Hello community,
here is the log from the commit of package apache2 for openSUSE:Factory checked in at 2013-07-30 18:37:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2 (Old)
and /work/SRC/openSUSE:Factory/.apache2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2"
Changes:
--------
--- /work/SRC/openSUSE:Factory/apache2/apache2.changes 2013-07-02 12:20:14.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.apache2.new/apache2.changes 2013-07-30 18:37:16.000000000 +0200
@@ -1,0 +2,39 @@
+Mon Jul 29 19:53:48 UTC 2013 - crrodriguez@opensuse.org
+
+- provide and obsolete mod_macro
+- upgrade: some people complain that log_config module
+ is not enabled by default sometimes, fix that.
+- upgrade : "SSLMutex" no longer exists.
+- Toogle EnableSendfile on because now apache defaults to off
+ due to kernel bugs. that's a silly thing to do here
+ as kernel bugs have to be fixed at their source, not worked around
+ in applications.
+
+-------------------------------------------------------------------
+Mon Jul 22 21:57:40 UTC 2013 - crrodriguez@opensuse.org
+
+- httpd-event-ssl.patch: from upstream
+ Lift the restriction that prevents mod_ssl taking
+ full advantage of the event MPM.
+
+-------------------------------------------------------------------
+Mon Jul 22 16:44:22 UTC 2013 - crrodriguez@opensuse.org
+
+- Update to version 2.4.6
+* SECURITY: CVE-2013-1896 (cve.mitre.org)
+* SECURITY: CVE-2013-2249 (cve.mitre.org)
+* Major updates to mod_lua
+* Support for proxying websocket requests
+* Higher performant shm-based cache implementation
+* Addition of mod_macro for easier configuration management
+* As well as several exciting fixes, especially those related to RFC edge
+ cases in mod_cache and mod_proxy.
+
+- IMPORTANT : With the current packaging scheme, we can no longer
+Include the ITK MPM, therefore it has been disabled. This is because
+this MPM can now only be provided as a loadable module but we do
+not currently build MPMs as shared modules but as independant
+binaries and all helpers/startup scripts depend on that behaviour.
+It will be fixed in the upcoming weeks/months.
+
+-------------------------------------------------------------------
Old:
----
apache2.4-mpm-itk-2.4.2-01.patch
httpd-2.2.19-linux3.patch
httpd-2.4.4.tar.bz2
New:
----
httpd-2.4.6.tar.bz2
httpd-event-ssl.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2.spec ++++++
--- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200
+++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200
@@ -54,7 +54,7 @@
%{!?prefork:%define prefork 1}
%{!?worker:%define worker 1}
%{!?event:%define event 1}
-%{!?itk:%define itk 1}
+%{!?itk:%define itk 0}
%define mpms_to_build %(test %prefork = 1 && printf prefork) %(test %worker = 1 && printf worker) %(test %event = 1 && printf event) %(test %itk = 1 && printf itk)
# dir names
%define datadir /srv/www
@@ -81,8 +81,8 @@
# "Server:" header
%define VENDOR SUSE
%define platform_string Linux/%VENDOR
-%define realver 2.4.4
-Version: 2.4.4
+%define realver 2.4.6
+Version: 2.4.6
Release: 0
#Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2
Source0: httpd-%{realver}.tar.bz2
@@ -146,13 +146,12 @@
Patch68: httpd-2.x.x-logresolve.patch
Patch69: httpd-2.2.x-bnc690734.patch
Patch70: apache2-implicit-pointer-decl.patch
-Patch100: apache2.4-mpm-itk-2.4.2-01.patch
-Patch101: httpd-2.2.19-linux3.patch
# PATCH-FEATURE-UPSTREAM apache2-mod_ssl_npn.patch dimstar@opensuse.org -- Add npn support to mod_ssl (needed for spdy)
#Patch108: apache2-mod_ssl_npn.patch
#Provides: apache2(mod_ssl+npn)
# PATCH-FEATURE-UPSTREAM httpd-2.4.3-mod_systemd.patch crrodriguez@opensuse.org simple module provides systemd integration.
Patch109: httpd-2.4.3-mod_systemd.patch
+Patch110: http://people.apache.org/~minfrin/httpd-event-ssl.patch
Url: http://httpd.apache.org/
Icon: Apache.xpm
Summary: The Apache Web Server Version 2.2
@@ -162,6 +161,8 @@
Provides: http_daemon
Provides: httpd
Provides: suse_help_viewer
+Provides: %{name}-mod_macro = %{version}
+Obsoletes: %{name}-mod_macro <= 1.2.1
Requires: %{pname}-MPM
Requires: /etc/mime.types
PreReq: %{name}-utils
@@ -365,18 +366,16 @@
#
%setup -q -n httpd-%{realver}
%patch2 -p1
-%patch23
+%patch23 -p1
#%patch65 -p1
-%patch66
+%patch66 -p1
%patch67 -p1
%patch68 -p1
#%patch69
%patch70 -p1
-%patch100 -p1
-%patch101
#%patch108 -p1
%patch109 -p1
-#
+%patch110
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
# install READMEs
++++++ apache-20-22-upgrade ++++++
--- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200
+++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200
@@ -75,4 +75,8 @@
a2enmod authn_core
fi
+if ! a2enmod -q log_config; then
+ a2enmod log_config
+fi
+
echo 'Done.'
++++++ apache2-implicit-pointer-decl.patch ++++++
--- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200
+++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200
@@ -1,5 +1,5 @@
---- httpd-2.4.4.orig/server/request.c
-+++ httpd-2.4.4/server/request.c
+--- httpd-2.4.6.orig/server/request.c
++++ httpd-2.4.6/server/request.c
@@ -46,10 +46,13 @@
#include "util_script.h"
#include "ap_expr.h"
@@ -15,8 +15,8 @@
#if APR_HAVE_STDARG_H
#include
#endif
---- httpd-2.4.4.orig/server/config.c
-+++ httpd-2.4.4/server/config.c
+--- httpd-2.4.6.orig/server/config.c
++++ httpd-2.4.6/server/config.c
@@ -48,10 +48,14 @@
#include "http_request.h" /* for default_handler (see invoke_handler) */
#include "http_main.h"
++++++ apache2-server-tuning.conf ++++++
--- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200
+++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200
@@ -114,7 +114,7 @@
# filesystems. Please see
# http://httpd.apache.org/docs-2.2/mod/core.html#enablesendfile
#
-#EnableSendfile off
+EnableSendfile on
<IfModule mod_setenvif.c>
#
++++++ apache2-ssl-global.conf ++++++
--- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200
+++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200
@@ -48,10 +48,6 @@
SSLSessionCache shmcb:/var/lib/apache2/ssl_scache(512000)
SSLSessionCacheTimeout 300
- # Semaphore:
- # Configure the path to the mutual exclusion semaphore the
- # SSL engine uses internally for inter-process synchronization.
- SSLMutex "file:/var/lib/apache2/ssl_mutex"
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
++++++ httpd-2.0.54-envvars.dif ++++++
--- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200
+++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200
@@ -1,5 +1,5 @@
---- support/envvars-std.in.orig
-+++ support/envvars-std.in
+--- httpd-2.4.6.orig/support/envvars-std.in
++++ httpd-2.4.6/support/envvars-std.in
@@ -18,11 +18,9 @@
#
# This file is generated from envvars-std.in
++++++ httpd-2.1.3alpha-layout.dif ++++++
--- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200
+++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200
@@ -1,6 +1,6 @@
---- httpd-2.1.3-alpha.orig/config.layout
-+++ httpd-2.1.3-alpha/config.layout
-@@ -202,6 +202,54 @@
+--- httpd-2.4.6.orig/config.layout
++++ httpd-2.4.6/config.layout
+@@ -178,6 +178,54 @@
proxycachedir: /var/cache/httpd
</Layout>
++++++ httpd-2.1.9-apachectl.dif ++++++
--- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200
+++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200
@@ -1,5 +1,5 @@
---- support/apachectl.in.orig
-+++ support/apachectl.in
+--- httpd-2.4.6.orig/support/apachectl.in
++++ httpd-2.4.6/support/apachectl.in
@@ -42,17 +42,32 @@ ARGV="$@"
# -------------------- --------------------
#
++++++ httpd-2.2.0-apxs-a2enmod.dif ++++++
--- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200
+++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200
@@ -1,8 +1,6 @@
-Index: httpd-2.2.16/support/apxs.in
-===================================================================
---- httpd-2.2.16.orig/support/apxs.in
-+++ httpd-2.2.16/support/apxs.in
-@@ -526,108 +526,14 @@ if ($opt_i or $opt_e) {
+--- httpd-2.4.6.orig/support/apxs.in
++++ httpd-2.4.6/support/apxs.in
+@@ -550,108 +550,14 @@ if ($opt_i or $opt_e) {
# activate module via LoadModule/AddModule directive
if ($opt_a or $opt_A) {
++++++ httpd-2.4.4.tar.bz2 -> httpd-2.4.6.tar.bz2 ++++++
++++ 51743 lines of diff (skipped)
++++++ httpd-2.x.x-logresolve.patch ++++++
--- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:21.000000000 +0200
+++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:21.000000000 +0200
@@ -1,7 +1,6 @@
-diff -Naur ../httpd-2.2.4.orig/support/logresolve.pl.in ./support/logresolve.pl.in
---- ../httpd-2.2.4.orig/support/logresolve.pl.in 2006-07-12 05:38:44.000000000 +0200
-+++ ./support/logresolve.pl.in 2007-10-23 13:59:27.000000000 +0200
-@@ -57,6 +57,7 @@
+--- httpd-2.4.6.orig/support/logresolve.pl.in
++++ httpd-2.4.6/support/logresolve.pl.in
+@@ -57,6 +57,7 @@ $|=1;
use FileHandle;
use Socket;
@@ -9,7 +8,7 @@
use strict;
no strict 'refs';
-@@ -71,11 +72,13 @@
+@@ -71,11 +72,13 @@ my $filename;
my %hash = ();
my $parent = $$;
@@ -24,7 +23,7 @@
if (-e $filename) { unlink($filename) || warn "$filename .. $!\n";}
&child($child);
exit(0);
-@@ -91,9 +94,9 @@
+@@ -91,9 +94,9 @@ sub cleanup {
# die kiddies, die
kill(15, @children);
for (my $child = 1; $child <=$CHILDREN; $child++) {
@@ -37,7 +36,7 @@
}
}
}
-@@ -113,7 +116,7 @@
+@@ -113,7 +116,7 @@ sub parent {
if (!socket($CHILDSOCK{$child}, AF_UNIX, SOCK_STREAM, $PROTOCOL)) {
warn "parent socket to child failed $!";
}
@@ -46,7 +45,7 @@
my $response;
do {
$response = connect($CHILDSOCK{$child}, sockaddr_un($filename));
-@@ -176,7 +179,7 @@
+@@ -176,7 +179,7 @@ sub child {
# create a socket to communicate with parent
socket(INBOUND, AF_UNIX, SOCK_STREAM, $PROTOCOL)
|| die "Error with Socket: !$\n";
++++++ httpd-event-ssl.patch ++++++
--- include/httpd.h.orig
+++ include/httpd.h
@@ -1175,12 +1175,20 @@ typedef enum {
CONN_STATE_LINGER_SHORT /* MPM has started lingering close with short timeout */
} conn_state_e;
+typedef enum {
+ CONN_SENSE_DEFAULT,
+ CONN_SENSE_WANT_READ, /* next event must be read */
+ CONN_SENSE_WANT_WRITE /* next event must be write */
+} conn_sense_e;
+
/**
* @brief A structure to contain connection state information
*/
struct conn_state_t {
/** Current state of the connection */
conn_state_e state;
+ /** Whether to read instead of write, or write instead of read */
+ conn_sense_e sense;
};
/* Per-vhost config... */
--- modules/ssl/ssl_engine_io.c.orig
+++ modules/ssl/ssl_engine_io.c
@@ -775,6 +775,18 @@ static apr_status_t ssl_filter_write(ap_
*/
outctx->rc = APR_EAGAIN;
}
+ else if (ssl_err == SSL_ERROR_WANT_READ) {
+ /*
+ * If OpenSSL wants to read during write, and we were
+ * nonblocking, set the sense explicitly to read and
+ * report as an EAGAIN.
+ *
+ * (This is usually the case when the client forces an SSL
+ * renegotiation which is handled implicitly by OpenSSL.)
+ */
+ outctx->c->cs->sense = CONN_SENSE_WANT_READ;
+ outctx->rc = APR_EAGAIN;
+ }
else if (ssl_err == SSL_ERROR_SYSCALL) {
ap_log_cerror(APLOG_MARK, APLOG_INFO, outctx->rc, c, APLOGNO(01993)
"SSL output filter write failed.");
@@ -1902,8 +1914,10 @@ void ssl_io_filter_init(conn_rec *c, req
filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method);
filter_ctx->pbioWrite->ptr = (void *)bio_filter_out_ctx_new(filter_ctx, c);
- /* We insert a clogging input filter. Let the core know. */
- c->clogging_input_filters = 1;
+ /* write is non blocking for the benefit of async mpm */
+ if (c->cs) {
+ BIO_set_nbio(filter_ctx->pbioWrite, 1);
+ }
ssl_io_input_add_filter(filter_ctx, c, r, ssl);
--- server/mpm/event/event.c.orig
+++ server/mpm/event/event.c
@@ -790,7 +790,10 @@ static int start_lingering_close_common(
apr_atomic_inc32(&lingering_count);
apr_thread_mutex_lock(timeout_mutex);
TO_QUEUE_APPEND(*q, cs);
- cs->pfd.reqevents = APR_POLLIN | APR_POLLHUP | APR_POLLERR;
+ cs->pfd.reqevents = (
+ cs->pub.sense == CONN_SENSE_WANT_WRITE ? APR_POLLOUT :
+ APR_POLLIN) | APR_POLLHUP | APR_POLLERR;
+ cs->pub.sense = CONN_SENSE_DEFAULT;
rv = apr_pollset_add(event_pollset, &cs->pfd);
apr_thread_mutex_unlock(timeout_mutex);
if (rv != APR_SUCCESS && !APR_STATUS_IS_EEXIST(rv)) {
@@ -938,6 +941,7 @@ static void process_socket(apr_thread_t
*/
cs->pub.state = CONN_STATE_READ_REQUEST_LINE;
+ cs->pub.sense = CONN_SENSE_DEFAULT;
}
else {
c = cs->c;
@@ -946,9 +950,11 @@ static void process_socket(apr_thread_t
}
if (c->clogging_input_filters && !c->aborted) {
- /* Since we have an input filter which 'cloggs' the input stream,
- * like mod_ssl, lets just do the normal read from input filters,
- * like the Worker MPM does.
+ /* Since we have an input filter which 'clogs' the input stream,
+ * like mod_ssl used to, lets just do the normal read from input
+ * filters, like the Worker MPM does. Filters that need to write
+ * where they would otherwise read, or read where they would
+ * otherwise write, should set the sense appropriately.
*/
apr_atomic_inc32(&clogged_count);
ap_run_process_connection(c);
@@ -994,7 +1000,10 @@ read_request:
cs->expiration_time = ap_server_conf->timeout + apr_time_now();
apr_thread_mutex_lock(timeout_mutex);
TO_QUEUE_APPEND(write_completion_q, cs);
- cs->pfd.reqevents = APR_POLLOUT | APR_POLLHUP | APR_POLLERR;
+ cs->pfd.reqevents = (
+ cs->pub.sense == CONN_SENSE_WANT_READ ? APR_POLLIN :
+ APR_POLLOUT) | APR_POLLHUP | APR_POLLERR;
+ cs->pub.sense = CONN_SENSE_DEFAULT;
rc = apr_pollset_add(event_pollset, &cs->pfd);
apr_thread_mutex_unlock(timeout_mutex);
return;
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org