--- apache2-2.2.14.orig/debian/apache2-prefork-dev.install +++ apache2-2.2.14/debian/apache2-prefork-dev.install @@ -0,0 +1 @@ +usr/share/man/man8/apxs2.8 --- apache2-2.2.14.orig/debian/suexec.8 +++ apache2-2.2.14/debian/suexec.8 @@ -0,0 +1,67 @@ +.TH suexec 8 "April 2008" +.\" Copyright 1999-2004 The Apache Software Foundation +.\" Copyright 2008 Stefan Fritsch +.\" +.\" Licensed under the Apache License, Version 2.0 (the "License"); +.\" you may not use this file except in compliance with the License. +.\" You may obtain a copy of the License at +.\" +.\" http://www.apache.org/licenses/LICENSE-2.0 +.\" +.\" Unless required by applicable law or agreed to in writing, software +.\" distributed under the License is distributed on an "AS IS" BASIS, +.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +.\" See the License for the specific language governing permissions and +.\" limitations under the License. +.\" +.SH NAME +suexec \- Switch User For Exec +.SH SYNOPSIS +.B suexec -V +.PP +This is a customized version that can be configured with +config files in /etc/apache2/suexec. +.PP +No other synopsis for usage, because this program +is otherwise only used internally by the Apache HTTP server. +.PP +.SH DESCRIPTION +.B suexec +is the "wrapper" support program for the suexec behaviour for the +Apache HTTP server. It is run from within the server automatically +to switch the user when an external program has to be run under a +different user. For more information about suexec in general, see the online +document `Apache suexec Support' on the HTTP server project's +Web site at http://httpd.apache.org/docs/suexec.html . +.PP +This version of suexec reads a config file on every execution. Therefore +it is a bit slower than the standard suexec version from the apache2-suexec +package. +.SH CONFIGURATION +If suexec is called by a user with name 'username', it will look into +/etc/apache2/suexec/username for configuration. If the file does not exist, +suexec will abort. By creating several config files, you can allow several +different apache run users to use suexec. +.PP +The first line in the file is used as the document root (/var/www in the +standard suexec) and the second line in the file is used as the suffix that is +appended to users' home directories (public_html in standard suexec). +.PP +If any of the lines is commented out (with #), suexec will refuse the +corresponding type of request. It is recommended to comment out the +userdir suffix if you don't need it. +.SH SECURITY +Do not set the document root to a path that includes users' home directories +(like /home or /var) or directories where users can mount removable media. +Doing so would create local security issues. Suexec does not allow to set the +document root to the root directory / . +.SH OPTIONS +.IP -V +Display the list of compile-time settings used when \fBsuexec\fP +was built. No other action is taken. +.PD +.SH FILES +.BR /etc/apache2/suexec/www-data +.SH SEE ALSO +.BR apache2(8) , +.BR /usr/share/doc/apache2.2-common/README.Debian.gz --- apache2-2.2.14.orig/debian/mpms.preinst +++ apache2-2.2.14/debian/mpms.preinst @@ -0,0 +1,30 @@ +#!/bin/sh -e + +#Debian preinstall handling for apache2 +# Thom May + +if [ "$2" ] && dpkg --compare-versions "$2" lt 2.2; then + if [ -x "/etc/init.d/apache2" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d apache2 stop || true + else + /etc/init.d/apache2 stop || true + fi + fi + chmod -x /usr/sbin/apache2 +fi + +case "$1" in + install) + rm -f /var/cache/apache2/reload + ;; + upgrade) + if [ -d /var/cache/apache2 ]; then + touch /var/cache/apache2/reload + fi + ;; + *) + ;; +esac + +#DEBHELPER# --- apache2-2.2.14.orig/debian/apache2-prefork-dev.dirs +++ apache2-2.2.14/debian/apache2-prefork-dev.dirs @@ -0,0 +1,4 @@ +usr/include/apache2 +usr/bin +usr/share/apache2/build +usr/share/man/man8 --- apache2-2.2.14.orig/debian/README.Debian +++ apache2-2.2.14/debian/README.Debian @@ -0,0 +1,340 @@ +Contents +======== + + Apache2 Configuration under Debian GNU/Linux + Files and Directories in /etc/apache2 + Tools + + Using mod_disk_cache + + SSL + Enabling SSL + Creating self-signed certificates + SSL workaround for MSIE + + Suexec + + Documentation + + Upgrades + + Common Problems + + +Apache2 Configuration under Debian GNU/Linux +============================================ + +Debian's default Apache2 installation attempts to make adding and +removing modules, virtual hosts, and extra configuration directives as +flexible as possible, in order to make automating the changes and +administering the server as easy as possible. + +Please be aware that this layout is quite different from the standard +Apache configuration. Due to the use of environment variables, apache2 +needs to be started/stopped with /etc/init.d/apache2 or apache2ctl. +Calling /usr/bin/apache2 directly will not work with the default +configuration. To call apache2 with specific command line arguments, +just call apache2ctl with the same arguments. + +Files and Directories in /etc/apache2: +------------------------------------- + +apache2.conf + + This is the main configuration file. + +envvars + + This contains environment variables that may be used in the + configuration. Some settings, like user and pid file, need to + go in here so that other scripts can use them. It can also + be used to change some default settings used by apache2ctl. + Here is also the default LANG=C setting that can be changed + to a different language. + +conf.d/ + + Files in this directory are included by this line in + apache2.conf: + + # Include generic snippets of statements + Include /etc/apache2/conf.d + + This is a good place to add additional configuration + directives. Packages should not use configuration + files that start with 'local-' or end with '.local'. + The local administrator can use these filenames to make + sure that there are no conflicts with files provided by + packages. + + If the local administrator is not comfortable with packages + activating their config files by default, it is possible + to change the 'Include /etc/apache2/conf.d/' in apache2.conf + into 'Include /etc/apache2/conf.d.enabled/' and create that + directory. He can then put symlinks to the files in conf.d + which he wants to enable into conf.d.enabled. + +httpd.conf + + Empty file. + +magic + + Empty file. + +mods-available/ + + This directory contains a series of .load and .conf files. + The .load files contain the Apache configuration directive + necessary to load the module in question. The respective + .conf files contain configuration directives necessary to + utilize the module in question. + +mods-enabled/ + + To actually enable a module for Apache2, it is necessary to + create a symlink in this directory to the .load (and .conf, if + it exists) files associated with the module in + mods-available/. For example: + + cgi.load -> /etc/apache2/mods-available/cgi.load + +ports.conf + + Configuration directives for which ports and IP addresses to + listen to. + +sites-available/ + + Like mods-available/, except it contains configuration + directives for different virtual hosts that might be used with + apache2. Note that the hostname doesn't have to correspond + exactly with the filename. 'default' is the default host. + +sites-enabled/ + + Similar in functionality to mods-enabled/, sites-enabled + contains symlinks to sites in sites-available/ that the + admnistrator wishes to enable. + + Apache uses the first VirtualHost that matches the IP/Port + as default for named virtual hosts. Therefore the 'default' + site is linked to '000-default' so that it will be read first. + + Example: + dedasys -> /etc/apache2/sites-available/dedasys + +The Include directive ignores files with names that + +- do not begin with a letter or number +- contain a character that is neither letter nor number nor _-. +- contain .dpkg + +Other files +----------- + +For historical reasons, the pid file is in /var/run/apache2.pid and not in +/var/run/apache2/apache2.pid. + +Tools +----- + +a2enmod and a2dismod are available for enabling and disabling modules utilizing +the above configuration system. + +a2ensite and a2dissite do essentially the same thing as the above tools, but +for sites rather than modules. + +apxs2 -a/-A is modified to use a2enmod to activate newly installed modules. + + +Using mod_disk_cache +==================== + +To ensure that the disk cache does not grow indefinitely, htcacheclean is +started when mod_disk_cache is enabled. Both daemon and cron (daily) mode +are supported. The configuration (run mode, cache size, ...) is in +/etc/default/apache2 . + +Normally, htcacheclean is automatically started and stopped by +/etc/init.d/apache2. However, if you change the state of mod_disk_cache or the +configuration of htcacheclean while apache2 is running, you may need to +manually start/stop htcacheclean with "/etc/init.d/apache2 start-htcacheclean" +or "/etc/init.d/apache2 stop-htcacheclean". + + +SSL +=== + +Enabling SSL +------------ + +To enable SSL, type (as user root): + + a2ensite default-ssl + a2enmod ssl + +If you want to use self-signed certificates, you should install the ssl-cert +package (see below). Otherwise, just adjust the SSLCertificateFile and +SSLCertificateKeyFile directives in /etc/apache2/sites-available/default-ssl to +point to your SSL certificate. Then restart apache: + + /etc/init.d/apache2 restart + +The SSL key file should only be readable by root, the certificate file may be +globally readable. These files are read by the Apache parent process which runs +as root. Therefore it is not necessary to make the files readable by the +www-data user. + +Creating self-signed certificates +--------------------------------- + +If you install the ssl-cert package, a self-signed certificate will be +automatically created using the hostname currently configured on your computer. +You can recreate that certificate (e.g. after you have changed /etc/hosts or +DNS to give the correct hostname) as user root with: + + make-ssl-cert generate-default-snakeoil --force-overwrite + +To create more certificates with different host names, you can use + + make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /path/to/cert-file.crt + +This will ask you for the hostname and place both SSL key and certificate in +the file /path/to/cert-file.crt . Use this file with the SSLCertificateFile +directive in the apache config (you don't need the SSLCertificateKeyFile in +this case as it also contains the key). The file /path/to/cert-file.crt should +only be readable by root. A good directory to use for the additional +certificates/keys is /etc/ssl/private . + +SSL workaround for MSIE +----------------------- + +The SSL workaround for MS Internet Explorer needs to be added to your SSL +VirtualHost section (it was previously in ssl.conf but caused keepalive to be +disabled even for non-SSL connections): + + BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown + +The default SSL virtual host in /etc/apache2/sites-available/default-ssl +already contains this workaround. + + +Suexec +====== + +Debian ships two version of the suexec helper program required by mod_suexec. +It is not installed by default, to avoid possible security issues. The package +apache2-suexec contains the standard version that works only with document root +/var/www, userdir suffix public_html, and apache run user www-data. The package +apache2-suexec-custom contains a customizable version, that can be configured +with a config file to use different settings (like /srv/www as document root). +For more information see the suexec(8) man page in the apache2-suexec-custom +package. + +Since apache2-suexec-custom has received less testing and might be slightly +slower, apache2-suexec is the recommended version unless you need the features +from apache2-suexec-custom. + + +Documentation +============= + +The full apache 2 documentation can be found on the web at + +http://httpd.apache.org/docs/2.2/ + +or, if you have installed the apache2-doc package, in + +/usr/share/doc/apache2-doc/manual/ + +or at + +http://localhost/manual/ + +There is also a wiki that contains useful information: + +http://wiki.apache.org/httpd/ + + +Upgrades +======== + +Changes in the apache packages that require manual configuration adjustments +are announced in NEWS.Debian. Installing the apt-listchanges package is +recommended. It will display the relevant NEWS.Debian sections before +upgrades. + + +Common Problems +=============== + +1) Error message "Could not determine the server's fully qualified domain name, +using 127.0.0.1 for ServerName" during start + +This can usually be ignored but it means that Apache httpd was unable to obtain +a fully-qualified hostname by doing a reverse lookup on your server's IP +address. You may want to add the fully-qualified hostname to /etc/hosts . + + +2) Error message "mod_rewrite: could not create rewrite_log_lock" + +This probably means that there are some stale SYSV semaphores around. This +usually happens after apache2 has been killed with kill -9 (SIGKILL). You can +clean up the semaphores with: + + ipcs -s | grep www-data | awk ' { print $2 } ' | xargs ipcrm sem + +3) Message "NameVirtualHost *:80 has no VirtualHosts" in error log + +Probably the VirtualHost definitions have not been adjusted after the +NameVirtualHost directive was changed in ports.conf. +See /usr/share/doc/apache2.2-common/NEWS.Debian.gz + +4) Message "File does not exist: /htdocs" in error log + +In most cases this means that no matching VirtualHost definition could be +found for an incoming request. + +5) Message "Couldn't create pollset in child; check user or system limits" in + error log + +On Linux kernels since 2.6.27.8, the value in + + /proc/sys/fs/epoll/max_user_instances + +needs to be larger than + + for prefork/itk MPM: 2 * MaxClients + for worker/event MPM: MaxClients + MaxClients/ThreadsPerChild + +It can be set on boot by adding a line like + + fs.epoll.max_user_instances=1024 + +to /etc/sysctl.conf. + +There are several other error messages related to creating a pollset that can +appear for the same reason. + +On the other hand, errors about to adding to a pollset are related to the +setting fs.epoll.max_user_watches. On most systems, max_user_watches should be +high enough by default. + +6) Message "Server should be SSL-aware but has no certificate configured" in + error log + +Since 2.2.12, Apache is stricter about certain misconfigurations concerning +name based SSL virtual hosts. See NEWS.Debian.gz for more details. + +7) Apache does not pass Authorization header to CGI scripts + +This is intentional to avoid security holes. If you really want to change it, +you can use mod_rewrite: + + RewriteCond %{HTTP:Authorization} (.*) + RewriteRule . - [env=HTTP_AUTHORIZATION:%1] + --- apache2-2.2.14.orig/debian/apache2.2-common.dirs +++ apache2-2.2.14/debian/apache2.2-common.dirs @@ -0,0 +1,15 @@ +etc/apache2/mods-enabled +etc/apache2/sites-enabled +etc/apache2/conf.d +etc/bash_completion.d +etc/logrotate.d +usr/lib/cgi-bin +usr/share/apache2/build +usr/share/apache2/default-site +usr/share/bug/apache2.2-common +usr/share/lintian/overrides +var/cache/apache2 +var/cache/apache2/mod_disk_cache +var/log/apache2 +var/www +etc/ufw/applications.d --- apache2-2.2.14.orig/debian/apache2-suexec-custom.dirs +++ apache2-2.2.14/debian/apache2-suexec-custom.dirs @@ -0,0 +1,2 @@ +usr/lib/apache2 +etc/apache2/suexec --- apache2-2.2.14.orig/debian/apache2-dbg.links +++ apache2-2.2.14/debian/apache2-dbg.links @@ -0,0 +1,4 @@ +usr/lib/debug/usr/lib/apache2/mpm-itk/apache2 usr/lib/debug/usr/sbin/apache2-mpm-itk +usr/lib/debug/usr/lib/apache2/mpm-prefork/apache2 usr/lib/debug/usr/sbin/apache2-mpm-prefork +usr/lib/debug/usr/lib/apache2/mpm-worker/apache2 usr/lib/debug/usr/sbin/apache2-mpm-worker +usr/lib/debug/usr/lib/apache2/mpm-event/apache2 usr/lib/debug/usr/sbin/apache2-mpm-event --- apache2-2.2.14.orig/debian/apache2.2-common.apache2.init +++ apache2-2.2.14/debian/apache2.2-common.apache2.init @@ -0,0 +1,226 @@ +#!/bin/sh -e +### BEGIN INIT INFO +# Provides: apache2 +# Required-Start: $local_fs $remote_fs $network $syslog +# Required-Stop: $local_fs $remote_fs $network $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# X-Interactive: true +# Short-Description: Start/stop apache2 web server +### END INIT INFO +# +# apache2 This init.d script is used to start apache2. +# It basically just calls apache2ctl. + +ENV="env -i LANG=C PATH=/usr/local/bin:/usr/bin:/bin" + +#[ $(ls -1 /etc/apache2/sites-enabled/ | wc -l | sed -e 's/ *//;') -eq 0 ] && \ +#echo "You haven't enabled any sites yet, so I'm not starting apache2." && \ +#echo "To add and enable a host, use addhost and enhost." && exit 0 + +#edit /etc/default/apache2 to change this. +HTCACHECLEAN_RUN=auto +HTCACHECLEAN_MODE=daemon +HTCACHECLEAN_SIZE=300M +HTCACHECLEAN_DAEMON_INTERVAL=120 +HTCACHECLEAN_PATH=/var/cache/apache2/mod_disk_cache +HTCACHECLEAN_OPTIONS="" + +set -e +if [ -x /usr/sbin/apache2 ] ; then + HAVE_APACHE2=1 +else + echo "No apache MPM package installed" + exit 0 +fi + +. /lib/lsb/init-functions + +test -f /etc/default/rcS && . /etc/default/rcS +test -f /etc/default/apache2 && . /etc/default/apache2 + +APACHE2CTL="$ENV /usr/sbin/apache2ctl" +HTCACHECLEAN="$ENV /usr/sbin/htcacheclean" + +PIDFILE=$(. /etc/apache2/envvars && echo $APACHE_PID_FILE) +if [ -z "$PIDFILE" ] ; then + echo ERROR: APACHE_PID_FILE needs to be defined in /etc/apache2/envvars >&2 + exit 2 +fi + + +check_htcacheclean() { + [ "$HTCACHECLEAN_MODE" = "daemon" ] || return 1 + + [ "$HTCACHECLEAN_RUN" = "yes" ] && return 0 + + [ "$HTCACHECLEAN_RUN" = "auto" \ + -a -e /etc/apache2/mods-enabled/disk_cache.load ] && return 0 + + return 1 +} + +start_htcacheclean() { + $HTCACHECLEAN $HTCACHECLEAN_OPTIONS -d$HTCACHECLEAN_DAEMON_INTERVAL \ + -i -p$HTCACHECLEAN_PATH -l$HTCACHECLEAN_SIZE + +} + +stop_htcacheclean() { + pkill htcacheclean 2> /dev/null || echo ...not running +} + +pidof_apache() { + # if there is actually an apache2 process whose pid is in PIDFILE, + # print it and return 0. + if [ -e "$PIDFILE" ]; then + if pidof apache2 | tr ' ' '\n' | grep $(cat $PIDFILE); then + return 0 + fi + fi + return 1 +} + +apache_stop() { + if $APACHE2CTL configtest > /dev/null 2>&1; then + # if the config is ok than we just stop normaly + $APACHE2CTL stop 2>&1 | grep -v 'not running' >&2 || true + else + # if we are here something is broken and we need to try + # to exit as nice and clean as possible + PID=$(pidof_apache) || true + + if [ "${PID}" ]; then + # in this case it is everything nice and dandy + # and we kill apache2 + log_warning_msg "We failed to correctly shutdown apache, so we're now killing all running apache processes. This is almost certainly suboptimal, so please make sure your system is working as you'd expect now!" + kill $PID + elif [ "$(pidof apache2)" ]; then + if [ "$VERBOSE" != no ]; then + echo " ... failed!" + echo "You may still have some apache2 processes running. There are" + echo "processes named 'apache2' which do not match your pid file," + echo "and in the name of safety, we've left them alone. Please review" + echo "the situation by hand." + fi + return 1 + fi + fi +} + +apache_wait_stop() { + # running ? + PIDTMP=$(pidof_apache) || true + if kill -0 "${PIDTMP:-}" 2> /dev/null; then + PID=$PIDTMP + fi + + apache_stop + + # wait until really stopped + if [ -n "${PID:-}" ]; then + i=0 + while kill -0 "${PID:-}" 2> /dev/null; do + if [ $i = '60' ]; then + break; + else + if [ $i = '0' ]; then + echo -n " ... waiting " + else + echo -n "." + fi + i=$(($i+1)) + sleep 1 + fi + done + fi +} + +case $1 in + start) + log_daemon_msg "Starting web server" "apache2" + if $APACHE2CTL start; then + if check_htcacheclean ; then + log_progress_msg htcacheclean + start_htcacheclean || log_end_msg 1 + fi + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + stop) + if check_htcacheclean ; then + log_daemon_msg "Stopping web server" "htcacheclean" + stop_htcacheclean + log_progress_msg "apache2" + else + log_daemon_msg "Stopping web server" "apache2" + fi + if apache_wait_stop; then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + graceful | reload | force-reload) + if ! $APACHE2CTL configtest > /dev/null 2>&1; then + $APACHE2CTL configtest || true + log_end_msg 1 + exit 1 + fi + log_daemon_msg "Reloading web server config" "apache2" + if pidof_apache > /dev/null ; then + if $APACHE2CTL graceful $2 ; then + log_end_msg 0 + else + log_end_msg 1 + fi + fi + ;; + restart) + if check_htcacheclean ; then + log_daemon_msg "Restarting web server" "htcacheclean" + stop_htcacheclean + log_progress_msg apache2 + else + log_daemon_msg "Restarting web server" "apache2" + fi + PID=$(pidof_apache) || true + if ! apache_wait_stop; then + log_end_msg 1 || true + fi + if $APACHE2CTL start; then + if check_htcacheclean ; then + start_htcacheclean || log_end_msg 1 + fi + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + start-htcacheclean) + log_daemon_msg "Starting htcacheclean" + start_htcacheclean || log_end_msg 1 + log_end_msg 0 + ;; + stop-htcacheclean) + log_daemon_msg "Stopping htcacheclean" + stop_htcacheclean + log_end_msg 0 + ;; + status) + PID=$(pidof_apache) || true + if [ -n "$PID" ]; then + echo "Apache is running (pid $PID)." + exit 0 + else + echo "Apache is NOT running." + exit 1 + fi + ;; + *) + log_success_msg "Usage: /etc/init.d/apache2 {start|stop|restart|reload|force-reload|start-htcacheclean|stop-htcacheclean|status}" + exit 1 + ;; +esac --- apache2-2.2.14.orig/debian/clean +++ apache2-2.2.14/debian/clean @@ -0,0 +1,28 @@ +debian/apache2-mpm-worker.postinst +debian/apache2-mpm-worker.preinst +debian/apache2-mpm-worker.prerm +debian/apache2-mpm-worker.lintian-overrides +debian/apache2-mpm-worker.dirs +debian/apache2-mpm-worker.links +debian/apache2-mpm-event.postinst +debian/apache2-mpm-event.preinst +debian/apache2-mpm-event.prerm +debian/apache2-mpm-event.lintian-overrides +debian/apache2-mpm-event.dirs +debian/apache2-mpm-event.links +debian/apache2-mpm-prefork.postinst +debian/apache2-mpm-prefork.preinst +debian/apache2-mpm-prefork.prerm +debian/apache2-mpm-prefork.lintian-overrides +debian/apache2-mpm-prefork.dirs +debian/apache2-mpm-prefork.links +debian/apache2-mpm-itk.postinst +debian/apache2-mpm-itk.preinst +debian/apache2-mpm-itk.prerm +debian/apache2-mpm-itk.lintian-overrides +debian/apache2-mpm-itk.dirs +debian/apache2-mpm-itk.links +debian/apache2-prefork-dev.postinst +debian/apache2-threaded-dev.postinst +debian/tmp-worker +debian/tmp-prefork --- apache2-2.2.14.orig/debian/apache2.8 +++ apache2-2.2.14/debian/apache2.8 @@ -0,0 +1,81 @@ +.TH "APACHE2" 8 "2008-04-05" "Apache HTTP Server" "apache2" + +.SH NAME +apache2 \- Apache Hypertext Transfer Protocol Server +.SH "SYNOPSIS" +.PP +\fBapache2\fR [ -\fBd\fR \fIserverroot\fR ] [ -\fBf\fR \fIconfig\fR ] [ -\fBC\fR \fIdirective\fR ] [ -\fBc\fR \fIdirective\fR ] [ -\fBD\fR \fIparameter\fR ] [ -\fBe\fR \fIlevel\fR ] [ -\fBE\fR \fIfile\fR ] [ \fB-k\fR start|restart|graceful|stop|graceful-stop ] [ -\fBR\fR \fIdirectory\fR ] [ -\fBh\fR ] [ -\fBl\fR ] [ -\fBL\fR ] [ -\fBS\fR ] [ -\fBt\fR ] [ -\fBv\fR ] [ -\fBV\fR ] [ -\fBX\fR ] [ -\fBM\fR ] +.SH "SUMMARY" +.PP +apache2 is the Apache HyperText Transfer Protocol (HTTP) server program\&. It is designed to be run as a standalone daemon process\&. When used like this it will create a pool of child processes or threads to handle requests\&. +.PP +In general, apache2 should not be invoked directly, but rather should be +invoked via /etc/init.d/apache2 or apache2ctl\&. The default Debian +configuration requires environment variables that are defined in +/etc/apache2/envvars and are not available if apache2 is started directly. +However, apache2ctl can be used to pass arbitrary arguments to apache2. +.SH "DOCUMENTATION" +.PP +The full documentation is available in the apache2-doc package or at +http://httpd.apache.org/docs/2.2/ . Information about Debian specific changes +and configuration can be found in +/usr/share/doc/apache2.2-common/README.Debian.gz . +.SH "OPTIONS" +.TP +-d \fIserverroot\fR +Set the initial value for the ServerRoot directive to \fIserverroot\fR\&. This can be overridden by the ServerRoot directive in the configuration file\&. +.TP +-f \fIconfig\fR +Uses the directives in the file \fIconfig\fR on startup\&. If \fIconfig\fR does not begin with a /, then it is taken to be a path relative to the ServerRoot\&. The default is /etc/apache2/apache2\&.conf\&. +.TP +-k start|restart|graceful|stop|graceful-stop +Signals apache2 to start, restart, or stop\&. See Stopping Apache for more information\&. +.TP +-C \fIdirective\fR +Process the configuration \fIdirective\fR before reading config files\&. +.TP +-c \fIdirective\fR +Process the configuration \fIdirective\fR after reading config files\&. +.TP +-D \fIparameter\fR +Sets a configuration \fIparameter \fRwhich can be used with sections in the configuration files to conditionally skip or process commands at server startup and restart\&. +.TP +-e \fIlevel\fR +Sets the LogLevel to \fIlevel\fR during server startup\&. This is useful for temporarily increasing the verbosity of the error messages to find problems during startup\&. +.TP +-E \fIfile\fR +Send error messages during server startup to \fIfile\fR\&. +.TP +-R \fIdirectory\fR +When the server is compiled using the SHARED_CORE rule, this specifies the \fIdirectory\fR for the shared object files\&. +.TP +-h +Output a short summary of available command line options\&. +.TP +-l +Output a list of modules compiled into the server\&. This will \fBnot\fR list dynamically loaded modules included using the LoadModule directive\&. +.TP +-L +Output a list of directives together with expected arguments and places where the directive is valid\&. +.TP +-M +Dump a list of loaded Static and Shared Modules\&. +.TP +-S +Show the settings as parsed from the config file (currently only shows the virtualhost settings)\&. +.TP +-t +Run syntax tests for configuration files only\&. The program immediately exits after these syntax parsing tests with either a return code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error)\&. If -D \fIDUMP\fR_\fIVHOSTS \fRis also set, details of the virtual host configuration will be printed\&. If -D \fIDUMP\fR_\fIMODULES \fR is set, all loaded modules will be printed\&. +.TP +-v +Print the version of apache2, and then exit\&. +.TP +-V +Print the version and build parameters of apache2, and then exit\&. +.TP +-X +Run apache2 in debug mode\&. Only one worker will be started and the server will not detach from the console\&. +.SH SEE ALSO +.BR apache2ctl (8), +.BR /usr/share/doc/apache2.2-common/README.Debian.gz + --- apache2-2.2.14.orig/debian/apache2-dbg.dirs +++ apache2-2.2.14/debian/apache2-dbg.dirs @@ -0,0 +1,5 @@ +usr/lib/debug/usr/sbin +usr/lib/debug/usr/lib/apache2/mpm-worker +usr/lib/debug/usr/lib/apache2/mpm-prefork +usr/lib/debug/usr/lib/apache2/mpm-event +usr/lib/debug/usr/lib/apache2/mpm-itk --- apache2-2.2.14.orig/debian/apache2-doc.postinst +++ apache2-2.2.14/debian/apache2-doc.postinst @@ -0,0 +1,11 @@ +#!/bin/sh -e + +if [ -x "/etc/init.d/apache2" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d apache2 reload ||true + else + /etc/init.d/apache2 reload ||true + fi +fi + +#DEBHELPER# --- apache2-2.2.14.orig/debian/apache2ctl.8 +++ apache2-2.2.14/debian/apache2ctl.8 @@ -0,0 +1,176 @@ +.TH apache2ctl 8 "April 2008" +.\" The Apache Software License, Version 1.1 +.\" +.\" Copyright (c) 2000-2002 The Apache Software Foundation. All rights +.\" reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. The end-user documentation included with the redistribution, +.\" if any, must include the following acknowledgment: +.\" "This product includes software developed by the +.\" Apache Software Foundation (http://www.apache.org/)." +.\" Alternately, this acknowledgment may appear in the software itself, +.\" if and wherever such third-party acknowledgments normally appear. +.\" +.\" 4. The names "Apache" and "Apache Software Foundation" must +.\" not be used to endorse or promote products derived from this +.\" software without prior written permission. For written +.\" permission, please contact apache@apache.org. +.\" +.\" 5. Products derived from this software may not be called "Apache", +.\" nor may "Apache" appear in their name, without prior written +.\" permission of the Apache Software Foundation. +.\" +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +.\" DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" This software consists of voluntary contributions made by many +.\" individuals on behalf of the Apache Software Foundation. For more +.\" information on the Apache Software Foundation, please see +.\" . +.\" +.SH NAME +apache2ctl \- Apache HTTP server control interface +.SH SYNOPSIS +When acting in SysV init mode, apache2ctl takes simple, one-word commands, +defined below. +.PP +.B apache2ctl +.I command +.PP +When acting in pass-through mode, apache2ctl can take all the arguments available +for the httpd binary. +.PP +.B apache2ctl +.RI [ httpd-argument ] +.PP +.SH DESCRIPTION +.B apache2ctl +is a front end to the Apache HyperText Transfer Protocol (HTTP) +server. It is designed to help the administrator control the +functioning of the Apache +.B apache2 +daemon. +.PP +.B NOTE: +The default Debian configuration requires the environment variables +.BR APACHE_RUN_USER , +.BR APACHE_RUN_GROUP , +and +.B APACHE_PID_FILE +to be set in +.BR /etc/apache2/envvars . +.PP +The +.B apache2ctl +script returns a 0 exit value on success, and >0 if an error +occurs. For more details, view the comments in the script. +.PP +.SH OPTIONS +The \fIcommand\fP can be any one or more of the following options: +.TP 14 +.BI start +Start the Apache daemon. Gives an error if it is already running. +.TP +.BI stop +Stops the Apache daemon. +.TP +.BI restart +Restarts the Apache daemon by sending it a SIGHUP. If the daemon +is not running, it is started. +This command automatically checks the configuration files via +.BI configtest +before initiating the restart to to catch the most obvious errors. +However, it is still possible for the daemon to die because of problems +with the configuration. +.TP +.BI fullstatus +Displays a full status report from +.B mod_status. +For this to work, you need to have mod_status enabled on your server +and a text-based browser such as \fIlynx\fP available on your system. The +URL used to access the status report can be set by setting the +.B APACHE_STATUSURL +variable in +.BR /etc/apache2/envvars . +.TP +.BI status +Displays a brief status report. Similar to the fullstatus option, +except that the list of requests currently being served is omitted. +.TP +.BI graceful +Gracefully restarts the Apache daemon by sending it a SIGUSR1. If +the daemon is not running, it is started. This differs from a +normal restart in that currently open connections are not aborted. +A side effect is that old log files will not be closed immediately. +This means that if used in a log rotation script, a substantial delay may be +necessary to ensure that the old log files are closed before processing them. +This command automatically checks the configuration files via apache2ctl +configtest before initiating the restart to to catch the most obvious errors. +However, it is still possible for the daemon to die because of problems with +the configuration. +.TP +.BI graceful-stop +Gracefully stops the Apache httpd daemon. +This differs from a normal stop in that currently open connections are not +aborted. +A side effect is that old log files will not be closed immediately. +.TP +.BI configtest +Run a configuration file syntax test. It parses the configuration +files and either reports +.B "Syntax Ok" +or information about the particular syntax error. This test does not catch +all errors. +.TP +.BI help +Displays a short help message. +.TP +The following option was available in earlier versions but has been removed. +.TP +.BI startssl +To start httpd with SSL support, you should edit your configuration file to +include the relevant directives and then use the normal apache2ctl start. +.SH ENVIRONMENT +The behaviour of +.B apache2ctl +can be influenced with these environment variables: +.BR APACHE_HTTPD , +.BR APACHE_LYNX , +.BR APACHE_STATUSURL , +.BR APACHE_ULIMIT_MAX_FILES , +.BR APACHE_RUN_DIR , +.BR APACHE_LOCK_DIR , +.BR APACHE_RUN_USER , +.BR APACHE_ARGUMENTS , +.BR APACHE_ENVVARS . +See the comments in the script for details. +These variables (except +.BR APACHE_ENVVARS ) +can be set in +.BR /etc/apache2/envvars . +.SH SEE ALSO +.BR apache2(8) , +.BR /usr/share/doc/apache2.2-common/README.Debian.gz +. --- apache2-2.2.14.orig/debian/suexec-custom.config +++ apache2-2.2.14/debian/suexec-custom.config @@ -0,0 +1,5 @@ +/var/www +public_html/cgi-bin +# The first two lines contain the suexec document root and the suexec userdir +# suffix. Both features can be disabled separately by prepending a # character. +# This config file is only used by the apache2-suexec-custom package. --- apache2-2.2.14.orig/debian/apache2-doc.doc-base +++ apache2-2.2.14/debian/apache2-doc.doc-base @@ -0,0 +1,10 @@ +Document: apache2-manual +Title: Apache HTTP Server Version 2.2 Documentation +Abstract: This documentation describes the configuration of the Apache Web + server and the included modules. +Section: web + +Format: HTML +Index: /usr/share/doc/apache2-doc/manual/en/index.html +Files: /usr/share/doc/apache2-doc/manual/*/*.html + /usr/share/doc/apache2-doc/manual/*/*/*.html --- apache2-2.2.14.orig/debian/apache2.2-common.postinst +++ apache2-2.2.14/debian/apache2.2-common.postinst @@ -0,0 +1,90 @@ +#!/bin/sh -e + +if [ "$1" != "configure" ]; then + exit 0 +fi + +mod_is_enabled() { + test -L /etc/apache2/mods-enabled/$1.load +} + +#set up default site and dummy error and access logs +if [ -z "$2" ]; then + if [ ! -L /etc/apache2/sites-enabled/000-default -a \ + ! -f /etc/apache2/sites-enabled/000-default ]; then + a2ensite -q default + fi + touch /var/log/apache2/error.log /var/log/apache2/access.log + chown root:adm /var/log/apache2/error.log /var/log/apache2/access.log + chmod 0640 /var/log/apache2/error.log /var/log/apache2/access.log +fi + +# Note, this line catches new installs as well as upgrades +if dpkg --compare-versions "$2" lt 2.2.3-3.1; then + a2enmod -q alias + a2enmod -q autoindex + a2enmod -q dir + a2enmod -q env + a2enmod -q mime + a2enmod -q negotiation + a2enmod -q setenvif + a2enmod -q status + a2enmod -q auth_basic + a2enmod -q deflate + + # Those come from mod_auth: + a2enmod -q authz_default + a2enmod -q authz_user + a2enmod -q authz_groupfile + a2enmod -q authn_file + + # This comes from mod_access: + a2enmod -q authz_host + +fi + +if [ -n "$2" ] && dpkg --compare-versions "$2" lt 2.2.4-2; then + echo -n activating new config files ... + for a in actions alias autoindex info mime negotiation setenvif status ; do + if mod_is_enabled $a && [ ! -e /etc/apache2/mods-enabled/$a.conf ] ; then + ln -sf ../mods-available/$a.conf /etc/apache2/mods-enabled/$a.conf + echo -n " $a.conf" + fi + done + echo " done." +fi + +# Note, this line catches new installs as well as upgrades +if dpkg --compare-versions "$2" lt 2.2.7-1~0; then + if [ ! -e /var/www/index.html -a \ + ! -h /var/www/index.html -a \ + ! -e /var/www/index.cgi -a \ + ! -e /var/www/index.pl -a \ + ! -e /var/www/index.php -a \ + ! -e /var/www/index.xhtml -a \ + ! -e /var/www/index.htm ] ; then + cp /usr/share/apache2/default-site/index.html /var/www/index.html + fi +fi + +# DavLockDB format change +if dpkg --compare-versions "$2" lt 2.2.14-3~; then + rm -f /var/lock/apache2/DAVLock.dir /var/lock/apache2/DAVLock.pag +fi + +# Note, this line catches new installs as well as upgrades +if dpkg --compare-versions "$2" lt 2.2.15-1~0; then + a2enmod -q reqtimeout +fi + + +rm -f /etc/apache2/ports.conf.dpkg-apache2.2-common.old +rm -f /etc/default/apache2.dpkg-apache2.2-common.old +rm -f /etc/apache2/conf.d/charset.dpkg-apache2.2-common.old + +[ -f /etc/apache2/httpd.conf ] || touch /etc/apache2/httpd.conf + +#DEBHELPER# + +exit 0 + --- apache2-2.2.14.orig/debian/a2enmod.8 +++ apache2-2.2.14/debian/a2enmod.8 @@ -0,0 +1,68 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH A2ENMOD 8 "12 October 2006" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +a2enmod, a2dismod \- enable or disable an apache2 module +.SH SYNOPSIS +.B a2enmod +.RI [ module ] +.PP +.B a2dismod +.RI [ module ] +.SH DESCRIPTION +This manual page documents briefly the +.B a2enmod +and +.B a2dismod +commands. +.PP +.B a2enmod +is a script that enables the specified module within the +.B apache2 +configuration. It does this by creating symlinks within +.BR /etc/apache2/mods-enabled . +Likewise, +.B a2dismod +disables a module by removing those symlinks. It is not an error to +enable a module which is already enabled, or to disable one which is +already disabled. +.SH EXAMPLES +.RS +.B "a2enmod imagemap" +.br +.B "a2dismod mime_magic" +.RE +.PP +Enables the +.B mod_imagemap +module, and disables the +.B mod_mime_magic +module. +.SH FILES +.TP +.B /etc/apache2/mods-available +Directory with files giving information on available modules. +.TP +.B /etc/apache2/mods-enabled +Directory with links to the files in +.B mods-available +for enabled modules. +.SH "SEE ALSO" +.BR apache2ctl (8). +.SH AUTHOR +This manual page was written by Daniel Stone for the Debian +GNU/Linux distribution, as it is a Debian-specific script with the package. --- apache2-2.2.14.orig/debian/mpms.links +++ apache2-2.2.14/debian/mpms.links @@ -0,0 +1,2 @@ +usr/lib/apache2/mpm-MPMXXX/apache2 usr/sbin/apache2 +usr/share/bug/apache2.2-common/script usr/share/bug/apache2-mpm-MPMXXX/script --- apache2-2.2.14.orig/debian/apache2-doc.dirs +++ apache2-2.2.14/debian/apache2-doc.dirs @@ -0,0 +1,2 @@ +etc/apache2/conf.d +usr/share/doc/apache2-doc --- apache2-2.2.14.orig/debian/apache2.postinst +++ apache2-2.2.14/debian/apache2.postinst @@ -0,0 +1,20 @@ +#!/bin/sh +set -e + +if [ "$1" != "configure" ]; then + exit 0 +fi + +# postinst for apache2, apache2-prefork-dev, apache2-threaded-dev + +P=apache2 +if dpkg --compare-versions "$2" lt 2.2.11-5~ ; then + DOCDIR=/usr/share/doc/$P + if [ ! -h $DOCDIR -a -d $DOCDIR ] ; then + rmdir $DOCDIR 2> /dev/null && ln -s apache2.2-common $DOCDIR + fi +fi + +#DEBHELPER# + +exit 0 --- apache2-2.2.14.orig/debian/apache2-suexec-custom.manpages +++ apache2-2.2.14/debian/apache2-suexec-custom.manpages @@ -0,0 +1 @@ +debian/suexec.8 --- apache2-2.2.14.orig/debian/a2dismod.8 +++ apache2-2.2.14/debian/a2dismod.8 @@ -0,0 +1 @@ +.so man8/a2enmod.8 --- apache2-2.2.14.orig/debian/check_forensic.8 +++ apache2-2.2.14/debian/check_forensic.8 @@ -0,0 +1,16 @@ +.TH check_forensic 8 +.SH NAME +check_forensic \- tool to extract mod_log_forensic output from apache log files +.SH SYNOPSIS +.B check_forensic + +.SH "DESCRIPTION" +chech_forensic is a simple shell script designed to help apache administrators +to extract mod_log_forensic output from apache2 log files. +It checks the forensic log for requests that did not complete +and outputs the request log for each one. +.PP +.SH AUTHOR +This manual page was written by Fabio M. Di Nitto +, for the Debian GNU/Linux system +(but may be used by others). --- apache2-2.2.14.orig/debian/apache2.2-bin.manpages +++ apache2-2.2.14/debian/apache2.2-bin.manpages @@ -0,0 +1 @@ +debian/httxt2dbm.8 --- apache2-2.2.14.orig/debian/a2enmod +++ apache2-2.2.14/debian/a2enmod @@ -0,0 +1,341 @@ +#!/usr/bin/perl -w +# +# a2enmod by Stefan Fritsch +# Licensed under Apache License 2.0 + +use strict; +use Cwd 'realpath'; +use File::Spec; +use File::Basename; +use Getopt::Long; + +my $quiet; +my $force; +Getopt::Long::Configure('bundling'); +GetOptions( + 'quiet|q' => \$quiet, + 'force|f' => \$force +) or exit 2; + +my $basename = basename($0); +$basename =~ /^a2(en|dis)(mod|site)((?:-.+)?)$/ + or die "$basename call name unknown\n"; +my $act = $1; +my $obj = $2; +my $dir_suffix = $3; + +my $env_file = $ENV{APACHE_ENVVARS} + || ( + $ENV{APACHE_CONFDIR} + ? "$ENV{APACHE_CONFDIR}/envvars" + : "/etc/apache2$dir_suffix/envvars" + ); +$ENV{LANG}='C'; +read_env_file($env_file); + +$act .= 'able'; +my ( $name, $dir, $sffx, $reload ); +if ( $obj eq 'mod' ) { + $obj = 'module'; + $dir = 'mods'; + $sffx = '.load'; + $reload = 'restart'; +} +else { + $dir = 'sites'; + $sffx = ''; + $reload = 'reload'; +} +$name = ucfirst($obj); + +my $confdir = $ENV{APACHE_CONFDIR} || "/etc/apache2$dir_suffix"; +my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") } || "$confdir/$dir-available"; +my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled"; + +my $choicedir = $act eq 'enable' ? $availdir : $enabldir; +my $linkdir = File::Spec->abs2rel( $availdir, $enabldir ); + +my $request_reload = 0; + +my $rc = 0; + +if ( !scalar @ARGV ) { + my @choices = myglob('*'); + print "Your choices are: @choices\n"; + print "Which ${obj}(s) do you want to $act (wildcards ok)?\n"; + my $input = <>; + @ARGV = split /\s+/, $input; + +} + +my @objs; +foreach my $arg (@ARGV) { + my @glob = myglob($arg); + if ( !@glob ) { + error("No $obj found matching $arg!\n"); + $rc = 1; + } + else { + push @objs, @glob; + } +} + +foreach my $acton (@objs) { + doit($acton) or $rc = 1; +} + +info("Run '/etc/init.d/apache2 $reload' to activate new configuration!\n") + if $request_reload; + +exit($rc); + +############################################################################## + +sub myglob { + my $arg = shift; + + my @glob = map { + s{^$choicedir/}{}; + s{$sffx$}{}; + s{^000-default$}{default}; + $_ + } glob("$choicedir/$arg$sffx"); + + # use same rules as apache's Include directive + @glob = grep( /^[[:alnum:]][-._[:alnum:]]*$/, @glob ); + @glob = grep( !/\.dpkg/, @glob ); + + return @glob; +} + +sub doit { + my $acton = shift; + + my $prio = ""; + if ( $obj eq 'site' && $acton eq 'default' ) { + $prio = '000-'; + } + + my ( $conftgt, $conflink ); + if ( $obj eq 'module' ) { + if ( $acton eq 'cgi' && threaded() ) { + print "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n"; + $acton = 'cgid'; + } + + $conftgt = "$availdir/$acton.conf"; + if ( -e $conftgt ) { + $conflink = "$enabldir/$acton.conf"; + } + } + + my $tgt = "$availdir/$acton$sffx"; + my $link = "$enabldir/$prio$acton$sffx"; + + if ( !-e $tgt ) { + if ( -l $link && !-e $link ) { + if ( $act eq 'disable' ) { + info("removing dangling symlink $link\n"); + unlink($link); + return 1; + } + else { + error("$link is a dangling symlink!\n"); + } + } + + error("$name $acton does not exist!\n"); + return 0; + } + + # handle module dependencies + if ( $obj eq 'module' ) { + if ( $act eq 'enable' ) { + my $depends = qx{grep "# Depends:" "$availdir/$acton.load"|cut -f2 -d:}; + $depends =~ s,^[\s\n]+,,; + $depends =~ s,[\s\n]+$,,; + do_deps( $acton, split( /[\n\s]+/, $depends ) ) or return 0; + } + else { + my @depends = qx{egrep "# Depends:.*${acton}( |\$)" $enabldir/*.load}; + @depends = grep {s{^.*?/([^/]*?)\.load:.*}{$1}s} @depends; + if ( scalar @depends ) { + if ($force) { + do_deps( $acton, @depends ) or return 0; + } + else { + error( + "The following modules depend on $acton ", + "and need to be disabled first: @depends\n" + ); + return 0; + } + } + } + } + + if ( $act eq 'enable' ) { + my $check = check_link( $tgt, $link ); + if ( $check eq 'ok' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'ok' ) { + info("$name $acton already enabled\n"); + return 1; + } + elsif ( $confcheck eq 'missing' ) { + print "Enabling config file $acton.conf.\n"; + add_link( $conftgt, $conflink ) or return 0; + } + else { + error("Config file $acton.conf not properly enabled: $confcheck\n"); + return 0; + } + } + else { + info("$name $acton already enabled\n"); + return 1; + } + } + elsif ( $check eq 'missing' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'missing' ) { + add_link( $conftgt, $conflink ) or return 0; + } + elsif ( $confcheck ne 'ok' ) { + error("Config file $acton.conf not properly enabled: $confcheck\n"); + return 0; + } + } + + print "Enabling $obj $acton.\n"; + if ( $acton eq 'ssl' ) { + info("See /usr/share/doc/apache2.2-common/README.Debian.gz on " . + "how to configure SSL and create self-signed certificates.\n"); + } + return add_link( $tgt, $link ); + } + else { + error("$name $acton not properly enabled: $check\n"); + return 0; + } + } + else { + if ( -e $link || -l $link ) { + remove_link($link); + if ( $conflink && -e $conflink ) { + remove_link($conflink); + } + print "$name $acton disabled.\n"; + } + elsif ( $conflink && -e $conflink ) { + print "Disabling stale config file $acton.conf.\n"; + remove_link($conflink); + } + else { + info("$name $acton already disabled\n"); + return 1; + } + } + + return 1; +} + +sub do_deps { + my $acton = shift; + foreach my $d (@_) { + info("Considering dependency $d for $acton:\n"); + if ( !doit($d) ) { + error("Could not $act dependency $d for $acton, aborting\n"); + return 0; + } + } + return 1; +} + +sub add_link { + my ( $tgt, $link ) = @_; + + # create relative link + if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) { + die("Could not create $link: $!\n"); + } + $request_reload = 1; + return 1; +} + +sub check_link { + my ( $tgt, $link ) = @_; + + if ( !-e $link ) { + if ( -l $link ) { + + # points to nowhere + info("Removing dangling link $link"); + unlink($link) or die "Could not remove $link\n"; + } + return 'missing'; + } + + if ( -e $link && !-l $link ) { + return "$link is a real file, not touching it"; + } + if ( realpath($link) ne realpath($tgt) ) { + return "$link exists but does not point to $tgt, not touching it"; + } + return 'ok'; +} + +sub remove_link { + my ($link) = @_; + + if ( -l $link ) { + unlink($link) or die "Could not remove $link: $!\n"; + } + elsif ( -e $link ) { + error("$link is not a symbolic link, not deleting\n"); + return 0; + } + $request_reload = 1; + return 1; +} + +sub threaded { + my $result = ""; + $result = qx{/usr/sbin/apache2 -V | grep 'threaded'} if -x '/usr/sbin/apache2'; + if ( $result =~ / no/ ) { + return 0; + } + else { + return 1; + } +} + +sub info { + print @_ if !$quiet; +} + +sub error { + print STDERR 'ERROR: ', @_; +} + +sub read_env_file { + my $file = shift; + + -r $file or return; + my @lines = qx{env - sh -c '. $file && env'}; + if ($?) { + die "Could not read $file\n"; + } + + foreach my $l (@lines) { + chomp $l; + $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n"; + $ENV{$1} = $2; + } +} --- apache2-2.2.14.orig/debian/default-index.html +++ apache2-2.2.14/debian/default-index.html @@ -0,0 +1,4 @@ +

It works!

+

This is the default web page for this server.

+

The web server software is running but no content has been added, yet.

+ --- apache2-2.2.14.orig/debian/apache2-threaded-dev.install +++ apache2-2.2.14/debian/apache2-threaded-dev.install @@ -0,0 +1 @@ +usr/share/man/man8/apxs2.8 --- apache2-2.2.14.orig/debian/convert_docs +++ apache2-2.2.14/debian/convert_docs @@ -0,0 +1,96 @@ +#!/usr/bin/perl -w + +use strict; +use File::Path; +use Fatal qw/mkpath symlink open close/; + +scalar @ARGV == 2 or die; + +my $SRC=$ARGV[0]; +my $TGT=$ARGV[1]; + +# list of languages +my @lang = glob("$SRC/index.html.*") or die; +map { s{^.*html\.}{} } @lang; + +# map "ja.euc-jp" to "ja/", ... +my %lpath; +foreach my $l (@lang) { + my $t=$l; + $t =~ s{\..*$}{}; + $lpath{$l}="$t/"; +} + + +my @html=`find $SRC -name *.html` or die; +chomp(@html); +map { s{^$SRC/}{} } @html; + +foreach my $h (@html) { + my $dir=""; + if ($h =~ m{^(.*/)}) { + $dir=$1; + } + + for my $l (@lang) { + my $tdir="$TGT/$lpath{$l}"; + -d "$tdir$dir" || mkpath("$tdir$dir"); + + my $updir=$dir; + $updir =~ s{[^/]+}{..}g; + + if ($l eq "en") { + conv("$SRC/$h.en", "$tdir$h", $h); + } + elsif ( -f "$SRC/$h.$l" ) { + conv("$SRC/$h.$l", "$tdir$h", $h); + } + else { + symlink("${updir}../en/$h", "$tdir$h"); + } + + } +} + +open(my $out, ">", "$TGT/index.html"); +print $out '', + '', + "\n\n"; +foreach my $l (sort values %lpath) { + print $out qq{\n}; +} +print $out '
$l
'; + + +### END + + +sub conv { + my ($old, $new, $name) = @_; + + open(my $in, "<", $old); + local $/; + my $file = <$in>; + close($in); + + # /mod/ -> /mod/index.html + $file =~ s{href="([^:"]*/)"}{href="${1}index.html"}g; + + # style and images now one level up + $file =~ s{(src|href)="../(style|images)}{$1="../../$2}g; + $file =~ s{(src|href)="./(style|images)}{$1="../$2}g; + + foreach my $l (values %lpath) { + # language directories one level up + $file =~ s{href="\.\./$l}{href="../../$l}g; + $file =~ s{href="\./$l}{href="../$l}g; + } + + # Debian tweaks + $file =~ s{/usr/local/apache2/conf/httpd[.]conf}{/etc/apache2/apache2.conf}g; + $file =~ s{httpd[.]conf}{apache2.conf}g; + + open(my $out, ">", $new); + print $out $file; + close($out); +} --- apache2-2.2.14.orig/debian/apache2-utils.manpages +++ apache2-2.2.14/debian/apache2-utils.manpages @@ -0,0 +1,3 @@ +debian/check_forensic.8 +debian/checkgid.8 +debian/split-logfile.8 --- apache2-2.2.14.orig/debian/apache2.2-bin.dirs +++ apache2-2.2.14/debian/apache2.2-bin.dirs @@ -0,0 +1,4 @@ +usr/lib/apache2/mpm-worker +usr/lib/apache2/mpm-prefork +usr/lib/apache2/mpm-event +usr/lib/apache2/mpm-itk --- apache2-2.2.14.orig/debian/apache2-utils.dirs +++ apache2-2.2.14/debian/apache2-utils.dirs @@ -0,0 +1,4 @@ +usr/bin +usr/sbin +usr/share/man/man1 +usr/share/man/man8 --- apache2-2.2.14.orig/debian/logrotate +++ apache2-2.2.14/debian/logrotate @@ -0,0 +1,15 @@ +/var/log/apache2/*.log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + if [ -f "`. /etc/apache2/envvars ; echo ${APACHE_PID_FILE:-/var/run/apache2.pid}`" ]; then + /etc/init.d/apache2 reload > /dev/null + fi + endscript +} --- apache2-2.2.14.orig/debian/apache2-doc.install +++ apache2-2.2.14/debian/apache2-doc.install @@ -0,0 +1,3 @@ +usr/share/apache2/default-site/htdocs/manual usr/share/doc/apache2-doc +usr/lib/cgi-bin/printenv usr/share/doc/apache2-doc/cgi-examples +usr/lib/cgi-bin/test-cgi usr/share/doc/apache2-doc/cgi-examples --- apache2-2.2.14.orig/debian/apache2.2-common.lintian-overrides +++ apache2-2.2.14/debian/apache2.2-common.lintian-overrides @@ -0,0 +1,3 @@ +apache2.2-common: setuid-binary usr/lib/apache2/suexec 4754 root/www-data +apache2.2-common: non-standard-dir-perm var/log/apache2/ 0750 != 0755 +apache2.2-common: package-contains-empty-directory usr/lib/cgi-bin/ --- apache2-2.2.14.orig/debian/apache2-doc.conf +++ apache2-2.2.14/debian/apache2-doc.conf @@ -0,0 +1,10 @@ +Alias /manual /usr/share/doc/apache2-doc/manual/ + + + Options Indexes FollowSymlinks + AllowOverride None + Order allow,deny + Allow from all + AddDefaultCharset off + + --- apache2-2.2.14.orig/debian/apache2.2-common.bug-control +++ apache2-2.2.14/debian/apache2.2-common.bug-control @@ -0,0 +1 @@ +package-status: apache2-mpm-prefork apache2-mpm-worker apache2-mpm-event apache2-mpm-itk --- apache2-2.2.14.orig/debian/apache2.2-common.bug-script +++ apache2-2.2.14/debian/apache2.2-common.bug-script @@ -0,0 +1,45 @@ +#!/usr/bin/perl -w + +use strict; +use Text::Wrap; +$Text::Wrap::columns = 70; + +open (my $out, ">&=3") or die "could not open FD 3\n"; + +my $apache = ". /etc/apache2/envvars && /usr/sbin/apache2"; +my $res = `$apache -t 2>&1`; +my @modules; +if ($res !~ "Syntax OK") { + # if we are not root, syntax check will fail because ssl private keys + # are not readable + print $out "Config file syntax check failed.\n" if $> == 0; + @modules = sort glob("/etc/apache2/mods-enabled/*.load"); + map { s{^/etc/apache2/mods-enabled/(.*)\.load$}{$1} } @modules; + print $out "List of /etc/apache2/mods-enabled/*.load:\n"; +} +else { + @modules = sort `$apache -M 2>&1`; + @modules = map { /^ (.*)_module \(shared\)/ ? ($1) : () } @modules; + print $out "List of enabled modules from 'apache2 -M':\n"; +} +if (! scalar @modules) { + print $out "Could not determine module list\n"; +} +else { + my $missing; + foreach my $m (@modules) { + if (-e "/etc/apache2/mods-available/$m.conf" and + ! -e "/etc/apache2/mods-enabled/$m.conf") { + $m .= "*"; + $missing = 1; + } + } + + print $out wrap(" ", " ", "@modules\n"); + + print $out + wrap(" ", " ", + "(A * means that the .conf file for that module is not " . + "enabled in /etc/apache2/mods-enabled/)\n") + if $missing; +} --- apache2-2.2.14.orig/debian/apache2-suexec-custom.lintian-overrides +++ apache2-2.2.14/debian/apache2-suexec-custom.lintian-overrides @@ -0,0 +1 @@ +setuid-binary usr/lib/apache2/suexec 4754 root/www-data --- apache2-2.2.14.orig/debian/apache2.2-common.links +++ apache2-2.2.14/debian/apache2.2-common.links @@ -0,0 +1,3 @@ +usr/sbin/a2enmod usr/sbin/a2dismod +usr/sbin/a2enmod usr/sbin/a2ensite +usr/sbin/a2enmod usr/sbin/a2dissite --- apache2-2.2.14.orig/debian/split-logfile.8 +++ apache2-2.2.14/debian/split-logfile.8 @@ -0,0 +1,21 @@ +.TH "SPLIT-LOGFILE" 8 "2009-12-06" "Apache HTTP Server" "split-logfile" + +.SH NAME +split-logfile - Split combined virtual hosts access log into one file per virtual host + +.SH "SYNOPSIS" + +.PP +\fBsplit-logfile\fR < \fIlogfile\fR + +.SH "SUMMARY" + +.PP +This script will take a combined Web server access log file and break its contents into separate files. +It assumes that the first field of each line is the virtual host identity (put there by "%v"), and that the logfiles should be named that+".log" in the current directory. + +The combined log file is read from stdin. +Records read will be appended to any existing log files. + +.SH "EXAMPLES" +split-logfile < /var/log/apache2/other_vhosts_access.log --- apache2-2.2.14.orig/debian/copyright +++ apache2-2.2.14/debian/copyright @@ -0,0 +1,546 @@ +This package was debianized by Thom May on +Tues, 8 Feb 2005 16:00:00 +0000. + +It was downloaded from http://httpd.apache.org/download.cgi + +Upstream Authors: + The Apache Software Foundation - http://httpd.apache.org + For apache2-mpm-itk: + Steinar H. Gunderson + Knut Auvor Grythe + +Copyright: + +Licensed to the Apache Software Foundation (ASF) under one or more contributor +license agreements. The ASF licenses this work to You under the Apache License, +Version 2.0 (the "License"); you may not use this work except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +On a Debian system, the license can be found at +/usr/share/common-licenses/Apache-2.0 . + +APACHE2-MPM-ITK: + +apache2-mpm-itk is copyright Steinar H. Gunderson +and Knut Auvor Grythe , and is provided under the same license +as the Apache web server. + +Get the latest version at http://mpm-itk.sesse.net/ . + +APACHE HTTP SERVER SUBCOMPONENTS: + +The Apache HTTP Server includes a number of subcomponents with +separate copyright notices and license terms. Your use of the source +code for the these subcomponents is subject to the terms and +conditions of the following licenses. + +For the mod_mime_magic component: + +/* + * mod_mime_magic: MIME type lookup via file magic numbers + * Copyright (c) 1996-1997 Cisco Systems, Inc. + * + * This software was submitted by Cisco Systems to the Apache Group in July + * 1997. Future revisions and derivatives of this source code must + * acknowledge Cisco Systems as the original contributor of this module. + * All other licensing and usage conditions are those of the Apache Group. + * + * Some of this code is derived from the free version of the file command + * originally posted to comp.sources.unix. Copyright info for that program + * is included below as required. + * --------------------------------------------------------------------------- + * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin. + * + * This software is not subject to any license of the American Telephone and + * Telegraph Company or of the Regents of the University of California. + * + * Permission is granted to anyone to use this software for any purpose on any + * computer system, and to alter it and redistribute it freely, subject to + * the following restrictions: + * + * 1. The author is not responsible for the consequences of use of this + * software, no matter how awful, even if they arise from flaws in it. + * + * 2. The origin of this software must not be misrepresented, either by + * explicit claim or by omission. Since few users ever read sources, credits + * must appear in the documentation. + * + * 3. Altered versions must be plainly marked as such, and must not be + * misrepresented as being the original software. Since few users ever read + * sources, credits must appear in the documentation. + * + * 4. This notice may not be removed or altered. + * ------------------------------------------------------------------------- + * + */ + +For the file /etc/apache2/magic (taken from the package file 4.17-5etch3): + +Copyright (c) Ian F. Darwin 1986, 1987, 1989, 1990, 1991, 1992, 1994, 1995. +Software written by Ian F. Darwin and others; +maintained 1994-2004 Christos Zoulas. + +This software is not subject to any export provision of the United States +Department of Commerce, and may be exported to any country or planet. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice immediately at the beginning of the file, without modification, + this list of conditions, and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + +For the modules\mappers\mod_imap.c component: + + "macmartinized" polygon code copyright 1992 by Eric Haines, erich@eye.com + +For the server\util_md5.c component: + +/************************************************************************ + * NCSA HTTPd Server + * Software Development Group + * National Center for Supercomputing Applications + * University of Illinois at Urbana-Champaign + * 605 E. Springfield, Champaign, IL 61820 + * httpd@ncsa.uiuc.edu + * + * Copyright (C) 1995, Board of Trustees of the University of Illinois + * + ************************************************************************ + * + * md5.c: NCSA HTTPd code which uses the md5c.c RSA Code + * + * Original Code Copyright (C) 1994, Jeff Hostetler, Spyglass, Inc. + * Portions of Content-MD5 code Copyright (C) 1993, 1994 by Carnegie Mellon + * University (see Copyright below). + * Portions of Content-MD5 code Copyright (C) 1991 Bell Communications + * Research, Inc. (Bellcore) (see Copyright below). + * Portions extracted from mpack, John G. Myers - jgm+@cmu.edu + * Content-MD5 Code contributed by Martin Hamilton (martin@net.lut.ac.uk) + * + */ + + +/* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */ +/* (C) Copyright 1993,1994 by Carnegie Mellon University + * All Rights Reserved. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without + * fee, provided that the above copyright notice appear in all copies + * and that both that copyright notice and this permission notice + * appear in supporting documentation, and that the name of Carnegie + * Mellon University not be used in advertising or publicity + * pertaining to distribution of the software without specific, + * written prior permission. Carnegie Mellon University makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied + * warranty. + * + * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE + * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore) + * + * Permission to use, copy, modify, and distribute this material + * for any purpose and without fee is hereby granted, provided + * that the above copyright notice and this permission notice + * appear in all copies, and that the name of Bellcore not be + * used in advertising or publicity pertaining to this + * material without the specific, prior written permission + * of an authorized representative of Bellcore. BELLCORE + * MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY + * OF THIS MATERIAL FOR ANY PURPOSE. IT IS PROVIDED "AS IS", + * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. + */ + +For the srclib\apr\include\apr_md5.h component: +/* + * This is work is derived from material Copyright RSA Data Security, Inc. + * + * The RSA copyright statement and Licence for that original material is + * included below. This is followed by the Apache copyright statement and + * licence for the modifications made to that material. + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + rights reserved. + + License to copy and use this software is granted provided that it + is identified as the "RSA Data Security, Inc. MD5 Message-Digest + Algorithm" in all material mentioning or referencing this software + or this function. + + License is also granted to make and use derivative works provided + that such works are identified as "derived from the RSA Data + Security, Inc. MD5 Message-Digest Algorithm" in all material + mentioning or referencing the derived work. + + RSA Data Security, Inc. makes no representations concerning either + the merchantability of this software or the suitability of this + software for any particular purpose. It is provided "as is" + without express or implied warranty of any kind. + + These notices must be retained in any copies of any part of this + documentation and/or software. + */ + +For the srclib\apr\passwd\apr_md5.c component: + +/* + * This is work is derived from material Copyright RSA Data Security, Inc. + * + * The RSA copyright statement and Licence for that original material is + * included below. This is followed by the Apache copyright statement and + * licence for the modifications made to that material. + */ + +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + rights reserved. + + License to copy and use this software is granted provided that it + is identified as the "RSA Data Security, Inc. MD5 Message-Digest + Algorithm" in all material mentioning or referencing this software + or this function. + + License is also granted to make and use derivative works provided + that such works are identified as "derived from the RSA Data + Security, Inc. MD5 Message-Digest Algorithm" in all material + mentioning or referencing the derived work. + + RSA Data Security, Inc. makes no representations concerning either + the merchantability of this software or the suitability of this + software for any particular purpose. It is provided "as is" + without express or implied warranty of any kind. + + These notices must be retained in any copies of any part of this + documentation and/or software. + */ +/* + * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0 + * MD5 crypt() function, which is licenced as follows: + * ---------------------------------------------------------------------------- + * "THE BEER-WARE LICENSE" (Revision 42): + * wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you think + * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp + * ---------------------------------------------------------------------------- + */ + +For the srclib\apr-util\crypto\apr_md4.c component: + + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + * rights reserved. + * + * License to copy and use this software is granted provided that it + * is identified as the "RSA Data Security, Inc. MD4 Message-Digest + * Algorithm" in all material mentioning or referencing this software + * or this function. + * + * License is also granted to make and use derivative works provided + * that such works are identified as "derived from the RSA Data + * Security, Inc. MD4 Message-Digest Algorithm" in all material + * mentioning or referencing the derived work. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + +For the srclib\apr-util\include\apr_md4.h component: + + * + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + * rights reserved. + * + * License to copy and use this software is granted provided that it + * is identified as the "RSA Data Security, Inc. MD4 Message-Digest + * Algorithm" in all material mentioning or referencing this software + * or this function. + * + * License is also granted to make and use derivative works provided + * that such works are identified as "derived from the RSA Data + * Security, Inc. MD4 Message-Digest Algorithm" in all material + * mentioning or referencing the derived work. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + + +For the srclib\apr-util\test\testdbm.c component: + +/* ==================================================================== + * The Apache Software License, Version 1.1 + * + * Copyright (c) 2000-2002 The Apache Software Foundation. All rights + * reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, + * if any, must include the following acknowledgment: + * "This product includes software developed by the + * Apache Software Foundation (http://www.apache.org/)." + * Alternately, this acknowledgment may appear in the software itself, + * if and wherever such third-party acknowledgments normally appear. + * + * 4. The names "Apache" and "Apache Software Foundation" must + * not be used to endorse or promote products derived from this + * software without prior written permission. For written + * permission, please contact apache@apache.org. + * + * 5. Products derived from this software may not be called "Apache", + * nor may "Apache" appear in their name, without prior written + * permission of the Apache Software Foundation. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * . + * + * This file came from the SDBM package (written by oz@nexus.yorku.ca). + * That package was under public domain. This file has been ported to + * APR, updated to ANSI C and other, newer idioms, and added to the Apache + * codebase under the above copyright and license. + */ + + +For the srclib\apr-util\test\testmd4.c component: + + * + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All + * rights reserved. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + +For the srclib\apr-util\xml\expat\conftools\install-sh component: + +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# + +For the srclib\pcre\install-sh component: + +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. + +For the pcre component: + +PCRE LICENCE +------------ + +PCRE is a library of functions to support regular expressions whose syntax +and semantics are as close as possible to those of the Perl 5 language. + +Written by: Philip Hazel + +University of Cambridge Computing Service, +Cambridge, England. Phone: +44 1223 334714. + +Copyright (c) 1997-2001 University of Cambridge + +Permission is granted to anyone to use this software for any purpose on any +computer system, and to redistribute it freely, subject to the following +restrictions: + +1. This software is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +2. The origin of this software must not be misrepresented, either by + explicit claim or by omission. In practice, this means that if you use + PCRE in software which you distribute to others, commercially or + otherwise, you must put a sentence like this + + Regular expression support is provided by the PCRE library package, + which is open source software, written by Philip Hazel, and copyright + by the University of Cambridge, England. + + somewhere reasonably visible in your documentation and in any relevant + files or online help data or similar. A reference to the ftp site for + the source, that is, to + + ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ + + should also be given in the documentation. + +3. Altered versions must be plainly marked as such, and must not be + misrepresented as being the original software. + +4. If PCRE is embedded in any software that is released under the GNU + General Purpose Licence (GPL), or Lesser General Purpose Licence (LGPL), + then the terms of that licence shall supersede any condition above with + which it is incompatible. + +The documentation for PCRE, supplied in the "doc" directory, is distributed +under the same terms as the software itself. + +End PCRE LICENCE + +Note: The various versions of the GPL and the LGPL can be found in +/usr/share/common-licenses/. + +For the test\zb.c component: + +/* ZeusBench V1.01 + =============== + +This program is Copyright (C) Zeus Technology Limited 1996. + +This program may be used and copied freely providing this copyright notice +is not removed. + +This software is provided "as is" and any express or implied waranties, +including but not limited to, the implied warranties of merchantability and +fitness for a particular purpose are disclaimed. In no event shall +Zeus Technology Ltd. be liable for any direct, indirect, incidental, special, +exemplary, or consequential damaged (including, but not limited to, +procurement of substitute good or services; loss of use, data, or profits; +or business interruption) however caused and on theory of liability. Whether +in contract, strict liability or tort (including negligence or otherwise) +arising in any way out of the use of this software, even if advised of the +possibility of such damage. + + Written by Adam Twiss (adam@zeus.co.uk). March 1996 + +Thanks to the following people for their input: + Mike Belshe (mbelshe@netscape.com) + Michael Campanella (campanella@stevms.enet.dec.com) + +*/ + +For the expat xml parser component: + +Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd + and Clark Cooper + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +==================================================================== + +OpenDocument icons: +------------------- + +These icons are copyright of Pete Harlow and licensed under the Apache +license. See +https://bugs.edge.launchpad.net/ubuntu/+source/apache2/+bug/130836 +http://www.catnip.co.uk/opendocument/icons/#apache --- apache2-2.2.14.orig/debian/apache2.2-common.ufw.profile +++ apache2-2.2.14/debian/apache2.2-common.ufw.profile @@ -0,0 +1,14 @@ +[Apache] +title=Web Server +description=Apache v2 is the next generation of the omnipresent Apache web server. +ports=80/tcp + +[Apache Secure] +title=Web Server (HTTPS) +description=Apache v2 is the next generation of the omnipresent Apache web server. +ports=443/tcp + +[Apache Full] +title=Web Server (HTTP,HTTPS) +description=Apache v2 is the next generation of the omnipresent Apache web server. +ports=80,443/tcp --- apache2-2.2.14.orig/debian/mpms.lintian-overrides +++ apache2-2.2.14/debian/mpms.lintian-overrides @@ -0,0 +1,2 @@ +binary-without-manpage usr/sbin/apache2 +debug-package-should-be-named-dbg usr/lib/debug/usr/ --- apache2-2.2.14.orig/debian/apache2.2-bin.install +++ apache2-2.2.14/debian/apache2.2-bin.install @@ -0,0 +1,2 @@ +usr/lib/apache2/modules +usr/sbin/httxt2dbm --- apache2-2.2.14.orig/debian/apache2.links +++ apache2-2.2.14/debian/apache2.links @@ -0,0 +1 @@ +usr/share/bug/apache2.2-common/script usr/share/bug/apache2/script --- apache2-2.2.14.orig/debian/mpms.prerm +++ apache2-2.2.14/debian/mpms.prerm @@ -0,0 +1,27 @@ +#!/bin/sh -e + +# Apache2 prerm +# Thom May + +case "$1" in + upgrade|remove) + if [ -x "/etc/init.d/apache2" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d apache2 stop || true + else + /etc/init.d/apache2 stop || true + fi + fi + sleep 2 + ;; + deconfigure|failed-upgrade) + ;; + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 --- apache2-2.2.14.orig/debian/changelog +++ apache2-2.2.14/debian/changelog @@ -0,0 +1,2650 @@ +apache2 (2.2.14-5ubuntu8) lucid; urgency=low + + * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so + (LP: #562370) + + -- Chuck Short Tue, 13 Apr 2010 15:09:57 -0400 + +apache2 (2.2.14-5ubuntu7) lucid; urgency=low + + * debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory + leaks by making sure to not destroy bucket brigades that have been created + by earlier filters. Backported from 2.2.15. + * debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server + has reached MaxClients until it has. Backported from 2.2.15 + * debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf + more secure by adding Satisfy all. (Debian bug: #572075) + * debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch, + debian/config2-dir/mods-available/reqtimeout.load, + debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the + mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris + bug in apache. Enable it by default. (LP: #392759) + + -- Chuck Short Mon, 05 Apr 2010 09:53:35 -0400 + +apache2 (2.2.14-5ubuntu6) lucid; urgency=low + + * debian/apache2.2-common.apache2.init: Fix thinko. (LP: #551681) + + -- Chuck Short Tue, 30 Mar 2010 09:41:11 -0400 + +apache2 (2.2.14-5ubuntu5) lucid; urgency=low + + * Revert 99-fix-mod-dav-permissions.dpatch + + -- Chuck Short Tue, 30 Mar 2010 07:55:46 -0400 + +apache2 (2.2.14-5ubuntu4) lucid; urgency=low + + * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix permisisons when + downloading files from webdav (LP: #540747) + * debian/apache2.2-common.apache2.init: Add graceful restart (LP: #456381) + + -- Chuck Short Mon, 29 Mar 2010 13:37:39 -0400 + +apache2 (2.2.14-5ubuntu3) lucid; urgency=low + + * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp + - debian/patches/204_CVE-2010-0408.dpatch: return the right error code + in modules/proxy/mod_proxy_ajp.c. + - CVE-2010-0408 + * SECURITY UPDATE: information disclosure via improper handling of + headers in subrequests + - debian/patches/205_CVE-2010-0434.dpatch: use a copy of r->headers_in + in server/protocol.c. + - CVE-2010-0434 + + -- Marc Deslauriers Wed, 10 Mar 2010 14:48:48 -0500 + +apache2 (2.2.14-5ubuntu2) lucid; urgency=low + + * debian/patches/203_fix-ab-segfault.dpatch: Fix segfaulting ab when using really + wacky options. (LP: #450501) + + -- Chuck Short Mon, 08 Mar 2010 14:53:17 -0500 + +apache2 (2.2.14-5ubuntu1) lucid; urgency=low + + * Merge from debian testing. Remaining changes: LP: #506862 + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree. + + -- Bhavani Shankar Wed, 13 Jan 2010 14:28:41 +0530 + +apache2 (2.2.14-5) unstable; urgency=low + + * Security: Further mitigation for the TLS renegotation attack + (CVE-2009-3555): Disable keep-alive if parts of the next request have + already been received when doing a renegotiation. This defends against + some request splicing attacks. + * Print a useful error message if 'apache2ctl status' fails. Add a comment + to /etc/apache2/envvars on how to change the options for www-browser. + Closes: #561496, #272069 + * Improve function to detect apache2 pid in init-script (closes: #562583). + * Add hint README.Debian on how to pass auth info to CGI scripts. + Closes: #483219 + * Re-introduce objcopy magic to avoid dangling symlinks to the debug info + in the mpm packages. Closes: #563278 + * Make apxs2 use a2enmod and /etc/apache2/mods-available. Closes: #470178, + LP: #500703 + * Point to README.backtrace in apache2-dbg's description. + * Use more debhelper functions to simplify debian/rules. + * Add misc-depends to various packages to make lintian happy. + * Change build-dep from libcap2-dev to libcap-dev because of package rename. + + -- Stefan Fritsch Sat, 02 Jan 2010 22:44:15 +0100 + +apache2 (2.2.14-4ubuntu1) lucid; urgency=low + + * Resynchronzie with Debian, remaining changes are: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles. + - debian/control: Add bzr tag and point it to our tree. + + -- Chuck Short Wed, 23 Dec 2009 14:44:51 -0500 + +apache2 (2.2.14-4) unstable; urgency=low + + * Disable localized error pages again by default because they break + configurations with " SetHandler ...". A workaround is + described in the comments in /etc/apache2/conf.d/localized-error-pages + (closes: #543333). + * mod_rewrite: Fix URLs in redirects with literal IPv6 hosts + (closes: #557015). + * Automatically listen on port 443 if mod_gnutls is loaded (closes: #558234). + * Add man page for split-logfile. + * Link with -lcrypt where necessary to fix a FTBFS with binutils-gold + (closes: #553946). + + -- Stefan Fritsch Sun, 13 Dec 2009 20:05:37 +0100 + +apache2 (2.2.14-3) unstable; urgency=low + + * Backport various mod_dav/mod_dav_fs fixes from upstream trunk svn. This + includes: + - Make PUT replace files atomically (closes: #525137). + - Make MOVE not delete the destination if the source file disappeared in + the meantime (closes: #273476). + NOTE: The format of the DavLockDB has changed. The default DavLockDB will + be deleted on upgrade. Non-default DavLockDBs should be deleted manually. + * Fix output of "/etc/init.d/apache2 status" (closes: #555687). + * Update the comment about SNI in ports.conf (closes: #556932). + * Set redirect-carefully for Konqueror/4. + + -- Stefan Fritsch Sat, 21 Nov 2009 10:20:54 +0100 + +apache2 (2.2.14-2) unstable; urgency=medium + + * Security: + Reject any client-initiated SSL/TLS renegotiations. This is a partial fix + for the TLS renegotiation prefix injection attack (CVE-2009-3555). + Any configuration which requires renegotiation for per-directory/location + access control is still vulnerable. + * Allow RemoveType to override the types from /etc/mime.types. This allows + to use .es and .tr for Spanish and Turkish files in mod_negotiation. + Closes: #496080 + * Fix 'CacheEnable disk http://'. Closes: #442266 + * Fix missing dependency by changing killall to pkill in the init script. + LP: #460692 + * Add X-Interactive header to init script as it may ask for the ssl key + passphrase. Closes: #554824 + * Move httxt2dbm man page into apache2.2-bin, which includes httxt2dbm, too. + * Enable keepalive for MSIE 7 and newer in default-ssl site and README.Debian + + -- Stefan Fritsch Sat, 07 Nov 2009 14:37:37 +0100 + +apache2 (2.2.14-1ubuntu1) lucid; urgency=low + + * Merge from debian testing, remaining changes: + - debian/{control, rules}: Enable PIE hardening. + - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles. + - debian/conrol: Add bzr tag and point it to our tree. + - Dropped debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: + Already applied upstream. + + -- Chuck Short Fri, 06 Nov 2009 00:29:03 +0000 + +apache2 (2.2.14-1) unstable; urgency=low + + * New upstream version: + - new module mod_proxy_scgi + * Disable hardening option -pie again, as gdb in Debian does not support + it properly and it is broken on mips*. + + -- Stefan Fritsch Tue, 29 Sep 2009 20:55:05 +0200 + +apache2 (2.2.13-2) unstable; urgency=high + + * mod_proxy_ftp security fixes (closes: #545951): + - DoS by malicious ftp server (CVE-2009-3094) + - missing input sanitization: a user could execute arbitrary ftp commands + on the backend ftp server (CVE-2009-3095) + * Add entries to NEWS.Debian and README.Debian about Apache being stricter + about certain misconfigurations involving name based SSL virtual hosts. + Also make Apache print the location of the misconfigured VirtualHost when + it complains about a missing SSLCertificateFile statement. Closes: #541607 + * Add Build-Conflicts: autoconf2.13 (closes: #541536). + * Adjust priority of apache2-mpm-itk to extra. + * Switch apache2.2-common and the four mpm packages from architecture all to + any. This is stupid but makes apache2 binNMUable again (closes: #544509). + * Bump Standards-Version (no changes). + + -- Stefan Fritsch Wed, 16 Sep 2009 20:55:02 +0200 + +apache2 (2.2.13-1) unstable; urgency=low + + * New upstream release: + - Fixes segfault with mod_deflate and mod_php (closes: #542623). + + -- Stefan Fritsch Mon, 31 Aug 2009 20:28:56 +0200 + +apache2 (2.2.12-1ubuntu2) karmic; urgency=low + + * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: + - Fix potential segfaults with the use of the legacy ap_rputs() etc + interfaces, in cases where an output filter fails. This happens + frequently after CVE-2009-1891 got fixed. (LP: #409987) + + -- Marc Deslauriers Mon, 17 Aug 2009 15:38:47 -0400 + +apache2 (2.2.12-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/{control,rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + - Dropped debian/patches/203_fix-ssl-timeftm-ignored.dpatch. + + -- Chuck Short Tue, 04 Aug 2009 20:04:24 +0100 + +apache2 (2.2.12-1) unstable; urgency=low + + * New upstream release: + - Adds support for TLS Server Name Indication (closes: #461917 LP: #184131). + (The Debian default configuration will be changed to use SNI in a later + version.) + - Fixes timefmt config in SSI (closes: #363964). + - mod_ssl: Adds SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives + to enable stricter checking of remote server certificates. + * Make mod_deflate not compress the content for HEAD requests. This is a + similar issue as CVE-2009-1891. + * Enable hardening compile options. + * Switch default LogFormat from %b (size of file sent) to %O (bytes actually + sent) (closes: #272476 LP: #255124) + * Add the default LANG=C to /etc/apache2/envvars and document it in + README.Debian (closes: #511878). + * Enable localized error pages by default if the necessary modules are + loaded. Move the config for it from apache2.conf to + /etc/apache2/conf.d/localized-error-pages (closes: #467004). Clarify the + required order of the aliases in the comment (closes: #196795). + * Change default for ServerTokens to 'OS', to not announce the exact module + versions to the world (LP: #205996) + * Make a2ensite and friends ignore the same filenames as apache does for + included config files, even if LANG is not C. + * Merge source packages apache2 and apache2-mpm-itk (current itk version is + 2.2.11-02). This removes the binNMU mess necessary for every apache2 upload + (closes: #500885, #512084). Add Steinar to Uploaders. Remove apache2-src + package, which is no longer necessary. + * Ship our own version of the magic config file (taken from file 4.17-5etch3) + which is still compatible with mod_mime_magic (closes: #483111). + * Add ThreadLimit to the default config and put ThreadsPerChild and + MaxClients into the correct order so that Apache does not complain + (closes: #495656). + Also add a configuration block for the event MPM in apache2.conf. + * Fix HTTP PUT with mod_dav failing to detect an aborted connection + (closes: #451563). + * Change references to httpd.conf in apache2-doc to apache2.conf + (closes: #465393). + * Clarify the recommended permissions for SSL certificates in README.Debian + (closes: #512778). + * Document in README.Debian how to name files in conf.d to avoid conflicts + with packages (closes: #493252) + * Remove 2.0 -> 2.2 upgrade logic from maintainer scripts. + * Remove other_vhosts_access.log on package purge. + + -- Stefan Fritsch Tue, 04 Aug 2009 11:02:34 +0200 + +apache2 (2.2.11-7ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: LP: #398130 + - debian/patches/203_fix-ssl-timeftm-ignored.dpatch: + Fix timefmt is ignored when XBitHack is on. (LP: #258914) + - debian/{control,rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Bhavani Shankar Sat, 11 Jul 2009 16:34:32 +0530 + +apache2 (2.2.11-7) unstable; urgency=low + + * Security fixes: + - CVE-2009-1890: denial of service in mod_proxy + - CVE-2009-1891: denial of service in mod_deflate (closes: #534712) + * Add symlinks for the debug info to the mpm packages. + * Be slightly more informative in the default index.html without pointing + to Apache or Debian (LP: #89364) + * Remove dependency on net-tools, which is no longer necessary + (closes: #535849) + * Bump Standards-Version (no changes) + + -- Stefan Fritsch Fri, 10 Jul 2009 22:42:57 +0200 + +apache2 (2.2.11-6ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/patches/203_fix-ssl-timeftm-ignored.dpatch: + Fix timefmt is ignored when XBitHack is on. (LP: #258914) + - debian/{control,rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Chuck Short Tue, 09 Jun 2009 01:01:23 +0100 + +apache2 (2.2.11-6) unstable; urgency=high + + * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server + Side Includes (closes: #530834). + * Fix postinst scripts (closes: #532278). + + -- Stefan Fritsch Mon, 08 Jun 2009 19:22:58 +0200 + +apache2 (2.2.11-5ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/patches/203_fix-ssi-timeftm-ignored.dpatch: + Fix timefmt is ignored when XBitHack is on. (LP: #258914) + - debian/{control,rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Andrew Mitchell Wed, 03 Jun 2009 14:10:54 +1200 + +apache2 (2.2.11-5) unstable; urgency=low + + * Move all binaries into a new package apache2.2-bin and make + apache2.2-common depend on it. This allows to + - run apache as user process only, e.g. with gnome-user-share. + Closes: #468690 + - run multiple instances of apache with different MPMs. This configuration + is not supported in any way, though. Closes: #517572 + * Switch to debhelper compatibility level 7 and remove some code duplication + in debian/rules. + * Override some Lintian warnings about old autotools helper files and being + not binNMUable (apache2 is not binNMUable anyway, because of the + apache2 <-> apache2-mpm-itk dependency). + + -- Stefan Fritsch Fri, 22 May 2009 19:30:20 +0200 + +apache2 (2.2.11-4) unstable; urgency=low + + [ Stefan Fritsch ] + * Disable TRACE method by default (closes: #492130). + * Compress some more mime types with mod_deflate by default. This may cause + problems with MSIE 6, but that browser should now be considered obsolete. + Closes: #397526, #521209 + * Various backports from upstream svn branches/2.2.x: + - CVE-2009-1191: mod_proxy_ajp: Avoid delivering content from a previous + request which failed to send a request body + - Fix FollowSymlinks / SymlinksIfOwnerMatch ignored with + server-side-includes PR 45959 (closes: #524474) + - Fix mod_rewrite "B" flag breakage PR 45529 (closes: #524268) + - Fix mod_deflate etag handling PR 45023 (LP: #358314) + - Fix mod_ldap segfault if LDAP initialization failed PR 45994 + * Allow apache2-mpm-itk as alternate dependency in apache2 meta package + (closes: #527225). + * Fix some misuse of command substitution in the init script. Thanks to + Jari Aalto for the patch. (Closes: #523398) + * Extend the gnome-vfs DAV workaround to gvfs (closes: #522845). + * Add more info to check_forensic man page (closes: #528424). + * Make "apache2ctl help" point to help on apache2 args (closes: #528425). + * Lintian warnings: + - fix spelling error in apache2-utils description + - tweak debian/copyright to make lintian not complain about pointers to GPL + - bump standards-version (no changes) + + [ Peter Samuelson ] + * Adjust sections to match recent ftpmaster overrides. + + -- Stefan Fritsch Tue, 19 May 2009 22:55:27 +0200 + +apache2 (2.2.11-3ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/patches/203_fix-ssi-timeftm-ignored.dpatch: + Fix timefmt is ignored when XBitHack is on. (LP: #258914) + - debian/{control,rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Andrew Mitchell Tue, 12 May 2009 16:15:34 +1200 + +apache2 (2.2.11-3) unstable; urgency=low + + * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap + (see #521899). This also creates the dependencies on the new external + libaprutil1-dbd-* and libaprutil1-ldap packages. + + -- Stefan Fritsch Tue, 31 Mar 2009 21:07:26 +0200 + +apache2 (2.2.11-2ubuntu2) jaunty; urgency=low + + * debian/patches/203_fix-ssi-timeftm-ignored.dpatch: + Fix timefmt is ignored when XBitHack is on. (LP: #258914) + + -- Chuck Short Wed, 01 Apr 2009 11:39:17 -0400 + +apache2 (2.2.11-2ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/{contro,rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Chuck Short Sat, 17 Jan 2009 00:02:55 +0000 + +apache2 (2.2.11-2) unstable; urgency=low + + * Report an error instead instead of segfaulting when apr_pollset_create + fails (PR 46467). On Linux kernels since 2.6.27.8, the value in + /proc/sys/fs/epoll/max_user_instances needs to be larger than twice the + value of MaxClients in the Apache configuration. Closes: #511103 + + -- Stefan Fritsch Fri, 16 Jan 2009 19:01:59 +0100 + +apache2 (2.2.11-1ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/{control, rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Chuck Short Mon, 15 Dec 2008 00:06:50 +0000 + +apache2 (2.2.11-1) unstable; urgency=low + + [Thom May] + * New Upstream Version (Closes: #508186, LP: #307397) + - Contains rewritten shmcb code which should fix alignment problems on + alpha (Closes: #419720). + - Notable new features: chroot support, mod_proxy improvements. + + [Ryan Niebur] + * fix segfault in ab when being verbose on ssl sites (Closes: #495982) + * remove trailing slash for DocumentRoot (Closes: #495110) + + -- Stefan Fritsch Sun, 14 Dec 2008 09:34:24 +0100 + +apache2 (2.2.9-11ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: (LP: #303375) + - debian/{control, rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Bhavani Shankar Sat, 29 Nov 2008 14:02:31 +0530 + +apache2 (2.2.9-11) unstable; urgency=low + + * Regression fix from upstream svn for mod_proxy: + Prevent segmentation faults by correctly adjusting the lifetime of the + buckets read from the proxy backend. PR 45792 + * Fix from upstream svn for mpm_worker: + Crosscheck that idle workers are still available before using them and + thus preventing an overflow of the worker queue which causes a SegFault. + PR 45605 + * Add a comment to ports.conf to point to NEWS.Debian.gz in case of + upgrading problems. + + -- Stefan Fritsch Wed, 26 Nov 2008 23:10:22 +0100 + +apache2 (2.2.9-10ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/{control, rules}: enable PIE hardening. + - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. + + -- Chuck Short Wed, 05 Nov 2008 02:23:18 -0400 + +apache2 (2.2.9-10) unstable; urgency=low + + * Regression fix from upstream svn for mod_proxy_http: + Don't trigger a retry by the client if a failure to read the response line + was the result of a timeout. + + -- Stefan Fritsch Wed, 01 Oct 2008 11:50:18 +0200 + +apache2 (2.2.9-9) unstable; urgency=medium + + * Revert the attempted fix for #496080 because it did not work due to + upstream PR 38330. Instead, document the problem and possible workarounds + in README.Debian. + + -- Stefan Fritsch Fri, 12 Sep 2008 11:39:15 +0200 + +apache2 (2.2.9-8) unstable; urgency=low + + * Fix Spanish language support which was broken by .es being added to + /etc/mime.types for application/ecmascript. (Closes: #496080) + * Correct description of ServerTokens in /etc/apache2/conf.d/security. + (Closes: #497362) + * Clarify how to use apache2ctl to pass arbitrary arguments to + apache2. (LP: #259363) + * Add hints to README.Debian about the messages + "NameVirtualHost *:80 has no VirtualHosts" and + "File does not exist: /htdocs". + + -- Stefan Fritsch Thu, 11 Sep 2008 09:17:33 +0200 + +apache2 (2.2.9-7ubuntu3) intrepid; urgency=low + + * Revert logrotate change since it will break it for everyone. + + -- Chuck Short Fri, 19 Sep 2008 09:32:01 -0400 + +apache2 (2.2.9-7ubuntu2) intrepid; urgency=low + + * debian/logrotate: Restart rather than reload for busy websites. + (LP: #270899) + + -- Chuck Short Thu, 18 Sep 2008 08:42:22 -0400 + +apache2 (2.2.9-7ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/{control,rules}: enable PIE hardening. + - debian/{control,rules,apache2.2-common.ufw.profile}: add ufw profiles. + + -- Kees Cook Thu, 28 Aug 2008 08:10:59 -0700 + +apache2 (2.2.9-7) unstable; urgency=low + + * Fix XSS in mod_proxy_ftp (CVE-2008-2939). + * Fix mod_proxy_http losing the query string with noescape (PR 45247). + * Make the balancer manager work in Opera and MSIE (PR 45578). + * Fix mod_headers "edit" removing multiple headers with the same name (PR + 45333). + * Also describe how to get a backtrace from a running process in + README.backtrace. + + -- Stefan Fritsch Fri, 08 Aug 2008 19:27:40 +0200 + +apache2 (2.2.9-6) unstable; urgency=high + + * Urgency high for RC bug fix. + * Fix SIGBUS on SPARC by preventing gcc from optimizing some memcpy calls + away. (Closes: #485525) + + -- Stefan Fritsch Sun, 20 Jul 2008 10:17:19 +0200 + +apache2 (2.2.9-5) unstable; urgency=medium + + * Urgency medium to get this into testing before the freeze. + * Remove IPv6 patch that was necessary for very old kernels but creates + problems on systems with current kernels and net.ipv6.bindv6only = 1. + Apache will now always create its sockets with IPV6_V6ONLY set to 0. + (Closes: #391280) + + -- Stefan Fritsch Mon, 07 Jul 2008 21:20:48 +0200 + +apache2 (2.2.9-4) unstable; urgency=low + + * Make postinst more quiet. (Closes: #489153) + * Add Turkish language support. (Closes: #489224) + * Remove duplicate comments in sites-available/default-ssl. (Closes: #489383) + * Describe in NEWS.Debian how to revert to the old NameVirtualHost config. + (Closes: #489215) + * Redirect apache2 bug reports to apache2.2-common, to get useful dependency + information. + + -- Stefan Fritsch Sun, 06 Jul 2008 10:38:37 +0200 + +apache2 (2.2.9-3ubuntu2) intrepid; urgency=low + + * add ufw integration (see + https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages) + (LP: #261198) + - debian/control: suggest ufw for apache2.2-common + - add apache2.2-common.ufw.profile with 3 profiles and install it to + /etc/ufw/applications.d/apache2.2-common + + -- Didier Roche Tue, 26 Aug 2008 19:03:42 +0200 + +apache2 (2.2.9-3ubuntu1) intrepid; urgency=low + + * debian/{control,rules}: enable PIE hardening + + -- Kees Cook Wed, 20 Aug 2008 15:45:00 -0700 + +apache2 (2.2.9-3) unstable; urgency=low + + [ Stefan Fritsch ] + * Move NameVirtualHost directive to ports.conf and switch from "*" to + "*:80". (Closes: #314606, #486286) + * Comment out the CacheEnable line in disk_cache.conf. It would have caused + problems with Etch to Lenny upgrades. + * Change the minimum user id for suexec back to 100, the new value of 1000 + was too disruptive for existing configurations. (Closes: #488821) + * Add a default SSL virtual host. (Closes: #267477) + - Use snakeoil certificate by default (if ssl-cert is installed). + (Closes: #293524, #446765) + - Document this in README.Debian. + (Closes: #293469, #293519, #398520, #395823) + - Add MSIE workarounds. (Closes: #421802) + - Add ssl-cert to Recommends. + * Add a new config file /etc/apache2/conf.d/security with some vaguely + security related diectives. (Closes: #260063) + * Adjust mod_userdir accordingly. Also add "AllowOverride Indexes" for the + home directories. + * Disable SSLv2 by default. It is insecure. Also only enable ciphers with + key lengths of at least 128 bit. + * Make the init script complain about a missing $APACHE_PID_FILE during + "start", too, and not only during "stop" or "restart". This makes it more + obvious that /etc/apache2/envvars has to be updated. (Closes: #473982) + * Add hint about the "..., using 127.0.0.1 for ServerName" warning to + README.Debian. (Closes: #457708) + * Add hint about the "could not create rewrite_log_lock" error message to + README.Debian. (Closes: #450831) + * Remove empty dir from apache2-doc to fix Lintian warning. + * Always pass -g to gcc instead of relying on dpkg-buildpackage to set + CFLAGS. We always want the debug info for the apache2-dbg package. + + [ Ryan Niebur ] + * Upgraded to policy 3.8.0 + - added support for noopt in DEB_BUILD_OPTIONS + - added a README.source + - added support for parallel in DEB_BUILD_OPTIONS + * Dropped XS- from the Vcs fields in control + + -- Stefan Fritsch Wed, 02 Jul 2008 10:15:57 +0200 + +apache2 (2.2.9-2) unstable; urgency=low + + * Make the init script use normal 'stop' instead of 'graceful-stop' again: + With graceful-stop, it can take a long time until all child processes have + closed their listening sockets and there is no way for the init script to + know when it is save to start apache again. This could make the restart of + apache fail. (Closes: #486629, #463338) + * Improve package descriptions, thanks to Justin B Rye. (Closes: #486855) + + -- Stefan Fritsch Sat, 21 Jun 2008 12:22:17 +0200 + +apache2 (2.2.9-1) unstable; urgency=low + + * New upstream release. Notable changes: + - mod_proxy_http: Better handling of excessive interim responses from + origin server to prevent potential denial of service and high memory + usage (CVE-2008-2364). + - mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager + (CVE-2007-6420). + - Worker / Event MPM: Fix race condition in pool recycling that leads to + segmentation faults under load. (Closes: #484800) + - mod_proxy: Keep connections to the backend persistent in the HTTPS case. + - mod_proxy: Support environment variable interpolation in reverse + proxying directives. + - mod_headers: Add 'merge' option to avoid duplicate values within the + same header. + - mod_substitute: The default is now flattening the buckets after each + substitution. The newly added 'q' flag allows for the quicker, more + efficient bucket-splitting. + * Shorten the init script's waiting period during 'restart' from 10 to 4 + seconds. This should still be plenty to allow the apache processes to + close their listening sockets. Make the wait even shorter if apache dies + faster. (Closes: #479136) + * Fix some lintian warnings: + - Add some missing patch descriptions. + - Point to /usr/share/common-licenses instead of including the license in + the copyright file. + + -- Stefan Fritsch Sat, 14 Jun 2008 08:29:41 +0200 + +apache2 (2.2.8-5) unstable; urgency=low + + * Replace a2{en,dis}{mod,site} by a rewritten version that + - supports wildcards (Closes: #373969). + - can be influenced with environment variables (Closes: #349716). + - checks existing symlinks for correctness (Closes: #409970). + - allows to remove dead symlinks (Closes: #480893). + * Move suexec suid helper program to a separate package apache2-suexec, + which is not installed by default. Provide an alternative version of + suexec, which can be customized with a config file. This can be found in + the apache2-suexec-custom package. Closes: #312252, #266835 + * Some more suexec fixes: + - Fix race condition when changing directories. + - Accept only /var/www/*, and not /var/www*. The same for public_html/* + instead of public_html* (CVE-2007-1742). + - Raise the minimum userid that suexec may change to from 100 to 1000. + * Enable mod_deflate in new installs. + * Include config.nice in apache2-src. This hopefully allows apache2-mpm-itk + to drop the build-dependency on apache2-prefork-dev. + * Mention environment variables in apache2 and apache2ctl man pages and point + to README.Debian. (Closes: #475150) + * Drop unneeded build-dep on libtool. + * Drop obsolete apache2-mpm-perchild package (closes: #477522). + * Don't fail in postinst if there is a dangling symlink /var/www/index.html. + * Fix typo in bug number in 2.2.8-3 changelog entry. + * Use dh_lintian in debian/rules. + + -- Stefan Fritsch Sat, 31 May 2008 17:02:03 +0200 + +apache2 (2.2.8-4) unstable; urgency=high + + * Urgency high for DoS vulnerability fix. + * Fix memory leak in mod_ssl with zlib compression. + + -- Stefan Fritsch Tue, 13 May 2008 22:31:37 +0200 + +apache2 (2.2.8-3) unstable; urgency=low + + * mod_cache: Handle If-Range correctly if the cached resource was stale + (closes: #470652). + * mod_autodindex: Use UTF-8 as character set for filenames in the default + configuration. Change this in autoindex.conf if you are still using + ISO-8859-1. + * Introduce APACHE_RUN_DIR and APACHE_LOCK_DIR in apache2ctl. Also, make it + use APACHE_RUN_USER instead of APACHE2_RUN_USER, to be consistent with + apache2.conf. + * Add 'status' function to init script (adapted from patch by Dustin + Kirkland). + * Don't build the modules three times. We are only shipping one set of them, + anyway. (Inspired by the Fedora package.) + * Remove Fabio M. Di Nitto from the uploaders field (thanks for your work). + + -- Stefan Fritsch Fri, 14 Mar 2008 10:57:19 +0100 + +apache2 (2.2.8-2) unstable; urgency=low + + * Provide a fallback access log (other_vhosts_access.log) and a suitable + LogFormat (vhost_combined) for VirtualHosts that don't define their own + log file. (Closes: #313430) + * Fix broken symlink to README.Debian.gz and typos in the file + (closes: #461462). + * Improve generation of password salts in htpasswd (closes: #469271). + * Point VCS tags in debian control to trunk, to make them useful with + debcheckout. + * Add missing ${APACHE_ARGUMENTS} to *) case in apache2ctl. + * In upgrades from etch, replace /etc/apache2/default without asking also in + the NO_START=1 case, in order to not break piuparts (closes: #466367). + * Print file name where "Useless use of AllowOverride" occured. + (Closes: #410334) + * Make bugreport script source /etc/apache2/envvars before calling apache2. + * Add note about MSIE SSL workaround to README.Debian. + * Don't ship empty /var/www/apache2-default in apache2-doc. + (Closes: #469145) + * mod_autoindex: Use the bomb icon only for the name 'core', not for + '*core'. (Closes: #467480) + * Include module name in a2enmod error messages (closes: #461341). + + -- Stefan Fritsch Sat, 08 Mar 2008 12:28:14 +0100 + +apache2 (2.2.8-1) unstable; urgency=low + + * New upstream version: + - Fixes cross-site scripting issues in + o mod_imagemap (CVE-2007-5000) + o mod_status (CVE-2007-6388) + o mod_proxy_balancer's balancer manager (CVE-2007-6421) + - Fixes a denial of service issue in mod_proxy_balancer's balancer manager + (CVE-2007-6422). + - Fixes mod_proxy URL encoding in error messages (closes: #337325). + - Adds explicit charset to the output of various modules to work around + possible cross-site scripting flaws affecting web browsers that do not + derive the response character set as required by RFC2616. For + mod_proxy_ftp there is now the new ProxyFtpDirCharset directive to + specify something else than ISO-8859-1 (CVE-2008-0005). + - Adds mod_substitute which performs inline response content pattern + matching (including regex) and substitution (like mod_line_edit). + - Adds "DefaultType none" option. + - Adds new "B" option to RewriteRule to suppress URL unescaping. + - Adds an "if" directive for mod_include to test whether an URL is + accessible, and if so, conditionally display content. + - Adds support for mod_ssl to the event MPM. + * Move the configuration of User, Group, and PidFile to + /etc/apache2/envvars. This makes it easier to use these settings in + scripts. /etc/apache2/envvars can now also be used to influence apache2ctl + (inspired by Marc Haber's patch). (Closes: #349709, #460105, #458085) + * Make apache2ctl check the configuration syntax before trying to restart + apache, to match the behaviour documented in the man page. + (Closes: #459236) + * Convert docs to be directly viewable with a browser (and not use content + negotiation). + * Add doc-base entry for the documentation. (closes: #311269) + * Don't ship default files in /var/www, but copy a sample file to + /var/www/index.html on new installs. Also remove the now unneeded + RedirectMatch line from sites-available/default. + (Closes: #411774, #458093) + * Add some information to README.Debian (Apache wiki, default virtual host) + * Build with LDFLAGS=-Wl,--as-needed to drop a lot of unnecessary + dependencies, easing library transitions (closes: #458857). + * Add icons for OpenDocuments, add sharutils to Build-Depends for uudecode. + Patch by Nicolas Valcárcel. (Closes: #436441) + * Add reportbug script to list enabled modules. + * Fix some lintian warnings: + - Pass --no-start to dh_installinit instead of omitting the debhelper token + in various maintainer scripts. Also move the update-rc.d call to + apache2.2-common. + - Add Short-Description to init script. + * Remove unused apache2-mpm-prefork.prerm from source package and clean up + debian/rules a bit. + * Don't ship NEWS.Debian with apache2-utils, as the contents are only + relevant for the server. + + -- Stefan Fritsch Thu, 17 Jan 2008 20:27:56 +0100 + +apache2 (2.2.6-3) unstable; urgency=low + + * Allocate fewer bucket brigades in case of a flush bucket. This might help + with the memory leaks reported in #399776 and #421557. + * Escape the HTTP method in error messages to avoid potential cross site + scripting vulnerabilities (CVE-2007-6203). + * Update 053_bad_file_descriptor_PR42829.dpatch to avoid a race condition. + * Redirect /doc/apache2-doc/manual/ to /manual/ in the apache2-doc config + (Closes: #450867). + * Add icons for .ogg and .ogm (Closes: #255443). + * Add comment about how to log X-Forwarded-For (Closes: #425008). + * Make mod_proxy_balancer not depend on mod_cache. + * Add Homepage field to debian/control. + * Add/fix some lintian overrides, fix some warnings. + * Bump Standards-Version (no changes). + + -- Stefan Fritsch Fri, 07 Dec 2007 22:38:59 +0100 + +apache2 (2.2.6-2) unstable; urgency=low + + * Avoid calling apr_pollset_poll() and accept_func() when the listening + sockets have already been closed on graceful stop or reload. This + hopefully fixes processes not being killed (closes: #445263, #447164) + and the "Bad file descriptor: apr_socket_accept: (client socket)" + error message (closes: #400918, #443310) + * Allow logresolve to process long lines (Closes: #331631) + * Remove duplicate config examples (Closes: #294662) + * Include README.backtrace describing how to create a backtrace + * Add CVE reference to 2.2.6-1 changelog entry + + -- Stefan Fritsch Thu, 18 Oct 2007 19:35:40 +0200 + +apache2 (2.2.6-1) unstable; urgency=low + + * New upstream release + - fixes mod_proxy DoS for threaded MPMs (CVE-2007-3847) + - fixes spurious warning for valid wildcard certificates (Closes: #414855) + - adds warning that htpasswd is not setuid safe (Closes: #356285) + - adds Type and Charset options to IndexOptions directive, + allowing a workaround for buggy browsers affected by CVE-2007-4465 + - adds new ProxyPassMatch directive + * Add index.htm to the default DirectoryIndex configuration + (Closes: #439375) + * Use apache2ctl in init script (Closes: #439027) + * make init script less noisy (Closes: #438950) + * improve NEWS entry (Closes: #440084) + + -- Stefan Fritsch Thu, 06 Sep 2007 23:54:42 +0200 + +apache2 (2.2.4-3) unstable; urgency=low + + [ Stefan Fritsch ] + * enable default site on new installs again (Closes: #436341) + * make mod_authn_dbd depend on mod_dbd + * make a2dissite return 0 if a site is already disabled (Closes: #435398) + * make a2 scripts print errors to stderr (Closes: #435400) + * move TypesConfig directive from apache2.conf to mime.conf + (Closes: #434248) + + [ Adam Conrad ] + * Special case apache2-dbg magic in debian/rules, so we don't do + this on Ubuntu, which has an archive of detached debug packages. + + -- Stefan Fritsch Tue, 07 Aug 2007 20:49:28 +0200 + +apache2 (2.2.4-2) unstable; urgency=low + + * Modularize config: Move module specific configuration from apache2.conf + to mods-available/*conf (Closes: #338472) + * Remove the NO_START kludge. Now you have to use rc*.d symlinks to disable + apache2. (Closes: #408462, #275561) + * Create run and lock directores in apache2ctl to make it work on fresh + installations before the first call of the init script. Together with + the previous item, this closes: #418499 + * Disable AddDefaultCharset again (Closes: #397886) + * Make ports.conf, conf.d/charset, and /etc/default/apache2 conffiles + managed by dpkg + * Listen on port 443 by default if mod_ssl is loaded (Closes: #404598) + * Add logic to start htcacheclean as daemon or cronjob. The configuration + is in /etc/default/apache2 + * Fix security issues: + - CVE-2007-3304: prevent parent process to send SIGUSR1 to arbitrary + processes + - CVE-2006-5752: XSS in mod_status + * Add init.d dependency info from insserv overrides to /etc/init.d/apache2 + * Replace apachectl with apache2ctl in docs (Closes: #164493) + * Add usage message to apache2ctl (Closes: #359008) + * Make -dev packages priority extra + * Add secure example cipher/protocol configuration to ssl.conf + * Update watch file (Closes: #433552) + * Bump dh_compat to 5 + * Add new package apache2-dbg with debugging symbols + * Fix mod_cache returning 304 instead of 200 on HEAD requests + + -- Stefan Fritsch Tue, 03 Jul 2007 21:23:40 +0200 + +apache2 (2.2.4-1) unstable; urgency=medium + + [ Stefan Fritsch ] + * Urgency medium for security fix + * Fix CVE-2007-1863: DoS in mod_cache + * New upstream version (Closes: #427050) + - Fixes "proxy: error reading status line from remote server" + (Closes: #410331) + * Fix CVE-2007-1862: mod_mem_cache DoS (introduced in 2.2.4) + * Change logrotate script to use reload instead of restart. + (Closes: #298689) + * chmod o-rx /var/log/apache2 (Closes: #291841) + * chmod o-x suexec (Closes: #431048) + * Update patch for truncated mod_cgi 500 responses from upstream SVN + (Closes: #412580) + * Don't use AddDefaultCharset for our docs (Closes: #414429) + * fix options syntax in sites-available/default (Closes: #419539) + * Move conf.d include to the end of apache2.conf (Closes: #305933) + * Remove log, cache, and lock files on purge (Closes: #428887) + * Ship /usr/lib/cgi-bin (Closes: #415698) + * Add note to README.Debian how to read docs (Closes: #350822) + * Document pid file name (Closes: #350286) + * Update Standards-Version (no changes needed) + * Fix some lintian warnings, add some overrides + * Start apache when doing a "restart" even if it was not running + (Closes: #384682) + * reload config in apache2-doc postinst (Closes: #289289) + * don't fail in prerm if apache is not running (Closes: #418536) + * Suggest apache2-doc and www-browser (Closes: #399056) + * Make init script always display a warning if NO_START=1 since + VERBOSE=yes is not the default anymore (Closes: #430116) + * Replace apache2(8) man page with a more current version + * Add httxt2dbm(8) man page + * Show -X option in help message (Closes: #391817) + * remove sick-hack-to-update-modules + * don't depend on procps on hurd (Closes: #431125) + + [ Peter Samuelson ] + * Add shlibs:Depends to apache2.2-common. + + -- Stefan Fritsch Sun, 01 Jul 2007 19:57:51 +0200 + +apache2 (2.2.3-5) unstable; urgency=low + + [ Tollef Fog Heen ] + * Fix up apache2-src so the .tar.gz contains an apache2 top level + directory. + * Make apache2 MPMs provide and conflict with apache2-mpm so other + packages can provide MPMs too. + * Get rid of 2.1 references from descriptions. (Closes: #400981) + + [ Thom May ] + * Let the init script cope with multiple pid files correctly. Probably we + shouldn't be doing this at all, but we might as well do it properly! + (Closes: #396162) + * Add a sensible autoindex default config + * Add patch from upstream to ensure that mod_cgi 500 responses aren't + truncated (Closes: #412580) + * Use graceful-stop to shutdown apache to ensure we cope nicely with long + running or blocked children + + [ Peter Samuelson ] + * Ship apache2 manpage in apache2.2-common. (Closes: #391813) + * Rearrange init script so that 'force-reload' is the same as 'reload'. + (Closes: #401053) + * Add Build-Depends: mawk. (Closes: #403682) + * Add a needed guard to apache2.conf. + (Closes: #407307) + * Stop shipping /var/run/apache2/ as it is created at runtime anyway. + * Move the /var/lock/apache2 owner fix from the apache2.2-common + postinst to the init script, as /var/lock may not persist across + reboots. (Closes: #420101) + + [ Stefan Fritsch ] + * Add Build-Depends: libssl-dev, zlib1g-dev (Closes: #399043) + * Add XS-Vcs-* to debian/control + * Improve handling of empty $MODNAME in a2enmod (Closes: #422589) + * Treat apache2-mpm-itk as prefork in a2enmod (Closes: #412602) + * Re-add README.Debian and describe + - the config dir layout (closes: #419552) + - which files are ignored by Include + - when and how to change "restart" to "reload" in the logrotate script + * When purging, remove {mods,sites}-enabled symlinks and the config files + created by postinst (Closes: #397789) + * Fix suexec to log after a cgi error (Closes: #312385) + * Add watch file + * Add AddType for .bz2 (Closes: #416322) + * Make init script messages conform better to policy (Closes: #390348) + and exit with failure if called with unknown parameter (Closes: #412407) + * Fix segfault in mod_proxy_ftp when FTP server sends back no spaces + (Closes: #413727) + * Ship /etc/apache2/conf.d/apache2-doc (Closes: #418464) + * Tell the user when selecting cgid instead of cgi (Closes: #428058) + * Add a2ensite/a2dissite man pages (Closes: #322385) + * Comment out CacheEnable by default, to prevent filling up /var. + Document the problem in README.Debian and NEWS.Debian, point to + htcacheclean and give a warning when doing a2enmod disk_cache + (Closes: #423653). + * Add myself to Uploaders. + + -- Stefan Fritsch Sun, 10 Jun 2007 18:54:29 +0200 + +apache2 (2.2.3-4) unstable; urgency=high + + * High-urgency upload for RC bugfixes. + * Ack NMUs - thanks Andi, Steve. + * Add myself to Uploaders. + * Refactor apache2.2-common.postinst slightly, to account for sarge + upgrades (since it's a new package name, rather than an upgrade). + (Closes: #396782, #415775) + * If mod_proxy was configured in sarge, add proxy_http and + disk_cache modules, which used to be included in the mod_proxy config. + (Closes: #407171) + + -- Peter Samuelson Tue, 27 Mar 2007 07:06:49 -0500 + +apache2 (2.2.3-3.3) unstable; urgency=high + + * Non-maintainer upload. + * High-urgency upload for RC bugfix. + * apache2.2-common should depend on procps, since it will fail to create + httpd.conf if it's not installed. Closes: #398535. + + -- Steve Langasek Mon, 5 Feb 2007 01:55:57 -0800 + +apache2 (2.2.3-3.2) unstable; urgency=high + + * Non-maintainer upload. + * 043_ajp_connection_reuse: Patch from upstream Bugzilla, fixing a critical + issue with regard to connection reuse in mod_proxy_ajp. + Closes: #396265 + + -- Andreas Barth Sat, 9 Dec 2006 21:05:45 +0000 + +apache2 (2.2.3-3.1) unstable; urgency=low + + * Non-maintainer upload. + * Enable authz_user by default, fix silent authentication breakage. + Closes: #397310 + * Add default modules if coming from earlier than this version. + Closes: #392349, #392352, #392701, #393913, #396678, #395976 + * Re-Enable modules cern_meta, dumpio and ext_filter. Closes: #391393 + + -- Andreas Barth Fri, 10 Nov 2006 15:44:33 +0100 + +apache2 (2.2.3-3) unstable; urgency=medium + + [ Peter Samuelson ] + * a2dismod: exit 0 if a module exists but is already disabled. + * Ship a2enmod.8 and a2dismod.8 again, and expand them a bit. + (Closes: #270551) + + [ Tollef Fog Heen ] + * Build apache2-src package. + * Do not AddDefaultCharset if we are proxying. Closes: #277526 + * Do not forcefully link against libdb4.3 and other libs. + * Enable the same list of modules as we had in 2.0 (by default) and do + that for all older versions than 2.2.3-3 to fix upgrade issues people + have had. Closes: #392349 + * Set default IndexWidth to *. + * Clean up CPPFLAGS and CFLAGS, including making all of CFLAGS a + superset of CPPFLAGS. Also make sure to include -I switches with + absolute paths so the apache headers are useful. + * Warn when not starting HTTPD due to missing apache binary. + Closes: #384128 + * Provide sample disk and memory cache configurations. Closes: #278564 + * Provide dir.conf. Closes: #392356 + * Add alternate dependency from apache to apache2-mpm-event + * On reload, make the init script exit 1 with an error message if the + configuration is broken. Closes: #316858 + * Add default deflate.conf compressing text/html, text/plain and + text/xml. Closes: #349016 + * Add { and } around the usage format in the init script to make the + init script bash completion happier. Closes: #350606 + + [ Adam Conrad ] + * Update our php4 and php5 conflicts, to reflect the reality that each + were uploaded and built again while apache2.2 was in the new queue. + Closes: #392189 + * Migrate kill symlinks from K91 to K09 (closes: #376503) + * Make apache2 depend on the current version of the MPMs, as it used + to in the 2.0.x series (and make it binNMU-safe) (closes: #394658) + * Make sure that the RedirectMatch in sites-available/default continues + to be commented out for Ubuntu, while having it uncommented for Debian. + + [ Thom May ] + * Fix permissions on suexec (Closes: #391918) + * This is Debian, not Ubuntu (Closes: #393277) + + -- Adam Conrad Sat, 7 Oct 2006 17:57:04 +1000 + +apache2 (2.2.3-2) unstable; urgency=low + + * Make sure to ship /var/log/apache2 in the apache2.2-common package. + Closes: #390786 + * Install suexec.8 as suexec2.8. Closes: #390774 + * Make sure that we never ship .svn directories in any binary packages. + Closes: #390785 + * Not only chmod -x /usr/sbin/apache2 in apache2.2-common.preinst, chmod + +x it in same's postinst too. Closes: #390794 + * We now ship htcacheclean in apache2-utils. Closes: #376680 + * Try to stop old apaches in preinst of the mpms. Closes: #390893 + * Make apache2-mpm-{worker,prefork} conflict with apache2-mpm-event and + apache2-common. + * rm -f /var/lib/dpkg/info/apache2-common.postrm. So apache2-common can + be purged. Yes, we're on crack. Closes: #390823 + * Make apache2-utils's Replaces on apache2-common be unversioned. + Closes: #391018 + * Stop shipping cern_meta.load, dumpio.load and ext_filter.load. Thanks + to Stephane Chazelas for noticing. Closes: #391393 + + -- Tollef Fog Heen Tue, 3 Oct 2006 10:03:48 +0200 + +apache2 (2.2.3-1) unstable; urgency=low + + * Remove mention of AddDefaultCharset from apache2.conf as this is now + in /etc/apache2/conf.d/charset. + * Rename apache2-common to apache2.2-common. Conflict and replace old + version. This is to force modules to be uninstalled until versions + compiled against 2.2 are provided. + * Remove Daniel Stone from list of uploaders. + * We no longer ship 035_HEAD_Content-Length_Fix_From_CVS. Closes: #298143 + * Don't start the server on reload. Closes: #316321 + * Install S91/K09 links, not S91/K91, also only support not starting + through defaults file to cover upgrades from old + installations. Closes: #359977, #349655 + * Big cleanup by using dh_install properly rather than loads of hacks in + debian/rules. + * No longer ship compat symlinks for ab, etc. Those are installed as + ab, htpasswd and similar. + * Remove apache2-mpm-{event,worker}-{prerm,preinst,postinst} in clean, + as those are copies of other files. + * Add build-depends for libapr1-dev (>= 1.2.7-6) to make sure we get a + version which ships a useful apr-config --apr-libtool. + * chmod -x /usr/sbin/apache2 on upgrades from before 2.2 to avoid + problems stopping apache due to some dpkg bug. + * Add Conflicts for broken modules which didn't depend on + apache2-common. + + -- Tollef Fog Heen Thu, 17 Aug 2006 14:02:58 +0200 + +apache2 (2.2.3-1~exp.r170) experimental; urgency=low + + [ Jeroen van Wolffelaar ] + * Staging upload to experimental of subversion revision r170 + + [ Thom May, Tollef Fog Heen, Fabio M. Di Nitto and Adam Conrad ] + * New Upstream Release. Closes: #344072 + http://httpd.apache.org/docs/2.2/new_features_2_2.html has a list of + new features and changes. + - Fixes LFS support. Closes: #341460, #285337, #241223 + - Fixes off-by-one error in mod_rewrite ldap schema handling + (CVE-2006-3747) + - Fixes XSS issue in mod_imap/mod_imagemap (CVE-2005-3352). + Closes: #343467. + - mpm_perchild no longer exists, so closing bugs for perchild. + Closes: #236193, #238586 + - Fixes PHP POST with SSLVerifyClient. Closes: 353443 + * Build-depend on lsb-release and pick up the branding from there. + * Build-depend on apr-util 1.0 which is now in a separate source + package. + * Mangle the Debian layout to be more FHS compatible + * No longer build-conflict with libgdbm-dev + * Use external PCRE + * Make apache2-utils stop providing apache2-utils. Also make it stop + conflicting with itself. + * Rename default site from default-site to just default. + * Try to migrate modules which used to be built-in:, alias, mime, + authz_host, autoindex, dir, env, negotiation, setenvif, status. + * Mod imap has been renamed to imagemap, ditto for auth_ldap => + authnz_ldap. Cope with that in postinst. + * Stop globbing in apache2.conf. + Closes: #337817, #340955, #348189, #379015, #368497 + * Don't install CHANGES into the apache2 package. It's just a + metapackage. + * Add rudimentary rdeps handling to a2dismod. Closes: #273929 + * Stop providing apache-utils. + * Cope with /var/run and /var/lock on tmpfs. + * Remove all subdirs in srclib as we are using external libraries for + those anyway. Also remove test/zb.c. Closes: 340538 + * Make ssl.conf not block on /dev/random, but rather use /dev/urandom. + * Make apache2-common depend on lsb-base, thanks to Gleb Arshinov + + -- Jeroen van Wolffelaar Tue, 15 Aug 2006 16:17:33 +0200 + +apache2 (2.0.55-4.1) unstable; urgency=high + + * Non-maintainer upload. Urgency set to high due to security fixes. + * Added '052_mod_rewrite_CVE-2006-3747' to fix the off-by-one bug in + mod_rewrite. + [CVE-2006-3747]. (Closes: #380182) + * Added '053_restore_prefix_fix' to allow rebuilding from source. + (Closes: #374160) + * Added '054_apr_sendfile' to allow building for Hurd. + (Closes: #349416) + * Added '055_expect_CVE-2006-3918' to fix XSS attack in Expect headers. + [CVE-2006-3918]. (Closes: #381376) + * Added bash-completion script from Guillaume Rousse. + (Closes: #299855) + + -- Steve Kemp Sat, 5 Aug 2006 21:35:53 +0000 + +apache2 (2.2.0-1) UNRELEASED; urgency=low + + * New upstream release. + + -- Fabio M. Di Nitto Thu, 26 Jan 2006 13:46:08 +0100 + +apache2 (2.0.55-4) unstable; urgency=low + + * Add 050_mod_imap_CVE-2005-3352 to escape untrusted referer headers in + mod_imap before outputting HTML to avoid XSS attacks; see CVE-2005-3352 + * Add 051_mod_ssl_CVE-2005-3357 to avoid a remote denial of service in + threaded MPMs when making a non-SSL connection to an SSL-enabled port + on a server with a custom 400 error document defined; see CVE-2005-3357 + * Clean up our use of trailing slashes on directories in debian/rules, so + the newer, pickier, obviously very improved coreutils doesn't bite us. + * Remove some cruft from apache2-common's postinst, dealing with upgrade + scenarios from versions older than those released in Sarge or Warty. + * Use "SHELL := sh -e" in debian/rules, so the build will stop on shell + errors, instead of blundering on to later make targets (closes: #340761) + * Recreate /var/run/apache2 and /var/lock/apache2 in our init script, in + case the user has /var/run and /var/lock on tmpfs, which is fasionable. + * Make our init script a /bin/bash script instead of a /bin/sh script, so + we can abuse it with regex globbing (#348189, #347962, #340955, #342008) + * Take patch from Adrian Bridgett to output errors from our config test + in the init script, but only do so when we're VERBOSE (closes: #339323) + * In the spirit of the LSB, make our init script exit 2 when called with + incorrect arguments, and exit 4 when asked for status (closes: #330275) + * Fix the default site to not mix configuration syntax (closes: #345922) + * Mention apxs2 in the apache2-*-dev long descriptions (closes: #307921) + + -- Adam Conrad Sat, 26 Nov 2005 19:06:32 +1100 + +apache2 (2.0.55-3) unstable; urgency=low + + * Brown paper bag release: Tidy up CFLAGS and APR configure call to make + sure that what we link to agrees with what apu-config tells others to do. + + -- Adam Conrad Mon, 24 Oct 2005 13:02:52 +1000 + +apache2 (2.0.55-2) unstable; urgency=low + + * Mess with 010_more_fhs_compliancy to nail down the compiled default for + cgisock to match with the default shipped in the config file, so people + don't get confused if they miss including cgid.conf (closes: #316477) + * Make the compiled-in PidFile match the config file for similar reasons. + * Add 049_apr_tables_HEAD_cleanup, resolving an issue where merging two + tables from different resource pools would leave you with the contents + of only one, rather than both. This patch also cleans up some broken + pointer arithmetic and type casting along the way (closes: #251800) + * Specify the DocumentRoot without a trailing slash (closes: #311317) + * Fix the manpage to point at proper locations (closes: #307665, #332619) + + -- Adam Conrad Sun, 23 Oct 2005 13:24:39 +1000 + +apache2 (2.0.55-1) unstable; urgency=low + + * New upstream bugfix and security release, superseding these patches: + - Drop 041_util_ldap_fix.patch, util_ldap seems to be unbroken. + - Drop 043_ssl_off_by_one_CAN-2005-1268, fixed upstream. + - Drop 044_content_length_CAN-2005-2088, fixed upstream. + - Drop 045_byterange_CAN-2005-2728, fixed upstream. + - Drop 046_verify_client_CAN-2005-2700, fixed upstream. + - Resolves a serious memory leak in the worker MPM; see CVE-2005-2970 + - Add 048_reverse_proxy_fix, to resolve a regression in 2.0.55 with + mod_proxy, mod_ssl and HTTP POST requests (upstream bug #37145) + * New release builds cleanly with OpenSSL 0.9.8 (closes: #332791, #333363) + * Fix up our built-in version of DBS to use find's -{max,min}depth + arguments in a way that doesn't make find whine like a spoiled child. + * Merge Ubuntu and Debian packaging, bringing in patch 047 (closes: #327269) + - Comment out the / -> /apache2-default/ redirect, as user feedback seems + to indicate that it's just too bloody confusing for most people. + - New installations (only) now get an AddDefaultCharset UTF-8 directive. + * Build-depend on lsb-release, and use it in debian/rules to determine which + distribution we're building on, dropping the 007_debian_advertising patch. + * Drop debconf dependency entirely; we don't even use it (closes: #331741) + * Finally support DEB_BUILD_OPTIONS="noopt debug" properly in debian/rules. + * Adjust mime_magic.conf to point at the new FHS location of magic.mime. + * Drop the apache2-mpm-threadpool transitional package; Sarge is released. + * Try a bit harder to find the *CORRECT* PidFile directive in the init + script, instead of the old "rgrep and pray" method (closes: #303076) + * Make init script to always use apache2ctl consistently (closes: #316303) + * Build (and have -dev packages depend on) libdb4.3 instead of libdb4.2. + + -- Adam Conrad Mon, 17 Oct 2005 13:00:13 +1000 + +apache2 (2.0.54-5ubuntu2) breezy; urgency=low + + * Add 047_ssl_reneg_with_body, which adds a (bounded) buffer of request + body data to provide a limited but safe fix for the mod_ssl renegotiation + vs requests-with-bodies bug, as occurs with POST and SVN (Ubuntu #14991) + + -- Adam Conrad Tue, 4 Oct 2005 11:53:01 +1000 + +apache2 (2.0.54-5ubuntu1) breezy; urgency=low + + * Resynchronise with Debian, bringing in several security patches. + + -- Adam Conrad Mon, 5 Sep 2005 20:40:31 +1000 + +apache2 (2.0.54-5) stable-security; urgency=high + + * Add 043_ssl_off_by_one_CAN-2005-1268, fixing an off-by-one error in SSL + certificate validation; see CAN-2005-1268 (closes: #320048, #320063) + * Add 044_content_length_CAN-2005-2088, resolving an issue in mod_proxy + where, when a response contains both Transfer-Encoding and Content-Length + headers, the connection can be used for HTTP request smuggling and HTTP + request spoofing attacks; see CAN-2005-2088 (closes: #316173) + * Add 045_byterange_CAN-2005-2728, to resolve a denial of service in apache + when large byte ranges are requested; see CAN-2005-2728 (closes: #326435) + * Add 046_verify_client_CAN-2005-2700, resolving an issue where the context + of the SSLVerifyClient directive is not honoured within a + nested in a , and is left unenforced; see CAN-2005-2700 + + -- Adam Conrad Fri, 2 Sep 2005 22:26:28 +1000 + +apache2 (2.0.54-4) unstable; urgency=low + + * Alter 041_util_ldap_fix.patch to revert util_ldap.c to the known + good version from 2.0.53 (closes: #308648, and re-fixes #307567) + + -- Adam Conrad Wed, 11 May 2005 20:15:38 -0600 + +apache2 (2.0.54-3) unstable; urgency=medium + + * Add 042_htdigest_CAN-2005-1344 to fix a buffer overflow in + htdigest, which is described in CAN-2005-1344 (closes: #307134) + * Add 041_util_ldap_fix.patch from upstream bug #34618 to fix + issues with mod_auth_ldap sometimes segfaulting and sometimes + locking up and spinning the CPU to oblivion (closes: #307567) + * Alter 011_fix_ap-config to make apr-config point us at the system + libtool, and make libapr0-dev depend on libtool (closes: #306481) + * Alter 008_make_include_safe to prevent apache2 from including dpkg + conffile leftovers (.dpkg-old et al) (closes: #304786, #296728) + + -- Adam Conrad Thu, 5 May 2005 03:45:24 -0600 + +apache2 (2.0.54-2) unstable; urgency=low + + * Set suexec2's ownership properly, so it's actually executable by + apache2 with the newly-restrictive permissions (closes: #305242) + + -- Adam Conrad Mon, 18 Apr 2005 22:09:42 -0600 + +apache2 (2.0.54-1) unstable; urgency=low + + * New upstream bugfix-only release (closes: #305121) + * Fix debian/watch file to only look at apache 2.0.x, so we stop being + told about the 2.1 beta releases (and I'll notice new 2.0.x releases) + * Drop o+rx permissions from suexec2; while it has code in place to + make sure the caller is www-data, if that code should be buggy, + filesystem permissions will help mitigate fallout (closes: #301045) + * Update the 003_build_with_autoconf_2.5 patch to make sure both + apr and apr-util have an AC_PREREQ for autoconf 2.50, so we don't get + weird autoconf mix-and-match FTBFS issues (closes: #301819) + + -- Adam Conrad Sun, 17 Apr 2005 23:10:18 -0600 + +apache2 (2.0.53-5ubuntu5) hoary; urgency=low + + * Fix the init script to not exit with an error when asked to + stop a daemon that isn't running (Was the root cause of #8374) + + -- Adam Conrad Fri, 1 Apr 2005 16:30:56 +0000 + +apache2 (2.0.53-5ubuntu4) hoary; urgency=low + + * Make sure package removals don't fail even if the init script + doesn't stop apache2 (Ubuntu #8374) + + -- Adam Conrad Fri, 1 Apr 2005 15:07:20 +0000 + +apache2 (2.0.53-5ubuntu3) hoary; urgency=low + + * Add dependency on lsb-base (>= 1.3-9ubuntu2) to guarantee + availability of lsb init functions (Ubuntu #7765) + + -- Adam Conrad Sun, 27 Mar 2005 21:55:41 -0700 + +apache2 (2.0.53-5ubuntu2) hoary; urgency=low + + * Really remove /etc/apache2/conf.d/charset on purge, rather + than just writing about it in the changelog. + + -- Adam Conrad Sun, 27 Mar 2005 08:32:39 -0700 + +apache2 (2.0.53-5ubuntu1) hoary; urgency=low + + * Resynchronise with Debian, resolving minor conflicts. + * Remove /etc/apache2/conf.d/charset on purge. + + -- Adam Conrad Sun, 27 Mar 2005 15:15:44 +0000 + +apache2 (2.0.53-5) unstable; urgency=high + + * Update 040_link_external_pcre to require autoconf 2.50, so it + doesn't fail when autoconf2.13 is installed (closes: #295428) + * Further mangle the apache_stop function in the init script so it + attempts as hard as possible to make sure apache2 is stopped before + it tries to restart. Thanks to Andre Tomt for + the bug and patch this fix was based on (closes: #295915, #281557) + + -- Adam Conrad Fri, 25 Feb 2005 00:51:13 -0700 + +apache2 (2.0.53-4) unstable; urgency=low + + * Add 040_link_external_pcre to allow us to link to an external libpcre + rather than statically compiling the bundled version. + * Add --with-external-pcre to the configure flags in debian/rules + (closes: #294673, #294675, #282606, #294740) + * Stop hardcoding the path to netstat in postinst (closes: #294737) + + -- Adam Conrad Mon, 14 Feb 2005 01:45:08 +0000 + +apache2 (2.0.53-3) unstable; urgency=medium + + * Drop Andres Salomon's PCRE manglig patch in favour of hand-merging + Joe Orton's patch against head to completely internalise apache's + copy of PCRE, only exposing a wrapper API. (closes: #294395) + + -- Adam Conrad Wed, 9 Feb 2005 11:30:21 -0700 + +apache2 (2.0.53-2) unstable; urgency=low + + * Make apache2-threaded-dev and apache2-prefork-dev both arch:any + as they contain architecture-dependant defines (closes: #294257) + + -- Adam Conrad Wed, 9 Feb 2005 04:20:07 -0700 + +apache2 (2.0.53-1) unstable; urgency=low + + * New upstream release + - Remove 036_HEAD_CAN-2004-0942, integrated upstream + - Remove 037_HEAD_CAN-2004-0885, integrated upstream + * Drop support for the threadpool MPM, as it's abandoned upstream. + - Make apache2-mpm-threadpool an empty package depending on + apache2-mpm-worker, and make worker replace the old threadpool + * Make SYSCONFDIR configurable at the top of a2{en,dis}{mod,site} + * Drop the build-conflict on gawk, and use ac_cv_prog_AWK=mawk + instead (closes: #283396) + * Make the apache_stop() function stop trying to do the equivalent + of "killall apache2", and instead issue a nasty warning if it can't + stop apache2 on its own + * Make "restart" an alias for "force-reload" in the init script, as + apache2ctl restart doesn't match policy's requirements for restart + * Swapping between threaded and unthreaded MPMs could leave one with + both mod_cgi and mod_cgid enabled. Fixed the postinsts so that + no longer happens + * Update 021-pcre_mangle_symbols.patch from Andres Salomon, now also + mangling typedefs, which should fix PHP (closes: #280823) + * Hardcode a dependency on libgcc1 (>= 1:3.3.5) so pthread_cancel + will work correctly with partial upgrades (closes: #287033) + * When removing ssl_scache, make sure to remove its db transation logs + and other garbage as well (closes: #293831) + * Remove duplicate /icons/ from the default site (closes: #291856) + * Yank 039_fix_forensic_tmpfiles from Ubuntu's apache2 packages + * Split out utils into seperate apache2-utils. This will also + supercede the apache-utils package (closes: #285219) + * Add split-logfile to apache2-utils (closes: #290814) + * Make the MPM postinsts scream loudly, but not fail, if you've + deleted cgi{,d}.load before swapping MPMs (closes: #283141) + + -- Adam Conrad Mon, 7 Feb 2005 07:54:12 -0700 + +apache2 (2.0.52-3) unstable; urgency=high + + * Brown paper bag release to fix apache2-common's postinst, by judiciously + sprinkling ||true in a couple of needed places (closes: #280527) + * While hunting for unclean uses of VAR=`command` in the package, found + the cause of the "can't purge with broken config" bugs and fixed that + too with yet another ||true (closes: #263511, #273759, #279875) + + -- Adam Conrad Wed, 10 Nov 2004 01:32:16 -0700 + +apache2 (2.0.52-2) unstable; urgency=high + + * Include two patches, 036_HEAD_CAN-2004-0942 and 037_HEAD_CAN-2004-0885 + - CAN-2004-0942: Memory leak in header parsing in server/protocol.c + - CAN-2004-0885: Incorrect SSLCipherSuite selection in mod_ssl + * Fix up our use of netstat in apache2-common's postinst to clean up some + unnecessary output to stderr, as well as detect when netstat believes + we don't have AF_INET support. This should allow for installation in + chroots where the /proc filesystem isn't mounted (closes: #245487) + * Add 035_HEAD_Content-Length_Fix_From_CVS, which should solve problems + with Content-Length being set incorrectly on proxied HEAD requests, + breaking Windows Update from proxied machines (closes: #277787) + * Take out the reload/start magic in the postinst, and just call start in + all cases, as we stop the daemon in the prerm (closes: #275175, #222786) + * Copy config.guess/config.sub/ltmain.sh in from /usr/share/libtool at + build time. (closes: #257228, #263101) + * Clean up the clean target in debian/rules to remove some duplicate + maintainer scripts from the debian/ directory that we don't need to be + shipping in the source package. + * Move envvars to /etc/apache2/ and add patch 038_no_LD_LIBRARY_PATH to + remove the extraneous LD_LIBRARY_PATH from envvars (closes: #276670) + + -- Adam Conrad Sun, 7 Nov 2004 04:09:46 -0700 + +apache2 (2.0.52-1) unstable; urgency=high + + * New upstream bugfix/security release: + - Fixes CAN-2004-0811: Satisfy directive bypass (closes: #273412) + * Add '|| true' to a2enmod to stop it from dying when the installed MPM + isn't prefork (closes: #273017, #273019, #272865, #273021, #273258) + * Touch /var/log/apache2/error.log on new installs to ensure that our log + directory isn't removed until the package is purged, so logrotate doesn't + complain about its inability to find it (closes: #239571) + * Add 032_suexec_is_shared, which makes sure suEXEC is only searched for + and enabled when mod_suexec is loaded (closes: #227653) + * Use '$APACHE2CTL startssl' consistently in init script to make sure the + SSL define doesn't disappear on force-reload (closes: #272531) + * Add 033_dbm_read_hash_or_btree to allow apr-util and dbmmanage to open + and manipulate DB_BTREE databases, while still defaulting to creating + DB_HASH databases as before. This should clear up incompatibilities + with other applications (such as PHP) which default to DB_BTREE. + * Moved dbmmanage2 to /usr/bin, instead of /usr/sbin, as it's a user tool. + * Added 034_ab2_has_openssl, thanks to 2.1-cvs, Fedora, thom, and a bit + of munging, to compile a working ab2 with SSL support (closes: #261820) + + -- Adam Conrad Tue, 28 Sep 2004 10:21:20 -0600 + +apache2 (2.0.51-2) unstable; urgency=high + + * Test for the existence of /usr/sbin/apache2 before we go trying to invoke + it to determine what MPM we have installed (closes: #272103, #272207) + * Make the default httpd.conf created in apache2-common's postinst contain + a fake LoadModule line (commented out), and make apxs2 default to + installing modules to /etc/apache2/httpd.conf, so people using apxs2 + rather than the mods-{enabled,available} directories get the expected + behaviour, rather than obscure errors (closes: #167552, #231134) + * apxs2 now writes the correct path to modules in httpd.conf, including + the mysteriously missing slash (closes: #231450, #167557) + * Make apxs2 install modules with mode 644, since 755 makes no sense. + * Added a bit of magic to a2{en,dis}site to treat the default site as a + special case and add a "000-" priority to the beginning of its symlink. + Patches welcome to turn this into something robust, like update-rc.d. + + -- Adam Conrad Sat, 18 Sep 2004 07:12:12 -0600 + +apache2 (2.0.51-1) unstable; urgency=high + + * New upstream release, including the following security fixes: + - CAN-2004-0747: ap_resolve_env buffer overflow + - CAN-2004-0786: apr_uri_parse segfault in memcpy + - CAN-2004-0809: mod_dav crash/DoS via NULL pointer dereference + * Drop the following patches which are now included upstream: + - 025_CAN-2004-0748.patch + - 026_CAN-2004-0751.patch + - 027_autoindex_ignore_bad_files.patch + - 028_apr_sticky_bits.patch + * Install a properly sanitised config_vars.mk so that apxs2 behaves in + a reasonably sane way (closes: #243340, #270768) + * Relax www-browser dependency to a Suggests, as the mod_status dump from + apache2ctl is a pretty minor (and oft unused) feature (closes: #269309) + * init script now allows you to stop (but not start, restart, etc) the web + server, even if NO_START is set to 1 (closes: #269398) + * Make the apache2 -> apache2-mpm-* dependency tighter, so it does what + one expects when installing it (closes: #269580) + * Remove the ^/doc/apache2-doc/manual(.*)$ /manual$1 RedirectMatch from + the default site which was confusing and useless (closes: #270216) + * Add debian/watch file to track upstream versions. + * Add some magic to a2enmod to map cgi to cgid if using a threaded MPM. + * Add a2ensite and a2dissite which do the same thing as a2{en,dis}mod, + but for sites rather than modules (closes: #269251) + + -- Adam Conrad Wed, 15 Sep 2004 00:09:39 -0600 + +apache2 (2.0.50-12) unstable; urgency=high + + * Build-depend on mawk, and build-conflict with gawk, as we're only + guaranteed of having one or the other installed at any given time + and GNU awk seems to royally mess up the build with regards to which + external symbols get exported by httpd (closes: #268155) + * Add myself to the Uploaders field as it seems that, for better or + worse, I have become a co-maintainer of apache2. + * Drop the :80 from the default site config, so changing ports in + ports.conf now Just Works (closes: #253271) + * Added 029_docroot_manual.patch, which corrects the links in the start + page to point to /manual/ instead of manual/, so the link actually + works when apache2-doc is installed (closes: #232954) + * Add a postrm to apache2-common, implementing a policy-compliant purge + process (closes: #237030, #252254, #197986) + * Add a simple RedirectMatch to the "default" site, so that fresh + installations see the default start page, rather than a directory + listing (closes: #240772, #255974, #264070) + * Add 030_www-browser_apachectl.patch, and make apache2-common depend + on www-browser, so 'apache2ctl status' works (closes: #266724) + * Move apache2's (re)start from the apache2-common postinst to the MPM + postinsts, so we're not trying to start the old binary if apache2-common + is configured before apache2-mpm-* is unpacked (closes: #268936) + * Enable CGI on initial installation, as packages depending on httpd-cgi + require it to be running to work (closes: #267547, #263038) + * Only enable userdir on upgrades from older versions where it was + built-in, or on fresh installs. + + -- Adam Conrad Mon, 30 Aug 2004 17:40:47 -0600 + +apache2 (2.0.50-11) unstable; urgency=high + + * Add two patches from upstream to address two vulnerabilities in mod_ssl: + - CAN-2004-0748 is a potential infinite loop in the SSL input filter + which can be triggered by an aborted connection. + - CAN-2004-0751 is a potential segfault in the SSL input filter which + can be triggered by the response to request which is proxied to a + remote SSL server. + * Changed the ownership of /var/cache/apache2 to allow mod_proxy to + actually cache files (closes: #264622) + * Added a patch from upstream to make mod_autoindex skip over files that + it can't stat() (closes: #264645) + * New installations now get an /etc/default/apache2 file with a moderately + informative comment, and the default set sanely (closes: #263515) + * Added a patch from upstream to make APR stop creating directories with + the sticky bit set (closes: #266198) + * Remove the bogus "-e" from the echo that creates httpd.conf, so people + installing with ash/dash don't get a broken file (closes: #267693) + + -- Adam Conrad Mon, 23 Aug 2004 19:25:50 -0600 + +apache2 (2.0.50-10) unstable; urgency=high + + * Roll back the libapr0 ABI changes introduced in 2.0.50-9. We were + hopeful that we could hunt down and fix any fallout from this change + before release, and we were, apparently, wrong. + (closes: #266211, #266145, #266165, #266330, #266230, #266279, #266736) + + -- Adam Conrad Thu, 19 Aug 2004 03:46:11 -0600 + +apache2 (2.0.50-9) unstable; urgency=medium + + * Enable LFS properly. (Closes: #264645, #244897) + - Added 023_largefiles_upstream_fixes which makes the upstream configure + script a bit smarter and fixes some misuses of size_t/off_t. + - Added 024_largefiles_debian_hacks which adds some hideous hackery to + work around a bug in glibc where sendfile64 is used in place of sendfile + with no fallback even if the current kernel doesn't support it. + - Add note to README.Debian noting that while we can now read, write, and + list large files, SERVING large files is kernel-dependant. + * Bump libapr0 shlibs to (>= 2.0.50-9), since we're introducing + some serious ABI breakage with the above changes. + * Fix up the PATH in apache2's init script to list /usr/local, /usr, / + in the standard order. + * Change misleading return messages for a2{en,dis}mod, to reflect + the reality that some modules just won't load/unload properly + without a full stop/start server cycle. + + -- Adam Conrad Sun, 15 Aug 2004 07:41:19 -0600 + +apache2 (2.0.50-8) unstable; urgency=high + + * Ensure we link against the correct version of DB42 + + -- Thom May Mon, 9 Aug 2004 14:37:38 +0100 + +apache2 (2.0.50-7) unstable; urgency=high + + * Fix up linking of apr-util (Closes: #262009) + + -- Thom May Tue, 3 Aug 2004 12:42:53 +0100 + +apache2 (2.0.50-6) unstable; urgency=high + + * use 'env -i' rather than trying to parse env (Closes: #261558, #258713) + * revert to old build process (Closes: #260756, #259693) + * Reflect changes in ssl setup - Thanks, Björn Wiberg (Closes: #259414) + * Remove userdir config from main config file (Closes: #260058) + + -- Thom May Tue, 27 Jul 2004 10:31:46 +0100 + +apache2 (2.0.50-5) unstable; urgency=high + + * Add necessary suexec information to central build + (Closes: #258453, #258772) + * Exclude lines starting with a space from removal from the env + (Closes: #258713) + + -- Thom May Mon, 12 Jul 2004 17:30:59 +0100 + +apache2 (2.0.50-4) unstable; urgency=high + + * Fix dependencies so the MPMs don't conflict with the metapackages *g* + Thanks to Adam Conrad for this catch + + -- Thom May Fri, 9 Jul 2004 00:55:19 +0100 + +apache2 (2.0.50-3) unstable; urgency=high + + * Brown paper bag of epic proportion. Build all mpms with the proper + collection of libraries. (Closes: #258217, #258202) + * Clean up environment (Closes: #241579) + * Clarify prefork description (Closes: #252918) + * Make apache2-default/manual DTRT (Closes: #244847) + * Note that we don't ship INSTALL or README.platforms (Closes: #232956) + + -- Thom May Thu, 8 Jul 2004 16:04:31 +0100 + +apache2 (2.0.50-2) unstable; urgency=high + + * Make a2enmod a bit more robust (Closes: #258149, #258145) + * Should really be urgency=high to get into testing quick + + -- Thom May Wed, 7 Jul 2004 23:03:36 +0100 + +apache2 (2.0.50-1) unstable; urgency=medium + + * New upstream release, fixes [CAN-2004-0493] and [CAN-2004-0488] + * The "I can't believe you're late to your own raid" release + * Check whether verbose is on or off in rcS's config (Closes: #242351) + * Add an apache2 metapackage (Closes: #234955) + * Specifically disable /~root (Closes: #246139) + * Stop the daemon in prerm (Closes: #245488) + * Redirect /doc/apache2-doc/manual to /manual so the correct magic happens + (Closes: #248038) + * Update SSL config to current upstream (Closes: #234591,#231147) + * No longer install default cgis - they're already shipped in -doc as + examples. (Closes: #231665) + * Tighten regex for Include (Closes: #234489) + * Remove ext-filter.load since we ship ext_filter.load too (Closes: #249268) + * Enable userdir as a shared module (Closes: #251102, #246134) + * OSKURO SUCKS (otherwise known as: not a bug) (Closes: #208569) + * Create /var/lib/apache2 (Closes: #242169) + * Remove 'AddDefaultCharset' line from apache2.conf (Suggestion from Marco + D'Itri) + + -- Thom May Tue, 6 Jul 2004 18:45:35 +0100 + +apache2 (2.0.49-1) unstable; urgency=high + + * New Upstream release. (Closes: #240100) + * Add missing $ to init-script (closes: #240301) + * Provides: httpd-cgi in reference to #117916 + + -- Thom May Sun, 4 Apr 2004 11:32:20 +0100 + +apache2 (2.0.48-8) unstable; urgency=low + + * Fix typo in debian/rules (closes: #230760) + * Added patch 021-pcre_mangle_symbols.patch (closes: #235810) + * Fixed typo in the init scripts (closes: #230263) + * Changed a bunch of mv's to cp's in rules (closes: #228840) + * Change mime_magic to use magic from libmagic1 (closes: #236509) + * Disable ssl-cert until it sucks less. related to 230791 (closes: #231726) + * update descriptions (closes: #234543, #234538, #234542) + * Nuke /etc/vhosts and all associated cruft (closes: #235029) + + -- Thom May Mon, 2 Feb 2004 12:47:10 +0000 + +apache2 (2.0.48-7) unstable; urgency=low + + * Brown paper bag release. Refix the nonfixed libapr0 which built + without linking information. + + -- Tollef Fog Heen Fri, 30 Jan 2004 18:25:12 +0100 + +apache2 (2.0.48-6) unstable; urgency=low + + * Build-Conflict with gdbm (closes: #230226, #230175, #204672) + + -- Tollef Fog Heen Fri, 30 Jan 2004 12:24:09 +0100 + +apache2 (2.0.48-5) unstable; urgency=low + + * (Daniel Stone) + - Bump Standards-Version to 3.6.1.0. + - init-script: Print a small warning when NO_START=1. (closes: #178431) + - default site: Enable FollowSymLinks. (closes: #200829) + * (Thom May) + - Permanently kill the ErrorLog directive from ssl.conf + - Call ssl-cert to generate an SSL cert using debconf (closes: #178322) + - Allow /usr/share/doc/ to be viewable from localhost (closes: #222551) + - Set the default DocumentRoot to be /var/www (closes: #222552) + - Change where the init script is installed to (Closes: #223417) + - Upgrade to DB4.2 + * (Tollef Fog Heen) + - handle building out of the SVN checkout. + + -- Tollef Fog Heen Wed, 28 Jan 2004 00:13:13 +0100 + +apache2 (2.0.48-4) unstable; urgency=medium + + * (Daniel Stone) + - Change apache2-threaded-dev's Conflicts from apache2-perfork-dev to + apache2-prefork-dev. Learn how to type, dude (thanks to Grzegorz + Prokopski for spotting this one). + + -- Daniel Stone Mon, 17 Nov 2003 12:00:11 +1100 + +apache2 (2.0.48-3) unstable; urgency=medium + + * Grmmp. stuffed the upload + + -- Thom May Wed, 12 Nov 2003 18:18:54 +0000 + +apache2 (2.0.48-2) unstable; urgency=high + + * (Thom May) + - Fix locking busted by NPTL (Closes: #220299) + - Fix IPv6 weirdness (thanks to Jordi/Fabio) (Closes: #220334) + + -- Thom May Wed, 12 Nov 2003 13:04:04 +0000 + +apache2 (2.0.48-1) unstable; urgency=low + + * (Thom May) + - New Upstream Release (Closes: #202094) + - Fix i18n autonegotiation for the manual (Closes: #201648) + - Add deb.{gif,png} (Closes: #199454) + - Explicitly link against libdl (Closes: #195968) + - Add dependency on ssl-cert (Closes: #177837) + - Take preventative action against SCTP + - Add apache2-prefork-dev to work around PHP. + - Shut Oskuro up - startup time changed to 91 (Closes: #208569) + - Install README.etc into apache2-common's doc dir + (Closes: #208751,#177941) + - Auth_LDAP loads mod_ldap as well. (Closes: #217795) + - Make sure /var/lock/apache2 has correct ownership (Closes: #206375) + - Fix for SSL enabled virtual hosts (Closes: #202925) + - Steal new apr_threads.m4 from upstream to deal with -lpthread better + (Closes: #197685) + * (Fabio M. Di Nitto) + - Fixed init script (Closes: #203093) + + -- Thom May Sat, 16 Aug 2003 00:13:20 +0100 + +apache2 (2.0.47-2) unstable; urgency=low + + * Move dav.conf to dav_fs.conf (Closes: #201530) + * Fix the manual, and only ship it once. (Closes: #201648) + * Enable SymLinksIfOwnerMatch for cgi-bin (Closes: #200829) + + -- Thom May Wed, 16 Jul 2003 10:24:28 +0100 + +apache2 (2.0.47-1) unstable; urgency=high + + * New Upstream Release. Bunch of security fixes (Closes: #200593) + * Add asis.load, auth_ldap.load, cache.load, dav_fs.load, disk_cache.load, + ext_filter.load, file_cache.load, imap.load, ldap.load, mem_cache.load, + include.load (Closes: #197152, #198389, #196115) + Note that dav_fs was previously loaded by dav.load, and is now broken out + into a seperate file. + * Patch apxs2 to use datadir rather than prefix for top_builddir. + (Closes: #198607) + * Kill a couple of pointless conflicts. (Closes: #197242) + * Change suexec docroot from /var/www/apache2-default to /var/www + (Closes: #198981) + * Make sure we use Expat rather than xmltok (Closes: #197020) + * Ship find_ap{r,u}.m4 (per Nuutti Kotivuori) + + -- Thom May Fri, 4 Jul 2003 13:40:37 +0100 + +apache2 (2.0.46-3) unstable; urgency=low + + * Clean up the proxy config although it's not enabled by default. + (Closes: #195187) + * Remove all traces of gdbm. (Closes: #196231) + * Re-enable ldap support (Closes: #190092) + * This changelog should be policy compliant. Any whingers can take a long + hike off a short pier. + * use printf rather than echo to work round weird shells. (Closes: #196230) + + -- Thom May Thu, 5 Jun 2003 19:26:21 +0100 + +apache2 (2.0.46-2) unstable; urgency=critical + + * Fix config_vars.mk creation and installation (Closes: #195141, #195190) + + -- Thom May Thu, 29 May 2003 11:47:13 +0100 + +apache2 (2.0.46-1) unstable; urgency=critical + + * The "David Welton is my hero" release + * New upstream release, numerous security vulns fixed. + * Oh the pain. + * Move ScriptSocket to /var/run/apache2 (Closes: #188655) + * Restore mod_include (Closes: #188483) + * Move the virtual hosts config to the end of the config file + (Closes: #188584) + * Add Mod-Ext-Filter (Closes: #182770) + * Add actions.load (Closes: #178087, #179571, #181527) + * Add a dependency on net-tool (Closes: #190663) + * Clean up FHS compliancy and fix up a typo in apachectl (Closes: #187723) + * Fix for the apxs -q APR_BINDIR doesn't work problem (Closes: #188278) + * Special case the install of special.mk (Closes: #179776) + * Make apache2-dev and apache-dev not conflict. (This renames apxs back to + apxs2) + * Add README for /etc/apache2 written by David. + * Add auth_digest.load courtesy of Amelia A Lewis + (Closes: #194111) + + -- Thom May Wed, 28 May 2003 14:17:21 +0100 + +apache2 (2.0.45-3) unstable; urgency=critical + + * another "stupid freaking sasl" release. the series is on! + + -- Thom May Tue, 8 Apr 2003 17:13:09 +0100 + +apache2 (2.0.45-2) unstable; urgency=critical + + * the "stupid freaking sasl" release. + * fix override disparities too. + * fix dulpicate dependency on libssl0.9.7 (Closes: #179598) + + -- Thom May Tue, 8 Apr 2003 13:34:44 +0100 + +apache2 (2.0.45-1) unstable; urgency=critical + + * New upstream release (Closes: #187502) + * Fix korean language type, thanks to Donggyoo Lee + (Closes: #179542) + * Add explicit dependency to libsasl-dev (Closes: #179674) + * Remove ErrorLog from ssl.conf + * forward ported patches courtesy of Roberto Moreda ; big + thanks! + + -- Thom May Sat, 5 Apr 2003 14:35:58 +0100 + +apache2 (2.0.44-6) unstable; urgency=low + + * Make APR's postinst idempotent (Closes: #178105, #178141) + * Make Apache2-common's postinst non interactive (Closes: #178551) + * People filing bugs after they're fixed should be shot (Closes: #178244) + * Build Logio into the core, apparently. + + -- Thom May Mon, 27 Jan 2003 20:47:28 +0000 + +apache2 (2.0.44-5) unstable; urgency=low + + * The "someone should take my compiler away from me" release + * Depend on openssl as well. Grrr. (Closes: #177985) + * Clean up the last of the section mismatches + + -- Thom May Thu, 23 Jan 2003 15:04:20 +0000 + +apache2 (2.0.44-4) unstable; urgency=low + + * The "going for broke" release. + * Enable Logio, suggested by Roberto Moreda + * Stop force loading of cgi modules. (until we can do it cleanly) + (Closes: #177876, #177795) + * Restore symlink for libapr.so.0 (Closes: #177792) + * Apache2-common must depend on libssl0.9.7 (Closes: #177845) + * Rename ssl-certificate so we don't conflict with apache-ssl + (Closes: #177881) + * Only create the certificate if it's not there already (Duh!) + + -- Thom May Wed, 22 Jan 2003 09:59:11 +0000 + +apache2 (2.0.44-3) unstable; urgency=low + + * The "This one goes out wearing a brown paper bag" release + * Fix apxs to correctly return the header locations (Closes: #177729) + + -- Thom May Tue, 21 Jan 2003 16:35:14 +0000 + +apache2 (2.0.44-2) unstable; urgency=low + + * The "Ooops, I did it again" release + * Fixup of sections and priorities. + * Add dependency of libldap2-dev to libapr0-dev + * Correct dependencies to be db4.1 not db4.0 + + -- Thom May Tue, 21 Jan 2003 13:26:57 +0000 + +apache2 (2.0.44-1) unstable; urgency=low + + * Conform to 10.4 of policy re init scripts, (Closes: #165693) + * Be more selective about filenames when doing Include + Patch - 008_make_include_safe (Closes: #161512) + * Make HTMLTable validate, and add a note recommending its use. + (Patch submitted upstream and will be in 2.0.44) + Patch - 010_fix_html_table (Closes: #153593) + * Make apr have correct library versioning + Patch committed upstream + Patch - 011_make_apr_versioned (Closes: #162775) + * Placed packaging code under subversion change management + http://svn.positive-internet.com/svn/apache2/trunk + * Changed some bash scripts to use #!/bin/bash rather than #!/bin/sh + (Closes: #168338) + * Changed apache2-common to merely suggest apache2-doc (Closes: #167595) + * Patch from David Kimdon to clean up debian/scripts/* + * Rename apxs2 to apxs; conflict with apache-dev (Closes: #167550) + * Upstream fix for AllowOverride documentation (Closes: #169431) + * Tighter build dependency on debhelper (Closes: #170803) + * Only reload in logrotate if apache2 is actually running (Closes: #171095) + * Upstream Fix for AddOutputFilterByType documentation (Closes: #172294) + * Add robots.txt to apache2-common (Closes: #172592) + * Enable cgi in postinst (Closes: #168709) + * Create an SSL Certificate on install (Closes: #168109) + * Fix a couple of typos in debian/ssl-certificate, with thanks to Nuutti + Kotivuori + * Change to restart rather than reload in logrotate, to work round a nasty + PHP bug (PHP has bugs? *gasp* I thought it was perfect!) with thanks to + Adam Conrad for the suggestion + * Clarify what needs to be installed for a working system (Thanks to Sean + Abrahams) + * Support debug DEB_BUILD_OPTIONS setting, thanks to Karl Hegbloom + (Closes: #174221) + * Add -pipe to the CFLAGS, thanks to Karl Hegbloom + * Force apr-util to build against db4 + * add OSX finder to the list of things that needs to be redirect-carefully'd + * s/enabled/disabled in debian/a2-scripts/a2dismod (Closes: #173956) + * enable auth-ldap, auth-anon, auth-dbm, auth-digest, and action as shared + modules (Closes: #172044, #174583, #172093) + * Upgrade to Berkely DB 4.1 + * Upgrade to OpenSSL 0.9.7 + * Add patch to ensure DB4.1 --with-unique-names is picked up. (Committed + upstream) + * Add local apache2 and apache2ctl manpages, since upstream have removed + them. + + -- Thom May Mon, 20 Jan 2003 11:14:43 +0000 + +apache2 (2.0.43-1) unstable; urgency=medium + + * New Upstream Release; Fixes: CVE: CAN-2002-0840 CERT: VU#240329 + * Add extra config to unfuck perchild. hopefully. + * Rejig Proxy Config some. With thanks to: Emmanuel Chantreau (Closes: #163124) + * Fix cgi install. Thanks to: Bastian Kleineidam (Closes: #162791) + * Fix postinst to check installation type and behave accordingly (Closes: #162627) + * Bring product version into line with RFC2616 (Closes: #151384) + * Add allow line for ipv6 localhost (Closes: #163533) + * Make more of the modules modular. + * Set UseCanonicalName off + * Added index.xhtml to DirectoryIndex settings + * Enabled MultiViews in the default site, and for the manual (Closes: #160367) + * Removed Unnecessary cgi.conf (Closes: #163842) + + -- Thom May Fri, 4 Oct 2002 21:47:18 +0100 + +apache2 (2.0.42-2) unstable; urgency=low + + * Tighten dependencies yet more + * Restart in postinst. don't stop in prerm and start in postinst (Closes: #162344, #162350, #162537) + * Fix dh_shlibdeps up + * PERCHILD IS NOT WORKING IN THIS RELEASE. DON'T EXPECT IT TO. BUGS ABOUT + THIS WILL BE CLOSED WITH EXTREME PREJUDICE. + + -- Thom May Fri, 27 Sep 2002 13:06:59 +0100 + +apache2 (2.0.42-1) unstable; urgency=low + + * "Pretty. What shall we blow up?" + * New Upstream Version (Closes: #160364) + * Fix man names and sections (Closes: #157113) + * Correct the regex for netstat checking of ports, thanks to Matthew Hambley + for this. + * Correct dependencies for apache2-common. (Closes: #161793) + * Applied patch from Stefan Gybas to fix a2enmod (Closes: #159459) + * Added BrowserMatch directives for microsoft's bodgy DAV implementations + and also for gnome-vfs (Closes: #155097) + * Loosened the config for home directories (Closes: #153599) + * Updated to latest standards version + * Drop priority to extra to bring it in line with libdb4.0 + * Added logrotate script - Thanks to Phil Edwards for the basic version, and + the apache package that I ripped the rest off from (Closes: #155488) + * Tighten up what the Include lines load some. This is related to #161512 + but doesn't completely close it. + + -- Thom May Sat, 21 Sep 2002 22:14:22 +0100 + +apache2 (2.0.40-1) unstable; urgency=low + + * New Upstream Version + * Correct dependencies. (Closes: #156959) + * Code to check for something else listening on 80 (Closes: #156129) + * correct permissions on suexec2 man page (Closes: #157005) + * Make the start and stop targets use apache2 directly rather than + apache2ctl. + * Check for the existence of apache2 and exit if it's not there (Closes: #156640) + * Nuke ssl_scache on startup (Closes: #157445) + * patch apxs to not need an mpm installed. Correct dependencies for -dev. + Stop messing around with ap_config_auto.h. + This hopefully resolves James Troup's objections to apache2. (Closes: #157895) + * Add code to check for a 2.2 based kernel and set up the Scoreboard + accordingly. (Closes: #156899) + * make sure i only have to update one init.d script, rather than 4. + * make apxs return a correctly formatted response on queries. + + -- Thom May Wed, 21 Aug 2002 14:21:14 +0100 + +apache2 (2.0.39+cvs.1028741220-2) unstable; urgency=low + + * Rebuild against new libc6. Grr. (Closes: #155865) + * Actually create /etc/apache2/httpd.conf + * Propagate init.d changes through the other MPMs. + + -- Thom May Thu, 8 Aug 2002 09:19:49 +0100 + +apache2 (2.0.39+cvs.1028741220-1) unstable; urgency=low + + * New Upstream Version + * Make a versioned depends on libapr0 (Closes: #154879, #155400) + * Ensure that /etc/init.d/apache2 is registered properly. + * Added a conf.d directory for random conf snippets + * Ensure that the /manual/ alias is setup by the correct package (Closes: #155179) + * Ensure that DAVLockDB is created in the right directory (Closes: #155096) + * Now Building in a pbuilder chroot environment. + * Perchild is now pseudo working (Closes: #154148) + * Cumulatively (note to Lazarus Long: this means all the things in this + changelog added together) (Closes: #155297, #155307, #155317, #155717, #155363, #155719, #155801) + * Note that preceeding changelog entry may not be parseable by strict grammar + checks. Thanks to Jamie Wilkinson for pointing this out. + * Turn MultiViews back on for the default site (Closes: #155450) + checks. Thanks to Jamie Wilkinson for pointing this out. + * Turn MultiViews back on for the default site (Closes: #155450) + * Removed all CVS directories (Closes: #155602, #155393, #155402) + * SSI has been fixed upstream (Closes: #151744) + * Removed SSLLog directives (Closes: #152940) + * Put icons in the right place (Closes: #155178) + * Fixed build-dep on libgdbmg1-dev (Closes: #155412) + * Get correct information into config_vars.mk (Closes: #151712) + * Removed 'ServerName localhost' line (Closes: #155359) + * Placed apr-util headers in correct package + * Ensured that the init.d script restarts apache properly + + -- Thom May Tue, 30 Jul 2002 22:37:52 +0100 + +apache2 (2.0.39+cvs.1027964860-1) unstable; urgency=low + + * New Upstream Source + * Correct Icons path (Closes: #151314) + * Add missing dep on mime-support (Closes: #151848, #152220, #152221, #151772) + * Fixup suexec2, thanks to Masahito Omote (Closes: #151422) + * Mark Brown + - Remove spurious claim that apache2 hasn't been uploaded (Closes: #151433) + - Bring apache2 in line with policy on /usr/share/doc/ (Closes: #151459) + - Make reload behave the same as force-reload (Closes: #151432) + * place the manual in the right place, thanks to Md (Closes: #151766) + * David Kimdon + - add build depends on zlib1g-dev (Closes: #151286) + + -- Thom May Fri, 29 Jul 2002 19:12:56 +0100 + +apache2 (2.0.39-1) unstable; urgency=low + + * New Upstream Version, fixing a denial of service attack. + * Fix installation of icons and manual. + * David Kimdon + - fix path for envvars in apxs2 + - use generalized directives in ssl.conf ( SSLLog -> ErrorLog, + SSLLogLevel -> LogLevel ), this allows server to load ssl + module + + -- Thom May Fri, 14 Jun 2002 17:29:59 -0700 + +apache2 (2.0.37-2) unstable; urgency=low + + * Updated Copyright file to actually contain a copy of the various licenses. + + -- Thom May Fri, 14 Jun 2002 15:41:41 +0100 + +apache2 (2.0.37-1) unstable; urgency=low + + * New upstream version + + -- Thom May Thu, 13 Jun 2002 17:47:12 +0100 + +apache2 (2.0.37+cvs.JCW_PRE2_2037-1) unstable; urgency=low + + * New upstream release + + -- Thom May Wed, 5 Jun 2002 12:42:34 +0100 + +apache2 (2.0.36-2) unstable; urgency=low + + * debian/control - Correct provides, conflicts and depends, especially for + the mpms. + * build-dep doesn't work with provides, which makes sense. Need to make a + note of this in the policy. + * debian/rules - ensure that the mpm specific header file is installed into + the right place + + -- Thom May Fri, 31 May 2002 14:54:39 +0100 + +apache2 (2.0.36-1) unstable; urgency=low + + * The "The obviously begging in a changelog works" release. + * New Upstream release + * Vpath Builds now work, giving the ability to select which MPM you require + * Changed vhost base to only be a Recommends: as I'm not happy that it's + currently in a properly releasable state. + * New enhost script courtesy of DannyS. + * David Kimdon + - make apxs2 find envvars properly + - use libtool to install apache2 binaries for different mpm's + - fix dependancies for apache2-dev (we can't do a versioned 'Provides' + so we need to list all the packages that provide apache2 along + with their version) + * Implemented a long overdue suggestion to only create ports.conf if it's + not in existance already, rather than to add a command to listen on 80 iff + that didn't exist. The person who suggested it is lost in the mists of my + mailbox. If it was you, please email me! + * debian/vhost-base/add.d/apache2 - apply patch from "Omniflux" + to fix some brainos + + -- Thom May Mon, 6 May 2002 16:39:18 +0100 + +apache2 (2.0.35+cvs.20020420-1) unstable; urgency=low + + * The "finding myself standing on the corner staring into a different world" + release. Will someone please give me a job? + * Resync with upstream CVS. lots and lots of bug fixes since the last + release. + * Attempting to build with multiple MPMs, so speedfreaks can have a threaded + MPM. (Available MPMs are: prefork, worker, threadpool, and + leader/follower). + * Now sedding ap{r,u}-config in the install target. + * vpath build evilness suggested by Andrew Suffield and others. I hate them + all. :) + + -- Thom May Sat, 20 Apr 2002 17:04:46 +0100 + +apache2 (2.0.35-2) unstable; urgency=low + + * The "Apache2 isn't released, therefore the Bug Tracking System doesn't + bloody well work" release + * Fixes a bug in add host, due to the change from Port to Listen. + (Reported by numerous people, patch more or less from Esteve Fernandez + . + * Attempt to fix apu-config, suggestion and patch from David Kimdon, if it's + wrong, I broke it. (Changed it to apply pre-build, rather than post build. + Yes, it's the lazy approach. It's also the right one :) ) + * THE BUG TRACKING SYSTEM IS NOT THE RIGHT PLACE TO SEND BUG REPORTS FOR + APACHE2. + * REALLY. + + -- Thom May Sat, 6 Apr 2002 21:04:16 +0100 + +apache2 (2.0.35-1) unstable; urgency=low + + * WOOOOOOOOOOOHOOOOOOOOO! Apache2's first General Availability release! + * Various bug fixes, suggestions and so on. + * Built with db3 for the time being. + + -- Thom May Sat, 6 Apr 2002 03:01:24 +0100 + +apache2 (2.0.34+retag-1) unstable; urgency=low + + * Resync with upstream release. + * Fix packaging-fus (Hi Marcello!) + * Upstream have fixed cgi probs. + + -- Thom May Mon, 1 Apr 2002 14:50:12 +0100 + +apache2 (2.0.34-1) unstable; urgency=low + + * New upstream release + * added mod_deflate as a shared library + * bashed on apache2.conf some. + + -- Thom May Tue, 26 Mar 2002 23:23:09 +0000 + +apache2 (2.0.33-1) unstable; urgency=low + + * New upstream. + * Unfucked all code, include init.d and /etc/vhosts. + * FHS'ified, more or less + * Some debconf, but not much. + * Merged more patches upstream + + -- Thom May Sat, 9 Mar 2002 23:33:09 +0000 + +apache2 (2.0.32+cvs.20020228-1) unstable; urgency=low + + * The "bathwater, no baby" release. + * Submitted patches upstream like crazy. + * Tossed the insanely bogus apachectl patch + * Debconf not included here. Want to get everything else right, and a + release out. + * Boom! + + -- Thom May Thu, 28 Feb 2002 21:07:24 +0000 + +apache2 (2.0.32-1) unstable; urgency=low + + * The "Throwing stuff away like mad and seeing if it still builds" release. + * Ditched apache2-modules* on the principle of least surprise - the deb + layouts now pretty closely follow apache. + * Trying to triage away patches that have been fixed upstream. + * Major attack on debconfiscation starts here -> . + + -- Thom May Tue, 19 Feb 2002 20:37:58 +0000 + +apache2 (2.0.31+cvs.20020217-1) unstable; urgency=low + + * New CVS snapshot from HEAD to benefit Subversion for the impending 0.9 + release. Enjoy! 81 lines in the last couple of days ... :) + * debian/patches/005_more_hardcoded_paths: + - Regenerated diff against newer version of mpm_default.h. + * debian/patches/008_apr-config_sucks + - Regenerated apr-util part of diff against newer version of + apu-config.in. + * debian/apache2.{config,templates,postinst}, + debian/vhost-base/add.d/apache2, + debian/vhost-base/templates.d/apache2{,.in}, debian/rules: + - Debconfage asking which port to run on, and make the vhost-base script + only list the current ports; ports stuff moved to + /etc/apache2/ports.conf - re-enable dh_installdebconf in debian/rules. + - Moved templates.d/apache2 to templates.d/apache2.in so we can do some + nifty inplace regexps. + * debian/apache2.init.d: + - Bail out of the init script if there aren't any sites enabled. + * debian/{rules,control}: + - Get rid of apache2-modules; move its contents to apache2. + * debian/config-mods/cgid.conf: + - Get rid of redundant wrapper around ScriptSock, so it + actually loads. Thanks to Pieter "Pitr" Jansen for this one. + + -- Daniel Stone Sun, 17 Feb 2002 01:23:43 +1100 + +apache2 (2.0.31+cvs.20020207-1) unstable; urgency=low + + * The one-big-happy-apache2-bug-squashing-family release. + * Update to latest CVS; hopefully this won't mean that piro deadlocks every + time dpkg goes to read its database. Hopefully this gets rid of the bugs. + Yes, all of them. + * debian/patches/004a_srclib_layout_support: + - Updated a touch to fit in with .32-dev. + * debian/patches/008_stuff_in_sbin_not_bin: + - Removed; obsoleted by upstream discovering sanity. + * debian/patches/008_apr-config_sucks: + - Fix problem whereby @prefix@ would sub to $(prefix), but $(prefix) + wouldn't sub to the prefix, or ${prefix}, thus screwing up the running + of apr-config ... ditto for apu-config (from apr-util). + * debian/patches/009_apxs: + - Reworked to make it actually work, and apply cleanly. + - Fix libtool breakage once again, thanks David Kimdon. + * debian/patches/010_shmget: + - Hack to srclib/apr/apr.h.in to make it prefer shmget over everything + else, to make it 2.2/non-tmpfs safe. (Thanks Ben Collins). + * debian/patches/012_debian_version: + - Minor update (include a space in front of "Debian", change it to + "Debian GNU/Linux" to clarify things, and before the the Hurd [happy + now, you crack junkies?] people complain, it's not released as a Debian + port yet, so feh). + * debian/vhost-base/add.d/apache2: + - Change sites to sites-available, in line with the previous change. + * debian/config/mods-available: + - Move to debian/config-mods to make life easier with the move to + apache2-modules (see below). + * debian/config-mods/auth_dbm.load: + - New file, in line with introducing mod_auth_dbm; thanks again to David + Kimdon. + * debian/a2-scripts/a2{en,dis}mod: + - Rewritten to be much cleaner and cool. (Thanks to Ben Collins for + pointing out that the permissions were screwed). + * debian/apache2.postinst: + - New file, no #DEBHELPER# token so that we don't care if postinst fails; + this way it won't bail if you're already running another web server. + Thanks to David Kimdon for pointing out an error. + * debian/vhost-base/{enable,disable}.d/apache2: + - Fixed! Woot! The code isn't the best you'll see, but now *WORKS*. Whoo! + * debian/control: + - Extend libapr-dev's Depends to include libapr0 (duh). + - Remove apache2-modules-dev as modules are no longer built both shared + and static, IMHO this was quite braindead behavior. Upstream's change, + not mine. + - Remove apache2-support as apxs2 requred apache2 anyway. Chalk one (more) + down for "failed experiments". + - Removed redundant libssl0.9.6 and libxmltok1 build-deps; we already + build-depped on the relevant -dev packages; thanks Ben Collins. + * debian/rules: + - Modules are no longer built statically as well as dynamically (upstream + change), so stop trying to move the files around. + - Sort out the libapr0/libapr-dev mess once and for all; thanks to Matt + Wilcox and Ben Collins for patiently talking me through it. + - Move *contents* of mods-available to apache2-modules, but keep the + directory itself as part of apache2, to keep the addons happy; thanks + David Kimdon. + - s/apache2-support/apache2/, see debian/control entry. + - Remove extraneous LICENSE file from the vhost manual. + - Remove *.exp files, because they're unneeded. + * debian/apache2.docs: + - Remove KEYS from the list of docs because this is crap and no longer + distributed. w00t! + + -- Daniel Stone Thu, 7 Feb 2002 20:39:44 +1100 + +apache2 (2.0.28-3) unstable; urgency=low + + * Enabled mod_auth_dbm for Subversion. (thanks David Kimdon). + + -- Daniel Stone Thu, 29 Nov 2001 23:25:53 +1100 + +apache2 (2.0.28-2) unstable; urgency=low + + * Fixed up a couple of things, + /etc/apache2/modules->/etc/apache2/mods-available, etc. + * Included mod_dav, so Subversion can be built. + * New package: apache2-modules-dev, containing all + /usr/lib/apache2/modules/*a. (Thanks Adam Heath). + * Moved libapr.so.* symlinks to libapr-dev (Thanks again to doogie). + + -- Daniel Stone Sun, 25 Nov 2001 19:00:19 +1100 + +apache2 (2.0.28-1) unstable; urgency=low + + * Updated to 2.0.28, which they actually managed to agree on calling a beta. + * debian/apache2.init.d: + - Stripped of almost all its functionality. Now just touches httpd.conf if + we're starting and it doesn't exist, and then calls apache2ctl with all + our options, whatever they may be - it can error out if it wants. + * Removed patches: + - 010_index.html.it_typo - merged upstream. + * Updated patches: + - 009_apxs: make it actually find libtool. Thanks to David Kimdon. + - 002_apache2ctl: really fix apache2ctl graceful. + + -- Daniel Stone Sun, 18 Nov 2001 15:29:43 +1100 + +apache2 (2.0.26+cvs.20011028-2) unstable; urgency=low + + * Added vhost-base support. + - Removed Debconfage and moved all the templates to + debian/vhost-base/templates.d (/etc/vhosts/templates.d). + Removed apache2.postinst and apache2.config. + - Removed a2{dis,en}host. + * /usr/lib/cgi-bin will now be /cgi-bin, /var/vhosts/hostname/cgi-bin will be + /cgi-local. + + -- Daniel Stone Fri, 9 Nov 2001 21:53:27 +1100 + +apache2 (2.0.26+cvs.20011028-1) unstable; urgency=low + + * Resync with HEAD (another coming to fix segfaults, but no net connectivity + at the moment - 4-11-2001, 2:12pm. Grrr). + * New patches: + - 011_mod_autoindex-symlink: make icons for symlinks to files and dirs + special cases. + + Touches modules/generators/mod_autoindex.c + + Special cases: ^^SYMDIR^^ and ^^SYMLINK^^. + - 012_debian_version: adds "Debian" to the Apache version string. + + Touches include/ap_release.h - this patch has *no* context. Please + don't give it any, I don't want to have to rediff every version. + * debian/config/httpd.conf, debian/config/apache2.conf: + - Move main config file to apache2.conf, made it much more bare-bones. + + User (or package) config should be done in httpd.conf. + * apache2.conf: + - s/Port/Listen/ - booya! Finally they cleaned it up. + - Add (commented-out) icon entries for ^^SYMDIR^^ and ^^SYMLINK^^. + Anyone volunteer to create icons? + * debian/apache2.postinst: + - Minor cleanups. + - And later: Made it just call ap2addhost --default. (and a2enhost). + * debian/config/modules/ssl.conf, debian/config/sites/default-443: + - Put only generic SSL stuff in ssl.conf, split SSL support out into + a new virtual host thingy in accordance with dealing with ports. + * debian/config/sites/default, debian/config/sites/default-443, + debian/patches/004b_debian_layout: + - Add a new alias /cgi-pub/ to /usr/lib/cgi-bin. Packages should put + scripts here. + * debian/control: + - changed the Suggests: on apache2-doc to a Recommends: + + otherwise /manual/ will be a broken alias, as it points to + /usr/share/doc/apache2-doc/manual. + - changed libapr-dev to Architecture: all (from Arch: any) - whoops. + * Added support for multiple ports on the one virtual host. At the moment + it's one gigantic, ugly, kludge. *sigh*. Format: + - /var/vhosts/site.name/htdocs-PORT + - /var/vhosts/site.name/logs/(access|error).log-PORT + - /var/vhosts/site.name/cgi-bin-PORT + * debian/apache2.postinst, debian/config/sites/default, etc: + - s#/var/www#/var/vhosts#; + - s#htdocs#htdocs-$PORT#; + * More Debconfage - it now asks if you want SSL support in the default + virtual host, and which port number you want (default 81 so it sits + side-by-side with apache). + * Major change to postinst, a2addhost, et al: + - It's all now done in Perl, and postinst is no longer a special case. + The standalones call Debconf for what they need to do, calling it as a + standalone. This way, postinst just calls a2addhost, etc, and it also + smooths the path for me to do the vhost-base stuff. + * No, this migration path probably won't be smooth (between apache2 + versions). Sorry. + * Last release before I make it vhost-base compliant. + + -- Daniel Stone Sun, 28 Oct 2001 20:33:18 +1100 + +apache2 (2.0.26+cvs.20011023-1) unstable; urgency=low + + * Damnit, resync with HEAD (2_0_26 was unstable). + + -- Daniel Stone Tue, 23 Oct 2001 18:36:42 +1000 + +apache2 (2.0.26-1) unstable; urgency=low + + * Resync with upstream CVS (but only as far as the APACHE_2_0_26 tag). + Essentially, this gives all the coolness of a CVS tree, but all the + stability of a release. I may start tracking HEAD later, we'll just + have to see. + * Changed libapr->libapr0. + * Fixed a couple of typo's in index.html.it (thanks Md, via Joey). + * 22nd October, 7:51pm: Resync again as they added a couple of files + and bumped the tag to fix segfaults. + + -- Daniel Stone Wed, 17 Oct 2001 23:50:39 +1000 + +apache2 (2.0.25+cvs.20011001-1) unstable; urgency=low + + * More CVS resyncing joy. + * Silly stupid evil poo bum hack to apachectl. I don't like this. + Please, help. + * Got rid of a few lintian warnings. + * Install build stuff to /etc/apache2/build, adjust apxs accordingly. + * Agreed on policy with madduck. This is a MAJOR CHANGE, people. + A lot of stuff has changed around, so you'll need to change your + packages. + apache2 now treats everything as a virtual host (even when you only + have one host). This allows us to skirt around FHS and do our own + thing. ("Thpthpthpthpthpthpt, we're using vhosts. FHS doesn't say + anything about that.") + Please see README.Debian for more details. + * More fun with virtual hosts. Migrated their configuration files to + /etc/apache2/virtuals/. This will allow for easy adding and + removal, via the new tools /usr/sbin/ap2(add|del)vh. + apache2's postinst touches /etc/apache2/POSTINST_CONFED, and will refuse + to re-run the postinst config stuff if it's there already. + * Module fun - /usr/sbin/ap2mod(en|dis). Modules put their loading line in + /etc/apache2/modules/foo.load, config in /etc/apache2/modules/foo.conf. + Enabled module stuff gets symlinked into /etc/apache2/mods-enabled. + * Move APR stuff to /usr/lib, not /usr/lib/libapr. Whoops, should've done + this a *long* *time* *ago*. + * More silly APR hacks: Move /usr/include/libapr to /usr/include/apache2, as + silly things like php4 don't get the fact that APR and apache2 can indeed + have different include directories. Grrr. + * Juggled script names - it's now a2(en|dis)(host|mod). + * I don't care, I'm uploading. No, really (closes: #103471). + It's been 93 days since I first did dh_make and ITPed it. :) + + -- Daniel Stone Thu, 4 Oct 2001 20:15:31 +1000 + +apache2 (2.0.25+cvs.20010923-1) unstable; urgency=low + + * Another resync with upstream CVS; most of the changes below were made + between then and now. + * Also added apache2-support - everything from support/*, so php4, et al + don't need to Build-Depend on apache2 itself. + + -- Daniel Stone Sun, 23 Sep 2001 13:21:16 +1000 + +apache2 (2.0.25+cvs.20010908-1) unstable; urgency=low + + * Synched everything with CVS; it works now. + * We now build with ./buildconf due to the above; redo all the patches + against configure.in. I swear this will be the last change, and that I'll + test it. + * Removed php4 and modperl-2.0 from the tree. I should keep the changelogs + internal, as this is now getting not only very silly, but very embarassing. + * I corrected myself in the ITP that it was licensed under the Apache + Software License, not GPLed, but forgot to do that in debian/copyright. + Whoops. Feel free to LART. + * Lintian cleanups: + - Remove extra LICENSE files. + - Stop stuff calling -rpath. + - Change printenv to call /usr/bin/perl, not /usr/local/bin/perl - wtf? + - Move manpages to the right directory. + * Minor merge from Thom courtesy of some stuff being stored on pandora:~thom. + - Use buildprogs.pl to parse stuff like apache2ctl, apxs2, etc. + * Hopefully I'm only one CVS sync away from an upload. + * Moved some stuff over to /usr/sbin, fixed apache2ctl once and for all. + Hopefully. + + -- Daniel Stone Sun, 9 Sep 2001 00:05:03 +1000 + +apache2 (2.0.24-2) unstable; urgency=low + + * The "Farewell Buddha" Release. + * Or, alternatively: The "Darren Milburn is an Idiot for Inciting Crowds" + Release. + * Yes, it's the height of evil, I know: modperl-2.0 goes into the source + tree. (from CVS). + Separate tarballs, thanks to DBS, but still, yeah. + * Ditto php4. + * Still no Thom's laptop; hence no merges, and I'm not going to duplicate + work. + + -- Daniel Stone Sun, 2 Sep 2001 21:50:59 +1000 + +apache2 (2.0.24-1) unstable; urgency=low + + * New upstream version. + * Use prefork, not threaded, MPM. (threaded is currently broken). + * Update example httpd.conf for mod_ssl and have lines for all the modules. + * Build-Depends, all the Build-Depends! + * Update maintainer email address (thanks Joey). + * Turns out using buildconf was what broke modules. I swear I won't do + anything like that again. Promise! (thanks Thom for pointing this out) + * Implied by the above, rediff all patches against configure, not + configure.in. + * Also, don't copy configure.{guess,sub} over anymore, because we don't need + them. + * More Thom merges: + - debian/patches/003_apache2ctl - rewritten apache2ctl to actually work. + * Return of debian/patches/006_dont_install_build_crap. GAH! + + -- Daniel Stone Sat, 18 Aug 2001 17:01:19 +1000 + +apache2 (2.0.23-2) unstable; urgency=low + * SSL finally works, and beat instructions on how to get it going out + of someone on new-httpd. Moved SSL stuff to apache2-modules. + * Disabled TLS, because it's unstable and unnecessary. + * Merge from Thom May's tree: + 005b_debian_layout - The Debian layout for stuff + - Move APR stuff to /usr/lib/libapr and /usr/include/libapr. + - Clean up debian/rules, largely thanks to the two new patches. + * General cleanups, resulting from running lintian: + - Chuck #DEBHELPER# in postinst, which also fixes the /usr/doc + and init.d problems (due to debhelper now doing its postinst + thing). + - Remove LICENSE files from apache2-doc and the default document + root. + - Remove man/ and build/ top-level dirs, install manpages correctly. + - Updated 004_perl_in_usr_bin to include the manual search CGI. + * Remove all evil, ugly, patches to configure in debian/patches/*, instead, + diff against configure.in, because autoconf gets run in the configure + stage every time. + * Copy config.{guess,sub} from /usr/share/misc (provided by autotools-dev) at + runtime, thus eliminating debian/patches/002_config_guess_and_sub. + * Reshuffled patch numbers to cope with the above. + * I give up on this DBM crap. Disable mod_auth_dbm for now. + + -- Daniel Stone Wed, 15 Aug 2001 18:27:23 +1000 + +apache2 (2.0.23-1) unstable; urgency=low + + * New upstream - 2.0.23. + * New patches: + 004_conffile_in_etc_apache2 - Make an ugly init.d hack unnecessary. + 005_perl_in_usr_bin - Make example CGI scripts use /usr/bin/perl. + * Fix mime_magic stuff by copying magic to /etc/apache2. + * Remove debian/patches/003_cgisock_in_var_log_apache2, instead found a new + conffile directive, put this into the default distributed conffile. + + -- Daniel Stone Sun, 12 Aug 2001 18:05:32 +1000 + +apache2 (2.0.22-2) unstable; urgency=low + + * Aargh, I'm an idiot. Fix a bug in mod_cgid.c that had a hardcoded path. + That's now debian/pactches/003*. + + -- Daniel Stone Sat, 11 Aug 2001 08:04:13 +1000 + +apache2 (2.0.22-1) unstable; urgency=low + + * Updated to 2.0.22, started using a form of DBS. + * Merge from Thom May's 2.0.20 tree - new libapr-dev package. + * Backed out the old mod_(tls|ssl) hacks, see if 2.0.23 is any better + (apparently it is, thank god). + + -- Daniel Stone Wed, 8 Aug 2001 15:13:09 +1000 + +apache2 (2.0.20-2) unstable; urgency=low + + * New SSL fixes from new-httpd. Apparently, this (generally) works. + + -- Daniel Stone Fri, 13 Jul 2001 07:57:18 -0500 + +apache2 (2.0.20-1) unstable; urgency=low + + * New upstream release + + -- Daniel Stone Mon, 9 Jul 2001 18:41:04 +1000 + +apache2 (2.0.18-1) unstable; urgency=low + + * Initial Release. + + -- Daniel Stone Wed, 4 Jul 2001 21:29:29 +1000 --- apache2-2.2.14.orig/debian/apache2.2-common.preinst +++ apache2-2.2.14/debian/apache2.2-common.preinst @@ -0,0 +1,17 @@ +#! /bin/sh -e + +mv_conffile() { + if [ "`md5sum $1 2>/dev/null | cut -d ' ' -f 1`" = "$2" ] ; then + echo Replacing $1 with new version ... + mv $1 $1.dpkg-apache2.2-common.old + fi +} + +if [ -n "$2" ] && dpkg --compare-versions "$2" lt 2.2.4-2; then + mv_conffile /etc/default/apache2 9ac83f9132b78c3aa6dd4d7a583bf476 + mv_conffile /etc/default/apache2 801eb5156368b54d92ecb578ce710836 + mv_conffile /etc/apache2/ports.conf d5fcefc335117f400d451de47efeca87 + mv_conffile /etc/apache2/conf.d/charset 641239a7d2d172856cb1413a47d2e142 +fi + +#DEBHELPER# --- apache2-2.2.14.orig/debian/compat +++ apache2-2.2.14/debian/compat @@ -0,0 +1 @@ +7 --- apache2-2.2.14.orig/debian/apache2.2-common.postrm +++ apache2-2.2.14/debian/apache2.2-common.postrm @@ -0,0 +1,53 @@ +#! /bin/sh + +set -e + +if [ "$1" = purge ] ; then + rm -f /etc/apache2/httpd.conf \ + /var/cache/apache2/reload \ + /var/log/apache2/access.log* \ + /var/log/apache2/other_vhosts_access.log* \ + /var/log/apache2/error.log* + + rm -rf /var/cache/apache2/proxy \ + /var/cache/apache2/mod_disk_cache \ + /var/run/apache2 \ + /var/lock/apache2 + + for f in /etc/apache2/sites-enabled/* \ + /etc/apache2/mods-enabled/* ; do + [ -L "$f" ] && rm -f "$f" + done + + for d in /etc/apache2/sites-enabled/ \ + /etc/apache2/mods-enabled/ \ + /etc/apache2/conf.d \ + /etc/apache2 \ + /var/log/apache2 \ + /var/cache/apache2 ; do + rmdir $d 2> /dev/null || true + done + +fi + +restore_conffile() { + if [ -e $1.dpkg-apache2.2-common.old ] ; then + echo Restoring previous version of $1 ... + mv $1.dpkg-apache2.2-common.old $1 + fi +} + +if [ "$1" = abort-upgrade ] ; then + restore_conffile /etc/default/apache2 + restore_conffile /etc/apache2/ports.conf + restore_conffile /etc/apache2/conf.d/charset +fi + +if [ "$1" = remove ] ; then + if [ "`md5sum /var/www/index.html 2>/dev/null | cut -d ' ' -f 1`" \ + = "5388f60d7695cb57b87c799ee62d20b2" ] ; then + rm /var/www/index.html + fi +fi + +#DEBHELPER# --- apache2-2.2.14.orig/debian/a2ensite.8 +++ apache2-2.2.14/debian/a2ensite.8 @@ -0,0 +1,70 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH A2ENSITE 8 "8 June 2007" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +a2ensite, a2dissite \- enable or disable an apache2 site / virtual host +.SH SYNOPSIS +.B a2ensite +.RI [ site ] +.PP +.B a2dissite +.RI [ site ] +.SH DESCRIPTION +This manual page documents briefly the +.B a2ensite +and +.B a2dissite +commands. +.PP +.B a2ensite +is a script that enables the specified site (which contains a block) within the +.B apache2 +configuration. It does this by creating symlinks within +.BR /etc/apache2/sites-enabled . +Likewise, +.B a2dissite +disables a site by removing those symlinks. It is not an error to +enable a site which is already enabled, or to disable one which is +already disabled. +.PP +The +.B default +site is handled specially: The resulting symlink will be called +.B 000-default +in order to be loaded first. +.SH EXAMPLES +.RS +.B "a2dissite default" +.RE +.PP +Disables the +.B default +site. +.SH FILES +.TP +.B /etc/apache2/sites-available +Directory with files giving information on available sites. +.TP +.B /etc/apache2/sites-enabled +Directory with links to the files in +.B sites-available +for enabled sites. +.SH "SEE ALSO" +.BR apache2ctl (8). +.SH AUTHOR +This manual page was written by Stefan Fritsch (based on the a2enmod manual +page by Daniel Stone ) for the Debian GNU/Linux distribution. --- apache2-2.2.14.orig/debian/apache2.2-common.install +++ apache2-2.2.14/debian/apache2.2-common.install @@ -0,0 +1,7 @@ +usr/share/apache2/icons +usr/sbin/apache2ctl +usr/share/apache2/error +usr/sbin/envvars-std usr/share/apache2/build +etc/apache2 usr/share/doc/apache2.2-common/examples +debian/config-dir/* etc/apache2 +debian/a2enmod usr/sbin --- apache2-2.2.14.orig/debian/a2dissite.8 +++ apache2-2.2.14/debian/a2dissite.8 @@ -0,0 +1 @@ +.so man8/a2ensite.8 --- apache2-2.2.14.orig/debian/apache2.2-common.apache2.cron.daily +++ apache2-2.2.14/debian/apache2.2-common.apache2.cron.daily @@ -0,0 +1,30 @@ +#!/bin/sh + +# run htcacheclean + +set -e +set -u + +[ -e /usr/sbin/htcacheclean ] || exit 0 +[ -e /etc/default/apache2 ] || exit 0 + + +# edit /etc/default/apache2 to change this +HTCACHECLEAN_MODE=daemon +HTCACHECLEAN_RUN=auto +HTCACHECLEAN_SIZE=300M +HTCACHECLEAN_PATH=/var/cache/apache2/mod_disk_cache +HTCACHECLEAN_OPTIONS="" + +. /etc/default/apache2 + +[ "$HTCACHECLEAN_MODE" = "cron" ] || exit 0 + +[ "$HTCACHECLEAN_RUN" = "yes" ] || +( [ "$HTCACHECLEAN_RUN" = "auto" ] && \ + [ -e /etc/apache2/mods-enabled/disk_cache.load ] ) || exit 0 + +/usr/sbin/htcacheclean ${HTCACHECLEAN_OPTIONS} \ + -p${HTCACHECLEAN_PATH} \ + -l${HTCACHECLEAN_SIZE} + --- apache2-2.2.14.orig/debian/apache2.bug-control +++ apache2-2.2.14/debian/apache2.bug-control @@ -0,0 +1 @@ +Submit-As: apache2.2-common --- apache2-2.2.14.orig/debian/apache2-threaded-dev.dirs +++ apache2-2.2.14/debian/apache2-threaded-dev.dirs @@ -0,0 +1,4 @@ +usr/include/apache2 +usr/bin +usr/share/apache2/build +usr/share/man/man8 --- apache2-2.2.14.orig/debian/mpms.dirs +++ apache2-2.2.14/debian/mpms.dirs @@ -0,0 +1,5 @@ +usr/sbin +usr/lib/debug/usr/sbin +usr/lib/apache2/mpm-MPMXXX +usr/share/lintian/overrides +usr/share/bug/apache2-mpm-MPMXXX --- apache2-2.2.14.orig/debian/NEWS +++ apache2-2.2.14/debian/NEWS @@ -0,0 +1,131 @@ +apache2 (2.2.15-1) unstable; urgency=low + + * This release adds and enables mod_reqtimeout, which limits the time + Apache waits for a client to send a complete request. This helps to + mitigate against certain denial of service attacks. In case of problems + with slow clients, the timeout values can be adjusted in + /etc/apache2/mods-available/reqtimeout.conf , or the module can be + disabled with "a2dismod reqtimeout". + + -- Chuck Short Tue, 13 Apr 2010 09:09:34 -0400 + +apache2 (2.2.13-2) unstable; urgency=high + + * The new support for TLS Server Name Indication added in 2.2.12 causes + Apache to be stricter about certain misconfigurations involving name + based SSL virtual hosts. This may result in Apache refusing to start + with the logged error message: + + Server should be SSL-aware but has no certificate configured + [Hint: SSLCertificateFile] + + Up to 2.2.11, Apache accepted configurations where the necessary SSL + configuration statements were included in the first (default) + block but not in subsequent + blocks. Starting with 2.2.12, every VirtualHost block used with SSL must + contain the SSLEngine, SSLCertificateFile, and SSLCertificateKeyFile + directives (SSLCertificateKeyFile is optional in some cases). + + When you encounter the above problem, the output of the command + + egrep -ir '^[^#]*(sslcertificate|sslengine|virtualhost)' \ + /etc/apache2/*conf* /etc/apache2/*enabled + + may be useful to determine which VirtualHost sections need to be changed. + + Also, formerly accidentially working constructs like + + + + where one virtual host definition is used for both a non-ssl and a ssl + virtual host do not work anymore. You can achieve a similar effect with + + + Include /.../vhost.include + + + SSLEngine on + SSLCertificateFile ... + Include /.../vhost.include + + + -- Stefan Fritsch Wed, 16 Sep 2009 20:14:59 +0200 + +apache2 (2.2.9-3) unstable; urgency=low + + * The directive "NameVirtualHost *" has been changed to "NameVirtualHost + *:80". It has also been moved from sites-available/default to ports.conf. + This allows to ship a proper SSL default virtual host config in + sites-available/default-ssl, but it means that if you use several name + based virtual hosts: + + - you will have to change to in your + name based virtual hosts + + - you need to add more NameVirtualHost directives if you use other ports + than 80 with name based virtual hosts. You may also have to add these + ports to the default virtual host in /etc/apache2/sites-available/default + (like this: ""). + + If you prefer to revert to the old setup instead (and don't need the + default-ssl host), just change "NameVirtualHost *:80" back to + "NameVirtualHost *" in ports.conf and "" to + "" in sites-available/default. + + * For mod_disk_cache, caching is again disabled in disk_cache.conf by + default. It usually makes more sense to enable this on a per-virtual host + basis. + + -- Stefan Fritsch Mon, 30 Jun 2008 19:47:52 +0200 + +apache2 (2.2.8-5) unstable; urgency=low + + * The suexec helper program needed for mod_suexec is now shipped in a + separate package, apache2-suexec, which is not installed by default. + You need to install this package manually if you are using mod_suexec. + + There is now also the apache2-suexec-custom package, which contains a + customizable version of suexec which can be used with different document + roots than /var/www. + + -- Stefan Fritsch Sun, 04 May 2008 20:24:00 +0200 + +apache2 (2.2.8-1) unstable; urgency=low + + * The Apache User and Group and the PidFile path are now configured in + /etc/apache2/envvars, to make it easier to use them in scripts + (like the init and logrotate scripts, and apache2ctl). + If you have changed these settings from their default values, you need to + adjust /etc/apache2/envvars. + This also means that starting apache2 with "apache2 -k start" is no longer + possible, you have to use /etc/init.d/apache2 or apache2ctl. + + -- Stefan Fritsch Tue, 15 Jan 2008 21:41:23 +0100 + +apache2 (2.2.4-2) unstable; urgency=low + + * This version introduces some changes in the configuration layout and + defaults. You will probably have to adjust your configuration accordingly. + + - Module specific configuration has been moved from + /etc/apache2/apache2.conf to /etc/apache2/mods-available/*.conf for the + following modules: + actions alias autoindex + info mime negotiation + setenvif status + + - AddDefaultCharset is again disabled by default. See + /etc/apache2/conf.d/charset + + - "Listen 443" is automatically enabled in /etc/apache2/ports.conf if + mod_ssl is enabled. + + * The NO_START functionality from /etc/default/apache2 has been removed. If + you don't want to start apache2 on boot, rename the S*apache2 start + symlinks as usual. + + * To ensure that the disk cache does not grow indefinitely, htcacheclean is + now started when mod_disk_cache is enabled. The details can be configured + in /etc/default/apache2 . + + -- Stefan Fritsch Mon, 09 Jul 2007 21:50:58 +0200 --- apache2-2.2.14.orig/debian/README.source +++ apache2-2.2.14/debian/README.source @@ -0,0 +1,17 @@ +Debian-apache uses dpatch to make changes to the upstream source. + +To apply all of the patches run: +./debian/rules patch + +To unapply all of the patches run: +./debian/rules unpatch + +To add (or edit) a patch run: +dpatch-edit-patch name_of_patch_goes_here +#make your changes +exit + +dpatch will make a new patch in debian/patches/ if one with that name doesn't already exist, otherwise it will change the existing one. +To make it get used add it to debian/patches/00list . + +To make a patch not get used remove it from debian/patches/00list . --- apache2-2.2.14.orig/debian/apache2.2-common.manpages +++ apache2-2.2.14/debian/apache2.2-common.manpages @@ -0,0 +1,6 @@ +debian/a2enmod.8 +debian/a2dismod.8 +debian/apache2.8 +debian/apache2ctl.8 +debian/a2ensite.8 +debian/a2dissite.8 --- apache2-2.2.14.orig/debian/httxt2dbm.8 +++ apache2-2.2.14/debian/httxt2dbm.8 @@ -0,0 +1,41 @@ +.TH "HTTXT2DBM" 8 "2007-06-26" "Apache HTTP Server" "httxt2dbm" + +.SH NAME +httxt2dbm - Generate dbm files for use with RewriteMap + +.SH "SYNOPSIS" + +.PP +\fBhttxt2dbm\fR [ \fB\-v\fR ] [ \fB\-f\fR \fIDBM_TYPE\fR ] \fB\-i\fR \fISOURCE_TXT\fR \fB\-o\fR \fIOUTPUT_DBM\fR + +.SH "SUMMARY" + +.PP +\fBhttxt2dbm\fR is used to generate dbm files from text input, for use in RewriteMap with the dbm map type. + +.SH "OPTIONS" + +.TP +\-v +More verbose output +.TP +\-f \fIDBM_TYPE\fR +Specify the DBM type to be used for the output. If not specified, will use the APR Default. Available types are: + GDBM for GDBM files + SDBM for SDBM files + DB for berkeley DB files + NDBM for NDBM files + default for the default DBM type +.TP +\-i \fISOURCE_TXT\fR +Input file from which the dbm is to be created. The file should be formated with one record per line, of the form: + key value +See the documentation for RewriteMap for further details of this file's format and meaning. +.TP +\-o \fIOUTPUT_DBM\fR +Name of the output dbm files. + +.SH "EXAMPLES" +httxt2dbm \-i rewritemap.txt \-o rewritemap.dbm + +httxt2dbm \-f SDBM \-i rewritemap.txt \-o rewritemap.dbm --- apache2-2.2.14.orig/debian/control +++ apache2-2.2.14/debian/control @@ -0,0 +1,205 @@ +Source: apache2 +Section: httpd +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian Apache Maintainers +Uploaders: Tollef Fog Heen , Thom May , Adam Conrad , Peter Samuelson , Stefan Fritsch , Steinar H. Gunderson +Build-Depends: debhelper (>= 7.4.3), dpatch, lsb-release, libaprutil1-dev (>= 1.3.4), libapr1-dev (>= 1.2.7-6), openssl, libpcre3-dev, mawk, zlib1g-dev, libssl-dev, sharutils, libcap-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], autoconf,hardening-wrapper +Build-Conflicts: autoconf2.13 +Standards-Version: 3.8.3 +Vcs-Bzr: http://code.launchpad.net/ubuntu/+source/apache2 +XSBC-Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2 +XSBC-Original-Vcs-svn: svn://svn.debian.org/pkg-apache/trunk/apache2 +Homepage: http://httpd.apache.org/ + +Package: apache2.2-common +Architecture: any +Depends: ${misc:Depends}, apache2.2-bin (= ${binary:Version}), apache2-utils, libmagic1, mime-support, lsb-base, procps [!hurd-i386], perl +Recommends: ssl-cert +Suggests: www-browser, apache2-doc, apache2-suexec | apache2-suexec-custom, ufw +Conflicts: apache2-common, libapache2-mod-php5 (<= 5.1.6-3), libapache2-mod-php4 (<= 4:4.4.4-2), libapache2-mod-mime-xattr (<= 0.3-2), libapache2-mod-mono (<= 1.1.17-3), libapache2-mod-proxy-html (<= 2.4.3-2), libapache2-mod-scgi (<= 1.11-1), libapache2-mod-speedycgi (<= 2.22-3), libapache2-modxslt (<= 2005072700-1), libapache2-redirtoservername (<= 0.1-1), libapache2-webauth (<= 3.5.3-1), libapache2-webkdc (<= 3.5.3-1) +Replaces: apache2-common +Description: Apache HTTP Server common files + The Apache Software Foundation's goal is to build a secure, efficient and + extensible HTTP server as standards-compliant open source software. The + result has long been the number one web server on the Internet. + . + This package contains the configuration and support scripts. + However, it does *not* include the server itself; for this you need to + install one of the apache2-mpm-* packages, such as worker or prefork. + +Package: apache2.2-bin +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Conflicts: apache2.2-common (<< 2.2.11-5~) +Replaces: apache2.2-common (<< 2.2.14-2~) +Description: Apache HTTP Server common binary files + The Apache Software Foundation's goal is to build a secure, efficient and + extensible HTTP server as standards-compliant open source software. The + result has long been the number one web server on the Internet. + . + This package contains all binaries but no configuration or support scripts. + To get a stand-alone server, you need to install one of the apache2-mpm-* + packages, such as worker or prefork. Other packages like gnome-user-share + may bring their own Apache configuration, though. + +Package: apache2-mpm-worker +Architecture: any +Depends: ${misc:Depends}, apache2.2-common (= ${binary:Version}), apache2.2-bin (= ${binary:Version}) +Provides: apache2-mpm, apache2, httpd, httpd-cgi +Conflicts: apache2-mpm, apache2-common +Replaces: apache2-mpm-threadpool (<< 2.0.53), apache2-mpm-perchild (<< 2.2.0) +Description: Apache HTTP Server - high speed threaded model + Each Apache Multi-Processing Module provides a different "flavor" of + web server binary, compiled with a different processing model. + . + The worker MPM provides the default threaded implementation. It is + recommended especially for high-traffic sites because it is faster + and has a smaller memory footprint than the traditional prefork MPM. + +Package: apache2-mpm-prefork +Architecture: any +Depends: ${misc:Depends}, apache2.2-common (= ${binary:Version}), apache2.2-bin (= ${binary:Version}) +Provides: apache2-mpm, apache2, httpd, httpd-cgi +Conflicts: apache2-mpm, apache2-common +Description: Apache HTTP Server - traditional non-threaded model + Each Apache Multi-Processing Module provides a different "flavor" of + web server binary, compiled with a different processing model. + . + The prefork MPM provides a non-threaded, pre-forking implementation + that handles requests in a manner similar to Apache 1.3. It is not as + fast as threaded models, but is considered to be more stable. It is + appropriate for sites that need to maintain compatibility with + non-thread-safe libraries, and is the best MPM for isolating each + request, so that a problem with a single request will not affect any + other. + +Package: apache2-mpm-event +Architecture: any +Depends: ${misc:Depends}, apache2.2-common (= ${binary:Version}), apache2.2-bin (= ${binary:Version}) +Provides: apache2-mpm, apache2, httpd, httpd-cgi +Conflicts: apache2-mpm, apache2-common +Description: Apache HTTP Server - event driven model + Each Apache Multi-Processing Module provides a different "flavor" of + web server binary, compiled with a different processing model. + . + The event MPM is designed to allow more requests to be served + simultaneously by passing off some processing work to supporting + threads, freeing up the main threads to work on new requests. It is + especially suitable for sites that see extensive KeepAlive traffic. + . + This MPM is experimental and less tested than the worker and prefork MPMs. + +Package: apache2-mpm-itk +Depends: ${misc:Depends}, apache2.2-common (= ${binary:Version}), apache2.2-bin (= ${binary:Version}) +Provides: apache2-mpm, apache2, httpd, httpd-cgi +Conflicts: apache2-mpm, apache2-common +Architecture: any +Priority: extra +Description: multiuser MPM for Apache 2.2 + The ITK Multi-Processing Module (MPM) works in about the same way as the + classical "prefork" module (that is, without threads), except that it allows + you to constrain each individual vhost to a particular system user. This + allows you to run several different web sites on a single server without + worrying that they will be able to read each others' files. This is a + third-party MPM that is not included in the normal Apache httpd. + . + Please note that this MPM is somewhat less tested than the MPMs that come with + Apache itself. + +Package: apache2-utils +Architecture: any +Replaces: apache2-common, apache-utils (<< 1.3.33-4) +Conflicts: apache-common (<< 1.3.28.0.1-1) +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: utility programs for webservers + Provides some add-on programs useful for any webserver. These include: + - ab (Apache benchmark tool) + - logresolve (Resolve IP addresses to hostname in logfiles) + - htpasswd (Manipulate basic authentication files) + - htdigest (Manipulate digest authentication files) + - dbmmanage (Manipulate basic authentication files in DBM format, using perl) + - htdbm (Manipulate basic authentication files in DBM format, using APR) + - rotatelogs (Periodically stop writing to a logfile and open a new one) + - split-logfile (Split a single log including multiple vhosts) + - checkgid (Checks whether the caller can setgid to the specified group) + - check_forensic (Extract mod_log_forensic output from Apache log files) + +Package: apache2-suexec +Priority: optional +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends}, apache2.2-common +Conflicts: apache2-suexec, apache-common +Replaces: apache2-suexec +Description: Standard suexec program for Apache 2 mod_suexec + Provides the standard suexec helper program for mod_suexec. This version is + compiled with document root /var/www and userdir suffix public_html. If you + need different settings, use the package apache2-suexec-custom. + +Package: apache2-suexec-custom +Priority: extra +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends}, apache2.2-common +Provides: apache2-suexec +Conflicts: apache2-suexec, apache-common +Replaces: apache2-suexec +Description: Configurable suexec program for Apache 2 mod_suexec + Provides a customizable version of the suexec helper program for mod_suexec. + This is not the version from upstream, but can be configured with a + configuration file. + . + If you do not need non-standard document root or userdir settings, it is + recommended that you use the standard suexec helper program from the + apache2-suexec package instead. + +Package: apache2 +Architecture: any +Depends: ${misc:Depends}, apache2-mpm-worker (= ${binary:Version}) | apache2-mpm-prefork (= ${binary:Version}) | apache2-mpm-event (= ${binary:Version}) | apache2-mpm-itk (= ${binary:Version}), apache2.2-common (= ${binary:Version}) +Description: Apache HTTP Server metapackage + The Apache Software Foundation's goal is to build a secure, efficient and + extensible HTTP server as standards-compliant open source software. The + result has long been the number one web server on the Internet. + . + It features support for HTTPS, virtual hosting, CGI, SSI, IPv6, easy + scripting and database integration, request/response filtering, many + flexible authentication schemes, and more. + +Package: apache2-doc +Section: doc +Architecture: all +Depends: ${misc:Depends} +Description: Apache HTTP Server documentation + This package provides the documentation for Apache 2. For more details + see the apache2 package description. + +Package: apache2-prefork-dev +Architecture: any +Depends: ${misc:Depends}, apache2.2-common (= ${binary:Version}), openssl, libaprutil1-dev +Conflicts: apache2-threaded-dev +Priority: extra +Description: Apache development headers - non-threaded MPM + This package provides the development headers and apxs2 binary for + apache2-mpm-prefork; see the apache2 package description for more details. + . + This should only be used when you absolutely *must* support a non-threaded + environment (for PHP, for example). + +Package: apache2-threaded-dev +Architecture: any +Depends: ${misc:Depends}, apache2.2-common (= ${binary:Version}), openssl, libaprutil1-dev +Conflicts: apache2-prefork-dev +Provides: apache2-dev +Priority: extra +Description: Apache development headers - threaded MPM + This package provides the development headers and apxs2 binary for + threaded versions of apache2; see the apache2 package description + for more details. + +Package: apache2-dbg +Section: debug +Priority: extra +Architecture: any +Depends: ${misc:Depends}, apache2.2-bin (= ${binary:Version}) +Description: Apache debugging symbols + This package includes the debugging symbols for Apache 2. + See /usr/share/doc/apache2.2-common/README.backtrace for more information. --- apache2-2.2.14.orig/debian/apache2.dirs +++ apache2-2.2.14/debian/apache2.dirs @@ -0,0 +1 @@ +usr/share/bug/apache2 --- apache2-2.2.14.orig/debian/apache2-suexec.install +++ apache2-2.2.14/debian/apache2-suexec.install @@ -0,0 +1,2 @@ +usr/sbin/suexec usr/lib/apache2 +usr/share/man/man8/suexec.8 --- apache2-2.2.14.orig/debian/apache2-utils.install +++ apache2-2.2.14/debian/apache2-utils.install @@ -0,0 +1,19 @@ +usr/sbin/ab +usr/share/man/man8/ab.8 +usr/sbin/checkgid +usr/sbin/dbmmanage usr/bin/ +usr/share/man/man1/dbmmanage.1 +usr/sbin/htdbm usr/bin/ +usr/share/man/man1/htdbm.1 +usr/sbin/htdigest usr/bin/ +usr/share/man/man1/htdigest.1 +usr/sbin/htpasswd usr/bin/ +usr/share/man/man1/htpasswd.1 +usr/sbin/logresolve +usr/share/man/man8/logresolve.8 +usr/sbin/rotatelogs +usr/share/man/man8/rotatelogs.8 +usr/sbin/htcacheclean +usr/share/man/man8/htcacheclean.8 +support/check_forensic usr/sbin +debian/build-tree/worker/support/split-logfile usr/sbin --- apache2-2.2.14.orig/debian/apache2-dbg.postinst +++ apache2-2.2.14/debian/apache2-dbg.postinst @@ -0,0 +1,18 @@ +#!/bin/sh +set -e + +if [ "$1" != "configure" ]; then + exit 0 +fi + +P=apache2-dbg +if dpkg --compare-versions "$2" lt 2.2.11-5~ ; then + DOCDIR=/usr/share/doc/$P + if [ ! -h $DOCDIR -a -d $DOCDIR ] ; then + rmdir $DOCDIR 2> /dev/null && ln -s apache2.2-bin $DOCDIR + fi +fi + +#DEBHELPER# + +exit 0 --- apache2-2.2.14.orig/debian/checkgid.8 +++ apache2-2.2.14/debian/checkgid.8 @@ -0,0 +1,36 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH CHECKGID 8 "November 3rd, 2001" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +checkgid \- checks the gid +.SH SYNOPSIS +.B checkgid group +.SH DESCRIPTION +This manual page documents briefly the +.B checkgid +command. +.PP +.\" TeX users may be more comfortable with the \fB\fP and +.\" \fI\fP escape sequences to invode bold face and italics, +.\" respectively. +\fBcheckgid\fP is a program that checks whether it can setgid to the group +specified. This is to see if it is a valid group for apache2 to use at runtime. +If the user (should be run as superuser) is in that group, or can setgid to it, +it will return 0. +.SH AUTHOR +This manual page was written by Daniel Stone for the Debian +GNU/Linux distribution, as the original did not have a manpage. --- apache2-2.2.14.orig/debian/apache2-suexec.lintian-overrides +++ apache2-2.2.14/debian/apache2-suexec.lintian-overrides @@ -0,0 +1,2 @@ +setuid-binary usr/lib/apache2/suexec 4754 root/www-data +package-relation-with-self replaces: apache2-suexec --- apache2-2.2.14.orig/debian/bash_completion +++ apache2-2.2.14/debian/bash_completion @@ -0,0 +1,54 @@ +# bash completion for Debian apache2 configuration tools +# $Id: apache2,v 1.1 2005/03/16 22:51:19 guillaume Exp $ + +_apache2_modsites() +{ + COMPREPLY=( $( compgen -W '$( command ls /etc/apache2/$1 2>/dev/null \ + | sed -e 's/\.load//' -e 's/\.conf//' )' -- $cur ) ) +} + +_a2enmod() +{ + local cur + + COMPREPLY=() + cur=${COMP_WORDS[COMP_CWORD]} + + _apache2_modsites mods-available +} +complete -F _a2enmod a2enmod + +_a2ensite() +{ + local cur + + COMPREPLY=() + cur=${COMP_WORDS[COMP_CWORD]} + + _apache2_modsites sites-available + +} +complete -F _a2ensite a2ensite + +_a2dismod() +{ + local cur + + COMPREPLY=() + cur=${COMP_WORDS[COMP_CWORD]} + + _apache2_modsites mods-enabled +} +complete -F _a2dismod a2dismod + +_a2dissite() +{ + local cur + + COMPREPLY=() + cur=${COMP_WORDS[COMP_CWORD]} + + _apache2_modsites sites-enabled + +} +complete -F _a2dissite a2dissite --- apache2-2.2.14.orig/debian/README.backtrace +++ apache2-2.2.14/debian/README.backtrace @@ -0,0 +1,51 @@ +If apache crashes or freezes, it is helpful if you include a backtrace in the +bug report. + + + +In case of a crash, do the following: + +1) Install the packages apache2-dbg libapr1-dbg libaprutil1-dbg gdb. + +2) Add "CoreDumpDirectory /var/cache/apache2" to your apache configuration. + +3) Execute as root: + /etc/init.d/apache2 stop + ulimit -c unlimited + /etc/init.d/apache2 start + +4) Do whatever it takes to reproduce the crash. There should now be the file +/var/cache/apache2/core . + +5) If you use apache2-mpm-prefork, execute: + + gdb /usr/sbin/apache2 /var/cache/apache2/core + (gdb) bt full + ... + (gdb) quit + +If you use a threaded mpm, execute: + + gdb /usr/sbin/apache2 /var/cache/apache2/core + (gdb) thread apply all bt full + ... + (gdb) quit + +Include the backtrace in the bug report. + +6) Undo the change to your configuration, uninstall the debug packages, remove +/var/cache/apache2/core + + + +In case of a hanging process, you don't need a core dump and you can skip steps 2 and 3. + +4) Reproduce the problem. Get the pid of a hanging process. + +5) Start gdb with + + gdb -p pid + +and continue as described above. It may also be helpful to include the output of + + strace -p pid --- apache2-2.2.14.orig/debian/rules +++ apache2-2.2.14/debian/rules @@ -0,0 +1,331 @@ +#! /usr/bin/make -f + +# Code for httpd 2.1, based on apache2 and others. +# Copyright (C) Canonical Ltd, 2005 + +export DEB_BUILD_HARDENING=1 +export DEB_BUILD_OPTIONS +export DH_OPTIONS + +SHELL := sh -e + +#enable dpatch +include /usr/share/dpatch/dpatch.make + +# These are used for cross-compiling and for saving the configure script +# # from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +LSB_RELEASE := $(shell lsb_release -i -s) + +CONFFLAGS += ac_cv_prog_AWK=mawk ac_cv_prog_LYNX_PATH=www-browser + +AP2_COMMON_CONFARGS = --enable-layout=Debian --enable-so \ + --with-program-name=apache2 \ + --with-ldap=yes --with-ldap-include=/usr/include \ + --with-ldap-lib=/usr/lib \ + --with-suexec-caller=www-data \ + --with-suexec-bin=/usr/lib/apache2/suexec \ + --with-suexec-docroot=/var/www \ + --with-suexec-userdir=public_html \ + --with-suexec-logfile=/var/log/apache2/suexec.log \ + --with-suexec-uidmin=100 \ + --enable-suexec=shared \ + --enable-log-config=static --enable-logio=static \ + --with-apr=/usr/bin/apr-1-config \ + --with-apr-util=/usr/bin/apu-1-config \ + --with-pcre=yes \ + --enable-pie + +AP2_MODS_CONFARGS = --enable-authn-alias=shared --enable-authnz-ldap=shared \ + --enable-disk-cache=shared --enable-cache=shared \ + --enable-mem-cache=shared --enable-file-cache=shared \ + --enable-cern-meta=shared --enable-dumpio=shared --enable-ext-filter=shared \ + --enable-charset-lite=shared --enable-cgi=shared \ + --enable-dav-lock=shared --enable-log-forensic=shared \ + --enable-ldap=shared --enable-proxy=shared \ + --enable-proxy-connect=shared --enable-proxy-ftp=shared \ + --enable-proxy-http=shared --enable-proxy-ajp=shared \ + --enable-proxy-scgi=shared \ + --enable-proxy-balancer=shared --enable-ssl=shared \ + --enable-authn-dbm=shared --enable-authn-anon=shared \ + --enable-authn-dbd=shared --enable-authn-file=shared \ + --enable-authn-default=shared --enable-authz-host=shared \ + --enable-authz-groupfile=shared --enable-authz-user=shared \ + --enable-authz-dbm=shared --enable-authz-owner=shared \ + --enable-authnz-ldap=shared --enable-authz-default=shared \ + --enable-auth-basic=shared --enable-auth-digest=shared \ + --enable-dbd=shared --enable-deflate=shared \ + --enable-include=shared --enable-filter=shared \ + --enable-env=shared --enable-mime-magic=shared \ + --enable-expires=shared --enable-headers=shared \ + --enable-ident=shared --enable-usertrack=shared \ + --enable-unique-id=shared --enable-setenvif=shared \ + --enable-version=shared --enable-status=shared \ + --enable-autoindex=shared --enable-asis=shared \ + --enable-info=shared --enable-cgid=shared \ + --enable-dav=shared --enable-dav-fs=shared \ + --enable-vhost-alias=shared --enable-negotiation=shared \ + --enable-dir=shared --enable-imagemap=shared \ + --enable-actions=shared --enable-speling=shared \ + --enable-userdir=shared --enable-alias=shared \ + --enable-rewrite=shared --enable-mime=shared \ + --enable-substitute=shared --enable-reqtimeout=shared + +AP2_CFLAGS = $(CFLAGS) -g -pipe -I/usr/include/xmltok -I/usr/include/openssl -Wall -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector +AP2_LDFLAGS = -Wl,--as-needed -Wl,-z,relro + +#support noopt building +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + AP2_CFLAGS += -O0 +else + AP2_CFLAGS += -O2 +endif + +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) +DEB_BUILD_STRIP = yes +endif + +ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + MAKEFLAGS += -j$(NUMJOBS) +endif + +BUILD=debian/build-tree +REALCURDIR=$(CURDIR) +INSTALL=/usr/bin/install + +clean: unpatch + dh_testdir + rm -rf $(BUILD) mpm-worker mpm-prefork mpm-event mpm-itk install + rm -rf debian/tmp-worker debian/tmp-prefork + dh_clean + +build: patch-stamp build-stamp +build-stamp: patch-stamp mpm-worker mpm-prefork mpm-event mpm-itk + for mpm in prefork event itk ; do \ + if ! diff -u $(BUILD)/$$mpm/mods.list $(BUILD)/worker/mods.list ; then \ + echo Different modules built into httpd binaries, will not proceed ;\ + exit 1 ;\ + fi \ + done + touch $@ + + +mpm-worker mpm-prefork mpm-event mpm-itk: mpm-%: patch-stamp mpm-%.scripts-stamp + dh_testdir + mkdir -p $(BUILD)/$* + # we don't want modifications done by itk outside of server/mpm/experimental/itk + # to appear in the other mpms. Therefore we copy the whole source tree. + set -ex ; \ + if [ $* = itk ] ; then \ + cp -a `find . -maxdepth 1 -mindepth 1 -not -name debian` $(BUILD)/$* ; \ + cd $(BUILD)/$* ; \ + mkdir server/mpm/experimental/itk/ ; \ + cp server/mpm/prefork/* server/mpm/experimental/itk/ ; \ + mv server/mpm/experimental/itk/prefork.c server/mpm/experimental/itk/itk.c ; \ + \ + for PATCH in `tail -n +2 ../../mpm-itk/patches/series`; do \ + echo Applying $$PATCH ... ; \ + patch -p1 < ../../mpm-itk/patches/$$PATCH ; \ + echo ; \ + done ; \ + \ + autoheader ; \ + autoconf ; \ + CONFIGURE=./configure ; \ + else \ + cd $(BUILD)/$* ; \ + CONFIGURE="$(REALCURDIR)/configure --srcdir=$(REALCURDIR)" ; \ + fi ; \ + if [ $* = worker ] ; then \ + ENABLE_MODULES="$(AP2_MODS_CONFARGS)" ; \ + else \ + ENABLE_MODULES=--enable-modules=none ; \ + fi ; \ + CFLAGS="$(AP2_CFLAGS)" LDFLAGS="$(AP2_LDFLAGS)" $(CONFFLAGS) $$CONFIGURE \ + $(AP2_COMMON_CONFARGS) $$ENABLE_MODULES --with-mpm=$* ; \ + $(MAKE) ; \ + ./apache2 -l |grep -v $* > mods.list + touch $@ + +mpm-%.scripts-stamp: debian/mpms.postinst debian/mpms.preinst debian/mpms.prerm debian/mpms.lintian-overrides debian/mpms.dirs debian/mpms.links + for f in postinst preinst prerm links dirs ; do \ + perl -p -e "s/MPMXXX/$*/g" < debian/mpms.$$f > debian/apache2-mpm-$*.$$f ;\ + done + perl -p -e "s/^/apache2-mpm-$*: /" < debian/mpms.lintian-overrides > debian/apache2-mpm-$*.lintian-overrides + touch $@ + +install-worker: mpm-worker + dh_testdir + dh_testroot + cd $(BUILD)/worker ;\ + $(MAKE) DESTDIR=$(REALCURDIR)/debian/tmp install + ln -sf tmp debian/tmp-worker + +install-prefork: mpm-prefork + dh_testdir + dh_testroot + cd $(BUILD)/prefork ;\ + $(MAKE) DESTDIR=$(REALCURDIR)/debian/tmp-prefork install + +install-dev: install-worker install-prefork + dh_testdir + dh_testroot + dh_installdirs + for i in worker prefork; do \ + if [ "$$i" = "prefork" ]; then \ + TARGET=prefork ;\ + else \ + TARGET=threaded ;\ + fi ;\ + cp debian/tmp-$$i/usr/include/apache2/* debian/apache2-$$TARGET-dev/usr/include/apache2/ ;\ + cp debian/tmp-$$i/usr/share/apache2/build/* debian/apache2-$$TARGET-dev/usr/share/apache2/build/ ;\ + cp $(BUILD)/$$i/support/apxs debian/apache2-$$TARGET-dev/usr/bin/apxs2 ;\ + perl -p -e s/^P=apache2/P=apache2-$${TARGET}-dev/ < debian/apache2.postinst > debian/apache2-$${TARGET}-dev.postinst ;\ + done +# Clean up config_vars.mk + set -x ; for i in threaded prefork; do \ + ( cd debian/apache2-$$i-dev/usr/share/apache2/build/ ; \ + grep -v -E '(^|_)(CPP|C)FLAGS' config_vars.mk > tmp_config_vars.mk ; \ + printf "CPPFLAGS = %s\n" "`grep -E '(^|_)(CPPFLAGS|INCLUDES)' config_vars.mk | cut -d= -f 2- | tr ' ' '\n' | grep -E '^-([DI]|pthread)' | sort | uniq | tr '\n' ' '`" >> tmp_config_vars.mk ; \ + printf "CFLAGS = %s\n" "`grep -E '(^|_)(CPPFLAGS|CFLAGS|INCLUDES)' config_vars.mk | cut -d= -f 2- | tr ' ' '\n' | grep -E '^-(D|I/|pthread)' | sort | uniq | tr '\n' ' '`" >> tmp_config_vars.mk ; \ + printf "NOTEST_CPPFLAGS = \n" >> tmp_config_vars.mk ; \ + printf "EXTRA_CPPFLAGS = \n" >> tmp_config_vars.mk ; \ + printf "EXTRA_CFLAGS = \n" >> tmp_config_vars.mk ; \ + mv tmp_config_vars.mk config_vars.mk ) ; \ + done + +install: build install-dev + dh_testroot + dh_testdir + dh_installdirs + + #cleanup of death + rm -rf debian/tmp/etc/apache2/original + rm -rf debian/tmp/usr/include + rm -rf debian/tmp/usr/share/apache2/build + rm -f debian/tmp/usr/share/man/man8/httpd.8 # We install our own + rm -f debian/tmp/usr/sbin/apxs debian/tmp/usr/sbin/apache2 + + # DO NOT FALL FOR THE TEMPTATION TO MV INTO PACKAGES OR DOOM + # WILL FIND YOU. Use dh_install, this is just because dh_install + # can't rename files + + mv debian/tmp/usr/share/man/man8/apxs.8 debian/tmp/usr/share/man/man8/apxs2.8 + mv debian/tmp/usr/sbin/apachectl debian/tmp/usr/sbin/apache2ctl + mv debian/tmp/usr/share/man/man8/apachectl.8 debian/tmp/usr/share/man/man8/apache2ctl.8 + mkdir -p debian/tmp/usr/share/apache2/icons/ + for i in `ls debian/icons/ | cut -d. -f1,2`; do \ + uudecode -o debian/tmp/usr/share/apache2/icons/$$i debian/icons/$$i".uue"; \ + done + + dh_install --list-missing + + cp debian/bash_completion debian/apache2.2-common/etc/bash_completion.d/apache2.2-common + install -m644 debian/apache2.2-common.ufw.profile debian/apache2.2-common/etc/ufw/applications.d/apache2.2-common + + # standard suexec + chmod 4754 debian/apache2-suexec/usr/lib/apache2/suexec + chgrp www-data debian/apache2-suexec/usr/lib/apache2/suexec + + chmod 644 debian/apache2.2-bin/usr/lib/apache2/modules/mod_suexec.so + + # configurable suexec + cp debian/build-tree/worker/support/suexec-custom debian/apache2-suexec-custom/usr/lib/apache2/suexec + cp debian/suexec-custom.config debian/apache2-suexec-custom/etc/apache2/suexec/www-data + chmod 4754 debian/apache2-suexec-custom/usr/lib/apache2/suexec + chgrp www-data debian/apache2-suexec-custom/usr/lib/apache2/suexec + + cp debian/apache2-doc.conf debian/apache2-doc/etc/apache2/conf.d/apache2-doc + grep -rl apachectl debian/apache2-doc/usr/share/doc/apache2-doc/manual | xargs perl -p -i -e 's/apachectl(?!\.html)/apache2ctl/g' + # remove content negotiation + mv debian/apache2-doc/usr/share/doc/apache2-doc/manual \ + debian/apache2-doc/usr/share/doc/apache2-doc/manual.orig + perl debian/convert_docs debian/apache2-doc/usr/share/doc/apache2-doc/manual.orig \ + debian/apache2-doc/usr/share/doc/apache2-doc/manual + mv debian/apache2-doc/usr/share/doc/apache2-doc/manual.orig/images \ + debian/apache2-doc/usr/share/doc/apache2-doc/manual.orig/style \ + debian/apache2-doc/usr/share/doc/apache2-doc/manual + rmdir debian/apache2-doc/usr/share/doc/apache2-doc/manual/style/lang + rmdir debian/apache2-doc/usr/share/doc/apache2-doc/manual/style/xsl/util + rmdir debian/apache2-doc/usr/share/doc/apache2-doc/manual/style/xsl + rm -r debian/apache2-doc/usr/share/doc/apache2-doc/manual.orig + + cp debian/logrotate debian/apache2.2-common/etc/logrotate.d/apache2 + cp debian/default-index.html debian/apache2.2-common/usr/share/apache2/default-site/index.html + + for i in worker prefork event itk; do \ + install -m 755 $(BUILD)/$$i/apache2 debian/apache2.2-bin/usr/lib/apache2/mpm-$$i/apache2 ;\ + done + + for pkg in `awk '/^Package:/ { print $$2 }' debian/control`; do \ + find debian/$$pkg/ -name .svn -exec rm -rf {} + ; \ + done + + dh_installdocs debian/README.backtrace -papache2.2-common -papache2.2-bin + dh_installdocs debian/README.backtrace -Napache2.2-common -Napache2.2-bin + cp debian/README.Debian debian/apache2-doc/usr/share/doc/apache2-doc/ + dh_installman + dh_bugfiles + dh_installinit --no-start -r --name=apache2 -- defaults 91 09 + dh_installcron --name=apache2 + dh_installchangelogs CHANGES -Napache2-suexec -Napache2-suexec-custom -Napache2 + dh_installchangelogs -papache2-suexec -papache2-suexec-custom -papache2 + dh_lintian + rm -f debian/apache2.2-bin/usr/share/doc/apache2.2-bin/NEWS.Debian + rm -f debian/apache2-utils/usr/share/doc/apache2-utils/NEWS.Debian + + dh_strip --dbg-package=apache2-dbg -Napache2-dbg -Xusr/lib/apache2/mpm + if [ "$(LSB_RELEASE)" != "Ubuntu" ] && [ -n "$(DEB_BUILD_STRIP)" ] ; then \ + for i in worker prefork event itk; do \ + MPM=usr/lib/apache2/mpm-$$i/apache2 ;\ + objcopy --only-keep-debug $(BUILD)/$$i/apache2 debian/apache2-dbg/usr/lib/debug/$$MPM-mpm-$$i ;\ + chmod 644 debian/apache2-dbg/usr/lib/debug/$$MPM-mpm-$$i ;\ + strip --remove-section=.comment --remove-section=.note --strip-unneeded debian/apache2.2-bin/$$MPM ;\ + objcopy --add-gnu-debuglink=debian/apache2-dbg/usr/lib/debug/$$MPM-mpm-$$i debian/apache2.2-bin/$$MPM ;\ + done ;\ + fi + + cp debian/mpm-itk/README debian/apache2.2-common/usr/share/doc/apache2.2-common/README.mpm-itk + cp debian/mpm-itk/CHANGES debian/apache2.2-common/usr/share/doc/apache2.2-common/changelog.mpm-itk + cp debian/mpm-itk/debian/changelog debian/apache2.2-common/usr/share/doc/apache2.2-common/changelog.mpm-itk.Debian + for p in apache2-prefork-dev apache2-threaded-dev apache2-mpm-prefork apache2-mpm-event \ + apache2-mpm-worker apache2-mpm-itk apache2; \ + do \ + rm -rf debian/$$p/usr/share/doc/$$p ;\ + ln -s apache2.2-common debian/$$p/usr/share/doc/$$p ;\ + done + rm -rf debian/apache2-dbg/usr/share/doc/apache2-dbg + ln -s apache2.2-bin debian/apache2-dbg/usr/share/doc/apache2-dbg + dh_link + dh_compress + dh_fixperms -Xsuexec + chown -R www-data:www-data debian/apache2.2-common/var/cache/apache2 + chown root:adm debian/apache2.2-common/var/log/apache2 + chmod o-rx debian/apache2.2-common/var/log/apache2 + + touch $@ + +binary-indep: install + dh_installdeb -i + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i + +binary-arch: install + dh_makeshlibs -a -V + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + if [ "$(LSB_RELEASE)" = "Ubuntu" ]; then \ + rm -rf debian/apache2-dbg; \ + sed -i '/apache2-dbg/d' debian/files; \ + dh_builddeb -a -Napache2-dbg; \ + else \ + dh_builddeb -a; \ + fi + +binary: binary-arch binary-indep --- apache2-2.2.14.orig/debian/apache2.2-common.apache2.default +++ apache2-2.2.14/debian/apache2.2-common.apache2.default @@ -0,0 +1,26 @@ +### htcacheclean settings ### + +## run htcacheclean: yes, no, auto +## auto means run if /etc/apache2/mods-enabled/disk_cache.load exists +## default: auto +HTCACHECLEAN_RUN=auto + +## run mode: cron, daemon +## run in daemon mode or as daily cron job +## default: daemon +HTCACHECLEAN_MODE=daemon + +## cache size +HTCACHECLEAN_SIZE=300M + +## interval: if in daemon mode, clean cache every x minutes +HTCACHECLEAN_DAEMON_INTERVAL=120 + +## path to cache +## must be the same as in CacheRoot directive +HTCACHECLEAN_PATH=/var/cache/apache2/mod_disk_cache + +## additional options: +## -n : be nice +## -t : remove empty directories +HTCACHECLEAN_OPTIONS="-n" --- apache2-2.2.14.orig/debian/mpms.postinst +++ apache2-2.2.14/debian/mpms.postinst @@ -0,0 +1,48 @@ +#!/bin/sh +set -e + +if [ "$1" != "configure" ]; then + exit 0 +fi + +P=apache2-mpm-MPMXXX +if [ $P = apache2-mpm-prefork ] || [ $P = apache2-mpm-itk ]; then + CGI_DIS=cgid + CGI_EN=cgi +else + CGI_DIS=cgi + CGI_EN=cgid +fi + +#enable cgi/cgid, but only on new installs. +if [ -z "$2" ]; then + a2dismod $CGI_DIS >/dev/null || true + a2enmod $CGI_EN >/dev/null || echo "It looks like you've deleted /etc/apache2/mods-available/cgid.load, so mod_cgid cannot be enabled. To fix this, please purge and reinstall apache2.2-common." +fi + +# Migrate our kill symlinks, including ones the user may have done an s/S/K/ to: +for i in `seq 0 6`; do + if [ -L /etc/rc"$i".d/K91apache2 ]; then + mv /etc/rc"$i".d/K91apache2 \ + /etc/rc"$i".d/K09apache2 + fi +done + +if [ -x "/etc/init.d/apache2" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d apache2 start ||true + else + /etc/init.d/apache2 start ||true + fi +fi + +if dpkg --compare-versions "$2" lt 2.2.11-5~ ; then + DOCDIR=/usr/share/doc/$P + if [ ! -h $DOCDIR -a -d $DOCDIR ] ; then + rmdir $DOCDIR 2> /dev/null && ln -s apache2.2-common $DOCDIR + fi +fi + +#DEBHELPER# + +exit 0 --- apache2-2.2.14.orig/debian/watch +++ apache2-2.2.14/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://www.apache.org/dist/httpd/httpd-(2\.2.*)\.tar\.gz --- apache2-2.2.14.orig/debian/source.lintian-overrides +++ apache2-2.2.14/debian/source.lintian-overrides @@ -0,0 +1,2 @@ +apache2 source: ancient-autotools-helper-file srclib/apr-util/xml/expat/conftools/config.sub 2002-03-07 +apache2 source: ancient-autotools-helper-file srclib/apr-util/xml/expat/conftools/config.guess 2002-03-20 --- apache2-2.2.14.orig/debian/mpm-itk/COPYRIGHT +++ apache2-2.2.14/debian/mpm-itk/COPYRIGHT @@ -0,0 +1,686 @@ +apache2-mpm-itk is copyright Steinar H. Gunderson +and Knut Auvor Grythe , and is provided under the same license +as the Apache web server. + +Get the latest version at http://mpm-itk.sesse.net/ . + +The entire license text for Apache is: + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + + +APACHE HTTP SERVER SUBCOMPONENTS: + +The Apache HTTP Server includes a number of subcomponents with +separate copyright notices and license terms. Your use of the source +code for the these subcomponents is subject to the terms and +conditions of the following licenses. + +For the mod_mime_magic component: + +/* + * mod_mime_magic: MIME type lookup via file magic numbers + * Copyright (c) 1996-1997 Cisco Systems, Inc. + * + * This software was submitted by Cisco Systems to the Apache Group in July + * 1997. Future revisions and derivatives of this source code must + * acknowledge Cisco Systems as the original contributor of this module. + * All other licensing and usage conditions are those of the Apache Group. + * + * Some of this code is derived from the free version of the file command + * originally posted to comp.sources.unix. Copyright info for that program + * is included below as required. + * --------------------------------------------------------------------------- + * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin. + * + * This software is not subject to any license of the American Telephone and + * Telegraph Company or of the Regents of the University of California. + * + * Permission is granted to anyone to use this software for any purpose on any + * computer system, and to alter it and redistribute it freely, subject to + * the following restrictions: + * + * 1. The author is not responsible for the consequences of use of this + * software, no matter how awful, even if they arise from flaws in it. + * + * 2. The origin of this software must not be misrepresented, either by + * explicit claim or by omission. Since few users ever read sources, credits + * must appear in the documentation. + * + * 3. Altered versions must be plainly marked as such, and must not be + * misrepresented as being the original software. Since few users ever read + * sources, credits must appear in the documentation. + * + * 4. This notice may not be removed or altered. + * ------------------------------------------------------------------------- + * + */ + + +For the modules\mappers\mod_imap.c component: + + "macmartinized" polygon code copyright 1992 by Eric Haines, erich@eye.com + +For the server\util_md5.c component: + +/************************************************************************ + * NCSA HTTPd Server + * Software Development Group + * National Center for Supercomputing Applications + * University of Illinois at Urbana-Champaign + * 605 E. Springfield, Champaign, IL 61820 + * httpd@ncsa.uiuc.edu + * + * Copyright (C) 1995, Board of Trustees of the University of Illinois + * + ************************************************************************ + * + * md5.c: NCSA HTTPd code which uses the md5c.c RSA Code + * + * Original Code Copyright (C) 1994, Jeff Hostetler, Spyglass, Inc. + * Portions of Content-MD5 code Copyright (C) 1993, 1994 by Carnegie Mellon + * University (see Copyright below). + * Portions of Content-MD5 code Copyright (C) 1991 Bell Communications + * Research, Inc. (Bellcore) (see Copyright below). + * Portions extracted from mpack, John G. Myers - jgm+@cmu.edu + * Content-MD5 Code contributed by Martin Hamilton (martin@net.lut.ac.uk) + * + */ + + +/* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */ +/* (C) Copyright 1993,1994 by Carnegie Mellon University + * All Rights Reserved. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without + * fee, provided that the above copyright notice appear in all copies + * and that both that copyright notice and this permission notice + * appear in supporting documentation, and that the name of Carnegie + * Mellon University not be used in advertising or publicity + * pertaining to distribution of the software without specific, + * written prior permission. Carnegie Mellon University makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied + * warranty. + * + * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE + * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore) + * + * Permission to use, copy, modify, and distribute this material + * for any purpose and without fee is hereby granted, provided + * that the above copyright notice and this permission notice + * appear in all copies, and that the name of Bellcore not be + * used in advertising or publicity pertaining to this + * material without the specific, prior written permission + * of an authorized representative of Bellcore. BELLCORE + * MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY + * OF THIS MATERIAL FOR ANY PURPOSE. IT IS PROVIDED "AS IS", + * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. + */ + +For the srclib\apr\include\apr_md5.h component: +/* + * This is work is derived from material Copyright RSA Data Security, Inc. + * + * The RSA copyright statement and Licence for that original material is + * included below. This is followed by the Apache copyright statement and + * licence for the modifications made to that material. + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + rights reserved. + + License to copy and use this software is granted provided that it + is identified as the "RSA Data Security, Inc. MD5 Message-Digest + Algorithm" in all material mentioning or referencing this software + or this function. + + License is also granted to make and use derivative works provided + that such works are identified as "derived from the RSA Data + Security, Inc. MD5 Message-Digest Algorithm" in all material + mentioning or referencing the derived work. + + RSA Data Security, Inc. makes no representations concerning either + the merchantability of this software or the suitability of this + software for any particular purpose. It is provided "as is" + without express or implied warranty of any kind. + + These notices must be retained in any copies of any part of this + documentation and/or software. + */ + +For the srclib\apr\passwd\apr_md5.c component: + +/* + * This is work is derived from material Copyright RSA Data Security, Inc. + * + * The RSA copyright statement and Licence for that original material is + * included below. This is followed by the Apache copyright statement and + * licence for the modifications made to that material. + */ + +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + rights reserved. + + License to copy and use this software is granted provided that it + is identified as the "RSA Data Security, Inc. MD5 Message-Digest + Algorithm" in all material mentioning or referencing this software + or this function. + + License is also granted to make and use derivative works provided + that such works are identified as "derived from the RSA Data + Security, Inc. MD5 Message-Digest Algorithm" in all material + mentioning or referencing the derived work. + + RSA Data Security, Inc. makes no representations concerning either + the merchantability of this software or the suitability of this + software for any particular purpose. It is provided "as is" + without express or implied warranty of any kind. + + These notices must be retained in any copies of any part of this + documentation and/or software. + */ +/* + * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0 + * MD5 crypt() function, which is licenced as follows: + * ---------------------------------------------------------------------------- + * "THE BEER-WARE LICENSE" (Revision 42): + * wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you think + * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp + * ---------------------------------------------------------------------------- + */ + +For the srclib\apr-util\crypto\apr_md4.c component: + + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + * rights reserved. + * + * License to copy and use this software is granted provided that it + * is identified as the "RSA Data Security, Inc. MD4 Message-Digest + * Algorithm" in all material mentioning or referencing this software + * or this function. + * + * License is also granted to make and use derivative works provided + * that such works are identified as "derived from the RSA Data + * Security, Inc. MD4 Message-Digest Algorithm" in all material + * mentioning or referencing the derived work. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + +For the srclib\apr-util\include\apr_md4.h component: + + * + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + * rights reserved. + * + * License to copy and use this software is granted provided that it + * is identified as the "RSA Data Security, Inc. MD4 Message-Digest + * Algorithm" in all material mentioning or referencing this software + * or this function. + * + * License is also granted to make and use derivative works provided + * that such works are identified as "derived from the RSA Data + * Security, Inc. MD4 Message-Digest Algorithm" in all material + * mentioning or referencing the derived work. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + + +For the srclib\apr-util\test\testdbm.c component: + +/* ==================================================================== + * The Apache Software License, Version 1.1 + * + * Copyright (c) 2000-2002 The Apache Software Foundation. All rights + * reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, + * if any, must include the following acknowledgment: + * "This product includes software developed by the + * Apache Software Foundation (http://www.apache.org/)." + * Alternately, this acknowledgment may appear in the software itself, + * if and wherever such third-party acknowledgments normally appear. + * + * 4. The names "Apache" and "Apache Software Foundation" must + * not be used to endorse or promote products derived from this + * software without prior written permission. For written + * permission, please contact apache@apache.org. + * + * 5. Products derived from this software may not be called "Apache", + * nor may "Apache" appear in their name, without prior written + * permission of the Apache Software Foundation. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * . + * + * This file came from the SDBM package (written by oz@nexus.yorku.ca). + * That package was under public domain. This file has been ported to + * APR, updated to ANSI C and other, newer idioms, and added to the Apache + * codebase under the above copyright and license. + */ + + +For the srclib\apr-util\test\testmd4.c component: + + * + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All + * rights reserved. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + +For the srclib\apr-util\xml\expat\conftools\install-sh component: + +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# + +For the srclib\pcre\install-sh component: + +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. + +For the pcre component: + +PCRE LICENCE +------------ + +PCRE is a library of functions to support regular expressions whose syntax +and semantics are as close as possible to those of the Perl 5 language. + +Written by: Philip Hazel + +University of Cambridge Computing Service, +Cambridge, England. Phone: +44 1223 334714. + +Copyright (c) 1997-2001 University of Cambridge + +Permission is granted to anyone to use this software for any purpose on any +computer system, and to redistribute it freely, subject to the following +restrictions: + +1. This software is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +2. The origin of this software must not be misrepresented, either by + explicit claim or by omission. In practice, this means that if you use + PCRE in software which you distribute to others, commercially or + otherwise, you must put a sentence like this + + Regular expression support is provided by the PCRE library package, + which is open source software, written by Philip Hazel, and copyright + by the University of Cambridge, England. + + somewhere reasonably visible in your documentation and in any relevant + files or online help data or similar. A reference to the ftp site for + the source, that is, to + + ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ + + should also be given in the documentation. + +3. Altered versions must be plainly marked as such, and must not be + misrepresented as being the original software. + +4. If PCRE is embedded in any software that is released under the GNU + General Purpose Licence (GPL), or Lesser General Purpose Licence (LGPL), + then the terms of that licence shall supersede any condition above with + which it is incompatible. + +The documentation for PCRE, supplied in the "doc" directory, is distributed +under the same terms as the software itself. + +End PCRE LICENCE + + +For the test\zb.c component: + +/* ZeusBench V1.01 + =============== + +This program is Copyright (C) Zeus Technology Limited 1996. + +This program may be used and copied freely providing this copyright notice +is not removed. + +This software is provided "as is" and any express or implied waranties, +including but not limited to, the implied warranties of merchantability and +fitness for a particular purpose are disclaimed. In no event shall +Zeus Technology Ltd. be liable for any direct, indirect, incidental, special, +exemplary, or consequential damaged (including, but not limited to, +procurement of substitute good or services; loss of use, data, or profits; +or business interruption) however caused and on theory of liability. Whether +in contract, strict liability or tort (including negligence or otherwise) +arising in any way out of the use of this software, even if advised of the +possibility of such damage. + + Written by Adam Twiss (adam@zeus.co.uk). March 1996 + +Thanks to the following people for their input: + Mike Belshe (mbelshe@netscape.com) + Michael Campanella (campanella@stevms.enet.dec.com) + +*/ + +For the expat xml parser component: + +Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd + and Clark Cooper + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +==================================================================== --- apache2-2.2.14.orig/debian/mpm-itk/README +++ apache2-2.2.14/debian/mpm-itk/README @@ -0,0 +1,121 @@ +This is a copy of the documentation available at http://mpm-itk.sesse.net/, +dumped with the Lynx web browser and edited briefly. + + The Apache 2 ITK MPM + + apache2-mpm-itk (just mpm-itk for short) is an MPM (Multi-Processing + Module) for the [1]Apache web server. mpm-itk allows you to run each of + your vhost under a separate uid and gid -- in short, the scripts and + configuration files for one vhost no longer have to be readable for all + the other vhosts. + + There are already MPMs available that do this; however, I am not aware + of any besides mpm-itk that are actively developed. (If you only run + CGI scripts, suexec will probably solve most of your problems with any + MPM.) + + mpm-itk is based on the traditional prefork MPM, which means it's + non-threaded; in short, this means you can run non-thread-aware code + (like many [2]PHP extensions) without problems. On the other hand, you + lose out to any performance benefit you'd get with threads, of course; + you'd have to decide for yourself if that's worth it or not. You will + also take an additional performance hit over prefork, since there's an + extra fork per request. + +Installation + + If you can't apply a patch, you probably should not be using this. :-) + However, several distributions now include mpm-itk as a choice + alongside the other MPMs; in alphabetical order: + * [3]Arch Linux + * [4]Debian GNU/Linux + * [5]FreeBSD ports + * [6]Gentoo Linux + * [7]Mandriva + * [8]Ubuntu + + If you know of any I missed, or if you have included mpm-itk in your + favourite distribution, please drop me a note (see below). I'd always + be happy to expand this list :-) + +Configuration + + The new configuration settings compared to the prefork MPM are: + * AssignUserID: Takes two parameters, uid and gid (or really, user + name and group name); specifies what uid and gid the vhost will run + as (after parsing the request etc., of course). Note that if you do + not assign a user ID, the default one from Apache will be used. + * MaxClientsVHost: A separate MaxClients for the vhost. This can be + useful if, say, half of your vhosts depend on some NFS server (like + on our setup); if the NFS server goes down, you do not want the + children waiting forever on NFS to take the non-NFS-dependent hosts + down. This can thus act as a safety measure, giving "server too + busy" on the NFS-dependent vhosts while keeping the other ones + happily running. (Of course, you could use it to simply keep one + site from eating way too much resources, but there are probably + better ways of doing that.) + * NiceValue: Lets you nice some requests down, to give them less CPU + time. + + AssignUserID and NiceValue can be set wherever you'd like in the Apache + configuration, except in .htaccess. MaxClientsVHost can only be set + inside a VirtualHost directive. + +Quirks and warnings + + Since mpm-itk has to be able to setuid(), it runs as root (although + restricted with POSIX capabilities where possible) until the request is + parsed and the vhost determined. This means that any security hole + before the request is parsed will be a root security hole. (The most + likely place is probably in mod_ssl.) This is not going to change in + the near future, as the most likely alternative solution (socket + passing and its variants) is very hard to get to work properly in a + number of common use cases, like SSL. + + The lack of socket passing also leads to another minor quirk: if you + connect to httpd, make a request and then make a request on the same + connection that gets handled by a different uid, mpm-itk simply shuts + down the connection. This is perfectly legal according to RFC2616, and + all major clients seem to handle it well; the web server simply + simulates a timeout, and the client just opens a new connection and + retries the request. However, there is a small performance hit, and + thus you should avoid including content from multiple uids in the same + page. + + Note that mpm-itk is experimental software; and we've done a fair + amount of stress testing, but it's nowhere as tested as, say, prefork. + That being said, it's being run in production at several sites in the + world, both hobbyist and commercial, some as large as ~10 million hits + a day. + + People have reported issues with mpm-itk and mod_python, mod_ruby and + FastCGI. I believe the mod_python and FastCGI problems have been + largely solved by updates to those packages, but as I use neither, I + can't really guarantee anything. YMMV, test before use. + +Licensing + + mpm-itk is licensed under the Apache License, version 2.0, like the + rest of Apache. + +Contact + + mpm-itk is developed by Steinar H. Gunderson; e-mail address is at my + [9]home page. + + There is a user mailing list at mpm-itk [at] lists.err.no. Visit the + [10]mailing list page to subscribe, or send a blank e-mail to + mpm-itk-subscribe [at] lists.err.no. + +References + + 1. http://www.apache.org/ + 2. http://www.php.net/ + 3. http://www.archlinux.org/ + 4. http://www.debian.org/ + 5. http://www.freebsd.org/ + 6. http://www.gentoo.org/ + 7. http://www.mandriva.com/ + 8. http://www.ubuntu.com/ + 9. http://www.sesse.net/ + 10. http://lists.err.no/mailman/listinfo/mpm-itk --- apache2-2.2.14.orig/debian/mpm-itk/CHANGES +++ apache2-2.2.14/debian/mpm-itk/CHANGES @@ -0,0 +1,44 @@ +apache2.2-mpm-itk 2.2.11-02, released 2009-04-14: + + * Really fix the waitpid() code; thanks to Dave Cundiff for spotting the typo. + * Add CAP_DAC_READ_SEARCH to the list of capabilities, so Apache can read + .htaccess files that are not world readable. This should fix some of the + "permission denied" problems that cropped up in 2.2.11-01, although you + will still see the problem if you use root-squashed NFS. + +apache2.2-mpm-itk 2.2.11-01, released 2009-03-21: + + * NOTE: This release contains major new functionality. As with mpm-itk in + general, you may want to consider closely whether you actually want to + put it in production. Also note that Apache 2.0 is no longer supported. + * Updated for Apache 2.2.11 (in particular, prefork had a few minor changes + that are now incorporated). + * Allow uid/gid and nice value to be set per-directory (actually per-location) + in addition to per-vhost. Adapted from patch by Knut Auvor Grythe. + * Some minor code cleanups. + * If waitpid() is interrupted by a signal (returning EINTR), try again. + This fixes a race condition where a graceful restart could fail and hang + the child forever. Adapted from patch by Jan Boysen, who also diagnosed and + reported the bug. + * As a side effect of the per-directory patches doing proper config merging, + you can now set default values for all options outside the vhost definitions + and have them get properly overridden by settings in more specific scopes. + * Fix a small memory leak on reload by using apr_pstrdup() instead of + strdup(). + +apache2.2-mpm-itk 2.2.6-02, released 2008-07-27: + + * Fix a typo in the autoconf snippet that would prevent building with + capability dropping support. Note that you'll need to run autoheader before + autoconf to get -lcap detected (the Debian/Ubuntu packages was missing + this, so others might as well). + +apache2.2-mpm-itk 2.2.6-01, released 2008-01-05: + + * Updated 01-copy-prefork.patch to let prefork.c come from Apache 2.2.6 + instead of 2.2.3. Updated all the patches so they apply cleanly + afterwards. In other words, there is no mpm-itk-specific functionality + in this release, it's only a maintenance release against the latest + Apache. + * Removed a few instances of trailing whitespace in the patches. + * Added this changelog. --- apache2-2.2.14.orig/debian/mpm-itk/patches/05-add-copyright.patch +++ apache2-2.2.14/debian/mpm-itk/patches/05-add-copyright.patch @@ -0,0 +1,87 @@ +Add copyright notices, as the next patches are going to add code. + +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c 2009-03-21 13:02:18.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-03-21 13:02:33.000000000 +0100 +@@ -12,6 +12,12 @@ + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. + */ + + #include "apr.h" +Index: httpd-2.2.11/server/mpm/experimental/itk/mpm.h +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/mpm.h 2009-03-21 13:02:18.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h 2009-03-21 13:02:33.000000000 +0100 +@@ -12,6 +12,12 @@ + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. + */ + + /** +Index: httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/mpm_default.h 2009-03-21 13:02:18.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h 2009-03-21 13:02:33.000000000 +0100 +@@ -12,6 +12,12 @@ + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. + */ + + /** +Index: httpd-2.2.11/include/http_request.h +=================================================================== +--- httpd-2.2.11.orig/include/http_request.h 2009-03-21 13:03:19.000000000 +0100 ++++ httpd-2.2.11/include/http_request.h 2009-03-21 13:03:31.000000000 +0100 +@@ -12,6 +12,12 @@ + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. + */ + + /** +Index: httpd-2.2.11/server/request.c +=================================================================== +--- httpd-2.2.11.orig/server/request.c 2009-03-21 13:03:04.000000000 +0100 ++++ httpd-2.2.11/server/request.c 2009-03-21 13:03:13.000000000 +0100 +@@ -12,6 +12,12 @@ + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. + */ + + /* --- apache2-2.2.14.orig/debian/mpm-itk/patches/08-max-clients-per-vhost.patch +++ apache2-2.2.14/debian/mpm-itk/patches/08-max-clients-per-vhost.patch @@ -0,0 +1,94 @@ +Enforce the per-vhost server limit. Note that this is per-vhost, not +per-directory (since it works by reading the scoreboard), so we need to add +per-server configuration data. + +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c 2009-03-21 13:03:45.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-03-21 13:03:50.000000000 +0100 +@@ -159,6 +159,11 @@ + char *username; + } itk_per_dir_conf; + ++typedef struct ++{ ++ int max_clients_vhost; ++} itk_server_conf; ++ + module AP_MODULE_DECLARE_DATA mpm_itk_module; + + #ifdef GPROF +@@ -1383,6 +1388,26 @@ + gid_t wanted_gid; + const char *wanted_username; + int err = 0; ++ ++ itk_server_conf *sconf = ++ (itk_server_conf *) ap_get_module_config(r->server->module_config, &mpm_itk_module); ++ ++ /* Enforce MaxClientsVhost. */ ++ if (sconf->max_clients_vhost > 0) { ++ int i, num_other_servers = 0; ++ for (i = 0; i < ap_daemons_limit; ++i) { ++ worker_score *ws = &ap_scoreboard_image->servers[i][0]; ++ if (ws->status >= SERVER_BUSY_READ && strncmp(ws->vhost, r->server->server_hostname, 31) == 0) ++ ++num_other_servers; ++ } ++ ++ if (num_other_servers > sconf->max_clients_vhost) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ ++ "MaxClientsVhost reached for %s, refusing client.", ++ r->server->server_hostname); ++ return HTTP_SERVICE_UNAVAILABLE; ++ } ++ } + + itk_per_dir_conf *dconf = + (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module); +@@ -1568,6 +1593,14 @@ + return NULL; + } + ++static const char *set_max_clients_vhost (cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ itk_server_conf *sconf = ++ (itk_server_conf *) ap_get_module_config(cmd->server->module_config, &mpm_itk_module); ++ sconf->max_clients_vhost = atoi(arg); ++ return NULL; ++} ++ + static const command_rec itk_cmds[] = { + UNIX_DAEMON_COMMANDS, + LISTEN_COMMANDS, +@@ -1583,6 +1616,8 @@ + "Maximum value of MaxClients for this run of Apache"), + AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF, + "Tie a virtual host to a specific child process."), ++AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF, ++ "Maximum number of children alive at the same time for this virtual host."), + AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND, + { NULL } + }; +@@ -1596,12 +1631,21 @@ + return c; + } + ++/* == allocate a private server config structure == */ ++static void *itk_create_server_config(apr_pool_t *p, server_rec *s) ++{ ++ itk_server_conf *c = (itk_server_conf *) ++ apr_pcalloc(p, sizeof(itk_server_conf)); ++ c->max_clients_vhost = -1; ++ return c; ++} ++ + module AP_MODULE_DECLARE_DATA mpm_itk_module = { + MPM20_MODULE_STUFF, + ap_mpm_rewrite_args, /* hook to run before apache parses args */ + itk_create_dir_config, /* create per-directory config structure */ + NULL, /* merge per-directory config structures */ +- NULL, /* create per-server config structure */ ++ itk_create_server_config, /* create per-server config structure */ + NULL, /* merge per-server config structures */ + itk_cmds, /* command apr_table_t */ + itk_hooks, /* register hooks */ --- apache2-2.2.14.orig/debian/mpm-itk/patches/04-correct-output-makefile-location.patch +++ apache2-2.2.14/debian/mpm-itk/patches/04-correct-output-makefile-location.patch @@ -0,0 +1,13 @@ +Fix the build system to use MPM_SUBDIR_NAME (which points to the directory +with the MPM in) instead of MPM_NAME (which returns the name of the MPM); +they differ since the MPM is in experimental/. + +Index: apache2.2/server/mpm/experimental/itk/config.m4 +=================================================================== +--- apache2.2.orig/server/mpm/experimental/itk/config.m4 2007-01-29 21:03:51.000000000 +0100 ++++ apache2.2/server/mpm/experimental/itk/config.m4 2007-01-29 21:03:57.000000000 +0100 +@@ -1,3 +1,3 @@ + if test "$MPM_NAME" = "itk" ; then +- APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile) ++ APACHE_FAST_OUTPUT(server/mpm/$MPM_SUBDIR_NAME/Makefile) + fi --- apache2-2.2.14.orig/debian/mpm-itk/patches/02-rename-prefork-to-itk.patch +++ apache2-2.2.14/debian/mpm-itk/patches/02-rename-prefork-to-itk.patch @@ -0,0 +1,157 @@ +Rename prefork to itk in the copy that was created in 01-copy-prefork.patch. + +Index: httpd-2.2.11/server/mpm/experimental/itk/Makefile.in +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/Makefile.in 2009-03-17 21:38:54.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/Makefile.in 2009-03-17 21:39:03.000000000 +0100 +@@ -1,5 +1,5 @@ + +-LTLIBRARY_NAME = libprefork.la +-LTLIBRARY_SOURCES = prefork.c ++LTLIBRARY_NAME = libitk.la ++LTLIBRARY_SOURCES = itk.c + + include $(top_srcdir)/build/ltlib.mk +Index: httpd-2.2.11/server/mpm/experimental/itk/config.m4 +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/config.m4 2009-03-17 21:38:53.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/config.m4 2009-03-17 21:39:03.000000000 +0100 +@@ -1,3 +1,3 @@ +-if test "$MPM_NAME" = "prefork" ; then ++if test "$MPM_NAME" = "itk" ; then + APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile) + fi +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c 2009-03-17 21:38:54.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-03-17 21:39:03.000000000 +0100 +@@ -1250,7 +1250,7 @@ + /* This really should be a post_config hook, but the error log is already + * redirected by that point, so we need to do this in the open_logs phase. + */ +-static int prefork_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) ++static int itk_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) + { + apr_status_t rv; + +@@ -1271,7 +1271,7 @@ + return OK; + } + +-static int prefork_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp) ++static int itk_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp) + { + static int restart_num = 0; + int no_detach, debug, foreground; +@@ -1328,9 +1328,9 @@ + return OK; + } + +-static void prefork_hooks(apr_pool_t *p) ++static void itk_hooks(apr_pool_t *p) + { +- /* The prefork open_logs phase must run before the core's, or stderr ++ /* The itk open_logs phase must run before the core's, or stderr + * will be redirected to a file, and the messages won't print to the + * console. + */ +@@ -1340,11 +1340,11 @@ + (void) set42sig(); + #endif + +- ap_hook_open_logs(prefork_open_logs, NULL, aszSucc, APR_HOOK_MIDDLE); ++ ap_hook_open_logs(itk_open_logs, NULL, aszSucc, APR_HOOK_MIDDLE); + /* we need to set the MPM state before other pre-config hooks use MPM query + * to retrieve it, so register as REALLY_FIRST + */ +- ap_hook_pre_config(prefork_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST); ++ ap_hook_pre_config(itk_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST); + } + + static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg) +@@ -1457,7 +1457,7 @@ + return NULL; + } + +-static const command_rec prefork_cmds[] = { ++static const command_rec itk_cmds[] = { + UNIX_DAEMON_COMMANDS, + LISTEN_COMMANDS, + AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF, +@@ -1474,13 +1474,13 @@ + { NULL } + }; + +-module AP_MODULE_DECLARE_DATA mpm_prefork_module = { ++module AP_MODULE_DECLARE_DATA mpm_itk_module = { + MPM20_MODULE_STUFF, + ap_mpm_rewrite_args, /* hook to run before apache parses args */ + NULL, /* create per-directory config structure */ + NULL, /* merge per-directory config structures */ + NULL, /* create per-server config structure */ + NULL, /* merge per-server config structures */ +- prefork_cmds, /* command apr_table_t */ +- prefork_hooks, /* register hooks */ ++ itk_cmds, /* command apr_table_t */ ++ itk_hooks, /* register hooks */ + }; +Index: httpd-2.2.11/server/mpm/experimental/itk/mpm.h +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/mpm.h 2009-03-17 21:38:54.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h 2009-03-17 21:39:03.000000000 +0100 +@@ -15,10 +15,10 @@ + */ + + /** +- * @file prefork/mpm.h +- * @brief Unix Prefork MPM (default for Uinx systems) ++ * @file itk/mpm.h ++ * @brief ITK MPM (setuid per-vhost, no threads) + * +- * @defgroup APACHE_MPM_PREFORK Unix Prefork ++ * @defgroup APACHE_MPM_ITK Apache ITK + * @ingroup APACHE_MPM APACHE_OS_UNIX + * @{ + */ +@@ -28,12 +28,12 @@ + #include "scoreboard.h" + #include "unixd.h" + +-#ifndef APACHE_MPM_PREFORK_H +-#define APACHE_MPM_PREFORK_H ++#ifndef APACHE_MPM_ITK_H ++#define APACHE_MPM_ITK_H + +-#define PREFORK_MPM ++#define ITK_MPM + +-#define MPM_NAME "Prefork" ++#define MPM_NAME "ITK" + + #define AP_MPM_WANT_RECLAIM_CHILD_PROCESSES + #define AP_MPM_WANT_WAIT_OR_TIMEOUT +@@ -58,5 +58,5 @@ + extern int ap_threads_per_child; + extern int ap_max_daemons_limit; + extern server_rec *ap_server_conf; +-#endif /* APACHE_MPM_PREFORK_H */ ++#endif /* APACHE_MPM_ITK_H */ + /** @} */ +Index: httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/mpm_default.h 2009-03-17 21:38:54.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h 2009-03-17 21:39:03.000000000 +0100 +@@ -15,10 +15,10 @@ + */ + + /** +- * @file prefork/mpm_default.h +- * @brief Prefork MPM defaults ++ * @file itk/mpm_default.h ++ * @brief ITK MPM defaults + * +- * @addtogroup APACHE_MPM_PREFORK ++ * @addtogroup APACHE_MPM_ITK + * @{ + */ + --- apache2-2.2.14.orig/debian/mpm-itk/patches/03-add-mpm-to-build-system.patch +++ apache2-2.2.14/debian/mpm-itk/patches/03-add-mpm-to-build-system.patch @@ -0,0 +1,25 @@ +Add the new MPM to the build system as an alternative to the other MPMs, +and mark it as experimental. + +Index: apache2.2/server/mpm/config.m4 +=================================================================== +--- apache2.2.orig/server/mpm/config.m4 2007-01-29 21:30:26.000000000 +0100 ++++ apache2.2/server/mpm/config.m4 2007-01-29 21:30:35.000000000 +0100 +@@ -1,7 +1,7 @@ + AC_MSG_CHECKING(which MPM to use) + AC_ARG_WITH(mpm, + APACHE_HELP_STRING(--with-mpm=MPM,Choose the process model for Apache to use. +- MPM={beos|event|worker|prefork|mpmt_os2}),[ ++ MPM={beos|event|worker|prefork|mpmt_os2|itk}),[ + APACHE_MPM=$withval + ],[ + if test "x$APACHE_MPM" = "x"; then +@@ -23,7 +23,7 @@ + + ap_mpm_is_experimental () + { +- if test "$apache_cv_mpm" = "event" ; then ++ if test "$apache_cv_mpm" = "event" -o "$apache_cv_mpm" = "itk" ; then + return 0 + else + return 1 --- apache2-2.2.14.orig/debian/mpm-itk/patches/09-capabilities.patch +++ apache2-2.2.14/debian/mpm-itk/patches/09-capabilities.patch @@ -0,0 +1,75 @@ +Use Linux' capability system to run as a sort of "lesser root"; we drop nearly +all root privilegies except the ability to setuid. An attacker capable of injecting +code will still be able to run as any (normal) user on the system, but at least +he/she cannot directly load kernel code etc. + +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c 2009-04-14 23:28:02.000000000 +0200 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-04-14 23:29:16.000000000 +0200 +@@ -71,6 +71,10 @@ + #include /* for bindprocessor() */ + #endif + ++#if HAVE_LIBCAP ++#include ++#endif ++ + #include + #include + +@@ -501,6 +505,15 @@ + apr_bucket_alloc_t *bucket_alloc; + int last_poll_idx = 0; + ++#if HAVE_LIBCAP ++ cap_t caps; ++ cap_value_t suidcaps[] = { ++ CAP_SETUID, ++ CAP_SETGID, ++ CAP_DAC_READ_SEARCH, ++ }; ++#endif ++ + mpm_state = AP_MPMQ_STARTING; /* for benefit of any hooks that run as this + * child initializes + */ +@@ -554,6 +567,22 @@ + (void) apr_pollset_add(pollset, &pfd); + } + ++#if HAVE_LIBCAP ++ /* Drop as many privileges as we can. We'll still ++ * access files with uid=0, and we can setuid() to anything, but ++ * at least there's tons of other evilness (like loading kernel ++ * modules) we can't do directly. (The setuid() capability will ++ * go away automatically when we setuid() or exec() -- the former ++ * is likely to come first.) ++ */ ++ caps = cap_init(); ++ cap_clear(caps); ++ cap_set_flag(caps, CAP_PERMITTED, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET); ++ cap_set_flag(caps, CAP_EFFECTIVE, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET); ++ cap_set_proc(caps); ++ cap_free(caps); ++#endif ++ + mpm_state = AP_MPMQ_RUNNING; + + bucket_alloc = apr_bucket_alloc_create(pchild); +Index: httpd-2.2.11/server/mpm/config.m4 +=================================================================== +--- httpd-2.2.11.orig/server/mpm/config.m4 2009-04-14 23:26:41.000000000 +0200 ++++ httpd-2.2.11/server/mpm/config.m4 2009-04-14 23:28:03.000000000 +0200 +@@ -66,6 +66,11 @@ + else + MPM_SUBDIR_NAME=$MPM_NAME + fi ++ ++if test "$apache_cv_mpm" = "itk" ; then ++ AC_CHECK_LIB(cap, cap_init) ++fi ++ + MPM_DIR=server/mpm/$MPM_SUBDIR_NAME + MPM_LIB=$MPM_DIR/lib${MPM_NAME}.la + --- apache2-2.2.14.orig/debian/mpm-itk/patches/07-base-functionality.patch +++ apache2-2.2.14/debian/mpm-itk/patches/07-base-functionality.patch @@ -0,0 +1,218 @@ +Add the base functionality of mpm_itk over prefork; parse the new configuration +options, fork on each new connection, and setuid() as required. + +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c 2009-03-21 23:52:01.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-04-14 23:27:51.000000000 +0200 +@@ -26,6 +26,11 @@ + #include "apr_thread_proc.h" + #include "apr_signal.h" + ++# define _DBG(text,par...) \ ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ ++ "(itkmpm: pid=%d uid=%d, gid=%d) %s(): " text, \ ++ getpid(), getuid(), getgid(), __FUNCTION__, par) ++ + #define APR_WANT_STDIO + #define APR_WANT_STRFUNC + #include "apr_want.h" +@@ -47,6 +52,7 @@ + #include "http_config.h" + #include "http_core.h" /* for get_remote_host */ + #include "http_connection.h" ++#include "http_request.h" /* for ap_hook_post_perdir_config */ + #include "scoreboard.h" + #include "ap_mpm.h" + #include "unixd.h" +@@ -146,6 +152,15 @@ + + static volatile int die_now = 0; + ++typedef struct ++{ ++ uid_t uid; ++ gid_t gid; ++ char *username; ++} itk_per_dir_conf; ++ ++module AP_MODULE_DECLARE_DATA mpm_itk_module; ++ + #ifdef GPROF + /* + * change directory for gprof to plop the gmon.out file +@@ -512,10 +527,6 @@ + clean_child_exit(APEXIT_CHILDFATAL); + } + +- if (unixd_setup_child()) { +- clean_child_exit(APEXIT_CHILDFATAL); +- } +- + ap_run_child_init(pchild, ap_server_conf); + + ap_create_sb_handle(&sbh, pchild, my_child_num, 0); +@@ -651,10 +662,38 @@ + * socket options, file descriptors, and read/write buffers. + */ + +- current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc); +- if (current_conn) { +- ap_process_connection(current_conn, csd); +- ap_lingering_close(current_conn); ++ { ++ pid_t pid = fork(), child_pid; ++ int status; ++ switch (pid) { ++ case -1: ++ ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "fork: Unable to fork new process"); ++ break; ++ case 0: /* child */ ++ apr_proc_mutex_child_init(&accept_mutex, ap_lock_fname, pchild); ++ current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc); ++ if (current_conn) { ++ ap_process_connection(current_conn, csd); ++ ap_lingering_close(current_conn); ++ } ++ exit(0); ++ default: /* parent; just wait for child to be done */ ++ do { ++ child_pid = waitpid(pid, &status, 0); ++ } while (child_pid == -1 && errno == EINTR); ++ ++ if (child_pid != pid || !WIFEXITED(status)) { ++ if (WIFSIGNALED(status)) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child died with signal %u", WTERMSIG(status)); ++ } else if (WEXITSTATUS(status) != 0) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child exited with non-zero exit status %u", WEXITSTATUS(status)); ++ } else { ++ ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "waitpid() failed"); ++ } ++ clean_child_exit(1); ++ } ++ break; ++ } + } + + /* Check the pod and the generation number after processing a +@@ -672,6 +711,10 @@ + */ + die_now = 1; + } ++ ++ /* if we have already setuid(), die (we can't be used anyhow) */ ++ if (getuid()) ++ die_now = 1; + } + clean_child_exit(0); + } +@@ -1334,6 +1377,56 @@ + return OK; + } + ++static int itk_post_perdir_config(request_rec *r) ++{ ++ uid_t wanted_uid; ++ gid_t wanted_gid; ++ const char *wanted_username; ++ int err = 0; ++ ++ itk_per_dir_conf *dconf = ++ (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module); ++ ++ strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31); ++ ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0; ++ ++ wanted_uid = dconf->uid; ++ wanted_gid = dconf->gid; ++ wanted_username = dconf->username; ++ ++ if (wanted_uid == -1 || wanted_gid == -1) { ++ wanted_uid = unixd_config.user_id; ++ wanted_gid = unixd_config.group_id; ++ wanted_username = unixd_config.user_name; ++ } ++ ++ if (wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) { ++ if (setgid(wanted_gid)) { ++ _DBG("setgid(%d): %s", wanted_gid, strerror(errno)); ++ err = 1; ++ } else if (initgroups(wanted_username, wanted_gid)) { ++ _DBG("initgroups(%s, %d): %s", wanted_username, wanted_gid, strerror(errno)); ++ err = 1; ++ } else if (setuid(wanted_uid)) { ++ _DBG("setuid(%d): %s", wanted_uid, strerror(errno)); ++ err = 1; ++ } ++ } ++ ++ /* ++ * Most likely a case of switching uid/gid within a persistent ++ * connection; the RFCs allow us to just close the connection ++ * at anytime, so we excercise our right. :-) ++ */ ++ if (err) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ ++ "Couldn't set uid/gid, closing connection."); ++ ap_lingering_close(r->connection); ++ exit(0); ++ } ++ return OK; ++} ++ + static void itk_hooks(apr_pool_t *p) + { + /* The itk open_logs phase must run before the core's, or stderr +@@ -1351,6 +1444,9 @@ + * to retrieve it, so register as REALLY_FIRST + */ + ap_hook_pre_config(itk_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST); ++ ++ /* set the uid as fast as possible, but not before merging per-dit config */ ++ ap_hook_header_parser(itk_post_perdir_config, NULL, NULL, APR_HOOK_REALLY_FIRST); + } + + static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg) +@@ -1463,6 +1559,15 @@ + return NULL; + } + ++static const char *assign_user_id (cmd_parms *cmd, void *ptr, const char *user_name, const char *group_name) ++{ ++ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr; ++ dconf->username = apr_pstrdup(cmd->pool, user_name); ++ dconf->uid = ap_uname2id(user_name); ++ dconf->gid = ap_gname2id(group_name); ++ return NULL; ++} ++ + static const command_rec itk_cmds[] = { + UNIX_DAEMON_COMMANDS, + LISTEN_COMMANDS, +@@ -1476,14 +1581,25 @@ + "Maximum number of children alive at the same time"), + AP_INIT_TAKE1("ServerLimit", set_server_limit, NULL, RSRC_CONF, + "Maximum value of MaxClients for this run of Apache"), ++AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF, ++ "Tie a virtual host to a specific child process."), + AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND, + { NULL } + }; + ++/* == allocate a private per-dir config structure == */ ++static void *itk_create_dir_config(apr_pool_t *p, char *dummy) ++{ ++ itk_per_dir_conf *c = (itk_per_dir_conf *) ++ apr_pcalloc(p, sizeof(itk_per_dir_conf)); ++ c->uid = c->gid = -1; ++ return c; ++} ++ + module AP_MODULE_DECLARE_DATA mpm_itk_module = { + MPM20_MODULE_STUFF, + ap_mpm_rewrite_args, /* hook to run before apache parses args */ +- NULL, /* create per-directory config structure */ ++ itk_create_dir_config, /* create per-directory config structure */ + NULL, /* merge per-directory config structures */ + NULL, /* create per-server config structure */ + NULL, /* merge per-server config structures */ --- apache2-2.2.14.orig/debian/mpm-itk/patches/series +++ apache2-2.2.14/debian/mpm-itk/patches/series @@ -0,0 +1,10 @@ +01-copy-prefork.patch +02-rename-prefork-to-itk.patch +03-add-mpm-to-build-system.patch +04-correct-output-makefile-location.patch +05-add-copyright.patch +06-hook-just-after-merging-perdir-config.patch +07-base-functionality.patch +08-max-clients-per-vhost.patch +09-capabilities.patch +10-nice.patch --- apache2-2.2.14.orig/debian/mpm-itk/patches/06-hook-just-after-merging-perdir-config.patch +++ apache2-2.2.14/debian/mpm-itk/patches/06-hook-just-after-merging-perdir-config.patch @@ -0,0 +1,60 @@ +Add an extra hook right after merging per-directory configuration. +This makes sure we are able to setuid() as early as possible (that +is, as soon as know what uid/gid to use for this location), so we +won't run all sorts of subrequests and other stuff as root. + +Index: httpd-2.2.11/include/http_request.h +=================================================================== +--- httpd-2.2.11.orig/include/http_request.h 2009-03-21 13:03:31.000000000 +0100 ++++ httpd-2.2.11/include/http_request.h 2009-03-21 13:03:41.000000000 +0100 +@@ -356,6 +356,15 @@ + */ + AP_DECLARE_HOOK(void,insert_filter,(request_rec *r)) + ++/** ++ * This hook allows modules to affect the request immediately after the ++ * per-directory configuration for the request has been generated. This allows ++ * modules to make decisions based upon the current directory configuration ++ * @param r The current request ++ * @return OK or DECLINED ++ */ ++AP_DECLARE_HOOK(int,post_perdir_config,(request_rec *r)) ++ + AP_DECLARE(int) ap_location_walk(request_rec *r); + AP_DECLARE(int) ap_directory_walk(request_rec *r); + AP_DECLARE(int) ap_file_walk(request_rec *r); +Index: httpd-2.2.11/server/request.c +=================================================================== +--- httpd-2.2.11.orig/server/request.c 2009-03-21 13:03:13.000000000 +0100 ++++ httpd-2.2.11/server/request.c 2009-03-21 13:03:41.000000000 +0100 +@@ -67,6 +67,7 @@ + APR_HOOK_LINK(auth_checker) + APR_HOOK_LINK(insert_filter) + APR_HOOK_LINK(create_request) ++ APR_HOOK_LINK(post_perdir_config) + ) + + AP_IMPLEMENT_HOOK_RUN_FIRST(int,translate_name, +@@ -86,6 +87,8 @@ + AP_IMPLEMENT_HOOK_VOID(insert_filter, (request_rec *r), (r)) + AP_IMPLEMENT_HOOK_RUN_ALL(int, create_request, + (request_rec *r), (r), OK, DECLINED) ++AP_IMPLEMENT_HOOK_RUN_ALL(int,post_perdir_config, ++ (request_rec *r), (r), OK, DECLINED) + + + static int decl_die(int status, char *phase, request_rec *r) +@@ -164,6 +167,13 @@ + return access_status; + } + ++ /* First chance to handle the request after per-directory configuration is ++ * generated ++ */ ++ if ((access_status = ap_run_post_perdir_config(r))) { ++ return access_status; ++ } ++ + /* Only on the main request! */ + if (r->main == NULL) { + if ((access_status = ap_run_header_parser(r))) { --- apache2-2.2.14.orig/debian/mpm-itk/patches/10-nice.patch +++ apache2-2.2.14/debian/mpm-itk/patches/10-nice.patch @@ -0,0 +1,140 @@ +Support a per-location nice value. Note that since we now have two different settings +in the per-dir configuration, we need to introduce a merge function. + +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c 2009-04-14 23:29:16.000000000 +0200 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-04-14 23:31:05.000000000 +0200 +@@ -156,11 +156,14 @@ + + static volatile int die_now = 0; + ++#define UNSET_NICE_VALUE 100 ++ + typedef struct + { + uid_t uid; + gid_t gid; + char *username; ++ int nice_value; + } itk_per_dir_conf; + + typedef struct +@@ -511,6 +514,7 @@ + CAP_SETUID, + CAP_SETGID, + CAP_DAC_READ_SEARCH, ++ CAP_SYS_NICE, + }; + #endif + +@@ -1444,6 +1448,12 @@ + strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31); + ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0; + ++ if (dconf->nice_value != UNSET_NICE_VALUE && ++ setpriority(PRIO_PROCESS, 0, dconf->nice_value)) { ++ _DBG("setpriority(): %s", strerror(errno)); ++ err = 1; ++ } ++ + wanted_uid = dconf->uid; + wanted_gid = dconf->gid; + wanted_username = dconf->username; +@@ -1454,7 +1464,7 @@ + wanted_username = unixd_config.user_name; + } + +- if (wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) { ++ if (!err && wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) { + if (setgid(wanted_gid)) { + _DBG("setgid(%d): %s", wanted_gid, strerror(errno)); + err = 1; +@@ -1474,7 +1484,7 @@ + */ + if (err) { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ +- "Couldn't set uid/gid, closing connection."); ++ "Couldn't set uid/gid/priority, closing connection."); + ap_lingering_close(r->connection); + exit(0); + } +@@ -1630,6 +1640,27 @@ + return NULL; + } + ++static const char *set_nice_value (cmd_parms *cmd, void *ptr, const char *arg) ++{ ++ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr; ++ int nice_value = atoi(arg); ++ ++ if (nice_value < -20) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: NiceValue of %d is below -20, increasing NiceValue to -20.", ++ nice_value); ++ nice_value = -20; ++ } ++ else if (nice_value > 19) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: NiceValue of %d is above 19, lowering NiceValue to 19.", ++ nice_value); ++ nice_value = 19; ++ } ++ dconf->nice_value = nice_value; ++ return NULL; ++} ++ + static const command_rec itk_cmds[] = { + UNIX_DAEMON_COMMANDS, + LISTEN_COMMANDS, +@@ -1647,6 +1678,8 @@ + "Tie a virtual host to a specific child process."), + AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF, + "Maximum number of children alive at the same time for this virtual host."), ++AP_INIT_TAKE1("NiceValue", set_nice_value, NULL, RSRC_CONF|ACCESS_CONF, ++ "Set nice value for the given vhost, from -20 (highest priority) to 19 (lowest priority)."), + AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND, + { NULL } + }; +@@ -1657,6 +1690,32 @@ + itk_per_dir_conf *c = (itk_per_dir_conf *) + apr_pcalloc(p, sizeof(itk_per_dir_conf)); + c->uid = c->gid = -1; ++ c->nice_value = UNSET_NICE_VALUE; ++ return c; ++} ++ ++/* == merge the parent per-dir config structure into ours == */ ++static void *itk_merge_dir_config(apr_pool_t *p, void *parent_ptr, void *child_ptr) ++{ ++ itk_per_dir_conf *c = (itk_per_dir_conf *) ++ apr_pcalloc(p, sizeof(itk_per_dir_conf)); ++ itk_per_dir_conf *parent = (itk_per_dir_conf *) parent_ptr; ++ itk_per_dir_conf *child = (itk_per_dir_conf *) child_ptr; ++ ++ if (child->username != NULL) { ++ c->username = apr_pstrdup(p, child->username); ++ c->uid = child->uid; ++ c->gid = child->gid; ++ } else if (parent->username != NULL) { ++ c->username = apr_pstrdup(p, parent->username); ++ c->uid = parent->uid; ++ c->gid = parent->gid; ++ } ++ if (child->nice_value != UNSET_NICE_VALUE) { ++ c->nice_value = child->nice_value; ++ } else { ++ c->nice_value = parent->nice_value; ++ } + return c; + } + +@@ -1673,7 +1732,7 @@ + MPM20_MODULE_STUFF, + ap_mpm_rewrite_args, /* hook to run before apache parses args */ + itk_create_dir_config, /* create per-directory config structure */ +- NULL, /* merge per-directory config structures */ ++ itk_merge_dir_config, /* merge per-directory config structures */ + itk_create_server_config, /* create per-server config structure */ + NULL, /* merge per-server config structures */ + itk_cmds, /* command apr_table_t */ --- apache2-2.2.14.orig/debian/mpm-itk/patches/01-copy-prefork.patch +++ apache2-2.2.14/debian/mpm-itk/patches/01-copy-prefork.patch @@ -0,0 +1,1662 @@ +Just copies server/mpm/prefork/* to server/mpm/experimental/itk/, with prefork.c +copied to itk.c. Basically the patch equivalent of + + mkdir server/mpm/experimental/itk/ + cp server/mpm/prefork/* server/mpm/experimental/itk/ + mv server/mpm/experimental/itk/prefork.c server/mpm/experimental/itk/itk.c + +Index: httpd-2.2.11/server/mpm/experimental/itk/Makefile.in +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ httpd-2.2.11/server/mpm/experimental/itk/Makefile.in 2009-03-17 21:38:54.000000000 +0100 +@@ -0,0 +1,5 @@ ++ ++LTLIBRARY_NAME = libprefork.la ++LTLIBRARY_SOURCES = prefork.c ++ ++include $(top_srcdir)/build/ltlib.mk +Index: httpd-2.2.11/server/mpm/experimental/itk/config.m4 +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ httpd-2.2.11/server/mpm/experimental/itk/config.m4 2009-03-17 21:38:53.000000000 +0100 +@@ -0,0 +1,3 @@ ++if test "$MPM_NAME" = "prefork" ; then ++ APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile) ++fi +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-03-17 21:38:54.000000000 +0100 +@@ -0,0 +1,1486 @@ ++/* Licensed to the Apache Software Foundation (ASF) under one or more ++ * contributor license agreements. See the NOTICE file distributed with ++ * this work for additional information regarding copyright ownership. ++ * The ASF licenses this file to You under the Apache License, Version 2.0 ++ * (the "License"); you may not use this file except in compliance with ++ * the License. You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++#include "apr.h" ++#include "apr_portable.h" ++#include "apr_strings.h" ++#include "apr_thread_proc.h" ++#include "apr_signal.h" ++ ++#define APR_WANT_STDIO ++#define APR_WANT_STRFUNC ++#include "apr_want.h" ++ ++#if APR_HAVE_UNISTD_H ++#include ++#endif ++#if APR_HAVE_SYS_TYPES_H ++#include ++#endif ++ ++#define CORE_PRIVATE ++ ++#include "ap_config.h" ++#include "httpd.h" ++#include "mpm_default.h" ++#include "http_main.h" ++#include "http_log.h" ++#include "http_config.h" ++#include "http_core.h" /* for get_remote_host */ ++#include "http_connection.h" ++#include "scoreboard.h" ++#include "ap_mpm.h" ++#include "unixd.h" ++#include "mpm_common.h" ++#include "ap_listen.h" ++#include "ap_mmn.h" ++#include "apr_poll.h" ++ ++#ifdef HAVE_BSTRING_H ++#include /* for IRIX, FD_SET calls bzero() */ ++#endif ++#ifdef HAVE_TIME_H ++#include ++#endif ++#ifdef HAVE_SYS_PROCESSOR_H ++#include /* for bindprocessor() */ ++#endif ++ ++#include ++#include ++ ++/* Limit on the total --- clients will be locked out if more servers than ++ * this are needed. It is intended solely to keep the server from crashing ++ * when things get out of hand. ++ * ++ * We keep a hard maximum number of servers, for two reasons --- first off, ++ * in case something goes seriously wrong, we want to stop the fork bomb ++ * short of actually crashing the machine we're running on by filling some ++ * kernel table. Secondly, it keeps the size of the scoreboard file small ++ * enough that we can read the whole thing without worrying too much about ++ * the overhead. ++ */ ++#ifndef DEFAULT_SERVER_LIMIT ++#define DEFAULT_SERVER_LIMIT 256 ++#endif ++ ++/* Admin can't tune ServerLimit beyond MAX_SERVER_LIMIT. We want ++ * some sort of compile-time limit to help catch typos. ++ */ ++#ifndef MAX_SERVER_LIMIT ++#define MAX_SERVER_LIMIT 200000 ++#endif ++ ++#ifndef HARD_THREAD_LIMIT ++#define HARD_THREAD_LIMIT 1 ++#endif ++ ++/* config globals */ ++ ++int ap_threads_per_child=0; /* Worker threads per child */ ++static apr_proc_mutex_t *accept_mutex; ++static int ap_daemons_to_start=0; ++static int ap_daemons_min_free=0; ++static int ap_daemons_max_free=0; ++static int ap_daemons_limit=0; /* MaxClients */ ++static int server_limit = DEFAULT_SERVER_LIMIT; ++static int first_server_limit = 0; ++static int changed_limit_at_restart; ++static int mpm_state = AP_MPMQ_STARTING; ++static ap_pod_t *pod; ++ ++/* ++ * The max child slot ever assigned, preserved across restarts. Necessary ++ * to deal with MaxClients changes across AP_SIG_GRACEFUL restarts. We ++ * use this value to optimize routines that have to scan the entire scoreboard. ++ */ ++int ap_max_daemons_limit = -1; ++server_rec *ap_server_conf; ++ ++/* one_process --- debugging mode variable; can be set from the command line ++ * with the -X flag. If set, this gets you the child_main loop running ++ * in the process which originally started up (no detach, no make_child), ++ * which is a pretty nice debugging environment. (You'll get a SIGHUP ++ * early in standalone_main; just continue through. This is the server ++ * trying to kill off any child processes which it might have lying ++ * around --- Apache doesn't keep track of their pids, it just sends ++ * SIGHUP to the process group, ignoring it in the root process. ++ * Continue through and you'll be fine.). ++ */ ++ ++static int one_process = 0; ++ ++static apr_pool_t *pconf; /* Pool for config stuff */ ++static apr_pool_t *pchild; /* Pool for httpd child stuff */ ++ ++static pid_t ap_my_pid; /* it seems silly to call getpid all the time */ ++static pid_t parent_pid; ++#ifndef MULTITHREAD ++static int my_child_num; ++#endif ++ap_generation_t volatile ap_my_generation=0; ++ ++#ifdef TPF ++int tpf_child = 0; ++char tpf_server_name[INETD_SERVNAME_LENGTH+1]; ++#endif /* TPF */ ++ ++static volatile int die_now = 0; ++ ++#ifdef GPROF ++/* ++ * change directory for gprof to plop the gmon.out file ++ * configure in httpd.conf: ++ * GprofDir $RuntimeDir/ -> $ServerRoot/$RuntimeDir/gmon.out ++ * GprofDir $RuntimeDir/% -> $ServerRoot/$RuntimeDir/gprof.$pid/gmon.out ++ */ ++static void chdir_for_gprof(void) ++{ ++ core_server_config *sconf = ++ ap_get_module_config(ap_server_conf->module_config, &core_module); ++ char *dir = sconf->gprof_dir; ++ const char *use_dir; ++ ++ if(dir) { ++ apr_status_t res; ++ char *buf = NULL ; ++ int len = strlen(sconf->gprof_dir) - 1; ++ if(*(dir + len) == '%') { ++ dir[len] = '\0'; ++ buf = ap_append_pid(pconf, dir, "gprof."); ++ } ++ use_dir = ap_server_root_relative(pconf, buf ? buf : dir); ++ res = apr_dir_make(use_dir, ++ APR_UREAD | APR_UWRITE | APR_UEXECUTE | ++ APR_GREAD | APR_GEXECUTE | ++ APR_WREAD | APR_WEXECUTE, pconf); ++ if(res != APR_SUCCESS && !APR_STATUS_IS_EEXIST(res)) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, res, ap_server_conf, ++ "gprof: error creating directory %s", dir); ++ } ++ } ++ else { ++ use_dir = ap_server_root_relative(pconf, DEFAULT_REL_RUNTIMEDIR); ++ } ++ ++ chdir(use_dir); ++} ++#else ++#define chdir_for_gprof() ++#endif ++ ++/* XXX - I don't know if TPF will ever use this module or not, so leave ++ * the ap_check_signals calls in but disable them - manoj */ ++#define ap_check_signals() ++ ++/* a clean exit from a child with proper cleanup */ ++static void clean_child_exit(int code) __attribute__ ((noreturn)); ++static void clean_child_exit(int code) ++{ ++ mpm_state = AP_MPMQ_STOPPING; ++ ++ if (pchild) { ++ apr_pool_destroy(pchild); ++ } ++ ap_mpm_pod_close(pod); ++ chdir_for_gprof(); ++ exit(code); ++} ++ ++static void accept_mutex_on(void) ++{ ++ apr_status_t rv = apr_proc_mutex_lock(accept_mutex); ++ if (rv != APR_SUCCESS) { ++ const char *msg = "couldn't grab the accept mutex"; ++ ++ if (ap_my_generation != ++ ap_scoreboard_image->global->running_generation) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, NULL, "%s", msg); ++ clean_child_exit(0); ++ } ++ else { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, NULL, "%s", msg); ++ exit(APEXIT_CHILDFATAL); ++ } ++ } ++} ++ ++static void accept_mutex_off(void) ++{ ++ apr_status_t rv = apr_proc_mutex_unlock(accept_mutex); ++ if (rv != APR_SUCCESS) { ++ const char *msg = "couldn't release the accept mutex"; ++ ++ if (ap_my_generation != ++ ap_scoreboard_image->global->running_generation) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, NULL, "%s", msg); ++ /* don't exit here... we have a connection to ++ * process, after which point we'll see that the ++ * generation changed and we'll exit cleanly ++ */ ++ } ++ else { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, NULL, "%s", msg); ++ exit(APEXIT_CHILDFATAL); ++ } ++ } ++} ++ ++/* On some architectures it's safe to do unserialized accept()s in the single ++ * Listen case. But it's never safe to do it in the case where there's ++ * multiple Listen statements. Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT ++ * when it's safe in the single Listen case. ++ */ ++#ifdef SINGLE_LISTEN_UNSERIALIZED_ACCEPT ++#define SAFE_ACCEPT(stmt) do {if (ap_listeners->next) {stmt;}} while(0) ++#else ++#define SAFE_ACCEPT(stmt) do {stmt;} while(0) ++#endif ++ ++AP_DECLARE(apr_status_t) ap_mpm_query(int query_code, int *result) ++{ ++ switch(query_code){ ++ case AP_MPMQ_MAX_DAEMON_USED: ++ *result = ap_daemons_limit; ++ return APR_SUCCESS; ++ case AP_MPMQ_IS_THREADED: ++ *result = AP_MPMQ_NOT_SUPPORTED; ++ return APR_SUCCESS; ++ case AP_MPMQ_IS_FORKED: ++ *result = AP_MPMQ_DYNAMIC; ++ return APR_SUCCESS; ++ case AP_MPMQ_HARD_LIMIT_DAEMONS: ++ *result = server_limit; ++ return APR_SUCCESS; ++ case AP_MPMQ_HARD_LIMIT_THREADS: ++ *result = HARD_THREAD_LIMIT; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_THREADS: ++ *result = 0; ++ return APR_SUCCESS; ++ case AP_MPMQ_MIN_SPARE_DAEMONS: ++ *result = ap_daemons_min_free; ++ return APR_SUCCESS; ++ case AP_MPMQ_MIN_SPARE_THREADS: ++ *result = 0; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_SPARE_DAEMONS: ++ *result = ap_daemons_max_free; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_SPARE_THREADS: ++ *result = 0; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_REQUESTS_DAEMON: ++ *result = ap_max_requests_per_child; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_DAEMONS: ++ *result = server_limit; ++ return APR_SUCCESS; ++ case AP_MPMQ_MPM_STATE: ++ *result = mpm_state; ++ return APR_SUCCESS; ++ } ++ return APR_ENOTIMPL; ++} ++ ++#if defined(NEED_WAITPID) ++/* ++ Systems without a real waitpid sometimes lose a child's exit while waiting ++ for another. Search through the scoreboard for missing children. ++ */ ++int reap_children(int *exitcode, apr_exit_why_e *status) ++{ ++ int n, pid; ++ ++ for (n = 0; n < ap_max_daemons_limit; ++n) { ++ if (ap_scoreboard_image->servers[n][0].status != SERVER_DEAD && ++ kill((pid = ap_scoreboard_image->parent[n].pid), 0) == -1) { ++ ap_update_child_status_from_indexes(n, 0, SERVER_DEAD, NULL); ++ /* just mark it as having a successful exit status */ ++ *status = APR_PROC_EXIT; ++ *exitcode = 0; ++ return(pid); ++ } ++ } ++ return 0; ++} ++#endif ++ ++/***************************************************************** ++ * Connection structures and accounting... ++ */ ++ ++static void just_die(int sig) ++{ ++ clean_child_exit(0); ++} ++ ++static void stop_listening(int sig) ++{ ++ ap_close_listeners(); ++ ++ /* For a graceful stop, we want the child to exit when done */ ++ die_now = 1; ++} ++ ++/* volatile just in case */ ++static int volatile shutdown_pending; ++static int volatile restart_pending; ++static int volatile is_graceful; ++ ++static void sig_term(int sig) ++{ ++ if (shutdown_pending == 1) { ++ /* Um, is this _probably_ not an error, if the user has ++ * tried to do a shutdown twice quickly, so we won't ++ * worry about reporting it. ++ */ ++ return; ++ } ++ shutdown_pending = 1; ++ is_graceful = (sig == AP_SIG_GRACEFUL_STOP); ++} ++ ++/* restart() is the signal handler for SIGHUP and AP_SIG_GRACEFUL ++ * in the parent process, unless running in ONE_PROCESS mode ++ */ ++static void restart(int sig) ++{ ++ if (restart_pending == 1) { ++ /* Probably not an error - don't bother reporting it */ ++ return; ++ } ++ restart_pending = 1; ++ is_graceful = (sig == AP_SIG_GRACEFUL); ++} ++ ++static void set_signals(void) ++{ ++#ifndef NO_USE_SIGACTION ++ struct sigaction sa; ++#endif ++ ++ if (!one_process) { ++ ap_fatal_signal_setup(ap_server_conf, pconf); ++ } ++ ++#ifndef NO_USE_SIGACTION ++ sigemptyset(&sa.sa_mask); ++ sa.sa_flags = 0; ++ ++ sa.sa_handler = sig_term; ++ if (sigaction(SIGTERM, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGTERM)"); ++#ifdef AP_SIG_GRACEFUL_STOP ++ if (sigaction(AP_SIG_GRACEFUL_STOP, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, ++ "sigaction(" AP_SIG_GRACEFUL_STOP_STRING ")"); ++#endif ++#ifdef SIGINT ++ if (sigaction(SIGINT, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGINT)"); ++#endif ++#ifdef SIGXCPU ++ sa.sa_handler = SIG_DFL; ++ if (sigaction(SIGXCPU, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXCPU)"); ++#endif ++#ifdef SIGXFSZ ++ sa.sa_handler = SIG_DFL; ++ if (sigaction(SIGXFSZ, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXFSZ)"); ++#endif ++#ifdef SIGPIPE ++ sa.sa_handler = SIG_IGN; ++ if (sigaction(SIGPIPE, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGPIPE)"); ++#endif ++ ++ /* we want to ignore HUPs and AP_SIG_GRACEFUL while we're busy ++ * processing one ++ */ ++ sigaddset(&sa.sa_mask, SIGHUP); ++ sigaddset(&sa.sa_mask, AP_SIG_GRACEFUL); ++ sa.sa_handler = restart; ++ if (sigaction(SIGHUP, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGHUP)"); ++ if (sigaction(AP_SIG_GRACEFUL, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(" AP_SIG_GRACEFUL_STRING ")"); ++#else ++ if (!one_process) { ++#ifdef SIGXCPU ++ apr_signal(SIGXCPU, SIG_DFL); ++#endif /* SIGXCPU */ ++#ifdef SIGXFSZ ++ apr_signal(SIGXFSZ, SIG_DFL); ++#endif /* SIGXFSZ */ ++ } ++ ++ apr_signal(SIGTERM, sig_term); ++#ifdef SIGHUP ++ apr_signal(SIGHUP, restart); ++#endif /* SIGHUP */ ++#ifdef AP_SIG_GRACEFUL ++ apr_signal(AP_SIG_GRACEFUL, restart); ++#endif /* AP_SIG_GRACEFUL */ ++#ifdef AP_SIG_GRACEFUL_STOP ++ apr_signal(AP_SIG_GRACEFUL_STOP, sig_term); ++#endif /* AP_SIG_GRACEFUL */ ++#ifdef SIGPIPE ++ apr_signal(SIGPIPE, SIG_IGN); ++#endif /* SIGPIPE */ ++ ++#endif ++} ++ ++/***************************************************************** ++ * Child process main loop. ++ * The following vars are static to avoid getting clobbered by longjmp(); ++ * they are really private to child_main. ++ */ ++ ++static int requests_this_child; ++static int num_listensocks = 0; ++ ++ ++int ap_graceful_stop_signalled(void) ++{ ++ /* not ever called anymore... */ ++ return 0; ++} ++ ++ ++static void child_main(int child_num_arg) ++{ ++ apr_pool_t *ptrans; ++ apr_allocator_t *allocator; ++ apr_status_t status; ++ int i; ++ ap_listen_rec *lr; ++ apr_pollset_t *pollset; ++ ap_sb_handle_t *sbh; ++ apr_bucket_alloc_t *bucket_alloc; ++ int last_poll_idx = 0; ++ ++ mpm_state = AP_MPMQ_STARTING; /* for benefit of any hooks that run as this ++ * child initializes ++ */ ++ ++ my_child_num = child_num_arg; ++ ap_my_pid = getpid(); ++ requests_this_child = 0; ++ ++ ap_fatal_signal_child_setup(ap_server_conf); ++ ++ /* Get a sub context for global allocations in this child, so that ++ * we can have cleanups occur when the child exits. ++ */ ++ apr_allocator_create(&allocator); ++ apr_allocator_max_free_set(allocator, ap_max_mem_free); ++ apr_pool_create_ex(&pchild, pconf, NULL, allocator); ++ apr_allocator_owner_set(allocator, pchild); ++ ++ apr_pool_create(&ptrans, pchild); ++ apr_pool_tag(ptrans, "transaction"); ++ ++ /* needs to be done before we switch UIDs so we have permissions */ ++ ap_reopen_scoreboard(pchild, NULL, 0); ++ status = apr_proc_mutex_child_init(&accept_mutex, ap_lock_fname, pchild); ++ if (status != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, status, ap_server_conf, ++ "Couldn't initialize cross-process lock in child " ++ "(%s) (%d)", ap_lock_fname, ap_accept_lock_mech); ++ clean_child_exit(APEXIT_CHILDFATAL); ++ } ++ ++ if (unixd_setup_child()) { ++ clean_child_exit(APEXIT_CHILDFATAL); ++ } ++ ++ ap_run_child_init(pchild, ap_server_conf); ++ ++ ap_create_sb_handle(&sbh, pchild, my_child_num, 0); ++ ++ (void) ap_update_child_status(sbh, SERVER_READY, (request_rec *) NULL); ++ ++ /* Set up the pollfd array */ ++ /* ### check the status */ ++ (void) apr_pollset_create(&pollset, num_listensocks, pchild, 0); ++ ++ for (lr = ap_listeners, i = num_listensocks; i--; lr = lr->next) { ++ apr_pollfd_t pfd = { 0 }; ++ ++ pfd.desc_type = APR_POLL_SOCKET; ++ pfd.desc.s = lr->sd; ++ pfd.reqevents = APR_POLLIN; ++ pfd.client_data = lr; ++ ++ /* ### check the status */ ++ (void) apr_pollset_add(pollset, &pfd); ++ } ++ ++ mpm_state = AP_MPMQ_RUNNING; ++ ++ bucket_alloc = apr_bucket_alloc_create(pchild); ++ ++ /* die_now is set when AP_SIG_GRACEFUL is received in the child; ++ * shutdown_pending is set when SIGTERM is received when running ++ * in single process mode. */ ++ while (!die_now && !shutdown_pending) { ++ conn_rec *current_conn; ++ void *csd; ++ ++ /* ++ * (Re)initialize this child to a pre-connection state. ++ */ ++ ++ apr_pool_clear(ptrans); ++ ++ if ((ap_max_requests_per_child > 0 ++ && requests_this_child++ >= ap_max_requests_per_child)) { ++ clean_child_exit(0); ++ } ++ ++ (void) ap_update_child_status(sbh, SERVER_READY, (request_rec *) NULL); ++ ++ /* ++ * Wait for an acceptable connection to arrive. ++ */ ++ ++ /* Lock around "accept", if necessary */ ++ SAFE_ACCEPT(accept_mutex_on()); ++ ++ if (num_listensocks == 1) { ++ /* There is only one listener record, so refer to that one. */ ++ lr = ap_listeners; ++ } ++ else { ++ /* multiple listening sockets - need to poll */ ++ for (;;) { ++ apr_int32_t numdesc; ++ const apr_pollfd_t *pdesc; ++ ++ /* timeout == -1 == wait forever */ ++ status = apr_pollset_poll(pollset, -1, &numdesc, &pdesc); ++ if (status != APR_SUCCESS) { ++ if (APR_STATUS_IS_EINTR(status)) { ++ if (one_process && shutdown_pending) { ++ return; ++ } ++ else if (die_now) { ++ /* In graceful stop/restart; drop the mutex ++ * and terminate the child. */ ++ SAFE_ACCEPT(accept_mutex_off()); ++ clean_child_exit(0); ++ } ++ continue; ++ } ++ /* Single Unix documents select as returning errnos ++ * EBADF, EINTR, and EINVAL... and in none of those ++ * cases does it make sense to continue. In fact ++ * on Linux 2.0.x we seem to end up with EFAULT ++ * occasionally, and we'd loop forever due to it. ++ */ ++ ap_log_error(APLOG_MARK, APLOG_ERR, status, ++ ap_server_conf, "apr_pollset_poll: (listen)"); ++ SAFE_ACCEPT(accept_mutex_off()); ++ clean_child_exit(1); ++ } ++ ++ /* We can always use pdesc[0], but sockets at position N ++ * could end up completely starved of attention in a very ++ * busy server. Therefore, we round-robin across the ++ * returned set of descriptors. While it is possible that ++ * the returned set of descriptors might flip around and ++ * continue to starve some sockets, we happen to know the ++ * internal pollset implementation retains ordering ++ * stability of the sockets. Thus, the round-robin should ++ * ensure that a socket will eventually be serviced. ++ */ ++ if (last_poll_idx >= numdesc) ++ last_poll_idx = 0; ++ ++ /* Grab a listener record from the client_data of the poll ++ * descriptor, and advance our saved index to round-robin ++ * the next fetch. ++ * ++ * ### hmm... this descriptor might have POLLERR rather ++ * ### than POLLIN ++ */ ++ lr = pdesc[last_poll_idx++].client_data; ++ goto got_fd; ++ } ++ } ++ got_fd: ++ /* if we accept() something we don't want to die, so we have to ++ * defer the exit ++ */ ++ status = lr->accept_func(&csd, lr, ptrans); ++ ++ SAFE_ACCEPT(accept_mutex_off()); /* unlock after "accept" */ ++ ++ if (status == APR_EGENERAL) { ++ /* resource shortage or should-not-occur occured */ ++ clean_child_exit(1); ++ } ++ else if (status != APR_SUCCESS) { ++ continue; ++ } ++ ++ /* ++ * We now have a connection, so set it up with the appropriate ++ * socket options, file descriptors, and read/write buffers. ++ */ ++ ++ current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc); ++ if (current_conn) { ++ ap_process_connection(current_conn, csd); ++ ap_lingering_close(current_conn); ++ } ++ ++ /* Check the pod and the generation number after processing a ++ * connection so that we'll go away if a graceful restart occurred ++ * while we were processing the connection or we are the lucky ++ * idle server process that gets to die. ++ */ ++ if (ap_mpm_pod_check(pod) == APR_SUCCESS) { /* selected as idle? */ ++ die_now = 1; ++ } ++ else if (ap_my_generation != ++ ap_scoreboard_image->global->running_generation) { /* restart? */ ++ /* yeah, this could be non-graceful restart, in which case the ++ * parent will kill us soon enough, but why bother checking? ++ */ ++ die_now = 1; ++ } ++ } ++ clean_child_exit(0); ++} ++ ++ ++static int make_child(server_rec *s, int slot) ++{ ++ int pid; ++ ++ if (slot + 1 > ap_max_daemons_limit) { ++ ap_max_daemons_limit = slot + 1; ++ } ++ ++ if (one_process) { ++ apr_signal(SIGHUP, sig_term); ++ /* Don't catch AP_SIG_GRACEFUL in ONE_PROCESS mode :) */ ++ apr_signal(SIGINT, sig_term); ++#ifdef SIGQUIT ++ apr_signal(SIGQUIT, SIG_DFL); ++#endif ++ apr_signal(SIGTERM, sig_term); ++ child_main(slot); ++ return 0; ++ } ++ ++ (void) ap_update_child_status_from_indexes(slot, 0, SERVER_STARTING, ++ (request_rec *) NULL); ++ ++ ++#ifdef _OSD_POSIX ++ /* BS2000 requires a "special" version of fork() before a setuid() call */ ++ if ((pid = os_fork(unixd_config.user_name)) == -1) { ++#elif defined(TPF) ++ if ((pid = os_fork(s, slot)) == -1) { ++#else ++ if ((pid = fork()) == -1) { ++#endif ++ ap_log_error(APLOG_MARK, APLOG_ERR, errno, s, "fork: Unable to fork new process"); ++ ++ /* fork didn't succeed. Fix the scoreboard or else ++ * it will say SERVER_STARTING forever and ever ++ */ ++ (void) ap_update_child_status_from_indexes(slot, 0, SERVER_DEAD, ++ (request_rec *) NULL); ++ ++ /* In case system resources are maxxed out, we don't want ++ * Apache running away with the CPU trying to fork over and ++ * over and over again. ++ */ ++ sleep(10); ++ ++ return -1; ++ } ++ ++ if (!pid) { ++#ifdef HAVE_BINDPROCESSOR ++ /* by default AIX binds to a single processor ++ * this bit unbinds children which will then bind to another cpu ++ */ ++ int status = bindprocessor(BINDPROCESS, (int)getpid(), ++ PROCESSOR_CLASS_ANY); ++ if (status != OK) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ++ ap_server_conf, "processor unbind failed %d", status); ++ } ++#endif ++ RAISE_SIGSTOP(MAKE_CHILD); ++ AP_MONCONTROL(1); ++ /* Disable the parent's signal handlers and set up proper handling in ++ * the child. ++ */ ++ apr_signal(SIGHUP, just_die); ++ apr_signal(SIGTERM, just_die); ++ /* The child process just closes listeners on AP_SIG_GRACEFUL. ++ * The pod is used for signalling the graceful restart. ++ */ ++ apr_signal(AP_SIG_GRACEFUL, stop_listening); ++ child_main(slot); ++ } ++ ++ ap_scoreboard_image->parent[slot].pid = pid; ++ ++ return 0; ++} ++ ++ ++/* start up a bunch of children */ ++static void startup_children(int number_to_start) ++{ ++ int i; ++ ++ for (i = 0; number_to_start && i < ap_daemons_limit; ++i) { ++ if (ap_scoreboard_image->servers[i][0].status != SERVER_DEAD) { ++ continue; ++ } ++ if (make_child(ap_server_conf, i) < 0) { ++ break; ++ } ++ --number_to_start; ++ } ++} ++ ++ ++/* ++ * idle_spawn_rate is the number of children that will be spawned on the ++ * next maintenance cycle if there aren't enough idle servers. It is ++ * doubled up to MAX_SPAWN_RATE, and reset only when a cycle goes by ++ * without the need to spawn. ++ */ ++static int idle_spawn_rate = 1; ++#ifndef MAX_SPAWN_RATE ++#define MAX_SPAWN_RATE (32) ++#endif ++static int hold_off_on_exponential_spawning; ++ ++static void perform_idle_server_maintenance(apr_pool_t *p) ++{ ++ int i; ++ int to_kill; ++ int idle_count; ++ worker_score *ws; ++ int free_length; ++ int free_slots[MAX_SPAWN_RATE]; ++ int last_non_dead; ++ int total_non_dead; ++ ++ /* initialize the free_list */ ++ free_length = 0; ++ ++ to_kill = -1; ++ idle_count = 0; ++ last_non_dead = -1; ++ total_non_dead = 0; ++ ++ for (i = 0; i < ap_daemons_limit; ++i) { ++ int status; ++ ++ if (i >= ap_max_daemons_limit && free_length == idle_spawn_rate) ++ break; ++ ws = &ap_scoreboard_image->servers[i][0]; ++ status = ws->status; ++ if (status == SERVER_DEAD) { ++ /* try to keep children numbers as low as possible */ ++ if (free_length < idle_spawn_rate) { ++ free_slots[free_length] = i; ++ ++free_length; ++ } ++ } ++ else { ++ /* We consider a starting server as idle because we started it ++ * at least a cycle ago, and if it still hasn't finished starting ++ * then we're just going to swamp things worse by forking more. ++ * So we hopefully won't need to fork more if we count it. ++ * This depends on the ordering of SERVER_READY and SERVER_STARTING. ++ */ ++ if (status <= SERVER_READY) { ++ ++ idle_count; ++ /* always kill the highest numbered child if we have to... ++ * no really well thought out reason ... other than observing ++ * the server behaviour under linux where lower numbered children ++ * tend to service more hits (and hence are more likely to have ++ * their data in cpu caches). ++ */ ++ to_kill = i; ++ } ++ ++ ++total_non_dead; ++ last_non_dead = i; ++ } ++ } ++ ap_max_daemons_limit = last_non_dead + 1; ++ if (idle_count > ap_daemons_max_free) { ++ /* kill off one child... we use the pod because that'll cause it to ++ * shut down gracefully, in case it happened to pick up a request ++ * while we were counting ++ */ ++ ap_mpm_pod_signal(pod); ++ idle_spawn_rate = 1; ++ } ++ else if (idle_count < ap_daemons_min_free) { ++ /* terminate the free list */ ++ if (free_length == 0) { ++ /* only report this condition once */ ++ static int reported = 0; ++ ++ if (!reported) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, ++ "server reached MaxClients setting, consider" ++ " raising the MaxClients setting"); ++ reported = 1; ++ } ++ idle_spawn_rate = 1; ++ } ++ else { ++ if (idle_spawn_rate >= 8) { ++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf, ++ "server seems busy, (you may need " ++ "to increase StartServers, or Min/MaxSpareServers), " ++ "spawning %d children, there are %d idle, and " ++ "%d total children", idle_spawn_rate, ++ idle_count, total_non_dead); ++ } ++ for (i = 0; i < free_length; ++i) { ++#ifdef TPF ++ if (make_child(ap_server_conf, free_slots[i]) == -1) { ++ if(free_length == 1) { ++ shutdown_pending = 1; ++ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, ap_server_conf, ++ "No active child processes: shutting down"); ++ } ++ } ++#else ++ make_child(ap_server_conf, free_slots[i]); ++#endif /* TPF */ ++ } ++ /* the next time around we want to spawn twice as many if this ++ * wasn't good enough, but not if we've just done a graceful ++ */ ++ if (hold_off_on_exponential_spawning) { ++ --hold_off_on_exponential_spawning; ++ } ++ else if (idle_spawn_rate < MAX_SPAWN_RATE) { ++ idle_spawn_rate *= 2; ++ } ++ } ++ } ++ else { ++ idle_spawn_rate = 1; ++ } ++} ++ ++/***************************************************************** ++ * Executive routines. ++ */ ++ ++int ap_mpm_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) ++{ ++ int index; ++ int remaining_children_to_start; ++ apr_status_t rv; ++ ++ ap_log_pid(pconf, ap_pid_fname); ++ ++ first_server_limit = server_limit; ++ if (changed_limit_at_restart) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, ++ "WARNING: Attempt to change ServerLimit " ++ "ignored during restart"); ++ changed_limit_at_restart = 0; ++ } ++ ++ /* Initialize cross-process accept lock */ ++ ap_lock_fname = apr_psprintf(_pconf, "%s.%" APR_PID_T_FMT, ++ ap_server_root_relative(_pconf, ap_lock_fname), ++ ap_my_pid); ++ ++ rv = apr_proc_mutex_create(&accept_mutex, ap_lock_fname, ++ ap_accept_lock_mech, _pconf); ++ if (rv != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, ++ "Couldn't create accept lock (%s) (%d)", ++ ap_lock_fname, ap_accept_lock_mech); ++ mpm_state = AP_MPMQ_STOPPING; ++ return 1; ++ } ++ ++#if APR_USE_SYSVSEM_SERIALIZE ++ if (ap_accept_lock_mech == APR_LOCK_DEFAULT || ++ ap_accept_lock_mech == APR_LOCK_SYSVSEM) { ++#else ++ if (ap_accept_lock_mech == APR_LOCK_SYSVSEM) { ++#endif ++ rv = unixd_set_proc_mutex_perms(accept_mutex); ++ if (rv != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, ++ "Couldn't set permissions on cross-process lock; " ++ "check User and Group directives"); ++ mpm_state = AP_MPMQ_STOPPING; ++ return 1; ++ } ++ } ++ ++ if (!is_graceful) { ++ if (ap_run_pre_mpm(s->process->pool, SB_SHARED) != OK) { ++ mpm_state = AP_MPMQ_STOPPING; ++ return 1; ++ } ++ /* fix the generation number in the global score; we just got a new, ++ * cleared scoreboard ++ */ ++ ap_scoreboard_image->global->running_generation = ap_my_generation; ++ } ++ ++ set_signals(); ++ ++ if (one_process) { ++ AP_MONCONTROL(1); ++ make_child(ap_server_conf, 0); ++ } ++ else { ++ if (ap_daemons_max_free < ap_daemons_min_free + 1) /* Don't thrash... */ ++ ap_daemons_max_free = ap_daemons_min_free + 1; ++ ++ /* If we're doing a graceful_restart then we're going to see a lot ++ * of children exiting immediately when we get into the main loop ++ * below (because we just sent them AP_SIG_GRACEFUL). This happens pretty ++ * rapidly... and for each one that exits we'll start a new one until ++ * we reach at least daemons_min_free. But we may be permitted to ++ * start more than that, so we'll just keep track of how many we're ++ * supposed to start up without the 1 second penalty between each fork. ++ */ ++ remaining_children_to_start = ap_daemons_to_start; ++ if (remaining_children_to_start > ap_daemons_limit) { ++ remaining_children_to_start = ap_daemons_limit; ++ } ++ if (!is_graceful) { ++ startup_children(remaining_children_to_start); ++ remaining_children_to_start = 0; ++ } ++ else { ++ /* give the system some time to recover before kicking into ++ * exponential mode ++ */ ++ hold_off_on_exponential_spawning = 10; ++ } ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "%s configured -- resuming normal operations", ++ ap_get_server_description()); ++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf, ++ "Server built: %s", ap_get_server_built()); ++#ifdef AP_MPM_WANT_SET_ACCEPT_LOCK_MECH ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, ++ "AcceptMutex: %s (default: %s)", ++ apr_proc_mutex_name(accept_mutex), ++ apr_proc_mutex_defname()); ++#endif ++ restart_pending = shutdown_pending = 0; ++ ++ mpm_state = AP_MPMQ_RUNNING; ++ ++ while (!restart_pending && !shutdown_pending) { ++ int child_slot; ++ apr_exit_why_e exitwhy; ++ int status, processed_status; ++ /* this is a memory leak, but I'll fix it later. */ ++ apr_proc_t pid; ++ ++ ap_wait_or_timeout(&exitwhy, &status, &pid, pconf); ++ ++ /* XXX: if it takes longer than 1 second for all our children ++ * to start up and get into IDLE state then we may spawn an ++ * extra child ++ */ ++ if (pid.pid != -1) { ++ processed_status = ap_process_child_status(&pid, exitwhy, status); ++ if (processed_status == APEXIT_CHILDFATAL) { ++ mpm_state = AP_MPMQ_STOPPING; ++ return 1; ++ } ++ ++ /* non-fatal death... note that it's gone in the scoreboard. */ ++ child_slot = find_child_by_pid(&pid); ++ if (child_slot >= 0) { ++ (void) ap_update_child_status_from_indexes(child_slot, 0, SERVER_DEAD, ++ (request_rec *) NULL); ++ if (processed_status == APEXIT_CHILDSICK) { ++ /* child detected a resource shortage (E[NM]FILE, ENOBUFS, etc) ++ * cut the fork rate to the minimum ++ */ ++ idle_spawn_rate = 1; ++ } ++ else if (remaining_children_to_start ++ && child_slot < ap_daemons_limit) { ++ /* we're still doing a 1-for-1 replacement of dead ++ * children with new children ++ */ ++ make_child(ap_server_conf, child_slot); ++ --remaining_children_to_start; ++ } ++#if APR_HAS_OTHER_CHILD ++ } ++ else if (apr_proc_other_child_alert(&pid, APR_OC_REASON_DEATH, status) == APR_SUCCESS) { ++ /* handled */ ++#endif ++ } ++ else if (is_graceful) { ++ /* Great, we've probably just lost a slot in the ++ * scoreboard. Somehow we don't know about this ++ * child. ++ */ ++ ap_log_error(APLOG_MARK, APLOG_WARNING, ++ 0, ap_server_conf, ++ "long lost child came home! (pid %ld)", (long)pid.pid); ++ } ++ /* Don't perform idle maintenance when a child dies, ++ * only do it when there's a timeout. Remember only a ++ * finite number of children can die, and it's pretty ++ * pathological for a lot to die suddenly. ++ */ ++ continue; ++ } ++ else if (remaining_children_to_start) { ++ /* we hit a 1 second timeout in which none of the previous ++ * generation of children needed to be reaped... so assume ++ * they're all done, and pick up the slack if any is left. ++ */ ++ startup_children(remaining_children_to_start); ++ remaining_children_to_start = 0; ++ /* In any event we really shouldn't do the code below because ++ * few of the servers we just started are in the IDLE state ++ * yet, so we'd mistakenly create an extra server. ++ */ ++ continue; ++ } ++ ++ perform_idle_server_maintenance(pconf); ++#ifdef TPF ++ shutdown_pending = os_check_server(tpf_server_name); ++ ap_check_signals(); ++ sleep(1); ++#endif /*TPF */ ++ } ++ } /* one_process */ ++ ++ mpm_state = AP_MPMQ_STOPPING; ++ ++ if (shutdown_pending && !is_graceful) { ++ /* Time to shut down: ++ * Kill child processes, tell them to call child_exit, etc... ++ */ ++ if (unixd_killpg(getpgrp(), SIGTERM) < 0) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "killpg SIGTERM"); ++ } ++ ap_reclaim_child_processes(1); /* Start with SIGTERM */ ++ ++ /* cleanup pid file on normal shutdown */ ++ { ++ const char *pidfile = NULL; ++ pidfile = ap_server_root_relative (pconf, ap_pid_fname); ++ if ( pidfile != NULL && unlink(pidfile) == 0) ++ ap_log_error(APLOG_MARK, APLOG_INFO, ++ 0, ap_server_conf, ++ "removed PID file %s (pid=%ld)", ++ pidfile, (long)getpid()); ++ } ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "caught SIGTERM, shutting down"); ++ ++ return 1; ++ } else if (shutdown_pending) { ++ /* Time to perform a graceful shut down: ++ * Reap the inactive children, and ask the active ones ++ * to close their listeners, then wait until they are ++ * all done to exit. ++ */ ++ int active_children; ++ apr_time_t cutoff = 0; ++ ++ /* Stop listening */ ++ ap_close_listeners(); ++ ++ /* kill off the idle ones */ ++ ap_mpm_pod_killpg(pod, ap_max_daemons_limit); ++ ++ /* Send SIGUSR1 to the active children */ ++ active_children = 0; ++ for (index = 0; index < ap_daemons_limit; ++index) { ++ if (ap_scoreboard_image->servers[index][0].status != SERVER_DEAD) { ++ /* Ask each child to close its listeners. */ ++ ap_mpm_safe_kill(MPM_CHILD_PID(index), AP_SIG_GRACEFUL); ++ active_children++; ++ } ++ } ++ ++ /* Allow each child which actually finished to exit */ ++ ap_relieve_child_processes(); ++ ++ /* cleanup pid file */ ++ { ++ const char *pidfile = NULL; ++ pidfile = ap_server_root_relative (pconf, ap_pid_fname); ++ if ( pidfile != NULL && unlink(pidfile) == 0) ++ ap_log_error(APLOG_MARK, APLOG_INFO, ++ 0, ap_server_conf, ++ "removed PID file %s (pid=%ld)", ++ pidfile, (long)getpid()); ++ } ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "caught " AP_SIG_GRACEFUL_STOP_STRING ", shutting down gracefully"); ++ ++ if (ap_graceful_shutdown_timeout) { ++ cutoff = apr_time_now() + ++ apr_time_from_sec(ap_graceful_shutdown_timeout); ++ } ++ ++ /* Don't really exit until each child has finished */ ++ shutdown_pending = 0; ++ do { ++ /* Pause for a second */ ++ sleep(1); ++ ++ /* Relieve any children which have now exited */ ++ ap_relieve_child_processes(); ++ ++ active_children = 0; ++ for (index = 0; index < ap_daemons_limit; ++index) { ++ if (ap_mpm_safe_kill(MPM_CHILD_PID(index), 0) == APR_SUCCESS) { ++ active_children = 1; ++ /* Having just one child is enough to stay around */ ++ break; ++ } ++ } ++ } while (!shutdown_pending && active_children && ++ (!ap_graceful_shutdown_timeout || apr_time_now() < cutoff)); ++ ++ /* We might be here because we received SIGTERM, either ++ * way, try and make sure that all of our processes are ++ * really dead. ++ */ ++ unixd_killpg(getpgrp(), SIGTERM); ++ ++ return 1; ++ } ++ ++ /* we've been told to restart */ ++ apr_signal(SIGHUP, SIG_IGN); ++ apr_signal(AP_SIG_GRACEFUL, SIG_IGN); ++ if (one_process) { ++ /* not worth thinking about */ ++ return 1; ++ } ++ ++ /* advance to the next generation */ ++ /* XXX: we really need to make sure this new generation number isn't in ++ * use by any of the children. ++ */ ++ ++ap_my_generation; ++ ap_scoreboard_image->global->running_generation = ap_my_generation; ++ ++ if (is_graceful) { ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "Graceful restart requested, doing restart"); ++ ++ /* kill off the idle ones */ ++ ap_mpm_pod_killpg(pod, ap_max_daemons_limit); ++ ++ /* This is mostly for debugging... so that we know what is still ++ * gracefully dealing with existing request. This will break ++ * in a very nasty way if we ever have the scoreboard totally ++ * file-based (no shared memory) ++ */ ++ for (index = 0; index < ap_daemons_limit; ++index) { ++ if (ap_scoreboard_image->servers[index][0].status != SERVER_DEAD) { ++ ap_scoreboard_image->servers[index][0].status = SERVER_GRACEFUL; ++ /* Ask each child to close its listeners. ++ * ++ * NOTE: we use the scoreboard, because if we send SIGUSR1 ++ * to every process in the group, this may include CGI's, ++ * piped loggers, etc. They almost certainly won't handle ++ * it gracefully. ++ */ ++ ap_mpm_safe_kill(ap_scoreboard_image->parent[index].pid, AP_SIG_GRACEFUL); ++ } ++ } ++ } ++ else { ++ /* Kill 'em off */ ++ if (unixd_killpg(getpgrp(), SIGHUP) < 0) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "killpg SIGHUP"); ++ } ++ ap_reclaim_child_processes(0); /* Not when just starting up */ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "SIGHUP received. Attempting to restart"); ++ } ++ ++ return 0; ++} ++ ++/* This really should be a post_config hook, but the error log is already ++ * redirected by that point, so we need to do this in the open_logs phase. ++ */ ++static int prefork_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) ++{ ++ apr_status_t rv; ++ ++ pconf = p; ++ ap_server_conf = s; ++ ++ if ((num_listensocks = ap_setup_listeners(ap_server_conf)) < 1) { ++ ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_STARTUP, 0, ++ NULL, "no listening sockets available, shutting down"); ++ return DONE; ++ } ++ ++ if ((rv = ap_mpm_pod_open(pconf, &pod))) { ++ ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_STARTUP, rv, NULL, ++ "Could not open pipe-of-death."); ++ return DONE; ++ } ++ return OK; ++} ++ ++static int prefork_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp) ++{ ++ static int restart_num = 0; ++ int no_detach, debug, foreground; ++ apr_status_t rv; ++ ++ mpm_state = AP_MPMQ_STARTING; ++ ++ debug = ap_exists_config_define("DEBUG"); ++ ++ if (debug) { ++ foreground = one_process = 1; ++ no_detach = 0; ++ } ++ else ++ { ++ no_detach = ap_exists_config_define("NO_DETACH"); ++ one_process = ap_exists_config_define("ONE_PROCESS"); ++ foreground = ap_exists_config_define("FOREGROUND"); ++ } ++ ++ /* sigh, want this only the second time around */ ++ if (restart_num++ == 1) { ++ is_graceful = 0; ++ ++ if (!one_process && !foreground) { ++ rv = apr_proc_detach(no_detach ? APR_PROC_DETACH_FOREGROUND ++ : APR_PROC_DETACH_DAEMONIZE); ++ if (rv != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL, ++ "apr_proc_detach failed"); ++ return HTTP_INTERNAL_SERVER_ERROR; ++ } ++ } ++ ++ parent_pid = ap_my_pid = getpid(); ++ } ++ ++ unixd_pre_config(ptemp); ++ ap_listen_pre_config(); ++ ap_daemons_to_start = DEFAULT_START_DAEMON; ++ ap_daemons_min_free = DEFAULT_MIN_FREE_DAEMON; ++ ap_daemons_max_free = DEFAULT_MAX_FREE_DAEMON; ++ ap_daemons_limit = server_limit; ++ ap_pid_fname = DEFAULT_PIDLOG; ++ ap_lock_fname = DEFAULT_LOCKFILE; ++ ap_max_requests_per_child = DEFAULT_MAX_REQUESTS_PER_CHILD; ++ ap_extended_status = 0; ++#ifdef AP_MPM_WANT_SET_MAX_MEM_FREE ++ ap_max_mem_free = APR_ALLOCATOR_MAX_FREE_UNLIMITED; ++#endif ++ ++ apr_cpystrn(ap_coredump_dir, ap_server_root, sizeof(ap_coredump_dir)); ++ ++ return OK; ++} ++ ++static void prefork_hooks(apr_pool_t *p) ++{ ++ /* The prefork open_logs phase must run before the core's, or stderr ++ * will be redirected to a file, and the messages won't print to the ++ * console. ++ */ ++ static const char *const aszSucc[] = {"core.c", NULL}; ++ ++#ifdef AUX3 ++ (void) set42sig(); ++#endif ++ ++ ap_hook_open_logs(prefork_open_logs, NULL, aszSucc, APR_HOOK_MIDDLE); ++ /* we need to set the MPM state before other pre-config hooks use MPM query ++ * to retrieve it, so register as REALLY_FIRST ++ */ ++ ap_hook_pre_config(prefork_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST); ++} ++ ++static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ ap_daemons_to_start = atoi(arg); ++ return NULL; ++} ++ ++static const char *set_min_free_servers(cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ ap_daemons_min_free = atoi(arg); ++ if (ap_daemons_min_free <= 0) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: detected MinSpareServers set to non-positive."); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "Resetting to 1 to avoid almost certain Apache failure."); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "Please read the documentation."); ++ ap_daemons_min_free = 1; ++ } ++ ++ return NULL; ++} ++ ++static const char *set_max_free_servers(cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ ap_daemons_max_free = atoi(arg); ++ return NULL; ++} ++ ++static const char *set_max_clients (cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ ap_daemons_limit = atoi(arg); ++ if (ap_daemons_limit > server_limit) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: MaxClients of %d exceeds ServerLimit value " ++ "of %d servers,", ap_daemons_limit, server_limit); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ " lowering MaxClients to %d. To increase, please " ++ "see the ServerLimit", server_limit); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ " directive."); ++ ap_daemons_limit = server_limit; ++ } ++ else if (ap_daemons_limit < 1) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: Require MaxClients > 0, setting to 1"); ++ ap_daemons_limit = 1; ++ } ++ return NULL; ++} ++ ++static const char *set_server_limit (cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ int tmp_server_limit; ++ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ tmp_server_limit = atoi(arg); ++ /* you cannot change ServerLimit across a restart; ignore ++ * any such attempts ++ */ ++ if (first_server_limit && ++ tmp_server_limit != server_limit) { ++ /* how do we log a message? the error log is a bit bucket at this ++ * point; we'll just have to set a flag so that ap_mpm_run() ++ * logs a warning later ++ */ ++ changed_limit_at_restart = 1; ++ return NULL; ++ } ++ server_limit = tmp_server_limit; ++ ++ if (server_limit > MAX_SERVER_LIMIT) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: ServerLimit of %d exceeds compile time limit " ++ "of %d servers,", server_limit, MAX_SERVER_LIMIT); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ " lowering ServerLimit to %d.", MAX_SERVER_LIMIT); ++ server_limit = MAX_SERVER_LIMIT; ++ } ++ else if (server_limit < 1) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: Require ServerLimit > 0, setting to 1"); ++ server_limit = 1; ++ } ++ return NULL; ++} ++ ++static const command_rec prefork_cmds[] = { ++UNIX_DAEMON_COMMANDS, ++LISTEN_COMMANDS, ++AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF, ++ "Number of child processes launched at server startup"), ++AP_INIT_TAKE1("MinSpareServers", set_min_free_servers, NULL, RSRC_CONF, ++ "Minimum number of idle children, to handle request spikes"), ++AP_INIT_TAKE1("MaxSpareServers", set_max_free_servers, NULL, RSRC_CONF, ++ "Maximum number of idle children"), ++AP_INIT_TAKE1("MaxClients", set_max_clients, NULL, RSRC_CONF, ++ "Maximum number of children alive at the same time"), ++AP_INIT_TAKE1("ServerLimit", set_server_limit, NULL, RSRC_CONF, ++ "Maximum value of MaxClients for this run of Apache"), ++AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND, ++{ NULL } ++}; ++ ++module AP_MODULE_DECLARE_DATA mpm_prefork_module = { ++ MPM20_MODULE_STUFF, ++ ap_mpm_rewrite_args, /* hook to run before apache parses args */ ++ NULL, /* create per-directory config structure */ ++ NULL, /* merge per-directory config structures */ ++ NULL, /* create per-server config structure */ ++ NULL, /* merge per-server config structures */ ++ prefork_cmds, /* command apr_table_t */ ++ prefork_hooks, /* register hooks */ ++}; +Index: httpd-2.2.11/server/mpm/experimental/itk/mpm.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h 2009-03-17 21:38:54.000000000 +0100 +@@ -0,0 +1,62 @@ ++/* Licensed to the Apache Software Foundation (ASF) under one or more ++ * contributor license agreements. See the NOTICE file distributed with ++ * this work for additional information regarding copyright ownership. ++ * The ASF licenses this file to You under the Apache License, Version 2.0 ++ * (the "License"); you may not use this file except in compliance with ++ * the License. You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++/** ++ * @file prefork/mpm.h ++ * @brief Unix Prefork MPM (default for Uinx systems) ++ * ++ * @defgroup APACHE_MPM_PREFORK Unix Prefork ++ * @ingroup APACHE_MPM APACHE_OS_UNIX ++ * @{ ++ */ ++ ++#include "httpd.h" ++#include "mpm_default.h" ++#include "scoreboard.h" ++#include "unixd.h" ++ ++#ifndef APACHE_MPM_PREFORK_H ++#define APACHE_MPM_PREFORK_H ++ ++#define PREFORK_MPM ++ ++#define MPM_NAME "Prefork" ++ ++#define AP_MPM_WANT_RECLAIM_CHILD_PROCESSES ++#define AP_MPM_WANT_WAIT_OR_TIMEOUT ++#define AP_MPM_WANT_PROCESS_CHILD_STATUS ++#define AP_MPM_WANT_SET_PIDFILE ++#define AP_MPM_WANT_SET_SCOREBOARD ++#define AP_MPM_WANT_SET_LOCKFILE ++#define AP_MPM_WANT_SET_MAX_REQUESTS ++#define AP_MPM_WANT_SET_COREDUMPDIR ++#define AP_MPM_WANT_SET_ACCEPT_LOCK_MECH ++#define AP_MPM_WANT_SIGNAL_SERVER ++#define AP_MPM_WANT_SET_MAX_MEM_FREE ++#define AP_MPM_WANT_FATAL_SIGNAL_HANDLER ++#define AP_MPM_WANT_SET_GRACEFUL_SHUTDOWN ++#define AP_MPM_DISABLE_NAGLE_ACCEPTED_SOCK ++ ++#define AP_MPM_USES_POD 1 ++#define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid) ++#define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0) ++#define MPM_ACCEPT_FUNC unixd_accept ++ ++extern int ap_threads_per_child; ++extern int ap_max_daemons_limit; ++extern server_rec *ap_server_conf; ++#endif /* APACHE_MPM_PREFORK_H */ ++/** @} */ +Index: httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h 2009-03-17 21:38:54.000000000 +0100 +@@ -0,0 +1,74 @@ ++/* Licensed to the Apache Software Foundation (ASF) under one or more ++ * contributor license agreements. See the NOTICE file distributed with ++ * this work for additional information regarding copyright ownership. ++ * The ASF licenses this file to You under the Apache License, Version 2.0 ++ * (the "License"); you may not use this file except in compliance with ++ * the License. You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++/** ++ * @file prefork/mpm_default.h ++ * @brief Prefork MPM defaults ++ * ++ * @addtogroup APACHE_MPM_PREFORK ++ * @{ ++ */ ++ ++#ifndef APACHE_MPM_DEFAULT_H ++#define APACHE_MPM_DEFAULT_H ++ ++/* Number of servers to spawn off by default --- also, if fewer than ++ * this free when the caretaker checks, it will spawn more. ++ */ ++#ifndef DEFAULT_START_DAEMON ++#define DEFAULT_START_DAEMON 5 ++#endif ++ ++/* Maximum number of *free* server processes --- more than this, and ++ * they will die off. ++ */ ++ ++#ifndef DEFAULT_MAX_FREE_DAEMON ++#define DEFAULT_MAX_FREE_DAEMON 10 ++#endif ++ ++/* Minimum --- fewer than this, and more will be created */ ++ ++#ifndef DEFAULT_MIN_FREE_DAEMON ++#define DEFAULT_MIN_FREE_DAEMON 5 ++#endif ++ ++/* File used for accept locking, when we use a file */ ++#ifndef DEFAULT_LOCKFILE ++#define DEFAULT_LOCKFILE DEFAULT_REL_RUNTIMEDIR "/accept.lock" ++#endif ++ ++/* Where the main/parent process's pid is logged */ ++#ifndef DEFAULT_PIDLOG ++#define DEFAULT_PIDLOG DEFAULT_REL_RUNTIMEDIR "/httpd.pid" ++#endif ++ ++/* ++ * Interval, in microseconds, between scoreboard maintenance. ++ */ ++#ifndef SCOREBOARD_MAINTENANCE_INTERVAL ++#define SCOREBOARD_MAINTENANCE_INTERVAL 1000000 ++#endif ++ ++/* Number of requests to try to handle in a single process. If <= 0, ++ * the children don't die off. ++ */ ++#ifndef DEFAULT_MAX_REQUESTS_PER_CHILD ++#define DEFAULT_MAX_REQUESTS_PER_CHILD 10000 ++#endif ++ ++#endif /* AP_MPM_DEFAULT_H */ ++/** @} */ --- apache2-2.2.14.orig/debian/mpm-itk/debian/changelog +++ apache2-2.2.14/debian/mpm-itk/debian/changelog @@ -0,0 +1,117 @@ +apache2-mpm-itk has been merged into the apache2 source package. For newer +changes, see the apache2 changelog. + +apache2-mpm-itk (2.2.11-02-1) unstable; urgency=low + + * New upstream release. + + -- Steinar H. Gunderson Tue, 14 Apr 2009 23:47:36 +0200 + +apache2-mpm-itk (2.2.11-01-1) unstable; urgency=low + + * New upstream release. + * Updated debian/copyright file with COPYRIGHT from the tarball. + * Updated apache2-src build-dependency to make sure we build against Apache + 2.2.11. (The patch set itself will work just fine for 2.2.9, although + not without some fuzz.) + * Updated Standards-Version to 3.8.1 (no changes needed). + + -- Steinar H. Gunderson Sun, 22 Mar 2009 15:39:39 +0100 + +apache2-mpm-itk (2.2.6-02-1) unstable; urgency=medium + + * New upstream release. + * Fixes a configure test for libcap. + * Update Debian package to fix fine-grained capability dropping support. + Together with the upstream fixes, this enables capability dropping, + which was previously broken. (Closes: #492614) + * Run autoheader before autoconf, so HAVE_LIBCAP gets into the right .h + file. + * Change build-dependency from libcap-dev to libcap2-dev, as libcap-dev is + deprecated. + + -- Steinar H. Gunderson Sun, 27 Jul 2008 22:18:26 +0200 + +apache2-mpm-itk (2.2.6-01-3.1) unstable; urgency=low + + * Non-maintainer upload. + * Correctly determine the dependency on apache2.2-common. (Closes: #477772) + + -- Stefan Fritsch Wed, 18 Jun 2008 23:09:34 +0200 + +apache2-mpm-itk (2.2.6-01-3) unstable; urgency=low + + * Use config.nice from apache2-src. This allows us to drop the + build-dependency on apache2-prefork-dev. + * Bump versioned build-dependency on apache2-src to 2.2.9. + * Build-depend on libaprutil1-dev, since we no lenger get it in + transitively from apache2-prefork-dev. + + -- Steinar H. Gunderson Sun, 15 Jun 2008 10:11:49 -0700 + +apache2-mpm-itk (2.2.6-01-2) unstable; urgency=low + + * Update the long description to better reflect the status of the package + (it can hardly be called “highly experimental” anymore). + * Lintian fixes: + * Build-depend on apache2-src (>= 2.2.6) instead of apache2-src + (>= 2.2.6-1). + * Update to Standards-Version 3.7.3 (no changes needed). + + -- Steinar H. Gunderson Tue, 29 Apr 2008 00:55:41 +0200 + +apache2-mpm-itk (2.2.6-01-1) unstable; urgency=high + + * New upstream release, with patches updated for Apache 2.2.6. Should fix + FTBFS (but that FTBFS was silently ignored, see next item). + * Update the apache2-src build dependency to at least 2.2.6-1, as I'm + unsure of the effects of building with this patch set against older + versions. + * Use "set -e" in the patch target so failing hunks are not ignored during + building. + * Updated the homepage URL in debian/copyright, and added + licensing/copyright/tarball information. + + -- Steinar H. Gunderson Sat, 05 Jan 2008 12:27:08 +0100 + +apache2-mpm-itk (2.2.3-04-3) unstable; urgency=medium + + * Provide and conflict with apache2-mpm, in line with new practice from + the main Apache package. This replaces the old conflict lines, as well as + the Provides: apache2-modules. + * apache2-src now contains a top-level directory; adjust debian/rules + accordingly so we just unpack the tarball instead of making an apache2.2 + directory and untarring within that. Fixes FTBFS with newer apache2-src. + (Closes: #428919) + * Build-depend on apache2-src (>= 2.2.3-5), as this will now FTBFS with + older apache2-src versions. + * Remove an obsolete comment from the debian/rules source target. + + -- Steinar H. Gunderson Fri, 15 Jun 2007 13:19:51 +0200 + +apache2-mpm-itk (2.2.3-04-2) unstable; urgency=low + + * Don't build-depend on libcap-dev for non-Linux architectures, which + prevents building on those; patch from Cyril Brulebois. + (Closes: #416460) + + -- Steinar H. Gunderson Sat, 19 May 2007 01:48:11 +0200 + +apache2-mpm-itk (2.2.3-04-1) unstable; urgency=low + + * New upstream release; now with split patches in a tarball (with license + and all) instead of one monolithic patch. + * Adjust debian/rules accordingly. + * Make a "source" target that uses quilt instead of manual patching. + * Remove workaround for old apache2-src. + * Drop dh_testroot from the clean target, as we do not really need root for + it, and it's convenient to be able to just do "debian/rules source" without + using fakeroot. + + -- Steinar H. Gunderson Wed, 25 Apr 2007 14:13:33 +0200 + +apache2-mpm-itk (2.2.3-01-1) unstable; urgency=low + + * Initial port to Apache 2.2, and upload to Debian. + + -- Steinar H. Gunderson Sun, 29 Oct 2006 23:05:36 +0100 --- apache2-2.2.14.orig/debian/patches/032_suexec_is_shared +++ apache2-2.2.14/debian/patches/032_suexec_is_shared @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 032_suexec_is_shared by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Patch to allow suEXEC as shared. + +@DPATCH@ +--- apache2/os/unix/unixd.c 2004-09-27 19:53:29.000000000 -0600 ++++ apache2/os/unix/unixd.c 2004-09-27 19:56:57.000000000 -0600 +@@ -209,6 +209,10 @@ + + /* Check for suexec */ + unixd_config.suexec_enabled = 0; ++ /* If mod_suexec isn't linked in, we shouldn't test for the binary */ ++ if (ap_find_linked_module("mod_suexec.c") == NULL) { ++ return; ++ } + if ((apr_stat(&wrapper, SUEXEC_BIN, + APR_FINFO_NORM, ptemp)) != APR_SUCCESS) { + return; --- apache2-2.2.14.orig/debian/patches/002_apachectl +++ apache2-2.2.14/debian/patches/002_apachectl @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 002_apachectl by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: envvars lives in /etc/apache2 in our setup. + +@DPATCH@ +--- apache2/support/apachectl.in 2003-05-07 13:18:19.000000000 +0100 ++++ apache2/support/apachectl.in 2003-05-07 13:17:37.000000000 +0100 +@@ -31,8 +31,8 @@ + HTTPD='@exp_sbindir@/@progname@' + # + # pick up any necessary environment variables +-if test -f @exp_sbindir@/envvars; then +- . @exp_sbindir@/envvars ++if test -f @exp_sysconfdir@/envvars; then ++ . @exp_sysconfdir@/envvars + fi + # + # a command that outputs a formatted text version of the HTML at the --- apache2-2.2.14.orig/debian/patches/067_fix_segfault_in_ab.dpatch +++ apache2-2.2.14/debian/patches/067_fix_segfault_in_ab.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 067_fix_segfault_in_ab.dpatch by Ryan Niebur +## +## DP: Do not free what SSL_get_peer_cert_chain returns. It returns a +## pointer to memory that is freed later on with the +## session. (Bug#495982) +## Forwarded: https://issues.apache.org/bugzilla/show_bug.cgi?id=46393 + +@DPATCH@ +diff -urNad apache2-2.2.9~/support/ab.c apache2-2.2.9/support/ab.c +--- apache2-2.2.9~/support/ab.c 2008-05-28 05:58:01.000000000 -0700 ++++ apache2-2.2.9/support/ab.c 2008-11-29 15:47:41.000000000 -0800 +@@ -535,7 +535,6 @@ + for (i=1; issl); --- apache2-2.2.14.orig/debian/patches/050_enhance_apache2ctl.dpatch +++ apache2-2.2.14/debian/patches/050_enhance_apache2ctl.dpatch @@ -0,0 +1,121 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 050_enhance_apache2ctl.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: - mv creation of necessary directories to apache2ctl, +## DP: to make it work on new installations +## DP: - add usage message + +@DPATCH@ +diff -urNad trunk~/support/apachectl.in trunk/support/apachectl.in +--- trunk~/support/apachectl.in 2010-01-02 17:51:49.480626116 +0100 ++++ trunk/support/apachectl.in 2010-01-02 17:52:31.089347144 +0100 +@@ -40,28 +40,31 @@ + # |||||||||||||||||||| START CONFIGURATION SECTION |||||||||||||||||||| + # -------------------- -------------------- + # +-# the path to your httpd binary, including options if necessary +-HTTPD='@exp_sbindir@/@progname@' +-# ++# the path to the environment variable file ++test -z "$APACHE_ENVVARS" && APACHE_ENVVARS='/etc/apache2/envvars' + # pick up any necessary environment variables +-if test -f @exp_sysconfdir@/envvars; then +- . @exp_sysconfdir@/envvars ++if test -f $APACHE_ENVVARS; then ++ . $APACHE_ENVVARS + fi ++# the following APACHE_* variables should be set in /etc/apache2/envvars ++# ++# the path to your httpd binary, including options if necessary ++HTTPD=${APACHE_HTTPD:-/usr/sbin/apache2} + # + # a command that outputs a formatted text version of the HTML at the + # url given on the command line. Designed for lynx, however other + # programs may work. +-LYNX="@LYNX_PATH@ -dump" ++LYNX="${APACHE_LYNX:-@LYNX_PATH@ -dump}" + # + # the URL to your server's mod_status status page. If you do not + # have one, then status and fullstatus will not work. +-STATUSURL="http://localhost:@PORT@/server-status" ++STATUSURL="${APACHE_STATUSURL:-http://localhost:@PORT@/server-status}" + # + # Set this variable to a command that increases the maximum + # number of file descriptors allowed per child process. This is + # critical for configurations that use many file descriptors, + # such as mass vhosting, or a multithreaded server. +-ULIMIT_MAX_FILES="@APACHECTL_ULIMIT@" ++ULIMIT_MAX_FILES="${APACHE_ULIMIT_MAX_FILES:-@APACHECTL_ULIMIT@}" + # -------------------- -------------------- + # |||||||||||||||||||| END CONFIGURATION SECTION |||||||||||||||||||| + +@@ -71,13 +74,42 @@ + fi + + ERROR=0 +-if [ "x$ARGV" = "x" ] ; then +- ARGV="-h" ++if [ "x$ARGV" = "x" ] || [ "x$ARGV" = "xusage" ] || [ "x$ARGV" = "xhelp" ] || [ "x$ARGV" = "x--help" ]; then ++ echo "Usage: $0 start|stop|restart|graceful|graceful-stop|configtest|status|fullstatus|help" >&2 ++ echo " $0 " >&2 ++ echo " $0 -h (for help on )" >&2 ++ exit 1 + fi + ++get_status () { ++ if ! $LYNX $STATUSURL ; then ++ echo "'$LYNX $STATUSURL'" failed. >&2 ++ echo Maybe you need to install a package providing www-browser or you >&2 ++ echo need to adjust the APACHE_LYNX variable in /etc/apache2/envvars >&2 ++ exit 1 ++ fi ++} ++ + case $ARGV in +-start|stop|restart|graceful|graceful-stop) +- $HTTPD -k $ARGV ++start) ++ mkdir -p ${APACHE_RUN_DIR:-/var/run/apache2} ++ install -d -o ${APACHE_RUN_USER:-www-data} ${APACHE_LOCK_DIR:-/var/lock/apache2} ++ # ssl_scache shouldn't be here if we're just starting up. ++ # (this is bad if there are several apache2 instances running) ++ rm -f ${APACHE_RUN_DIR:-/var/run/apache2}/*ssl_scache* ++ $HTTPD ${APACHE_ARGUMENTS} -k $ARGV ++ ERROR=$? ++ ;; ++stop|graceful-stop) ++ $HTTPD ${APACHE_ARGUMENTS} -k $ARGV ++ ERROR=$? ++ ;; ++restart|graceful) ++ if $HTTPD ${APACHE_ARGUMENTS} -t 2> /dev/null ; then ++ $HTTPD ${APACHE_ARGUMENTS} -k $ARGV ++ else ++ $HTTPD ${APACHE_ARGUMENTS} -t ++ fi + ERROR=$? + ;; + startssl|sslstart|start-SSL) +@@ -87,17 +119,17 @@ + ERROR=2 + ;; + configtest) +- $HTTPD -t ++ $HTTPD ${APACHE_ARGUMENTS} -t + ERROR=$? + ;; + status) +- $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' ++ get_status | awk ' /process$/ { print; exit } { print } ' + ;; + fullstatus) +- $LYNX $STATUSURL ++ get_status + ;; + *) +- $HTTPD $ARGV ++ $HTTPD ${APACHE_ARGUMENTS} $ARGV + ERROR=$? + esac + --- apache2-2.2.14.orig/debian/patches/047_fix_usage_message.dpatch +++ apache2-2.2.14/debian/patches/047_fix_usage_message.dpatch @@ -0,0 +1,28 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 047_fix_usage_message.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Add -X to the help message + +@DPATCH@ +diff -urNad apache2-2.2.4~/server/main.c apache2-2.2.4/server/main.c +--- apache2-2.2.4~/server/main.c 2006-09-15 15:19:25.000000000 +0200 ++++ apache2-2.2.4/server/main.c 2007-06-25 23:19:58.000000000 +0200 +@@ -336,7 +336,7 @@ + #endif /* AP_MPM_WANT_SET_GRACEFUL_SHUTDOWN */ + #endif + ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, +- " %s [-v] [-V] [-h] [-l] [-L] [-t] [-S]", pad); ++ " %s [-v] [-V] [-h] [-l] [-L] [-t] [-S] [-X]", pad); + ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, + "Options:"); + +@@ -415,6 +415,8 @@ + " -M : a synonym for -t -D DUMP_MODULES"); + ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, + " -t : run syntax check for config files"); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ " -X : debug mode (only one worker, do not detach)"); + + destroy_and_exit_process(process, 1); + } --- apache2-2.2.14.orig/debian/patches/034_apxs2_libtool_fixtastic +++ apache2-2.2.14/debian/patches/034_apxs2_libtool_fixtastic @@ -0,0 +1,26 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 034_apxs2_libtool_fixtastic by Peter Samuelson +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Make libtool happier + +--- support/apxs.in ++++ apache2/support/apxs.in +@@ -409,7 +409,7 @@ + $la =~ s|\.c$|.la|; + my $o = $s; + $o =~ s|\.c$|.o|; +- push(@cmds, "$libtool $ltflags --mode=compile $CFG_CC $cflags -I$CFG_INCLUDEDIR $apr_includedir $apu_includedir $opt -c -o $lo $s && touch $slo"); ++ push(@cmds, "$libtool $ltflags --mode=compile --tag=disable-static $CFG_CC $cflags -I$CFG_INCLUDEDIR $apr_includedir $apu_includedir $opt -c -o $lo $s && touch $slo"); + unshift(@objs, $lo); + } + +@@ -446,7 +446,7 @@ + $opt .= " -rpath $CFG_LIBEXECDIR -module -avoid-version $apr_ldflags"; + } + +- push(@cmds, "$libtool $ltflags --mode=link $CFG_CC -o $dso_file $opt $lo"); ++ push(@cmds, "$libtool $ltflags --mode=link --tag=disable-static $CFG_CC -o $dso_file $opt $lo"); + + # execute the commands + &execute_cmds(@cmds); --- apache2-2.2.14.orig/debian/patches/206-fix-potential-memory-leaks.dpatch +++ apache2-2.2.14/debian/patches/206-fix-potential-memory-leaks.dpatch @@ -0,0 +1,86 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: fix possible memory leaks that have been created by earlier filters. +# Origin: upstream, http://svn.apache.org/viewcv?view=revision&revision=916627 + +@DPATCH@ +diff -Naurp httpd-2.2.14.orig/modules/http/byterange_filter.c httpd-2.2.14/modules/http/byterange_filter.c +--- httpd-2.2.14.orig/modules/http/byterange_filter.c 2007-10-29 09:11:42.000000000 -0400 ++++ httpd-2.2.14/modules/http/byterange_filter.c 2010-04-05 09:26:51.630145503 -0400 +@@ -308,7 +308,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ + APR_BRIGADE_INSERT_TAIL(bsend, e); + + /* we're done with the original content - all of our data is in bsend. */ +- apr_brigade_destroy(bb); ++ apr_brigade_cleanup(bb); + + /* send our multipart output */ + return ap_pass_brigade(f->next, bsend); +diff -Naurp httpd-2.2.14.orig/modules/http/http_filters.c httpd-2.2.14/modules/http/http_filters.c +--- httpd-2.2.14.orig/modules/http/http_filters.c 2009-01-12 09:03:38.000000000 -0500 ++++ httpd-2.2.14/modules/http/http_filters.c 2010-04-05 09:28:17.866158803 -0400 +@@ -1115,7 +1115,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ + ctx = f->ctx = apr_pcalloc(r->pool, sizeof(header_filter_ctx)); + } + else if (ctx->headers_sent) { +- apr_brigade_destroy(b); ++ apr_brigade_cleanup(b); + return OK; + } + } +@@ -1286,7 +1286,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ + ap_pass_brigade(f->next, b2); + + if (r->header_only) { +- apr_brigade_destroy(b); ++ apr_brigade_cleanup(b); + ctx->headers_sent = 1; + return OK; + } +diff -Naurp httpd-2.2.14.orig/server/core_filters.c httpd-2.2.14/server/core_filters.c +--- httpd-2.2.14.orig/server/core_filters.c 2009-07-06 08:03:20.000000000 -0400 ++++ httpd-2.2.14/server/core_filters.c 2010-04-05 09:23:38.990157334 -0400 +@@ -655,6 +655,8 @@ apr_status_t ap_core_output_filter(ap_fi + /* Create a temporary brigade as a means + * of concatenating a bunch of buckets together + */ ++ temp_brig = apr_brigade_create(f->c->pool, ++ f->c->bucket_alloc); + if (last_merged_bucket) { + /* If we've concatenated together small + * buckets already in a previous pass, +@@ -667,15 +669,8 @@ apr_status_t ap_core_output_filter(ap_fi + * these buckets, so that the content + * in them doesn't have to be copied again. + */ +- apr_bucket_brigade *bb; +- bb = apr_brigade_split(b, +- APR_BUCKET_NEXT(last_merged_bucket)); +- temp_brig = b; +- b = bb; +- } +- else { +- temp_brig = apr_brigade_create(f->c->pool, +- f->c->bucket_alloc); ++ APR_BRIGADE_PREPEND(b, temp_brig); ++ brigade_move(temp_brig, b, APR_BUCKET_NEXT(last_merged_bucket)); + } + + temp = APR_BRIGADE_FIRST(b); +@@ -879,7 +874,7 @@ apr_status_t ap_core_output_filter(ap_fi + logio_add_bytes_out(c, bytes_sent); + } + +- apr_brigade_destroy(b); ++ apr_brigade_cleanup(b); + + /* drive cleanups for resources which were set aside + * this may occur before or after termination of the request which +@@ -910,7 +905,7 @@ apr_status_t ap_core_output_filter(ap_fi + "core_output_filter: writing data to the network"); + + if (more) +- apr_brigade_destroy(more); ++ apr_brigade_cleanup(more); + + /* No need to check for SUCCESS, we did that above. */ + if (!APR_STATUS_IS_EAGAIN(rv)) { --- apache2-2.2.14.orig/debian/patches/099_config_guess_sub_update.dpatch +++ apache2-2.2.14/debian/patches/099_config_guess_sub_update.dpatch @@ -0,0 +1,3123 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 099_config_guess_sub_update.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad apache2-2.2.3~/config.guess apache2-2.2.3/config.guess +--- apache2-2.2.3~/config.guess 1970-01-01 01:00:00.000000000 +0100 ++++ apache2-2.2.3/config.guess 2006-09-27 21:50:35.000000000 +0200 +@@ -0,0 +1,1500 @@ ++#! /bin/sh ++# Attempt to guess a canonical system name. ++# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, ++# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, ++# Inc. ++ ++timestamp='2006-07-02' ++ ++# This file is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA ++# 02110-1301, USA. ++# ++# As a special exception to the GNU General Public License, if you ++# distribute this file as part of a program that contains a ++# configuration script generated by Autoconf, you may include it under ++# the same distribution terms that you use for the rest of that program. ++ ++ ++# Originally written by Per Bothner . ++# Please send patches to . Submit a context ++# diff and a properly formatted ChangeLog entry. ++# ++# This script attempts to guess a canonical system name similar to ++# config.sub. If it succeeds, it prints the system name on stdout, and ++# exits with 0. Otherwise, it exits with 1. ++# ++# The plan is that this can be called by configure scripts if you ++# don't specify an explicit build system type. ++ ++me=`echo "$0" | sed -e 's,.*/,,'` ++ ++usage="\ ++Usage: $0 [OPTION] ++ ++Output the configuration name of the system \`$me' is run on. ++ ++Operation modes: ++ -h, --help print this help, then exit ++ -t, --time-stamp print date of last modification, then exit ++ -v, --version print version number, then exit ++ ++Report bugs and patches to ." ++ ++version="\ ++GNU config.guess ($timestamp) ++ ++Originally written by Per Bothner. ++Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 ++Free Software Foundation, Inc. ++ ++This is free software; see the source for copying conditions. There is NO ++warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." ++ ++help=" ++Try \`$me --help' for more information." ++ ++# Parse command line ++while test $# -gt 0 ; do ++ case $1 in ++ --time-stamp | --time* | -t ) ++ echo "$timestamp" ; exit ;; ++ --version | -v ) ++ echo "$version" ; exit ;; ++ --help | --h* | -h ) ++ echo "$usage"; exit ;; ++ -- ) # Stop option processing ++ shift; break ;; ++ - ) # Use stdin as input. ++ break ;; ++ -* ) ++ echo "$me: invalid option $1$help" >&2 ++ exit 1 ;; ++ * ) ++ break ;; ++ esac ++done ++ ++if test $# != 0; then ++ echo "$me: too many arguments$help" >&2 ++ exit 1 ++fi ++ ++trap 'exit 1' 1 2 15 ++ ++# CC_FOR_BUILD -- compiler used by this script. Note that the use of a ++# compiler to aid in system detection is discouraged as it requires ++# temporary files to be created and, as you can see below, it is a ++# headache to deal with in a portable fashion. ++ ++# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still ++# use `HOST_CC' if defined, but it is deprecated. ++ ++# Portable tmp directory creation inspired by the Autoconf team. ++ ++set_cc_for_build=' ++trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; ++trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; ++: ${TMPDIR=/tmp} ; ++ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || ++ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || ++ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || ++ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; ++dummy=$tmp/dummy ; ++tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; ++case $CC_FOR_BUILD,$HOST_CC,$CC in ++ ,,) echo "int x;" > $dummy.c ; ++ for c in cc gcc c89 c99 ; do ++ if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then ++ CC_FOR_BUILD="$c"; break ; ++ fi ; ++ done ; ++ if test x"$CC_FOR_BUILD" = x ; then ++ CC_FOR_BUILD=no_compiler_found ; ++ fi ++ ;; ++ ,,*) CC_FOR_BUILD=$CC ;; ++ ,*,*) CC_FOR_BUILD=$HOST_CC ;; ++esac ; set_cc_for_build= ;' ++ ++# This is needed to find uname on a Pyramid OSx when run in the BSD universe. ++# (ghazi@noc.rutgers.edu 1994-08-24) ++if (test -f /.attbin/uname) >/dev/null 2>&1 ; then ++ PATH=$PATH:/.attbin ; export PATH ++fi ++ ++UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown ++UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown ++UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown ++UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown ++ ++# Note: order is significant - the case branches are not exclusive. ++ ++case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in ++ *:NetBSD:*:*) ++ # NetBSD (nbsd) targets should (where applicable) match one or ++ # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, ++ # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently ++ # switched to ELF, *-*-netbsd* would select the old ++ # object file format. This provides both forward ++ # compatibility and a consistent mechanism for selecting the ++ # object file format. ++ # ++ # Note: NetBSD doesn't particularly care about the vendor ++ # portion of the name. We always set it to "unknown". ++ sysctl="sysctl -n hw.machine_arch" ++ UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ ++ /usr/sbin/$sysctl 2>/dev/null || echo unknown)` ++ case "${UNAME_MACHINE_ARCH}" in ++ armeb) machine=armeb-unknown ;; ++ arm*) machine=arm-unknown ;; ++ sh3el) machine=shl-unknown ;; ++ sh3eb) machine=sh-unknown ;; ++ *) machine=${UNAME_MACHINE_ARCH}-unknown ;; ++ esac ++ # The Operating System including object format, if it has switched ++ # to ELF recently, or will in the future. ++ case "${UNAME_MACHINE_ARCH}" in ++ arm*|i386|m68k|ns32k|sh3*|sparc|vax) ++ eval $set_cc_for_build ++ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ ++ | grep __ELF__ >/dev/null ++ then ++ # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). ++ # Return netbsd for either. FIX? ++ os=netbsd ++ else ++ os=netbsdelf ++ fi ++ ;; ++ *) ++ os=netbsd ++ ;; ++ esac ++ # The OS release ++ # Debian GNU/NetBSD machines have a different userland, and ++ # thus, need a distinct triplet. However, they do not need ++ # kernel version information, so it can be replaced with a ++ # suitable tag, in the style of linux-gnu. ++ case "${UNAME_VERSION}" in ++ Debian*) ++ release='-gnu' ++ ;; ++ *) ++ release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ++ ;; ++ esac ++ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: ++ # contains redundant information, the shorter form: ++ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. ++ echo "${machine}-${os}${release}" ++ exit ;; ++ *:OpenBSD:*:*) ++ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` ++ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} ++ exit ;; ++ *:ekkoBSD:*:*) ++ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} ++ exit ;; ++ *:SolidBSD:*:*) ++ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} ++ exit ;; ++ macppc:MirBSD:*:*) ++ echo powerpc-unknown-mirbsd${UNAME_RELEASE} ++ exit ;; ++ *:MirBSD:*:*) ++ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} ++ exit ;; ++ alpha:OSF1:*:*) ++ case $UNAME_RELEASE in ++ *4.0) ++ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ++ ;; ++ *5.*) ++ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ++ ;; ++ esac ++ # According to Compaq, /usr/sbin/psrinfo has been available on ++ # OSF/1 and Tru64 systems produced since 1995. I hope that ++ # covers most systems running today. This code pipes the CPU ++ # types through head -n 1, so we only detect the type of CPU 0. ++ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` ++ case "$ALPHA_CPU_TYPE" in ++ "EV4 (21064)") ++ UNAME_MACHINE="alpha" ;; ++ "EV4.5 (21064)") ++ UNAME_MACHINE="alpha" ;; ++ "LCA4 (21066/21068)") ++ UNAME_MACHINE="alpha" ;; ++ "EV5 (21164)") ++ UNAME_MACHINE="alphaev5" ;; ++ "EV5.6 (21164A)") ++ UNAME_MACHINE="alphaev56" ;; ++ "EV5.6 (21164PC)") ++ UNAME_MACHINE="alphapca56" ;; ++ "EV5.7 (21164PC)") ++ UNAME_MACHINE="alphapca57" ;; ++ "EV6 (21264)") ++ UNAME_MACHINE="alphaev6" ;; ++ "EV6.7 (21264A)") ++ UNAME_MACHINE="alphaev67" ;; ++ "EV6.8CB (21264C)") ++ UNAME_MACHINE="alphaev68" ;; ++ "EV6.8AL (21264B)") ++ UNAME_MACHINE="alphaev68" ;; ++ "EV6.8CX (21264D)") ++ UNAME_MACHINE="alphaev68" ;; ++ "EV6.9A (21264/EV69A)") ++ UNAME_MACHINE="alphaev69" ;; ++ "EV7 (21364)") ++ UNAME_MACHINE="alphaev7" ;; ++ "EV7.9 (21364A)") ++ UNAME_MACHINE="alphaev79" ;; ++ esac ++ # A Pn.n version is a patched version. ++ # A Vn.n version is a released version. ++ # A Tn.n version is a released field test version. ++ # A Xn.n version is an unreleased experimental baselevel. ++ # 1.2 uses "1.2" for uname -r. ++ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` ++ exit ;; ++ Alpha\ *:Windows_NT*:*) ++ # How do we know it's Interix rather than the generic POSIX subsystem? ++ # Should we change UNAME_MACHINE based on the output of uname instead ++ # of the specific Alpha model? ++ echo alpha-pc-interix ++ exit ;; ++ 21064:Windows_NT:50:3) ++ echo alpha-dec-winnt3.5 ++ exit ;; ++ Amiga*:UNIX_System_V:4.0:*) ++ echo m68k-unknown-sysv4 ++ exit ;; ++ *:[Aa]miga[Oo][Ss]:*:*) ++ echo ${UNAME_MACHINE}-unknown-amigaos ++ exit ;; ++ *:[Mm]orph[Oo][Ss]:*:*) ++ echo ${UNAME_MACHINE}-unknown-morphos ++ exit ;; ++ *:OS/390:*:*) ++ echo i370-ibm-openedition ++ exit ;; ++ *:z/VM:*:*) ++ echo s390-ibm-zvmoe ++ exit ;; ++ *:OS400:*:*) ++ echo powerpc-ibm-os400 ++ exit ;; ++ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) ++ echo arm-acorn-riscix${UNAME_RELEASE} ++ exit ;; ++ arm:riscos:*:*|arm:RISCOS:*:*) ++ echo arm-unknown-riscos ++ exit ;; ++ SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) ++ echo hppa1.1-hitachi-hiuxmpp ++ exit ;; ++ Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) ++ # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. ++ if test "`(/bin/universe) 2>/dev/null`" = att ; then ++ echo pyramid-pyramid-sysv3 ++ else ++ echo pyramid-pyramid-bsd ++ fi ++ exit ;; ++ NILE*:*:*:dcosx) ++ echo pyramid-pyramid-svr4 ++ exit ;; ++ DRS?6000:unix:4.0:6*) ++ echo sparc-icl-nx6 ++ exit ;; ++ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) ++ case `/usr/bin/uname -p` in ++ sparc) echo sparc-icl-nx7; exit ;; ++ esac ;; ++ sun4H:SunOS:5.*:*) ++ echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` ++ exit ;; ++ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) ++ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` ++ exit ;; ++ i86pc:SunOS:5.*:*) ++ echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` ++ exit ;; ++ sun4*:SunOS:6*:*) ++ # According to config.sub, this is the proper way to canonicalize ++ # SunOS6. Hard to guess exactly what SunOS6 will be like, but ++ # it's likely to be more like Solaris than SunOS4. ++ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` ++ exit ;; ++ sun4*:SunOS:*:*) ++ case "`/usr/bin/arch -k`" in ++ Series*|S4*) ++ UNAME_RELEASE=`uname -v` ++ ;; ++ esac ++ # Japanese Language versions have a version number like `4.1.3-JL'. ++ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` ++ exit ;; ++ sun3*:SunOS:*:*) ++ echo m68k-sun-sunos${UNAME_RELEASE} ++ exit ;; ++ sun*:*:4.2BSD:*) ++ UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` ++ test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 ++ case "`/bin/arch`" in ++ sun3) ++ echo m68k-sun-sunos${UNAME_RELEASE} ++ ;; ++ sun4) ++ echo sparc-sun-sunos${UNAME_RELEASE} ++ ;; ++ esac ++ exit ;; ++ aushp:SunOS:*:*) ++ echo sparc-auspex-sunos${UNAME_RELEASE} ++ exit ;; ++ # The situation for MiNT is a little confusing. The machine name ++ # can be virtually everything (everything which is not ++ # "atarist" or "atariste" at least should have a processor ++ # > m68000). The system name ranges from "MiNT" over "FreeMiNT" ++ # to the lowercase version "mint" (or "freemint"). Finally ++ # the system name "TOS" denotes a system which is actually not ++ # MiNT. But MiNT is downward compatible to TOS, so this should ++ # be no problem. ++ atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) ++ echo m68k-atari-mint${UNAME_RELEASE} ++ exit ;; ++ atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) ++ echo m68k-atari-mint${UNAME_RELEASE} ++ exit ;; ++ *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) ++ echo m68k-atari-mint${UNAME_RELEASE} ++ exit ;; ++ milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) ++ echo m68k-milan-mint${UNAME_RELEASE} ++ exit ;; ++ hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) ++ echo m68k-hades-mint${UNAME_RELEASE} ++ exit ;; ++ *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) ++ echo m68k-unknown-mint${UNAME_RELEASE} ++ exit ;; ++ m68k:machten:*:*) ++ echo m68k-apple-machten${UNAME_RELEASE} ++ exit ;; ++ powerpc:machten:*:*) ++ echo powerpc-apple-machten${UNAME_RELEASE} ++ exit ;; ++ RISC*:Mach:*:*) ++ echo mips-dec-mach_bsd4.3 ++ exit ;; ++ RISC*:ULTRIX:*:*) ++ echo mips-dec-ultrix${UNAME_RELEASE} ++ exit ;; ++ VAX*:ULTRIX*:*:*) ++ echo vax-dec-ultrix${UNAME_RELEASE} ++ exit ;; ++ 2020:CLIX:*:* | 2430:CLIX:*:*) ++ echo clipper-intergraph-clix${UNAME_RELEASE} ++ exit ;; ++ mips:*:*:UMIPS | mips:*:*:RISCos) ++ eval $set_cc_for_build ++ sed 's/^ //' << EOF >$dummy.c ++#ifdef __cplusplus ++#include /* for printf() prototype */ ++ int main (int argc, char *argv[]) { ++#else ++ int main (argc, argv) int argc; char *argv[]; { ++#endif ++ #if defined (host_mips) && defined (MIPSEB) ++ #if defined (SYSTYPE_SYSV) ++ printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); ++ #endif ++ #if defined (SYSTYPE_SVR4) ++ printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); ++ #endif ++ #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) ++ printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); ++ #endif ++ #endif ++ exit (-1); ++ } ++EOF ++ $CC_FOR_BUILD -o $dummy $dummy.c && ++ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && ++ SYSTEM_NAME=`$dummy $dummyarg` && ++ { echo "$SYSTEM_NAME"; exit; } ++ echo mips-mips-riscos${UNAME_RELEASE} ++ exit ;; ++ Motorola:PowerMAX_OS:*:*) ++ echo powerpc-motorola-powermax ++ exit ;; ++ Motorola:*:4.3:PL8-*) ++ echo powerpc-harris-powermax ++ exit ;; ++ Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) ++ echo powerpc-harris-powermax ++ exit ;; ++ Night_Hawk:Power_UNIX:*:*) ++ echo powerpc-harris-powerunix ++ exit ;; ++ m88k:CX/UX:7*:*) ++ echo m88k-harris-cxux7 ++ exit ;; ++ m88k:*:4*:R4*) ++ echo m88k-motorola-sysv4 ++ exit ;; ++ m88k:*:3*:R3*) ++ echo m88k-motorola-sysv3 ++ exit ;; ++ AViiON:dgux:*:*) ++ # DG/UX returns AViiON for all architectures ++ UNAME_PROCESSOR=`/usr/bin/uname -p` ++ if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] ++ then ++ if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ ++ [ ${TARGET_BINARY_INTERFACE}x = x ] ++ then ++ echo m88k-dg-dgux${UNAME_RELEASE} ++ else ++ echo m88k-dg-dguxbcs${UNAME_RELEASE} ++ fi ++ else ++ echo i586-dg-dgux${UNAME_RELEASE} ++ fi ++ exit ;; ++ M88*:DolphinOS:*:*) # DolphinOS (SVR3) ++ echo m88k-dolphin-sysv3 ++ exit ;; ++ M88*:*:R3*:*) ++ # Delta 88k system running SVR3 ++ echo m88k-motorola-sysv3 ++ exit ;; ++ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) ++ echo m88k-tektronix-sysv3 ++ exit ;; ++ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) ++ echo m68k-tektronix-bsd ++ exit ;; ++ *:IRIX*:*:*) ++ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` ++ exit ;; ++ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. ++ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id ++ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' ++ i*86:AIX:*:*) ++ echo i386-ibm-aix ++ exit ;; ++ ia64:AIX:*:*) ++ if [ -x /usr/bin/oslevel ] ; then ++ IBM_REV=`/usr/bin/oslevel` ++ else ++ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} ++ fi ++ echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} ++ exit ;; ++ *:AIX:2:3) ++ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then ++ eval $set_cc_for_build ++ sed 's/^ //' << EOF >$dummy.c ++ #include ++ ++ main() ++ { ++ if (!__power_pc()) ++ exit(1); ++ puts("powerpc-ibm-aix3.2.5"); ++ exit(0); ++ } ++EOF ++ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` ++ then ++ echo "$SYSTEM_NAME" ++ else ++ echo rs6000-ibm-aix3.2.5 ++ fi ++ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then ++ echo rs6000-ibm-aix3.2.4 ++ else ++ echo rs6000-ibm-aix3.2 ++ fi ++ exit ;; ++ *:AIX:*:[45]) ++ IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` ++ if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then ++ IBM_ARCH=rs6000 ++ else ++ IBM_ARCH=powerpc ++ fi ++ if [ -x /usr/bin/oslevel ] ; then ++ IBM_REV=`/usr/bin/oslevel` ++ else ++ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} ++ fi ++ echo ${IBM_ARCH}-ibm-aix${IBM_REV} ++ exit ;; ++ *:AIX:*:*) ++ echo rs6000-ibm-aix ++ exit ;; ++ ibmrt:4.4BSD:*|romp-ibm:BSD:*) ++ echo romp-ibm-bsd4.4 ++ exit ;; ++ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and ++ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to ++ exit ;; # report: romp-ibm BSD 4.3 ++ *:BOSX:*:*) ++ echo rs6000-bull-bosx ++ exit ;; ++ DPX/2?00:B.O.S.:*:*) ++ echo m68k-bull-sysv3 ++ exit ;; ++ 9000/[34]??:4.3bsd:1.*:*) ++ echo m68k-hp-bsd ++ exit ;; ++ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) ++ echo m68k-hp-bsd4.4 ++ exit ;; ++ 9000/[34678]??:HP-UX:*:*) ++ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` ++ case "${UNAME_MACHINE}" in ++ 9000/31? ) HP_ARCH=m68000 ;; ++ 9000/[34]?? ) HP_ARCH=m68k ;; ++ 9000/[678][0-9][0-9]) ++ if [ -x /usr/bin/getconf ]; then ++ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` ++ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` ++ case "${sc_cpu_version}" in ++ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 ++ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 ++ 532) # CPU_PA_RISC2_0 ++ case "${sc_kernel_bits}" in ++ 32) HP_ARCH="hppa2.0n" ;; ++ 64) HP_ARCH="hppa2.0w" ;; ++ '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 ++ esac ;; ++ esac ++ fi ++ if [ "${HP_ARCH}" = "" ]; then ++ eval $set_cc_for_build ++ sed 's/^ //' << EOF >$dummy.c ++ ++ #define _HPUX_SOURCE ++ #include ++ #include ++ ++ int main () ++ { ++ #if defined(_SC_KERNEL_BITS) ++ long bits = sysconf(_SC_KERNEL_BITS); ++ #endif ++ long cpu = sysconf (_SC_CPU_VERSION); ++ ++ switch (cpu) ++ { ++ case CPU_PA_RISC1_0: puts ("hppa1.0"); break; ++ case CPU_PA_RISC1_1: puts ("hppa1.1"); break; ++ case CPU_PA_RISC2_0: ++ #if defined(_SC_KERNEL_BITS) ++ switch (bits) ++ { ++ case 64: puts ("hppa2.0w"); break; ++ case 32: puts ("hppa2.0n"); break; ++ default: puts ("hppa2.0"); break; ++ } break; ++ #else /* !defined(_SC_KERNEL_BITS) */ ++ puts ("hppa2.0"); break; ++ #endif ++ default: puts ("hppa1.0"); break; ++ } ++ exit (0); ++ } ++EOF ++ (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` ++ test -z "$HP_ARCH" && HP_ARCH=hppa ++ fi ;; ++ esac ++ if [ ${HP_ARCH} = "hppa2.0w" ] ++ then ++ eval $set_cc_for_build ++ ++ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating ++ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler ++ # generating 64-bit code. GNU and HP use different nomenclature: ++ # ++ # $ CC_FOR_BUILD=cc ./config.guess ++ # => hppa2.0w-hp-hpux11.23 ++ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess ++ # => hppa64-hp-hpux11.23 ++ ++ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | ++ grep __LP64__ >/dev/null ++ then ++ HP_ARCH="hppa2.0w" ++ else ++ HP_ARCH="hppa64" ++ fi ++ fi ++ echo ${HP_ARCH}-hp-hpux${HPUX_REV} ++ exit ;; ++ ia64:HP-UX:*:*) ++ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` ++ echo ia64-hp-hpux${HPUX_REV} ++ exit ;; ++ 3050*:HI-UX:*:*) ++ eval $set_cc_for_build ++ sed 's/^ //' << EOF >$dummy.c ++ #include ++ int ++ main () ++ { ++ long cpu = sysconf (_SC_CPU_VERSION); ++ /* The order matters, because CPU_IS_HP_MC68K erroneously returns ++ true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct ++ results, however. */ ++ if (CPU_IS_PA_RISC (cpu)) ++ { ++ switch (cpu) ++ { ++ case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; ++ case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; ++ case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; ++ default: puts ("hppa-hitachi-hiuxwe2"); break; ++ } ++ } ++ else if (CPU_IS_HP_MC68K (cpu)) ++ puts ("m68k-hitachi-hiuxwe2"); ++ else puts ("unknown-hitachi-hiuxwe2"); ++ exit (0); ++ } ++EOF ++ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && ++ { echo "$SYSTEM_NAME"; exit; } ++ echo unknown-hitachi-hiuxwe2 ++ exit ;; ++ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) ++ echo hppa1.1-hp-bsd ++ exit ;; ++ 9000/8??:4.3bsd:*:*) ++ echo hppa1.0-hp-bsd ++ exit ;; ++ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) ++ echo hppa1.0-hp-mpeix ++ exit ;; ++ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) ++ echo hppa1.1-hp-osf ++ exit ;; ++ hp8??:OSF1:*:*) ++ echo hppa1.0-hp-osf ++ exit ;; ++ i*86:OSF1:*:*) ++ if [ -x /usr/sbin/sysversion ] ; then ++ echo ${UNAME_MACHINE}-unknown-osf1mk ++ else ++ echo ${UNAME_MACHINE}-unknown-osf1 ++ fi ++ exit ;; ++ parisc*:Lites*:*:*) ++ echo hppa1.1-hp-lites ++ exit ;; ++ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) ++ echo c1-convex-bsd ++ exit ;; ++ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) ++ if getsysinfo -f scalar_acc ++ then echo c32-convex-bsd ++ else echo c2-convex-bsd ++ fi ++ exit ;; ++ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) ++ echo c34-convex-bsd ++ exit ;; ++ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) ++ echo c38-convex-bsd ++ exit ;; ++ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) ++ echo c4-convex-bsd ++ exit ;; ++ CRAY*Y-MP:*:*:*) ++ echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' ++ exit ;; ++ CRAY*[A-Z]90:*:*:*) ++ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ ++ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ ++ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ ++ -e 's/\.[^.]*$/.X/' ++ exit ;; ++ CRAY*TS:*:*:*) ++ echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' ++ exit ;; ++ CRAY*T3E:*:*:*) ++ echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' ++ exit ;; ++ CRAY*SV1:*:*:*) ++ echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' ++ exit ;; ++ *:UNICOS/mp:*:*) ++ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' ++ exit ;; ++ F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) ++ FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` ++ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` ++ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` ++ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" ++ exit ;; ++ 5000:UNIX_System_V:4.*:*) ++ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` ++ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` ++ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" ++ exit ;; ++ i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) ++ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} ++ exit ;; ++ sparc*:BSD/OS:*:*) ++ echo sparc-unknown-bsdi${UNAME_RELEASE} ++ exit ;; ++ *:BSD/OS:*:*) ++ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} ++ exit ;; ++ *:FreeBSD:*:*) ++ case ${UNAME_MACHINE} in ++ pc98) ++ echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; ++ amd64) ++ echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; ++ *) ++ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; ++ esac ++ exit ;; ++ i*:CYGWIN*:*) ++ echo ${UNAME_MACHINE}-pc-cygwin ++ exit ;; ++ i*:MINGW*:*) ++ echo ${UNAME_MACHINE}-pc-mingw32 ++ exit ;; ++ i*:windows32*:*) ++ # uname -m includes "-pc" on this system. ++ echo ${UNAME_MACHINE}-mingw32 ++ exit ;; ++ i*:PW*:*) ++ echo ${UNAME_MACHINE}-pc-pw32 ++ exit ;; ++ x86:Interix*:[3456]*) ++ echo i586-pc-interix${UNAME_RELEASE} ++ exit ;; ++ EM64T:Interix*:[3456]*) ++ echo x86_64-unknown-interix${UNAME_RELEASE} ++ exit ;; ++ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) ++ echo i${UNAME_MACHINE}-pc-mks ++ exit ;; ++ i*:Windows_NT*:* | Pentium*:Windows_NT*:*) ++ # How do we know it's Interix rather than the generic POSIX subsystem? ++ # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we ++ # UNAME_MACHINE based on the output of uname instead of i386? ++ echo i586-pc-interix ++ exit ;; ++ i*:UWIN*:*) ++ echo ${UNAME_MACHINE}-pc-uwin ++ exit ;; ++ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) ++ echo x86_64-unknown-cygwin ++ exit ;; ++ p*:CYGWIN*:*) ++ echo powerpcle-unknown-cygwin ++ exit ;; ++ prep*:SunOS:5.*:*) ++ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` ++ exit ;; ++ *:GNU:*:*) ++ # the GNU system ++ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` ++ exit ;; ++ *:GNU/*:*:*) ++ # other systems with GNU libc and userland ++ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu ++ exit ;; ++ i*86:Minix:*:*) ++ echo ${UNAME_MACHINE}-pc-minix ++ exit ;; ++ arm*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ avr32*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ cris:Linux:*:*) ++ echo cris-axis-linux-gnu ++ exit ;; ++ crisv32:Linux:*:*) ++ echo crisv32-axis-linux-gnu ++ exit ;; ++ frv:Linux:*:*) ++ echo frv-unknown-linux-gnu ++ exit ;; ++ ia64:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ m32r*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ m68*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ mips:Linux:*:*) ++ eval $set_cc_for_build ++ sed 's/^ //' << EOF >$dummy.c ++ #undef CPU ++ #undef mips ++ #undef mipsel ++ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) ++ CPU=mipsel ++ #else ++ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) ++ CPU=mips ++ #else ++ CPU= ++ #endif ++ #endif ++EOF ++ eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' ++ /^CPU/{ ++ s: ::g ++ p ++ }'`" ++ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ++ ;; ++ mips64:Linux:*:*) ++ eval $set_cc_for_build ++ sed 's/^ //' << EOF >$dummy.c ++ #undef CPU ++ #undef mips64 ++ #undef mips64el ++ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) ++ CPU=mips64el ++ #else ++ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) ++ CPU=mips64 ++ #else ++ CPU= ++ #endif ++ #endif ++EOF ++ eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' ++ /^CPU/{ ++ s: ::g ++ p ++ }'`" ++ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ++ ;; ++ or32:Linux:*:*) ++ echo or32-unknown-linux-gnu ++ exit ;; ++ ppc:Linux:*:*) ++ echo powerpc-unknown-linux-gnu ++ exit ;; ++ ppc64:Linux:*:*) ++ echo powerpc64-unknown-linux-gnu ++ exit ;; ++ alpha:Linux:*:*) ++ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in ++ EV5) UNAME_MACHINE=alphaev5 ;; ++ EV56) UNAME_MACHINE=alphaev56 ;; ++ PCA56) UNAME_MACHINE=alphapca56 ;; ++ PCA57) UNAME_MACHINE=alphapca56 ;; ++ EV6) UNAME_MACHINE=alphaev6 ;; ++ EV67) UNAME_MACHINE=alphaev67 ;; ++ EV68*) UNAME_MACHINE=alphaev68 ;; ++ esac ++ objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null ++ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi ++ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} ++ exit ;; ++ parisc:Linux:*:* | hppa:Linux:*:*) ++ # Look for CPU level ++ case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in ++ PA7*) echo hppa1.1-unknown-linux-gnu ;; ++ PA8*) echo hppa2.0-unknown-linux-gnu ;; ++ *) echo hppa-unknown-linux-gnu ;; ++ esac ++ exit ;; ++ parisc64:Linux:*:* | hppa64:Linux:*:*) ++ echo hppa64-unknown-linux-gnu ++ exit ;; ++ s390:Linux:*:* | s390x:Linux:*:*) ++ echo ${UNAME_MACHINE}-ibm-linux ++ exit ;; ++ sh64*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ sh*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ sparc:Linux:*:* | sparc64:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ vax:Linux:*:*) ++ echo ${UNAME_MACHINE}-dec-linux-gnu ++ exit ;; ++ x86_64:Linux:*:*) ++ echo x86_64-unknown-linux-gnu ++ exit ;; ++ i*86:Linux:*:*) ++ # The BFD linker knows what the default object file format is, so ++ # first see if it will tell us. cd to the root directory to prevent ++ # problems with other programs or directories called `ld' in the path. ++ # Set LC_ALL=C to ensure ld outputs messages in English. ++ ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ ++ | sed -ne '/supported targets:/!d ++ s/[ ][ ]*/ /g ++ s/.*supported targets: *// ++ s/ .*// ++ p'` ++ case "$ld_supported_targets" in ++ elf32-i386) ++ TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" ++ ;; ++ a.out-i386-linux) ++ echo "${UNAME_MACHINE}-pc-linux-gnuaout" ++ exit ;; ++ coff-i386) ++ echo "${UNAME_MACHINE}-pc-linux-gnucoff" ++ exit ;; ++ "") ++ # Either a pre-BFD a.out linker (linux-gnuoldld) or ++ # one that does not give us useful --help. ++ echo "${UNAME_MACHINE}-pc-linux-gnuoldld" ++ exit ;; ++ esac ++ # Determine whether the default compiler is a.out or elf ++ eval $set_cc_for_build ++ sed 's/^ //' << EOF >$dummy.c ++ #include ++ #ifdef __ELF__ ++ # ifdef __GLIBC__ ++ # if __GLIBC__ >= 2 ++ LIBC=gnu ++ # else ++ LIBC=gnulibc1 ++ # endif ++ # else ++ LIBC=gnulibc1 ++ # endif ++ #else ++ #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) ++ LIBC=gnu ++ #else ++ LIBC=gnuaout ++ #endif ++ #endif ++ #ifdef __dietlibc__ ++ LIBC=dietlibc ++ #endif ++EOF ++ eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' ++ /^LIBC/{ ++ s: ::g ++ p ++ }'`" ++ test x"${LIBC}" != x && { ++ echo "${UNAME_MACHINE}-pc-linux-${LIBC}" ++ exit ++ } ++ test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } ++ ;; ++ i*86:DYNIX/ptx:4*:*) ++ # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. ++ # earlier versions are messed up and put the nodename in both ++ # sysname and nodename. ++ echo i386-sequent-sysv4 ++ exit ;; ++ i*86:UNIX_SV:4.2MP:2.*) ++ # Unixware is an offshoot of SVR4, but it has its own version ++ # number series starting with 2... ++ # I am not positive that other SVR4 systems won't match this, ++ # I just have to hope. -- rms. ++ # Use sysv4.2uw... so that sysv4* matches it. ++ echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} ++ exit ;; ++ i*86:OS/2:*:*) ++ # If we were able to find `uname', then EMX Unix compatibility ++ # is probably installed. ++ echo ${UNAME_MACHINE}-pc-os2-emx ++ exit ;; ++ i*86:XTS-300:*:STOP) ++ echo ${UNAME_MACHINE}-unknown-stop ++ exit ;; ++ i*86:atheos:*:*) ++ echo ${UNAME_MACHINE}-unknown-atheos ++ exit ;; ++ i*86:syllable:*:*) ++ echo ${UNAME_MACHINE}-pc-syllable ++ exit ;; ++ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) ++ echo i386-unknown-lynxos${UNAME_RELEASE} ++ exit ;; ++ i*86:*DOS:*:*) ++ echo ${UNAME_MACHINE}-pc-msdosdjgpp ++ exit ;; ++ i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) ++ UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` ++ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then ++ echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} ++ else ++ echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} ++ fi ++ exit ;; ++ i*86:*:5:[678]*) ++ # UnixWare 7.x, OpenUNIX and OpenServer 6. ++ case `/bin/uname -X | grep "^Machine"` in ++ *486*) UNAME_MACHINE=i486 ;; ++ *Pentium) UNAME_MACHINE=i586 ;; ++ *Pent*|*Celeron) UNAME_MACHINE=i686 ;; ++ esac ++ echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} ++ exit ;; ++ i*86:*:3.2:*) ++ if test -f /usr/options/cb.name; then ++ UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then ++ UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` ++ (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 ++ (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ ++ && UNAME_MACHINE=i586 ++ (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ ++ && UNAME_MACHINE=i686 ++ (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ ++ && UNAME_MACHINE=i686 ++ echo ${UNAME_MACHINE}-pc-sco$UNAME_REL ++ else ++ echo ${UNAME_MACHINE}-pc-sysv32 ++ fi ++ exit ;; ++ pc:*:*:*) ++ # Left here for compatibility: ++ # uname -m prints for DJGPP always 'pc', but it prints nothing about ++ # the processor, so we play safe by assuming i386. ++ echo i386-pc-msdosdjgpp ++ exit ;; ++ Intel:Mach:3*:*) ++ echo i386-pc-mach3 ++ exit ;; ++ paragon:*:*:*) ++ echo i860-intel-osf1 ++ exit ;; ++ i860:*:4.*:*) # i860-SVR4 ++ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then ++ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 ++ else # Add other i860-SVR4 vendors below as they are discovered. ++ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 ++ fi ++ exit ;; ++ mini*:CTIX:SYS*5:*) ++ # "miniframe" ++ echo m68010-convergent-sysv ++ exit ;; ++ mc68k:UNIX:SYSTEM5:3.51m) ++ echo m68k-convergent-sysv ++ exit ;; ++ M680?0:D-NIX:5.3:*) ++ echo m68k-diab-dnix ++ exit ;; ++ M68*:*:R3V[5678]*:*) ++ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; ++ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) ++ OS_REL='' ++ test -r /etc/.relid \ ++ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` ++ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ ++ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } ++ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ ++ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; ++ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) ++ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ ++ && { echo i486-ncr-sysv4; exit; } ;; ++ m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) ++ echo m68k-unknown-lynxos${UNAME_RELEASE} ++ exit ;; ++ mc68030:UNIX_System_V:4.*:*) ++ echo m68k-atari-sysv4 ++ exit ;; ++ TSUNAMI:LynxOS:2.*:*) ++ echo sparc-unknown-lynxos${UNAME_RELEASE} ++ exit ;; ++ rs6000:LynxOS:2.*:*) ++ echo rs6000-unknown-lynxos${UNAME_RELEASE} ++ exit ;; ++ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) ++ echo powerpc-unknown-lynxos${UNAME_RELEASE} ++ exit ;; ++ SM[BE]S:UNIX_SV:*:*) ++ echo mips-dde-sysv${UNAME_RELEASE} ++ exit ;; ++ RM*:ReliantUNIX-*:*:*) ++ echo mips-sni-sysv4 ++ exit ;; ++ RM*:SINIX-*:*:*) ++ echo mips-sni-sysv4 ++ exit ;; ++ *:SINIX-*:*:*) ++ if uname -p 2>/dev/null >/dev/null ; then ++ UNAME_MACHINE=`(uname -p) 2>/dev/null` ++ echo ${UNAME_MACHINE}-sni-sysv4 ++ else ++ echo ns32k-sni-sysv ++ fi ++ exit ;; ++ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort ++ # says ++ echo i586-unisys-sysv4 ++ exit ;; ++ *:UNIX_System_V:4*:FTX*) ++ # From Gerald Hewes . ++ # How about differentiating between stratus architectures? -djm ++ echo hppa1.1-stratus-sysv4 ++ exit ;; ++ *:*:*:FTX*) ++ # From seanf@swdc.stratus.com. ++ echo i860-stratus-sysv4 ++ exit ;; ++ i*86:VOS:*:*) ++ # From Paul.Green@stratus.com. ++ echo ${UNAME_MACHINE}-stratus-vos ++ exit ;; ++ *:VOS:*:*) ++ # From Paul.Green@stratus.com. ++ echo hppa1.1-stratus-vos ++ exit ;; ++ mc68*:A/UX:*:*) ++ echo m68k-apple-aux${UNAME_RELEASE} ++ exit ;; ++ news*:NEWS-OS:6*:*) ++ echo mips-sony-newsos6 ++ exit ;; ++ R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) ++ if [ -d /usr/nec ]; then ++ echo mips-nec-sysv${UNAME_RELEASE} ++ else ++ echo mips-unknown-sysv${UNAME_RELEASE} ++ fi ++ exit ;; ++ BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. ++ echo powerpc-be-beos ++ exit ;; ++ BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. ++ echo powerpc-apple-beos ++ exit ;; ++ BePC:BeOS:*:*) # BeOS running on Intel PC compatible. ++ echo i586-pc-beos ++ exit ;; ++ SX-4:SUPER-UX:*:*) ++ echo sx4-nec-superux${UNAME_RELEASE} ++ exit ;; ++ SX-5:SUPER-UX:*:*) ++ echo sx5-nec-superux${UNAME_RELEASE} ++ exit ;; ++ SX-6:SUPER-UX:*:*) ++ echo sx6-nec-superux${UNAME_RELEASE} ++ exit ;; ++ Power*:Rhapsody:*:*) ++ echo powerpc-apple-rhapsody${UNAME_RELEASE} ++ exit ;; ++ *:Rhapsody:*:*) ++ echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} ++ exit ;; ++ *:Darwin:*:*) ++ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown ++ case $UNAME_PROCESSOR in ++ unknown) UNAME_PROCESSOR=powerpc ;; ++ esac ++ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} ++ exit ;; ++ *:procnto*:*:* | *:QNX:[0123456789]*:*) ++ UNAME_PROCESSOR=`uname -p` ++ if test "$UNAME_PROCESSOR" = "x86"; then ++ UNAME_PROCESSOR=i386 ++ UNAME_MACHINE=pc ++ fi ++ echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} ++ exit ;; ++ *:QNX:*:4*) ++ echo i386-pc-qnx ++ exit ;; ++ NSE-?:NONSTOP_KERNEL:*:*) ++ echo nse-tandem-nsk${UNAME_RELEASE} ++ exit ;; ++ NSR-?:NONSTOP_KERNEL:*:*) ++ echo nsr-tandem-nsk${UNAME_RELEASE} ++ exit ;; ++ *:NonStop-UX:*:*) ++ echo mips-compaq-nonstopux ++ exit ;; ++ BS2000:POSIX*:*:*) ++ echo bs2000-siemens-sysv ++ exit ;; ++ DS/*:UNIX_System_V:*:*) ++ echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} ++ exit ;; ++ *:Plan9:*:*) ++ # "uname -m" is not consistent, so use $cputype instead. 386 ++ # is converted to i386 for consistency with other x86 ++ # operating systems. ++ if test "$cputype" = "386"; then ++ UNAME_MACHINE=i386 ++ else ++ UNAME_MACHINE="$cputype" ++ fi ++ echo ${UNAME_MACHINE}-unknown-plan9 ++ exit ;; ++ *:TOPS-10:*:*) ++ echo pdp10-unknown-tops10 ++ exit ;; ++ *:TENEX:*:*) ++ echo pdp10-unknown-tenex ++ exit ;; ++ KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) ++ echo pdp10-dec-tops20 ++ exit ;; ++ XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) ++ echo pdp10-xkl-tops20 ++ exit ;; ++ *:TOPS-20:*:*) ++ echo pdp10-unknown-tops20 ++ exit ;; ++ *:ITS:*:*) ++ echo pdp10-unknown-its ++ exit ;; ++ SEI:*:*:SEIUX) ++ echo mips-sei-seiux${UNAME_RELEASE} ++ exit ;; ++ *:DragonFly:*:*) ++ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ++ exit ;; ++ *:*VMS:*:*) ++ UNAME_MACHINE=`(uname -p) 2>/dev/null` ++ case "${UNAME_MACHINE}" in ++ A*) echo alpha-dec-vms ; exit ;; ++ I*) echo ia64-dec-vms ; exit ;; ++ V*) echo vax-dec-vms ; exit ;; ++ esac ;; ++ *:XENIX:*:SysV) ++ echo i386-pc-xenix ++ exit ;; ++ i*86:skyos:*:*) ++ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' ++ exit ;; ++ i*86:rdos:*:*) ++ echo ${UNAME_MACHINE}-pc-rdos ++ exit ;; ++esac ++ ++#echo '(No uname command or uname output not recognized.)' 1>&2 ++#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 ++ ++eval $set_cc_for_build ++cat >$dummy.c < ++# include ++#endif ++main () ++{ ++#if defined (sony) ++#if defined (MIPSEB) ++ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, ++ I don't know.... */ ++ printf ("mips-sony-bsd\n"); exit (0); ++#else ++#include ++ printf ("m68k-sony-newsos%s\n", ++#ifdef NEWSOS4 ++ "4" ++#else ++ "" ++#endif ++ ); exit (0); ++#endif ++#endif ++ ++#if defined (__arm) && defined (__acorn) && defined (__unix) ++ printf ("arm-acorn-riscix\n"); exit (0); ++#endif ++ ++#if defined (hp300) && !defined (hpux) ++ printf ("m68k-hp-bsd\n"); exit (0); ++#endif ++ ++#if defined (NeXT) ++#if !defined (__ARCHITECTURE__) ++#define __ARCHITECTURE__ "m68k" ++#endif ++ int version; ++ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; ++ if (version < 4) ++ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); ++ else ++ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); ++ exit (0); ++#endif ++ ++#if defined (MULTIMAX) || defined (n16) ++#if defined (UMAXV) ++ printf ("ns32k-encore-sysv\n"); exit (0); ++#else ++#if defined (CMU) ++ printf ("ns32k-encore-mach\n"); exit (0); ++#else ++ printf ("ns32k-encore-bsd\n"); exit (0); ++#endif ++#endif ++#endif ++ ++#if defined (__386BSD__) ++ printf ("i386-pc-bsd\n"); exit (0); ++#endif ++ ++#if defined (sequent) ++#if defined (i386) ++ printf ("i386-sequent-dynix\n"); exit (0); ++#endif ++#if defined (ns32000) ++ printf ("ns32k-sequent-dynix\n"); exit (0); ++#endif ++#endif ++ ++#if defined (_SEQUENT_) ++ struct utsname un; ++ ++ uname(&un); ++ ++ if (strncmp(un.version, "V2", 2) == 0) { ++ printf ("i386-sequent-ptx2\n"); exit (0); ++ } ++ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ ++ printf ("i386-sequent-ptx1\n"); exit (0); ++ } ++ printf ("i386-sequent-ptx\n"); exit (0); ++ ++#endif ++ ++#if defined (vax) ++# if !defined (ultrix) ++# include ++# if defined (BSD) ++# if BSD == 43 ++ printf ("vax-dec-bsd4.3\n"); exit (0); ++# else ++# if BSD == 199006 ++ printf ("vax-dec-bsd4.3reno\n"); exit (0); ++# else ++ printf ("vax-dec-bsd\n"); exit (0); ++# endif ++# endif ++# else ++ printf ("vax-dec-bsd\n"); exit (0); ++# endif ++# else ++ printf ("vax-dec-ultrix\n"); exit (0); ++# endif ++#endif ++ ++#if defined (alliant) && defined (i860) ++ printf ("i860-alliant-bsd\n"); exit (0); ++#endif ++ ++ exit (1); ++} ++EOF ++ ++$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && ++ { echo "$SYSTEM_NAME"; exit; } ++ ++# Apollos put the system type in the environment. ++ ++test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } ++ ++# Convex versions that predate uname can use getsysinfo(1) ++ ++if [ -x /usr/convex/getsysinfo ] ++then ++ case `getsysinfo -f cpu_type` in ++ c1*) ++ echo c1-convex-bsd ++ exit ;; ++ c2*) ++ if getsysinfo -f scalar_acc ++ then echo c32-convex-bsd ++ else echo c2-convex-bsd ++ fi ++ exit ;; ++ c34*) ++ echo c34-convex-bsd ++ exit ;; ++ c38*) ++ echo c38-convex-bsd ++ exit ;; ++ c4*) ++ echo c4-convex-bsd ++ exit ;; ++ esac ++fi ++ ++cat >&2 < in order to provide the needed ++information to handle your system. ++ ++config.guess timestamp = $timestamp ++ ++uname -m = `(uname -m) 2>/dev/null || echo unknown` ++uname -r = `(uname -r) 2>/dev/null || echo unknown` ++uname -s = `(uname -s) 2>/dev/null || echo unknown` ++uname -v = `(uname -v) 2>/dev/null || echo unknown` ++ ++/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` ++/bin/uname -X = `(/bin/uname -X) 2>/dev/null` ++ ++hostinfo = `(hostinfo) 2>/dev/null` ++/bin/universe = `(/bin/universe) 2>/dev/null` ++/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` ++/bin/arch = `(/bin/arch) 2>/dev/null` ++/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` ++/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` ++ ++UNAME_MACHINE = ${UNAME_MACHINE} ++UNAME_RELEASE = ${UNAME_RELEASE} ++UNAME_SYSTEM = ${UNAME_SYSTEM} ++UNAME_VERSION = ${UNAME_VERSION} ++EOF ++ ++exit 1 ++ ++# Local variables: ++# eval: (add-hook 'write-file-hooks 'time-stamp) ++# time-stamp-start: "timestamp='" ++# time-stamp-format: "%:y-%02m-%02d" ++# time-stamp-end: "'" ++# End: +diff -urNad apache2-2.2.3~/config.sub apache2-2.2.3/config.sub +--- apache2-2.2.3~/config.sub 1970-01-01 01:00:00.000000000 +0100 ++++ apache2-2.2.3/config.sub 2006-09-27 21:50:35.000000000 +0200 +@@ -0,0 +1,1608 @@ ++#! /bin/sh ++# Configuration validation subroutine script. ++# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, ++# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, ++# Inc. ++ ++timestamp='2006-07-02' ++ ++# This file is (in principle) common to ALL GNU software. ++# The presence of a machine in this file suggests that SOME GNU software ++# can handle that machine. It does not imply ALL GNU software can. ++# ++# This file is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA ++# 02110-1301, USA. ++# ++# As a special exception to the GNU General Public License, if you ++# distribute this file as part of a program that contains a ++# configuration script generated by Autoconf, you may include it under ++# the same distribution terms that you use for the rest of that program. ++ ++ ++# Please send patches to . Submit a context ++# diff and a properly formatted ChangeLog entry. ++# ++# Configuration subroutine to validate and canonicalize a configuration type. ++# Supply the specified configuration type as an argument. ++# If it is invalid, we print an error message on stderr and exit with code 1. ++# Otherwise, we print the canonical config type on stdout and succeed. ++ ++# This file is supposed to be the same for all GNU packages ++# and recognize all the CPU types, system types and aliases ++# that are meaningful with *any* GNU software. ++# Each package is responsible for reporting which valid configurations ++# it does not support. The user should be able to distinguish ++# a failure to support a valid configuration from a meaningless ++# configuration. ++ ++# The goal of this file is to map all the various variations of a given ++# machine specification into a single specification in the form: ++# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM ++# or in some cases, the newer four-part form: ++# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM ++# It is wrong to echo any other type of specification. ++ ++me=`echo "$0" | sed -e 's,.*/,,'` ++ ++usage="\ ++Usage: $0 [OPTION] CPU-MFR-OPSYS ++ $0 [OPTION] ALIAS ++ ++Canonicalize a configuration name. ++ ++Operation modes: ++ -h, --help print this help, then exit ++ -t, --time-stamp print date of last modification, then exit ++ -v, --version print version number, then exit ++ ++Report bugs and patches to ." ++ ++version="\ ++GNU config.sub ($timestamp) ++ ++Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 ++Free Software Foundation, Inc. ++ ++This is free software; see the source for copying conditions. There is NO ++warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." ++ ++help=" ++Try \`$me --help' for more information." ++ ++# Parse command line ++while test $# -gt 0 ; do ++ case $1 in ++ --time-stamp | --time* | -t ) ++ echo "$timestamp" ; exit ;; ++ --version | -v ) ++ echo "$version" ; exit ;; ++ --help | --h* | -h ) ++ echo "$usage"; exit ;; ++ -- ) # Stop option processing ++ shift; break ;; ++ - ) # Use stdin as input. ++ break ;; ++ -* ) ++ echo "$me: invalid option $1$help" ++ exit 1 ;; ++ ++ *local*) ++ # First pass through any local machine types. ++ echo $1 ++ exit ;; ++ ++ * ) ++ break ;; ++ esac ++done ++ ++case $# in ++ 0) echo "$me: missing argument$help" >&2 ++ exit 1;; ++ 1) ;; ++ *) echo "$me: too many arguments$help" >&2 ++ exit 1;; ++esac ++ ++# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). ++# Here we must recognize all the valid KERNEL-OS combinations. ++maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` ++case $maybe_os in ++ nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ ++ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ ++ storm-chaos* | os2-emx* | rtmk-nova*) ++ os=-$maybe_os ++ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ++ ;; ++ *) ++ basic_machine=`echo $1 | sed 's/-[^-]*$//'` ++ if [ $basic_machine != $1 ] ++ then os=`echo $1 | sed 's/.*-/-/'` ++ else os=; fi ++ ;; ++esac ++ ++### Let's recognize common machines as not being operating systems so ++### that things like config.sub decstation-3100 work. We also ++### recognize some manufacturers as not being operating systems, so we ++### can provide default operating systems below. ++case $os in ++ -sun*os*) ++ # Prevent following clause from handling this invalid input. ++ ;; ++ -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ ++ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ ++ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ ++ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ ++ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ ++ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ ++ -apple | -axis | -knuth | -cray) ++ os= ++ basic_machine=$1 ++ ;; ++ -sim | -cisco | -oki | -wec | -winbond) ++ os= ++ basic_machine=$1 ++ ;; ++ -scout) ++ ;; ++ -wrs) ++ os=-vxworks ++ basic_machine=$1 ++ ;; ++ -chorusos*) ++ os=-chorusos ++ basic_machine=$1 ++ ;; ++ -chorusrdb) ++ os=-chorusrdb ++ basic_machine=$1 ++ ;; ++ -hiux*) ++ os=-hiuxwe2 ++ ;; ++ -sco6) ++ os=-sco5v6 ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -sco5) ++ os=-sco3.2v5 ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -sco4) ++ os=-sco3.2v4 ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -sco3.2.[4-9]*) ++ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -sco3.2v[4-9]*) ++ # Don't forget version if it is 3.2v4 or newer. ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -sco5v6*) ++ # Don't forget version if it is 3.2v4 or newer. ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -sco*) ++ os=-sco3.2v2 ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -udk*) ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -isc) ++ os=-isc2.2 ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -clix*) ++ basic_machine=clipper-intergraph ++ ;; ++ -isc*) ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -lynx*) ++ os=-lynxos ++ ;; ++ -ptx*) ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ++ ;; ++ -windowsnt*) ++ os=`echo $os | sed -e 's/windowsnt/winnt/'` ++ ;; ++ -psos*) ++ os=-psos ++ ;; ++ -mint | -mint[0-9]*) ++ basic_machine=m68k-atari ++ os=-mint ++ ;; ++esac ++ ++# Decode aliases for certain CPU-COMPANY combinations. ++case $basic_machine in ++ # Recognize the basic CPU types without company name. ++ # Some are omitted here because they have special meanings below. ++ 1750a | 580 \ ++ | a29k \ ++ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ ++ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ ++ | am33_2.0 \ ++ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ ++ | bfin \ ++ | c4x | clipper \ ++ | d10v | d30v | dlx | dsp16xx \ ++ | fr30 | frv \ ++ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ ++ | i370 | i860 | i960 | ia64 \ ++ | ip2k | iq2000 \ ++ | m32c | m32r | m32rle | m68000 | m68k | m88k \ ++ | maxq | mb | microblaze | mcore \ ++ | mips | mipsbe | mipseb | mipsel | mipsle \ ++ | mips16 \ ++ | mips64 | mips64el \ ++ | mips64vr | mips64vrel \ ++ | mips64orion | mips64orionel \ ++ | mips64vr4100 | mips64vr4100el \ ++ | mips64vr4300 | mips64vr4300el \ ++ | mips64vr5000 | mips64vr5000el \ ++ | mips64vr5900 | mips64vr5900el \ ++ | mipsisa32 | mipsisa32el \ ++ | mipsisa32r2 | mipsisa32r2el \ ++ | mipsisa64 | mipsisa64el \ ++ | mipsisa64r2 | mipsisa64r2el \ ++ | mipsisa64sb1 | mipsisa64sb1el \ ++ | mipsisa64sr71k | mipsisa64sr71kel \ ++ | mipstx39 | mipstx39el \ ++ | mn10200 | mn10300 \ ++ | mt \ ++ | msp430 \ ++ | nios | nios2 \ ++ | ns16k | ns32k \ ++ | or32 \ ++ | pdp10 | pdp11 | pj | pjl \ ++ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ ++ | pyramid \ ++ | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ ++ | sh64 | sh64le \ ++ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ ++ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ ++ | spu | strongarm \ ++ | tahoe | thumb | tic4x | tic80 | tron \ ++ | v850 | v850e \ ++ | we32k \ ++ | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \ ++ | z8k) ++ basic_machine=$basic_machine-unknown ++ ;; ++ m6811 | m68hc11 | m6812 | m68hc12) ++ # Motorola 68HC11/12. ++ basic_machine=$basic_machine-unknown ++ os=-none ++ ;; ++ m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ++ ;; ++ ms1) ++ basic_machine=mt-unknown ++ ;; ++ ++ # We use `pc' rather than `unknown' ++ # because (1) that's what they normally are, and ++ # (2) the word "unknown" tends to confuse beginning users. ++ i*86 | x86_64) ++ basic_machine=$basic_machine-pc ++ ;; ++ # Object if more than one company name word. ++ *-*-*) ++ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 ++ exit 1 ++ ;; ++ # Recognize the basic CPU types with company name. ++ 580-* \ ++ | a29k-* \ ++ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ ++ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ ++ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ ++ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ ++ | avr-* | avr32-* \ ++ | bfin-* | bs2000-* \ ++ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ ++ | clipper-* | craynv-* | cydra-* \ ++ | d10v-* | d30v-* | dlx-* \ ++ | elxsi-* \ ++ | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ ++ | h8300-* | h8500-* \ ++ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ ++ | i*86-* | i860-* | i960-* | ia64-* \ ++ | ip2k-* | iq2000-* \ ++ | m32c-* | m32r-* | m32rle-* \ ++ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ ++ | m88110-* | m88k-* | maxq-* | mcore-* \ ++ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ ++ | mips16-* \ ++ | mips64-* | mips64el-* \ ++ | mips64vr-* | mips64vrel-* \ ++ | mips64orion-* | mips64orionel-* \ ++ | mips64vr4100-* | mips64vr4100el-* \ ++ | mips64vr4300-* | mips64vr4300el-* \ ++ | mips64vr5000-* | mips64vr5000el-* \ ++ | mips64vr5900-* | mips64vr5900el-* \ ++ | mipsisa32-* | mipsisa32el-* \ ++ | mipsisa32r2-* | mipsisa32r2el-* \ ++ | mipsisa64-* | mipsisa64el-* \ ++ | mipsisa64r2-* | mipsisa64r2el-* \ ++ | mipsisa64sb1-* | mipsisa64sb1el-* \ ++ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ ++ | mipstx39-* | mipstx39el-* \ ++ | mmix-* \ ++ | mt-* \ ++ | msp430-* \ ++ | nios-* | nios2-* \ ++ | none-* | np1-* | ns16k-* | ns32k-* \ ++ | orion-* \ ++ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ ++ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ ++ | pyramid-* \ ++ | romp-* | rs6000-* \ ++ | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ ++ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ ++ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ ++ | sparclite-* \ ++ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ ++ | tahoe-* | thumb-* \ ++ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ ++ | tron-* \ ++ | v850-* | v850e-* | vax-* \ ++ | we32k-* \ ++ | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \ ++ | xstormy16-* | xtensa-* \ ++ | ymp-* \ ++ | z8k-*) ++ ;; ++ # Recognize the various machine names and aliases which stand ++ # for a CPU type and a company and sometimes even an OS. ++ 386bsd) ++ basic_machine=i386-unknown ++ os=-bsd ++ ;; ++ 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) ++ basic_machine=m68000-att ++ ;; ++ 3b*) ++ basic_machine=we32k-att ++ ;; ++ a29khif) ++ basic_machine=a29k-amd ++ os=-udi ++ ;; ++ abacus) ++ basic_machine=abacus-unknown ++ ;; ++ adobe68k) ++ basic_machine=m68010-adobe ++ os=-scout ++ ;; ++ alliant | fx80) ++ basic_machine=fx80-alliant ++ ;; ++ altos | altos3068) ++ basic_machine=m68k-altos ++ ;; ++ am29k) ++ basic_machine=a29k-none ++ os=-bsd ++ ;; ++ amd64) ++ basic_machine=x86_64-pc ++ ;; ++ amd64-*) ++ basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ amdahl) ++ basic_machine=580-amdahl ++ os=-sysv ++ ;; ++ amiga | amiga-*) ++ basic_machine=m68k-unknown ++ ;; ++ amigaos | amigados) ++ basic_machine=m68k-unknown ++ os=-amigaos ++ ;; ++ amigaunix | amix) ++ basic_machine=m68k-unknown ++ os=-sysv4 ++ ;; ++ apollo68) ++ basic_machine=m68k-apollo ++ os=-sysv ++ ;; ++ apollo68bsd) ++ basic_machine=m68k-apollo ++ os=-bsd ++ ;; ++ aux) ++ basic_machine=m68k-apple ++ os=-aux ++ ;; ++ balance) ++ basic_machine=ns32k-sequent ++ os=-dynix ++ ;; ++ c90) ++ basic_machine=c90-cray ++ os=-unicos ++ ;; ++ convex-c1) ++ basic_machine=c1-convex ++ os=-bsd ++ ;; ++ convex-c2) ++ basic_machine=c2-convex ++ os=-bsd ++ ;; ++ convex-c32) ++ basic_machine=c32-convex ++ os=-bsd ++ ;; ++ convex-c34) ++ basic_machine=c34-convex ++ os=-bsd ++ ;; ++ convex-c38) ++ basic_machine=c38-convex ++ os=-bsd ++ ;; ++ cray | j90) ++ basic_machine=j90-cray ++ os=-unicos ++ ;; ++ craynv) ++ basic_machine=craynv-cray ++ os=-unicosmp ++ ;; ++ cr16c) ++ basic_machine=cr16c-unknown ++ os=-elf ++ ;; ++ crds | unos) ++ basic_machine=m68k-crds ++ ;; ++ crisv32 | crisv32-* | etraxfs*) ++ basic_machine=crisv32-axis ++ ;; ++ cris | cris-* | etrax*) ++ basic_machine=cris-axis ++ ;; ++ crx) ++ basic_machine=crx-unknown ++ os=-elf ++ ;; ++ da30 | da30-*) ++ basic_machine=m68k-da30 ++ ;; ++ decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) ++ basic_machine=mips-dec ++ ;; ++ decsystem10* | dec10*) ++ basic_machine=pdp10-dec ++ os=-tops10 ++ ;; ++ decsystem20* | dec20*) ++ basic_machine=pdp10-dec ++ os=-tops20 ++ ;; ++ delta | 3300 | motorola-3300 | motorola-delta \ ++ | 3300-motorola | delta-motorola) ++ basic_machine=m68k-motorola ++ ;; ++ delta88) ++ basic_machine=m88k-motorola ++ os=-sysv3 ++ ;; ++ djgpp) ++ basic_machine=i586-pc ++ os=-msdosdjgpp ++ ;; ++ dpx20 | dpx20-*) ++ basic_machine=rs6000-bull ++ os=-bosx ++ ;; ++ dpx2* | dpx2*-bull) ++ basic_machine=m68k-bull ++ os=-sysv3 ++ ;; ++ ebmon29k) ++ basic_machine=a29k-amd ++ os=-ebmon ++ ;; ++ elxsi) ++ basic_machine=elxsi-elxsi ++ os=-bsd ++ ;; ++ encore | umax | mmax) ++ basic_machine=ns32k-encore ++ ;; ++ es1800 | OSE68k | ose68k | ose | OSE) ++ basic_machine=m68k-ericsson ++ os=-ose ++ ;; ++ fx2800) ++ basic_machine=i860-alliant ++ ;; ++ genix) ++ basic_machine=ns32k-ns ++ ;; ++ gmicro) ++ basic_machine=tron-gmicro ++ os=-sysv ++ ;; ++ go32) ++ basic_machine=i386-pc ++ os=-go32 ++ ;; ++ h3050r* | hiux*) ++ basic_machine=hppa1.1-hitachi ++ os=-hiuxwe2 ++ ;; ++ h8300hms) ++ basic_machine=h8300-hitachi ++ os=-hms ++ ;; ++ h8300xray) ++ basic_machine=h8300-hitachi ++ os=-xray ++ ;; ++ h8500hms) ++ basic_machine=h8500-hitachi ++ os=-hms ++ ;; ++ harris) ++ basic_machine=m88k-harris ++ os=-sysv3 ++ ;; ++ hp300-*) ++ basic_machine=m68k-hp ++ ;; ++ hp300bsd) ++ basic_machine=m68k-hp ++ os=-bsd ++ ;; ++ hp300hpux) ++ basic_machine=m68k-hp ++ os=-hpux ++ ;; ++ hp3k9[0-9][0-9] | hp9[0-9][0-9]) ++ basic_machine=hppa1.0-hp ++ ;; ++ hp9k2[0-9][0-9] | hp9k31[0-9]) ++ basic_machine=m68000-hp ++ ;; ++ hp9k3[2-9][0-9]) ++ basic_machine=m68k-hp ++ ;; ++ hp9k6[0-9][0-9] | hp6[0-9][0-9]) ++ basic_machine=hppa1.0-hp ++ ;; ++ hp9k7[0-79][0-9] | hp7[0-79][0-9]) ++ basic_machine=hppa1.1-hp ++ ;; ++ hp9k78[0-9] | hp78[0-9]) ++ # FIXME: really hppa2.0-hp ++ basic_machine=hppa1.1-hp ++ ;; ++ hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) ++ # FIXME: really hppa2.0-hp ++ basic_machine=hppa1.1-hp ++ ;; ++ hp9k8[0-9][13679] | hp8[0-9][13679]) ++ basic_machine=hppa1.1-hp ++ ;; ++ hp9k8[0-9][0-9] | hp8[0-9][0-9]) ++ basic_machine=hppa1.0-hp ++ ;; ++ hppa-next) ++ os=-nextstep3 ++ ;; ++ hppaosf) ++ basic_machine=hppa1.1-hp ++ os=-osf ++ ;; ++ hppro) ++ basic_machine=hppa1.1-hp ++ os=-proelf ++ ;; ++ i370-ibm* | ibm*) ++ basic_machine=i370-ibm ++ ;; ++# I'm not sure what "Sysv32" means. Should this be sysv3.2? ++ i*86v32) ++ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` ++ os=-sysv32 ++ ;; ++ i*86v4*) ++ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` ++ os=-sysv4 ++ ;; ++ i*86v) ++ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` ++ os=-sysv ++ ;; ++ i*86sol2) ++ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` ++ os=-solaris2 ++ ;; ++ i386mach) ++ basic_machine=i386-mach ++ os=-mach ++ ;; ++ i386-vsta | vsta) ++ basic_machine=i386-unknown ++ os=-vsta ++ ;; ++ iris | iris4d) ++ basic_machine=mips-sgi ++ case $os in ++ -irix*) ++ ;; ++ *) ++ os=-irix4 ++ ;; ++ esac ++ ;; ++ isi68 | isi) ++ basic_machine=m68k-isi ++ os=-sysv ++ ;; ++ m88k-omron*) ++ basic_machine=m88k-omron ++ ;; ++ magnum | m3230) ++ basic_machine=mips-mips ++ os=-sysv ++ ;; ++ merlin) ++ basic_machine=ns32k-utek ++ os=-sysv ++ ;; ++ mingw32) ++ basic_machine=i386-pc ++ os=-mingw32 ++ ;; ++ miniframe) ++ basic_machine=m68000-convergent ++ ;; ++ *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) ++ basic_machine=m68k-atari ++ os=-mint ++ ;; ++ mips3*-*) ++ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ++ ;; ++ mips3*) ++ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ++ ;; ++ monitor) ++ basic_machine=m68k-rom68k ++ os=-coff ++ ;; ++ morphos) ++ basic_machine=powerpc-unknown ++ os=-morphos ++ ;; ++ msdos) ++ basic_machine=i386-pc ++ os=-msdos ++ ;; ++ ms1-*) ++ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ++ ;; ++ mvs) ++ basic_machine=i370-ibm ++ os=-mvs ++ ;; ++ ncr3000) ++ basic_machine=i486-ncr ++ os=-sysv4 ++ ;; ++ netbsd386) ++ basic_machine=i386-unknown ++ os=-netbsd ++ ;; ++ netwinder) ++ basic_machine=armv4l-rebel ++ os=-linux ++ ;; ++ news | news700 | news800 | news900) ++ basic_machine=m68k-sony ++ os=-newsos ++ ;; ++ news1000) ++ basic_machine=m68030-sony ++ os=-newsos ++ ;; ++ news-3600 | risc-news) ++ basic_machine=mips-sony ++ os=-newsos ++ ;; ++ necv70) ++ basic_machine=v70-nec ++ os=-sysv ++ ;; ++ next | m*-next ) ++ basic_machine=m68k-next ++ case $os in ++ -nextstep* ) ++ ;; ++ -ns2*) ++ os=-nextstep2 ++ ;; ++ *) ++ os=-nextstep3 ++ ;; ++ esac ++ ;; ++ nh3000) ++ basic_machine=m68k-harris ++ os=-cxux ++ ;; ++ nh[45]000) ++ basic_machine=m88k-harris ++ os=-cxux ++ ;; ++ nindy960) ++ basic_machine=i960-intel ++ os=-nindy ++ ;; ++ mon960) ++ basic_machine=i960-intel ++ os=-mon960 ++ ;; ++ nonstopux) ++ basic_machine=mips-compaq ++ os=-nonstopux ++ ;; ++ np1) ++ basic_machine=np1-gould ++ ;; ++ nsr-tandem) ++ basic_machine=nsr-tandem ++ ;; ++ op50n-* | op60c-*) ++ basic_machine=hppa1.1-oki ++ os=-proelf ++ ;; ++ openrisc | openrisc-*) ++ basic_machine=or32-unknown ++ ;; ++ os400) ++ basic_machine=powerpc-ibm ++ os=-os400 ++ ;; ++ OSE68000 | ose68000) ++ basic_machine=m68000-ericsson ++ os=-ose ++ ;; ++ os68k) ++ basic_machine=m68k-none ++ os=-os68k ++ ;; ++ pa-hitachi) ++ basic_machine=hppa1.1-hitachi ++ os=-hiuxwe2 ++ ;; ++ paragon) ++ basic_machine=i860-intel ++ os=-osf ++ ;; ++ pbd) ++ basic_machine=sparc-tti ++ ;; ++ pbb) ++ basic_machine=m68k-tti ++ ;; ++ pc532 | pc532-*) ++ basic_machine=ns32k-pc532 ++ ;; ++ pc98) ++ basic_machine=i386-pc ++ ;; ++ pc98-*) ++ basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ pentium | p5 | k5 | k6 | nexgen | viac3) ++ basic_machine=i586-pc ++ ;; ++ pentiumpro | p6 | 6x86 | athlon | athlon_*) ++ basic_machine=i686-pc ++ ;; ++ pentiumii | pentium2 | pentiumiii | pentium3) ++ basic_machine=i686-pc ++ ;; ++ pentium4) ++ basic_machine=i786-pc ++ ;; ++ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) ++ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ pentiumpro-* | p6-* | 6x86-* | athlon-*) ++ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) ++ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ pentium4-*) ++ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ pn) ++ basic_machine=pn-gould ++ ;; ++ power) basic_machine=power-ibm ++ ;; ++ ppc) basic_machine=powerpc-unknown ++ ;; ++ ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ ppcle | powerpclittle | ppc-le | powerpc-little) ++ basic_machine=powerpcle-unknown ++ ;; ++ ppcle-* | powerpclittle-*) ++ basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ ppc64) basic_machine=powerpc64-unknown ++ ;; ++ ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ ppc64le | powerpc64little | ppc64-le | powerpc64-little) ++ basic_machine=powerpc64le-unknown ++ ;; ++ ppc64le-* | powerpc64little-*) ++ basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ ps2) ++ basic_machine=i386-ibm ++ ;; ++ pw32) ++ basic_machine=i586-unknown ++ os=-pw32 ++ ;; ++ rdos) ++ basic_machine=i386-pc ++ os=-rdos ++ ;; ++ rom68k) ++ basic_machine=m68k-rom68k ++ os=-coff ++ ;; ++ rm[46]00) ++ basic_machine=mips-siemens ++ ;; ++ rtpc | rtpc-*) ++ basic_machine=romp-ibm ++ ;; ++ s390 | s390-*) ++ basic_machine=s390-ibm ++ ;; ++ s390x | s390x-*) ++ basic_machine=s390x-ibm ++ ;; ++ sa29200) ++ basic_machine=a29k-amd ++ os=-udi ++ ;; ++ sb1) ++ basic_machine=mipsisa64sb1-unknown ++ ;; ++ sb1el) ++ basic_machine=mipsisa64sb1el-unknown ++ ;; ++ sei) ++ basic_machine=mips-sei ++ os=-seiux ++ ;; ++ sequent) ++ basic_machine=i386-sequent ++ ;; ++ sh) ++ basic_machine=sh-hitachi ++ os=-hms ++ ;; ++ sh64) ++ basic_machine=sh64-unknown ++ ;; ++ sparclite-wrs | simso-wrs) ++ basic_machine=sparclite-wrs ++ os=-vxworks ++ ;; ++ sps7) ++ basic_machine=m68k-bull ++ os=-sysv2 ++ ;; ++ spur) ++ basic_machine=spur-unknown ++ ;; ++ st2000) ++ basic_machine=m68k-tandem ++ ;; ++ stratus) ++ basic_machine=i860-stratus ++ os=-sysv4 ++ ;; ++ sun2) ++ basic_machine=m68000-sun ++ ;; ++ sun2os3) ++ basic_machine=m68000-sun ++ os=-sunos3 ++ ;; ++ sun2os4) ++ basic_machine=m68000-sun ++ os=-sunos4 ++ ;; ++ sun3os3) ++ basic_machine=m68k-sun ++ os=-sunos3 ++ ;; ++ sun3os4) ++ basic_machine=m68k-sun ++ os=-sunos4 ++ ;; ++ sun4os3) ++ basic_machine=sparc-sun ++ os=-sunos3 ++ ;; ++ sun4os4) ++ basic_machine=sparc-sun ++ os=-sunos4 ++ ;; ++ sun4sol2) ++ basic_machine=sparc-sun ++ os=-solaris2 ++ ;; ++ sun3 | sun3-*) ++ basic_machine=m68k-sun ++ ;; ++ sun4) ++ basic_machine=sparc-sun ++ ;; ++ sun386 | sun386i | roadrunner) ++ basic_machine=i386-sun ++ ;; ++ sv1) ++ basic_machine=sv1-cray ++ os=-unicos ++ ;; ++ symmetry) ++ basic_machine=i386-sequent ++ os=-dynix ++ ;; ++ t3e) ++ basic_machine=alphaev5-cray ++ os=-unicos ++ ;; ++ t90) ++ basic_machine=t90-cray ++ os=-unicos ++ ;; ++ tic54x | c54x*) ++ basic_machine=tic54x-unknown ++ os=-coff ++ ;; ++ tic55x | c55x*) ++ basic_machine=tic55x-unknown ++ os=-coff ++ ;; ++ tic6x | c6x*) ++ basic_machine=tic6x-unknown ++ os=-coff ++ ;; ++ tx39) ++ basic_machine=mipstx39-unknown ++ ;; ++ tx39el) ++ basic_machine=mipstx39el-unknown ++ ;; ++ toad1) ++ basic_machine=pdp10-xkl ++ os=-tops20 ++ ;; ++ tower | tower-32) ++ basic_machine=m68k-ncr ++ ;; ++ tpf) ++ basic_machine=s390x-ibm ++ os=-tpf ++ ;; ++ udi29k) ++ basic_machine=a29k-amd ++ os=-udi ++ ;; ++ ultra3) ++ basic_machine=a29k-nyu ++ os=-sym1 ++ ;; ++ v810 | necv810) ++ basic_machine=v810-nec ++ os=-none ++ ;; ++ vaxv) ++ basic_machine=vax-dec ++ os=-sysv ++ ;; ++ vms) ++ basic_machine=vax-dec ++ os=-vms ++ ;; ++ vpp*|vx|vx-*) ++ basic_machine=f301-fujitsu ++ ;; ++ vxworks960) ++ basic_machine=i960-wrs ++ os=-vxworks ++ ;; ++ vxworks68) ++ basic_machine=m68k-wrs ++ os=-vxworks ++ ;; ++ vxworks29k) ++ basic_machine=a29k-wrs ++ os=-vxworks ++ ;; ++ w65*) ++ basic_machine=w65-wdc ++ os=-none ++ ;; ++ w89k-*) ++ basic_machine=hppa1.1-winbond ++ os=-proelf ++ ;; ++ xbox) ++ basic_machine=i686-pc ++ os=-mingw32 ++ ;; ++ xps | xps100) ++ basic_machine=xps100-honeywell ++ ;; ++ ymp) ++ basic_machine=ymp-cray ++ os=-unicos ++ ;; ++ z8k-*-coff) ++ basic_machine=z8k-unknown ++ os=-sim ++ ;; ++ none) ++ basic_machine=none-none ++ os=-none ++ ;; ++ ++# Here we handle the default manufacturer of certain CPU types. It is in ++# some cases the only manufacturer, in others, it is the most popular. ++ w89k) ++ basic_machine=hppa1.1-winbond ++ ;; ++ op50n) ++ basic_machine=hppa1.1-oki ++ ;; ++ op60c) ++ basic_machine=hppa1.1-oki ++ ;; ++ romp) ++ basic_machine=romp-ibm ++ ;; ++ mmix) ++ basic_machine=mmix-knuth ++ ;; ++ rs6000) ++ basic_machine=rs6000-ibm ++ ;; ++ vax) ++ basic_machine=vax-dec ++ ;; ++ pdp10) ++ # there are many clones, so DEC is not a safe bet ++ basic_machine=pdp10-unknown ++ ;; ++ pdp11) ++ basic_machine=pdp11-dec ++ ;; ++ we32k) ++ basic_machine=we32k-att ++ ;; ++ sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) ++ basic_machine=sh-unknown ++ ;; ++ sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) ++ basic_machine=sparc-sun ++ ;; ++ cydra) ++ basic_machine=cydra-cydrome ++ ;; ++ orion) ++ basic_machine=orion-highlevel ++ ;; ++ orion105) ++ basic_machine=clipper-highlevel ++ ;; ++ mac | mpw | mac-mpw) ++ basic_machine=m68k-apple ++ ;; ++ pmac | pmac-mpw) ++ basic_machine=powerpc-apple ++ ;; ++ *-unknown) ++ # Make sure to match an already-canonicalized machine name. ++ ;; ++ *) ++ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 ++ exit 1 ++ ;; ++esac ++ ++# Here we canonicalize certain aliases for manufacturers. ++case $basic_machine in ++ *-digital*) ++ basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ++ ;; ++ *-commodore*) ++ basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ++ ;; ++ *) ++ ;; ++esac ++ ++# Decode manufacturer-specific aliases for certain operating systems. ++ ++if [ x"$os" != x"" ] ++then ++case $os in ++ # First match some system type aliases ++ # that might get confused with valid system types. ++ # -solaris* is a basic system type, with this one exception. ++ -solaris1 | -solaris1.*) ++ os=`echo $os | sed -e 's|solaris1|sunos4|'` ++ ;; ++ -solaris) ++ os=-solaris2 ++ ;; ++ -svr4*) ++ os=-sysv4 ++ ;; ++ -unixware*) ++ os=-sysv4.2uw ++ ;; ++ -gnu/linux*) ++ os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ++ ;; ++ # First accept the basic system types. ++ # The portable systems comes first. ++ # Each alternative MUST END IN A *, to match a version number. ++ # -sysv* is not here because it comes later, after sysvr4. ++ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ ++ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ ++ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ ++ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ ++ | -aos* \ ++ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ ++ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ ++ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ ++ | -openbsd* | -solidbsd* \ ++ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ ++ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ ++ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ ++ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ ++ | -chorusos* | -chorusrdb* \ ++ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ ++ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ ++ | -uxpv* | -beos* | -mpeix* | -udk* \ ++ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ ++ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ ++ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ ++ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ ++ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ ++ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ ++ | -skyos* | -haiku* | -rdos* | -toppers*) ++ # Remember, each alternative MUST END IN *, to match a version number. ++ ;; ++ -qnx*) ++ case $basic_machine in ++ x86-* | i*86-*) ++ ;; ++ *) ++ os=-nto$os ++ ;; ++ esac ++ ;; ++ -nto-qnx*) ++ ;; ++ -nto*) ++ os=`echo $os | sed -e 's|nto|nto-qnx|'` ++ ;; ++ -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ ++ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ ++ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ++ ;; ++ -mac*) ++ os=`echo $os | sed -e 's|mac|macos|'` ++ ;; ++ -linux-dietlibc) ++ os=-linux-dietlibc ++ ;; ++ -linux*) ++ os=`echo $os | sed -e 's|linux|linux-gnu|'` ++ ;; ++ -sunos5*) ++ os=`echo $os | sed -e 's|sunos5|solaris2|'` ++ ;; ++ -sunos6*) ++ os=`echo $os | sed -e 's|sunos6|solaris3|'` ++ ;; ++ -opened*) ++ os=-openedition ++ ;; ++ -os400*) ++ os=-os400 ++ ;; ++ -wince*) ++ os=-wince ++ ;; ++ -osfrose*) ++ os=-osfrose ++ ;; ++ -osf*) ++ os=-osf ++ ;; ++ -utek*) ++ os=-bsd ++ ;; ++ -dynix*) ++ os=-bsd ++ ;; ++ -acis*) ++ os=-aos ++ ;; ++ -atheos*) ++ os=-atheos ++ ;; ++ -syllable*) ++ os=-syllable ++ ;; ++ -386bsd) ++ os=-bsd ++ ;; ++ -ctix* | -uts*) ++ os=-sysv ++ ;; ++ -nova*) ++ os=-rtmk-nova ++ ;; ++ -ns2 ) ++ os=-nextstep2 ++ ;; ++ -nsk*) ++ os=-nsk ++ ;; ++ # Preserve the version number of sinix5. ++ -sinix5.*) ++ os=`echo $os | sed -e 's|sinix|sysv|'` ++ ;; ++ -sinix*) ++ os=-sysv4 ++ ;; ++ -tpf*) ++ os=-tpf ++ ;; ++ -triton*) ++ os=-sysv3 ++ ;; ++ -oss*) ++ os=-sysv3 ++ ;; ++ -svr4) ++ os=-sysv4 ++ ;; ++ -svr3) ++ os=-sysv3 ++ ;; ++ -sysvr4) ++ os=-sysv4 ++ ;; ++ # This must come after -sysvr4. ++ -sysv*) ++ ;; ++ -ose*) ++ os=-ose ++ ;; ++ -es1800*) ++ os=-ose ++ ;; ++ -xenix) ++ os=-xenix ++ ;; ++ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) ++ os=-mint ++ ;; ++ -aros*) ++ os=-aros ++ ;; ++ -kaos*) ++ os=-kaos ++ ;; ++ -zvmoe) ++ os=-zvmoe ++ ;; ++ -none) ++ ;; ++ *) ++ # Get rid of the `-' at the beginning of $os. ++ os=`echo $os | sed 's/[^-]*-//'` ++ echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 ++ exit 1 ++ ;; ++esac ++else ++ ++# Here we handle the default operating systems that come with various machines. ++# The value should be what the vendor currently ships out the door with their ++# machine or put another way, the most popular os provided with the machine. ++ ++# Note that if you're going to try to match "-MANUFACTURER" here (say, ++# "-sun"), then you have to tell the case statement up towards the top ++# that MANUFACTURER isn't an operating system. Otherwise, code above ++# will signal an error saying that MANUFACTURER isn't an operating ++# system, and we'll never get to this point. ++ ++case $basic_machine in ++ spu-*) ++ os=-elf ++ ;; ++ *-acorn) ++ os=-riscix1.2 ++ ;; ++ arm*-rebel) ++ os=-linux ++ ;; ++ arm*-semi) ++ os=-aout ++ ;; ++ c4x-* | tic4x-*) ++ os=-coff ++ ;; ++ # This must come before the *-dec entry. ++ pdp10-*) ++ os=-tops20 ++ ;; ++ pdp11-*) ++ os=-none ++ ;; ++ *-dec | vax-*) ++ os=-ultrix4.2 ++ ;; ++ m68*-apollo) ++ os=-domain ++ ;; ++ i386-sun) ++ os=-sunos4.0.2 ++ ;; ++ m68000-sun) ++ os=-sunos3 ++ # This also exists in the configure program, but was not the ++ # default. ++ # os=-sunos4 ++ ;; ++ m68*-cisco) ++ os=-aout ++ ;; ++ mips*-cisco) ++ os=-elf ++ ;; ++ mips*-*) ++ os=-elf ++ ;; ++ or32-*) ++ os=-coff ++ ;; ++ *-tti) # must be before sparc entry or we get the wrong os. ++ os=-sysv3 ++ ;; ++ sparc-* | *-sun) ++ os=-sunos4.1.1 ++ ;; ++ *-be) ++ os=-beos ++ ;; ++ *-haiku) ++ os=-haiku ++ ;; ++ *-ibm) ++ os=-aix ++ ;; ++ *-knuth) ++ os=-mmixware ++ ;; ++ *-wec) ++ os=-proelf ++ ;; ++ *-winbond) ++ os=-proelf ++ ;; ++ *-oki) ++ os=-proelf ++ ;; ++ *-hp) ++ os=-hpux ++ ;; ++ *-hitachi) ++ os=-hiux ++ ;; ++ i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) ++ os=-sysv ++ ;; ++ *-cbm) ++ os=-amigaos ++ ;; ++ *-dg) ++ os=-dgux ++ ;; ++ *-dolphin) ++ os=-sysv3 ++ ;; ++ m68k-ccur) ++ os=-rtu ++ ;; ++ m88k-omron*) ++ os=-luna ++ ;; ++ *-next ) ++ os=-nextstep ++ ;; ++ *-sequent) ++ os=-ptx ++ ;; ++ *-crds) ++ os=-unos ++ ;; ++ *-ns) ++ os=-genix ++ ;; ++ i370-*) ++ os=-mvs ++ ;; ++ *-next) ++ os=-nextstep3 ++ ;; ++ *-gould) ++ os=-sysv ++ ;; ++ *-highlevel) ++ os=-bsd ++ ;; ++ *-encore) ++ os=-bsd ++ ;; ++ *-sgi) ++ os=-irix ++ ;; ++ *-siemens) ++ os=-sysv4 ++ ;; ++ *-masscomp) ++ os=-rtu ++ ;; ++ f30[01]-fujitsu | f700-fujitsu) ++ os=-uxpv ++ ;; ++ *-rom68k) ++ os=-coff ++ ;; ++ *-*bug) ++ os=-coff ++ ;; ++ *-apple) ++ os=-macos ++ ;; ++ *-atari*) ++ os=-mint ++ ;; ++ *) ++ os=-none ++ ;; ++esac ++fi ++ ++# Here we handle the case where we know the os, and the CPU type, but not the ++# manufacturer. We pick the logical manufacturer. ++vendor=unknown ++case $basic_machine in ++ *-unknown) ++ case $os in ++ -riscix*) ++ vendor=acorn ++ ;; ++ -sunos*) ++ vendor=sun ++ ;; ++ -aix*) ++ vendor=ibm ++ ;; ++ -beos*) ++ vendor=be ++ ;; ++ -hpux*) ++ vendor=hp ++ ;; ++ -mpeix*) ++ vendor=hp ++ ;; ++ -hiux*) ++ vendor=hitachi ++ ;; ++ -unos*) ++ vendor=crds ++ ;; ++ -dgux*) ++ vendor=dg ++ ;; ++ -luna*) ++ vendor=omron ++ ;; ++ -genix*) ++ vendor=ns ++ ;; ++ -mvs* | -opened*) ++ vendor=ibm ++ ;; ++ -os400*) ++ vendor=ibm ++ ;; ++ -ptx*) ++ vendor=sequent ++ ;; ++ -tpf*) ++ vendor=ibm ++ ;; ++ -vxsim* | -vxworks* | -windiss*) ++ vendor=wrs ++ ;; ++ -aux*) ++ vendor=apple ++ ;; ++ -hms*) ++ vendor=hitachi ++ ;; ++ -mpw* | -macos*) ++ vendor=apple ++ ;; ++ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) ++ vendor=atari ++ ;; ++ -vos*) ++ vendor=stratus ++ ;; ++ esac ++ basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ++ ;; ++esac ++ ++echo $basic_machine$os ++exit ++ ++# Local variables: ++# eval: (add-hook 'write-file-hooks 'time-stamp) ++# time-stamp-start: "timestamp='" ++# time-stamp-format: "%:y-%02m-%02d" ++# time-stamp-end: "'" ++# End: --- apache2-2.2.14.orig/debian/patches/009_apache2_has_dso +++ apache2-2.2.14/debian/patches/009_apache2_has_dso @@ -0,0 +1,41 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 009_apache2_has_dso by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Make apxs usable without having apache2 installed. + +@DPATCH@ +--- apache2/support/apxs.in 2003-04-05 11:07:55.000000000 +0200 ++++ apache2/support/apxs.in 2003-04-05 11:25:19.000000000 +0200 +@@ -237,18 +237,19 @@ + ($httpd = $0) =~ s:support/apxs$::; + } + +-unless (-x "$httpd") { +- error("$httpd not found or not executable"); +- exit 1; +-} +- +-unless (grep /mod_so/, `. $envvars && $httpd -l`) { +- error("Sorry, no shared object support for Apache"); +- error("available under your platform. Make sure"); +- error("the Apache module mod_so is compiled into"); +- error("your server binary `$httpd'."); +- exit 1; +-} ++#commented out for Debian GNU/Linux. We know that apache2 has dso support ++#unless (-x "$httpd") { ++# error("$httpd not found or not executable"); ++# exit 1; ++#} ++ ++#unless (grep /mod_so/, `. $envvars && $httpd -l`) { ++# error("Sorry, no shared object support for Apache"); ++# error("available under your platform. Make sure"); ++# error("the Apache module mod_so is compiled into"); ++# error("your server binary `$httpd'."); ++# exit 1; ++#} + + sub get_config_vars{ + my ($file, $rh_config) = @_; --- apache2-2.2.14.orig/debian/patches/058_suexec-CVE-2007-1742.dpatch +++ apache2-2.2.14/debian/patches/058_suexec-CVE-2007-1742.dpatch @@ -0,0 +1,64 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix race condition with chdir +## DP: Fix /var/www* being accepted as docroot instead of /var/www/* +## DP: (the same for public_html* instead of public_html/* ) + +@DPATCH@ +--- a/support/suexec.c (revision 644465) ++++ b/support/suexec.c (working copy) +@@ -42,6 +42,7 @@ + #if APR_HAVE_UNISTD_H + #include + #endif ++#include + + #include + #include +@@ -263,6 +264,7 @@ + struct group *gr; /* group entry holder */ + struct stat dir_info; /* directory info holder */ + struct stat prg_info; /* program info holder */ ++ int cwdh; /* handle to cwd */ + + /* + * Start with a "clean" environment +@@ -496,11 +498,16 @@ + exit(111); + } + ++ if ( (cwdh = open(".", O_RDONLY)) == -1 ) { ++ log_err("cannot open current working directory\n"); ++ exit(111); ++ } ++ + if (userdir) { + if (((chdir(target_homedir)) != 0) || + ((chdir(AP_USERDIR_SUFFIX)) != 0) || + ((getcwd(dwd, AP_MAXPATH)) == NULL) || +- ((chdir(cwd)) != 0)) { ++ ((fchdir(cwdh)) != 0)) { + log_err("cannot get docroot information (%s)\n", target_homedir); + exit(112); + } +@@ -508,12 +515,18 @@ + else { + if (((chdir(AP_DOC_ROOT)) != 0) || + ((getcwd(dwd, AP_MAXPATH)) == NULL) || +- ((chdir(cwd)) != 0)) { ++ ((fchdir(cwdh)) != 0)) { + log_err("cannot get docroot information (%s)\n", AP_DOC_ROOT); + exit(113); + } + } + ++ close(cwdh); ++ ++ if (strlen(cwd) > strlen(dwd)) { ++ strncat(dwd, "/", AP_MAXPATH); ++ dwd[AP_MAXPATH-1] = '\0'; ++ } + if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { + log_err("command not in docroot (%s/%s)\n", cwd, cmd); + exit(114); --- apache2-2.2.14.orig/debian/patches/001_branding +++ apache2-2.2.14/debian/patches/001_branding @@ -0,0 +1,36 @@ +#!/bin/sh -e +## 02_branding.dpatch by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Changes apache's PLATFORM based on lsb_release output + +BUILD_DIST="($(lsb_release -i -s))" + +if [ $# -ne 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi + +case "$1" in + -patch) + if grep -q "${BUILD_DIST}" server/core.c 2>/dev/null; then + echo >&2 "`basename $0`: patch already applied" + exit 1 + else + # This is where we get our distribution-specific server signature from: + sed -i -e "s/(\" PLATFORM \")/${BUILD_DIST}/" server/core.c + fi + ;; + -unpatch) + if grep -q "${BUILD_DIST}" server/core.c 2>/dev/null; then + sed -i -e "s/${BUILD_DIST}/(\" PLATFORM \")/" server/core.c + else + echo >&2 "`basename $0`: patch not yet applied, cannot unpatch" + exit 1 + fi + ;; + *) + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 + ;; +esac --- apache2-2.2.14.orig/debian/patches/070_RemoveType_override_mime.types.dpatch +++ apache2-2.2.14/debian/patches/070_RemoveType_override_mime.types.dpatch @@ -0,0 +1,55 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Make RemoveType override the info from TypesConfig + +@DPATCH@ +commit 22de79599d8b6bf44a9e590f1a66166f5e9742fd +Author: Stefan Fritsch +Date: Sat Oct 3 12:13:41 2009 +0000 + + Make RemoveType override the info from TypesConfig + + + git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@821298 13f79535-47bb-0310-9956-ffa450edef68 + +diff --git a/modules/http/mod_mime.c b/modules/http/mod_mime.c +index 9570976..3cde932 100644 +--- a/modules/http/mod_mime.c ++++ b/modules/http/mod_mime.c +@@ -274,6 +274,16 @@ static const char *add_extension_info(cmd_parms *cmd, void *m_, + } + + /* ++ * As RemoveType should also override the info from TypesConfig, we add an ++ * empty string as type instead of actually removing the type. ++ */ ++static const char *remove_extension_type(cmd_parms *cmd, void *m_, ++ const char *ext) ++{ ++ return add_extension_info(cmd, m_, "", ext); ++} ++ ++/* + * Note handler names are un-added with each per_dir_config merge. + * This keeps the association from being inherited, but not + * from being re-added at a subordinate level. +@@ -403,7 +413,7 @@ static const command_rec mime_cmds[] = + AP_INIT_ITERATE("RemoveOutputFilter", remove_extension_info, + (void *)APR_OFFSETOF(extension_info, output_filters), OR_FILEINFO, + "one or more file extensions"), +- AP_INIT_ITERATE("RemoveType", remove_extension_info, ++ AP_INIT_ITERATE("RemoveType", remove_extension_type, + (void *)APR_OFFSETOF(extension_info, forced_type), OR_FILEINFO, + "one or more file extensions"), + AP_INIT_TAKE1("TypesConfig", set_types_config, NULL, RSRC_CONF, +@@ -819,7 +829,8 @@ static int find_ct(request_rec *r) + + if (exinfo != NULL) { + +- if (exinfo->forced_type) { ++ /* empty string is treated as special case for RemoveType */ ++ if (exinfo->forced_type && *exinfo->forced_type) { + ap_set_content_type(r, exinfo->forced_type); + found = 1; + } --- apache2-2.2.14.orig/debian/patches/075_mod_rewrite_literal_ipv6_redirect.dpatch +++ apache2-2.2.14/debian/patches/075_mod_rewrite_literal_ipv6_redirect.dpatch @@ -0,0 +1,52 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 075_mod_rewrite_literal_ipv6_redirect.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Add [] to literal ipv6 hosts in URLs (bug #557015) + +@DPATCH@ +diff -urNad trunk~/modules/mappers/mod_rewrite.c trunk/modules/mappers/mod_rewrite.c +--- trunk~/modules/mappers/mod_rewrite.c 2009-07-10 14:20:45.000000000 +0200 ++++ trunk/modules/mappers/mod_rewrite.c 2009-12-06 00:10:57.468047872 +0100 +@@ -833,6 +833,23 @@ + } + + /* ++ * Get the current server name from the request for the purposes ++ * of using in a URL. If the server name is an IPv6 literal ++ * address, it will be returned in URL format (e.g., "[fe80::1]"). ++ */ ++static const char *get_server_name_for_url(request_rec *r) ++{ ++ const char *plain_server_name = ap_get_server_name(r); ++ ++#if APR_HAVE_IPV6 ++ if (ap_strchr_c(plain_server_name, ':')) { /* IPv6 literal? */ ++ return apr_psprintf(r->pool, "[%s]", plain_server_name); ++ } ++#endif ++ return plain_server_name; ++} ++ ++/* + * add 'http[s]://ourhost[:ourport]/' to URI + * if URI is still not fully qualified + */ +@@ -843,7 +860,7 @@ + char *thisport; + int port; + +- thisserver = ap_get_server_name(r); ++ thisserver = get_server_name_for_url(r); + port = ap_get_server_port(r); + thisport = ap_is_default_port(port, r) + ? "" +@@ -4271,7 +4288,7 @@ + */ + + /* add the canonical URI of this URL */ +- thisserver = ap_get_server_name(r); ++ thisserver = get_server_name_for_url(r); + port = ap_get_server_port(r); + if (ap_is_default_port(port, r)) { + thisport = ""; --- apache2-2.2.14.orig/debian/patches/010_fhs_compliance +++ apache2-2.2.14/debian/patches/010_fhs_compliance @@ -0,0 +1,34 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 010_more_fhs_compliance by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix up FHS file locations for apache2 droppings. + +@DPATCH@ +--- apache2/include/ap_config_layout.h.in.orig 2005-06-15 00:06:51.000000000 +1000 ++++ apache2/include/ap_config_layout.h.in 2005-10-23 14:02:43.000000000 +1000 +@@ -55,5 +55,6 @@ + #define DEFAULT_REL_LOGFILEDIR "@rel_logfiledir@" + #define DEFAULT_EXP_PROXYCACHEDIR "@exp_proxycachedir@" + #define DEFAULT_REL_PROXYCACHEDIR "@rel_proxycachedir@" ++#define DEFAULT_PIDLOG "/var/run/apache2.pid" + + #endif /* AP_CONFIG_LAYOUT_H */ +diff -ruN -x Makefile.in -x configure -x '*~' -x build-tree.orig -x '*.rej' build-tree.orig/apache2/config.layout build-tree/apache2/config.layout +--- apache2/config.layout 2002-07-16 19:29:59.000000000 +0100 ++++ apache2/config.layout 2003-05-07 13:28:20.000000000 +0100 +@@ -314,11 +314,11 @@ + manualdir: ${htdocsdir}/manual + cgidir: ${prefix}/usr/lib/cgi-bin + includedir: ${exec_prefix}/include/apache2 +- localstatedir: ${prefix}/var/run +- runtimedir: ${prefix}/var/run ++ localstatedir: ${prefix}/var/lock/apache2 ++ runtimedir: ${prefix}/var/run/apache2 + logfiledir: ${prefix}/var/log/apache2 + proxycachedir: ${prefix}/var/cache/apache2/proxy + infodir: ${exec_prefix}/share/info +- installbuilddir: ${prefix}/etc/apache2/build ++ installbuilddir: ${prefix}/usr/share/apache2/build + errordir: ${datadir}/error + --- apache2-2.2.14.orig/debian/patches/031_apxs2_sucks_more +++ apache2-2.2.14/debian/patches/031_apxs2_sucks_more @@ -0,0 +1,97 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 031_apxs2_sucks_more by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Make apxs2 use httpd.conf, instead of apache2.conf, plus other random fixes. + +@DPATCH@ +--- apache2/support/apxs.in 2005-06-10 10:18:14.000000000 +0100 ++++ apache2/support/apxs.in 2006-01-26 16:50:17.000000000 +0000 +@@ -190,7 +190,7 @@ + my $httpd = get_vars("sbindir") . "/" . get_vars("progname"); + $httpd = eval qq("$httpd"); + $httpd = eval qq("$httpd"); +-my $envvars = get_vars("sbindir") . "/envvars"; ++my $envvars = "$CFG_SYSCONFDIR" . "/envvars"; + $envvars = eval qq("$envvars"); + $envvars = eval qq("$envvars"); + +@@ -331,6 +331,7 @@ + $data =~ s|%TARGET%|$CFG_TARGET|sg; + $data =~ s|%PREFIX%|$prefix|sg; + $data =~ s|%INSTALLBUILDDIR%|$installbuilddir|sg; ++ $data =~ s|%DATADIR%|$datadir|sg; + + my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s); + +@@ -480,7 +480,7 @@ + if ($opt_i) { + push(@cmds, "$installbuilddir/instdso.sh SH_LIBTOOL='" . + "$libtool' $f $CFG_LIBEXECDIR"); +- push(@cmds, "chmod 755 $CFG_LIBEXECDIR/$t"); ++ push(@cmds, "chmod 644 $CFG_LIBEXECDIR/$t"); + } + + # determine module symbolname and filename +@@ -516,7 +516,8 @@ + $filename = "mod_${name}.c"; + } + my $dir = $CFG_LIBEXECDIR; +- $dir =~ s|^$CFG_PREFIX/?||; ++ # Debian doesn't have a CFG_PREFIX, so this stuffs up: ++ # $dir =~ s|^$CFG_PREFIX/?||; + $dir =~ s|(.)$|$1/|; + $t =~ s|\.la$|.so|; + push(@lmd, sprintf("LoadModule %-18s %s", "${name}_module", "$dir$t")); +@@ -527,17 +528,17 @@ + + # activate module via LoadModule/AddModule directive + if ($opt_a or $opt_A) { +- if (not -f "$CFG_SYSCONFDIR/$CFG_TARGET.conf") { +- error("Config file $CFG_SYSCONFDIR/$CFG_TARGET.conf not found"); ++ if (not -f "$CFG_SYSCONFDIR/httpd.conf") { ++ error("Config file $CFG_SYSCONFDIR/httpd.conf not found"); + exit(1); + } + +- open(FP, "<$CFG_SYSCONFDIR/$CFG_TARGET.conf") || die; ++ open(FP, "<$CFG_SYSCONFDIR/httpd.conf") || die; + my $content = join('', ); + close(FP); + + if ($content !~ m|\n#?\s*LoadModule\s+|) { +- error("Activation failed for custom $CFG_SYSCONFDIR/$CFG_TARGET.conf file."); ++ error("Activation failed for custom $CFG_SYSCONFDIR/httpd.conf file."); + error("At least one `LoadModule' directive already has to exist."); + exit(1); + } +@@ -613,15 +614,15 @@ + $content =~ s|^(.*\n)#?\s*$lmd[^\n]*\n|$1$c$lmd\n|s; + } + $lmd =~ m|LoadModule\s+(.+?)_module.*|; +- notice("[$what module `$1' in $CFG_SYSCONFDIR/$CFG_TARGET.conf]"); ++ notice("[$what module `$1' in $CFG_SYSCONFDIR/httpd.conf]"); + } + if (@lmd) { +- if (open(FP, ">$CFG_SYSCONFDIR/$CFG_TARGET.conf.new")) { ++ if (open(FP, ">$CFG_SYSCONFDIR/httpd.conf.new")) { + print FP $content; + close(FP); +- system("cp $CFG_SYSCONFDIR/$CFG_TARGET.conf $CFG_SYSCONFDIR/$CFG_TARGET.conf.bak && " . +- "cp $CFG_SYSCONFDIR/$CFG_TARGET.conf.new $CFG_SYSCONFDIR/$CFG_TARGET.conf && " . +- "rm $CFG_SYSCONFDIR/$CFG_TARGET.conf.new"); ++ system("cp $CFG_SYSCONFDIR/httpd.conf $CFG_SYSCONFDIR/httpd.conf.bak && " . ++ "cp $CFG_SYSCONFDIR/httpd.conf.new $CFG_SYSCONFDIR/httpd.conf && " . ++ "rm $CFG_SYSCONFDIR/httpd.conf.new"); + } else { + notice("unable to open configuration file"); + } +@@ -694,7 +695,7 @@ + + builddir=. + top_srcdir=%PREFIX% +-top_builddir=%PREFIX% ++top_builddir=%DATADIR% + include %INSTALLBUILDDIR%/special.mk + + # the used tools --- apache2-2.2.14.orig/debian/patches/042_htdigest_CAN-2005-1344 +++ apache2-2.2.14/debian/patches/042_htdigest_CAN-2005-1344 @@ -0,0 +1,23 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 042_htdigest_CAN-2005-1344 by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix buffer overflow in htdigest. + +@DPATCH@ +--- apache2/support/htdigest.c.orig 2005-05-05 02:54:31.000000000 -0600 ++++ apache2/support/htdigest.c 2005-05-05 02:59:05.000000000 -0600 +@@ -222,9 +222,11 @@ + apr_strerror(rv, errmsg, sizeof errmsg)); + exit(1); + } ++ apr_cpystrn(user, argv[4], sizeof(user)); ++ apr_cpystrn(realm, argv[3], sizeof(realm)); + apr_file_printf(errfile, "Adding password for %s in realm %s.\n", +- argv[4], argv[3]); +- add_password(argv[4], argv[3], f); ++ user, realm); ++ add_password(user, realm, f); + apr_file_close(f); + exit(0); + } --- apache2-2.2.14.orig/debian/patches/072_CVE-2009-3555.dpatch +++ apache2-2.2.14/debian/patches/072_CVE-2009-3555.dpatch @@ -0,0 +1,384 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: TLS/SSL partial fix for CVE-2009-3555 +## DP: includes http://svn.apache.org/viewcvs.cgi?rev=891282&view=rev + +@DPATCH@ + *) SECURITY: CVE-2009-3555 (cve.mitre.org) + A partial fix for the TLS renegotiation prefix injection attack by + rejecting any client-initiated renegotiations. Any configuration + which requires renegotiation for per-directory/location access + control is still vulnerable, unless using OpenSSL >= 0.9.8l. + [Joe Orton, Ruediger Pluem] +Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c +URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c?rev=833622&r1=833621&r2=833622&view=diff +============================================================================== +--- 1/modules/ssl/ssl_engine_init.c (original) ++++ 1/modules/ssl/ssl_engine_init.c Sat Nov 7 00:56:23 2009 +@@ -501,10 +501,7 @@ + SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA); + SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); + +- if (s->loglevel >= APLOG_DEBUG) { +- /* this callback only logs if LogLevel >= info */ +- SSL_CTX_set_info_callback(ctx, ssl_callback_LogTracingState); +- } ++ SSL_CTX_set_info_callback(ctx, ssl_callback_Info); + } + + static void ssl_init_ctx_verify(server_rec *s, + +Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_io.c +URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_io.c?rev=833622&r1=833621&r2=833622&view=diff +============================================================================== +--- 1/modules/ssl/ssl_engine_io.c (original) ++++ 1/modules/ssl/ssl_engine_io.c Sat Nov 7 00:56:23 2009 +@@ -103,6 +103,7 @@ + ap_filter_t *pInputFilter; + ap_filter_t *pOutputFilter; + int nobuffer; /* non-zero to prevent buffering */ ++ SSLConnRec *config; + } ssl_filter_ctx_t; + + typedef struct { +@@ -193,7 +194,13 @@ + static int bio_filter_out_write(BIO *bio, const char *in, int inl) + { + bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio->ptr); +- ++ ++ /* Abort early if the client has initiated a renegotiation. */ ++ if (outctx->filter_ctx->config->reneg_state == RENEG_ABORT) { ++ outctx->rc = APR_ECONNABORTED; ++ return -1; ++ } ++ + /* when handshaking we'll have a small number of bytes. + * max size SSL will pass us here is about 16k. + * (16413 bytes to be exact) +@@ -466,6 +473,12 @@ + if (!in) + return 0; + ++ /* Abort early if the client has initiated a renegotiation. */ ++ if (inctx->filter_ctx->config->reneg_state == RENEG_ABORT) { ++ inctx->rc = APR_ECONNABORTED; ++ return -1; ++ } ++ + /* XXX: flush here only required for SSLv2; + * OpenSSL calls BIO_flush() at the appropriate times for + * the other protocols. +@@ -1358,9 +1371,17 @@ + } + else { + /* We have no idea what you are talking about, so return an error. */ +- return APR_ENOTIMPL; ++ status = APR_ENOTIMPL; + } + ++ /* It is possible for mod_ssl's BIO to be used outside of the ++ * direct control of mod_ssl's input or output filter -- notably, ++ * when mod_ssl initiates a renegotiation. Switching the BIO mode ++ * back to "blocking" here ensures such operations don't fail with ++ * SSL_ERROR_WANT_READ. */ ++ inctx->block = APR_BLOCK_READ; ++ ++ /* Handle custom errors. */ + if (status != APR_SUCCESS) { + return ssl_io_filter_error(f, bb, status); + } +@@ -1724,6 +1745,8 @@ + + filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t)); + ++ filter_ctx->config = myConnConfig(c); ++ + filter_ctx->nobuffer = 0; + filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter, + filter_ctx, NULL, c); +Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c +URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c?rev=833622&r1=833621&r2=833622&view=diff +============================================================================== +--- 1/modules/ssl/ssl_engine_kernel.c (original) ++++ 1/modules/ssl/ssl_engine_kernel.c Sat Nov 7 00:56:23 2009 +@@ -35,6 +35,29 @@ + static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s); + #endif + ++/* Perform a speculative (and non-blocking) read from the connection ++ * filters for the given request, to determine whether there is any ++ * pending data to read. Return non-zero if there is, else zero. */ ++static int has_buffered_data(request_rec *r) ++{ ++ apr_bucket_brigade *bb; ++ apr_off_t len; ++ apr_status_t rv; ++ int result; ++ ++ bb = apr_brigade_create(r->pool, r->connection->bucket_alloc); ++ ++ rv = ap_get_brigade(r->connection->input_filters, bb, AP_MODE_SPECULATIVE, ++ APR_NONBLOCK_READ, 1); ++ result = rv == APR_SUCCESS ++ && apr_brigade_length(bb, 1, &len) == APR_SUCCESS ++ && len > 0; ++ ++ apr_brigade_destroy(bb); ++ ++ return result; ++} ++ + /* + * Post Read Request Handler + */ +@@ -720,6 +743,23 @@ + else { + request_rec *id = r->main ? r->main : r; + ++ /* Additional mitigation for CVE-2009-3555: At this point, ++ * before renegotiating, an (entire) request has been read ++ * from the connection. An attacker may have sent further ++ * data to "prefix" any subsequent request by the victim's ++ * client after the renegotiation; this data may already ++ * have been read and buffered. Forcing a connection ++ * closure after the response ensures such data will be ++ * discarded. Legimately pipelined HTTP requests will be ++ * retried anyway with this approach. */ ++ if (has_buffered_data(r)) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ++ "insecure SSL re-negotiation required, but " ++ "a pipelined request is present; keepalive " ++ "disabled"); ++ r->connection->keepalive = AP_CONN_CLOSE; ++ } ++ + /* do a full renegotiation */ + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "Performing full renegotiation: " +@@ -729,6 +769,10 @@ + (unsigned char *)&id, + sizeof(id)); + ++ /* Toggle the renegotiation state to allow the new ++ * handshake to proceed. */ ++ sslconn->reneg_state = RENEG_ALLOW; ++ + SSL_renegotiate(ssl); + SSL_do_handshake(ssl); + +@@ -750,6 +794,8 @@ + SSL_set_state(ssl, SSL_ST_ACCEPT); + SSL_do_handshake(ssl); + ++ sslconn->reneg_state = RENEG_REJECT; ++ + if (SSL_get_state(ssl) != SSL_ST_OK) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Re-negotiation handshake failed: " +@@ -1844,76 +1890,55 @@ + return; + } + +-/* +- * This callback function is executed while OpenSSL processes the +- * SSL handshake and does SSL record layer stuff. We use it to +- * trace OpenSSL's processing in out SSL logfile. +- */ +-void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc) ++/* Dump debugginfo trace to the log file. */ ++static void log_tracing_state(MODSSL_INFO_CB_ARG_TYPE ssl, conn_rec *c, ++ server_rec *s, int where, int rc) + { +- conn_rec *c; +- server_rec *s; +- SSLSrvConfigRec *sc; +- +- /* +- * find corresponding server +- */ +- if (!(c = (conn_rec *)SSL_get_app_data((SSL *)ssl))) { +- return; +- } +- +- s = mySrvFromConn(c); +- if (!(sc = mySrvConfig(s))) { +- return; +- } +- + /* + * create the various trace messages + */ +- if (s->loglevel >= APLOG_DEBUG) { +- if (where & SSL_CB_HANDSHAKE_START) { +- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, +- "%s: Handshake: start", SSL_LIBRARY_NAME); +- } +- else if (where & SSL_CB_HANDSHAKE_DONE) { +- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, +- "%s: Handshake: done", SSL_LIBRARY_NAME); +- } +- else if (where & SSL_CB_LOOP) { +- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, +- "%s: Loop: %s", +- SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); +- } +- else if (where & SSL_CB_READ) { ++ if (where & SSL_CB_HANDSHAKE_START) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, ++ "%s: Handshake: start", SSL_LIBRARY_NAME); ++ } ++ else if (where & SSL_CB_HANDSHAKE_DONE) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, ++ "%s: Handshake: done", SSL_LIBRARY_NAME); ++ } ++ else if (where & SSL_CB_LOOP) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, ++ "%s: Loop: %s", ++ SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); ++ } ++ else if (where & SSL_CB_READ) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, ++ "%s: Read: %s", ++ SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); ++ } ++ else if (where & SSL_CB_WRITE) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, ++ "%s: Write: %s", ++ SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); ++ } ++ else if (where & SSL_CB_ALERT) { ++ char *str = (where & SSL_CB_READ) ? "read" : "write"; ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, ++ "%s: Alert: %s:%s:%s", ++ SSL_LIBRARY_NAME, str, ++ SSL_alert_type_string_long(rc), ++ SSL_alert_desc_string_long(rc)); ++ } ++ else if (where & SSL_CB_EXIT) { ++ if (rc == 0) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, +- "%s: Read: %s", ++ "%s: Exit: failed in %s", + SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); + } +- else if (where & SSL_CB_WRITE) { ++ else if (rc < 0) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, +- "%s: Write: %s", ++ "%s: Exit: error in %s", + SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); + } +- else if (where & SSL_CB_ALERT) { +- char *str = (where & SSL_CB_READ) ? "read" : "write"; +- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, +- "%s: Alert: %s:%s:%s", +- SSL_LIBRARY_NAME, str, +- SSL_alert_type_string_long(rc), +- SSL_alert_desc_string_long(rc)); +- } +- else if (where & SSL_CB_EXIT) { +- if (rc == 0) { +- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, +- "%s: Exit: failed in %s", +- SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); +- } +- else if (rc < 0) { +- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, +- "%s: Exit: error in %s", +- SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); +- } +- } + } + + /* +@@ -1933,6 +1958,52 @@ + } + } + ++/* ++ * This callback function is executed while OpenSSL processes the SSL ++ * handshake and does SSL record layer stuff. It's used to trap ++ * client-initiated renegotiations, and for dumping everything to the ++ * log. ++ */ ++void ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc) ++{ ++ conn_rec *c; ++ server_rec *s; ++ SSLConnRec *scr; ++ ++ /* Retrieve the conn_rec and the associated SSLConnRec. */ ++ if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL) { ++ return; ++ } ++ ++ if ((scr = myConnConfig(c)) == NULL) { ++ return; ++ } ++ ++ /* If the reneg state is to reject renegotiations, check the SSL ++ * state machine and move to ABORT if a Client Hello is being ++ * read. */ ++ if ((where & SSL_CB_ACCEPT_LOOP) && scr->reneg_state == RENEG_REJECT) { ++ int state = SSL_get_state(ssl); ++ ++ if (state == SSL3_ST_SR_CLNT_HELLO_A ++ || state == SSL23_ST_SR_CLNT_HELLO_A) { ++ scr->reneg_state = RENEG_ABORT; ++ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, ++ "rejecting client initiated renegotiation"); ++ } ++ } ++ /* If the first handshake is complete, change state to reject any ++ * subsequent client-initated renegotiation. */ ++ else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_INIT) { ++ scr->reneg_state = RENEG_REJECT; ++ } ++ ++ s = mySrvFromConn(c); ++ if (s && s->loglevel >= APLOG_DEBUG) { ++ log_tracing_state(ssl, c, s, where, rc); ++ } ++} ++ + #ifndef OPENSSL_NO_TLSEXT + /* + * This callback function is executed when OpenSSL encounters an extended + +Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h +URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h?rev=833622&r1=833621&r2=833622&view=diff +============================================================================== +--- 1/modules/ssl/ssl_private.h (original) ++++ 1/modules/ssl/ssl_private.h Sat Nov 7 00:56:23 2009 +@@ -356,6 +356,20 @@ + int is_proxy; + int disabled; + int non_ssl_request; ++ ++ /* Track the handshake/renegotiation state for the connection so ++ * that all client-initiated renegotiations can be rejected, as a ++ * partial fix for CVE-2009-3555. */ ++ enum { ++ RENEG_INIT = 0, /* Before initial handshake */ ++ RENEG_REJECT, /* After initial handshake; any client-initiated ++ * renegotiation should be rejected */ ++ RENEG_ALLOW, /* A server-initated renegotiation is taking ++ * place (as dictated by configuration) */ ++ RENEG_ABORT /* Renegotiation initiated by client, abort the ++ * connection */ ++ } reneg_state; ++ + server_rec *server; + } SSLConnRec; + +@@ -574,7 +588,7 @@ + int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *); + SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *); + void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *); +-void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE, int, int); ++void ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE, int, int); + #ifndef OPENSSL_NO_TLSEXT + int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *); + #endif --- apache2-2.2.14.orig/debian/patches/206-report-max-client-mpm-worker.dpatch +++ apache2-2.2.14/debian/patches/206-report-max-client-mpm-worker.dpatch @@ -0,0 +1,50 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: Don't report server has reached MaxClients until it has. +# Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=910320 + +@DPATCH@ +diff -Naurp httpd-2.2.14.orig/server/mpm/worker/worker.c httpd-2.2.14/server/mpm/worker/worker.c +--- httpd-2.2.14.orig/server/mpm/worker/worker.c 2007-07-17 10:48:25.000000000 -0400 ++++ httpd-2.2.14/server/mpm/worker/worker.c 2010-04-02 15:36:49.720038926 -0400 +@@ -1513,15 +1513,32 @@ static void perform_idle_server_maintena + else if (idle_thread_count < min_spare_threads) { + /* terminate the free list */ + if (free_length == 0) { +- /* only report this condition once */ +- static int reported = 0; +- +- if (!reported) { +- ap_log_error(APLOG_MARK, APLOG_ERR, 0, +- ap_server_conf, +- "server reached MaxClients setting, consider" +- " raising the MaxClients setting"); +- reported = 1; ++ /* No room for more children, might warn about configuration */ ++ if (active_thread_count >= ap_daemons_limit * ap_threads_per_child) { ++ /* no threads are "inactive" - starting, stopping, etc. - which would confuse matters */ ++ /* Are all threads in use? Then we're really at MaxClients */ ++ if (0 == idle_thread_count) { ++ /* only report this condition once */ ++ static int reported = 0; ++ ++ if (!reported) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ++ ap_server_conf, ++ "server reached MaxClients setting, consider" ++ " raising the MaxClients setting"); ++ reported = 1; ++ } ++ } else { ++ static int reported = 0; ++ ++ if (!reported) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ++ ap_server_conf, ++ "server is within MinSpareThreads of MaxClients, consider" ++ " raising the MaxClients setting"); ++ reported = 1; ++ } ++ } + } + idle_spawn_rate = 1; + } --- apache2-2.2.14.orig/debian/patches/201_build_suexec-custom.dpatch +++ apache2-2.2.14/debian/patches/201_build_suexec-custom.dpatch @@ -0,0 +1,42 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 201_make_suexec-custom.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: add suexec-custom to the build system + +@DPATCH@ +diff -urNad trunk~/Makefile.in trunk/Makefile.in +--- trunk~/Makefile.in 2007-04-24 13:08:01.000000000 +0200 ++++ trunk/Makefile.in 2008-04-02 23:03:53.928260185 +0200 +@@ -221,7 +221,7 @@ + fi + + suexec: +- cd support && $(MAKE) suexec ++ cd support && $(MAKE) suexec suexec-custom + + x-local-distclean: + @rm -rf autom4te.cache +diff -urNad trunk~/support/Makefile.in trunk/support/Makefile.in +--- trunk~/support/Makefile.in 2008-04-02 23:03:30.000000000 +0200 ++++ trunk/support/Makefile.in 2008-04-02 23:03:39.188260967 +0200 +@@ -1,7 +1,7 @@ + DISTCLEAN_TARGETS = apxs apachectl dbmmanage log_server_status \ + logresolve.pl phf_abuse_log.cgi split-logfile envvars-std + +-CLEAN_TARGETS = suexec ++CLEAN_TARGETS = suexec suexec-custom + + PROGRAMS = htpasswd htdigest rotatelogs logresolve ab checkgid htdbm htcacheclean httxt2dbm + TARGETS = $(PROGRAMS) +@@ -62,6 +62,10 @@ + suexec: $(suexec_OBJECTS) + $(LINK) $(suexec_OBJECTS) + ++suexec-custom_OBJECTS = suexec-custom.lo ++suexec-custom: $(suexec-custom_OBJECTS) ++ $(LINK) $(suexec-custom_OBJECTS) ++ + htcacheclean_OBJECTS = htcacheclean.lo + htcacheclean: $(htcacheclean_OBJECTS) + $(LINK) $(htcacheclean_LTFLAGS) $(htcacheclean_OBJECTS) $(PROGRAM_LDADD) --- apache2-2.2.14.orig/debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch +++ apache2-2.2.14/debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch @@ -0,0 +1,129 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +--- apache2-2.2.14.orig/configure 2010-04-13 14:38:14.396175449 -0400 ++++ apache2-2.2.14/configure 2010-04-13 14:52:26.000000000 -0400 +@@ -729,6 +729,7 @@ + MOD_FILTER_LDADD + MOD_INCLUDE_LDADD + MOD_EXT_FILTER_LDADD ++MOD_REQTIMEOUT_LDADD + MOD_CASE_FILTER_IN_LDADD + MOD_CASE_FILTER_LDADD + MOD_EXAMPLE_LDADD +@@ -912,6 +913,7 @@ + enable_example + enable_case_filter + enable_case_filter_in ++enable_reqtimeout + enable_ext_filter + enable_include + enable_filter +@@ -1655,6 +1657,7 @@ + --enable-example example and demo module + --enable-case-filter example uppercase conversion filter + --enable-case-filter-in example uppercase conversion input filter ++ --enable-reqtimeout Limit time waiting for request from client + --enable-ext-filter external filter module + --disable-include Server Side Includes + --disable-filter Smart Filtering +@@ -10084,6 +10083,99 @@ + + + ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_reqtimeout" >&5 ++$as_echo_n "checking whether to enable mod_reqtimeout... " >&6; } ++ # Check whether --enable-reqtimeout was given. ++if test "${enable_reqtimeout+set}" = set; then : ++ enableval=$enable_reqtimeout; ++else ++ enable_reqtimeout=most ++fi ++ ++ _apmod_extra_msg="" ++ if test "$module_selection" = "most" -a "$enable_reqtimeout" = "most"; then ++ _apmod_error_fatal="no" ++ else ++ _apmod_error_fatal="yes" ++ fi ++ if test "$enable_reqtimeout" = "static"; then ++ enable_reqtimeout=yes ++ elif test "$enable_reqtimeout" = "yes"; then ++ enable_reqtimeout=$module_default ++ _apmod_extra_msg=" ($module_selection)" ++ elif test "$enable_reqtimeout" = "most"; then ++ if test "$module_selection" = "most" -o "$module_selection" = "all"; then ++ enable_reqtimeout=$module_default ++ _apmod_extra_msg=" ($module_selection)" ++ elif test "$enable_reqtimeout" != "yes"; then ++ enable_reqtimeout=no ++ fi ++ elif test "$enable_reqtimeout" = "maybe-all"; then ++ if test "$module_selection" = "all"; then ++ enable_reqtimeout=$module_default ++ _apmod_extra_msg=" (all)" ++ else ++ enable_reqtimeout=no ++ fi ++ fi ++ if test "$enable_reqtimeout" != "no"; then ++ : ++ fi ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_reqtimeout$_apmod_extra_msg" >&5 ++$as_echo "$enable_reqtimeout$_apmod_extra_msg" >&6; } ++ if test "$enable_reqtimeout" != "no"; then ++ case "$enable_reqtimeout" in ++ shared*) ++ enable_reqtimeout=`echo $enable_reqtimeout|sed 's/shared,*//'` ++ sharedobjs=yes ++ shared=yes ++ DSO_MODULES="$DSO_MODULES reqtimeout" ++ ;; ++ *) ++ MODLIST="$MODLIST reqtimeout" ++ if test "reqtimeout" = "so"; then ++ sharedobjs=yes ++ fi ++ shared="";; ++ esac ++ ++ ++ if test -z ""; then ++ objects="mod_reqtimeout.lo" ++ else ++ objects="" ++ fi ++ ++ if test -z "$module_standalone"; then ++ if test -z "$shared"; then ++ # The filename of a convenience library must have a "lib" prefix: ++ libname="libmod_reqtimeout.la" ++ BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" ++ modpath_static="$modpath_static $libname" ++ cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 + $as_echo_n "checking whether to enable mod_ext_filter... " >&6; } + # Check whether --enable-ext-filter was given. --- apache2-2.2.14.orig/debian/patches/203_fix-ab-segfault.dpatch +++ apache2-2.2.14/debian/patches/203_fix-ab-segfault.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +diff -Naurp httpd-2.2.14.orig/support/ab.c httpd-2.2.14/support/ab.c +--- httpd-2.2.14.orig/support/ab.c 2009-09-14 15:43:02.000000000 -0400 ++++ httpd-2.2.14/support/ab.c 2010-03-08 13:51:32.342885487 -0500 +@@ -1568,7 +1568,14 @@ static void test(void) + + con = calloc(concurrency, sizeof(struct connection)); + ++ /* ++ * XXX: a way to caluclate the stats without requiring O(requests) memory ++ * XXX: would be nice. ++ */ + stats = calloc(requests, sizeof(struct data)); ++ if (stats == NULL) { ++ err("Cannot allocate memory for result statistics"); ++ } + + if ((status = apr_pollset_create(&readbits, concurrency, cntxt, 0)) != APR_SUCCESS) { + apr_err("apr_pollset_create failed", status); --- apache2-2.2.14.orig/debian/patches/068_mod_dav_detect_EOF.dpatch +++ apache2-2.2.14/debian/patches/068_mod_dav_detect_EOF.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## DP: Detect aborted connections for PUT and POST (Bug#451563) +## Forwarded: https://issues.apache.org/bugzilla/show_bug.cgi?id=33098 + +@DPATCH@ +--- a/modules/http/http_filters.c 2009/07/09 06:24:53 792408 ++++ a/modules/http/http_filters.c 2009/07/09 06:28:54 792409 +@@ -524,6 +524,11 @@ + + if (ctx->state != BODY_NONE) { + ctx->remaining -= totalread; ++ if (ctx->remaining > 0) { ++ e = APR_BRIGADE_LAST(b); ++ if (APR_BUCKET_IS_EOS(e)) ++ return APR_EOF; ++ } + } + + /* If we have no more bytes remaining on a C-L request, --- apache2-2.2.14.orig/debian/patches/004_usr_bin_perl_0wnz_j00 +++ apache2-2.2.14/debian/patches/004_usr_bin_perl_0wnz_j00 @@ -0,0 +1,15 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 004_usr_bin_perl_0wnz_j00 by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Call /usr/bin/perl in printenv, not /usr/local/bin/perl + +@DPATCH@ +--- apache2/docs/cgi-examples/printenv.orig Fri Sep 21 17:31:24 2001 ++++ apache2/docs/cgi-examples/printenv Fri Sep 21 17:31:29 2001 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + ## + ## printenv -- demo CGI program which just prints its environment + ## --- apache2-2.2.14.orig/debian/patches/052_logresolve_linelength.dpatch +++ apache2-2.2.14/debian/patches/052_logresolve_linelength.dpatch @@ -0,0 +1,78 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 052_logresolve_linelength.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: remove limit of 1024 bytes per line #331631 + +@DPATCH@ +diff -urNad trunk~/support/logresolve.c trunk/support/logresolve.c +--- trunk~/support/logresolve.c 2006-07-12 05:38:44.000000000 +0200 ++++ trunk/support/logresolve.c 2007-09-27 20:12:47.093217594 +0200 +@@ -82,7 +82,7 @@ + #endif + + static void cgethost(struct in_addr ipnum, char *string, int check); +-static int get_line(char *s, int n); ++static int get_line(); + static void stats(FILE *output); + + #ifdef BEOS +@@ -90,11 +90,6 @@ + #endif + + +-/* maximum line length */ +-#ifndef MAXLINE +-#define MAXLINE 1024 +-#endif +- + /* maximum length of a domain name */ + #ifndef MAXDNAME + #define MAXDNAME 256 +@@ -141,6 +136,8 @@ + static int resolves = 0; + static int withname = 0; + static int errors[MAX_ERR + 3]; ++static size_t maxline=0; ++static char *line = NULL; + + /* + * cgethost - gets hostname by IP address, caching, and adding unresolvable +@@ -287,14 +284,15 @@ + * gets a line from stdin + */ + +-static int get_line (char *s, int n) ++static int get_line () + { ++ ssize_t len; + char *cp; + +- if (!fgets(s, n, stdin)) ++ if ( (len = getline(&line, &maxline, stdin)) == -1 ) + return (0); +- cp = strchr(s, '\n'); +- if (cp) ++ cp = line + len -1; ++ if (*cp == '\n') + *cp = '\0'; + return (1); + } +@@ -302,7 +300,7 @@ + int main (int argc, char *argv[]) + { + struct in_addr ipnum; +- char *bar, hoststring[MAXDNAME + 1], line[MAXLINE], *statfile; ++ char *bar, hoststring[MAXDNAME + 1], *statfile; + int i, check; + + #if defined(WIN32) || (defined(NETWARE) && defined(USE_WINSOCK)) +@@ -337,7 +335,7 @@ + for (i = 0; i < MAX_ERR + 2; i++) + errors[i] = 0; + +- while (get_line(line, MAXLINE)) { ++ while (get_line()) { + if (line[0] == '\0') + continue; + entries++; --- apache2-2.2.14.orig/debian/patches/008_make_include_safe +++ apache2-2.2.14/debian/patches/008_make_include_safe @@ -0,0 +1,68 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 008_make_include_safe by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Avoid including dpkg droppings in globbed includes. + +@DPATCH@ +--- apache2-2.2.0/server/config.c 2005-11-17 13:39:15.000000000 +0000 ++++ apache2-2.2.0/server/config.c 2006-01-27 17:06:19.000000000 +0000 +@@ -34,6 +34,7 @@ + #include "apr_portable.h" + #include "apr_file_io.h" + #include "apr_fnmatch.h" ++#include "apr_lib.h" + + #define APR_WANT_STDIO + #define APR_WANT_STRFUNC +@@ -1521,6 +1522,30 @@ + return strcmp(f1->fname,f2->fname); + } + ++static int fname_valid(const char *fname) { ++ const unsigned char *c = fname; ++ unsigned char bad_dpkg[] = "*.dpkg*"; ++ ++ if (!apr_isalnum(*c)) { ++ return 0; ++ } ++ ++c; ++ ++ ++ while (*c) { ++ if (!apr_isalnum(*c) && *c!='_' && *c!='-' && *c!='.') { ++ return 0; ++ } ++ ++c; ++ } ++ ++ if (!apr_fnmatch(bad_dpkg, fname, 0)) { ++ return 0; ++ } ++ ++ return 1; ++} ++ + static const char *process_resource_config_nofnmatch(server_rec *s, + const char *fname, + ap_directive_t **conftree, +@@ -1564,7 +1589,8 @@ + while (apr_dir_read(&dirent, APR_FINFO_DIRENT, dirp) == APR_SUCCESS) { + /* strip out '.' and '..' */ + if (strcmp(dirent.name, ".") +- && strcmp(dirent.name, "..")) { ++ && strcmp(dirent.name, "..") ++ && fname_valid(dirent.name)) { + fnew = (fnames *) apr_array_push(candidates); + fnew->fname = ap_make_full_path(p, path, dirent.name); + } +@@ -1692,7 +1718,8 @@ + if (strcmp(dirent.name, ".") + && strcmp(dirent.name, "..") + && (apr_fnmatch(pattern, dirent.name, +- APR_FNM_PERIOD) == APR_SUCCESS)) { ++ APR_FNM_PERIOD) == APR_SUCCESS) ++ && fname_valid(dirent.name)) { + fnew = (fnames *) apr_array_push(candidates); + fnew->fname = ap_make_full_path(p, path, dirent.name); + } --- apache2-2.2.14.orig/debian/patches/205_CVE-2010-0434.dpatch +++ apache2-2.2.14/debian/patches/205_CVE-2010-0434.dpatch @@ -0,0 +1,49 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: fix information disclosure via improper handling of +# headers in subrequests +# Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=917867 +# Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=48359 + +@DPATCH@ +diff -urNad apache2-2.2.14~/server/protocol.c apache2-2.2.14/server/protocol.c +--- apache2-2.2.14~/server/protocol.c 2009-01-12 09:03:38.000000000 -0500 ++++ apache2-2.2.14/server/protocol.c 2010-03-10 14:48:44.000000000 -0500 +@@ -1041,15 +1041,13 @@ + return r; + } + +-/* if a request with a body creates a subrequest, clone the original request's +- * input headers minus any headers pertaining to the body which has already +- * been read. out-of-line helper function for ap_set_sub_req_protocol. ++/* if a request with a body creates a subrequest, remove original request's ++ * input headers which pertain to the body which has already been read. ++ * out-of-line helper function for ap_set_sub_req_protocol. + */ + +-static void clone_headers_no_body(request_rec *rnew, +- const request_rec *r) ++static void strip_headers_request_body(request_rec *rnew) + { +- rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in); + apr_table_unset(rnew->headers_in, "Content-Encoding"); + apr_table_unset(rnew->headers_in, "Content-Language"); + apr_table_unset(rnew->headers_in, "Content-Length"); +@@ -1083,15 +1081,14 @@ + + rnew->status = HTTP_OK; + ++ rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in); ++ + /* did the original request have a body? (e.g. POST w/SSI tags) + * if so, make sure the subrequest doesn't inherit body headers + */ + if (apr_table_get(r->headers_in, "Content-Length") + || apr_table_get(r->headers_in, "Transfer-Encoding")) { +- clone_headers_no_body(rnew, r); +- } else { +- /* no body (common case). clone headers the cheap way */ +- rnew->headers_in = r->headers_in; ++ strip_headers_request_body(rnew); + } + rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env); + rnew->headers_out = apr_table_make(rnew->pool, 5); --- apache2-2.2.14.orig/debian/patches/033_dbm_read_hash_or_btree +++ apache2-2.2.14/debian/patches/033_dbm_read_hash_or_btree @@ -0,0 +1,38 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 033_dbm_read_hash_or_btree by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Be more liberal in the sorts of DBM files we accept. + +@DPATCH@ +--- apache2/support/dbmmanage.in 2004-09-28 00:28:58.000000000 -0600 ++++ apache2/support/dbmmanage.in 2004-09-28 00:29:33.000000000 -0600 +@@ -24,7 +24,7 @@ + BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File SDBM_File) } + use strict; + use Fcntl; +-use AnyDBM_File (); ++use DB_File (); + + sub usage { + my $cmds = join "|", sort keys %dbmc::; +@@ -154,7 +154,9 @@ + my($mode, $flags) = $command =~ + /^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT); + +-tie (%DB, "AnyDBM_File", $file, $flags, $mode) || die "Can't tie $file: $!"; ++tie (%DB, "DB_File", $file, $flags, $mode, $DB_File::DB_HASH) || ++ tie (%DB, "DB_File", $file, $flags, $mode, $DB_File::DB_BTREE) || ++ die "Can't tie $file: $!"; + dbmc->$command(); + untie %DB; + +@@ -168,7 +168,7 @@ + srand (time ^ $$ or time ^ ($$ + ($$ << 15))); + } + else { +- for (qw(-xlwwa -le)) { ++ for (qw(xlwwa -le)) { + `ps $_ 2>/dev/null`; + $psf = $_, last unless $?; + } --- apache2-2.2.14.orig/debian/patches/204_CVE-2010-0408.dpatch +++ apache2-2.2.14/debian/patches/204_CVE-2010-0408.dpatch @@ -0,0 +1,17 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: fix denial of service via crafted request in mod_proxy_ajp +# Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=917876 + +@DPATCH@ +diff -urNad apache2-2.2.14~/modules/proxy/mod_proxy_ajp.c apache2-2.2.14/modules/proxy/mod_proxy_ajp.c +--- apache2-2.2.14~/modules/proxy/mod_proxy_ajp.c 2009-04-25 06:04:21.000000000 -0400 ++++ apache2-2.2.14/modules/proxy/mod_proxy_ajp.c 2010-03-10 14:48:29.000000000 -0500 +@@ -257,7 +257,7 @@ + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: ap_get_brigade failed"); + apr_brigade_destroy(input_brigade); +- return HTTP_INTERNAL_SERVER_ERROR; ++ return HTTP_BAD_REQUEST; + } + + /* have something */ --- apache2-2.2.14.orig/debian/patches/209-backport-mod-reqtimeout.dpatch +++ apache2-2.2.14/debian/patches/209-backport-mod-reqtimeout.dpatch @@ -0,0 +1,941 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: Backport of mod-reqtimeout +# Oirgin: upstream, http://svn.apache.org/viewvc?view=revision&revision=917211 + +@DPATCH@ +diff -Naurp httpd-2.2.14.orig/Apache.dsw httpd-2.2.14/Apache.dsw +--- httpd-2.2.14.orig/Apache.dsw 2009-07-29 16:48:06.000000000 -0400 ++++ httpd-2.2.14/Apache.dsw 2010-04-05 10:50:40.566146444 -0400 +@@ -249,6 +249,9 @@ Package=<4> + Project_Dep_Name mod_proxy_http + End Project Dependency + Begin Project Dependency ++ Project_Dep_Name mod_reqtimeout ++ End Project Dependency ++ Begin Project Dependency + Project_Dep_Name mod_rewrite + End Project Dependency + Begin Project Dependency +@@ -2181,6 +2184,27 @@ Package=<4> + + ############################################################################### + ++Project: "mod_reqtimeout"=.\modules\filters\mod_reqtimeout.dsp - Package Owner=<4> ++ ++Package=<5> ++{{{ ++}}} ++ ++Package=<4> ++{{{ ++ Begin Project Dependency ++ Project_Dep_Name libapr ++ End Project Dependency ++ Begin Project Dependency ++ Project_Dep_Name libaprutil ++ End Project Dependency ++ Begin Project Dependency ++ Project_Dep_Name libhttpd ++ End Project Dependency ++}}} ++ ++############################################################################### ++ + Project: "mod_rewrite"=.\modules\mappers\mod_rewrite.dsp - Package Owner=<4> + + Package=<5> +diff -Naurp httpd-2.2.14.orig/build/installwinconf.awk httpd-2.2.14/build/installwinconf.awk +--- httpd-2.2.14.orig/build/installwinconf.awk 2008-02-13 07:47:17.000000000 -0500 ++++ httpd-2.2.14/build/installwinconf.awk 2010-04-05 10:50:49.083146266 -0400 +@@ -147,6 +147,7 @@ BEGIN { + print "#LoadModule proxy_connect_module modules/mod_proxy_connect.so" > dstfl; + print "#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so" > dstfl; + print "#LoadModule proxy_http_module modules/mod_proxy_http.so" > dstfl; ++ print "#LoadModule reqtimeout_module modules/mod_reqtimeout.so" > dstfl; + print "#LoadModule rewrite_module modules/mod_rewrite.so" > dstfl; + print "LoadModule setenvif_module modules/mod_setenvif.so" > dstfl; + print "#LoadModule speling_module modules/mod_speling.so" > dstfl; +diff -Naurp httpd-2.2.14.orig/docs/manual/mod/mod_reqtimeout.xml httpd-2.2.14/docs/manual/mod/mod_reqtimeout.xml +--- httpd-2.2.14.orig/docs/manual/mod/mod_reqtimeout.xml 1969-12-31 19:00:00.000000000 -0500 ++++ httpd-2.2.14/docs/manual/mod/mod_reqtimeout.xml 2010-04-05 10:51:08.000000000 -0400 +@@ -0,0 +1,141 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++mod_reqtimeout ++Set timeout and minimum data rate for receiving requests ++ ++Experimental ++mod_reqtimeout.c ++reqtimeout_module ++Available in Apache 2.2.15 and later ++ ++
Examples ++ ++
    ++
  1. ++ Allow 10 seconds to receive the request including the headers and ++ 30 seconds for receiving the request body: ++ ++ ++ RequestReadTimeout header=10 body=30 ++ ++
    2. ++ ++
  2. ++ Allow at least 10 seconds to receive the request body. ++ If the client sends data, increase the timeout by 1 second for every ++ 1000 bytes received, with no upper limit for the timeout (exept for ++ the limit given indirectly by ++ LimitRequestBody): ++ ++ ++ RequestReadTimeout body=10,MinRate=1000 ++ ++
    3. ++ ++
  3. ++ Allow at least 10 seconds to receive the request including the headers. ++ If the client sends data, increase the timeout by 1 second for every ++ 500 bytes received. But do not allow more than 30 seconds for the ++ request including the headers: ++ ++ ++ RequestReadTimeout header=10-30,MinRate=500 ++ ++
    4. ++ ++
++
++ ++ ++RequestReadTimeout ++Set timeout values for receiving request headers and body from client. ++ ++RequestReadTimeout ++[header=timeout[[-maxtimeout],MinRate=rate] ++[body=timeout[[-maxtimeout],MinRate=rate] ++ ++Unset; no limit ++server configvirtual host ++ ++ ++ ++

This directive can set various timeouts for receiving the request headers ++ and the request body from the client. If the client fails to send headers or ++ body within the configured time, a 408 REQUEST TIME OUT error ++ is sent.

++ ++

For SSL virtual hosts, the header timeout values include the time needed ++ to do the initial SSL handshake. The body timeout values include the time ++ needed for SSL renegotiation (if necessary).

++ ++

When an AcceptFilter is in use ++ (usually the case on Linux and FreeBSD), the socket is not sent to the ++ server process before at least one byte (or the whole request for ++ httpready) is received. The header timeout configured with ++ RequestReadTimeout is only effective after the server process has ++ received the socket.

++ ++

For each of the two timeout types (header or body), there are three ways ++ to specify the timeout: ++

++ ++
    ++ ++
  • Fixed timeout value:
    ++ ++ type=timeout ++ ++

    The time in seconds allowed for reading all of the request headers or ++ body, respectively. A value of 0 means no limit.

    ++
    • ++ ++
  • Timeout value that is increased when data is ++ received:
    ++ ++ type=timeout,MinRate=data_rate ++ ++ ++

    Same as above, but whenever data is received, the timeout value is ++ increased according to the specified minimum data rate (in bytes per ++ second).

    ++
    • ++ ++
  • Timeout value that is increased when data is received, with an ++ upper bound:
    ++ ++ type=timeout-maxtimeout,MinRate=data_rate ++ ++ ++

    Same as above, but the timeout will not be increased above the second ++ value of the specified timeout range.

    ++
    • ++ ++
++ ++ ++ ++ ++ ++ +diff -Naurp httpd-2.2.14.orig/docs/manual/mod/mod_reqtimeout.xml.meta httpd-2.2.14/docs/manual/mod/mod_reqtimeout.xml.meta +--- httpd-2.2.14.orig/docs/manual/mod/mod_reqtimeout.xml.meta 1969-12-31 19:00:00.000000000 -0500 ++++ httpd-2.2.14/docs/manual/mod/mod_reqtimeout.xml.meta 2010-04-05 10:51:21.000000000 -0400 +@@ -0,0 +1,12 @@ ++ ++ ++ ++ ++ mod_reqtimeout ++ /mod/ ++ .. ++ ++ ++ en ++ ++ +diff -Naurp httpd-2.2.14.orig/Makefile.win httpd-2.2.14/Makefile.win +--- httpd-2.2.14.orig/Makefile.win 2009-09-09 08:53:23.000000000 -0400 ++++ httpd-2.2.14/Makefile.win 2010-04-05 10:51:29.798157260 -0400 +@@ -355,6 +355,7 @@ _build: + $(MAKE) $(MAKEOPT) -f mod_ext_filter.mak CFG="mod_ext_filter - Win32 $(LONG)" RECURSE=0 $(CTARGET) + $(MAKE) $(MAKEOPT) -f mod_filter.mak CFG="mod_filter - Win32 $(LONG)" RECURSE=0 $(CTARGET) + $(MAKE) $(MAKEOPT) -f mod_include.mak CFG="mod_include - Win32 $(LONG)" RECURSE=0 $(CTARGET) ++ $(MAKE) $(MAKEOPT) -f mod_reqtimeout.mak CFG="mod_reqtimeout - Win32 $(LONG)" RECURSE=0 $(CTARGET) + $(MAKE) $(MAKEOPT) -f mod_substitute.mak CFG="mod_substitute - Win32 $(LONG)" RECURSE=0 $(CTARGET) + cd ..\.. + cd modules\generators +@@ -542,6 +543,7 @@ _copybin: + copy modules\filters\$(LONG)\mod_ext_filter.$(src_so) "$(inst_so)" <.y + copy modules\filters\$(LONG)\mod_filter.$(src_so) "$(inst_so)" <.y + copy modules\filters\$(LONG)\mod_include.$(src_so) "$(inst_so)" <.y ++ copy modules\filters\$(LONG)\mod_reqtimeout.$(src_so) "$(inst_so)" <.y + copy modules\filters\$(LONG)\mod_substitute.$(src_so) "$(inst_so)" <.y + copy modules\generators\$(LONG)\mod_asis.$(src_so) "$(inst_so)" <.y + copy modules\generators\$(LONG)\mod_autoindex.$(src_so) "$(inst_so)" <.y +diff -Naurp httpd-2.2.14.orig/modules/filters/config.m4 httpd-2.2.14/modules/filters/config.m4 +--- httpd-2.2.14.orig/modules/filters/config.m4 2007-12-09 10:19:40.000000000 -0500 ++++ httpd-2.2.14/modules/filters/config.m4 2010-04-05 10:51:38.254147346 -0400 +@@ -4,6 +4,7 @@ dnl APACHE_MODULE(name, helptext[, objec + + APACHE_MODPATH_INIT(filters) + ++APACHE_MODULE(reqtimeout, Limit time waiting for request from client, , , most) + APACHE_MODULE(ext_filter, external filter module, , , most) + APACHE_MODULE(include, Server Side Includes, , , yes) + APACHE_MODULE(filter, Smart Filtering, , , yes) +diff -Naurp httpd-2.2.14.orig/modules/filters/mod_reqtimeout.c httpd-2.2.14/modules/filters/mod_reqtimeout.c +--- httpd-2.2.14.orig/modules/filters/mod_reqtimeout.c 1969-12-31 19:00:00.000000000 -0500 ++++ httpd-2.2.14/modules/filters/mod_reqtimeout.c 2010-04-05 11:04:29.330162814 -0400 +@@ -0,0 +1,540 @@ ++/* Licensed to the Apache Software Foundation (ASF) under one or more ++ * contributor license agreements. See the NOTICE file distributed with ++ * this work for additional information regarding copyright ownership. ++ * The ASF licenses this file to You under the Apache License, Version 2.0 ++ * (the "License"); you may not use this file except in compliance with ++ * the License. You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++#include "httpd.h" ++#include "http_config.h" ++#include "http_request.h" ++#include "http_connection.h" ++#include "http_protocol.h" ++#include "http_log.h" ++#define CORE_PRIVATE ++#include "http_core.h" ++#include "util_filter.h" ++#define APR_WANT_STRFUNC ++#include "apr_strings.h" ++#include "apr_support.h" ++ ++module AP_MODULE_DECLARE_DATA reqtimeout_module; ++ ++typedef struct ++{ ++ int header_timeout; /* timeout for reading the req hdrs in secs */ ++ int header_max_timeout; /* max timeout for req hdrs in secs */ ++ int header_min_rate; /* min rate for reading req hdrs in bytes/s */ ++ apr_time_t header_rate_factor; ++ int body_timeout; /* timeout for reading the req body in secs */ ++ int body_max_timeout; /* max timeout for req body in secs */ ++ int body_min_rate; /* timeout for reading the req body in secs */ ++ apr_time_t body_rate_factor; ++} reqtimeout_srv_cfg; ++ ++/* this struct is used both as conn_config and as filter context */ ++typedef struct ++{ ++ apr_time_t timeout_at; ++ apr_time_t max_timeout_at; ++ int min_rate; ++ int new_timeout; ++ int new_max_timeout; ++ int in_keep_alive; ++ char *type; ++ apr_socket_t *socket; ++ apr_time_t rate_factor; ++ apr_bucket_brigade *tmpbb; ++} reqtimeout_con_cfg; ++ ++static const char *const reqtimeout_filter_name = "reqtimeout"; ++ ++static void extend_timeout(reqtimeout_con_cfg *ccfg, apr_bucket_brigade *bb) ++{ ++ apr_off_t len; ++ apr_time_t new_timeout_at; ++ ++ if (apr_brigade_length(bb, 0, &len) != APR_SUCCESS || len <= 0) ++ return; ++ ++ new_timeout_at = ccfg->timeout_at + len * ccfg->rate_factor; ++ if (ccfg->max_timeout_at > 0 && new_timeout_at > ccfg->max_timeout_at) { ++ ccfg->timeout_at = ccfg->max_timeout_at; ++ } ++ else { ++ ccfg->timeout_at = new_timeout_at; ++ } ++} ++ ++static apr_status_t check_time_left(reqtimeout_con_cfg *ccfg, ++ apr_time_t *time_left_p) ++{ ++ *time_left_p = ccfg->timeout_at - apr_time_now(); ++ if (*time_left_p <= 0) ++ return APR_TIMEUP; ++ ++ if (*time_left_p < apr_time_from_sec(1)) { ++ *time_left_p = apr_time_from_sec(1); ++ } ++ return APR_SUCCESS; ++} ++ ++static apr_status_t have_lf_or_eos(apr_bucket_brigade *bb) ++{ ++ apr_bucket *b = APR_BRIGADE_LAST(bb); ++ ++ for ( ; b != APR_BRIGADE_SENTINEL(bb) ; b = APR_BUCKET_PREV(b) ) { ++ const char *str; ++ apr_size_t len; ++ apr_status_t rv; ++ ++ if (APR_BUCKET_IS_EOS(b)) ++ return APR_SUCCESS; ++ ++ if (APR_BUCKET_IS_METADATA(b)) ++ continue; ++ ++ rv = apr_bucket_read(b, &str, &len, APR_BLOCK_READ); ++ if (rv != APR_SUCCESS) ++ return rv; ++ ++ if (len == 0) ++ continue; ++ ++ if (str[len-1] == APR_ASCII_LF) ++ return APR_SUCCESS; ++ } ++ return APR_INCOMPLETE; ++} ++ ++ ++#define MIN(x,y) ((x) < (y) ? (x) : (y)) ++static apr_status_t reqtimeout_filter(ap_filter_t *f, ++ apr_bucket_brigade *bb, ++ ap_input_mode_t mode, ++ apr_read_type_e block, ++ apr_off_t readbytes) ++{ ++ apr_time_t time_left; ++ apr_time_t now; ++ apr_status_t rv; ++ apr_interval_time_t saved_sock_timeout = -1; ++ reqtimeout_con_cfg *ccfg = f->ctx; ++ ++ if (ccfg->in_keep_alive) { ++ /* For this read, the normal keep-alive timeout must be used */ ++ ccfg->in_keep_alive = 0; ++ return ap_get_brigade(f->next, bb, mode, block, readbytes); ++ } ++ ++ now = apr_time_now(); ++ if (ccfg->new_timeout > 0) { ++ /* set new timeout */ ++ ccfg->timeout_at = now + apr_time_from_sec(ccfg->new_timeout); ++ ccfg->new_timeout = 0; ++ if (ccfg->new_max_timeout > 0) { ++ ccfg->max_timeout_at = now + apr_time_from_sec(ccfg->new_max_timeout); ++ ccfg->new_max_timeout = 0; ++ } ++ } ++ else if (ccfg->timeout_at == 0) { ++ /* no timeout set */ ++ return ap_get_brigade(f->next, bb, mode, block, readbytes); ++ } ++ ++ if (!ccfg->socket) { ++ ccfg->socket = ap_get_module_config(f->c->conn_config, &core_module); ++ } ++ ++ rv = check_time_left(ccfg, &time_left); ++ if (rv != APR_SUCCESS) ++ goto out; ++ ++ if (block == APR_NONBLOCK_READ || mode == AP_MODE_INIT ++ || mode == AP_MODE_EATCRLF) { ++ rv = ap_get_brigade(f->next, bb, mode, block, readbytes); ++ if (ccfg->min_rate > 0 && rv == APR_SUCCESS) { ++ extend_timeout(ccfg, bb); ++ } ++ return rv; ++ } ++ ++ rv = apr_socket_timeout_get(ccfg->socket, &saved_sock_timeout); ++ AP_DEBUG_ASSERT(rv == APR_SUCCESS); ++ ++ rv = apr_socket_timeout_set(ccfg->socket, MIN(time_left, saved_sock_timeout)); ++ AP_DEBUG_ASSERT(rv == APR_SUCCESS); ++ ++ if (mode == AP_MODE_GETLINE) { ++ /* ++ * For a blocking AP_MODE_GETLINE read, apr_brigade_split_line() ++ * would loop until a whole line has been read. As this would make it ++ * impossible to enforce a total timeout, we only do non-blocking ++ * reads. ++ */ ++ apr_off_t remaining = HUGE_STRING_LEN; ++ do { ++ apr_off_t bblen; ++ ++ rv = ap_get_brigade(f->next, bb, AP_MODE_GETLINE, APR_NONBLOCK_READ, remaining); ++ if (APR_STATUS_IS_EAGAIN(rv)) { ++ rv = APR_SUCCESS; ++ } ++ else if (rv != APR_SUCCESS) { ++ break; ++ } ++ ++ if (!APR_BRIGADE_EMPTY(bb)) { ++ if (ccfg->min_rate > 0) { ++ extend_timeout(ccfg, bb); ++ } ++ ++ rv = have_lf_or_eos(bb); ++ if (rv != APR_INCOMPLETE) { ++ break; ++ } ++ ++ rv = apr_brigade_length(bb, 1, &bblen); ++ if (rv != APR_SUCCESS) { ++ break; ++ } ++ remaining -= bblen; ++ if (remaining <= 0) { ++ break; ++ } ++ ++ /* Haven't got a whole line yet, save what we have ... */ ++ if (!ccfg->tmpbb) { ++ ccfg->tmpbb = apr_brigade_create(f->c->pool, f->c->bucket_alloc); ++ } ++ APR_BRIGADE_CONCAT(ccfg->tmpbb, bb); ++ } ++ ++ /* ... and wait for more */ ++ rv = apr_wait_for_io_or_timeout(NULL, ccfg->socket, 1); ++ if (rv != APR_SUCCESS) ++ break; ++ ++ rv = check_time_left(ccfg, &time_left); ++ if (rv != APR_SUCCESS) ++ break; ++ ++ rv = apr_socket_timeout_set(ccfg->socket, ++ MIN(time_left, saved_sock_timeout)); ++ AP_DEBUG_ASSERT(rv == APR_SUCCESS); ++ ++ } while (1); ++ ++ if (ccfg->tmpbb) ++ APR_BRIGADE_PREPEND(bb, ccfg->tmpbb); ++ ++ } ++ else { ++ /* mode != AP_MODE_GETLINE */ ++ rv = ap_get_brigade(f->next, bb, mode, block, readbytes); ++ if (ccfg->min_rate > 0 && rv == APR_SUCCESS) { ++ extend_timeout(ccfg, bb); ++ } ++ } ++ ++ apr_socket_timeout_set(ccfg->socket, saved_sock_timeout); ++ ++out: ++ if (rv == APR_TIMEUP) { ++ ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c, ++ "Request %s read timeout", ccfg->type); ++ /* ++ * If we allow a normal lingering close, the client may keep this ++ * process/thread busy for another 30s (MAX_SECS_TO_LINGER). ++ * Therefore we tell ap_lingering_close() to shorten this period to ++ * 2s (SECONDS_TO_LINGER). ++ */ ++ apr_table_setn(f->c->notes, "short-lingering-close", "1"); ++ } ++ return rv; ++} ++ ++static int reqtimeout_init(conn_rec *c) ++{ ++ reqtimeout_con_cfg *ccfg; ++ reqtimeout_srv_cfg *cfg; ++ ++ cfg = ap_get_module_config(c->base_server->module_config, ++ &reqtimeout_module); ++ AP_DEBUG_ASSERT(cfg != NULL); ++ if (cfg->header_timeout <= 0 && cfg->body_timeout <= 0) { ++ /* not configured for this vhost */ ++ return DECLINED; ++ } ++ ++ ccfg = apr_pcalloc(c->pool, sizeof(reqtimeout_con_cfg)); ++ ccfg->new_timeout = cfg->header_timeout; ++ ccfg->new_max_timeout = cfg->header_max_timeout; ++ ccfg->type = "header"; ++ ccfg->min_rate = cfg->header_min_rate; ++ ccfg->rate_factor = cfg->header_rate_factor; ++ ap_set_module_config(c->conn_config, &reqtimeout_module, ccfg); ++ ++ ap_add_input_filter("reqtimeout", ccfg, NULL, c); ++ /* we are not handling the connection, we just do initialization */ ++ return DECLINED; ++} ++ ++static int reqtimeout_after_headers(request_rec *r) ++{ ++ reqtimeout_srv_cfg *cfg; ++ reqtimeout_con_cfg *ccfg = ++ ap_get_module_config(r->connection->conn_config, &reqtimeout_module); ++ ++ if (ccfg == NULL) { ++ /* not configured for this connection */ ++ return OK; ++ } ++ ++ cfg = ap_get_module_config(r->connection->base_server->module_config, ++ &reqtimeout_module); ++ AP_DEBUG_ASSERT(cfg != NULL); ++ ++ ccfg->timeout_at = 0; ++ ccfg->max_timeout_at = 0; ++ if (r->method_number != M_CONNECT) { ++ ccfg->new_timeout = cfg->body_timeout; ++ ccfg->new_max_timeout = cfg->body_max_timeout; ++ ccfg->min_rate = cfg->body_min_rate; ++ ccfg->rate_factor = cfg->body_rate_factor; ++ ccfg->type = "body"; ++ } ++ ++ return OK; ++} ++ ++static int reqtimeout_after_body(request_rec *r) ++{ ++ reqtimeout_srv_cfg *cfg; ++ reqtimeout_con_cfg *ccfg = ++ ap_get_module_config(r->connection->conn_config, &reqtimeout_module); ++ ++ if (ccfg == NULL) { ++ /* not configured for this connection */ ++ return OK; ++ } ++ ++ cfg = ap_get_module_config(r->connection->base_server->module_config, ++ &reqtimeout_module); ++ AP_DEBUG_ASSERT(cfg != NULL); ++ ++ ccfg->timeout_at = 0; ++ ccfg->max_timeout_at = 0; ++ ccfg->in_keep_alive = 1; ++ ccfg->new_timeout = cfg->header_timeout; ++ ccfg->new_max_timeout = cfg->header_max_timeout; ++ ccfg->min_rate = cfg->header_min_rate; ++ ccfg->rate_factor = cfg->header_rate_factor; ++ ++ ccfg->type = "header"; ++ ++ return OK; ++} ++ ++static void *reqtimeout_create_srv_config(apr_pool_t *p, server_rec *s) ++{ ++ reqtimeout_srv_cfg *cfg = apr_pcalloc(p, sizeof(reqtimeout_srv_cfg)); ++ ++ cfg->header_timeout = -1; ++ cfg->header_max_timeout = -1; ++ cfg->header_min_rate = -1; ++ cfg->body_timeout = -1; ++ cfg->body_max_timeout = -1; ++ cfg->body_min_rate = -1; ++ ++ return cfg; ++} ++ ++#define MERGE_INT(cfg, b, a, val) cfg->val = (a->val == -1) ? b->val : a->val; ++static void *reqtimeout_merge_srv_config(apr_pool_t *p, void *base_, void *add_) ++{ ++ reqtimeout_srv_cfg *base = base_; ++ reqtimeout_srv_cfg *add = add_; ++ reqtimeout_srv_cfg *cfg = apr_pcalloc(p, sizeof(reqtimeout_srv_cfg)); ++ ++ MERGE_INT(cfg, base, add, header_timeout); ++ MERGE_INT(cfg, base, add, header_max_timeout); ++ MERGE_INT(cfg, base, add, header_min_rate); ++ MERGE_INT(cfg, base, add, body_timeout); ++ MERGE_INT(cfg, base, add, body_max_timeout); ++ MERGE_INT(cfg, base, add, body_min_rate); ++ ++ cfg->header_rate_factor = (cfg->header_min_rate == -1) ? base->header_rate_factor : ++ add->header_rate_factor; ++ cfg->body_rate_factor = (cfg->body_min_rate == -1) ? base->body_rate_factor : ++ add->body_rate_factor; ++ ++ return cfg; ++} ++ ++static const char *parse_int(apr_pool_t *p, const char *arg, int *val) { ++ char *endptr; ++ *val = strtol(arg, &endptr, 10); ++ ++ if (arg == endptr) { ++ return apr_psprintf(p, "Value '%s' not numerical", endptr); ++ } ++ if (*endptr != '\0') { ++ return apr_psprintf(p, "Cannot parse '%s'", endptr); ++ } ++ if (*val < 0) { ++ return "Value must be non-negative"; ++ } ++ return NULL; ++} ++ ++static const char *set_reqtimeout_param(reqtimeout_srv_cfg *conf, ++ apr_pool_t *p, ++ const char *key, ++ const char *val) ++{ ++ const char *ret = NULL; ++ char *rate_str = NULL, *initial_str, *max_str = NULL; ++ int rate = 0, initial = 0, max = 0; ++ enum { PARAM_HEADER, PARAM_BODY } type; ++ ++ if (!strcasecmp(key, "header")) { ++ type = PARAM_HEADER; ++ } ++ else if (!strcasecmp(key, "body")) { ++ type = PARAM_BODY; ++ } ++ else { ++ return "Unknown RequestReadTimeout parameter"; ++ } ++ ++ if ((rate_str = ap_strcasestr(val, ",minrate="))) { ++ initial_str = apr_pstrndup(p, val, rate_str - val); ++ rate_str += strlen(",minrate="); ++ ret = parse_int(p, rate_str, &rate); ++ if (ret) ++ return ret; ++ ++ if (rate == 0) ++ return "Minimum data rate must be larger than 0"; ++ ++ if ((max_str = strchr(initial_str, '-'))) { ++ *max_str++ = '\0'; ++ ret = parse_int(p, max_str, &max); ++ if (ret) ++ return ret; ++ } ++ ++ ret = parse_int(p, initial_str, &initial); ++ } ++ else { ++ if (ap_strchr_c(val, '-')) ++ return "Must set MinRate option if using timeout range"; ++ ret = parse_int(p, val, &initial); ++ } ++ ++ if (ret) ++ return ret; ++ ++ if (max && initial >= max) { ++ return "Maximum timeout must be larger than initial timeout"; ++ } ++ ++ if (type == PARAM_HEADER) { ++ conf->header_timeout = initial; ++ conf->header_max_timeout = max; ++ conf->header_min_rate = rate; ++ if (rate) ++ conf->header_rate_factor = apr_time_from_sec(1) / rate; ++ } ++ else { ++ conf->body_timeout = initial; ++ conf->body_max_timeout = max; ++ conf->body_min_rate = rate; ++ if (rate) ++ conf->body_rate_factor = apr_time_from_sec(1) / rate; ++ } ++ return ret; ++} ++ ++static const char *set_reqtimeouts(cmd_parms *cmd, void *mconfig, ++ const char *arg) ++{ ++ reqtimeout_srv_cfg *conf = ++ ap_get_module_config(cmd->server->module_config, ++ &reqtimeout_module); ++ ++ while (*arg) { ++ char *word, *val; ++ const char *err; ++ ++ word = ap_getword_conf(cmd->pool, &arg); ++ val = strchr(word, '='); ++ if (!val) { ++ return "Invalid RequestReadTimeout parameter. Parameter must be " ++ "in the form 'key=value'"; ++ } ++ else ++ *val++ = '\0'; ++ ++ err = set_reqtimeout_param(conf, cmd->pool, word, val); ++ ++ if (err) ++ return apr_psprintf(cmd->temp_pool, "RequestReadTimeout: %s=%s: %s", ++ word, val, err); ++ } ++ ++ return NULL; ++ ++} ++ ++static void reqtimeout_hooks(apr_pool_t *pool) ++{ ++ /* ++ * mod_ssl is AP_FTYPE_CONNECTION + 5 and mod_reqtimeout needs to ++ * be called before mod_ssl. Otherwise repeated reads during the ssl ++ * handshake can prevent the timeout from triggering. ++ */ ++ ap_register_input_filter(reqtimeout_filter_name, reqtimeout_filter, NULL, ++ AP_FTYPE_CONNECTION + 8); ++ ++ /* ++ * mod_reqtimeout needs to be called before ap_process_http_request (which ++ * is run at APR_HOOK_REALLY_LAST) but after all other protocol modules. ++ * This ensures that it only influences normal http connections and not ++ * e.g. mod_ftp. Also, if mod_reqtimeout used the pre_connection hook, it ++ * would be inserted on mod_proxy's backend connections. ++ */ ++ ap_hook_process_connection(reqtimeout_init, NULL, NULL, APR_HOOK_LAST); ++ ++ ap_hook_post_read_request(reqtimeout_after_headers, NULL, NULL, ++ APR_HOOK_MIDDLE); ++ ap_hook_log_transaction(reqtimeout_after_body, NULL, NULL, ++ APR_HOOK_MIDDLE); ++} ++ ++static const command_rec reqtimeout_cmds[] = { ++ AP_INIT_RAW_ARGS("RequestReadTimeout", set_reqtimeouts, NULL, RSRC_CONF, ++ "Set various timeout parameters for reading request " ++ "headers and body"), ++ {NULL} ++}; ++ ++module AP_MODULE_DECLARE_DATA reqtimeout_module = { ++ STANDARD20_MODULE_STUFF, ++ NULL, /* create per-dir config structures */ ++ NULL, /* merge per-dir config structures */ ++ reqtimeout_create_srv_config, /* create per-server config structures */ ++ reqtimeout_merge_srv_config, /* merge per-server config structures */ ++ reqtimeout_cmds, /* table of config file commands */ ++ reqtimeout_hooks ++}; +diff -Naurp httpd-2.2.14.orig/modules/filters/mod_reqtimeout.dsp httpd-2.2.14/modules/filters/mod_reqtimeout.dsp +--- httpd-2.2.14.orig/modules/filters/mod_reqtimeout.dsp 1969-12-31 19:00:00.000000000 -0500 ++++ httpd-2.2.14/modules/filters/mod_reqtimeout.dsp 2010-04-05 10:51:57.000000000 -0400 +@@ -0,0 +1,111 @@ ++# Microsoft Developer Studio Project File - Name="mod_reqtimeout" - Package Owner=<4> ++# Microsoft Developer Studio Generated Build File, Format Version 6.00 ++# ** DO NOT EDIT ** ++ ++# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 ++ ++CFG=mod_reqtimeout - Win32 Release ++!MESSAGE This is not a valid makefile. To build this project using NMAKE, ++!MESSAGE use the Export Makefile command and run ++!MESSAGE ++!MESSAGE NMAKE /f "mod_reqtimeout.mak". ++!MESSAGE ++!MESSAGE You can specify a configuration when running NMAKE ++!MESSAGE by defining the macro CFG on the command line. For example: ++!MESSAGE ++!MESSAGE NMAKE /f "mod_reqtimeout.mak" CFG="mod_reqtimeout - Win32 Release" ++!MESSAGE ++!MESSAGE Possible choices for configuration are: ++!MESSAGE ++!MESSAGE "mod_reqtimeout - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") ++!MESSAGE "mod_reqtimeout - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") ++!MESSAGE ++ ++# Begin Project ++# PROP AllowPerConfigDependencies 0 ++# PROP Scc_ProjName "" ++# PROP Scc_LocalPath "" ++CPP=cl.exe ++MTL=midl.exe ++RSC=rc.exe ++ ++!IF "$(CFG)" == "mod_reqtimeout - Win32 Release" ++ ++# PROP BASE Use_MFC 0 ++# PROP BASE Use_Debug_Libraries 0 ++# PROP BASE Output_Dir "Release" ++# PROP BASE Intermediate_Dir "Release" ++# PROP BASE Target_Dir "" ++# PROP Use_MFC 0 ++# PROP Use_Debug_Libraries 0 ++# PROP Output_Dir "Release" ++# PROP Intermediate_Dir "Release" ++# PROP Ignore_Export_Lib 0 ++# PROP Target_Dir "" ++# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c ++# ADD CPP /nologo /MD /W3 /O2 /Oy- /Zi /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "AP_RL_DECLARE_EXPORT" /Fd"Release\mod_reqtimeout_src" /FD /c ++# ADD BASE MTL /nologo /D "NDEBUG" /win32 ++# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 ++# ADD BASE RSC /l 0x409 /d "NDEBUG" ++# ADD RSC /l 0x409 /fo"Release/mod_reqtimeout.res" /i "../../include" /i "../../srclib/apr/include" /d "NDEBUG" /d BIN_NAME="mod_reqtimeout.so" /d LONG_NAME="reqtimeout_module for Apache" ++BSC32=bscmake.exe ++# ADD BASE BSC32 /nologo ++# ADD BSC32 /nologo ++LINK32=link.exe ++# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /out:".\Release\mod_reqtimeout.so" /base:@..\..\os\win32\BaseAddr.ref,mod_reqtimeout.so ++# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:".\Release\mod_reqtimeout.so" /base:@..\..\os\win32\BaseAddr.ref,mod_reqtimeout.so /opt:ref ++# Begin Special Build Tool ++TargetPath=.\Release\mod_reqtimeout.so ++SOURCE="$(InputPath)" ++PostBuild_Desc=Embed .manifest ++PostBuild_Cmds=if exist $(TargetPath).manifest mt.exe -manifest $(TargetPath).manifest -outputresource:$(TargetPath);2 ++# End Special Build Tool ++ ++!ELSEIF "$(CFG)" == "mod_reqtimeout - Win32 Debug" ++ ++# PROP BASE Use_MFC 0 ++# PROP BASE Use_Debug_Libraries 1 ++# PROP BASE Output_Dir "Debug" ++# PROP BASE Intermediate_Dir "Debug" ++# PROP BASE Target_Dir "" ++# PROP Use_MFC 0 ++# PROP Use_Debug_Libraries 1 ++# PROP Output_Dir "Debug" ++# PROP Intermediate_Dir "Debug" ++# PROP Ignore_Export_Lib 0 ++# PROP Target_Dir "" ++# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c ++# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "AP_RL_DECLARE_EXPORT" /Fd"Debug\mod_reqtimeout_src" /FD /c ++# ADD BASE MTL /nologo /D "_DEBUG" /win32 ++# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 ++# ADD BASE RSC /l 0x409 /d "_DEBUG" ++# ADD RSC /l 0x409 /fo"Debug/mod_reqtimeout.res" /i "../../include" /i "../../srclib/apr/include" /d "_DEBUG" /d BIN_NAME="mod_reqtimeout.so" /d LONG_NAME="reqtimeout_module for Apache" ++BSC32=bscmake.exe ++# ADD BASE BSC32 /nologo ++# ADD BSC32 /nologo ++LINK32=link.exe ++# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:".\Debug\mod_reqtimeout.so" /base:@..\..\os\win32\BaseAddr.ref,mod_reqtimeout.so ++# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:".\Debug\mod_reqtimeout.so" /base:@..\..\os\win32\BaseAddr.ref,mod_reqtimeout.so ++# Begin Special Build Tool ++TargetPath=.\Debug\mod_reqtimeout.so ++SOURCE="$(InputPath)" ++PostBuild_Desc=Embed .manifest ++PostBuild_Cmds=if exist $(TargetPath).manifest mt.exe -manifest $(TargetPath).manifest -outputresource:$(TargetPath);2 ++# End Special Build Tool ++ ++!ENDIF ++ ++# Begin Target ++ ++# Name "mod_reqtimeout - Win32 Release" ++# Name "mod_reqtimeout - Win32 Debug" ++# Begin Source File ++ ++SOURCE=.\mod_reqtimeout.c ++# End Source File ++# Begin Source File ++ ++SOURCE=..\..\build\win32\httpd.rc ++# End Source File ++# End Target ++# End Project +diff -Naurp httpd-2.2.14.orig/os/win32/BaseAddr.ref httpd-2.2.14/os/win32/BaseAddr.ref +--- httpd-2.2.14.orig/os/win32/BaseAddr.ref 2007-12-10 16:07:58.000000000 -0500 ++++ httpd-2.2.14/os/win32/BaseAddr.ref 2010-04-05 10:52:05.674151882 -0400 +@@ -81,3 +81,4 @@ mod_case_filter_in.so 0x6F9B0000 0x + mod_filter.so 0x6F9A0000 0x00010000 + mod_dav_lock.so 0x6F990000 0x00010000 + mod_substitute.so 0x6F980000 0x00010000 ++mod_reqtimeout.so 0x6F970000 0x00010000 +diff -Naurp httpd-2.2.14.orig/server/connection.c httpd-2.2.14/server/connection.c +--- httpd-2.2.14.orig/server/connection.c 2006-07-11 23:38:44.000000000 -0400 ++++ httpd-2.2.14/server/connection.c 2010-04-05 11:04:29.330162814 -0400 +@@ -154,8 +154,20 @@ AP_DECLARE(void) ap_lingering_close(conn + break; + + if (timeup == 0) { +- /* First time through; calculate now + 30 seconds. */ +- timeup = apr_time_now() + apr_time_from_sec(MAX_SECS_TO_LINGER); ++ /* ++ * First time through; ++ * calculate now + 30 seconds (MAX_SECS_TO_LINGER). ++ * ++ * If some module requested a shortened waiting period, only wait for ++ * 2s (SECONDS_TO_LINGER). This is useful for mitigating certain ++ * DoS attacks. ++ */ ++ if (apr_table_get(c->notes, "short-lingering-close")) { ++ timeup = apr_time_now() + apr_time_from_sec(SECONDS_TO_LINGER); ++ } ++ else { ++ timeup = apr_time_now() + apr_time_from_sec(MAX_SECS_TO_LINGER); ++ } + continue; + } + } while (apr_time_now() < timeup); --- apache2-2.2.14.orig/debian/patches/073_mod_dav_trunk_fixes.dpatch +++ apache2-2.2.14/debian/patches/073_mod_dav_trunk_fixes.dpatch @@ -0,0 +1,492 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Various bug fixes for mod_dav/mod_dav_fs +## DP: upstream svn revs 834018:835092 in modules/dav +# +# *) mod_dav: Include uri when logging a PUT error due to connection abort. +# PR 38149. [Stefan Fritsch] +# +# *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent +# resource does not exist or is not a collection. PR 43465. [Stefan Fritsch] +# +# *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll +# (a COPY request where the parent of the destination resource does not +# exist). PR 39299. [Stefan Fritsch] +# +# *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed. +# PR 42896. [Stefan Fritsch] +# +# *) mod_dav_fs: Make PUT create files atomically and no longer destroy the +# old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch] +# +# *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically +# creating files. On systems with inode numbers, this is a format change of +# the DavLockDB. The old DavLockDB must be deleted on upgrade. +# [Stefan Fritsch] +@DPATCH@ +Index: a/modules/dav/main/mod_dav.c +=================================================================== +--- a/modules/dav/main/mod_dav.c (Revision 834018) ++++ a/modules/dav/main/mod_dav.c (Revision 835089) +@@ -982,7 +982,10 @@ + + if (rc != APR_SUCCESS) { + err = dav_new_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0, +- "Could not get next bucket brigade"); ++ apr_psprintf(r->pool, ++ "Could not get next bucket " ++ "brigade (URI: %s)", ++ ap_escape_html(r->pool, r->uri))); + break; + } + +@@ -1005,8 +1008,10 @@ + rc = apr_bucket_read(b, &data, &len, APR_BLOCK_READ); + if (rc != APR_SUCCESS) { + err = dav_new_error(r->pool, HTTP_BAD_REQUEST, 0, +- "An error occurred while reading " +- "the request body."); ++ apr_psprintf(r->pool, ++ "An error occurred while reading" ++ " the request body (URI: %s)", ++ ap_escape_html(r->pool, r->uri))); + break; + } + +@@ -2995,6 +3000,7 @@ + { + dav_error *err; + dav_resource *resource; ++ dav_resource *parent; + const dav_hooks_locks *locks_hooks; + int result; + int depth; +@@ -3026,6 +3032,20 @@ + if (err != NULL) + return dav_handle_err(r, err, NULL); + ++ /* Check if parent collection exists */ ++ if ((err = resource->hooks->get_parent_resource(resource, &parent)) != NULL) { ++ /* ### add a higher-level description? */ ++ return dav_handle_err(r, err, NULL); ++ } ++ if (parent && (!parent->exists || parent->collection != 1)) { ++ err = dav_new_error(r->pool, HTTP_CONFLICT, 0, ++ apr_psprintf(r->pool, ++ "The parent resource of %s does not " ++ "exist or is not a collection.", ++ ap_escape_html(r->pool, r->uri))); ++ return dav_handle_err(r, err, NULL); ++ } ++ + /* + * Open writable. Unless an error occurs, we'll be + * writing into the database. +Index: a/modules/dav/fs/lock.c +=================================================================== +--- a/modules/dav/fs/lock.c (Revision 834018) ++++ a/modules/dav/fs/lock.c (Revision 835089) +@@ -48,9 +48,8 @@ + ** + ** KEY + ** +-** The database is keyed by a key_type unsigned char (DAV_TYPE_INODE or +-** DAV_TYPE_FNAME) followed by inode and device number if possible, +-** otherwise full path (in the case of Win32 or lock-null resources). ++** The database is keyed by a key_type unsigned char (DAV_TYPE_FNAME) ++** followed by the full path. The key_type DAV_TYPE_INODE is not used anymore. + ** + ** VALUE + ** +@@ -82,7 +81,10 @@ + #define DAV_LOCK_DIRECT 1 + #define DAV_LOCK_INDIRECT 2 + +-#define DAV_TYPE_INODE 10 ++/* ++ * not used anymore ++ * #define DAV_TYPE_INODE 10 ++ */ + #define DAV_TYPE_FNAME 11 + + +@@ -372,12 +374,13 @@ + } + + /* +-** dav_fs_build_fname_key +-** +-** Given a pathname, build a DAV_TYPE_FNAME lock database key. ++** dav_fs_build_key: Given a resource, return a apr_datum_t key ++** to look up lock information for this file. + */ +-static apr_datum_t dav_fs_build_fname_key(apr_pool_t *p, const char *pathname) ++static apr_datum_t dav_fs_build_key(apr_pool_t *p, ++ const dav_resource *resource) + { ++ const char *pathname = dav_fs_pathname(resource); + apr_datum_t key; + + /* ### does this allocation have a proper lifetime? need to check */ +@@ -394,46 +397,6 @@ + } + + /* +-** dav_fs_build_key: Given a resource, return a apr_datum_t key +-** to look up lock information for this file. +-** +-** (inode/dev not supported or file is lock-null): +-** apr_datum_t->dvalue = full path +-** +-** (inode/dev supported and file exists ): +-** apr_datum_t->dvalue = inode, dev +-*/ +-static apr_datum_t dav_fs_build_key(apr_pool_t *p, +- const dav_resource *resource) +-{ +- const char *file = dav_fs_pathname(resource); +- apr_datum_t key; +- apr_finfo_t finfo; +- apr_status_t rv; +- +- /* ### use lstat() ?? */ +- /* +- * XXX: What for platforms with no IDENT (dev/inode)? +- */ +- rv = apr_stat(&finfo, file, APR_FINFO_IDENT, p); +- if ((rv == APR_SUCCESS || rv == APR_INCOMPLETE) +- && ((finfo.valid & APR_FINFO_IDENT) == APR_FINFO_IDENT)) +- { +- /* ### can we use a buffer for this? */ +- key.dsize = 1 + sizeof(finfo.inode) + sizeof(finfo.device); +- key.dptr = apr_palloc(p, key.dsize); +- *key.dptr = DAV_TYPE_INODE; +- memcpy(key.dptr + 1, &finfo.inode, sizeof(finfo.inode)); +- memcpy(key.dptr + 1 + sizeof(finfo.inode), &finfo.device, +- sizeof(finfo.device)); +- +- return key; +- } +- +- return dav_fs_build_fname_key(p, file); +-} +- +-/* + ** dav_fs_lock_expired: return 1 (true) if the given timeout is in the past + ** or present (the lock has expired), or 0 (false) if in the future + ** (the lock has not yet expired). +@@ -989,13 +952,8 @@ + + /* + ** dav_fs_remove_locknull_state: Given a request, check to see if r->filename +-** is/was a lock-null resource. If so, return it to an existant state. +-** +-** ### this function is broken... it doesn't check! +-** +-** In this implementation, this involves two things: +-** (a) remove it from the list in the appropriate .DAV/locknull file +-** (b) on *nix, convert the key from a filename to an inode. ++** is/was a lock-null resource. If so, return it to an existant state, i.e. ++** remove it from the list in the appropriate .DAV/locknull file. + */ + static dav_error * dav_fs_remove_locknull_state( + dav_lockdb *lockdb, +@@ -1011,35 +969,6 @@ + return err; + } + +- { +- dav_lock_discovery *ld; +- dav_lock_indirect *id; +- apr_datum_t key; +- +- /* +- ** Fetch the lock(s) that made the resource lock-null. Remove +- ** them under the filename key. Obtain the new inode key, and +- ** save the same lock information under it. +- */ +- key = dav_fs_build_fname_key(p, pathname); +- if ((err = dav_fs_load_lock_record(lockdb, key, DAV_CREATE_LIST, +- &ld, &id)) != NULL) { +- /* ### insert a higher-level error description */ +- return err; +- } +- +- if ((err = dav_fs_save_lock_record(lockdb, key, NULL, NULL)) != NULL) { +- /* ### insert a higher-level error description */ +- return err; +- } +- +- key = dav_fs_build_key(p, resource); +- if ((err = dav_fs_save_lock_record(lockdb, key, ld, id)) != NULL) { +- /* ### insert a higher-level error description */ +- return err; +- } +- } +- + return NULL; + } + +Index: a/modules/dav/fs/repos.c +=================================================================== +--- a/modules/dav/fs/repos.c (Revision 834018) ++++ a/modules/dav/fs/repos.c (Revision 835089) +@@ -140,6 +140,11 @@ + */ + #define DAV_PROPID_FS_executable 1 + ++/* ++ * prefix for temporary files ++ */ ++#define DAV_FS_TMP_PREFIX ".davfs." ++ + static const dav_liveprop_spec dav_fs_props[] = + { + /* standard DAV properties */ +@@ -192,11 +197,14 @@ + apr_pool_t *p; + apr_file_t *f; + const char *pathname; /* we may need to remove it at close time */ ++ char *temppath; ++ int unlink_on_error; + }; + + /* returns an appropriate HTTP status code given an APR status code for a + * failed I/O operation. ### use something besides 500? */ + #define MAP_IO2HTTP(e) (APR_STATUS_IS_ENOSPC(e) ? HTTP_INSUFFICIENT_STORAGE : \ ++ APR_STATUS_IS_ENOENT(e) ? HTTP_CONFLICT : \ + HTTP_INTERNAL_SERVER_ERROR) + + /* forward declaration for internal treewalkers */ +@@ -420,11 +428,24 @@ + apr_file_close(inf); + apr_file_close(outf); + +- if (is_move && apr_file_remove(src, p) != APR_SUCCESS) { ++ if (is_move && (status = apr_file_remove(src, p)) != APR_SUCCESS) { + dav_error *err; + int save_errno = errno; /* save the errno that got us here */ + +- if (apr_file_remove(dst, p) != APR_SUCCESS) { ++ if (APR_STATUS_IS_ENOENT(status)) { ++ /* ++ * Something is wrong here but the result is what we wanted. ++ * We definitely should not remove the destination file. ++ */ ++ err = dav_new_error(p, HTTP_INTERNAL_SERVER_ERROR, 0, ++ apr_psprintf(p, "Could not remove source " ++ "file %s after move to %s. The " ++ "server may be in an " ++ "inconsistent state.", src, dst)); ++ err->save_errno = save_errno; ++ return err; ++ } ++ else if (apr_file_remove(dst, p) != APR_SUCCESS) { + /* ### ACK. this creates an inconsistency. do more!? */ + + /* ### use something besides 500? */ +@@ -506,9 +527,13 @@ + dst = apr_pstrcat(p, dst, "/", dst_file, NULL); + + /* copy/move the file now */ +- if (is_move && src_finfo.device == dst_state_finfo.device) { +- /* simple rename is possible since it is on the same device */ +- if (apr_file_rename(src, dst, p) != APR_SUCCESS) { ++ if (is_move) { ++ /* try simple rename first */ ++ rv = apr_file_rename(src, dst, p); ++ if (APR_STATUS_IS_EXDEV(rv)) { ++ return dav_fs_copymove_file(is_move, p, src, dst, NULL, NULL, pbuf); ++ } ++ if (rv != APR_SUCCESS) { + /* ### use something besides 500? */ + return dav_new_error(p, HTTP_INTERNAL_SERVER_ERROR, 0, + "Could not move state file."); +@@ -848,6 +873,14 @@ + && ctx2->pathname[len1] == '/'); + } + ++static apr_status_t tmpfile_cleanup(void *data) { ++ dav_stream *ds = data; ++ if (ds->temppath) { ++ apr_file_remove(ds->temppath, ds->p); ++ } ++ return APR_SUCCESS; ++} ++ + static dav_error * dav_fs_open_stream(const dav_resource *resource, + dav_stream_mode mode, + dav_stream **stream) +@@ -872,7 +905,32 @@ + + ds->p = p; + ds->pathname = resource->info->pathname; +- rv = apr_file_open(&ds->f, ds->pathname, flags, APR_OS_DEFAULT, ds->p); ++ ds->temppath = NULL; ++ ds->unlink_on_error = 0; ++ ++ if (mode == DAV_MODE_WRITE_TRUNC) { ++ ds->temppath = apr_pstrcat(p, ap_make_dirstr_parent(p, ds->pathname), ++ DAV_FS_TMP_PREFIX "XXXXXX", NULL); ++ rv = apr_file_mktemp(&ds->f, ds->temppath, flags, ds->p); ++ apr_pool_cleanup_register(p, ds, tmpfile_cleanup, ++ apr_pool_cleanup_null); ++ } ++ else if (mode == DAV_MODE_WRITE_SEEKABLE) { ++ rv = apr_file_open(&ds->f, ds->pathname, flags | APR_FOPEN_EXCL, ++ APR_OS_DEFAULT, ds->p); ++ if (rv == APR_SUCCESS) { ++ /* we have created a new file */ ++ ds->unlink_on_error = 1; ++ } ++ else if (APR_STATUS_IS_EEXIST(rv)) { ++ rv = apr_file_open(&ds->f, ds->pathname, flags, APR_OS_DEFAULT, ++ ds->p); ++ } ++ } ++ else { ++ rv = apr_file_open(&ds->f, ds->pathname, flags, APR_OS_DEFAULT, ds->p); ++ } ++ + if (rv != APR_SUCCESS) { + return dav_new_error(p, MAP_IO2HTTP(rv), 0, + "An error occurred while opening a resource."); +@@ -886,17 +944,33 @@ + + static dav_error * dav_fs_close_stream(dav_stream *stream, int commit) + { ++ apr_status_t rv; ++ + apr_file_close(stream->f); + + if (!commit) { +- if (apr_file_remove(stream->pathname, stream->p) != APR_SUCCESS) { +- /* ### use a better description? */ +- return dav_new_error(stream->p, HTTP_INTERNAL_SERVER_ERROR, 0, +- "There was a problem removing (rolling " +- "back) the resource " +- "when it was being closed."); ++ if (stream->temppath) { ++ apr_pool_cleanup_run(stream->p, stream, tmpfile_cleanup); + } ++ else if (stream->unlink_on_error) { ++ if (apr_file_remove(stream->pathname, stream->p) != APR_SUCCESS) { ++ /* ### use a better description? */ ++ return dav_new_error(stream->p, HTTP_INTERNAL_SERVER_ERROR, 0, ++ "There was a problem removing (rolling " ++ "back) the resource " ++ "when it was being closed."); ++ } ++ } + } ++ else if (stream->temppath) { ++ rv = apr_file_rename(stream->temppath, stream->pathname, stream->p); ++ if (rv) { ++ return dav_new_error(stream->p, HTTP_INTERNAL_SERVER_ERROR, rv, ++ "There was a problem writing the file " ++ "atomically after writes."); ++ } ++ apr_pool_cleanup_kill(stream->p, stream, tmpfile_cleanup); ++ } + + return NULL; + } +@@ -1204,7 +1278,7 @@ + dav_resource_private *srcinfo = src->info; + dav_resource_private *dstinfo = dst->info; + dav_error *err; +- int can_rename = 0; ++ apr_status_t rv; + + #if DAV_DEBUG + if (src->hooks != dst->hooks) { +@@ -1218,39 +1292,12 @@ + } + #endif + +- /* determine whether a simple rename will work. +- * Assume source exists, else we wouldn't get called. +- */ +- if (dstinfo->finfo.filetype != 0) { +- if (dstinfo->finfo.device == srcinfo->finfo.device) { +- /* target exists and is on the same device. */ +- can_rename = 1; +- } +- } +- else { +- const char *dirpath; +- apr_finfo_t finfo; +- apr_status_t rv; + +- /* destination does not exist, but the parent directory should, +- * so try it +- */ +- dirpath = ap_make_dirstr_parent(dstinfo->pool, dstinfo->pathname); +- /* +- * XXX: If missing dev ... then what test? +- * Really need a try and failover for those platforms. +- * +- */ +- rv = apr_stat(&finfo, dirpath, APR_FINFO_DEV, dstinfo->pool); +- if ((rv == APR_SUCCESS || rv == APR_INCOMPLETE) +- && (finfo.valid & srcinfo->finfo.valid & APR_FINFO_DEV) +- && (finfo.device == srcinfo->finfo.device)) { +- can_rename = 1; +- } +- } ++ /* try rename first */ ++ rv = apr_file_rename(srcinfo->pathname, dstinfo->pathname, srcinfo->pool); + + /* if we can't simply rename, then do it the hard way... */ +- if (!can_rename) { ++ if (APR_STATUS_IS_EXDEV(rv)) { + if ((err = dav_fs_copymove_resource(1, src, dst, DAV_INFINITY, + response)) == NULL) { + /* update resource states */ +@@ -1263,20 +1310,16 @@ + return err; + } + +- /* a rename should work. do it, and move properties as well */ +- + /* no multistatus response */ + *response = NULL; + +- /* ### APR has no rename? */ +- if (apr_file_rename(srcinfo->pathname, dstinfo->pathname, +- srcinfo->pool) != APR_SUCCESS) { ++ if (rv != APR_SUCCESS) { + /* ### should have a better error than this. */ + return dav_new_error(srcinfo->pool, HTTP_INTERNAL_SERVER_ERROR, 0, + "Could not rename resource."); + } + +- /* update resource states */ ++ /* Rename did work. Update resource states and move properties as well */ + dst->exists = 1; + dst->collection = src->collection; + src->exists = 0; +@@ -1478,14 +1521,18 @@ + /* ### need to authorize each file */ + /* ### example: .htaccess is normally configured to fail auth */ + +- /* stuff in the state directory is never authorized! */ +- if (!strcmp(dirent.name, DAV_FS_STATE_DIR)) { ++ /* stuff in the state directory and temp files are never authorized! */ ++ if (!strcmp(dirent.name, DAV_FS_STATE_DIR) || ++ !strncmp(dirent.name, DAV_FS_TMP_PREFIX, ++ strlen(DAV_FS_TMP_PREFIX))) { + continue; + } + } +- /* skip the state dir unless a HIDDEN is performed */ ++ /* skip the state dir and temp files unless a HIDDEN is performed */ + if (!(params->walk_type & DAV_WALKTYPE_HIDDEN) +- && !strcmp(dirent.name, DAV_FS_STATE_DIR)) { ++ && (!strcmp(dirent.name, DAV_FS_STATE_DIR) || ++ !strncmp(dirent.name, DAV_FS_TMP_PREFIX, ++ strlen(DAV_FS_TMP_PREFIX)))) { + continue; + } + --- apache2-2.2.14.orig/debian/patches/057_disablemods.dpatch +++ apache2-2.2.14/debian/patches/057_disablemods.dpatch @@ -0,0 +1,62 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## Stolen from the fedora package +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Support "--enable-modules=none" to build an httpd binary with +## DP: no optional modules enabled. + +@DPATCH@ +diff -urNad trunk~/acinclude.m4 trunk/acinclude.m4 +--- trunk~/acinclude.m4 2005-11-13 07:33:15.000000000 +0100 ++++ trunk/acinclude.m4 2008-03-14 01:28:42.379287995 +0100 +@@ -289,14 +289,19 @@ + + AC_ARG_ENABLE(modules, + APACHE_HELP_STRING(--enable-modules=MODULE-LIST,Space-separated list of modules to enable | "all" | "most"),[ +- for i in $enableval; do +- if test "$i" = "all" -o "$i" = "most"; then +- module_selection=$i +- else +- i=`echo $i | sed 's/-/_/g'` +- eval "enable_$i=yes" +- fi +- done ++ if test "$enableval" = "none"; then ++ module_default=no ++ module_selection=none ++ else ++ for i in $enableval; do ++ if test "$i" = "all" -o "$i" = "most"; then ++ module_selection=$i ++ else ++ i=`echo $i | sed 's/-/_/g'` ++ eval "enable_$i=yes" ++ fi ++ done ++ fi + ]) + + AC_ARG_ENABLE(mods-shared, +diff -urNad trunk~/configure trunk/configure +--- trunk~/configure 2008-01-10 17:54:40.000000000 +0100 ++++ trunk/configure 2008-03-14 01:31:55.675287371 +0100 +@@ -8106,6 +8106,10 @@ + # Check whether --enable-modules was given. + if test "${enable_modules+set}" = set; then + enableval=$enable_modules; ++ if test "$enableval" = "none"; then ++ module_default=no ++ module_selection=none ++ else + for i in $enableval; do + if test "$i" = "all" -o "$i" = "most"; then + module_selection=$i +@@ -8114,7 +8118,7 @@ + eval "enable_$i=yes" + fi + done +- ++ fi + fi + + --- apache2-2.2.14.orig/debian/patches/074_link_support_progs_with_lcrypt.dpatch +++ apache2-2.2.14/debian/patches/074_link_support_progs_with_lcrypt.dpatch @@ -0,0 +1,39 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 074_support_link_lcrypt.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Link support programs with -lcrypt where necessary. Required by +## DP: binutils-gold (bug #553946) + +@DPATCH@ +diff -urNad trunk~/configure trunk/configure +--- trunk~/configure 2009-12-05 23:44:43.501042252 +0100 ++++ trunk/configure 2009-12-05 23:47:07.640043829 +0100 +@@ -14628,11 +14628,11 @@ + + fi + +-htpasswd_LTFLAGS="" ++htpasswd_LTFLAGS="-lcrypt" + htdigest_LTFLAGS="" + rotatelogs_LTFLAGS="" + logresolve_LTFLAGS="" +-htdbm_LTFLAGS="" ++htdbm_LTFLAGS="-lcrypt" + ab_LTFLAGS="" + checkgid_LTFLAGS="" + htcacheclean_LTFLAGS="" +diff -urNad trunk~/support/config.m4 trunk/support/config.m4 +--- trunk~/support/config.m4 2006-12-24 15:40:19.000000000 +0100 ++++ trunk/support/config.m4 2009-12-05 23:47:29.388150162 +0100 +@@ -1,8 +1,8 @@ +-htpasswd_LTFLAGS="" ++htpasswd_LTFLAGS="-lcrypt" + htdigest_LTFLAGS="" + rotatelogs_LTFLAGS="" + logresolve_LTFLAGS="" +-htdbm_LTFLAGS="" ++htdbm_LTFLAGS="-lcrypt" + ab_LTFLAGS="" + checkgid_LTFLAGS="" + htcacheclean_LTFLAGS="" --- apache2-2.2.14.orig/debian/patches/038_no_LD_LIBRARY_PATH +++ apache2-2.2.14/debian/patches/038_no_LD_LIBRARY_PATH @@ -0,0 +1,17 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 038_no_LD_LIBRARY_PATH by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Remove LD_LIBRARY_PATH from envvars-std + +@DPATCH@ +--- apache2/support/envvars-std.in 2004-11-07 04:07:56.000000000 -0700 ++++ apache2/support/envvars-std.in 2004-11-07 04:08:08.000000000 -0700 +@@ -17,7 +17,4 @@ + # + # This file is generated from envvars-std.in + # +-@SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@" +-export @SHLIBPATH_VAR@ +-# + @OS_SPECIFIC_VARS@ --- apache2-2.2.14.orig/debian/patches/200_cp_suexec.dpatch +++ apache2-2.2.14/debian/patches/200_cp_suexec.dpatch @@ -0,0 +1,11 @@ +#!/bin/sh -e + +## DP: copy suexec to suexec-custom + +WORKDIR=${2:-.} + +if [ "$1" = -patch ]; then + cp $WORKDIR/support/suexec.c $WORKDIR/support/suexec-custom.c +elif [ "$1" = -unpatch ]; then + rm $WORKDIR/support/suexec-custom.c +fi --- apache2-2.2.14.orig/debian/patches/069_no_deflate_for_HEAD.dpatch +++ apache2-2.2.14/debian/patches/069_no_deflate_for_HEAD.dpatch @@ -0,0 +1,30 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: mod_deflate DoS +## DP: This should switch off deflate for HEAD requests +## DP: Patch by Ruediger Pluem + +@DPATCH@ +--- a/modules/filters/mod_deflate.c (revision 793927) ++++ a/modules/filters/mod_deflate.c (working copy) +@@ -629,6 +629,19 @@ + apr_bucket *b; + apr_size_t len; + ++ /* ++ * Optimization: If we are a HEAD request and bytes_sent is not zero ++ * it means that we have passed the content-length filter once and ++ * have more data to sent. This means that the content-length filter ++ * could not determine our content-length for the response to the ++ * HEAD request anyway (the associated GET request would deliver the ++ * body in chunked encoding) and we can stop compressing. ++ */ ++ if (r->header_only && r->bytes_sent) { ++ ap_remove_output_filter(f); ++ return ap_pass_brigade(f->next, bb); ++ } ++ + e = APR_BRIGADE_FIRST(bb); + + if (APR_BUCKET_IS_EOS(e)) { --- apache2-2.2.14.orig/debian/patches/00list +++ apache2-2.2.14/debian/patches/00list @@ -0,0 +1,39 @@ +001_branding +002_apachectl +004_usr_bin_perl_0wnz_j00 +008_make_include_safe +009_apache2_has_dso +010_fhs_compliance +031_apxs2_sucks_more +032_suexec_is_shared +033_dbm_read_hash_or_btree +034_apxs2_libtool_fixtastic +038_no_LD_LIBRARY_PATH +042_htdigest_CAN-2005-1344 +045_suexec_log_cloexec.dpatch +047_fix_usage_message.dpatch +050_enhance_apache2ctl.dpatch +052_logresolve_linelength.dpatch +057_disablemods.dpatch +058_suexec-CVE-2007-1742.dpatch +067_fix_segfault_in_ab.dpatch +068_mod_dav_detect_EOF.dpatch +069_no_deflate_for_HEAD.dpatch +070_RemoveType_override_mime.types.dpatch +071_fix_cacheenable.dpatch +072_CVE-2009-3555.dpatch +073_mod_dav_trunk_fixes.dpatch +074_link_support_progs_with_lcrypt.dpatch +075_mod_rewrite_literal_ipv6_redirect.dpatch +076_apxs2_a2enmod.dpatch +099_config_guess_sub_update +200_cp_suexec.dpatch +201_build_suexec-custom.dpatch +202_suexec-custom.dpatch +203_fix-ab-segfault.dpatch +204_CVE-2010-0408 +205_CVE-2010-0434 +206-fix-potential-memory-leaks.dpatch +206-report-max-client-mpm-worker.dpatch +209-backport-mod-reqtimeout.dpatch +210-backport-mod-reqtimeout-ftbfs.dpatch --- apache2-2.2.14.orig/debian/patches/202_suexec-custom.dpatch +++ apache2-2.2.14/debian/patches/202_suexec-custom.dpatch @@ -0,0 +1,201 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 202_suexec-custom.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: the actual patch to make suexec-custom read a config file + +@DPATCH@ +diff -urNad trunk~/support/suexec-custom.c trunk/support/suexec-custom.c +--- trunk~/support/suexec-custom.c 2008-05-04 19:41:30.559379143 +0200 ++++ trunk/support/suexec-custom.c 2008-05-04 19:42:30.817574842 +0200 +@@ -29,6 +29,7 @@ + * + * + */ ++#define SUEXEC_CONFIG_DIR "/etc/apache2/suexec/" + + #include "apr.h" + #include "ap_config.h" +@@ -39,6 +40,7 @@ + #include + #include + #include ++#include + #if APR_HAVE_UNISTD_H + #include + #endif +@@ -203,6 +205,26 @@ + return; + } + ++static int read_line(char *buf, FILE *file) { ++ char *p; ++ p = fgets(buf, AP_MAXPATH+1, file); ++ if (!p) return 0; ++ if (*p == '\0') return 1; ++ ++ p = buf; ++ while (*p) ++ p++; ++ p--; ++ ++ /* remove trailing space and slash */ ++ while ( isspace(*p) && p >= buf ) ++ *p-- = '\0'; ++ while ( *p == '/' && p >= buf ) ++ *p-- = '\0'; ++ ++ return 1; ++} ++ + static void clean_env(void) + { + char pathbuf[512]; +@@ -266,6 +288,10 @@ + struct stat dir_info; /* directory info holder */ + struct stat prg_info; /* program info holder */ + int cwdh; /* handle to cwd */ ++ char *suexec_docroot = NULL; ++ char *suexec_userdir_suffix = NULL; ++ char *filename = NULL; ++ FILE *configfile; + + /* + * Start with a "clean" environment +@@ -296,15 +322,10 @@ + || (! strcmp(AP_HTTPD_USER, pw->pw_name))) + #endif /* _OSD_POSIX */ + ) { +-#ifdef AP_DOC_ROOT +- fprintf(stderr, " -D AP_DOC_ROOT=\"%s\"\n", AP_DOC_ROOT); +-#endif ++ fprintf(stderr, " -D SUEXEC_CONFIG_DIR=%s\n", SUEXEC_CONFIG_DIR); + #ifdef AP_GID_MIN + fprintf(stderr, " -D AP_GID_MIN=%d\n", AP_GID_MIN); + #endif +-#ifdef AP_HTTPD_USER +- fprintf(stderr, " -D AP_HTTPD_USER=\"%s\"\n", AP_HTTPD_USER); +-#endif + #ifdef AP_LOG_EXEC + fprintf(stderr, " -D AP_LOG_EXEC=\"%s\"\n", AP_LOG_EXEC); + #endif +@@ -317,9 +338,6 @@ + #ifdef AP_UID_MIN + fprintf(stderr, " -D AP_UID_MIN=%d\n", AP_UID_MIN); + #endif +-#ifdef AP_USERDIR_SUFFIX +- fprintf(stderr, " -D AP_USERDIR_SUFFIX=\"%s\"\n", AP_USERDIR_SUFFIX); +-#endif + exit(0); + } + /* +@@ -334,23 +352,6 @@ + target_gname = argv[2]; + cmd = argv[3]; + +- /* +- * Check to see if the user running this program +- * is the user allowed to do so as defined in +- * suexec.h. If not the allowed user, error out. +- */ +-#ifdef _OSD_POSIX +- /* User name comparisons are case insensitive on BS2000/OSD */ +- if (strcasecmp(AP_HTTPD_USER, pw->pw_name)) { +- log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER); +- exit(103); +- } +-#else /*_OSD_POSIX*/ +- if (strcmp(AP_HTTPD_USER, pw->pw_name)) { +- log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER); +- exit(103); +- } +-#endif /*_OSD_POSIX*/ + + /* + * Check for a leading '/' (absolute path) in the command to be executed, +@@ -375,6 +376,63 @@ + } + + /* ++ * Check to see if the user running this program ++ * is the user allowed to do so as defined in ++ * SUEXEC_CONFIG_DIR/username ++ * If not, error out. ++ */ ++ filename = malloc(AP_MAXPATH+1); ++ suexec_docroot = malloc(AP_MAXPATH+1); ++ suexec_userdir_suffix = malloc(AP_MAXPATH+1); ++ if (!filename || !suexec_docroot || !suexec_userdir_suffix) { ++ log_err("malloc failed\n"); ++ exit(120); ++ } ++ ++ strncpy(filename, SUEXEC_CONFIG_DIR, AP_MAXPATH); ++ strncat(filename, pw->pw_name, AP_MAXPATH); ++ filename[AP_MAXPATH] = '\0'; ++ ++ configfile = fopen(filename, "r"); ++ if (!configfile) { ++ log_err("User %s not allowed: Could not open config file %s\n", pw->pw_name, filename); ++ exit(123); ++ } ++ ++ if (!read_line(suexec_docroot, configfile)) { ++ log_err("Could not read docroot from %s\n", filename); ++ exit(124); ++ } ++ ++ if (!read_line(suexec_userdir_suffix, configfile)) { ++ log_err("Could not read userdir suffix from %s\n", filename); ++ exit(125); ++ } ++ ++ fclose(configfile); ++ ++ if (userdir) { ++ if ( !isalnum(*suexec_userdir_suffix) && suexec_userdir_suffix[0] != '.') { ++ log_err("userdir suffix disabled in %s\n", filename); ++ exit(126); ++ } ++ } ++ else { ++ if (suexec_docroot[0] != '/') { ++ log_err("docroot disabled in %s\n", filename); ++ exit(127); ++ } ++ ++ if (suexec_docroot[1] == '/' || ++ suexec_docroot[1] == '.' || ++ suexec_docroot[1] == '\0' ) ++ { ++ log_err("invalid docroot %s in %s\n", suexec_docroot, filename); ++ exit(128); ++ } ++ } ++ ++ /* + * Error out if the target username is invalid. + */ + if (strspn(target_uname, "1234567890") != strlen(target_uname)) { +@@ -506,7 +564,7 @@ + + if (userdir) { + if (((chdir(target_homedir)) != 0) || +- ((chdir(AP_USERDIR_SUFFIX)) != 0) || ++ ((chdir(suexec_userdir_suffix)) != 0) || + ((getcwd(dwd, AP_MAXPATH)) == NULL) || + ((fchdir(cwdh)) != 0)) { + log_err("cannot get docroot information (%s)\n", target_homedir); +@@ -514,10 +572,10 @@ + } + } + else { +- if (((chdir(AP_DOC_ROOT)) != 0) || ++ if (((chdir(suexec_docroot)) != 0) || + ((getcwd(dwd, AP_MAXPATH)) == NULL) || + ((fchdir(cwdh)) != 0)) { +- log_err("cannot get docroot information (%s)\n", AP_DOC_ROOT); ++ log_err("cannot get docroot information (%s)\n", suexec_docroot); + exit(113); + } + } --- apache2-2.2.14.orig/debian/patches/045_suexec_log_cloexec.dpatch +++ apache2-2.2.14/debian/patches/045_suexec_log_cloexec.dpatch @@ -0,0 +1,46 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## suexec_log_cloexec.dpatch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Patch to allow suexec to log after a cgi error (#312385) +## DP: http://issues.apache.org/bugzilla/show_bug.cgi?id=10744 + +@DPATCH@ + +diff -ru apache2-2.2.3.orig/support/suexec.c apache2-2.2.3/support/suexec.c +--- apache2-2.2.3.orig/support/suexec.c 2006-07-12 05:38:44.000000000 +0200 ++++ apache2-2.2.3/support/suexec.c 2007-05-24 18:37:04.000000000 +0200 +@@ -46,6 +46,7 @@ + #include + #include + #include ++#include + + #ifdef HAVE_PWD_H + #include +@@ -596,17 +597,14 @@ + #endif /* AP_SUEXEC_UMASK */ + + /* +- * Be sure to close the log file so the CGI can't +- * mess with it. If the exec fails, it will be reopened +- * automatically when log_err is called. Note that the log +- * might not actually be open if AP_LOG_EXEC isn't defined. +- * However, the "log" cell isn't ifdef'd so let's be defensive +- * and assume someone might have done something with it +- * outside an ifdef'd AP_LOG_EXEC block. +- */ +- if (log != NULL) { +- fclose(log); +- log = NULL; ++ * ask fcntl(2) to set the FD_CLOEXEC flag on the log file, ++ * so it'll be automagically closed if the exec() call succeeds. ++ */ ++ fflush(log); ++ setbuf(log,NULL); ++ if(fcntl(fileno(log),F_SETFD,FD_CLOEXEC)==-1) { ++ log_err("error: can't set close-on-exec flag"); ++ exit(122); + } + + /* --- apache2-2.2.14.orig/debian/patches/076_apxs2_a2enmod.dpatch +++ apache2-2.2.14/debian/patches/076_apxs2_a2enmod.dpatch @@ -0,0 +1,146 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 076_apxs2_a2enmo.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Make apxs2 use a2enmod and /etc/apache2/mods-available + +@DPATCH@ +diff -urNad trunk~/support/apxs.in trunk/support/apxs.in +--- trunk~/support/apxs.in 2010-01-02 21:52:57.828866228 +0100 ++++ trunk/support/apxs.in 2010-01-02 21:55:48.375597120 +0100 +@@ -522,7 +522,7 @@ + # $dir =~ s|^$CFG_PREFIX/?||; + $dir =~ s|(.)$|$1/|; + $t =~ s|\.la$|.so|; +- push(@lmd, sprintf("LoadModule %-18s %s", "${name}_module", "$dir$t")); ++ push(@lmd, [ $name, sprintf("LoadModule %-18s %s", "${name}_module", "$dir$t") ] ); + } + + # execute the commands +@@ -530,105 +530,35 @@ + + # activate module via LoadModule/AddModule directive + if ($opt_a or $opt_A) { +- if (not -f "$CFG_SYSCONFDIR/httpd.conf") { +- error("Config file $CFG_SYSCONFDIR/httpd.conf not found"); +- exit(1); +- } +- +- open(FP, "<$CFG_SYSCONFDIR/httpd.conf") || die; +- my $content = join('', ); +- close(FP); +- +- if ($content !~ m|\n#?\s*LoadModule\s+|) { +- error("Activation failed for custom $CFG_SYSCONFDIR/httpd.conf file."); +- error("At least one `LoadModule' directive already has to exist."); ++ if (not -d "$CFG_SYSCONFDIR/mods-available") { ++ error("Config file $CFG_SYSCONFDIR/mods-available not found"); + exit(1); + } + +- my $lmd; +- my $c = ''; +- $c = '#' if ($opt_A); +- foreach $lmd (@lmd) { +- my $what = $opt_A ? "preparing" : "activating"; +- if ($content !~ m|\n#?\s*$lmd|) { +- # check for open , so that the new LoadModule +- # directive always appears *outside* of an . +- +- my $before = ($content =~ m|^(.*\n)#?\s*LoadModule\s+[^\n]+\n|s)[0]; +- +- # the '()=' trick forces list context and the scalar +- # assignment counts the number of list members (aka number +- # of matches) then +- my $cntopen = () = ($before =~ m|^\s*<[^/].*$|mg); +- my $cntclose = () = ($before =~ m|^\s*$filename") || die; ++ print FP "$lmd\n"; ++ close(FP); + +- unless ($found) { +- error('Configuration file is not valid. There are ' +- . 'sections opened and not closed.'); +- exit(1); +- } ++ if ($opt_a) { ++ my $cmd = "a2enmod $name"; ++ if (system($cmd) != 0) { ++ die "'$cmd' failed\n"; + } +- } else { +- # replace already existing LoadModule line +- $content =~ s|^(.*\n)#?\s*$lmd[^\n]*\n|$1$c$lmd\n|s; +- } +- $lmd =~ m|LoadModule\s+(.+?)_module.*|; +- notice("[$what module `$1' in $CFG_SYSCONFDIR/httpd.conf]"); ++ } ++ + } +- if (@lmd) { +- if (open(FP, ">$CFG_SYSCONFDIR/httpd.conf.new")) { +- print FP $content; +- close(FP); +- system("cp $CFG_SYSCONFDIR/httpd.conf $CFG_SYSCONFDIR/httpd.conf.bak && " . +- "cp $CFG_SYSCONFDIR/httpd.conf.new $CFG_SYSCONFDIR/httpd.conf && " . +- "rm $CFG_SYSCONFDIR/httpd.conf.new"); +- } else { +- notice("unable to open configuration file"); +- } +- } + } + } + --- apache2-2.2.14.orig/debian/patches/071_fix_cacheenable.dpatch +++ apache2-2.2.14/debian/patches/071_fix_cacheenable.dpatch @@ -0,0 +1,118 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Bug #442266 +## DP: r821333,r821538,r821539 from upstream svn + +@DPATCH@ +diff --git a/modules/cache/cache_util.c b/modules/cache/cache_util.c +index ec2d749..aec7b09 100644 +--- a/modules/cache/cache_util.c ++++ b/modules/cache/cache_util.c +@@ -27,41 +27,78 @@ extern module AP_MODULE_DECLARE_DATA cache_module; + /* Determine if "url" matches the hostname, scheme and port and path + * in "filter". All but the path comparisons are case-insensitive. + */ +-static int uri_meets_conditions(apr_uri_t filter, int pathlen, apr_uri_t url) +-{ +- /* Compare the hostnames */ +- if(filter.hostname) { +- if (!url.hostname) { +- return 0; +- } +- else if (strcasecmp(filter.hostname, url.hostname)) { +- return 0; +- } +- } ++static int uri_meets_conditions(const apr_uri_t filter, const int pathlen, ++ const apr_uri_t url) { ++ ++ /* Scheme, hostname port and local part. The filter URI and the ++ * URI we test may have the following shapes: ++ * / ++ * [:://[:][/]] ++ * That is, if there is no scheme then there must be only the path, ++ * and we check only the path; if there is a scheme, we check the ++ * scheme for equality, and then if present we match the hostname, ++ * and then if present match the port, and finally the path if any. ++ * ++ * Note that this means that "/" only matches local paths, ++ * and to match proxied paths one *must* specify the scheme. ++ */ + +- /* Compare the schemes */ +- if(filter.scheme) { +- if (!url.scheme) { +- return 0; +- } +- else if (strcasecmp(filter.scheme, url.scheme)) { ++ /* Is the filter is just for a local path or a proxy URI? */ ++ if (!filter.scheme) { ++ if (url.scheme || url.hostname) { + return 0; + } + } +- +- /* Compare the ports */ +- if(filter.port_str) { +- if (url.port_str && filter.port != url.port) { ++ else { ++ /* The URI scheme must be present and identical except for case. */ ++ if (!url.scheme || strcasecmp(filter.scheme, url.scheme)) { + return 0; + } +- /* NOTE: ap_port_of_scheme will return 0 if given NULL input */ +- else if (filter.port != apr_uri_port_of_scheme(url.scheme)) { +- return 0; ++ ++ /* If the filter hostname is null or empty it matches any hostname, ++ * if it begins with a "*" it matches the _end_ of the URI hostname ++ * excluding the "*", if it begins with a "." it matches the _end_ ++ * of the URI * hostname including the ".", otherwise it must match ++ * the URI hostname exactly. */ ++ ++ if (filter.hostname && filter.hostname[0]) { ++ if (filter.hostname[0] == '.') { ++ const size_t fhostlen = strlen(filter.hostname); ++ const size_t uhostlen = url.hostname ? strlen(url.hostname) : 0; ++ ++ if (fhostlen > uhostlen || strcasecmp(filter.hostname, ++ url.hostname + uhostlen - fhostlen)) { ++ return 0; ++ } ++ } ++ else if (filter.hostname[0] == '*') { ++ const size_t fhostlen = strlen(filter.hostname + 1); ++ const size_t uhostlen = url.hostname ? strlen(url.hostname) : 0; ++ ++ if (fhostlen > uhostlen || strcasecmp(filter.hostname + 1, ++ url.hostname + uhostlen - fhostlen)) { ++ return 0; ++ } ++ } ++ else if (!url.hostname || strcasecmp(filter.hostname, url.hostname)) { ++ return 0; ++ } + } +- } +- else if(url.port_str && filter.scheme) { +- if (apr_uri_port_of_scheme(filter.scheme) == url.port) { +- return 0; ++ ++ /* If the filter port is empty it matches any URL port. ++ * If the filter or URL port are missing, or the URL port is ++ * empty, they default to the port for their scheme. */ ++ ++ if (!(filter.port_str && !filter.port_str[0])) { ++ /* NOTE: ap_port_of_scheme will return 0 if given NULL input */ ++ const unsigned fport = filter.port_str ? filter.port ++ : apr_uri_port_of_scheme(filter.scheme); ++ const unsigned uport = (url.port_str && url.port_str[0]) ++ ? url.port : apr_uri_port_of_scheme(url.scheme); ++ ++ if (fport != uport) { ++ return 0; ++ } + } + } + --- apache2-2.2.14.orig/debian/config-dir/ports.conf +++ apache2-2.2.14/debian/config-dir/ports.conf @@ -0,0 +1,23 @@ +# If you just change the port or add more ports here, you will likely also +# have to change the VirtualHost statement in +# /etc/apache2/sites-enabled/000-default +# This is also true if you have upgraded from before 2.2.9-3 (i.e. from +# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and +# README.Debian.gz + +NameVirtualHost *:80 +Listen 80 + + + # If you add NameVirtualHost *:443 here, you will also have to change + # the VirtualHost statement in /etc/apache2/sites-available/default-ssl + # to + # Server Name Indication for SSL named virtual hosts is currently not + # supported by MSIE on Windows XP. + Listen 443 + + + + Listen 443 + + --- apache2-2.2.14.orig/debian/config-dir/apache2.conf +++ apache2-2.2.14/debian/config-dir/apache2.conf @@ -0,0 +1,236 @@ +# +# Based upon the NCSA server configuration files originally by Rob McCool. +# +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See http://httpd.apache.org/docs/2.2/ for detailed information about +# the directives. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# The configuration directives are grouped into three basic sections: +# 1. Directives that control the operation of the Apache server process as a +# whole (the 'global environment'). +# 2. Directives that define the parameters of the 'main' or 'default' server, +# which responds to requests that aren't handled by a virtual host. +# These directives also provide default values for the settings +# of all virtual hosts. +# 3. Settings for virtual hosts, which allow Web requests to be sent to +# different IP addresses or hostnames and have them handled by the +# same Apache server process. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "/var/log/apache2/foo.log" +# with ServerRoot set to "" will be interpreted by the +# server as "//var/log/apache2/foo.log". +# + +### Section 1: Global Environment +# +# The directives in this section affect the overall operation of Apache, +# such as the number of concurrent requests it can handle or where it +# can find its configuration files. +# + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the LockFile documentation (available +# at ); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +ServerRoot "/etc/apache2" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +# +# +LockFile /var/lock/apache2/accept.lock +# +# + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# This needs to be set in /etc/apache2/envvars +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 15 + +## +## Server-Pool Size Regulation (MPM specific) +## + +# prefork MPM +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# MaxClients: maximum number of server processes allowed to start +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxClients 150 + MaxRequestsPerChild 0 + + +# worker MPM +# StartServers: initial number of server processes to start +# MaxClients: maximum number of simultaneous client connections +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 150 + MaxRequestsPerChild 0 + + +# event MPM +# StartServers: initial number of server processes to start +# MaxClients: maximum number of simultaneous client connections +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers 2 + MaxClients 150 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxRequestsPerChild 0 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +# +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# + +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Order allow,deny + Deny from all + Satisfy all + + +# +# DefaultType is the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +# +DefaultType text/plain + + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog /var/log/apache2/error.log + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + +# Include module configuration: +Include /etc/apache2/mods-enabled/*.load +Include /etc/apache2/mods-enabled/*.conf + +# Include all the user configurations: +Include /etc/apache2/httpd.conf + +# Include ports listing +Include /etc/apache2/ports.conf + +# +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# +# Define an access log for VirtualHosts that don't define their own logfile +CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined + + +# Include of directories ignores editors' and dpkg's backup files, +# see README.Debian for details. + +# Include generic snippets of statements +Include /etc/apache2/conf.d/ + +# Include the virtual host configurations: +Include /etc/apache2/sites-enabled/ --- apache2-2.2.14.orig/debian/config-dir/magic +++ apache2-2.2.14/debian/config-dir/magic @@ -0,0 +1,935 @@ +# Magic data for mod_mime_magic (originally for file(1) command) +# +# The format is 4-5 columns: +# Column #1: byte number to begin checking from, ">" indicates continuation +# Column #2: type of data to match +# Column #3: contents of data to match +# Column #4: MIME type of result +# Column #5: MIME encoding of result (optional) + +#------------------------------------------------------------------------------ +# Localstuff: file(1) magic for locally observed files +# Add any locally observed files here. + +# Real Audio (Magic .ra\0375) +0 belong 0x2e7261fd audio/x-pn-realaudio +0 string .RMF application/vnd.rn-realmedia + +#video/x-pn-realvideo +#video/vnd.rn-realvideo +#application/vnd.rn-realmedia +# sigh, there are many mimes for that but the above are the most common. + +# Taken from magic, converted to magic.mime +# mime types according to http://www.geocities.com/nevilo/mod.htm: +# audio/it .it +# audio/x-zipped-it .itz +# audio/xm fasttracker modules +# audio/x-s3m screamtracker modules +# audio/s3m screamtracker modules +# audio/x-zipped-mod mdz +# audio/mod mod +# audio/x-mod All modules (mod, s3m, 669, mtm, med, xm, it, mdz, stm, itz, xmz, s3z) + +# Taken from loader code from mikmod version 2.14 +# by Steve McIntyre (stevem@chiark.greenend.org.uk) +# added title printing on 2003-06-24 +0 string MAS_UTrack_V00 +>14 string >/0 audio/x-mod +#audio/x-tracker-module + +#0 string UN05 MikMod UNI format module sound data + +0 string Extended\ Module: audio/x-mod +#audio/x-tracker-module +##>17 string >\0 Title: "%s" + +21 string/c \!SCREAM! audio/x-mod +#audio/x-screamtracker-module +21 string BMOD2STM audio/x-mod +#audio/x-screamtracker-module +1080 string M.K. audio/x-mod +#audio/x-protracker-module +#>0 string >\0 Title: "%s" +1080 string M!K! audio/x-mod +#audio/x-protracker-module +#>0 string >\0 Title: "%s" +1080 string FLT4 audio/x-mod +#audio/x-startracker-module +#>0 string >\0 Title: "%s" +1080 string FLT8 audio/x-mod +#audio/x-startracker-module +#>0 string >\0 Title: "%s" +1080 string 4CHN audio/x-mod +#audio/x-fasttracker-module +#>0 string >\0 Title: "%s" +1080 string 6CHN audio/x-mod +#audio/x-fasttracker-module +#>0 string >\0 Title: "%s" +1080 string 8CHN audio/x-mod +#audio/x-fasttracker-module +#>0 string >\0 Title: "%s" +1080 string CD81 audio/x-mod +#audio/x-oktalyzer-tracker-module +#>0 string >\0 Title: "%s" +1080 string OKTA audio/x-mod +#audio/x-oktalyzer-tracker-module +#>0 string >\0 Title: "%s" +# Not good enough. +#1082 string CH +#>1080 string >/0 %.2s-channel Fasttracker "oktalyzer" module sound data +1080 string 16CN audio/x-mod +#audio/x-taketracker-module +#>0 string >\0 Title: "%s" +1080 string 32CN audio/x-mod +#audio/x-taketracker-module +#>0 string >\0 Title: "%s" + +# Impuse tracker module (it) +0 string IMPM audio/x-mod +#>4 string >\0 "%s" +#>40 leshort !0 compatible w/ITv%x +#>42 leshort !0 created w/ITv%x + +#------------------------------------------------------------------------------ +# end local stuff +#------------------------------------------------------------------------------ + +# xml based formats! + +# svg + +0 string \38 string \<\!DOCTYPE\040svg image/svg+xml + + +# xml +0 string \2 short 0xbabe application/java + +#------------------------------------------------------------------------------ +# audio: file(1) magic for sound formats +# +# from Jan Nicolai Langfeldt , +# + +# Sun/NeXT audio data +0 string .snd +>12 belong 1 audio/basic +>12 belong 2 audio/basic +>12 belong 3 audio/basic +>12 belong 4 audio/basic +>12 belong 5 audio/basic +>12 belong 6 audio/basic +>12 belong 7 audio/basic + +>12 belong 23 audio/x-adpcm + +# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format +# that uses little-endian encoding and has a different magic number +# (0x0064732E in little-endian encoding). +0 lelong 0x0064732E +>12 lelong 1 audio/x-dec-basic +>12 lelong 2 audio/x-dec-basic +>12 lelong 3 audio/x-dec-basic +>12 lelong 4 audio/x-dec-basic +>12 lelong 5 audio/x-dec-basic +>12 lelong 6 audio/x-dec-basic +>12 lelong 7 audio/x-dec-basic +# compressed (G.721 ADPCM) +>12 lelong 23 audio/x-dec-adpcm + +# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" +# AIFF audio data +8 string AIFF audio/x-aiff +# AIFF-C audio data +8 string AIFC audio/x-aiff +# IFF/8SVX audio data +8 string 8SVX audio/x-aiff + + + +# Creative Labs AUDIO stuff +# Standard MIDI data +0 string MThd audio/unknown +#>9 byte >0 (format %d) +#>11 byte >1 using %d channels +# Creative Music (CMF) data +0 string CTMF audio/unknown +# SoundBlaster instrument data +0 string SBI audio/unknown +# Creative Labs voice data +0 string Creative\ Voice\ File audio/unknown +## is this next line right? it came this way... +#>19 byte 0x1A +#>23 byte >0 - version %d +#>22 byte >0 \b.%d + +# [GRR 950115: is this also Creative Labs? Guessing that first line +# should be string instead of unknown-endian long...] +#0 long 0x4e54524b MultiTrack sound data +#0 string NTRK MultiTrack sound data +#>4 long x - version %ld + +# Microsoft WAVE format (*.wav) +# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] +# Microsoft RIFF +0 string RIFF +# - WAVE format +>8 string WAVE audio/x-wav +>8 string/B AVI video/x-msvideo +# +>8 string CDRA image/x-coreldraw + +# AAC (aka MPEG-2 NBC) +0 beshort&0xfff6 0xfff0 audio/X-HX-AAC-ADTS +0 string ADIF audio/X-HX-AAC-ADIF +0 beshort&0xffe0 0x56e0 audio/MP4A-LATM +0 beshort 0x4De1 audio/MP4A-LATM + +# MPEG Layer 3 sound files +0 beshort&0xfffe =0xfffa audio/mpeg +#MP3 with ID3 tag +0 string ID3 audio/mpeg +# Ogg/Vorbis +0 string OggS application/ogg + +#------------------------------------------------------------------------------ +# c-lang: file(1) magic for C programs or various scripts +# + +# XPM icons (Greg Roelofs, newt@uchicago.edu) +# ideally should go into "images", but entries below would tag XPM as C source +0 string /*\ XPM image/x-xpmi 7bit + +# 3DS (3d Studio files) +#16 beshort 0x3d3d image/x-3ds + +# this first will upset you if you're a PL/1 shop... (are there any left?) +# in which case rm it; ascmagic will catch real C programs +# C or REXX program text +#0 string /* text/x-c +# C++ program text +#0 string // text/x-c++ + +#------------------------------------------------------------------------------ +# commands: file(1) magic for various shells and interpreters +# +#0 string :\ shell archive or commands for antique kernel text +0 string #!/bin/sh application/x-shellscript +0 string #!\ /bin/sh application/x-shellscript +0 string #!/bin/csh application/x-shellscript +0 string #!\ /bin/csh application/x-shellscript +# korn shell magic, sent by George Wu, gwu@clyde.att.com +0 string #!/bin/ksh application/x-shellscript +0 string #!\ /bin/ksh application/x-shellscript +0 string #!/bin/tcsh application/x-shellscript +0 string #!\ /bin/tcsh application/x-shellscript +0 string #!/usr/local/tcsh application/x-shellscript +0 string #!\ /usr/local/tcsh application/x-shellscript +0 string #!/usr/local/bin/tcsh application/x-shellscript +0 string #!\ /usr/local/bin/tcsh application/x-shellscript +# bash shell magic, from Peter Tobias (tobias@server.et-inf.fho-emden.de) +0 string #!/bin/bash application/x-shellscript +0 string #!\ /bin/bash application/x-shellscript +0 string #!/usr/local/bin/bash application/x-shellscript +0 string #!\ /usr/local/bin/bash application/x-shellscript + +# +# zsh/ash/ae/nawk/gawk magic from cameron@cs.unsw.oz.au (Cameron Simpson) +0 string #!/bin/zsh application/x-shellscript +0 string #!/usr/bin/zsh application/x-shellscript +0 string #!/usr/local/bin/zsh application/x-shellscript +0 string #!\ /usr/local/bin/zsh application/x-shellscript +0 string #!/usr/local/bin/ash application/x-shellscript +0 string #!\ /usr/local/bin/ash application/x-shellscript +#0 string #!/usr/local/bin/ae Neil Brown's ae +#0 string #!\ /usr/local/bin/ae Neil Brown's ae +0 string #!/bin/nawk application/x-nawk +0 string #!\ /bin/nawk application/x-nawk +0 string #!/usr/bin/nawk application/x-nawk +0 string #!\ /usr/bin/nawk application/x-nawk +0 string #!/usr/local/bin/nawk application/x-nawk +0 string #!\ /usr/local/bin/nawk application/x-nawk +0 string #!/bin/gawk application/x-gawk +0 string #!\ /bin/gawk application/x-gawk +0 string #!/usr/bin/gawk application/x-gawk +0 string #!\ /usr/bin/gawk application/x-gawk +0 string #!/usr/local/bin/gawk application/x-gawk +0 string #!\ /usr/local/bin/gawk application/x-gawk +# +0 string #!/bin/awk application/x-awk +0 string #!\ /bin/awk application/x-awk +0 string #!/usr/bin/awk application/x-awk +0 string #!\ /usr/bin/awk application/x-awk +# update to distinguish from *.vcf files by Joerg Jenderek: joerg dot jenderek at web dot de +#0 regex BEGIN[[:space:]]*[{] application/x-awk + +# For Larry Wall's perl language. The ``eval'' line recognizes an +# outrageously clever hack for USG systems. +# Keith Waclena +0 string #!/bin/perl application/x-perl +0 string #!\ /bin/perl application/x-perl +0 string eval\ "exec\ /bin/perl application/x-perl +0 string #!/usr/bin/perl application/x-perl +0 string #!\ /usr/bin/perl application/x-perl +0 string eval\ "exec\ /usr/bin/perl application/x-perl +0 string #!/usr/local/bin/perl application/x-perl +0 string #!\ /usr/local/bin/perl application/x-perl +0 string eval\ "exec\ /usr/local/bin/perl application/x-perl + +#------------------------------------------------------------------------------ +# compress: file(1) magic for pure-compression formats (no archives) +# +# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. +# +# Formats for various forms of compressed data +# Formats for "compress" proper have been moved into "compress.c", +# because it tries to uncompress it to figure out what's inside. + +# standard unix compress +#0 string \037\235 application/x-compress + +# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) +#0 string \037\213 application/x-gzip + +0 string PK\003\004 application/x-zip + +# RAR archiver (Greg Roelofs, newt@uchicago.edu) +0 string Rar! application/x-rar + +# According to gzip.h, this is the correct byte order for packed data. +0 string \037\036 application/octet-stream +# +# This magic number is byte-order-independent. +# +0 short 017437 application/octet-stream + +# XXX - why *two* entries for "compacted data", one of which is +# byte-order independent, and one of which is byte-order dependent? +# +# compacted data +0 short 0x1fff application/octet-stream +0 string \377\037 application/octet-stream +# huf output +0 short 0145405 application/octet-stream + +# Squeeze and Crunch... +# These numbers were gleaned from the Unix versions of the programs to +# handle these formats. Note that I can only uncrunch, not crunch, and +# I didn't have a crunched file handy, so the crunch number is untested. +# Keith Waclena +#0 leshort 0x76FF squeezed data (CP/M, DOS) +#0 leshort 0x76FE crunched data (CP/M, DOS) + +# Freeze +#0 string \037\237 Frozen file 2.1 +#0 string \037\236 Frozen file 1.0 (or gzip 0.5) + +# lzh? +#0 string \037\240 LZH compressed data + +257 string ustar\0 application/x-tar posix +257 string ustar\040\040\0 application/x-tar gnu + +0 short 070707 application/x-cpio +0 short 0143561 application/x-cpio swapped + +0 string = application/x-archive +0 string \! application/x-archive +>8 string debian application/x-debian-package + +#------------------------------------------------------------------------------ +# +# RPM: file(1) magic for Red Hat Packages Erik Troan (ewt@redhat.com) +# +0 beshort 0xedab +>2 beshort 0xeedb application/x-rpm + +0 lelong&0x8080ffff 0x0000081a application/x-arc lzw +0 lelong&0x8080ffff 0x0000091a application/x-arc squashed +0 lelong&0x8080ffff 0x0000021a application/x-arc uncompressed +0 lelong&0x8080ffff 0x0000031a application/x-arc packed +0 lelong&0x8080ffff 0x0000041a application/x-arc squeezed +0 lelong&0x8080ffff 0x0000061a application/x-arc crunched + +0 leshort 0xea60 application/x-arj + +# LHARC/LHA archiver (Greg Roelofs, newt@uchicago.edu) +2 string -lh0- application/x-lharc lh0 +2 string -lh1- application/x-lharc lh1 +2 string -lz4- application/x-lharc lz4 +2 string -lz5- application/x-lharc lz5 +# [never seen any but the last; -lh4- reported in comp.compression:] +2 string -lzs- application/x-lha lzs +2 string -lh\ - application/x-lha lh +2 string -lhd- application/x-lha lhd +2 string -lh2- application/x-lha lh2 +2 string -lh3- application/x-lha lh3 +2 string -lh4- application/x-lha lh4 +2 string -lh5- application/x-lha lh5 +2 string -lh6- application/x-lha lh6 +2 string -lh7- application/x-lha lh7 +# Shell archives +10 string #\ This\ is\ a\ shell\ archive application/octet-stream x-shell + +#------------------------------------------------------------------------------ +# frame: file(1) magic for FrameMaker files +# +# This stuff came on a FrameMaker demo tape, most of which is +# copyright, but this file is "published" as witness the following: +# +0 string \ +# +0 string/cB \14 byte 12 (OS/2 1.x format) +#>14 byte 64 (OS/2 2.x format) +#>14 byte 40 (Windows 3.x format) +#0 string IC icon +#0 string PI pointer +#0 string CI color icon +#0 string CP color pointer +#0 string BA bitmap array + +# CDROM Filesystems +32769 string CD001 application/x-iso9660 + +# Newer StuffIt archives (grant@netbsd.org) +0 string StuffIt application/x-stuffit +#>162 string >0 : %s + +# BinHex is the Macintosh ASCII-encoded file format (see also "apple") +# Daniel Quinlan, quinlan@yggdrasil.com +11 string must\ be\ converted\ with\ BinHex\ 4 application/mac-binhex40 +##>41 string x \b, version %.3s + + +#------------------------------------------------------------------------------ +# lisp: file(1) magic for lisp programs +# +# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) +0 string ;; text/plain 8bit +# Emacs 18 - this is always correct, but not very magical. +0 string \012( application/x-elc +# Emacs 19 +0 string ;ELC\023\000\000\000 application/x-elc + +#------------------------------------------------------------------------------ +# mail.news: file(1) magic for mail and news +# +# There are tests to ascmagic.c to cope with mail and news. +0 string Relay-Version: message/rfc822 7bit +0 string #!\ rnews message/rfc822 7bit +0 string N#!\ rnews message/rfc822 7bit +0 string Forward\ to message/rfc822 7bit +0 string Pipe\ to message/rfc822 7bit +0 string Return-Path: message/rfc822 7bit +0 string Received: message/rfc822 +0 string Path: message/news 8bit +0 string Xref: message/news 8bit +0 string From: message/rfc822 7bit +0 string Article message/news 8bit +#------------------------------------------------------------------------------ +# msword: file(1) magic for MS Word files +# +# Contributor claims: +# Reversed-engineered MS Word magic numbers +# + +0 string \376\067\0\043 application/msword +0 string \320\317\021\340\241\261 application/msword +0 string \333\245-\0\0\0 application/msword + + + +#------------------------------------------------------------------------------ +# printer: file(1) magic for printer-formatted files +# + +# PostScript +0 string %! application/postscript +0 string \004%! application/postscript + +# Acrobat +# (due to clamen@cs.cmu.edu) +0 string %PDF- application/pdf + +#------------------------------------------------------------------------------ +# sc: file(1) magic for "sc" spreadsheet +# +38 string Spreadsheet application/x-sc + +#------------------------------------------------------------------------------ +# tex: file(1) magic for TeX files +# +# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) +# +# From + +# Although we may know the offset of certain text fields in TeX DVI +# and font files, we can't use them reliably because they are not +# zero terminated. [but we do anyway, christos] +0 string \367\002 application/x-dvi +#0 string \367\203 TeX generic font data +#0 string \367\131 TeX packed font data +#0 string \367\312 TeX virtual font data +#0 string This\ is\ TeX, TeX transcript text +#0 string This\ is\ METAFONT, METAFONT transcript text + +# There is no way to detect TeX Font Metric (*.tfm) files without +# breaking them apart and reading the data. The following patterns +# match most *.tfm files generated by METAFONT or afm2tfm. +2 string \000\021 application/x-tex-tfm +2 string \000\022 application/x-tex-tfm +#>34 string >\0 (%s) + +# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) +0 string \\input\ texinfo text/x-texinfo +0 string This\ is\ Info\ file text/x-info + +# correct TeX magic for Linux (and maybe more) +# from Peter Tobias (tobias@server.et-inf.fho-emden.de) +# +0 leshort 0x02f7 application/x-dvi + +# RTF - Rich Text Format +0 string {\\rtf text/rtf + +#------------------------------------------------------------------------------ +# animation: file(1) magic for animation/movie formats +# +# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) +# MPEG file +# MPEG sequences +0 belong 0x000001BA +>4 byte &0x40 video/mp2p +>4 byte ^0x40 video/mpeg +0 belong 0x000001BB video/mpeg +0 belong 0x000001B0 video/mp4v-es +0 belong 0x000001B5 video/mp4v-es +0 belong 0x000001B3 video/mpv +0 belong&0xFF5FFF1F 0x47400010 video/mp2t +0 belong 0x00000001 +>4 byte&0x1F 0x07 video/h264 + +# FLI animation format +0 leshort 0xAF11 video/fli +# FLC animation format +0 leshort 0xAF12 video/flc +# +# SGI and Apple formats +# Added ISO mimes +0 string MOVI video/sgi +4 string moov video/quicktime +4 string mdat video/quicktime +4 string wide video/quicktime +4 string skip video/quicktime +4 string free video/quicktime +4 string idsc image/x-quicktime +4 string idat image/x-quicktime +4 string pckg application/x-quicktime +4 string/B jP image/jp2 +4 string ftyp +>8 string isom video/mp4 +>8 string mp41 video/mp4 +>8 string mp42 video/mp4 +>8 string/B jp2 image/jp2 +>8 string 3gp video/3gpp +>8 string avc1 video/3gpp +>8 string mmp4 video/mp4 +>8 string/B M4A audio/mp4 +>8 string/B qt video/quicktime +# The contributor claims: +# I couldn't find a real magic number for these, however, this +# -appears- to work. Note that it might catch other files, too, +# so BE CAREFUL! +# +# Note that title and author appear in the two 20-byte chunks +# at decimal offsets 2 and 22, respectively, but they are XOR'ed with +# 255 (hex FF)! DL format SUCKS BIG ROCKS. +# +# DL file version 1 , medium format (160x100, 4 images/screen) +0 byte 1 video/unknown +0 byte 2 video/unknown +# +# Databases +# +# GDBM magic numbers +# Will be maintained as part of the GDBM distribution in the future. +# +0 belong 0x13579ace application/x-gdbm +0 lelong 0x13579ace application/x-gdbm +0 string GDBM application/x-gdbm +# +0 belong 0x061561 application/x-dbm +# +# Executables +# +0 string \177ELF +>16 leshort 0 application/octet-stream +>16 leshort 1 application/x-object +>16 leshort 2 application/x-executable +>16 leshort 3 application/x-sharedlib +>16 leshort 4 application/x-coredump +>16 beshort 0 application/octet-stream +>16 beshort 1 application/x-object +>16 beshort 2 application/x-executable +>16 beshort 3 application/x-sharedlib +>16 beshort 4 application/x-coredump +# +# DOS +0 string MZ application/x-dosexec +# +# KDE +0 string [KDE\ Desktop\ Entry] application/x-kdelnk +0 string \#\ KDE\ Config\ File application/x-kdelnk +# xmcd database file for kscd +0 string \#\ xmcd text/xmcd + +#------------------------------------------------------------------------------ +# pkgadd: file(1) magic for SysV R4 PKG Datastreams +# +0 string #\ PaCkAgE\ DaTaStReAm application/x-svr4-package + +#PNG Image Format +0 string \x89PNG image/png + +# MNG Video Format, +0 string \x8aMNG video/x-mng +0 string \x8aJNG video/x-jng + +#------------------------------------------------------------------------------ +# Hierarchical Data Format, used to facilitate scientific data exchange +# specifications at http://hdf.ncsa.uiuc.edu/ +#Hierarchical Data Format (version 4) data +0 belong 0x0e031301 application/x-hdf +#Hierarchical Data Format (version 5) data +0 string \211HDF\r\n\032 application/x-hdf + +# Adobe Photoshop +0 string 8BPS image/x-photoshop + +# Felix von Leitner +0 string d8:announce application/x-bittorrent + + +# lotus 1-2-3 document +0 belong 0x00001a00 application/x-123 +0 belong 0x00000200 application/x-123 + +# MS Access database +4 string Standard\ Jet\ DB application/msaccess + +## magic for XBase files +#0 byte 0x02 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x03 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x04 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x05 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x30 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x43 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x7b +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x83 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x8b +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x8e +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0xb3 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0xf5 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 leshort 0x0006 application/x-dbt + +# Debian has entries for the old PGP formats: +# pgp: file(1) magic for Pretty Good Privacy +# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html +#text/PGP key public ring +0 beshort 0x9900 application/pgp +#text/PGP key security ring +0 beshort 0x9501 application/pgp +#text/PGP key security ring +0 beshort 0x9500 application/pgp +#text/PGP encrypted data +0 beshort 0xa600 application/pgp-encrypted +#text/PGP armored data +##public key block +2 string ---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK- application/pgp-keys +0 string -----BEGIN\040PGP\40MESSAGE- application/pgp +0 string -----BEGIN\040PGP\40SIGNATURE- application/pgp-signature +# +# GnuPG Magic: +# +# +#text/GnuPG key public ring +0 beshort 0x9901 application/pgp +#text/OpenPGP data +0 beshort 0x8501 application/pgp-encrypted + +# flash: file(1) magic for Macromedia Flash file format +# +# See +# +# http://www.macromedia.com/software/flash/open/ +# +0 string FWS +>3 byte x application/x-shockwave-flash + +# The following paramaters are created for Namazu. +# +# +# 1999/08/13 +#0 string \