Update of /cvsroot/fink/dists/10.7/stable/main/finkinfo/web
In directory vz-cvs-3.sog:/tmp/cvs-serv4050
Modified Files:
apache2.info apache2.patch
Log Message:
* Fix "ambiguous comment in %p/etc/apache2/apache2.conf" by clarifying
contradicting statements. (Closes: #675184)
* Allow colons in filenames when using wildcards with "Include".
Closes: #676610
* Add examples for X-Content-Type-Options and X-Frame-Options to
conf.d/security.
* Fix the VCS dir example in conf.d/security.
* Pick some bug fixes from upstram trunk:
- core/mod_cgi: Fix script logging in error case
- mod_dumpio: Fix possible loop in input filter.
- mod_proxy_ajp: Reduce memory usage in case of many requests on one
connection
* Add TestScript to info file, but can not use it yet I need to split out the
Compile
time commands form the InstalScript first.
* Upped Revision to 7 for personal reasons
* Removed ssl-cert from apache2 builds, will re-add as it's own package
* Removed %p/etc/mime.types and depend on mime-support instead
Index: apache2.info
===================================================================
RCS file: /cvsroot/fink/dists/10.7/stable/main/finkinfo/web/apache2.info,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- apache2.info 12 Jun 2012 16:16:26 -0000 1.3
+++ apache2.info 28 Jun 2012 16:47:58 -0000 1.4
@@ -1,6 +1,6 @@
Package: apache2
Version: 2.2.22
-Revision: 3
+Revision: 7
###
Provides: httpd
BuildDepends: fink (>= 0.32), libaprutil.0-dev, libapr.0-dev, libpcap1,
libpcre1, pkgconfig, openssl, openssl100-dev, openldap24-dev
@@ -10,7 +10,7 @@
Source-MD5: d77fa5af23df96a8af68ea8114fa6ce1
###
PatchFile: %n.patch
-PatchFile-MD5: 3e6d830eb9e18afa937ac87bcc469455
+PatchFile-MD5: af412c7525b5cf433b53a71d6a3b5689
PatchScript: <<
sed -e 's,@FINKPREFIX@,%p,g' %{PatchFile} | patch -p1
@@ -37,6 +37,7 @@
patch -p1 < fink/patches/ab_num_requests.patch
patch -p1 < fink/patches/customize_apxs.patch
patch -p1 < fink/patches/mod_cache_partial_content-2.2.x.patch
+ patch -p1 < fink/patches/upstream_trunk_bugfixes.patch
## decode new icons
for i in %b/fink/icons/*.txt; do cd %b/fink/icons; uudecode < $i; done
@@ -44,10 +45,6 @@
### Force use of awk over gawk
perl -pi -e 's,gawk mawk nawk awk,awk mawk nawk gawk,g' configure
- ### Force system ssl for mod_ssl
-# perl -pi -e 's,-lssl ,-L%p/lib/system-openssl/lib/ -lssl ,g' configure
-# perl -pi -e 's,-export-symbols-regex ssl_module,,g' configure
-
### Fix userdir example to use defult OS X Setup
perl -pi -e 's,\/home\/,\/Users\/,g' docs/conf/extra/httpd-userdir.conf.in
perl -pi -e 's,public_html,Sites,g' docs/conf/extra/httpd-userdir.conf.in
@@ -154,7 +151,7 @@
mkdir -p %i/share/apache2/build;
mv %b/fink/worker/support/envvars-std %i/share/apache2/build;
chmod +x %i/share/apache2/build/envvars-std;
-mv %i/etc/apache2/mime.types %i/etc/mime.types;
+rm -f %i/etc/apache2/mime.types;
rm -rf %i/include-event;
rm -rf %i/share/apache2/build-event;
rm -rf %i/sbin/apxs2-event;
@@ -177,11 +174,6 @@
# fink html manual
grep -rl apachectl %i/share/doc/apache2-doc/manual | xargs perl -pi -e
's/apachectl(?!\.html)/apache2ctl/g'
-# ssl stuff
-mkdir -p %i/share/ssl-cert
-cp %b/fink/ssleay.cnf %i/share/ssl-cert/ssleay.cnf
-install -m 755 %b/fink/ssl-certificate %i/sbin/make-ssl-cert
-
# This is needed to apache and apache2 and co-exist
mkdir -p %i/etc/apache2/mods-available
mkdir -p %i/etc/apache2/mods-enabled
@@ -266,28 +258,9 @@
mkdir -p %i/etc/bash_completion.d
install -m755 %b/fink/bash_completion %i/etc/bash_completion.d/apache2
<<
+### Can't set this up yet, need to split Compile stuff from the InstallScript
+#InfoTest: TestScript: make check || exit 2
###
-SplitOff: <<
- Package: ssl-cert
- Depends: openssl
- Description: Simple wrapper for OpenSSL
- DescDetail: <<
-This package enables unattended installs of packages that need to create SSL
-certificates.
-
-It is a simple wrapper for OpenSSL's certificate request utility that feeds it
-with the correct user variables.
- <<
- DocFiles: LICENSE
- ConfFiles: <<
- %p/share/ssl-cert/ssleay.cnf
- <<
- Files: <<
- share/ssl-cert
- share/man/man8/make-ssl-cert.8
- sbin/make-ssl-cert
- <<
-<<
SplitOff2: <<
Package: %N-suexec
Depends: %N.2-common (= %v-%r)
@@ -386,7 +359,8 @@
<<
SplitOff6: <<
Package: %N.2-common
- Depends: %N-utils (= %v-%r), %N.2-bin (= %v-%r), daemonic, logrotate,
ssl-cert
+ Depends: %N-utils (= %v-%r), %N.2-bin (= %v-%r), daemonic, logrotate,
mime-support
+ Recommends: ssl-cert
RuntimeDepends: debianutils, bash-completion, file, lynx
ConfFiles: <<
%p/etc/apache2/mods-available/actions.conf
@@ -490,7 +464,6 @@
%p/etc/apache2/sites-available/default-ssl
%p/etc/bash_completion.d/apache2
%p/etc/logrotate.d/apache2
- %p/etc/mime.types
<<
Files: <<
etc/apache2/apache2.conf
@@ -502,7 +475,6 @@
etc/apache2/sites-available
etc/bash_completion.d
etc/logrotate.d
- etc/mime.types
var
lib/cgi-bin
share/apache2
Index: apache2.patch
===================================================================
RCS file: /cvsroot/fink/dists/10.7/stable/main/finkinfo/web/apache2.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- apache2.patch 12 Jun 2012 16:16:26 -0000 1.3
+++ apache2.patch 28 Jun 2012 16:47:58 -0000 1.4
@@ -2399,8 +2399,8 @@
+This is a place holder package that makes depending on apache2 easier, this
file is just so the package will install.
diff -ruN httpd-2.2.22.orig/fink/config-dir/apache2.conf
httpd-2.2.22/fink/config-dir/apache2.conf
--- httpd-2.2.22.orig/fink/config-dir/apache2.conf 1969-12-31
17:00:00.000000000 -0700
-+++ httpd-2.2.22/fink/config-dir/apache2.conf 2012-06-12 09:05:26.000000000
-0600
-@@ -0,0 +1,261 @@
++++ httpd-2.2.22/fink/config-dir/apache2.conf 2012-06-21 08:42:40.000000000
-0600
+@@ -0,0 +1,266 @@
+# This is the main Apache server configuration file. It contains the
+# configuration directives that give the server its instructions.
+# See http://httpd.apache.org/docs/2.2/ for detailed information about
@@ -2436,9 +2436,13 @@
+# In order to avoid conflicts with backup files, the Include directive is
+# adapted to ignore files that:
+# - do not begin with a letter or number
-+# - contain a character that is neither letter nor number nor _-.
++# - contain a character that is neither letter nor number nor _-:.
+# - contain .dpkg
+#
++# Yet we strongly suggest that all configuration files either end with a
++# .conf or .load suffix in the file name. The next Fink release will
++# ignore files not ending with .conf.
++#
+# * ports.conf is always included from the main configuration file. It is
+# supposed to determine listening ports for incoming connections, and which
+# of these ports are used for name based virtual hosts.
@@ -2455,7 +2459,8 @@
+# * Configuration files in the conf.d directory are either provided by other
+# packages or may be added by the local administrator. Local additions
+# should start with local- or end with .local or .local.conf to avoid name
-+# clashes. All files in conf.d are included
++# clashes. All files in conf.d are considered (excluding the exceptions
noted
++# above) by the Apache 2 web server.
+#
+# * The binary is called apache2. Due to the use of environment variables, in
+# the default configuration, apache2 needs to be started/stopped with
@@ -2763,8 +2768,8 @@
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
diff -ruN httpd-2.2.22.orig/fink/config-dir/conf.d/security
httpd-2.2.22/fink/config-dir/conf.d/security
--- httpd-2.2.22.orig/fink/config-dir/conf.d/security 1969-12-31
17:00:00.000000000 -0700
-+++ httpd-2.2.22/fink/config-dir/conf.d/security 2012-06-12
09:06:07.000000000 -0600
-@@ -0,0 +1,61 @@
++++ httpd-2.2.22/fink/config-dir/conf.d/security 2012-06-21
08:43:52.000000000 -0600
+@@ -0,0 +1,75 @@
+#
+# Disable access to the entire file system except for the directories that
+# are explicitly allowed later.
@@ -2823,9 +2828,23 @@
+# probably deny access to their directories. For example, for subversion:
+#
+#<DirectoryMatch "/\.svn">
-+# Require all denied
++# Deny from all
++# Satisfy all
+#</DirectoryMatch>
+
++#
++# Setting this header will prevent MSIE from interpreting files as something
++# else than declared by the content type in the HTTP headers.
++# Requires mod_headers to be enabled.
++#
++#Header set X-Content-Type-Options: "nosniff"
++
++#
++# Setting this header will prevent other sites from embedding pages from this
++# site as frames. This defends against clickjacking attacks.
++# Requires mod_headers to be enabled.
++#
++#Header set X-Frame-Options: "sameorigin"
diff -ruN httpd-2.2.22.orig/fink/config-dir/envvars
httpd-2.2.22/fink/config-dir/envvars
--- httpd-2.2.22.orig/fink/config-dir/envvars 1969-12-31 17:00:00.000000000
-0700
+++ httpd-2.2.22/fink/config-dir/envvars 2012-06-12 08:46:21.000000000
-0600
@@ -6720,7 +6739,7 @@
+ entries++;
diff -ruN httpd-2.2.22.orig/fink/patches/make_include_safe.patch
httpd-2.2.22/fink/patches/make_include_safe.patch
--- httpd-2.2.22.orig/fink/patches/make_include_safe.patch 1969-12-31
17:00:00.000000000 -0700
-+++ httpd-2.2.22/fink/patches/make_include_safe.patch 2012-06-12
08:46:21.000000000 -0600
++++ httpd-2.2.22/fink/patches/make_include_safe.patch 2012-06-21
08:45:18.000000000 -0600
@@ -0,0 +1,66 @@
+## 008_make_include_safe by Adam Conrad <adcon...@0c3.net>
+##
@@ -6752,7 +6771,7 @@
++
++
++ while (*c) {
-++ if (!apr_isalnum(*c) && *c!='_' && *c!='-' && *c!='.') {
+++ if (!apr_isalnum(*c) && *c!='_' && *c!='-' && *c!='.' && *c!=':') {
++ return 0;
++ }
++ ++c;
@@ -7588,6 +7607,96 @@
+ }
+
+ /*
+diff -ruN httpd-2.2.22.orig/fink/patches/upstream_trunk_bugfixes.patch
httpd-2.2.22/fink/patches/upstream_trunk_bugfixes.patch
+--- httpd-2.2.22.orig/fink/patches/upstream_trunk_bugfixes.patch
1969-12-31 17:00:00.000000000 -0700
++++ httpd-2.2.22/fink/patches/upstream_trunk_bugfixes.patch 2012-06-21
08:47:01.000000000 -0600
+@@ -0,0 +1,86 @@
++ * core: NUL-terminate string returned by ap_scan_script_header_err*()
++ in error case.
++ http://svn.apache.org/viewvc?rev=1244211&view=rev
++
++ * mod_dumpio: Return an error code from a previous input filter
++ http://svn.apache.org/viewvc?rev=1301111&view=rev
++
++ * mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on
++ one connection. PR 52275
++ http://svn.apache.org/viewvc?rev=1334343&view=rev
++
++Index: apache2/server/util_script.c
++===================================================================
++--- apache2.orig/server/util_script.c 2012-06-10 02:14:52.377223678 +0200
+++++ apache2/server/util_script.c 2012-06-10 10:14:22.732175142 +0200
++@@ -636,6 +636,7 @@
++ rv = apr_bucket_read(e, &bucket_data, &bucket_data_len,
++ APR_BLOCK_READ);
++ if (rv != APR_SUCCESS || (bucket_data_len == 0)) {
+++ *dst = '\0';
++ return APR_STATUS_IS_TIMEUP(rv) ? -1 : 0;
++ }
++ src = bucket_data;
++@@ -681,8 +682,10 @@
++ const char *p;
++ int t;
++
++- if (!strs->curpos || !*strs->curpos)
+++ if (!strs->curpos || !*strs->curpos) {
+++ w[0] = '\0';
++ return 0;
+++ }
++ p = ap_strchr_c(strs->curpos, '\n');
++ if (p)
++ ++p;
++Index: apache2/modules/debug/mod_dumpio.c
++===================================================================
++--- apache2.orig/modules/debug/mod_dumpio.c 2012-06-10 02:14:52.313223681
+0200
+++++ apache2/modules/debug/mod_dumpio.c 2012-06-10 10:17:21.276179524
+0200
++@@ -126,6 +126,7 @@
++ } else {
++ ap_log_error(APLOG_MARK, ptr->loglevel, 0, c->base_server,
++ "mod_dumpio: %s - %d", f->frec->name, ret) ;
+++ return ret;
++ }
++
++ return APR_SUCCESS ;
++Index: apache2/modules/proxy/mod_proxy_ajp.c
++===================================================================
++--- apache2.orig/modules/proxy/mod_proxy_ajp.c 2012-06-10
02:14:52.345223680 +0200
+++++ apache2/modules/proxy/mod_proxy_ajp.c 2012-06-10 10:25:26.588191425
+0200
++@@ -654,30 +654,16 @@
++ int retry;
++ proxy_dir_conf *dconf = ap_get_module_config(r->per_dir_config,
++ &proxy_module);
++-
++- /*
++- * Note: Memory pool allocation.
++- * A downstream keepalive connection is always connected to the existence
++- * (or not) of an upstream keepalive connection. If this is not done then
++- * load balancing against multiple backend servers breaks (one backend
++- * server ends up taking 100% of the load), and the risk is run of
++- * downstream keepalive connections being kept open unnecessarily. This
++- * keeps webservers busy and ties up resources.
++- *
++- * As a result, we allocate all sockets out of the upstream connection
++- * pool, and when we want to reuse a socket, we check first whether the
++- * connection ID of the current upstream connection is the same as that
++- * of the connection when the socket was opened.
++- */
++- apr_pool_t *p = r->connection->pool;
++- apr_uri_t *uri = apr_palloc(r->connection->pool, sizeof(*uri));
++-
+++ apr_pool_t *p = r->pool;
+++ apr_uri_t *uri;
++
++ if (strncasecmp(url, "ajp:", 4) != 0) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
++ "proxy: AJP: declining URL %s", url);
++ return DECLINED;
++ }
+++
+++ uri = apr_palloc(p, sizeof(*uri));
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
++ "proxy: AJP: serving URL %s", url);
++
diff -ruN httpd-2.2.22.orig/fink/patches/usr_bin_perl_0wnz.patch
httpd-2.2.22/fink/patches/usr_bin_perl_0wnz.patch
--- httpd-2.2.22.orig/fink/patches/usr_bin_perl_0wnz.patch 1969-12-31
17:00:00.000000000 -0700
+++ httpd-2.2.22/fink/patches/usr_bin_perl_0wnz.patch 2012-06-12
08:46:21.000000000 -0600
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Fink-commits mailing list
Fink-commits@lists.sourceforge.net
http://news.gmane.org/gmane.os.apple.fink.cvs
