From 11b37acc16523f2db947fa82f2aff5a44f276a09 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bartosz=20=C5=9Awi=C4=85tek?= Date: Sun, 26 Feb 2012 22:15:29 +0100 Subject: [PATCH] - remove unneeded patches --- apache-apxs.patch | 62 -------- apache-bug-48094.patch | 122 ---------------- httpd-2.0.40-xfsz.patch | 15 -- httpd-2.0.46-sslmutex.patch | 12 -- httpd-2.2.x-mod_ssl-sessioncaching.patch | 176 ----------------------- 5 files changed, 387 deletions(-) delete mode 100644 apache-apxs.patch delete mode 100644 apache-bug-48094.patch delete mode 100644 httpd-2.0.40-xfsz.patch delete mode 100644 httpd-2.0.46-sslmutex.patch delete mode 100644 httpd-2.2.x-mod_ssl-sessioncaching.patch diff --git a/apache-apxs.patch b/apache-apxs.patch deleted file mode 100644 index 7ee05ad..0000000 --- a/apache-apxs.patch +++ /dev/null @@ -1,62 +0,0 @@ ---- httpd-2.2.3/support/apxs.in-orig 2006-11-01 00:59:27.000000000 +0100 -+++ httpd-2.2.3/support/apxs.in 2006-11-01 00:59:54.000000000 +0100 -@@ -35,6 +35,7 @@ - my $exec_prefix = get_vars("exec_prefix"); - my $datadir = get_vars("datadir"); - my $localstatedir = get_vars("localstatedir"); -+my $libdir = get_vars("libdir"); - my $CFG_TARGET = get_vars("progname"); - my $CFG_SYSCONFDIR = get_vars("sysconfdir"); - my $CFG_CFLAGS = join ' ', map { get_vars($_) } -@@ -44,6 +45,7 @@ - my $CFG_CC = get_vars("CC"); - my $libexecdir = get_vars("libexecdir"); - my $CFG_LIBEXECDIR = eval qq("$libexecdir"); -+my $CFG_DESTDIR = ''; - my $sbindir = get_vars("sbindir"); - my $CFG_SBINDIR = eval qq("$sbindir"); - my $ltflags = $ENV{'LTFLAGS'}; -@@ -171,7 +173,7 @@ - my ($val) = $2; - my $oldval = eval "\$CFG_$var"; - -- unless ($var and $oldval) { -+ unless ($var and defined $oldval) { - print STDERR "apxs:Error: no config variable $var\n"; - &usage; - } -@@ -199,11 +201,10 @@ - ($httpd = $0) =~ s:support/apxs$::; - } - --unless (-x "$httpd") { -- error("$httpd not found or not executable"); -- exit 1; -+if (not -x "$httpd") { -+ print STDERR "Note: $httpd not found or not executable.\n"; - } -- -+else { - unless (grep /mod_so/, `. $envvars && $httpd -l`) { - error("Sorry, no shared object support for Apache"); - error("available under your platform. Make sure"); -@@ -211,7 +212,7 @@ - error("your server binary `$httpd'."); - exit 1; - } -- -+} - sub get_config_vars{ - my ($file, $rh_config) = @_; - -@@ -479,8 +480,8 @@ - $t =~ s|\.[^./\\]+$|\.so|; - if ($opt_i) { - push(@cmds, "$installbuilddir/instdso.sh SH_LIBTOOL='" . -- "$libtool' $f $CFG_LIBEXECDIR"); -- push(@cmds, "chmod 755 $CFG_LIBEXECDIR/$t"); -+ "$libtool' $f $CFG_DESTDIR$CFG_LIBEXECDIR"); -+ push(@cmds, "chmod 755 $CFG_DESTDIR$CFG_LIBEXECDIR/$t"); - } - - # determine module symbolname and filename diff --git a/apache-bug-48094.patch b/apache-bug-48094.patch deleted file mode 100644 index 48360c1..0000000 --- a/apache-bug-48094.patch +++ /dev/null @@ -1,122 +0,0 @@ ---- httpd-2.2.14-v/server/mpm/worker/worker.c 2007-07-18 00:48:25.000000000 +1000 -+++ httpd-2.2.14/server/mpm/worker/worker.c 2009-11-02 09:40:23.129750043 +1100 -@@ -32,6 +32,7 @@ - #include "apr_poll.h" - #define APR_WANT_STRFUNC - #include "apr_want.h" -+#include "apr_atomic.h" - - #if APR_HAVE_UNISTD_H - #include -@@ -226,10 +227,73 @@ - */ - #define WORKER_SIGNAL AP_SIG_GRACEFUL - -+#ifdef HAVE_PTHREAD_KILL -+/* Variables for suspending the worker threads. */ -+static volatile sig_atomic_t suspend_workers = 0; -+static apr_uint32_t suspended_workers; -+static apr_os_thread_t **worker_os_threads; -+#endif -+ - /* An array of socket descriptors in use by each thread used to - * perform a non-graceful (forced) shutdown of the server. */ - static apr_socket_t **worker_sockets; - -+#ifdef HAVE_PTHREAD_KILL -+static void worker_signal_handler(int sig) -+{ -+ /* wait here if we are being suspended, otherwise just exit */ -+ if (suspend_workers) { -+ sigset_t sigset; -+ -+ apr_atomic_inc32(&suspended_workers); -+ -+ sigfillset(&sigset); -+ sigdelset(&sigset, WORKER_SIGNAL); -+ sigsuspend(&sigset); -+ } -+} -+ -+static void close_worker_sockets(void) -+{ -+ int i, csd; -+ -+ suspend_workers = 1; -+ apr_atomic_set32(&suspended_workers, 0); -+ -+ /* suspend worker threads */ -+ for (i = 0; i < ap_threads_per_child; i++) { -+ if (worker_os_threads[i]) { -+ pthread_kill(*worker_os_threads[i], WORKER_SIGNAL); -+ } -+ } -+ -+ /* wait for threads to suspend, but press ahead after a while anyway */ -+ for (i = 0; -+ apr_atomic_read32(&suspended_workers) < ap_threads_per_child && i < 25; -+ i++) { -+ apr_sleep(apr_time_from_sec(1) / 5); -+ } -+ -+ /* shut down all client sockets */ -+ for (i = 0; i < ap_threads_per_child; i++) { -+ if (worker_sockets[i]) { -+ apr_os_sock_get(&csd, worker_sockets[i]); -+ if (csd != -1) { -+ shutdown(csd, SHUT_RDWR); -+ } -+ } -+ } -+ -+ suspend_workers = 0; -+ -+ /* resume worker threads */ -+ for (i = 0; i < ap_threads_per_child; i++) { -+ if (worker_os_threads[i]) { -+ pthread_kill(*worker_os_threads[i], WORKER_SIGNAL); -+ } -+ } -+} -+#else - static void close_worker_sockets(void) - { - int i; -@@ -240,6 +304,7 @@ - } - } - } -+#endif - - static void wakeup_listener(void) - { -@@ -836,7 +901,7 @@ - - #ifdef HAVE_PTHREAD_KILL - unblock_signal(WORKER_SIGNAL); -- apr_signal(WORKER_SIGNAL, dummy_signal_handler); -+ apr_signal(WORKER_SIGNAL, worker_signal_handler); - #endif - - while (!workers_may_exit) { -@@ -977,6 +1042,10 @@ - - worker_sockets = apr_pcalloc(pchild, ap_threads_per_child - * sizeof(apr_socket_t *)); -+#ifdef HAVE_PTHREAD_KILL -+ worker_os_threads = apr_pcalloc(pchild, ap_threads_per_child -+ * sizeof(*worker_os_threads)); -+#endif - - loops = prev_threads_created = 0; - while (1) { -@@ -1012,6 +1081,9 @@ - /* let the parent decide how bad this really is */ - clean_child_exit(APEXIT_CHILDSICK); - } -+#ifdef HAVE_PTHREAD_KILL -+ apr_os_thread_get(&worker_os_threads[i], threads[i]); -+#endif - threads_created++; - } - /* Start the listener only when there are workers available */ diff --git a/httpd-2.0.40-xfsz.patch b/httpd-2.0.40-xfsz.patch deleted file mode 100644 index c6ee0f7..0000000 --- a/httpd-2.0.40-xfsz.patch +++ /dev/null @@ -1,15 +0,0 @@ - -Set SIGXFSZ to be ignored, so a write() beyond 2gb will fail with -E2BIG rather than killing the process - ---- ./server/mpm/prefork/prefork.c.xfsz Wed Jul 17 22:39:55 2002 -+++ ./server/mpm/prefork/prefork.c Mon Aug 26 15:40:24 2002 -@@ -461,7 +461,7 @@ - ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXCPU)"); - #endif - #ifdef SIGXFSZ -- sa.sa_handler = SIG_DFL; -+ sa.sa_handler = SIG_IGN; - if (sigaction(SIGXFSZ, &sa, NULL) < 0) - ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXFSZ)"); - #endif diff --git a/httpd-2.0.46-sslmutex.patch b/httpd-2.0.46-sslmutex.patch deleted file mode 100644 index 82398d0..0000000 --- a/httpd-2.0.46-sslmutex.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- httpd-2.4.1/modules/ssl/ssl_engine_mutex.c.orig 2011-12-05 01:08:01.000000000 +0100 -+++ httpd-2.4.1/modules/ssl/ssl_engine_mutex.c 2012-02-22 00:07:35.402966515 +0100 -@@ -47,6 +47,9 @@ - return TRUE; - } - -+ if (mc->szMutexFile) -+ apr_file_remove(mc->szMutexFile, p); -+ - if ((rv = ap_global_mutex_create(&mc->pMutex, NULL, SSL_CACHE_MUTEX_TYPE, - NULL, s, s->process->pool, 0)) - != APR_SUCCESS) { diff --git a/httpd-2.2.x-mod_ssl-sessioncaching.patch b/httpd-2.2.x-mod_ssl-sessioncaching.patch deleted file mode 100644 index f0ee0a3..0000000 --- a/httpd-2.2.x-mod_ssl-sessioncaching.patch +++ /dev/null @@ -1,176 +0,0 @@ -Index: httpd-2.2.x/modules/ssl/ssl_private.h -=================================================================== ---- httpd-2.2.x/modules/ssl/ssl_private.h (revision 833672) -+++ httpd-2.2.x/modules/ssl/ssl_private.h (working copy) -@@ -395,6 +395,9 @@ typedef struct { - #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) - const char *szCryptoDevice; - #endif -+#ifndef OPENSSL_NO_TLSEXT -+ ssl_enabled_t session_tickets_enabled; -+#endif - struct { - void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10; - } rCtx; -@@ -545,6 +548,7 @@ const char *ssl_cmd_SSLRequire(cmd_parm - const char *ssl_cmd_SSLRenegBufferSize(cmd_parms *cmd, void *dcfg, const char *arg); - const char *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag); - const char *ssl_cmd_SSLInsecureRenegotiation(cmd_parms *cmd, void *dcfg, int flag); -+const char *ssl_cmd_SSLSessionTicketExtension(cmd_parms *cmd, void *cdfg, int flag); - - const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag); - const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *); -Index: httpd-2.2.x/modules/ssl/ssl_engine_init.c -=================================================================== ---- httpd-2.2.x/modules/ssl/ssl_engine_init.c (revision 833672) -+++ httpd-2.2.x/modules/ssl/ssl_engine_init.c (working copy) -@@ -382,6 +382,15 @@ static void ssl_init_ctx_tls_extensions( - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); - } -+ -+ /* -+ * Session tickets (stateless resumption) -+ */ -+ if ((myModConfig(s))->session_tickets_enabled == SSL_ENABLED_FALSE) { -+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, -+ "Disabling TLS session ticket support"); -+ SSL_CTX_set_options(mctx->ssl_ctx, SSL_OP_NO_TICKET); -+ } - } - #endif - -@@ -1018,6 +1027,11 @@ void ssl_init_CheckServers(server_rec *b - - BOOL conflict = FALSE; - -+#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER < 0x009080d0 -+ unsigned char *tlsext_tick_keys = NULL; -+ long tick_keys_len; -+#endif -+ - /* - * Give out warnings when a server has HTTPS configured - * for the HTTP port or vice versa -@@ -1042,6 +1056,25 @@ void ssl_init_CheckServers(server_rec *b - ssl_util_vhostid(p, s), - DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT); - } -+ -+#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER < 0x009080d0 -+ /* -+ * When using OpenSSL versions 0.9.8f through 0.9.8l, configure -+ * the same ticket encryption parameters for every SSL_CTX (workaround -+ * for SNI+SessionTicket extension interoperability issue in these versions) -+ */ -+ if ((sc->enabled == SSL_ENABLED_TRUE) || -+ (sc->enabled == SSL_ENABLED_OPTIONAL)) { -+ if (!tlsext_tick_keys) { -+ tick_keys_len = SSL_CTX_ctrl((sc->server->ssl_ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS, -+ (-1),(NULL)); -+ tlsext_tick_keys = (unsigned char *)apr_palloc(p, tick_keys_len); -+ RAND_bytes(tlsext_tick_keys, tick_keys_len); -+ } -+ SSL_CTX_ctrl((sc->server->ssl_ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS, -+ (tick_keys_len),(tlsext_tick_keys)); -+ } -+#endif - } - - /* -Index: httpd-2.2.x/modules/ssl/ssl_engine_config.c -=================================================================== ---- httpd-2.2.x/modules/ssl/ssl_engine_config.c (revision 833672) -+++ httpd-2.2.x/modules/ssl/ssl_engine_config.c (working copy) -@@ -75,6 +75,9 @@ SSLModConfigRec *ssl_config_global_creat - #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) - mc->szCryptoDevice = NULL; - #endif -+#ifndef OPENSSL_NO_TLSEXT -+ mc->session_tickets_enabled = SSL_ENABLED_UNSET; -+#endif - - memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys)); - -@@ -1471,6 +1474,26 @@ const char *ssl_cmd_SSLStrictSNIVHostCh - #endif - } - -+const char *ssl_cmd_SSLSessionTicketExtension(cmd_parms *cmd, void *dcfg, int flag) -+{ -+#ifndef OPENSSL_NO_TLSEXT -+ const char *err; -+ SSLModConfigRec *mc = myModConfig(cmd->server); -+ -+ if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { -+ return err; -+ } -+ -+ mc->session_tickets_enabled = flag ? SSL_ENABLED_TRUE : SSL_ENABLED_FALSE; -+ -+ return NULL; -+#else -+ return "SSLSessionTicketExtension failed; OpenSSL is not built with support " -+ "for TLS extensions. Refer to the documentation, and build " -+ "a compatible version of OpenSSL."; -+#endif -+} -+ - void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s) - { - if (!ap_exists_config_define("DUMP_CERTS")) { -Index: httpd-2.2.x/modules/ssl/ssl_engine_kernel.c -=================================================================== ---- httpd-2.2.x/modules/ssl/ssl_engine_kernel.c (revision 833672) -+++ httpd-2.2.x/modules/ssl/ssl_engine_kernel.c (working copy) -@@ -29,6 +29,7 @@ - time I was too famous.'' - -- Unknown */ - #include "ssl_private.h" -+#include "util_md5.h" - - static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); - #ifndef OPENSSL_NO_TLSEXT -@@ -2010,6 +2011,7 @@ static int ssl_find_vhost(void *serverna - apr_array_header_t *names; - int i; - SSLConnRec *sslcon; -+ char *sid_ctx; - - /* check ServerName */ - if (!strcasecmp(servername, s->server_hostname)) { -@@ -2074,6 +2076,21 @@ static int ssl_find_vhost(void *serverna - SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx), - SSL_CTX_get_verify_callback(ssl->ctx)); - } -+ /* -+ * Adjust the session id context. ssl_init_ssl_connection() -+ * always picks the configuration of the first vhost when -+ * calling SSL_new(), but we want to tie the session to the -+ * vhost we have just switched to. Again, we have to make sure -+ * that we're not overwriting a session id context which was -+ * possibly set in ssl_hook_Access(), before triggering -+ * a renegotation. -+ */ -+ if (!SSL_num_renegotiations(ssl)) { -+ sid_ctx = ap_md5_binary(c->pool, (unsigned char*)sc->vhost_id, -+ sc->vhost_id_len); -+ SSL_set_session_id_context(ssl, (unsigned char *)sid_ctx, -+ APR_MD5_DIGESTSIZE*2); -+ } - - /* - * Save the found server into our SSLConnRec for later -Index: httpd-2.2.x/modules/ssl/mod_ssl.c -=================================================================== ---- httpd-2.2.x/modules/ssl/mod_ssl.c (revision 833672) -+++ httpd-2.2.x/modules/ssl/mod_ssl.c (working copy) -@@ -92,6 +92,8 @@ static const command_rec ssl_config_cmds - SSL_CMD_SRV(RandomSeed, TAKE23, - "SSL Pseudo Random Number Generator (PRNG) seeding source " - "(`startup|connect builtin|file:/path|exec:/path [bytes]')") -+ SSL_CMD_SRV(SessionTicketExtension, FLAG, -+ "TLS Session Ticket extension support") - - /* - * Per-server context configuration directives -- 2.44.0