/null +++ b/apache-mod_cgid.conf @@ -0,0 +1,10 @@ +# $Id: apache-mod_cgid.conf,v 1.4 2005/12/21 13:31:35 glen Exp $ +LoadModule cgid_module modules/mod_cgid.so + + + # + # ScriptSock: On threaded servers, designate the path to the UNIX + # socket used to communicate with the CGI daemon of mod_cgid. + # + Scriptsock /var/run/httpd/cgisock + diff --git a/apache-mod_dav.conf b/apache-mod_dav.conf new file mode 100644 index 0000000..cb35220 --- /dev/null +++ b/apache-mod_dav.conf @@ -0,0 +1,55 @@ +# $Id: apache-mod_dav.conf,v 1.10 2010/01/19 14:01:14 baggins Exp $ +LoadModule dav_module modules/mod_dav.so +LoadModule dav_fs_module modules/mod_dav_fs.so +LoadModule dav_lock_module modules/mod_dav_lock.so + +# +# Distributed authoring and versioning (WebDAV) +# +# Required modules: mod_dav, mod_dav_fs, mod_setenvif, mod_alias +# mod_auth_digest, mod_authn_file +# + +# +# DavLockDB /var/lock/mod_dav/dav +# DavMinTimeout 600 + +# The following example gives DAV write access to a directory called +# "uploads" under the ServerRoot directory. +# +# The User/Group specified in httpd.conf needs to have write permissions +# on the directory where the DavLockDB is placed and on any directory where +# "Dav On" is specified. + +#Alias /uploads "/etc/httpd/httpd/uploads" +# +# Dav On +# +# AuthType Digest +# AuthName DAV-upload +# # You can use the htdigest program to create the password database: +# # htdigest -c "/etc/httpd/httpd/user.passwd" DAV-upload admin +# AuthUserFile "/etc/httpd/httpd/user.passwd" +# +# # Allow universal read-access, but writes are restricted +# # to the admin user. +# +# require user admin +# +# + +# +# The following directives disable redirects on non-GET requests for +# a directory that does not include the trailing slash. This fixes a +# problem with several clients that do not appropriately handle +# redirects for folders with DAV methods. +# +#BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +#BrowserMatch "MS FrontPage" redirect-carefully +#BrowserMatch "^WebDrive" redirect-carefully +#BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully +#BrowserMatch "^gnome-vfs/1.0" redirect-carefully +#BrowserMatch "^XML Spy" redirect-carefully +#BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully + +# diff --git a/apache-mod_deflate.conf b/apache-mod_deflate.conf new file mode 100644 index 0000000..47367b7 --- /dev/null +++ b/apache-mod_deflate.conf @@ -0,0 +1,35 @@ +# $Id: apache-mod_deflate.conf,v 1.12 2011/08/13 19:27:46 glen Exp $ +LoadModule deflate_module modules/mod_deflate.so + +# Safe but working settings - compress only that types: +AddOutputFilterByType DEFLATE application/javascript application/x-javascript text/javascript +AddOutputFilterByType DEFLATE application/x-httpd-php +AddOutputFilterByType DEFLATE application/xhtml+xml +AddOutputFilterByType DEFLATE image/svg+xml +AddOutputFilterByType DEFLATE text/css +AddOutputFilterByType DEFLATE text/html +AddOutputFilterByType DEFLATE text/plain +AddOutputFilterByType DEFLATE text/xml + +# Compress all and exclude only few things - may cause some problems: +#SetOutputFilter DEFLATE + + + # Netscape 4.x has some problems... + BrowserMatch ^Mozilla/4 gzip-only-text/html + + # Netscape 4.06-4.08 have some more problems + BrowserMatch ^Mozilla/4\.0[678] no-gzip + + # MSIE masquerades as Netscape, but it is fine + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary + SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary + SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar|iso)$ no-gzip dont-vary + + + + # Make sure proxies don't deliver the wrong content + Header append Vary Accept-Encoding env=!dont-vary + diff --git a/apache-mod_dir.conf b/apache-mod_dir.conf new file mode 100644 index 0000000..7105843 --- /dev/null +++ b/apache-mod_dir.conf @@ -0,0 +1,9 @@ +# $Id: apache-mod_dir.conf,v 1.11 2006/02/12 15:38:52 blues Exp $ +LoadModule dir_module modules/mod_dir.so + +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. + + + DirectoryIndex index.html index.html.var index.htm index.shtml index.cgi index.php index.phtml + diff --git a/apache-mod_info.conf b/apache-mod_info.conf new file mode 100644 index 0000000..cdce091 --- /dev/null +++ b/apache-mod_info.conf @@ -0,0 +1,22 @@ +# $Id: apache-mod_info.conf,v 1.9 2005/12/21 13:27:28 glen Exp $ +LoadModule info_module modules/mod_info.so + +# Get information about the requests being processed by the server +# and the configuration of the server. +# +# Required modules: mod_info (for the server-info handler), mod_authz_host (ACL) + + +# +# Allow remote server configuration reports, with the URL of +# http://servername/server-info (requires that mod_info.c be loaded). +# Change the ".example.com" to match your domain to enable. +# + + SetHandler server-info + Order deny,allow + Deny from all + Allow from 127.0.0.1 + + + diff --git a/apache-mod_log_config.conf b/apache-mod_log_config.conf new file mode 100644 index 0000000..e5e827c --- /dev/null +++ b/apache-mod_log_config.conf @@ -0,0 +1,31 @@ +# $Id: apache-mod_log_config.conf,v 1.3 2005/12/19 15:13:03 glen Exp $ +LoadModule log_config_module modules/mod_log_config.so + + + # + # The following directives define some format nicknames for use with + # a CustomLog directive (see below). + # + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b" common + + + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + + # + # The location and format of the access logfile (Common Logfile Format). + # If you do not define any access logfiles within a + # container, they will be logged here. Contrariwise, if you *do* + # define per- access logfiles, transactions will be + # logged therein and *not* in this file. + # + CustomLog logs/access_log common + + # + # If you prefer a logfile with access, agent, and referer information + # (Combined Logfile Format) you can use the following directive. + # + #CustomLog logs/access_log combined + diff --git a/apache-mod_mime.conf b/apache-mod_mime.conf new file mode 100644 index 0000000..1b0aedb --- /dev/null +++ b/apache-mod_mime.conf @@ -0,0 +1,56 @@ +# $Id: apache-mod_mime.conf,v 1.2 2005/12/21 13:27:28 glen Exp $ +LoadModule mime_module modules/mod_mime.so + + + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + TypesConfig /etc/mime.types + + # + # AddType allows you to add to or override the MIME configuration + # file specified in TypesConfig for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi + + # For files that include their own HTTP headers: + #AddHandler send-as-is asis + + # For server-parsed imagemap files: + #AddHandler imap-file map + + # For type maps (negotiated resources): + #AddHandler type-map var + + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + #AddType text/html .shtml + #AddOutputFilter INCLUDES .shtml + diff --git a/apache-mod_mime_magic.conf b/apache-mod_mime_magic.conf new file mode 100644 index 0000000..55bdcb3 --- /dev/null +++ b/apache-mod_mime_magic.conf @@ -0,0 +1,10 @@ +# $Id: apache-mod_mime_magic.conf,v 1.4 2006/07/26 21:18:51 blues Exp $ +LoadModule mime_magic_module modules/mod_mime_magic.so + +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. + + + MIMEMagicFile /etc/httpd/magic + diff --git a/apache-mod_proxy.conf b/apache-mod_proxy.conf new file mode 100644 index 0000000..4637d57 --- /dev/null +++ b/apache-mod_proxy.conf @@ -0,0 +1,37 @@ +# $Id: apache-mod_proxy.conf,v 1.9 2005/12/21 13:27:28 glen Exp $ +LoadModule proxy_module modules/mod_proxy.so + +# FIXME: enable or disable these by default? +# I'd enable if the config is secure. but i'm not sure +#LoadModule proxy_connect_module modules/mod_proxy_connect.so +#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +#LoadModule proxy_http_module modules/mod_proxy_http.so +#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so +#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so + +# Proxy Server directives. Uncomment the following lines to +# enable the proxy server: +# + +ProxyRequests On +# +# +# This prevents spammers from using apache as a relay by posting to +# http://victim:25/ and sending raw data. +# + + Order deny,allow + Deny from all +# Allow from .your-domain.com + + +# +# Enable/disable the handling of HTTP/1.1 "Via:" headers. +# ("Full" adds the server version; "Block" removes all outgoing Via: headers) +# Set to one of: Off | On | Full | Block +# +ProxyVia On + +# To enable the cache as well, see mod_cache.conf + + diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf new file mode 100644 index 0000000..f442e2d --- /dev/null +++ b/apache-mod_ssl.conf @@ -0,0 +1,228 @@ +# $Id: apache-mod_ssl.conf,v 1.20 2010/07/06 08:18:18 psz Exp $ +LoadModule ssl_module modules/mod_ssl.so + +# This is the Apache server configuration file providing SSL support. +# It contains the configuration directives to instruct the server how to +# serve pages over an https connection. For detailing information about these +# directives see + + +# +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the SSL library. +# The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +# +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed startup file:/dev/urandom 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + + +# +# When we also provide SSL we have to listen to the +# standard HTTP port (see above) and to the HTTPS port +# +# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two +# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" +# +Listen 443 + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog builtin + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +#SSLSessionCache dbm:/var/cache/httpd/ssl_scache +#SSLSessionCache shmcb:/var/run/ssl_scache(512000) +SSLSessionCache shmcb:/var/cache/httpd/ssl_scache(512000) +SSLSessionCacheTimeout 300 + +# Semaphore: +# Configure the path to the mutual exclusion semaphore the +# SSL engine uses internally for inter-process synchronization. +SSLMutex file:/var/run/httpd/ssl_mutex + +## +## SSL Virtual Host Context +## + +NameVirtualHost *:443 + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# Usable SSL protocol flavors: +# This directive can be used to control the SSL protocol flavors mod_ssl +# should use when establishing its server environment. Clients then can only +# connect with one of the provided protocols. +SSLProtocol all -SSLv2 + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +SSLCipherSuite ALL:!ADH:!EXP:!LOW:!SSLv2:RC4+RSA:+HIGH:+MEDIUM + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. Keep +# in mind that if you have both an RSA and a DSA certificate you +# can configure both in parallel (to also allow the use of DSA +# ciphers, etc.) +SSLCertificateFile /etc/httpd/ssl/server.crt +#SSLCertificateFile /etc/httpd/ssl/server-dsa.crt + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +SSLCertificateKeyFile /etc/httpd/ssl/server.key +#SSLCertificateKeyFile /etc/httpd/ssl/server-dsa.key + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convinience. +#SSLCertificateChainFile /etc/httpd/ssl/ca.crt + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +# Note: Inside SSLCACertificatePath you need hash symlinks +# to point to the certificate files. Use the provided +# Makefile to update the hash symlinks after changes. +#SSLCACertificatePath /etc/httpd/ssl +#SSLCACertificateFile /etc/httpd/ssl/ca-bundle.crt + +# Certificate Revocation Lists (CRL): +# Set the CA revocation path where to find CA CRLs for client +# authentication or alternatively one huge file containing all +# of them (file must be PEM encoded) +# Note: Inside SSLCARevocationPath you need hash symlinks +# to point to the certificate files. Use the provided +# Makefile to update the hash symlinks after changes. +#SSLCARevocationPath /etc/httpd/ssl +#SSLCARevocationFile /etc/httpd/ssl/ca-bundle.crl + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +# +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +# + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is send or allowed to received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is send and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. + + BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 + + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +# +# CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" +# # enable common log too, otherwise you be suprised of no access logs +# CustomLog logs/access_log common +# + + + + diff --git a/apache-mod_status.conf b/apache-mod_status.conf new file mode 100644 index 0000000..84a3bfc --- /dev/null +++ b/apache-mod_status.conf @@ -0,0 +1,30 @@ +# $Id: apache-mod_status.conf,v 1.8 2005/12/21 13:27:28 glen Exp $ +LoadModule status_module modules/mod_status.so + +# +# Get information about the requests being processed by the server +# and the configuration of the server. +# +# Required modules: mod_status (for the server-status handler), + + +# +# Allow server status reports generated by mod_status, +# with the URL of http://servername/server-status +# Change the ".example.com" to match your domain to enable. + + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + + +# +# ExtendedStatus controls whether Apache will generate "full" status +# information (ExtendedStatus On) or just basic information (ExtendedStatus +# Off) when the "server-status" handler is called. The default is Off. +# +#ExtendedStatus On + + diff --git a/apache-mod_suexec.conf b/apache-mod_suexec.conf new file mode 100644 index 0000000..b076627 --- /dev/null +++ b/apache-mod_suexec.conf @@ -0,0 +1,2 @@ +# $Id: apache-mod_suexec.conf,v 1.5 2005/12/21 13:27:28 glen Exp $ +LoadModule suexec_module modules/mod_suexec.so diff --git a/apache-mod_userdir.conf b/apache-mod_userdir.conf new file mode 100644 index 0000000..5334e24 --- /dev/null +++ b/apache-mod_userdir.conf @@ -0,0 +1,36 @@ +# $Id: apache-mod_userdir.conf,v 1.6 2008/11/16 14:12:47 gotar Exp $ +LoadModule userdir_module modules/mod_userdir.so + +# Settings for user home directories +# +# Required module: mod_userdir + + +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. Note that you must also set +# the default access control for these directories, as in the example below. +# +UserDir public_html + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + + Order allow,deny + Allow from all + + + Order deny,allow + Deny from all + + # + # php_admin_value open_basedir "/home/users:/usr/share/pear:/usr/share/php:/tmp" + # + + + diff --git a/apache-mod_vhost_alias.conf b/apache-mod_vhost_alias.conf new file mode 100644 index 0000000..461e5dd --- /dev/null +++ b/apache-mod_vhost_alias.conf @@ -0,0 +1,15 @@ +# $Id: apache-mod_vhost_alias.conf,v 1.7 2009/11/04 11:42:20 glen Exp $ +LoadModule vhost_alias_module modules/mod_vhost_alias.so + + + +# http://www.example.com/directory/file.html will be satisfied by the file +# /srv/www/vhosts/www.example.com/directory/file.html. +#UseCanonicalName Off +#VirtualDocumentRoot /srv/www/vhosts/%0 + +# For IP-based virtual hosting you might use the following in your configuration file: +#UseCanonicalName DNS +#VirtualDocumentRootIP /srv/www/vhosts/%1/%2/%3/%4/docs +#VirtualScriptAliasIP /srv/www/vhosts/%1/%2/%3/%4/cgi-bin + diff --git a/apache-mod_vhost_alias_docroot.patch b/apache-mod_vhost_alias_docroot.patch new file mode 100644 index 0000000..359ff57 --- /dev/null +++ b/apache-mod_vhost_alias_docroot.patch @@ -0,0 +1,100 @@ +--- old/modules/mappers/mod_vhost_alias.c 2006-07-24 13:07:15.000000000 +0100 ++++ new/modules/mappers/mod_vhost_alias.c 2006-07-24 13:09:21.000000000 +0100 +@@ -33,6 +33,8 @@ + * both written by James Grinter . + */ + ++#define CORE_PRIVATE ++ + #include "apr.h" + #include "apr_strings.h" + #include "apr_hooks.h" +@@ -67,6 +69,7 @@ + const char *cgi_root; + mva_mode_e doc_root_mode; + mva_mode_e cgi_root_mode; ++ int set_doc_root; + } mva_sconf_t; + + static void *mva_create_server_config(apr_pool_t *p, server_rec *s) +@@ -78,6 +81,7 @@ + conf->cgi_root = NULL; + conf->doc_root_mode = VHOST_ALIAS_UNSET; + conf->cgi_root_mode = VHOST_ALIAS_UNSET; ++ conf->set_doc_root = 0; + return conf; + } + +@@ -104,6 +108,8 @@ + conf->cgi_root_mode = child->cgi_root_mode; + conf->cgi_root = child->cgi_root; + } ++ ++ conf->set_doc_root = child->set_doc_root; + return conf; + } + +@@ -212,6 +218,18 @@ + return NULL; + } + ++ ++static const char *vhost_set_docroot(cmd_parms *cmd, void *dummy, ++ const char *str) ++{ ++ mva_sconf_t *conf; ++ conf = (mva_sconf_t *) ap_get_module_config(cmd->server->module_config, ++ &vhost_alias_module); ++ conf->set_doc_root = (strcasecmp(str, "yes") == 0 || ++ strcasecmp(str, "on") == 0) ? 1 : 0; ++ return NULL; ++} ++ + static const command_rec mva_commands[] = + { + AP_INIT_TAKE1("VirtualScriptAlias", vhost_alias_set, +@@ -226,6 +244,9 @@ + AP_INIT_TAKE1("VirtualDocumentRootIP", vhost_alias_set, + &vhost_alias_set_doc_root_ip, RSRC_CONF, + "how to create the DocumentRoot based on the host"), ++ AP_INIT_TAKE1("SetVirtualDocumentRoot", vhost_set_docroot, ++ NULL, RSRC_CONF, ++ "set DOCUMENT_ROOT to parsed document root"), + { NULL } + }; + +@@ -250,8 +271,9 @@ + } + } + +-static void vhost_alias_interpolate(request_rec *r, const char *name, +- const char *map, const char *uri) ++static void vhost_alias_interpolate(request_rec *r, mva_sconf_t *conf, ++ const char *name, const char *map, ++ const char *uri) + { + /* 0..9 9..0 */ + enum { MAXDOTS = 19 }; +@@ -378,6 +400,13 @@ + else { + r->filename = apr_pstrcat(r->pool, buf, uri, NULL); + } ++ ++ if (conf->set_doc_root) { ++ request_rec *top = (r->main)?r->main:r; ++ core_server_config *core = (core_server_config *) ap_get_module_config(r->server->module_config, &core_module); ++ ++ core->ap_document_root = apr_pstrdup(top->pool, buf); ++ } + } + + static int mva_translate(request_rec *r) +@@ -426,7 +455,7 @@ + * canonical_path buffer. + */ + r->canonical_filename = ""; +- vhost_alias_interpolate(r, name, map, uri); ++ vhost_alias_interpolate(r, conf, name, map, uri); + + if (cgi) { + /* see is_scriptaliased() in mod_cgi */ diff --git a/apache-mpm-itk.patch b/apache-mpm-itk.patch new file mode 100644 index 0000000..90a73eb --- /dev/null +++ b/apache-mpm-itk.patch @@ -0,0 +1,2041 @@ +http://mpm-itk.sesse.net/apache2.2-mpm-itk-20090414-00.patch + +unchanged: +--- httpd-2.2.11/server/mpm/experimental/itk/Makefile.in 2009-03-17 21:38:54.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/Makefile.in 2009-03-17 21:39:03.000000000 +0100 +@@ -0,0 +1,5 @@ ++ ++LTLIBRARY_NAME = libitk.la ++LTLIBRARY_SOURCES = itk.c ++ ++include $(top_srcdir)/build/ltlib.mk +unchanged: +--- httpd-2.2.11/server/mpm/experimental/itk/config.m4 2009-03-17 21:38:53.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/config.m4 2009-03-17 21:39:03.000000000 +0100 +@@ -0,0 +1,3 @@ ++if test "$MPM_NAME" = "itk" ; then ++ APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile) ++fi +diff -u httpd-2.2.11/server/mpm/experimental/itk/itk.c httpd-2.2.11/server/mpm/experimental/itk/itk.c +--- httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-04-14 23:29:16.000000000 +0200 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-04-14 23:31:05.000000000 +0200 +@@ -0,0 +1,1740 @@ ++/* Licensed to the Apache Software Foundation (ASF) under one or more ++ * contributor license agreements. See the NOTICE file distributed with ++ * this work for additional information regarding copyright ownership. ++ * The ASF licenses this file to You under the Apache License, Version 2.0 ++ * (the "License"); you may not use this file except in compliance with ++ * the License. You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. ++ */ ++ ++#include "apr.h" ++#include "apr_portable.h" ++#include "apr_strings.h" ++#include "apr_thread_proc.h" ++#include "apr_signal.h" ++ ++# define _DBG(text,par...) \ ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ ++ "(itkmpm: pid=%d uid=%d, gid=%d) %s(): " text, \ ++ getpid(), getuid(), getgid(), __FUNCTION__, par) ++ ++#define APR_WANT_STDIO ++#define APR_WANT_STRFUNC ++#include "apr_want.h" ++ ++#if APR_HAVE_UNISTD_H ++#include ++#endif ++#if APR_HAVE_SYS_TYPES_H ++#include ++#endif ++ ++#define CORE_PRIVATE ++ ++#include "ap_config.h" ++#include "httpd.h" ++#include "mpm_default.h" ++#include "http_main.h" ++#include "http_log.h" ++#include "http_config.h" ++#include "http_core.h" /* for get_remote_host */ ++#include "http_connection.h" ++#include "http_request.h" /* for ap_hook_post_perdir_config */ ++#include "scoreboard.h" ++#include "ap_mpm.h" ++#include "unixd.h" ++#include "mpm_common.h" ++#include "ap_listen.h" ++#include "ap_mmn.h" ++#include "apr_poll.h" ++ ++#ifdef HAVE_BSTRING_H ++#include /* for IRIX, FD_SET calls bzero() */ ++#endif ++#ifdef HAVE_TIME_H ++#include ++#endif ++#ifdef HAVE_SYS_PROCESSOR_H ++#include /* for bindprocessor() */ ++#endif ++ ++#if HAVE_LIBCAP ++#include ++#endif ++ ++#include ++#include ++ ++/* Limit on the total --- clients will be locked out if more servers than ++ * this are needed. It is intended solely to keep the server from crashing ++ * when things get out of hand. ++ * ++ * We keep a hard maximum number of servers, for two reasons --- first off, ++ * in case something goes seriously wrong, we want to stop the fork bomb ++ * short of actually crashing the machine we're running on by filling some ++ * kernel table. Secondly, it keeps the size of the scoreboard file small ++ * enough that we can read the whole thing without worrying too much about ++ * the overhead. ++ */ ++#ifndef DEFAULT_SERVER_LIMIT ++#define DEFAULT_SERVER_LIMIT 256 ++#endif ++ ++/* Admin can't tune ServerLimit beyond MAX_SERVER_LIMIT. We want ++ * some sort of compile-time limit to help catch typos. ++ */ ++#ifndef MAX_SERVER_LIMIT ++#define MAX_SERVER_LIMIT 200000 ++#endif ++ ++#ifndef HARD_THREAD_LIMIT ++#define HARD_THREAD_LIMIT 1 ++#endif ++ ++/* config globals */ ++ ++int ap_threads_per_child=0; /* Worker threads per child */ ++static apr_proc_mutex_t *accept_mutex; ++static int ap_daemons_to_start=0; ++static int ap_daemons_min_free=0; ++static int ap_daemons_max_free=0; ++static int ap_daemons_limit=0; /* MaxClients */ ++static int server_limit = DEFAULT_SERVER_LIMIT; ++static int first_server_limit = 0; ++static int changed_limit_at_restart; ++static int mpm_state = AP_MPMQ_STARTING; ++static ap_pod_t *pod; ++ ++/* ++ * The max child slot ever assigned, preserved across restarts. Necessary ++ * to deal with MaxClients changes across AP_SIG_GRACEFUL restarts. We ++ * use this value to optimize routines that have to scan the entire scoreboard. ++ */ ++int ap_max_daemons_limit = -1; ++server_rec *ap_server_conf; ++ ++/* one_process --- debugging mode variable; can be set from the command line ++ * with the -X flag. If set, this gets you the child_main loop running ++ * in the process which originally started up (no detach, no make_child), ++ * which is a pretty nice debugging environment. (You'll get a SIGHUP ++ * early in standalone_main; just continue through. This is the server ++ * trying to kill off any child processes which it might have lying ++ * around --- Apache doesn't keep track of their pids, it just sends ++ * SIGHUP to the process group, ignoring it in the root process. ++ * Continue through and you'll be fine.). ++ */ ++ ++static int one_process = 0; ++ ++static apr_pool_t *pconf; /* Pool for config stuff */ ++static apr_pool_t *pchild; /* Pool for httpd child stuff */ ++ ++static pid_t ap_my_pid; /* it seems silly to call getpid all the time */ ++static pid_t parent_pid; ++#ifndef MULTITHREAD ++static int my_child_num; ++#endif ++ap_generation_t volatile ap_my_generation=0; ++ ++#ifdef TPF ++int tpf_child = 0; ++char tpf_server_name[INETD_SERVNAME_LENGTH+1]; ++#endif /* TPF */ ++ ++static volatile int die_now = 0; ++ ++#define UNSET_NICE_VALUE 100 ++ ++typedef struct ++{ ++ uid_t uid; ++ gid_t gid; ++ char *username; ++ int nice_value; ++} itk_per_dir_conf; ++ ++typedef struct ++{ ++ int max_clients_vhost; ++} itk_server_conf; ++ ++module AP_MODULE_DECLARE_DATA mpm_itk_module; ++ ++#ifdef GPROF ++/* ++ * change directory for gprof to plop the gmon.out file ++ * configure in httpd.conf: ++ * GprofDir $RuntimeDir/ -> $ServerRoot/$RuntimeDir/gmon.out ++ * GprofDir $RuntimeDir/% -> $ServerRoot/$RuntimeDir/gprof.$pid/gmon.out ++ */ ++static void chdir_for_gprof(void) ++{ ++ core_server_config *sconf = ++ ap_get_module_config(ap_server_conf->module_config, &core_module); ++ char *dir = sconf->gprof_dir; ++ const char *use_dir; ++ ++ if(dir) { ++ apr_status_t res; ++ char *buf = NULL ; ++ int len = strlen(sconf->gprof_dir) - 1; ++ if(*(dir + len) == '%') { ++ dir[len] = '\0'; ++ buf = ap_append_pid(pconf, dir, "gprof."); ++ } ++ use_dir = ap_server_root_relative(pconf, buf ? buf : dir); ++ res = apr_dir_make(use_dir, ++ APR_UREAD | APR_UWRITE | APR_UEXECUTE | ++ APR_GREAD | APR_GEXECUTE | ++ APR_WREAD | APR_WEXECUTE, pconf); ++ if(res != APR_SUCCESS && !APR_STATUS_IS_EEXIST(res)) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, res, ap_server_conf, ++ "gprof: error creating directory %s", dir); ++ } ++ } ++ else { ++ use_dir = ap_server_root_relative(pconf, DEFAULT_REL_RUNTIMEDIR); ++ } ++ ++ chdir(use_dir); ++} ++#else ++#define chdir_for_gprof() ++#endif ++ ++/* XXX - I don't know if TPF will ever use this module or not, so leave ++ * the ap_check_signals calls in but disable them - manoj */ ++#define ap_check_signals() ++ ++/* a clean exit from a child with proper cleanup */ ++static void clean_child_exit(int code) __attribute__ ((noreturn)); ++static void clean_child_exit(int code) ++{ ++ mpm_state = AP_MPMQ_STOPPING; ++ ++ if (pchild) { ++ apr_pool_destroy(pchild); ++ } ++ ap_mpm_pod_close(pod); ++ chdir_for_gprof(); ++ exit(code); ++} ++ ++static void accept_mutex_on(void) ++{ ++ apr_status_t rv = apr_proc_mutex_lock(accept_mutex); ++ if (rv != APR_SUCCESS) { ++ const char *msg = "couldn't grab the accept mutex"; ++ ++ if (ap_my_generation != ++ ap_scoreboard_image->global->running_generation) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, NULL, "%s", msg); ++ clean_child_exit(0); ++ } ++ else { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, NULL, "%s", msg); ++ exit(APEXIT_CHILDFATAL); ++ } ++ } ++} ++ ++static void accept_mutex_off(void) ++{ ++ apr_status_t rv = apr_proc_mutex_unlock(accept_mutex); ++ if (rv != APR_SUCCESS) { ++ const char *msg = "couldn't release the accept mutex"; ++ ++ if (ap_my_generation != ++ ap_scoreboard_image->global->running_generation) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, NULL, "%s", msg); ++ /* don't exit here... we have a connection to ++ * process, after which point we'll see that the ++ * generation changed and we'll exit cleanly ++ */ ++ } ++ else { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, NULL, "%s", msg); ++ exit(APEXIT_CHILDFATAL); ++ } ++ } ++} ++ ++/* On some architectures it's safe to do unserialized accept()s in the single ++ * Listen case. But it's never safe to do it in the case where there's ++ * multiple Listen statements. Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT ++ * when it's safe in the single Listen case. ++ */ ++#ifdef SINGLE_LISTEN_UNSERIALIZED_ACCEPT ++#define SAFE_ACCEPT(stmt) do {if (ap_listeners->next) {stmt;}} while(0) ++#else ++#define SAFE_ACCEPT(stmt) do {stmt;} while(0) ++#endif ++ ++AP_DECLARE(apr_status_t) ap_mpm_query(int query_code, int *result) ++{ ++ switch(query_code){ ++ case AP_MPMQ_MAX_DAEMON_USED: ++ *result = ap_daemons_limit; ++ return APR_SUCCESS; ++ case AP_MPMQ_IS_THREADED: ++ *result = AP_MPMQ_NOT_SUPPORTED; ++ return APR_SUCCESS; ++ case AP_MPMQ_IS_FORKED: ++ *result = AP_MPMQ_DYNAMIC; ++ return APR_SUCCESS; ++ case AP_MPMQ_HARD_LIMIT_DAEMONS: ++ *result = server_limit; ++ return APR_SUCCESS; ++ case AP_MPMQ_HARD_LIMIT_THREADS: ++ *result = HARD_THREAD_LIMIT; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_THREADS: ++ *result = 0; ++ return APR_SUCCESS; ++ case AP_MPMQ_MIN_SPARE_DAEMONS: ++ *result = ap_daemons_min_free; ++ return APR_SUCCESS; ++ case AP_MPMQ_MIN_SPARE_THREADS: ++ *result = 0; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_SPARE_DAEMONS: ++ *result = ap_daemons_max_free; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_SPARE_THREADS: ++ *result = 0; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_REQUESTS_DAEMON: ++ *result = ap_max_requests_per_child; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_DAEMONS: ++ *result = server_limit; ++ return APR_SUCCESS; ++ case AP_MPMQ_MPM_STATE: ++ *result = mpm_state; ++ return APR_SUCCESS; ++ } ++ return APR_ENOTIMPL; ++} ++ ++#if defined(NEED_WAITPID) ++/* ++ Systems without a real waitpid sometimes lose a child's exit while waiting ++ for another. Search through the scoreboard for missing children. ++ */ ++int reap_children(int *exitcode, apr_exit_why_e *status) ++{ ++ int n, pid; ++ ++ for (n = 0; n < ap_max_daemons_limit; ++n) { ++ if (ap_scoreboard_image->servers[n][0].status != SERVER_DEAD && ++ kill((pid = ap_scoreboard_image->parent[n].pid), 0) == -1) { ++ ap_update_child_status_from_indexes(n, 0, SERVER_DEAD, NULL); ++ /* just mark it as having a successful exit status */ ++ *status = APR_PROC_EXIT; ++ *exitcode = 0; ++ return(pid); ++ } ++ } ++ return 0; ++} ++#endif ++ ++/***************************************************************** ++ * Connection structures and accounting... ++ */ ++ ++static void just_die(int sig) ++{ ++ clean_child_exit(0); ++} ++ ++static void stop_listening(int sig) ++{ ++ ap_close_listeners(); ++ ++ /* For a graceful stop, we want the child to exit when done */ ++ die_now = 1; ++} ++ ++/* volatile just in case */ ++static int volatile shutdown_pending; ++static int volatile restart_pending; ++static int volatile is_graceful; ++ ++static void sig_term(int sig) ++{ ++ if (shutdown_pending == 1) { ++ /* Um, is this _probably_ not an error, if the user has ++ * tried to do a shutdown twice quickly, so we won't ++ * worry about reporting it. ++ */ ++ return; ++ } ++ shutdown_pending = 1; ++ is_graceful = (sig == AP_SIG_GRACEFUL_STOP); ++} ++ ++/* restart() is the signal handler for SIGHUP and AP_SIG_GRACEFUL ++ * in the parent process, unless running in ONE_PROCESS mode ++ */ ++static void restart(int sig) ++{ ++ if (restart_pending == 1) { ++ /* Probably not an error - don't bother reporting it */ ++ return; ++ } ++ restart_pending = 1; ++ is_graceful = (sig == AP_SIG_GRACEFUL); ++} ++ ++static void set_signals(void) ++{ ++#ifndef NO_USE_SIGACTION ++ struct sigaction sa; ++#endif ++ ++ if (!one_process) { ++ ap_fatal_signal_setup(ap_server_conf, pconf); ++ } ++ ++#ifndef NO_USE_SIGACTION ++ sigemptyset(&sa.sa_mask); ++ sa.sa_flags = 0; ++ ++ sa.sa_handler = sig_term; ++ if (sigaction(SIGTERM, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGTERM)"); ++#ifdef AP_SIG_GRACEFUL_STOP ++ if (sigaction(AP_SIG_GRACEFUL_STOP, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, ++ "sigaction(" AP_SIG_GRACEFUL_STOP_STRING ")"); ++#endif ++#ifdef SIGINT ++ if (sigaction(SIGINT, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGINT)"); ++#endif ++#ifdef SIGXCPU ++ sa.sa_handler = SIG_DFL; ++ if (sigaction(SIGXCPU, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXCPU)"); ++#endif ++#ifdef SIGXFSZ ++ sa.sa_handler = SIG_DFL; ++ if (sigaction(SIGXFSZ, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXFSZ)"); ++#endif ++#ifdef SIGPIPE ++ sa.sa_handler = SIG_IGN; ++ if (sigaction(SIGPIPE, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGPIPE)"); ++#endif ++ ++ /* we want to ignore HUPs and AP_SIG_GRACEFUL while we're busy ++ * processing one ++ */ ++ sigaddset(&sa.sa_mask, SIGHUP); ++ sigaddset(&sa.sa_mask, AP_SIG_GRACEFUL); ++ sa.sa_handler = restart; ++ if (sigaction(SIGHUP, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGHUP)"); ++ if (sigaction(AP_SIG_GRACEFUL, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(" AP_SIG_GRACEFUL_STRING ")"); ++#else ++ if (!one_process) { ++#ifdef SIGXCPU ++ apr_signal(SIGXCPU, SIG_DFL); ++#endif /* SIGXCPU */ ++#ifdef SIGXFSZ ++ apr_signal(SIGXFSZ, SIG_DFL); ++#endif /* SIGXFSZ */ ++ } ++ ++ apr_signal(SIGTERM, sig_term); ++#ifdef SIGHUP ++ apr_signal(SIGHUP, restart); ++#endif /* SIGHUP */ ++#ifdef AP_SIG_GRACEFUL ++ apr_signal(AP_SIG_GRACEFUL, restart); ++#endif /* AP_SIG_GRACEFUL */ ++#ifdef AP_SIG_GRACEFUL_STOP ++ apr_signal(AP_SIG_GRACEFUL_STOP, sig_term); ++#endif /* AP_SIG_GRACEFUL */ ++#ifdef SIGPIPE ++ apr_signal(SIGPIPE, SIG_IGN); ++#endif /* SIGPIPE */ ++ ++#endif ++} ++ ++/***************************************************************** ++ * Child process main loop. ++ * The following vars are static to avoid getting clobbered by longjmp(); ++ * they are really private to child_main. ++ */ ++ ++static int requests_this_child; ++static int num_listensocks = 0; ++ ++ ++int ap_graceful_stop_signalled(void) ++{ ++ /* not ever called anymore... */ ++ return 0; ++} ++ ++ ++static void child_main(int child_num_arg) ++{ ++ apr_pool_t *ptrans; ++ apr_allocator_t *allocator; ++ apr_status_t status; ++ int i; ++ ap_listen_rec *lr; ++ apr_pollset_t *pollset; ++ ap_sb_handle_t *sbh; ++ apr_bucket_alloc_t *bucket_alloc; ++ int last_poll_idx = 0; ++ ++#if HAVE_LIBCAP ++ cap_t caps; ++ cap_value_t suidcaps[] = { ++ CAP_SETUID, ++ CAP_SETGID, ++ CAP_DAC_READ_SEARCH, ++ CAP_SYS_NICE, ++ }; ++#endif ++ ++ mpm_state = AP_MPMQ_STARTING; /* for benefit of any hooks that run as this ++ * child initializes ++ */ ++ ++ my_child_num = child_num_arg; ++ ap_my_pid = getpid(); ++ requests_this_child = 0; ++ ++ ap_fatal_signal_child_setup(ap_server_conf); ++ ++ /* Get a sub context for global allocations in this child, so that ++ * we can have cleanups occur when the child exits. ++ */ ++ apr_allocator_create(&allocator); ++ apr_allocator_max_free_set(allocator, ap_max_mem_free); ++ apr_pool_create_ex(&pchild, pconf, NULL, allocator); ++ apr_allocator_owner_set(allocator, pchild); ++ ++ apr_pool_create(&ptrans, pchild); ++ apr_pool_tag(ptrans, "transaction"); ++ ++ /* needs to be done before we switch UIDs so we have permissions */ ++ ap_reopen_scoreboard(pchild, NULL, 0); ++ status = apr_proc_mutex_child_init(&accept_mutex, ap_lock_fname, pchild); ++ if (status != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, status, ap_server_conf, ++ "Couldn't initialize cross-process lock in child " ++ "(%s) (%d)", ap_lock_fname, ap_accept_lock_mech); ++ clean_child_exit(APEXIT_CHILDFATAL); ++ } ++ ++ ap_run_child_init(pchild, ap_server_conf); ++ ++ ap_create_sb_handle(&sbh, pchild, my_child_num, 0); ++ ++ (void) ap_update_child_status(sbh, SERVER_READY, (request_rec *) NULL); ++ ++ /* Set up the pollfd array */ ++ /* ### check the status */ ++ (void) apr_pollset_create(&pollset, num_listensocks, pchild, 0); ++ ++ for (lr = ap_listeners, i = num_listensocks; i--; lr = lr->next) { ++ apr_pollfd_t pfd = { 0 }; ++ ++ pfd.desc_type = APR_POLL_SOCKET; ++ pfd.desc.s = lr->sd; ++ pfd.reqevents = APR_POLLIN; ++ pfd.client_data = lr; ++ ++ /* ### check the status */ ++ (void) apr_pollset_add(pollset, &pfd); ++ } ++ ++#if HAVE_LIBCAP ++ /* Drop as many privileges as we can. We'll still ++ * access files with uid=0, and we can setuid() to anything, but ++ * at least there's tons of other evilness (like loading kernel ++ * modules) we can't do directly. (The setuid() capability will ++ * go away automatically when we setuid() or exec() -- the former ++ * is likely to come first.) ++ */ ++ caps = cap_init(); ++ cap_clear(caps); ++ cap_set_flag(caps, CAP_PERMITTED, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET); ++ cap_set_flag(caps, CAP_EFFECTIVE, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET); ++ cap_set_proc(caps); ++ cap_free(caps); ++#endif ++ ++ mpm_state = AP_MPMQ_RUNNING; ++ ++ bucket_alloc = apr_bucket_alloc_create(pchild); ++ ++ /* die_now is set when AP_SIG_GRACEFUL is received in the child; ++ * shutdown_pending is set when SIGTERM is received when running ++ * in single process mode. */ ++ while (!die_now && !shutdown_pending) { ++ conn_rec *current_conn; ++ void *csd; ++ ++ /* ++ * (Re)initialize this child to a pre-connection state. ++ */ ++ ++ apr_pool_clear(ptrans); ++ ++ if ((ap_max_requests_per_child > 0 ++ && requests_this_child++ >= ap_max_requests_per_child)) { ++ clean_child_exit(0); ++ } ++ ++ (void) ap_update_child_status(sbh, SERVER_READY, (request_rec *) NULL); ++ ++ /* ++ * Wait for an acceptable connection to arrive. ++ */ ++ ++ /* Lock around "accept", if necessary */ ++ SAFE_ACCEPT(accept_mutex_on()); ++ ++ if (num_listensocks == 1) { ++ /* There is only one listener record, so refer to that one. */ ++ lr = ap_listeners; ++ } ++ else { ++ /* multiple listening sockets - need to poll */ ++ for (;;) { ++ apr_int32_t numdesc; ++ const apr_pollfd_t *pdesc; ++ ++ /* timeout == -1 == wait forever */ ++ status = apr_pollset_poll(pollset, -1, &numdesc, &pdesc); ++ if (status != APR_SUCCESS) { ++ if (APR_STATUS_IS_EINTR(status)) { ++ if (one_process && shutdown_pending) { ++ return; ++ } ++ else if (die_now) { ++ /* In graceful stop/restart; drop the mutex ++ * and terminate the child. */ ++ SAFE_ACCEPT(accept_mutex_off()); ++ clean_child_exit(0); ++ } ++ continue; ++ } ++ /* Single Unix documents select as returning errnos ++ * EBADF, EINTR, and EINVAL... and in none of those ++ * cases does it make sense to continue. In fact ++ * on Linux 2.0.x we seem to end up with EFAULT ++ * occasionally, and we'd loop forever due to it. ++ */ ++ ap_log_error(APLOG_MARK, APLOG_ERR, status, ++ ap_server_conf, "apr_pollset_poll: (listen)"); ++ SAFE_ACCEPT(accept_mutex_off()); ++ clean_child_exit(1); ++ } ++ ++ /* We can always use pdesc[0], but sockets at position N ++ * could end up completely starved of attention in a very ++ * busy server. Therefore, we round-robin across the ++ * returned set of descriptors. While it is possible that ++ * the returned set of descriptors might flip around and ++ * continue to starve some sockets, we happen to know the ++ * internal pollset implementation retains ordering ++ * stability of the sockets. Thus, the round-robin should ++ * ensure that a socket will eventually be serviced. ++ */ ++ if (last_poll_idx >= numdesc) ++ last_poll_idx = 0; ++ ++ /* Grab a listener record from the client_data of the poll ++ * descriptor, and advance our saved index to round-robin ++ * the next fetch. ++ * ++ * ### hmm... this descriptor might have POLLERR rather ++ * ### than POLLIN ++ */ ++ lr = pdesc[last_poll_idx++].client_data; ++ goto got_fd; ++ } ++ } ++ got_fd: ++ /* if we accept() something we don't want to die, so we have to ++ * defer the exit ++ */ ++ status = lr->accept_func(&csd, lr, ptrans); ++ ++ SAFE_ACCEPT(accept_mutex_off()); /* unlock after "accept" */ ++ ++ if (status == APR_EGENERAL) { ++ /* resource shortage or should-not-occur occured */ ++ clean_child_exit(1); ++ } ++ else if (status != APR_SUCCESS) { ++ continue; ++ } ++ ++ /* ++ * We now have a connection, so set it up with the appropriate ++ * socket options, file descriptors, and read/write buffers. ++ */ ++ ++ { ++ pid_t pid = fork(), child_pid; ++ int status; ++ switch (pid) { ++ case -1: ++ ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "fork: Unable to fork new process"); ++ break; ++ case 0: /* child */ ++ apr_proc_mutex_child_init(&accept_mutex, ap_lock_fname, pchild); ++ current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc); ++ if (current_conn) { ++ ap_process_connection(current_conn, csd); ++ ap_lingering_close(current_conn); ++ } ++ exit(0); ++ default: /* parent; just wait for child to be done */ ++ do { ++ child_pid = waitpid(pid, &status, 0); ++ } while (child_pid == -1 && errno == EINTR); ++ ++ if (child_pid != pid || !WIFEXITED(status)) { ++ if (WIFSIGNALED(status)) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child died with signal %u", WTERMSIG(status)); ++ } else if (WEXITSTATUS(status) != 0) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child exited with non-zero exit status %u", WEXITSTATUS(status)); ++ } else { ++ ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "waitpid() failed"); ++ } ++ clean_child_exit(1); ++ } ++ break; ++ } ++ } ++ ++ /* Check the pod and the generation number after processing a ++ * connection so that we'll go away if a graceful restart occurred ++ * while we were processing the connection or we are the lucky ++ * idle server process that gets to die. ++ */ ++ if (ap_mpm_pod_check(pod) == APR_SUCCESS) { /* selected as idle? */ ++ die_now = 1; ++ } ++ else if (ap_my_generation != ++ ap_scoreboard_image->global->running_generation) { /* restart? */ ++ /* yeah, this could be non-graceful restart, in which case the ++ * parent will kill us soon enough, but why bother checking? ++ */ ++ die_now = 1; ++ } ++ ++ /* if we have already setuid(), die (we can't be used anyhow) */ ++ if (getuid()) ++ die_now = 1; ++ } ++ clean_child_exit(0); ++} ++ ++ ++static int make_child(server_rec *s, int slot) ++{ ++ int pid; ++ ++ if (slot + 1 > ap_max_daemons_limit) { ++ ap_max_daemons_limit = slot + 1; ++ } ++ ++ if (one_process) { ++ apr_signal(SIGHUP, sig_term); ++ /* Don't catch AP_SIG_GRACEFUL in ONE_PROCESS mode :) */ ++ apr_signal(SIGINT, sig_term); ++#ifdef SIGQUIT ++ apr_signal(SIGQUIT, SIG_DFL); ++#endif ++ apr_signal(SIGTERM, sig_term); ++ child_main(slot); ++ return 0; ++ } ++ ++ (void) ap_update_child_status_from_indexes(slot, 0, SERVER_STARTING, ++ (request_rec *) NULL); ++ ++ ++#ifdef _OSD_POSIX ++ /* BS2000 requires a "special" version of fork() before a setuid() call */ ++ if ((pid = os_fork(unixd_config.user_name)) == -1) { ++#elif defined(TPF) ++ if ((pid = os_fork(s, slot)) == -1) { ++#else ++ if ((pid = fork()) == -1) { ++#endif ++ ap_log_error(APLOG_MARK, APLOG_ERR, errno, s, "fork: Unable to fork new process"); ++ ++ /* fork didn't succeed. Fix the scoreboard or else ++ * it will say SERVER_STARTING forever and ever ++ */ ++ (void) ap_update_child_status_from_indexes(slot, 0, SERVER_DEAD, ++ (request_rec *) NULL); ++ ++ /* In case system resources are maxxed out, we don't want ++ * Apache running away with the CPU trying to fork over and ++ * over and over again. ++ */ ++ sleep(10); ++ ++ return -1; ++ } ++ ++ if (!pid) { ++#ifdef HAVE_BINDPROCESSOR ++ /* by default AIX binds to a single processor ++ * this bit unbinds children which will then bind to another cpu ++ */ ++ int status = bindprocessor(BINDPROCESS, (int)getpid(), ++ PROCESSOR_CLASS_ANY); ++ if (status != OK) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ++ ap_server_conf, "processor unbind failed %d", status); ++ } ++#endif ++ RAISE_SIGSTOP(MAKE_CHILD); ++ AP_MONCONTROL(1); ++ /* Disable the parent's signal handlers and set up proper handling in ++ * the child. ++ */ ++ apr_signal(SIGHUP, just_die); ++ apr_signal(SIGTERM, just_die); ++ /* The child process just closes listeners on AP_SIG_GRACEFUL. ++ * The pod is used for signalling the graceful restart. ++ */ ++ apr_signal(AP_SIG_GRACEFUL, stop_listening); ++ child_main(slot); ++ } ++ ++ ap_scoreboard_image->parent[slot].pid = pid; ++ ++ return 0; ++} ++ ++ ++/* start up a bunch of children */ ++static void startup_children(int number_to_start) ++{ ++ int i; ++ ++ for (i = 0; number_to_start && i < ap_daemons_limit; ++i) { ++ if (ap_scoreboard_image->servers[i][0].status != SERVER_DEAD) { ++ continue; ++ } ++ if (make_child(ap_server_conf, i) < 0) { ++ break; ++ } ++ --number_to_start; ++ } ++} ++ ++ ++/* ++ * idle_spawn_rate is the number of children that will be spawned on the ++ * next maintenance cycle if there aren't enough idle servers. It is ++ * doubled up to MAX_SPAWN_RATE, and reset only when a cycle goes by ++ * without the need to spawn. ++ */ ++static int idle_spawn_rate = 1; ++#ifndef MAX_SPAWN_RATE ++#define MAX_SPAWN_RATE (32) ++#endif ++static int hold_off_on_exponential_spawning; ++ ++static void perform_idle_server_maintenance(apr_pool_t *p) ++{ ++ int i; ++ int to_kill; ++ int idle_count; ++ worker_score *ws; ++ int free_length; ++ int free_slots[MAX_SPAWN_RATE]; ++ int last_non_dead; ++ int total_non_dead; ++ ++ /* initialize the free_list */ ++ free_length = 0; ++ ++ to_kill = -1; ++ idle_count = 0; ++ last_non_dead = -1; ++ total_non_dead = 0; ++ ++ for (i = 0; i < ap_daemons_limit; ++i) { ++ int status; ++ ++ if (i >= ap_max_daemons_limit && free_length == idle_spawn_rate) ++ break; ++ ws = &ap_scoreboard_image->servers[i][0]; ++ status = ws->status; ++ if (status == SERVER_DEAD) { ++ /* try to keep children numbers as low as possible */ ++ if (free_length < idle_spawn_rate) { ++ free_slots[free_length] = i; ++ ++free_length; ++ } ++ } ++ else { ++ /* We consider a starting server as idle because we started it ++ * at least a cycle ago, and if it still hasn't finished starting ++ * then we're just going to swamp things worse by forking more. ++ * So we hopefully won't need to fork more if we count it. ++ * This depends on the ordering of SERVER_READY and SERVER_STARTING. ++ */ ++ if (status <= SERVER_READY) { ++ ++ idle_count; ++ /* always kill the highest numbered child if we have to... ++ * no really well thought out reason ... other than observing ++ * the server behaviour under linux where lower numbered children ++ * tend to service more hits (and hence are more likely to have ++ * their data in cpu caches). ++ */ ++ to_kill = i; ++ } ++ ++ ++total_non_dead; ++ last_non_dead = i; ++ } ++ } ++ ap_max_daemons_limit = last_non_dead + 1; ++ if (idle_count > ap_daemons_max_free) { ++ /* kill off one child... we use the pod because that'll cause it to ++ * shut down gracefully, in case it happened to pick up a request ++ * while we were counting ++ */ ++ ap_mpm_pod_signal(pod); ++ idle_spawn_rate = 1; ++ } ++ else if (idle_count < ap_daemons_min_free) { ++ /* terminate the free list */ ++ if (free_length == 0) { ++ /* only report this condition once */ ++ static int reported = 0; ++ ++ if (!reported) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, ++ "server reached MaxClients setting, consider" ++ " raising the MaxClients setting"); ++ reported = 1; ++ } ++ idle_spawn_rate = 1; ++ } ++ else { ++ if (idle_spawn_rate >= 8) { ++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf, ++ "server seems busy, (you may need " ++ "to increase StartServers, or Min/MaxSpareServers), " ++ "spawning %d children, there are %d idle, and " ++ "%d total children", idle_spawn_rate, ++ idle_count, total_non_dead); ++ } ++ for (i = 0; i < free_length; ++i) { ++#ifdef TPF ++ if (make_child(ap_server_conf, free_slots[i]) == -1) { ++ if(free_length == 1) { ++ shutdown_pending = 1; ++ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, ap_server_conf, ++ "No active child processes: shutting down"); ++ } ++ } ++#else ++ make_child(ap_server_conf, free_slots[i]); ++#endif /* TPF */ ++ } ++ /* the next time around we want to spawn twice as many if this ++ * wasn't good enough, but not if we've just done a graceful ++ */ ++ if (hold_off_on_exponential_spawning) { ++ --hold_off_on_exponential_spawning; ++ } ++ else if (idle_spawn_rate < MAX_SPAWN_RATE) { ++ idle_spawn_rate *= 2; ++ } ++ } ++ } ++ else { ++ idle_spawn_rate = 1; ++ } ++} ++ ++/***************************************************************** ++ * Executive routines. ++ */ ++ ++int ap_mpm_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) ++{ ++ int index; ++ int remaining_children_to_start; ++ apr_status_t rv; ++ ++ ap_log_pid(pconf, ap_pid_fname); ++ ++ first_server_limit = server_limit; ++ if (changed_limit_at_restart) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, ++ "WARNING: Attempt to change ServerLimit " ++ "ignored during restart"); ++ changed_limit_at_restart = 0; ++ } ++ ++ /* Initialize cross-process accept lock */ ++ ap_lock_fname = apr_psprintf(_pconf, "%s.%" APR_PID_T_FMT, ++ ap_server_root_relative(_pconf, ap_lock_fname), ++ ap_my_pid); ++ ++ rv = apr_proc_mutex_create(&accept_mutex, ap_lock_fname, ++ ap_accept_lock_mech, _pconf); ++ if (rv != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, ++ "Couldn't create accept lock (%s) (%d)", ++ ap_lock_fname, ap_accept_lock_mech); ++ mpm_state = AP_MPMQ_STOPPING; ++ return 1; ++ } ++ ++#if APR_USE_SYSVSEM_SERIALIZE ++ if (ap_accept_lock_mech == APR_LOCK_DEFAULT || ++ ap_accept_lock_mech == APR_LOCK_SYSVSEM) { ++#else ++ if (ap_accept_lock_mech == APR_LOCK_SYSVSEM) { ++#endif ++ rv = unixd_set_proc_mutex_perms(accept_mutex); ++ if (rv != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, ++ "Couldn't set permissions on cross-process lock; " ++ "check User and Group directives"); ++ mpm_state = AP_MPMQ_STOPPING; ++ return 1; ++ } ++ } ++ ++ if (!is_graceful) { ++ if (ap_run_pre_mpm(s->process->pool, SB_SHARED) != OK) { ++ mpm_state = AP_MPMQ_STOPPING; ++ return 1; ++ } ++ /* fix the generation number in the global score; we just got a new, ++ * cleared scoreboard ++ */ ++ ap_scoreboard_image->global->running_generation = ap_my_generation; ++ } ++ ++ set_signals(); ++ ++ if (one_process) { ++ AP_MONCONTROL(1); ++ make_child(ap_server_conf, 0); ++ } ++ else { ++ if (ap_daemons_max_free < ap_daemons_min_free + 1) /* Don't thrash... */ ++ ap_daemons_max_free = ap_daemons_min_free + 1; ++ ++ /* If we're doing a graceful_restart then we're going to see a lot ++ * of children exiting immediately when we get into the main loop ++ * below (because we just sent them AP_SIG_GRACEFUL). This happens pretty ++ * rapidly... and for each one that exits we'll start a new one until ++ * we reach at least daemons_min_free. But we may be permitted to ++ * start more than that, so we'll just keep track of how many we're ++ * supposed to start up without the 1 second penalty between each fork. ++ */ ++ remaining_children_to_start = ap_daemons_to_start; ++ if (remaining_children_to_start > ap_daemons_limit) { ++ remaining_children_to_start = ap_daemons_limit; ++ } ++ if (!is_graceful) { ++ startup_children(remaining_children_to_start); ++ remaining_children_to_start = 0; ++ } ++ else { ++ /* give the system some time to recover before kicking into ++ * exponential mode ++ */ ++ hold_off_on_exponential_spawning = 10; ++ } ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "%s configured -- resuming normal operations", ++ ap_get_server_description()); ++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf, ++ "Server built: %s", ap_get_server_built()); ++#ifdef AP_MPM_WANT_SET_ACCEPT_LOCK_MECH ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, ++ "AcceptMutex: %s (default: %s)", ++ apr_proc_mutex_name(accept_mutex), ++ apr_proc_mutex_defname()); ++#endif ++ restart_pending = shutdown_pending = 0; ++ ++ mpm_state = AP_MPMQ_RUNNING; ++ ++ while (!restart_pending && !shutdown_pending) { ++ int child_slot; ++ apr_exit_why_e exitwhy; ++ int status, processed_status; ++ /* this is a memory leak, but I'll fix it later. */ ++ apr_proc_t pid; ++ ++ ap_wait_or_timeout(&exitwhy, &status, &pid, pconf); ++ ++ /* XXX: if it takes longer than 1 second for all our children ++ * to start up and get into IDLE state then we may spawn an ++ * extra child ++ */ ++ if (pid.pid != -1) { ++ processed_status = ap_process_child_status(&pid, exitwhy, status); ++ if (processed_status == APEXIT_CHILDFATAL) { ++ mpm_state = AP_MPMQ_STOPPING; ++ return 1; ++ } ++ ++ /* non-fatal death... note that it's gone in the scoreboard. */ ++ child_slot = find_child_by_pid(&pid); ++ if (child_slot >= 0) { ++ (void) ap_update_child_status_from_indexes(child_slot, 0, SERVER_DEAD, ++ (request_rec *) NULL); ++ if (processed_status == APEXIT_CHILDSICK) { ++ /* child detected a resource shortage (E[NM]FILE, ENOBUFS, etc) ++ * cut the fork rate to the minimum ++ */ ++ idle_spawn_rate = 1; ++ } ++ else if (remaining_children_to_start ++ && child_slot < ap_daemons_limit) { ++ /* we're still doing a 1-for-1 replacement of dead ++ * children with new children ++ */ ++ make_child(ap_server_conf, child_slot); ++ --remaining_children_to_start; ++ } ++#if APR_HAS_OTHER_CHILD ++ } ++ else if (apr_proc_other_child_alert(&pid, APR_OC_REASON_DEATH, status) == APR_SUCCESS) { ++ /* handled */ ++#endif ++ } ++ else if (is_graceful) { ++ /* Great, we've probably just lost a slot in the ++ * scoreboard. Somehow we don't know about this ++ * child. ++ */ ++ ap_log_error(APLOG_MARK, APLOG_WARNING, ++ 0, ap_server_conf, ++ "long lost child came home! (pid %ld)", (long)pid.pid); ++ } ++ /* Don't perform idle maintenance when a child dies, ++ * only do it when there's a timeout. Remember only a ++ * finite number of children can die, and it's pretty ++ * pathological for a lot to die suddenly. ++ */ ++ continue; ++ } ++ else if (remaining_children_to_start) { ++ /* we hit a 1 second timeout in which none of the previous ++ * generation of children needed to be reaped... so assume ++ * they're all done, and pick up the slack if any is left. ++ */ ++ startup_children(remaining_children_to_start); ++ remaining_children_to_start = 0; ++ /* In any event we really shouldn't do the code below because ++ * few of the servers we just started are in the IDLE state ++ * yet, so we'd mistakenly create an extra server. ++ */ ++ continue; ++ } ++ ++ perform_idle_server_maintenance(pconf); ++#ifdef TPF ++ shutdown_pending = os_check_server(tpf_server_name); ++ ap_check_signals(); ++ sleep(1); ++#endif /*TPF */ ++ } ++ } /* one_process */ ++ ++ mpm_state = AP_MPMQ_STOPPING; ++ ++ if (shutdown_pending && !is_graceful) { ++ /* Time to shut down: ++ * Kill child processes, tell them to call child_exit, etc... ++ */ ++ if (unixd_killpg(getpgrp(), SIGTERM) < 0) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "killpg SIGTERM"); ++ } ++ ap_reclaim_child_processes(1); /* Start with SIGTERM */ ++ ++ /* cleanup pid file on normal shutdown */ ++ { ++ const char *pidfile = NULL; ++ pidfile = ap_server_root_relative (pconf, ap_pid_fname); ++ if ( pidfile != NULL && unlink(pidfile) == 0) ++ ap_log_error(APLOG_MARK, APLOG_INFO, ++ 0, ap_server_conf, ++ "removed PID file %s (pid=%ld)", ++ pidfile, (long)getpid()); ++ } ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "caught SIGTERM, shutting down"); ++ ++ return 1; ++ } else if (shutdown_pending) { ++ /* Time to perform a graceful shut down: ++ * Reap the inactive children, and ask the active ones ++ * to close their listeners, then wait until they are ++ * all done to exit. ++ */ ++ int active_children; ++ apr_time_t cutoff = 0; ++ ++ /* Stop listening */ ++ ap_close_listeners(); ++ ++ /* kill off the idle ones */ ++ ap_mpm_pod_killpg(pod, ap_max_daemons_limit); ++ ++ /* Send SIGUSR1 to the active children */ ++ active_children = 0; ++ for (index = 0; index < ap_daemons_limit; ++index) { ++ if (ap_scoreboard_image->servers[index][0].status != SERVER_DEAD) { ++ /* Ask each child to close its listeners. */ ++ ap_mpm_safe_kill(MPM_CHILD_PID(index), AP_SIG_GRACEFUL); ++ active_children++; ++ } ++ } ++ ++ /* Allow each child which actually finished to exit */ ++ ap_relieve_child_processes(); ++ ++ /* cleanup pid file */ ++ { ++ const char *pidfile = NULL; ++ pidfile = ap_server_root_relative (pconf, ap_pid_fname); ++ if ( pidfile != NULL && unlink(pidfile) == 0) ++ ap_log_error(APLOG_MARK, APLOG_INFO, ++ 0, ap_server_conf, ++ "removed PID file %s (pid=%ld)", ++ pidfile, (long)getpid()); ++ } ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "caught " AP_SIG_GRACEFUL_STOP_STRING ", shutting down gracefully"); ++ ++ if (ap_graceful_shutdown_timeout) { ++ cutoff = apr_time_now() + ++ apr_time_from_sec(ap_graceful_shutdown_timeout); ++ } ++ ++ /* Don't really exit until each child has finished */ ++ shutdown_pending = 0; ++ do { ++ /* Pause for a second */ ++ sleep(1); ++ ++ /* Relieve any children which have now exited */ ++ ap_relieve_child_processes(); ++ ++ active_children = 0; ++ for (index = 0; index < ap_daemons_limit; ++index) { ++ if (ap_mpm_safe_kill(MPM_CHILD_PID(index), 0) == APR_SUCCESS) { ++ active_children = 1; ++ /* Having just one child is enough to stay around */ ++ break; ++ } ++ } ++ } while (!shutdown_pending && active_children && ++ (!ap_graceful_shutdown_timeout || apr_time_now() < cutoff)); ++ ++ /* We might be here because we received SIGTERM, either ++ * way, try and make sure that all of our processes are ++ * really dead. ++ */ ++ unixd_killpg(getpgrp(), SIGTERM); ++ ++ return 1; ++ } ++ ++ /* we've been told to restart */ ++ apr_signal(SIGHUP, SIG_IGN); ++ apr_signal(AP_SIG_GRACEFUL, SIG_IGN); ++ if (one_process) { ++ /* not worth thinking about */ ++ return 1; ++ } ++ ++ /* advance to the next generation */ ++ /* XXX: we really need to make sure this new generation number isn't in ++ * use by any of the children. ++ */ ++ ++ap_my_generation; ++ ap_scoreboard_image->global->running_generation = ap_my_generation; ++ ++ if (is_graceful) { ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "Graceful restart requested, doing restart"); ++ ++ /* kill off the idle ones */ ++ ap_mpm_pod_killpg(pod, ap_max_daemons_limit); ++ ++ /* This is mostly for debugging... so that we know what is still ++ * gracefully dealing with existing request. This will break ++ * in a very nasty way if we ever have the scoreboard totally ++ * file-based (no shared memory) ++ */ ++ for (index = 0; index < ap_daemons_limit; ++index) { ++ if (ap_scoreboard_image->servers[index][0].status != SERVER_DEAD) { ++ ap_scoreboard_image->servers[index][0].status = SERVER_GRACEFUL; ++ /* Ask each child to close its listeners. ++ * ++ * NOTE: we use the scoreboard, because if we send SIGUSR1 ++ * to every process in the group, this may include CGI's, ++ * piped loggers, etc. They almost certainly won't handle ++ * it gracefully. ++ */ ++ ap_mpm_safe_kill(ap_scoreboard_image->parent[index].pid, AP_SIG_GRACEFUL); ++ } ++ } ++ } ++ else { ++ /* Kill 'em off */ ++ if (unixd_killpg(getpgrp(), SIGHUP) < 0) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "killpg SIGHUP"); ++ } ++ ap_reclaim_child_processes(0); /* Not when just starting up */ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "SIGHUP received. Attempting to restart"); ++ } ++ ++ return 0; ++} ++ ++/* This really should be a post_config hook, but the error log is already ++ * redirected by that point, so we need to do this in the open_logs phase. ++ */ ++static int itk_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) ++{ ++ apr_status_t rv; ++ ++ pconf = p; ++ ap_server_conf = s; ++ ++ if ((num_listensocks = ap_setup_listeners(ap_server_conf)) < 1) { ++ ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_STARTUP, 0, ++ NULL, "no listening sockets available, shutting down"); ++ return DONE; ++ } ++ ++ if ((rv = ap_mpm_pod_open(pconf, &pod))) { ++ ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_STARTUP, rv, NULL, ++ "Could not open pipe-of-death."); ++ return DONE; ++ } ++ return OK; ++} ++ ++static int itk_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp) ++{ ++ static int restart_num = 0; ++ int no_detach, debug, foreground; ++ apr_status_t rv; ++ ++ mpm_state = AP_MPMQ_STARTING; ++ ++ debug = ap_exists_config_define("DEBUG"); ++ ++ if (debug) { ++ foreground = one_process = 1; ++ no_detach = 0; ++ } ++ else ++ { ++ no_detach = ap_exists_config_define("NO_DETACH"); ++ one_process = ap_exists_config_define("ONE_PROCESS"); ++ foreground = ap_exists_config_define("FOREGROUND"); ++ } ++ ++ /* sigh, want this only the second time around */ ++ if (restart_num++ == 1) { ++ is_graceful = 0; ++ ++ if (!one_process && !foreground) { ++ rv = apr_proc_detach(no_detach ? APR_PROC_DETACH_FOREGROUND ++ : APR_PROC_DETACH_DAEMONIZE); ++ if (rv != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL, ++ "apr_proc_detach failed"); ++ return HTTP_INTERNAL_SERVER_ERROR; ++ } ++ } ++ ++ parent_pid = ap_my_pid = getpid(); ++ } ++ ++ unixd_pre_config(ptemp); ++ ap_listen_pre_config(); ++ ap_daemons_to_start = DEFAULT_START_DAEMON; ++ ap_daemons_min_free = DEFAULT_MIN_FREE_DAEMON; ++ ap_daemons_max_free = DEFAULT_MAX_FREE_DAEMON; ++ ap_daemons_limit = server_limit; ++ ap_pid_fname = DEFAULT_PIDLOG; ++ ap_lock_fname = DEFAULT_LOCKFILE; ++ ap_max_requests_per_child = DEFAULT_MAX_REQUESTS_PER_CHILD; ++ ap_extended_status = 0; ++#ifdef AP_MPM_WANT_SET_MAX_MEM_FREE ++ ap_max_mem_free = APR_ALLOCATOR_MAX_FREE_UNLIMITED; ++#endif ++ ++ apr_cpystrn(ap_coredump_dir, ap_server_root, sizeof(ap_coredump_dir)); ++ ++ return OK; ++} ++ ++static int itk_post_perdir_config(request_rec *r) ++{ ++ uid_t wanted_uid; ++ gid_t wanted_gid; ++ const char *wanted_username; ++ int err = 0; ++ ++ itk_server_conf *sconf = ++ (itk_server_conf *) ap_get_module_config(r->server->module_config, &mpm_itk_module); ++ ++ /* Enforce MaxClientsVhost. */ ++ if (sconf->max_clients_vhost > 0) { ++ int i, num_other_servers = 0; ++ for (i = 0; i < ap_daemons_limit; ++i) { ++ worker_score *ws = &ap_scoreboard_image->servers[i][0]; ++ if (ws->status >= SERVER_BUSY_READ && strncmp(ws->vhost, r->server->server_hostname, 31) == 0) ++ ++num_other_servers; ++ } ++ ++ if (num_other_servers > sconf->max_clients_vhost) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ ++ "MaxClientsVhost reached for %s, refusing client.", ++ r->server->server_hostname); ++ return HTTP_SERVICE_UNAVAILABLE; ++ } ++ } ++ ++ itk_per_dir_conf *dconf = ++ (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module); ++ ++ strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31); ++ ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0; ++ ++ if (dconf->nice_value != UNSET_NICE_VALUE && ++ setpriority(PRIO_PROCESS, 0, dconf->nice_value)) { ++ _DBG("setpriority(): %s", strerror(errno)); ++ err = 1; ++ } ++ ++ wanted_uid = dconf->uid; ++ wanted_gid = dconf->gid; ++ wanted_username = dconf->username; ++ ++ if (wanted_uid == -1 || wanted_gid == -1) { ++ wanted_uid = unixd_config.user_id; ++ wanted_gid = unixd_config.group_id; ++ wanted_username = unixd_config.user_name; ++ } ++ ++ if (!err && wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) { ++ if (setgid(wanted_gid)) { ++ _DBG("setgid(%d): %s", wanted_gid, strerror(errno)); ++ err = 1; ++ } else if (initgroups(wanted_username, wanted_gid)) { ++ _DBG("initgroups(%s, %d): %s", wanted_username, wanted_gid, strerror(errno)); ++ err = 1; ++ } else if (setuid(wanted_uid)) { ++ _DBG("setuid(%d): %s", wanted_uid, strerror(errno)); ++ err = 1; ++ } ++ } ++ ++ /* ++ * Most likely a case of switching uid/gid within a persistent ++ * connection; the RFCs allow us to just close the connection ++ * at anytime, so we excercise our right. :-) ++ */ ++ if (err) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ ++ "Couldn't set uid/gid/priority, closing connection."); ++ ap_lingering_close(r->connection); ++ exit(0); ++ } ++ return OK; ++} ++ ++static void itk_hooks(apr_pool_t *p) ++{ ++ /* The itk open_logs phase must run before the core's, or stderr ++ * will be redirected to a file, and the messages won't print to the ++ * console. ++ */ ++ static const char *const aszSucc[] = {"core.c", NULL}; ++ ++#ifdef AUX3 ++ (void) set42sig(); ++#endif ++ ++ ap_hook_open_logs(itk_open_logs, NULL, aszSucc, APR_HOOK_MIDDLE); ++ /* we need to set the MPM state before other pre-config hooks use MPM query ++ * to retrieve it, so register as REALLY_FIRST ++ */ ++ ap_hook_pre_config(itk_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST); ++ ++ /* set the uid as fast as possible, but not before merging per-dit config */ ++ ap_hook_header_parser(itk_post_perdir_config, NULL, NULL, APR_HOOK_REALLY_FIRST); ++} ++ ++static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ ap_daemons_to_start = atoi(arg); ++ return NULL; ++} ++ ++static const char *set_min_free_servers(cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ ap_daemons_min_free = atoi(arg); ++ if (ap_daemons_min_free <= 0) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: detected MinSpareServers set to non-positive."); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "Resetting to 1 to avoid almost certain Apache failure."); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "Please read the documentation."); ++ ap_daemons_min_free = 1; ++ } ++ ++ return NULL; ++} ++ ++static const char *set_max_free_servers(cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ ap_daemons_max_free = atoi(arg); ++ return NULL; ++} ++ ++static const char *set_max_clients (cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ ap_daemons_limit = atoi(arg); ++ if (ap_daemons_limit > server_limit) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: MaxClients of %d exceeds ServerLimit value " ++ "of %d servers,", ap_daemons_limit, server_limit); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ " lowering MaxClients to %d. To increase, please " ++ "see the ServerLimit", server_limit); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ " directive."); ++ ap_daemons_limit = server_limit; ++ } ++ else if (ap_daemons_limit < 1) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: Require MaxClients > 0, setting to 1"); ++ ap_daemons_limit = 1; ++ } ++ return NULL; ++} ++ ++static const char *set_server_limit (cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ int tmp_server_limit; ++ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ tmp_server_limit = atoi(arg); ++ /* you cannot change ServerLimit across a restart; ignore ++ * any such attempts ++ */ ++ if (first_server_limit && ++ tmp_server_limit != server_limit) { ++ /* how do we log a message? the error log is a bit bucket at this ++ * point; we'll just have to set a flag so that ap_mpm_run() ++ * logs a warning later ++ */ ++ changed_limit_at_restart = 1; ++ return NULL; ++ } ++ server_limit = tmp_server_limit; ++ ++ if (server_limit > MAX_SERVER_LIMIT) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: ServerLimit of %d exceeds compile time limit " ++ "of %d servers,", server_limit, MAX_SERVER_LIMIT); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ " lowering ServerLimit to %d.", MAX_SERVER_LIMIT); ++ server_limit = MAX_SERVER_LIMIT; ++ } ++ else if (server_limit < 1) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: Require ServerLimit > 0, setting to 1"); ++ server_limit = 1; ++ } ++ return NULL; ++} ++ ++static const char *assign_user_id (cmd_parms *cmd, void *ptr, const char *user_name, const char *group_name) ++{ ++ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr; ++ dconf->username = apr_pstrdup(cmd->pool, user_name); ++ dconf->uid = ap_uname2id(user_name); ++ dconf->gid = ap_gname2id(group_name); ++ return NULL; ++} ++ ++static const char *set_max_clients_vhost (cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ itk_server_conf *sconf = ++ (itk_server_conf *) ap_get_module_config(cmd->server->module_config, &mpm_itk_module); ++ sconf->max_clients_vhost = atoi(arg); ++ return NULL; ++} ++ ++static const char *set_nice_value (cmd_parms *cmd, void *ptr, const char *arg) ++{ ++ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr; ++ int nice_value = atoi(arg); ++ ++ if (nice_value < -20) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: NiceValue of %d is below -20, increasing NiceValue to -20.", ++ nice_value); ++ nice_value = -20; ++ } ++ else if (nice_value > 19) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: NiceValue of %d is above 19, lowering NiceValue to 19.", ++ nice_value); ++ nice_value = 19; ++ } ++ dconf->nice_value = nice_value; ++ return NULL; ++} ++ ++static const command_rec itk_cmds[] = { ++UNIX_DAEMON_COMMANDS, ++LISTEN_COMMANDS, ++AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF, ++ "Number of child processes launched at server startup"), ++AP_INIT_TAKE1("MinSpareServers", set_min_free_servers, NULL, RSRC_CONF, ++ "Minimum number of idle children, to handle request spikes"), ++AP_INIT_TAKE1("MaxSpareServers", set_max_free_servers, NULL, RSRC_CONF, ++ "Maximum number of idle children"), ++AP_INIT_TAKE1("MaxClients", set_max_clients, NULL, RSRC_CONF, ++ "Maximum number of children alive at the same time"), ++AP_INIT_TAKE1("ServerLimit", set_server_limit, NULL, RSRC_CONF, ++ "Maximum value of MaxClients for this run of Apache"), ++AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF, ++ "Tie a virtual host to a specific child process."), ++AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF, ++ "Maximum number of children alive at the same time for this virtual host."), ++AP_INIT_TAKE1("NiceValue", set_nice_value, NULL, RSRC_CONF|ACCESS_CONF, ++ "Set nice value for the given vhost, from -20 (highest priority) to 19 (lowest priority)."), ++AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND, ++{ NULL } ++}; ++ ++/* == allocate a private per-dir config structure == */ ++static void *itk_create_dir_config(apr_pool_t *p, char *dummy) ++{ ++ itk_per_dir_conf *c = (itk_per_dir_conf *) ++ apr_pcalloc(p, sizeof(itk_per_dir_conf)); ++ c->uid = c->gid = -1; ++ c->nice_value = UNSET_NICE_VALUE; ++ return c; ++} ++ ++/* == merge the parent per-dir config structure into ours == */ ++static void *itk_merge_dir_config(apr_pool_t *p, void *parent_ptr, void *child_ptr) ++{ ++ itk_per_dir_conf *c = (itk_per_dir_conf *) ++ apr_pcalloc(p, sizeof(itk_per_dir_conf)); ++ itk_per_dir_conf *parent = (itk_per_dir_conf *) parent_ptr; ++ itk_per_dir_conf *child = (itk_per_dir_conf *) child_ptr; ++ ++ if (child->username != NULL) { ++ c->username = apr_pstrdup(p, child->username); ++ c->uid = child->uid; ++ c->gid = child->gid; ++ } else if (parent->username != NULL) { ++ c->username = apr_pstrdup(p, parent->username); ++ c->uid = parent->uid; ++ c->gid = parent->gid; ++ } ++ if (child->nice_value != UNSET_NICE_VALUE) { ++ c->nice_value = child->nice_value; ++ } else { ++ c->nice_value = parent->nice_value; ++ } ++ return c; ++} ++ ++/* == allocate a private server config structure == */ ++static void *itk_create_server_config(apr_pool_t *p, server_rec *s) ++{ ++ itk_server_conf *c = (itk_server_conf *) ++ apr_pcalloc(p, sizeof(itk_server_conf)); ++ c->max_clients_vhost = -1; ++ return c; ++} ++ ++module AP_MODULE_DECLARE_DATA mpm_itk_module = { ++ MPM20_MODULE_STUFF, ++ ap_mpm_rewrite_args, /* hook to run before apache parses args */ ++ itk_create_dir_config, /* create per-directory config structure */ ++ itk_merge_dir_config, /* merge per-directory config structures */ ++ itk_create_server_config, /* create per-server config structure */ ++ NULL, /* merge per-server config structures */ ++ itk_cmds, /* command apr_table_t */ ++ itk_hooks, /* register hooks */ ++}; +unchanged: +--- httpd-2.2.11/server/mpm/experimental/itk/mpm.h 2009-03-17 21:39:03.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h 2009-03-21 13:02:33.000000000 +0100 +@@ -0,0 +1,68 @@ ++/* Licensed to the Apache Software Foundation (ASF) under one or more ++ * contributor license agreements. See the NOTICE file distributed with ++ * this work for additional information regarding copyright ownership. ++ * The ASF licenses this file to You under the Apache License, Version 2.0 ++ * (the "License"); you may not use this file except in compliance with ++ * the License. You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. ++ */ ++ ++/** ++ * @file itk/mpm.h ++ * @brief ITK MPM (setuid per-vhost, no threads) ++ * ++ * @defgroup APACHE_MPM_ITK Apache ITK ++ * @ingroup APACHE_MPM APACHE_OS_UNIX ++ * @{ ++ */ ++ ++#include "httpd.h" ++#include "mpm_default.h" ++#include "scoreboard.h" ++#include "unixd.h" ++ ++#ifndef APACHE_MPM_ITK_H ++#define APACHE_MPM_ITK_H ++ ++#define ITK_MPM ++ ++#define MPM_NAME "ITK" ++ ++#define AP_MPM_WANT_RECLAIM_CHILD_PROCESSES ++#define AP_MPM_WANT_WAIT_OR_TIMEOUT ++#define AP_MPM_WANT_PROCESS_CHILD_STATUS ++#define AP_MPM_WANT_SET_PIDFILE ++#define AP_MPM_WANT_SET_SCOREBOARD ++#define AP_MPM_WANT_SET_LOCKFILE ++#define AP_MPM_WANT_SET_MAX_REQUESTS ++#define AP_MPM_WANT_SET_COREDUMPDIR ++#define AP_MPM_WANT_SET_ACCEPT_LOCK_MECH ++#define AP_MPM_WANT_SIGNAL_SERVER ++#define AP_MPM_WANT_SET_MAX_MEM_FREE ++#define AP_MPM_WANT_FATAL_SIGNAL_HANDLER ++#define AP_MPM_WANT_SET_GRACEFUL_SHUTDOWN ++#define AP_MPM_DISABLE_NAGLE_ACCEPTED_SOCK ++ ++#define AP_MPM_USES_POD 1 ++#define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid) ++#define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0) ++#define MPM_ACCEPT_FUNC unixd_accept ++ ++extern int ap_threads_per_child; ++extern int ap_max_daemons_limit; ++extern server_rec *ap_server_conf; ++#endif /* APACHE_MPM_ITK_H */ ++/** @} */ +unchanged: +--- httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h 2009-03-17 21:39:03.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h 2009-03-21 13:02:33.000000000 +0100 +@@ -0,0 +1,80 @@ ++/* Licensed to the Apache Software Foundation (ASF) under one or more ++ * contributor license agreements. See the NOTICE file distributed with ++ * this work for additional information regarding copyright ownership. ++ * The ASF licenses this file to You under the Apache License, Version 2.0 ++ * (the "License"); you may not use this file except in compliance with ++ * the License. You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. ++ */ ++ ++/** ++ * @file itk/mpm_default.h ++ * @brief ITK MPM defaults ++ * ++ * @addtogroup APACHE_MPM_ITK ++ * @{ ++ */ ++ ++#ifndef APACHE_MPM_DEFAULT_H ++#define APACHE_MPM_DEFAULT_H ++ ++/* Number of servers to spawn off by default --- also, if fewer than ++ * this free when the caretaker checks, it will spawn more. ++ */ ++#ifndef DEFAULT_START_DAEMON ++#define DEFAULT_START_DAEMON 5 ++#endif ++ ++/* Maximum number of *free* server processes --- more than this, and ++ * they will die off. ++ */ ++ ++#ifndef DEFAULT_MAX_FREE_DAEMON ++#define DEFAULT_MAX_FREE_DAEMON 10 ++#endif ++ ++/* Minimum --- fewer than this, and more will be created */ ++ ++#ifndef DEFAULT_MIN_FREE_DAEMON ++#define DEFAULT_MIN_FREE_DAEMON 5 ++#endif ++ ++/* File used for accept locking, when we use a file */ ++#ifndef DEFAULT_LOCKFILE ++#define DEFAULT_LOCKFILE DEFAULT_REL_RUNTIMEDIR "/accept.lock" ++#endif ++ ++/* Where the main/parent process's pid is logged */ ++#ifndef DEFAULT_PIDLOG ++#define DEFAULT_PIDLOG DEFAULT_REL_RUNTIMEDIR "/httpd.pid" ++#endif ++ ++/* ++ * Interval, in microseconds, between scoreboard maintenance. ++ */ ++#ifndef SCOREBOARD_MAINTENANCE_INTERVAL ++#define SCOREBOARD_MAINTENANCE_INTERVAL 1000000 ++#endif ++ ++/* Number of requests to try to handle in a single process. If <= 0, ++ * the children don't die off. ++ */ ++#ifndef DEFAULT_MAX_REQUESTS_PER_CHILD ++#define DEFAULT_MAX_REQUESTS_PER_CHILD 10000 ++#endif ++ ++#endif /* AP_MPM_DEFAULT_H */ ++/** @} */ +unchanged: +--- apache2.2.orig/server/mpm/config.m4 2007-01-29 21:30:26.000000000 +0100 ++++ apache2.2/server/mpm/config.m4 2007-01-29 21:30:35.000000000 +0100 +@@ -1,7 +1,7 @@ + AC_MSG_CHECKING(which MPM to use) + AC_ARG_WITH(mpm, + APACHE_HELP_STRING(--with-mpm=MPM,Choose the process model for Apache to use. +- MPM={beos|event|worker|prefork|mpmt_os2|winnt}),[ ++ MPM={beos|event|worker|prefork|mpmt_os2|winnt|itk}),[ + APACHE_MPM=$withval + ],[ + if test "x$APACHE_MPM" = "x"; then +@@ -23,7 +23,7 @@ + + ap_mpm_is_experimental () + { +- if test "$apache_cv_mpm" = "event" ; then ++ if test "$apache_cv_mpm" = "event" -o "$apache_cv_mpm" = "itk" ; then + return 0 + else + return 1 +unchanged: +--- apache2.2.orig/server/mpm/experimental/itk/config.m4 2007-01-29 21:03:51.000000000 +0100 ++++ apache2.2/server/mpm/experimental/itk/config.m4 2007-01-29 21:03:57.000000000 +0100 +@@ -1,3 +1,3 @@ + if test "$MPM_NAME" = "itk" ; then +- APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile) ++ APACHE_FAST_OUTPUT(server/mpm/$MPM_SUBDIR_NAME/Makefile) + fi +unchanged: +--- httpd-2.2.11/include/http_request.h 2009-03-21 13:03:31.000000000 +0100 ++++ httpd-2.2.11/include/http_request.h 2009-03-21 13:03:41.000000000 +0100 +@@ -12,6 +12,12 @@ + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. + */ + + /** +@@ -350,6 +356,15 @@ + */ + AP_DECLARE_HOOK(void,insert_filter,(request_rec *r)) + ++/** ++ * This hook allows modules to affect the request immediately after the ++ * per-directory configuration for the request has been generated. This allows ++ * modules to make decisions based upon the current directory configuration ++ * @param r The current request ++ * @return OK or DECLINED ++ */ ++AP_DECLARE_HOOK(int,post_perdir_config,(request_rec *r)) ++ + AP_DECLARE(int) ap_location_walk(request_rec *r); + AP_DECLARE(int) ap_directory_walk(request_rec *r); + AP_DECLARE(int) ap_file_walk(request_rec *r); +unchanged: +--- httpd-2.2.11/server/request.c 2009-03-21 13:03:13.000000000 +0100 ++++ httpd-2.2.11/server/request.c 2009-03-21 13:03:41.000000000 +0100 +@@ -12,6 +12,12 @@ + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. + */ + + /* +@@ -61,6 +67,7 @@ + APR_HOOK_LINK(auth_checker) + APR_HOOK_LINK(insert_filter) + APR_HOOK_LINK(create_request) ++ APR_HOOK_LINK(post_perdir_config) + ) + + AP_IMPLEMENT_HOOK_RUN_FIRST(int,translate_name, +@@ -80,6 +87,8 @@ + AP_IMPLEMENT_HOOK_VOID(insert_filter, (request_rec *r), (r)) + AP_IMPLEMENT_HOOK_RUN_ALL(int, create_request, + (request_rec *r), (r), OK, DECLINED) ++AP_IMPLEMENT_HOOK_RUN_ALL(int,post_perdir_config, ++ (request_rec *r), (r), OK, DECLINED) + + + static int decl_die(int status, char *phase, request_rec *r) +@@ -158,6 +167,13 @@ + return access_status; + } + ++ /* First chance to handle the request after per-directory configuration is ++ * generated ++ */ ++ if ((access_status = ap_run_post_perdir_config(r))) { ++ return access_status; ++ } ++ + /* Only on the main request! */ + if (r->main == NULL) { + if ((access_status = ap_run_header_parser(r))) { +unchanged: +--- httpd-2.2.11.orig/server/mpm/config.m4 2009-04-14 23:26:41.000000000 +0200 ++++ httpd-2.2.11/server/mpm/config.m4 2009-04-14 23:28:03.000000000 +0200 +@@ -66,6 +66,11 @@ + else + MPM_SUBDIR_NAME=$MPM_NAME + fi ++ ++if test "$apache_cv_mpm" = "itk" ; then ++ AC_CHECK_LIB(cap, cap_init) ++fi ++ + MPM_DIR=server/mpm/$MPM_SUBDIR_NAME + MPM_LIB=$MPM_DIR/lib${MPM_NAME}.la + diff --git a/apache-mpm.conf b/apache-mpm.conf new file mode 100644 index 0000000..74081c8 --- /dev/null +++ b/apache-mpm.conf @@ -0,0 +1,52 @@ +# +# Server-Pool Management (MPM specific) +# + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +# Note that this is the default PidFile for most MPMs. +# +PidFile /var/run/httpd.pid + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +LockFile /var/run/httpd/accept.lock + +# +# Only one of the below sections will be relevant on your +# installed httpd. Use "apachectl -l" to find out the +# active mpm. +# + +# prefork MPM +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# MaxClients: maximum number of server processes allowed to start +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxClients 150 + MaxRequestsPerChild 0 + + +# worker MPM +# StartServers: initial number of server processes to start +# MaxClients: maximum number of simultaneous client connections +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers 2 + MaxClients 150 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestsPerChild 0 + diff --git a/apache-multilang-errordoc.conf b/apache-multilang-errordoc.conf new file mode 100644 index 0000000..f865b6f --- /dev/null +++ b/apache-multilang-errordoc.conf @@ -0,0 +1,51 @@ +# +# The configuration below implements multi-language error documents through +# content-negotiation. +# +# Required modules: mod_alias, mod_include, mod_negotiation +# +# We use Alias to redirect any /error/HTTP_.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_.html.var files by adding the line: +# +# Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /home/services/httpd/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. The default include files will display +# your Apache version number and your ServerAdmin email address regardless +# of the setting of ServerSignature. + +Alias /error/ "/home/services/httpd/error/" + + + AllowOverride None + Options IncludesNoExec + AddOutputFilter Includes html + AddHandler type-map var + Order allow,deny + Allow from all + LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr + ForceLanguagePriority Prefer Fallback + + +ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +ErrorDocument 410 /error/HTTP_GONE.html.var +ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var diff --git a/apache-paths.patch b/apache-paths.patch new file mode 100644 index 0000000..65bd1e0 --- /dev/null +++ b/apache-paths.patch @@ -0,0 +1,8 @@ +--- httpd-2.2.0/docs/cgi-examples/printenv.save 2005-12-26 23:09:55.000000000 +0200 ++++ httpd-2.2.0/docs/cgi-examples/printenv 2005-12-26 23:09:55.000000000 +0200 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + ## + ## printenv -- demo CGI program which just prints its environment + ## diff --git a/apache-server.crt b/apache-server.crt new file mode 100644 index 0000000..62d81d8 --- /dev/null +++ b/apache-server.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICFjCCAX+gAwIBAgIBATANBgkqhkiG9w0BAQQFADBQMRowGAYDVQQKExFEdW1t +eSBjZXJ0aWZpY2F0ZTEbMBkGA1UECxMSSGFzIHRvIGJlIHJlcGxhY2VkMRUwEwYD +VQQDEwx3d3cuYWR2eC5jb20wHhcNMDEwNDA5MDg0NjUyWhcNMDIwNDA5MDg0NjUy +WjBSMSEwHwYDVQQKExhBZHZhbmNlZCBFeHRyYW5ldCBTZXJ2ZXIxGTAXBgNVBAsT +EFRlc3QgQ2VydGlmaWNhdGUxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAoRtceA5d+grmrN76yHT4TQvbLQqvTsq2fFafNBT/ +DdSh05okHdTldu8kgTvBzpLPuOQvSwy2SzQLwF6nmzWdfY21U33NARp46i/QWD3V +rgIXuhXtToTnkEE6/OGq5KeELgF/EKSXLXkDydyHg9mFlh/J/kKtjv3wtIHceOGn +E18CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCShXMRerTzEJMkIdCDD+ZkOetE65j0 +mkgAGT4etmSiUmNWXy/P26zh1P51YeS4TZFpXxgONVK9PIywhhkVNB8JFdXYKbxW +0h0caVoEHwnfkSERcBVffxaZEDtWa95nxD8pHiZ+++PPOV1P29Ta2j23MWq2JitY +U2Y59HXWwglSaQ== +-----END CERTIFICATE----- + + +#DUMMY \ No newline at end of file diff --git a/apache-server.key b/apache-server.key new file mode 100644 index 0000000..08c373c --- /dev/null +++ b/apache-server.key @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQChG1x4Dl36Cuas3vrIdPhNC9stCq9OyrZ8Vp80FP8N1KHTmiQd +1OV27ySBO8HOks+45C9LDLZLNAvAXqebNZ19jbVTfc0BGnjqL9BYPdWuAhe6Fe1O +hOeQQTr84arkp4QuAX8QpJcteQPJ3IeD2YWWH8n+Qq2O/fC0gdx44acTXwIDAQAB +AoGASjM323OChO8QXv4zsq9szM9xGsWZCEkE0y9yE6K39b7A6ZxMlhC/vo9V2M+U +63dihF1UCtTIAMrvvqHZv/pplfbUJDAeNm38BBlA/ZQL8iV9qxNrBEfBkLi5AtcR +vJq5NitAE+vpcn00QNs7EKflRwi5arQOBGqS9c3uPimtOcECQQDQc9onX9kZuzz6 +69GQYkkj3dkZx6lCtDDexTWkM1yXGVSjvFA7fZOKJRNkGgc6iwbnTsEJfaEC9j7r +AkF7/92dAkEAxdrbwKjx4/OZnve82O4VRGkZFo6c47QDXCKhlRdJzrBSCNOnRaLx +vjtYXbqq8BPgdGO72pj1TaAlp1+kxdYiKwJBALBhtzAl/C+3rUusirCfWcANkgws +U95rVgbJ3C/KfggkmOfLCiCsi1ETOiszkvZIeVjz3IdJVBqLfoWgbQSdZkkCQQDF +WpBWdW6KnSL/0Uda7ujhyx+OQ4S1EItFbPnV+FvTwkahrVUtfeI6iYGURK1bOchq +8EyiOG5/Fp5YfGukNvrvAkBT5AAvfk6nFHshdHDhTZs+5TE24g0aTtMEQc82cobd +JG5vFxybo3z1l1QU4/pG3jP847/6HtZCxZ/J0xLATJml +-----END RSA PRIVATE KEY----- + + +#DUMMY \ No newline at end of file diff --git a/apache-suexec.patch b/apache-suexec.patch new file mode 100644 index 0000000..5edaf4e --- /dev/null +++ b/apache-suexec.patch @@ -0,0 +1,11 @@ +--- httpd-2.0.43/Makefile.in.wiget Fri Oct 4 15:20:09 2002 ++++ httpd-2.0.43/Makefile.in Fri Oct 4 15:20:32 2002 +@@ -195,7 +195,7 @@ + @if test -f $(builddir)/support/suexec; then \ + test -d $(DESTDIR)$(sbindir) || $(MKINSTALLDIRS) $(DESTDIR)$(sbindir); \ + $(INSTALL_PROGRAM) $(top_builddir)/support/suexec $(DESTDIR)$(sbindir); \ +- chmod 4755 $(DESTDIR)$(sbindir)/suexec; \ ++ chmod 0755 $(DESTDIR)$(sbindir)/suexec; \ + fi + + suexec: diff --git a/apache-suexec_fcgi.patch b/apache-suexec_fcgi.patch new file mode 100644 index 0000000..d50b484 --- /dev/null +++ b/apache-suexec_fcgi.patch @@ -0,0 +1,105 @@ +diff -urNp httpd-2.2.8.orig/support/suexec.c httpd-2.2.8/support/suexec.c +--- httpd-2.2.8.orig/support/suexec.c 2006-07-12 05:38:44.000000000 +0200 ++++ httpd-2.2.8/support/suexec.c 2008-05-13 21:04:25.000000000 +0200 +@@ -245,6 +245,21 @@ static void clean_env(void) + environ = cleanenv; + } + ++/* ++ * Return the `basename' of the pathname in STRING (the stuff after ++ * the last '/'). If STRING is `/', just return it. Taken from bash. ++ */ ++char *base_pathname(char *string) ++{ ++ char *p; ++ ++ if (string[0] == '/' && string[1] == 0) ++ return (string); ++ ++ p = (char *)strrchr (string, '/'); ++ return (p ? ++p : string); ++} ++ + int main(int argc, char *argv[]) + { + int userdir = 0; /* ~userdir flag */ +@@ -261,6 +276,7 @@ int main(int argc, char *argv[]) + char dwd[AP_MAXPATH]; /* docroot working directory */ + struct passwd *pw; /* password entry holder */ + struct group *gr; /* group entry holder */ ++ struct passwd tpw; /* tmp password entry holder */ + struct stat dir_info; /* directory info holder */ + struct stat prg_info; /* program info holder */ + +@@ -270,6 +286,7 @@ int main(int argc, char *argv[]) + clean_env(); + + prog = argv[0]; ++ + /* + * Check existence/validity of the UID of the user + * running this program. Error out if invalid. +@@ -382,8 +399,23 @@ int main(int argc, char *argv[]) + } + else { + if ((pw = getpwuid(atoi(target_uname))) == NULL) { +- log_err("invalid target user id: (%s)\n", target_uname); +- exit(121); ++ /* ++ * If called as suexec.fcgi ignore if there is no passwd ++ * entry for specified UID. Also bail out if UID = 0. ++ */ ++ if(!strcmp(base_pathname(prog),"suexec.fcgi")) { ++ tpw.pw_name = strdup(target_uname); ++ tpw.pw_uid = atoi(target_uname); ++ tpw.pw_dir = (char *)"/tmp"; ++ pw = &tpw; ++ if (tpw.pw_uid <= 0) { ++ log_err("invalid target user id: (%s)\n", target_uname); ++ exit(121); ++ } ++ } else { ++ log_err("invalid target user id: (%s)\n", target_uname); ++ exit(121); ++ } + } + } + +@@ -560,20 +592,24 @@ int main(int argc, char *argv[]) + } + + /* +- * Error out if the target name/group is different from +- * the name/group of the cwd or the program. +- */ +- if ((uid != dir_info.st_uid) || +- (gid != dir_info.st_gid) || +- (uid != prg_info.st_uid) || +- (gid != prg_info.st_gid)) { +- log_err("target uid/gid (%ld/%ld) mismatch " +- "with directory (%ld/%ld) or program (%ld/%ld)\n", +- uid, gid, +- dir_info.st_uid, dir_info.st_gid, +- prg_info.st_uid, prg_info.st_gid); +- exit(120); ++ * If not called as suexec.fcgi error out if the target ++ * name/group is different from the name/group of the cwd ++ * or the program. ++ */ ++ if(strcmp(base_pathname(prog),"suexec.fcgi")) { ++ if ((uid != dir_info.st_uid) || ++ (gid != dir_info.st_gid) || ++ (uid != prg_info.st_uid) || ++ (gid != prg_info.st_gid)) { ++ log_err("target uid/gid (%ld/%ld) mismatch " ++ "with directory (%ld/%ld) or program (%ld/%ld)\n", ++ uid, gid, ++ dir_info.st_uid, dir_info.st_gid, ++ prg_info.st_uid, prg_info.st_gid); ++ exit(120); ++ } + } ++ + /* + * Error out if the program is not executable for the user. + * Otherwise, she won't find any error in the logs except for diff --git a/apache-syslibs.patch b/apache-syslibs.patch new file mode 100644 index 0000000..21aa030 --- /dev/null +++ b/apache-syslibs.patch @@ -0,0 +1,23 @@ +--- httpd-2.2.0/configure.in~ 2005-12-18 02:38:31.000000000 +0200 ++++ httpd-2.2.0/configure.in 2005-12-18 02:40:04.000000000 +0200 +@@ -584,9 +584,9 @@ + [Listening sockets are non-blocking when there are more than 1]) + fi + +-APACHE_FAST_OUTPUT(Makefile modules/Makefile srclib/Makefile) ++APACHE_FAST_OUTPUT(Makefile modules/Makefile) + APACHE_FAST_OUTPUT(os/Makefile server/Makefile) +-APACHE_FAST_OUTPUT(support/Makefile srclib/pcre/Makefile) ++APACHE_FAST_OUTPUT(support/Makefile) + + if test -d ./test; then + APACHE_FAST_OUTPUT(test/Makefile) +--- httpd-2.2.0/Makefile.in 2005-12-18 02:41:25.000000000 +0200 ++++ httpd-2.2.0/Makefile.in 2005-12-18 02:38:31.000000000 +0200 +@@ -1,5 +1,5 @@ + +-SUBDIRS = srclib os server modules support ++SUBDIRS = os server modules support + CLEAN_SUBDIRS = test + + PROGRAM_NAME = $(progname) diff --git a/apache-v6only-ENOPROTOOPT.patch b/apache-v6only-ENOPROTOOPT.patch new file mode 100644 index 0000000..887911d --- /dev/null +++ b/apache-v6only-ENOPROTOOPT.patch @@ -0,0 +1,11 @@ +--- httpd-2.0.48/server/listen.c.orig Mon Mar 31 06:30:52 2003 ++++ httpd-2.0.48/server/listen.c Wed Mar 3 12:05:09 2004 +@@ -120,7 +120,7 @@ + #if APR_HAVE_IPV6 + if (server->bind_addr->family == APR_INET6) { + stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); +- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { ++ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL && stat != ENOPROTOOPT) { + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, + "make_sock: for address %pI, apr_socket_opt_set: " + "(IPV6_V6ONLY)", diff --git a/apache.init b/apache.init new file mode 100755 index 0000000..692c237 --- /dev/null +++ b/apache.init @@ -0,0 +1,168 @@ +#!/bin/sh +# +# apache Apache Web Server +# +# chkconfig: 345 85 15 +# description: Apache is a World Wide Web server. It is used to serve \ +# HTML files and CGI. +# processname: httpd +# pidfile: /var/run/httpd.pid +# config: /etc/httpd/apache.conf + +# Source function library +. /etc/rc.d/init.d/functions + +# Get network config +. /etc/sysconfig/network + +# Get service config +[ -f /etc/sysconfig/httpd ] && . /etc/sysconfig/httpd + +# Check that networking is up. +if is_yes "${NETWORKING}"; then + if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status ]; then + msg_network_down "Apache 2.2 Web Server" + exit 1 + fi +else + exit 0 +fi + +[ -z "$HTTPD_MPM" ] && HTTPD_MPM="prefork" +SVC_NAME="Apache 2.2 Web Server ($HTTPD_MPM)" + +if [ -n "${HTTPD_CONF}" ]; then + if [ -d "${HTTPD_CONF}" ] || [ -f "${HTTPD_CONF}" ]; then + CFG="-f ${HTTPD_CONF}" + else + echo "error: HTTPD_CONF='$HTTPD_CONF': not a file, not a directory" + exit 1 + fi +fi + +# configtest itself +configtest() { + /usr/sbin/httpd.${HTTPD_MPM} -t $CFG $HTTPD_OPTS 2>&1 + return $? +} + +# wrapper for configtest: +checkconfig() { + local details=${1:-0} + + if [ $details -eq 1 ]; then + # run config test and display report (status action) + show "Checking %s configuration" "$SVC_NAME"; busy + local out + out=`configtest 2>&1` + RETVAL=$? + [ $RETVAL -eq 0 ] && ok || fail + [ "$out" ] && echo >&2 "$out" + else + # run config test and abort with nice message if failed + # (for actions checking status before action). + show "Checking %s configuration" "$SVC_NAME"; busy + configtest >/dev/null 2>&1 + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + ok + else + fail + nls 'Configuration test failed. See details with %s "checkconfig"' $0 + exit $RETVAL + fi + fi +} + +start() { + # Check if the service is already running? + if [ -f /var/lock/subsys/httpd ]; then + msg_already_running "$SVC_NAME" + return + fi + + [ "$1" -eq 0 ] || checkconfig + msg_starting "$SVC_NAME" + # remove ssl_scache on startup, otherwise httpd may go into + # infinite loop if there are db transaction logs laying around + rm -f /var/cache/httpd/*ssl_scache* + daemon --pidfile /var/run/httpd.pid /usr/sbin/httpd.${HTTPD_MPM} $CFG $HTTPD_OPTS + RETVAL=$? + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/httpd +} + +stop() { + # Stop daemons. + if [ ! -f /var/lock/subsys/httpd ]; then + msg_not_running "$SVC_NAME" + return + fi + + msg_stopping "$SVC_NAME" + killproc --pidfile /var/run/httpd.pid httpd.${HTTPD_MPM} + rm -f /var/lock/subsys/httpd /var/run/httpd.pid /var/run/httpd.loc* >/dev/null 2>&1 +} + + +reload() { + if [ ! -f /var/lock/subsys/httpd ]; then + msg_not_running "$SVC_NAME" + RETVAL=7 + return + fi + + checkconfig + msg_reloading "$SVC_NAME" + busy + /usr/sbin/httpd.${HTTPD_MPM} $CFG $HTTPD_OPTS -k graceful + RETVAL=$? + [ $RETVAL -eq 0 ] && ok || fail +} + +condrestart() { + if [ ! -f /var/lock/subsys/httpd ]; then + msg_not_running "$SVC_NAME" + RETVAL=$1 + return + fi + + checkconfig + stop + start +} + +RETVAL=0 +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + checkconfig + stop + start 0 + ;; + try-restart) + condrestart 0 + ;; + reload|force-reload|graceful|flush-logs) + reload + ;; + checkconfig|configtest) + checkconfig 1 + ;; + status) + status httpd.${HTTPD_MPM} + RETVAL=$? + /usr/sbin/httpd.${HTTPD_MPM} $CFG $HTTPD_OPTS -S + ;; + *) + msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|graceful|configtest|status}" + exit 3 + ;; +esac + +exit $RETVAL diff --git a/apache.logrotate b/apache.logrotate new file mode 100644 index 0000000..060a1b8 --- /dev/null +++ b/apache.logrotate @@ -0,0 +1,14 @@ +/var/log/httpd/*access_log +/var/log/httpd/*combined_log +/var/log/httpd/*agent_log +/var/log/httpd/*error_log +/var/log/httpd/*referer_log +/var/log/httpd/*request_log +/var/log/httpd/*rewrite_log +{ + olddir /var/log/archive/httpd + sharedscripts + postrotate + /sbin/service httpd flush-logs > /dev/null + endscript +} diff --git a/apache.spec b/apache.spec new file mode 100644 index 0000000..a2f79c3 --- /dev/null +++ b/apache.spec @@ -0,0 +1,2777 @@ +# TODO: +# - config examples for mod_* +# - --with-suexec-uidmin=500 or =1000 ? +# - subpackages for MPMs +# - !!!check if all modules (*.so) are exactly the same for different MPMs +# - check those autn modules inner deps +# - for external packages: don't use any apache module name in dep as they +# differ for apache 1.3/2.0/2.2!? any better ideas? rpm Suggests: tags? +# - for mod_auth_* modules require each auth module to require virtual authn so at least *_default +# is chosen? +# - same for mod_authz +# - mod_auth_digest and mod_auth_basic R: apache(authn) ? +# - drop mod_case_filter* or find summary and description for them +# - build modules only once (not with each mpm) +# - FYI: http://wiki.apache.org/httpd/InternalDummyConnection + +# Conditional build: +%bcond_without ssl # build without SSL support +%bcond_without ldap # build without LDAP support +%bcond_without peruser # peruser MPM +%bcond_without event # event MPM +%bcond_with itk # ITK MPM +%bcond_with distcache # distcache support +%bcond_with bucketeer # debug one + +# this is internal macro, don't change to %%apache_modules_api +%define _apache_modules_api 20051115 + +%define openssl_ver 0.9.8i +%define apr_ver 1:1.4.5 +%include /usr/lib/rpm/macros.perl +Summary: The most widely used Web server on the Internet +Summary(de.UTF-8): Leading World Wide Web-Server +Summary(es.UTF-8): Servidor HTTPD para proveer servicios WWW +Summary(fr.UTF-8): Le serveur web le plus utilise sur Internet +Summary(pl.UTF-8): Serwer WWW (World Wide Web) +Summary(pt_BR.UTF-8): Servidor HTTPD para prover serviços WWW +Summary(ru.UTF-8): Самый популярный веб-сервер +Summary(tr.UTF-8): Lider WWW tarayıcı +Name: apache +Version: 2.2.22 +Release: 1 +License: Apache v2.0 +Group: Networking/Daemons/HTTP +Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz +# Source0-md5: d77fa5af23df96a8af68ea8114fa6ce1 +Source1: %{name}.init +Source2: %{name}.logrotate +Source3: %{name}.sysconfig +Source4: %{name}-server.crt +Source5: %{name}-server.key +Source6: %{name}-httpd.conf +Source7: %{name}-common.conf +Source8: %{name}-mod_vhost_alias.conf +Source9: %{name}-mod_status.conf +Source10: %{name}-mod_proxy.conf +Source11: %{name}-mod_info.conf +Source12: %{name}-mod_ssl.conf +Source13: %{name}-mod_dav.conf +Source14: %{name}-mod_dir.conf +Source15: %{name}-mod_suexec.conf +Source16: %{name}-mod_deflate.conf +Source17: %{name}-mod_autoindex.conf +Source18: %{name}-multilang-errordoc.conf +Source19: %{name}-manual.conf +Source20: %{name}-mod_userdir.conf +Source21: %{name}-mpm.conf +Source22: %{name}-languages.conf +Source23: %{name}-mod_mime.conf +Source24: %{name}-mod_authz_host.conf +Source25: %{name}-mod_cgid.conf +Source26: %{name}-mod_log_config.conf +Source27: %{name}-mod_mime_magic.conf +Source28: %{name}-mod_cache.conf +Source29: %{name}-example.net.conf +Source30: %{name}.tmpfiles +Patch0: %{name}-configdir_skip_backups.patch +Patch1: %{name}-layout.patch +Patch2: %{name}-suexec.patch +Patch3: %{name}-branding.patch +Patch4: %{name}-apr.patch +# what about this? it isn't applied... +Patch6: httpd-2.0.40-xfsz.patch +Patch7: %{name}-syslibs.patch +Patch8: httpd-2.0.45-encode.patch +Patch9: %{name}-paths.patch +Patch10: httpd-2.0.46-dav401dest.patch +Patch12: httpd-2.0.46-sslmutex.patch +Patch14: httpd-2.0.48-corelimit.patch +Patch15: httpd-2.0.48-debuglog.patch +Patch18: %{name}-v6only-ENOPROTOOPT.patch +Patch19: %{name}-conffile-path.patch +Patch20: %{name}-apxs.patch +Patch23: %{name}-suexec_fcgi.patch +Patch24: %{name}-bug-48094.patch +# http://scripts.mit.edu/trac/browser/trunk/server/common/patches/httpd-2.2.x-mod_ssl-sessioncaching.patch?rev=1348 +Patch25: httpd-2.2.x-mod_ssl-sessioncaching.patch +Patch26: apache-mod_vhost_alias_docroot.patch +# http://mpm-itk.sesse.net/ +Patch28: apache-mpm-itk.patch +Patch29: libtool-tag.patch +URL: http://httpd.apache.org/ +BuildRequires: apr-devel >= %{apr_ver} +BuildRequires: apr-util-devel >= 1:1.3.10-2 +BuildRequires: autoconf >= 2.13 +BuildRequires: automake +%{?with_distcache:BuildRequires: distcache-devel} +BuildRequires: libtool >= 2:1.5 +%{?with_ldap:BuildRequires: openldap-devel >= 2.3.0} +%{?with_ssl:BuildRequires: openssl-devel >= %{openssl_ver}} +%{?with_ssl:BuildRequires: openssl-tools >= %{openssl_ver}} +BuildRequires: pcre-devel +BuildRequires: pkgconfig +BuildRequires: rpm >= 4.4.9-56 +BuildRequires: rpm-build >= 4.4.0 +BuildRequires: rpm-perlprov >= 4.1-13 +BuildRequires: rpmbuild(macros) >= 1.268 +BuildRequires: sed >= 4.0 +BuildRequires: zlib-devel +Requires: %{name}-errordocs = %{version}-%{release} +Requires: %{name}-mod_alias = %{version}-%{release} +Requires: %{name}-mod_auth = %{version}-%{release} +Requires: %{name}-mod_env = %{version}-%{release} +Requires: %{name}-mod_log_config = %{version}-%{release} +Requires: %{name}-mod_mime = %{version}-%{release} +Requires: %{name}-mod_mime_magic = %{version}-%{release} +Requires: %{name}-mod_negotiation = %{version}-%{release} +Requires: %{name}-mod_setenvif = %{version}-%{release} +Requires: %{name}-mod_speling = %{version}-%{release} +Requires: %{name}-mod_userdir = %{version}-%{release} +Requires: %{name}-mod_version = %{version}-%{release} +Requires: %{name}-tools = %{version}-%{release} +BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) + +%define _sysconfdir /etc/httpd +%define _includedir %{_prefix}/include/apache +%define _datadir /home/services/httpd +%define _libexecdir %{_libdir}/apache +%define _cgibindir %{_prefix}/lib/cgi-bin/%{name} + +%description +Apache is a powerful, full-featured, efficient and freely-available +Web server. Apache is also the most popular Web server on the +Internet. + +%description -l de.UTF-8 +Apache ist ein voll funktionsfähiger Web-Server, der kostenlos +erhältlich und weit verbreitet ist. + +%description -l es.UTF-8 +El servidor web Apache es el mejor servidor gratuito disponible en el +mundo UNIX hoy. Usa HTTP (HyperText Transfer Protocol) para permitir +que navegadores vean documentos y sometan datos remotamente. Puede +ejecutar varias funciones diferentes, incluyendo funciones de proxy y +caché, y nos ofrece características como monitor de estado, conversión +dinámica de tipo, y otras más. + +%description -l fr.UTF-8 +Apache est un serveur Web puissant, efficace, gratuit et complet. +Apache est aussi le serveur Web le plus populaire sur Internet. + +%description -l pl.UTF-8 +Apache jest serwerem WWW (World Wide Web). Instalując ten pakiet +będziesz mógł prezentować własne strony WWW w sieci Internet. + +%description -l pt_BR.UTF-8 +O servidor web Apache é o melhor servidor gratuito disponível no mundo +UNIX hoje. Ele usa HTTP (HyperText Transfer Protocol) para permitir +que browsers web vejam documentos e submetam dados remotamente. Ele +pode executar várias funções diferentes, incluindo funções de proxy e +cache, e oferece características como monitor de status, conversão +dinâmica de tipo, e mais. + +%description -l ru.UTF-8 +Apache - мощный, функциональный, высокопроизводительный и свободно +распространяемый веб-сервер. + +%description -l tr.UTF-8 +Apache serbest dağıtılan ve çok kullanılan yetenekli bir web +sunucusudur. + +%package base +Summary: The Number One HTTP Server On The Internet +Summary(pl.UTF-8): Wiodący w Internecie serwer HTTP +Group: Networking/Daemons/HTTP +Requires(post): fileutils +Requires(post,preun): /sbin/chkconfig +Requires(postun): /usr/sbin/groupdel +Requires(postun): /usr/sbin/userdel +Requires(pre): /bin/id +Requires(pre): /usr/bin/getgid +Requires(pre): /usr/sbin/groupadd +Requires(pre): /usr/sbin/useradd +Requires: /sbin/chkconfig +Requires: apr >= %{apr_ver} +Requires: psmisc >= 20.1 +Requires: rc-scripts >= 0.4.1.23 +Provides: apache(modules-api) = %{_apache_modules_api} +Provides: group(http) +Provides: user(http) +Provides: webserver = apache +Obsoletes: apache-extra +Obsoletes: apache6 +# packaged by mistake. really sample code +Obsoletes: apache-mod_optional_fn_export +Obsoletes: apache-mod_optional_fn_import +Obsoletes: apache-mod_optional_fn_import +Obsoletes: apache-mod_optional_hook_import +Conflicts: apache < 2.2.0 +Conflicts: logrotate < 3.7-4 +# for the posttrans scriptlet, conflicts because in vserver environment rpm package is not installed. +Conflicts: rpm < 4.4.2-0.2 + +%description base +Apache is a powerful, full-featured, efficient and freely-available +Web server. Apache is also the most popular Web server on the +Internet. + +%description base -l pl.UTF-8 +Apache jest potężnym, w pełni funkcjonalnym, wydajnym i wolnodostępnym +serwerem WWW (World Wide Web). Jest także najbardziej popularnym +serwerem WWW w Internecie. + +%package suexec +Summary: Apache suexec wrapper +Summary(pl.UTF-8): Wrapper suexec do serwera WWW Apache +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/suexec.html +Requires: %{name}-base = %{version}-%{release} + +%description suexec +The suEXEC feature provides Apache users the ability to run CGI and +SSI programs under user IDs different from the user ID of the calling +web-server. Normally, when a CGI or SSI program executes, it runs as +the same user who is running the web server. + +%description suexec -l pl.UTF-8 +SuEXEC umożliwia serwerowi Apache uruchamianie programów CGI i SSI z +innym UID niż wywołujący je serwer. Normalnie programy CGI i SSI są +wykonywane jako taki sam użytkownik jak serwer WWW. + +%package tools +Summary: Apache tools +Summary(pl.UTF-8): Narzędzia Apache'a +Group: Development/Tools + +%description tools +Apache tools. + +%description tools -l pl.UTF-8 +Narzędzia Apache'a. + +%package index +Summary: Apache index.html* files +Summary(pl.UTF-8): Pliki Apache index.html* +Group: Documentation +Requires: %{name}-base = %{version}-%{release} +Obsoletes: indexhtml + +%description index +Apache index.html* files. + +%description index -l pl.UTF-8 +Pliki index.html* Apache'a. + +%package doc +Summary: Apache manual +Summary(pl.UTF-8): Podręcznik Apache'a +Group: Documentation +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_alias = %{version}-%{release} +Requires: %{name}-mod_dir = %{version}-%{release} +Requires: %{name}-mod_negotiation = %{version}-%{release} +Requires: %{name}-mod_setenvif = %{version}-%{release} + +%description doc +Apache manual. + +%description doc -l pl.UTF-8 +Podręcznik Apache'a. + +%package errordocs +Summary: Multi-language error messages for Apache +Summary(pl.UTF-8): Wielojęzyczne komunikaty błędów dla Apache'a +Group: Applications/WWW +URL: http://httpd.apache.org/docs-project/ +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_alias = %{version}-%{release} +Requires: %{name}-mod_authz_host = %{version}-%{release} +Requires: %{name}-mod_include = %{version}-%{release} +Requires: %{name}-mod_negotiation = %{version}-%{release} + +%description errordocs +Multi-language error messages. + +%description errordocs -l pl.UTF-8 +Dokumenty opisujące błędy HTTP dla Apache'a w wielu językach. + +%package devel +Summary: Module development tools for the Apache web server +Summary(es.UTF-8): Archivos de inclusión del Apache para desarrollo de módulos +Summary(fr.UTF-8): Les outils de developpement de modules pour le serveur web Apache +Summary(pl.UTF-8): Pliki nagłówkowe do tworzenia modułów rozszerzeń do serwera WWW Apache +Summary(pt_BR.UTF-8): Arquivos de inclusão do Apache para desenvolvimento de módulos +Summary(ru.UTF-8): Средства разработки модулей для веб-сервера Apache +Group: Networking/Utilities +Requires: apr-util-devel >= 1:1.2 +Requires: libtool +Obsoletes: apache-apxs +Obsoletes: apache-static + +%description devel +The apache-devel package contains header files for Apache. + +%description devel -l es.UTF-8 +Este paquete contiene los archivos de inclusión para el Apache, bien +como el utilitario apxs para la construcción de objetos compartidos +dinámicos (DSOs). Ha ce falta instalar este paquete si deseas compilar +o desarrollar módulos adicionales para Apache. + +%description devel -l fr.UTF-8 +Le package apache-devel contient le code source pour le serveur Web +Apache et le binaire APXS dont vous aurez besoin pour construire des +Objets Dynamiques Partages (DSOs) pour Apache. + +%description devel -l pl.UTF-8 +Pliki nagłówkowe i inne zasoby niezbędne przy budowaniu modułów DSO +(Dynamic Shared Objects) dla Apache'a. + +%description devel -l ru.UTF-8 +Средства разработки модулей для веб-сервера Apache. + +%description devel -l pt_BR.UTF-8 +Este pacote contem os arquivos de inclusão para o Apache, bem como o +utilitário apxs para a construção de objetos compartilhados dinâmicos +(DSOs). Este pacote precisa ser instalado se você deseja compilar ou +desenvolver módulos adicionais para o Apache. + +%package mod_actions +Summary: Apache module for executing CGI scripts based on media type or request method +Summary(pl.UTF-8): Moduł Apache'a do uruchamiania skryptów CGI w oparciu o rodzaj danych lub żądania +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_actions.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_actions) = %{version}-%{release} + +%description mod_actions +This module has two directives. The Action directive lets you run CGI +scripts whenever a file of a certain MIME content type is requested. +The Script directive lets you run CGI scripts whenever a particular +method is used in a request. This makes it much easier to execute +scripts that process files. + +%description mod_actions -l pl.UTF-8 +Ten moduł ma dwie dyrektywy. Dyrektywa Action pozwala uruchamiać +skrypty CGI przy żądaniu pliku o danym typie zawartości MIME. +Dyrektywa Script pozwala uruchamiać skrypty CGI przy danej metodzie +żądania. Znacznie ułatwia to wykonywanie skryptów przetwarzających +pliki. + +%package mod_alias +Summary: Mapping different parts of the host filesystem in the document tree and for URL redirection +Summary(pl.UTF-8): Odwzorowywanie różnych części systemu plików w drzewie dokumentów i przekierowywanie URL-i +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_alias.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_alias) = %{version}-%{release} +Provides: webserver(alias) + +%description mod_alias +The directives contained in this module allow for manipulation and +control of URLs as requests arrive at the server. The Alias and +ScriptAlias directives are used to map between URLs and filesystem +paths. This allows for content which is not directly under the +DocumentRoot served as part of the web document tree. The ScriptAlias +directive has the additional effect of marking the target directory as +containing only CGI scripts. + +The Redirect directives are used to instruct clients to make a new +request with a different URL. They are often used when a resource has +moved to a new location. + +mod_alias is designed to handle simple URL manipulation tasks. For +more complicated tasks such as manipulating the query string, use the +tools provided by mod_rewrite. + +%description mod_alias -l pl.UTF-8 +Dyrektywy zawarte w tym module umożliwiają manipulacje i sterowanie +URL-ami kiedy żądania są dostarczane do serwera. Dyrektywy Alias i +ScriptAlias są używane do odwzorowywania między URL-ami i ścieżkami w +systemie plików. Umożliwia to serwowanie treści nie będącej +bezpośrednio wewnątrz DocumentRoota jako część drzewa dokumentów WWW. +Dyrektywa ScriptAlias ma dodatkowy efekt oznaczania katalogu +docelowego jako zawierającego wyłącznie skrypty CGI. + +Dyrektywy Redirect służą do instruowania klientów, aby wykonali nowe +żądanie z innym URL-em. Są używane zwykle w przypadku, gdy zasoby +zostały przeniesione w inne miejsce. + +mod_alias został zaprojektowany do obsługi prostych manipulacji na +URL-ach. Bardziej skomplikowane zadania, takie jak modyfikowanie +łańcucha zapytania można wykonać przy użyciu mod_rewrite. + +%package mod_asis +Summary: Sends files that contain their own HTTP headers +Summary(pl.UTF-8): Wysyłanie plików zawierających własne nagłówki HTTP +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_asis.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_asis) = %{version}-%{release} + +%description mod_asis +This module provides the handler send-as-is which causes Apache to +send the document without adding most of the usual HTTP headers. + +This can be used to send any kind of data from the server, including +redirects and other special HTTP responses, without requiring a +cgi-script or an nph script. + +For historical reasons, this module will also process any file with +the mime type httpd/send-as-is. + +%description mod_asis -l pl.UTF-8 +Ten moduł udostępnia procesurę obsługi send-as-is powodującą, że +Apache wysyła dokument bez dodawania większości zwykle używanych +nagłówków HTTP. + +Może to być używane do wysyłania dowolnego rodzaju danych z serwera, +włącznie z przekierowaniami i innymi specjalnymi odpowiedziami HTTP +bez wymagania skryptu CGI lub nph. + +%package mod_auth +Summary: Virtual package which provides backward compatibility with apache 2.0 +Summary(pl.UTF-8): Pakiet wirtualny zapewniający kompatybilność wsteczną z apache 2.0 +Group: Networking/Daemons/HTTP +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_auth_basic = %{version}-%{release} +Requires: %{name}-mod_authn_file = %{version}-%{release} +Requires: %{name}-mod_authz_groupfile = %{version}-%{release} +Requires: %{name}-mod_authz_user = %{version}-%{release} +Provides: apache(mod_auth) = %{version}-%{release} +Provides: webserver(auth) + +%description mod_auth +Virtual package which requires apache-mod_authn_file, +apache-mod_authz_user and apache-mod_authz_groupfile for backward +compatibility with apache 2.0. + +%description mod_auth -l pl.UTF-8 +Pakiet wirtualny wymagający apache-mod_authn_file, +apache-mod_authz_user i apache-mod_authz_groupfile dla kompatybilności +wstecznej z apache 2.0. + +%package mod_auth_basic +Summary: Apache module that allows Basic authentication +Summary(pl.UTF-8): Moduł Apache'a umożliwiający korzystawnie z uwierzytelnienia Basic +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_auth_basic) = %{version}-%{release} + +%description mod_auth_basic +This module allows the use of HTTP Basic Authentication to restrict +access by looking up users in the given providers. + +HTTP Digest Authentication is provided by mod_auth_digest. This module +should usually be combined with at least one authentication module +such as mod_authn_file and one authorization module such as +mod_authz_user. + +%description mod_auth_basic -l pl.UTF-8 +Ten moduł pozwala używać uwierzytelnienia HTTP Basic do ograniczania +dostępu poprzez wyszukiwanie użytkowników we wskazanych miejscach + +%package mod_auth_dbm +Summary: Virtual package which provides backward compatibility with apache 2.0 +Summary(pl.UTF-8): Pakiet wirtualny zapewniający kompatybilność wsteczną z apache 2.0 +Group: Networking/Daemons/HTTP +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-dbmtools = %{version}-%{release} +Requires: %{name}-mod_authn_dbm = %{version}-%{release} +Requires: %{name}-mod_authz_dbm = %{version}-%{release} +Provides: apache(mod_auth_dbm) = %{version}-%{release} + +%description mod_auth_dbm +Virtual package which requires apache-mod_authn_dbm and +apache-mod_authz_dbm for backward compatibility with apache 2.0. + +%description mod_auth_dbm -l pl.UTF-8 +Pakiet wirtualny wymagający apache-mod_authn_dbm i +apache-mod_authz_dbm dla kompatybilności wstecznej z apache 2.0. + +%package mod_auth_digest +Summary: User authentication using MD5 Digest Authentication +Summary(pl.UTF-8): Uwierzytelnianie użytkowników przy użyciu MD5 Digest +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_auth_digest) = %{version}-%{release} + +%description mod_auth_digest +This module implements HTTP Digest Authentication. However, it has not +been extensively tested and is therefore marked experimental. + +%description mod_auth_digest -l pl.UTF-8 +Ten moduł implementuje uwierzytelnienie HTTP Digest. Nie został on +jednak zbyt obszernie przetestowany, więc jest oznaczony jako +eksperymentalny. + +%package mod_authn_alias +Summary: Apache module that provides the ability to create extended authentication +Summary(pl.UTF-8): Moduł Apache'a umożliwiający tworzenie rozszerzonego uwierzytelniania +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_authn_alias.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_authn_alias) = %{version}-%{release} + +%description mod_authn_alias +This module allows extended authentication providers to be created +within the configuration file and assigned an alias name. + +%description mod_authn_alias -l pl.UTF-8 +Ten moduł umożliwia tworzenie rozszerzonych sposobów uwierzytelniania +w pliku konfiguracyjnym i nadawanie im aliasów. + +%package mod_authn_anon +Summary: Apache module that allows "anonymous" user access to authenticated areas +Summary(pl.UTF-8): Moduł Apache'a umożliwiający dostęp anonimowych użytkowników do stref uwierzytelnianych +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_authn_anon.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_authn_anon) = %{version}-%{release} +# compat +Provides: apache(mod_auth_anon) = %{version}-%{release} +Provides: apache-mod_auth_anon = %{version}-%{release} +Obsoletes: apache-mod_auth_anon < 2.2.0-0.5 + +%description mod_authn_anon +This module provides authentication front-ends such as mod_auth_basic +to authenticate users similar to anonymous-ftp sites, i.e. have a +'magic' user id 'anonymous' and the email address as a password. These +email addresses can be logged. + +%description mod_authn_anon -l pl.UTF-8 +Ten moduł udmożliwia frontendom uwierzytelniającym takim jak +mod_auth_basic uwierzytelnianie użytkowników podobnie do serwisów +anonimowego ftp, tzn. przez udostępnianie "magicznego" identyfikatora +"anonymous" i adresu pocztowego jako hasła. Te adresy pocztowe mogą +być logowane. + +%package mod_authn_dbd +Summary: Apache module that allows user authentication using an SQL +Summary(pl.UTF-8): Moduł Apache'a umożliwiający uwierzytelnianie użytkowników przy użyciu tabel SQL +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_dbd = %{version}-%{release} +Provides: apache(mod_authn_dbd) = %{version}-%{release} + +%description mod_authn_dbd +This module provides authentication front-ends such as mod_auth_digest +and mod_auth_basic to authenticate users by looking up users in SQL +tables. + +%description mod_authn_dbd -l pl.UTF-8 +Ten moduł udostępnia frontendom uwierzytelniającym takim jak +mod_auth_digest i mod_auth_basic uwierzytelnianie użytkowników poprzez +wyszukiwanie w tabelach SQL. + +%package mod_authn_dbm +Summary: Apache module that allows user authentication using DBM files +Summary(pl.UTF-8): Moduł Apache'a umożliwiający uwierzytelnianie użytkowników przy użyciu plików DBM +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_authn_dbm.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_authn_dbm) = %{version}-%{release} + +%description mod_authn_dbm +This module provides authentication front-ends such as mod_auth_digest +and mod_auth_basic to authenticate users by looking up users in DBM +password files. + +%description mod_authn_dbm -l pl.UTF-8 +Ten moduł udostępnia frontendom uwierzytelniającym takim jak +mod_auth_digest i mod_auth_basic uwierzytelnianie użytkowników poprzez +wyszukiwanie w tabelach haseł DBM. + +%package mod_authn_default +Summary: Apache module that rejects any credentials supplied by the user +Summary(pl.UTF-8): Moduł Apache'a odrzucający wszystkie dane podane przez użytkownika +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_authn_default.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_authn_default) = %{version}-%{release} + +%description mod_authn_default +This module is designed to be the fallback module, if you don't have +configured an authentication module like mod_auth_basic. It simply +rejects any credentials supplied by the user. + +%description mod_authn_default -l pl.UTF-8 +Ten moduł został pomyślany jako domyślny moduł uwierzytelniający, +jeśli nie skonfigurowano modułu uwierzytelniającego takiego jak +mod_auth_basic. Moduł ten po prostu odrzuca wszelkie dane przekazane +przez użytkownika. + +%package mod_authn_file +Summary: Apache module that allows user authentication using text files +Summary(pl.UTF-8): Moduł Apache'a umożliwiający uwierzytelnianie użytkowników poprzez pliki tekstowe +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_authn_file.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_authn_file) = %{version}-%{release} + +%description mod_authn_file +This module provides authentication front-ends such as mod_auth_digest +and mod_auth_basic to authenticate users by looking up users in plain +text password files. + +%description mod_authn_file -l pl.UTF-8 +Ten moduł udostępnia frontendom uwierzytelniającym takim jak +mod_auth_digest i mod_auth_basic uwierzytelnianie użytkowników poprzez +wyszukiwanie w plikach tekstowych z hasłami. + +%package mod_authnz_ldap +Summary: Apache module that allows an LDAP directory to be used to store the database for HTTP Basic authentication +Summary(pl.UTF-8): Moduł Apache'a umożliwiający przechowywanie danych dla uwierzytelnienia HTTP Basic w bazie LDAP +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_ldap = %{version}-%{release} +Requires: apr-util-ldap +Provides: apache(mod_authnz_ldap) = %{version}-%{release} +# compat +Provides: apache(mod_auth_ldap) = %{version}-%{release} +Provides: apache-mod_auth_ldap = %{version}-%{release} +Obsoletes: apache-mod_auth_ldap < 2.2.0-0.5 + +%description mod_authnz_ldap +This module provides authentication front-ends such as mod_auth_basic +to authenticate users through an LDAP directory. + +%description mod_authnz_ldap -l pl.UTF-8 +Ten moduł udostępnia frontendom uwierzytelniającym takim jak +mod_auth_basic uwierzytelnianie użytkowników poprzez katalog LDAP. + +%package mod_authz_dbm +Summary: Apache module that allows group authorization using DBM files +Summary(pl.UTF-8): Moduł Apache'a umożliwiający uwierzytelnianie grup z użyciem plików DBM +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_authz_dbm.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_authz_dbm) = %{version}-%{release} + +%description mod_authz_dbm +This module provides authorization capabilities so that authenticated +users can be allowed or denied access to portions of the web site by +group membership stored in DBM file. + +%description mod_authz_dbm -l pl.UTF-8 +Ten moduł daje możliwość udostępniania bądź blokowania części serwisu +WWW dla uwierzytelnionych użytkowników na podstawie ich przynależności +do grupy zapisywanej w pliku DBM. + +%package mod_authz_default +Summary: Apache module that rejects any authorization request +Summary(pl.UTF-8): Moduł Apache'a odrzucający wszystkie żądania autoryzacji +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_authz_default.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_authz_default) = %{version}-%{release} + +%description mod_authz_default +This module is designed to be the fallback module, if you don't have +configured an authorization module like mod_authz_user or +mod_authz_groupfile. It simply rejects any authorization request. + +%description mod_authz_default -l pl.UTF-8 +Ten moduł został pomyślany jako domyślny moduł autoryzujący jeśli nie +skonfigurowano modułu autoryzującego takiego jak mod_authz_user czy +mod_authz_groupfile. Moduł ten po prostu odrzuca wszelkie żądania +autoryzacji. + +%package mod_authz_groupfile +Summary: Apache module that allows group authorization using plaintext files +Summary(pl.UTF-8): Moduł Apache'a umożliwiający autoryzację grup przy użyciu plików tekstowych +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_authz_groupfile.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_authz_groupfile) = %{version}-%{release} + +%description mod_authz_groupfile +This module provides authorization capabilities so that authenticated +users can be allowed or denied access to portions of the web site by +group membership stored in plain text file. + +%description mod_authz_groupfile -l pl.UTF-8 +Ten moduł daje możliwość udostępniania bądź blokowania części serwisu +WWW dla uwierzytelnionych użytkowników na podstawie ich przynależności +do grupy zapisywanej w pliku tekstowym. + +%package mod_authz_host +Summary: Apache module that allows group authorizations based on host (name or IP address) +Summary(pl.UTF-8): Moduł Apache'a umożliwiający autoryzację grup w oparcu o host (nazwę lub IP) +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_authz_host) = %{version}-%{release} +# for apache < 2.2.0 +Provides: apache(mod_access) = %{version}-%{release} +Provides: webserver(access) + +%description mod_authz_host +The directives provided by mod_authz_host are used in , +, and sections as well as .htaccess files to control +access to particular parts of the server. Access can be controlled +based on the client hostname, IP address, or other characteristics of +the client request, as captured in environment variables. + +%description mod_authz_host -l pl.UTF-8 +Dyrektyw udostępnianych przez mod_authz_host można używać w sekcjach +, i , a także plikach .htaccess w celu +sterowania dostępem do poszczególnych części serwera. Dostępem można +sterować na podstawie nazwy hosta klienta, adresu IP lub innej +charakterystyki żądania klienta dostępnej w zmiennych środowiskowych. + +%package mod_authz_owner +Summary: Apache module that allows authorization based on file ownership +Summary(pl.UTF-8): Moduł Apache'a umożliwiający autoryzacje w oparciu o własność plików +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/en/mod/mod_authz_owner.html +Requires: %{name}-base = %{version}-%{release} +#Requires: any-auth-module +Provides: apache(mod_authz_owner) = %{version}-%{release} + +%description mod_authz_owner +This module authorizes access to files by comparing the userid used +for HTTP authentication (the web userid) with the file-system owner or +group of the requested file. The supplied username and password must +be already properly verified by an authentication module, such as +mod_auth_basic or mod_auth_digest. + +%description mod_authz_owner -l pl.UTF-8 +Ten moduł autoryzuje dostęp do plików poprzez porównanie +identyfikatora użytkownika użytego przy uwierzytelnianiu HTTP (web +userid) z właścicielem lub grupą żądanego pliku w systemie plików. +Podana nazwa użytkownika i hasło muszą być wcześniej zweryfikowane +przez moduł uwierzytelniania, taki jak mod_auth_basic lub +mod_auth_digest. + +%package mod_authz_user +Summary: Apache module that allows user authorization +Summary(pl.UTF-8): Moduł Apache'a umożliwiający autoryzację użytkowników +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/en/mod/mod_authz_user.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_authz_user) = %{version}-%{release} + +%description mod_authz_user +This module provides authorization capabilities so that authenticated +users can be allowed or denied access to portions of the web site. + +%description mod_authz_user -l pl.UTF-8 +Ten moduł daje możliwość udostępniania bądź blokowania części serwisu +WWW dla uwierzytelnionych użytkowników. + +%package mod_autoindex +Summary: Apache module - display index of files +Summary(pl.UTF-8): Moduł apache do wyświetlania indeksu plików +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/en/mod/mod_autoindex.html +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_alias = %{version}-%{release} +Provides: apache(mod_autoindex) = %{version}-%{release} + +%description mod_autoindex +This package contains mod_autoindex module. It provides generation +index of files. + +%description mod_autoindex -l pl.UTF-8 +Ten pakiet dostarcza moduł autoindex, który generuje indeks plików. + +%package mod_bucketeer +Summary: buckets manipulation filter +Summary(pl.UTF-8): Dzielenie kubełków po znalezieniu znaku sterującego +Group: Networking/Daemons/HTTP +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_bucketeer) = %{version}-%{release} + +%description mod_bucketeer +Split buckets whenever we find a control-char. + +%description mod_bucketeer -l pl.UTF-8 +Dzielenie kubełków po znalezieniu znaku sterującego. + +%package mod_cache +Summary: Content cache keyed to URIs +Summary(pl.UTF-8): Pamięć podręczna wg klucza URI +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/en/mod/mod_cache.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_cache) = %{version}-%{release} + +%description mod_cache +mod_cache implements an RFC 2616 compliant HTTP content cache that can +be used to cache either local or proxied content. Two storage +management modules are included in the base Apache distribution: +mod_disk_cache implements a disk based storage manager (generally used +for proxy caching) and mod_mem_cache implements an in-memory based +storage manager (primarily useful for caching local content). + +%description mod_cache -l pl.UTF-8 +Implementacja zgodnej z RFC 2616 pamięci podręcznej, która może być +używana do zapamiętywania zawartości lokalnej lub dostępnej przez +proxy. Dołączono dwa moduły pozwalające magazynować dane w pamięci +(głównie użyteczne przy cache'owaniu lokalnej zawartości) oraz na +dysku (używane do cache'owania proxy). + +%package mod_case_filter +Summary: Apache output filter that converts all output to upper case +Summary(pl.UTF-8): Filtr wyjściowy Apache'a zamieniający wszystkie litery na wielkie +Group: Networking/Daemons/HTTP +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_case_filter) = %{version}-%{release} + +%description mod_case_filter +Apache output filter that converts all output to upper case. + +%description mod_case_filter -l pl.UTF-8 +Filtr wyjściowy Apache'a zamieniający wszystkie litery w wyjściu na +wielkie. + +%package mod_case_filter_in +Summary: Apache input filter that converts all request body to upper case +Summary(pl.UTF-8): Filtr wejściowy Apache'a zamieniający wszystkie litery w żądaniu na wielkie +Group: Networking/Daemons/HTTP +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_case_filter_in) = %{version}-%{release} + +%description mod_case_filter_in +Apache input filter that converts all request body (not headers) to +upper case. + +%description mod_case_filter_in -l pl.UTF-8 +Filtr wejściowy Apache'a zamieniający wszystkie litery w ciele żądania +(ale nie nagłówkach) na wielkie. + +%package mod_cern_meta +Summary: CERN httpd metafile semantics +Summary(pl.UTF-8): Obsługa semantyki metaplików CERN httpd +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/en/mod/mod_cern_meta.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_cern_meta) = %{version}-%{release} + +%description mod_cern_meta +Emulate the CERN HTTPD Meta file semantics. Meta files are HTTP +headers that can be output in addition to the normal range of headers +for each file accessed. They appear rather like the Apache .asis +files, and are able to provide a crude way of influencing the Expires: +header, as well as providing other curiosities. There are many ways to +manage meta information, this one was chosen because there is already +a large number of CERN users who can exploit this module. + +%description mod_cern_meta -l pl.UTF-8 +Moduł emulujący semantykę metaplików CERN HTTPD. Metapliki to nagłówki +HTTP, które mogą być wysyłane oprócz normalnego zestawu nagłówków dla +każdego przetwarzanego pliku. Zachowują się bardziej jak pliki .asis +Apache'a i mogą dawać brutalny sposób wpływania na nagłówek Expires:, +a także dostarczać inne ciekawostki. Jest wiele sposobów zarządzania +metainformacjami, ta została wybrana ponieważ istnieje już wielu +użytkowników CERN wykorzystujących ten moduł. + +%package mod_cgi +Summary: Execution of CGI scripts +Summary(pl.UTF-8): Uruchamianie skryptów CGI +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/en/mod/mod_cgi.html +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_alias = %{version}-%{release} +Suggests: %{name}-suexec = %{version}-%{release} +Provides: apache(mod_cgi) = %{version}-%{release} +Provides: webserver(cgi) + +%description mod_cgi +Any file that has the mime type application/x-httpd-cgi or handler +cgi-script (Apache 1.1 or later) will be treated as a CGI script, and +run by the server, with its output being returned to the client. Files +acquire this type either by having a name containing an extension +defined by the AddType directive, or by being in a ScriptAlias +directory. + +When using a multi-threaded MPM under unix, the module mod_cgid should +be used in place of this module. At the user level, the two modules +are essentially identical. + +%description mod_cgi -l pl.UTF-8 +Ten moduł powoduje, że dowolny plik o typie MIME +application/x-httpd-cgi albo procedurze obsługi cgi-script (w Apache'u +1.1 lub nowszym) będzie traktowany jako skrypt CGI i uruchamiany przez +serwer, a jego wyjście będzie zwracane klientowi. Pliki uzyskują ten +typ przez posiadanie nazwy zawierającej rozszerzenie określone +dyrektywą AddType lub będąc w katalogu ScriptAlias. + +Przy używaniu wielowątkowych MPM pod uniksem zamiast tego modułu +należy używać modułu mod_cgid. Z poziomu użytkownika oba te moduły +zachowują się identycznie. + +%package mod_cgid +Summary: Execution of CGI scripts using an external CGI daemon +Summary(pl.UTF-8): Uruchamianie zewnętrznych skryptów CGI za pomocą daemona CGI +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/en/mod/mod_cgid.html +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_alias = %{version}-%{release} +Provides: apache(mod_cgid) = %{version}-%{release} +Provides: webserver(cgi) + +%description mod_cgid +Execution of CGI scripts using an external CGI daemon. + +Except for the optimizations and the additional ScriptSock directive, +mod_cgid behaves similarly to mod_cgi. + +This module should be used instead of mod_cgi whenever a +multi-threaded MPM is selected. + +%description mod_cgid -l pl.UTF-8 +Uruchamianie skryptów CGI za pomocą zewnętrznego demona CGI. + +Z wyjątkiem optymalizacji i dodatkowej dyrektywy ScriptSock, mod_cgid +zachowuje się podobnie do mod_cgi. + +Tego modułu należy używać zamiast mod_cgi zawsze, jeśli wybrano +wielowątkowy MPM. + +%package mod_charset_lite +Summary: Specify character set translation or recoding +Summary(pl.UTF-8): Translacja lub przekodowywanie znaków +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/en/mod/mod_charset_lite.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_charset_lite) = %{version}-%{release} + +%description mod_charset_lite +Specify character set translation or recoding. + +This module provides a small subset of configuration mechanisms +implemented by Russian Apache and its associated mod_charset. + +This is an experimental module and should be used with care. + +%description mod_charset_lite -l pl.UTF-8 +Translacja lub przekodowywanie znaków. + +Ten moduł udostępnia niewielki podzbiór mechanizmów konfiguracyjnych +zaimplementowanych przez Russian Apache i powiązany z nim mod_charset. + +Jest to moduł eksperymentalny i należy używać go z uwagą. + +%package mod_dav +Summary: Apache module - Distributed Authoring and Versioning +Summary(pl.UTF-8): Moduł Apache'a - rozproszone autorstwo i wersjonowanie +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/en/mod/mod_dav.html +Requires: %{name}-base = %{version}-%{release} +Requires: apache-mod_authn_file +Requires: apache-mod_setenvif +Requires: apr-util-dbm-db +Provides: apache(mod_dav) = %{version}-%{release} + +%description mod_dav +This module provides class 1 and class 2 WebDAV ('Web-based +Distributed Authoring and Versioning') functionality for Apache. This +extension to the HTTP protocol allows creating, moving, copying, and +deleting resources and collections on a remote web server. + +%description mod_dav -l pl.UTF-8 +Moduł udostępnia klasę 1 oraz klasę 2 WebDAV (Bazującego na WWW +rozproszonego autorstwa i wersjonowania). To rozszerzenie HTTP pozwala +na tworzenie, przesuwanie, kopiowanie oraz kasowanie zasobów na +zdalnym serwerze WWW. + +%package mod_dbd +Summary: Manages SQL database connections +Summary(pl.UTF-8): Zarządzanie połączeniami z bazą danych SQL +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/en/mod/mod_dbd.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_dbd) = %{version}-%{release} + +%description mod_dbd +mod_dbd manages SQL database connections using apr_dbd. It provides +database connections on request to modules requiring SQL database +functions, and takes care of managing databases with optimal +efficiency and scalability for both threaded and non-threaded MPMs. + +%description mod_dbd -l pl.UTF-8 +mod_dbd zarządza połączeniami z bazą danych SQL przy użyciu apr_dbd. +Udostępnia połączenia z bazą danych na żądanie modułów wymagających +funkcji bazy danych SQL, a następnie dba o zarządzanie bazami danych z +optymalną wydajnością i skalowalnością zarówno dla wątkowych jak i +niewątkowych MPM. + +%package mod_deflate +Summary: Apache module: Compress content before it is delivered to the client +Summary(pl.UTF-8): Moduł Apache'a kompresujący dane przed przesłaniem ich do klienta +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_deflate.html +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_headers = %{version}-%{release} +Provides: apache(mod_deflate) = %{version}-%{release} + +%description mod_deflate +Compress content before it is delivered to the client. + +%description mod_deflate -l pl.UTF-8 +Moduł kompresujący dane przed przesłaniem ich do klienta. + +%package mod_dir +Summary: Apache module for "trailing slash" redirects and serving directory index files +Summary(pl.UTF-8): Moduł Apache'a oferujący przekierowania i udostępnianie informacji o zawartości katalogu +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_dir.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_dir) = %{version}-%{release} +Provides: webserver(indexfile) + +%description mod_dir +This package contains mod_dir which provides "trailing slash" +redirects and serving directory index files. + +%description mod_dir -l pl.UTF-8 +Moduł oferujący przekierowania i udostępnianie informacji o zawartości +katalogu. + +%package mod_dumpio +Summary: Dumps all I/O to error log as desired +Summary(pl.UTF-8): Zrzucanie całości wejścia/wyjścia do logu błędów +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_dumpio.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_dumpio) = %{version}-%{release} + +%description mod_dumpio +mod_dumpio allows for the logging of all input received by Apache +and/or all output sent by Apache to be logged (dumped) to the +error.log file. + +The data logging is done right after SSL decoding (for input) and +right before SSL encoding (for output). As can be expected, this can +produce extreme volumes of data, and should only be used when +debugging problems. + +%description mod_dumpio -l pl.UTF-8 +mod_dumpio umożliwia logowanie całego wejścia otrzymanego przez +Apache'a i/lub całęgo wyjścia wysyłanego przez Apache'a do pliku +error.log. + +Logowanie danych następuja zaraz po zdekodowaniu SSL (dla wejścia) i +zaraz przed kodowaniem SSL (dla wyjścia). Jak można się spodziewać, ta +opcja może tworzyć ogromne ilości danych i powinna być używana tylko +przy diagnostyce problemów. + +%package mod_echo +Summary: A simple echo server to illustrate protocol modules +Summary(pl.UTF-8): Prosty serwer ocho ilustrujący moduły protokołów +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_echo.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_echo) = %{version}-%{release} + +%description mod_echo +This module provides an example protocol module to illustrate the +concept. It provides a simple echo server. Telnet to it and type +stuff, and it will echo it. + +%description mod_echo -l pl.UTF-8 +Ten moduł udostępnia przykładowy moduł protokołu ilustrujący ideę. +Udostępnia prosty serwer echo. Można się na niego zatelnetować i +napisać cokolwiek, a on odpowie tym samym. + +%package mod_env +Summary: Modifies the environment which is passed to CGI scripts and SSI pages +Summary(pl.UTF-8): Modyfikowanie środowiska przekazywanego skryptom CGI i stronom SSI +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_env.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_env) = %{version}-%{release} +Provides: webserver(setenv) + +%description mod_env +This module allows for control of the environment that will be +provided to CGI scripts and SSI pages. Environment variables may be +passed from the shell which invoked the httpd process. Alternatively, +environment variables may be set or unset within the configuration +process. + +%description mod_env -l pl.UTF-8 +Ten moduł pozwala na kontrolę środowiska udostępnianego skryptom CGI i +stronom SSI. Zmienne środowiskowe mogą być przekazywane z powłoki w +czasie uruchamiania procesu httpd, albo - alternatywnie - ustawiane i +usuwane w procesie konfiguracji. + +%package mod_expires +Summary: Apache module which generates Expires HTTP headers +Summary(pl.UTF-8): Moduł Apache'a generujący nagłówki HTTP Expires +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_expires.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_expires) = %{version}-%{release} +Provides: webserver(expires) + +%description mod_expires +This module controls the setting of the Expires HTTP header in server +responses. The expiration date can set to be relative to either the +time the source file was last modified, or to the time of the client +access. + +%description mod_expires -l pl.UTF-8 +Moduł kontroluje ustawianie nagłówka HTTP Expires. Data wygaśnięcia +ważności może być ustalana w zależności od czasu modyfikacji plików +źródłowych lub odwołania klienta. + +%package mod_ext_filter +Summary: Pass the response body through an external program before delivery to the client +Summary(pl.UTF-8): Przekazywanie ciała odpowiedzi do zewnętrznego programu przed przekazaniem klientowi +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_ext_filter.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_ext_filter) = %{version}-%{release} + +%description mod_ext_filter +mod_ext_filter presents a simple and familiar programming model for +filters. With this module, a program which reads from stdin and writes +to stdout (i.e., a Unix-style filter command) can be a filter for +Apache. + +This filtering mechanism is much slower than using a filter which is +specially written for the Apache API and runs inside of the Apache +server process, but it does have the following benefits: +- the programming model is much simpler +- any programming/scripting language can be used, provided that it + allows the program to read from standard input and write to standard + output +- existing programs can be used unmodified as Apache filters + +Even when the performance characteristics are not suitable for +production use, mod_ext_filter can be used as a prototype environment +for filters. + +%description mod_ext_filter -l pl.UTF-8 +mod_ext_filter przedstawia prosty i przyjazny model programowania dla +filtrów. Przy użyciu tego modułu program czytający ze standardowego +wejścia i piszący na standardowe wyjście (czyli uniksowe polecenie +filtrujące) może być filtrem dla Apache'a. + +Ten mechanizm filtrujący jest znacznie wolniejszy niż użycie filtru +napisanego specjalnie dla API Apache'a i działającego wewnątrz procesu +Apache'a, ale ma następujące zalety: +- znacznie prostszy model programowania +- możliwość użycia dowolnego języka programowania/skryptowego, jeśli + tylko umożliwia czytanie ze standardowego wejścia i pisanie na + standardowe wyjście +- możliwość użycia istniejących programów bez modyfikacji jako filtrów + Apache'a. + +Nawet kiedy charakterystyka wydajności nie jest odpowiednia dla użytku +produkcyjnego, mod_ext_filter można używać w środowisku prototypowym +dla filtrów. + +%package mod_file_cache +Summary: Apache module: caches a static list of files in memory +Summary(pl.UTF-8): Moduł Apache'a cache'ujący statyczną listę plików w pamięci +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_file_cache.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_file_cache) = %{version}-%{release} +Obsoletes: apache-mmap_static + +%description mod_file_cache +Caches a static list of files in memory. + +This module is an extension of and borrows heavily from the +mod_mmap_static module in Apache 1.3. + +%description mod_file_cache -l pl.UTF-8 +Moduł cache'ujący statyczną listę plików w pamięci. + +%package mod_filter +Summary: Context-sensitive smart filter configuration module +Summary(pl.UTF-8): Moduł inteligentnej, zależnej od kontekstu konfiguracji filtrów +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_filter.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_filter) = %{version}-%{release} + +%description mod_filter +This module enables smart, context-sensitive configuration of output +content filters. For example, apache can be configured to process +different content-types through different filters, even when the +content-type is not known in advance (e.g. in a proxy). + +%description mod_filter -l pl.UTF-8 +Ten moduł umożliwia inteligentne, zależne od kontekstu konfigurowanie +wyjściowych filtrów treści. Na przykład, Apache'a można skonfigurować +do przetwarzania różnych content-type poprzez różne filtry, nawet +jeśli content-type nie jest znany z góry (np. w wypadku proxy). + +%package mod_headers +Summary: Apache module allows for the customization of HTTP response headers +Summary(pl.UTF-8): Moduł Apache'a pozwalający na modyfikację nagłówków HTTP +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_headers.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_headers) = %{version}-%{release} + +%description mod_headers +This package contains mod_headers module. The module allows for the +customization of HTTP response headers. Headers can be merged, +replaced or removed. + +%description mod_headers -l pl.UTF-8 +Moduł pozwalający na łączenie, usuwanie oraz zamianę nagłówków HTTP +wysyłanych do przeglądarki. + +%package mod_ident +Summary: RFC 1413 ident lookups +Summary(pl.UTF-8): Sprawdzanie identyfikacji RFC 1413 +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_ident.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_ident) = %{version}-%{release} + +%description mod_ident +This module queries an RFC 1413 compatible daemon on a remote host to +look up the owner of a connection. + +%description mod_ident -l pl.UTF-8 +Ten moduł odpytuje demona zgodnego z RFC 1413 na zdalnym hoście w celu +sprawdzenia właściciela połączenia. + +%package mod_imagemap +Summary: Server-side imagemap processing +Summary(pl.UTF-8): Przetwarzanie map obrazów po stronie serwera +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_imagemap.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_imagemap) = %{version}-%{release} +Provides: apache-mod_imap +Obsoletes: apache-mod_imap + +%description mod_imagemap +This module processes .map files, thereby replacing the functionality +of the imagemap CGI program. Any directory or document type configured +to use the handler imap-file (using either AddHandler or SetHandler) +will be processed by this module. + +%description mod_imagemap -l pl.UTF-8 +Ten moduł przetwarza pliki .map zastępując funkcjonalność programu CGI +imagemap. Dowolny katalog lub rodzaj dokumentu skonfigurowany do +używania procedury obsługi imap-file (poprzez AddHandler lub +SetHandler) będzie przetwarzany przez ten moduł. + +%package mod_include +Summary: Server-parsed html documents (Server Side Includes) +Summary(pl.UTF-8): Dokumenty przetwarzane przez serwer (Server Side Includes) +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_include.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_include) = %{version}-%{release} + +%description mod_include +This module provides a filter which will process files before they are +sent to the client. The processing is controlled by specially +formatted SGML comments, referred to as elements. These elements allow +conditional text, the inclusion of other files or programs, as well as +the setting and printing of environment variables. + +%description mod_include -l pl.UTF-8 +Ten moduł dostarcza procedurę obsługi przetwarzającą pliki przed +wysłaniem ich do klienta. Przetwarzanie jest sterowane specjalnie +sformatowanymi komentarzami SGML, nazywanymi elementami. Elementy te +pozwalają na tekst warunkowy, dołączanie innych plików lub programów, +a także ustawianie i wypisywanie zmiennych środowiskowych. + +%package mod_info +Summary: Apache module with comprehensive overview of the server configuration +Summary(pl.UTF-8): Moduł Apache'a udostępniający informacje o serwerze +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_info.html +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_authz_host = %{version}-%{release} +Provides: apache(mod_info) = %{version}-%{release} + +%description mod_info +This package contains mod_info module. It provides a comprehensive +overview of the server configuration including all installed modules +and directives in the configuration files. + +%description mod_info -l pl.UTF-8 +Moduł udostępniający informacje o konfiguracji serwera, +zainstalowanych modułach itp. + +%package mod_ldap +Summary: Apache module for LDAP connection pooling and result caching services for other LDAP modules +Summary(pl.UTF-8): Moduł Apache'a zarządzający połączeniami z serwerami LDAP +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_ldap.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_ldap) = %{version}-%{release} + +%description mod_ldap +This module was created to improve the performance of websites relying +on backend connections to LDAP servers. In addition to the functions +provided by the standard LDAP libraries, this module adds an LDAP +connection pool and an LDAP shared memory cache. + +%description mod_ldap -l pl.UTF-8 +Moduł Apache'a poprawiający wydajność serwisów polegających na +połączeniach z serwerami LDAP. Oprócz funkcjo udostępnianych przez +standardowe biblioteki LDAP ten moduł dodaje zarządzanie pulą połączeń +i współdzieloną pamięć podręczną zapytań. + +%package mod_log_config +Summary: Logging of the requests made to the server +Summary(pl.UTF-8): Logowanie żądań zgłaszanych do serwera +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_log_config.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_log_config) = %{version}-%{release} +Provides: webserver(log) + +%description mod_log_config +This module provides for flexible logging of client requests. Logs are +written in a customizable format, and may be written directly to a +file, or to an external program. Conditional logging is provided so +that individual requests may be included or excluded from the logs +based on characteristics of the request. + +%description mod_log_config -l pl.UTF-8 +Ten moduł umożliwia elastyczne logowanie żądań klientów. Logi są +zapisywane w konfigurowalnym formacie i mogą być zapisywane +bezpośrednio do pliku lub przekazywane do zewnętrznego programu. +Dostępne jest logowanie warunkowe polegające na włączeniu lub +wyłączeniu poszczególnych żądań z logowania na podstawie +charakterystyki żądania. + +%package mod_log_forensic +Summary: Forensic Logging of the requests made to the server +Summary(pl.UTF-8): Logowanie żadań zgłaszanych do serwera w celu późniejszej analizy +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_log_forensic.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_log_forensic) = %{version}-%{release} + +%description mod_log_forensic +This module provides for forensic logging of client requests. Logging +is done before and after processing a request, so the forensic log +contains two log lines for each request. + +%description mod_log_forensic -l pl.UTF-8 +Ten moduł pozwala na logowanie żądań w celu późniejszej analizy. +Logowanie jest wykonywane przed i po przetworzeniu żądania, więc log +zawiera dwie linie dla każdego żądania. + +%package mod_logio +Summary: Logging of input and output bytes per request +Summary(pl.UTF-8): Logowanie liczby bajtów wejścia i wyjścia dla zapytań +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_logio.html +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_log_config = %{version}-%{release} +Provides: apache(mod_logio) = %{version}-%{release} + +%description mod_logio +This module provides the logging of input and output number of bytes +received/sent per request. The numbers reflect the actual bytes as +received on the network, which then takes into account the headers and +bodies of requests and responses. The counting is done before SSL/TLS +on input and after SSL/TLS on output, so the numbers will correctly +reflect any changes made by encryption. + +%description mod_logio -l pl.UTF-8 +Ten moduł zapewnia logowanie liczby bajtów wejścia i wyjścia +odbieranych/wysyłanych przy każdym zapytaniu. Liczby odzwierciedlają +rzeczywiste bajty przesyłane przez sieć, z wliczonymi nagłówkami i +ciałami żądań i odpowiedzi. Zliczanie jest wykonywane przed SSL/TLS na +wejściu i po SSL/TLS na wyjściu, więc liczby będą właściwie +odzwierciedlały wszystkie zmiany dokonywane przez szyfrowanie. + +%package mod_mime +Summary: Associates the requested filename's extensions with the file's behavior and content +Summary(pl.UTF-8): Wiązanie określonych rozszerzeń plików z zachowaniem i zawartością +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_mime.html +Requires: %{name}-base = %{version}-%{release} +Requires: mailcap +Provides: apache(mod_mime) = %{version}-%{release} +Provides: webserver(mime) + +%description mod_mime +This module is used to associate various bits of "meta information" +with files by their filename extensions. This information relates the +filename of the document to it's mime-type, language, character set +and encoding. This information is sent to the browser, and +participates in content negotiation, so the user's preferences are +respected when choosing one of several possible files to serve. See +mod_negotiation for more information about content negotiation. + +%description mod_mime -l pl.UTF-8 +Ten moduł służy do wiązania określonych części "metainformacji" z +plikami w zależności od rozszerzeń nazw plików. Informacje te łączą +nazwy plików dokumentów z ich typem MIME, językiem, zestawem znaków i +kodowaniem. Informacje te są wysyłane przeglądarce i mają wpływ na +negocjację treści, tak że preferencje użytkownika są respektowane przy +wybieraniu jednego z kilku dostępnych do zaserwowania. Więcej +informacji o negocjacji treści jest w dokumentacji do mod_negotiation. + +%package mod_mime_magic +Summary: Determines the MIME type of a file by looking at a few bytes of its contents +Summary(pl.UTF-8): Określanie typu MIME pliku poprzez sprawdzanie kilku bajtów jego zawartości +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_mime_magic.html +Requires: %{name}-base = %{version}-%{release} +Requires: file +Provides: apache(mod_mime_magic) = %{version}-%{release} + +%description mod_mime_magic +This module determines the MIME type of files in the same way the Unix +file(1) command works: it looks at the first few bytes of the file. It +is intended as a "second line of defense" for cases that mod_mime +can't resolve. + +%description mod_mime_magic -l pl.UTF-8 +Ten moduł określa typ MIME plików w ten sam sposób, co uniksowe +polecenie file(1): patrzy na kilka początkowych bajtów pliku. Ma +służyć jako "druga linia obrony" dla przypadków, których nie może +rozwiązać mod_mime. + +%package mod_negotiation +Summary: Provides for content negotiation +Summary(pl.UTF-8): Moduł do negocjacji treści +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_mime = %{version}-%{release} +Provides: apache(mod_negotiation) = %{version}-%{release} + +%description mod_negotiation +Content negotiation, or more accurately content selection, is the +selection of the document that best matches the clients capabilities, +from one of several available documents. + +%description mod_negotiation -l pl.UTF-8 +Negocjacja treści, lub bardziej precyzyjnie - wybór treści, to wybór +dokumentu najbardziej odpowiadającego możliwościom klientów spośród +kilku możliwych dokumentów. + +%package mod_proxy +Summary: Apache module with Web proxy +Summary(pl.UTF-8): Moduł Apache'a dodający obsługę serwera proxy +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_authz_host = %{version}-%{release} +Provides: apache(mod_proxy) = %{version}-%{release} + +%description mod_proxy +This package contains module with implementation a proxy/cache for +Apache. It implements proxying capability for FTP, CONNECT (for SSL), +HTTP/0.9, HTTP/1.0 and HTTP/1.1. The module can be configured to +connect to other proxy modules for these and other protocols. + +%description mod_proxy -l pl.UTF-8 +Moduł zawiera implementację serwera proxy/cache dla Apache. +Implementacja zawiera obsługę FTP, CONNECT (dla SSL), HTTP/0.9, +HTTP/1.0 i HTTP/1.1. + +%package mod_reqtimeout +Summary: Apache module to set timeout and minimum data rate for receiving requests +Summary(pl.UTF-8): Moduł Apache'a pozwalający na ustawianie limitu czasu oraz minimalnego transferu danych +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_reqtimeout.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_reqtimeout) = %{version}-%{release} +Provides: webserver(reqtimeout) + +%description mod_reqtimeout +Apache module to set timeout and minimum data rate for receiving +requests. + +%description mod_reqtimeout -l pl.UTF-8 +Moduł Apache'a pozwalający na ustawianie limitu czasu oraz minimalnego +transferu danych. + +%package mod_rewrite +Summary: Apache module with rule-based engine for rewrite requested URLs on the fly +Summary(pl.UTF-8): Moduł Apache'a do "przepisywania" adresów URL w locie +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_rewrite) = %{version}-%{release} +Provides: webserver(rewrite) + +%description mod_rewrite +This package contains It provides a rule-based rewriting engine to +rewrite requested URLs on the fly. + +%description mod_rewrite -l pl.UTF-8 +Moduł oferujący możliwość "przepisywania" adresów URL w locie. + +%package mod_setenvif +Summary: Allows the setting of environment variables based on characteristics of the request +Summary(pl.UTF-8): Ustawianie zmiennych środowiskowych w oparciu o charakterystykę żądania +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_setenvif) = %{version}-%{release} + +%description mod_setenvif +The mod_setenvif module allows you to set environment variables +according to whether different aspects of the request match regular +expressions you specify. These environment variables can be used by +other parts of the server to make decisions about actions to be taken. + +%description mod_setenvif -l pl.UTF-8 +Moduł mod_setenvif pozwala na ustawianie zmiennych środowiskowych w +zależności od różnych aspektów żądania pasujących do podanych wyrażeń +regularnych. Te zmienne środowiskowe mogą być używane przez inne +części serwera do podejmowania decyzji o podejmowanych akcjach. + +%package mod_speling +Summary: Attempts to correct mistaken URLs by ignoring capitalization and by allowing up to one misspelling +Summary(pl.UTF-8): Próba poprawiania błędnych URL-i poprzez ignorowanie wielkości liter i zezwalanie na jedną literówkę +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_speling.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_speling) = %{version}-%{release} + +%description mod_speling +Requests to documents sometimes cannot be served by the core apache +server because the request was misspelled or miscapitalized. This +module addresses this problem by trying to find a matching document, +even after all other modules gave up. It does its work by comparing +each document name in the requested directory against the requested +document name without regard to case, and allowing up to one +misspelling (character insertion / omission / transposition or wrong +character). A list is built with all document names which were matched +using this strategy. + +%description mod_speling -l pl.UTF-8 +Czasami żądania dokumentów nie mogą być wykonane przez sam serwer +Apache, ponieważ żądanie zostało napisane z błędem w znakach lub +wielkości liter. Ten moduł próbuje rozwiązać ten problem próbując +znaleźć pasujący dokument, nawet jeśli inne moduły się poddały. Działa +on poprzez porównywanie nazwy każdego dokumentu w żądanym katalogu z +żądaną nazwą dokumentu bez zwracania uwagi na wielkość liter i +pozwalając na jeden błąd (dodany, pominięty, przestawiony lub zły +znak). Tworzona jest lista dla wszystkich nazw dokumentów pasujących +dla tej strategii. + +%package mod_ssl +Summary: SSL/TLS module for the Apache HTTP server +Summary(pl.UTF-8): Moduł SSL/TSL dla serwera Apache +Summary(ru.UTF-8): Модуль SSL/TLS для веб-сервера Apache +Epoch: 1 +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html +Requires: %{name}-base = %{version}-%{release} +Requires: openssl >= %{openssl_ver} +%if "%{pld_release}" != "ac" +Requires: apr-util-dbm-db +%endif +Provides: apache(mod_ssl) = 1:%{version}-%{release} + +%description mod_ssl +The mod_ssl module provides strong cryptography for the Apache Web +server via the Secure Sockets Layer (SSL) and Transport Layer Security +(TLS) protocols. + +%description mod_ssl -l pl.UTF-8 +Moduł mod_ssl udostępnia wsparcie do silnej kryptografii dla serwera +Apache poprzez protokoły SSL/TSL (Secure Sockets Layer/Transport Layer +Security). + +%description mod_ssl -l ru.UTF-8 +Модуль mod_ssl обеспечивает поддержку в веб-сервере Apache надежного +шифрования средствами Secure Sockets Layer (SSL) и Transport Layer + +%package mod_status +Summary: Server status report module for Apache +Summary(pl.UTF-8): Moduł udostępniający informacje statystyczne z serwera Apache +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_status.html +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_authz_host = %{version}-%{release} +Provides: apache(mod_status) = %{version}-%{release} + +%description mod_status +The Status module allows a server administrator to find out how well +their server is performing. A HTML page is presented that gives the +current server statistics in an easily readable form. If required this +page can be made to automatically refresh (given a compatible +browser). + +%description mod_status -l pl.UTF-8 +Moduł pozwala administratorowi na przeglądanie statystyk dotyczących +pracy serwera Apache (w postaci strony HTML). + +%package mod_substitute +Summary: Substitute module for Apache +Summary(pl.UTF-8): Moduł pozwalający na znajdywanie i zastępowanie wyjścia dla serwera Apache +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_substitute.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_substitute) = %{version}-%{release} + +%description mod_substitute +The Substitute module provides a mechanism to perform both regular +expression and fixed string substitutions on response bodies. + +%description mod_substitute -l pl.UTF-8 +Moduł pozwala na zastępowanie ciągów znaków w wyjściu również na +podstawie wyrażenia regularnego. + +%package mod_unique_id +Summary: Apache module which provides a magic token for each request +Summary(pl.UTF-8): Moduł Apache'a nadający każdemu zapytaniu unikalny token +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_unique_id.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_unique_id) = %{version}-%{release} + +%description mod_unique_id +This package contains the mod_unique_id. This module provides a magic +token for each request which is guaranteed to be unique across "all" +requests under very specific conditions. The unique identifier is even +unique across multiple machines in a properly configured cluster of +machines. The environment variable UNIQUE_ID is set to the identifier +for each request. Unique identifiers are useful for various reasons +which are beyond the scope of this document. + +%description mod_unique_id -l pl.UTF-8 +Moduł nadaje każdemu zapytaniu token unikalny w ramach wszystkich +zapytań, nawet w ramach poprawnie skonfigurowanego klastra z wielu +maszyn. Moduł ustawia przy każdym zapytaniu zmienną środowiskową +UNIQUE_ID. + +%package mod_userdir +Summary: User-specific directories +Summary(pl.UTF-8): Katalogi specyficzne dla użytkowników +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_userdir.html +Requires: %{name}-base = %{version}-%{release} +Requires: %{name}-mod_authz_host = %{version}-%{release} +Provides: apache(mod_userdir) = %{version}-%{release} + +%description mod_userdir +This module allows user-specific directories to be accessed using the +http://example.com/~user/ syntax. + +%description mod_userdir -l pl.UTF-8 +Ten moduł pozwala na dostęp do katalogów specyficznych dla +użytkowników przy użyciu składni http://example.com/~user/ . + +%package mod_usertrack +Summary: Apache module for user tracking using cookies +Summary(pl.UTF-8): Moduł Apache'a służący do śledzenia "ciasteczek" +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_usertrack.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_usertrack) = %{version}-%{release} + +%description mod_usertrack +This package contains the user tracking module which did its own +logging using CookieLog directory. This module allow multiple log +files. + +%description mod_usertrack -l pl.UTF-8 +Ten pakiet zawiera moduł śledzący użytkowników zapisujący własny log +przy użyciu katalogu CookieLog. Pozwala na użycie wielu plików logów. + +%package mod_version +Summary: Version dependent configuration +Summary(pl.UTF-8): Konfiguracja zależna od wersji +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_version.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_version) = %{version}-%{release} + +%description mod_version +This module is designed for the use in test suites and large networks +which have to deal with different httpd versions and different +configurations. It provides a new container -- , which +allows a flexible version checking including numeric comparisons and +regular expressions. + +%description mod_version -l pl.UTF-8 +Ten moduł jest przeznaczony do używania w zestawach testów i dużych +sieciach, gdzie trzeba inaczej obsługiwać różne wersje httpd i różne +konfiguracje. Udostępnia nowy kontener: , umożliwiający +elastyczne sprawdzanie wersji włącznie z porównaniami liczbowymi i +wyrażeniami regularnymi. + +%package mod_vhost_alias +Summary: Apache module for dynamically configured mass virtual hosting +Summary(pl.UTF-8): Moduł Apache'a dodający obsługę hostów wirtualnych +Group: Networking/Daemons/HTTP +URL: http://httpd.apache.org/docs/2.2/mod/mod_vhost_alias.html +Requires: %{name}-base = %{version}-%{release} +Provides: apache(mod_vhost_alias) = %{version}-%{release} + +%description mod_vhost_alias +This package contains the mod_vhost_alias. It provides support for +dynamically configured mass virtual hosting. + +%description mod_vhost_alias -l pl.UTF-8 +Moduł umożliwia na dynamiczne konfigurowanie masowej ilości serwerów +wirtualnych. + +%package -n htpasswd-%{name} +Summary: Apache 2 htpasswd utility: manage user files for basic authentication +Summary(pl.UTF-8): Narzędzie htpasswd z Apache'a 2 do zarządzania plikami uwierzytelnienia basic +Group: Networking/Utilities +Provides: htpasswd +Obsoletes: htpasswd + +%description -n htpasswd-%{name} +htpasswd is used to create and update the flat-files used to store +usernames and password for basic authentication of HTTP users. This +package contains htpasswd from Apache 2; this version supports +plaintext passwords and CRYPT (default), MD5 and SHA1 encryptions. + +%description -n htpasswd-%{name} -l pl.UTF-8 +htpasswd służy do tworzenia i uaktualniania plików tekstowych +służących do przechowywania nazw użytkowników i haseł do podstawowego +uwierzytelnienia użytkowników HTTP. Ten pakiet zawiera htpasswd z +Apache'a 2; ta wersja obsługuje hasła zapisane czystym tekstem oraz +zakodowane algorytmami CRYPT (domyślnym), MD5 i SHA1. + +%package dbmtools +Summary: Apache 2 tools for manipulating DBM files +Summary(pl.UTF-8): Narzędzia Apache'a 2 do obróbki plików DBM +Group: Networking/Utilities +Requires: %{name}-base = %{version}-%{release} + +%description dbmtools +Apache 2 tools for manipulating DBM files. + +%description dbmtools -l pl.UTF-8 +Narzędzia Apache'a 2 do obróbki plików DBM. + +%package cgi_test +Summary: cgi test/demo programs +Summary(pl.UTF-8): Programy testowe/przykładowe cgi +Group: Networking/Utilities +Requires: %{name}-base = %{version}-%{release} +Requires: filesystem >= 2.0-1 + +%description cgi_test +Two cgi test/demo programs: test-cgi and print-env. + +%description cgi_test -l pl.UTF-8 +Dwa programy testowe/przykładowe cgi: test-cgi and print-env. + +%prep +%setup -q -n httpd-%{version} +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch12 -p1 +%patch14 -p1 +%patch15 -p1 +%patch18 -p1 +%patch19 -p1 +%patch20 -p1 +%patch23 -p1 +%patch24 -p1 +%patch25 -p1 +%patch26 -p1 +%patch28 -p1 +%patch29 -p1 + +# using system apr, apr-util and pcre +%{__rm} -r srclib/{apr,apr-util,pcre} + +# sanity check +MODULES_API=`awk '/#define MODULE_MAGIC_NUMBER_MAJOR/ {print $3}' include/ap_mmn.h` +if [ "$MODULES_API" != "%_apache_modules_api" ]; then + echo "Set %%_apache_modules_api to $MODULES_API and rerun." + exit 1 +fi + +# fix libdir (at least in PLD layout; no need to care about other ones) +sed -i -e 's,/lib$,/%{_lib},' config.layout + +%build +cp /usr/share/apr/build/apr_common.m4 build +%{__libtoolize} +%{__aclocal} -I build +cp /usr/share/automake/config.* build +%{__autoheader} +%{__autoconf} + +# from ./buildconf +: fixing timestamps for mod_ssl sources +cd modules/ssl +touch ssl_expr_parse.y +sleep 1 +touch ssl_expr_parse.c ssl_expr_parse.h ssl_expr_scan.l +sleep 1 +touch ssl_expr_scan.c +cd ../.. + +CPPFLAGS="-DMAX_SERVER_LIMIT=200000 -DBIG_SECURITY_HOLE=1" +for mpm in prefork worker %{?with_event:event} %{?with_itk:itk}; do +install -d "buildmpm-${mpm}"; cd "buildmpm-${mpm}" +../%configure \ + --enable-layout=PLD \ + --disable-v4-mapped \ + $( [ "${mpm}" = "prefork" -o "${mpm}" = "worker" -o "${mpm}" = "event" -o "${mpm}" = "itk" ] && echo "--enable-exception-hook" ) \ + --enable-modules=all \ + --enable-mods-shared=all \ + --enable-auth-anon \ + --enable-auth-dbm \ + --enable-authn-dbd \ + --enable-authn-alias \ + --enable-authz-dbm \ + --enable-authz-owner \ + %{?with_ldap:--enable-authnz-ldap} \ + --enable-auth-digest \ + --enable-file-cache \ + --enable-cache \ + --enable-disk-cache \ + --enable-mem-cache \ + --enable-dbd \ + %{?with_bucketeer:--enable-bucketeer} \ + --enable-dumpio \ + --enable-echo \ + --enable-charset-lite \ + --enable-deflate \ + %{?with_ldap:--enable-ldap} \ + --enable-ext-filter \ + --enable-case-filter \ + --enable-case-filter-in \ + --enable-log-forensic \ + --enable-logio \ + --with-z=%{_prefix} \ + --enable-mime-magic \ + --enable-cern-meta \ + --enable-expires \ + --enable-headers \ + --enable-ident \ + --enable-usertrack \ + --enable-unique-id \ + --enable-proxy \ + --enable-proxy-connect \ + --enable-proxy-ftp \ + --enable-proxy-http \ + --enable-proxy-ajp \ + --enable-proxy-balancer \ + %{?with_ssl:--enable-ssl %{?with_distcache:--enable-distcache}} \ + --enable-http \ + --enable-dav \ + --enable-info \ + --enable-suexec \ + --enable-cgi \ + --enable-cgid \ + --enable-dav-fs \ + --enable-dav-lock \ + --enable-vhost-alias \ + --enable-imagemap \ + --enable-speling \ + --enable-rewrite \ + --enable-so \ + --with-program-name=httpd.${mpm} \ + --with-mpm=${mpm} \ +%ifarch %{ix86} +%ifnarch i386 i486 + $( [ "${mpm}" = "leader" ] && echo "--enable-nonportable-atomics=yes" ) \ +%endif +%endif + --with-suexec-bin=%{_sbindir}/suexec \ + --with-suexec-caller=http \ + --with-suexec-docroot=%{_datadir} \ + --with-suexec-logfile=/var/log/httpd/suexec_log \ + --with-suexec-uidmin=500 \ + --with-suexec-gidmin=500 \ + --with-suexec-umask=077 \ + --with-apr=%{_bindir}/apr-1-config \ + --with-apr-util=%{_bindir}/apu-1-config \ + --with-pcre + +%{__make} +./httpd.${mpm} -l | grep -v "${mpm}" > modules-inside +cd .. + +done + +for mpm in worker %{?with_event:event} %{?with_itk:itk}; do + if ! cmp -s buildmpm-prefork/modules-inside buildmpm-${mpm}/modules-inside; then + echo "List of compiled modules is different between prefork-MPM and ${mpm}-MPM!" + echo "Build failed." + exit 1 + fi +done + +%install +rm -rf $RPM_BUILD_ROOT +install -d $RPM_BUILD_ROOT/etc/{logrotate.d,rc.d/init.d,sysconfig} \ + $RPM_BUILD_ROOT%{_var}/{log/{httpd,archive/httpd},{run,cache}/httpd,lock/mod_dav} \ + $RPM_BUILD_ROOT%{_sysconfdir}/{webapps.d,conf.d,vhosts.d} \ + $RPM_BUILD_ROOT%{_datadir}/{cgi-bin,vhosts} \ + $RPM_BUILD_ROOT/usr/lib/tmpfiles.d + +# prefork is default one +%{__make} -C buildmpm-prefork install \ + DESTDIR=$RPM_BUILD_ROOT + +# install other mpm-s +for mpm in worker %{?with_event:event} %{?with_itk:itk}; do + install buildmpm-${mpm}/httpd.${mpm} $RPM_BUILD_ROOT%{_sbindir}/httpd.${mpm} +done + +ln -s httpd.prefork $RPM_BUILD_ROOT%{_sbindir}/httpd +ln -s %{_libexecdir} $RPM_BUILD_ROOT%{_sysconfdir}/modules +ln -s %{_localstatedir}/run/httpd $RPM_BUILD_ROOT%{_sysconfdir}/run +ln -s %{_var}/log/httpd $RPM_BUILD_ROOT%{_sysconfdir}/logs +ln -s conf.d $RPM_BUILD_ROOT%{_sysconfdir}/httpd.conf + +install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/httpd +cp -a %{SOURCE2} $RPM_BUILD_ROOT/etc/logrotate.d/httpd +cp -a %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/httpd + +touch $RPM_BUILD_ROOT/var/log/httpd/{access,error,agent,referer,suexec}_log + +%if %{with ssl} +install -d $RPM_BUILD_ROOT%{_sysconfdir}/ssl +cp -a %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/ssl/server.crt +cp -a %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/ssl/server.key +%endif + +cp -a %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/apache.conf + +CFG="$RPM_BUILD_ROOT%{_sysconfdir}/conf.d" + +cp -a %{SOURCE7} $CFG/10_common.conf +cp -a %{SOURCE23} $CFG/01_mod_mime.conf +cp -a %{SOURCE24} $CFG/01_mod_authz_host.conf +cp -a %{SOURCE25} $CFG/01_mod_cgid.conf +cp -a %{SOURCE26} $CFG/01_mod_log_config.conf +cp -a %{SOURCE27} $CFG/01_mod_mime_magic.conf +cp -a %{SOURCE28} $CFG/01_mod_cache.conf +cp -a %{SOURCE8} $CFG/20_mod_vhost_alias.conf +cp -a %{SOURCE9} $CFG/25_mod_status.conf +cp -a %{SOURCE10} $CFG/30_mod_proxy.conf +cp -a %{SOURCE11} $CFG/35_mod_info.conf +cp -a %{SOURCE12} $CFG/40_mod_ssl.conf +cp -a %{SOURCE13} $CFG/45_mod_dav.conf +cp -a %{SOURCE14} $CFG/59_mod_dir.conf +cp -a %{SOURCE15} $CFG/13_mod_suexec.conf +cp -a %{SOURCE16} $CFG/58_mod_deflate.conf +cp -a %{SOURCE17} $CFG/57_mod_autoindex.conf +cp -a %{SOURCE18} $CFG/30_errordocs.conf +cp -a %{SOURCE19} $CFG/30_manual.conf +cp -a %{SOURCE20} $CFG/16_mod_userdir.conf +cp -a %{SOURCE21} $CFG/10_mpm.conf +cp -a %{SOURCE22} $CFG/20_languages.conf +cp -a %{SOURCE29} $RPM_BUILD_ROOT%{_sysconfdir}/vhosts.d/example.net.conf + +install %{SOURCE30} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/%{name}.conf + +echo "LoadModule alias_module modules/mod_alias.so" > $CFG/00_mod_alias.conf +echo "LoadModule authn_file_module modules/mod_authn_file.so" > $CFG/00_mod_authn_file.conf +echo "LoadModule authn_dbm_module modules/mod_authn_dbm.so" > $CFG/00_mod_authn_dbm.conf +echo "LoadModule authn_anon_module modules/mod_authn_anon.so" > $CFG/00_mod_authn_anon.conf +echo "LoadModule authn_dbd_module modules/mod_authn_dbd.so" > $CFG/00_mod_authn_dbd.conf +echo "LoadModule authn_default_module modules/mod_authn_default.so" > $CFG/00_mod_authn_default.conf +echo "LoadModule authn_alias_module modules/mod_authn_alias.so" > $CFG/00_mod_authn_alias.conf +echo "LoadModule authz_groupfile_module modules/mod_authz_groupfile.so" > $CFG/00_mod_authz_groupfile.conf +echo "LoadModule authz_user_module modules/mod_authz_user.so" > $CFG/00_mod_authz_user.conf +echo "LoadModule authz_dbm_module modules/mod_authz_dbm.so" > $CFG/00_mod_authz_dbm.conf +echo "LoadModule authz_owner_module modules/mod_authz_owner.so" > $CFG/00_mod_authz_owner.conf +echo "LoadModule authnz_ldap_module modules/mod_authnz_ldap.so" > $CFG/00_mod_authnz_ldap.conf +echo "LoadModule authz_default_module modules/mod_authz_default.so" > $CFG/00_mod_authz_default.conf +echo "LoadModule auth_basic_module modules/mod_auth_basic.so" > $CFG/00_mod_auth_basic.conf +echo "LoadModule dbd_module modules/mod_dbd.so" > $CFG/00_mod_dbd.conf +%if %{with bucketeer} +echo "LoadModule bucketeer_module modules/mod_bucketeer.so" > $CFG/00_mod_bucketeer.conf +%endif +echo "LoadModule dumpio_module modules/mod_dumpio.so" > $CFG/00_mod_dumpio.conf +echo "LoadModule echo_module modules/mod_echo.so" > $CFG/00_mod_echo.conf +echo "LoadModule case_filter_module modules/mod_case_filter.so" > $CFG/00_mod_case_filter.conf +echo "LoadModule case_filter_in_module modules/mod_case_filter_in.so" > $CFG/00_mod_case_filter_in.conf +echo "LoadModule ext_filter_module modules/mod_ext_filter.so" > $CFG/00_mod_ext_filter.conf +echo "LoadModule include_module modules/mod_include.so" > $CFG/00_mod_include.conf +echo "LoadModule filter_module modules/mod_filter.so" > $CFG/00_mod_filter.conf +echo "LoadModule log_forensic_module modules/mod_log_forensic.so" > $CFG/00_mod_log_forensic.conf +echo "LoadModule logio_module modules/mod_logio.so" > $CFG/00_mod_logio.conf +echo "LoadModule env_module modules/mod_env.so" > $CFG/00_mod_env.conf +echo "LoadModule cern_meta_module modules/mod_cern_meta.so" > $CFG/00_mod_cern_meta.conf +echo "LoadModule ident_module modules/mod_ident.so" > $CFG/00_mod_ident.conf +echo "LoadModule setenvif_module modules/mod_setenvif.so" > $CFG/00_mod_setenvif.conf +echo "LoadModule version_module modules/mod_version.so" > $CFG/00_mod_version.conf +echo "LoadModule asis_module modules/mod_asis.so" > $CFG/00_mod_asis.conf +echo "LoadModule cgi_module modules/mod_cgi.so" > $CFG/00_mod_cgi.conf +echo "LoadModule negotiation_module modules/mod_negotiation.so" > $CFG/00_mod_negotiation.conf +echo "LoadModule imagemap_module modules/mod_imagemap.so" > $CFG/00_mod_imagemap.conf +echo "LoadModule speling_module modules/mod_speling.so" > $CFG/00_mod_speling.conf +echo "LoadModule ldap_module modules/mod_ldap.so" > $CFG/00_mod_ldap.conf +echo "LoadModule actions_module modules/mod_actions.so" > $CFG/00_mod_actions.conf +echo "LoadModule auth_digest_module modules/mod_auth_digest.so" > $CFG/00_mod_auth_digest.conf +echo "LoadModule charset_lite_module modules/mod_charset_lite.so" > $CFG/00_mod_charset_lite.conf +echo "LoadModule expires_module modules/mod_expires.so" > $CFG/00_mod_expires.conf +echo "LoadModule file_cache_module modules/mod_file_cache.so" > $CFG/00_mod_file_cache.conf +echo "LoadModule headers_module modules/mod_headers.so" > $CFG/00_mod_headers.conf +echo "LoadModule rewrite_module modules/mod_rewrite.so" > $CFG/00_mod_rewrite.conf +echo "LoadModule usertrack_module modules/mod_usertrack.so" > $CFG/00_mod_usertrack.conf +echo "LoadModule unique_id_module modules/mod_unique_id.so" > $CFG/00_mod_unique_id.conf +echo "LoadModule substitute_module modules/mod_substitute.so" > $CFG/00_mod_substitute.conf +echo "LoadModule reqtimeout_module modules/mod_reqtimeout.so" >> $CFG/00_mod_reqtimeout.conf + +# anything in style dir not ending with .css is trash +%{__rm} -r $RPM_BUILD_ROOT%{_datadir}/manual/style/{lang,latex,xsl} +find $RPM_BUILD_ROOT%{_datadir}/manual/style -type f ! -name '*.css' -print0 | xargs -0r rm -f + +# find manual files +> manual.files +cur=$(pwd) +cd $RPM_BUILD_ROOT +find ./%{_datadir}/manual -type d -printf "%%%%dir %{_datadir}/manual/%%P\n" >> "$cur/manual.files" +find ./%{_datadir}/manual -type f -printf "%{_datadir}/manual/%%P\n" | sed -e ' +s/^.*\.\(de\|es\|fr\|ja\|ko\|ru\)\(\..*\)\?/%%lang(\1) &/ +s/^.*\.\(pt-br\)/%%lang(pt_BR) &/ +' >> "$cur/manual.files" +cd $cur + +# htpasswd goes to %{_bindir} +mv $RPM_BUILD_ROOT%{_sbindir}/htpasswd $RPM_BUILD_ROOT%{_bindir} +ln -sf %{_bindir}/htpasswd $RPM_BUILD_ROOT%{_sbindir} + +# cgi_test: create config file with ScriptAlias +cat << 'EOF' > $CFG/09_cgi_test.conf +ScriptAlias /cgi-bin/printenv %{_cgibindir}/printenv +ScriptAlias /cgi-bin/test-cgi %{_cgibindir}/test-cgi +EOF + +# our suexec is patched to support php + fcgi + suexec with +# virtual users when called as suexec.fcgi +ln -sf suexec $RPM_BUILD_ROOT%{_sbindir}/suexec.fcgi + +# no value +%{__rm} $RPM_BUILD_ROOT%{_libexecdir}/build/config.nice +%{__rm} $RPM_BUILD_ROOT%{_libexecdir}/*.exp +%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/mime.types +%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/httpd.prefork.conf +%{__rm} -r $RPM_BUILD_ROOT%{_sysconfdir}/{extra,original} + +%clean +rm -rf $RPM_BUILD_ROOT + +%pre base +%groupadd -g 51 http +%useradd -u 51 -r -d /home/services/httpd -s /bin/false -c "HTTP User" -g http http + +%pretrans base +# change httpd.conf from dir to symlink +if [ ! -L /etc/httpd/httpd.conf ]; then + if [ -d /etc/httpd/httpd.conf ]; then + if [ -d /etc/httpd/conf.d ]; then + mv /etc/httpd/httpd.conf/* /etc/httpd/conf.d + rmdir /etc/httpd/httpd.conf 2>/dev/null || mv -v /etc/httpd/httpd.conf{,.rpmsave} + else + mv /etc/httpd/httpd.conf /etc/httpd/conf.d + fi + + # new module packages issue error as first installed over 2.0 installation + mv -f /var/lock/subsys/httpd{,.disabled} 2>/dev/null + fi + + # always have httpd.conf symlink (until all packages from Ac use new dir) + install -d /etc/httpd + ln -s conf.d /etc/httpd/httpd.conf +fi +exit 0 + +%post base +/sbin/chkconfig --add httpd +umask 137 +touch /var/log/httpd/{access,error,agent,referer}_log + +%preun base +if [ "$1" = "0" ]; then + %service httpd stop + /sbin/chkconfig --del httpd +fi + +%postun base +if [ "$1" = "0" ]; then + %userremove http + %groupremove http +fi + +%triggerpostun base -- %{name} < 2.0.50-6.9 +%banner %{name}-2.0.50-6 << EOF +WARNING!!! +Since apache-2.0.50-6 autoindex module has been separated to package +%{name}-mod_autoindex If you want to have the same functionality do: +poldek -Uv %{name}-mod_autoindex +EOF + +%triggerpostun base -- %{name} < 2.0.54-4 +%banner %{name}-2.0.54-2 << EOF +WARNING!!! +CGI demo/test programs - printenv and test-cgi, have been released +from package apache into separate subpackage apache-cgi_test. If you +need printenv and/or test-cgi, please install apache-cgi_test package, +e.g. by running poldek -Uv apache-cgi_test +EOF + +# update /etc/sysconfig/apache -> httpd rename +if [ -f /etc/sysconfig/apache.rpmsave ]; then + cp -f /etc/sysconfig/httpd{,.rpmnew} + mv -f /etc/sysconfig/{apache.rpmsave,httpd} +fi + +%triggerpostun base -- %{name} < 2.0.55-3.1 +# check for config first as in 2.2 it's .rpmsave +if [ -f /etc/httpd/httpd.conf/10_httpd.conf ]; then + if ! grep -q 'Include webapps.d/' /etc/httpd/httpd.conf/10_httpd.conf; then + # make sure webapps.d is included + cp -f /etc/httpd/httpd.conf/10_httpd.conf{,.rpmsave} + # this file is ugly, so just append new lines + cat <<-EOF >> /etc/httpd/httpd.conf/10_httpd.conf + # Include webapps config + Include webapps.d/*.conf +EOF + fi +fi + +%triggerpostun base -- %{name} < 2.2.0 +# change HTTPD_CONF to point to new location. *only* if it's the +# default config setting +cp -f /etc/sysconfig/httpd{,.rpmorig} +sed -i -e '/^HTTPD_CONF="\/etc\/httpd\/httpd.conf"/s,.*,HTTPD_CONF="/etc/httpd/apache.conf",' /etc/sysconfig/httpd + +if [ -f /etc/httpd/conf.d/10_httpd.conf.rpmsave ]; then + sed -e ' + # as separate modules + /^LoadModule access_module/s,^,#, + /^LoadModule alias_module/s,^,#, + /^LoadModule asis_module/s,^,#, + /^LoadModule cern_meta_module/s,^,#, + /^LoadModule cgi_module/s,^,#, + /^LoadModule env_module/s,^,#, + /^LoadModule include_module/s,^,#, + /^LoadModule log_config_module/s,^,#, + /^LoadModule mime_magic_module/s,^,#, + /^LoadModule mime_module/s,^,#, + /^LoadModule negotiation_module/s,^,#, + /^LoadModule setenvif_module/s,^,#, + /^LoadModule speling_module/s,^,#, + /^LoadModule userdir_module/s,^,#, + + # in 30_errordocs.conf + //,/<\/IfModule>/s,^,#, + + # in 57_mod_autoindex.conf + /^Alias \/icons\//s,^,#, + + # in apache.conf + /^ScriptAlias \/cgi-bin\//s,^,#, + /^Listen 80/s,^,#, + + # avoid loops + /Include conf.d\/\*.conf/s,^,#, + /Include webapps.d\/\*.conf/s,^,#, + + ' < /etc/httpd/conf.d/10_httpd.conf.rpmsave > /etc/httpd/conf.d/10_httpd.conf +fi + +%banner -e %{name} <<'EOF' +NB! Apache main config has been changed to /etc/httpd/apache.conf + +There has been changed a lot, so many things could be broken. +Please report bugs to . + +EOF + +%triggerpostun mod_ssl -- %{name}-mod_ssl < 1:2.2.0-3.1 +cp -f /etc/httpd/conf.d/40_mod_ssl.conf{,.rpmsave} +sed -i -e ' + s,/var/run/apache,/var/run/httpd,g + s,/var/cache/apache,/var/cache/httpd,g +' /etc/httpd/conf.d/40_mod_ssl.conf + +%posttrans base +# restore lock which we disabled in pretrans +mv -f /var/lock/subsys/httpd{.disabled,} 2>/dev/null + +# minimizing apache restarts logics. we restart webserver: +# +# 1. at the end of transaction. (posttrans, feature from rpm 4.4.2) +# 2. first install of module (post: $1 = 1) +# 2. uninstall of module (postun: $1 == 0) +# +# the strict internal deps between apache modules and +# main package are very important for all this to work. + +# restart webserver at the end of transaction +%service httpd restart + +# macro called at module post scriptlet +%define module_post \ +if [ "$1" = "1" ]; then \ + %service -q httpd restart \ +fi + +# macro called at module postun scriptlet +%define module_postun \ +if [ "$1" = "0" ]; then \ + %service -q httpd restart \ +fi + +# it's sooo annoying to write them +%define module_scripts() \ +%post %1 \ +%module_post \ +\ +%postun %1 \ +%module_postun + +%module_scripts mod_actions +%module_scripts mod_alias +%module_scripts mod_asis +%module_scripts mod_auth_basic +%module_scripts mod_auth_dbm +%module_scripts mod_auth_digest +%module_scripts mod_authn_alias +%module_scripts mod_authn_anon +%module_scripts mod_authn_dbd +%module_scripts mod_authn_dbm +%module_scripts mod_authn_default +%module_scripts mod_authn_file +%module_scripts mod_authnz_ldap +%module_scripts mod_authz_dbm +%module_scripts mod_authz_default +%module_scripts mod_authz_groupfile +%module_scripts mod_authz_host +%module_scripts mod_authz_owner +%module_scripts mod_authz_user +%module_scripts mod_autoindex +%module_scripts mod_bucketeer +%module_scripts mod_cache +%module_scripts mod_case_filter +%module_scripts mod_case_filter_in +%module_scripts mod_cern_meta +%module_scripts mod_cgi +%module_scripts mod_cgid +%module_scripts mod_charset_lite +%module_scripts mod_dav +%module_scripts mod_dbd +%module_scripts mod_deflate +%module_scripts mod_dir +%module_scripts mod_dumpio +%module_scripts mod_echo +%module_scripts mod_env +%module_scripts mod_expires +%module_scripts mod_ext_filter +%module_scripts mod_file_cache +%module_scripts mod_filter +%module_scripts mod_headers +%module_scripts mod_ident +%module_scripts mod_imagemap +%module_scripts mod_include +%module_scripts mod_info +%module_scripts mod_ldap +%module_scripts mod_log_config +%module_scripts mod_log_forensic +%module_scripts mod_logio +%module_scripts mod_mime +%module_scripts mod_mime_magic +%module_scripts mod_negotiation +%module_scripts mod_proxy +%module_scripts mod_reqtimeout +%module_scripts mod_rewrite +%module_scripts mod_setenvif +%module_scripts mod_speling +%module_scripts mod_ssl +%module_scripts mod_status +%module_scripts mod_substitute +%module_scripts mod_unique_id +%module_scripts mod_userdir +%module_scripts mod_usertrack +%module_scripts mod_version +%module_scripts mod_vhost_alias +%module_scripts suexec + +%post cgi_test +if [ "$1" = "1" ]; then + %service -q httpd reload +fi + +%postun cgi_test +if [ "$1" = "0" ]; then + %service -q httpd reload +fi + +%post errordocs +if [ "$1" = "1" ]; then + %service -q httpd reload +fi + +%postun errordocs +if [ "$1" = "0" ]; then + %service -q httpd reload +fi + +%files +%defattr(644,root,root,755) + +%files base +%defattr(644,root,root,755) +%doc ABOUT_APACHE CHANGES README +%doc docs/conf/mime.types +%attr(754,root,root) /etc/rc.d/init.d/httpd +%attr(751,root,root) %dir %{_sysconfdir} +%{_sysconfdir}/modules +%{_sysconfdir}/run +%{_sysconfdir}/logs +%ghost %{_sysconfdir}/httpd.conf +%attr(750,root,root) %dir %{_sysconfdir}/conf.d +%attr(750,root,root) %dir %{_sysconfdir}/vhosts.d +%attr(750,root,root) %dir %{_sysconfdir}/webapps.d +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/apache.conf +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_common.conf +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mpm.conf +%attr(640,root,root) %config(noreplace,missingok) %verify(not md5 mtime size) %{_sysconfdir}/vhosts.d/example.net.conf +%attr(640,root,root) %{_sysconfdir}/magic +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/httpd +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/* + +%dir %{_libexecdir} + +%attr(755,root,root) %{_sbindir}/checkgid +%attr(755,root,root) %{_sbindir}/httpd +%attr(755,root,root) %{_sbindir}/httpd.* + +%dir %attr(770,root,http) /var/run/httpd +%dir %attr(770,root,http) /var/cache/httpd + +/usr/lib/tmpfiles.d/%{name}.conf + +%{_mandir}/man8/httpd.8* + +%attr(2751,root,logs) %dir /var/log/httpd +%attr(2750,root,logs) %dir /var/log/archive/httpd +%attr(640,root,logs) %ghost /var/log/httpd/* + +%dir %{_datadir} + +%dir %{_datadir}/cgi-bin +%dir %{_datadir}/html +%dir %{_datadir}/vhosts +# do not adapter here, %{_datadir} != /usr/share here +%{_datadir}/icons + +%files doc -f manual.files +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_manual.conf + +%files errordocs +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_errordocs.conf +%{_datadir}/error + +%files suexec +%defattr(644,root,root,755) +%attr(4755,root,root) %{_sbindir}/suexec +%attr(755,root,root) %{_sbindir}/suexec.fcgi +%attr(755,root,root) %{_libexecdir}/mod_suexec.so +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_suexec.conf +%{_mandir}/man8/suexec.8* + +%files index +%defattr(644,root,root,755) +%config(noreplace,missingok) %{_datadir}/html/index.html* + +%files tools +%defattr(644,root,root,755) +%attr(755,root,root) %{_sbindir}/ab +%attr(755,root,root) %{_sbindir}/apachectl +%attr(755,root,root) %{_sbindir}/htdigest +%attr(755,root,root) %{_sbindir}/logresolve +%attr(755,root,root) %{_sbindir}/rotatelogs +%{_mandir}/man1/ab.1* +%{_mandir}/man8/apachectl.8* +%{_mandir}/man1/htdigest.1* +%{_mandir}/man1/logresolve.1* +%{_mandir}/man8/rotatelogs.8* + +%files devel +%defattr(644,root,root,755) +%attr(755,root,root) %{_sbindir}/apxs +%attr(755,root,root) %{_sbindir}/envvars* +%dir %{_libexecdir} +%dir %{_libexecdir}/build +%{_libexecdir}/build/[lprs]*.mk +%{_libexecdir}/build/config_vars.mk +%attr(755,root,root) %{_libexecdir}/build/*.sh +%{_includedir} +%{_mandir}/man1/apxs.1* + +%files mod_actions +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_actions.conf +%attr(755,root,root) %{_libexecdir}/mod_actions.so + +%files mod_alias +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_alias.conf +%attr(755,root,root) %{_libexecdir}/mod_alias.so + +%files mod_asis +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_asis.conf +%attr(755,root,root) %{_libexecdir}/mod_asis.so + +%files mod_auth +%defattr(644,root,root,755) + +%files mod_auth_basic +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_auth_basic.conf +%attr(755,root,root) %{_libexecdir}/mod_auth_basic.so + +%files mod_auth_dbm +%defattr(644,root,root,755) + +%files mod_auth_digest +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_auth_digest.conf +%attr(755,root,root) %{_libexecdir}/mod_auth_digest.so + +%files mod_authn_alias +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authn_alias.conf +%attr(755,root,root) %{_libexecdir}/mod_authn_alias.so + +%files mod_authn_anon +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authn_anon.conf +%attr(755,root,root) %{_libexecdir}/mod_authn_anon.so + +%files mod_authn_dbd +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authn_dbd.conf +%attr(755,root,root) %{_libexecdir}/mod_authn_dbd.so + +%files mod_authn_dbm +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authn_dbm.conf +%attr(755,root,root) %{_libexecdir}/mod_authn_dbm.so + +%files mod_authn_default +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authn_default.conf +%attr(755,root,root) %{_libexecdir}/mod_authn_default.so + +%files mod_authn_file +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authn_file.conf +%attr(755,root,root) %{_libexecdir}/mod_authn_file.so + +%if %{with ldap} +%files mod_authnz_ldap +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authnz_ldap.conf +%attr(755,root,root) %{_libexecdir}/mod_authnz_ldap.so +%endif + +%files mod_authz_dbm +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authz_dbm.conf +%attr(755,root,root) %{_libexecdir}/mod_authz_dbm.so + +%files mod_authz_default +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authz_default.conf +%attr(755,root,root) %{_libexecdir}/mod_authz_default.so + +%files mod_authz_groupfile +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authz_groupfile.conf +%attr(755,root,root) %{_libexecdir}/mod_authz_groupfile.so + +%files mod_authz_host +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authz_host.conf +%attr(755,root,root) %{_libexecdir}/mod_authz_host.so + +%files mod_authz_owner +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authz_owner.conf +%attr(755,root,root) %{_libexecdir}/mod_authz_owner.so + +%files mod_authz_user +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authz_user.conf +%attr(755,root,root) %{_libexecdir}/mod_authz_user.so + +%files mod_autoindex +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_autoindex.conf +%attr(755,root,root) %{_libexecdir}/mod_autoindex.so + +%if %{with bucketeer} +%files mod_bucketeer +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_bucketeer.conf +%attr(755,root,root) %{_libexecdir}/mod_bucketeer.so +%endif + +%files mod_cache +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_cache.conf +%attr(755,root,root) %{_sbindir}/htcacheclean +%attr(755,root,root) %{_libexecdir}/mod_cache.so +%attr(755,root,root) %{_libexecdir}/mod_disk_cache.so +%attr(755,root,root) %{_libexecdir}/mod_mem_cache.so +%{_mandir}/man8/htcacheclean.8* + +%files mod_case_filter +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_case_filter.conf +%attr(755,root,root) %{_libexecdir}/mod_case_filter.so + +%files mod_case_filter_in +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_case_filter_in.conf +%attr(755,root,root) %{_libexecdir}/mod_case_filter_in.so + +%files mod_cern_meta +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_cern_meta.conf +%attr(755,root,root) %{_libexecdir}/mod_cern_meta.so + +%files mod_cgi +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_cgi.conf +%attr(755,root,root) %{_libexecdir}/mod_cgi.so + +%files mod_cgid +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_cgid.conf +%attr(755,root,root) %{_libexecdir}/mod_cgid.so + +%files mod_charset_lite +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_charset_lite.conf +%attr(755,root,root) %{_libexecdir}/mod_charset_lite.so + +%files mod_dav +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_dav.conf +%attr(755,root,root) %{_libexecdir}/mod_dav*.so +%dir %attr(770,root,http) /var/lock/mod_dav + +%files mod_dbd +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_dbd.conf +%attr(755,root,root) %{_libexecdir}/mod_dbd.so + +%files mod_deflate +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_deflate.conf +%attr(755,root,root) %{_libexecdir}/mod_deflate.so + +%files mod_dir +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_dir.conf +%attr(755,root,root) %{_libexecdir}/mod_dir.so + +%files mod_dumpio +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_dumpio.conf +%attr(755,root,root) %{_libexecdir}/mod_dumpio.so + +%files mod_echo +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_echo.conf +%attr(755,root,root) %{_libexecdir}/mod_echo.so + +%files mod_env +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_env.conf +%attr(755,root,root) %{_libexecdir}/mod_env.so + +%files mod_expires +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_expires.conf +%attr(755,root,root) %{_libexecdir}/mod_expires.so + +%files mod_ext_filter +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_ext_filter.conf +%attr(755,root,root) %{_libexecdir}/mod_ext_filter.so + +%files mod_file_cache +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_file_cache.conf +%attr(755,root,root) %{_libexecdir}/mod_file_cache.so + +%files mod_filter +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_filter.conf +%attr(755,root,root) %{_libexecdir}/mod_filter.so + +%files mod_headers +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_headers.conf +%attr(755,root,root) %{_libexecdir}/mod_headers.so + +%files mod_ident +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_ident.conf +%attr(755,root,root) %{_libexecdir}/mod_ident.so + +%files mod_imagemap +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_imagemap.conf +%attr(755,root,root) %{_libexecdir}/mod_imagemap.so + +%files mod_include +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_include.conf +%attr(755,root,root) %{_libexecdir}/mod_include.so + +%files mod_info +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_info.conf +%attr(755,root,root) %{_libexecdir}/mod_info.so + +%if %{with ldap} +%files mod_ldap +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_ldap.conf +%attr(755,root,root) %{_libexecdir}/mod_ldap.so +%endif + +%files mod_log_config +%defattr(644,root,root,755) +%attr(755,root,root) %{_libexecdir}/mod_log_config.so +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_log_config.conf + +%files mod_log_forensic +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_log_forensic.conf +%attr(755,root,root) %{_libexecdir}/mod_log_forensic.so + +%files mod_logio +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_logio.conf +%attr(755,root,root) %{_libexecdir}/mod_logio.so + +%files mod_mime +%defattr(644,root,root,755) +%attr(755,root,root) %{_libexecdir}/mod_mime.so +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_mime.conf + +%files mod_mime_magic +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_mime_magic.conf +%attr(755,root,root) %{_libexecdir}/mod_mime_magic.so + +%files mod_negotiation +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_negotiation.conf +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_languages.conf +%attr(755,root,root) %{_libexecdir}/mod_negotiation.so + +%files mod_proxy +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_proxy.conf +%attr(755,root,root) %{_libexecdir}/mod_proxy*.so + +%files mod_reqtimeout +%defattr(644,root,root,755) +%attr(755,root,root) %{_libexecdir}/mod_reqtimeout.so +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_reqtimeout.conf + +%files mod_rewrite +%defattr(644,root,root,755) +%attr(755,root,root) %{_sbindir}/httxt2dbm +%attr(755,root,root) %{_libexecdir}/mod_rewrite.so +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_rewrite.conf +%{_mandir}/man1/httxt2dbm.1* + +%files mod_setenvif +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_setenvif.conf +%attr(755,root,root) %{_libexecdir}/mod_setenvif.so + +%files mod_speling +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_speling.conf +%attr(755,root,root) %{_libexecdir}/mod_speling.so + +%if %{with ssl} +%files mod_ssl +%defattr(644,root,root,755) +%attr(750,root,root) %dir %{_sysconfdir}/ssl +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssl/server.* +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_ssl.conf +%attr(755,root,root) %{_libexecdir}/mod_ssl.so +%endif + +%files mod_status +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_status.conf +%attr(755,root,root) %{_libexecdir}/mod_status.so + +%files mod_substitute +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_substitute.conf +%attr(755,root,root) %{_libexecdir}/mod_substitute.so + +%files mod_unique_id +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_unique_id.conf +%attr(755,root,root) %{_libexecdir}/mod_unique_id.so + +%files mod_userdir +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_userdir.conf +%attr(755,root,root) %{_libexecdir}/mod_userdir.so + +%files mod_usertrack +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_usertrack.conf +%attr(755,root,root) %{_libexecdir}/mod_usertrack.so + +%files mod_version +%defattr(644,root,root,755) +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_version.conf +%attr(755,root,root) %{_libexecdir}/mod_version.so + +%files mod_vhost_alias +%defattr(644,root,root,755) +%attr(755,root,root) %{_libexecdir}/mod_vhost_alias.so +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_vhost_alias.conf + +%files -n htpasswd-%{name} +%defattr(644,root,root,755) +%attr(755,root,root) %{_bindir}/htpasswd +%attr(755,root,root) %{_sbindir}/htpasswd +%{_mandir}/man1/htpasswd.1* + +%files dbmtools +%defattr(644,root,root,755) +%attr(755,root,root) %{_sbindir}/dbmmanage +%attr(755,root,root) %{_sbindir}/htdbm +%{_mandir}/man1/dbmmanage.1* +%{_mandir}/man1/htdbm.1* + +%files cgi_test +%defattr(644,root,root,755) +%dir %{_cgibindir} +%attr(755,root,root) %{_cgibindir}/* +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_cgi_test.conf diff --git a/apache.sysconfig b/apache.sysconfig new file mode 100644 index 0000000..7dd72ed --- /dev/null +++ b/apache.sysconfig @@ -0,0 +1,23 @@ +# Customized settings for Apache +# $Id: apache.sysconfig,v 1.17 2011/08/03 22:08:10 gotar Exp $ + +# Nice level for apache +SERVICE_RUN_NICE_LEVEL="+5" + +# config dir/file path. default is compiled in path +#HTTPD_CONF="/etc/httpd/apache.conf" + +# other command-line options +# -T avoid doing many unneded DocumentRoot checks +HTTPD_OPTS="" + +# choose MPM +# prefork, worker, perchild (experimental), metuxmpm (experimental) +# (note that some may be not available) +HTTPD_MPM="prefork" + +# perhaps set 128MB memory limit +#SERVICE_LIMITS="$DEFAULT_SERVICE_LIMITS -m 128000" + +# Skip apache restarts invoked from rpm installs. +#RPM_SKIP_AUTO_RESTART=yes diff --git a/apache.tmpfiles b/apache.tmpfiles new file mode 100644 index 0000000..28f7547 --- /dev/null +++ b/apache.tmpfiles @@ -0,0 +1 @@ +d /var/run/httpd 0770 root http - diff --git a/httpd-2.0.40-xfsz.patch b/httpd-2.0.40-xfsz.patch new file mode 100644 index 0000000..c6ee0f7 --- /dev/null +++ b/httpd-2.0.40-xfsz.patch @@ -0,0 +1,15 @@ + +Set SIGXFSZ to be ignored, so a write() beyond 2gb will fail with +E2BIG rather than killing the process + +--- ./server/mpm/prefork/prefork.c.xfsz Wed Jul 17 22:39:55 2002 ++++ ./server/mpm/prefork/prefork.c Mon Aug 26 15:40:24 2002 +@@ -461,7 +461,7 @@ + ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXCPU)"); + #endif + #ifdef SIGXFSZ +- sa.sa_handler = SIG_DFL; ++ sa.sa_handler = SIG_IGN; + if (sigaction(SIGXFSZ, &sa, NULL) < 0) + ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXFSZ)"); + #endif diff --git a/httpd-2.0.45-encode.patch b/httpd-2.0.45-encode.patch new file mode 100644 index 0000000..82d9a0b --- /dev/null +++ b/httpd-2.0.45-encode.patch @@ -0,0 +1,34 @@ +* don't HTML-escape the SERVER_NAME variable +* do escape SERVER_NAME in error docs +* remove dates from error pages (#86474), since they won't be in the right +language + +diff -ur httpd-2.2.0.org/docs/error/include/bottom.html httpd-2.2.0/docs/error/include/bottom.html +--- httpd-2.2.0.org/docs/error/include/bottom.html 2004-11-20 21:16:24.000000000 +0100 ++++ httpd-2.2.0/docs/error/include/bottom.html 2005-12-02 23:04:57.540690250 +0100 +@@ -5,10 +5,8 @@ + +

Error

+
+-
+- +-
+-
++
++ +
+ + +diff -ur httpd-2.2.0.org/server/util_script.c httpd-2.2.0/server/util_script.c +--- httpd-2.2.0.org/server/util_script.c 2005-11-10 16:20:05.000000000 +0100 ++++ httpd-2.2.0/server/util_script.c 2005-12-02 23:04:50.848272000 +0100 +@@ -224,8 +224,7 @@ + + apr_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r)); + apr_table_addn(e, "SERVER_SOFTWARE", ap_get_server_banner()); +- apr_table_addn(e, "SERVER_NAME", +- ap_escape_html(r->pool, ap_get_server_name(r))); ++ apr_table_addn(e, "SERVER_NAME", ap_get_server_name(r)); + apr_table_addn(e, "SERVER_ADDR", r->connection->local_ip); /* Apache */ + apr_table_addn(e, "SERVER_PORT", + apr_psprintf(r->pool, "%u", ap_get_server_port(r))); diff --git a/httpd-2.0.46-dav401dest.patch b/httpd-2.0.46-dav401dest.patch new file mode 100644 index 0000000..cb27f90 --- /dev/null +++ b/httpd-2.0.46-dav401dest.patch @@ -0,0 +1,18 @@ +--- httpd-2.0.46/modules/dav/main/mod_dav.c.dav401dest ++++ httpd-2.0.46/modules/dav/main/mod_dav.c +@@ -2618,6 +2618,15 @@ + return dav_error_response(r, lookup.err.status, lookup.err.desc); + } + if (lookup.rnew->status != HTTP_OK) { ++ const char *auth = apr_table_get(lookup.rnew->err_headers_out, ++ "WWW-Authenticate"); ++ if (lookup.rnew->status == HTTP_UNAUTHORIZED && auth != NULL) { ++ /* propagate the WWW-Authorization header up from the ++ * subreq so the client sees it. */ ++ apr_table_set(r->err_headers_out, "WWW-Authenticate", ++ apr_pstrdup(r->pool, auth)); ++ } ++ + /* ### how best to report this... */ + return dav_error_response(r, lookup.rnew->status, + "Destination URI had an error."); diff --git a/httpd-2.0.46-sslmutex.patch b/httpd-2.0.46-sslmutex.patch new file mode 100644 index 0000000..dadc6e0 --- /dev/null +++ b/httpd-2.0.46-sslmutex.patch @@ -0,0 +1,14 @@ +diff -urbB httpd-2.2.0.org/modules/ssl/ssl_engine_mutex.c httpd-2.2.0/modules/ssl/ssl_engine_mutex.c +--- httpd-2.2.0.org/modules/ssl/ssl_engine_mutex.c 2005-11-10 16:20:05.000000000 +0100 ++++ httpd-2.2.0/modules/ssl/ssl_engine_mutex.c 2005-12-02 23:11:09.183916500 +0100 +@@ -45,6 +45,10 @@ + if (mc->pMutex) { + return TRUE; + } ++ ++ if (mc->szMutexFile) ++ apr_file_remove(mc->szMutexFile, p); ++ + if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile, + mc->nMutexMech, s->process->pool)) + != APR_SUCCESS) { diff --git a/httpd-2.0.48-corelimit.patch b/httpd-2.0.48-corelimit.patch new file mode 100644 index 0000000..1496b4b --- /dev/null +++ b/httpd-2.0.48-corelimit.patch @@ -0,0 +1,32 @@ + +Automatically raise the core file size limit if CoreDumpDirectory +is configured. + +--- httpd-2.0.48/server/core.c.corelimit ++++ httpd-2.0.48/server/core.c +@@ -4233,6 +4233,25 @@ + + ap_set_version(pconf); + ap_setup_make_content_type(pconf); ++ ++#ifdef RLIMIT_CORE ++ if (ap_coredumpdir_configured) { ++ struct rlimit lim; ++ ++ if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) { ++ lim.rlim_cur = lim.rlim_max; ++ if (setrlimit(RLIMIT_CORE, &lim) == 0) { ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "core dump file size limit raised to %lu bytes", ++ lim.rlim_cur); ++ } else { ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL, ++ "core dump file size is zero, setrlimit failed"); ++ } ++ } ++ } ++#endif ++ + return OK; + } + diff --git a/httpd-2.0.48-debuglog.patch b/httpd-2.0.48-debuglog.patch new file mode 100644 index 0000000..6fac4e2 --- /dev/null +++ b/httpd-2.0.48-debuglog.patch @@ -0,0 +1,25 @@ + +__FILE__ expands to the full pathname during VPATH builds; this +clutters up the debug log (and also bloats binaries very slightly). +The -pie patch defines AP_FNAME during build which is equivalent +to basename(__FILE__); use that for debug logging where available. + +AP_FNAME uses $(notdir ...), a GNU make extension, so this can't +go upstream. + +Note this patch depends on the pie patch. + +--- httpd-2.0.48/include/http_log.h.debuglog ++++ httpd-2.0.48/include/http_log.h +@@ -130,7 +130,11 @@ + + extern int AP_DECLARE_DATA ap_default_loglevel; + ++#ifdef AP_FNAME ++#define APLOG_MARK AP_FNAME,__LINE__ ++#else + #define APLOG_MARK __FILE__,__LINE__ ++#endif + + /** + * Set up for logging to stderr. diff --git a/httpd-2.2.x-mod_ssl-sessioncaching.patch b/httpd-2.2.x-mod_ssl-sessioncaching.patch new file mode 100644 index 0000000..f0ee0a3 --- /dev/null +++ b/httpd-2.2.x-mod_ssl-sessioncaching.patch @@ -0,0 +1,176 @@ +Index: httpd-2.2.x/modules/ssl/ssl_private.h +=================================================================== +--- httpd-2.2.x/modules/ssl/ssl_private.h (revision 833672) ++++ httpd-2.2.x/modules/ssl/ssl_private.h (working copy) +@@ -395,6 +395,9 @@ typedef struct { + #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) + const char *szCryptoDevice; + #endif ++#ifndef OPENSSL_NO_TLSEXT ++ ssl_enabled_t session_tickets_enabled; ++#endif + struct { + void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10; + } rCtx; +@@ -545,6 +548,7 @@ const char *ssl_cmd_SSLRequire(cmd_parm + const char *ssl_cmd_SSLRenegBufferSize(cmd_parms *cmd, void *dcfg, const char *arg); + const char *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag); + const char *ssl_cmd_SSLInsecureRenegotiation(cmd_parms *cmd, void *dcfg, int flag); ++const char *ssl_cmd_SSLSessionTicketExtension(cmd_parms *cmd, void *cdfg, int flag); + + const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag); + const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *); +Index: httpd-2.2.x/modules/ssl/ssl_engine_init.c +=================================================================== +--- httpd-2.2.x/modules/ssl/ssl_engine_init.c (revision 833672) ++++ httpd-2.2.x/modules/ssl/ssl_engine_init.c (working copy) +@@ -382,6 +382,15 @@ static void ssl_init_ctx_tls_extensions( + ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); + ssl_die(); + } ++ ++ /* ++ * Session tickets (stateless resumption) ++ */ ++ if ((myModConfig(s))->session_tickets_enabled == SSL_ENABLED_FALSE) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, ++ "Disabling TLS session ticket support"); ++ SSL_CTX_set_options(mctx->ssl_ctx, SSL_OP_NO_TICKET); ++ } + } + #endif + +@@ -1018,6 +1027,11 @@ void ssl_init_CheckServers(server_rec *b + + BOOL conflict = FALSE; + ++#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER < 0x009080d0 ++ unsigned char *tlsext_tick_keys = NULL; ++ long tick_keys_len; ++#endif ++ + /* + * Give out warnings when a server has HTTPS configured + * for the HTTP port or vice versa +@@ -1042,6 +1056,25 @@ void ssl_init_CheckServers(server_rec *b + ssl_util_vhostid(p, s), + DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT); + } ++ ++#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER < 0x009080d0 ++ /* ++ * When using OpenSSL versions 0.9.8f through 0.9.8l, configure ++ * the same ticket encryption parameters for every SSL_CTX (workaround ++ * for SNI+SessionTicket extension interoperability issue in these versions) ++ */ ++ if ((sc->enabled == SSL_ENABLED_TRUE) || ++ (sc->enabled == SSL_ENABLED_OPTIONAL)) { ++ if (!tlsext_tick_keys) { ++ tick_keys_len = SSL_CTX_ctrl((sc->server->ssl_ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS, ++ (-1),(NULL)); ++ tlsext_tick_keys = (unsigned char *)apr_palloc(p, tick_keys_len); ++ RAND_bytes(tlsext_tick_keys, tick_keys_len); ++ } ++ SSL_CTX_ctrl((sc->server->ssl_ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS, ++ (tick_keys_len),(tlsext_tick_keys)); ++ } ++#endif + } + + /* +Index: httpd-2.2.x/modules/ssl/ssl_engine_config.c +=================================================================== +--- httpd-2.2.x/modules/ssl/ssl_engine_config.c (revision 833672) ++++ httpd-2.2.x/modules/ssl/ssl_engine_config.c (working copy) +@@ -75,6 +75,9 @@ SSLModConfigRec *ssl_config_global_creat + #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) + mc->szCryptoDevice = NULL; + #endif ++#ifndef OPENSSL_NO_TLSEXT ++ mc->session_tickets_enabled = SSL_ENABLED_UNSET; ++#endif + + memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys)); + +@@ -1471,6 +1474,26 @@ const char *ssl_cmd_SSLStrictSNIVHostCh + #endif + } + ++const char *ssl_cmd_SSLSessionTicketExtension(cmd_parms *cmd, void *dcfg, int flag) ++{ ++#ifndef OPENSSL_NO_TLSEXT ++ const char *err; ++ SSLModConfigRec *mc = myModConfig(cmd->server); ++ ++ if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { ++ return err; ++ } ++ ++ mc->session_tickets_enabled = flag ? SSL_ENABLED_TRUE : SSL_ENABLED_FALSE; ++ ++ return NULL; ++#else ++ return "SSLSessionTicketExtension failed; OpenSSL is not built with support " ++ "for TLS extensions. Refer to the documentation, and build " ++ "a compatible version of OpenSSL."; ++#endif ++} ++ + void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s) + { + if (!ap_exists_config_define("DUMP_CERTS")) { +Index: httpd-2.2.x/modules/ssl/ssl_engine_kernel.c +=================================================================== +--- httpd-2.2.x/modules/ssl/ssl_engine_kernel.c (revision 833672) ++++ httpd-2.2.x/modules/ssl/ssl_engine_kernel.c (working copy) +@@ -29,6 +29,7 @@ + time I was too famous.'' + -- Unknown */ + #include "ssl_private.h" ++#include "util_md5.h" + + static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); + #ifndef OPENSSL_NO_TLSEXT +@@ -2010,6 +2011,7 @@ static int ssl_find_vhost(void *serverna + apr_array_header_t *names; + int i; + SSLConnRec *sslcon; ++ char *sid_ctx; + + /* check ServerName */ + if (!strcasecmp(servername, s->server_hostname)) { +@@ -2074,6 +2076,21 @@ static int ssl_find_vhost(void *serverna + SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx), + SSL_CTX_get_verify_callback(ssl->ctx)); + } ++ /* ++ * Adjust the session id context. ssl_init_ssl_connection() ++ * always picks the configuration of the first vhost when ++ * calling SSL_new(), but we want to tie the session to the ++ * vhost we have just switched to. Again, we have to make sure ++ * that we're not overwriting a session id context which was ++ * possibly set in ssl_hook_Access(), before triggering ++ * a renegotation. ++ */ ++ if (!SSL_num_renegotiations(ssl)) { ++ sid_ctx = ap_md5_binary(c->pool, (unsigned char*)sc->vhost_id, ++ sc->vhost_id_len); ++ SSL_set_session_id_context(ssl, (unsigned char *)sid_ctx, ++ APR_MD5_DIGESTSIZE*2); ++ } + + /* + * Save the found server into our SSLConnRec for later +Index: httpd-2.2.x/modules/ssl/mod_ssl.c +=================================================================== +--- httpd-2.2.x/modules/ssl/mod_ssl.c (revision 833672) ++++ httpd-2.2.x/modules/ssl/mod_ssl.c (working copy) +@@ -92,6 +92,8 @@ static const command_rec ssl_config_cmds + SSL_CMD_SRV(RandomSeed, TAKE23, + "SSL Pseudo Random Number Generator (PRNG) seeding source " + "(`startup|connect builtin|file:/path|exec:/path [bytes]')") ++ SSL_CMD_SRV(SessionTicketExtension, FLAG, ++ "TLS Session Ticket extension support") + + /* + * Per-server context configuration directives diff --git a/libtool-tag.patch b/libtool-tag.patch new file mode 100644 index 0000000..17259e4 --- /dev/null +++ b/libtool-tag.patch @@ -0,0 +1,36 @@ +--- httpd-2.2.17/build/rules.mk.in~ 2006-07-12 06:38:44.000000000 +0300 ++++ httpd-2.2.17/build/rules.mk.in 2011-03-26 18:27:36.410587573 +0200 +@@ -38,17 +38,17 @@ + COMPILE = $(BASE_CC) @PICFLAGS@ + CXX_COMPILE = $(BASE_CXX) @PICFLAGS@ + +-SH_COMPILE = $(LIBTOOL) --mode=compile $(BASE_CC) @SHLTCFLAGS@ -c $< && touch $@ +-SH_CXX_COMPILE = $(LIBTOOL) --mode=compile $(BASE_CXX) @SHLTCFLAGS@ -c $< && touch $@ ++SH_COMPILE = $(LIBTOOL) --mode=compile --tag=CC $(BASE_CC) @SHLTCFLAGS@ -c $< && touch $@ ++SH_CXX_COMPILE = $(LIBTOOL) --mode=compile --tag=CXX $(BASE_CXX) @SHLTCFLAGS@ -c $< && touch $@ + +-LT_COMPILE = $(LIBTOOL) --mode=compile $(COMPILE) @LTCFLAGS@ -c $< && touch $@ +-LT_CXX_COMPILE = $(LIBTOOL) --mode=compile $(CXX_COMPILE) @LTCFLAGS@ -c $< && touch $@ ++LT_COMPILE = $(LIBTOOL) --mode=compile --tag=CC $(COMPILE) @LTCFLAGS@ -c $< && touch $@ ++LT_CXX_COMPILE = $(LIBTOOL) --mode=compile --tag=CXX $(CXX_COMPILE) @LTCFLAGS@ -c $< && touch $@ + + # Link-related commands + +-LINK = $(LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) @PILDFLAGS@ $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@ +-SH_LINK = $(SH_LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) $(LT_LDFLAGS) $(ALL_LDFLAGS) $(SH_LDFLAGS) $(CORE_IMPLIB) $(SH_LIBS) -o $@ +-MOD_LINK = $(LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) -static $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@ ++LINK = $(LIBTOOL) --mode=link --tag=CC $(CC) $(ALL_CFLAGS) @PILDFLAGS@ $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@ ++SH_LINK = $(SH_LIBTOOL) --mode=link --tag=CC $(CC) $(ALL_CFLAGS) $(LT_LDFLAGS) $(ALL_LDFLAGS) $(SH_LDFLAGS) $(CORE_IMPLIB) $(SH_LIBS) -o $@ ++MOD_LINK = $(LIBTOOL) --mode=link --tag=CC $(CC) $(ALL_CFLAGS) -static $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@ + + # Cross compile commands + +@@ -216,7 +216,7 @@ + + # Makes an import library from a def file + .def.la: +- $(LIBTOOL) --mode=compile $(MK_IMPLIB) -o $@ $< ++ $(LIBTOOL) --mode=compile --tag=CC $(MK_IMPLIB) -o $@ $< + + # + # Dependencies -- 2.46.0