summaryrefslogtreecommitdiffstats
path: root/patches/source/httpd
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/httpd')
-rw-r--r--patches/source/httpd/apache-2.4.CVE-2017-9798.optionsbleed.patch15
-rw-r--r--patches/source/httpd/doinst.sh71
-rwxr-xr-xpatches/source/httpd/httpd.SlackBuild246
-rw-r--r--patches/source/httpd/httpd.runasapache.diff13
-rw-r--r--patches/source/httpd/httpd.url2
-rw-r--r--patches/source/httpd/logrotate.httpd12
-rw-r--r--patches/source/httpd/rc.httpd44
-rw-r--r--patches/source/httpd/slack-desc19
8 files changed, 422 insertions, 0 deletions
diff --git a/patches/source/httpd/apache-2.4.CVE-2017-9798.optionsbleed.patch b/patches/source/httpd/apache-2.4.CVE-2017-9798.optionsbleed.patch
new file mode 100644
index 00000000..be590f29
--- /dev/null
+++ b/patches/source/httpd/apache-2.4.CVE-2017-9798.optionsbleed.patch
@@ -0,0 +1,15 @@
+--- httpd/httpd/branches/2.4.x/server/core.c 2017/08/16 16:50:29 1805223
++++ httpd/httpd/branches/2.4.x/server/core.c 2017/09/08 13:13:11 1807754
+@@ -2266,6 +2266,12 @@
+ /* method has not been registered yet, but resource restriction
+ * is always checked before method handling, so register it.
+ */
++ if (cmd->pool == cmd->temp_pool) {
++ /* In .htaccess, we can't globally register new methods. */
++ return apr_psprintf(cmd->pool, "Could not register method '%s' "
++ "for %s from .htaccess configuration",
++ method, cmd->cmd->name);
++ }
+ methnum = ap_method_register(cmd->pool,
+ apr_pstrdup(cmd->pool, method));
+ }
diff --git a/patches/source/httpd/doinst.sh b/patches/source/httpd/doinst.sh
new file mode 100644
index 00000000..e233c362
--- /dev/null
+++ b/patches/source/httpd/doinst.sh
@@ -0,0 +1,71 @@
+#!/bin/sh
+
+config() {
+ NEW="$1"
+ OLD="`dirname $NEW`/`basename $NEW .new`"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+preserve_perms() {
+ NEW="$1"
+ OLD="$(dirname ${NEW})/$(basename ${NEW} .new)"
+ if [ -e ${OLD} ]; then
+ cp -a ${OLD} ${NEW}.incoming
+ cat ${NEW} > ${NEW}.incoming
+ mv ${NEW}.incoming ${NEW}
+ fi
+ # Don't use config() -- we always want to install this, changed or unchanged.
+ #config ${NEW}
+}
+
+if [ ! -e var/log/httpd ]; then
+ mkdir -p var/log/httpd
+ chmod 755 var/log/httpd
+fi
+
+# Don't wipe out an existing document root with symlinks. If someone has
+# replaced the symlinks that are created on a fresh installation, assume
+# that they know what they are doing and leave things as-is.
+if [ ! -e srv/www ]; then
+ ( cd srv ; ln -sf /var/www www )
+fi
+if [ ! -e srv/httpd ]; then
+ ( cd srv ; ln -sf /var/www httpd )
+fi
+
+# Once again, our intent is not to wipe out anyone's
+# site, but building in Apache's docs tree is not as
+# good an idea as picking a unique DocumentRoot.
+#
+# Still, we will do what we can here to mitigate
+# possible site damage:
+if [ -r var/www/htdocs/index.html ]; then
+ if [ ! -r "var/log/packages/httpd-*upgraded*" ]; then
+ if [ var/www/htdocs/index.html -nt var/log/packages/httpd-*-? ]; then
+ cp -a var/www/htdocs/index.html var/www/htdocs/index.html.bak.$$
+ fi
+ fi
+fi
+
+# Keep same perms when installing rc.httpd.new:
+preserve_perms etc/rc.d/rc.httpd.new
+# Always install the new rc.httpd:
+mv etc/rc.d/rc.httpd.new etc/rc.d/rc.httpd
+
+# Handle config files. Unless this is a fresh installation, the
+# admin will have to move the .new files into place to complete
+# the package installation, as we don't want to clobber files that
+# may contain local customizations.
+config etc/httpd/httpd.conf.new
+config etc/logrotate.d/httpd.new
+for conf_file in etc/httpd/extra/*.new; do
+ config $conf_file
+done
+config var/www/htdocs/index.html.new
+
diff --git a/patches/source/httpd/httpd.SlackBuild b/patches/source/httpd/httpd.SlackBuild
new file mode 100755
index 00000000..19ae0def
--- /dev/null
+++ b/patches/source/httpd/httpd.SlackBuild
@@ -0,0 +1,246 @@
+#!/bin/sh
+
+# Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2017 Patrick J. Volkerding, Sebeka, MN, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# This script was written using the one from slackbuilds.org as a reference,
+# so thanks to Adis Nezirovic ( adis _at_ linux.org.ba ) for the original work.
+
+
+PKGNAM=httpd
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.bz2 | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1_slack14.1}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) export ARCH=i486 ;;
+ arm*) export ARCH=arm ;;
+ # Unless $ARCH is already set, use uname -m for all other archs:
+ *) export ARCH=$( uname -m ) ;;
+ esac
+fi
+
+NUMJOBS=${NUMJOBS:-" -j7 "}
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-${PKGNAM}
+rm -rf $PKG
+mkdir -p $TMP $PKG
+
+if [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+cd $TMP
+rm -rf ${PKGNAM}-${VERSION}
+tar xvf $CWD/${PKGNAM}-$VERSION.tar.bz2 || exit 1
+cd ${PKGNAM}-$VERSION || exit 1
+
+# Make sure ownerships and permissions are sane:
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;
+
+# A brief note about mpms:
+#
+# "prefork" is the legacy forked mpm, used with mod_php. Starting with httpd
+# 2.4.0, new threaded mpms are available, and previously experimental mpms are
+# now stable
+#
+# Non-threaded mpms are no longer required, since php applications can now be
+# deployed with the help of mod_fcgid, essentially a set of fixed dedicated cgi
+# processes spawned for the whole purpose of executing dynamic applications
+#
+# Threaded mpms, by their very nature, are far more scalable than the
+# traditional preforking solution. They consume less memory for the same
+# workload, when serving the same amount of clients. httpd 2.4 ships with two
+# options, "event" and "worker", where the former is the default mpm used if
+# none is specified at the ./configure line
+#
+# Lastly, the "prefork" mpm can be used with mod_php as of version 5.4.0,
+# which yields a much improved stability, even with most mod_php extensions
+# loaded.
+#
+# The running mpm can be changed by simply loading the module. Here is a sample:
+# LoadModule mpm_event_module lib(64)/httpd/modules/mod_mpm_event.so
+#
+# When upgrading from 2.2, please make sure to stop the deamon first, or your
+# new instance may segfault.
+
+# Fix config.layout to use lib${LIBDIRSUFFIX}:
+sed -i -e "s#lib/httpd#lib${LIBDIRSUFFIX}/httpd#" config.layout
+
+# If /var/run becomes a tmpfs or a link to /run, subdirectories could be a problem.
+# Just use /var/run rather than /var/run/httpd.
+sed -i -e "s#/run/httpd#/run#" config.layout
+
+# Configure:
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+ --enable-layout=Slackware-FHS \
+ --with-apr=/usr \
+ --with-apr-util=/usr \
+ --enable-mods-shared=all \
+ --enable-so \
+ --enable-mpms-shared=all \
+ --enable-pie \
+ --enable-cgi \
+ --with-pcre \
+ --enable-ssl \
+ --enable-rewrite \
+ --enable-vhost-alias \
+ --enable-proxy \
+ --enable-proxy-http \
+ --enable-proxy-ftp \
+ --enable-cache \
+ --enable-mem-cache \
+ --enable-file-cache \
+ --enable-disk-cache \
+ --enable-dav \
+ --enable-ldap \
+ --enable-authnz-ldap \
+ --enable-authn-anon \
+ --enable-authn-alias \
+ --build=$ARCH-slackware-linux || exit 1
+
+# Build and install:
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+
+rmdir $PKG/usr/bin
+
+# Tweak default apache configuration
+( cd $PKG
+ zcat $CWD/httpd.runasapache.diff.gz | patch -p1 --verbose || exit 1
+ # mod_proxy_balancer should be commented out, as otherwise httpd
+ # will not start without additional configuration:
+ sed -i "s/^LoadModule proxy_balancer_module/#LoadModule proxy_balancer_module/g" $PKG/etc/httpd/httpd.conf
+ # This module issues a warning unless some non-default modules are loaded:
+ sed -i "s/^LoadModule lbmethod_heartbeat_module/#LoadModule lbmethod_heartbeat_module/g" $PKG/etc/httpd/httpd.conf
+ rm -f $PKG/etc/httpd/httpd.conf~ $PKG/etc/httpd/httpd.conf.orig
+) || exit 1
+# Change config files to .new:
+( cd $PKG/etc/httpd
+ mv httpd.conf httpd.conf.new
+ for file in extra/*; do
+ mv $file "${file}.new"
+ done
+)
+
+cat << EOF >> $PKG/etc/httpd/httpd.conf.new
+
+# Uncomment the following line to enable PHP:
+#
+#Include /etc/httpd/mod_php.conf
+
+# Uncomment the following lines (and mod_dav above) to enable svn support:
+#
+#LoadModule dav_svn_module lib${LIBDIRSUFFIX}/httpd/modules/mod_dav_svn.so
+#LoadModule authz_svn_module lib${LIBDIRSUFFIX}/httpd/modules/mod_authz_svn.so
+
+EOF
+
+rmdir $PKG/var/log/httpd
+
+mkdir -p $PKG/etc/rc.d
+cat $CWD/rc.httpd > $PKG/etc/rc.d/rc.httpd.new
+
+mkdir -p $PKG/etc/logrotate.d
+cat $CWD/logrotate.httpd > $PKG/etc/logrotate.d/httpd.new
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
+
+mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION/
+cp -a \
+ ABOUT_APACHE Apache.dsw BuildBin.dsp CHANGES INSTALL InstallBin.dsp LAYOUT LICENSE NOTICE NWGNUmakefile README* ROADMAP VERSIONING \
+ $PKG/usr/doc/$PKGNAM-$VERSION
+
+# Other distributions also strip the manual down to just English.
+# If this isn't your language of choice, mea culpa.
+( cd $PKG/srv/httpd/htdocs/manual
+ for file in $(find . -type f -name "*.html") ; do
+ if [ -f ${file}.en ]; then
+ cp ${file}.en ${file}
+ rm -f ${file}.*
+ fi
+ done
+)
+
+# On Slackware, the traditional location for the Apache document root has always
+# been "/var/www/htdocs/". We can avoid an unpleasant surprise for people by
+# leaving things where they've always been, and comply with the FHS by providing
+# symlinks allowing access through the FHS-approved pathnames. KDE, for example,
+# will look for htdig's htsearch here: /var/www/cgi-bin/htsearch
+mv $PKG/srv/httpd $PKG/var/www
+
+## DISABLED. Don't make these symlinks prior to packaging any more, as it is
+## possibly dangerous to an existing document root created in the place where
+## these symlinks are normally found. Instead, we make them in the install
+## script (only if nothing exists there already)
+#( cd $PKG/srv
+# ln -sf /var/www .
+# ln -sf /var/www httpd
+#)
+
+# OK, it's just not generally good form to put your web site in /var/www/htdocs,
+# but people do it every day. Like all new .new files, this won't save them this
+# time, but if they don't learn their lesson now then it will the next time:
+mv $PKG/var/www/htdocs/index.html $PKG/var/www/htdocs/index.html.new
+
+# Strip binaries:
+find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+
+# Compress and link manpages, if any:
+if [ -d $PKG/usr/man ]; then
+ ( cd $PKG/usr/man
+ for manpagedir in $(find . -type d -name "man*") ; do
+ ( cd $manpagedir
+ for eachpage in $( find . -type l -maxdepth 1) ; do
+ ln -s $( readlink $eachpage ).gz $eachpage.gz
+ rm $eachpage
+ done
+ gzip -9 *.*
+ )
+ done
+ )
+fi
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/${PKGNAM}-$VERSION-$ARCH-$BUILD.txz
+
diff --git a/patches/source/httpd/httpd.runasapache.diff b/patches/source/httpd/httpd.runasapache.diff
new file mode 100644
index 00000000..c1954ec3
--- /dev/null
+++ b/patches/source/httpd/httpd.runasapache.diff
@@ -0,0 +1,13 @@
+--- ./etc/httpd/httpd.conf.orig 2008-02-14 15:24:21.000000000 -0600
++++ ./etc/httpd/httpd.conf 2008-02-14 15:34:58.000000000 -0600
+@@ -125,8 +125,8 @@
+ # It is usually good practice to create a dedicated user and group for
+ # running httpd, as with most system services.
+ #
+-User daemon
+-Group daemon
++User apache
++Group apache
+
+ </IfModule>
+ </IfModule>
diff --git a/patches/source/httpd/httpd.url b/patches/source/httpd/httpd.url
new file mode 100644
index 00000000..b86771d4
--- /dev/null
+++ b/patches/source/httpd/httpd.url
@@ -0,0 +1,2 @@
+http://www.apache.org/dist/httpd/httpd-2.4.29.tar.bz2
+http://www.apache.org/dist/httpd/httpd-2.4.29.tar.bz2.asc
diff --git a/patches/source/httpd/logrotate.httpd b/patches/source/httpd/logrotate.httpd
new file mode 100644
index 00000000..cc638367
--- /dev/null
+++ b/patches/source/httpd/logrotate.httpd
@@ -0,0 +1,12 @@
+/var/log/httpd/*_log {
+ rotate 10
+ notifempty
+ missingok
+ size=5M
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ /etc/rc.d/rc.httpd restart
+ endscript
+}
diff --git a/patches/source/httpd/rc.httpd b/patches/source/httpd/rc.httpd
new file mode 100644
index 00000000..81189098
--- /dev/null
+++ b/patches/source/httpd/rc.httpd
@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# /etc/rc.d/rc.httpd
+#
+# Start/stop/restart/graceful[ly restart]/graceful[ly]-stop
+# the Apache (httpd) web server.
+#
+# To make Apache start automatically at boot, make this
+# file executable: chmod 755 /etc/rc.d/rc.httpd
+#
+# For information on these options, "man apachectl".
+
+case "$1" in
+ 'start')
+ /usr/sbin/apachectl -k start
+ ;;
+ 'stop')
+ /usr/sbin/apachectl -k stop
+ killall httpd
+ # Remove both old and new .pid locations:
+ rm -f /var/run/httpd.pid /var/run/httpd/httpd.pid
+ ;;
+ 'force-restart')
+ # Because sometimes restarting through apachectl just doesn't do the trick...
+ /usr/sbin/apachectl -k stop
+ killall httpd
+ # Remove both old and new .pid locations:
+ rm -f /var/run/httpd.pid /var/run/httpd/httpd.pid
+ /usr/sbin/apachectl -k start
+ ;;
+ 'restart')
+ /usr/sbin/apachectl -k restart
+ ;;
+ 'graceful')
+ /usr/sbin/apachectl -k graceful
+ ;;
+ 'graceful-stop')
+ /usr/sbin/apachectl -k graceful-stop
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|graceful|graceful-stop}"
+ ;;
+esac
+
diff --git a/patches/source/httpd/slack-desc b/patches/source/httpd/slack-desc
new file mode 100644
index 00000000..38d240b6
--- /dev/null
+++ b/patches/source/httpd/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+httpd: httpd (The Apache HTTP Server)
+httpd:
+httpd: Apache is an HTTP server designed as a plug-in replacement for the
+httpd: NCSA HTTP server. It fixes numerous bugs in the NCSA server and
+httpd: includes many frequently requested new features, and has an API which
+httpd: allows it to be extended to meet users' needs more easily.
+httpd:
+httpd: Apache is the most popular web server in the known universe; over
+httpd: half of the servers on the Internet are running Apache or one of
+httpd: its variants.
+httpd: