diff options
author | Hanno <hanno@gentoo.org> | 2014-07-16 20:40:34 +0200 |
---|---|---|
committer | Hanno <hanno@gentoo.org> | 2014-07-16 20:40:34 +0200 |
commit | b759e82b265bb3ea85bda1492a2bb3e4d1a36dbe (patch) | |
tree | d4721c1c86f6e48025f2edf7c679980a8b42d98f /www-servers | |
parent | spamassassin with sslv2 disabling patch from debian (diff) | |
download | libressl-b759e82b265bb3ea85bda1492a2bb3e4d1a36dbe.tar.gz libressl-b759e82b265bb3ea85bda1492a2bb3e4d1a36dbe.tar.bz2 libressl-b759e82b265bb3ea85bda1492a2bb3e4d1a36dbe.zip |
apache with libressl fix from
https://mail-archives.apache.org/mod_mbox/subversion-commits/201404.mbox/%3C20140427182653.375C423888D7@eris.apache.org%3E
and SNI fix from upstream commit
Diffstat (limited to 'www-servers')
-rw-r--r-- | www-servers/apache/Manifest | 9 | ||||
-rw-r--r-- | www-servers/apache/apache-2.4.9-r3.ebuild | 233 | ||||
-rw-r--r-- | www-servers/apache/files/00_systemd.conf | 2 | ||||
-rw-r--r-- | www-servers/apache/files/apache-2.4.9-libressl.diff | 14 | ||||
-rw-r--r-- | www-servers/apache/files/apache-fix-sni.diff | 13 | ||||
-rw-r--r-- | www-servers/apache/files/apache.conf | 2 | ||||
-rw-r--r-- | www-servers/apache/files/apache2.2.service | 19 | ||||
-rw-r--r-- | www-servers/apache/files/apache2.4.service | 20 |
8 files changed, 312 insertions, 0 deletions
diff --git a/www-servers/apache/Manifest b/www-servers/apache/Manifest new file mode 100644 index 0000000..fa5792c --- /dev/null +++ b/www-servers/apache/Manifest @@ -0,0 +1,9 @@ +AUX 00_systemd.conf 88 SHA256 487e7451ce2d834d8af09a1db09bfe235fbc87b17b13a88bf849f0739b023ce3 SHA512 c510b77450f45d8ca5b8f00ebae5de9e3dc0ecb45f9857e391ac923dadb6b5193b13e9bc372790de20bb8829f2bee5bfc0e85ad03b3a72818c5dd6a0d7f45353 WHIRLPOOL 35ff7234f1ac513a522481ed08d2281dc331835cccd1049dbbadd9f2dff7fce1700a3ae9fd8f2f490f09d82edd960f4a0b4f00a91db2bafb7c647e3b54733cef +AUX apache-2.4.9-libressl.diff 542 SHA256 d1ce461d5abdc131a80fbc694d574d52d51cbae95ac84f74c8e23c40d00d59e2 SHA512 2df6fe35bee1627b82acae7cdf17ca8fe1b420233b35945e187279c07330a8a6f3af97ee177cc0b227cd3bd691de47c91a7d33317b2dbe19f605817b4cefa332 WHIRLPOOL 39c749278e21875e1a9870e210810fbf59c2a571e733a27b8da7ce5c539c120691612c5dc277fa1ede79d9c7437fa261a7c8a1b07924f91be9ebbd1afd715340 +AUX apache-fix-sni.diff 621 SHA256 272ea68c8af38fb48a805124e5e467448cfc9e1c4a00b8ceef7d84677c8eb1b7 SHA512 865f1148fd5f38dbbea1960275ac29764cfd36369d5df81e7c1029c4363fafdda8dacce760d6424664649df20f4e3bbc15afaa1de693e79605ce2472f721d38e WHIRLPOOL ef1dfd348871d0dd13071fddc74f348ab4ea5114b78fb8db22ccefb781f2f3ca600c18752c284ccb0c7f77783a7e2332865f35a38d4766636c772628874e459e +AUX apache.conf 55 SHA256 ea616c5cc37979a006d69c51bda43fca15a4327d33175762652b29f5cdea1c7b SHA512 3a53beb7a283d17c14383f16ad14c0602681ac1b193cce8f5aca50ae9d9af3a71054ce4a9ab11cbcb72fe913459e1b306fd54660154e66afe10272f8c0f149f3 WHIRLPOOL fa348414f320a9f70001386dfb77d57ca4836c3ef3d251976077b7ad545d7f6752e534efadbf28c7dcb777388e3d844eba84b939dcf48881983388daf6ac23f0 +AUX apache2.2.service 716 SHA256 e850ad73585fbba52ade58a39ca91adbfd52f56a0bbd426ebcadb340a7dcb62b SHA512 5f736c803772077598248bbb41f76dff396dfd2f11a60d1ba929a619275efb8c1b4c0dab78cbcdf83b9ec94db67b958b3333b01f67d71eb3b2e07dba4bca2a7c WHIRLPOOL 776a928422b8f37a12099111a1503674ca901934b60dca8596dc8bc287390be9a0e912d7ba6226dcb22eb7c669fa298ddc20fd7bf5c275b0cf019bae0d594839 +AUX apache2.4.service 728 SHA256 4420af10d1237f90ae519e56e75f1cc84e9f7c7b63aca9decf91a77f88ae0390 SHA512 6b43e5638d5da68a5408d45befd10a9e42197c1a393764e945ba22d47d0736e2b28bad36a96f4f4ad4ff928db6f2c1377bd22ce401056b2f21fb38933a3cd972 WHIRLPOOL 5526995c5f4772353fcccbd83ed93c8186cb47f80f5d1244dc454ca886189ac92539572c43978d2868b77002a2397ff4794b3c8f6c655fecb432b8013afaf38e +DIST gentoo-apache-2.4.9-r3-20140522.tar.bz2 24978 SHA256 65714f27eb1d3c125ff9cd9ef71159ca5592d4336c8d7807e55c826f3a317920 SHA512 0a35a8bf4af399ac4c203db7ac0b60b66550317734fd72e4ce7640dd27648f679ba02100c2384e6dd79fc97bbef25889dfd8c481a2ca0593d06b5df13a762f5d WHIRLPOOL 97085dfb7703187d4a1c873a3dab96ff0b92a36578da000ee9ade6d7762c21e80b4452d4496d60f2918a3818e4137c5717a68eda43b0fa675823b02ba114cd19 +DIST httpd-2.4.9.tar.bz2 4994460 SHA256 f78cc90dfa47caf3d83ad18fd6b4e85f237777c1733fc9088594b70ce2847603 SHA512 3a66302e18a2d165b3851665dc73be7d3849fc3359c1ff9dd9e2eaebf1f1d8fb89b7b0a05929d6247750bf0ed1abf9cf3c236a373b2d99635c8ca41698719c96 WHIRLPOOL 735677695d3b1497d554dd3e8d97733359140f3bb524335ab474275ca2b5546ceab8f5f3778948fabee2d152bf5b096d99b3dabb1011a4b68905c7cd5012a648 +EBUILD apache-2.4.9-r3.ebuild 7558 SHA256 ec4b67fb41849b03920c60928a3110c62279e24d5fcbab0c5cd65d7d2015e132 SHA512 32a5d5cdf8ab40e0e8ff0a35ab40a72b50edd9a46c6648a1fb873e4f0440ba2fec6a62c65185b2f28854320232b4649db1c0f358ae439980b54b574ee8ec2385 WHIRLPOOL 340a55d1f8b2533bb9be156c8881f88957a0b8d4a581e3e34c4c7a6b027ef6672b6593d35907ecee1d254e074986bc4a93361602b959553cca6f1cb14b6c8316 diff --git a/www-servers/apache/apache-2.4.9-r3.ebuild b/www-servers/apache/apache-2.4.9-r3.ebuild new file mode 100644 index 0000000..48218a5 --- /dev/null +++ b/www-servers/apache/apache-2.4.9-r3.ebuild @@ -0,0 +1,233 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.4.9-r3.ebuild,v 1.1 2014/05/22 14:02:43 polynomial-c Exp $ + +EAPI=5 + +# latest gentoo apache files +GENTOO_PATCHSTAMP="20140522" +GENTOO_DEVELOPER="polynomial-c" +GENTOO_PATCHNAME="gentoo-apache-2.4.9-r3" + +# IUSE/USE_EXPAND magic +IUSE_MPMS_FORK="peruser prefork" +IUSE_MPMS_THREAD="event worker" + +# << obsolete modules: +# authn_default authz_default mem_cache +# mem_cache is replaced by cache_disk +# ?? buggy modules +# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found +# >> added modules for reason: +# compat: compatibility with 2.2 access control +# authz_host: new module for access control +# authn_core: functionality provided by authn_alias in previous versions +# authz_core: new module, provides core authorization capabilities +# cache_disk: replacement for mem_cache +# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 +# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 +# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). +# socache_shmcb: shared object cache provider. Default config with ssl needs it +# unixd: fixes startup error: Invalid command 'User' +IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest +authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authz_core +authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex +cache cache_disk cern_meta charset_lite cgi cgid dav dav_fs dav_lock dbd deflate +dir dumpio env expires ext_filter file_cache filter headers ident imagemap +include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness +lbmethod_heartbeat log_config log_forensic logio mime mime_magic negotiation +proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi +proxy_fcgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout setenvif +slotmem_shm speling socache_shmcb status substitute unique_id userdir usertrack +unixd version vhost_alias" +# The following are also in the source as of this version, but are not available +# for user selection: +# bucketeer case_filter case_filter_in echo http isapi optional_fn_export +# optional_fn_import optional_hook_export optional_hook_import + +# inter-module dependencies +# TODO: this may still be incomplete +MODULE_DEPENDS=" + dav_fs:dav + dav_lock:dav + deflate:filter + cache_disk:cache + ext_filter:filter + file_cache:cache + lbmethod_byrequests:proxy_balancer + lbmethod_byrequests:slotmem_shm + lbmethod_bytraffic:proxy_balancer + lbmethod_bybusyness:proxy_balancer + lbmethod_heartbeat:proxy_balancer + log_forensic:log_config + logio:log_config + cache_disk:cache + mime_magic:mime + proxy_ajp:proxy + proxy_balancer:proxy + proxy_balancer:slotmem_shm + proxy_connect:proxy + proxy_ftp:proxy + proxy_http:proxy + proxy_scgi:proxy + proxy_fcgi:proxy + proxy_wstunnel:proxy + substitute:filter +" + +# module<->define mappings +MODULE_DEFINES=" + auth_digest:AUTH_DIGEST + authnz_ldap:AUTHNZ_LDAP + cache:CACHE + cache_disk:CACHE + dav:DAV + dav_fs:DAV + dav_lock:DAV + file_cache:CACHE + info:INFO + ldap:LDAP + proxy:PROXY + proxy_ajp:PROXY + proxy_balancer:PROXY + proxy_connect:PROXY + proxy_ftp:PROXY + proxy_http:PROXY + proxy_fcgi:PROXY + proxy_scgi:PROXY + proxy_wstunnel:PROXY + socache_shmcb:SSL + ssl:SSL + status:STATUS + suexec:SUEXEC + userdir:USERDIR +" + +# critical modules for the default config +MODULE_CRITICAL=" + authn_core + authz_core + authz_host + dir + mime + unixd +" +inherit eutils apache-2 systemd toolchain-funcs + +DESCRIPTION="The Apache Web Server." +HOMEPAGE="http://httpd.apache.org/" + +# some helper scripts are Apache-1.1, thus both are here +LICENSE="Apache-2.0 Apache-1.1" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" +IUSE="" + +pkg_setup() { + # dependend critical modules which are not allowed in global scope due + # to USE flag conditionals (bug #499260) + use ssl && MODULE_CRITICAL+=" socache_shmcb" + use doc && MODULE_CRITICAL+=" alias negotiation setenvif" + apache-2_pkg_setup +} + +src_prepare() { + epatch "${FILESDIR}/apache-fix-sni.diff" + epatch "${FILESDIR}/apache-2.4.9-libressl.diff" + apache-2_src_prepare +} + +src_configure() { + # Brain dead check. + tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no" + + apache-2_src_configure +} + +src_compile() { + if tc-is-cross-compiler; then + # This header is the same across targets, so use the build compiler. + pushd server >/dev/null + emake gen_test_char + tc-export_build_env BUILD_CC + ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \ + gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die + popd >/dev/null + fi + + default +} + +src_install() { + apache-2_src_install + for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do + rm "${D}"/$i || die "Failed to prune apache-tools bits" + done + for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do + rm "${D}"/$i || die "Failed to prune apache-tools bits" + done + for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do + rm "${D}"/$i || die "Failed to prune apache-tools bits" + done + for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do + rm "${D}/"$i || die "Failed to prune apache-tools bits" + done + + # install apxs in /usr/bin (bug #502384) and put a symlink into the + # old location until all ebuilds and eclasses have been modified to + # use the new location. + local apxs="/usr/bin/apxs" + cp "${S}"/support/apxs "${D}"${apxs} || die "Failed to install apxs" + ln -s ../bin/apxs "${D}"/usr/sbin/apxs || die + chmod 0755 "${D}"${apxs} || die + + # Note: wait for mod_systemd to be included in the next release, + # then apache2.4.service can be used and systemd support controlled + # through --enable-systemd + systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service" + systemd_dotmpfilesd "${FILESDIR}/apache.conf" + #insinto /etc/apache2/modules.d + #doins "${FILESDIR}/00_systemd.conf" +} + +pkg_postinst() +{ + apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" + # warnings that default config might not work out of the box + for mod in $MODULE_CRITICAL; do + if ! use "apache2_modules_${mod}"; then + echo + ewarn "Warning: Critical module not installed!" + ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" + ewarn "are highly recomended but might not be in the base profile yet." + ewarn "Default config for ssl needs module 'socache_shmcb'." + ewarn "Enabling the following flags is highly recommended:" + for cmod in $MODULE_CRITICAL; do + use "apache2_modules_${cmod}" || \ + ewarn "+ apache2_modules_${cmod}" + done + echo + break + fi + done + # warning for proxy_balancer and missing load balancing scheduler + if use apache2_modules_proxy_balancer; then + local lbset= + for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do + if use "apache2_modules_${mod}"; then + lbset=1 && break + fi + done + if [ ! $lbset ]; then + echo + ewarn "Info: Missing load balancing scheduler algorithm module" + ewarn "(They were split off from proxy_balancer in 2.3)" + ewarn "In order to get the ability of load balancing, at least" + ewarn "one of these modules has to be present:" + ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" + echo + fi + fi +} diff --git a/www-servers/apache/files/00_systemd.conf b/www-servers/apache/files/00_systemd.conf new file mode 100644 index 0000000..b208c97 --- /dev/null +++ b/www-servers/apache/files/00_systemd.conf @@ -0,0 +1,2 @@ +# This file configures systemd module: +LoadModule systemd_module modules/mod_systemd.so diff --git a/www-servers/apache/files/apache-2.4.9-libressl.diff b/www-servers/apache/files/apache-2.4.9-libressl.diff new file mode 100644 index 0000000..9e3443d --- /dev/null +++ b/www-servers/apache/files/apache-2.4.9-libressl.diff @@ -0,0 +1,14 @@ +--- httpd-2.4.9/modules/ssl/ssl_engine_init.c 2014-03-13 13:39:33.000000000 +0100 ++++ httpd-2.4.9-1/modules/ssl/ssl_engine_init.c 2014-07-12 01:26:17.266272651 +0200 +@@ -275,9 +275,11 @@ + return ssl_die(s); + } + ++#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK + if (strEQ(mc->szCryptoDevice, "chil")) { + ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); + } ++#endif + + if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01889) diff --git a/www-servers/apache/files/apache-fix-sni.diff b/www-servers/apache/files/apache-fix-sni.diff new file mode 100644 index 0000000..099ee63 --- /dev/null +++ b/www-servers/apache/files/apache-fix-sni.diff @@ -0,0 +1,13 @@ +Index: modules/ssl/ssl_engine_config.c +=================================================================== +--- modules/ssl/ssl_engine_config.c (revision 1585379) ++++ modules/ssl/ssl_engine_config.c (working copy) +@@ -243,7 +243,7 @@ + } + + #define cfgMerge(el,unset) mrg->el = (add->el == (unset)) ? base->el : add->el +-#define cfgMergeArray(el) mrg->el = apr_array_append(p, add->el, base->el) ++#define cfgMergeArray(el) mrg->el = apr_array_append(p, base->el, add->el) + #define cfgMergeString(el) cfgMerge(el, NULL) + #define cfgMergeBool(el) cfgMerge(el, UNSET) + #define cfgMergeInt(el) cfgMerge(el, UNSET) diff --git a/www-servers/apache/files/apache.conf b/www-servers/apache/files/apache.conf new file mode 100644 index 0000000..56e23ae --- /dev/null +++ b/www-servers/apache/files/apache.conf @@ -0,0 +1,2 @@ +d /run/apache2 710 root apache +d /run/apache_ssl_mutex diff --git a/www-servers/apache/files/apache2.2.service b/www-servers/apache/files/apache2.2.service new file mode 100644 index 0000000..76f783a --- /dev/null +++ b/www-servers/apache/files/apache2.2.service @@ -0,0 +1,19 @@ +[Unit] +Description=The Apache HTTP Server +After=network.target remote-fs.target nss-lookup.target + +[Service] +EnvironmentFile=/etc/conf.d/apache2 +ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND +ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful +ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop +# We want systemd to give httpd some time to finish gracefully, but still want +# it to kill httpd after TimeoutStopSec if something went wrong during the +# graceful stop. Normally, Systemd sends SIGTERM signal right after the +# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give +# httpd time to finish. +KillSignal=SIGCONT +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/www-servers/apache/files/apache2.4.service b/www-servers/apache/files/apache2.4.service new file mode 100644 index 0000000..ace453f --- /dev/null +++ b/www-servers/apache/files/apache2.4.service @@ -0,0 +1,20 @@ +[Unit] +Description=The Apache HTTP Server +After=network.target remote-fs.target nss-lookup.target + +[Service] +Type=notify +EnvironmentFile=/etc/conf.d/apache2 +ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND +ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful +ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop +# We want systemd to give httpd some time to finish gracefully, but still want +# it to kill httpd after TimeoutStopSec if something went wrong during the +# graceful stop. Normally, Systemd sends SIGTERM signal right after the +# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give +# httpd time to finish. +KillSignal=SIGCONT +PrivateTmp=true + +[Install] +WantedBy=multi-user.target |