Hello community, here is the log from the commit of package apache2 for openSUSE:Factory checked in at 2013-07-30 18:37:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apache2 (Old) and /work/SRC/openSUSE:Factory/.apache2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2" Changes: -------- --- /work/SRC/openSUSE:Factory/apache2/apache2.changes 2013-07-02 12:20:14.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.apache2.new/apache2.changes 2013-07-30 18:37:16.000000000 +0200 @@ -1,0 +2,39 @@ +Mon Jul 29 19:53:48 UTC 2013 - crrodrig...@opensuse.org + +- provide and obsolete mod_macro +- upgrade: some people complain that log_config module + is not enabled by default sometimes, fix that. +- upgrade : "SSLMutex" no longer exists. +- Toogle EnableSendfile on because now apache defaults to off + due to kernel bugs. that's a silly thing to do here + as kernel bugs have to be fixed at their source, not worked around + in applications. + +------------------------------------------------------------------- +Mon Jul 22 21:57:40 UTC 2013 - crrodrig...@opensuse.org + +- httpd-event-ssl.patch: from upstream + Lift the restriction that prevents mod_ssl taking + full advantage of the event MPM. + +------------------------------------------------------------------- +Mon Jul 22 16:44:22 UTC 2013 - crrodrig...@opensuse.org + +- Update to version 2.4.6 +* SECURITY: CVE-2013-1896 (cve.mitre.org) +* SECURITY: CVE-2013-2249 (cve.mitre.org) +* Major updates to mod_lua +* Support for proxying websocket requests +* Higher performant shm-based cache implementation +* Addition of mod_macro for easier configuration management +* As well as several exciting fixes, especially those related to RFC edge + cases in mod_cache and mod_proxy. + +- IMPORTANT : With the current packaging scheme, we can no longer +Include the ITK MPM, therefore it has been disabled. This is because +this MPM can now only be provided as a loadable module but we do +not currently build MPMs as shared modules but as independant +binaries and all helpers/startup scripts depend on that behaviour. +It will be fixed in the upcoming weeks/months. + +------------------------------------------------------------------- Old: ---- apache2.4-mpm-itk-2.4.2-01.patch httpd-2.2.19-linux3.patch httpd-2.4.4.tar.bz2 New: ---- httpd-2.4.6.tar.bz2 httpd-event-ssl.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache2.spec ++++++ --- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200 +++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200 @@ -54,7 +54,7 @@ %{!?prefork:%define prefork 1} %{!?worker:%define worker 1} %{!?event:%define event 1} -%{!?itk:%define itk 1} +%{!?itk:%define itk 0} %define mpms_to_build %(test %prefork = 1 && printf prefork) %(test %worker = 1 && printf worker) %(test %event = 1 && printf event) %(test %itk = 1 && printf itk) # dir names %define datadir /srv/www @@ -81,8 +81,8 @@ # "Server:" header %define VENDOR SUSE %define platform_string Linux/%VENDOR -%define realver 2.4.4 -Version: 2.4.4 +%define realver 2.4.6 +Version: 2.4.6 Release: 0 #Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2 Source0: httpd-%{realver}.tar.bz2 @@ -146,13 +146,12 @@ Patch68: httpd-2.x.x-logresolve.patch Patch69: httpd-2.2.x-bnc690734.patch Patch70: apache2-implicit-pointer-decl.patch -Patch100: apache2.4-mpm-itk-2.4.2-01.patch -Patch101: httpd-2.2.19-linux3.patch # PATCH-FEATURE-UPSTREAM apache2-mod_ssl_npn.patch dims...@opensuse.org -- Add npn support to mod_ssl (needed for spdy) #Patch108: apache2-mod_ssl_npn.patch #Provides: apache2(mod_ssl+npn) # PATCH-FEATURE-UPSTREAM httpd-2.4.3-mod_systemd.patch crrodrig...@opensuse.org simple module provides systemd integration. Patch109: httpd-2.4.3-mod_systemd.patch +Patch110: http://people.apache.org/~minfrin/httpd-event-ssl.patch Url: http://httpd.apache.org/ Icon: Apache.xpm Summary: The Apache Web Server Version 2.2 @@ -162,6 +161,8 @@ Provides: http_daemon Provides: httpd Provides: suse_help_viewer +Provides: %{name}-mod_macro = %{version} +Obsoletes: %{name}-mod_macro <= 1.2.1 Requires: %{pname}-MPM Requires: /etc/mime.types PreReq: %{name}-utils @@ -365,18 +366,16 @@ # %setup -q -n httpd-%{realver} %patch2 -p1 -%patch23 +%patch23 -p1 #%patch65 -p1 -%patch66 +%patch66 -p1 %patch67 -p1 %patch68 -p1 #%patch69 %patch70 -p1 -%patch100 -p1 -%patch101 #%patch108 -p1 %patch109 -p1 -# +%patch110 cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE # install READMEs ++++++ apache-20-22-upgrade ++++++ --- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200 +++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200 @@ -75,4 +75,8 @@ a2enmod authn_core fi +if ! a2enmod -q log_config; then + a2enmod log_config +fi + echo 'Done.' ++++++ apache2-implicit-pointer-decl.patch ++++++ --- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200 +++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200 @@ -1,5 +1,5 @@ ---- httpd-2.4.4.orig/server/request.c -+++ httpd-2.4.4/server/request.c +--- httpd-2.4.6.orig/server/request.c ++++ httpd-2.4.6/server/request.c @@ -46,10 +46,13 @@ #include "util_script.h" #include "ap_expr.h" @@ -15,8 +15,8 @@ #if APR_HAVE_STDARG_H #include <stdarg.h> #endif ---- httpd-2.4.4.orig/server/config.c -+++ httpd-2.4.4/server/config.c +--- httpd-2.4.6.orig/server/config.c ++++ httpd-2.4.6/server/config.c @@ -48,10 +48,14 @@ #include "http_request.h" /* for default_handler (see invoke_handler) */ #include "http_main.h" ++++++ apache2-server-tuning.conf ++++++ --- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200 +++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200 @@ -114,7 +114,7 @@ # filesystems. Please see # http://httpd.apache.org/docs-2.2/mod/core.html#enablesendfile # -#EnableSendfile off +EnableSendfile on <IfModule mod_setenvif.c> # ++++++ apache2-ssl-global.conf ++++++ --- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200 +++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200 @@ -48,10 +48,6 @@ SSLSessionCache shmcb:/var/lib/apache2/ssl_scache(512000) SSLSessionCacheTimeout 300 - # Semaphore: - # Configure the path to the mutual exclusion semaphore the - # SSL engine uses internally for inter-process synchronization. - SSLMutex "file:/var/lib/apache2/ssl_mutex" # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the ++++++ httpd-2.0.54-envvars.dif ++++++ --- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200 +++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200 @@ -1,5 +1,5 @@ ---- support/envvars-std.in.orig -+++ support/envvars-std.in +--- httpd-2.4.6.orig/support/envvars-std.in ++++ httpd-2.4.6/support/envvars-std.in @@ -18,11 +18,9 @@ # # This file is generated from envvars-std.in ++++++ httpd-2.1.3alpha-layout.dif ++++++ --- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200 +++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200 @@ -1,6 +1,6 @@ ---- httpd-2.1.3-alpha.orig/config.layout -+++ httpd-2.1.3-alpha/config.layout -@@ -202,6 +202,54 @@ +--- httpd-2.4.6.orig/config.layout ++++ httpd-2.4.6/config.layout +@@ -178,6 +178,54 @@ proxycachedir: /var/cache/httpd </Layout> ++++++ httpd-2.1.9-apachectl.dif ++++++ --- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200 +++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200 @@ -1,5 +1,5 @@ ---- support/apachectl.in.orig -+++ support/apachectl.in +--- httpd-2.4.6.orig/support/apachectl.in ++++ httpd-2.4.6/support/apachectl.in @@ -42,17 +42,32 @@ ARGV="$@" # -------------------- -------------------- # ++++++ httpd-2.2.0-apxs-a2enmod.dif ++++++ --- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:18.000000000 +0200 +++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:18.000000000 +0200 @@ -1,8 +1,6 @@ -Index: httpd-2.2.16/support/apxs.in -=================================================================== ---- httpd-2.2.16.orig/support/apxs.in -+++ httpd-2.2.16/support/apxs.in -@@ -526,108 +526,14 @@ if ($opt_i or $opt_e) { +--- httpd-2.4.6.orig/support/apxs.in ++++ httpd-2.4.6/support/apxs.in +@@ -550,108 +550,14 @@ if ($opt_i or $opt_e) { # activate module via LoadModule/AddModule directive if ($opt_a or $opt_A) { ++++++ httpd-2.4.4.tar.bz2 -> httpd-2.4.6.tar.bz2 ++++++ ++++ 51743 lines of diff (skipped) ++++++ httpd-2.x.x-logresolve.patch ++++++ --- /var/tmp/diff_new_pack.53kTBm/_old 2013-07-30 18:37:21.000000000 +0200 +++ /var/tmp/diff_new_pack.53kTBm/_new 2013-07-30 18:37:21.000000000 +0200 @@ -1,7 +1,6 @@ -diff -Naur ../httpd-2.2.4.orig/support/logresolve.pl.in ./support/logresolve.pl.in ---- ../httpd-2.2.4.orig/support/logresolve.pl.in 2006-07-12 05:38:44.000000000 +0200 -+++ ./support/logresolve.pl.in 2007-10-23 13:59:27.000000000 +0200 -@@ -57,6 +57,7 @@ +--- httpd-2.4.6.orig/support/logresolve.pl.in ++++ httpd-2.4.6/support/logresolve.pl.in +@@ -57,6 +57,7 @@ $|=1; use FileHandle; use Socket; @@ -9,7 +8,7 @@ use strict; no strict 'refs'; -@@ -71,11 +72,13 @@ +@@ -71,11 +72,13 @@ my $filename; my %hash = (); my $parent = $$; @@ -24,7 +23,7 @@ if (-e $filename) { unlink($filename) || warn "$filename .. $!\n";} &child($child); exit(0); -@@ -91,9 +94,9 @@ +@@ -91,9 +94,9 @@ sub cleanup { # die kiddies, die kill(15, @children); for (my $child = 1; $child <=$CHILDREN; $child++) { @@ -37,7 +36,7 @@ } } } -@@ -113,7 +116,7 @@ +@@ -113,7 +116,7 @@ sub parent { if (!socket($CHILDSOCK{$child}, AF_UNIX, SOCK_STREAM, $PROTOCOL)) { warn "parent socket to child failed $!"; } @@ -46,7 +45,7 @@ my $response; do { $response = connect($CHILDSOCK{$child}, sockaddr_un($filename)); -@@ -176,7 +179,7 @@ +@@ -176,7 +179,7 @@ sub child { # create a socket to communicate with parent socket(INBOUND, AF_UNIX, SOCK_STREAM, $PROTOCOL) || die "Error with Socket: !$\n"; ++++++ httpd-event-ssl.patch ++++++ --- include/httpd.h.orig +++ include/httpd.h @@ -1175,12 +1175,20 @@ typedef enum { CONN_STATE_LINGER_SHORT /* MPM has started lingering close with short timeout */ } conn_state_e; +typedef enum { + CONN_SENSE_DEFAULT, + CONN_SENSE_WANT_READ, /* next event must be read */ + CONN_SENSE_WANT_WRITE /* next event must be write */ +} conn_sense_e; + /** * @brief A structure to contain connection state information */ struct conn_state_t { /** Current state of the connection */ conn_state_e state; + /** Whether to read instead of write, or write instead of read */ + conn_sense_e sense; }; /* Per-vhost config... */ --- modules/ssl/ssl_engine_io.c.orig +++ modules/ssl/ssl_engine_io.c @@ -775,6 +775,18 @@ static apr_status_t ssl_filter_write(ap_ */ outctx->rc = APR_EAGAIN; } + else if (ssl_err == SSL_ERROR_WANT_READ) { + /* + * If OpenSSL wants to read during write, and we were + * nonblocking, set the sense explicitly to read and + * report as an EAGAIN. + * + * (This is usually the case when the client forces an SSL + * renegotiation which is handled implicitly by OpenSSL.) + */ + outctx->c->cs->sense = CONN_SENSE_WANT_READ; + outctx->rc = APR_EAGAIN; + } else if (ssl_err == SSL_ERROR_SYSCALL) { ap_log_cerror(APLOG_MARK, APLOG_INFO, outctx->rc, c, APLOGNO(01993) "SSL output filter write failed."); @@ -1902,8 +1914,10 @@ void ssl_io_filter_init(conn_rec *c, req filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method); filter_ctx->pbioWrite->ptr = (void *)bio_filter_out_ctx_new(filter_ctx, c); - /* We insert a clogging input filter. Let the core know. */ - c->clogging_input_filters = 1; + /* write is non blocking for the benefit of async mpm */ + if (c->cs) { + BIO_set_nbio(filter_ctx->pbioWrite, 1); + } ssl_io_input_add_filter(filter_ctx, c, r, ssl); --- server/mpm/event/event.c.orig +++ server/mpm/event/event.c @@ -790,7 +790,10 @@ static int start_lingering_close_common( apr_atomic_inc32(&lingering_count); apr_thread_mutex_lock(timeout_mutex); TO_QUEUE_APPEND(*q, cs); - cs->pfd.reqevents = APR_POLLIN | APR_POLLHUP | APR_POLLERR; + cs->pfd.reqevents = ( + cs->pub.sense == CONN_SENSE_WANT_WRITE ? APR_POLLOUT : + APR_POLLIN) | APR_POLLHUP | APR_POLLERR; + cs->pub.sense = CONN_SENSE_DEFAULT; rv = apr_pollset_add(event_pollset, &cs->pfd); apr_thread_mutex_unlock(timeout_mutex); if (rv != APR_SUCCESS && !APR_STATUS_IS_EEXIST(rv)) { @@ -938,6 +941,7 @@ static void process_socket(apr_thread_t */ cs->pub.state = CONN_STATE_READ_REQUEST_LINE; + cs->pub.sense = CONN_SENSE_DEFAULT; } else { c = cs->c; @@ -946,9 +950,11 @@ static void process_socket(apr_thread_t } if (c->clogging_input_filters && !c->aborted) { - /* Since we have an input filter which 'cloggs' the input stream, - * like mod_ssl, lets just do the normal read from input filters, - * like the Worker MPM does. + /* Since we have an input filter which 'clogs' the input stream, + * like mod_ssl used to, lets just do the normal read from input + * filters, like the Worker MPM does. Filters that need to write + * where they would otherwise read, or read where they would + * otherwise write, should set the sense appropriately. */ apr_atomic_inc32(&clogged_count); ap_run_process_connection(c); @@ -994,7 +1000,10 @@ read_request: cs->expiration_time = ap_server_conf->timeout + apr_time_now(); apr_thread_mutex_lock(timeout_mutex); TO_QUEUE_APPEND(write_completion_q, cs); - cs->pfd.reqevents = APR_POLLOUT | APR_POLLHUP | APR_POLLERR; + cs->pfd.reqevents = ( + cs->pub.sense == CONN_SENSE_WANT_READ ? APR_POLLIN : + APR_POLLOUT) | APR_POLLHUP | APR_POLLERR; + cs->pub.sense = CONN_SENSE_DEFAULT; rc = apr_pollset_add(event_pollset, &cs->pfd); apr_thread_mutex_unlock(timeout_mutex); return; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org