diff options
author | Fathi Boudra <fathi.boudra@linaro.org> | 2014-06-17 19:30:24 +0000 |
---|---|---|
committer | Linaro Code Review <review@review.linaro.org> | 2014-06-17 19:30:24 +0000 |
commit | 30ec2e7608e8f45ccf4da0f2608fafd7661f1b92 (patch) | |
tree | 4906089b360e6e5664cb8afa46190826cd025c1a | |
parent | 7427096bc30fb516d1af976f2a3c1de0872a0f4b (diff) | |
parent | 8fa80915b28b6c9915e98faa6cdaf9e267ce3944 (diff) |
Merge "apache2: use pkg-config for pcre detection"
15 files changed, 978 insertions, 0 deletions
diff --git a/meta-linaro-integration/recipes-overlayed/apache2/apache2-native_2.4.9.bb b/meta-linaro-integration/recipes-overlayed/apache2/apache2-native_2.4.9.bb new file mode 100644 index 00000000..e50f2b81 --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/apache2-native_2.4.9.bb @@ -0,0 +1,45 @@ +DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ +extensible web server." +SUMMARY = "Apache HTTP Server" +HOMEPAGE = "http://httpd.apache.org/" +DEPENDS = "expat-native pcre-native apr-native apr-util-native" +SECTION = "net" +LICENSE = "Apache-2.0" + +inherit autotools native + +SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \ + file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ + " + +S = "${WORKDIR}/httpd-${PV}" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83" +SRC_URI[md5sum] = "2ef4e65353497606b24fa9bb3e5a3c40" +SRC_URI[sha256sum] = "f78cc90dfa47caf3d83ad18fd6b4e85f237777c1733fc9088594b70ce2847603" + +EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ + --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ + --prefix=${prefix} --datadir=${datadir}/apache2 \ + " + +do_install () { + install -d ${D}${bindir} ${D}${libdir} + cp server/gen_test_char ${D}${bindir} + install -m 755 support/apxs ${D}${bindir}/ + install -m 755 httpd ${D}${bindir}/ + install -d ${D}${datadir}/apache2/build + cp ${S}/build/*.mk ${D}${datadir}/apache2/build + cp build/*.mk ${D}${datadir}/apache2/build + cp ${S}/build/instdso.sh ${D}${datadir}/apache2/build + + install -d ${D}${includedir}/apache2 + cp ${S}/include/* ${D}${includedir}/apache2 + cp include/* ${D}${includedir}/apache2 + cp ${S}/os/unix/os.h ${D}${includedir}/apache2 + cp ${S}/os/unix/unixd.h ${D}${includedir}/apache2 + + cp support/envvars-std ${D}${bindir}/envvars + chmod 755 ${D}${bindir}/envvars +} + diff --git a/meta-linaro-integration/recipes-overlayed/apache2/apache2/apache-configure_perlbin.patch b/meta-linaro-integration/recipes-overlayed/apache2/apache2/apache-configure_perlbin.patch new file mode 100644 index 00000000..baa739fd --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/apache2/apache-configure_perlbin.patch @@ -0,0 +1,37 @@ +# Author: echo <fei.geng@windriver.com> +# Date: April 28 2009 +# Summary:Fix perl install directory to /usr/bin +# +# Upstream-Status: Inappropriate [configuration] + +--- a/configure ++++ b/configure +@@ -22365,13 +22365,7 @@ + #define APACHE_MPM_DIR "$MPM_DIR" + _ACEOF + +- +-perlbin=`$ac_aux_dir/PrintPath perl` +-if test "x$perlbin" = "x"; then +- perlbin="/replace/with/path/to/perl/interpreter" +-fi +- +- ++perlbin='/usr/bin/perl' + + BSD_MAKEFILE=no + ap_make_include=include +--- a/configure.in ++++ b/configure.in +@@ -638,10 +638,7 @@ + AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR", + [Location of the source for the current MPM]) + +-perlbin=`$ac_aux_dir/PrintPath perl` +-if test "x$perlbin" = "x"; then +- perlbin="/replace/with/path/to/perl/interpreter" +-fi ++perlbin='/usr/bin/perl' + AC_SUBST(perlbin) + + dnl If we are running on BSD/OS, we need to use the BSD .include syntax. diff --git a/meta-linaro-integration/recipes-overlayed/apache2/apache2/apache-ssl-ltmain-rpath.patch b/meta-linaro-integration/recipes-overlayed/apache2/apache2/apache-ssl-ltmain-rpath.patch new file mode 100644 index 00000000..3a59fb07 --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/apache2/apache-ssl-ltmain-rpath.patch @@ -0,0 +1,76 @@ +--- httpd-2.2.8.orig/build/ltmain.sh ++++ httpd-2.2.8/build/ltmain.sh +@@ -1515,7 +1515,7 @@ EOF + dir=`$echo "X$arg" | $Xsed -e 's/^-L//'` + # We need an absolute path. + case $dir in +- [\\/]* | [A-Za-z]:[\\/]*) ;; ++ =* | [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + absdir=`cd "$dir" && pwd` + if test -z "$absdir"; then +@@ -2558,7 +2558,7 @@ EOF + $echo "*** $linklib is not portable!" + fi + if test "$linkmode" = lib && +- test "$hardcode_into_libs" = yes; then ++ test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. +@@ -2832,7 +2832,7 @@ EOF + + if test "$linkmode" = lib; then + if test -n "$dependency_libs" && +- { test "$hardcode_into_libs" != yes || ++ { test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || + test "$build_old_libs" = yes || + test "$link_static" = yes; }; then + # Extract -R from dependency_libs +@@ -3426,7 +3426,8 @@ EOF + *) finalize_rpath="$finalize_rpath $libdir" ;; + esac + done +- if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then ++ if test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || ++ test "$build_old_libs" = yes; then + dependency_libs="$temp_xrpath $dependency_libs" + fi + fi +@@ -3843,7 +3844,7 @@ EOF + case $archive_cmds in + *\$LD\ *) wl= ;; + esac +- if test "$hardcode_into_libs" = yes; then ++ if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then + # Hardcode the library paths + hardcode_libdirs= + dep_rpath= +@@ -4397,6 +4398,27 @@ EOF + # Now hardcode the library paths + rpath= + hardcode_libdirs= ++ ++ # short circuit putting rpaths in executables ++ # ++ if test "x$wrs_use_rpaths" != "xyes" ; then ++ flag= ++ for libdir in $compile_rpath; do ++ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in ++ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; ++ esac ++ done ++ compile_rpath="$flag" ++ ++ flag= ++ for libdir in $finalize_rpath; do ++ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in ++ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; ++ esac ++ done ++ finalize_rpath="$flag" ++ fi ++ + for libdir in $compile_rpath $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then diff --git a/meta-linaro-integration/recipes-overlayed/apache2/apache2/fix-libtool-name.patch b/meta-linaro-integration/recipes-overlayed/apache2/apache2/fix-libtool-name.patch new file mode 100644 index 00000000..027af04c --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/apache2/fix-libtool-name.patch @@ -0,0 +1,55 @@ +Fix build scripts to use correct libtool filename + +Upstream-Status: Inappropriate [configuration] + +--- + httpd-2.4.2/build/config_vars.sh.in | 2 +- + httpd-2.4.2/configure | 2 +- + httpd-2.4.2/configure.in | 2 +- + httpd-2.4.2/support/apxs.in | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +--- a/build/config_vars.sh.in ++++ b/build/config_vars.sh.in +@@ -35,7 +35,7 @@ else + APU_CONFIG=@APU_CONFIG@ + fi + +-APR_LIBTOOL="`${APR_CONFIG} --apr-libtool`" ++APR_LIBTOOL="`${APR_CONFIG} --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`" + APR_INCLUDEDIR="`${APR_CONFIG} --includedir`" + test -n "@APU_CONFIG@" && APU_INCLUDEDIR="`${APU_CONFIG} --includedir`" + +--- a/configure ++++ b/configure +@@ -6205,7 +6205,7 @@ case $host in + if test "x$LTFLAGS" = "x"; then + LTFLAGS='--silent' + fi +- my_libtool=`$apr_config --apr-libtool` ++ my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` + LIBTOOL="$my_libtool \$(LTFLAGS)" + libtoolversion=`$my_libtool --version` + case $libtoolversion in +--- a/configure.in ++++ b/configure.in +@@ -264,7 +264,7 @@ case $host in + if test "x$LTFLAGS" = "x"; then + LTFLAGS='--silent' + fi +- my_libtool=`$apr_config --apr-libtool` ++ my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` + LIBTOOL="$my_libtool \$(LTFLAGS)" + libtoolversion=`$my_libtool --version` + case $libtoolversion in +--- a/support/apxs.in ++++ b/support/apxs.in +@@ -352,7 +352,7 @@ if ($apr_major_version < 2) { + } + } + +-my $libtool = `$apr_config --apr-libtool`; ++my $libtool = `$apr_config --apr-libtool| sed -e s,libtool,${host_alias}-libtool,`; + chomp($libtool); + + my $apr_includedir = `$apr_config --includes`; diff --git a/meta-linaro-integration/recipes-overlayed/apache2/apache2/httpd-2.4.1-corelimit.patch b/meta-linaro-integration/recipes-overlayed/apache2/apache2/httpd-2.4.1-corelimit.patch new file mode 100644 index 00000000..18e4107e --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/apache2/httpd-2.4.1-corelimit.patch @@ -0,0 +1,37 @@ + +Bump up the core size limit if CoreDumpDirectory is +configured. + +Upstream-Status: Pending + +Note: upstreaming was discussed but there are competing desires; + there are portability oddities here too. + +--- httpd-2.4.1/server/core.c.corelimit ++++ httpd-2.4.1/server/core.c +@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t * + } + apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper, + apr_pool_cleanup_null); ++ ++#ifdef RLIMIT_CORE ++ if (ap_coredumpdir_configured) { ++ struct rlimit lim; ++ ++ if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) { ++ lim.rlim_cur = lim.rlim_max; ++ if (setrlimit(RLIMIT_CORE, &lim) == 0) { ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "core dump file size limit raised to %lu bytes", ++ lim.rlim_cur); ++ } else { ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL, ++ "core dump file size is zero, setrlimit failed"); ++ } ++ } ++ } ++#endif ++ + return OK; + } + diff --git a/meta-linaro-integration/recipes-overlayed/apache2/apache2/httpd-2.4.1-selinux.patch b/meta-linaro-integration/recipes-overlayed/apache2/apache2/httpd-2.4.1-selinux.patch new file mode 100644 index 00000000..873328d9 --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/apache2/httpd-2.4.1-selinux.patch @@ -0,0 +1,63 @@ + +Log the SELinux context at startup. + +Upstream-Status: Inappropriate [other] + +Note: unlikely to be any interest in this upstream + +--- httpd-2.4.1/configure.in.selinux ++++ httpd-2.4.1/configure.in +@@ -458,6 +458,11 @@ fopen64 + dnl confirm that a void pointer is large enough to store a long integer + APACHE_CHECK_VOID_PTR_LEN + ++AC_CHECK_LIB(selinux, is_selinux_enabled, [ ++ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) ++ APR_ADDTO(AP_LIBS, [-lselinux]) ++]) ++ + AC_CACHE_CHECK([for gettid()], ac_cv_gettid, + [AC_TRY_RUN(#define _GNU_SOURCE + #include <unistd.h> +--- httpd-2.4.1/server/core.c.selinux ++++ httpd-2.4.1/server/core.c +@@ -58,6 +58,10 @@ + #include <unistd.h> + #endif + ++#ifdef HAVE_SELINUX ++#include <selinux/selinux.h> ++#endif ++ + /* LimitRequestBody handling */ + #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) + #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) +@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * + } + #endif + ++#ifdef HAVE_SELINUX ++ { ++ static int already_warned = 0; ++ int is_enabled = is_selinux_enabled() > 0; ++ ++ if (is_enabled && !already_warned) { ++ security_context_t con; ++ ++ if (getcon(&con) == 0) { ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "SELinux policy enabled; " ++ "httpd running as context %s", con); ++ ++ already_warned = 1; ++ ++ freecon(con); ++ } ++ } ++ } ++#endif ++ + return OK; + } + diff --git a/meta-linaro-integration/recipes-overlayed/apache2/apache2/httpd-2.4.4-export.patch b/meta-linaro-integration/recipes-overlayed/apache2/apache2/httpd-2.4.4-export.patch new file mode 100644 index 00000000..afbed8e5 --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/apache2/httpd-2.4.4-export.patch @@ -0,0 +1,22 @@ + +There is no need to "suck in" the apr/apr-util symbols when using +a shared libapr{,util}, it just bloats the symbol table; so don't. + +Upstream-HEAD: needed +Upstream-2.0: omit +Upstream-Status: Pending + +Note: EXPORT_DIRS change is conditional on using shared apr + +--- httpd-2.4.4/server/Makefile.in.export ++++ httpd-2.4.4/server/Makefile.in +@@ -57,9 +57,6 @@ export_files: + ( for dir in $(EXPORT_DIRS); do \ + ls $$dir/*.h ; \ + done; \ +- for dir in $(EXPORT_DIRS_APR); do \ +- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ +- done; \ + ) | sed -e s,//,/,g | sort -u > $@ + + exports.c: export_files diff --git a/meta-linaro-integration/recipes-overlayed/apache2/apache2/npn-patch-2.4.7.patch b/meta-linaro-integration/recipes-overlayed/apache2/apache2/npn-patch-2.4.7.patch new file mode 100644 index 00000000..a4f18550 --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/apache2/npn-patch-2.4.7.patch @@ -0,0 +1,289 @@ +Add support for TLS Next Protocol Negotiation: + +* modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new + hooks for next protocol advertisement/discovery. + +* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable + NPN advertisement callback in handshake. + +* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke + next-protocol discovery hook. + +* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos): + New callback. + +* modules/ssl/ssl_private.h: Add prototype. + +Submitted by: Matthew Steele <mdsteele google.com> + with slight tweaks by jorton + +http://svn.apache.org/viewvc?view=revision&revision=1332643 +https://bugzilla.redhat.com//show_bug.cgi?id=809599 +Upstream-Status: Backport +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + CHANGES | 2 + + modules/ssl/mod_ssl.c | 12 ++++++ + modules/ssl/mod_ssl.h | 21 +++++++++++ + modules/ssl/ssl_engine_init.c | 5 +++ + modules/ssl/ssl_engine_io.c | 24 ++++++++++++ + modules/ssl/ssl_engine_kernel.c | 82 +++++++++++++++++++++++++++++++++++++++++ + modules/ssl/ssl_private.h | 6 +++ + 7 files changed, 152 insertions(+) + +diff --git a/CHANGES b/CHANGES +--- a/CHANGES ++++ b/CHANGES +@@ -1,6 +1,8 @@ + -*- coding: utf-8 -*- + + Changes with Apache 2.4.7 ++ *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210. ++ [Matthew Steele <mdsteele google.com>] + + *) APR 1.5.0 or later is now required for the event MPM. + +diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c +--- a/modules/ssl/mod_ssl.c ++++ b/modules/ssl/mod_ssl.c +@@ -275,6 +275,18 @@ static const command_rec ssl_config_cmds[] = { + AP_END_CMD + }; + ++/* Implement 'modssl_run_npn_advertise_protos_hook'. */ ++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( ++ modssl, AP, int, npn_advertise_protos_hook, ++ (conn_rec *connection, apr_array_header_t *protos), ++ (connection, protos), OK, DECLINED); ++ ++/* Implement 'modssl_run_npn_proto_negotiated_hook'. */ ++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( ++ modssl, AP, int, npn_proto_negotiated_hook, ++ (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len), ++ (connection, proto_name, proto_name_len), OK, DECLINED); ++ + /* + * the various processing hooks + */ +diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h +--- a/modules/ssl/mod_ssl.h ++++ b/modules/ssl/mod_ssl.h +@@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *)); + + APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); + ++/** The npn_advertise_protos optional hook allows other modules to add entries ++ * to the list of protocol names advertised by the server during the Next ++ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is ++ * given the connection and an APR array; it should push one or more char*'s ++ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto ++ * the array and return OK, or do nothing and return DECLINED. */ ++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook, ++ (conn_rec *connection, apr_array_header_t *protos)); ++ ++/** The npn_proto_negotiated optional hook allows other modules to discover the ++ * name of the protocol that was chosen during the Next Protocol Negotiation ++ * (NPN) portion of the SSL handshake. Note that this may be the empty string ++ * (in which case modules should probably assume HTTP), or it may be a protocol ++ * that was never even advertised by the server. The hook callee is given the ++ * connection, a non-null-terminated string containing the protocol name, and ++ * the length of the string; it should do something appropriate (i.e. insert or ++ * remove filters) and return OK, or do nothing and return DECLINED. */ ++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook, ++ (conn_rec *connection, const char *proto_name, ++ apr_size_t proto_name_len)); ++ + #endif /* __MOD_SSL_H__ */ + /** @} */ +diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c +--- a/modules/ssl/ssl_engine_init.c ++++ b/modules/ssl/ssl_engine_init.c +@@ -546,6 +546,11 @@ static void ssl_init_ctx_callbacks(server_rec *s, + SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); + + SSL_CTX_set_info_callback(ctx, ssl_callback_Info); ++ ++#ifdef HAVE_TLS_NPN ++ SSL_CTX_set_next_protos_advertised_cb( ++ ctx, ssl_callback_AdvertiseNextProtos, NULL); ++#endif + } + + static void ssl_init_ctx_verify(server_rec *s, +diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c +--- a/modules/ssl/ssl_engine_io.c ++++ b/modules/ssl/ssl_engine_io.c +@@ -28,6 +28,7 @@ + core keeps dumping.'' + -- Unknown */ + #include "ssl_private.h" ++#include "mod_ssl.h" + #include "apr_date.h" + + /* _________________________________________________________________ +@@ -297,6 +298,7 @@ typedef struct { + apr_pool_t *pool; + char buffer[AP_IOBUFSIZE]; + ssl_filter_ctx_t *filter_ctx; ++ int npn_finished; /* 1 if NPN has finished, 0 otherwise */ + } bio_filter_in_ctx_t; + + /* +@@ -1412,6 +1414,27 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f, + APR_BRIGADE_INSERT_TAIL(bb, bucket); + } + ++#ifdef HAVE_TLS_NPN ++ /* By this point, Next Protocol Negotiation (NPN) should be completed (if ++ * our version of OpenSSL supports it). If we haven't already, find out ++ * which protocol was decided upon and inform other modules by calling ++ * npn_proto_negotiated_hook. */ ++ if (!inctx->npn_finished) { ++ const unsigned char *next_proto = NULL; ++ unsigned next_proto_len = 0; ++ ++ SSL_get0_next_proto_negotiated( ++ inctx->ssl, &next_proto, &next_proto_len); ++ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, ++ "SSL NPN negotiated protocol: '%s'", ++ apr_pstrmemdup(f->c->pool, (const char*)next_proto, ++ next_proto_len)); ++ modssl_run_npn_proto_negotiated_hook( ++ f->c, (const char*)next_proto, next_proto_len); ++ inctx->npn_finished = 1; ++ } ++#endif ++ + return APR_SUCCESS; + } + +@@ -1893,6 +1916,7 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c, + inctx->block = APR_BLOCK_READ; + inctx->pool = c->pool; + inctx->filter_ctx = filter_ctx; ++ inctx->npn_finished = 0; + } + + /* The request_rec pointer is passed in here only to ensure that the +diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c +--- a/modules/ssl/ssl_engine_kernel.c ++++ b/modules/ssl/ssl_engine_kernel.c +@@ -29,6 +29,7 @@ + time I was too famous.'' + -- Unknown */ + #include "ssl_private.h" ++#include "mod_ssl.h" + #include "util_md5.h" + + static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); +@@ -2139,3 +2140,84 @@ int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg) + } + + #endif /* HAVE_SRP */ ++ ++#ifdef HAVE_TLS_NPN ++/* ++ * This callback function is executed when SSL needs to decide what protocols ++ * to advertise during Next Protocol Negotiation (NPN). It must produce a ++ * string in wire format -- a sequence of length-prefixed strings -- indicating ++ * the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb ++ * in OpenSSL for reference. ++ */ ++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out, ++ unsigned int *size_out, void *arg) ++{ ++ conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); ++ apr_array_header_t *protos; ++ int num_protos; ++ unsigned int size; ++ int i; ++ unsigned char *data; ++ unsigned char *start; ++ ++ *data_out = NULL; ++ *size_out = 0; ++ ++ /* If the connection object is not available, then there's nothing for us ++ * to do. */ ++ if (c == NULL) { ++ return SSL_TLSEXT_ERR_OK; ++ } ++ ++ /* Invoke our npn_advertise_protos hook, giving other modules a chance to ++ * add alternate protocol names to advertise. */ ++ protos = apr_array_make(c->pool, 0, sizeof(char*)); ++ modssl_run_npn_advertise_protos_hook(c, protos); ++ num_protos = protos->nelts; ++ ++ /* We now have a list of null-terminated strings; we need to concatenate ++ * them together into a single string, where each protocol name is prefixed ++ * by its length. First, calculate how long that string will be. */ ++ size = 0; ++ for (i = 0; i < num_protos; ++i) { ++ const char *string = APR_ARRAY_IDX(protos, i, const char*); ++ unsigned int length = strlen(string); ++ /* If the protocol name is too long (the length must fit in one byte), ++ * then log an error and skip it. */ ++ if (length > 255) { ++ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, ++ "SSL NPN protocol name too long (length=%u): %s", ++ length, string); ++ continue; ++ } ++ /* Leave room for the length prefix (one byte) plus the protocol name ++ * itself. */ ++ size += 1 + length; ++ } ++ ++ /* If there is nothing to advertise (either because no modules added ++ * anything to the protos array, or because all strings added to the array ++ * were skipped), then we're done. */ ++ if (size == 0) { ++ return SSL_TLSEXT_ERR_OK; ++ } ++ ++ /* Now we can build the string. Copy each protocol name string into the ++ * larger string, prefixed by its length. */ ++ data = apr_palloc(c->pool, size * sizeof(unsigned char)); ++ start = data; ++ for (i = 0; i < num_protos; ++i) { ++ const char *string = APR_ARRAY_IDX(protos, i, const char*); ++ apr_size_t length = strlen(string); ++ *start = (unsigned char)length; ++ ++start; ++ memcpy(start, string, length * sizeof(unsigned char)); ++ start += length; ++ } ++ ++ /* Success. */ ++ *data_out = data; ++ *size_out = size; ++ return SSL_TLSEXT_ERR_OK; ++} ++#endif /* HAVE_TLS_NPN */ +diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h +--- a/modules/ssl/ssl_private.h ++++ b/modules/ssl/ssl_private.h +@@ -123,6 +123,11 @@ + #define MODSSL_SSL_METHOD_CONST + #endif + ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ ++ && !defined(OPENSSL_NO_TLSEXT) ++#define HAVE_TLS_NPN ++#endif ++ + #if defined(OPENSSL_FIPS) + #define HAVE_FIPS + #endif +@@ -800,6 +805,7 @@ int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *); + int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, + EVP_CIPHER_CTX *, HMAC_CTX *, int); + #endif ++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); + + /** Session Cache Support */ + void ssl_scache_init(server_rec *, apr_pool_t *); +-- +1.8.1.2 + diff --git a/meta-linaro-integration/recipes-overlayed/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch b/meta-linaro-integration/recipes-overlayed/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch new file mode 100644 index 00000000..584ddc8d --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch @@ -0,0 +1,52 @@ +From 760ccbb2fb046621a2aeaecabb2b1ef9aa280cf1 Mon Sep 17 00:00:00 2001 +From: Yulong Pei <Yulong.pei@windriver.com> +Date: Thu, 1 Sep 2011 01:03:14 +0800 +Subject: [PATCH] replace lynx to curl in apachectl script + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Yulong Pei <Yulong.pei@windriver.com> +--- + support/apachectl.in | 14 ++++++++++---- + 1 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/support/apachectl.in b/support/apachectl.in +index d4dff38..109ea13 100644 +--- a/support/apachectl.in ++++ b/support/apachectl.in +@@ -51,11 +51,11 @@ fi + # a command that outputs a formatted text version of the HTML at the + # url given on the command line. Designed for lynx, however other + # programs may work. +-LYNX="@LYNX_PATH@ -dump" ++CURL="/usr/bin/curl" + # + # the URL to your server's mod_status status page. If you do not + # have one, then status and fullstatus will not work. +-STATUSURL="http://localhost:@PORT@/server-status" ++STATUSURL="http://localhost:@PORT@/" + # + # Set this variable to a command that increases the maximum + # number of file descriptors allowed per child process. This is +@@ -91,10 +91,16 @@ configtest) + ERROR=$? + ;; + status) +- $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' ++ $CURL -s $STATUSURL | grep -o "It works!" ++ if [ $? != 0 ] ; then ++ echo The httpd server does not work! ++ fi + ;; + fullstatus) +- $LYNX $STATUSURL ++ $CURL -s $STATUSURL | grep -o "It works!" ++ if [ $? != 0 ] ; then ++ echo The httpd server does not work! ++ fi + ;; + *) + $HTTPD $ARGV +-- +1.6.4 + diff --git a/meta-linaro-integration/recipes-overlayed/apache2/apache2/server-makefile.patch b/meta-linaro-integration/recipes-overlayed/apache2/apache2/server-makefile.patch new file mode 100644 index 00000000..f1349cb6 --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/apache2/server-makefile.patch @@ -0,0 +1,11 @@ +--- http-2.0.54/server/Makefile.in-old 2005-12-20 13:26:56.000000000 -0500 ++++ http-2.0.54/server/Makefile.in 2005-12-20 13:27:22.000000000 -0500 +@@ -27,7 +27,7 @@ + $(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS) + + test_char.h: gen_test_char +- ./gen_test_char > test_char.h ++ gen_test_char > test_char.h + + util.lo: test_char.h + diff --git a/meta-linaro-integration/recipes-overlayed/apache2/apache2_2.4.9.bb b/meta-linaro-integration/recipes-overlayed/apache2/apache2_2.4.9.bb new file mode 100644 index 00000000..47881103 --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/apache2_2.4.9.bb @@ -0,0 +1,143 @@ +DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ +extensible web server." +SUMMARY = "Apache HTTP Server" +HOMEPAGE = "http://httpd.apache.org/" +DEPENDS = "libtool-native apache2-native openssl expat pcre apr apr-util" +SECTION = "net" +LICENSE = "Apache-2.0" + +SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \ + file://server-makefile.patch \ + file://httpd-2.4.1-corelimit.patch \ + file://httpd-2.4.4-export.patch \ + file://httpd-2.4.1-selinux.patch \ + file://apache-configure_perlbin.patch \ + file://replace-lynx-to-curl-in-apachectl-script.patch \ + file://apache-ssl-ltmain-rpath.patch \ + file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \ + file://npn-patch-2.4.7.patch \ + file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ + file://init \ + file://apache2-volatile.conf" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83" +SRC_URI[md5sum] = "2ef4e65353497606b24fa9bb3e5a3c40" +SRC_URI[sha256sum] = "f78cc90dfa47caf3d83ad18fd6b4e85f237777c1733fc9088594b70ce2847603" + +S = "${WORKDIR}/httpd-${PV}" + +inherit autotools update-rc.d + +SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" + +CFLAGS_append = " -DPATH_MAX=4096" +CFLAGS_prepend = "-I${STAGING_INCDIR}/openssl " +EXTRA_OECONF = "--enable-ssl \ + --with-ssl=${STAGING_LIBDIR}/.. \ + --with-expat=${STAGING_LIBDIR}/.. \ + --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ + --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ + --enable-info \ + --enable-rewrite \ + --with-dbm=sdbm \ + --with-berkeley-db=no \ + --localstatedir=/var/${BPN} \ + --with-gdbm=no \ + --with-ndbm=no \ + --includedir=${includedir}/${BPN} \ + --datadir=${datadir}/${BPN} \ + --sysconfdir=${sysconfdir}/${BPN} \ + --libexecdir=${libdir}/${BPN}/modules \ + ap_cv_void_ptr_lt_long=no \ + --enable-mpms-shared \ + ac_cv_have_threadsafe_pollset=no" + +do_install_append() { + install -d ${D}/${sysconfdir}/init.d + cat ${WORKDIR}/init | \ + sed -e 's,/usr/sbin/,${sbindir}/,g' \ + -e 's,/usr/bin/,${bindir}/,g' \ + -e 's,/usr/lib,${libdir}/,g' \ + -e 's,/etc/,${sysconfdir}/,g' \ + -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${BPN} + chmod 755 ${D}/${sysconfdir}/init.d/${BPN} + # remove the goofy original files... + rm -rf ${D}/${sysconfdir}/${BPN}/original + # Expat should be found in the staging area via DEPENDS... + rm -f ${D}/${libdir}/libexpat.* + + install -d ${D}${sysconfdir}/${BPN}/conf.d + install -d ${D}${sysconfdir}/${BPN}/modules.d + + # Ensure configuration file pulls in conf.d and modules.d + printf "\nIncludeOptional ${sysconfdir}/${BPN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + # match with that is in init script + printf "\nPidFile /run/httpd.pid" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + # Set 'ServerName' to fix error messages when restart apache service + sed -i 's/^#ServerName www.example.com/ServerName localhost/' ${D}/${sysconfdir}/${BPN}/httpd.conf + + if ${@base_contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d/ + install -m 0644 ${WORKDIR}/apache2-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ + fi +} + +SYSROOT_PREPROCESS_FUNCS += "apache_sysroot_preprocess" + +apache_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${BPN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs + sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${TARGET_PREFIX}libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs + + sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk +} + +# +# implications - used by update-rc.d scripts +# +INITSCRIPT_NAME = "apache2" +INITSCRIPT_PARAMS = "defaults 91 20" +LEAD_SONAME = "libapr-1.so.0" + +PACKAGES = "${PN}-doc ${PN}-dev ${PN}-dbg ${PN}" + +CONFFILES_${PN} = "${sysconfdir}/${BPN}/httpd.conf \ + ${sysconfdir}/${BPN}/magic \ + ${sysconfdir}/${BPN}/mime.types \ + ${sysconfdir}/init.d/${BPN} " + +# we override here rather than append so that .so links are +# included in the runtime package rather than here (-dev) +# and to get build, icons, error into the -dev package +FILES_${PN}-dev = "${datadir}/${BPN}/build \ + ${datadir}/${BPN}/icons \ + ${datadir}/${BPN}/error \ + ${bindir}/apr-config ${bindir}/apu-config \ + ${libdir}/apr*.exp \ + ${includedir}/${BPN} \ + ${libdir}/*.la \ + ${libdir}/*.a" + +# manual to manual +FILES_${PN}-doc += " ${datadir}/${BPN}/manual" + +# +# override this too - here is the default, less datadir +# +FILES_${PN} = "${bindir} ${sbindir} ${libexecdir} ${libdir}/lib*.so.* ${sysconfdir} \ + ${sharedstatedir} ${localstatedir} /bin /sbin /lib/*.so* \ + ${libdir}/${BPN}" + +# we want htdocs and cgi-bin to go with the binary +FILES_${PN} += "${datadir}/${BPN}/htdocs ${datadir}/${BPN}/cgi-bin" + +#make sure the lone .so links also get wrapped in the base package +FILES_${PN} += "${libdir}/lib*.so ${libdir}/pkgconfig/*" + +FILES_${PN}-dbg += "${libdir}/${BPN}/modules/.debug" + +RDEPENDS_${PN} += "openssl libgcc" diff --git a/meta-linaro-integration/recipes-overlayed/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch b/meta-linaro-integration/recipes-overlayed/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch new file mode 100644 index 00000000..63096db0 --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch @@ -0,0 +1,52 @@ +From d8837756f2a48adcfe5d645c39cf163d96eac76c Mon Sep 17 00:00:00 2001 +From: Koen Kooi <koen.kooi@linaro.org> +Date: Tue, 17 Jun 2014 09:10:57 +0200 +Subject: [PATCH] configure: use pkg-config for PCRE detection + +Signed-off-by: Koen Kooi <koen.kooi@linaro.org> +Upstream-Status: pending +--- + configure.in | 27 +++++---------------------- + 1 file changed, 5 insertions(+), 22 deletions(-) + +diff --git a/configure.in b/configure.in +index 864d7c7..da4138e 100644 +--- a/configure.in ++++ b/configure.in +@@ -215,28 +215,11 @@ fi + AC_ARG_WITH(pcre, + APACHE_HELP_STRING(--with-pcre=PATH,Use external PCRE library)) + +-AC_PATH_PROG(PCRE_CONFIG, pcre-config, false) +-if test -d "$with_pcre" && test -x "$with_pcre/bin/pcre-config"; then +- PCRE_CONFIG=$with_pcre/bin/pcre-config +-elif test -x "$with_pcre"; then +- PCRE_CONFIG=$with_pcre +-fi +- +-if test "$PCRE_CONFIG" != "false"; then +- if $PCRE_CONFIG --version >/dev/null 2>&1; then :; else +- AC_MSG_ERROR([Did not find pcre-config script at $PCRE_CONFIG]) +- fi +- case `$PCRE_CONFIG --version` in +- [[1-5].*]) +- AC_MSG_ERROR([Need at least pcre version 6.0]) +- ;; +- esac +- AC_MSG_NOTICE([Using external PCRE library from $PCRE_CONFIG]) +- APR_ADDTO(PCRE_INCLUDES, [`$PCRE_CONFIG --cflags`]) +- APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs`]) +-else +- AC_MSG_ERROR([pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/]) +-fi ++PKG_CHECK_MODULES([PCRE], [libpcre], [ ++ AC_DEFINE([HAVE_PCRE], [1], [Define if you have PCRE library]) ++], [ ++ AC_MSG_ERROR([$PCRE_PKG_ERRORS]) ++]) + APACHE_SUBST(PCRE_LIBS) + + AC_MSG_NOTICE([]) +-- +1.9.3 + diff --git a/meta-linaro-integration/recipes-overlayed/apache2/files/apache2-volatile.conf b/meta-linaro-integration/recipes-overlayed/apache2/files/apache2-volatile.conf new file mode 100644 index 00000000..ff2c5870 --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/files/apache2-volatile.conf @@ -0,0 +1,2 @@ +d /var/run/apache2 0755 root root - +d /var/log/apache2 0755 root root - diff --git a/meta-linaro-integration/recipes-overlayed/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch b/meta-linaro-integration/recipes-overlayed/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch new file mode 100644 index 00000000..b948753b --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch @@ -0,0 +1,21 @@ +Upstream-Status: Pending + +fix following race issue when do parallel install +| mkdir: cannot create directory `/home/mypc/workspace/poky/build_p4080ds_release/tmp/work/ppce500mc-fsl_networking-linux/apache2/2.4.3-r1/image/usr/share/apache2': File exists +... +| mkdir: cannot create directory `/home/mypc/workspace/poky/build_p4080ds_release/tmp/work/ppce500mc-fsl_networking-linux/apache2/2.4.3-r1/image/usr/share/apache2': File exists +| make[1]: *** [install-man] Error 1 +| make[1]: *** Waiting for unfinished jobs.... + +-Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com> +--- httpd-2.4.3/build/mkdir.sh.orig 2013-01-25 03:47:21.565255420 -0600 ++++ httpd-2.4.3/build/mkdir.sh 2013-01-25 03:46:17.833051230 -0600 +@@ -39,7 +39,7 @@ + esac + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" 1>&2 +- mkdir "$pathcomp" || errstatus=$? ++ mkdir -p "$pathcomp" || errstatus=$? + fi + pathcomp="$pathcomp/" + done diff --git a/meta-linaro-integration/recipes-overlayed/apache2/files/init b/meta-linaro-integration/recipes-overlayed/apache2/files/init new file mode 100755 index 00000000..a1adbd74 --- /dev/null +++ b/meta-linaro-integration/recipes-overlayed/apache2/files/init @@ -0,0 +1,73 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: httpd +# Required-Start: $local_fs $remote_fs $network $named +# Required-Stop: $local_fs $remote_fs $network +# Should-Start: distcache +# Short-Description: start and stop Apache HTTP Server +# Description: The Apache HTTP Server is an extensible server +# implementing the current HTTP standards. +### END INIT INFO + +ARGS="-D SSL -D PHP5 -k start" +NAME=apache2 +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/httpd +SUEXEC=/usr/lib/apache/suexec +PIDFILE=/run/httpd.pid +CONF=/etc/apache2/httpd.conf +APACHECTL=/usr/sbin/apachectl + +trap "" 1 +export LANG=C +export PATH + +test -f $DAEMON || exit 0 +test -f $APACHECTL || exit 0 + +# ensure we don't leak environment vars into apachectl +APACHECTL="env -i LANG=${LANG} PATH=${PATH} $APACHECTL" + +case "$1" in + start) + echo -n "Starting web server: $NAME" + $APACHECTL $ARGS + ;; + + stop) + $APACHECTL stop + ;; + + reload) + echo -n "Reloading $NAME configuration" + kill -HUP `cat $PIDFILE` + ;; + + reload-modules) + echo -n "Reloading $NAME modules" + $APACHECTL restart + ;; + + restart) + $APACHECTL restart + exit $? + ;; + + force-reload) + $0 reload-modules + exit $? + ;; + + *) + echo "Usage: /etc/init.d/$NAME {start|stop|reload|reload-modules|force-reload|restart}" + exit 1 + ;; +esac + +if [ $? = 0 ]; then + echo . + exit 0 +else + echo failed + exit 1 +fi |