1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
- enable the checks that the suexec wrapper is a setuid root binary;
so if people turn off setuid on the binary, suexec won't be enabled.
- fix hardcoded path to suexec2
- remove checks requiring /usr/sbin/httpd to be present: this is
unnecessary, we know that httpd contains mod_so, and only the
httpd-devel package should be required to build modules.
- Allow startup after unclean shutdown: remove mutex before
creating it, use anonymous shm in shmcb.
- allow server/exports.c to be generated in a parallel build successfully
- ensure that when mod_ssl is unloaded, libcrypto doesn't still have the
thread_id callback pointing at a mod_ssl function.
- make apache2ctl source /etc/conf.d/apache2 for startup options
diff -uNr httpd-2.0.48/include/httpd.h httpd-2.0.48-gentoo/include/httpd.h
--- httpd-2.0.48/include/httpd.h 2003-10-24 12:19:31.000000000 -0400
+++ httpd-2.0.48-gentoo/include/httpd.h 2003-10-29 21:58:46.000000000 -0500
@@ -180,7 +180,7 @@
/* The path to the suExec wrapper, can be overridden in Configuration */
#ifndef SUEXEC_BIN
-#define SUEXEC_BIN HTTPD_ROOT "/bin/suexec"
+#define SUEXEC_BIN "/usr/sbin/suexec2"
#endif
/* The timeout for waiting for messages */
diff -uNr httpd-2.0.48/modules/ssl/ssl_engine_mutex.c httpd-2.0.48-gentoo/modules/ssl/ssl_engine_mutex.c
--- httpd-2.0.48/modules/ssl/ssl_engine_mutex.c 2003-09-15 21:00:06.000000000 -0400
+++ httpd-2.0.48-gentoo/modules/ssl/ssl_engine_mutex.c 2003-10-29 22:04:22.000000000 -0500
@@ -74,6 +74,8 @@
if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
return TRUE;
+ apr_file_remove(mc->szMutexFile, p);
+
if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile,
mc->nMutexMech, p)) != APR_SUCCESS) {
if (mc->szMutexFile)
diff -uNr httpd-2.0.48/modules/ssl/ssl_scache_shmcb.c httpd-2.0.48-gentoo/modules/ssl/ssl_scache_shmcb.c
--- httpd-2.0.48/modules/ssl/ssl_scache_shmcb.c 2003-02-03 12:31:54.000000000 -0500
+++ httpd-2.0.48-gentoo/modules/ssl/ssl_scache_shmcb.c 2003-10-29 22:04:22.000000000 -0500
@@ -375,7 +375,7 @@
if ((rv = apr_shm_create(&(mc->pSessionCacheDataMM),
mc->nSessionCacheDataSize,
- mc->szSessionCacheDataFile,
+ NULL,
mc->pPool)) != APR_SUCCESS) {
char buf[100];
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
diff -uNr httpd-2.0.48/modules/ssl/ssl_util.c httpd-2.0.48-gentoo/modules/ssl/ssl_util.c
--- httpd-2.0.48/modules/ssl/ssl_util.c 2003-05-16 14:12:19.000000000 -0400
+++ httpd-2.0.48-gentoo/modules/ssl/ssl_util.c 2003-10-29 23:06:06.000000000 -0500
@@ -455,6 +455,8 @@
{
CRYPTO_set_locking_callback(NULL);
+ CRYPTO_set_id_callback(NULL);
+
/* Let the registered mutex cleanups do their own thing
*/
return APR_SUCCESS;
diff -uNr httpd-2.0.48/os/unix/unixd.c httpd-2.0.48-gentoo/os/unix/unixd.c
--- httpd-2.0.48/os/unix/unixd.c 2003-09-15 21:00:06.000000000 -0400
+++ httpd-2.0.48-gentoo/os/unix/unixd.c 2003-10-29 21:57:35.000000000 -0500
@@ -243,23 +243,20 @@
AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp)
{
- apr_finfo_t wrapper;
+ struct stat wrapper;
unixd_config.user_name = DEFAULT_USER;
unixd_config.user_id = ap_uname2id(DEFAULT_USER);
unixd_config.group_id = ap_gname2id(DEFAULT_GROUP);
/* Check for suexec */
- unixd_config.suexec_enabled = 0;
- if ((apr_stat(&wrapper, SUEXEC_BIN,
- APR_FINFO_NORM, ptemp)) != APR_SUCCESS) {
- return;
- }
-
- /* XXX - apr_stat is incapable of checking suid bits (grumble) */
- /* if ((wrapper.filetype & S_ISUID) && wrapper.user == 0) { */
+ if (stat(SUEXEC_BIN, &wrapper) == 0 &&
+ (wrapper.st_mode & S_ISUID) && wrapper.st_uid == 0) {
unixd_config.suexec_enabled = 1;
- /* } */
+ } else {
+ unixd_config.suexec_enabled = 0;
+ }
+
}
diff -uNr httpd-2.0.48/server/Makefile.in httpd-2.0.48-gentoo/server/Makefile.in
--- httpd-2.0.48/server/Makefile.in 2003-03-11 10:41:55.000000000 -0500
+++ httpd-2.0.48-gentoo/server/Makefile.in 2003-10-29 22:07:41.000000000 -0500
@@ -70,6 +70,9 @@
# wtf does this have to be explicit????
exports.lo: exports.c
+# Needed to allow exports.c to be generated in a parallel build successfully
+.NOTPARALLEL: $(top_builddir)/server/exports.c
+
# Rule to make def file for OS/2 core dll
ApacheCoreOS2.def: exports.c export_vars.h $(top_srcdir)/os/$(OS_DIR)/core_header.def
cat $(top_srcdir)/os/$(OS_DIR)/core_header.def > $@
diff -uNr httpd-2.0.48/support/apachectl.in httpd-2.0.48-gentoo/support/apachectl.in
--- httpd-2.0.48/support/apachectl.in 2003-02-03 12:32:08.000000000 -0500
+++ httpd-2.0.48-gentoo/support/apachectl.in 2003-10-29 23:08:58.000000000 -0500
@@ -28,7 +28,8 @@
# -------------------- --------------------
#
# the path to your httpd binary, including options if necessary
-HTTPD='@exp_sbindir@/@progname@'
+. /etc/conf.d/apache2
+HTTPD="@exp_sbindir@/@progname@ ${APACHE2_OPTS}"
#
# pick up any necessary environment variables
if test -f @exp_bindir@/envvars; then
diff -uNr httpd-2.0.48/support/apxs.in httpd-2.0.48-gentoo/support/apxs.in
--- httpd-2.0.48/support/apxs.in 2003-05-21 07:39:52.000000000 -0400
+++ httpd-2.0.48-gentoo/support/apxs.in 2003-10-29 22:02:48.000000000 -0500
@@ -237,19 +237,6 @@
($httpd = $0) =~ s:support/apxs$::;
}
-unless (-x "$httpd") {
- error("$httpd not found or not executable");
- exit 1;
-}
-
-unless (grep /mod_so/, `. $envvars && $httpd -l`) {
- error("Sorry, no shared object support for Apache");
- error("available under your platform. Make sure");
- error("the Apache module mod_so is compiled into");
- error("your server binary `$httpd'.");
- exit 1;
-}
-
sub get_config_vars{
my ($file, $rh_config) = @_;
|
GitWeb