From 39366733c3fe943363566756e2e152c45a1b3cb2 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Fri, 25 May 2018 23:29:36 +0000 Subject: Fri May 25 23:29:36 UTC 2018 patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.2.txz: Rebuilt. Handle removal of US/Pacific-New timezone. If we see that the machine is using this, it will be automatically switched to US/Pacific. --- .../apache-2.4.CVE-2017-9798.optionsbleed.patch | 15 ++ patches/source/httpd/doinst.sh | 71 ++++++ patches/source/httpd/httpd.SlackBuild | 246 +++++++++++++++++++++ patches/source/httpd/httpd.runasapache.diff | 13 ++ patches/source/httpd/httpd.url | 2 + patches/source/httpd/logrotate.httpd | 12 + patches/source/httpd/rc.httpd | 44 ++++ patches/source/httpd/slack-desc | 19 ++ 8 files changed, 422 insertions(+) create mode 100644 patches/source/httpd/apache-2.4.CVE-2017-9798.optionsbleed.patch create mode 100644 patches/source/httpd/doinst.sh create mode 100755 patches/source/httpd/httpd.SlackBuild create mode 100644 patches/source/httpd/httpd.runasapache.diff create mode 100644 patches/source/httpd/httpd.url create mode 100644 patches/source/httpd/logrotate.httpd create mode 100644 patches/source/httpd/rc.httpd create mode 100644 patches/source/httpd/slack-desc (limited to 'patches/source/httpd') diff --git a/patches/source/httpd/apache-2.4.CVE-2017-9798.optionsbleed.patch b/patches/source/httpd/apache-2.4.CVE-2017-9798.optionsbleed.patch new file mode 100644 index 000000000..be590f294 --- /dev/null +++ b/patches/source/httpd/apache-2.4.CVE-2017-9798.optionsbleed.patch @@ -0,0 +1,15 @@ +--- httpd/httpd/branches/2.4.x/server/core.c 2017/08/16 16:50:29 1805223 ++++ httpd/httpd/branches/2.4.x/server/core.c 2017/09/08 13:13:11 1807754 +@@ -2266,6 +2266,12 @@ + /* method has not been registered yet, but resource restriction + * is always checked before method handling, so register it. + */ ++ if (cmd->pool == cmd->temp_pool) { ++ /* In .htaccess, we can't globally register new methods. */ ++ return apr_psprintf(cmd->pool, "Could not register method '%s' " ++ "for %s from .htaccess configuration", ++ method, cmd->cmd->name); ++ } + methnum = ap_method_register(cmd->pool, + apr_pstrdup(cmd->pool, method)); + } diff --git a/patches/source/httpd/doinst.sh b/patches/source/httpd/doinst.sh new file mode 100644 index 000000000..e233c362b --- /dev/null +++ b/patches/source/httpd/doinst.sh @@ -0,0 +1,71 @@ +#!/bin/sh + +config() { + NEW="$1" + OLD="`dirname $NEW`/`basename $NEW .new`" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname ${NEW})/$(basename ${NEW} .new)" + if [ -e ${OLD} ]; then + cp -a ${OLD} ${NEW}.incoming + cat ${NEW} > ${NEW}.incoming + mv ${NEW}.incoming ${NEW} + fi + # Don't use config() -- we always want to install this, changed or unchanged. + #config ${NEW} +} + +if [ ! -e var/log/httpd ]; then + mkdir -p var/log/httpd + chmod 755 var/log/httpd +fi + +# Don't wipe out an existing document root with symlinks. If someone has +# replaced the symlinks that are created on a fresh installation, assume +# that they know what they are doing and leave things as-is. +if [ ! -e srv/www ]; then + ( cd srv ; ln -sf /var/www www ) +fi +if [ ! -e srv/httpd ]; then + ( cd srv ; ln -sf /var/www httpd ) +fi + +# Once again, our intent is not to wipe out anyone's +# site, but building in Apache's docs tree is not as +# good an idea as picking a unique DocumentRoot. +# +# Still, we will do what we can here to mitigate +# possible site damage: +if [ -r var/www/htdocs/index.html ]; then + if [ ! -r "var/log/packages/httpd-*upgraded*" ]; then + if [ var/www/htdocs/index.html -nt var/log/packages/httpd-*-? ]; then + cp -a var/www/htdocs/index.html var/www/htdocs/index.html.bak.$$ + fi + fi +fi + +# Keep same perms when installing rc.httpd.new: +preserve_perms etc/rc.d/rc.httpd.new +# Always install the new rc.httpd: +mv etc/rc.d/rc.httpd.new etc/rc.d/rc.httpd + +# Handle config files. Unless this is a fresh installation, the +# admin will have to move the .new files into place to complete +# the package installation, as we don't want to clobber files that +# may contain local customizations. +config etc/httpd/httpd.conf.new +config etc/logrotate.d/httpd.new +for conf_file in etc/httpd/extra/*.new; do + config $conf_file +done +config var/www/htdocs/index.html.new + diff --git a/patches/source/httpd/httpd.SlackBuild b/patches/source/httpd/httpd.SlackBuild new file mode 100755 index 000000000..b43665279 --- /dev/null +++ b/patches/source/httpd/httpd.SlackBuild @@ -0,0 +1,246 @@ +#!/bin/sh + +# Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2017 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# This script was written using the one from slackbuilds.org as a reference, +# so thanks to Adis Nezirovic ( adis _at_ linux.org.ba ) for the original work. + + +PKGNAM=httpd +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.bz2 | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1_slack14.2} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +NUMJOBS=${NUMJOBS:-" -j7 "} + +CWD=$(pwd) +TMP=${TMP:-/tmp} +PKG=$TMP/package-${PKGNAM} +rm -rf $PKG +mkdir -p $TMP $PKG + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +cd $TMP +rm -rf ${PKGNAM}-${VERSION} +tar xvf $CWD/${PKGNAM}-$VERSION.tar.bz2 || exit 1 +cd ${PKGNAM}-$VERSION || exit 1 + +# Make sure ownerships and permissions are sane: +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +# A brief note about mpms: +# +# "prefork" is the legacy forked mpm, used with mod_php. Starting with httpd +# 2.4.0, new threaded mpms are available, and previously experimental mpms are +# now stable +# +# Non-threaded mpms are no longer required, since php applications can now be +# deployed with the help of mod_fcgid, essentially a set of fixed dedicated cgi +# processes spawned for the whole purpose of executing dynamic applications +# +# Threaded mpms, by their very nature, are far more scalable than the +# traditional preforking solution. They consume less memory for the same +# workload, when serving the same amount of clients. httpd 2.4 ships with two +# options, "event" and "worker", where the former is the default mpm used if +# none is specified at the ./configure line +# +# Lastly, the "prefork" mpm can be used with mod_php as of version 5.4.0, +# which yields a much improved stability, even with most mod_php extensions +# loaded. +# +# The running mpm can be changed by simply loading the module. Here is a sample: +# LoadModule mpm_event_module lib(64)/httpd/modules/mod_mpm_event.so +# +# When upgrading from 2.2, please make sure to stop the deamon first, or your +# new instance may segfault. + +# Fix config.layout to use lib${LIBDIRSUFFIX}: +sed -i -e "s#lib/httpd#lib${LIBDIRSUFFIX}/httpd#" config.layout + +# If /var/run becomes a tmpfs or a link to /run, subdirectories could be a problem. +# Just use /var/run rather than /var/run/httpd. +sed -i -e "s#/run/httpd#/run#" config.layout + +# Configure: +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --enable-layout=Slackware-FHS \ + --with-apr=/usr \ + --with-apr-util=/usr \ + --enable-mods-shared=all \ + --enable-so \ + --enable-mpms-shared=all \ + --enable-pie \ + --enable-cgi \ + --with-pcre \ + --enable-ssl \ + --enable-rewrite \ + --enable-vhost-alias \ + --enable-proxy \ + --enable-proxy-http \ + --enable-proxy-ftp \ + --enable-cache \ + --enable-mem-cache \ + --enable-file-cache \ + --enable-disk-cache \ + --enable-dav \ + --enable-ldap \ + --enable-authnz-ldap \ + --enable-authn-anon \ + --enable-authn-alias \ + --build=$ARCH-slackware-linux || exit 1 + +# Build and install: +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +rmdir $PKG/usr/bin + +# Tweak default apache configuration +( cd $PKG + zcat $CWD/httpd.runasapache.diff.gz | patch -p1 --verbose || exit 1 + # mod_proxy_balancer should be commented out, as otherwise httpd + # will not start without additional configuration: + sed -i "s/^LoadModule proxy_balancer_module/#LoadModule proxy_balancer_module/g" $PKG/etc/httpd/httpd.conf + # This module issues a warning unless some non-default modules are loaded: + sed -i "s/^LoadModule lbmethod_heartbeat_module/#LoadModule lbmethod_heartbeat_module/g" $PKG/etc/httpd/httpd.conf + rm -f $PKG/etc/httpd/httpd.conf~ $PKG/etc/httpd/httpd.conf.orig +) || exit 1 +# Change config files to .new: +( cd $PKG/etc/httpd + mv httpd.conf httpd.conf.new + for file in extra/*; do + mv $file "${file}.new" + done +) + +cat << EOF >> $PKG/etc/httpd/httpd.conf.new + +# Uncomment the following line to enable PHP: +# +#Include /etc/httpd/mod_php.conf + +# Uncomment the following lines (and mod_dav above) to enable svn support: +# +#LoadModule dav_svn_module lib${LIBDIRSUFFIX}/httpd/modules/mod_dav_svn.so +#LoadModule authz_svn_module lib${LIBDIRSUFFIX}/httpd/modules/mod_authz_svn.so + +EOF + +rmdir $PKG/var/log/httpd + +mkdir -p $PKG/etc/rc.d +cat $CWD/rc.httpd > $PKG/etc/rc.d/rc.httpd.new + +mkdir -p $PKG/etc/logrotate.d +cat $CWD/logrotate.httpd > $PKG/etc/logrotate.d/httpd.new + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh + +mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION/ +cp -a \ + ABOUT_APACHE Apache.dsw BuildBin.dsp CHANGES INSTALL InstallBin.dsp LAYOUT LICENSE NOTICE NWGNUmakefile README* ROADMAP VERSIONING \ + $PKG/usr/doc/$PKGNAM-$VERSION + +# Other distributions also strip the manual down to just English. +# If this isn't your language of choice, mea culpa. +( cd $PKG/srv/httpd/htdocs/manual + for file in $(find . -type f -name "*.html") ; do + if [ -f ${file}.en ]; then + cp ${file}.en ${file} + rm -f ${file}.* + fi + done +) + +# On Slackware, the traditional location for the Apache document root has always +# been "/var/www/htdocs/". We can avoid an unpleasant surprise for people by +# leaving things where they've always been, and comply with the FHS by providing +# symlinks allowing access through the FHS-approved pathnames. KDE, for example, +# will look for htdig's htsearch here: /var/www/cgi-bin/htsearch +mv $PKG/srv/httpd $PKG/var/www + +## DISABLED. Don't make these symlinks prior to packaging any more, as it is +## possibly dangerous to an existing document root created in the place where +## these symlinks are normally found. Instead, we make them in the install +## script (only if nothing exists there already) +#( cd $PKG/srv +# ln -sf /var/www . +# ln -sf /var/www httpd +#) + +# OK, it's just not generally good form to put your web site in /var/www/htdocs, +# but people do it every day. Like all new .new files, this won't save them this +# time, but if they don't learn their lesson now then it will the next time: +mv $PKG/var/www/htdocs/index.html $PKG/var/www/htdocs/index.html.new + +# Strip binaries: +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + +# Compress and link manpages, if any: +if [ -d $PKG/usr/man ]; then + ( cd $PKG/usr/man + for manpagedir in $(find . -type d -name "man*") ; do + ( cd $manpagedir + for eachpage in $( find . -type l -maxdepth 1) ; do + ln -s $( readlink $eachpage ).gz $eachpage.gz + rm $eachpage + done + gzip -9 *.* + ) + done + ) +fi + +cd $PKG +/sbin/makepkg -l y -c n $TMP/${PKGNAM}-$VERSION-$ARCH-$BUILD.txz + diff --git a/patches/source/httpd/httpd.runasapache.diff b/patches/source/httpd/httpd.runasapache.diff new file mode 100644 index 000000000..c1954ec33 --- /dev/null +++ b/patches/source/httpd/httpd.runasapache.diff @@ -0,0 +1,13 @@ +--- ./etc/httpd/httpd.conf.orig 2008-02-14 15:24:21.000000000 -0600 ++++ ./etc/httpd/httpd.conf 2008-02-14 15:34:58.000000000 -0600 +@@ -125,8 +125,8 @@ + # It is usually good practice to create a dedicated user and group for + # running httpd, as with most system services. + # +-User daemon +-Group daemon ++User apache ++Group apache + + + diff --git a/patches/source/httpd/httpd.url b/patches/source/httpd/httpd.url new file mode 100644 index 000000000..b86771d42 --- /dev/null +++ b/patches/source/httpd/httpd.url @@ -0,0 +1,2 @@ +http://www.apache.org/dist/httpd/httpd-2.4.29.tar.bz2 +http://www.apache.org/dist/httpd/httpd-2.4.29.tar.bz2.asc diff --git a/patches/source/httpd/logrotate.httpd b/patches/source/httpd/logrotate.httpd new file mode 100644 index 000000000..cc6383674 --- /dev/null +++ b/patches/source/httpd/logrotate.httpd @@ -0,0 +1,12 @@ +/var/log/httpd/*_log { + rotate 10 + notifempty + missingok + size=5M + compress + delaycompress + sharedscripts + postrotate + /etc/rc.d/rc.httpd restart + endscript +} diff --git a/patches/source/httpd/rc.httpd b/patches/source/httpd/rc.httpd new file mode 100644 index 000000000..81189098f --- /dev/null +++ b/patches/source/httpd/rc.httpd @@ -0,0 +1,44 @@ +#!/bin/sh +# +# /etc/rc.d/rc.httpd +# +# Start/stop/restart/graceful[ly restart]/graceful[ly]-stop +# the Apache (httpd) web server. +# +# To make Apache start automatically at boot, make this +# file executable: chmod 755 /etc/rc.d/rc.httpd +# +# For information on these options, "man apachectl". + +case "$1" in + 'start') + /usr/sbin/apachectl -k start + ;; + 'stop') + /usr/sbin/apachectl -k stop + killall httpd + # Remove both old and new .pid locations: + rm -f /var/run/httpd.pid /var/run/httpd/httpd.pid + ;; + 'force-restart') + # Because sometimes restarting through apachectl just doesn't do the trick... + /usr/sbin/apachectl -k stop + killall httpd + # Remove both old and new .pid locations: + rm -f /var/run/httpd.pid /var/run/httpd/httpd.pid + /usr/sbin/apachectl -k start + ;; + 'restart') + /usr/sbin/apachectl -k restart + ;; + 'graceful') + /usr/sbin/apachectl -k graceful + ;; + 'graceful-stop') + /usr/sbin/apachectl -k graceful-stop + ;; + *) + echo "Usage: $0 {start|stop|restart|graceful|graceful-stop}" + ;; +esac + diff --git a/patches/source/httpd/slack-desc b/patches/source/httpd/slack-desc new file mode 100644 index 000000000..38d240b6b --- /dev/null +++ b/patches/source/httpd/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +httpd: httpd (The Apache HTTP Server) +httpd: +httpd: Apache is an HTTP server designed as a plug-in replacement for the +httpd: NCSA HTTP server. It fixes numerous bugs in the NCSA server and +httpd: includes many frequently requested new features, and has an API which +httpd: allows it to be extended to meet users' needs more easily. +httpd: +httpd: Apache is the most popular web server in the known universe; over +httpd: half of the servers on the Internet are running Apache or one of +httpd: its variants. +httpd: -- cgit v1.2.3