From 1a4b7ee28bf7413af6513fb45ad0d0736048f866 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Sun, 16 Dec 2018 17:11:34 -0800 Subject: reset upstream subtrees to yocto 2.6 Reset the following subtrees on thud HEAD: poky: 87e3a9739d meta-openembedded: 6094ae18c8 meta-security: 31dc4e7532 meta-raspberrypi: a48743dc36 meta-xilinx: c42016e2e6 Also re-apply backports that didn't make it into thud: poky: 17726d0 systemd-systemctl-native: handle Install wildcards meta-openembedded: 4321a5d libtinyxml2: update to 7.0.1 042f0a3 libcereal: Add native and nativesdk classes e23284f libcereal: Allow empty package 030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG 179a1b9 gtest: update to 1.8.1 Squashed OpenBMC subtree compatibility updates: meta-aspeed: Brad Bishop (1): aspeed: add yocto 2.6 compatibility meta-ibm: Brad Bishop (1): ibm: prepare for yocto 2.6 meta-ingrasys: Brad Bishop (1): ingrasys: set layer compatibility to yocto 2.6 meta-openpower: Brad Bishop (1): openpower: set layer compatibility to yocto 2.6 meta-phosphor: Brad Bishop (3): phosphor: set layer compatibility to thud phosphor: libgpg-error: drop patches phosphor: react to fitimage artifact rename Ed Tanous (4): Dropbear: upgrade options for latest upgrade yocto2.6: update openssl options busybox: remove upstream watchdog patch systemd: Rebase CONFIG_CGROUP_BPF patch Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7 Signed-off-by: Brad Bishop --- .../recipes-httpd/apache2/apache2-native_2.4.29.bb | 45 -- .../recipes-httpd/apache2/apache2-native_2.4.34.bb | 46 ++ ...nfigure-use-pkg-config-for-PCRE-detection.patch | 51 ++ .../apache2/apache2/CVE-2018-11763.patch | 512 +++++++++++++++++++++ .../apache2/apache2/apache-configure_perlbin.patch | 25 +- .../apache2/apache2/apache-ssl-ltmain-rpath.patch | 81 ---- ...onfigure-allow-to-disable-selinux-support.patch | 38 ++ .../apache2/apache2/httpd-2.4.1-corelimit.patch | 18 +- .../apache2/apache2/httpd-2.4.1-selinux.patch | 27 +- ...httpd-2.4.3-fix-race-issue-of-dir-install.patch | 33 ++ .../apache2/apache2/httpd-2.4.4-export.patch | 20 +- .../replace-lynx-to-curl-in-apachectl-script.patch | 15 +- .../apache2/apache2/server-makefile.patch | 18 +- .../recipes-httpd/apache2/apache2_2.4.29.bb | 194 -------- .../recipes-httpd/apache2/apache2_2.4.34.bb | 200 ++++++++ ...nfigure-use-pkg-config-for-PCRE-detection.patch | 52 --- ...onfigure-allow-to-disable-selinux-support.patch | 40 -- ...httpd-2.4.3-fix-race-issue-of-dir-install.patch | 21 - .../recipes-httpd/hiawatha/hiawatha_10.7.bb | 4 +- .../meta-webserver/recipes-httpd/nginx/nginx.inc | 7 +- .../recipes-httpd/nginx/nginx_1.12.2.bb | 6 - .../recipes-httpd/nginx/nginx_1.13.9.bb | 10 - .../recipes-httpd/nginx/nginx_1.15.1.bb | 10 + .../recipes-httpd/nginx/nginx_1.15.2.bb | 6 + .../recipes-httpd/nostromo/nostromo_1.9.6.bb | 2 +- .../recipes-httpd/sthttpd/sthttpd_2.27.1.bb | 8 +- 26 files changed, 996 insertions(+), 493 deletions(-) delete mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.29.bb create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-configure-use-pkg-config-for-PCRE-detection.patch create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2018-11763.patch delete mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/configure-allow-to-disable-selinux-support.patch create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.3-fix-race-issue-of-dir-install.patch delete mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.29.bb create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb delete mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch delete mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/files/configure-allow-to-disable-selinux-support.patch delete mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch delete mode 100644 meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.12.2.bb delete mode 100644 meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.13.9.bb create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.1.bb create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.2.bb (limited to 'meta-openembedded/meta-webserver/recipes-httpd') diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.29.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.29.bb deleted file mode 100644 index 36f073c85b..0000000000 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.29.bb +++ /dev/null @@ -1,45 +0,0 @@ -DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ -extensible web server." -SUMMARY = "Apache HTTP Server" -HOMEPAGE = "http://httpd.apache.org/" -DEPENDS = "expat-native pcre-native apr-native apr-util-native" -SECTION = "net" -LICENSE = "Apache-2.0" - -inherit autotools pkgconfig native - -SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ - file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ - " - -S = "${WORKDIR}/httpd-${PV}" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=a62b0c7623826ff99766ff13fb9007f8" -SRC_URI[md5sum] = "0c599404ef6b69eee95bcd9fcd094407" -SRC_URI[sha256sum] = "777753a5a25568a2a27428b2214980564bc1c38c1abf9ccc7630b639991f7f00" - -EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ - --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ - --prefix=${prefix} --datadir=${datadir}/apache2 \ - " - -do_install () { - install -d ${D}${bindir} ${D}${libdir} - cp server/gen_test_char ${D}${bindir} - install -m 755 support/apxs ${D}${bindir}/ - install -m 755 httpd ${D}${bindir}/ - install -d ${D}${datadir}/apache2/build - cp ${S}/build/*.mk ${D}${datadir}/apache2/build - cp build/*.mk ${D}${datadir}/apache2/build - cp ${S}/build/instdso.sh ${D}${datadir}/apache2/build - - install -d ${D}${includedir}/apache2 - cp ${S}/include/* ${D}${includedir}/apache2 - cp include/* ${D}${includedir}/apache2 - cp ${S}/os/unix/os.h ${D}${includedir}/apache2 - cp ${S}/os/unix/unixd.h ${D}${includedir}/apache2 - - cp support/envvars-std ${D}${bindir}/envvars - chmod 755 ${D}${bindir}/envvars -} - diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb new file mode 100644 index 0000000000..4cc3845463 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.34.bb @@ -0,0 +1,46 @@ +DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ +extensible web server." +SUMMARY = "Apache HTTP Server" +HOMEPAGE = "http://httpd.apache.org/" +DEPENDS = "expat-native pcre-native apr-native apr-util-native" +SECTION = "net" +LICENSE = "Apache-2.0" + +inherit autotools pkgconfig native + +SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ + file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ + file://CVE-2018-11763.patch \ + " + +S = "${WORKDIR}/httpd-${PV}" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=d52d0fd0bc788f068e647116c01ddfcd" +SRC_URI[md5sum] = "818adca52f3be187fe45d6822755be95" +SRC_URI[sha256sum] = "fa53c95631febb08a9de41fd2864cfff815cf62d9306723ab0d4b8d7aa1638f0" + +EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ + --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ + --prefix=${prefix} --datadir=${datadir}/apache2 \ + " + +do_install () { + install -d ${D}${bindir} ${D}${libdir} + cp server/gen_test_char ${D}${bindir} + install -m 755 support/apxs ${D}${bindir}/ + install -m 755 httpd ${D}${bindir}/ + install -d ${D}${datadir}/apache2/build + cp ${S}/build/*.mk ${D}${datadir}/apache2/build + cp build/*.mk ${D}${datadir}/apache2/build + cp ${S}/build/instdso.sh ${D}${datadir}/apache2/build + + install -d ${D}${includedir}/apache2 + cp ${S}/include/* ${D}${includedir}/apache2 + cp include/* ${D}${includedir}/apache2 + cp ${S}/os/unix/os.h ${D}${includedir}/apache2 + cp ${S}/os/unix/unixd.h ${D}${includedir}/apache2 + + cp support/envvars-std ${D}${bindir}/envvars + chmod 755 ${D}${bindir}/envvars +} + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-configure-use-pkg-config-for-PCRE-detection.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-configure-use-pkg-config-for-PCRE-detection.patch new file mode 100644 index 0000000000..da38a8cfd7 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-configure-use-pkg-config-for-PCRE-detection.patch @@ -0,0 +1,51 @@ +From 419181e242892ded050f5a375a709b9588fb581d Mon Sep 17 00:00:00 2001 +From: Koen Kooi +Date: Tue, 17 Jun 2014 09:10:57 +0200 +Subject: [PATCH] configure: use pkg-config for PCRE detection + +Upstream-Status: Pending + +Signed-off-by: Koen Kooi + +--- + configure.in | 27 +++++---------------------- + 1 file changed, 5 insertions(+), 22 deletions(-) + +diff --git a/configure.in b/configure.in +index be7bd25..54dfd0d 100644 +--- a/configure.in ++++ b/configure.in +@@ -215,28 +215,11 @@ fi + AC_ARG_WITH(pcre, + APACHE_HELP_STRING(--with-pcre=PATH,Use external PCRE library)) + +-AC_PATH_PROG(PCRE_CONFIG, pcre-config, false) +-if test -d "$with_pcre" && test -x "$with_pcre/bin/pcre-config"; then +- PCRE_CONFIG=$with_pcre/bin/pcre-config +-elif test -x "$with_pcre"; then +- PCRE_CONFIG=$with_pcre +-fi +- +-if test "$PCRE_CONFIG" != "false"; then +- if $PCRE_CONFIG --version >/dev/null 2>&1; then :; else +- AC_MSG_ERROR([Did not find pcre-config script at $PCRE_CONFIG]) +- fi +- case `$PCRE_CONFIG --version` in +- [[1-5].*]) +- AC_MSG_ERROR([Need at least pcre version 6.0]) +- ;; +- esac +- AC_MSG_NOTICE([Using external PCRE library from $PCRE_CONFIG]) +- APR_ADDTO(PCRE_INCLUDES, [`$PCRE_CONFIG --cflags`]) +- APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs`]) +-else +- AC_MSG_ERROR([pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/]) +-fi ++PKG_CHECK_MODULES([PCRE], [libpcre], [ ++ AC_DEFINE([HAVE_PCRE], [1], [Define if you have PCRE library]) ++], [ ++ AC_MSG_ERROR([$PCRE_PKG_ERRORS]) ++]) + APACHE_SUBST(PCRE_LIBS) + + AC_MSG_NOTICE([]) diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2018-11763.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2018-11763.patch new file mode 100644 index 0000000000..a2c5b2e02a --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2018-11763.patch @@ -0,0 +1,512 @@ +From 484aba5048e3457dc1d15189f1910d007b1a4a76 Mon Sep 17 00:00:00 2001 +From: Jim Jagielski +Date: Wed, 12 Sep 2018 20:38:02 +0000 +Subject: [PATCH] Merge r1840010 from trunk: + +On the trunk: + +mod_http2: connection IO event handling reworked. Instead of reacting on + incoming bytes, the state machine now acts on incoming frames that are + affecting it. This reduces state transitions. + + +Submitted by: icing +Reviewed by: icing, ylavic, jim + + +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1840757 13f79535-47bb-0310-9956-ffa450edef68 +CVE: CVE-2018-11763 +Upstream-Status: Backport [https://github.com/apache/httpd/commit/484aba5048e3457dc1d15189f1910d007b1a4a76] + +Signed-off-by: Mingli Yu +--- + modules/http2/h2_session.c | 238 +++++++++++++++++++++++-------------- + modules/http2/h2_session.h | 7 +- + modules/http2/h2_version.h | 4 +- + 3 files changed, 158 insertions(+), 97 deletions(-) + +diff --git a/modules/http2/h2_session.c b/modules/http2/h2_session.c +index 805d6774dc..a1b31d2b30 100644 +--- a/modules/http2/h2_session.c ++++ b/modules/http2/h2_session.c +@@ -235,6 +235,7 @@ static int on_data_chunk_recv_cb(nghttp2_session *ngh2, uint8_t flags, + stream = h2_session_stream_get(session, stream_id); + if (stream) { + status = h2_stream_recv_DATA(stream, flags, data, len); ++ dispatch_event(session, H2_SESSION_EV_STREAM_CHANGE, 0, "stream data rcvd"); + } + else { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, APLOGNO(03064) +@@ -317,9 +318,9 @@ static int on_header_cb(nghttp2_session *ngh2, const nghttp2_frame *frame, + } + + /** +- * nghttp2 session has received a complete frame. Most, it uses +- * for processing of internal state. HEADER and DATA frames however +- * we need to handle ourself. ++ * nghttp2 session has received a complete frame. Most are used by nghttp2 ++ * for processing of internal state. Some, like HEADER and DATA frames, ++ * we need to act on. + */ + static int on_frame_recv_cb(nghttp2_session *ng2s, + const nghttp2_frame *frame, +@@ -378,6 +379,9 @@ static int on_frame_recv_cb(nghttp2_session *ng2s, + "h2_stream(%ld-%d): WINDOW_UPDATE incr=%d", + session->id, (int)frame->hd.stream_id, + frame->window_update.window_size_increment); ++ if (nghttp2_session_want_write(session->ngh2)) { ++ dispatch_event(session, H2_SESSION_EV_FRAME_RCVD, 0, "window update"); ++ } + break; + case NGHTTP2_RST_STREAM: + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, APLOGNO(03067) +@@ -404,6 +408,12 @@ static int on_frame_recv_cb(nghttp2_session *ng2s, + frame->goaway.error_code, NULL); + } + break; ++ case NGHTTP2_SETTINGS: ++ if (APLOGctrace2(session->c)) { ++ ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, session->c, ++ H2_SSSN_MSG(session, "SETTINGS, len=%ld"), (long)frame->hd.length); ++ } ++ break; + default: + if (APLOGctrace2(session->c)) { + char buffer[256]; +@@ -415,7 +425,40 @@ static int on_frame_recv_cb(nghttp2_session *ng2s, + } + break; + } +- return (APR_SUCCESS == rv)? 0 : NGHTTP2_ERR_PROTO; ++ ++ if (session->state == H2_SESSION_ST_IDLE) { ++ /* We received a frame, but session is in state IDLE. That means the frame ++ * did not really progress any of the (possibly) open streams. It was a meta ++ * frame, e.g. SETTINGS/WINDOW_UPDATE/unknown/etc. ++ * Remember: IDLE means we cannot send because either there are no streams open or ++ * all open streams are blocked on exhausted WINDOWs for outgoing data. ++ * The more frames we receive that do not change this, the less interested we ++ * become in serving this connection. This is expressed in increasing "idle_delays". ++ * Eventually, the connection will timeout and we'll close it. */ ++ session->idle_frames = H2MIN(session->idle_frames + 1, session->frames_received); ++ ap_log_cerror( APLOG_MARK, APLOG_TRACE2, 0, session->c, ++ H2_SSSN_MSG(session, "session has %ld idle frames"), ++ (long)session->idle_frames); ++ if (session->idle_frames > 10) { ++ apr_size_t busy_frames = H2MAX(session->frames_received - session->idle_frames, 1); ++ int idle_ratio = (int)(session->idle_frames / busy_frames); ++ if (idle_ratio > 100) { ++ session->idle_delay = apr_time_from_msec(H2MIN(1000, idle_ratio)); ++ } ++ else if (idle_ratio > 10) { ++ session->idle_delay = apr_time_from_msec(10); ++ } ++ else if (idle_ratio > 1) { ++ session->idle_delay = apr_time_from_msec(1); ++ } ++ else { ++ session->idle_delay = 0; ++ } ++ } ++ } ++ ++ if (APR_SUCCESS != rv) return NGHTTP2_ERR_PROTO; ++ return 0; + } + + static int h2_session_continue_data(h2_session *session) { +@@ -1603,23 +1646,57 @@ static void update_child_status(h2_session *session, int status, const char *msg + + static void transit(h2_session *session, const char *action, h2_session_state nstate) + { ++ apr_time_t timeout; ++ int ostate, loglvl; ++ const char *s; ++ + if (session->state != nstate) { +- int loglvl = APLOG_DEBUG; +- if ((session->state == H2_SESSION_ST_BUSY && nstate == H2_SESSION_ST_WAIT) +- || (session->state == H2_SESSION_ST_WAIT && nstate == H2_SESSION_ST_BUSY)){ ++ ostate = session->state; ++ session->state = nstate; ++ ++ loglvl = APLOG_DEBUG; ++ if ((ostate == H2_SESSION_ST_BUSY && nstate == H2_SESSION_ST_WAIT) ++ || (ostate == H2_SESSION_ST_WAIT && nstate == H2_SESSION_ST_BUSY)){ + loglvl = APLOG_TRACE1; + } + ap_log_cerror(APLOG_MARK, loglvl, 0, session->c, + H2_SSSN_LOG(APLOGNO(03078), session, + "transit [%s] -- %s --> [%s]"), +- h2_session_state_str(session->state), action, ++ h2_session_state_str(ostate), action, + h2_session_state_str(nstate)); +- session->state = nstate; ++ + switch (session->state) { + case H2_SESSION_ST_IDLE: +- update_child_status(session, (session->open_streams == 0? +- SERVER_BUSY_KEEPALIVE +- : SERVER_BUSY_READ), "idle"); ++ if (!session->remote.emitted_count) { ++ /* on fresh connections, with async mpm, do not return ++ * to mpm for a second. This gives the first request a better ++ * chance to arrive (und connection leaving IDLE state). ++ * If we return to mpm right away, this connection has the ++ * same chance of being cleaned up by the mpm as connections ++ * that already served requests - not fair. */ ++ session->idle_sync_until = apr_time_now() + apr_time_from_sec(1); ++ s = "timeout"; ++ timeout = H2MAX(session->s->timeout, session->s->keep_alive_timeout); ++ update_child_status(session, SERVER_BUSY_READ, "idle"); ++ ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, ++ H2_SSSN_LOG("", session, "enter idle, timeout = %d sec"), ++ (int)apr_time_sec(H2MAX(session->s->timeout, session->s->keep_alive_timeout))); ++ } ++ else if (session->open_streams) { ++ s = "timeout"; ++ timeout = session->s->keep_alive_timeout; ++ update_child_status(session, SERVER_BUSY_KEEPALIVE, "idle"); ++ } ++ else { ++ /* normal keepalive setup */ ++ s = "keepalive"; ++ timeout = session->s->keep_alive_timeout; ++ update_child_status(session, SERVER_BUSY_KEEPALIVE, "idle"); ++ } ++ session->idle_until = apr_time_now() + timeout; ++ ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, ++ H2_SSSN_LOG("", session, "enter idle, %s = %d sec"), ++ s, (int)apr_time_sec(timeout)); + break; + case H2_SESSION_ST_DONE: + update_child_status(session, SERVER_CLOSING, "done"); +@@ -1726,8 +1803,6 @@ static void h2_session_ev_no_io(h2_session *session, int arg, const char *msg) + * This means we only wait for WINDOW_UPDATE from the + * client and can block on READ. */ + transit(session, "no io (flow wait)", H2_SESSION_ST_IDLE); +- session->idle_until = apr_time_now() + session->s->timeout; +- session->keep_sync_until = session->idle_until; + /* Make sure we have flushed all previously written output + * so that the client will react. */ + if (h2_conn_io_flush(&session->io) != APR_SUCCESS) { +@@ -1738,12 +1813,7 @@ static void h2_session_ev_no_io(h2_session *session, int arg, const char *msg) + } + else if (session->local.accepting) { + /* When we have no streams, but accept new, switch to idle */ +- apr_time_t now = apr_time_now(); + transit(session, "no io (keepalive)", H2_SESSION_ST_IDLE); +- session->idle_until = (session->remote.emitted_count? +- session->s->keep_alive_timeout : +- session->s->timeout) + now; +- session->keep_sync_until = now + apr_time_from_sec(1); + } + else { + /* We are no longer accepting new streams and there are +@@ -1758,12 +1828,25 @@ static void h2_session_ev_no_io(h2_session *session, int arg, const char *msg) + } + } + +-static void h2_session_ev_data_read(h2_session *session, int arg, const char *msg) ++static void h2_session_ev_frame_rcvd(h2_session *session, int arg, const char *msg) ++{ ++ switch (session->state) { ++ case H2_SESSION_ST_IDLE: ++ case H2_SESSION_ST_WAIT: ++ transit(session, "frame received", H2_SESSION_ST_BUSY); ++ break; ++ default: ++ /* nop */ ++ break; ++ } ++} ++ ++static void h2_session_ev_stream_change(h2_session *session, int arg, const char *msg) + { + switch (session->state) { + case H2_SESSION_ST_IDLE: + case H2_SESSION_ST_WAIT: +- transit(session, "data read", H2_SESSION_ST_BUSY); ++ transit(session, "stream change", H2_SESSION_ST_BUSY); + break; + default: + /* nop */ +@@ -1803,16 +1886,6 @@ static void h2_session_ev_pre_close(h2_session *session, int arg, const char *ms + static void ev_stream_open(h2_session *session, h2_stream *stream) + { + h2_iq_append(session->in_process, stream->id); +- switch (session->state) { +- case H2_SESSION_ST_IDLE: +- if (session->open_streams == 1) { +- /* enter timeout, since we have a stream again */ +- session->idle_until = (session->s->timeout + apr_time_now()); +- } +- break; +- default: +- break; +- } + } + + static void ev_stream_closed(h2_session *session, h2_stream *stream) +@@ -1825,11 +1898,6 @@ static void ev_stream_closed(h2_session *session, h2_stream *stream) + } + switch (session->state) { + case H2_SESSION_ST_IDLE: +- if (session->open_streams == 0) { +- /* enter keepalive timeout, since we no longer have streams */ +- session->idle_until = (session->s->keep_alive_timeout +- + apr_time_now()); +- } + break; + default: + break; +@@ -1887,6 +1955,7 @@ static void on_stream_state_enter(void *ctx, h2_stream *stream) + default: + break; + } ++ dispatch_event(session, H2_SESSION_EV_STREAM_CHANGE, 0, "stream state change"); + } + + static void on_stream_event(void *ctx, h2_stream *stream, +@@ -1945,8 +2014,8 @@ static void dispatch_event(h2_session *session, h2_session_event_t ev, + case H2_SESSION_EV_NO_IO: + h2_session_ev_no_io(session, arg, msg); + break; +- case H2_SESSION_EV_DATA_READ: +- h2_session_ev_data_read(session, arg, msg); ++ case H2_SESSION_EV_FRAME_RCVD: ++ h2_session_ev_frame_rcvd(session, arg, msg); + break; + case H2_SESSION_EV_NGH2_DONE: + h2_session_ev_ngh2_done(session, arg, msg); +@@ -1957,6 +2026,9 @@ static void dispatch_event(h2_session *session, h2_session_event_t ev, + case H2_SESSION_EV_PRE_CLOSE: + h2_session_ev_pre_close(session, arg, msg); + break; ++ case H2_SESSION_EV_STREAM_CHANGE: ++ h2_session_ev_stream_change(session, arg, msg); ++ break; + default: + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, + H2_SSSN_MSG(session, "unknown event %d"), ev); +@@ -1990,13 +2062,15 @@ apr_status_t h2_session_process(h2_session *session, int async) + apr_status_t status = APR_SUCCESS; + conn_rec *c = session->c; + int rv, mpm_state, trace = APLOGctrace3(c); +- ++ apr_time_t now; ++ + if (trace) { + ap_log_cerror( APLOG_MARK, APLOG_TRACE3, status, c, + H2_SSSN_MSG(session, "process start, async=%d"), async); + } + + while (session->state != H2_SESSION_ST_DONE) { ++ now = apr_time_now(); + session->have_read = session->have_written = 0; + + if (session->local.accepting +@@ -2034,39 +2108,42 @@ apr_status_t h2_session_process(h2_session *session, int async) + break; + + case H2_SESSION_ST_IDLE: +- /* We trust our connection into the default timeout/keepalive +- * handling of the core filters/mpm iff: +- * - keep_sync_until is not set +- * - we have an async mpm +- * - we have no open streams to process +- * - we are not sitting on a Upgrade: request +- * - we already have seen at least one request +- */ +- if (!session->keep_sync_until && async && !session->open_streams +- && !session->r && session->remote.emitted_count) { ++ if (session->idle_until && (apr_time_now() + session->idle_delay) > session->idle_until) { ++ ap_log_cerror( APLOG_MARK, APLOG_TRACE1, status, c, ++ H2_SSSN_MSG(session, "idle, timeout reached, closing")); ++ if (session->idle_delay) { ++ apr_table_setn(session->c->notes, "short-lingering-close", "1"); ++ } ++ dispatch_event(session, H2_SESSION_EV_CONN_TIMEOUT, 0, "timeout"); ++ goto out; ++ } ++ ++ if (session->idle_delay) { ++ /* we are less interested in spending time on this connection */ ++ ap_log_cerror( APLOG_MARK, APLOG_TRACE2, status, c, ++ H2_SSSN_MSG(session, "session is idle (%ld ms), idle wait %ld sec left"), ++ (long)apr_time_as_msec(session->idle_delay), ++ (long)apr_time_sec(session->idle_until - now)); ++ apr_sleep(session->idle_delay); ++ session->idle_delay = 0; ++ } ++ ++ h2_conn_io_flush(&session->io); ++ if (async && !session->r && (now > session->idle_sync_until)) { + if (trace) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE3, status, c, + H2_SSSN_MSG(session, + "nonblock read, %d streams open"), + session->open_streams); + } +- h2_conn_io_flush(&session->io); + status = h2_session_read(session, 0); + + if (status == APR_SUCCESS) { + session->have_read = 1; +- dispatch_event(session, H2_SESSION_EV_DATA_READ, 0, NULL); + } +- else if (APR_STATUS_IS_EAGAIN(status) +- || APR_STATUS_IS_TIMEUP(status)) { +- if (apr_time_now() > session->idle_until) { +- dispatch_event(session, +- H2_SESSION_EV_CONN_TIMEOUT, 0, NULL); +- } +- else { +- status = APR_EAGAIN; +- goto out; +- } ++ else if (APR_STATUS_IS_EAGAIN(status) || APR_STATUS_IS_TIMEUP(status)) { ++ status = APR_EAGAIN; ++ goto out; + } + else { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, c, +@@ -2078,7 +2155,6 @@ apr_status_t h2_session_process(h2_session *session, int async) + } + else { + /* make certain, we send everything before we idle */ +- h2_conn_io_flush(&session->io); + if (trace) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE3, status, c, + H2_SSSN_MSG(session, +@@ -2090,7 +2166,6 @@ apr_status_t h2_session_process(h2_session *session, int async) + */ + status = h2_mplx_idle(session->mplx); + if (status == APR_EAGAIN) { +- dispatch_event(session, H2_SESSION_EV_DATA_READ, 0, NULL); + break; + } + else if (status != APR_SUCCESS) { +@@ -2101,33 +2176,11 @@ apr_status_t h2_session_process(h2_session *session, int async) + status = h2_session_read(session, 1); + if (status == APR_SUCCESS) { + session->have_read = 1; +- dispatch_event(session, H2_SESSION_EV_DATA_READ, 0, NULL); + } + else if (status == APR_EAGAIN) { + /* nothing to read */ + } + else if (APR_STATUS_IS_TIMEUP(status)) { +- apr_time_t now = apr_time_now(); +- if (now > session->keep_sync_until) { +- /* if we are on an async mpm, now is the time that +- * we may dare to pass control to it. */ +- session->keep_sync_until = 0; +- } +- if (now > session->idle_until) { +- if (trace) { +- ap_log_cerror(APLOG_MARK, APLOG_TRACE3, status, c, +- H2_SSSN_MSG(session, +- "keepalive timeout")); +- } +- dispatch_event(session, +- H2_SESSION_EV_CONN_TIMEOUT, 0, "timeout"); +- } +- else if (trace) { +- ap_log_cerror(APLOG_MARK, APLOG_TRACE3, status, c, +- H2_SSSN_MSG(session, +- "keepalive, %f sec left"), +- (session->idle_until - now) / 1000000.0f); +- } + /* continue reading handling */ + } + else if (APR_STATUS_IS_ECONNABORTED(status) +@@ -2145,6 +2198,18 @@ apr_status_t h2_session_process(h2_session *session, int async) + dispatch_event(session, H2_SESSION_EV_CONN_ERROR, 0, "error"); + } + } ++ if (nghttp2_session_want_write(session->ngh2)) { ++ ap_update_child_status(session->c->sbh, SERVER_BUSY_WRITE, NULL); ++ status = h2_session_send(session); ++ if (status == APR_SUCCESS) { ++ status = h2_conn_io_flush(&session->io); ++ } ++ if (status != APR_SUCCESS) { ++ dispatch_event(session, H2_SESSION_EV_CONN_ERROR, ++ H2_ERR_INTERNAL_ERROR, "writing"); ++ break; ++ } ++ } + break; + + case H2_SESSION_ST_BUSY: +@@ -2154,7 +2219,6 @@ apr_status_t h2_session_process(h2_session *session, int async) + status = h2_session_read(session, 0); + if (status == APR_SUCCESS) { + session->have_read = 1; +- dispatch_event(session, H2_SESSION_EV_DATA_READ, 0, NULL); + } + else if (status == APR_EAGAIN) { + /* nothing to read */ +@@ -2218,7 +2282,7 @@ apr_status_t h2_session_process(h2_session *session, int async) + session->iowait); + if (status == APR_SUCCESS) { + session->wait_us = 0; +- dispatch_event(session, H2_SESSION_EV_DATA_READ, 0, NULL); ++ dispatch_event(session, H2_SESSION_EV_STREAM_CHANGE, 0, NULL); + } + else if (APR_STATUS_IS_TIMEUP(status)) { + /* go back to checking all inputs again */ +diff --git a/modules/http2/h2_session.h b/modules/http2/h2_session.h +index 486938b009..df2a862445 100644 +--- a/modules/http2/h2_session.h ++++ b/modules/http2/h2_session.h +@@ -66,10 +66,11 @@ typedef enum { + H2_SESSION_EV_PROTO_ERROR, /* protocol error */ + H2_SESSION_EV_CONN_TIMEOUT, /* connection timeout */ + H2_SESSION_EV_NO_IO, /* nothing has been read or written */ +- H2_SESSION_EV_DATA_READ, /* connection data has been read */ ++ H2_SESSION_EV_FRAME_RCVD, /* a frame has been received */ + H2_SESSION_EV_NGH2_DONE, /* nghttp2 wants neither read nor write anything */ + H2_SESSION_EV_MPM_STOPPING, /* the process is stopping */ + H2_SESSION_EV_PRE_CLOSE, /* connection will close after this */ ++ H2_SESSION_EV_STREAM_CHANGE, /* a stream (state/input/output) changed */ + } h2_session_event_t; + + typedef struct h2_session { +@@ -118,7 +119,9 @@ typedef struct h2_session { + apr_size_t max_stream_mem; /* max buffer memory for a single stream */ + + apr_time_t idle_until; /* Time we shut down due to sheer boredom */ +- apr_time_t keep_sync_until; /* Time we sync wait until passing to async mpm */ ++ apr_time_t idle_sync_until; /* Time we sync wait until keepalive handling kicks in */ ++ apr_size_t idle_frames; /* number of rcvd frames that kept session in idle state */ ++ apr_interval_time_t idle_delay; /* Time we delay processing rcvd frames in idle state */ + + apr_bucket_brigade *bbtmp; /* brigade for keeping temporary data */ + struct apr_thread_cond_t *iowait; /* our cond when trywaiting for data */ +diff --git a/modules/http2/h2_version.h b/modules/http2/h2_version.h +index 5c53abd575..2ac718fc0f 100644 +--- a/modules/http2/h2_version.h ++++ b/modules/http2/h2_version.h +@@ -27,7 +27,7 @@ + * @macro + * Version number of the http2 module as c string + */ +-#define MOD_HTTP2_VERSION "1.10.20" ++#define MOD_HTTP2_VERSION "1.11.0" + + /** + * @macro +@@ -35,7 +35,7 @@ + * release. This is a 24 bit number with 8 bits for major number, 8 bits + * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. + */ +-#define MOD_HTTP2_VERSION_NUM 0x010a14 ++#define MOD_HTTP2_VERSION_NUM 0x010b00 + + + #endif /* mod_h2_h2_version_h */ +-- +2.17.1 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch index 92c53f31d7..a2bc6e02c9 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch @@ -1,14 +1,19 @@ -# Author: echo -# Date: April 28 2009 -# Summary:Fix perl install directory to /usr/bin -# -# Upstream-Status: Inappropriate [configuration] +From 5412077c398dec74321388fe6e593a44c4c80de6 Mon Sep 17 00:00:00 2001 +From: echo +Date: Tue, 28 Apr 2009 03:11:06 +0000 +Subject: [PATCH] Fix perl install directory to /usr/bin -Index: httpd-2.4.29/configure.in -=================================================================== ---- httpd-2.4.29.orig/configure.in -+++ httpd-2.4.29/configure.in -@@ -855,10 +855,7 @@ AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, " +Upstream-Status: Inappropriate [configuration] + +--- + configure.in | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/configure.in b/configure.in +index d828512..be7bd25 100644 +--- a/configure.in ++++ b/configure.in +@@ -855,10 +855,7 @@ AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf", AC_DEFINE_UNQUOTED(AP_TYPES_CONFIG_FILE, "${rel_sysconfdir}/mime.types", [Location of the MIME types config file, relative to the Apache root directory]) diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch deleted file mode 100644 index f13da91f39..0000000000 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch +++ /dev/null @@ -1,81 +0,0 @@ - build/ltmain.sh | 32 +++++++++++++++++++++++++++----- - 1 file changed, 27 insertions(+), 5 deletions(-) - -Index: httpd-2.4.29/build/ltmain.sh -=================================================================== ---- httpd-2.4.29.orig/build/ltmain.sh -+++ httpd-2.4.29/build/ltmain.sh -@@ -6969,7 +6969,7 @@ func_mode_link () - dir=$func_resolve_sysroot_result - # We need an absolute path. - case $dir in -- [\\/]* | [A-Za-z]:[\\/]*) ;; -+ =* | [\\/]* | [A-Za-z]:[\\/]*) ;; - *) - absdir=`cd "$dir" && pwd` - test -z "$absdir" && \ -@@ -8167,7 +8167,7 @@ func_mode_link () - $ECHO "*** $linklib is not portable!" - fi - if test lib = "$linkmode" && -- test yes = "$hardcode_into_libs"; then -+ test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then - # Hardcode the library path. - # Skip directories that are in the system default run-time - # search path. -@@ -8434,7 +8434,7 @@ func_mode_link () - - if test lib = "$linkmode"; then - if test -n "$dependency_libs" && -- { test yes != "$hardcode_into_libs" || -+ { test yes != "$hardcode_into_libs" || test "x$wrs_use_rpaths" != "xyes" || - test yes = "$build_old_libs" || - test yes = "$link_static"; }; then - # Extract -R from dependency_libs -@@ -9086,7 +9086,8 @@ func_mode_link () - *) func_append finalize_rpath " $libdir" ;; - esac - done -- if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then -+ if test yes != "$hardcode_into_libs" || test "x$wrs_use_rpaths" != "xyes" || -+ test yes = "$build_old_libs"; then - dependency_libs="$temp_xrpath $dependency_libs" - fi - fi -@@ -9534,7 +9535,7 @@ EOF - case $archive_cmds in - *\$LD\ *) wl= ;; - esac -- if test yes = "$hardcode_into_libs"; then -+ if test yes = "$hardcode_into_libs" && test "x$wrs_use_rpaths" = "xyes"; then - # Hardcode the library paths - hardcode_libdirs= - dep_rpath= -@@ -10272,6 +10273,27 @@ EOF - # Now hardcode the library paths - rpath= - hardcode_libdirs= -+ -+ # short circuit putting rpaths in executables -+ # -+ if test "x$wrs_use_rpaths" != "xyes" ; then -+ flag= -+ for libdir in $compile_rpath; do -+ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in -+ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; -+ esac -+ done -+ compile_rpath="$flag" -+ -+ flag= -+ for libdir in $finalize_rpath; do -+ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in -+ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; -+ esac -+ done -+ finalize_rpath="$flag" -+ fi -+ - for libdir in $compile_rpath $finalize_rpath; do - if test -n "$hardcode_libdir_flag_spec"; then - if test -n "$hardcode_libdir_separator"; then diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/configure-allow-to-disable-selinux-support.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/configure-allow-to-disable-selinux-support.patch new file mode 100644 index 0000000000..a6ccfb6a87 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/configure-allow-to-disable-selinux-support.patch @@ -0,0 +1,38 @@ +From 166cbc02f72d13d5e7bf08ac2351c0f07e1ff4b9 Mon Sep 17 00:00:00 2001 +From: Wenzong Fan +Date: Mon, 1 Dec 2014 02:08:27 -0500 +Subject: [PATCH] apache2: allow to disable selinux support + +Upstream-Status: Pending + +Signed-off-by: Wenzong Fan + +--- + configure.in | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/configure.in b/configure.in +index 54dfd0d..377e062 100644 +--- a/configure.in ++++ b/configure.in +@@ -466,10 +466,16 @@ getloadavg + dnl confirm that a void pointer is large enough to store a long integer + APACHE_CHECK_VOID_PTR_LEN + +-AC_CHECK_LIB(selinux, is_selinux_enabled, [ +- AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) +- APR_ADDTO(AP_LIBS, [-lselinux]) +-]) ++# SELinux support ++AC_ARG_ENABLE(selinux,APACHE_HELP_STRING(--enable-selinux,Enable SELinux support [default=auto]), ++ [],[enable_selinux=auto]) ++ ++if test x$enable_selinux != xno; then ++ AC_CHECK_LIB(selinux, is_selinux_enabled, [ ++ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) ++ APR_ADDTO(AP_LIBS, [-lselinux]) ++ ]) ++fi + + AC_CACHE_CHECK([for gettid()], ac_cv_gettid, + [AC_TRY_RUN(#define _GNU_SOURCE diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch index 18e4107ec7..ae4ff0c5ec 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch @@ -1,15 +1,25 @@ +From 55ebb07cc57854cbfb372c3a688365039b809bc8 Mon Sep 17 00:00:00 2001 +From: Paul Eggleton +Date: Tue, 17 Jul 2012 11:27:39 +0100 +Subject: [PATCH] apache2: add from OE-Classic, update to version 2.4.2 and fix Bump up the core size limit if CoreDumpDirectory is configured. -Upstream-Status: Pending +Upstream-Status: Pending Note: upstreaming was discussed but there are competing desires; there are portability oddities here too. ---- httpd-2.4.1/server/core.c.corelimit -+++ httpd-2.4.1/server/core.c -@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t * +--- + server/core.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/server/core.c b/server/core.c +index 4af0816..4fd2b9f 100644 +--- a/server/core.c ++++ b/server/core.c +@@ -4940,6 +4940,25 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte } apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper, apr_pool_cleanup_null); diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch index 873328d9b5..015034c75f 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch @@ -1,3 +1,7 @@ +From 33c0f2d88ccfe02777f183eb785bb2b891aff168 Mon Sep 17 00:00:00 2001 +From: Paul Eggleton +Date: Tue, 17 Jul 2012 11:27:39 +0100 +Subject: [PATCH] Log the SELinux context at startup. Log the SELinux context at startup. @@ -5,9 +9,16 @@ Upstream-Status: Inappropriate [other] Note: unlikely to be any interest in this upstream ---- httpd-2.4.1/configure.in.selinux -+++ httpd-2.4.1/configure.in -@@ -458,6 +458,11 @@ fopen64 +--- + configure.in | 5 +++++ + server/core.c | 26 ++++++++++++++++++++++++++ + 2 files changed, 31 insertions(+) + +diff --git a/configure.in b/configure.in +index 761e836..d828512 100644 +--- a/configure.in ++++ b/configure.in +@@ -483,6 +483,11 @@ getloadavg dnl confirm that a void pointer is large enough to store a long integer APACHE_CHECK_VOID_PTR_LEN @@ -19,9 +30,11 @@ Note: unlikely to be any interest in this upstream AC_CACHE_CHECK([for gettid()], ac_cv_gettid, [AC_TRY_RUN(#define _GNU_SOURCE #include ---- httpd-2.4.1/server/core.c.selinux -+++ httpd-2.4.1/server/core.c -@@ -58,6 +58,10 @@ +diff --git a/server/core.c b/server/core.c +index 4fd2b9f..c61304a 100644 +--- a/server/core.c ++++ b/server/core.c +@@ -59,6 +59,10 @@ #include #endif @@ -32,7 +45,7 @@ Note: unlikely to be any interest in this upstream /* LimitRequestBody handling */ #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) -@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * +@@ -4959,6 +4963,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte } #endif diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.3-fix-race-issue-of-dir-install.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.3-fix-race-issue-of-dir-install.patch new file mode 100644 index 0000000000..2262e9f878 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.3-fix-race-issue-of-dir-install.patch @@ -0,0 +1,33 @@ +From 3b079a9df7582e305246fd805837d87a2c4ef534 Mon Sep 17 00:00:00 2001 +From: Zhenhua Luo +Date: Fri, 25 Jan 2013 18:10:50 +0800 +Subject: [PATCH] apache2: fix the race issue of parallel installation + +Upstream-Status: Pending + +fix following race issue when do parallel install +| mkdir: cannot create directory `/home/mypc/workspace/poky/build_p4080ds_release/tmp/work/ppce500mc-fsl_networking-linux/apache2/2.4.3-r1/image/usr/share/apache2': File exists +... +| mkdir: cannot create directory `/home/mypc/workspace/poky/build_p4080ds_release/tmp/work/ppce500mc-fsl_networking-linux/apache2/2.4.3-r1/image/usr/share/apache2': File exists +| make[1]: *** [install-man] Error 1 +| make[1]: *** Waiting for unfinished jobs.... + +Signed-off-by: Zhenhua Luo + +--- + build/mkdir.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/build/mkdir.sh b/build/mkdir.sh +index e2d5bb6..dde5ae0 100755 +--- a/build/mkdir.sh ++++ b/build/mkdir.sh +@@ -39,7 +39,7 @@ for file in ${1+"$@"} ; do + esac + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" 1>&2 +- mkdir "$pathcomp" || errstatus=$? ++ mkdir -p "$pathcomp" || errstatus=$? + fi + pathcomp="$pathcomp/" + done diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch index afbed8e550..843226c0cf 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch @@ -1,19 +1,27 @@ +From a5627edbcc88cd50caaa42ca051ac7ed3d870172 Mon Sep 17 00:00:00 2001 +From: Paul Eggleton +Date: Tue, 17 Jul 2012 11:27:39 +0100 +Subject: [PATCH] apache2: add from OE-Classic, update to version 2.4.2 and fix There is no need to "suck in" the apr/apr-util symbols when using a shared libapr{,util}, it just bloats the symbol table; so don't. -Upstream-HEAD: needed -Upstream-2.0: omit Upstream-Status: Pending Note: EXPORT_DIRS change is conditional on using shared apr ---- httpd-2.4.4/server/Makefile.in.export -+++ httpd-2.4.4/server/Makefile.in -@@ -57,9 +57,6 @@ export_files: - ( for dir in $(EXPORT_DIRS); do \ +--- + server/Makefile.in | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/server/Makefile.in b/server/Makefile.in +index cb11684..0d48924 100644 +--- a/server/Makefile.in ++++ b/server/Makefile.in +@@ -60,9 +60,6 @@ export_files: ls $$dir/*.h ; \ done; \ + echo "$(top_srcdir)/server/mpm_fdqueue.h"; \ - for dir in $(EXPORT_DIRS_APR); do \ - ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ - done; \ diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch index e4e01b2af6..020f1d7979 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch @@ -1,4 +1,4 @@ -From 760ccbb2fb046621a2aeaecabb2b1ef9aa280cf1 Mon Sep 17 00:00:00 2001 +From 94a9e2241ea27e75babbfdeb38043b13049e23b0 Mon Sep 17 00:00:00 2001 From: Yulong Pei Date: Thu, 1 Sep 2011 01:03:14 +0800 Subject: [PATCH] replace lynx to curl in apachectl script @@ -6,14 +6,15 @@ Subject: [PATCH] replace lynx to curl in apachectl script Upstream-Status: Inappropriate [configuration] Signed-off-by: Yulong Pei + --- - support/apachectl.in | 14 ++++++++++---- - 1 files changed, 10 insertions(+), 4 deletions(-) + support/apachectl.in | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) -Index: httpd-2.4.29/support/apachectl.in -=================================================================== ---- httpd-2.4.29.orig/support/apachectl.in -+++ httpd-2.4.29/support/apachectl.in +diff --git a/support/apachectl.in b/support/apachectl.in +index 3281c2e..6ab4ba5 100644 +--- a/support/apachectl.in ++++ b/support/apachectl.in @@ -52,11 +52,11 @@ fi # a command that outputs a formatted text version of the HTML at the # url given on the command line. Designed for lynx, however other diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch index f1349cb6a4..5476d4f328 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch @@ -1,6 +1,18 @@ ---- http-2.0.54/server/Makefile.in-old 2005-12-20 13:26:56.000000000 -0500 -+++ http-2.0.54/server/Makefile.in 2005-12-20 13:27:22.000000000 -0500 -@@ -27,7 +27,7 @@ +From aa02bbfd8f16871db5563a95fa94dd170964949f Mon Sep 17 00:00:00 2001 +From: Paul Eggleton +Date: Tue, 17 Jul 2012 11:27:39 +0100 + +Upstream-Status: Inappropriate [embedded specific] + +--- + server/Makefile.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/server/Makefile.in b/server/Makefile.in +index 1fa3344..cb11684 100644 +--- a/server/Makefile.in ++++ b/server/Makefile.in +@@ -29,7 +29,7 @@ gen_test_char: $(gen_test_char_OBJECTS) $(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS) test_char.h: gen_test_char diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.29.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.29.bb deleted file mode 100644 index f0298b91ab..0000000000 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.29.bb +++ /dev/null @@ -1,194 +0,0 @@ -DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ -extensible web server." -SUMMARY = "Apache HTTP Server" -HOMEPAGE = "http://httpd.apache.org/" -DEPENDS = "libtool-native apache2-native openssl expat pcre apr apr-util" -SECTION = "net" -LICENSE = "Apache-2.0" - -SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ - file://server-makefile.patch \ - file://httpd-2.4.1-corelimit.patch \ - file://httpd-2.4.4-export.patch \ - file://httpd-2.4.1-selinux.patch \ - file://apache-configure_perlbin.patch \ - file://replace-lynx-to-curl-in-apachectl-script.patch \ - file://apache-ssl-ltmain-rpath.patch \ - file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \ - file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ - file://configure-allow-to-disable-selinux-support.patch \ - file://init \ - file://apache2-volatile.conf \ - file://apache2.service \ - file://volatiles.04_apache2 \ - " - -LIC_FILES_CHKSUM = "file://LICENSE;md5=a62b0c7623826ff99766ff13fb9007f8" -SRC_URI[md5sum] = "0c599404ef6b69eee95bcd9fcd094407" -SRC_URI[sha256sum] = "777753a5a25568a2a27428b2214980564bc1c38c1abf9ccc7630b639991f7f00" - -S = "${WORKDIR}/httpd-${PV}" - -inherit autotools update-rc.d pkgconfig systemd - -SYSTEMD_SERVICE_${PN} = "apache2.service" -SYSTEMD_AUTO_ENABLE_${PN} = "disable" - -SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" - -CFLAGS_append = " -DPATH_MAX=4096" -CFLAGS_prepend = "-I${STAGING_INCDIR}/openssl " -EXTRA_OECONF = "--enable-ssl \ - --with-ssl=${STAGING_LIBDIR}/.. \ - --with-expat=${STAGING_LIBDIR}/.. \ - --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ - --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ - --enable-info \ - --enable-rewrite \ - --with-dbm=sdbm \ - --with-berkeley-db=no \ - --localstatedir=/var/${BPN} \ - --with-gdbm=no \ - --with-ndbm=no \ - --includedir=${includedir}/${BPN} \ - --datadir=${datadir}/${BPN} \ - --sysconfdir=${sysconfdir}/${BPN} \ - --libexecdir=${libdir}/${BPN}/modules \ - ap_cv_void_ptr_lt_long=no \ - --enable-mpms-shared \ - ac_cv_have_threadsafe_pollset=no" - -PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" -PACKAGECONFIG[selinux] = "--enable-selinux --enable-layout=Debian --prefix=${base_prefix}/,--disable-selinux,libselinux,libselinux" -PACKAGECONFIG[openldap] = "--enable-ldap --enable-authnz-ldap,--disable-ldap --disable-authnz-ldap,openldap" - -do_configure_prepend() { - sed -i -e 's:$''{prefix}/usr/lib/cgi-bin:$''{libdir}/cgi-bin:g' ${S}/config.layout -} - -do_install_append() { - install -d ${D}/${sysconfdir}/init.d - cat ${WORKDIR}/init | \ - sed -e 's,/usr/sbin/,${sbindir}/,g' \ - -e 's,/usr/bin/,${bindir}/,g' \ - -e 's,/usr/lib,${libdir}/,g' \ - -e 's,/etc/,${sysconfdir}/,g' \ - -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${BPN} - chmod 755 ${D}/${sysconfdir}/init.d/${BPN} - # remove the goofy original files... - rm -rf ${D}/${sysconfdir}/${BPN}/original - # Expat should be found in the staging area via DEPENDS... - rm -f ${D}/${libdir}/libexpat.* - - install -d ${D}${sysconfdir}/${BPN}/conf.d - install -d ${D}${sysconfdir}/${BPN}/modules.d - - # Ensure configuration file pulls in conf.d and modules.d - printf "\nIncludeOptional ${sysconfdir}/${BPN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${BPN}/httpd.conf - printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.load" >> ${D}/${sysconfdir}/${BPN}/httpd.conf - printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${BPN}/httpd.conf - # match with that is in init script - printf "\nPidFile /run/httpd.pid" >> ${D}/${sysconfdir}/${BPN}/httpd.conf - # Set 'ServerName' to fix error messages when restart apache service - sed -i 's/^#ServerName www.example.com/ServerName localhost/' ${D}/${sysconfdir}/${BPN}/httpd.conf - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d/ - install -m 0644 ${WORKDIR}/apache2-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ - elif ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/default/volatiles - install -m 0644 ${WORKDIR}/volatiles.04_apache2 ${D}${sysconfdir}/default/volatiles/04_apache2 - fi - - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/apache2.service ${D}${systemd_unitdir}/system - sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/apache2.service - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' ${D}${systemd_unitdir}/system/apache2.service - - chown -R root:root ${D} -} - -do_install_append_class-target() { - sed -i -e 's,${STAGING_DIR_HOST},,g' \ - -e 's,APU_INCLUDEDIR = .*,APU_INCLUDEDIR = ,g' \ - -e 's,APU_CONFIG = .*,APU_CONFIG = ,g' ${D}${datadir}/apache2/build/config_vars.mk - - sed -i -e 's,${STAGING_DIR_HOST},,g' \ - -e 's,".*/configure","configure",g' ${D}${datadir}/apache2/build/config.nice - rm -rf ${D}${localstatedir}/run -} - -SYSROOT_PREPROCESS_FUNCS += "apache_sysroot_preprocess" - -apache_sysroot_preprocess () { - install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - install -d ${SYSROOT_DESTDIR}${sbindir}/ - install -m 755 ${D}${sbindir}/apachectl ${SYSROOT_DESTDIR}${sbindir}/ - sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${BPN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs - sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${HOST_SYS}-libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs - - sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk - sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk - sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk - sed -i 's!^CFLAGS = -I[^ ]*!CFLAGS = -I${STAGING_INCDIR}/openssl!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk - sed -i 's!^EXTRA_LDFLAGS = .*!EXTRA_LDFLAGS = -L${STAGING_LIBDIR}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk - sed -i 's!^EXTRA_INCLUDES = .*!EXTRA_INCLUDES = -I$(includedir) -I. -I${STAGING_INCDIR}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk - sed -i 's!--sysroot=[^ ]*!--sysroot=${STAGING_DIR_HOST}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk -} - -# -# implications - used by update-rc.d scripts -# -INITSCRIPT_NAME = "apache2" -INITSCRIPT_PARAMS = "defaults 91 20" -LEAD_SONAME = "libapr-1.so.0" - -PACKAGES = "${PN}-scripts ${PN}-doc ${PN}-dev ${PN}-dbg ${PN}" - -CONFFILES_${PN} = "${sysconfdir}/${BPN}/httpd.conf \ - ${sysconfdir}/${BPN}/magic \ - ${sysconfdir}/${BPN}/mime.types \ - ${sysconfdir}/init.d/${BPN} " - -# we override here rather than append so that .so links are -# included in the runtime package rather than here (-dev) -# and to get build, icons, error into the -dev package -FILES_${PN}-dev = "${datadir}/${BPN}/build \ - ${datadir}/${BPN}/icons \ - ${datadir}/${BPN}/error \ - ${bindir}/apr-config ${bindir}/apu-config \ - ${libdir}/apr*.exp \ - ${includedir}/${BPN} \ - ${libdir}/*.la \ - ${libdir}/*.a \ - ${bindir}/apxs \ - " - - -# manual to manual -FILES_${PN}-doc += " ${datadir}/${BPN}/manual" - -FILES_${PN}-scripts += "${bindir}/dbmmanage" - -# -# override this too - here is the default, less datadir -# -FILES_${PN} = "${bindir} ${sbindir} ${libexecdir} ${libdir}/lib*.so.* ${sysconfdir} \ - ${sharedstatedir} ${localstatedir} /bin /sbin /lib/*.so* \ - ${libdir}/${BPN}" - -# we want htdocs and cgi-bin to go with the binary -FILES_${PN} += "${datadir}/${BPN}/htdocs ${datadir}/${BPN}/cgi-bin" - -#make sure the lone .so links also get wrapped in the base package -FILES_${PN} += "${libdir}/lib*.so ${libdir}/pkgconfig/*" - -FILES_${PN}-dbg += "${libdir}/${BPN}/modules/.debug" - -RDEPENDS_${PN} += "openssl libgcc" -RDEPENDS_${PN}-scripts += "perl ${PN}" -RDEPENDS_${PN}-dev = "perl" - -FILES_${PN} += "${libdir}/cgi-bin" -FILES_${PN} += "${datadir}/${BPN}/" diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb new file mode 100644 index 0000000000..a87e3847f3 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb @@ -0,0 +1,200 @@ +DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ +extensible web server." +SUMMARY = "Apache HTTP Server" +HOMEPAGE = "http://httpd.apache.org/" +DEPENDS = "libtool-native apache2-native openssl expat pcre apr apr-util" +SECTION = "net" +LICENSE = "Apache-2.0" + +SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ + file://server-makefile.patch \ + file://httpd-2.4.1-corelimit.patch \ + file://httpd-2.4.4-export.patch \ + file://httpd-2.4.1-selinux.patch \ + file://apache-configure_perlbin.patch \ + file://replace-lynx-to-curl-in-apachectl-script.patch \ + file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \ + file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ + file://configure-allow-to-disable-selinux-support.patch \ + file://CVE-2018-11763.patch \ + file://init \ + file://apache2-volatile.conf \ + file://apache2.service \ + file://volatiles.04_apache2 \ + " + +LIC_FILES_CHKSUM = "file://LICENSE;md5=d52d0fd0bc788f068e647116c01ddfcd" +SRC_URI[md5sum] = "818adca52f3be187fe45d6822755be95" +SRC_URI[sha256sum] = "fa53c95631febb08a9de41fd2864cfff815cf62d9306723ab0d4b8d7aa1638f0" + +S = "${WORKDIR}/httpd-${PV}" + +inherit autotools update-rc.d pkgconfig systemd update-alternatives + +ALTERNATIVE_${PN}-doc = "htpasswd.1" +ALTERNATIVE_LINK_NAME[htpasswd.1] = "${mandir}/man1/htpasswd.1" + +SYSTEMD_SERVICE_${PN} = "apache2.service" +SYSTEMD_AUTO_ENABLE_${PN} = "disable" + +SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" + +CFLAGS_append = " -DPATH_MAX=4096" +CFLAGS_prepend = "-I${STAGING_INCDIR}/openssl " +EXTRA_OECONF = "--enable-ssl \ + --with-ssl=${STAGING_LIBDIR}/.. \ + --with-expat=${STAGING_LIBDIR}/.. \ + --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ + --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ + --enable-info \ + --enable-rewrite \ + --with-dbm=sdbm \ + --with-berkeley-db=no \ + --localstatedir=/var/${BPN} \ + --with-gdbm=no \ + --with-ndbm=no \ + --includedir=${includedir}/${BPN} \ + --datadir=${datadir}/${BPN} \ + --sysconfdir=${sysconfdir}/${BPN} \ + --libexecdir=${libdir}/${BPN}/modules \ + ap_cv_void_ptr_lt_long=no \ + --enable-mpms-shared \ + ac_cv_have_threadsafe_pollset=no \ + --enable-layout=Debian \ + --prefix=${base_prefix}/" + +PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux" +PACKAGECONFIG[openldap] = "--enable-ldap --enable-authnz-ldap,--disable-ldap --disable-authnz-ldap,openldap" +PACKAGECONFIG[zlib] = "--enable-deflate --with-z=${STAGING_LIBDIR},,zlib,zlib" + +do_configure_prepend() { + sed -i -e 's:$''{prefix}/usr/lib/cgi-bin:$''{libdir}/cgi-bin:g' ${S}/config.layout +} + +do_install_append() { + install -d ${D}/${sysconfdir}/init.d + cat ${WORKDIR}/init | \ + sed -e 's,/usr/sbin/,${sbindir}/,g' \ + -e 's,/usr/bin/,${bindir}/,g' \ + -e 's,/usr/lib,${libdir}/,g' \ + -e 's,/etc/,${sysconfdir}/,g' \ + -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${BPN} + chmod 755 ${D}/${sysconfdir}/init.d/${BPN} + # remove the goofy original files... + rm -rf ${D}/${sysconfdir}/${BPN}/original + # Expat should be found in the staging area via DEPENDS... + rm -f ${D}/${libdir}/libexpat.* + + install -d ${D}${sysconfdir}/${BPN}/conf.d + install -d ${D}${sysconfdir}/${BPN}/modules.d + + # Ensure configuration file pulls in conf.d and modules.d + printf "\nIncludeOptional ${sysconfdir}/${BPN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.load" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + # match with that is in init script + printf "\nPidFile /run/httpd.pid" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + # Set 'ServerName' to fix error messages when restart apache service + sed -i 's/^#ServerName www.example.com/ServerName localhost/' ${D}/${sysconfdir}/${BPN}/httpd.conf + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d/ + install -m 0644 ${WORKDIR}/apache2-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ + elif ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${WORKDIR}/volatiles.04_apache2 ${D}${sysconfdir}/default/volatiles/04_apache2 + fi + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/apache2.service ${D}${systemd_unitdir}/system + sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/apache2.service + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' ${D}${systemd_unitdir}/system/apache2.service + + chown -R root:root ${D} +} + +do_install_append_class-target() { + sed -i -e 's,${STAGING_DIR_HOST},,g' \ + -e 's,APU_INCLUDEDIR = .*,APU_INCLUDEDIR = ,g' \ + -e 's,APU_CONFIG = .*,APU_CONFIG = ,g' ${D}${datadir}/apache2/build/config_vars.mk + + sed -i -e 's,${STAGING_DIR_HOST},,g' \ + -e 's,".*/configure","configure",g' ${D}${datadir}/apache2/build/config.nice + rm -rf ${D}${localstatedir}/run +} + +SYSROOT_PREPROCESS_FUNCS += "apache_sysroot_preprocess" + +apache_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -d ${SYSROOT_DESTDIR}${sbindir}/ + install -m 755 ${D}${sbindir}/apachectl ${SYSROOT_DESTDIR}${sbindir}/ + sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${BPN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs + sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${HOST_SYS}-libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs + + sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^CFLAGS = -I[^ ]*!CFLAGS = -I${STAGING_INCDIR}/openssl!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^EXTRA_LDFLAGS = .*!EXTRA_LDFLAGS = -L${STAGING_LIBDIR}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^EXTRA_INCLUDES = .*!EXTRA_INCLUDES = -I$(includedir) -I. -I${STAGING_INCDIR}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!--sysroot=[^ ]*!--sysroot=${STAGING_DIR_HOST}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk +} + +# +# implications - used by update-rc.d scripts +# +INITSCRIPT_NAME = "apache2" +INITSCRIPT_PARAMS = "defaults 91 20" +LEAD_SONAME = "libapr-1.so.0" + +PACKAGES = "${PN}-scripts ${PN}-doc ${PN}-dev ${PN}-dbg ${PN}" + +CONFFILES_${PN} = "${sysconfdir}/${BPN}/httpd.conf \ + ${sysconfdir}/${BPN}/magic \ + ${sysconfdir}/${BPN}/mime.types \ + ${sysconfdir}/init.d/${BPN} " + +# we override here rather than append so that .so links are +# included in the runtime package rather than here (-dev) +# and to get build, icons, error into the -dev package +FILES_${PN}-dev = "${datadir}/${BPN}/build \ + ${datadir}/${BPN}/icons \ + ${datadir}/${BPN}/error \ + ${bindir}/apr-config ${bindir}/apu-config \ + ${libdir}/apr*.exp \ + ${includedir}/${BPN} \ + ${libdir}/*.la \ + ${libdir}/*.a \ + ${bindir}/apxs \ + " + + +# manual to manual +FILES_${PN}-doc += " ${datadir}/${BPN}/manual" + +FILES_${PN}-scripts += "${bindir}/dbmmanage" + +# +# override this too - here is the default, less datadir +# +FILES_${PN} = "${bindir} ${sbindir} ${libexecdir} ${libdir}/lib*.so.* ${sysconfdir} \ + ${sharedstatedir} ${localstatedir} /bin /sbin /lib/*.so* \ + ${libdir}/${BPN}" + +# we want htdocs and cgi-bin to go with the binary +FILES_${PN} += "${datadir}/${BPN}/htdocs ${datadir}/${BPN}/cgi-bin" + +#make sure the lone .so links also get wrapped in the base package +FILES_${PN} += "${libdir}/lib*.so ${libdir}/pkgconfig/*" + +FILES_${PN}-dbg += "${libdir}/${BPN}/modules/.debug" + +RDEPENDS_${PN} += "openssl libgcc" +RDEPENDS_${PN}-scripts += "perl ${PN}" +RDEPENDS_${PN}-dev = "perl" + +FILES_${PN} += "${libdir}/cgi-bin" +FILES_${PN} += "${datadir}/${BPN}/" diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch deleted file mode 100644 index 63096db0a3..0000000000 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch +++ /dev/null @@ -1,52 +0,0 @@ -From d8837756f2a48adcfe5d645c39cf163d96eac76c Mon Sep 17 00:00:00 2001 -From: Koen Kooi -Date: Tue, 17 Jun 2014 09:10:57 +0200 -Subject: [PATCH] configure: use pkg-config for PCRE detection - -Signed-off-by: Koen Kooi -Upstream-Status: pending ---- - configure.in | 27 +++++---------------------- - 1 file changed, 5 insertions(+), 22 deletions(-) - -diff --git a/configure.in b/configure.in -index 864d7c7..da4138e 100644 ---- a/configure.in -+++ b/configure.in -@@ -215,28 +215,11 @@ fi - AC_ARG_WITH(pcre, - APACHE_HELP_STRING(--with-pcre=PATH,Use external PCRE library)) - --AC_PATH_PROG(PCRE_CONFIG, pcre-config, false) --if test -d "$with_pcre" && test -x "$with_pcre/bin/pcre-config"; then -- PCRE_CONFIG=$with_pcre/bin/pcre-config --elif test -x "$with_pcre"; then -- PCRE_CONFIG=$with_pcre --fi -- --if test "$PCRE_CONFIG" != "false"; then -- if $PCRE_CONFIG --version >/dev/null 2>&1; then :; else -- AC_MSG_ERROR([Did not find pcre-config script at $PCRE_CONFIG]) -- fi -- case `$PCRE_CONFIG --version` in -- [[1-5].*]) -- AC_MSG_ERROR([Need at least pcre version 6.0]) -- ;; -- esac -- AC_MSG_NOTICE([Using external PCRE library from $PCRE_CONFIG]) -- APR_ADDTO(PCRE_INCLUDES, [`$PCRE_CONFIG --cflags`]) -- APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs`]) --else -- AC_MSG_ERROR([pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/]) --fi -+PKG_CHECK_MODULES([PCRE], [libpcre], [ -+ AC_DEFINE([HAVE_PCRE], [1], [Define if you have PCRE library]) -+], [ -+ AC_MSG_ERROR([$PCRE_PKG_ERRORS]) -+]) - APACHE_SUBST(PCRE_LIBS) - - AC_MSG_NOTICE([]) --- -1.9.3 - diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/configure-allow-to-disable-selinux-support.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/configure-allow-to-disable-selinux-support.patch deleted file mode 100644 index 5b5c297077..0000000000 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/configure-allow-to-disable-selinux-support.patch +++ /dev/null @@ -1,40 +0,0 @@ -From d23dd33e373340f6fddf11904839d1a118824401 Mon Sep 17 00:00:00 2001 -From: Wenzong Fan -Date: Mon, 1 Dec 2014 02:08:27 -0500 -Subject: [PATCH] apache2: allow to disable selinux support - -Upstream-Status: Pending - -Signed-off-by: Wenzong Fan ---- - configure.in | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/configure.in b/configure.in -index df94ee5..8c3ab21 100644 ---- a/configure.in -+++ b/configure.in -@@ -466,10 +466,16 @@ getloadavg - dnl confirm that a void pointer is large enough to store a long integer - APACHE_CHECK_VOID_PTR_LEN - --AC_CHECK_LIB(selinux, is_selinux_enabled, [ -- AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) -- APR_ADDTO(AP_LIBS, [-lselinux]) --]) -+# SELinux support -+AC_ARG_ENABLE(selinux,APACHE_HELP_STRING(--enable-selinux,Enable SELinux support [default=auto]), -+ [],[enable_selinux=auto]) -+ -+if test x$enable_selinux != xno; then -+ AC_CHECK_LIB(selinux, is_selinux_enabled, [ -+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) -+ APR_ADDTO(AP_LIBS, [-lselinux]) -+ ]) -+fi - - AC_CACHE_CHECK([for gettid()], ac_cv_gettid, - [AC_TRY_RUN(#define _GNU_SOURCE --- -1.7.9.5 - diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch deleted file mode 100644 index b948753b48..0000000000 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch +++ /dev/null @@ -1,21 +0,0 @@ -Upstream-Status: Pending - -fix following race issue when do parallel install -| mkdir: cannot create directory `/home/mypc/workspace/poky/build_p4080ds_release/tmp/work/ppce500mc-fsl_networking-linux/apache2/2.4.3-r1/image/usr/share/apache2': File exists -... -| mkdir: cannot create directory `/home/mypc/workspace/poky/build_p4080ds_release/tmp/work/ppce500mc-fsl_networking-linux/apache2/2.4.3-r1/image/usr/share/apache2': File exists -| make[1]: *** [install-man] Error 1 -| make[1]: *** Waiting for unfinished jobs.... - --Signed-off-by: Zhenhua Luo ---- httpd-2.4.3/build/mkdir.sh.orig 2013-01-25 03:47:21.565255420 -0600 -+++ httpd-2.4.3/build/mkdir.sh 2013-01-25 03:46:17.833051230 -0600 -@@ -39,7 +39,7 @@ - esac - if test ! -d "$pathcomp"; then - echo "mkdir $pathcomp" 1>&2 -- mkdir "$pathcomp" || errstatus=$? -+ mkdir -p "$pathcomp" || errstatus=$? - fi - pathcomp="$pathcomp/" - done diff --git a/meta-openembedded/meta-webserver/recipes-httpd/hiawatha/hiawatha_10.7.bb b/meta-openembedded/meta-webserver/recipes-httpd/hiawatha/hiawatha_10.7.bb index 4c3ca556bd..d6c449b5db 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/hiawatha/hiawatha_10.7.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/hiawatha/hiawatha_10.7.bb @@ -2,7 +2,7 @@ SUMMARY = "Lightweight secure web server" HOMEPAGE = "http://www.hiawatha-webserver.org" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe" -DEPENDS = "libxml2 libxslt" +DEPENDS = "libxml2 libxslt virtual/crypt" SECTION = "net" @@ -23,7 +23,7 @@ inherit cmake update-rc.d systemd EXTRA_OECMAKE = " -DENABLE_IPV6=OFF \ -DENABLE_CACHE=OFF \ -DENABLE_DEBUG=OFF \ - -DENABLE_SSL=OFF \ + -DENABLE_TLS=OFF \ -DENABLE_TOOLKIT=OFF \ -DENABLE_CHROOT=OFF \ -DENABLE_XSLT=ON \ diff --git a/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx.inc b/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx.inc index e6ae52a09f..24c2cedf5f 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx.inc +++ b/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx.inc @@ -9,7 +9,7 @@ LICENSE = "BSD-2-Clause" SECTION = "net" -DEPENDS = "libpcre zlib openssl" +DEPENDS = "libpcre zlib" SRC_URI = " \ http://nginx.org/download/nginx-${PV}.tar.gz \ @@ -34,7 +34,10 @@ NGINX_USER ?= "www" EXTRA_OECONF = "" DISABLE_STATIC = "" +PACKAGECONFIG ??= "ssl" + PACKAGECONFIG[http2] = "--with-http_v2_module,," +PACKAGECONFIG[ssl] = "--with-http_ssl_module,,openssl" do_configure () { if [ "${SITEINFO_BITS}" = "64" ]; then @@ -71,7 +74,7 @@ do_configure () { --http-scgi-temp-path=/run/nginx/scgi_temp \ --pid-path=/run/nginx/nginx.pid \ --prefix=${prefix} \ - --with-http_ssl_module \ + --with-threads \ --with-http_gzip_static_module \ ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} } diff --git a/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.12.2.bb b/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.12.2.bb deleted file mode 100644 index 85ad29b081..0000000000 --- a/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.12.2.bb +++ /dev/null @@ -1,6 +0,0 @@ -require nginx.inc - -LIC_FILES_CHKSUM = "file://LICENSE;md5=903753de5f86a1ee0341fd2f9491b282" - -SRC_URI[md5sum] = "4d2fc76211435f029271f1cf6d7eeae3" -SRC_URI[sha256sum] = "305f379da1d5fb5aefa79e45c829852ca6983c7cd2a79328f8e084a324cf0416" diff --git a/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.13.9.bb b/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.13.9.bb deleted file mode 100644 index 9234794472..0000000000 --- a/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.13.9.bb +++ /dev/null @@ -1,10 +0,0 @@ -require nginx.inc - -# 1.12.x branch is the current stable branch, the recommended default -# 1.13.x is the current mainline branches containing all new features -DEFAULT_PREFERENCE = "-1" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=3691402cc54ce09f800ca348634a2dfe" - -SRC_URI[md5sum] = "dcd482dd98d2022659212f183e8fe81b" -SRC_URI[sha256sum] = "5faea18857516fe68d30be39c3032bd22ed9cf85e1a6fdf32e3721d96ff7fa42" diff --git a/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.1.bb b/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.1.bb new file mode 100644 index 0000000000..0f1ba8f6b0 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.1.bb @@ -0,0 +1,10 @@ +require nginx.inc + +# 1.14.x branch is the current stable branch, the recommended default +# 1.15.x is the current mainline branches containing all new features +DEFAULT_PREFERENCE = "-1" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3691402cc54ce09f800ca348634a2dfe" + +SRC_URI[md5sum] = "2dd5a265c54a76b699443931d80a61b9" +SRC_URI[sha256sum] = "c7206858d7f832b8ef73a45c9b8f8e436bcb1ee88db2bc85b8e438ecec9d5460" diff --git a/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.2.bb b/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.2.bb new file mode 100644 index 0000000000..3694f5b586 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.2.bb @@ -0,0 +1,6 @@ +require nginx.inc + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3691402cc54ce09f800ca348634a2dfe" + +SRC_URI[md5sum] = "d063f746d3dc4298aed9c518f1684166" +SRC_URI[sha256sum] = "eeba09aecfbe8277ac33a5a2486ec2d6731739f3c1c701b42a0c3784af67ad90" diff --git a/meta-openembedded/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.6.bb b/meta-openembedded/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.6.bb index 16f45ce666..a6b1ff0fc6 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.6.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.6.bb @@ -16,7 +16,7 @@ SRC_URI[sha256sum] = "541494ecfeafec58c0876ccc90cc23b06e0144f6f42029af44c7cdb1f4 TARGET_CC_ARCH += "${LDFLAGS}" -DEPENDS = "openssl groff-native base-passwd" +DEPENDS = "openssl groff-native base-passwd virtual/crypt" inherit update-rc.d diff --git a/meta-openembedded/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb b/meta-openembedded/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb index 37bd7537dd..8632b97f44 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb @@ -4,7 +4,7 @@ HOMEPAGE = "http://opensource.dyc.edu/sthttpd" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://src/thttpd.c;beginline=1;endline=26;md5=0c5762c2c34dcbe9eb18815516502872" -DEPENDS += "base-passwd" +DEPENDS += "base-passwd virtual/crypt" SRC_URI = "https://github.com/blueness/${BPN}/archive/v${PV}.tar.gz;downloadfilename=${BP}.tar.gz \ file://thttpd.service \ @@ -19,7 +19,11 @@ UPSTREAM_CHECK_REGEX = "v(?P\d+(\.\d+)+).tar.gz" S = "${WORKDIR}/sthttpd-${PV}" -inherit autotools update-rc.d systemd +inherit autotools update-rc.d systemd update-alternatives + +ALTERNATIVE_PRIORITY = "100" +ALTERNATIVE_${PN}-doc = "htpasswd.1" +ALTERNATIVE_LINK_NAME[htpasswd.1] = "${mandir}/man1/htpasswd.1" SRV_DIR ?= "${servicedir}/www" -- cgit v1.2.3