--- apache2-2.2.16.orig/debian/apache2-prefork-dev.dirs +++ apache2-2.2.16/debian/apache2-prefork-dev.dirs @@ -0,0 +1,4 @@ +usr/include/apache2 +usr/bin +usr/share/apache2/build +usr/share/man/man8 --- apache2-2.2.16.orig/debian/apache2.2-common.bug-script +++ apache2-2.2.16/debian/apache2.2-common.bug-script @@ -0,0 +1,60 @@ +#!/usr/bin/perl -w + +use strict; +use Text::Wrap; +$Text::Wrap::columns = 70; + +open (my $out, ">&=3") or die "could not open FD 3\n"; + +my $apache = ". /etc/apache2/envvars && /usr/sbin/apache2"; +my $res = `$apache -t 2>&1`; +my @modules; +my $php; +if ($res !~ "Syntax OK") { + # if we are not root, syntax check will fail because ssl private keys + # are not readable + print $out "Config file syntax check failed.\n" if $> == 0; + @modules = sort glob("/etc/apache2/mods-enabled/*.load"); + map { s{^/etc/apache2/mods-enabled/(.*)\.load$}{$1} } @modules; + print $out "List of /etc/apache2/mods-enabled/*.load:\n"; +} +else { + @modules = sort `$apache -M 2>&1`; + @modules = map { /^ (.*)_module $shared$/ ? ($1) : () } @modules; + print $out "List of enabled modules from 'apache2 -M':\n"; +} +if (! scalar @modules) { + print $out "Could not determine module list\n"; +} +else { + my $missing; + foreach my $m (@modules) { + if (-e "/etc/apache2/mods-available/$m.conf" and + ! -e "/etc/apache2/mods-enabled/$m.conf") { + $m .= "*"; + $missing = 1; + } + if ($m =~ /^(php\d)/) { + $php = $1; + } + } + + print $out wrap(" ", " ", "@modules\n"); + + print $out + wrap(" ", " ", + "(A * means that the .conf file for that module is not " . + "enabled in /etc/apache2/mods-enabled/)\n") + if $missing; +} +if (defined $php) { + my @exts = qx{egrep ^extension= /etc/$php/apache2/php.ini /etc/$php/apache2/conf.d/* 2>/dev/null}; + if (scalar @exts) { + chomp @exts; + @exts = grep { ! m{\.dpkg-(?:bak|dist):} } @exts; + @exts = sort grep { s{^.*:extension=(\S+)\.\S+}{$1} } @exts; + print $out "List of enabled $php extensions:\n"; + print $out wrap(" ", " ", "@exts\n"); + } +} + --- apache2-2.2.16.orig/debian/apache2.2-common.manpages +++ apache2-2.2.16/debian/apache2.2-common.manpages @@ -0,0 +1,7 @@ +debian/a2enmod.8 +debian/a2dismod.8 +debian/apache2.8 +debian/apachectl.8 +debian/apache2ctl.8 +debian/a2ensite.8 +debian/a2dissite.8 --- apache2-2.2.16.orig/debian/checkgid.8 +++ apache2-2.2.16/debian/checkgid.8 @@ -0,0 +1,36 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH CHECKGID 8 "November 3rd, 2001" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +checkgid \- checks the gid +.SH SYNOPSIS +.B checkgid group +.SH DESCRIPTION +This manual page documents briefly the +.B checkgid +command. +.PP +.\" TeX users may be more comfortable with the \fB\fP and +.\" \fI\fP escape sequences to invode bold face and italics, +.\" respectively. +\fBcheckgid\fP is a program that checks whether it can setgid to the group +specified. This is to see if it is a valid group for apache2 to use at runtime. +If the user (should be run as superuser) is in that group, or can setgid to it, +it will return 0. +.SH AUTHOR +This manual page was written by Daniel Stone for the Debian +GNU/Linux distribution, as the original did not have a manpage. --- apache2-2.2.16.orig/debian/mpms.lintian-overrides +++ apache2-2.2.16/debian/mpms.lintian-overrides @@ -0,0 +1,2 @@ +binary-without-manpage usr/sbin/apache2 +debug-package-should-be-named-dbg usr/lib/debug/usr/ --- apache2-2.2.16.orig/debian/apache2.2-common.bug-control +++ apache2-2.2.16/debian/apache2.2-common.bug-control @@ -0,0 +1 @@ +package-status: apache2-mpm-prefork apache2-mpm-worker apache2-mpm-event apache2-mpm-itk --- apache2-2.2.16.orig/debian/apache2-suexec.install +++ apache2-2.2.16/debian/apache2-suexec.install @@ -0,0 +1,2 @@ +usr/sbin/suexec usr/lib/apache2 +usr/share/man/man8/suexec.8 --- apache2-2.2.16.orig/debian/rules +++ apache2-2.2.16/debian/rules @@ -0,0 +1,338 @@ +#! /usr/bin/make -f + +# Code for httpd 2.1, based on apache2 and others. +# Copyright (C) Canonical Ltd, 2005 + +export DEB_BUILD_OPTIONS +export DH_OPTIONS + +SHELL := sh -e + +#enable dpatch +include /usr/share/dpatch/dpatch.make + +# These are used for cross-compiling and for saving the configure script +# # from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +LSB_RELEASE := $(shell lsb_release -i -s) + +CONFFLAGS += ac_cv_prog_AWK=mawk ac_cv_prog_LYNX_PATH=www-browser + +AP2_COMMON_CONFARGS = --enable-layout=Debian --enable-so \ + --with-program-name=apache2 \ + --with-ldap=yes --with-ldap-include=/usr/include \ + --with-ldap-lib=/usr/lib \ + --with-suexec-caller=www-data \ + --with-suexec-bin=/usr/lib/apache2/suexec \ + --with-suexec-docroot=/var/www \ + --with-suexec-userdir=public_html \ + --with-suexec-logfile=/var/log/apache2/suexec.log \ + --with-suexec-uidmin=100 \ + --enable-suexec=shared \ + --enable-log-config=static --enable-logio=static \ + --with-apr=/usr/bin/apr-1-config \ + --with-apr-util=/usr/bin/apu-1-config \ + --with-pcre=yes \ + --enable-pie + +AP2_MODS_CONFARGS = --enable-authn-alias=shared --enable-authnz-ldap=shared \ + --enable-disk-cache=shared --enable-cache=shared \ + --enable-mem-cache=shared --enable-file-cache=shared \ + --enable-cern-meta=shared --enable-dumpio=shared --enable-ext-filter=shared \ + --enable-charset-lite=shared --enable-cgi=shared \ + --enable-dav-lock=shared --enable-log-forensic=shared \ + --enable-ldap=shared --enable-proxy=shared \ + --enable-proxy-connect=shared --enable-proxy-ftp=shared \ + --enable-proxy-http=shared --enable-proxy-ajp=shared \ + --enable-proxy-scgi=shared \ + --enable-proxy-balancer=shared --enable-ssl=shared \ + --enable-authn-dbm=shared --enable-authn-anon=shared \ + --enable-authn-dbd=shared --enable-authn-file=shared \ + --enable-authn-default=shared --enable-authz-host=shared \ + --enable-authz-groupfile=shared --enable-authz-user=shared \ + --enable-authz-dbm=shared --enable-authz-owner=shared \ + --enable-authnz-ldap=shared --enable-authz-default=shared \ + --enable-auth-basic=shared --enable-auth-digest=shared \ + --enable-dbd=shared --enable-deflate=shared \ + --enable-include=shared --enable-filter=shared \ + --enable-env=shared --enable-mime-magic=shared \ + --enable-expires=shared --enable-headers=shared \ + --enable-ident=shared --enable-usertrack=shared \ + --enable-unique-id=shared --enable-setenvif=shared \ + --enable-version=shared --enable-status=shared \ + --enable-autoindex=shared --enable-asis=shared \ + --enable-info=shared --enable-cgid=shared \ + --enable-dav=shared --enable-dav-fs=shared \ + --enable-vhost-alias=shared --enable-negotiation=shared \ + --enable-dir=shared --enable-imagemap=shared \ + --enable-actions=shared --enable-speling=shared \ + --enable-userdir=shared --enable-alias=shared \ + --enable-rewrite=shared --enable-mime=shared \ + --enable-substitute=shared --enable-reqtimeout=shared + +AP2_CFLAGS = $(CFLAGS) -g -pipe -I/usr/include/xmltok -I/usr/include/openssl -Wall -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector +AP2_LDFLAGS = -Wl,--as-needed -Wl,-z,relro + +#support noopt building +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + AP2_CFLAGS += -O0 +else + AP2_CFLAGS += -O2 +endif + +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) +DEB_BUILD_STRIP = yes +endif + +ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + MAKEFLAGS += -j$(NUMJOBS) +endif + +BUILD=debian/build-tree +REALCURDIR=$(CURDIR) +INSTALL=/usr/bin/install + +clean: unpatch + dh_testdir + rm -rf $(BUILD) mpm-worker mpm-prefork mpm-event mpm-itk install + rm -rf debian/tmp-worker debian/tmp-prefork + dh_clean + +build: patch-stamp build-stamp +build-stamp: patch-stamp mpm-worker mpm-prefork mpm-event mpm-itk + for mpm in prefork event itk ; do \ + if ! diff -u $(BUILD)/$$mpm/mods.list $(BUILD)/worker/mods.list ; then \ + echo Different modules built into httpd binaries, will not proceed ;\ + exit 1 ;\ + fi \ + done + touch $@ + + +mpm-worker mpm-prefork mpm-event mpm-itk: mpm-%: patch-stamp mpm-%.scripts-stamp + dh_testdir + mkdir -p $(BUILD)/$* + # we don't want modifications done by itk outside of server/mpm/experimental/itk + # to appear in the other mpms. Therefore we copy the whole source tree. + set -ex ; \ + if [ $* = itk ] ; then \ + cp -a `find . -maxdepth 1 -mindepth 1 -not -name debian` $(BUILD)/$* ; \ + cd $(BUILD)/$* ; \ + mkdir server/mpm/experimental/itk/ ; \ + cp server/mpm/prefork/* server/mpm/experimental/itk/ ; \ + mv server/mpm/experimental/itk/prefork.c server/mpm/experimental/itk/itk.c ; \ + \ + for PATCH in `tail -n +2 ../../mpm-itk/patches/series`; do \ + echo Applying $$PATCH ... ; \ + patch -p1 < ../../mpm-itk/patches/$$PATCH ; \ + echo ; \ + done ; \ + \ + autoheader ; \ + autoconf ; \ + CONFIGURE=./configure ; \ + else \ + cd $(BUILD)/$* ; \ + CONFIGURE="$(REALCURDIR)/configure --srcdir=$(REALCURDIR)" ; \ + fi ; \ + if [ $* = worker ] ; then \ + ENABLE_MODULES="$(AP2_MODS_CONFARGS)" ; \ + else \ + ENABLE_MODULES=--enable-modules=none ; \ + fi ; \ + CFLAGS="$(AP2_CFLAGS)" LDFLAGS="$(AP2_LDFLAGS)" $(CONFFLAGS) $$CONFIGURE \ + $(AP2_COMMON_CONFARGS) $$ENABLE_MODULES --with-mpm=$* ; \ + $(MAKE) ; \ + ./apache2 -l |grep -v $* > mods.list + touch $@ + +mpm-%.scripts-stamp: debian/mpms.postinst debian/mpms.preinst debian/mpms.prerm debian/mpms.lintian-overrides debian/mpms.dirs debian/mpms.links + for f in postinst preinst prerm links dirs ; do \ + perl -p -e "s/MPMXXX/$*/g" < debian/mpms.$$f > debian/apache2-mpm-$*.$$f ;\ + done + perl -p -e "s/^/apache2-mpm-$*: /" < debian/mpms.lintian-overrides > debian/apache2-mpm-$*.lintian-overrides + touch $@ + +install-worker: mpm-worker + dh_testdir + dh_testroot + # force one process since mkdir.sh used by 'make install' is not reliable otherwise + cd $(BUILD)/worker ;\ + $(MAKE) DESTDIR=$(REALCURDIR)/debian/tmp -j 1 install + for m in logresolve ab; do d=$(REALCURDIR)/debian/tmp/usr/share/man/ ;\ + perl -p -e 's/^([.]TH.*?) 8 (.*)/$$1 1 $$2/' < $$d/man8/$$m.8 > $$d/man1/$$m.1 ;\ + done + ln -sf tmp debian/tmp-worker + +install-prefork: mpm-prefork + dh_testdir + dh_testroot + # force one process since mkdir.sh used by 'make install' is not reliable otherwise + cd $(BUILD)/prefork ;\ + $(MAKE) DESTDIR=$(REALCURDIR)/debian/tmp-prefork -j 1 install + +install-dev: install-worker install-prefork + dh_testdir + dh_testroot + dh_installdirs + for i in worker prefork; do \ + if [ "$$i" = "prefork" ]; then \ + TARGET=prefork ;\ + else \ + TARGET=threaded ;\ + fi ;\ + cp debian/tmp-$$i/usr/include/apache2/* debian/apache2-$$TARGET-dev/usr/include/apache2/ ;\ + cp debian/tmp-$$i/usr/share/apache2/build/* debian/apache2-$$TARGET-dev/usr/share/apache2/build/ ;\ + cp $(BUILD)/$$i/support/apxs debian/apache2-$$TARGET-dev/usr/bin/apxs2 ;\ + perl -p -e s/^P=apache2/P=apache2-$${TARGET}-dev/ < debian/apache2.postinst > debian/apache2-$${TARGET}-dev.postinst ;\ + done +# Clean up config_vars.mk + set -x ; for i in threaded prefork; do \ + ( cd debian/apache2-$$i-dev/usr/share/apache2/build/ ; \ + grep -v -E '(^|_)(CPP|C)FLAGS' config_vars.mk > tmp_config_vars.mk ; \ + printf "CPPFLAGS = %s\n" "`grep -E '(^|_)(CPPFLAGS|INCLUDES)' config_vars.mk | cut -d= -f 2- | tr ' ' '\n' | grep -E '^-([DI]|pthread)' | sort | uniq | tr '\n' ' '`" >> tmp_config_vars.mk ; \ + printf "CFLAGS = %s\n" "`grep -E '(^|_)(CPPFLAGS|CFLAGS|INCLUDES)' config_vars.mk | cut -d= -f 2- | tr ' ' '\n' | grep -E '^-(D|I/|pthread)' | sort | uniq | tr '\n' ' '`" >> tmp_config_vars.mk ; \ + printf "NOTEST_CPPFLAGS = \n" >> tmp_config_vars.mk ; \ + printf "EXTRA_CPPFLAGS = \n" >> tmp_config_vars.mk ; \ + printf "EXTRA_CFLAGS = \n" >> tmp_config_vars.mk ; \ + mv tmp_config_vars.mk config_vars.mk ) ; \ + done + +install: build install-dev + dh_testroot + dh_testdir + dh_installdirs + + #cleanup of death + rm -rf debian/tmp/etc/apache2/original + rm -rf debian/tmp/usr/include + rm -rf debian/tmp/usr/share/apache2/build + rm -f debian/tmp/usr/share/man/man8/httpd.8 # We install our own + rm -f debian/tmp/usr/sbin/apxs debian/tmp/usr/sbin/apache2 debian/tmp/usr/sbin/apachectl + + # DO NOT FALL FOR THE TEMPTATION TO MV INTO PACKAGES OR DOOM + # WILL FIND YOU. Use dh_install, this is just because dh_install + # can't rename files + + mv debian/tmp/usr/share/man/man8/apxs.8 debian/tmp/usr/share/man/man8/apxs2.8 + mv debian/tmp/usr/share/man/man8/apachectl.8 debian/tmp/usr/share/man/man8/apache2ctl.8 + mkdir -p debian/tmp/usr/share/apache2/icons/ + for i in `ls debian/icons/ | cut -d. -f1,2`; do \ + uudecode -o debian/tmp/usr/share/apache2/icons/$$i debian/icons/$$i".uue"; \ + done + + dh_install --list-missing + + cp debian/bash_completion debian/apache2.2-common/etc/bash_completion.d/apache2.2-common + + # standard suexec + chmod 4754 debian/apache2-suexec/usr/lib/apache2/suexec + chgrp www-data debian/apache2-suexec/usr/lib/apache2/suexec + + chmod 644 debian/apache2.2-bin/usr/lib/apache2/modules/mod_suexec.so + + # configurable suexec + cp debian/build-tree/worker/support/suexec-custom debian/apache2-suexec-custom/usr/lib/apache2/suexec + cp debian/suexec-custom.config debian/apache2-suexec-custom/etc/apache2/suexec/www-data + chmod 4754 debian/apache2-suexec-custom/usr/lib/apache2/suexec + chgrp www-data debian/apache2-suexec-custom/usr/lib/apache2/suexec + + cp debian/apache2-doc.conf debian/apache2-doc/etc/apache2/conf.d/apache2-doc + grep -rl apachectl debian/apache2-doc/usr/share/doc/apache2-doc/manual | xargs perl -p -i -e 's/apachectl(?!\.html)/apache2ctl/g' + # remove content negotiation + mv debian/apache2-doc/usr/share/doc/apache2-doc/manual \ + debian/apache2-doc/usr/share/doc/apache2-doc/manual.orig + perl debian/convert_docs debian/apache2-doc/usr/share/doc/apache2-doc/manual.orig \ + debian/apache2-doc/usr/share/doc/apache2-doc/manual + mv debian/apache2-doc/usr/share/doc/apache2-doc/manual.orig/images \ + debian/apache2-doc/usr/share/doc/apache2-doc/manual.orig/style \ + debian/apache2-doc/usr/share/doc/apache2-doc/manual + rmdir debian/apache2-doc/usr/share/doc/apache2-doc/manual/style/lang + rmdir debian/apache2-doc/usr/share/doc/apache2-doc/manual/style/xsl/util + rmdir debian/apache2-doc/usr/share/doc/apache2-doc/manual/style/xsl + rm -r debian/apache2-doc/usr/share/doc/apache2-doc/manual.orig + + cp debian/logrotate debian/apache2.2-common/etc/logrotate.d/apache2 + cp debian/default-index.html debian/apache2.2-common/usr/share/apache2/default-site/index.html + + for i in worker prefork event itk; do \ + install -m 755 $(BUILD)/$$i/apache2 debian/apache2.2-bin/usr/lib/apache2/mpm-$$i/apache2 ;\ + done + + for pkg in `awk '/^Package:/ { print $$2 }' debian/control`; do \ + find debian/$$pkg/ -name .svn -exec rm -rf {} + ; \ + done + + dh_installdocs debian/README.backtrace -papache2.2-bin + dh_installdocs debian/README.backtrace debian/README.multiple-instances -papache2.2-common + dh_installdocs -Napache2.2-common -Napache2.2-bin + cp debian/README.Debian debian/apache2-doc/usr/share/doc/apache2-doc/ + dh_installman + dh_bugfiles + dh_installinit --no-start -r --name=apache2 -- defaults 91 09 + dh_installcron --name=apache2 + dh_installchangelogs CHANGES -Napache2-suexec -Napache2-suexec-custom -Napache2 + dh_installchangelogs -papache2-suexec -papache2-suexec-custom -papache2 + dh_lintian + rm -f debian/apache2.2-bin/usr/share/doc/apache2.2-bin/NEWS.Debian + rm -f debian/apache2-utils/usr/share/doc/apache2-utils/NEWS.Debian + + dh_strip --dbg-package=apache2-dbg -Napache2-dbg -Xusr/lib/apache2/mpm + if [ "$(LSB_RELEASE)" != "Ubuntu" ] && [ -n "$(DEB_BUILD_STRIP)" ] ; then \ + for i in worker prefork event itk; do \ + MPM=usr/lib/apache2/mpm-$$i/apache2 ;\ + objcopy --only-keep-debug $(BUILD)/$$i/apache2 \ + debian/apache2-dbg/usr/lib/debug/$$MPM-mpm-$$i ;\ + chmod 644 debian/apache2-dbg/usr/lib/debug/$$MPM-mpm-$$i ;\ + strip --remove-section=.comment --remove-section=.note --strip-unneeded \ + debian/apache2.2-bin/$$MPM ;\ + objcopy --add-gnu-debuglink=debian/apache2-dbg/usr/lib/debug/$$MPM-mpm-$$i \ + debian/apache2.2-bin/$$MPM ;\ + done ;\ + fi + + cp debian/mpm-itk/README debian/apache2.2-common/usr/share/doc/apache2.2-common/README.mpm-itk + cp debian/mpm-itk/CHANGES debian/apache2.2-common/usr/share/doc/apache2.2-common/changelog.mpm-itk + cp debian/mpm-itk/debian/changelog debian/apache2.2-common/usr/share/doc/apache2.2-common/changelog.mpm-itk.Debian + for p in apache2-prefork-dev apache2-threaded-dev apache2-mpm-prefork apache2-mpm-event \ + apache2-mpm-worker apache2-mpm-itk apache2; \ + do \ + rm -rf debian/$$p/usr/share/doc/$$p ;\ + ln -s apache2.2-common debian/$$p/usr/share/doc/$$p ;\ + done + rm -rf debian/apache2-dbg/usr/share/doc/apache2-dbg + ln -s apache2.2-bin debian/apache2-dbg/usr/share/doc/apache2-dbg + dh_link + dh_installexamples + dh_compress + dh_fixperms -Xsuexec + chown -R www-data:www-data debian/apache2.2-common/var/cache/apache2 + chown root:adm debian/apache2.2-common/var/log/apache2 + chmod o-rx debian/apache2.2-common/var/log/apache2 + + touch $@ + +binary-indep: install + dh_installdeb -i + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i + +binary-arch: install + dh_makeshlibs -a -V + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + if [ "$(LSB_RELEASE)" = "Ubuntu" ]; then \ + rm -rf debian/apache2-dbg; \ + sed -i '/apache2-dbg/d' debian/files; \ + dh_builddeb -a -Napache2-dbg; \ + else \ + dh_builddeb -a; \ + fi + +binary: binary-arch binary-indep --- apache2-2.2.16.orig/debian/README.multiple-instances +++ apache2-2.2.16/debian/README.multiple-instances @@ -0,0 +1,104 @@ +Setup +===== + +The scripts apache2ctl, a2enmod, a2ensite, ... and the init script have some +support for handling multiple instances of apache2 running on the same machine. + +The basic idea is to copy /etc/apache2 to /etc/apache2-xxx. An example script +that demonstrates what else needs to be done can be found in +/usr/share/doc/apache2.2-common/examples/setup-instance. Use with: + + sh /usr/share/doc/apache2.2-common/examples/setup-instance xxx + +Adjust the configuration in /etc/apache2-xxx, especially the listen ports in +ports.conf and in the virtual host directives in +/etc/apache2-xxx/sites-enabled/*. + +You can then use a2enmod-xxx, /etc/init.d/apache2-xxx, ... as usual, and they +will affect the new instance of apache2. + +To start the new apache2 instance on boot, use +- if you use dependency based boot sequence (the default): + If you don't have ssl keys with passphrases, you may want to set + 'X-Interactive: false' in /etc/init.d/apache2-xxx to reduce boot time. + Then execute: + insserv apache2-xxx +- otherwise: + ln -s ../init.d/apache2-xxx /etc/rc2.d/S80apache2-xxx + +To make 'apache2ctl-xxx status' work, you need to set APACHE_STATUSURL in +/etc/apache2-xxx/envvars. + + +Upgrades +======== + +Since only the configuration files in /etc/apache2 are in the package, the +configuration of other instances won't change if the default configuration +changes. Possibly ways to deal with this are: + +- Use symlinks to the files in /etc/apache2 where possible instead of copying + the files. +- Don't modify /etc/apache2 at all but use it to track the default + configuration. You can then merge the changes into the /etc/apache2-xxx dirs. + It may be a good idea to use a version control system for /etc/apache2 to + keep track of the changes. See the package etckeeper for keeping the whole + /etc dir under version control. + An advanced scheme may be for every /etc/apache2* dir to be a separate git + repository so that you can easily pull/push changes from one dir to another. + + +Package removal +=============== + +The Apache 2 package will only remove the default configuration files and +directories. + + +Configuration +============= + +The init script will try to read /etc/defaults/apache2-xxx. If that does not +exist, it will use /etc/defaults/apache2 instead. + +The following environment variables can be used to influence the scripts. The +default apache2 configuration will make use of them, too. Most can be set in +/etc/apache2-xxx/envvars. Variables set in /etc/apache2-xxx/envvars must be +exported. + +variable default value +-------- ------------- +APACHE_CONFDIR /etc/apache2 or /etc/apache2-xxx +APACHE_ENVVARS $APACHE_CONFDIR/envvars +APACHE_HTTPD /usr/sbin/apache2 +APACHE_ARGUMENTS empty if $APACHE_CONFDIR = /etc/apache2 + "-d $APACHE_CONFDIR" otherwise + +APACHE_RUN_USER www-data +APACHE_RUN_GROUP www-data + +APACHE_PID_FILE /var/run/apache2.pid or /var/run/apachd2-xxx.pid +APACHE_RUN_DIR /var/run/apache2 or /var/run/apache2-xxx +APACHE_LOCK_DIR /var/lock/apache2 or /var/lock/apache2-xxx +APACHE_LOG_DIR /var/log/apache2 or /var/log/apache2-xxx + +APACHE_MODS_AVAILABLE $APACHE_CONFDIR/mods-available +APACHE_MODS_ENABLED $APACHE_CONFDIR/mods-enabled +APACHE_SITES_AVAILABLE $APACHE_CONFDIR/sites-available +APACHE_SITES_ENABLED $APACHE_CONFDIR/sites-enabled + +APACHE_LYNX www-browser -dump +APACHE_STATUSURL http://localhost:80/server-status + + +MPMs +==== + +You can use different MPMs for different instances by setting APACHE_HTTPD to +one of /usr/lib/apache2/mpm-*/apache2. The MPM binaries are shipped in the +apache2.2-bin package, it is not necessary to have the apache2-mpm-* pacakges +installed for this to work. Those packages only provide the /usr/sbin/apache2 +symlink for the default MPM. + +Note that some modules like mod_php only work with the non-threaded MPMs +(prefork, itk). --- apache2-2.2.16.orig/debian/apache2.2-common.apache2.default +++ apache2-2.2.16/debian/apache2.2-common.apache2.default @@ -0,0 +1,26 @@ +### htcacheclean settings ### + +## run htcacheclean: yes, no, auto +## auto means run if /etc/apache2/mods-enabled/disk_cache.load exists +## default: auto +HTCACHECLEAN_RUN=auto + +## run mode: cron, daemon +## run in daemon mode or as daily cron job +## default: daemon +HTCACHECLEAN_MODE=daemon + +## cache size +HTCACHECLEAN_SIZE=300M + +## interval: if in daemon mode, clean cache every x minutes +HTCACHECLEAN_DAEMON_INTERVAL=120 + +## path to cache +## must be the same as in CacheRoot directive +HTCACHECLEAN_PATH=/var/cache/apache2/mod_disk_cache + +## additional options: +## -n : be nice +## -t : remove empty directories +HTCACHECLEAN_OPTIONS="-n" --- apache2-2.2.16.orig/debian/apache2.2-bin.manpages +++ apache2-2.2.16/debian/apache2.2-bin.manpages @@ -0,0 +1 @@ +debian/httxt2dbm.8 --- apache2-2.2.16.orig/debian/suexec-custom.config +++ apache2-2.2.16/debian/suexec-custom.config @@ -0,0 +1,7 @@ +/var/www +public_html/cgi-bin +# The first two lines contain the suexec document root and the suexec userdir +# suffix. If one of them is disabled by prepending a # character, suexec will +# refuse the corresponding type of request. +# This config file is only used by the apache2-suexec-custom package. See the +# suexec man page included in the package for more details. --- apache2-2.2.16.orig/debian/apache2.2-common.links +++ apache2-2.2.16/debian/apache2.2-common.links @@ -0,0 +1,4 @@ +usr/sbin/a2enmod usr/sbin/a2dismod +usr/sbin/a2enmod usr/sbin/a2ensite +usr/sbin/a2enmod usr/sbin/a2dissite +usr/sbin/apache2ctl usr/sbin/apachectl --- apache2-2.2.16.orig/debian/apache2-suexec-custom.manpages +++ apache2-2.2.16/debian/apache2-suexec-custom.manpages @@ -0,0 +1 @@ +debian/suexec.8 --- apache2-2.2.16.orig/debian/split-logfile.8 +++ apache2-2.2.16/debian/split-logfile.8 @@ -0,0 +1,21 @@ +.TH "SPLIT-LOGFILE" 8 "2009-12-06" "Apache HTTP Server" "split-logfile" + +.SH NAME +split-logfile - Split combined virtual hosts access log into one file per virtual host + +.SH "SYNOPSIS" + +.PP +\fBsplit-logfile\fR < \fIlogfile\fR + +.SH "SUMMARY" + +.PP +This script will take a combined Web server access log file and break its contents into separate files. +It assumes that the first field of each line is the virtual host identity (put there by "%v"), and that the logfiles should be named that+".log" in the current directory. + +The combined log file is read from stdin. +Records read will be appended to any existing log files. + +.SH "EXAMPLES" +split-logfile < /var/log/apache2/other_vhosts_access.log --- apache2-2.2.16.orig/debian/a2ensite.8 +++ apache2-2.2.16/debian/a2ensite.8 @@ -0,0 +1,70 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH A2ENSITE 8 "8 June 2007" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +a2ensite, a2dissite \- enable or disable an apache2 site / virtual host +.SH SYNOPSIS +.B a2ensite +.RI [ site ] +.PP +.B a2dissite +.RI [ site ] +.SH DESCRIPTION +This manual page documents briefly the +.B a2ensite +and +.B a2dissite +commands. +.PP +.B a2ensite +is a script that enables the specified site (which contains a block) within the +.B apache2 +configuration. It does this by creating symlinks within +.BR /etc/apache2/sites-enabled . +Likewise, +.B a2dissite +disables a site by removing those symlinks. It is not an error to +enable a site which is already enabled, or to disable one which is +already disabled. +.PP +The +.B default +site is handled specially: The resulting symlink will be called +.B 000-default +in order to be loaded first. +.SH EXAMPLES +.RS +.B "a2dissite default" +.RE +.PP +Disables the +.B default +site. +.SH FILES +.TP +.B /etc/apache2/sites-available +Directory with files giving information on available sites. +.TP +.B /etc/apache2/sites-enabled +Directory with links to the files in +.B sites-available +for enabled sites. +.SH "SEE ALSO" +.BR apache2ctl (8). +.SH AUTHOR +This manual page was written by Stefan Fritsch (based on the a2enmod manual +page by Daniel Stone ) for the Debian GNU/Linux distribution. --- apache2-2.2.16.orig/debian/apache2-doc.install +++ apache2-2.2.16/debian/apache2-doc.install @@ -0,0 +1,3 @@ +usr/share/apache2/default-site/htdocs/manual usr/share/doc/apache2-doc +usr/lib/cgi-bin/printenv usr/share/doc/apache2-doc/cgi-examples +usr/lib/cgi-bin/test-cgi usr/share/doc/apache2-doc/cgi-examples --- apache2-2.2.16.orig/debian/mpms.preinst +++ apache2-2.2.16/debian/mpms.preinst @@ -0,0 +1,30 @@ +#!/bin/sh -e + +#Debian preinstall handling for apache2 +# Thom May + +if [ "$2" ] && dpkg --compare-versions "$2" lt 2.2; then + if [ -x "/etc/init.d/apache2" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d apache2 stop || true + else + /etc/init.d/apache2 stop || true + fi + fi + chmod -x /usr/sbin/apache2 +fi + +case "$1" in + install) + rm -f /var/cache/apache2/reload + ;; + upgrade) + if [ -d /var/cache/apache2 ]; then + touch /var/cache/apache2/reload + fi + ;; + *) + ;; +esac + +#DEBHELPER# --- apache2-2.2.16.orig/debian/apache2-utils.manpages +++ apache2-2.2.16/debian/apache2-utils.manpages @@ -0,0 +1,3 @@ +debian/check_forensic.8 +debian/checkgid.8 +debian/split-logfile.8 --- apache2-2.2.16.orig/debian/apache2.2-common.dirs +++ apache2-2.2.16/debian/apache2.2-common.dirs @@ -0,0 +1,14 @@ +etc/apache2/mods-enabled +etc/apache2/sites-enabled +etc/apache2/conf.d +etc/bash_completion.d +etc/logrotate.d +usr/lib/cgi-bin +usr/share/apache2/build +usr/share/apache2/default-site +usr/share/bug/apache2.2-common +usr/share/lintian/overrides +var/cache/apache2 +var/cache/apache2/mod_disk_cache +var/log/apache2 +var/www --- apache2-2.2.16.orig/debian/apache2.monit +++ apache2-2.2.16/debian/apache2.monit @@ -0,0 +1,7 @@ +check process apache2 with pidfile /var/run/apache2.pid + group www + start program = "/etc/init.d/apache2 start" + stop program = "/etc/init.d/apache2 stop" + if failed host localhost port 80 + protocol HTTP request "/" then restart + if 5 restarts within 5 cycles then timeout --- apache2-2.2.16.orig/debian/apache2.bug-control +++ apache2-2.2.16/debian/apache2.bug-control @@ -0,0 +1 @@ +Submit-As: apache2.2-common --- apache2-2.2.16.orig/debian/check_forensic.8 +++ apache2-2.2.16/debian/check_forensic.8 @@ -0,0 +1,16 @@ +.TH check_forensic 8 +.SH NAME +check_forensic \- tool to extract mod_log_forensic output from apache log files +.SH SYNOPSIS +.B check_forensic + +.SH "DESCRIPTION" +chech_forensic is a simple shell script designed to help apache administrators +to extract mod_log_forensic output from apache2 log files. +It checks the forensic log for requests that did not complete +and outputs the request log for each one. +.PP +.SH AUTHOR +This manual page was written by Fabio M. Di Nitto +, for the Debian GNU/Linux system +(but may be used by others). --- apache2-2.2.16.orig/debian/apache2-suexec-custom.dirs +++ apache2-2.2.16/debian/apache2-suexec-custom.dirs @@ -0,0 +1,2 @@ +usr/lib/apache2 +etc/apache2/suexec --- apache2-2.2.16.orig/debian/README.backtrace +++ apache2-2.2.16/debian/README.backtrace @@ -0,0 +1,51 @@ +If apache crashes or freezes, it is helpful if you include a backtrace in the +bug report. + + + +In case of a crash, do the following: + +1) Install the packages apache2-dbg libapr1-dbg libaprutil1-dbg gdb. + +2) Add "CoreDumpDirectory /var/cache/apache2" to your apache configuration. + +3) Execute as root: + /etc/init.d/apache2 stop + ulimit -c unlimited + /etc/init.d/apache2 start + +4) Do whatever it takes to reproduce the crash. There should now be the file +/var/cache/apache2/core . + +5) If you use apache2-mpm-prefork, execute: + + gdb /usr/sbin/apache2 /var/cache/apache2/core + (gdb) bt full + ... + (gdb) quit + +If you use a threaded mpm, execute: + + gdb /usr/sbin/apache2 /var/cache/apache2/core + (gdb) thread apply all bt full + ... + (gdb) quit + +Include the backtrace in the bug report. + +6) Undo the change to your configuration, uninstall the debug packages, remove +/var/cache/apache2/core + + + +In case of a hanging process, you don't need a core dump and you can skip steps 2 and 3. + +4) Reproduce the problem. Get the pid of a hanging process. + +5) Start gdb with + + gdb -p pid + +and continue as described above. It may also be helpful to include the output of + + strace -p pid --- apache2-2.2.16.orig/debian/apache2.8 +++ apache2-2.2.16/debian/apache2.8 @@ -0,0 +1,81 @@ +.TH "APACHE2" 8 "2008-04-05" "Apache HTTP Server" "apache2" + +.SH NAME +apache2 \- Apache Hypertext Transfer Protocol Server +.SH "SYNOPSIS" +.PP +\fBapache2\fR [ -\fBd\fR \fIserverroot\fR ] [ -\fBf\fR \fIconfig\fR ] [ -\fBC\fR \fIdirective\fR ] [ -\fBc\fR \fIdirective\fR ] [ -\fBD\fR \fIparameter\fR ] [ -\fBe\fR \fIlevel\fR ] [ -\fBE\fR \fIfile\fR ] [ \fB-k\fR start|restart|graceful|stop|graceful-stop ] [ -\fBR\fR \fIdirectory\fR ] [ -\fBh\fR ] [ -\fBl\fR ] [ -\fBL\fR ] [ -\fBS\fR ] [ -\fBt\fR ] [ -\fBv\fR ] [ -\fBV\fR ] [ -\fBX\fR ] [ -\fBM\fR ] +.SH "SUMMARY" +.PP +apache2 is the Apache HyperText Transfer Protocol (HTTP) server program\&. It is designed to be run as a standalone daemon process\&. When used like this it will create a pool of child processes or threads to handle requests\&. +.PP +In general, apache2 should not be invoked directly, but rather should be +invoked via /etc/init.d/apache2 or apache2ctl\&. The default Debian +configuration requires environment variables that are defined in +/etc/apache2/envvars and are not available if apache2 is started directly. +However, apache2ctl can be used to pass arbitrary arguments to apache2. +.SH "DOCUMENTATION" +.PP +The full documentation is available in the apache2-doc package or at +http://httpd.apache.org/docs/2.2/ . Information about Debian specific changes +and configuration can be found in +/usr/share/doc/apache2.2-common/README.Debian.gz . +.SH "OPTIONS" +.TP +-d \fIserverroot\fR +Set the initial value for the ServerRoot directive to \fIserverroot\fR\&. This can be overridden by the ServerRoot directive in the configuration file\&. +.TP +-f \fIconfig\fR +Uses the directives in the file \fIconfig\fR on startup\&. If \fIconfig\fR does not begin with a /, then it is taken to be a path relative to the ServerRoot\&. The default is /etc/apache2/apache2\&.conf\&. +.TP +-k start|restart|graceful|stop|graceful-stop +Signals apache2 to start, restart, or stop\&. See Stopping Apache for more information\&. +.TP +-C \fIdirective\fR +Process the configuration \fIdirective\fR before reading config files\&. +.TP +-c \fIdirective\fR +Process the configuration \fIdirective\fR after reading config files\&. +.TP +-D \fIparameter\fR +Sets a configuration \fIparameter \fRwhich can be used with sections in the configuration files to conditionally skip or process commands at server startup and restart\&. +.TP +-e \fIlevel\fR +Sets the LogLevel to \fIlevel\fR during server startup\&. This is useful for temporarily increasing the verbosity of the error messages to find problems during startup\&. +.TP +-E \fIfile\fR +Send error messages during server startup to \fIfile\fR\&. +.TP +-R \fIdirectory\fR +When the server is compiled using the SHARED_CORE rule, this specifies the \fIdirectory\fR for the shared object files\&. +.TP +-h +Output a short summary of available command line options\&. +.TP +-l +Output a list of modules compiled into the server\&. This will \fBnot\fR list dynamically loaded modules included using the LoadModule directive\&. +.TP +-L +Output a list of directives together with expected arguments and places where the directive is valid\&. +.TP +-M +Dump a list of loaded Static and Shared Modules\&. +.TP +-S +Show the settings as parsed from the config file (currently only shows the virtualhost settings)\&. +.TP +-t +Run syntax tests for configuration files only\&. The program immediately exits after these syntax parsing tests with either a return code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error)\&. If -D \fIDUMP\fR_\fIVHOSTS \fRis also set, details of the virtual host configuration will be printed\&. If -D \fIDUMP\fR_\fIMODULES \fR is set, all loaded modules will be printed\&. +.TP +-v +Print the version of apache2, and then exit\&. +.TP +-V +Print the version and build parameters of apache2, and then exit\&. +.TP +-X +Run apache2 in debug mode\&. Only one worker will be started and the server will not detach from the console\&. +.SH SEE ALSO +.BR apache2ctl (8), +.BR /usr/share/doc/apache2.2-common/README.Debian.gz + --- apache2-2.2.16.orig/debian/compat +++ apache2-2.2.16/debian/compat @@ -0,0 +1 @@ +7 --- apache2-2.2.16.orig/debian/copyright +++ apache2-2.2.16/debian/copyright @@ -0,0 +1,546 @@ +This package was debianized by Thom May on +Tues, 8 Feb 2005 16:00:00 +0000. + +It was downloaded from http://httpd.apache.org/download.cgi + +Upstream Authors: + The Apache Software Foundation - http://httpd.apache.org + For apache2-mpm-itk: + Steinar H. Gunderson + Knut Auvor Grythe + +Copyright: + +Licensed to the Apache Software Foundation (ASF) under one or more contributor +license agreements. The ASF licenses this work to You under the Apache License, +Version 2.0 (the "License"); you may not use this work except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +On a Debian system, the license can be found at +/usr/share/common-licenses/Apache-2.0 . + +APACHE2-MPM-ITK: + +apache2-mpm-itk is copyright Steinar H. Gunderson +and Knut Auvor Grythe , and is provided under the same license +as the Apache web server. + +Get the latest version at http://mpm-itk.sesse.net/ . + +APACHE HTTP SERVER SUBCOMPONENTS: + +The Apache HTTP Server includes a number of subcomponents with +separate copyright notices and license terms. Your use of the source +code for the these subcomponents is subject to the terms and +conditions of the following licenses. + +For the mod_mime_magic component: + +/* + * mod_mime_magic: MIME type lookup via file magic numbers + * Copyright (c) 1996-1997 Cisco Systems, Inc. + * + * This software was submitted by Cisco Systems to the Apache Group in July + * 1997. Future revisions and derivatives of this source code must + * acknowledge Cisco Systems as the original contributor of this module. + * All other licensing and usage conditions are those of the Apache Group. + * + * Some of this code is derived from the free version of the file command + * originally posted to comp.sources.unix. Copyright info for that program + * is included below as required. + * --------------------------------------------------------------------------- + * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin. + * + * This software is not subject to any license of the American Telephone and + * Telegraph Company or of the Regents of the University of California. + * + * Permission is granted to anyone to use this software for any purpose on any + * computer system, and to alter it and redistribute it freely, subject to + * the following restrictions: + * + * 1. The author is not responsible for the consequences of use of this + * software, no matter how awful, even if they arise from flaws in it. + * + * 2. The origin of this software must not be misrepresented, either by + * explicit claim or by omission. Since few users ever read sources, credits + * must appear in the documentation. + * + * 3. Altered versions must be plainly marked as such, and must not be + * misrepresented as being the original software. Since few users ever read + * sources, credits must appear in the documentation. + * + * 4. This notice may not be removed or altered. + * ------------------------------------------------------------------------- + * + */ + +For the file /etc/apache2/magic (taken from the package file 4.17-5etch3): + +Copyright (c) Ian F. Darwin 1986, 1987, 1989, 1990, 1991, 1992, 1994, 1995. +Software written by Ian F. Darwin and others; +maintained 1994-2004 Christos Zoulas. + +This software is not subject to any export provision of the United States +Department of Commerce, and may be exported to any country or planet. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice immediately at the beginning of the file, without modification, + this list of conditions, and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + +For the modules\mappers\mod_imap.c component: + + "macmartinized" polygon code copyright 1992 by Eric Haines, erich@eye.com + +For the server\util_md5.c component: + +/************************************************************************ + * NCSA HTTPd Server + * Software Development Group + * National Center for Supercomputing Applications + * University of Illinois at Urbana-Champaign + * 605 E. Springfield, Champaign, IL 61820 + * httpd@ncsa.uiuc.edu + * + * Copyright (C) 1995, Board of Trustees of the University of Illinois + * + ************************************************************************ + * + * md5.c: NCSA HTTPd code which uses the md5c.c RSA Code + * + * Original Code Copyright (C) 1994, Jeff Hostetler, Spyglass, Inc. + * Portions of Content-MD5 code Copyright (C) 1993, 1994 by Carnegie Mellon + * University (see Copyright below). + * Portions of Content-MD5 code Copyright (C) 1991 Bell Communications + * Research, Inc. (Bellcore) (see Copyright below). + * Portions extracted from mpack, John G. Myers - jgm+@cmu.edu + * Content-MD5 Code contributed by Martin Hamilton (martin@net.lut.ac.uk) + * + */ + + +/* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */ +/* (C) Copyright 1993,1994 by Carnegie Mellon University + * All Rights Reserved. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without + * fee, provided that the above copyright notice appear in all copies + * and that both that copyright notice and this permission notice + * appear in supporting documentation, and that the name of Carnegie + * Mellon University not be used in advertising or publicity + * pertaining to distribution of the software without specific, + * written prior permission. Carnegie Mellon University makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied + * warranty. + * + * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE + * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore) + * + * Permission to use, copy, modify, and distribute this material + * for any purpose and without fee is hereby granted, provided + * that the above copyright notice and this permission notice + * appear in all copies, and that the name of Bellcore not be + * used in advertising or publicity pertaining to this + * material without the specific, prior written permission + * of an authorized representative of Bellcore. BELLCORE + * MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY + * OF THIS MATERIAL FOR ANY PURPOSE. IT IS PROVIDED "AS IS", + * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. + */ + +For the srclib\apr\include\apr_md5.h component: +/* + * This is work is derived from material Copyright RSA Data Security, Inc. + * + * The RSA copyright statement and Licence for that original material is + * included below. This is followed by the Apache copyright statement and + * licence for the modifications made to that material. + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + rights reserved. + + License to copy and use this software is granted provided that it + is identified as the "RSA Data Security, Inc. MD5 Message-Digest + Algorithm" in all material mentioning or referencing this software + or this function. + + License is also granted to make and use derivative works provided + that such works are identified as "derived from the RSA Data + Security, Inc. MD5 Message-Digest Algorithm" in all material + mentioning or referencing the derived work. + + RSA Data Security, Inc. makes no representations concerning either + the merchantability of this software or the suitability of this + software for any particular purpose. It is provided "as is" + without express or implied warranty of any kind. + + These notices must be retained in any copies of any part of this + documentation and/or software. + */ + +For the srclib\apr\passwd\apr_md5.c component: + +/* + * This is work is derived from material Copyright RSA Data Security, Inc. + * + * The RSA copyright statement and Licence for that original material is + * included below. This is followed by the Apache copyright statement and + * licence for the modifications made to that material. + */ + +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + rights reserved. + + License to copy and use this software is granted provided that it + is identified as the "RSA Data Security, Inc. MD5 Message-Digest + Algorithm" in all material mentioning or referencing this software + or this function. + + License is also granted to make and use derivative works provided + that such works are identified as "derived from the RSA Data + Security, Inc. MD5 Message-Digest Algorithm" in all material + mentioning or referencing the derived work. + + RSA Data Security, Inc. makes no representations concerning either + the merchantability of this software or the suitability of this + software for any particular purpose. It is provided "as is" + without express or implied warranty of any kind. + + These notices must be retained in any copies of any part of this + documentation and/or software. + */ +/* + * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0 + * MD5 crypt() function, which is licenced as follows: + * ---------------------------------------------------------------------------- + * "THE BEER-WARE LICENSE" (Revision 42): + * wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you think + * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp + * ---------------------------------------------------------------------------- + */ + +For the srclib\apr-util\crypto\apr_md4.c component: + + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + * rights reserved. + * + * License to copy and use this software is granted provided that it + * is identified as the "RSA Data Security, Inc. MD4 Message-Digest + * Algorithm" in all material mentioning or referencing this software + * or this function. + * + * License is also granted to make and use derivative works provided + * that such works are identified as "derived from the RSA Data + * Security, Inc. MD4 Message-Digest Algorithm" in all material + * mentioning or referencing the derived work. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + +For the srclib\apr-util\include\apr_md4.h component: + + * + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + * rights reserved. + * + * License to copy and use this software is granted provided that it + * is identified as the "RSA Data Security, Inc. MD4 Message-Digest + * Algorithm" in all material mentioning or referencing this software + * or this function. + * + * License is also granted to make and use derivative works provided + * that such works are identified as "derived from the RSA Data + * Security, Inc. MD4 Message-Digest Algorithm" in all material + * mentioning or referencing the derived work. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + + +For the srclib\apr-util\test\testdbm.c component: + +/* ==================================================================== + * The Apache Software License, Version 1.1 + * + * Copyright (c) 2000-2002 The Apache Software Foundation. All rights + * reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, + * if any, must include the following acknowledgment: + * "This product includes software developed by the + * Apache Software Foundation (http://www.apache.org/)." + * Alternately, this acknowledgment may appear in the software itself, + * if and wherever such third-party acknowledgments normally appear. + * + * 4. The names "Apache" and "Apache Software Foundation" must + * not be used to endorse or promote products derived from this + * software without prior written permission. For written + * permission, please contact apache@apache.org. + * + * 5. Products derived from this software may not be called "Apache", + * nor may "Apache" appear in their name, without prior written + * permission of the Apache Software Foundation. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * . + * + * This file came from the SDBM package (written by oz@nexus.yorku.ca). + * That package was under public domain. This file has been ported to + * APR, updated to ANSI C and other, newer idioms, and added to the Apache + * codebase under the above copyright and license. + */ + + +For the srclib\apr-util\test\testmd4.c component: + + * + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All + * rights reserved. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + +For the srclib\apr-util\xml\expat\conftools\install-sh component: + +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# + +For the srclib\pcre\install-sh component: + +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. + +For the pcre component: + +PCRE LICENCE +------------ + +PCRE is a library of functions to support regular expressions whose syntax +and semantics are as close as possible to those of the Perl 5 language. + +Written by: Philip Hazel + +University of Cambridge Computing Service, +Cambridge, England. Phone: +44 1223 334714. + +Copyright (c) 1997-2001 University of Cambridge + +Permission is granted to anyone to use this software for any purpose on any +computer system, and to redistribute it freely, subject to the following +restrictions: + +1. This software is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +2. The origin of this software must not be misrepresented, either by + explicit claim or by omission. In practice, this means that if you use + PCRE in software which you distribute to others, commercially or + otherwise, you must put a sentence like this + + Regular expression support is provided by the PCRE library package, + which is open source software, written by Philip Hazel, and copyright + by the University of Cambridge, England. + + somewhere reasonably visible in your documentation and in any relevant + files or online help data or similar. A reference to the ftp site for + the source, that is, to + + ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ + + should also be given in the documentation. + +3. Altered versions must be plainly marked as such, and must not be + misrepresented as being the original software. + +4. If PCRE is embedded in any software that is released under the GNU + General Purpose Licence (GPL), or Lesser General Purpose Licence (LGPL), + then the terms of that licence shall supersede any condition above with + which it is incompatible. + +The documentation for PCRE, supplied in the "doc" directory, is distributed +under the same terms as the software itself. + +End PCRE LICENCE + +Note: The various versions of the GPL and the LGPL can be found in +/usr/share/common-licenses/. + +For the test\zb.c component: + +/* ZeusBench V1.01 + =============== + +This program is Copyright (C) Zeus Technology Limited 1996. + +This program may be used and copied freely providing this copyright notice +is not removed. + +This software is provided "as is" and any express or implied waranties, +including but not limited to, the implied warranties of merchantability and +fitness for a particular purpose are disclaimed. In no event shall +Zeus Technology Ltd. be liable for any direct, indirect, incidental, special, +exemplary, or consequential damaged (including, but not limited to, +procurement of substitute good or services; loss of use, data, or profits; +or business interruption) however caused and on theory of liability. Whether +in contract, strict liability or tort (including negligence or otherwise) +arising in any way out of the use of this software, even if advised of the +possibility of such damage. + + Written by Adam Twiss (adam@zeus.co.uk). March 1996 + +Thanks to the following people for their input: + Mike Belshe (mbelshe@netscape.com) + Michael Campanella (campanella@stevms.enet.dec.com) + +*/ + +For the expat xml parser component: + +Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd + and Clark Cooper + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +==================================================================== + +OpenDocument icons: +------------------- + +These icons are copyright of Pete Harlow and licensed under the Apache +license. See +https://bugs.edge.launchpad.net/ubuntu/+source/apache2/+bug/130836 +http://www.catnip.co.uk/opendocument/icons/#apache --- apache2-2.2.16.orig/debian/changelog +++ apache2-2.2.16/debian/changelog @@ -0,0 +1,2743 @@ +apache2 (2.2.16-6+squeeze12) squeeze; urgency=medium + + * Security: CVE-2013-1862: mod_rewrite: Ensure that client data written to + the RewriteLog is escaped to prevent terminal escape sequences from + entering the log file. Closes: #722333 + * Security: CVE-2013-1896: mod_dav: denial of service via MERGE request. + Closes: #717272 + * mod_dav: Fix segfaults in certain error conditions. + https://issues.apache.org/bugzilla/show_bug.cgi?id=52559 + + -- Stefan Fritsch Tue, 28 Jan 2014 22:48:05 +0100 + +apache2 (2.2.16-6+squeeze11) squeeze-security; urgency=high + + * CVE-2013-1048: Fix symlink vulnerability when creating /var/lock/apache2 + * CVE-2012-3499, CVE-2012-4558: Fix XSS flaws in various modules. + + -- Stefan Fritsch Sun, 03 Mar 2013 12:25:22 +0100 + +apache2 (2.2.16-6+squeeze10) squeeze-security; urgency=low + + [ Arno Töll ] + * Backport disable-ssl-compression.patch from Wheezy. This patch disabled + SSL compression upon request by introducing a "Compression on|off" + directive to mod_ssl. This is to mitigate impact of CRIME attacks to SSL - + which is a browser issue, however. + See also Debian bug #674142 and #689936. + + [ Stefan Fritsch ] + * CVE-2012-4557: mod_proxy_ajp: Remote denial of service (temporary, until + mod_proxy_ajp's retry timeout expired). + + -- Stefan Fritsch Fri, 30 Nov 2012 09:26:36 +0100 + +apache2 (2.2.16-6+squeeze8) squeeze; urgency=low + + * CVE-2012-2687: mod_negotiation: Escape filenames in variant list to + prevent a possible XSS vulnerability for a site where untrusted users + can upload files to a location with MultiViews enabled. + * Send 408 status instead of 400 if reading of a request fails with a + timeout. This allows browsers to retry. Closes: #677086 + * mod_cache: Prevent Partial Content responses from being cached and served + as normal response. Closes: #671204 + * mpm_itk: Fix an issue where users can sometimes get spurious 403s on + persistent connections. Closes: #672333 + + -- Stefan Fritsch Sun, 09 Sep 2012 23:08:04 +0200 + +apache2 (2.2.16-6+squeeze7) squeeze-security; urgency=high + + * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual + hosts' config files. + If scripting modules like mod_php or mod_rivet are enabled on systems + where either 1) some frontend server forwards connections to an apache2 + backend server on the localhost address, or 2) the machine running + apache2 is also used for web browsing, this could allow a remote + attacker to execute example scripts stored under /usr/share/doc. + Depending on the installed packages, this could lead to issues like cross + site scripting, code execution, or leakage of sensitive data. + + -- Stefan Fritsch Sun, 01 Apr 2012 00:20:48 +0200 + +apache2 (2.2.16-6+squeeze6) squeeze-security; urgency=high + + * Rebuild with distribution set to squeeze-security. + + -- Stefan Fritsch Sun, 05 Feb 2012 21:58:00 +0100 + +apache2 (2.2.16-6+squeeze5) squeeze; urgency=high + + * Prevent unintended pattern expansion in some reverse proxy + configurations by strictly validating the request-URI. Fixes + CVE-2011-3368, CVE-2011-3639, CVE-2011-4317. + * CVE-2011-3607: Fix integer overflow in ap_pregsub(), which allowed local + privilege escalation. + * CVE-2012-0031: Fix client process being able to crash parent process + during shutdown. + * CVE-2012-0053: Fix an issue in code 400 error responses that could expose + "httpOnly" cookies. + + -- Stefan Fritsch Sat, 04 Feb 2012 17:54:54 +0100 + +apache2 (2.2.16-6+squeeze4) squeeze; urgency=low + + * Fix CVE-2011-3348: Possible denial of service in mod_proxy_ajp + if combined with mod_proxy_balancer. + * Make exit code of '/etc/init.d/apache2 status' more LSB compatible. + Closes: #613969 + * Fix typo in init script. Closes: #615866 + * For multiple instance setups, correctly determine the config dir in the + init script if it is called via a start/stop link. Closes: #627061 + * Add hint in README.Debian about 403 error with mod_dav PUT. + Closes: #613438 + * Add hint in README.Debian about how to increase max number of open + files. Closes: #615632 + * Make it clear in README.multiple-instances that the MPMs are shipped + in the apache2.2-bin package. + * Tweak patch header to fix "dpatch unapply" with unstable's patch/dpatch. + + -- Stefan Fritsch Mon, 26 Sep 2011 00:12:23 +0200 + +apache2 (2.2.16-6+squeeze3) squeeze-security; urgency=high + + * Fix regressions related to range requests introduced by 2.2.16-6+squeeze2. + Closes: #639825 + + -- Stefan Fritsch Sun, 04 Sep 2011 22:24:42 +0200 + +apache2 (2.2.16-6+squeeze2) squeeze-security; urgency=high + + * Fix CVE-2011-3192: DoS by high memory usage for a large number of + overlapping ranges. + + -- Stefan Fritsch Mon, 29 Aug 2011 20:23:01 +0200 + +apache2 (2.2.16-6+squeeze1) stable-security; urgency=high + + * Fix CVE-2011-1176 in apache2-mpm-itk: If NiceValue was set, the default + with no AssignUserID was to run as root:root instead of the default Apache + user and group. Closes: #618857 + + -- Stefan Fritsch Tue, 22 Mar 2011 21:44:39 +0100 + +apache2 (2.2.16-6) unstable; urgency=low + + * Also add $named to the secondary-init-script example. + + -- Stefan Fritsch Sat, 01 Jan 2011 22:55:15 +0100 + +apache2 (2.2.16-5) unstable; urgency=medium + + * Add $named to the init script dependency header, since apache depends on + DNS in some configurations. Closes: #608437 + * Update outdated description of /etc/apache2/magic in README.Debian. + Closes: #603586 + + -- Stefan Fritsch Fri, 31 Dec 2010 01:22:19 +0100 + +apache2 (2.2.16-4) unstable; urgency=medium + + * Increase the mod_reqtimeout default timeouts to avoid potential problems + with CRL-requesting browsers. Also extend the comments in reqtimeout.conf. + * Remove bogus comment in conf.d/security about default in the "release + after Lenny". + * Clarify comments in suexec-custom's default config file. LP: #673289 + + -- Stefan Fritsch Sun, 14 Nov 2010 19:05:55 +0100 + +apache2 (2.2.16-3) unstable; urgency=high + + * CVE-2010-1623: mod_reqtimeout: Fix potential DoS by high memory usage. + * Fix "Could not reliably determine the server's ..." error message in + README.Debian, to make it easier to search for it. Closes: #590528 + + -- Stefan Fritsch Sat, 09 Oct 2010 20:59:34 +0200 + +apache2 (2.2.16-2) unstable; urgency=low + + * Force -j1 for 'make install' to fix occasional FTBFS. Closes: #593036 + * Add a note about the new behaviour of SSL/TLS renegotiation and the new + directive SSLInsecureRenegotiation to NEWS.Debian. Closes: #593334 + * Support 'graceful' as alias for 'reload' in the init script. + * In README.Debian, suggest an Apache configuration change to get rid of the + "Could not reliably determine the server's fully qualified domain name" + warning, as alternative to changing DNS or /etc/hosts. Closes: #590528 + * Add notes to README.Debian on how to reduce memory usage. + * Bump Standards-Version (no changes). + + -- Stefan Fritsch Sun, 29 Aug 2010 15:29:21 +0200 + +apache2 (2.2.16-1) unstable; urgency=medium + + * Urgency medium for security fix. + * New upstream release: + - CVE-2010-1452: mod_dav, mod_cache: Fix denial of service vulnerability + due to incorrect handling of requests without a path segment. + - mod_dir: add FallbackResource directive, to enable admin to specify + an action to happen when a URL maps to no file, without resorting + to ErrorDocument or mod_rewrite + * Fix mod_ssl header line corruption because of using memcpy for overlapping + buffers. PR 45444. LP: #609290, #589611, #595116 + + -- Stefan Fritsch Sat, 24 Jul 2010 22:18:43 +0200 + +apache2 (2.2.15-6) unstable; urgency=low + + * Fix init script not correctly killing htcacheclean. Closes: #580971 + * Add a separate entry in README.Debian about the need to use apache2ctl + for starting instead of calling apache2 directly. Closes: #580445 + * Fix debug info to allow gdb loading it automatically. Closes: #581514 + * Fix install target in Makefile created by apxs2 -n. Closes: #588787 + * Fix ab sending more requests than specified by the -n parameter. + Closes: #541158 + * Add apache2 monit configuration to apache2.2-commons examples dir. + Closes: #583127 + * Build as PIE, since gdb in squeeze now supports it. + * Update the postrm script to also purge the version of /var/www/index.html + introduced in 2.2.11-7. + * Bump Standards-Version (no changes). + + -- Stefan Fritsch Fri, 16 Jul 2010 23:41:08 +0200 + +apache2 (2.2.15-5) unstable; urgency=low + + * Conflict with apache package as we now include apachectl. Closes: #579065 + * Remove conflicts with old apache 2.0 modules. The conflicts are not + necessary anymore as skipping a stable release is not supported anyway. + * Silence the grep in preinst. + + -- Stefan Fritsch Sun, 25 Apr 2010 10:46:09 +0200 + +apache2 (2.2.15-4) unstable; urgency=low + + * Move definition of other_vhosts_access.log to new config file + /etc/apache2/conf.d/other-vhosts-access-log, but disable it + if it has been disabled by the admin. Closes: #576572. LP: #507616 + * Comment out the contents of mods-available/proxy.conf, as it just + is a nuisance for use of apache2 as a reverse proxy, which is much + more common than the use as forward proxy. Extend the comments + in the file. + * Change defaults or add example configs for some modules: + status.conf: + - enable ExtendedStatus by default + - enable ProxyStatus by default + - document SeeRequestTail directive + proxy_ftp.conf: + - set 'ProxyFtpDirCharset UTF-8' by default + ldap.conf: + - enable /ldap-status page, allow it from localhost by default + proxy_balancer.conf: + - add (disabled) example for /balancer-manager page + ssl.conf: + - document SSLStrictSNIVHostCheck directive + * Add symlink from apachectl to apache2ctl to be more compatible with + upstream. Apache httpd 1.3 hasn't been in Debian for some time. + * Simplify logrotate script. Closes: #576105 + * Remove empty directory /usr/lib/debug/usr/sbin in mpm packages. + Closes: #576089 + * Fix apxs2 to work with perl 5.12rc3. Closes: #577239 + * Add source/format file to make lintian happy. + + -- Stefan Fritsch Tue, 20 Apr 2010 23:11:09 +0200 + +apache2 (2.2.15-3) unstable; urgency=low + + * mod_reqtimeout: backport bugfixes from upstream trunk up to r928881, + including a fix for mod_proxy CONNECT requests. + * mod_dav_fs: Use correct permissions when creating new files. LP: #540747 + + -- Stefan Fritsch Mon, 29 Mar 2010 22:16:24 +0200 + +apache2 (2.2.15-2) unstable; urgency=low + + * Make the Files ~ "^\.ht" block in apache2.conf more secure by adding + Satisfy all. Closes: #572075 + * mod_reqtimeout: Various bug fixes, including: + - Don't mess up timeouts of mod_proxy's backend connections. + Closes: #573163 + + -- Stefan Fritsch Wed, 10 Mar 2010 21:06:06 +0100 + +apache2 (2.2.15-1) unstable; urgency=low + + * New upstream version: + - CVE-2010-0408: mod_proxy_ajp: Fixes denial of service vulnerability + - CVE-2009-3555: mod_ssl: Improve the mitigation against SSL/TLS protocol + prefix injection attack. + - CVE-2010-0434: mod_headers: Fix potential information leak with threaded + MPMs. + - mod_reqtimeout: New module limiting the time waiting for receiving + a request from the client. This is a (partial) mitigation against + slowloris-type resource exhaustion attacks. The module is enabled by + default. Closes: #533661 + - mod_ssl: Add SSLInsecureRenegotiation directive to allows insecure + renegotiation with clients which do not yet support the secure + renegotiation protocol. As this requires openssl 0.9.8m, bump + build dependency accordingly. + * Fix bash completion for a2ensite if the site name contains 'conf' or + 'load'. Closes: #572232 + * Do a configcheck in the init script before doing a non-graceful restart. + Closes: #571461 + + -- Stefan Fritsch Sun, 07 Mar 2010 23:22:56 +0100 + +apache2 (2.2.14-7) unstable; urgency=low + + * Fix potential memory leaks related to the usage of apr_brigade_destroy(). + * Add hints about correct mod_dav_fs configuration to README.Debian. + Closes: #257945 + * Fix error in Polish translation of 404 error page. Closes: #570228 + * Document ThreadLimit in apache2.conf's comments. + + -- Stefan Fritsch Sat, 20 Feb 2010 12:38:30 +0100 + +apache2 (2.2.14-6) unstable; urgency=low + + * Use environment variables APACHE_RUN_DIR, APACHE_LOCK_DIR, and + APACHE_LOG_DIR in the default configuration. If you have modified + /etc/apache2/envvars, make sure that these variables are set and exported. + * Add support for multiple apache2 instances to initscript and apache2ctl. + See /usr/share/doc/apache2.2-common/README.multiple-instances for details. + Closes: #353450 + * Set default compiled-in ServerRoot to /etc/apache2 and make paths in + apache2.conf relative to ServerRoot. + * Move ab and logresolve from /usr/sbin to /usr/bin. Closes: #351450, #564061 + * Fix symlinks in apache2-dbg package. Closes: #567076 + * Fix mod_cache CacheIgnoreURLSessionIdentifiers handling. Closes: #556383 + * Add new init script action graceful-stop (LP: #456381) + * Add more languages to mime.conf. To limit this to useful entries, we only + add those for which a translation of the Debian intaller exists. LP: #217964 + * Unset $HOME in /etc/apache2/envvars. + * Change default config of mod_info and mod_status to use IP addresses + instead of hostnames. Otherwise the hostname is sometimes logged even with + 'HostnameLookup Off'. Closes: #568409 + * Add a hook to apache2.2-common's postrm script that may come in handy + when upgrading to 2.4. + * Make bug script also display php extensions. + * Bump Standards-Version (no changes). + * Remove Adam Conrad from Uploaders. Thanks for your work in the past. + + -- Stefan Fritsch Sun, 07 Feb 2010 17:29:45 +0100 + +apache2 (2.2.14-5) unstable; urgency=low + + * Security: Further mitigation for the TLS renegotation attack + (CVE-2009-3555): Disable keep-alive if parts of the next request have + already been received when doing a renegotiation. This defends against + some request splicing attacks. + * Print a useful error message if 'apache2ctl status' fails. Add a comment + to /etc/apache2/envvars on how to change the options for www-browser. + Closes: #561496, #272069 + * Improve function to detect apache2 pid in init-script (closes: #562583). + * Add hint README.Debian on how to pass auth info to CGI scripts. + Closes: #483219 + * Re-introduce objcopy magic to avoid dangling symlinks to the debug info + in the mpm packages. Closes: #563278 + * Make apxs2 use a2enmod and /etc/apache2/mods-available. Closes: #470178, + LP: #500703 + * Point to README.backtrace in apache2-dbg's description. + * Use more debhelper functions to simplify debian/rules. + * Add misc-depends to various packages to make lintian happy. + * Change build-dep from libcap2-dev to libcap-dev because of package rename. + + -- Stefan Fritsch Sat, 02 Jan 2010 22:44:15 +0100 + +apache2 (2.2.14-4) unstable; urgency=low + + * Disable localized error pages again by default because they break + configurations with " SetHandler ...". A workaround is + described in the comments in /etc/apache2/conf.d/localized-error-pages + (closes: #543333). + * mod_rewrite: Fix URLs in redirects with literal IPv6 hosts + (closes: #557015). + * Automatically listen on port 443 if mod_gnutls is loaded (closes: #558234). + * Add man page for split-logfile. + * Link with -lcrypt where necessary to fix a FTBFS with binutils-gold + (closes: #553946). + + -- Stefan Fritsch Sun, 13 Dec 2009 20:05:37 +0100 + +apache2 (2.2.14-3) unstable; urgency=low + + * Backport various mod_dav/mod_dav_fs fixes from upstream trunk svn. This + includes: + - Make PUT replace files atomically (closes: #525137). + - Make MOVE not delete the destination if the source file disappeared in + the meantime (closes: #273476). + NOTE: The format of the DavLockDB has changed. The default DavLockDB will + be deleted on upgrade. Non-default DavLockDBs should be deleted manually. + * Fix output of "/etc/init.d/apache2 status" (closes: #555687). + * Update the comment about SNI in ports.conf (closes: #556932). + * Set redirect-carefully for Konqueror/4. + + -- Stefan Fritsch Sat, 21 Nov 2009 10:20:54 +0100 + +apache2 (2.2.14-2) unstable; urgency=medium + + * Security: + Reject any client-initiated SSL/TLS renegotiations. This is a partial fix + for the TLS renegotiation prefix injection attack (CVE-2009-3555). + Any configuration which requires renegotiation for per-directory/location + access control is still vulnerable. + * Allow RemoveType to override the types from /etc/mime.types. This allows + to use .es and .tr for Spanish and Turkish files in mod_negotiation. + Closes: #496080 + * Fix 'CacheEnable disk http://'. Closes: #442266 + * Fix missing dependency by changing killall to pkill in the init script. + LP: #460692 + * Add X-Interactive header to init script as it may ask for the ssl key + passphrase. Closes: #554824 + * Move httxt2dbm man page into apache2.2-bin, which includes httxt2dbm, too. + * Enable keepalive for MSIE 7 and newer in default-ssl site and README.Debian + + -- Stefan Fritsch Sat, 07 Nov 2009 14:37:37 +0100 + +apache2 (2.2.14-1) unstable; urgency=low + + * New upstream version: + - new module mod_proxy_scgi + * Disable hardening option -pie again, as gdb in Debian does not support + it properly and it is broken on mips*. + + -- Stefan Fritsch Tue, 29 Sep 2009 20:55:05 +0200 + +apache2 (2.2.13-2) unstable; urgency=high + + * mod_proxy_ftp security fixes (closes: #545951): + - DoS by malicious ftp server (CVE-2009-3094) + - missing input sanitization: a user could execute arbitrary ftp commands + on the backend ftp server (CVE-2009-3095) + * Add entries to NEWS.Debian and README.Debian about Apache being stricter + about certain misconfigurations involving name based SSL virtual hosts. + Also make Apache print the location of the misconfigured VirtualHost when + it complains about a missing SSLCertificateFile statement. Closes: #541607 + * Add Build-Conflicts: autoconf2.13 (closes: #541536). + * Adjust priority of apache2-mpm-itk to extra. + * Switch apache2.2-common and the four mpm packages from architecture all to + any. This is stupid but makes apache2 binNMUable again (closes: #544509). + * Bump Standards-Version (no changes). + + -- Stefan Fritsch Wed, 16 Sep 2009 20:55:02 +0200 + +apache2 (2.2.13-1) unstable; urgency=low + + * New upstream release: + - Fixes segfault with mod_deflate and mod_php (closes: #542623). + + -- Stefan Fritsch Mon, 31 Aug 2009 20:28:56 +0200 + +apache2 (2.2.12-1) unstable; urgency=low + + * New upstream release: + - Adds support for TLS Server Name Indication (closes: #461917 LP: #184131). + (The Debian default configuration will be changed to use SNI in a later + version.) + - Fixes timefmt config in SSI (closes: #363964). + - mod_ssl: Adds SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives + to enable stricter checking of remote server certificates. + * Make mod_deflate not compress the content for HEAD requests. This is a + similar issue as CVE-2009-1891. + * Enable hardening compile options. + * Switch default LogFormat from %b (size of file sent) to %O (bytes actually + sent) (closes: #272476 LP: #255124) + * Add the default LANG=C to /etc/apache2/envvars and document it in + README.Debian (closes: #511878). + * Enable localized error pages by default if the necessary modules are + loaded. Move the config for it from apache2.conf to + /etc/apache2/conf.d/localized-error-pages (closes: #467004). Clarify the + required order of the aliases in the comment (closes: #196795). + * Change default for ServerTokens to 'OS', to not announce the exact module + versions to the world (LP: #205996) + * Make a2ensite and friends ignore the same filenames as apache does for + included config files, even if LANG is not C. + * Merge source packages apache2 and apache2-mpm-itk (current itk version is + 2.2.11-02). This removes the binNMU mess necessary for every apache2 upload + (closes: #500885, #512084). Add Steinar to Uploaders. Remove apache2-src + package, which is no longer necessary. + * Ship our own version of the magic config file (taken from file 4.17-5etch3) + which is still compatible with mod_mime_magic (closes: #483111). + * Add ThreadLimit to the default config and put ThreadsPerChild and + MaxClients into the correct order so that Apache does not complain + (closes: #495656). + Also add a configuration block for the event MPM in apache2.conf. + * Fix HTTP PUT with mod_dav failing to detect an aborted connection + (closes: #451563). + * Change references to httpd.conf in apache2-doc to apache2.conf + (closes: #465393). + * Clarify the recommended permissions for SSL certificates in README.Debian + (closes: #512778). + * Document in README.Debian how to name files in conf.d to avoid conflicts + with packages (closes: #493252) + * Remove 2.0 -> 2.2 upgrade logic from maintainer scripts. + * Remove other_vhosts_access.log on package purge. + + -- Stefan Fritsch Tue, 04 Aug 2009 11:02:34 +0200 + +apache2 (2.2.11-7) unstable; urgency=low + + * Security fixes: + - CVE-2009-1890: denial of service in mod_proxy + - CVE-2009-1891: denial of service in mod_deflate (closes: #534712) + * Add symlinks for the debug info to the mpm packages. + * Be slightly more informative in the default index.html without pointing + to Apache or Debian (LP: #89364) + * Remove dependency on net-tools, which is no longer necessary + (closes: #535849) + * Bump Standards-Version (no changes) + + -- Stefan Fritsch Fri, 10 Jul 2009 22:42:57 +0200 + +apache2 (2.2.11-6) unstable; urgency=high + + * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server + Side Includes (closes: #530834). + * Fix postinst scripts (closes: #532278). + + -- Stefan Fritsch Mon, 08 Jun 2009 19:22:58 +0200 + +apache2 (2.2.11-5) unstable; urgency=low + + * Move all binaries into a new package apache2.2-bin and make + apache2.2-common depend on it. This allows to + - run apache as user process only, e.g. with gnome-user-share. + Closes: #468690 + - run multiple instances of apache with different MPMs. This configuration + is not supported in any way, though. Closes: #517572 + * Switch to debhelper compatibility level 7 and remove some code duplication + in debian/rules. + * Override some Lintian warnings about old autotools helper files and being + not binNMUable (apache2 is not binNMUable anyway, because of the + apache2 <-> apache2-mpm-itk dependency). + + -- Stefan Fritsch Fri, 22 May 2009 19:30:20 +0200 + +apache2 (2.2.11-4) unstable; urgency=low + + [ Stefan Fritsch ] + * Disable TRACE method by default (closes: #492130). + * Compress some more mime types with mod_deflate by default. This may cause + problems with MSIE 6, but that browser should now be considered obsolete. + Closes: #397526, #521209 + * Various backports from upstream svn branches/2.2.x: + - CVE-2009-1191: mod_proxy_ajp: Avoid delivering content from a previous + request which failed to send a request body + - Fix FollowSymlinks / SymlinksIfOwnerMatch ignored with + server-side-includes PR 45959 (closes: #524474) + - Fix mod_rewrite "B" flag breakage PR 45529 (closes: #524268) + - Fix mod_deflate etag handling PR 45023 (LP: #358314) + - Fix mod_ldap segfault if LDAP initialization failed PR 45994 + * Allow apache2-mpm-itk as alternate dependency in apache2 meta package + (closes: #527225). + * Fix some misuse of command substitution in the init script. Thanks to + Jari Aalto for the patch. (Closes: #523398) + * Extend the gnome-vfs DAV workaround to gvfs (closes: #522845). + * Add more info to check_forensic man page (closes: #528424). + * Make "apache2ctl help" point to help on apache2 args (closes: #528425). + * Lintian warnings: + - fix spelling error in apache2-utils description + - tweak debian/copyright to make lintian not complain about pointers to GPL + - bump standards-version (no changes) + + [ Peter Samuelson ] + * Adjust sections to match recent ftpmaster overrides. + + -- Stefan Fritsch Tue, 19 May 2009 22:55:27 +0200 + +apache2 (2.2.11-3) unstable; urgency=low + + * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap + (see #521899). This also creates the dependencies on the new external + libaprutil1-dbd-* and libaprutil1-ldap packages. + + -- Stefan Fritsch Tue, 31 Mar 2009 21:07:26 +0200 + +apache2 (2.2.11-2) unstable; urgency=low + + * Report an error instead instead of segfaulting when apr_pollset_create + fails (PR 46467). On Linux kernels since 2.6.27.8, the value in + /proc/sys/fs/epoll/max_user_instances needs to be larger than twice the + value of MaxClients in the Apache configuration. Closes: #511103 + + -- Stefan Fritsch Fri, 16 Jan 2009 19:01:59 +0100 + +apache2 (2.2.11-1) unstable; urgency=low + + [Thom May] + * New Upstream Version (Closes: #508186, LP: #307397) + - Contains rewritten shmcb code which should fix alignment problems on + alpha (Closes: #419720). + - Notable new features: chroot support, mod_proxy improvements. + + [Ryan Niebur] + * fix segfault in ab when being verbose on ssl sites (Closes: #495982) + * remove trailing slash for DocumentRoot (Closes: #495110) + + -- Stefan Fritsch Sun, 14 Dec 2008 09:34:24 +0100 + +apache2 (2.2.9-11) unstable; urgency=low + + * Regression fix from upstream svn for mod_proxy: + Prevent segmentation faults by correctly adjusting the lifetime of the + buckets read from the proxy backend. PR 45792 + * Fix from upstream svn for mpm_worker: + Crosscheck that idle workers are still available before using them and + thus preventing an overflow of the worker queue which causes a SegFault. + PR 45605 + * Add a comment to ports.conf to point to NEWS.Debian.gz in case of + upgrading problems. + + -- Stefan Fritsch Wed, 26 Nov 2008 23:10:22 +0100 + +apache2 (2.2.9-10) unstable; urgency=low + + * Regression fix from upstream svn for mod_proxy_http: + Don't trigger a retry by the client if a failure to read the response line + was the result of a timeout. + + -- Stefan Fritsch Wed, 01 Oct 2008 11:50:18 +0200 + +apache2 (2.2.9-9) unstable; urgency=medium + + * Revert the attempted fix for #496080 because it did not work due to + upstream PR 38330. Instead, document the problem and possible workarounds + in README.Debian. + + -- Stefan Fritsch Fri, 12 Sep 2008 11:39:15 +0200 + +apache2 (2.2.9-8) unstable; urgency=low + + * Fix Spanish language support which was broken by .es being added to + /etc/mime.types for application/ecmascript. (Closes: #496080) + * Correct description of ServerTokens in /etc/apache2/conf.d/security. + (Closes: #497362) + * Clarify how to use apache2ctl to pass arbitrary arguments to + apache2. (LP: #259363) + * Add hints to README.Debian about the messages + "NameVirtualHost *:80 has no VirtualHosts" and + "File does not exist: /htdocs". + + -- Stefan Fritsch Thu, 11 Sep 2008 09:17:33 +0200 + +apache2 (2.2.9-7) unstable; urgency=low + + * Fix XSS in mod_proxy_ftp (CVE-2008-2939). + * Fix mod_proxy_http losing the query string with noescape (PR 45247). + * Make the balancer manager work in Opera and MSIE (PR 45578). + * Fix mod_headers "edit" removing multiple headers with the same name (PR + 45333). + * Also describe how to get a backtrace from a running process in + README.backtrace. + + -- Stefan Fritsch Fri, 08 Aug 2008 19:27:40 +0200 + +apache2 (2.2.9-6) unstable; urgency=high + + * Urgency high for RC bug fix. + * Fix SIGBUS on SPARC by preventing gcc from optimizing some memcpy calls + away. (Closes: #485525) + + -- Stefan Fritsch Sun, 20 Jul 2008 10:17:19 +0200 + +apache2 (2.2.9-5) unstable; urgency=medium + + * Urgency medium to get this into testing before the freeze. + * Remove IPv6 patch that was necessary for very old kernels but creates + problems on systems with current kernels and net.ipv6.bindv6only = 1. + Apache will now always create its sockets with IPV6_V6ONLY set to 0. + (Closes: #391280) + + -- Stefan Fritsch Mon, 07 Jul 2008 21:20:48 +0200 + +apache2 (2.2.9-4) unstable; urgency=low + + * Make postinst more quiet. (Closes: #489153) + * Add Turkish language support. (Closes: #489224) + * Remove duplicate comments in sites-available/default-ssl. (Closes: #489383) + * Describe in NEWS.Debian how to revert to the old NameVirtualHost config. + (Closes: #489215) + * Redirect apache2 bug reports to apache2.2-common, to get useful dependency + information. + + -- Stefan Fritsch Sun, 06 Jul 2008 10:38:37 +0200 + +apache2 (2.2.9-3) unstable; urgency=low + + [ Stefan Fritsch ] + * Move NameVirtualHost directive to ports.conf and switch from "*" to + "*:80". (Closes: #314606, #486286) + * Comment out the CacheEnable line in disk_cache.conf. It would have caused + problems with Etch to Lenny upgrades. + * Change the minimum user id for suexec back to 100, the new value of 1000 + was too disruptive for existing configurations. (Closes: #488821) + * Add a default SSL virtual host. (Closes: #267477) + - Use snakeoil certificate by default (if ssl-cert is installed). + (Closes: #293524, #446765) + - Document this in README.Debian. + (Closes: #293469, #293519, #398520, #395823) + - Add MSIE workarounds. (Closes: #421802) + - Add ssl-cert to Recommends. + * Add a new config file /etc/apache2/conf.d/security with some vaguely + security related diectives. (Closes: #260063) + * Adjust mod_userdir accordingly. Also add "AllowOverride Indexes" for the + home directories. + * Disable SSLv2 by default. It is insecure. Also only enable ciphers with + key lengths of at least 128 bit. + * Make the init script complain about a missing $APACHE_PID_FILE during + "start", too, and not only during "stop" or "restart". This makes it more + obvious that /etc/apache2/envvars has to be updated. (Closes: #473982) + * Add hint about the "..., using 127.0.0.1 for ServerName" warning to + README.Debian. (Closes: #457708) + * Add hint about the "could not create rewrite_log_lock" error message to + README.Debian. (Closes: #450831) + * Remove empty dir from apache2-doc to fix Lintian warning. + * Always pass -g to gcc instead of relying on dpkg-buildpackage to set + CFLAGS. We always want the debug info for the apache2-dbg package. + + [ Ryan Niebur ] + * Upgraded to policy 3.8.0 + - added support for noopt in DEB_BUILD_OPTIONS + - added a README.source + - added support for parallel in DEB_BUILD_OPTIONS + * Dropped XS- from the Vcs fields in control + + -- Stefan Fritsch Wed, 02 Jul 2008 10:15:57 +0200 + +apache2 (2.2.9-2) unstable; urgency=low + + * Make the init script use normal 'stop' instead of 'graceful-stop' again: + With graceful-stop, it can take a long time until all child processes have + closed their listening sockets and there is no way for the init script to + know when it is save to start apache again. This could make the restart of + apache fail. (Closes: #486629, #463338) + * Improve package descriptions, thanks to Justin B Rye. (Closes: #486855) + + -- Stefan Fritsch Sat, 21 Jun 2008 12:22:17 +0200 + +apache2 (2.2.9-1) unstable; urgency=low + + * New upstream release. Notable changes: + - mod_proxy_http: Better handling of excessive interim responses from + origin server to prevent potential denial of service and high memory + usage (CVE-2008-2364). + - mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager + (CVE-2007-6420). + - Worker / Event MPM: Fix race condition in pool recycling that leads to + segmentation faults under load. (Closes: #484800) + - mod_proxy: Keep connections to the backend persistent in the HTTPS case. + - mod_proxy: Support environment variable interpolation in reverse + proxying directives. + - mod_headers: Add 'merge' option to avoid duplicate values within the + same header. + - mod_substitute: The default is now flattening the buckets after each + substitution. The newly added 'q' flag allows for the quicker, more + efficient bucket-splitting. + * Shorten the init script's waiting period during 'restart' from 10 to 4 + seconds. This should still be plenty to allow the apache processes to + close their listening sockets. Make the wait even shorter if apache dies + faster. (Closes: #479136) + * Fix some lintian warnings: + - Add some missing patch descriptions. + - Point to /usr/share/common-licenses instead of including the license in + the copyright file. + + -- Stefan Fritsch Sat, 14 Jun 2008 08:29:41 +0200 + +apache2 (2.2.8-5) unstable; urgency=low + + * Replace a2{en,dis}{mod,site} by a rewritten version that + - supports wildcards (Closes: #373969). + - can be influenced with environment variables (Closes: #349716). + - checks existing symlinks for correctness (Closes: #409970). + - allows to remove dead symlinks (Closes: #480893). + * Move suexec suid helper program to a separate package apache2-suexec, + which is not installed by default. Provide an alternative version of + suexec, which can be customized with a config file. This can be found in + the apache2-suexec-custom package. Closes: #312252, #266835 + * Some more suexec fixes: + - Fix race condition when changing directories. + - Accept only /var/www/*, and not /var/www*. The same for public_html/* + instead of public_html* (CVE-2007-1742). + - Raise the minimum userid that suexec may change to from 100 to 1000. + * Enable mod_deflate in new installs. + * Include config.nice in apache2-src. This hopefully allows apache2-mpm-itk + to drop the build-dependency on apache2-prefork-dev. + * Mention environment variables in apache2 and apache2ctl man pages and point + to README.Debian. (Closes: #475150) + * Drop unneeded build-dep on libtool. + * Drop obsolete apache2-mpm-perchild package (closes: #477522). + * Don't fail in postinst if there is a dangling symlink /var/www/index.html. + * Fix typo in bug number in 2.2.8-3 changelog entry. + * Use dh_lintian in debian/rules. + + -- Stefan Fritsch Sat, 31 May 2008 17:02:03 +0200 + +apache2 (2.2.8-4) unstable; urgency=high + + * Urgency high for DoS vulnerability fix. + * Fix memory leak in mod_ssl with zlib compression. + + -- Stefan Fritsch Tue, 13 May 2008 22:31:37 +0200 + +apache2 (2.2.8-3) unstable; urgency=low + + * mod_cache: Handle If-Range correctly if the cached resource was stale + (closes: #470652). + * mod_autodindex: Use UTF-8 as character set for filenames in the default + configuration. Change this in autoindex.conf if you are still using + ISO-8859-1. + * Introduce APACHE_RUN_DIR and APACHE_LOCK_DIR in apache2ctl. Also, make it + use APACHE_RUN_USER instead of APACHE2_RUN_USER, to be consistent with + apache2.conf. + * Add 'status' function to init script (adapted from patch by Dustin + Kirkland). + * Don't build the modules three times. We are only shipping one set of them, + anyway. (Inspired by the Fedora package.) + * Remove Fabio M. Di Nitto from the uploaders field (thanks for your work). + + -- Stefan Fritsch Fri, 14 Mar 2008 10:57:19 +0100 + +apache2 (2.2.8-2) unstable; urgency=low + + * Provide a fallback access log (other_vhosts_access.log) and a suitable + LogFormat (vhost_combined) for VirtualHosts that don't define their own + log file. (Closes: #313430) + * Fix broken symlink to README.Debian.gz and typos in the file + (closes: #461462). + * Improve generation of password salts in htpasswd (closes: #469271). + * Point VCS tags in debian control to trunk, to make them useful with + debcheckout. + * Add missing ${APACHE_ARGUMENTS} to *) case in apache2ctl. + * In upgrades from etch, replace /etc/apache2/default without asking also in + the NO_START=1 case, in order to not break piuparts (closes: #466367). + * Print file name where "Useless use of AllowOverride" occured. + (Closes: #410334) + * Make bugreport script source /etc/apache2/envvars before calling apache2. + * Add note about MSIE SSL workaround to README.Debian. + * Don't ship empty /var/www/apache2-default in apache2-doc. + (Closes: #469145) + * mod_autoindex: Use the bomb icon only for the name 'core', not for + '*core'. (Closes: #467480) + * Include module name in a2enmod error messages (closes: #461341). + + -- Stefan Fritsch Sat, 08 Mar 2008 12:28:14 +0100 + +apache2 (2.2.8-1) unstable; urgency=low + + * New upstream version: + - Fixes cross-site scripting issues in + o mod_imagemap (CVE-2007-5000) + o mod_status (CVE-2007-6388) + o mod_proxy_balancer's balancer manager (CVE-2007-6421) + - Fixes a denial of service issue in mod_proxy_balancer's balancer manager + (CVE-2007-6422). + - Fixes mod_proxy URL encoding in error messages (closes: #337325). + - Adds explicit charset to the output of various modules to work around + possible cross-site scripting flaws affecting web browsers that do not + derive the response character set as required by RFC2616. For + mod_proxy_ftp there is now the new ProxyFtpDirCharset directive to + specify something else than ISO-8859-1 (CVE-2008-0005). + - Adds mod_substitute which performs inline response content pattern + matching (including regex) and substitution (like mod_line_edit). + - Adds "DefaultType none" option. + - Adds new "B" option to RewriteRule to suppress URL unescaping. + - Adds an "if" directive for mod_include to test whether an URL is + accessible, and if so, conditionally display content. + - Adds support for mod_ssl to the event MPM. + * Move the configuration of User, Group, and PidFile to + /etc/apache2/envvars. This makes it easier to use these settings in + scripts. /etc/apache2/envvars can now also be used to influence apache2ctl + (inspired by Marc Haber's patch). (Closes: #349709, #460105, #458085) + * Make apache2ctl check the configuration syntax before trying to restart + apache, to match the behaviour documented in the man page. + (Closes: #459236) + * Convert docs to be directly viewable with a browser (and not use content + negotiation). + * Add doc-base entry for the documentation. (closes: #311269) + * Don't ship default files in /var/www, but copy a sample file to + /var/www/index.html on new installs. Also remove the now unneeded + RedirectMatch line from sites-available/default. + (Closes: #411774, #458093) + * Add some information to README.Debian (Apache wiki, default virtual host) + * Build with LDFLAGS=-Wl,--as-needed to drop a lot of unnecessary + dependencies, easing library transitions (closes: #458857). + * Add icons for OpenDocuments, add sharutils to Build-Depends for uudecode. + Patch by Nicolas Valcárcel. (Closes: #436441) + * Add reportbug script to list enabled modules. + * Fix some lintian warnings: + - Pass --no-start to dh_installinit instead of omitting the debhelper token + in various maintainer scripts. Also move the update-rc.d call to + apache2.2-common. + - Add Short-Description to init script. + * Remove unused apache2-mpm-prefork.prerm from source package and clean up + debian/rules a bit. + * Don't ship NEWS.Debian with apache2-utils, as the contents are only + relevant for the server. + + -- Stefan Fritsch Thu, 17 Jan 2008 20:27:56 +0100 + +apache2 (2.2.6-3) unstable; urgency=low + + * Allocate fewer bucket brigades in case of a flush bucket. This might help + with the memory leaks reported in #399776 and #421557. + * Escape the HTTP method in error messages to avoid potential cross site + scripting vulnerabilities (CVE-2007-6203). + * Update 053_bad_file_descriptor_PR42829.dpatch to avoid a race condition. + * Redirect /doc/apache2-doc/manual/ to /manual/ in the apache2-doc config + (Closes: #450867). + * Add icons for .ogg and .ogm (Closes: #255443). + * Add comment about how to log X-Forwarded-For (Closes: #425008). + * Make mod_proxy_balancer not depend on mod_cache. + * Add Homepage field to debian/control. + * Add/fix some lintian overrides, fix some warnings. + * Bump Standards-Version (no changes). + + -- Stefan Fritsch Fri, 07 Dec 2007 22:38:59 +0100 + +apache2 (2.2.6-2) unstable; urgency=low + + * Avoid calling apr_pollset_poll() and accept_func() when the listening + sockets have already been closed on graceful stop or reload. This + hopefully fixes processes not being killed (closes: #445263, #447164) + and the "Bad file descriptor: apr_socket_accept: (client socket)" + error message (closes: #400918, #443310) + * Allow logresolve to process long lines (Closes: #331631) + * Remove duplicate config examples (Closes: #294662) + * Include README.backtrace describing how to create a backtrace + * Add CVE reference to 2.2.6-1 changelog entry + + -- Stefan Fritsch Thu, 18 Oct 2007 19:35:40 +0200 + +apache2 (2.2.6-1) unstable; urgency=low + + * New upstream release + - fixes mod_proxy DoS for threaded MPMs (CVE-2007-3847) + - fixes spurious warning for valid wildcard certificates (Closes: #414855) + - adds warning that htpasswd is not setuid safe (Closes: #356285) + - adds Type and Charset options to IndexOptions directive, + allowing a workaround for buggy browsers affected by CVE-2007-4465 + - adds new ProxyPassMatch directive + * Add index.htm to the default DirectoryIndex configuration + (Closes: #439375) + * Use apache2ctl in init script (Closes: #439027) + * make init script less noisy (Closes: #438950) + * improve NEWS entry (Closes: #440084) + + -- Stefan Fritsch Thu, 06 Sep 2007 23:54:42 +0200 + +apache2 (2.2.4-3) unstable; urgency=low + + [ Stefan Fritsch ] + * enable default site on new installs again (Closes: #436341) + * make mod_authn_dbd depend on mod_dbd + * make a2dissite return 0 if a site is already disabled (Closes: #435398) + * make a2 scripts print errors to stderr (Closes: #435400) + * move TypesConfig directive from apache2.conf to mime.conf + (Closes: #434248) + + [ Adam Conrad ] + * Special case apache2-dbg magic in debian/rules, so we don't do + this on Ubuntu, which has an archive of detached debug packages. + + -- Stefan Fritsch Tue, 07 Aug 2007 20:49:28 +0200 + +apache2 (2.2.4-2) unstable; urgency=low + + * Modularize config: Move module specific configuration from apache2.conf + to mods-available/*conf (Closes: #338472) + * Remove the NO_START kludge. Now you have to use rc*.d symlinks to disable + apache2. (Closes: #408462, #275561) + * Create run and lock directores in apache2ctl to make it work on fresh + installations before the first call of the init script. Together with + the previous item, this closes: #418499 + * Disable AddDefaultCharset again (Closes: #397886) + * Make ports.conf, conf.d/charset, and /etc/default/apache2 conffiles + managed by dpkg + * Listen on port 443 by default if mod_ssl is loaded (Closes: #404598) + * Add logic to start htcacheclean as daemon or cronjob. The configuration + is in /etc/default/apache2 + * Fix security issues: + - CVE-2007-3304: prevent parent process to send SIGUSR1 to arbitrary + processes + - CVE-2006-5752: XSS in mod_status + * Add init.d dependency info from insserv overrides to /etc/init.d/apache2 + * Replace apachectl with apache2ctl in docs (Closes: #164493) + * Add usage message to apache2ctl (Closes: #359008) + * Make -dev packages priority extra + * Add secure example cipher/protocol configuration to ssl.conf + * Update watch file (Closes: #433552) + * Bump dh_compat to 5 + * Add new package apache2-dbg with debugging symbols + * Fix mod_cache returning 304 instead of 200 on HEAD requests + + -- Stefan Fritsch Tue, 03 Jul 2007 21:23:40 +0200 + +apache2 (2.2.4-1) unstable; urgency=medium + + [ Stefan Fritsch ] + * Urgency medium for security fix + * Fix CVE-2007-1863: DoS in mod_cache + * New upstream version (Closes: #427050) + - Fixes "proxy: error reading status line from remote server" + (Closes: #410331) + * Fix CVE-2007-1862: mod_mem_cache DoS (introduced in 2.2.4) + * Change logrotate script to use reload instead of restart. + (Closes: #298689) + * chmod o-rx /var/log/apache2 (Closes: #291841) + * chmod o-x suexec (Closes: #431048) + * Update patch for truncated mod_cgi 500 responses from upstream SVN + (Closes: #412580) + * Don't use AddDefaultCharset for our docs (Closes: #414429) + * fix options syntax in sites-available/default (Closes: #419539) + * Move conf.d include to the end of apache2.conf (Closes: #305933) + * Remove log, cache, and lock files on purge (Closes: #428887) + * Ship /usr/lib/cgi-bin (Closes: #415698) + * Add note to README.Debian how to read docs (Closes: #350822) + * Document pid file name (Closes: #350286) + * Update Standards-Version (no changes needed) + * Fix some lintian warnings, add some overrides + * Start apache when doing a "restart" even if it was not running + (Closes: #384682) + * reload config in apache2-doc postinst (Closes: #289289) + * don't fail in prerm if apache is not running (Closes: #418536) + * Suggest apache2-doc and www-browser (Closes: #399056) + * Make init script always display a warning if NO_START=1 since + VERBOSE=yes is not the default anymore (Closes: #430116) + * Replace apache2(8) man page with a more current version + * Add httxt2dbm(8) man page + * Show -X option in help message (Closes: #391817) + * remove sick-hack-to-update-modules + * don't depend on procps on hurd (Closes: #431125) + + [ Peter Samuelson ] + * Add shlibs:Depends to apache2.2-common. + + -- Stefan Fritsch Sun, 01 Jul 2007 19:57:51 +0200 + +apache2 (2.2.3-5) unstable; urgency=low + + [ Tollef Fog Heen ] + * Fix up apache2-src so the .tar.gz contains an apache2 top level + directory. + * Make apache2 MPMs provide and conflict with apache2-mpm so other + packages can provide MPMs too. + * Get rid of 2.1 references from descriptions. (Closes: #400981) + + [ Thom May ] + * Let the init script cope with multiple pid files correctly. Probably we + shouldn't be doing this at all, but we might as well do it properly! + (Closes: #396162) + * Add a sensible autoindex default config + * Add patch from upstream to ensure that mod_cgi 500 responses aren't + truncated (Closes: #412580) + * Use graceful-stop to shutdown apache to ensure we cope nicely with long + running or blocked children + + [ Peter Samuelson ] + * Ship apache2 manpage in apache2.2-common. (Closes: #391813) + * Rearrange init script so that 'force-reload' is the same as 'reload'. + (Closes: #401053) + * Add Build-Depends: mawk. (Closes: #403682) + * Add a needed guard to apache2.conf. + (Closes: #407307) + * Stop shipping /var/run/apache2/ as it is created at runtime anyway. + * Move the /var/lock/apache2 owner fix from the apache2.2-common + postinst to the init script, as /var/lock may not persist across + reboots. (Closes: #420101) + + [ Stefan Fritsch ] + * Add Build-Depends: libssl-dev, zlib1g-dev (Closes: #399043) + * Add XS-Vcs-* to debian/control + * Improve handling of empty $MODNAME in a2enmod (Closes: #422589) + * Treat apache2-mpm-itk as prefork in a2enmod (Closes: #412602) + * Re-add README.Debian and describe + - the config dir layout (closes: #419552) + - which files are ignored by Include + - when and how to change "restart" to "reload" in the logrotate script + * When purging, remove {mods,sites}-enabled symlinks and the config files + created by postinst (Closes: #397789) + * Fix suexec to log after a cgi error (Closes: #312385) + * Add watch file + * Add AddType for .bz2 (Closes: #416322) + * Make init script messages conform better to policy (Closes: #390348) + and exit with failure if called with unknown parameter (Closes: #412407) + * Fix segfault in mod_proxy_ftp when FTP server sends back no spaces + (Closes: #413727) + * Ship /etc/apache2/conf.d/apache2-doc (Closes: #418464) + * Tell the user when selecting cgid instead of cgi (Closes: #428058) + * Add a2ensite/a2dissite man pages (Closes: #322385) + * Comment out CacheEnable by default, to prevent filling up /var. + Document the problem in README.Debian and NEWS.Debian, point to + htcacheclean and give a warning when doing a2enmod disk_cache + (Closes: #423653). + * Add myself to Uploaders. + + -- Stefan Fritsch Sun, 10 Jun 2007 18:54:29 +0200 + +apache2 (2.2.3-4) unstable; urgency=high + + * High-urgency upload for RC bugfixes. + * Ack NMUs - thanks Andi, Steve. + * Add myself to Uploaders. + * Refactor apache2.2-common.postinst slightly, to account for sarge + upgrades (since it's a new package name, rather than an upgrade). + (Closes: #396782, #415775) + * If mod_proxy was configured in sarge, add proxy_http and + disk_cache modules, which used to be included in the mod_proxy config. + (Closes: #407171) + + -- Peter Samuelson Tue, 27 Mar 2007 07:06:49 -0500 + +apache2 (2.2.3-3.3) unstable; urgency=high + + * Non-maintainer upload. + * High-urgency upload for RC bugfix. + * apache2.2-common should depend on procps, since it will fail to create + httpd.conf if it's not installed. Closes: #398535. + + -- Steve Langasek Mon, 5 Feb 2007 01:55:57 -0800 + +apache2 (2.2.3-3.2) unstable; urgency=high + + * Non-maintainer upload. + * 043_ajp_connection_reuse: Patch from upstream Bugzilla, fixing a critical + issue with regard to connection reuse in mod_proxy_ajp. + Closes: #396265 + + -- Andreas Barth Sat, 9 Dec 2006 21:05:45 +0000 + +apache2 (2.2.3-3.1) unstable; urgency=low + + * Non-maintainer upload. + * Enable authz_user by default, fix silent authentication breakage. + Closes: #397310 + * Add default modules if coming from earlier than this version. + Closes: #392349, #392352, #392701, #393913, #396678, #395976 + * Re-Enable modules cern_meta, dumpio and ext_filter. Closes: #391393 + + -- Andreas Barth Fri, 10 Nov 2006 15:44:33 +0100 + +apache2 (2.2.3-3) unstable; urgency=medium + + [ Peter Samuelson ] + * a2dismod: exit 0 if a module exists but is already disabled. + * Ship a2enmod.8 and a2dismod.8 again, and expand them a bit. + (Closes: #270551) + + [ Tollef Fog Heen ] + * Build apache2-src package. + * Do not AddDefaultCharset if we are proxying. Closes: #277526 + * Do not forcefully link against libdb4.3 and other libs. + * Enable the same list of modules as we had in 2.0 (by default) and do + that for all older versions than 2.2.3-3 to fix upgrade issues people + have had. Closes: #392349 + * Set default IndexWidth to *. + * Clean up CPPFLAGS and CFLAGS, including making all of CFLAGS a + superset of CPPFLAGS. Also make sure to include -I switches with + absolute paths so the apache headers are useful. + * Warn when not starting HTTPD due to missing apache binary. + Closes: #384128 + * Provide sample disk and memory cache configurations. Closes: #278564 + * Provide dir.conf. Closes: #392356 + * Add alternate dependency from apache to apache2-mpm-event + * On reload, make the init script exit 1 with an error message if the + configuration is broken. Closes: #316858 + * Add default deflate.conf compressing text/html, text/plain and + text/xml. Closes: #349016 + * Add { and } around the usage format in the init script to make the + init script bash completion happier. Closes: #350606 + + [ Adam Conrad ] + * Update our php4 and php5 conflicts, to reflect the reality that each + were uploaded and built again while apache2.2 was in the new queue. + Closes: #392189 + * Migrate kill symlinks from K91 to K09 (closes: #376503) + * Make apache2 depend on the current version of the MPMs, as it used + to in the 2.0.x series (and make it binNMU-safe) (closes: #394658) + * Make sure that the RedirectMatch in sites-available/default continues + to be commented out for Ubuntu, while having it uncommented for Debian. + + [ Thom May ] + * Fix permissions on suexec (Closes: #391918) + * This is Debian, not Ubuntu (Closes: #393277) + + -- Adam Conrad Sat, 7 Oct 2006 17:57:04 +1000 + +apache2 (2.2.3-2) unstable; urgency=low + + * Make sure to ship /var/log/apache2 in the apache2.2-common package. + Closes: #390786 + * Install suexec.8 as suexec2.8. Closes: #390774 + * Make sure that we never ship .svn directories in any binary packages. + Closes: #390785 + * Not only chmod -x /usr/sbin/apache2 in apache2.2-common.preinst, chmod + +x it in same's postinst too. Closes: #390794 + * We now ship htcacheclean in apache2-utils. Closes: #376680 + * Try to stop old apaches in preinst of the mpms. Closes: #390893 + * Make apache2-mpm-{worker,prefork} conflict with apache2-mpm-event and + apache2-common. + * rm -f /var/lib/dpkg/info/apache2-common.postrm. So apache2-common can + be purged. Yes, we're on crack. Closes: #390823 + * Make apache2-utils's Replaces on apache2-common be unversioned. + Closes: #391018 + * Stop shipping cern_meta.load, dumpio.load and ext_filter.load. Thanks + to Stephane Chazelas for noticing. Closes: #391393 + + -- Tollef Fog Heen Tue, 3 Oct 2006 10:03:48 +0200 + +apache2 (2.2.3-1) unstable; urgency=low + + * Remove mention of AddDefaultCharset from apache2.conf as this is now + in /etc/apache2/conf.d/charset. + * Rename apache2-common to apache2.2-common. Conflict and replace old + version. This is to force modules to be uninstalled until versions + compiled against 2.2 are provided. + * Remove Daniel Stone from list of uploaders. + * We no longer ship 035_HEAD_Content-Length_Fix_From_CVS. Closes: #298143 + * Don't start the server on reload. Closes: #316321 + * Install S91/K09 links, not S91/K91, also only support not starting + through defaults file to cover upgrades from old + installations. Closes: #359977, #349655 + * Big cleanup by using dh_install properly rather than loads of hacks in + debian/rules. + * No longer ship compat symlinks for ab, etc. Those are installed as + ab, htpasswd and similar. + * Remove apache2-mpm-{event,worker}-{prerm,preinst,postinst} in clean, + as those are copies of other files. + * Add build-depends for libapr1-dev (>= 1.2.7-6) to make sure we get a + version which ships a useful apr-config --apr-libtool. + * chmod -x /usr/sbin/apache2 on upgrades from before 2.2 to avoid + problems stopping apache due to some dpkg bug. + * Add Conflicts for broken modules which didn't depend on + apache2-common. + + -- Tollef Fog Heen Thu, 17 Aug 2006 14:02:58 +0200 + +apache2 (2.2.3-1~exp.r170) experimental; urgency=low + + [ Jeroen van Wolffelaar ] + * Staging upload to experimental of subversion revision r170 + + [ Thom May, Tollef Fog Heen, Fabio M. Di Nitto and Adam Conrad ] + * New Upstream Release. Closes: #344072 + http://httpd.apache.org/docs/2.2/new_features_2_2.html has a list of + new features and changes. + - Fixes LFS support. Closes: #341460, #285337, #241223 + - Fixes off-by-one error in mod_rewrite ldap schema handling + (CVE-2006-3747) + - Fixes XSS issue in mod_imap/mod_imagemap (CVE-2005-3352). + Closes: #343467. + - mpm_perchild no longer exists, so closing bugs for perchild. + Closes: #236193, #238586 + - Fixes PHP POST with SSLVerifyClient. Closes: 353443 + * Build-depend on lsb-release and pick up the branding from there. + * Build-depend on apr-util 1.0 which is now in a separate source + package. + * Mangle the Debian layout to be more FHS compatible + * No longer build-conflict with libgdbm-dev + * Use external PCRE + * Make apache2-utils stop providing apache2-utils. Also make it stop + conflicting with itself. + * Rename default site from default-site to just default. + * Try to migrate modules which used to be built-in:, alias, mime, + authz_host, autoindex, dir, env, negotiation, setenvif, status. + * Mod imap has been renamed to imagemap, ditto for auth_ldap => + authnz_ldap. Cope with that in postinst. + * Stop globbing in apache2.conf. + Closes: #337817, #340955, #348189, #379015, #368497 + * Don't install CHANGES into the apache2 package. It's just a + metapackage. + * Add rudimentary rdeps handling to a2dismod. Closes: #273929 + * Stop providing apache-utils. + * Cope with /var/run and /var/lock on tmpfs. + * Remove all subdirs in srclib as we are using external libraries for + those anyway. Also remove test/zb.c. Closes: 340538 + * Make ssl.conf not block on /dev/random, but rather use /dev/urandom. + * Make apache2-common depend on lsb-base, thanks to Gleb Arshinov + + -- Jeroen van Wolffelaar Tue, 15 Aug 2006 16:17:33 +0200 + +apache2 (2.0.55-4.1) unstable; urgency=high + + * Non-maintainer upload. Urgency set to high due to security fixes. + * Added '052_mod_rewrite_CVE-2006-3747' to fix the off-by-one bug in + mod_rewrite. + [CVE-2006-3747]. (Closes: #380182) + * Added '053_restore_prefix_fix' to allow rebuilding from source. + (Closes: #374160) + * Added '054_apr_sendfile' to allow building for Hurd. + (Closes: #349416) + * Added '055_expect_CVE-2006-3918' to fix XSS attack in Expect headers. + [CVE-2006-3918]. (Closes: #381376) + * Added bash-completion script from Guillaume Rousse. + (Closes: #299855) + + -- Steve Kemp Sat, 5 Aug 2006 21:35:53 +0000 + +apache2 (2.2.0-1) UNRELEASED; urgency=low + + * New upstream release. + + -- Fabio M. Di Nitto Thu, 26 Jan 2006 13:46:08 +0100 + +apache2 (2.0.55-4) unstable; urgency=low + + * Add 050_mod_imap_CVE-2005-3352 to escape untrusted referer headers in + mod_imap before outputting HTML to avoid XSS attacks; see CVE-2005-3352 + * Add 051_mod_ssl_CVE-2005-3357 to avoid a remote denial of service in + threaded MPMs when making a non-SSL connection to an SSL-enabled port + on a server with a custom 400 error document defined; see CVE-2005-3357 + * Clean up our use of trailing slashes on directories in debian/rules, so + the newer, pickier, obviously very improved coreutils doesn't bite us. + * Remove some cruft from apache2-common's postinst, dealing with upgrade + scenarios from versions older than those released in Sarge or Warty. + * Use "SHELL := sh -e" in debian/rules, so the build will stop on shell + errors, instead of blundering on to later make targets (closes: #340761) + * Recreate /var/run/apache2 and /var/lock/apache2 in our init script, in + case the user has /var/run and /var/lock on tmpfs, which is fasionable. + * Make our init script a /bin/bash script instead of a /bin/sh script, so + we can abuse it with regex globbing (#348189, #347962, #340955, #342008) + * Take patch from Adrian Bridgett to output errors from our config test + in the init script, but only do so when we're VERBOSE (closes: #339323) + * In the spirit of the LSB, make our init script exit 2 when called with + incorrect arguments, and exit 4 when asked for status (closes: #330275) + * Fix the default site to not mix configuration syntax (closes: #345922) + * Mention apxs2 in the apache2-*-dev long descriptions (closes: #307921) + + -- Adam Conrad Sat, 26 Nov 2005 19:06:32 +1100 + +apache2 (2.0.55-3) unstable; urgency=low + + * Brown paper bag release: Tidy up CFLAGS and APR configure call to make + sure that what we link to agrees with what apu-config tells others to do. + + -- Adam Conrad Mon, 24 Oct 2005 13:02:52 +1000 + +apache2 (2.0.55-2) unstable; urgency=low + + * Mess with 010_more_fhs_compliancy to nail down the compiled default for + cgisock to match with the default shipped in the config file, so people + don't get confused if they miss including cgid.conf (closes: #316477) + * Make the compiled-in PidFile match the config file for similar reasons. + * Add 049_apr_tables_HEAD_cleanup, resolving an issue where merging two + tables from different resource pools would leave you with the contents + of only one, rather than both. This patch also cleans up some broken + pointer arithmetic and type casting along the way (closes: #251800) + * Specify the DocumentRoot without a trailing slash (closes: #311317) + * Fix the manpage to point at proper locations (closes: #307665, #332619) + + -- Adam Conrad Sun, 23 Oct 2005 13:24:39 +1000 + +apache2 (2.0.55-1) unstable; urgency=low + + * New upstream bugfix and security release, superseding these patches: + - Drop 041_util_ldap_fix.patch, util_ldap seems to be unbroken. + - Drop 043_ssl_off_by_one_CAN-2005-1268, fixed upstream. + - Drop 044_content_length_CAN-2005-2088, fixed upstream. + - Drop 045_byterange_CAN-2005-2728, fixed upstream. + - Drop 046_verify_client_CAN-2005-2700, fixed upstream. + - Resolves a serious memory leak in the worker MPM; see CVE-2005-2970 + - Add 048_reverse_proxy_fix, to resolve a regression in 2.0.55 with + mod_proxy, mod_ssl and HTTP POST requests (upstream bug #37145) + * New release builds cleanly with OpenSSL 0.9.8 (closes: #332791, #333363) + * Fix up our built-in version of DBS to use find's -{max,min}depth + arguments in a way that doesn't make find whine like a spoiled child. + * Merge Ubuntu and Debian packaging, bringing in patch 047 (closes: #327269) + - Comment out the / -> /apache2-default/ redirect, as user feedback seems + to indicate that it's just too bloody confusing for most people. + - New installations (only) now get an AddDefaultCharset UTF-8 directive. + * Build-depend on lsb-release, and use it in debian/rules to determine which + distribution we're building on, dropping the 007_debian_advertising patch. + * Drop debconf dependency entirely; we don't even use it (closes: #331741) + * Finally support DEB_BUILD_OPTIONS="noopt debug" properly in debian/rules. + * Adjust mime_magic.conf to point at the new FHS location of magic.mime. + * Drop the apache2-mpm-threadpool transitional package; Sarge is released. + * Try a bit harder to find the *CORRECT* PidFile directive in the init + script, instead of the old "rgrep and pray" method (closes: #303076) + * Make init script to always use apache2ctl consistently (closes: #316303) + * Build (and have -dev packages depend on) libdb4.3 instead of libdb4.2. + + -- Adam Conrad Mon, 17 Oct 2005 13:00:13 +1000 + +apache2 (2.0.54-5ubuntu2) breezy; urgency=low + + * Add 047_ssl_reneg_with_body, which adds a (bounded) buffer of request + body data to provide a limited but safe fix for the mod_ssl renegotiation + vs requests-with-bodies bug, as occurs with POST and SVN (Ubuntu #14991) + + -- Adam Conrad Tue, 4 Oct 2005 11:53:01 +1000 + +apache2 (2.0.54-5ubuntu1) breezy; urgency=low + + * Resynchronise with Debian, bringing in several security patches. + + -- Adam Conrad Mon, 5 Sep 2005 20:40:31 +1000 + +apache2 (2.0.54-5) stable-security; urgency=high + + * Add 043_ssl_off_by_one_CAN-2005-1268, fixing an off-by-one error in SSL + certificate validation; see CAN-2005-1268 (closes: #320048, #320063) + * Add 044_content_length_CAN-2005-2088, resolving an issue in mod_proxy + where, when a response contains both Transfer-Encoding and Content-Length + headers, the connection can be used for HTTP request smuggling and HTTP + request spoofing attacks; see CAN-2005-2088 (closes: #316173) + * Add 045_byterange_CAN-2005-2728, to resolve a denial of service in apache + when large byte ranges are requested; see CAN-2005-2728 (closes: #326435) + * Add 046_verify_client_CAN-2005-2700, resolving an issue where the context + of the SSLVerifyClient directive is not honoured within a + nested in a , and is left unenforced; see CAN-2005-2700 + + -- Adam Conrad Fri, 2 Sep 2005 22:26:28 +1000 + +apache2 (2.0.54-4) unstable; urgency=low + + * Alter 041_util_ldap_fix.patch to revert util_ldap.c to the known + good version from 2.0.53 (closes: #308648, and re-fixes #307567) + + -- Adam Conrad Wed, 11 May 2005 20:15:38 -0600 + +apache2 (2.0.54-3) unstable; urgency=medium + + * Add 042_htdigest_CAN-2005-1344 to fix a buffer overflow in + htdigest, which is described in CAN-2005-1344 (closes: #307134) + * Add 041_util_ldap_fix.patch from upstream bug #34618 to fix + issues with mod_auth_ldap sometimes segfaulting and sometimes + locking up and spinning the CPU to oblivion (closes: #307567) + * Alter 011_fix_ap-config to make apr-config point us at the system + libtool, and make libapr0-dev depend on libtool (closes: #306481) + * Alter 008_make_include_safe to prevent apache2 from including dpkg + conffile leftovers (.dpkg-old et al) (closes: #304786, #296728) + + -- Adam Conrad Thu, 5 May 2005 03:45:24 -0600 + +apache2 (2.0.54-2) unstable; urgency=low + + * Set suexec2's ownership properly, so it's actually executable by + apache2 with the newly-restrictive permissions (closes: #305242) + + -- Adam Conrad Mon, 18 Apr 2005 22:09:42 -0600 + +apache2 (2.0.54-1) unstable; urgency=low + + * New upstream bugfix-only release (closes: #305121) + * Fix debian/watch file to only look at apache 2.0.x, so we stop being + told about the 2.1 beta releases (and I'll notice new 2.0.x releases) + * Drop o+rx permissions from suexec2; while it has code in place to + make sure the caller is www-data, if that code should be buggy, + filesystem permissions will help mitigate fallout (closes: #301045) + * Update the 003_build_with_autoconf_2.5 patch to make sure both + apr and apr-util have an AC_PREREQ for autoconf 2.50, so we don't get + weird autoconf mix-and-match FTBFS issues (closes: #301819) + + -- Adam Conrad Sun, 17 Apr 2005 23:10:18 -0600 + +apache2 (2.0.53-5ubuntu5) hoary; urgency=low + + * Fix the init script to not exit with an error when asked to + stop a daemon that isn't running (Was the root cause of #8374) + + -- Adam Conrad Fri, 1 Apr 2005 16:30:56 +0000 + +apache2 (2.0.53-5ubuntu4) hoary; urgency=low + + * Make sure package removals don't fail even if the init script + doesn't stop apache2 (Ubuntu #8374) + + -- Adam Conrad Fri, 1 Apr 2005 15:07:20 +0000 + +apache2 (2.0.53-5ubuntu3) hoary; urgency=low + + * Add dependency on lsb-base (>= 1.3-9ubuntu2) to guarantee + availability of lsb init functions (Ubuntu #7765) + + -- Adam Conrad Sun, 27 Mar 2005 21:55:41 -0700 + +apache2 (2.0.53-5ubuntu2) hoary; urgency=low + + * Really remove /etc/apache2/conf.d/charset on purge, rather + than just writing about it in the changelog. + + -- Adam Conrad Sun, 27 Mar 2005 08:32:39 -0700 + +apache2 (2.0.53-5ubuntu1) hoary; urgency=low + + * Resynchronise with Debian, resolving minor conflicts. + * Remove /etc/apache2/conf.d/charset on purge. + + -- Adam Conrad Sun, 27 Mar 2005 15:15:44 +0000 + +apache2 (2.0.53-5) unstable; urgency=high + + * Update 040_link_external_pcre to require autoconf 2.50, so it + doesn't fail when autoconf2.13 is installed (closes: #295428) + * Further mangle the apache_stop function in the init script so it + attempts as hard as possible to make sure apache2 is stopped before + it tries to restart. Thanks to Andre Tomt for + the bug and patch this fix was based on (closes: #295915, #281557) + + -- Adam Conrad Fri, 25 Feb 2005 00:51:13 -0700 + +apache2 (2.0.53-4) unstable; urgency=low + + * Add 040_link_external_pcre to allow us to link to an external libpcre + rather than statically compiling the bundled version. + * Add --with-external-pcre to the configure flags in debian/rules + (closes: #294673, #294675, #282606, #294740) + * Stop hardcoding the path to netstat in postinst (closes: #294737) + + -- Adam Conrad Mon, 14 Feb 2005 01:45:08 +0000 + +apache2 (2.0.53-3) unstable; urgency=medium + + * Drop Andres Salomon's PCRE manglig patch in favour of hand-merging + Joe Orton's patch against head to completely internalise apache's + copy of PCRE, only exposing a wrapper API. (closes: #294395) + + -- Adam Conrad Wed, 9 Feb 2005 11:30:21 -0700 + +apache2 (2.0.53-2) unstable; urgency=low + + * Make apache2-threaded-dev and apache2-prefork-dev both arch:any + as they contain architecture-dependant defines (closes: #294257) + + -- Adam Conrad Wed, 9 Feb 2005 04:20:07 -0700 + +apache2 (2.0.53-1) unstable; urgency=low + + * New upstream release + - Remove 036_HEAD_CAN-2004-0942, integrated upstream + - Remove 037_HEAD_CAN-2004-0885, integrated upstream + * Drop support for the threadpool MPM, as it's abandoned upstream. + - Make apache2-mpm-threadpool an empty package depending on + apache2-mpm-worker, and make worker replace the old threadpool + * Make SYSCONFDIR configurable at the top of a2{en,dis}{mod,site} + * Drop the build-conflict on gawk, and use ac_cv_prog_AWK=mawk + instead (closes: #283396) + * Make the apache_stop() function stop trying to do the equivalent + of "killall apache2", and instead issue a nasty warning if it can't + stop apache2 on its own + * Make "restart" an alias for "force-reload" in the init script, as + apache2ctl restart doesn't match policy's requirements for restart + * Swapping between threaded and unthreaded MPMs could leave one with + both mod_cgi and mod_cgid enabled. Fixed the postinsts so that + no longer happens + * Update 021-pcre_mangle_symbols.patch from Andres Salomon, now also + mangling typedefs, which should fix PHP (closes: #280823) + * Hardcode a dependency on libgcc1 (>= 1:3.3.5) so pthread_cancel + will work correctly with partial upgrades (closes: #287033) + * When removing ssl_scache, make sure to remove its db transation logs + and other garbage as well (closes: #293831) + * Remove duplicate /icons/ from the default site (closes: #291856) + * Yank 039_fix_forensic_tmpfiles from Ubuntu's apache2 packages + * Split out utils into seperate apache2-utils. This will also + supercede the apache-utils package (closes: #285219) + * Add split-logfile to apache2-utils (closes: #290814) + * Make the MPM postinsts scream loudly, but not fail, if you've + deleted cgi{,d}.load before swapping MPMs (closes: #283141) + + -- Adam Conrad Mon, 7 Feb 2005 07:54:12 -0700 + +apache2 (2.0.52-3) unstable; urgency=high + + * Brown paper bag release to fix apache2-common's postinst, by judiciously + sprinkling ||true in a couple of needed places (closes: #280527) + * While hunting for unclean uses of VAR=`command` in the package, found + the cause of the "can't purge with broken config" bugs and fixed that + too with yet another ||true (closes: #263511, #273759, #279875) + + -- Adam Conrad Wed, 10 Nov 2004 01:32:16 -0700 + +apache2 (2.0.52-2) unstable; urgency=high + + * Include two patches, 036_HEAD_CAN-2004-0942 and 037_HEAD_CAN-2004-0885 + - CAN-2004-0942: Memory leak in header parsing in server/protocol.c + - CAN-2004-0885: Incorrect SSLCipherSuite selection in mod_ssl + * Fix up our use of netstat in apache2-common's postinst to clean up some + unnecessary output to stderr, as well as detect when netstat believes + we don't have AF_INET support. This should allow for installation in + chroots where the /proc filesystem isn't mounted (closes: #245487) + * Add 035_HEAD_Content-Length_Fix_From_CVS, which should solve problems + with Content-Length being set incorrectly on proxied HEAD requests, + breaking Windows Update from proxied machines (closes: #277787) + * Take out the reload/start magic in the postinst, and just call start in + all cases, as we stop the daemon in the prerm (closes: #275175, #222786) + * Copy config.guess/config.sub/ltmain.sh in from /usr/share/libtool at + build time. (closes: #257228, #263101) + * Clean up the clean target in debian/rules to remove some duplicate + maintainer scripts from the debian/ directory that we don't need to be + shipping in the source package. + * Move envvars to /etc/apache2/ and add patch 038_no_LD_LIBRARY_PATH to + remove the extraneous LD_LIBRARY_PATH from envvars (closes: #276670) + + -- Adam Conrad Sun, 7 Nov 2004 04:09:46 -0700 + +apache2 (2.0.52-1) unstable; urgency=high + + * New upstream bugfix/security release: + - Fixes CAN-2004-0811: Satisfy directive bypass (closes: #273412) + * Add '|| true' to a2enmod to stop it from dying when the installed MPM + isn't prefork (closes: #273017, #273019, #272865, #273021, #273258) + * Touch /var/log/apache2/error.log on new installs to ensure that our log + directory isn't removed until the package is purged, so logrotate doesn't + complain about its inability to find it (closes: #239571) + * Add 032_suexec_is_shared, which makes sure suEXEC is only searched for + and enabled when mod_suexec is loaded (closes: #227653) + * Use '$APACHE2CTL startssl' consistently in init script to make sure the + SSL define doesn't disappear on force-reload (closes: #272531) + * Add 033_dbm_read_hash_or_btree to allow apr-util and dbmmanage to open + and manipulate DB_BTREE databases, while still defaulting to creating + DB_HASH databases as before. This should clear up incompatibilities + with other applications (such as PHP) which default to DB_BTREE. + * Moved dbmmanage2 to /usr/bin, instead of /usr/sbin, as it's a user tool. + * Added 034_ab2_has_openssl, thanks to 2.1-cvs, Fedora, thom, and a bit + of munging, to compile a working ab2 with SSL support (closes: #261820) + + -- Adam Conrad Tue, 28 Sep 2004 10:21:20 -0600 + +apache2 (2.0.51-2) unstable; urgency=high + + * Test for the existence of /usr/sbin/apache2 before we go trying to invoke + it to determine what MPM we have installed (closes: #272103, #272207) + * Make the default httpd.conf created in apache2-common's postinst contain + a fake LoadModule line (commented out), and make apxs2 default to + installing modules to /etc/apache2/httpd.conf, so people using apxs2 + rather than the mods-{enabled,available} directories get the expected + behaviour, rather than obscure errors (closes: #167552, #231134) + * apxs2 now writes the correct path to modules in httpd.conf, including + the mysteriously missing slash (closes: #231450, #167557) + * Make apxs2 install modules with mode 644, since 755 makes no sense. + * Added a bit of magic to a2{en,dis}site to treat the default site as a + special case and add a "000-" priority to the beginning of its symlink. + Patches welcome to turn this into something robust, like update-rc.d. + + -- Adam Conrad Sat, 18 Sep 2004 07:12:12 -0600 + +apache2 (2.0.51-1) unstable; urgency=high + + * New upstream release, including the following security fixes: + - CAN-2004-0747: ap_resolve_env buffer overflow + - CAN-2004-0786: apr_uri_parse segfault in memcpy + - CAN-2004-0809: mod_dav crash/DoS via NULL pointer dereference + * Drop the following patches which are now included upstream: + - 025_CAN-2004-0748.patch + - 026_CAN-2004-0751.patch + - 027_autoindex_ignore_bad_files.patch + - 028_apr_sticky_bits.patch + * Install a properly sanitised config_vars.mk so that apxs2 behaves in + a reasonably sane way (closes: #243340, #270768) + * Relax www-browser dependency to a Suggests, as the mod_status dump from + apache2ctl is a pretty minor (and oft unused) feature (closes: #269309) + * init script now allows you to stop (but not start, restart, etc) the web + server, even if NO_START is set to 1 (closes: #269398) + * Make the apache2 -> apache2-mpm-* dependency tighter, so it does what + one expects when installing it (closes: #269580) + * Remove the ^/doc/apache2-doc/manual(.*)$ /manual$1 RedirectMatch from + the default site which was confusing and useless (closes: #270216) + * Add debian/watch file to track upstream versions. + * Add some magic to a2enmod to map cgi to cgid if using a threaded MPM. + * Add a2ensite and a2dissite which do the same thing as a2{en,dis}mod, + but for sites rather than modules (closes: #269251) + + -- Adam Conrad Wed, 15 Sep 2004 00:09:39 -0600 + +apache2 (2.0.50-12) unstable; urgency=high + + * Build-depend on mawk, and build-conflict with gawk, as we're only + guaranteed of having one or the other installed at any given time + and GNU awk seems to royally mess up the build with regards to which + external symbols get exported by httpd (closes: #268155) + * Add myself to the Uploaders field as it seems that, for better or + worse, I have become a co-maintainer of apache2. + * Drop the :80 from the default site config, so changing ports in + ports.conf now Just Works (closes: #253271) + * Added 029_docroot_manual.patch, which corrects the links in the start + page to point to /manual/ instead of manual/, so the link actually + works when apache2-doc is installed (closes: #232954) + * Add a postrm to apache2-common, implementing a policy-compliant purge + process (closes: #237030, #252254, #197986) + * Add a simple RedirectMatch to the "default" site, so that fresh + installations see the default start page, rather than a directory + listing (closes: #240772, #255974, #264070) + * Add 030_www-browser_apachectl.patch, and make apache2-common depend + on www-browser, so 'apache2ctl status' works (closes: #266724) + * Move apache2's (re)start from the apache2-common postinst to the MPM + postinsts, so we're not trying to start the old binary if apache2-common + is configured before apache2-mpm-* is unpacked (closes: #268936) + * Enable CGI on initial installation, as packages depending on httpd-cgi + require it to be running to work (closes: #267547, #263038) + * Only enable userdir on upgrades from older versions where it was + built-in, or on fresh installs. + + -- Adam Conrad Mon, 30 Aug 2004 17:40:47 -0600 + +apache2 (2.0.50-11) unstable; urgency=high + + * Add two patches from upstream to address two vulnerabilities in mod_ssl: + - CAN-2004-0748 is a potential infinite loop in the SSL input filter + which can be triggered by an aborted connection. + - CAN-2004-0751 is a potential segfault in the SSL input filter which + can be triggered by the response to request which is proxied to a + remote SSL server. + * Changed the ownership of /var/cache/apache2 to allow mod_proxy to + actually cache files (closes: #264622) + * Added a patch from upstream to make mod_autoindex skip over files that + it can't stat() (closes: #264645) + * New installations now get an /etc/default/apache2 file with a moderately + informative comment, and the default set sanely (closes: #263515) + * Added a patch from upstream to make APR stop creating directories with + the sticky bit set (closes: #266198) + * Remove the bogus "-e" from the echo that creates httpd.conf, so people + installing with ash/dash don't get a broken file (closes: #267693) + + -- Adam Conrad Mon, 23 Aug 2004 19:25:50 -0600 + +apache2 (2.0.50-10) unstable; urgency=high + + * Roll back the libapr0 ABI changes introduced in 2.0.50-9. We were + hopeful that we could hunt down and fix any fallout from this change + before release, and we were, apparently, wrong. + (closes: #266211, #266145, #266165, #266330, #266230, #266279, #266736) + + -- Adam Conrad Thu, 19 Aug 2004 03:46:11 -0600 + +apache2 (2.0.50-9) unstable; urgency=medium + + * Enable LFS properly. (Closes: #264645, #244897) + - Added 023_largefiles_upstream_fixes which makes the upstream configure + script a bit smarter and fixes some misuses of size_t/off_t. + - Added 024_largefiles_debian_hacks which adds some hideous hackery to + work around a bug in glibc where sendfile64 is used in place of sendfile + with no fallback even if the current kernel doesn't support it. + - Add note to README.Debian noting that while we can now read, write, and + list large files, SERVING large files is kernel-dependant. + * Bump libapr0 shlibs to (>= 2.0.50-9), since we're introducing + some serious ABI breakage with the above changes. + * Fix up the PATH in apache2's init script to list /usr/local, /usr, / + in the standard order. + * Change misleading return messages for a2{en,dis}mod, to reflect + the reality that some modules just won't load/unload properly + without a full stop/start server cycle. + + -- Adam Conrad Sun, 15 Aug 2004 07:41:19 -0600 + +apache2 (2.0.50-8) unstable; urgency=high + + * Ensure we link against the correct version of DB42 + + -- Thom May Mon, 9 Aug 2004 14:37:38 +0100 + +apache2 (2.0.50-7) unstable; urgency=high + + * Fix up linking of apr-util (Closes: #262009) + + -- Thom May Tue, 3 Aug 2004 12:42:53 +0100 + +apache2 (2.0.50-6) unstable; urgency=high + + * use 'env -i' rather than trying to parse env (Closes: #261558, #258713) + * revert to old build process (Closes: #260756, #259693) + * Reflect changes in ssl setup - Thanks, Björn Wiberg (Closes: #259414) + * Remove userdir config from main config file (Closes: #260058) + + -- Thom May Tue, 27 Jul 2004 10:31:46 +0100 + +apache2 (2.0.50-5) unstable; urgency=high + + * Add necessary suexec information to central build + (Closes: #258453, #258772) + * Exclude lines starting with a space from removal from the env + (Closes: #258713) + + -- Thom May Mon, 12 Jul 2004 17:30:59 +0100 + +apache2 (2.0.50-4) unstable; urgency=high + + * Fix dependencies so the MPMs don't conflict with the metapackages *g* + Thanks to Adam Conrad for this catch + + -- Thom May Fri, 9 Jul 2004 00:55:19 +0100 + +apache2 (2.0.50-3) unstable; urgency=high + + * Brown paper bag of epic proportion. Build all mpms with the proper + collection of libraries. (Closes: #258217, #258202) + * Clean up environment (Closes: #241579) + * Clarify prefork description (Closes: #252918) + * Make apache2-default/manual DTRT (Closes: #244847) + * Note that we don't ship INSTALL or README.platforms (Closes: #232956) + + -- Thom May Thu, 8 Jul 2004 16:04:31 +0100 + +apache2 (2.0.50-2) unstable; urgency=high + + * Make a2enmod a bit more robust (Closes: #258149, #258145) + * Should really be urgency=high to get into testing quick + + -- Thom May Wed, 7 Jul 2004 23:03:36 +0100 + +apache2 (2.0.50-1) unstable; urgency=medium + + * New upstream release, fixes [CAN-2004-0493] and [CAN-2004-0488] + * The "I can't believe you're late to your own raid" release + * Check whether verbose is on or off in rcS's config (Closes: #242351) + * Add an apache2 metapackage (Closes: #234955) + * Specifically disable /~root (Closes: #246139) + * Stop the daemon in prerm (Closes: #245488) + * Redirect /doc/apache2-doc/manual to /manual so the correct magic happens + (Closes: #248038) + * Update SSL config to current upstream (Closes: #234591,#231147) + * No longer install default cgis - they're already shipped in -doc as + examples. (Closes: #231665) + * Tighten regex for Include (Closes: #234489) + * Remove ext-filter.load since we ship ext_filter.load too (Closes: #249268) + * Enable userdir as a shared module (Closes: #251102, #246134) + * OSKURO SUCKS (otherwise known as: not a bug) (Closes: #208569) + * Create /var/lib/apache2 (Closes: #242169) + * Remove 'AddDefaultCharset' line from apache2.conf (Suggestion from Marco + D'Itri) + + -- Thom May Tue, 6 Jul 2004 18:45:35 +0100 + +apache2 (2.0.49-1) unstable; urgency=high + + * New Upstream release. (Closes: #240100) + * Add missing $ to init-script (closes: #240301) + * Provides: httpd-cgi in reference to #117916 + + -- Thom May Sun, 4 Apr 2004 11:32:20 +0100 + +apache2 (2.0.48-8) unstable; urgency=low + + * Fix typo in debian/rules (closes: #230760) + * Added patch 021-pcre_mangle_symbols.patch (closes: #235810) + * Fixed typo in the init scripts (closes: #230263) + * Changed a bunch of mv's to cp's in rules (closes: #228840) + * Change mime_magic to use magic from libmagic1 (closes: #236509) + * Disable ssl-cert until it sucks less. related to 230791 (closes: #231726) + * update descriptions (closes: #234543, #234538, #234542) + * Nuke /etc/vhosts and all associated cruft (closes: #235029) + + -- Thom May Mon, 2 Feb 2004 12:47:10 +0000 + +apache2 (2.0.48-7) unstable; urgency=low + + * Brown paper bag release. Refix the nonfixed libapr0 which built + without linking information. + + -- Tollef Fog Heen Fri, 30 Jan 2004 18:25:12 +0100 + +apache2 (2.0.48-6) unstable; urgency=low + + * Build-Conflict with gdbm (closes: #230226, #230175, #204672) + + -- Tollef Fog Heen Fri, 30 Jan 2004 12:24:09 +0100 + +apache2 (2.0.48-5) unstable; urgency=low + + * (Daniel Stone) + - Bump Standards-Version to 3.6.1.0. + - init-script: Print a small warning when NO_START=1. (closes: #178431) + - default site: Enable FollowSymLinks. (closes: #200829) + * (Thom May) + - Permanently kill the ErrorLog directive from ssl.conf + - Call ssl-cert to generate an SSL cert using debconf (closes: #178322) + - Allow /usr/share/doc/ to be viewable from localhost (closes: #222551) + - Set the default DocumentRoot to be /var/www (closes: #222552) + - Change where the init script is installed to (Closes: #223417) + - Upgrade to DB4.2 + * (Tollef Fog Heen) + - handle building out of the SVN checkout. + + -- Tollef Fog Heen Wed, 28 Jan 2004 00:13:13 +0100 + +apache2 (2.0.48-4) unstable; urgency=medium + + * (Daniel Stone) + - Change apache2-threaded-dev's Conflicts from apache2-perfork-dev to + apache2-prefork-dev. Learn how to type, dude (thanks to Grzegorz + Prokopski for spotting this one). + + -- Daniel Stone Mon, 17 Nov 2003 12:00:11 +1100 + +apache2 (2.0.48-3) unstable; urgency=medium + + * Grmmp. stuffed the upload + + -- Thom May Wed, 12 Nov 2003 18:18:54 +0000 + +apache2 (2.0.48-2) unstable; urgency=high + + * (Thom May) + - Fix locking busted by NPTL (Closes: #220299) + - Fix IPv6 weirdness (thanks to Jordi/Fabio) (Closes: #220334) + + -- Thom May Wed, 12 Nov 2003 13:04:04 +0000 + +apache2 (2.0.48-1) unstable; urgency=low + + * (Thom May) + - New Upstream Release (Closes: #202094) + - Fix i18n autonegotiation for the manual (Closes: #201648) + - Add deb.{gif,png} (Closes: #199454) + - Explicitly link against libdl (Closes: #195968) + - Add dependency on ssl-cert (Closes: #177837) + - Take preventative action against SCTP + - Add apache2-prefork-dev to work around PHP. + - Shut Oskuro up - startup time changed to 91 (Closes: #208569) + - Install README.etc into apache2-common's doc dir + (Closes: #208751,#177941) + - Auth_LDAP loads mod_ldap as well. (Closes: #217795) + - Make sure /var/lock/apache2 has correct ownership (Closes: #206375) + - Fix for SSL enabled virtual hosts (Closes: #202925) + - Steal new apr_threads.m4 from upstream to deal with -lpthread better + (Closes: #197685) + * (Fabio M. Di Nitto) + - Fixed init script (Closes: #203093) + + -- Thom May Sat, 16 Aug 2003 00:13:20 +0100 + +apache2 (2.0.47-2) unstable; urgency=low + + * Move dav.conf to dav_fs.conf (Closes: #201530) + * Fix the manual, and only ship it once. (Closes: #201648) + * Enable SymLinksIfOwnerMatch for cgi-bin (Closes: #200829) + + -- Thom May Wed, 16 Jul 2003 10:24:28 +0100 + +apache2 (2.0.47-1) unstable; urgency=high + + * New Upstream Release. Bunch of security fixes (Closes: #200593) + * Add asis.load, auth_ldap.load, cache.load, dav_fs.load, disk_cache.load, + ext_filter.load, file_cache.load, imap.load, ldap.load, mem_cache.load, + include.load (Closes: #197152, #198389, #196115) + Note that dav_fs was previously loaded by dav.load, and is now broken out + into a seperate file. + * Patch apxs2 to use datadir rather than prefix for top_builddir. + (Closes: #198607) + * Kill a couple of pointless conflicts. (Closes: #197242) + * Change suexec docroot from /var/www/apache2-default to /var/www + (Closes: #198981) + * Make sure we use Expat rather than xmltok (Closes: #197020) + * Ship find_ap{r,u}.m4 (per Nuutti Kotivuori) + + -- Thom May Fri, 4 Jul 2003 13:40:37 +0100 + +apache2 (2.0.46-3) unstable; urgency=low + + * Clean up the proxy config although it's not enabled by default. + (Closes: #195187) + * Remove all traces of gdbm. (Closes: #196231) + * Re-enable ldap support (Closes: #190092) + * This changelog should be policy compliant. Any whingers can take a long + hike off a short pier. + * use printf rather than echo to work round weird shells. (Closes: #196230) + + -- Thom May Thu, 5 Jun 2003 19:26:21 +0100 + +apache2 (2.0.46-2) unstable; urgency=critical + + * Fix config_vars.mk creation and installation (Closes: #195141, #195190) + + -- Thom May Thu, 29 May 2003 11:47:13 +0100 + +apache2 (2.0.46-1) unstable; urgency=critical + + * The "David Welton is my hero" release + * New upstream release, numerous security vulns fixed. + * Oh the pain. + * Move ScriptSocket to /var/run/apache2 (Closes: #188655) + * Restore mod_include (Closes: #188483) + * Move the virtual hosts config to the end of the config file + (Closes: #188584) + * Add Mod-Ext-Filter (Closes: #182770) + * Add actions.load (Closes: #178087, #179571, #181527) + * Add a dependency on net-tool (Closes: #190663) + * Clean up FHS compliancy and fix up a typo in apachectl (Closes: #187723) + * Fix for the apxs -q APR_BINDIR doesn't work problem (Closes: #188278) + * Special case the install of special.mk (Closes: #179776) + * Make apache2-dev and apache-dev not conflict. (This renames apxs back to + apxs2) + * Add README for /etc/apache2 written by David. + * Add auth_digest.load courtesy of Amelia A Lewis + (Closes: #194111) + + -- Thom May Wed, 28 May 2003 14:17:21 +0100 + +apache2 (2.0.45-3) unstable; urgency=critical + + * another "stupid freaking sasl" release. the series is on! + + -- Thom May Tue, 8 Apr 2003 17:13:09 +0100 + +apache2 (2.0.45-2) unstable; urgency=critical + + * the "stupid freaking sasl" release. + * fix override disparities too. + * fix dulpicate dependency on libssl0.9.7 (Closes: #179598) + + -- Thom May Tue, 8 Apr 2003 13:34:44 +0100 + +apache2 (2.0.45-1) unstable; urgency=critical + + * New upstream release (Closes: #187502) + * Fix korean language type, thanks to Donggyoo Lee + (Closes: #179542) + * Add explicit dependency to libsasl-dev (Closes: #179674) + * Remove ErrorLog from ssl.conf + * forward ported patches courtesy of Roberto Moreda ; big + thanks! + + -- Thom May Sat, 5 Apr 2003 14:35:58 +0100 + +apache2 (2.0.44-6) unstable; urgency=low + + * Make APR's postinst idempotent (Closes: #178105, #178141) + * Make Apache2-common's postinst non interactive (Closes: #178551) + * People filing bugs after they're fixed should be shot (Closes: #178244) + * Build Logio into the core, apparently. + + -- Thom May Mon, 27 Jan 2003 20:47:28 +0000 + +apache2 (2.0.44-5) unstable; urgency=low + + * The "someone should take my compiler away from me" release + * Depend on openssl as well. Grrr. (Closes: #177985) + * Clean up the last of the section mismatches + + -- Thom May Thu, 23 Jan 2003 15:04:20 +0000 + +apache2 (2.0.44-4) unstable; urgency=low + + * The "going for broke" release. + * Enable Logio, suggested by Roberto Moreda + * Stop force loading of cgi modules. (until we can do it cleanly) + (Closes: #177876, #177795) + * Restore symlink for libapr.so.0 (Closes: #177792) + * Apache2-common must depend on libssl0.9.7 (Closes: #177845) + * Rename ssl-certificate so we don't conflict with apache-ssl + (Closes: #177881) + * Only create the certificate if it's not there already (Duh!) + + -- Thom May Wed, 22 Jan 2003 09:59:11 +0000 + +apache2 (2.0.44-3) unstable; urgency=low + + * The "This one goes out wearing a brown paper bag" release + * Fix apxs to correctly return the header locations (Closes: #177729) + + -- Thom May Tue, 21 Jan 2003 16:35:14 +0000 + +apache2 (2.0.44-2) unstable; urgency=low + + * The "Ooops, I did it again" release + * Fixup of sections and priorities. + * Add dependency of libldap2-dev to libapr0-dev + * Correct dependencies to be db4.1 not db4.0 + + -- Thom May Tue, 21 Jan 2003 13:26:57 +0000 + +apache2 (2.0.44-1) unstable; urgency=low + + * Conform to 10.4 of policy re init scripts, (Closes: #165693) + * Be more selective about filenames when doing Include + Patch - 008_make_include_safe (Closes: #161512) + * Make HTMLTable validate, and add a note recommending its use. + (Patch submitted upstream and will be in 2.0.44) + Patch - 010_fix_html_table (Closes: #153593) + * Make apr have correct library versioning + Patch committed upstream + Patch - 011_make_apr_versioned (Closes: #162775) + * Placed packaging code under subversion change management + http://svn.positive-internet.com/svn/apache2/trunk + * Changed some bash scripts to use #!/bin/bash rather than #!/bin/sh + (Closes: #168338) + * Changed apache2-common to merely suggest apache2-doc (Closes: #167595) + * Patch from David Kimdon to clean up debian/scripts/* + * Rename apxs2 to apxs; conflict with apache-dev (Closes: #167550) + * Upstream fix for AllowOverride documentation (Closes: #169431) + * Tighter build dependency on debhelper (Closes: #170803) + * Only reload in logrotate if apache2 is actually running (Closes: #171095) + * Upstream Fix for AddOutputFilterByType documentation (Closes: #172294) + * Add robots.txt to apache2-common (Closes: #172592) + * Enable cgi in postinst (Closes: #168709) + * Create an SSL Certificate on install (Closes: #168109) + * Fix a couple of typos in debian/ssl-certificate, with thanks to Nuutti + Kotivuori + * Change to restart rather than reload in logrotate, to work round a nasty + PHP bug (PHP has bugs? *gasp* I thought it was perfect!) with thanks to + Adam Conrad for the suggestion + * Clarify what needs to be installed for a working system (Thanks to Sean + Abrahams) + * Support debug DEB_BUILD_OPTIONS setting, thanks to Karl Hegbloom + (Closes: #174221) + * Add -pipe to the CFLAGS, thanks to Karl Hegbloom + * Force apr-util to build against db4 + * add OSX finder to the list of things that needs to be redirect-carefully'd + * s/enabled/disabled in debian/a2-scripts/a2dismod (Closes: #173956) + * enable auth-ldap, auth-anon, auth-dbm, auth-digest, and action as shared + modules (Closes: #172044, #174583, #172093) + * Upgrade to Berkely DB 4.1 + * Upgrade to OpenSSL 0.9.7 + * Add patch to ensure DB4.1 --with-unique-names is picked up. (Committed + upstream) + * Add local apache2 and apache2ctl manpages, since upstream have removed + them. + + -- Thom May Mon, 20 Jan 2003 11:14:43 +0000 + +apache2 (2.0.43-1) unstable; urgency=medium + + * New Upstream Release; Fixes: CVE: CAN-2002-0840 CERT: VU#240329 + * Add extra config to unfuck perchild. hopefully. + * Rejig Proxy Config some. With thanks to: Emmanuel Chantreau (Closes: #163124) + * Fix cgi install. Thanks to: Bastian Kleineidam (Closes: #162791) + * Fix postinst to check installation type and behave accordingly (Closes: #162627) + * Bring product version into line with RFC2616 (Closes: #151384) + * Add allow line for ipv6 localhost (Closes: #163533) + * Make more of the modules modular. + * Set UseCanonicalName off + * Added index.xhtml to DirectoryIndex settings + * Enabled MultiViews in the default site, and for the manual (Closes: #160367) + * Removed Unnecessary cgi.conf (Closes: #163842) + + -- Thom May Fri, 4 Oct 2002 21:47:18 +0100 + +apache2 (2.0.42-2) unstable; urgency=low + + * Tighten dependencies yet more + * Restart in postinst. don't stop in prerm and start in postinst (Closes: #162344, #162350, #162537) + * Fix dh_shlibdeps up + * PERCHILD IS NOT WORKING IN THIS RELEASE. DON'T EXPECT IT TO. BUGS ABOUT + THIS WILL BE CLOSED WITH EXTREME PREJUDICE. + + -- Thom May Fri, 27 Sep 2002 13:06:59 +0100 + +apache2 (2.0.42-1) unstable; urgency=low + + * "Pretty. What shall we blow up?" + * New Upstream Version (Closes: #160364) + * Fix man names and sections (Closes: #157113) + * Correct the regex for netstat checking of ports, thanks to Matthew Hambley + for this. + * Correct dependencies for apache2-common. (Closes: #161793) + * Applied patch from Stefan Gybas to fix a2enmod (Closes: #159459) + * Added BrowserMatch directives for microsoft's bodgy DAV implementations + and also for gnome-vfs (Closes: #155097) + * Loosened the config for home directories (Closes: #153599) + * Updated to latest standards version + * Drop priority to extra to bring it in line with libdb4.0 + * Added logrotate script - Thanks to Phil Edwards for the basic version, and + the apache package that I ripped the rest off from (Closes: #155488) + * Tighten up what the Include lines load some. This is related to #161512 + but doesn't completely close it. + + -- Thom May Sat, 21 Sep 2002 22:14:22 +0100 + +apache2 (2.0.40-1) unstable; urgency=low + + * New Upstream Version + * Correct dependencies. (Closes: #156959) + * Code to check for something else listening on 80 (Closes: #156129) + * correct permissions on suexec2 man page (Closes: #157005) + * Make the start and stop targets use apache2 directly rather than + apache2ctl. + * Check for the existence of apache2 and exit if it's not there (Closes: #156640) + * Nuke ssl_scache on startup (Closes: #157445) + * patch apxs to not need an mpm installed. Correct dependencies for -dev. + Stop messing around with ap_config_auto.h. + This hopefully resolves James Troup's objections to apache2. (Closes: #157895) + * Add code to check for a 2.2 based kernel and set up the Scoreboard + accordingly. (Closes: #156899) + * make sure i only have to update one init.d script, rather than 4. + * make apxs return a correctly formatted response on queries. + + -- Thom May Wed, 21 Aug 2002 14:21:14 +0100 + +apache2 (2.0.39+cvs.1028741220-2) unstable; urgency=low + + * Rebuild against new libc6. Grr. (Closes: #155865) + * Actually create /etc/apache2/httpd.conf + * Propagate init.d changes through the other MPMs. + + -- Thom May Thu, 8 Aug 2002 09:19:49 +0100 + +apache2 (2.0.39+cvs.1028741220-1) unstable; urgency=low + + * New Upstream Version + * Make a versioned depends on libapr0 (Closes: #154879, #155400) + * Ensure that /etc/init.d/apache2 is registered properly. + * Added a conf.d directory for random conf snippets + * Ensure that the /manual/ alias is setup by the correct package (Closes: #155179) + * Ensure that DAVLockDB is created in the right directory (Closes: #155096) + * Now Building in a pbuilder chroot environment. + * Perchild is now pseudo working (Closes: #154148) + * Cumulatively (note to Lazarus Long: this means all the things in this + changelog added together) (Closes: #155297, #155307, #155317, #155717, #155363, #155719, #155801) + * Note that preceeding changelog entry may not be parseable by strict grammar + checks. Thanks to Jamie Wilkinson for pointing this out. + * Turn MultiViews back on for the default site (Closes: #155450) + checks. Thanks to Jamie Wilkinson for pointing this out. + * Turn MultiViews back on for the default site (Closes: #155450) + * Removed all CVS directories (Closes: #155602, #155393, #155402) + * SSI has been fixed upstream (Closes: #151744) + * Removed SSLLog directives (Closes: #152940) + * Put icons in the right place (Closes: #155178) + * Fixed build-dep on libgdbmg1-dev (Closes: #155412) + * Get correct information into config_vars.mk (Closes: #151712) + * Removed 'ServerName localhost' line (Closes: #155359) + * Placed apr-util headers in correct package + * Ensured that the init.d script restarts apache properly + + -- Thom May Tue, 30 Jul 2002 22:37:52 +0100 + +apache2 (2.0.39+cvs.1027964860-1) unstable; urgency=low + + * New Upstream Source + * Correct Icons path (Closes: #151314) + * Add missing dep on mime-support (Closes: #151848, #152220, #152221, #151772) + * Fixup suexec2, thanks to Masahito Omote (Closes: #151422) + * Mark Brown + - Remove spurious claim that apache2 hasn't been uploaded (Closes: #151433) + - Bring apache2 in line with policy on /usr/share/doc/ (Closes: #151459) + - Make reload behave the same as force-reload (Closes: #151432) + * place the manual in the right place, thanks to Md (Closes: #151766) + * David Kimdon + - add build depends on zlib1g-dev (Closes: #151286) + + -- Thom May Fri, 29 Jul 2002 19:12:56 +0100 + +apache2 (2.0.39-1) unstable; urgency=low + + * New Upstream Version, fixing a denial of service attack. + * Fix installation of icons and manual. + * David Kimdon + - fix path for envvars in apxs2 + - use generalized directives in ssl.conf ( SSLLog -> ErrorLog, + SSLLogLevel -> LogLevel ), this allows server to load ssl + module + + -- Thom May Fri, 14 Jun 2002 17:29:59 -0700 + +apache2 (2.0.37-2) unstable; urgency=low + + * Updated Copyright file to actually contain a copy of the various licenses. + + -- Thom May Fri, 14 Jun 2002 15:41:41 +0100 + +apache2 (2.0.37-1) unstable; urgency=low + + * New upstream version + + -- Thom May Thu, 13 Jun 2002 17:47:12 +0100 + +apache2 (2.0.37+cvs.JCW_PRE2_2037-1) unstable; urgency=low + + * New upstream release + + -- Thom May Wed, 5 Jun 2002 12:42:34 +0100 + +apache2 (2.0.36-2) unstable; urgency=low + + * debian/control - Correct provides, conflicts and depends, especially for + the mpms. + * build-dep doesn't work with provides, which makes sense. Need to make a + note of this in the policy. + * debian/rules - ensure that the mpm specific header file is installed into + the right place + + -- Thom May Fri, 31 May 2002 14:54:39 +0100 + +apache2 (2.0.36-1) unstable; urgency=low + + * The "The obviously begging in a changelog works" release. + * New Upstream release + * Vpath Builds now work, giving the ability to select which MPM you require + * Changed vhost base to only be a Recommends: as I'm not happy that it's + currently in a properly releasable state. + * New enhost script courtesy of DannyS. + * David Kimdon + - make apxs2 find envvars properly + - use libtool to install apache2 binaries for different mpm's + - fix dependancies for apache2-dev (we can't do a versioned 'Provides' + so we need to list all the packages that provide apache2 along + with their version) + * Implemented a long overdue suggestion to only create ports.conf if it's + not in existance already, rather than to add a command to listen on 80 iff + that didn't exist. The person who suggested it is lost in the mists of my + mailbox. If it was you, please email me! + * debian/vhost-base/add.d/apache2 - apply patch from "Omniflux" + to fix some brainos + + -- Thom May Mon, 6 May 2002 16:39:18 +0100 + +apache2 (2.0.35+cvs.20020420-1) unstable; urgency=low + + * The "finding myself standing on the corner staring into a different world" + release. Will someone please give me a job? + * Resync with upstream CVS. lots and lots of bug fixes since the last + release. + * Attempting to build with multiple MPMs, so speedfreaks can have a threaded + MPM. (Available MPMs are: prefork, worker, threadpool, and + leader/follower). + * Now sedding ap{r,u}-config in the install target. + * vpath build evilness suggested by Andrew Suffield and others. I hate them + all. :) + + -- Thom May Sat, 20 Apr 2002 17:04:46 +0100 + +apache2 (2.0.35-2) unstable; urgency=low + + * The "Apache2 isn't released, therefore the Bug Tracking System doesn't + bloody well work" release + * Fixes a bug in add host, due to the change from Port to Listen. + (Reported by numerous people, patch more or less from Esteve Fernandez + . + * Attempt to fix apu-config, suggestion and patch from David Kimdon, if it's + wrong, I broke it. (Changed it to apply pre-build, rather than post build. + Yes, it's the lazy approach. It's also the right one :) ) + * THE BUG TRACKING SYSTEM IS NOT THE RIGHT PLACE TO SEND BUG REPORTS FOR + APACHE2. + * REALLY. + + -- Thom May Sat, 6 Apr 2002 21:04:16 +0100 + +apache2 (2.0.35-1) unstable; urgency=low + + * WOOOOOOOOOOOHOOOOOOOOO! Apache2's first General Availability release! + * Various bug fixes, suggestions and so on. + * Built with db3 for the time being. + + -- Thom May Sat, 6 Apr 2002 03:01:24 +0100 + +apache2 (2.0.34+retag-1) unstable; urgency=low + + * Resync with upstream release. + * Fix packaging-fus (Hi Marcello!) + * Upstream have fixed cgi probs. + + -- Thom May Mon, 1 Apr 2002 14:50:12 +0100 + +apache2 (2.0.34-1) unstable; urgency=low + + * New upstream release + * added mod_deflate as a shared library + * bashed on apache2.conf some. + + -- Thom May Tue, 26 Mar 2002 23:23:09 +0000 + +apache2 (2.0.33-1) unstable; urgency=low + + * New upstream. + * Unfucked all code, include init.d and /etc/vhosts. + * FHS'ified, more or less + * Some debconf, but not much. + * Merged more patches upstream + + -- Thom May Sat, 9 Mar 2002 23:33:09 +0000 + +apache2 (2.0.32+cvs.20020228-1) unstable; urgency=low + + * The "bathwater, no baby" release. + * Submitted patches upstream like crazy. + * Tossed the insanely bogus apachectl patch + * Debconf not included here. Want to get everything else right, and a + release out. + * Boom! + + -- Thom May Thu, 28 Feb 2002 21:07:24 +0000 + +apache2 (2.0.32-1) unstable; urgency=low + + * The "Throwing stuff away like mad and seeing if it still builds" release. + * Ditched apache2-modules* on the principle of least surprise - the deb + layouts now pretty closely follow apache. + * Trying to triage away patches that have been fixed upstream. + * Major attack on debconfiscation starts here -> . + + -- Thom May Tue, 19 Feb 2002 20:37:58 +0000 + +apache2 (2.0.31+cvs.20020217-1) unstable; urgency=low + + * New CVS snapshot from HEAD to benefit Subversion for the impending 0.9 + release. Enjoy! 81 lines in the last couple of days ... :) + * debian/patches/005_more_hardcoded_paths: + - Regenerated diff against newer version of mpm_default.h. + * debian/patches/008_apr-config_sucks + - Regenerated apr-util part of diff against newer version of + apu-config.in. + * debian/apache2.{config,templates,postinst}, + debian/vhost-base/add.d/apache2, + debian/vhost-base/templates.d/apache2{,.in}, debian/rules: + - Debconfage asking which port to run on, and make the vhost-base script + only list the current ports; ports stuff moved to + /etc/apache2/ports.conf - re-enable dh_installdebconf in debian/rules. + - Moved templates.d/apache2 to templates.d/apache2.in so we can do some + nifty inplace regexps. + * debian/apache2.init.d: + - Bail out of the init script if there aren't any sites enabled. + * debian/{rules,control}: + - Get rid of apache2-modules; move its contents to apache2. + * debian/config-mods/cgid.conf: + - Get rid of redundant wrapper around ScriptSock, so it + actually loads. Thanks to Pieter "Pitr" Jansen for this one. + + -- Daniel Stone Sun, 17 Feb 2002 01:23:43 +1100 + +apache2 (2.0.31+cvs.20020207-1) unstable; urgency=low + + * The one-big-happy-apache2-bug-squashing-family release. + * Update to latest CVS; hopefully this won't mean that piro deadlocks every + time dpkg goes to read its database. Hopefully this gets rid of the bugs. + Yes, all of them. + * debian/patches/004a_srclib_layout_support: + - Updated a touch to fit in with .32-dev. + * debian/patches/008_stuff_in_sbin_not_bin: + - Removed; obsoleted by upstream discovering sanity. + * debian/patches/008_apr-config_sucks: + - Fix problem whereby @prefix@ would sub to $(prefix), but $(prefix) + wouldn't sub to the prefix, or ${prefix}, thus screwing up the running + of apr-config ... ditto for apu-config (from apr-util). + * debian/patches/009_apxs: + - Reworked to make it actually work, and apply cleanly. + - Fix libtool breakage once again, thanks David Kimdon. + * debian/patches/010_shmget: + - Hack to srclib/apr/apr.h.in to make it prefer shmget over everything + else, to make it 2.2/non-tmpfs safe. (Thanks Ben Collins). + * debian/patches/012_debian_version: + - Minor update (include a space in front of "Debian", change it to + "Debian GNU/Linux" to clarify things, and before the the Hurd [happy + now, you crack junkies?] people complain, it's not released as a Debian + port yet, so feh). + * debian/vhost-base/add.d/apache2: + - Change sites to sites-available, in line with the previous change. + * debian/config/mods-available: + - Move to debian/config-mods to make life easier with the move to + apache2-modules (see below). + * debian/config-mods/auth_dbm.load: + - New file, in line with introducing mod_auth_dbm; thanks again to David + Kimdon. + * debian/a2-scripts/a2{en,dis}mod: + - Rewritten to be much cleaner and cool. (Thanks to Ben Collins for + pointing out that the permissions were screwed). + * debian/apache2.postinst: + - New file, no #DEBHELPER# token so that we don't care if postinst fails; + this way it won't bail if you're already running another web server. + Thanks to David Kimdon for pointing out an error. + * debian/vhost-base/{enable,disable}.d/apache2: + - Fixed! Woot! The code isn't the best you'll see, but now *WORKS*. Whoo! + * debian/control: + - Extend libapr-dev's Depends to include libapr0 (duh). + - Remove apache2-modules-dev as modules are no longer built both shared + and static, IMHO this was quite braindead behavior. Upstream's change, + not mine. + - Remove apache2-support as apxs2 requred apache2 anyway. Chalk one (more) + down for "failed experiments". + - Removed redundant libssl0.9.6 and libxmltok1 build-deps; we already + build-depped on the relevant -dev packages; thanks Ben Collins. + * debian/rules: + - Modules are no longer built statically as well as dynamically (upstream + change), so stop trying to move the files around. + - Sort out the libapr0/libapr-dev mess once and for all; thanks to Matt + Wilcox and Ben Collins for patiently talking me through it. + - Move *contents* of mods-available to apache2-modules, but keep the + directory itself as part of apache2, to keep the addons happy; thanks + David Kimdon. + - s/apache2-support/apache2/, see debian/control entry. + - Remove extraneous LICENSE file from the vhost manual. + - Remove *.exp files, because they're unneeded. + * debian/apache2.docs: + - Remove KEYS from the list of docs because this is crap and no longer + distributed. w00t! + + -- Daniel Stone Thu, 7 Feb 2002 20:39:44 +1100 + +apache2 (2.0.28-3) unstable; urgency=low + + * Enabled mod_auth_dbm for Subversion. (thanks David Kimdon). + + -- Daniel Stone Thu, 29 Nov 2001 23:25:53 +1100 + +apache2 (2.0.28-2) unstable; urgency=low + + * Fixed up a couple of things, + /etc/apache2/modules->/etc/apache2/mods-available, etc. + * Included mod_dav, so Subversion can be built. + * New package: apache2-modules-dev, containing all + /usr/lib/apache2/modules/*a. (Thanks Adam Heath). + * Moved libapr.so.* symlinks to libapr-dev (Thanks again to doogie). + + -- Daniel Stone Sun, 25 Nov 2001 19:00:19 +1100 + +apache2 (2.0.28-1) unstable; urgency=low + + * Updated to 2.0.28, which they actually managed to agree on calling a beta. + * debian/apache2.init.d: + - Stripped of almost all its functionality. Now just touches httpd.conf if + we're starting and it doesn't exist, and then calls apache2ctl with all + our options, whatever they may be - it can error out if it wants. + * Removed patches: + - 010_index.html.it_typo - merged upstream. + * Updated patches: + - 009_apxs: make it actually find libtool. Thanks to David Kimdon. + - 002_apache2ctl: really fix apache2ctl graceful. + + -- Daniel Stone Sun, 18 Nov 2001 15:29:43 +1100 + +apache2 (2.0.26+cvs.20011028-2) unstable; urgency=low + + * Added vhost-base support. + - Removed Debconfage and moved all the templates to + debian/vhost-base/templates.d (/etc/vhosts/templates.d). + Removed apache2.postinst and apache2.config. + - Removed a2{dis,en}host. + * /usr/lib/cgi-bin will now be /cgi-bin, /var/vhosts/hostname/cgi-bin will be + /cgi-local. + + -- Daniel Stone Fri, 9 Nov 2001 21:53:27 +1100 + +apache2 (2.0.26+cvs.20011028-1) unstable; urgency=low + + * Resync with HEAD (another coming to fix segfaults, but no net connectivity + at the moment - 4-11-2001, 2:12pm. Grrr). + * New patches: + - 011_mod_autoindex-symlink: make icons for symlinks to files and dirs + special cases. + + Touches modules/generators/mod_autoindex.c + + Special cases: ^^SYMDIR^^ and ^^SYMLINK^^. + - 012_debian_version: adds "Debian" to the Apache version string. + + Touches include/ap_release.h - this patch has *no* context. Please + don't give it any, I don't want to have to rediff every version. + * debian/config/httpd.conf, debian/config/apache2.conf: + - Move main config file to apache2.conf, made it much more bare-bones. + + User (or package) config should be done in httpd.conf. + * apache2.conf: + - s/Port/Listen/ - booya! Finally they cleaned it up. + - Add (commented-out) icon entries for ^^SYMDIR^^ and ^^SYMLINK^^. + Anyone volunteer to create icons? + * debian/apache2.postinst: + - Minor cleanups. + - And later: Made it just call ap2addhost --default. (and a2enhost). + * debian/config/modules/ssl.conf, debian/config/sites/default-443: + - Put only generic SSL stuff in ssl.conf, split SSL support out into + a new virtual host thingy in accordance with dealing with ports. + * debian/config/sites/default, debian/config/sites/default-443, + debian/patches/004b_debian_layout: + - Add a new alias /cgi-pub/ to /usr/lib/cgi-bin. Packages should put + scripts here. + * debian/control: + - changed the Suggests: on apache2-doc to a Recommends: + + otherwise /manual/ will be a broken alias, as it points to + /usr/share/doc/apache2-doc/manual. + - changed libapr-dev to Architecture: all (from Arch: any) - whoops. + * Added support for multiple ports on the one virtual host. At the moment + it's one gigantic, ugly, kludge. *sigh*. Format: + - /var/vhosts/site.name/htdocs-PORT + - /var/vhosts/site.name/logs/(access|error).log-PORT + - /var/vhosts/site.name/cgi-bin-PORT + * debian/apache2.postinst, debian/config/sites/default, etc: + - s#/var/www#/var/vhosts#; + - s#htdocs#htdocs-$PORT#; + * More Debconfage - it now asks if you want SSL support in the default + virtual host, and which port number you want (default 81 so it sits + side-by-side with apache). + * Major change to postinst, a2addhost, et al: + - It's all now done in Perl, and postinst is no longer a special case. + The standalones call Debconf for what they need to do, calling it as a + standalone. This way, postinst just calls a2addhost, etc, and it also + smooths the path for me to do the vhost-base stuff. + * No, this migration path probably won't be smooth (between apache2 + versions). Sorry. + * Last release before I make it vhost-base compliant. + + -- Daniel Stone Sun, 28 Oct 2001 20:33:18 +1100 + +apache2 (2.0.26+cvs.20011023-1) unstable; urgency=low + + * Damnit, resync with HEAD (2_0_26 was unstable). + + -- Daniel Stone Tue, 23 Oct 2001 18:36:42 +1000 + +apache2 (2.0.26-1) unstable; urgency=low + + * Resync with upstream CVS (but only as far as the APACHE_2_0_26 tag). + Essentially, this gives all the coolness of a CVS tree, but all the + stability of a release. I may start tracking HEAD later, we'll just + have to see. + * Changed libapr->libapr0. + * Fixed a couple of typo's in index.html.it (thanks Md, via Joey). + * 22nd October, 7:51pm: Resync again as they added a couple of files + and bumped the tag to fix segfaults. + + -- Daniel Stone Wed, 17 Oct 2001 23:50:39 +1000 + +apache2 (2.0.25+cvs.20011001-1) unstable; urgency=low + + * More CVS resyncing joy. + * Silly stupid evil poo bum hack to apachectl. I don't like this. + Please, help. + * Got rid of a few lintian warnings. + * Install build stuff to /etc/apache2/build, adjust apxs accordingly. + * Agreed on policy with madduck. This is a MAJOR CHANGE, people. + A lot of stuff has changed around, so you'll need to change your + packages. + apache2 now treats everything as a virtual host (even when you only + have one host). This allows us to skirt around FHS and do our own + thing. ("Thpthpthpthpthpthpt, we're using vhosts. FHS doesn't say + anything about that.") + Please see README.Debian for more details. + * More fun with virtual hosts. Migrated their configuration files to + /etc/apache2/virtuals/. This will allow for easy adding and + removal, via the new tools /usr/sbin/ap2(add|del)vh. + apache2's postinst touches /etc/apache2/POSTINST_CONFED, and will refuse + to re-run the postinst config stuff if it's there already. + * Module fun - /usr/sbin/ap2mod(en|dis). Modules put their loading line in + /etc/apache2/modules/foo.load, config in /etc/apache2/modules/foo.conf. + Enabled module stuff gets symlinked into /etc/apache2/mods-enabled. + * Move APR stuff to /usr/lib, not /usr/lib/libapr. Whoops, should've done + this a *long* *time* *ago*. + * More silly APR hacks: Move /usr/include/libapr to /usr/include/apache2, as + silly things like php4 don't get the fact that APR and apache2 can indeed + have different include directories. Grrr. + * Juggled script names - it's now a2(en|dis)(host|mod). + * I don't care, I'm uploading. No, really (closes: #103471). + It's been 93 days since I first did dh_make and ITPed it. :) + + -- Daniel Stone Thu, 4 Oct 2001 20:15:31 +1000 + +apache2 (2.0.25+cvs.20010923-1) unstable; urgency=low + + * Another resync with upstream CVS; most of the changes below were made + between then and now. + * Also added apache2-support - everything from support/*, so php4, et al + don't need to Build-Depend on apache2 itself. + + -- Daniel Stone Sun, 23 Sep 2001 13:21:16 +1000 + +apache2 (2.0.25+cvs.20010908-1) unstable; urgency=low + + * Synched everything with CVS; it works now. + * We now build with ./buildconf due to the above; redo all the patches + against configure.in. I swear this will be the last change, and that I'll + test it. + * Removed php4 and modperl-2.0 from the tree. I should keep the changelogs + internal, as this is now getting not only very silly, but very embarassing. + * I corrected myself in the ITP that it was licensed under the Apache + Software License, not GPLed, but forgot to do that in debian/copyright. + Whoops. Feel free to LART. + * Lintian cleanups: + - Remove extra LICENSE files. + - Stop stuff calling -rpath. + - Change printenv to call /usr/bin/perl, not /usr/local/bin/perl - wtf? + - Move manpages to the right directory. + * Minor merge from Thom courtesy of some stuff being stored on pandora:~thom. + - Use buildprogs.pl to parse stuff like apache2ctl, apxs2, etc. + * Hopefully I'm only one CVS sync away from an upload. + * Moved some stuff over to /usr/sbin, fixed apache2ctl once and for all. + Hopefully. + + -- Daniel Stone Sun, 9 Sep 2001 00:05:03 +1000 + +apache2 (2.0.24-2) unstable; urgency=low + + * The "Farewell Buddha" Release. + * Or, alternatively: The "Darren Milburn is an Idiot for Inciting Crowds" + Release. + * Yes, it's the height of evil, I know: modperl-2.0 goes into the source + tree. (from CVS). + Separate tarballs, thanks to DBS, but still, yeah. + * Ditto php4. + * Still no Thom's laptop; hence no merges, and I'm not going to duplicate + work. + + -- Daniel Stone Sun, 2 Sep 2001 21:50:59 +1000 + +apache2 (2.0.24-1) unstable; urgency=low + + * New upstream version. + * Use prefork, not threaded, MPM. (threaded is currently broken). + * Update example httpd.conf for mod_ssl and have lines for all the modules. + * Build-Depends, all the Build-Depends! + * Update maintainer email address (thanks Joey). + * Turns out using buildconf was what broke modules. I swear I won't do + anything like that again. Promise! (thanks Thom for pointing this out) + * Implied by the above, rediff all patches against configure, not + configure.in. + * Also, don't copy configure.{guess,sub} over anymore, because we don't need + them. + * More Thom merges: + - debian/patches/003_apache2ctl - rewritten apache2ctl to actually work. + * Return of debian/patches/006_dont_install_build_crap. GAH! + + -- Daniel Stone Sat, 18 Aug 2001 17:01:19 +1000 + +apache2 (2.0.23-2) unstable; urgency=low + * SSL finally works, and beat instructions on how to get it going out + of someone on new-httpd. Moved SSL stuff to apache2-modules. + * Disabled TLS, because it's unstable and unnecessary. + * Merge from Thom May's tree: + 005b_debian_layout - The Debian layout for stuff + - Move APR stuff to /usr/lib/libapr and /usr/include/libapr. + - Clean up debian/rules, largely thanks to the two new patches. + * General cleanups, resulting from running lintian: + - Chuck #DEBHELPER# in postinst, which also fixes the /usr/doc + and init.d problems (due to debhelper now doing its postinst + thing). + - Remove LICENSE files from apache2-doc and the default document + root. + - Remove man/ and build/ top-level dirs, install manpages correctly. + - Updated 004_perl_in_usr_bin to include the manual search CGI. + * Remove all evil, ugly, patches to configure in debian/patches/*, instead, + diff against configure.in, because autoconf gets run in the configure + stage every time. + * Copy config.{guess,sub} from /usr/share/misc (provided by autotools-dev) at + runtime, thus eliminating debian/patches/002_config_guess_and_sub. + * Reshuffled patch numbers to cope with the above. + * I give up on this DBM crap. Disable mod_auth_dbm for now. + + -- Daniel Stone Wed, 15 Aug 2001 18:27:23 +1000 + +apache2 (2.0.23-1) unstable; urgency=low + + * New upstream - 2.0.23. + * New patches: + 004_conffile_in_etc_apache2 - Make an ugly init.d hack unnecessary. + 005_perl_in_usr_bin - Make example CGI scripts use /usr/bin/perl. + * Fix mime_magic stuff by copying magic to /etc/apache2. + * Remove debian/patches/003_cgisock_in_var_log_apache2, instead found a new + conffile directive, put this into the default distributed conffile. + + -- Daniel Stone Sun, 12 Aug 2001 18:05:32 +1000 + +apache2 (2.0.22-2) unstable; urgency=low + + * Aargh, I'm an idiot. Fix a bug in mod_cgid.c that had a hardcoded path. + That's now debian/pactches/003*. + + -- Daniel Stone Sat, 11 Aug 2001 08:04:13 +1000 + +apache2 (2.0.22-1) unstable; urgency=low + + * Updated to 2.0.22, started using a form of DBS. + * Merge from Thom May's 2.0.20 tree - new libapr-dev package. + * Backed out the old mod_(tls|ssl) hacks, see if 2.0.23 is any better + (apparently it is, thank god). + + -- Daniel Stone Wed, 8 Aug 2001 15:13:09 +1000 + +apache2 (2.0.20-2) unstable; urgency=low + + * New SSL fixes from new-httpd. Apparently, this (generally) works. + + -- Daniel Stone Fri, 13 Jul 2001 07:57:18 -0500 + +apache2 (2.0.20-1) unstable; urgency=low + + * New upstream release + + -- Daniel Stone Mon, 9 Jul 2001 18:41:04 +1000 + +apache2 (2.0.18-1) unstable; urgency=low + + * Initial Release. + + -- Daniel Stone Wed, 4 Jul 2001 21:29:29 +1000 --- apache2-2.2.16.orig/debian/suexec.8 +++ apache2-2.2.16/debian/suexec.8 @@ -0,0 +1,67 @@ +.TH suexec 8 "April 2008" +.\" Copyright 1999-2004 The Apache Software Foundation +.\" Copyright 2008 Stefan Fritsch +.\" +.\" Licensed under the Apache License, Version 2.0 (the "License"); +.\" you may not use this file except in compliance with the License. +.\" You may obtain a copy of the License at +.\" +.\" http://www.apache.org/licenses/LICENSE-2.0 +.\" +.\" Unless required by applicable law or agreed to in writing, software +.\" distributed under the License is distributed on an "AS IS" BASIS, +.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +.\" See the License for the specific language governing permissions and +.\" limitations under the License. +.\" +.SH NAME +suexec \- Switch User For Exec +.SH SYNOPSIS +.B suexec -V +.PP +This is a customized version that can be configured with +config files in /etc/apache2/suexec. +.PP +No other synopsis for usage, because this program +is otherwise only used internally by the Apache HTTP server. +.PP +.SH DESCRIPTION +.B suexec +is the "wrapper" support program for the suexec behaviour for the +Apache HTTP server. It is run from within the server automatically +to switch the user when an external program has to be run under a +different user. For more information about suexec in general, see the online +document `Apache suexec Support' on the HTTP server project's +Web site at http://httpd.apache.org/docs/suexec.html . +.PP +This version of suexec reads a config file on every execution. Therefore +it is a bit slower than the standard suexec version from the apache2-suexec +package. +.SH CONFIGURATION +If suexec is called by a user with name 'username', it will look into +/etc/apache2/suexec/username for configuration. If the file does not exist, +suexec will abort. By creating several config files, you can allow several +different apache run users to use suexec. +.PP +The first line in the file is used as the document root (/var/www in the +standard suexec) and the second line in the file is used as the suffix that is +appended to users' home directories (public_html in standard suexec). +.PP +If any of the lines is commented out (with #), suexec will refuse the +corresponding type of request. It is recommended to comment out the +userdir suffix if you don't need it. +.SH SECURITY +Do not set the document root to a path that includes users' home directories +(like /home or /var) or directories where users can mount removable media. +Doing so would create local security issues. Suexec does not allow to set the +document root to the root directory / . +.SH OPTIONS +.IP -V +Display the list of compile-time settings used when \fBsuexec\fP +was built. No other action is taken. +.PD +.SH FILES +.BR /etc/apache2/suexec/www-data +.SH SEE ALSO +.BR apache2(8) , +.BR /usr/share/doc/apache2.2-common/README.Debian.gz --- apache2-2.2.16.orig/debian/apache2-doc.postinst +++ apache2-2.2.16/debian/apache2-doc.postinst @@ -0,0 +1,11 @@ +#!/bin/sh -e + +if [ -x "/etc/init.d/apache2" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d apache2 reload ||true + else + /etc/init.d/apache2 reload ||true + fi +fi + +#DEBHELPER# --- apache2-2.2.16.orig/debian/mpms.dirs +++ apache2-2.2.16/debian/mpms.dirs @@ -0,0 +1,4 @@ +usr/sbin +usr/lib/apache2/mpm-MPMXXX +usr/share/lintian/overrides +usr/share/bug/apache2-mpm-MPMXXX --- apache2-2.2.16.orig/debian/apache2.dirs +++ apache2-2.2.16/debian/apache2.dirs @@ -0,0 +1 @@ +usr/share/bug/apache2 --- apache2-2.2.16.orig/debian/apache2.2-common.apache2.cron.daily +++ apache2-2.2.16/debian/apache2.2-common.apache2.cron.daily @@ -0,0 +1,30 @@ +#!/bin/sh + +# run htcacheclean + +set -e +set -u + +[ -e /usr/sbin/htcacheclean ] || exit 0 +[ -e /etc/default/apache2 ] || exit 0 + + +# edit /etc/default/apache2 to change this +HTCACHECLEAN_MODE=daemon +HTCACHECLEAN_RUN=auto +HTCACHECLEAN_SIZE=300M +HTCACHECLEAN_PATH=/var/cache/apache2/mod_disk_cache +HTCACHECLEAN_OPTIONS="" + +. /etc/default/apache2 + +[ "$HTCACHECLEAN_MODE" = "cron" ] || exit 0 + +[ "$HTCACHECLEAN_RUN" = "yes" ] || +( [ "$HTCACHECLEAN_RUN" = "auto" ] && \ + [ -e /etc/apache2/mods-enabled/disk_cache.load ] ) || exit 0 + +/usr/sbin/htcacheclean ${HTCACHECLEAN_OPTIONS} \ + -p${HTCACHECLEAN_PATH} \ + -l${HTCACHECLEAN_SIZE} + --- apache2-2.2.16.orig/debian/apache2-threaded-dev.install +++ apache2-2.2.16/debian/apache2-threaded-dev.install @@ -0,0 +1 @@ +usr/share/man/man8/apxs2.8 --- apache2-2.2.16.orig/debian/control +++ apache2-2.2.16/debian/control @@ -0,0 +1,203 @@ +Source: apache2 +Section: httpd +Priority: optional +Maintainer: Debian Apache Maintainers +Uploaders: Tollef Fog Heen , Thom May , Peter Samuelson , Stefan Fritsch , Steinar H. Gunderson +Build-Depends: debhelper (>= 7.4.3), dpatch, lsb-release, libaprutil1-dev (>= 1.3.4), libapr1-dev (>= 1.2.7-6), openssl, libpcre3-dev, mawk, zlib1g-dev, libssl-dev (>= 0.9.8m), sharutils, libcap-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], autoconf +Build-Conflicts: autoconf2.13 +Standards-Version: 3.9.1 +Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2 +Vcs-svn: svn://svn.debian.org/pkg-apache/trunk/apache2 +Homepage: http://httpd.apache.org/ + +Package: apache2.2-common +Architecture: any +Depends: ${misc:Depends}, apache2.2-bin (= ${binary:Version}), apache2-utils, libmagic1, mime-support, lsb-base, procps [!hurd-i386], perl +Recommends: ssl-cert +Suggests: www-browser, apache2-doc, apache2-suexec | apache2-suexec-custom +Conflicts: apache2-common, apache +Replaces: apache2-common +Description: Apache HTTP Server common files + The Apache Software Foundation's goal is to build a secure, efficient and + extensible HTTP server as standards-compliant open source software. The + result has long been the number one web server on the Internet. + . + This package contains the configuration and support scripts. + However, it does *not* include the server itself; for this you need to + install one of the apache2-mpm-* packages, such as worker or prefork. + +Package: apache2.2-bin +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Conflicts: apache2.2-common (<< 2.2.11-5~) +Replaces: apache2.2-common (<< 2.2.14-2~) +Description: Apache HTTP Server common binary files + The Apache Software Foundation's goal is to build a secure, efficient and + extensible HTTP server as standards-compliant open source software. The + result has long been the number one web server on the Internet. + . + This package contains all binaries but no configuration or support scripts. + To get a stand-alone server, you need to install one of the apache2-mpm-* + packages, such as worker or prefork. Other packages like gnome-user-share + may bring their own Apache configuration, though. + +Package: apache2-mpm-worker +Architecture: any +Depends: ${misc:Depends}, apache2.2-common (= ${binary:Version}), apache2.2-bin (= ${binary:Version}) +Provides: apache2-mpm, apache2, httpd, httpd-cgi +Conflicts: apache2-mpm, apache2-common +Replaces: apache2-mpm-threadpool (<< 2.0.53), apache2-mpm-perchild (<< 2.2.0) +Description: Apache HTTP Server - high speed threaded model + Each Apache Multi-Processing Module provides a different "flavor" of + web server binary, compiled with a different processing model. + . + The worker MPM provides the default threaded implementation. It is + recommended especially for high-traffic sites because it is faster + and has a smaller memory footprint than the traditional prefork MPM. + +Package: apache2-mpm-prefork +Architecture: any +Depends: ${misc:Depends}, apache2.2-common (= ${binary:Version}), apache2.2-bin (= ${binary:Version}) +Provides: apache2-mpm, apache2, httpd, httpd-cgi +Conflicts: apache2-mpm, apache2-common +Description: Apache HTTP Server - traditional non-threaded model + Each Apache Multi-Processing Module provides a different "flavor" of + web server binary, compiled with a different processing model. + . + The prefork MPM provides a non-threaded, pre-forking implementation + that handles requests in a manner similar to Apache 1.3. It is not as + fast as threaded models, but is considered to be more stable. It is + appropriate for sites that need to maintain compatibility with + non-thread-safe libraries, and is the best MPM for isolating each + request, so that a problem with a single request will not affect any + other. + +Package: apache2-mpm-event +Architecture: any +Depends: ${misc:Depends}, apache2.2-common (= ${binary:Version}), apache2.2-bin (= ${binary:Version}) +Provides: apache2-mpm, apache2, httpd, httpd-cgi +Conflicts: apache2-mpm, apache2-common +Description: Apache HTTP Server - event driven model + Each Apache Multi-Processing Module provides a different "flavor" of + web server binary, compiled with a different processing model. + . + The event MPM is designed to allow more requests to be served + simultaneously by passing off some processing work to supporting + threads, freeing up the main threads to work on new requests. It is + especially suitable for sites that see extensive KeepAlive traffic. + . + This MPM is experimental and less tested than the worker and prefork MPMs. + +Package: apache2-mpm-itk +Depends: ${misc:Depends}, apache2.2-common (= ${binary:Version}), apache2.2-bin (= ${binary:Version}) +Provides: apache2-mpm, apache2, httpd, httpd-cgi +Conflicts: apache2-mpm, apache2-common +Architecture: any +Priority: extra +Description: multiuser MPM for Apache 2.2 + The ITK Multi-Processing Module (MPM) works in about the same way as the + classical "prefork" module (that is, without threads), except that it allows + you to constrain each individual vhost to a particular system user. This + allows you to run several different web sites on a single server without + worrying that they will be able to read each others' files. This is a + third-party MPM that is not included in the normal Apache httpd. + . + Please note that this MPM is somewhat less tested than the MPMs that come with + Apache itself. + +Package: apache2-utils +Architecture: any +Replaces: apache2-common, apache-utils (<< 1.3.33-4) +Conflicts: apache-common (<< 1.3.28.0.1-1) +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: utility programs for webservers + Provides some add-on programs useful for any webserver. These include: + - ab (Apache benchmark tool) + - logresolve (Resolve IP addresses to hostname in logfiles) + - htpasswd (Manipulate basic authentication files) + - htdigest (Manipulate digest authentication files) + - dbmmanage (Manipulate basic authentication files in DBM format, using perl) + - htdbm (Manipulate basic authentication files in DBM format, using APR) + - rotatelogs (Periodically stop writing to a logfile and open a new one) + - split-logfile (Split a single log including multiple vhosts) + - checkgid (Checks whether the caller can setgid to the specified group) + - check_forensic (Extract mod_log_forensic output from Apache log files) + +Package: apache2-suexec +Priority: optional +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends}, apache2.2-common +Conflicts: apache2-suexec, apache-common +Replaces: apache2-suexec +Description: Standard suexec program for Apache 2 mod_suexec + Provides the standard suexec helper program for mod_suexec. This version is + compiled with document root /var/www and userdir suffix public_html. If you + need different settings, use the package apache2-suexec-custom. + +Package: apache2-suexec-custom +Priority: extra +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends}, apache2.2-common +Provides: apache2-suexec +Conflicts: apache2-suexec, apache-common +Replaces: apache2-suexec +Description: Configurable suexec program for Apache 2 mod_suexec + Provides a customizable version of the suexec helper program for mod_suexec. + This is not the version from upstream, but can be configured with a + configuration file. + . + If you do not need non-standard document root or userdir settings, it is + recommended that you use the standard suexec helper program from the + apache2-suexec package instead. + +Package: apache2 +Architecture: any +Depends: ${misc:Depends}, apache2-mpm-worker (= ${binary:Version}) | apache2-mpm-prefork (= ${binary:Version}) | apache2-mpm-event (= ${binary:Version}) | apache2-mpm-itk (= ${binary:Version}), apache2.2-common (= ${binary:Version}) +Description: Apache HTTP Server metapackage + The Apache Software Foundation's goal is to build a secure, efficient and + extensible HTTP server as standards-compliant open source software. The + result has long been the number one web server on the Internet. + . + It features support for HTTPS, virtual hosting, CGI, SSI, IPv6, easy + scripting and database integration, request/response filtering, many + flexible authentication schemes, and more. + +Package: apache2-doc +Section: doc +Architecture: all +Depends: ${misc:Depends} +Description: Apache HTTP Server documentation + This package provides the documentation for Apache 2. For more details + see the apache2 package description. + +Package: apache2-prefork-dev +Architecture: any +Depends: ${misc:Depends}, apache2.2-common (= ${binary:Version}), openssl, libaprutil1-dev +Conflicts: apache2-threaded-dev +Priority: extra +Description: Apache development headers - non-threaded MPM + This package provides the development headers and apxs2 binary for + apache2-mpm-prefork; see the apache2 package description for more details. + . + This should only be used when you absolutely *must* support a non-threaded + environment (for PHP, for example). + +Package: apache2-threaded-dev +Architecture: any +Depends: ${misc:Depends}, apache2.2-common (= ${binary:Version}), openssl, libaprutil1-dev +Conflicts: apache2-prefork-dev +Provides: apache2-dev +Priority: extra +Description: Apache development headers - threaded MPM + This package provides the development headers and apxs2 binary for + threaded versions of apache2; see the apache2 package description + for more details. + +Package: apache2-dbg +Section: debug +Priority: extra +Architecture: any +Depends: ${misc:Depends}, apache2.2-bin (= ${binary:Version}) +Description: Apache debugging symbols + This package includes the debugging symbols for Apache 2. + See /usr/share/doc/apache2.2-common/README.backtrace for more information. --- apache2-2.2.16.orig/debian/bash_completion +++ apache2-2.2.16/debian/bash_completion @@ -0,0 +1,54 @@ +# bash completion for Debian apache2 configuration tools +# $Id: apache2,v 1.1 2005/03/16 22:51:19 guillaume Exp $ + +_apache2_modsites() +{ + COMPREPLY=( $( compgen -W '$( command ls /etc/apache2/$1 2>/dev/null \ + | sed -e 's/[.]load$//' -e 's/[.]conf$//' )' -- $cur ) ) +} + +_a2enmod() +{ + local cur + + COMPREPLY=() + cur=${COMP_WORDS[COMP_CWORD]} + + _apache2_modsites mods-available +} +complete -F _a2enmod a2enmod + +_a2ensite() +{ + local cur + + COMPREPLY=() + cur=${COMP_WORDS[COMP_CWORD]} + + _apache2_modsites sites-available + +} +complete -F _a2ensite a2ensite + +_a2dismod() +{ + local cur + + COMPREPLY=() + cur=${COMP_WORDS[COMP_CWORD]} + + _apache2_modsites mods-enabled +} +complete -F _a2dismod a2dismod + +_a2dissite() +{ + local cur + + COMPREPLY=() + cur=${COMP_WORDS[COMP_CWORD]} + + _apache2_modsites sites-enabled + +} +complete -F _a2dissite a2dissite --- apache2-2.2.16.orig/debian/apache2-doc.dirs +++ apache2-2.2.16/debian/apache2-doc.dirs @@ -0,0 +1,2 @@ +etc/apache2/conf.d +usr/share/doc/apache2-doc --- apache2-2.2.16.orig/debian/default-index.html +++ apache2-2.2.16/debian/default-index.html @@ -0,0 +1,4 @@ +

It works!

This is the default web page for this server.

The web server software is running but no content has been added, yet.

+ --- apache2-2.2.16.orig/debian/convert_docs +++ apache2-2.2.16/debian/convert_docs @@ -0,0 +1,96 @@ +#!/usr/bin/perl -w + +use strict; +use File::Path; +use Fatal qw/mkpath symlink open close/; + +scalar @ARGV == 2 or die; + +my $SRC=$ARGV[0]; +my $TGT=$ARGV[1]; + +# list of languages +my @lang = glob("$SRC/index.html.*") or die; +map { s{^.*html\.}{} } @lang; + +# map "ja.euc-jp" to "ja/", ... +my %lpath; +foreach my $l (@lang) { + my $t=$l; + $t =~ s{\..*$}{}; + $lpath{$l}="$t/"; +} + + +my @html=`find $SRC -name *.html` or die; +chomp(@html); +map { s{^$SRC/}{} } @html; + +foreach my $h (@html) { + my $dir=""; + if ($h =~ m{^(.*/)}) { + $dir=$1; + } + + for my $l (@lang) { + my $tdir="$TGT/$lpath{$l}"; + -d "$tdir$dir" || mkpath("$tdir$dir"); + + my $updir=$dir; + $updir =~ s{[^/]+}{..}g; + + if ($l eq "en") { + conv("$SRC/$h.en", "$tdir$h", $h); + } + elsif ( -f "$SRC/$h.$l" ) { + conv("$SRC/$h.$l", "$tdir$h", $h); + } + else { + symlink("${updir}../en/$h", "$tdir$h"); + } + + } +} + +open(my $out, ">", "$TGT/index.html"); +print $out '', + '', + "\n\n"; +foreach my $l (sort values %lpath) { + print $out qq{\n}; +} +print $out '

'; + + +### END + + +sub conv { + my ($old, $new, $name) = @_; + + open(my $in, "<", $old); + local $/; + my $file = <$in>; + close($in); + + # /mod/ -> /mod/index.html + $file =~ s{href="([^:"]*/)"}{href="${1}index.html"}g; + + # style and images now one level up + $file =~ s{(src|href)="../(style|images)}{$1="../../$2}g; + $file =~ s{(src|href)="./(style|images)}{$1="../$2}g; + + foreach my $l (values %lpath) { + # language directories one level up + $file =~ s{href="\.\./$l}{href="../../$l}g; + $file =~ s{href="\./$l}{href="../$l}g; + } + + # Debian tweaks + $file =~ s{/usr/local/apache2/conf/httpd[.]conf}{/etc/apache2/apache2.conf}g; + $file =~ s{httpd[.]conf}{apache2.conf}g; + + open(my $out, ">", $new); + print $out $file; + close($out); +} --- apache2-2.2.16.orig/debian/apache2-dbg.links +++ apache2-2.2.16/debian/apache2-dbg.links @@ -0,0 +1,4 @@ +usr/lib/debug/usr/lib/apache2/mpm-itk/apache2-mpm-itk usr/lib/debug/usr/sbin/apache2-mpm-itk +usr/lib/debug/usr/lib/apache2/mpm-prefork/apache2-mpm-prefork usr/lib/debug/usr/sbin/apache2-mpm-prefork +usr/lib/debug/usr/lib/apache2/mpm-worker/apache2-mpm-worker usr/lib/debug/usr/sbin/apache2-mpm-worker +usr/lib/debug/usr/lib/apache2/mpm-event/apache2-mpm-event usr/lib/debug/usr/sbin/apache2-mpm-event --- apache2-2.2.16.orig/debian/apachectl.8 +++ apache2-2.2.16/debian/apachectl.8 @@ -0,0 +1 @@ +.so man8/apache2ctl.8 --- apache2-2.2.16.orig/debian/apache2-suexec.lintian-overrides +++ apache2-2.2.16/debian/apache2-suexec.lintian-overrides @@ -0,0 +1,2 @@ +setuid-binary usr/lib/apache2/suexec 4754 root/www-data +package-relation-with-self replaces: apache2-suexec --- apache2-2.2.16.orig/debian/setup-instance +++ apache2-2.2.16/debian/setup-instance @@ -0,0 +1,39 @@ +#!/bin/sh + +set -eu + +if [ $# != 1 ] ; then + echo usage: $0 '' + exit 1 +fi + +# the SUFFIX must not contain spaces or shell meta characters +SUFFIX=$1 + +if [ -e /etc/apache2-$SUFFIX ] ; then + echo ERROR: /etc/apache2-$SUFFIX already exists + exit 2 +fi + +echo Setting up /etc/apache2-$SUFFIX ... +cp -a /etc/apache2 /etc/apache2-$SUFFIX + +echo Setting up /etc/init.d/apache2-$SUFFIX ... +cp /usr/share/doc/apache2.2-common/examples/secondary-init-script /etc/init.d/apache2-$SUFFIX +# adjust service name (this prevents us from using a simple symlink) +perl -p -i -e s,XXX,$SUFFIX, /etc/init.d/apache2-$SUFFIX +chmod 755 /etc/init.d/apache2-$SUFFIX + +echo -n Setting up symlinks: +for a in a2enmod a2dismod a2ensite a2dissite apache2ctl ; do + echo -n " $a-$SUFFIX" + ln -s /usr/sbin/$a /usr/local/sbin/$a-$SUFFIX +done +echo + +echo Setting up /etc/logrotate.d/apache2-$SUFFIX and /var/log/apache2-$SUFFIX ... +cp -a /etc/logrotate.d/apache2 /etc/logrotate.d/apache2-$SUFFIX +perl -p -i -e s,apache2,apache2-$SUFFIX,g /etc/logrotate.d/apache2-$SUFFIX +mkdir /var/log/apache2-$SUFFIX +chmod 750 /var/log/apache2-$SUFFIX +chown root:adm /var/log/apache2-$SUFFIX --- apache2-2.2.16.orig/debian/apache2.2-common.install +++ apache2-2.2.16/debian/apache2.2-common.install @@ -0,0 +1,7 @@ +usr/share/apache2/icons +usr/share/apache2/error +usr/sbin/envvars-std usr/share/apache2/build +etc/apache2 usr/share/doc/apache2.2-common/examples +debian/config-dir/* etc/apache2 +debian/a2enmod usr/sbin +debian/apache2ctl usr/sbin --- apache2-2.2.16.orig/debian/a2dissite.8 +++ apache2-2.2.16/debian/a2dissite.8 @@ -0,0 +1 @@ +.so man8/a2ensite.8 --- apache2-2.2.16.orig/debian/apache2.2-bin.install +++ apache2-2.2.16/debian/apache2.2-bin.install @@ -0,0 +1,2 @@ +usr/lib/apache2/modules +usr/sbin/httxt2dbm --- apache2-2.2.16.orig/debian/apache2.2-bin.dirs +++ apache2-2.2.16/debian/apache2.2-bin.dirs @@ -0,0 +1,4 @@ +usr/lib/apache2/mpm-worker +usr/lib/apache2/mpm-prefork +usr/lib/apache2/mpm-event +usr/lib/apache2/mpm-itk --- apache2-2.2.16.orig/debian/apache2ctl +++ apache2-2.2.16/debian/apache2ctl @@ -0,0 +1,179 @@ +#!/bin/sh +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# Apache control script designed to allow an easy command line interface +# to controlling Apache. Written by Marc Slemko, 1997/08/23 +# +# Heavily modified for Debian by Stefan Fritsch 2007-2010 +# +# The exit codes returned are: +# XXX this doc is no longer correct now that the interesting +# XXX functions are handled by httpd +# 0 - operation completed successfully +# 1 - +# 2 - usage error +# 3 - httpd could not be started +# 4 - httpd could not be stopped +# 5 - httpd could not be started during a restart +# 6 - httpd could not be restarted during a restart +# 7 - httpd could not be restarted during a graceful restart +# 8 - configuration syntax error +# +# When multiple arguments are given, only the error from the _last_ +# one is reported. Run "apachectl help" for usage info +# +ARGV="$@" +# +# |||||||||||||||||||| START CONFIGURATION SECTION |||||||||||||||||||| +# -------------------- -------------------- +# +# main configuration directory +if test -z "$APACHE_CONFDIR" ; then + if test "${0##*apache2ctl-}" != "$0" ; then + APACHE_CONFDIR="/etc/apache2-${0##*apache2ctl-}" + else + APACHE_CONFDIR=/etc/apache2 + fi +fi +# the path to the environment variable file +test -z "$APACHE_ENVVARS" && APACHE_ENVVARS="$APACHE_CONFDIR/envvars" +# pick up any necessary environment variables +if test -f $APACHE_ENVVARS; then + . $APACHE_ENVVARS +fi + +if test "$APACHE_CONFDIR" != /etc/apache2 ; then + APACHE_ARGUMENTS="-d $APACHE_CONFDIR $APACHE_ARGUMENTS" +fi +# the following APACHE_* variables should be set in /etc/apache2/envvars +# +# the path to your httpd binary, including options if necessary +HTTPD=${APACHE_HTTPD:-/usr/sbin/apache2} +# +# a command that outputs a formatted text version of the HTML at the +# url given on the command line. Designed for lynx, however other +# programs may work. +LYNX="${APACHE_LYNX:-www-browser -dump}" +# +# the URL to your server's mod_status status page. If you do not +# have one, then status and fullstatus will not work. +STATUSURL="${APACHE_STATUSURL:-http://localhost:80/server-status}" +# +# Set this variable to a command that increases the maximum +# number of file descriptors allowed per child process. This is +# critical for configurations that use many file descriptors, +# such as mass vhosting, or a multithreaded server. +ULIMIT_MAX_FILES="${APACHE_ULIMIT_MAX_FILES:-ulimit -S -n `ulimit -H -n`}" +# -------------------- -------------------- +# |||||||||||||||||||| END CONFIGURATION SECTION |||||||||||||||||||| + +# Set the maximum number of file descriptors allowed per child process. +if [ "x$ULIMIT_MAX_FILES" != "x" ] ; then + $ULIMIT_MAX_FILES +fi + +ERROR=0 +if [ "x$ARGV" = "x" ] || [ "x$ARGV" = "xusage" ] || [ "x$ARGV" = "xhelp" ] || [ "x$ARGV" = "x--help" ]; then + echo "Usage: $0 start|stop|restart|graceful|graceful-stop|configtest|status|fullstatus|help" >&2 + echo " $0 " >&2 + echo " $0 -h (for help on )" >&2 + exit 1 +fi + +get_status () { + if ! $LYNX $STATUSURL ; then + echo "'$LYNX $STATUSURL'" failed. >&2 + echo Maybe you need to install a package providing www-browser or you >&2 + echo need to adjust the APACHE_LYNX variable in /etc/apache2/envvars >&2 + exit 1 + fi +} + +mkdir_chown () { + local OWNER="$1" + local DIR="$2" + local STAT="$(LC_ALL=C stat -c %F:%U $DIR 2> /dev/null || true)" + if [ "$STAT" = "" ] ; then + local TMPNAME=$(mktemp -d $DIR.XXXXXXXXXX) || exit 1 + chmod 755 $TMPNAME || exit 1 + chown $OWNER $TMPNAME || exit 1 + if ! mv -T $TMPNAME $DIR 2> /dev/null; then + rmdir $TMPNAME + # check for race with other apachectl + if [ "$(LC_ALL=C stat -c %F:%U $DIR 2>/dev/null)" != "directory:$OWNER" ] + then + echo Cannot create $DIR with owner $OWNER. + echo Please fix manually. Aborting. + exit 1 + fi + fi + elif [ "$STAT" != "directory:$OWNER" ] ; then + echo $DIR already exists but is not a directory owned by $OWNER. + echo Please fix manually. Aborting. + exit 1 + fi +} + +case $ARGV in +start) + mkdir -p ${APACHE_RUN_DIR:-/var/run/apache2} + mkdir_chown ${APACHE_RUN_USER:-www-data} ${APACHE_LOCK_DIR:-/var/lock/apache2} + # ssl_scache shouldn't be here if we're just starting up. + # (this is bad if there are several apache2 instances running) + rm -f ${APACHE_RUN_DIR:-/var/run/apache2}/*ssl_scache* + $HTTPD ${APACHE_ARGUMENTS} -k $ARGV + ERROR=$? + ;; +stop|graceful-stop) + $HTTPD ${APACHE_ARGUMENTS} -k $ARGV + ERROR=$? + ;; +restart|graceful) + if $HTTPD ${APACHE_ARGUMENTS} -t 2> /dev/null ; then + $HTTPD ${APACHE_ARGUMENTS} -k $ARGV + else + $HTTPD ${APACHE_ARGUMENTS} -t + fi + ERROR=$? + ;; +startssl|sslstart|start-SSL) + echo The startssl option is no longer supported. + echo Please edit httpd.conf to include the SSL configuration settings + echo and then use "apachectl start". + ERROR=2 + ;; +configtest) + $HTTPD ${APACHE_ARGUMENTS} -t + ERROR=$? + ;; +status) + get_status | awk ' /process$/ { print; exit } { print } ' + ;; +fullstatus) + get_status + ;; +*) + $HTTPD ${APACHE_ARGUMENTS} $ARGV + ERROR=$? +esac + +if [ "$ERROR" != 0 ] ; then + echo Action \'"$@"\' failed. + echo The Apache error log may have more information. +fi +exit $ERROR --- apache2-2.2.16.orig/debian/secondary-init-script +++ apache2-2.2.16/debian/secondary-init-script @@ -0,0 +1,19 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: apache2-XXX +# Required-Start: $local_fs $remote_fs $network $syslog $named +# Required-Stop: $local_fs $remote_fs $network $syslog $named +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# X-Interactive: true +# Short-Description: Start/stop apache2 web server (config /etc/apache2-XXX) +### END INIT INFO + +set -e + +# +# this init script can be installed as /etc/init.d/apache2-XXX +# + +# source original init script to keep $0 and other arguments +. /etc/init.d/apache2 --- apache2-2.2.16.orig/debian/README.Debian +++ apache2-2.2.16/debian/README.Debian @@ -0,0 +1,399 @@ +Contents +======== + + Apache2 Configuration under Debian GNU/Linux + Files and Directories in /etc/apache2 + Tools + + Using mod_disk_cache + + SSL + Enabling SSL + Creating self-signed certificates + SSL workaround for MSIE + + Suexec + + Documentation + + Upgrades + + Common Problems + + +Apache2 Configuration under Debian GNU/Linux +============================================ + +Debian's default Apache2 installation attempts to make adding and +removing modules, virtual hosts, and extra configuration directives as +flexible as possible, in order to make automating the changes and +administering the server as easy as possible. + +Please be aware that this layout is quite different from the standard +Apache configuration. Due to the use of environment variables, apache2 +needs to be started/stopped with /etc/init.d/apache2 or apache2ctl. +Calling /usr/bin/apache2 directly will not work with the default +configuration. To call apache2 with specific command line arguments, +just call apache2ctl with the same arguments. + +Files and Directories in /etc/apache2: +------------------------------------- + +apache2.conf + + This is the main configuration file. + +envvars + + This contains environment variables that may be used in the + configuration. Some settings, like user and pid file, need to + go in here so that other scripts can use them. It can also + be used to change some default settings used by apache2ctl. + Here is also the default LANG=C setting that can be changed + to a different language. + +conf.d/ + + Files in this directory are included by this line in + apache2.conf: + + # Include generic snippets of statements + Include /etc/apache2/conf.d + + This is a good place to add additional configuration + directives. Packages should not use configuration + files that start with 'local-' or end with '.local'. + The local administrator can use these filenames to make + sure that there are no conflicts with files provided by + packages. + + If the local administrator is not comfortable with packages + activating their config files by default, it is possible + to change the 'Include /etc/apache2/conf.d/' in apache2.conf + into 'Include /etc/apache2/conf.d.enabled/' and create that + directory. He can then put symlinks to the files in conf.d + which he wants to enable into conf.d.enabled. + +httpd.conf + + Empty file. + +magic + + Patterns for mod_mime_magic. This is not compatible with the format + used by current versions of the file/libmagic packages. + +mods-available/ + + This directory contains a series of .load and .conf files. + The .load files contain the Apache configuration directive + necessary to load the module in question. The respective + .conf files contain configuration directives necessary to + utilize the module in question. + +mods-enabled/ + + To actually enable a module for Apache2, it is necessary to + create a symlink in this directory to the .load (and .conf, if + it exists) files associated with the module in + mods-available/. For example: + + cgi.load -> /etc/apache2/mods-available/cgi.load + +ports.conf + + Configuration directives for which ports and IP addresses to + listen to. + +sites-available/ + + Like mods-available/, except it contains configuration + directives for different virtual hosts that might be used with + apache2. Note that the hostname doesn't have to correspond + exactly with the filename. 'default' is the default host. + +sites-enabled/ + + Similar in functionality to mods-enabled/, sites-enabled + contains symlinks to sites in sites-available/ that the + admnistrator wishes to enable. + + Apache uses the first VirtualHost that matches the IP/Port + as default for named virtual hosts. Therefore the 'default' + site is linked to '000-default' so that it will be read first. + + Example: + dedasys -> /etc/apache2/sites-available/dedasys + +The Include directive ignores files with names that + +- do not begin with a letter or number +- contain a character that is neither letter nor number nor _-. +- contain .dpkg + +Other files +----------- + +For historical reasons, the pid file is in /var/run/apache2.pid and not in +/var/run/apache2/apache2.pid. + +Tools +----- + +a2enmod and a2dismod are available for enabling and disabling modules utilizing +the above configuration system. + +a2ensite and a2dissite do essentially the same thing as the above tools, but +for sites rather than modules. + +apxs2 -a/-A is modified to use a2enmod to activate newly installed modules. + + +Using mod_disk_cache +==================== + +To ensure that the disk cache does not grow indefinitely, htcacheclean is +started when mod_disk_cache is enabled. Both daemon and cron (daily) mode +are supported. The configuration (run mode, cache size, ...) is in +/etc/default/apache2 . + +Normally, htcacheclean is automatically started and stopped by +/etc/init.d/apache2. However, if you change the state of mod_disk_cache or the +configuration of htcacheclean while apache2 is running, you may need to +manually start/stop htcacheclean with "/etc/init.d/apache2 start-htcacheclean" +or "/etc/init.d/apache2 stop-htcacheclean". + + +SSL +=== + +Enabling SSL +------------ + +To enable SSL, type (as user root): + + a2ensite default-ssl + a2enmod ssl + +If you want to use self-signed certificates, you should install the ssl-cert +package (see below). Otherwise, just adjust the SSLCertificateFile and +SSLCertificateKeyFile directives in /etc/apache2/sites-available/default-ssl to +point to your SSL certificate. Then restart apache: + + /etc/init.d/apache2 restart + +The SSL key file should only be readable by root, the certificate file may be +globally readable. These files are read by the Apache parent process which runs +as root. Therefore it is not necessary to make the files readable by the +www-data user. + +Creating self-signed certificates +--------------------------------- + +If you install the ssl-cert package, a self-signed certificate will be +automatically created using the hostname currently configured on your computer. +You can recreate that certificate (e.g. after you have changed /etc/hosts or +DNS to give the correct hostname) as user root with: + + make-ssl-cert generate-default-snakeoil --force-overwrite + +To create more certificates with different host names, you can use + + make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /path/to/cert-file.crt + +This will ask you for the hostname and place both SSL key and certificate in +the file /path/to/cert-file.crt . Use this file with the SSLCertificateFile +directive in the Apache config (you don't need the SSLCertificateKeyFile in +this case as it also contains the key). The file /path/to/cert-file.crt should +only be readable by root. A good directory to use for the additional +certificates/keys is /etc/ssl/private . + +SSL workaround for MSIE +----------------------- + +The SSL workaround for MS Internet Explorer needs to be added to your SSL +VirtualHost section (it was previously in ssl.conf but caused keepalive to be +disabled even for non-SSL connections): + + BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown + +The default SSL virtual host in /etc/apache2/sites-available/default-ssl +already contains this workaround. + + +Suexec +====== + +Debian ships two version of the suexec helper program required by mod_suexec. +It is not installed by default, to avoid possible security issues. The package +apache2-suexec contains the standard version that works only with document root +/var/www, userdir suffix public_html, and Apache run user www-data. The package +apache2-suexec-custom contains a customizable version, that can be configured +with a config file to use different settings (like /srv/www as document root). +For more information see the suexec(8) man page in the apache2-suexec-custom +package. + +Since apache2-suexec-custom has received less testing and might be slightly +slower, apache2-suexec is the recommended version unless you need the features +from apache2-suexec-custom. + + +Documentation +============= + +The full Apache 2 documentation can be found on the web at + +http://httpd.apache.org/docs/2.2/ + +or, if you have installed the apache2-doc package, in + +/usr/share/doc/apache2-doc/manual/ + +or at + +http://localhost/manual/ + +There is also a wiki that contains useful information: + +http://wiki.apache.org/httpd/ + +Some hints about securing Apache 2 on Debian are available at + +http://wiki.debian.org/Apache/Hardening + + +Upgrades +======== + +Changes in the Apache packages that require manual configuration adjustments +are announced in NEWS.Debian. Installing the apt-listchanges package is +recommended. It will display the relevant NEWS.Debian sections before +upgrades. + + +Multiple instances +================== + +There is some support for running multiple instances of Apache2 on the same +machine. See /usr/share/doc/apache2.2-common/README.multiple-instances for more +information. + + +Common Problems +=============== + +1) Error message "Could not reliably determine the server's fully qualified +domain name, using 127.0.0.1 for ServerName" during start + +This can usually be ignored but it means that Apache httpd was unable to obtain +a fully-qualified hostname by doing a reverse lookup on your server's IP +address. You may want to add the fully-qualified hostname to /etc/hosts . +An alternative is to specify "ServerName 127.0.0.1" in the global server +context of the configuration, e.g. in /etc/apache2/conf.d/servername.local . + +2) Error message "mod_rewrite: could not create rewrite_log_lock" + +This probably means that there are some stale SYSV semaphores around. This +usually happens after apache2 has been killed with kill -9 (SIGKILL). You can +clean up the semaphores with: + + ipcs -s | grep www-data | awk ' { print $2 } ' | xargs ipcrm sem + +3) Message "NameVirtualHost *:80 has no VirtualHosts" in error log + +Probably the VirtualHost definitions have not been adjusted after the +NameVirtualHost directive was changed in ports.conf. +See /usr/share/doc/apache2.2-common/NEWS.Debian.gz + +4) Message "File does not exist: /etc/apache2/htdocs" in error log + +In most cases this means that no matching VirtualHost definition could be +found for an incoming request. Check that the target IP address/port and the +name in the Host: header of the request actually match one of the virtual +hosts. + +5) Message "Couldn't create pollset in child; check user or system limits" in + error log + +On Linux kernels since 2.6.27.8, the value in + + /proc/sys/fs/epoll/max_user_instances + +needs to be larger than + + for prefork/itk MPM: 2 * MaxClients + for worker/event MPM: MaxClients + MaxClients/ThreadsPerChild + +It can be set on boot by adding a line like + + fs.epoll.max_user_instances=1024 + +to /etc/sysctl.conf. + +There are several other error messages related to creating a pollset that can +appear for the same reason. + +On the other hand, errors about to adding to a pollset are related to the +setting fs.epoll.max_user_watches. On most systems, max_user_watches should be +high enough by default. + +6) Message "Server should be SSL-aware but has no certificate configured" in + error log + +Since 2.2.12, Apache is stricter about certain misconfigurations concerning +name based SSL virtual hosts. See NEWS.Debian.gz for more details. + +7) Apache does not pass Authorization header to CGI scripts + +This is intentional to avoid security holes. If you really want to change it, +you can use mod_rewrite: + + RewriteCond %{HTTP:Authorization} (.*) + RewriteRule . - [env=HTTP_AUTHORIZATION:%1] + +8) mod_dav is behaving strangely + +In general, if you use mod_dav_fs, you need to disable multiviews and script +execution for that directory. For example: + + + Dav on + Options -MultiViews -ExecCGI + SetHandler none + + php_admin_value engine Off + + + +9) Message "apache2: bad user name ${APACHE_RUN_USER}" when starting apache2 + directly + +Use apache2ctl (it accepts all options of apache2). + +10) Apache is using a lot of memory and is not freeing it even when idle + +By default, Apache will not give back unused memory but keep it around for +later use. + + * Tune StartServers, MaxRequestsPerChild, MinSpareThreads/MinSpareServers, + MaxSpareThreads/MaxSpareServers in /etc/apache2/apache2.conf + + * If you are really starved for memory, try adding 'MaxMemFree 4' to your + Apache configuration. This will reduce Apache's performance. + Because of the way Apache's memory allocator interacts with glibc's malloc, + higher values of MaxMemFree don't have much effect. + +11) A PUT with mod_dav_fs fails with "Unable to PUT new contents for /... +[403, #0]" even if Apache has permission to write the file. + +Apache also needs write permission to the directory containing the file, in +order to replace it atomically. + +12) How to increase the ulimit for the max number of open files? + +Add the following line to /etc/apache2/envvars: + + APACHE_ULIMIT_MAX_FILES='ulimit -n 65536' --- apache2-2.2.16.orig/debian/apache2ctl.8 +++ apache2-2.2.16/debian/apache2ctl.8 @@ -0,0 +1,182 @@ +.TH apache2ctl 8 "April 2008" +.\" The Apache Software License, Version 1.1 +.\" +.\" Copyright (c) 2000-2002 The Apache Software Foundation. All rights +.\" reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. The end-user documentation included with the redistribution, +.\" if any, must include the following acknowledgment: +.\" "This product includes software developed by the +.\" Apache Software Foundation (http://www.apache.org/)." +.\" Alternately, this acknowledgment may appear in the software itself, +.\" if and wherever such third-party acknowledgments normally appear. +.\" +.\" 4. The names "Apache" and "Apache Software Foundation" must +.\" not be used to endorse or promote products derived from this +.\" software without prior written permission. For written +.\" permission, please contact apache@apache.org. +.\" +.\" 5. Products derived from this software may not be called "Apache", +.\" nor may "Apache" appear in their name, without prior written +.\" permission of the Apache Software Foundation. +.\" +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +.\" DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" This software consists of voluntary contributions made by many +.\" individuals on behalf of the Apache Software Foundation. For more +.\" information on the Apache Software Foundation, please see +.\" . +.\" +.SH NAME +apache2ctl \- Apache HTTP server control interface +.SH SYNOPSIS +When acting in SysV init mode, apache2ctl takes simple, one-word commands, +defined below. +.PP +.B apachectl +.I command +.PP +.B apache2ctl +.I command +.PP +When acting in pass-through mode, apache2ctl can take all the arguments available +for the httpd binary. +.PP +.B apachectl +.RI [ httpd-argument ] +.PP +.B apache2ctl +.RI [ httpd-argument ] +.PP +.SH DESCRIPTION +.B apache2ctl +is a front end to the Apache HyperText Transfer Protocol (HTTP) +server. It is designed to help the administrator control the +functioning of the Apache +.B apache2 +daemon. +.PP +.B NOTE: +The default Debian configuration requires the environment variables +.BR APACHE_RUN_USER , +.BR APACHE_RUN_GROUP , +and +.B APACHE_PID_FILE +to be set in +.BR /etc/apache2/envvars . +.PP +The +.B apache2ctl +script returns a 0 exit value on success, and >0 if an error +occurs. For more details, view the comments in the script. +.PP +.SH OPTIONS +The \fIcommand\fP can be any one or more of the following options: +.TP 14 +.BI start +Start the Apache daemon. Gives an error if it is already running. +.TP +.BI stop +Stops the Apache daemon. +.TP +.BI restart +Restarts the Apache daemon by sending it a SIGHUP. If the daemon +is not running, it is started. +This command automatically checks the configuration files via +.BI configtest +before initiating the restart to to catch the most obvious errors. +However, it is still possible for the daemon to die because of problems +with the configuration. +.TP +.BI fullstatus +Displays a full status report from +.B mod_status. +For this to work, you need to have mod_status enabled on your server +and a text-based browser such as \fIlynx\fP available on your system. The +URL used to access the status report can be set by setting the +.B APACHE_STATUSURL +variable in +.BR /etc/apache2/envvars . +.TP +.BI status +Displays a brief status report. Similar to the fullstatus option, +except that the list of requests currently being served is omitted. +.TP +.BI graceful +Gracefully restarts the Apache daemon by sending it a SIGUSR1. If +the daemon is not running, it is started. This differs from a +normal restart in that currently open connections are not aborted. +A side effect is that old log files will not be closed immediately. +This means that if used in a log rotation script, a substantial delay may be +necessary to ensure that the old log files are closed before processing them. +This command automatically checks the configuration files via apache2ctl +configtest before initiating the restart to to catch the most obvious errors. +However, it is still possible for the daemon to die because of problems with +the configuration. +.TP +.BI graceful-stop +Gracefully stops the Apache httpd daemon. +This differs from a normal stop in that currently open connections are not +aborted. +A side effect is that old log files will not be closed immediately. +.TP +.BI configtest +Run a configuration file syntax test. It parses the configuration +files and either reports +.B "Syntax Ok" +or information about the particular syntax error. This test does not catch +all errors. +.TP +.BI help +Displays a short help message. +.TP +The following option was available in earlier versions but has been removed. +.TP +.BI startssl +To start httpd with SSL support, you should edit your configuration file to +include the relevant directives and then use the normal apache2ctl start. +.SH ENVIRONMENT +The behaviour of +.B apache2ctl +can be influenced with these environment variables: +.BR APACHE_HTTPD , +.BR APACHE_LYNX , +.BR APACHE_STATUSURL , +.BR APACHE_ULIMIT_MAX_FILES , +.BR APACHE_RUN_DIR , +.BR APACHE_LOCK_DIR , +.BR APACHE_RUN_USER , +.BR APACHE_ARGUMENTS , +.BR APACHE_ENVVARS . +See the comments in the script for details. +These variables (except +.BR APACHE_ENVVARS ) +can be set in +.BR /etc/apache2/envvars . +.SH SEE ALSO +.BR apache2(8) , +.BR /usr/share/doc/apache2.2-common/README.Debian.gz +. --- apache2-2.2.16.orig/debian/mpms.prerm +++ apache2-2.2.16/debian/mpms.prerm @@ -0,0 +1,27 @@ +#!/bin/sh -e + +# Apache2 prerm +# Thom May + +case "$1" in + upgrade|remove) + if [ -x "/etc/init.d/apache2" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d apache2 stop || true + else + /etc/init.d/apache2 stop || true + fi + fi + sleep 2 + ;; + deconfigure|failed-upgrade) + ;; + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 --- apache2-2.2.16.orig/debian/apache2.postinst +++ apache2-2.2.16/debian/apache2.postinst @@ -0,0 +1,20 @@ +#!/bin/sh +set -e + +if [ "$1" != "configure" ]; then + exit 0 +fi + +# postinst for apache2, apache2-prefork-dev, apache2-threaded-dev + +P=apache2 +if dpkg --compare-versions "$2" lt 2.2.11-5~ ; then + DOCDIR=/usr/share/doc/$P + if [ ! -h $DOCDIR -a -d $DOCDIR ] ; then + rmdir $DOCDIR 2> /dev/null && ln -s apache2.2-common $DOCDIR + fi +fi + +#DEBHELPER# + +exit 0 --- apache2-2.2.16.orig/debian/a2enmod.8 +++ apache2-2.2.16/debian/a2enmod.8 @@ -0,0 +1,68 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH A2ENMOD 8 "12 October 2006" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +a2enmod, a2dismod \- enable or disable an apache2 module +.SH SYNOPSIS +.B a2enmod +.RI [ module ] +.PP +.B a2dismod +.RI [ module ] +.SH DESCRIPTION +This manual page documents briefly the +.B a2enmod +and +.B a2dismod +commands. +.PP +.B a2enmod +is a script that enables the specified module within the +.B apache2 +configuration. It does this by creating symlinks within +.BR /etc/apache2/mods-enabled . +Likewise, +.B a2dismod +disables a module by removing those symlinks. It is not an error to +enable a module which is already enabled, or to disable one which is +already disabled. +.SH EXAMPLES +.RS +.B "a2enmod imagemap" +.br +.B "a2dismod mime_magic" +.RE +.PP +Enables the +.B mod_imagemap +module, and disables the +.B mod_mime_magic +module. +.SH FILES +.TP +.B /etc/apache2/mods-available +Directory with files giving information on available modules. +.TP +.B /etc/apache2/mods-enabled +Directory with links to the files in +.B mods-available +for enabled modules. +.SH "SEE ALSO" +.BR apache2ctl (8). +.SH AUTHOR +This manual page was written by Daniel Stone for the Debian +GNU/Linux distribution, as it is a Debian-specific script with the package. --- apache2-2.2.16.orig/debian/httxt2dbm.8 +++ apache2-2.2.16/debian/httxt2dbm.8 @@ -0,0 +1,41 @@ +.TH "HTTXT2DBM" 8 "2007-06-26" "Apache HTTP Server" "httxt2dbm" + +.SH NAME +httxt2dbm - Generate dbm files for use with RewriteMap + +.SH "SYNOPSIS" + +.PP +\fBhttxt2dbm\fR [ \fB\-v\fR ] [ \fB\-f\fR \fIDBM_TYPE\fR ] \fB\-i\fR \fISOURCE_TXT\fR \fB\-o\fR \fIOUTPUT_DBM\fR + +.SH "SUMMARY" + +.PP +\fBhttxt2dbm\fR is used to generate dbm files from text input, for use in RewriteMap with the dbm map type. + +.SH "OPTIONS" + +.TP +\-v +More verbose output +.TP +\-f \fIDBM_TYPE\fR +Specify the DBM type to be used for the output. If not specified, will use the APR Default. Available types are: + GDBM for GDBM files + SDBM for SDBM files + DB for berkeley DB files + NDBM for NDBM files + default for the default DBM type +.TP +\-i \fISOURCE_TXT\fR +Input file from which the dbm is to be created. The file should be formated with one record per line, of the form: + key value +See the documentation for RewriteMap for further details of this file's format and meaning. +.TP +\-o \fIOUTPUT_DBM\fR +Name of the output dbm files. + +.SH "EXAMPLES" +httxt2dbm \-i rewritemap.txt \-o rewritemap.dbm + +httxt2dbm \-f SDBM \-i rewritemap.txt \-o rewritemap.dbm --- apache2-2.2.16.orig/debian/apache2.2-common.lintian-overrides +++ apache2-2.2.16/debian/apache2.2-common.lintian-overrides @@ -0,0 +1,3 @@ +apache2.2-common: setuid-binary usr/lib/apache2/suexec 4754 root/www-data +apache2.2-common: non-standard-dir-perm var/log/apache2/ 0750 != 0755 +apache2.2-common: package-contains-empty-directory usr/lib/cgi-bin/ --- apache2-2.2.16.orig/debian/apache2-doc.conf +++ apache2-2.2.16/debian/apache2-doc.conf @@ -0,0 +1,10 @@ +Alias /manual /usr/share/doc/apache2-doc/manual/ + + + Options Indexes FollowSymlinks + AllowOverride None + Order allow,deny + Allow from all + AddDefaultCharset off + + --- apache2-2.2.16.orig/debian/apache2.2-common.postrm +++ apache2-2.2.16/debian/apache2.2-common.postrm @@ -0,0 +1,79 @@ +#! /bin/sh + +set -e + +# Allow apache 2.4 to override what we do. +if [ -x /etc/apache2/upgrade-to-2.4-in-progress ] ; then + set +e + /etc/apache2/upgrade-to-2.4-in-progress $0 "$@" + ret=$? + set -e + case $ret in + 42) + exit 0 + ;; + 43) + DONT_PURGE=1 + ;; + 0) + : # do nothing + ;; + *) + exit $ret + ;; + esac +fi + + +if [ "$1" = purge -a "$DONT_PURGE" != 1 ] ; then + rm -f /etc/apache2/httpd.conf \ + /var/cache/apache2/reload \ + /var/log/apache2/access.log* \ + /var/log/apache2/other_vhosts_access.log* \ + /var/log/apache2/error.log* + + rm -rf /var/cache/apache2/proxy \ + /var/cache/apache2/mod_disk_cache \ + /var/run/apache2 \ + /var/lock/apache2 + + for f in /etc/apache2/sites-enabled/* \ + /etc/apache2/mods-enabled/* ; do + [ -L "$f" ] && rm -f "$f" + done + + for d in /etc/apache2/sites-enabled/ \ + /etc/apache2/mods-enabled/ \ + /etc/apache2/conf.d \ + /etc/apache2 \ + /var/log/apache2 \ + /var/cache/apache2 ; do + rmdir $d 2> /dev/null || true + done + +fi + +restore_conffile() { + if [ -e $1.dpkg-apache2.2-common.old ] ; then + echo Restoring previous version of $1 ... + mv $1.dpkg-apache2.2-common.old $1 + fi +} + +if [ "$1" = abort-upgrade ] ; then + restore_conffile /etc/default/apache2 + restore_conffile /etc/apache2/ports.conf + restore_conffile /etc/apache2/conf.d/charset +fi + +if [ "$1" = remove ] ; then + MD5SUM="`md5sum /var/www/index.html 2>/dev/null | cut -d ' ' -f 1`" + case "$MD5SUM" in + 5388f60d7695cb57b87c799ee62d20b2|\ + 21dde95d9d269cbb2fa6560309dca40c) + rm -f /var/www/index.html + ;; + esac +fi + +#DEBHELPER# --- apache2-2.2.16.orig/debian/watch +++ apache2-2.2.16/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://www.apache.org/dist/httpd/httpd-(2\.2.*)\.tar\.gz --- apache2-2.2.16.orig/debian/apache2-doc.doc-base +++ apache2-2.2.16/debian/apache2-doc.doc-base @@ -0,0 +1,10 @@ +Document: apache2-manual +Title: Apache HTTP Server Version 2.2 Documentation +Abstract: This documentation describes the configuration of the Apache Web + server and the included modules. +Section: web + +Format: HTML +Index: /usr/share/doc/apache2-doc/manual/en/index.html +Files: /usr/share/doc/apache2-doc/manual/*/*.html + /usr/share/doc/apache2-doc/manual/*/*/*.html --- apache2-2.2.16.orig/debian/apache2.2-common.postinst +++ apache2-2.2.16/debian/apache2.2-common.postinst @@ -0,0 +1,97 @@ +#!/bin/sh -e + +if [ "$1" != "configure" ]; then + exit 0 +fi + +mod_is_enabled() { + test -L /etc/apache2/mods-enabled/$1.load +} + +#set up default site and dummy error and access logs +if [ -z "$2" ]; then + if [ ! -L /etc/apache2/sites-enabled/000-default -a \ + ! -f /etc/apache2/sites-enabled/000-default ]; then + a2ensite -q default + fi + touch /var/log/apache2/error.log /var/log/apache2/access.log + chown root:adm /var/log/apache2/error.log /var/log/apache2/access.log + chmod 0640 /var/log/apache2/error.log /var/log/apache2/access.log +fi + +# Note, this line catches new installs as well as upgrades +if dpkg --compare-versions "$2" lt 2.2.3-3.1; then + a2enmod -q alias + a2enmod -q autoindex + a2enmod -q dir + a2enmod -q env + a2enmod -q mime + a2enmod -q negotiation + a2enmod -q setenvif + a2enmod -q status + a2enmod -q auth_basic + a2enmod -q deflate + + # Those come from mod_auth: + a2enmod -q authz_default + a2enmod -q authz_user + a2enmod -q authz_groupfile + a2enmod -q authn_file + + # This comes from mod_access: + a2enmod -q authz_host + +fi + +if [ -n "$2" ] && dpkg --compare-versions "$2" lt 2.2.15-4~ ; then + echo activating new config files ... + for a in ldap proxy_balancer proxy_ftp ; do + if mod_is_enabled $a && [ ! -e /etc/apache2/mods-enabled/$a.conf ] ; then + a2enmod -q $a + fi + done + echo " done." +fi + +# Note, this line catches new installs as well as upgrades +if dpkg --compare-versions "$2" lt 2.2.7-1~0; then + if [ ! -e /var/www/index.html -a \ + ! -h /var/www/index.html -a \ + ! -e /var/www/index.cgi -a \ + ! -e /var/www/index.pl -a \ + ! -e /var/www/index.php -a \ + ! -e /var/www/index.xhtml -a \ + ! -e /var/www/index.htm ] ; then + cp /usr/share/apache2/default-site/index.html /var/www/index.html + fi +fi + +# DavLockDB format change +if dpkg --compare-versions "$2" lt 2.2.14-3~; then + rm -f /var/lock/apache2/DAVLock.dir /var/lock/apache2/DAVLock.pag +fi + +# Note, this line catches new installs as well as upgrades +if dpkg --compare-versions "$2" lt 2.2.15-1~0; then + a2enmod -q reqtimeout +fi + +# The definition of other_vhost_access.log has been moved. +# Disable the new definition if the admin has changed the old +# one (as determined by preinst). +if [ -e /etc/apache2/disable-other-vhost-access-log.dpkg-apache2.2-common ] ; then + echo "Disabling /etc/apache2/conf.d/other-vhosts-access-log" + perl -p -i -e 's/^(CustomLog.*)$/#$1/' /etc/apache2/conf.d/other-vhosts-access-log + rm /etc/apache2/disable-other-vhost-access-log.dpkg-apache2.2-common +fi + +rm -f /etc/apache2/ports.conf.dpkg-apache2.2-common.old +rm -f /etc/default/apache2.dpkg-apache2.2-common.old +rm -f /etc/apache2/conf.d/charset.dpkg-apache2.2-common.old + +[ -f /etc/apache2/httpd.conf ] || touch /etc/apache2/httpd.conf + +#DEBHELPER# + +exit 0 + --- apache2-2.2.16.orig/debian/apache2.2-common.apache2.init +++ apache2-2.2.16/debian/apache2.2-common.apache2.init @@ -0,0 +1,282 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: apache2 +# Required-Start: $local_fs $remote_fs $network $syslog $named +# Required-Stop: $local_fs $remote_fs $network $syslog $named +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# X-Interactive: true +# Short-Description: Start/stop apache2 web server +### END INIT INFO + +set -e + +SCRIPTNAME="${0##*/}" +SCRIPTNAME="${SCRIPTNAME##[KS][0-9][0-9]}" +if [ -n "$APACHE_CONFDIR" ] ; then + if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then + DIR_SUFFIX="${APACHE_CONFDIR##/etc/apache2-}" + else + DIR_SUFFIX= + fi +elif [ "${SCRIPTNAME##apache2-}" != "$SCRIPTNAME" ] ; then + DIR_SUFFIX="-${SCRIPTNAME##apache2-}" + APACHE_CONFDIR=/etc/apache2$DIR_SUFFIX +else + DIR_SUFFIX= + APACHE_CONFDIR=/etc/apache2 +fi +if [ -z "$APACHE_ENVVARS" ] ; then + APACHE_ENVVARS=$APACHE_CONFDIR/envvars +fi +export APACHE_CONFDIR APACHE_ENVVARS + +ENV="env -i LANG=C PATH=/usr/local/bin:/usr/bin:/bin" +if [ "$APACHE_CONFDIR" != /etc/apache2 ] ; then + ENV="$ENV APACHE_CONFDIR=$APACHE_CONFDIR" +fi +if [ "$APACHE_ENVVARS" != "$APACHE_CONFDIR/envvars" ] ; then + ENV="$ENV APACHE_ENVVARS=$APACHE_ENVVARS" +fi + + +#edit /etc/default/apache2 to change this. +HTCACHECLEAN_RUN=auto +HTCACHECLEAN_MODE=daemon +HTCACHECLEAN_SIZE=300M +HTCACHECLEAN_DAEMON_INTERVAL=120 +HTCACHECLEAN_PATH=/var/cache/apache2$DIR_SUFFIX/mod_disk_cache +HTCACHECLEAN_OPTIONS="" + +APACHE_HTTPD=$(. $APACHE_ENVVARS && echo $APACHE_HTTPD) +if [ -z "$APACHE_HTTPD" ] ; then + APACHE_HTTPD=/usr/sbin/apache2 +fi +if [ ! -x $APACHE_HTTPD ] ; then + echo "No apache MPM package installed" + exit 0 +fi + +. /lib/lsb/init-functions + +test -f /etc/default/rcS && . /etc/default/rcS + +if [ -f /etc/default/apache2$DIR_SUFFIX ] ; then + . /etc/default/apache2$DIR_SUFFIX +elif [ -f /etc/default/apache2 ] ; then + . /etc/default/apache2 +fi + +APACHE2CTL="$ENV /usr/sbin/apache2ctl" +HTCACHECLEAN="$ENV /usr/sbin/htcacheclean" + +PIDFILE=$(. $APACHE_ENVVARS && echo $APACHE_PID_FILE) +if [ -z "$PIDFILE" ] ; then + echo ERROR: APACHE_PID_FILE needs to be defined in $APACHE_ENVVARS >&2 + exit 2 +fi + + +check_htcacheclean() { + [ "$HTCACHECLEAN_MODE" = "daemon" ] || return 1 + + [ "$HTCACHECLEAN_RUN" = "yes" ] && return 0 + + MODSDIR=$(. $APACHE_ENVVARS && echo $APACHE_MODS_ENABLED) + [ "$HTCACHECLEAN_RUN" = "auto" \ + -a -e ${MODSDIR:-$APACHE_CONFDIR/mods-enabled}/disk_cache.load ] && \ + return 0 + + return 1 +} + +start_htcacheclean() { + if [ ! -d "$HTCACHECLEAN_PATH" ] ; then + echo "... directory $HTCACHECLEAN_PATH does not exist!" >&2 + return 1 + fi + $HTCACHECLEAN $HTCACHECLEAN_OPTIONS -d$HTCACHECLEAN_DAEMON_INTERVAL \ + -i -p$HTCACHECLEAN_PATH -l$HTCACHECLEAN_SIZE +} + +stop_htcacheclean() { + pkill -P 1 -f "htcacheclean.* -p$HTCACHECLEAN_PATH " 2> /dev/null || echo ...not running +} + +pidof_apache() { + # if there is actually an apache2 process whose pid is in PIDFILE, + # print it and return 0. + if [ -e "$PIDFILE" ]; then + if pidof apache2 | tr ' ' '\n' | grep -w $(cat $PIDFILE); then + return 0 + fi + fi + return 1 +} + +apache_stop() { + if $APACHE2CTL configtest > /dev/null 2>&1; then + # if the config is ok than we just stop normaly + $APACHE2CTL stop 2>&1 | grep -v 'not running' >&2 || true + else + # if we are here something is broken and we need to try + # to exit as nice and clean as possible + PID=$(pidof_apache) || true + + if [ "${PID}" ]; then + # in this case it is everything nice and dandy and we kill apache2 + echo + log_warning_msg "The apache2$DIR_SUFFIX configtest failed, so we are trying to kill it manually. This is almost certainly suboptimal, so please make sure your system is working as you'd expect now!" + kill $PID + elif [ "$(pidof apache2)" ]; then + if [ "$VERBOSE" != no ]; then + echo " ... failed!" + echo "You may still have some apache2 processes running. There are" + echo "processes named 'apache2' which do not match your pid file," + echo "and in the name of safety, we've left them alone. Please review" + echo "the situation by hand." + fi + return 1 + fi + fi +} + +apache_wait_stop() { + # running ? + PIDTMP=$(pidof_apache) || true + if kill -0 "${PIDTMP:-}" 2> /dev/null; then + PID=$PIDTMP + fi + + apache_stop + + # wait until really stopped + if [ -n "${PID:-}" ]; then + i=0 + while kill -0 "${PID:-}" 2> /dev/null; do + if [ $i = '60' ]; then + break; + else + if [ $i = '0' ]; then + echo -n " ... waiting " + else + echo -n "." + fi + i=$(($i+1)) + sleep 1 + fi + done + fi +} + +case $1 in + start) + log_daemon_msg "Starting web server" "apache2" + if $APACHE2CTL start; then + if check_htcacheclean ; then + log_progress_msg htcacheclean + start_htcacheclean || log_end_msg 1 + fi + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + stop) + if check_htcacheclean ; then + log_daemon_msg "Stopping web server" "htcacheclean" + stop_htcacheclean + log_progress_msg "apache2" + else + log_daemon_msg "Stopping web server" "apache2" + fi + if apache_wait_stop; then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + graceful-stop) + if check_htcacheclean ; then + log_daemon_msg "Stopping web server" "htcacheclean" + stop_htcacheclean + log_progress_msg "apache2" + else + log_daemon_msg "Stopping web server" "apache2" + fi + if $APACHE2CTL graceful-stop; then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + reload | force-reload | graceful) + if ! $APACHE2CTL configtest > /dev/null 2>&1; then + $APACHE2CTL configtest || true + log_end_msg 1 + exit 1 + fi + log_daemon_msg "Reloading web server config" "apache2" + if pidof_apache > /dev/null ; then + if $APACHE2CTL graceful $2 ; then + log_end_msg 0 + else + log_end_msg 1 + fi + fi + ;; + restart) + if ! $APACHE2CTL configtest > /dev/null 2>&1; then + $APACHE2CTL configtest || true + log_end_msg 1 + exit 1 + fi + if check_htcacheclean ; then + log_daemon_msg "Restarting web server" "htcacheclean" + stop_htcacheclean + log_progress_msg apache2 + else + log_daemon_msg "Restarting web server" "apache2" + fi + PID=$(pidof_apache) || true + if ! apache_wait_stop; then + log_end_msg 1 || true + fi + if $APACHE2CTL start; then + if check_htcacheclean ; then + start_htcacheclean || log_end_msg 1 + fi + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + start-htcacheclean) + log_daemon_msg "Starting htcacheclean" + start_htcacheclean || log_end_msg 1 + log_end_msg 0 + ;; + stop-htcacheclean) + log_daemon_msg "Stopping htcacheclean" + stop_htcacheclean + log_end_msg 0 + ;; + status) + PID=$(pidof_apache) || true + if [ -n "$PID" ]; then + echo "Apache2$DIR_SUFFIX is running (pid $PID)." + exit 0 + else + echo "Apache2$DIR_SUFFIX is NOT running." + if [ -e "$PIDFILE" ]; then + exit 1 + else + exit 3 + fi + fi + ;; + *) + log_success_msg "Usage: /etc/init.d/apache2$DIR_SUFFIX {start|stop|graceful-stop|restart|reload|force-reload|start-htcacheclean|stop-htcacheclean|status}" + exit 1 + ;; +esac --- apache2-2.2.16.orig/debian/README.source +++ apache2-2.2.16/debian/README.source @@ -0,0 +1,17 @@ +Debian-apache uses dpatch to make changes to the upstream source. + +To apply all of the patches run: +./debian/rules patch + +To unapply all of the patches run: +./debian/rules unpatch + +To add (or edit) a patch run: +dpatch-edit-patch name_of_patch_goes_here +#make your changes +exit + +dpatch will make a new patch in debian/patches/ if one with that name doesn't already exist, otherwise it will change the existing one. +To make it get used add it to debian/patches/00list . + +To make a patch not get used remove it from debian/patches/00list . --- apache2-2.2.16.orig/debian/apache2.2-common.preinst +++ apache2-2.2.16/debian/apache2.2-common.preinst @@ -0,0 +1,28 @@ +#! /bin/sh -e + +mv_conffile() { + if [ "`md5sum $1 2>/dev/null | cut -d ' ' -f 1`" = "$2" ] ; then + echo Replacing $1 with new version ... + mv $1 $1.dpkg-apache2.2-common.old + fi +} + +if [ -n "$2" ] && dpkg --compare-versions "$2" lt 2.2.4-2; then + mv_conffile /etc/default/apache2 9ac83f9132b78c3aa6dd4d7a583bf476 + mv_conffile /etc/default/apache2 801eb5156368b54d92ecb578ce710836 + mv_conffile /etc/apache2/ports.conf d5fcefc335117f400d451de47efeca87 + mv_conffile /etc/apache2/conf.d/charset 641239a7d2d172856cb1413a47d2e142 +fi + +if [ -n "$2" ] && dpkg --compare-versions "$2" lt 2.2.15-4~ ; then + # The definition of other_vhosts_access.log has been moved from + # apache2.conf to conf.d/other-vhosts-access-log. If the admin has + # removed it from apache2.conf, mark it to be disabled in + # conf.d/other-vhosts-access-log in the postinst. + if ! egrep -q '^ *CustomLog.*other_vhosts_access.log vhost_combined$' /etc/apache2/apache2.conf + then + touch /etc/apache2/disable-other-vhost-access-log.dpkg-apache2.2-common + fi +fi + +#DEBHELPER# --- apache2-2.2.16.orig/debian/source.lintian-overrides +++ apache2-2.2.16/debian/source.lintian-overrides @@ -0,0 +1,2 @@ +apache2 source: ancient-autotools-helper-file srclib/apr-util/xml/expat/conftools/config.sub 2002-03-07 +apache2 source: ancient-autotools-helper-file srclib/apr-util/xml/expat/conftools/config.guess 2002-03-20 --- apache2-2.2.16.orig/debian/apache2-threaded-dev.dirs +++ apache2-2.2.16/debian/apache2-threaded-dev.dirs @@ -0,0 +1,4 @@ +usr/include/apache2 +usr/bin +usr/share/apache2/build +usr/share/man/man8 --- apache2-2.2.16.orig/debian/apache2-suexec-custom.lintian-overrides +++ apache2-2.2.16/debian/apache2-suexec-custom.lintian-overrides @@ -0,0 +1 @@ +setuid-binary usr/lib/apache2/suexec 4754 root/www-data --- apache2-2.2.16.orig/debian/a2dismod.8 +++ apache2-2.2.16/debian/a2dismod.8 @@ -0,0 +1 @@ +.so man8/a2enmod.8 --- apache2-2.2.16.orig/debian/mpms.postinst +++ apache2-2.2.16/debian/mpms.postinst @@ -0,0 +1,48 @@ +#!/bin/sh +set -e + +if [ "$1" != "configure" ]; then + exit 0 +fi + +P=apache2-mpm-MPMXXX +if [ $P = apache2-mpm-prefork ] || [ $P = apache2-mpm-itk ]; then + CGI_DIS=cgid + CGI_EN=cgi +else + CGI_DIS=cgi + CGI_EN=cgid +fi + +#enable cgi/cgid, but only on new installs. +if [ -z "$2" ]; then + a2dismod $CGI_DIS >/dev/null || true + a2enmod $CGI_EN >/dev/null || echo "It looks like you've deleted /etc/apache2/mods-available/cgid.load, so mod_cgid cannot be enabled. To fix this, please purge and reinstall apache2.2-common." +fi + +# Migrate our kill symlinks, including ones the user may have done an s/S/K/ to: +for i in `seq 0 6`; do + if [ -L /etc/rc"$i".d/K91apache2 ]; then + mv /etc/rc"$i".d/K91apache2 \ + /etc/rc"$i".d/K09apache2 + fi +done + +if [ -x "/etc/init.d/apache2" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d apache2 start ||true + else + /etc/init.d/apache2 start ||true + fi +fi + +if dpkg --compare-versions "$2" lt 2.2.11-5~ ; then + DOCDIR=/usr/share/doc/$P + if [ ! -h $DOCDIR -a -d $DOCDIR ] ; then + rmdir $DOCDIR 2> /dev/null && ln -s apache2.2-common $DOCDIR + fi +fi + +#DEBHELPER# + +exit 0 --- apache2-2.2.16.orig/debian/apache2-utils.dirs +++ apache2-2.2.16/debian/apache2-utils.dirs @@ -0,0 +1,4 @@ +usr/bin +usr/sbin +usr/share/man/man1 +usr/share/man/man8 --- apache2-2.2.16.orig/debian/apache2-utils.install +++ apache2-2.2.16/debian/apache2-utils.install @@ -0,0 +1,19 @@ +usr/sbin/ab /usr/bin +usr/share/man/man1/ab.1 +usr/sbin/checkgid +usr/sbin/dbmmanage usr/bin/ +usr/share/man/man1/dbmmanage.1 +usr/sbin/htdbm usr/bin/ +usr/share/man/man1/htdbm.1 +usr/sbin/htdigest usr/bin/ +usr/share/man/man1/htdigest.1 +usr/sbin/htpasswd usr/bin/ +usr/share/man/man1/htpasswd.1 +usr/sbin/logresolve /usr/bin +usr/share/man/man1/logresolve.1 +usr/sbin/rotatelogs +usr/share/man/man8/rotatelogs.8 +usr/sbin/htcacheclean +usr/share/man/man8/htcacheclean.8 +support/check_forensic usr/sbin +debian/build-tree/worker/support/split-logfile usr/sbin --- apache2-2.2.16.orig/debian/mpms.links +++ apache2-2.2.16/debian/mpms.links @@ -0,0 +1,2 @@ +usr/lib/apache2/mpm-MPMXXX/apache2 usr/sbin/apache2 +usr/share/bug/apache2.2-common/script usr/share/bug/apache2-mpm-MPMXXX/script --- apache2-2.2.16.orig/debian/a2enmod +++ apache2-2.2.16/debian/a2enmod @@ -0,0 +1,341 @@ +#!/usr/bin/perl -w +# +# a2enmod by Stefan Fritsch +# Licensed under Apache License 2.0 + +use strict; +use Cwd 'realpath'; +use File::Spec; +use File::Basename; +use Getopt::Long; + +my $quiet; +my $force; +Getopt::Long::Configure('bundling'); +GetOptions( + 'quiet|q' => \$quiet, + 'force|f' => \$force +) or exit 2; + +my $basename = basename($0); +$basename =~ /^a2(en|dis)(mod|site)((?:-.+)?)$/ + or die "$basename call name unknown\n"; +my $act = $1; +my $obj = $2; +my $dir_suffix = $3; + +my $env_file = $ENV{APACHE_ENVVARS} + || ( + $ENV{APACHE_CONFDIR} + ? "$ENV{APACHE_CONFDIR}/envvars" + : "/etc/apache2$dir_suffix/envvars" + ); +$ENV{LANG}='C'; +read_env_file($env_file); + +$act .= 'able'; +my ( $name, $dir, $sffx, $reload ); +if ( $obj eq 'mod' ) { + $obj = 'module'; + $dir = 'mods'; + $sffx = '.load'; + $reload = 'restart'; +} +else { + $dir = 'sites'; + $sffx = ''; + $reload = 'reload'; +} +$name = ucfirst($obj); + +my $confdir = $ENV{APACHE_CONFDIR} || "/etc/apache2$dir_suffix"; +my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") } || "$confdir/$dir-available"; +my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled"; + +my $choicedir = $act eq 'enable' ? $availdir : $enabldir; +my $linkdir = File::Spec->abs2rel( $availdir, $enabldir ); + +my $request_reload = 0; + +my $rc = 0; + +if ( !scalar @ARGV ) { + my @choices = myglob('*'); + print "Your choices are: @choices\n"; + print "Which ${obj}(s) do you want to $act (wildcards ok)?\n"; + my $input = <>; + @ARGV = split /\s+/, $input; + +} + +my @objs; +foreach my $arg (@ARGV) { + my @glob = myglob($arg); + if ( !@glob ) { + error("No $obj found matching $arg!\n"); + $rc = 1; + } + else { + push @objs, @glob; + } +} + +foreach my $acton (@objs) { + doit($acton) or $rc = 1; +} + +info("Run '/etc/init.d/apache2 $reload' to activate new configuration!\n") + if $request_reload; + +exit($rc); + +############################################################################## + +sub myglob { + my $arg = shift; + + my @glob = map { + s{^$choicedir/}{}; + s{$sffx$}{}; + s{^000-default$}{default}; + $_ + } glob("$choicedir/$arg$sffx"); + + # use same rules as apache's Include directive + @glob = grep( /^[[:alnum:]][-._[:alnum:]]*$/, @glob ); + @glob = grep( !/\.dpkg/, @glob ); + + return @glob; +} + +sub doit { + my $acton = shift; + + my $prio = ""; + if ( $obj eq 'site' && $acton eq 'default' ) { + $prio = '000-'; + } + + my ( $conftgt, $conflink ); + if ( $obj eq 'module' ) { + if ( $acton eq 'cgi' && threaded() ) { + print "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n"; + $acton = 'cgid'; + } + + $conftgt = "$availdir/$acton.conf"; + if ( -e $conftgt ) { + $conflink = "$enabldir/$acton.conf"; + } + } + + my $tgt = "$availdir/$acton$sffx"; + my $link = "$enabldir/$prio$acton$sffx"; + + if ( !-e $tgt ) { + if ( -l $link && !-e $link ) { + if ( $act eq 'disable' ) { + info("removing dangling symlink $link\n"); + unlink($link); + return 1; + } + else { + error("$link is a dangling symlink!\n"); + } + } + + error("$name $acton does not exist!\n"); + return 0; + } + + # handle module dependencies + if ( $obj eq 'module' ) { + if ( $act eq 'enable' ) { + my $depends = qx{grep "# Depends:" "$availdir/$acton.load"|cut -f2 -d:}; + $depends =~ s,^[\s\n]+,,; + $depends =~ s,[\s\n]+$,,; + do_deps( $acton, split( /[\n\s]+/, $depends ) ) or return 0; + } + else { + my @depends = qx{egrep "# Depends:.*${acton}( |\$)" $enabldir/*.load}; + @depends = grep {s{^.*?/([^/]*?)\.load:.*}{$1}s} @depends; + if ( scalar @depends ) { + if ($force) { + do_deps( $acton, @depends ) or return 0; + } + else { + error( + "The following modules depend on $acton ", + "and need to be disabled first: @depends\n" + ); + return 0; + } + } + } + } + + if ( $act eq 'enable' ) { + my $check = check_link( $tgt, $link ); + if ( $check eq 'ok' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'ok' ) { + info("$name $acton already enabled\n"); + return 1; + } + elsif ( $confcheck eq 'missing' ) { + print "Enabling config file $acton.conf.\n"; + add_link( $conftgt, $conflink ) or return 0; + } + else { + error("Config file $acton.conf not properly enabled: $confcheck\n"); + return 0; + } + } + else { + info("$name $acton already enabled\n"); + return 1; + } + } + elsif ( $check eq 'missing' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'missing' ) { + add_link( $conftgt, $conflink ) or return 0; + } + elsif ( $confcheck ne 'ok' ) { + error("Config file $acton.conf not properly enabled: $confcheck\n"); + return 0; + } + } + + print "Enabling $obj $acton.\n"; + if ( $acton eq 'ssl' ) { + info("See /usr/share/doc/apache2.2-common/README.Debian.gz on " . + "how to configure SSL and create self-signed certificates.\n"); + } + return add_link( $tgt, $link ); + } + else { + error("$name $acton not properly enabled: $check\n"); + return 0; + } + } + else { + if ( -e $link || -l $link ) { + remove_link($link); + if ( $conflink && -e $conflink ) { + remove_link($conflink); + } + print "$name $acton disabled.\n"; + } + elsif ( $conflink && -e $conflink ) { + print "Disabling stale config file $acton.conf.\n"; + remove_link($conflink); + } + else { + info("$name $acton already disabled\n"); + return 1; + } + } + + return 1; +} + +sub do_deps { + my $acton = shift; + foreach my $d (@_) { + info("Considering dependency $d for $acton:\n"); + if ( !doit($d) ) { + error("Could not $act dependency $d for $acton, aborting\n"); + return 0; + } + } + return 1; +} + +sub add_link { + my ( $tgt, $link ) = @_; + + # create relative link + if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) { + die("Could not create $link: $!\n"); + } + $request_reload = 1; + return 1; +} + +sub check_link { + my ( $tgt, $link ) = @_; + + if ( !-e $link ) { + if ( -l $link ) { + + # points to nowhere + info("Removing dangling link $link"); + unlink($link) or die "Could not remove $link\n"; + } + return 'missing'; + } + + if ( -e $link && !-l $link ) { + return "$link is a real file, not touching it"; + } + if ( realpath($link) ne realpath($tgt) ) { + return "$link exists but does not point to $tgt, not touching it"; + } + return 'ok'; +} + +sub remove_link { + my ($link) = @_; + + if ( -l $link ) { + unlink($link) or die "Could not remove $link: $!\n"; + } + elsif ( -e $link ) { + error("$link is not a symbolic link, not deleting\n"); + return 0; + } + $request_reload = 1; + return 1; +} + +sub threaded { + my $result = ""; + $result = qx{/usr/sbin/apache2 -V | grep 'threaded'} if -x '/usr/sbin/apache2'; + if ( $result =~ / no/ ) { + return 0; + } + else { + return 1; + } +} + +sub info { + print @_ if !$quiet; +} + +sub error { + print STDERR 'ERROR: ', @_; +} + +sub read_env_file { + my $file = shift; + + -r $file or return; + my @lines = qx{env - sh -c '. $file && env'}; + if ($?) { + die "Could not read $file\n"; + } + + foreach my $l (@lines) { + chomp $l; + $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n"; + $ENV{$1} = $2; + } +} --- apache2-2.2.16.orig/debian/apache2-dbg.postinst +++ apache2-2.2.16/debian/apache2-dbg.postinst @@ -0,0 +1,18 @@ +#!/bin/sh +set -e + +if [ "$1" != "configure" ]; then + exit 0 +fi + +P=apache2-dbg +if dpkg --compare-versions "$2" lt 2.2.11-5~ ; then + DOCDIR=/usr/share/doc/$P + if [ ! -h $DOCDIR -a -d $DOCDIR ] ; then + rmdir $DOCDIR 2> /dev/null && ln -s apache2.2-bin $DOCDIR + fi +fi + +#DEBHELPER# + +exit 0 --- apache2-2.2.16.orig/debian/logrotate +++ apache2-2.2.16/debian/logrotate @@ -0,0 +1,13 @@ +/var/log/apache2/*.log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null + endscript +} --- apache2-2.2.16.orig/debian/NEWS +++ apache2-2.2.16/debian/NEWS @@ -0,0 +1,165 @@ +apache2 (2.2.15-4) unstable; urgency=low + + * Note to people using mod_proxy as forward proxy, i.e. with + 'ProxyRequests on': + This release disables the configuration in mods-available/proxy.conf + by default. You should verify that access control for proxy access + still works as intended. This is especially important if you have + your forward proxy configuration in a different configuration file + than proxy.conf. + + -- Stefan Fritsch Mon, 19 Apr 2010 22:36:57 +0200 + +apache2 (2.2.15-1) unstable; urgency=low + + * To fix a security vulnerability in the design of the SSL/TLS protocol + (CVE-2009-3555), the protocol had to be extended (RFC 5746). By default, + session renegotiation is no longer supported with old clients that do not + implement this extension. This breaks certain configurations with client + certificate authentication. If you still need to support old clients, you + may restore the old (insecure) behaviour by uncommenting the + + SSLInsecureRenegotiation on + + line in /etc/apache2/mods-available/ssl.conf + + * This release adds and enables mod_reqtimeout, which limits the time + Apache waits for a client to send a complete request. This helps to + mitigate against certain denial of service attacks. In case of problems + with slow clients, the timeout values can be adjusted in + /etc/apache2/mods-available/reqtimeout.conf , or the module can be + disabled with "a2dismod reqtimeout". + + -- Stefan Fritsch Sat, 28 Aug 2010 20:49:30 +0100 + +apache2 (2.2.14-6) unstable; urgency=low + + * Apache now uses the environment variables APACHE_RUN_DIR, APACHE_LOCK_DIR, + and APACHE_LOG_DIR in the default configuration. If you have modified + /etc/apache2/envvars, make sure that these variables are set and exported. + * There is now some support for running multiple instances of Apache on the + same machine. See the documentation in /usr/share/doc/apache2.2-common for + details. + + -- Stefan Fritsch Sun, 07 Feb 2010 13:56:59 +0100 + +apache2 (2.2.13-2) unstable; urgency=high + + * The new support for TLS Server Name Indication added in 2.2.12 causes + Apache to be stricter about certain misconfigurations involving name + based SSL virtual hosts. This may result in Apache refusing to start + with the logged error message: + + Server should be SSL-aware but has no certificate configured + [Hint: SSLCertificateFile] + + Up to 2.2.11, Apache accepted configurations where the necessary SSL + configuration statements were included in the first (default) + block but not in subsequent + blocks. Starting with 2.2.12, every VirtualHost block used with SSL must + contain the SSLEngine, SSLCertificateFile, and SSLCertificateKeyFile + directives (SSLCertificateKeyFile is optional in some cases). + + When you encounter the above problem, the output of the command + + egrep -ir '^[^#]*(sslcertificate|sslengine|virtualhost)' \ + /etc/apache2/*conf* /etc/apache2/*enabled + + may be useful to determine which VirtualHost sections need to be changed. + + Also, formerly accidentially working constructs like + + + + where one virtual host definition is used for both a non-ssl and a ssl + virtual host do not work anymore. You can achieve a similar effect with + + + Include /.../vhost.include + + + SSLEngine on + SSLCertificateFile ... + Include /.../vhost.include + + + -- Stefan Fritsch Wed, 16 Sep 2009 20:14:59 +0200 + +apache2 (2.2.9-3) unstable; urgency=low + + * The directive "NameVirtualHost *" has been changed to "NameVirtualHost + *:80". It has also been moved from sites-available/default to ports.conf. + This allows to ship a proper SSL default virtual host config in + sites-available/default-ssl, but it means that if you use several name + based virtual hosts: + + - you will have to change to in your + name based virtual hosts + + - you need to add more NameVirtualHost directives if you use other ports + than 80 with name based virtual hosts. You may also have to add these + ports to the default virtual host in /etc/apache2/sites-available/default + (like this: ""). + + If you prefer to revert to the old setup instead (and don't need the + default-ssl host), just change "NameVirtualHost *:80" back to + "NameVirtualHost *" in ports.conf and "" to + "" in sites-available/default. + + * For mod_disk_cache, caching is again disabled in disk_cache.conf by + default. It usually makes more sense to enable this on a per-virtual host + basis. + + -- Stefan Fritsch Mon, 30 Jun 2008 19:47:52 +0200 + +apache2 (2.2.8-5) unstable; urgency=low + + * The suexec helper program needed for mod_suexec is now shipped in a + separate package, apache2-suexec, which is not installed by default. + You need to install this package manually if you are using mod_suexec. + + There is now also the apache2-suexec-custom package, which contains a + customizable version of suexec which can be used with different document + roots than /var/www. + + -- Stefan Fritsch Sun, 04 May 2008 20:24:00 +0200 + +apache2 (2.2.8-1) unstable; urgency=low + + * The Apache User and Group and the PidFile path are now configured in + /etc/apache2/envvars, to make it easier to use them in scripts + (like the init and logrotate scripts, and apache2ctl). + If you have changed these settings from their default values, you need to + adjust /etc/apache2/envvars. + This also means that starting apache2 with "apache2 -k start" is no longer + possible, you have to use /etc/init.d/apache2 or apache2ctl. + + -- Stefan Fritsch Tue, 15 Jan 2008 21:41:23 +0100 + +apache2 (2.2.4-2) unstable; urgency=low + + * This version introduces some changes in the configuration layout and + defaults. You will probably have to adjust your configuration accordingly. + + - Module specific configuration has been moved from + /etc/apache2/apache2.conf to /etc/apache2/mods-available/*.conf for the + following modules: + actions alias autoindex + info mime negotiation + setenvif status + + - AddDefaultCharset is again disabled by default. See + /etc/apache2/conf.d/charset + + - "Listen 443" is automatically enabled in /etc/apache2/ports.conf if + mod_ssl is enabled. + + * The NO_START functionality from /etc/default/apache2 has been removed. If + you don't want to start apache2 on boot, rename the S*apache2 start + symlinks as usual. + + * To ensure that the disk cache does not grow indefinitely, htcacheclean is + now started when mod_disk_cache is enabled. The details can be configured + in /etc/default/apache2 . + + -- Stefan Fritsch Mon, 09 Jul 2007 21:50:58 +0200 --- apache2-2.2.16.orig/debian/apache2-prefork-dev.install +++ apache2-2.2.16/debian/apache2-prefork-dev.install @@ -0,0 +1 @@ +usr/share/man/man8/apxs2.8 --- apache2-2.2.16.orig/debian/clean +++ apache2-2.2.16/debian/clean @@ -0,0 +1,28 @@ +debian/apache2-mpm-worker.postinst +debian/apache2-mpm-worker.preinst +debian/apache2-mpm-worker.prerm +debian/apache2-mpm-worker.lintian-overrides +debian/apache2-mpm-worker.dirs +debian/apache2-mpm-worker.links +debian/apache2-mpm-event.postinst +debian/apache2-mpm-event.preinst +debian/apache2-mpm-event.prerm +debian/apache2-mpm-event.lintian-overrides +debian/apache2-mpm-event.dirs +debian/apache2-mpm-event.links +debian/apache2-mpm-prefork.postinst +debian/apache2-mpm-prefork.preinst +debian/apache2-mpm-prefork.prerm +debian/apache2-mpm-prefork.lintian-overrides +debian/apache2-mpm-prefork.dirs +debian/apache2-mpm-prefork.links +debian/apache2-mpm-itk.postinst +debian/apache2-mpm-itk.preinst +debian/apache2-mpm-itk.prerm +debian/apache2-mpm-itk.lintian-overrides +debian/apache2-mpm-itk.dirs +debian/apache2-mpm-itk.links +debian/apache2-prefork-dev.postinst +debian/apache2-threaded-dev.postinst +debian/tmp-worker +debian/tmp-prefork --- apache2-2.2.16.orig/debian/apache2.2-common.examples +++ apache2-2.2.16/debian/apache2.2-common.examples @@ -0,0 +1,3 @@ +debian/setup-instance +debian/secondary-init-script +debian/apache2.monit --- apache2-2.2.16.orig/debian/apache2-dbg.dirs +++ apache2-2.2.16/debian/apache2-dbg.dirs @@ -0,0 +1,5 @@ +usr/lib/debug/usr/sbin +usr/lib/debug/usr/lib/apache2/mpm-worker +usr/lib/debug/usr/lib/apache2/mpm-prefork +usr/lib/debug/usr/lib/apache2/mpm-event +usr/lib/debug/usr/lib/apache2/mpm-itk --- apache2-2.2.16.orig/debian/apache2.links +++ apache2-2.2.16/debian/apache2.links @@ -0,0 +1 @@ +usr/share/bug/apache2.2-common/script usr/share/bug/apache2/script --- apache2-2.2.16.orig/debian/patches/095_send_408_status.dpatch +++ apache2-2.2.16/debian/patches/095_send_408_status.dpatch @@ -0,0 +1,170 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: backport of upstream r1100200, debian bug #677086 +# +#commit 590aa99baedb5ae15305e593384f98998ca883fe +#Author: Eric Covener +#Date: Fri May 6 13:14:27 2011 +0000 +# +# Merge r820760, r919323, r937858, r938265 from trunk: +# +# Reviewed By: sf, trawick, covener +# +# core: Treat timeout reading request as 408 error, not 400. +# Log 408 errors in access log as was done in Apache 1.3.x. +# +# PR: 39785 +# Submitted by: Nobutaka Mantani, Stefan Fritsch +# Reviewed and added to by: Dan Poirier +# +# +# * Only log a 408 if it is no keepalive timeout. +# +# PR: 39785 +# Submitted by: Mark Montague , rpluem +# Reviewed by: rpluem +# +# +# PR49167, unexpected 413 and double-errordoc during a timeout reading a +# chunk-size. +# +# +# +# Use the more specific 408 (timed out) instead of a generic 400 during a timeout +# reading a chunk-length. +# +# +# +# +# git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1100200 13f79535-47bb-0310-9956-ffa450edef68 +# +#diff --git a/CHANGES b/CHANGES +#index 9cc3ee3..1fe363f 100644 +#--- a/CHANGES +#+++ b/CHANGES +#@@ -1,6 +1,19 @@ +# -*- coding: utf-8 -*- +# Changes with Apache 2.2.18 +# +#+ *) Log an error for failures to read a chunk-size, and return 408 instead +#+ 413 when this is due to a read timeout. This change also fixes some cases +#+ of two error documents being sent in the response for the same scenario. +#+ [Eric Covener] PR49167 +#+ +#+ *) core: Only log a 408 if it is no keepalive timeout. PR 39785 +#+ [Ruediger Pluem, Mark Montague ] +#+ +#+ *) core: Treat timeout reading request as 408 error, not 400. +#+ Log 408 errors in access log as was done in Apache 1.3.x. +#+ PR 39785 [Nobutaka Mantani , Stefan Fritsch, +#+ Dan Poirier] +#+ +# *) Core HTTP: disable keepalive when the Client has sent +# Expect: 100-continue +# but we respond directly with a non-100 response. Keepalive here led +diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c +index b429989..1aed70b 100644 +--- a/modules/http/http_filters.c ++++ b/modules/http/http_filters.c +@@ -384,8 +384,13 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, + + /* Detect chunksize error (such as overflow) */ + if (rv != APR_SUCCESS || ctx->remaining < 0) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, f->r, "Error reading first chunk %s ", ++ (ctx->remaining < 0) ? "(overflow)" : ""); + ctx->remaining = 0; /* Reset it in case we have to + * come back here later */ ++ if (APR_STATUS_IS_TIMEUP(rv)) { ++ http_error = HTTP_REQUEST_TIME_OUT; ++ } + return bail_out_on_error(ctx, f, http_error); + } + +@@ -485,10 +490,14 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, + + /* Detect chunksize error (such as overflow) */ + if (rv != APR_SUCCESS || ctx->remaining < 0) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, f->r, "Error reading chunk %s ", ++ (ctx->remaining < 0) ? "(overflow)" : ""); + ctx->remaining = 0; /* Reset it in case we have to + * come back here later */ +- bail_out_on_error(ctx, f, http_error); +- return rv; ++ if (APR_STATUS_IS_TIMEUP(rv)) { ++ http_error = HTTP_REQUEST_TIME_OUT; ++ } ++ return bail_out_on_error(ctx, f, http_error); + } + + if (!ctx->remaining) { +diff --git a/server/protocol.c b/server/protocol.c +index 9851360..62d8baf 100644 +--- a/server/protocol.c ++++ b/server/protocol.c +@@ -608,6 +608,9 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) + r->proto_num = HTTP_VERSION(1,0); + r->protocol = apr_pstrdup(r->pool, "HTTP/1.0"); + } ++ else if (rv == APR_TIMEUP) { ++ r->status = HTTP_REQUEST_TIME_OUT; ++ } + return 0; + } + } while ((len <= 0) && (++num_blank_lines < max_blank_lines)); +@@ -691,7 +694,12 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb + &len, r, 0, bb); + + if (rv != APR_SUCCESS) { +- r->status = HTTP_BAD_REQUEST; ++ if (rv == APR_TIMEUP) { ++ r->status = HTTP_REQUEST_TIME_OUT; ++ } ++ else { ++ r->status = HTTP_BAD_REQUEST; ++ } + + /* ap_rgetline returns APR_ENOSPC if it fills up the buffer before + * finding the end-of-line. This is only going to happen if it +@@ -877,7 +885,7 @@ request_rec *ap_read_request(conn_rec *conn) + r->read_length = 0; + r->read_body = REQUEST_NO_BODY; + +- r->status = HTTP_REQUEST_TIME_OUT; /* Until we get a request */ ++ r->status = HTTP_OK; /* Until further notice */ + r->the_request = NULL; + + /* Begin by presuming any module can make its own path_info assumptions, +@@ -898,6 +906,14 @@ request_rec *ap_read_request(conn_rec *conn) + apr_brigade_destroy(tmp_bb); + return r; + } ++ else if (r->status == HTTP_REQUEST_TIME_OUT) { ++ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); ++ if (!r->connection->keepalives) { ++ ap_run_log_transaction(r); ++ } ++ apr_brigade_destroy(tmp_bb); ++ return r; ++ } + + apr_brigade_destroy(tmp_bb); + return NULL; +@@ -916,7 +932,7 @@ request_rec *ap_read_request(conn_rec *conn) + + if (!r->assbackwards) { + ap_get_mime_headers_core(r, tmp_bb); +- if (r->status != HTTP_REQUEST_TIME_OUT) { ++ if (r->status != HTTP_OK) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "request failed: error reading the headers"); + ap_send_error_response(r, 0); +@@ -957,8 +973,6 @@ request_rec *ap_read_request(conn_rec *conn) + + apr_brigade_destroy(tmp_bb); + +- r->status = HTTP_OK; /* Until further notice. */ +- + /* update what we think the virtual host is based on the headers we've + * now read. may update status. + */ --- apache2-2.2.16.orig/debian/patches/096_mod_cache_partial_content-2.2.x.dpatch +++ apache2-2.2.16/debian/patches/096_mod_cache_partial_content-2.2.x.dpatch @@ -0,0 +1,74 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Add r1343951 from upstream branch 2.2.x +## DP: Debian bug #671204 + +*) mod_disk_cache, mod_mem_cache: Decline the opportunity to cache if the + response is a 206 Partial Content. This stops a reverse proxied partial + response from becoming cached, and then being served in subsequent + responses. [Graham Leggett] + + +Index: a/modules/cache/mod_cache.c +=================================================================== +--- a/modules/cache/mod_cache.c (revision 1176912) ++++ a/modules/cache/mod_cache.c (working copy) +@@ -473,7 +473,8 @@ + * We include 304 Not Modified here too as this is the origin server + * telling us to serve the cached copy. + */ +- if (exps != NULL || cc_out != NULL) { ++ if ((exps != NULL || cc_out != NULL) ++ && r->status != HTTP_PARTIAL_CONTENT) { + /* We are also allowed to cache any response given that it has a + * valid Expires or Cache Control header. If we find a either of + * those here, we pass request through the rest of the tests. From +@@ -486,6 +487,9 @@ + * include the following: an Expires header (section 14.21); a + * "max-age", "s-maxage", "must-revalidate", "proxy-revalidate", + * "public" or "private" cache-control directive (section 14.9). ++ * ++ * But do NOT store 206 responses in any case since we ++ * don't (yet) cache partial responses. + */ + } + else { +Index: modules/cache/mod_mem_cache.c +=================================================================== +--- a/modules/cache/mod_mem_cache.c (revision 1176912) ++++ a/modules/cache/mod_mem_cache.c (working copy) +@@ -313,6 +313,14 @@ + cache_object_t *obj, *tmp_obj; + mem_cache_object_t *mobj; + ++ /* we don't support caching of range requests (yet) */ ++ if (r->status == HTTP_PARTIAL_CONTENT) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, ++ "disk_cache: URL %s partial content response not cached", ++ key); ++ return DECLINED; ++ } ++ + if (len == -1) { + /* Caching a streaming response. Assume the response is + * less than or equal to max_streaming_buffer_size. We will +Index: modules/cache/mod_disk_cache.c +=================================================================== +--- a/modules/cache/mod_disk_cache.c (revision 1176912) ++++ a/modules/cache/mod_disk_cache.c (working copy) +@@ -330,6 +330,14 @@ + return DECLINED; + } + ++ /* we don't support caching of range requests (yet) */ ++ if (r->status == HTTP_PARTIAL_CONTENT) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, ++ "disk_cache: URL %s partial content response not cached", ++ key); ++ return DECLINED; ++ } ++ + /* Allocate and initialize cache_object_t and disk_cache_object_t */ + h->cache_obj = obj = apr_pcalloc(r->pool, sizeof(*obj)); + obj->vobj = dobj = apr_pcalloc(r->pool, sizeof(*dobj)); --- apache2-2.2.16.orig/debian/patches/009_apache2_has_dso +++ apache2-2.2.16/debian/patches/009_apache2_has_dso @@ -0,0 +1,41 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 009_apache2_has_dso by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Make apxs usable without having apache2 installed. + +@DPATCH@ +--- apache2/support/apxs.in 2003-04-05 11:07:55.000000000 +0200 ++++ apache2/support/apxs.in 2003-04-05 11:25:19.000000000 +0200 +@@ -237,18 +237,19 @@ + ($httpd = $0) =~ s:support/apxs$::; + } + +-unless (-x "$httpd") { +- error("$httpd not found or not executable"); +- exit 1; +-} +- +-unless (grep /mod_so/, `. $envvars && $httpd -l`) { +- error("Sorry, no shared object support for Apache"); +- error("available under your platform. Make sure"); +- error("the Apache module mod_so is compiled into"); +- error("your server binary `$httpd'."); +- exit 1; +-} ++#commented out for Debian GNU/Linux. We know that apache2 has dso support ++#unless (-x "$httpd") { ++# error("$httpd not found or not executable"); ++# exit 1; ++#} ++ ++#unless (grep /mod_so/, `. $envvars && $httpd -l`) { ++# error("Sorry, no shared object support for Apache"); ++# error("available under your platform. Make sure"); ++# error("the Apache module mod_so is compiled into"); ++# error("your server binary `$httpd'."); ++# exit 1; ++#} + + sub get_config_vars{ + my ($file, $rh_config) = @_; --- apache2-2.2.16.orig/debian/patches/010_fhs_compliance +++ apache2-2.2.16/debian/patches/010_fhs_compliance @@ -0,0 +1,77 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 010_more_fhs_compliance by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix up FHS file locations for apache2 droppings. + +@DPATCH@ +diff -urNad trunk~/config.layout trunk/config.layout +--- trunk~/config.layout 2010-02-07 01:01:14.000000000 +0100 ++++ trunk/config.layout 2010-02-07 01:01:42.858033215 +0100 +@@ -314,11 +314,11 @@ + manualdir: ${htdocsdir}/manual + cgidir: ${prefix}/usr/lib/cgi-bin + includedir: ${exec_prefix}/include/apache2 +- localstatedir: ${prefix}/var/run +- runtimedir: ${prefix}/var/run ++ localstatedir: ${prefix}/var/lock/apache2 ++ runtimedir: ${prefix}/var/run/apache2 + logfiledir: ${prefix}/var/log/apache2 + proxycachedir: ${prefix}/var/cache/apache2/proxy + infodir: ${exec_prefix}/share/info +- installbuilddir: ${prefix}/etc/apache2/build ++ installbuilddir: ${prefix}/usr/share/apache2/build + errordir: ${datadir}/error + +diff -urNad trunk~/configure trunk/configure +--- trunk~/configure 2010-02-07 01:01:14.000000000 +0100 ++++ trunk/configure 2010-02-07 01:01:55.166032804 +0100 +@@ -18881,17 +18881,17 @@ + + + cat >>confdefs.h <<_ACEOF +-#define HTTPD_ROOT "${ap_prefix}" ++#define HTTPD_ROOT "/etc/apache2" + _ACEOF + + + cat >>confdefs.h <<_ACEOF +-#define SERVER_CONFIG_FILE "${rel_sysconfdir}/${progname}.conf" ++#define SERVER_CONFIG_FILE "${progname}.conf" + _ACEOF + + + cat >>confdefs.h <<_ACEOF +-#define AP_TYPES_CONFIG_FILE "${rel_sysconfdir}/mime.types" ++#define AP_TYPES_CONFIG_FILE "mime.types" + _ACEOF + + +diff -urNad trunk~/configure.in trunk/configure.in +--- trunk~/configure.in 2010-02-07 01:01:14.000000000 +0100 ++++ trunk/configure.in 2010-02-07 01:01:42.866058396 +0100 +@@ -649,11 +649,11 @@ + echo $MODLIST | $AWK -f $srcdir/build/build-modules-c.awk > modules.c + + APR_EXPAND_VAR(ap_prefix, $prefix) +-AC_DEFINE_UNQUOTED(HTTPD_ROOT, "${ap_prefix}", ++AC_DEFINE_UNQUOTED(HTTPD_ROOT, "/etc/apache2", + [Root directory of the Apache install area]) +-AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf", ++AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${progname}.conf", + [Location of the config file, relative to the Apache root directory]) +-AC_DEFINE_UNQUOTED(AP_TYPES_CONFIG_FILE, "${rel_sysconfdir}/mime.types", ++AC_DEFINE_UNQUOTED(AP_TYPES_CONFIG_FILE, "mime.types", + [Location of the MIME types config file, relative to the Apache root directory]) + AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR", + [Location of the source for the current MPM]) +diff -urNad trunk~/include/ap_config_layout.h.in trunk/include/ap_config_layout.h.in +--- trunk~/include/ap_config_layout.h.in 2010-02-07 01:01:14.000000000 +0100 ++++ trunk/include/ap_config_layout.h.in 2010-02-07 01:01:42.866058396 +0100 +@@ -60,5 +60,6 @@ + #define DEFAULT_REL_LOGFILEDIR "@rel_logfiledir@" + #define DEFAULT_EXP_PROXYCACHEDIR "@exp_proxycachedir@" + #define DEFAULT_REL_PROXYCACHEDIR "@rel_proxycachedir@" ++#define DEFAULT_PIDLOG "/var/run/apache2.pid" + + #endif /* AP_CONFIG_LAYOUT_H */ --- apache2-2.2.16.orig/debian/patches/301_CVE-2012-4557_proxy_ajp.dpatch +++ apache2-2.2.16/debian/patches/301_CVE-2012-4557_proxy_ajp.dpatch @@ -0,0 +1,39 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## DP: Fix DoS in mod_proxy_ajp: +## DP: Try to prevent a single long request marking a worker in error +## DP: http://svn.apache.org/viewvc?view=revision&revision=1227298 + +@DPATCH@ +diff --git a/modules/proxy/ajp_link.c b/modules/proxy/ajp_link.c +index 04c8f09..2f2688d 100644 +--- a/modules/proxy/ajp_link.c ++++ b/modules/proxy/ajp_link.c +@@ -95,7 +95,7 @@ apr_status_t ajp_ilink_receive(apr_socket_t *sock, ajp_msg_t *msg) + if (status != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, status, NULL, + "ajp_ilink_receive() can't receive header"); +- return AJP_ENO_HEADER; ++ return (APR_STATUS_IS_TIMEUP(status) ? APR_TIMEUP : AJP_ENO_HEADER); + } + + status = ajp_msg_check_header(msg, &blen); +diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c +index 92084e3..06f0d8e 100644 +--- a/modules/proxy/mod_proxy_ajp.c ++++ b/modules/proxy/mod_proxy_ajp.c +@@ -337,6 +337,15 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, + "proxy: read response failed from %pI (%s)", + conn->worker->cp->addr, + conn->worker->hostname); ++ ++ /* If we had a successful cping/cpong and then a timeout ++ * we assume it is a request that cause a back-end timeout, ++ * but doesn't affect the whole worker. ++ */ ++ if (APR_STATUS_IS_TIMEUP(status) && conn->worker->ping_timeout_set) { ++ return HTTP_GATEWAY_TIME_OUT; ++ } ++ + /* + * This is only non fatal when we have not sent (parts) of a possible + * request body so far (we do not store it and thus cannot sent it --- apache2-2.2.16.orig/debian/patches/093_CVE-2012-0031.dpatch +++ apache2-2.2.16/debian/patches/093_CVE-2012-0031.dpatch @@ -0,0 +1,41 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## All lines beginning with `## DP:' are a description of the patch. +## DP: backport of upstream r1231058 + + Merge r1230069 from trunk: + Submitted by: jorton + Reviewed/backported by: jim + + SECURITY (CVE-2012-0031) patch + +diff --git a/server/scoreboard.c b/server/scoreboard.c +index 060de5c..1c60fdd 100644 +--- a/server/scoreboard.c ++++ b/server/scoreboard.c +@@ -42,6 +42,8 @@ AP_DECLARE_DATA const char *ap_scoreboard_fname = NULL; + AP_DECLARE_DATA int ap_extended_status = 0; + AP_DECLARE_DATA int ap_mod_status_reqtail = 0; + ++static ap_scoreboard_e scoreboard_type; ++ + #if APR_HAS_SHARED_MEMORY + + #include "apr_shm.h" +@@ -250,7 +252,7 @@ apr_status_t ap_cleanup_scoreboard(void *d) + if (ap_scoreboard_image == NULL) { + return APR_SUCCESS; + } +- if (ap_scoreboard_image->global->sb_type == SB_SHARED) { ++ if (scoreboard_type == SB_SHARED) { + ap_cleanup_shared_mem(NULL); + } + else { +@@ -314,7 +316,7 @@ int ap_create_scoreboard(apr_pool_t *p, ap_scoreboard_e sb_type) + ap_init_scoreboard(sb_mem); + } + +- ap_scoreboard_image->global->sb_type = sb_type; ++ ap_scoreboard_image->global->sb_type = scoreboard_type = sb_type; + ap_scoreboard_image->global->running_generation = running_gen; + ap_scoreboard_image->global->restart_time = apr_time_now(); + --- apache2-2.2.16.orig/debian/patches/073_mod_dav_trunk_fixes.dpatch +++ apache2-2.2.16/debian/patches/073_mod_dav_trunk_fixes.dpatch @@ -0,0 +1,520 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Various bug fixes for mod_dav/mod_dav_fs +## DP: upstream svn revs 834018:835092 and 928403 in modules/dav +## DP: +## DP: *) mod_dav: Include uri when logging a PUT error due to connection abort. +## DP: PR 38149. [Stefan Fritsch] +## DP: +## DP: *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent +## DP: resource does not exist or is not a collection. PR 43465. [Stefan Fritsch] +## DP: +## DP: *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll +## DP: (a COPY request where the parent of the destination resource does not +## DP: exist). PR 39299. [Stefan Fritsch] +## DP: +## DP: *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed. +## DP: PR 42896. [Stefan Fritsch] +## DP: +## DP: *) mod_dav_fs: Make PUT create files atomically and no longer destroy the +## DP: old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch] +## DP: +## DP: *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically +## DP: creating files. On systems with inode numbers, this is a format change of +## DP: the DavLockDB. The old DavLockDB must be deleted on upgrade. +## DP: [Stefan Fritsch] +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' trunk~/modules/dav/fs/lock.c trunk/modules/dav/fs/lock.c +--- trunk~/modules/dav/fs/lock.c 2010-03-29 21:46:51.000000000 +0200 ++++ trunk/modules/dav/fs/lock.c 2010-03-29 21:49:00.970983302 +0200 +@@ -48,9 +48,8 @@ + ** + ** KEY + ** +-** The database is keyed by a key_type unsigned char (DAV_TYPE_INODE or +-** DAV_TYPE_FNAME) followed by inode and device number if possible, +-** otherwise full path (in the case of Win32 or lock-null resources). ++** The database is keyed by a key_type unsigned char (DAV_TYPE_FNAME) ++** followed by the full path. The key_type DAV_TYPE_INODE is not used anymore. + ** + ** VALUE + ** +@@ -82,7 +81,10 @@ + #define DAV_LOCK_DIRECT 1 + #define DAV_LOCK_INDIRECT 2 + +-#define DAV_TYPE_INODE 10 ++/* ++ * not used anymore ++ * #define DAV_TYPE_INODE 10 ++ */ + #define DAV_TYPE_FNAME 11 + + +@@ -372,12 +374,13 @@ + } + + /* +-** dav_fs_build_fname_key +-** +-** Given a pathname, build a DAV_TYPE_FNAME lock database key. ++** dav_fs_build_key: Given a resource, return a apr_datum_t key ++** to look up lock information for this file. + */ +-static apr_datum_t dav_fs_build_fname_key(apr_pool_t *p, const char *pathname) ++static apr_datum_t dav_fs_build_key(apr_pool_t *p, ++ const dav_resource *resource) + { ++ const char *pathname = dav_fs_pathname(resource); + apr_datum_t key; + + /* ### does this allocation have a proper lifetime? need to check */ +@@ -394,46 +397,6 @@ + } + + /* +-** dav_fs_build_key: Given a resource, return a apr_datum_t key +-** to look up lock information for this file. +-** +-** (inode/dev not supported or file is lock-null): +-** apr_datum_t->dvalue = full path +-** +-** (inode/dev supported and file exists ): +-** apr_datum_t->dvalue = inode, dev +-*/ +-static apr_datum_t dav_fs_build_key(apr_pool_t *p, +- const dav_resource *resource) +-{ +- const char *file = dav_fs_pathname(resource); +- apr_datum_t key; +- apr_finfo_t finfo; +- apr_status_t rv; +- +- /* ### use lstat() ?? */ +- /* +- * XXX: What for platforms with no IDENT (dev/inode)? +- */ +- rv = apr_stat(&finfo, file, APR_FINFO_IDENT, p); +- if ((rv == APR_SUCCESS || rv == APR_INCOMPLETE) +- && ((finfo.valid & APR_FINFO_IDENT) == APR_FINFO_IDENT)) +- { +- /* ### can we use a buffer for this? */ +- key.dsize = 1 + sizeof(finfo.inode) + sizeof(finfo.device); +- key.dptr = apr_palloc(p, key.dsize); +- *key.dptr = DAV_TYPE_INODE; +- memcpy(key.dptr + 1, &finfo.inode, sizeof(finfo.inode)); +- memcpy(key.dptr + 1 + sizeof(finfo.inode), &finfo.device, +- sizeof(finfo.device)); +- +- return key; +- } +- +- return dav_fs_build_fname_key(p, file); +-} +- +-/* + ** dav_fs_lock_expired: return 1 (true) if the given timeout is in the past + ** or present (the lock has expired), or 0 (false) if in the future + ** (the lock has not yet expired). +@@ -989,13 +952,8 @@ + + /* + ** dav_fs_remove_locknull_state: Given a request, check to see if r->filename +-** is/was a lock-null resource. If so, return it to an existant state. +-** +-** ### this function is broken... it doesn't check! +-** +-** In this implementation, this involves two things: +-** (a) remove it from the list in the appropriate .DAV/locknull file +-** (b) on *nix, convert the key from a filename to an inode. ++** is/was a lock-null resource. If so, return it to an existant state, i.e. ++** remove it from the list in the appropriate .DAV/locknull file. + */ + static dav_error * dav_fs_remove_locknull_state( + dav_lockdb *lockdb, +@@ -1011,35 +969,6 @@ + return err; + } + +- { +- dav_lock_discovery *ld; +- dav_lock_indirect *id; +- apr_datum_t key; +- +- /* +- ** Fetch the lock(s) that made the resource lock-null. Remove +- ** them under the filename key. Obtain the new inode key, and +- ** save the same lock information under it. +- */ +- key = dav_fs_build_fname_key(p, pathname); +- if ((err = dav_fs_load_lock_record(lockdb, key, DAV_CREATE_LIST, +- &ld, &id)) != NULL) { +- /* ### insert a higher-level error description */ +- return err; +- } +- +- if ((err = dav_fs_save_lock_record(lockdb, key, NULL, NULL)) != NULL) { +- /* ### insert a higher-level error description */ +- return err; +- } +- +- key = dav_fs_build_key(p, resource); +- if ((err = dav_fs_save_lock_record(lockdb, key, ld, id)) != NULL) { +- /* ### insert a higher-level error description */ +- return err; +- } +- } +- + return NULL; + } + +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' trunk~/modules/dav/fs/repos.c trunk/modules/dav/fs/repos.c +--- trunk~/modules/dav/fs/repos.c 2010-03-29 21:46:51.000000000 +0200 ++++ trunk/modules/dav/fs/repos.c 2010-03-29 21:49:08.031078314 +0200 +@@ -27,6 +27,10 @@ + #include /* for sprintf() */ + #endif + ++#if APR_HAVE_UNISTD_H ++#include /* for getpid() */ ++#endif ++ + #include "httpd.h" + #include "http_log.h" + #include "http_protocol.h" /* for ap_set_* (in dav_fs_set_headers) */ +@@ -139,6 +143,11 @@ + */ + #define DAV_PROPID_FS_executable 1 + ++/* ++ * prefix for temporary files ++ */ ++#define DAV_FS_TMP_PREFIX ".davfs.tmp" ++ + static const dav_liveprop_spec dav_fs_props[] = + { + /* standard DAV properties */ +@@ -191,11 +200,14 @@ + apr_pool_t *p; + apr_file_t *f; + const char *pathname; /* we may need to remove it at close time */ ++ char *temppath; ++ int unlink_on_error; + }; + + /* returns an appropriate HTTP status code given an APR status code for a + * failed I/O operation. ### use something besides 500? */ + #define MAP_IO2HTTP(e) (APR_STATUS_IS_ENOSPC(e) ? HTTP_INSUFFICIENT_STORAGE : \ ++ APR_STATUS_IS_ENOENT(e) ? HTTP_CONFLICT : \ + HTTP_INTERNAL_SERVER_ERROR) + + /* forward declaration for internal treewalkers */ +@@ -414,11 +426,24 @@ + apr_file_close(inf); + apr_file_close(outf); + +- if (is_move && apr_file_remove(src, p) != APR_SUCCESS) { ++ if (is_move && (status = apr_file_remove(src, p)) != APR_SUCCESS) { + dav_error *err; + int save_errno = errno; /* save the errno that got us here */ + +- if (apr_file_remove(dst, p) != APR_SUCCESS) { ++ if (APR_STATUS_IS_ENOENT(status)) { ++ /* ++ * Something is wrong here but the result is what we wanted. ++ * We definitely should not remove the destination file. ++ */ ++ err = dav_new_error(p, HTTP_INTERNAL_SERVER_ERROR, 0, ++ apr_psprintf(p, "Could not remove source " ++ "file %s after move to %s. The " ++ "server may be in an " ++ "inconsistent state.", src, dst)); ++ err->save_errno = save_errno; ++ return err; ++ } ++ else if (apr_file_remove(dst, p) != APR_SUCCESS) { + /* ### ACK. this creates an inconsistency. do more!? */ + + /* ### use something besides 500? */ +@@ -500,9 +525,13 @@ + dst = apr_pstrcat(p, dst, "/", dst_file, NULL); + + /* copy/move the file now */ +- if (is_move && src_finfo.device == dst_state_finfo.device) { +- /* simple rename is possible since it is on the same device */ +- if (apr_file_rename(src, dst, p) != APR_SUCCESS) { ++ if (is_move) { ++ /* try simple rename first */ ++ rv = apr_file_rename(src, dst, p); ++ if (APR_STATUS_IS_EXDEV(rv)) { ++ return dav_fs_copymove_file(is_move, p, src, dst, NULL, NULL, pbuf); ++ } ++ if (rv != APR_SUCCESS) { + /* ### use something besides 500? */ + return dav_new_error(p, HTTP_INTERNAL_SERVER_ERROR, 0, + "Could not move state file."); +@@ -841,6 +870,34 @@ + && ctx2->pathname[len1] == '/'); + } + ++static apr_status_t tmpfile_cleanup(void *data) { ++ dav_stream *ds = data; ++ if (ds->temppath) { ++ apr_file_remove(ds->temppath, ds->p); ++ } ++ return APR_SUCCESS; ++} ++ ++/* custom mktemp that creates the file with APR_OS_DEFAULT permissions */ ++static apr_status_t dav_fs_mktemp(apr_file_t **fp, char *templ, apr_pool_t *p) ++{ ++ apr_status_t rv; ++ int num = ((getpid() << 7) + (int)templ % (1 << 16) ) % ( 1 << 23 ) ; ++ char *numstr = templ + strlen(templ) - 6; ++ ++ ap_assert(numstr >= templ); ++ ++ do { ++ num = (num + 1) % ( 1 << 23 ); ++ snprintf(numstr, 7, "%06x", num); ++ rv = apr_file_open(fp, templ, ++ APR_WRITE | APR_CREATE | APR_BINARY | APR_EXCL, ++ APR_OS_DEFAULT, p); ++ } while (APR_STATUS_IS_EEXIST(rv)); ++ ++ return rv; ++} ++ + static dav_error * dav_fs_open_stream(const dav_resource *resource, + dav_stream_mode mode, + dav_stream **stream) +@@ -865,7 +922,32 @@ + + ds->p = p; + ds->pathname = resource->info->pathname; +- rv = apr_file_open(&ds->f, ds->pathname, flags, APR_OS_DEFAULT, ds->p); ++ ds->temppath = NULL; ++ ds->unlink_on_error = 0; ++ ++ if (mode == DAV_MODE_WRITE_TRUNC) { ++ ds->temppath = apr_pstrcat(p, ap_make_dirstr_parent(p, ds->pathname), ++ DAV_FS_TMP_PREFIX "XXXXXX", NULL); ++ rv = dav_fs_mktemp(&ds->f, ds->temppath, ds->p); ++ apr_pool_cleanup_register(p, ds, tmpfile_cleanup, ++ apr_pool_cleanup_null); ++ } ++ else if (mode == DAV_MODE_WRITE_SEEKABLE) { ++ rv = apr_file_open(&ds->f, ds->pathname, flags | APR_FOPEN_EXCL, ++ APR_OS_DEFAULT, ds->p); ++ if (rv == APR_SUCCESS) { ++ /* we have created a new file */ ++ ds->unlink_on_error = 1; ++ } ++ else if (APR_STATUS_IS_EEXIST(rv)) { ++ rv = apr_file_open(&ds->f, ds->pathname, flags, APR_OS_DEFAULT, ++ ds->p); ++ } ++ } ++ else { ++ rv = apr_file_open(&ds->f, ds->pathname, flags, APR_OS_DEFAULT, ds->p); ++ } ++ + if (rv != APR_SUCCESS) { + return dav_new_error(p, MAP_IO2HTTP(rv), 0, + "An error occurred while opening a resource."); +@@ -879,17 +961,33 @@ + + static dav_error * dav_fs_close_stream(dav_stream *stream, int commit) + { ++ apr_status_t rv; ++ + apr_file_close(stream->f); + + if (!commit) { +- if (apr_file_remove(stream->pathname, stream->p) != APR_SUCCESS) { +- /* ### use a better description? */ +- return dav_new_error(stream->p, HTTP_INTERNAL_SERVER_ERROR, 0, +- "There was a problem removing (rolling " +- "back) the resource " +- "when it was being closed."); ++ if (stream->temppath) { ++ apr_pool_cleanup_run(stream->p, stream, tmpfile_cleanup); ++ } ++ else if (stream->unlink_on_error) { ++ if (apr_file_remove(stream->pathname, stream->p) != APR_SUCCESS) { ++ /* ### use a better description? */ ++ return dav_new_error(stream->p, HTTP_INTERNAL_SERVER_ERROR, 0, ++ "There was a problem removing (rolling " ++ "back) the resource " ++ "when it was being closed."); ++ } + } + } ++ else if (stream->temppath) { ++ rv = apr_file_rename(stream->temppath, stream->pathname, stream->p); ++ if (rv) { ++ return dav_new_error(stream->p, HTTP_INTERNAL_SERVER_ERROR, rv, ++ "There was a problem writing the file " ++ "atomically after writes."); ++ } ++ apr_pool_cleanup_kill(stream->p, stream, tmpfile_cleanup); ++ } + + return NULL; + } +@@ -1201,7 +1299,7 @@ + dav_resource_private *srcinfo = src->info; + dav_resource_private *dstinfo = dst->info; + dav_error *err; +- int can_rename = 0; ++ apr_status_t rv; + + #if DAV_DEBUG + if (src->hooks != dst->hooks) { +@@ -1215,39 +1313,12 @@ + } + #endif + +- /* determine whether a simple rename will work. +- * Assume source exists, else we wouldn't get called. +- */ +- if (dstinfo->finfo.filetype != 0) { +- if (dstinfo->finfo.device == srcinfo->finfo.device) { +- /* target exists and is on the same device. */ +- can_rename = 1; +- } +- } +- else { +- const char *dirpath; +- apr_finfo_t finfo; +- apr_status_t rv; + +- /* destination does not exist, but the parent directory should, +- * so try it +- */ +- dirpath = ap_make_dirstr_parent(dstinfo->pool, dstinfo->pathname); +- /* +- * XXX: If missing dev ... then what test? +- * Really need a try and failover for those platforms. +- * +- */ +- rv = apr_stat(&finfo, dirpath, APR_FINFO_DEV, dstinfo->pool); +- if ((rv == APR_SUCCESS || rv == APR_INCOMPLETE) +- && (finfo.valid & srcinfo->finfo.valid & APR_FINFO_DEV) +- && (finfo.device == srcinfo->finfo.device)) { +- can_rename = 1; +- } +- } ++ /* try rename first */ ++ rv = apr_file_rename(srcinfo->pathname, dstinfo->pathname, srcinfo->pool); + + /* if we can't simply rename, then do it the hard way... */ +- if (!can_rename) { ++ if (APR_STATUS_IS_EXDEV(rv)) { + if ((err = dav_fs_copymove_resource(1, src, dst, DAV_INFINITY, + response)) == NULL) { + /* update resource states */ +@@ -1260,20 +1331,16 @@ + return err; + } + +- /* a rename should work. do it, and move properties as well */ +- + /* no multistatus response */ + *response = NULL; + +- /* ### APR has no rename? */ +- if (apr_file_rename(srcinfo->pathname, dstinfo->pathname, +- srcinfo->pool) != APR_SUCCESS) { ++ if (rv != APR_SUCCESS) { + /* ### should have a better error than this. */ + return dav_new_error(srcinfo->pool, HTTP_INTERNAL_SERVER_ERROR, 0, + "Could not rename resource."); + } + +- /* update resource states */ ++ /* Rename did work. Update resource states and move properties as well */ + dst->exists = 1; + dst->collection = src->collection; + src->exists = 0; +@@ -1475,14 +1542,18 @@ + /* ### need to authorize each file */ + /* ### example: .htaccess is normally configured to fail auth */ + +- /* stuff in the state directory is never authorized! */ +- if (!strcmp(dirent.name, DAV_FS_STATE_DIR)) { ++ /* stuff in the state directory and temp files are never authorized! */ ++ if (!strcmp(dirent.name, DAV_FS_STATE_DIR) || ++ !strncmp(dirent.name, DAV_FS_TMP_PREFIX, ++ strlen(DAV_FS_TMP_PREFIX))) { + continue; + } + } +- /* skip the state dir unless a HIDDEN is performed */ ++ /* skip the state dir and temp files unless a HIDDEN is performed */ + if (!(params->walk_type & DAV_WALKTYPE_HIDDEN) +- && !strcmp(dirent.name, DAV_FS_STATE_DIR)) { ++ && (!strcmp(dirent.name, DAV_FS_STATE_DIR) || ++ !strncmp(dirent.name, DAV_FS_TMP_PREFIX, ++ strlen(DAV_FS_TMP_PREFIX)))) { + continue; + } + +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' trunk~/modules/dav/main/mod_dav.c trunk/modules/dav/main/mod_dav.c +--- trunk~/modules/dav/main/mod_dav.c 2010-03-29 21:46:51.000000000 +0200 ++++ trunk/modules/dav/main/mod_dav.c 2010-03-29 21:49:00.966964568 +0200 +@@ -986,7 +986,10 @@ + + if (rc != APR_SUCCESS) { + err = dav_new_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0, +- "Could not get next bucket brigade"); ++ apr_psprintf(r->pool, ++ "Could not get next bucket " ++ "brigade (URI: %s)", ++ ap_escape_html(r->pool, r->uri))); + break; + } + +@@ -1009,8 +1012,10 @@ + rc = apr_bucket_read(b, &data, &len, APR_BLOCK_READ); + if (rc != APR_SUCCESS) { + err = dav_new_error(r->pool, HTTP_BAD_REQUEST, 0, +- "An error occurred while reading " +- "the request body."); ++ apr_psprintf(r->pool, ++ "An error occurred while reading" ++ " the request body (URI: %s)", ++ ap_escape_html(r->pool, r->uri))); + break; + } + +@@ -2966,6 +2971,7 @@ + { + dav_error *err; + dav_resource *resource; ++ dav_resource *parent; + const dav_hooks_locks *locks_hooks; + int result; + int depth; +@@ -2997,6 +3003,20 @@ + if (err != NULL) + return dav_handle_err(r, err, NULL); + ++ /* Check if parent collection exists */ ++ if ((err = resource->hooks->get_parent_resource(resource, &parent)) != NULL) { ++ /* ### add a higher-level description? */ ++ return dav_handle_err(r, err, NULL); ++ } ++ if (parent && (!parent->exists || parent->collection != 1)) { ++ err = dav_new_error(r->pool, HTTP_CONFLICT, 0, ++ apr_psprintf(r->pool, ++ "The parent resource of %s does not " ++ "exist or is not a collection.", ++ ap_escape_html(r->pool, r->uri))); ++ return dav_handle_err(r, err, NULL); ++ } ++ + /* + * Open writable. Unless an error occurs, we'll be + * writing into the database. --- apache2-2.2.16.orig/debian/patches/090_CVE-2011-4317.dpatch +++ apache2-2.2.16/debian/patches/090_CVE-2011-4317.dpatch @@ -0,0 +1,85 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Upstream r1235443 + +@DPATCH@ +commit 99f9da5c79bc0de71f0982ac1c47a615d86b8b62 +Author: Jeff Trawick +Date: Tue Jan 24 19:39:31 2012 +0000 + + Backport trunk revisions 1209432 and 1233604: + + SECURITY: CVE-2011-4317 (cve.mitre.org) + Resolve additional cases of URL rewriting with ProxyPassMatch or + RewriteRule, where particular request-URIs could result in undesired + backend network exposure in some configurations. + + Submitted by: jorton + Reviewed by: trawick, covener, gregames + + + git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1235443 13f79535-47bb-0310-9956-ffa450edef68 + +diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c +index 8887bea..89b5af5 100644 +--- a/modules/mappers/mod_rewrite.c ++++ b/modules/mappers/mod_rewrite.c +@@ -4266,6 +4266,11 @@ static int hook_uri2file(request_rec *r) + return DECLINED; + } + ++ if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0') ++ || !r->uri || r->uri[0] != '/') { ++ return DECLINED; ++ } ++ + /* + * add the SCRIPT_URL variable to the env. this is a bit complicated + * due to the fact that apache uses subrequests and internal redirects +diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c +index 1efe95c..fb9ff39 100644 +--- a/modules/proxy/mod_proxy.c ++++ b/modules/proxy/mod_proxy.c +@@ -566,6 +566,11 @@ static int proxy_trans(request_rec *r) + return OK; + } + ++ if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0') ++ || !r->uri || r->uri[0] != '/') { ++ return DECLINED; ++ } ++ + /* XXX: since r->uri has been manipulated already we're not really + * compliant with RFC1945 at this point. But this probably isn't + * an issue because this is a hybrid proxy/origin server. +diff --git a/server/protocol.c b/server/protocol.c +index d018096..2e3ce93 100644 +--- a/server/protocol.c ++++ b/server/protocol.c +@@ -640,25 +640,6 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) + + ap_parse_uri(r, uri); + +- /* RFC 2616: +- * Request-URI = "*" | absoluteURI | abs_path | authority +- * +- * authority is a special case for CONNECT. If the request is not +- * using CONNECT, and the parsed URI does not have scheme, and +- * it does not begin with '/', and it is not '*', then, fail +- * and give a 400 response. */ +- if (r->method_number != M_CONNECT +- && !r->parsed_uri.scheme +- && uri[0] != '/' +- && !(uri[0] == '*' && uri[1] == '\0')) { +- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, +- "invalid request-URI %s", uri); +- r->args = NULL; +- r->hostname = NULL; +- r->status = HTTP_BAD_REQUEST; +- r->uri = apr_pstrdup(r->pool, uri); +- } +- + if (ll[0]) { + r->assbackwards = 0; + pro = ll; --- apache2-2.2.16.orig/debian/patches/087_mod_proxy_ajp_CVE-2011-3348.dpatch +++ apache2-2.2.16/debian/patches/087_mod_proxy_ajp_CVE-2011-3348.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: http://svn.apache.org/viewvc?view=revision&revision=1167158 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' squeeze-apache2~/modules/proxy/mod_proxy_ajp.c squeeze-apache2/modules/proxy/mod_proxy_ajp.c +--- squeeze-apache2~/modules/proxy/mod_proxy_ajp.c 2010-07-12 08:57:41.000000000 +0200 ++++ squeeze-apache2/modules/proxy/mod_proxy_ajp.c 2011-09-25 23:57:45.734225690 +0200 +@@ -213,7 +213,9 @@ + conn->worker->hostname); + if (status == AJP_EOVERFLOW) + return HTTP_BAD_REQUEST; +- else { ++ else if (status == AJP_EBAD_METHOD) { ++ return HTTP_NOT_IMPLEMENTED; ++ } else { + /* + * This is only non fatal when the method is idempotent. In this + * case we can dare to retry it with a different worker if we are --- apache2-2.2.16.orig/debian/patches/076_apxs2_a2enmod.dpatch +++ apache2-2.2.16/debian/patches/076_apxs2_a2enmod.dpatch @@ -0,0 +1,151 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 076_apxs2_a2enmo.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Make apxs2 use a2enmod and /etc/apache2/mods-available + +@DPATCH@ +diff -urNad trunk~/support/apxs.in trunk/support/apxs.in +--- trunk~/support/apxs.in 2010-01-02 21:52:57.828866228 +0100 ++++ trunk/support/apxs.in 2010-01-02 21:55:48.375597120 +0100 +@@ -521,7 +521,7 @@ + # $dir =~ s|^$CFG_PREFIX/?||; + $dir =~ s|(.)$|$1/|; + $t =~ s|\.la$|.so|; +- push(@lmd, sprintf("LoadModule %-18s %s", "${name}_module", "$dir$t")); ++ push(@lmd, [ $name, sprintf("LoadModule %-18s %s", "${name}_module", "$dir$t") ] ); + } + + # execute the commands +@@ -529,108 +529,35 @@ + + # activate module via LoadModule/AddModule directive + if ($opt_a or $opt_A) { +- if (not -f "$CFG_SYSCONFDIR/httpd.conf") { +- error("Config file $CFG_SYSCONFDIR/httpd.conf not found"); ++ if (not -d "$CFG_SYSCONFDIR/mods-available") { ++ error("Config file $CFG_SYSCONFDIR/mods-available not found"); + exit(1); + } + +- open(FP, "<$CFG_SYSCONFDIR/httpd.conf") || die; +- my $content = join('', ); +- close(FP); +- +- if ($content !~ m|\n#?\s*LoadModule\s+|) { +- error("Activation failed for custom $CFG_SYSCONFDIR/httpd.conf file."); +- error("At least one `LoadModule' directive already has to exist."); +- exit(1); +- } +- +- my $lmd; +- my $c = ''; +- $c = '#' if ($opt_A); +- foreach $lmd (@lmd) { +- my $what = $opt_A ? "preparing" : "activating"; +- my $lmd_re = $lmd; +- $lmd_re =~ s/\s+/\\s+/g; +- +- if ($content !~ m|\n#?\s*$lmd_re|) { +- # check for open , so that the new LoadModule +- # directive always appears *outside* of an . +- +- my $before = ($content =~ m|^(.*\n)#?\s*LoadModule\s+[^\n]+\n|s)[0]; +- +- # the '()=' trick forces list context and the scalar +- # assignment counts the number of list members (aka number +- # of matches) then +- my $cntopen = () = ($before =~ m|^\s*<[^/].*$|mg); +- my $cntclose = () = ($before =~ m|^\s*$filename") || die; ++ print FP "$lmd\n"; ++ close(FP); ++ ++ if ($opt_a) { ++ my $cmd = "a2enmod $name"; ++ if (system($cmd) != 0) { ++ die "'$cmd' failed\n"; ++ } ++ } ++ + } +- if (@lmd) { +- if (open(FP, ">$CFG_SYSCONFDIR/httpd.conf.new")) { +- print FP $content; +- close(FP); +- system("cp $CFG_SYSCONFDIR/httpd.conf $CFG_SYSCONFDIR/httpd.conf.bak && " . +- "cp $CFG_SYSCONFDIR/httpd.conf.new $CFG_SYSCONFDIR/httpd.conf && " . +- "rm $CFG_SYSCONFDIR/httpd.conf.new"); +- } else { +- notice("unable to open configuration file"); +- } +- } + } + } + --- apache2-2.2.16.orig/debian/patches/305_mod_dav_crash_PR_52559.dpatch +++ apache2-2.2.16/debian/patches/305_mod_dav_crash_PR_52559.dpatch @@ -0,0 +1,84 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## DP: http://svn.apache.org/r1497455 +## DP: mod_dav: When a PROPPATCH attempts to remove a non-existent dead +## DP: property on a resource for which there is no dead property in the same +## DP: namespace httpd segfaults. +## DP: +## DP: http://svn.apache.org/r1497457 +## DP: mod_dav: Do not fail PROPPATCH when prop namespace is not known. +## DP: +## DP: http://svn.apache.org/r1497463 +## DP: mod_dav: Do not segfault on PROPFIND with a zero length DBM. +# +@DPATCH@ +diff --git a/modules/dav/fs/dbm.c b/modules/dav/fs/dbm.c +index 751a82b..ec42105 100644 +--- a/modules/dav/fs/dbm.c ++++ b/modules/dav/fs/dbm.c +@@ -191,7 +191,15 @@ void dav_dbm_close(dav_db *db) + + dav_error * dav_dbm_fetch(dav_db *db, apr_datum_t key, apr_datum_t *pvalue) + { +- apr_status_t status = apr_dbm_fetch(db->file, key, pvalue); ++ apr_status_t status; ++ ++ if (!key.dptr) { ++ /* no key could be created (namespace not known) => no value */ ++ memset(pvalue, 0, sizeof(*pvalue)); ++ status = APR_SUCCESS; ++ } else { ++ status = apr_dbm_fetch(db->file, key, pvalue); ++ } + + return dav_fs_dbm_error(db, NULL, status); + } +@@ -729,6 +737,10 @@ static dav_error * dav_propdb_get_rollback(dav_db *db, + static dav_error * dav_propdb_apply_rollback(dav_db *db, + dav_deadprop_rollback *rollback) + { ++ if (!rollback) { ++ return NULL; /* no rollback, nothing to do */ ++ } ++ + if (rollback->value.dptr == NULL) { + /* don't fail if the thing isn't really there. */ + (void) dav_dbm_delete(db, rollback->key); +diff --git a/modules/dav/main/props.c b/modules/dav/main/props.c +index b9601d7..2796737 100644 +--- a/modules/dav/main/props.c ++++ b/modules/dav/main/props.c +@@ -594,13 +594,14 @@ DAV_DECLARE(dav_get_props_result) dav_get_allprops(dav_propdb *propdb, + if (propdb->db != NULL) { + dav_xmlns_info *xi = dav_xmlns_create(propdb->p); + dav_prop_name name; ++ dav_error *err; + + /* define (up front) any namespaces the db might need */ + (void) (*db_hooks->define_namespaces)(propdb->db, xi); + + /* get the first property name, beginning the scan */ +- (void) (*db_hooks->first_name)(propdb->db, &name); +- while (name.ns != NULL) { ++ err = (*db_hooks->first_name)(propdb->db, &name); ++ while (!err && name.ns) { + + /* + ** We also look for and +@@ -619,7 +620,6 @@ DAV_DECLARE(dav_get_props_result) dav_get_allprops(dav_propdb *propdb, + } + + if (what == DAV_PROP_INSERT_VALUE) { +- dav_error *err; + int found; + + if ((err = (*db_hooks->output_value)(propdb->db, &name, +@@ -638,7 +638,7 @@ DAV_DECLARE(dav_get_props_result) dav_get_allprops(dav_propdb *propdb, + } + + next_key: +- (void) (*db_hooks->next_name)(propdb->db, &name); ++ err = (*db_hooks->next_name)(propdb->db, &name); + } + + /* all namespaces have been entered into xi. generate them into --- apache2-2.2.16.orig/debian/patches/092_CVE-2011-3607.dpatch +++ apache2-2.2.16/debian/patches/092_CVE-2011-3607.dpatch @@ -0,0 +1,52 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## All lines beginning with `## DP:' are a description of the patch. +## DP: backport of upstream r1227280 +commit ffcd2b1a24a1eeb94cb460e41875c442738ece54 +Author: Stefan Fritsch +Date: Wed Jan 4 19:45:22 2012 +0000 + + Merge fix for CVE-2011-3607: + + Fix integer overflow in ap_pregsub() + + Trunk fix: r1198940 + Submitted by: Stefan Fritsch, Greg Ames + Reviewed by: Stefan Fritsch, Greg Ames, Eric Covener + + + git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1227280 13f79535-47bb-0310-9956-ffa450edef68 + +diff --git a/server/util.c b/server/util.c +index d0b90c6..a50d034 100644 +--- a/server/util.c ++++ b/server/util.c +@@ -82,6 +82,8 @@ + #define IS_SLASH(s) (s == '/') + #endif + ++/* same as APR_SIZE_MAX which doesn't appear until APR 1.3 */ ++#define UTIL_SIZE_MAX (~((apr_size_t)0)) + + /* + * Examine a field value (such as a media-/content-type) string and return +@@ -366,7 +368,7 @@ AP_DECLARE(char *) ap_pregsub(apr_pool_t *p, const char *input, + char *dest, *dst; + char c; + size_t no; +- int len; ++ apr_size_t len; + + if (!source) + return NULL; +@@ -391,6 +393,11 @@ AP_DECLARE(char *) ap_pregsub(apr_pool_t *p, const char *input, + len++; + } + else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) { ++ if (UTIL_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, ++ "integer overflow or out of memory condition." ); ++ return NULL; ++ } + len += pmatch[no].rm_eo - pmatch[no].rm_so; + } + --- apache2-2.2.16.orig/debian/patches/071_fix_cacheenable.dpatch +++ apache2-2.2.16/debian/patches/071_fix_cacheenable.dpatch @@ -0,0 +1,118 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Bug #442266 +## DP: r821333,r821538,r821539 from upstream svn + +@DPATCH@ +diff --git a/modules/cache/cache_util.c b/modules/cache/cache_util.c +index ec2d749..aec7b09 100644 +--- a/modules/cache/cache_util.c ++++ b/modules/cache/cache_util.c +@@ -27,41 +27,78 @@ extern module AP_MODULE_DECLARE_DATA cache_module; + /* Determine if "url" matches the hostname, scheme and port and path + * in "filter". All but the path comparisons are case-insensitive. + */ +-static int uri_meets_conditions(apr_uri_t filter, int pathlen, apr_uri_t url) +-{ +- /* Compare the hostnames */ +- if(filter.hostname) { +- if (!url.hostname) { +- return 0; +- } +- else if (strcasecmp(filter.hostname, url.hostname)) { +- return 0; +- } +- } ++static int uri_meets_conditions(const apr_uri_t filter, const int pathlen, ++ const apr_uri_t url) { ++ ++ /* Scheme, hostname port and local part. The filter URI and the ++ * URI we test may have the following shapes: ++ * / ++ * [:://[:][/]] ++ * That is, if there is no scheme then there must be only the path, ++ * and we check only the path; if there is a scheme, we check the ++ * scheme for equality, and then if present we match the hostname, ++ * and then if present match the port, and finally the path if any. ++ * ++ * Note that this means that "/" only matches local paths, ++ * and to match proxied paths one *must* specify the scheme. ++ */ + +- /* Compare the schemes */ +- if(filter.scheme) { +- if (!url.scheme) { +- return 0; +- } +- else if (strcasecmp(filter.scheme, url.scheme)) { ++ /* Is the filter is just for a local path or a proxy URI? */ ++ if (!filter.scheme) { ++ if (url.scheme || url.hostname) { + return 0; + } + } +- +- /* Compare the ports */ +- if(filter.port_str) { +- if (url.port_str && filter.port != url.port) { ++ else { ++ /* The URI scheme must be present and identical except for case. */ ++ if (!url.scheme || strcasecmp(filter.scheme, url.scheme)) { + return 0; + } +- /* NOTE: ap_port_of_scheme will return 0 if given NULL input */ +- else if (filter.port != apr_uri_port_of_scheme(url.scheme)) { +- return 0; ++ ++ /* If the filter hostname is null or empty it matches any hostname, ++ * if it begins with a "*" it matches the _end_ of the URI hostname ++ * excluding the "*", if it begins with a "." it matches the _end_ ++ * of the URI * hostname including the ".", otherwise it must match ++ * the URI hostname exactly. */ ++ ++ if (filter.hostname && filter.hostname[0]) { ++ if (filter.hostname[0] == '.') { ++ const size_t fhostlen = strlen(filter.hostname); ++ const size_t uhostlen = url.hostname ? strlen(url.hostname) : 0; ++ ++ if (fhostlen > uhostlen || strcasecmp(filter.hostname, ++ url.hostname + uhostlen - fhostlen)) { ++ return 0; ++ } ++ } ++ else if (filter.hostname[0] == '*') { ++ const size_t fhostlen = strlen(filter.hostname + 1); ++ const size_t uhostlen = url.hostname ? strlen(url.hostname) : 0; ++ ++ if (fhostlen > uhostlen || strcasecmp(filter.hostname + 1, ++ url.hostname + uhostlen - fhostlen)) { ++ return 0; ++ } ++ } ++ else if (!url.hostname || strcasecmp(filter.hostname, url.hostname)) { ++ return 0; ++ } + } +- } +- else if(url.port_str && filter.scheme) { +- if (apr_uri_port_of_scheme(filter.scheme) == url.port) { +- return 0; ++ ++ /* If the filter port is empty it matches any URL port. ++ * If the filter or URL port are missing, or the URL port is ++ * empty, they default to the port for their scheme. */ ++ ++ if (!(filter.port_str && !filter.port_str[0])) { ++ /* NOTE: ap_port_of_scheme will return 0 if given NULL input */ ++ const unsigned fport = filter.port_str ? filter.port ++ : apr_uri_port_of_scheme(filter.scheme); ++ const unsigned uport = (url.port_str && url.port_str[0]) ++ ? url.port : apr_uri_port_of_scheme(url.scheme); ++ ++ if (fport != uport) { ++ return 0; ++ } + } + } + --- apache2-2.2.16.orig/debian/patches/034_apxs2_libtool_fixtastic +++ apache2-2.2.16/debian/patches/034_apxs2_libtool_fixtastic @@ -0,0 +1,26 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 034_apxs2_libtool_fixtastic by Peter Samuelson +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Make libtool happier + +--- apache2/support/apxs.in ++++ apache2/support/apxs.in +@@ -409,7 +409,7 @@ + $la =~ s|\.c$|.la|; + my $o = $s; + $o =~ s|\.c$|.o|; +- push(@cmds, "$libtool $ltflags --mode=compile $CFG_CC $cflags -I$CFG_INCLUDEDIR $apr_includedir $apu_includedir $opt -c -o $lo $s && touch $slo"); ++ push(@cmds, "$libtool $ltflags --mode=compile --tag=disable-static $CFG_CC $cflags -I$CFG_INCLUDEDIR $apr_includedir $apu_includedir $opt -c -o $lo $s && touch $slo"); + unshift(@objs, $lo); + } + +@@ -446,7 +446,7 @@ + $opt .= " -rpath $CFG_LIBEXECDIR -module -avoid-version $apr_ldflags"; + } + +- push(@cmds, "$libtool $ltflags --mode=link $CFG_CC -o $dso_file $opt $lo"); ++ push(@cmds, "$libtool $ltflags --mode=link --tag=disable-static $CFG_CC -o $dso_file $opt $lo"); + + # execute the commands + &execute_cmds(@cmds); --- apache2-2.2.16.orig/debian/patches/091_CVE-2011-3639.dpatch +++ apache2-2.2.16/debian/patches/091_CVE-2011-3639.dpatch @@ -0,0 +1,45 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 091_CVE-2011-3639.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: backport of upstream r1188745 +commit daadb710ab9c207e717a6cfdd5e9cf0ed3ba4f59 +Author: Ruediger Pluem +Date: Tue Oct 25 15:56:08 2011 +0000 + + * Correctly return a 400 (Bad request) in case of a HTTP/0.9 request like GET @example.org/foo + + git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1188745 13f79535-47bb-0310-9956-ffa450edef68 +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' squeeze-apache2~/server/protocol.c squeeze-apache2/server/protocol.c +--- squeeze-apache2~/server/protocol.c 2011-12-03 18:28:59.000000000 +0100 ++++ squeeze-apache2/server/protocol.c 2011-12-03 18:33:23.331921967 +0100 +@@ -654,6 +654,7 @@ + r->hostname = NULL; + r->status = HTTP_BAD_REQUEST; + r->uri = apr_pstrdup(r->pool, uri); ++ return 0; + } + + if (ll[0]) { +@@ -908,9 +909,17 @@ + + /* Get the request... */ + if (!read_request_line(r, tmp_bb)) { +- if (r->status == HTTP_REQUEST_URI_TOO_LARGE) { +- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, +- "request failed: URI too long (longer than %d)", r->server->limit_req_line); ++ if (r->status == HTTP_REQUEST_URI_TOO_LARGE ++ || r->status == HTTP_BAD_REQUEST) { ++ if (r->status == HTTP_REQUEST_URI_TOO_LARGE) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ++ "request failed: URI too long (longer than %d)", ++ r->server->limit_req_line); ++ } ++ else if (r->method == NULL) { ++ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, ++ "request failed: invalid characters in URI"); ++ } + ap_send_error_response(r, 0); + ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); + ap_run_log_transaction(r); --- apache2-2.2.16.orig/debian/patches/086_range_regressions.dpatch +++ apache2-2.2.16/debian/patches/086_range_regressions.dpatch @@ -0,0 +1,167 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 086_range_regressions.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Merge bug fixes from upstream trunk up to r1165062, but +## DP: keep the compatible behaviour for 'bytes=0-' requests to send +## DP: a 206 response. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' apache2-2.2.16~/modules/http/byterange_filter.c apache2-2.2.16/modules/http/byterange_filter.c +--- apache2-2.2.16~/modules/http/byterange_filter.c 2011-09-04 22:22:38.000000000 +0200 ++++ apache2-2.2.16/modules/http/byterange_filter.c 2011-09-04 22:23:02.626962191 +0200 +@@ -243,6 +243,20 @@ + apr_off_t end; + } indexes_t; + ++static apr_status_t send_416(ap_filter_t *f, apr_bucket_brigade *tmpbb) ++{ ++ apr_bucket *e; ++ conn_rec *c = f->r->connection; ++ ap_remove_output_filter(f); ++ f->r->status = HTTP_OK; ++ e = ap_bucket_error_create(HTTP_RANGE_NOT_SATISFIABLE, NULL, ++ f->r->pool, c->bucket_alloc); ++ APR_BRIGADE_INSERT_TAIL(tmpbb, e); ++ e = apr_bucket_eos_create(c->bucket_alloc); ++ APR_BRIGADE_INSERT_TAIL(tmpbb, e); ++ return ap_pass_brigade(f->next, tmpbb); ++} ++ + AP_CORE_DECLARE_NONSTD(apr_status_t) ap_byterange_filter(ap_filter_t *f, + apr_bucket_brigade *bb) + { +@@ -296,6 +310,12 @@ + return ap_pass_brigade(f->next, bb); + } + ++ /* this brigade holds what we will be sending */ ++ bsend = apr_brigade_create(r->pool, c->bucket_alloc); ++ ++ if (num_ranges < 0) ++ return send_416(f, bsend); ++ + if (num_ranges > 1) { + /* Is ap_make_content_type required here? */ + const char *orig_ct = ap_make_content_type(r, r->content_type); +@@ -325,8 +345,6 @@ + ap_xlate_proto_to_ascii(bound_head, strlen(bound_head)); + } + +- /* this brigade holds what we will be sending */ +- bsend = apr_brigade_create(r->pool, c->bucket_alloc); + tmpbb = apr_brigade_create(r->pool, c->bucket_alloc); + + idx = (indexes_t *)indexes->elts; +@@ -384,15 +402,8 @@ + } + + if (found == 0) { +- ap_remove_output_filter(f); +- r->status = HTTP_OK; + /* bsend is assumed to be empty if we get here. */ +- e = ap_bucket_error_create(HTTP_RANGE_NOT_SATISFIABLE, NULL, +- r->pool, c->bucket_alloc); +- APR_BRIGADE_INSERT_TAIL(bsend, e); +- e = apr_bucket_eos_create(c->bucket_alloc); +- APR_BRIGADE_INSERT_TAIL(bsend, e); +- return ap_pass_brigade(f->next, bsend); ++ return send_416(f, bsend); + } + + if (num_ranges > 1) { +@@ -424,7 +435,7 @@ + const char *match; + const char *ct; + char *cur; +- int num_ranges = 0; ++ int num_ranges = 0, unsatisfiable = 0; + apr_off_t sum_lengths = 0; + indexes_t *idx; + int ranges = 1; +@@ -497,14 +508,25 @@ + char *errp; + apr_off_t number, start, end; + +- if (!(dash = strchr(cur, '-'))) { ++ if (!*cur) + break; ++ ++ /* ++ * Per RFC 2616 14.35.1: If there is at least one syntactically invalid ++ * byte-range-spec, we must ignore the whole header. ++ */ ++ ++ if (!(dash = strchr(cur, '-'))) { ++ return 0; + } + +- if (dash == range) { ++ if (dash == cur) { + /* In the form "-5" */ + if (apr_strtoff(&number, dash+1, &errp, 10) || *errp) { +- break; ++ return 0; ++ } ++ if (number < 1) { ++ return 0; + } + start = clength - number; + end = clength - 1; +@@ -512,14 +534,17 @@ + else { + *dash++ = '\0'; + if (apr_strtoff(&number, cur, &errp, 10) || *errp) { +- break; ++ return 0; + } + start = number; + if (*dash) { + if (apr_strtoff(&number, dash, &errp, 10) || *errp) { +- break; ++ return 0; + } + end = number; ++ if (start > end) { ++ return 0; ++ } + } + else { /* "5-" */ + end = clength - 1; +@@ -529,15 +554,14 @@ + if (start < 0) { + start = 0; + } ++ if (start >= clength) { ++ unsatisfiable = 1; ++ continue; ++ } + if (end >= clength) { + end = clength - 1; + } + +- if (start > end) { +- /* ignore? count? */ +- break; +- } +- + idx = (indexes_t *)apr_array_push(*indexes); + idx->start = start; + idx->end = end; +@@ -546,9 +570,14 @@ + num_ranges++; + } + +- if (sum_lengths >= clength) { ++ if (num_ranges == 0 && unsatisfiable) { ++ /* If all ranges are unsatisfiable, we should return 416 */ ++ return -1; ++ } ++ ++ if (sum_lengths > clength) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, +- "Sum of ranges not smaller than file, ignoring."); ++ "Sum of ranges larger than file, ignoring."); + return 0; + } + --- apache2-2.2.16.orig/debian/patches/069_no_deflate_for_HEAD.dpatch +++ apache2-2.2.16/debian/patches/069_no_deflate_for_HEAD.dpatch @@ -0,0 +1,30 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: mod_deflate DoS +## DP: This should switch off deflate for HEAD requests +## DP: Patch by Ruediger Pluem + +@DPATCH@ +--- a/modules/filters/mod_deflate.c (revision 793927) ++++ a/modules/filters/mod_deflate.c (working copy) +@@ -629,6 +629,19 @@ + apr_bucket *b; + apr_size_t len; + ++ /* ++ * Optimization: If we are a HEAD request and bytes_sent is not zero ++ * it means that we have passed the content-length filter once and ++ * have more data to sent. This means that the content-length filter ++ * could not determine our content-length for the response to the ++ * HEAD request anyway (the associated GET request would deliver the ++ * body in chunked encoding) and we can stop compressing. ++ */ ++ if (r->header_only && r->bytes_sent) { ++ ap_remove_output_filter(f); ++ return ap_pass_brigade(f->next, bb); ++ } ++ + e = APR_BRIGADE_FIRST(bb); + + if (APR_BUCKET_IS_EOS(e)) { --- apache2-2.2.16.orig/debian/patches/067_fix_segfault_in_ab.dpatch +++ apache2-2.2.16/debian/patches/067_fix_segfault_in_ab.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 067_fix_segfault_in_ab.dpatch by Ryan Niebur +## +## DP: Do not free what SSL_get_peer_cert_chain returns. It returns a +## pointer to memory that is freed later on with the +## session. (Bug#495982) +## Forwarded: https://issues.apache.org/bugzilla/show_bug.cgi?id=46393 + +@DPATCH@ +diff -urNad apache2-2.2.9~/support/ab.c apache2-2.2.9/support/ab.c +--- apache2-2.2.9~/support/ab.c 2008-05-28 05:58:01.000000000 -0700 ++++ apache2-2.2.9/support/ab.c 2008-11-29 15:47:41.000000000 -0800 +@@ -535,7 +535,6 @@ + for (i=1; issl); --- apache2-2.2.16.orig/debian/patches/082_ab_num_requests.dpatch +++ apache2-2.2.16/debian/patches/082_ab_num_requests.dpatch @@ -0,0 +1,45 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 082_ab_num_requests.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Upstream r940526, Debian bug #541158 + +@DPATCH@ +diff -urNad trunk~/support/ab.c trunk/support/ab.c +--- trunk~/support/ab.c 2010-07-16 22:17:41.697762479 +0200 ++++ trunk/support/ab.c 2010-07-16 22:17:45.661763246 +0200 +@@ -628,6 +628,10 @@ + + static void write_request(struct connection * c) + { ++ if (started >= requests) { ++ return; ++ } ++ + do { + apr_time_t tnow; + apr_size_t l = c->rwrite; +@@ -690,6 +694,7 @@ + new_pollfd.client_data = c; + apr_pollset_add(readbits, &new_pollfd); + } ++ started++; + } + + /* --------------------------------------------------------- */ +@@ -1239,7 +1244,6 @@ + + /* connected first time */ + c->state = STATE_CONNECTED; +- started++; + #ifdef USE_SSL + if (c->ssl) { + ssl_proceed_handshake(c); +@@ -1766,7 +1770,6 @@ + } + else { + c->state = STATE_CONNECTED; +- started++; + #ifdef USE_SSL + if (c->ssl) + ssl_proceed_handshake(c); --- apache2-2.2.16.orig/debian/patches/079_polish_translation.dpatch +++ apache2-2.2.16/debian/patches/079_polish_translation.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 079_polish_translation.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: #570228 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' trunk~/docs/error/HTTP_NOT_FOUND.html.var trunk/docs/error/HTTP_NOT_FOUND.html.var +--- trunk~/docs/error/HTTP_NOT_FOUND.html.var 2005-11-13 14:22:28.000000000 +0100 ++++ trunk/docs/error/HTTP_NOT_FOUND.html.var 2010-02-20 11:37:08.229021346 +0100 +@@ -292,7 +292,7 @@ + o problemie. + + +- Je�li wpisa�e� URLa r�cznie, sprawd�, czy nie si� nie pomyli�e�. ++ Je�li wpisa�e� URLa r�cznie, sprawd�, czy si� nie pomyli�e�. + + + --- apache2-2.2.16.orig/debian/patches/045_suexec_log_cloexec.dpatch +++ apache2-2.2.16/debian/patches/045_suexec_log_cloexec.dpatch @@ -0,0 +1,46 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## suexec_log_cloexec.dpatch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Patch to allow suexec to log after a cgi error (#312385) +## DP: http://issues.apache.org/bugzilla/show_bug.cgi?id=10744 + +@DPATCH@ + +diff -ru apache2-2.2.3.orig/support/suexec.c apache2-2.2.3/support/suexec.c +--- apache2-2.2.3.orig/support/suexec.c 2006-07-12 05:38:44.000000000 +0200 ++++ apache2-2.2.3/support/suexec.c 2007-05-24 18:37:04.000000000 +0200 +@@ -46,6 +46,7 @@ + #include + #include + #include ++#include + + #ifdef HAVE_PWD_H + #include +@@ -596,17 +597,14 @@ + #endif /* AP_SUEXEC_UMASK */ + + /* +- * Be sure to close the log file so the CGI can't +- * mess with it. If the exec fails, it will be reopened +- * automatically when log_err is called. Note that the log +- * might not actually be open if AP_LOG_EXEC isn't defined. +- * However, the "log" cell isn't ifdef'd so let's be defensive +- * and assume someone might have done something with it +- * outside an ifdef'd AP_LOG_EXEC block. +- */ +- if (log != NULL) { +- fclose(log); +- log = NULL; ++ * ask fcntl(2) to set the FD_CLOEXEC flag on the log file, ++ * so it'll be automagically closed if the exec() call succeeds. ++ */ ++ fflush(log); ++ setbuf(log,NULL); ++ if(fcntl(fileno(log),F_SETFD,FD_CLOEXEC)==-1) { ++ log_err("error: can't set close-on-exec flag"); ++ exit(122); + } + + /* --- apache2-2.2.16.orig/debian/patches/085_CVE-2011-3192.dpatch +++ apache2-2.2.16/debian/patches/085_CVE-2011-3192.dpatch @@ -0,0 +1,604 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 085_CVE-2011-3192.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Backport byterange filter code from upstream branches/2.2.x up to +## DP: r1162885 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' apache2-2.2.16~/modules/http/byterange_filter.c apache2-2.2.16/modules/http/byterange_filter.c +--- apache2-2.2.16~/modules/http/byterange_filter.c 2010-02-26 10:32:15.000000000 +0100 ++++ apache2-2.2.16/modules/http/byterange_filter.c 2011-08-29 20:26:41.749528182 +0200 +@@ -55,65 +55,8 @@ + #include + #endif + +-static int parse_byterange(char *range, apr_off_t clength, +- apr_off_t *start, apr_off_t *end) +-{ +- char *dash = strchr(range, '-'); +- char *errp; +- apr_off_t number; +- +- if (!dash) { +- return 0; +- } +- +- if ((dash == range)) { +- /* In the form "-5" */ +- if (apr_strtoff(&number, dash+1, &errp, 10) || *errp) { +- return 0; +- } +- *start = clength - number; +- *end = clength - 1; +- } +- else { +- *dash++ = '\0'; +- if (apr_strtoff(&number, range, &errp, 10) || *errp) { +- return 0; +- } +- *start = number; +- if (*dash) { +- if (apr_strtoff(&number, dash, &errp, 10) || *errp) { +- return 0; +- } +- *end = number; +- } +- else { /* "5-" */ +- *end = clength - 1; +- } +- } +- +- if (*start < 0) { +- *start = 0; +- } +- +- if (*end >= clength) { +- *end = clength - 1; +- } +- +- if (*start > *end) { +- return -1; +- } +- +- return (*start > 0 || *end < clength); +-} +- +-static int ap_set_byterange(request_rec *r); +- +-typedef struct byterange_ctx { +- apr_bucket_brigade *bb; +- int num_ranges; +- char *boundary; +- char *bound_head; +-} byterange_ctx; ++static int ap_set_byterange(request_rec *r, apr_off_t clength, ++ apr_array_header_t **indexes); + + /* + * Here we try to be compatible with clients that want multipart/x-byteranges +@@ -131,28 +74,200 @@ + } + + #define BYTERANGE_FMT "%" APR_OFF_T_FMT "-%" APR_OFF_T_FMT "/%" APR_OFF_T_FMT +-#define PARTITION_ERR_FMT "apr_brigade_partition() failed " \ +- "[%" APR_OFF_T_FMT ",%" APR_OFF_T_FMT "]" ++ ++static apr_status_t copy_brigade_range(apr_bucket_brigade *bb, ++ apr_bucket_brigade *bbout, ++ apr_off_t start, ++ apr_off_t end) ++{ ++ apr_bucket *first = NULL, *last = NULL, *out_first = NULL, *e; ++ apr_uint64_t pos = 0, off_first = 0, off_last = 0; ++ apr_status_t rv; ++ const char *s; ++ apr_size_t len; ++ apr_uint64_t start64, end64; ++ apr_off_t pofft = 0; ++ ++ /* ++ * Once we know that start and end are >= 0 convert everything to apr_uint64_t. ++ * See the comments in apr_brigade_partition why. ++ * In short apr_off_t (for values >= 0)and apr_size_t fit into apr_uint64_t. ++ */ ++ start64 = (apr_uint64_t)start; ++ end64 = (apr_uint64_t)end; ++ ++ if (start < 0 || end < 0 || start64 > end64) ++ return APR_EINVAL; ++ ++ for (e = APR_BRIGADE_FIRST(bb); ++ e != APR_BRIGADE_SENTINEL(bb); ++ e = APR_BUCKET_NEXT(e)) ++ { ++ apr_uint64_t elen64; ++ /* we know that no bucket has undefined length (-1) */ ++ AP_DEBUG_ASSERT(e->length != (apr_size_t)(-1)); ++ elen64 = (apr_uint64_t)e->length; ++ if (!first && (elen64 + pos > start64)) { ++ first = e; ++ off_first = pos; ++ } ++ if (elen64 + pos > end64) { ++ last = e; ++ off_last = pos; ++ break; ++ } ++ pos += elen64; ++ } ++ if (!first || !last) ++ return APR_EINVAL; ++ ++ e = first; ++ while (1) ++ { ++ apr_bucket *copy; ++ AP_DEBUG_ASSERT(e != APR_BRIGADE_SENTINEL(bb)); ++ rv = apr_bucket_copy(e, ©); ++ if (rv != APR_SUCCESS) { ++ apr_brigade_cleanup(bbout); ++ return rv; ++ } ++ ++ APR_BRIGADE_INSERT_TAIL(bbout, copy); ++ if (e == first) { ++ if (off_first != start64) { ++ rv = apr_bucket_split(copy, (apr_size_t)(start64 - off_first)); ++ if (rv == APR_ENOTIMPL) { ++ rv = apr_bucket_read(copy, &s, &len, APR_BLOCK_READ); ++ if (rv != APR_SUCCESS) { ++ apr_brigade_cleanup(bbout); ++ return rv; ++ } ++ /* ++ * The read above might have morphed copy in a bucket ++ * of shorter length. So read and delete until we reached ++ * the correct bucket for splitting. ++ */ ++ while (start64 - off_first > (apr_uint64_t)copy->length) { ++ apr_bucket *tmp = APR_BUCKET_NEXT(copy); ++ off_first += (apr_uint64_t)copy->length; ++ APR_BUCKET_REMOVE(copy); ++ apr_bucket_destroy(copy); ++ copy = tmp; ++ rv = apr_bucket_read(copy, &s, &len, APR_BLOCK_READ); ++ if (rv != APR_SUCCESS) { ++ apr_brigade_cleanup(bbout); ++ return rv; ++ } ++ } ++ if (start64 > off_first) { ++ rv = apr_bucket_split(copy, (apr_size_t)(start64 - off_first)); ++ if (rv != APR_SUCCESS) { ++ apr_brigade_cleanup(bbout); ++ return rv; ++ } ++ } ++ else { ++ copy = APR_BUCKET_PREV(copy); ++ } ++ } ++ else if (rv != APR_SUCCESS) { ++ apr_brigade_cleanup(bbout); ++ return rv; ++ } ++ out_first = APR_BUCKET_NEXT(copy); ++ APR_BUCKET_REMOVE(copy); ++ apr_bucket_destroy(copy); ++ } ++ else { ++ out_first = copy; ++ } ++ } ++ if (e == last) { ++ if (e == first) { ++ off_last += start64 - off_first; ++ copy = out_first; ++ } ++ if (end64 - off_last != (apr_uint64_t)e->length) { ++ rv = apr_bucket_split(copy, (apr_size_t)(end64 + 1 - off_last)); ++ if (rv == APR_ENOTIMPL) { ++ rv = apr_bucket_read(copy, &s, &len, APR_BLOCK_READ); ++ if (rv != APR_SUCCESS) { ++ apr_brigade_cleanup(bbout); ++ return rv; ++ } ++ /* ++ * The read above might have morphed copy in a bucket ++ * of shorter length. So read until we reached ++ * the correct bucket for splitting. ++ */ ++ while (end64 + 1 - off_last > (apr_uint64_t)copy->length) { ++ off_last += (apr_uint64_t)copy->length; ++ copy = APR_BUCKET_NEXT(copy); ++ rv = apr_bucket_read(copy, &s, &len, APR_BLOCK_READ); ++ if (rv != APR_SUCCESS) { ++ apr_brigade_cleanup(bbout); ++ return rv; ++ } ++ } ++ if (end64 < off_last + (apr_uint64_t)copy->length - 1) { ++ rv = apr_bucket_split(copy, end64 + 1 - off_last); ++ if (rv != APR_SUCCESS) { ++ apr_brigade_cleanup(bbout); ++ return rv; ++ } ++ } ++ } ++ else if (rv != APR_SUCCESS) { ++ apr_brigade_cleanup(bbout); ++ return rv; ++ } ++ copy = APR_BUCKET_NEXT(copy); ++ if (copy != APR_BRIGADE_SENTINEL(bbout)) { ++ APR_BUCKET_REMOVE(copy); ++ apr_bucket_destroy(copy); ++ } ++ } ++ break; ++ } ++ e = APR_BUCKET_NEXT(e); ++ } ++ ++ AP_DEBUG_ASSERT(APR_SUCCESS == apr_brigade_length(bbout, 1, &pofft)); ++ pos = (apr_uint64_t)pofft; ++ AP_DEBUG_ASSERT(pos == end64 - start64 + 1); ++ return APR_SUCCESS; ++} ++ ++typedef struct indexes_t { ++ apr_off_t start; ++ apr_off_t end; ++} indexes_t; + + AP_CORE_DECLARE_NONSTD(apr_status_t) ap_byterange_filter(ap_filter_t *f, + apr_bucket_brigade *bb) + { +-#define MIN_LENGTH(len1, len2) ((len1 > len2) ? len2 : len1) + request_rec *r = f->r; + conn_rec *c = r->connection; +- byterange_ctx *ctx; + apr_bucket *e; + apr_bucket_brigade *bsend; ++ apr_bucket_brigade *tmpbb; + apr_off_t range_start; + apr_off_t range_end; +- char *current; + apr_off_t clength = 0; + apr_status_t rv; + int found = 0; + int num_ranges; ++ char *boundary = NULL; ++ char *bound_head = NULL; ++ apr_array_header_t *indexes; ++ indexes_t *idx; ++ int original_status; ++ int i; + +- /* Iterate through the brigade until reaching EOS or a bucket with +- * unknown length. */ ++ /* ++ * Iterate through the brigade until reaching EOS or a bucket with ++ * unknown length. ++ */ + for (e = APR_BRIGADE_FIRST(bb); + (e != APR_BRIGADE_SENTINEL(bb) && !APR_BUCKET_IS_EOS(e) + && e->length != (apr_size_t)-1); +@@ -160,90 +275,80 @@ + clength += e->length; + } + +- /* Don't attempt to do byte range work if this brigade doesn't ++ /* ++ * Don't attempt to do byte range work if this brigade doesn't + * contain an EOS, or if any of the buckets has an unknown length; + * this avoids the cases where it is expensive to perform +- * byteranging (i.e. may require arbitrary amounts of memory). */ ++ * byteranging (i.e. may require arbitrary amounts of memory). ++ */ + if (!APR_BUCKET_IS_EOS(e) || clength <= 0) { + ap_remove_output_filter(f); + return ap_pass_brigade(f->next, bb); + } + +- num_ranges = ap_set_byterange(r); ++ original_status = r->status; ++ num_ranges = ap_set_byterange(r, clength, &indexes); + + /* We have nothing to do, get out of the way. */ + if (num_ranges == 0) { ++ r->status = original_status; + ap_remove_output_filter(f); + return ap_pass_brigade(f->next, bb); + } + +- ctx = apr_pcalloc(r->pool, sizeof(*ctx)); +- ctx->num_ranges = num_ranges; +- /* create a brigade in case we never call ap_save_brigade() */ +- ctx->bb = apr_brigade_create(r->pool, c->bucket_alloc); +- +- if (ctx->num_ranges > 1) { ++ if (num_ranges > 1) { + /* Is ap_make_content_type required here? */ + const char *orig_ct = ap_make_content_type(r, r->content_type); +- ctx->boundary = apr_psprintf(r->pool, "%" APR_UINT64_T_HEX_FMT "%lx", +- (apr_uint64_t)r->request_time, (long) getpid()); ++ boundary = apr_psprintf(r->pool, "%" APR_UINT64_T_HEX_FMT "%lx", ++ (apr_uint64_t)r->request_time, (long) getpid()); + + ap_set_content_type(r, apr_pstrcat(r->pool, "multipart", + use_range_x(r) ? "/x-" : "/", + "byteranges; boundary=", +- ctx->boundary, NULL)); ++ boundary, NULL)); + + if (strcasecmp(orig_ct, NO_CONTENT_TYPE)) { +- ctx->bound_head = apr_pstrcat(r->pool, +- CRLF "--", ctx->boundary, +- CRLF "Content-type: ", +- orig_ct, +- CRLF "Content-range: bytes ", +- NULL); ++ bound_head = apr_pstrcat(r->pool, ++ CRLF "--", boundary, ++ CRLF "Content-type: ", ++ orig_ct, ++ CRLF "Content-range: bytes ", ++ NULL); + } + else { + /* if we have no type for the content, do our best */ +- ctx->bound_head = apr_pstrcat(r->pool, +- CRLF "--", ctx->boundary, +- CRLF "Content-range: bytes ", +- NULL); ++ bound_head = apr_pstrcat(r->pool, ++ CRLF "--", boundary, ++ CRLF "Content-range: bytes ", ++ NULL); + } +- ap_xlate_proto_to_ascii(ctx->bound_head, strlen(ctx->bound_head)); ++ ap_xlate_proto_to_ascii(bound_head, strlen(bound_head)); + } + + /* this brigade holds what we will be sending */ + bsend = apr_brigade_create(r->pool, c->bucket_alloc); ++ tmpbb = apr_brigade_create(r->pool, c->bucket_alloc); + +- while ((current = ap_getword(r->pool, &r->range, ',')) +- && (rv = parse_byterange(current, clength, &range_start, +- &range_end))) { +- apr_bucket *e2; +- apr_bucket *ec; +- +- if (rv == -1) { +- continue; +- } ++ idx = (indexes_t *)indexes->elts; ++ for (i = 0; i < indexes->nelts; i++, idx++) { ++ range_start = idx->start; ++ range_end = idx->end; + +- /* These calls to apr_brigage_partition should only fail in +- * pathological cases, e.g. a file being truncated whilst +- * being served. */ +- if ((rv = apr_brigade_partition(bb, range_start, &ec)) != APR_SUCCESS) { +- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, +- PARTITION_ERR_FMT, range_start, clength); +- continue; +- } +- if ((rv = apr_brigade_partition(bb, range_end+1, &e2)) != APR_SUCCESS) { ++ rv = copy_brigade_range(bb, tmpbb, range_start, range_end); ++ if (rv != APR_SUCCESS ) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, +- PARTITION_ERR_FMT, range_end+1, clength); ++ "copy_brigade_range() failed [%" APR_OFF_T_FMT ++ "-%" APR_OFF_T_FMT ",%" APR_OFF_T_FMT "]", ++ range_start, range_end, clength); + continue; + } +- + found = 1; + +- /* For single range requests, we must produce Content-Range header. ++ /* ++ * For single range requests, we must produce Content-Range header. + * Otherwise, we need to produce the multipart boundaries. + */ +- if (ctx->num_ranges == 1) { ++ if (num_ranges == 1) { + apr_table_setn(r->headers_out, "Content-Range", + apr_psprintf(r->pool, "bytes " BYTERANGE_FMT, + range_start, range_end, clength)); +@@ -251,7 +356,7 @@ + else { + char *ts; + +- e = apr_bucket_pool_create(ctx->bound_head, strlen(ctx->bound_head), ++ e = apr_bucket_pool_create(bound_head, strlen(bound_head), + r->pool, c->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(bsend, e); + +@@ -263,23 +368,19 @@ + APR_BRIGADE_INSERT_TAIL(bsend, e); + } + +- do { +- apr_bucket *foo; +- const char *str; +- apr_size_t len; +- +- if (apr_bucket_copy(ec, &foo) != APR_SUCCESS) { +- /* As above; this should not fail since the bucket has +- * a known length, but just to be sure, this takes +- * care of uncopyable buckets that do somehow manage +- * to slip through. */ +- /* XXX: check for failure? */ +- apr_bucket_read(ec, &str, &len, APR_BLOCK_READ); +- apr_bucket_copy(ec, &foo); +- } +- APR_BRIGADE_INSERT_TAIL(bsend, foo); +- ec = APR_BUCKET_NEXT(ec); +- } while (ec != e2); ++ APR_BRIGADE_CONCAT(bsend, tmpbb); ++ if (i && !(i & 0x1F)) { ++ /* ++ * Every now and then, pass what we have down the filter chain. ++ * In this case, the content-length filter cannot calculate and ++ * set the content length and we must remove any Content-Length ++ * header already present. ++ */ ++ apr_table_unset(r->headers_out, "Content-Length"); ++ if ((rv = ap_pass_brigade(f->next, bsend)) != APR_SUCCESS) ++ return rv; ++ apr_brigade_cleanup(bsend); ++ } + } + + if (found == 0) { +@@ -294,11 +395,11 @@ + return ap_pass_brigade(f->next, bsend); + } + +- if (ctx->num_ranges > 1) { ++ if (num_ranges > 1) { + char *end; + + /* add the final boundary */ +- end = apr_pstrcat(r->pool, CRLF "--", ctx->boundary, "--" CRLF, NULL); ++ end = apr_pstrcat(r->pool, CRLF "--", boundary, "--" CRLF, NULL); + ap_xlate_proto_to_ascii(end, strlen(end)); + e = apr_bucket_pool_create(end, strlen(end), r->pool, c->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(bsend, e); +@@ -309,24 +410,32 @@ + + /* we're done with the original content - all of our data is in bsend. */ + apr_brigade_cleanup(bb); ++ apr_brigade_destroy(tmpbb); + + /* send our multipart output */ + return ap_pass_brigade(f->next, bsend); + } + +-static int ap_set_byterange(request_rec *r) ++static int ap_set_byterange(request_rec *r, apr_off_t clength, ++ apr_array_header_t **indexes) + { + const char *range; + const char *if_range; + const char *match; + const char *ct; +- int num_ranges; ++ char *cur; ++ int num_ranges = 0; ++ apr_off_t sum_lengths = 0; ++ indexes_t *idx; ++ int ranges = 1; ++ const char *it; + + if (r->assbackwards) { + return 0; + } + +- /* Check for Range request-header (HTTP/1.1) or Request-Range for ++ /* ++ * Check for Range request-header (HTTP/1.1) or Request-Range for + * backwards-compatibility with second-draft Luotonen/Franks + * byte-ranges (e.g. Netscape Navigator 2-3). + * +@@ -356,7 +465,8 @@ + return 0; + } + +- /* Check the If-Range header for Etag or Date. ++ /* ++ * Check the If-Range header for Etag or Date. + * Note that this check will return false (as required) if either + * of the two etags are weak. + */ +@@ -373,17 +483,77 @@ + } + } + +- if (!ap_strchr_c(range, ',')) { +- /* a single range */ +- num_ranges = 1; ++ range += 6; ++ it = range; ++ while (*it) { ++ if (*it++ == ',') { ++ ranges++; ++ } + } +- else { +- /* a multiple range */ +- num_ranges = 2; ++ it = range; ++ *indexes = apr_array_make(r->pool, ranges, sizeof(indexes_t)); ++ while ((cur = ap_getword(r->pool, &range, ','))) { ++ char *dash; ++ char *errp; ++ apr_off_t number, start, end; ++ ++ if (!(dash = strchr(cur, '-'))) { ++ break; ++ } ++ ++ if (dash == range) { ++ /* In the form "-5" */ ++ if (apr_strtoff(&number, dash+1, &errp, 10) || *errp) { ++ break; ++ } ++ start = clength - number; ++ end = clength - 1; ++ } ++ else { ++ *dash++ = '\0'; ++ if (apr_strtoff(&number, cur, &errp, 10) || *errp) { ++ break; ++ } ++ start = number; ++ if (*dash) { ++ if (apr_strtoff(&number, dash, &errp, 10) || *errp) { ++ break; ++ } ++ end = number; ++ } ++ else { /* "5-" */ ++ end = clength - 1; ++ } ++ } ++ ++ if (start < 0) { ++ start = 0; ++ } ++ if (end >= clength) { ++ end = clength - 1; ++ } ++ ++ if (start > end) { ++ /* ignore? count? */ ++ break; ++ } ++ ++ idx = (indexes_t *)apr_array_push(*indexes); ++ idx->start = start; ++ idx->end = end; ++ sum_lengths += end - start + 1; ++ /* new set again */ ++ num_ranges++; ++ } ++ ++ if (sum_lengths >= clength) { ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ++ "Sum of ranges not smaller than file, ignoring."); ++ return 0; + } + + r->status = HTTP_PARTIAL_CONTENT; +- r->range = range + 6; ++ r->range = it; + + return num_ranges; + } --- apache2-2.2.16.orig/debian/patches/080_mod_reqtimeout_fixes.dpatch +++ apache2-2.2.16/debian/patches/080_mod_reqtimeout_fixes.dpatch @@ -0,0 +1,370 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## DP: r921378, r921526, r922407, r923418, r923429, r925986, r928881 from upstream trunk: +## DP: - Move initialization to process_connection hook, right before +## DP: ap_process_http_request. This ensures that we are not inserted for other +## DP: protocol handlers (like mod_ftp) and mod_proxy's backend connections. +## DP: - Enforce request timeout even for AP_MODE_GETLINE. +## DP: - Shorten lingering close wait time to 2s if timeout occurs. +## DP: - Disable body timeout for CONNECT requests. +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' trunk~/modules/filters/mod_reqtimeout.c trunk/modules/filters/mod_reqtimeout.c +--- trunk~/modules/filters/mod_reqtimeout.c 2010-03-29 21:51:42.000000000 +0200 ++++ trunk/modules/filters/mod_reqtimeout.c 2010-03-29 22:22:21.652500789 +0200 +@@ -20,9 +20,12 @@ + #include "http_connection.h" + #include "http_protocol.h" + #include "http_log.h" ++#define CORE_PRIVATE ++#include "http_core.h" + #include "util_filter.h" + #define APR_WANT_STRFUNC + #include "apr_strings.h" ++#include "apr_support.h" + + module AP_MODULE_DECLARE_DATA reqtimeout_module; + +@@ -38,6 +41,7 @@ + apr_time_t body_rate_factor; + } reqtimeout_srv_cfg; + ++/* this struct is used both as conn_config and as filter context */ + typedef struct + { + apr_time_t timeout_at; +@@ -47,14 +51,11 @@ + int new_max_timeout; + int in_keep_alive; + char *type; ++ apr_socket_t *socket; + apr_time_t rate_factor; ++ apr_bucket_brigade *tmpbb; + } reqtimeout_con_cfg; + +-typedef struct +-{ +- apr_socket_t *socket; +-} reqtimeout_ctx; +- + static const char *const reqtimeout_filter_name = "reqtimeout"; + + static void extend_timeout(reqtimeout_con_cfg *ccfg, apr_bucket_brigade *bb) +@@ -74,24 +75,60 @@ + } + } + ++static apr_status_t check_time_left(reqtimeout_con_cfg *ccfg, ++ apr_time_t *time_left_p) ++{ ++ *time_left_p = ccfg->timeout_at - apr_time_now(); ++ if (*time_left_p <= 0) ++ return APR_TIMEUP; ++ ++ if (*time_left_p < apr_time_from_sec(1)) { ++ *time_left_p = apr_time_from_sec(1); ++ } ++ return APR_SUCCESS; ++} ++ ++static apr_status_t have_lf_or_eos(apr_bucket_brigade *bb) ++{ ++ apr_bucket *b = APR_BRIGADE_LAST(bb); ++ ++ for ( ; b != APR_BRIGADE_SENTINEL(bb) ; b = APR_BUCKET_PREV(b) ) { ++ const char *str; ++ apr_size_t len; ++ apr_status_t rv; ++ ++ if (APR_BUCKET_IS_EOS(b)) ++ return APR_SUCCESS; ++ ++ if (APR_BUCKET_IS_METADATA(b)) ++ continue; ++ ++ rv = apr_bucket_read(b, &str, &len, APR_BLOCK_READ); ++ if (rv != APR_SUCCESS) ++ return rv; ++ ++ if (len == 0) ++ continue; ++ ++ if (str[len-1] == APR_ASCII_LF) ++ return APR_SUCCESS; ++ } ++ return APR_INCOMPLETE; ++} ++ ++ ++#define MIN(x,y) ((x) < (y) ? (x) : (y)) + static apr_status_t reqtimeout_filter(ap_filter_t *f, + apr_bucket_brigade *bb, + ap_input_mode_t mode, + apr_read_type_e block, + apr_off_t readbytes) + { +- reqtimeout_ctx *ctx; + apr_time_t time_left; + apr_time_t now; + apr_status_t rv; + apr_interval_time_t saved_sock_timeout = -1; +- reqtimeout_con_cfg *ccfg; +- +- ctx = f->ctx; +- AP_DEBUG_ASSERT(ctx != NULL); +- +- ccfg = ap_get_module_config(f->c->conn_config, &reqtimeout_module); +- AP_DEBUG_ASSERT(ccfg != NULL); ++ reqtimeout_con_cfg *ccfg = f->ctx; + + if (ccfg->in_keep_alive) { + /* For this read, the normal keep-alive timeout must be used */ +@@ -114,13 +151,14 @@ + return ap_get_brigade(f->next, bb, mode, block, readbytes); + } + +- time_left = ccfg->timeout_at - now; +- if (time_left <= 0) { +- ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c, +- "Request %s read timeout", ccfg->type); +- return APR_TIMEUP; ++ if (!ccfg->socket) { ++ ccfg->socket = ap_get_module_config(f->c->conn_config, &core_module); + } + ++ rv = check_time_left(ccfg, &time_left); ++ if (rv != APR_SUCCESS) ++ goto out; ++ + if (block == APR_NONBLOCK_READ || mode == AP_MODE_INIT + || mode == AP_MODE_EATCRLF) { + rv = ap_get_brigade(f->next, bb, mode, block, readbytes); +@@ -130,41 +168,103 @@ + return rv; + } + +- if (time_left < apr_time_from_sec(1)) { +- time_left = apr_time_from_sec(1); +- } ++ rv = apr_socket_timeout_get(ccfg->socket, &saved_sock_timeout); ++ AP_DEBUG_ASSERT(rv == APR_SUCCESS); + +- rv = apr_socket_timeout_get(ctx->socket, &saved_sock_timeout); ++ rv = apr_socket_timeout_set(ccfg->socket, MIN(time_left, saved_sock_timeout)); + AP_DEBUG_ASSERT(rv == APR_SUCCESS); + +- if (saved_sock_timeout >= time_left) { +- rv = apr_socket_timeout_set(ctx->socket, time_left); +- AP_DEBUG_ASSERT(rv == APR_SUCCESS); +- } +- else { +- saved_sock_timeout = -1; +- } ++ if (mode == AP_MODE_GETLINE) { ++ /* ++ * For a blocking AP_MODE_GETLINE read, apr_brigade_split_line() ++ * would loop until a whole line has been read. As this would make it ++ * impossible to enforce a total timeout, we only do non-blocking ++ * reads. ++ */ ++ apr_off_t remaining = HUGE_STRING_LEN; ++ do { ++ apr_off_t bblen; + +- rv = ap_get_brigade(f->next, bb, mode, block, readbytes); ++ rv = ap_get_brigade(f->next, bb, AP_MODE_GETLINE, APR_NONBLOCK_READ, remaining); ++ if (APR_STATUS_IS_EAGAIN(rv)) { ++ rv = APR_SUCCESS; ++ } ++ else if (rv != APR_SUCCESS) { ++ break; ++ } + +- if (saved_sock_timeout != -1) { +- apr_socket_timeout_set(ctx->socket, saved_sock_timeout); +- } ++ if (!APR_BRIGADE_EMPTY(bb)) { ++ if (ccfg->min_rate > 0) { ++ extend_timeout(ccfg, bb); ++ } ++ ++ rv = have_lf_or_eos(bb); ++ if (rv != APR_INCOMPLETE) { ++ break; ++ } ++ ++ rv = apr_brigade_length(bb, 1, &bblen); ++ if (rv != APR_SUCCESS) { ++ break; ++ } ++ remaining -= bblen; ++ if (remaining <= 0) { ++ break; ++ } ++ ++ /* Haven't got a whole line yet, save what we have ... */ ++ if (!ccfg->tmpbb) { ++ ccfg->tmpbb = apr_brigade_create(f->c->pool, f->c->bucket_alloc); ++ } ++ APR_BRIGADE_CONCAT(ccfg->tmpbb, bb); ++ } ++ ++ /* ... and wait for more */ ++ rv = apr_wait_for_io_or_timeout(NULL, ccfg->socket, 1); ++ if (rv != APR_SUCCESS) ++ break; ++ ++ rv = check_time_left(ccfg, &time_left); ++ if (rv != APR_SUCCESS) ++ break; ++ ++ rv = apr_socket_timeout_set(ccfg->socket, ++ MIN(time_left, saved_sock_timeout)); ++ AP_DEBUG_ASSERT(rv == APR_SUCCESS); ++ ++ } while (1); ++ ++ if (ccfg->tmpbb) ++ APR_BRIGADE_PREPEND(bb, ccfg->tmpbb); + +- if (ccfg->min_rate > 0 && rv == APR_SUCCESS) { +- extend_timeout(ccfg, bb); + } ++ else { ++ /* mode != AP_MODE_GETLINE */ ++ rv = ap_get_brigade(f->next, bb, mode, block, readbytes); ++ if (ccfg->min_rate > 0 && rv == APR_SUCCESS) { ++ extend_timeout(ccfg, bb); ++ } ++ } ++ ++ apr_socket_timeout_set(ccfg->socket, saved_sock_timeout); + ++out: + if (APR_STATUS_IS_TIMEUP(rv)) { + ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c, + "Request %s read timeout", ccfg->type); ++ /* ++ * If we allow a normal lingering close, the client may keep this ++ * process/thread busy for another 30s (MAX_SECS_TO_LINGER). ++ * Therefore we tell ap_lingering_close() to shorten this period to ++ * 2s (SECONDS_TO_LINGER). ++ */ ++ apr_table_setn(f->c->notes, "short-lingering-close", "1"); + } + return rv; + } + +-static int reqtimeout_pre_conn(conn_rec *c, void *csd) ++static int reqtimeout_init(conn_rec *c) + { +- reqtimeout_ctx *ctx; + reqtimeout_con_cfg *ccfg; + reqtimeout_srv_cfg *cfg; + +@@ -173,12 +273,9 @@ + AP_DEBUG_ASSERT(cfg != NULL); + if (cfg->header_timeout <= 0 && cfg->body_timeout <= 0) { + /* not configured for this vhost */ +- return OK; ++ return DECLINED; + } + +- ctx = apr_pcalloc(c->pool, sizeof(reqtimeout_ctx)); +- ctx->socket = csd; +- + ccfg = apr_pcalloc(c->pool, sizeof(reqtimeout_con_cfg)); + ccfg->new_timeout = cfg->header_timeout; + ccfg->new_max_timeout = cfg->header_max_timeout; +@@ -187,8 +284,9 @@ + ccfg->rate_factor = cfg->header_rate_factor; + ap_set_module_config(c->conn_config, &reqtimeout_module, ccfg); + +- ap_add_input_filter("reqtimeout", ctx, NULL, c); +- return OK; ++ ap_add_input_filter("reqtimeout", ccfg, NULL, c); ++ /* we are not handling the connection, we just do initialization */ ++ return DECLINED; + } + + static int reqtimeout_after_headers(request_rec *r) +@@ -198,7 +296,7 @@ + ap_get_module_config(r->connection->conn_config, &reqtimeout_module); + + if (ccfg == NULL) { +- /* not configured for this vhost */ ++ /* not configured for this connection */ + return OK; + } + +@@ -208,11 +306,13 @@ + + ccfg->timeout_at = 0; + ccfg->max_timeout_at = 0; +- ccfg->new_timeout = cfg->body_timeout; +- ccfg->new_max_timeout = cfg->body_max_timeout; +- ccfg->min_rate = cfg->body_min_rate; +- ccfg->rate_factor = cfg->body_rate_factor; +- ccfg->type = "body"; ++ if (r->method_number != M_CONNECT) { ++ ccfg->new_timeout = cfg->body_timeout; ++ ccfg->new_max_timeout = cfg->body_max_timeout; ++ ccfg->min_rate = cfg->body_min_rate; ++ ccfg->rate_factor = cfg->body_rate_factor; ++ ccfg->type = "body"; ++ } + + return OK; + } +@@ -224,7 +324,7 @@ + ap_get_module_config(r->connection->conn_config, &reqtimeout_module); + + if (ccfg == NULL) { +- /* not configured for this vhost */ ++ /* not configured for this connection */ + return OK; + } + +@@ -406,7 +506,16 @@ + */ + ap_register_input_filter(reqtimeout_filter_name, reqtimeout_filter, NULL, + AP_FTYPE_CONNECTION + 8); +- ap_hook_pre_connection(reqtimeout_pre_conn, NULL, NULL, APR_HOOK_MIDDLE); ++ ++ /* ++ * mod_reqtimeout needs to be called before ap_process_http_request (which ++ * is run at APR_HOOK_REALLY_LAST) but after all other protocol modules. ++ * This ensures that it only influences normal http connections and not ++ * e.g. mod_ftp. Also, if mod_reqtimeout used the pre_connection hook, it ++ * would be inserted on mod_proxy's backend connections. ++ */ ++ ap_hook_process_connection(reqtimeout_init, NULL, NULL, APR_HOOK_LAST); ++ + ap_hook_post_read_request(reqtimeout_after_headers, NULL, NULL, + APR_HOOK_MIDDLE); + ap_hook_log_transaction(reqtimeout_after_body, NULL, NULL, +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' trunk~/server/connection.c trunk/server/connection.c +--- trunk~/server/connection.c 2010-03-29 21:51:42.000000000 +0200 ++++ trunk/server/connection.c 2010-03-29 22:22:07.100030216 +0200 +@@ -154,8 +154,20 @@ + break; + + if (timeup == 0) { +- /* First time through; calculate now + 30 seconds. */ +- timeup = apr_time_now() + apr_time_from_sec(MAX_SECS_TO_LINGER); ++ /* ++ * First time through; ++ * calculate now + 30 seconds (MAX_SECS_TO_LINGER). ++ * ++ * If some module requested a shortened waiting period, only wait for ++ * 2s (SECONDS_TO_LINGER). This is useful for mitigating certain ++ * DoS attacks. ++ */ ++ if (apr_table_get(c->notes, "short-lingering-close")) { ++ timeup = apr_time_now() + apr_time_from_sec(SECONDS_TO_LINGER); ++ } ++ else { ++ timeup = apr_time_now() + apr_time_from_sec(MAX_SECS_TO_LINGER); ++ } + continue; + } + } while (apr_time_now() < timeup); --- apache2-2.2.16.orig/debian/patches/075_mod_rewrite_literal_ipv6_redirect.dpatch +++ apache2-2.2.16/debian/patches/075_mod_rewrite_literal_ipv6_redirect.dpatch @@ -0,0 +1,52 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 075_mod_rewrite_literal_ipv6_redirect.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Add [] to literal ipv6 hosts in URLs (bug #557015) + +@DPATCH@ +diff -urNad trunk~/modules/mappers/mod_rewrite.c trunk/modules/mappers/mod_rewrite.c +--- trunk~/modules/mappers/mod_rewrite.c 2009-07-10 14:20:45.000000000 +0200 ++++ trunk/modules/mappers/mod_rewrite.c 2009-12-06 00:10:57.468047872 +0100 +@@ -833,6 +833,23 @@ + } + + /* ++ * Get the current server name from the request for the purposes ++ * of using in a URL. If the server name is an IPv6 literal ++ * address, it will be returned in URL format (e.g., "[fe80::1]"). ++ */ ++static const char *get_server_name_for_url(request_rec *r) ++{ ++ const char *plain_server_name = ap_get_server_name(r); ++ ++#if APR_HAVE_IPV6 ++ if (ap_strchr_c(plain_server_name, ':')) { /* IPv6 literal? */ ++ return apr_psprintf(r->pool, "[%s]", plain_server_name); ++ } ++#endif ++ return plain_server_name; ++} ++ ++/* + * add 'http[s]://ourhost[:ourport]/' to URI + * if URI is still not fully qualified + */ +@@ -843,7 +860,7 @@ + char *thisport; + int port; + +- thisserver = ap_get_server_name(r); ++ thisserver = get_server_name_for_url(r); + port = ap_get_server_port(r); + thisport = ap_is_default_port(port, r) + ? "" +@@ -4271,7 +4288,7 @@ + */ + + /* add the canonical URI of this URL */ +- thisserver = ap_get_server_name(r); ++ thisserver = get_server_name_for_url(r); + port = ap_get_server_port(r); + if (ap_is_default_port(port, r)) { + thisport = ""; --- apache2-2.2.16.orig/debian/patches/302_CVE-2012-3499_CVE-2012-4558_XSS.dpatch +++ apache2-2.2.16/debian/patches/302_CVE-2012-3499_CVE-2012-4558_XSS.dpatch @@ -0,0 +1,208 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: http://svn.apache.org/viewvc?view=revision&revision=r1447390 +## DP: +## DP: *) SECURITY: CVE-2012-3499 (cve.mitre.org) +## DP: Various XSS flaws due to unescaped hostnames and URIs HTML output in +## DP: mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. +## DP: [Jim Jagielski, Stefan Fritsch, Niels Heinen ] +## DP: +## DP: *) SECURITY: CVE-2012-4558 (cve.mitre.org) +## DP: XSS in mod_proxy_balancer manager interface. [Jim Jagielski, +## DP: Niels Heinen ] +@DPATCH@ +Index: apache2/modules/ldap/util_ldap_cache_mgr.c +=================================================================== +--- apache2.orig/modules/ldap/util_ldap_cache_mgr.c ++++ apache2/modules/ldap/util_ldap_cache_mgr.c +@@ -541,7 +541,7 @@ + if (id) { + buf2 = apr_psprintf(p, + "%s", +- r->uri, ++ ap_escape_html(r->pool, ap_escape_uri(r->pool, r->uri)), + id, + name); + } +Index: apache2/modules/proxy/mod_proxy_balancer.c +=================================================================== +--- apache2.orig/modules/proxy/mod_proxy_balancer.c ++++ apache2/modules/proxy/mod_proxy_balancer.c +@@ -818,7 +818,8 @@ + ap_rputs(DOCTYPE_HTML_3_2 + "Balancer Manager\n", r); + ap_rputs("

Load Balancer Manager for ", r); +- ap_rvputs(r, ap_get_server_name(r), "

\n\n", NULL); ++ ap_rvputs(r, ap_escape_html(r->pool, ap_get_server_name(r)), ++ "\n\n", NULL); + ap_rvputs(r, "

Server Version: ", + ap_get_server_description(), "
Server Built: ", +@@ -853,7 +854,8 @@ + worker = (proxy_worker *)balancer->workers->elts; + for (n = 0; n < balancer->workers->nelts; n++) { + char fbuf[50]; +- ap_rvputs(r, "\nuri, "?b=", ++ ap_rvputs(r, "\n pool, r->uri), "?b=", + balancer->name + sizeof("balancer://") - 1, "&w=", + ap_escape_uri(r->pool, worker->name), + "&nonce=", balancer_nonce, +@@ -894,7 +896,7 @@ + ap_rputs("
Edit worker settings for ", r); + ap_rvputs(r, wsel->name, "
\n", NULL); + ap_rvputs(r, "
uri, "\">\n
", NULL); ++ ap_rvputs(r, ap_escape_uri(r->pool, r->uri), "\">\n
", NULL); + ap_rputs("\n", wsel->s->lbfactor); + ap_rputs("
Load factor:
LB Set: \n" + " \n
Directory of " + "%s/%s", +- site, basedir, escpath, site, basedir, escpath, site, str); ++ ap_escape_html(p, site), basedir, escpath, ++ ap_escape_uri(p, site), basedir, escpath, ++ ap_escape_uri(p, site), str); + + APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str, strlen(str), + p, c->bucket_alloc)); +Index: apache2/modules/mappers/mod_imagemap.c +=================================================================== +--- apache2.orig/modules/mappers/mod_imagemap.c ++++ apache2/modules/mappers/mod_imagemap.c +@@ -320,7 +320,7 @@ + /* + * returns the mapped URL or NULL. + */ +-static char *imap_url(request_rec *r, const char *base, const char *value) ++static const char *imap_url(request_rec *r, const char *base, const char *value) + { + /* translates a value into a URL. */ + int slen, clen; +@@ -342,7 +342,7 @@ + if (!strcasecmp(value, "referer")) { + referer = apr_table_get(r->headers_in, "Referer"); + if (referer && *referer) { +- return ap_escape_html(r->pool, referer); ++ return referer; + } + else { + /* XXX: This used to do *value = '\0'; ... which is totally bogus +@@ -459,7 +459,7 @@ + return my_base; + } + +-static int imap_reply(request_rec *r, char *redirect) ++static int imap_reply(request_rec *r, const char *redirect) + { + if (!strcasecmp(redirect, "error")) { + /* they actually requested an error! */ +@@ -523,42 +523,52 @@ + 'formatted' form */ + } + +-static void menu_default(request_rec *r, char *menu, char *href, char *text) ++static void menu_default(request_rec *r, const char *menu, const char *href, const char *text) + { ++ char *ehref, *etext; + if (!strcasecmp(href, "error") || !strcasecmp(href, "nocontent")) { + return; /* don't print such lines, these aren't + really href's */ + } ++ ++ ehref = ap_escape_uri(r->pool, href); ++ etext = ap_escape_html(r->pool, text); ++ + if (!strcasecmp(menu, "formatted")) { +- ap_rvputs(r, "
(Default) ", text, ++ ap_rvputs(r, "
(Default) ", etext, + "
\n", NULL); + } + if (!strcasecmp(menu, "semiformatted")) { +- ap_rvputs(r, "
(Default) ", text, ++ ap_rvputs(r, "
(Default) ", etext, + "
\n", NULL); + } + if (!strcasecmp(menu, "unformatted")) { +- ap_rvputs(r, "", text, "", NULL); ++ ap_rvputs(r, "", etext, "", NULL); + } + return; + } + +-static void menu_directive(request_rec *r, char *menu, char *href, char *text) ++static void menu_directive(request_rec *r, const char *menu, const char *href, const char *text) + { ++ char *ehref, *etext; + if (!strcasecmp(href, "error") || !strcasecmp(href, "nocontent")) { + return; /* don't print such lines, as this isn't + really an href */ + } ++ ++ ehref = ap_escape_uri(r->pool, href); ++ etext = ap_escape_html(r->pool, text); ++ + if (!strcasecmp(menu, "formatted")) { +- ap_rvputs(r, "
", text, ++ ap_rvputs(r, "
", etext, + "
\n", NULL); + } + if (!strcasecmp(menu, "semiformatted")) { +- ap_rvputs(r, "
", text, ++ ap_rvputs(r, "
", etext, + "
\n", NULL); + } + if (!strcasecmp(menu, "unformatted")) { +- ap_rvputs(r, "", text, "", NULL); ++ ap_rvputs(r, "", etext, "", NULL); + } + return; + } +@@ -574,9 +584,9 @@ + char *directive; + char *value; + char *href_text; +- char *base; +- char *redirect; +- char *mapdflt; ++ const char *base; ++ const char *redirect; ++ const char *mapdflt; + char *closest = NULL; + double closest_yet = -1; + apr_status_t status; +Index: apache2/modules/generators/mod_status.c +=================================================================== +--- apache2.orig/modules/generators/mod_status.c ++++ apache2/modules/generators/mod_status.c +@@ -409,7 +409,8 @@ + "\nApache Status\n\n", + r); + ap_rputs("
Apache Server Status for ", r); +- ap_rvputs(r, ap_get_server_name(r), "
\n\n", NULL); ++ ap_rvputs(r, ap_escape_html(r->pool, ap_get_server_name(r)), ++ "
\n\n", NULL); + ap_rvputs(r, "
Server Version: ", + ap_get_server_description(), "
\n", NULL); + ap_rvputs(r, "
Server Built: ", +Index: apache2/modules/generators/mod_info.c +=================================================================== +--- apache2.orig/modules/generators/mod_info.c ++++ apache2/modules/generators/mod_info.c +@@ -371,7 +371,8 @@ + MODULE_MAGIC_NUMBER_MINOR); + ap_rprintf(r, + "
Hostname/port: " +- "%s:%u
\n", ap_get_server_name(r), ++ "%s:%u\n", ++ ap_escape_html(r->pool, ap_get_server_name(r)), + ap_get_server_port(r)); + ap_rprintf(r, + "
Timeouts: " --- apache2-2.2.16.orig/debian/patches/057_disablemods.dpatch +++ apache2-2.2.16/debian/patches/057_disablemods.dpatch @@ -0,0 +1,62 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## Stolen from the fedora package +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Support "--enable-modules=none" to build an httpd binary with +## DP: no optional modules enabled. + +@DPATCH@ +diff -urNad trunk~/acinclude.m4 trunk/acinclude.m4 +--- trunk~/acinclude.m4 2005-11-13 07:33:15.000000000 +0100 ++++ trunk/acinclude.m4 2008-03-14 01:28:42.379287995 +0100 +@@ -289,14 +289,19 @@ + + AC_ARG_ENABLE(modules, + APACHE_HELP_STRING(--enable-modules=MODULE-LIST,Space-separated list of modules to enable | "all" | "most"),[ +- for i in $enableval; do +- if test "$i" = "all" -o "$i" = "most"; then +- module_selection=$i +- else +- i=`echo $i | sed 's/-/_/g'` +- eval "enable_$i=yes" +- fi +- done ++ if test "$enableval" = "none"; then ++ module_default=no ++ module_selection=none ++ else ++ for i in $enableval; do ++ if test "$i" = "all" -o "$i" = "most"; then ++ module_selection=$i ++ else ++ i=`echo $i | sed 's/-/_/g'` ++ eval "enable_$i=yes" ++ fi ++ done ++ fi + ]) + + AC_ARG_ENABLE(mods-shared, +diff -urNad trunk~/configure trunk/configure +--- trunk~/configure 2008-01-10 17:54:40.000000000 +0100 ++++ trunk/configure 2008-03-14 01:31:55.675287371 +0100 +@@ -8106,6 +8106,10 @@ + # Check whether --enable-modules was given. + if test "${enable_modules+set}" = set; then + enableval=$enable_modules; ++ if test "$enableval" = "none"; then ++ module_default=no ++ module_selection=none ++ else + for i in $enableval; do + if test "$i" = "all" -o "$i" = "most"; then + module_selection=$i +@@ -8114,7 +8118,7 @@ + eval "enable_$i=yes" + fi + done +- ++ fi + fi + + --- apache2-2.2.16.orig/debian/patches/304_CVE-2013-1896.dpatch +++ apache2-2.2.16/debian/patches/304_CVE-2013-1896.dpatch @@ -0,0 +1,35 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# +## DP: http://svn.apache.org/r1497101 +## DP: http://svn.apache.org/r1497212 +# +@DPATCH@ +Index: apache2/modules/dav/main/mod_dav.c +=================================================================== +--- apache2.orig/modules/dav/main/mod_dav.c ++++ apache2/modules/dav/main/mod_dav.c +@@ -719,6 +719,12 @@ + + conf = ap_get_module_config(r->per_dir_config, &dav_module); + /* assert: conf->provider != NULL */ ++ if (conf->provider == NULL) { ++ return dav_new_error(r->pool, HTTP_METHOD_NOT_ALLOWED, 0, ++ apr_psprintf(r->pool, ++ "DAV not enabled for %s", ++ ap_escape_html(r->pool, r->uri))); ++ } + + /* resolve the resource */ + err = (*conf->provider->repos->get_resource)(r, conf->dir, +@@ -2655,11 +2661,6 @@ + "Destination URI had an error."); + } + +- if (dav_get_provider(lookup.rnew) == NULL) { +- return dav_error_response(r, HTTP_METHOD_NOT_ALLOWED, +- "DAV not enabled for Destination URI."); +- } +- + /* Resolve destination resource */ + err = dav_get_resource(lookup.rnew, 0 /* label_allowed */, + 0 /* use_checked_in */, &resnew); --- apache2-2.2.16.orig/debian/patches/083_mod_ssl_memcpy.dpatch +++ apache2-2.2.16/debian/patches/083_mod_ssl_memcpy.dpatch @@ -0,0 +1,29 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 082_mod_ssl_memcpy.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Use memmove for overlapping buffers +## DP: http://issues.apache.org/bugzilla/show_bug.cgi?id=45444 +## DP: http://svn.apache.org/viewvc?rev=683280&view=rev +## DP: LP: https://bugs.launchpad.net/bugs/609290 + +@DPATCH@ +diff -urNad trunk~/modules/ssl/ssl_engine_io.c trunk/modules/ssl/ssl_engine_io.c +--- trunk~/modules/ssl/ssl_engine_io.c 2010-03-01 22:27:17.000000000 +0100 ++++ trunk/modules/ssl/ssl_engine_io.c 2010-07-24 21:26:55.763976033 +0200 +@@ -352,13 +352,13 @@ + + if (buffer->length > inl) { + /* we have have enough to fill the caller's buffer */ +- memcpy(in, buffer->value, inl); ++ memmove(in, buffer->value, inl); + buffer->value += inl; + buffer->length -= inl; + } + else { + /* swallow remainder of the buffer */ +- memcpy(in, buffer->value, buffer->length); ++ memmove(in, buffer->value, buffer->length); + inl = buffer->length; + buffer->value = NULL; + buffer->length = 0; --- apache2-2.2.16.orig/debian/patches/084_mod_reqtimeout_CVE-2010-1623.dpatch +++ apache2-2.2.16/debian/patches/084_mod_reqtimeout_CVE-2010-1623.dpatch @@ -0,0 +1,63 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## DP: Our version of mod_reqtimeout has all fixes from trunk. +## DP: Therefore backport the fix for CVE-2010-1623, too. +## DP: Upstream commit r1003626. +@DPATCH@ +diff --git a/modules/filters/mod_reqtimeout.c b/modules/filters/mod_reqtimeout.c +index b0de997..adc4def 100644 +--- a/modules/filters/mod_reqtimeout.c ++++ b/modules/filters/mod_reqtimeout.c +@@ -115,6 +115,41 @@ static apr_status_t have_lf_or_eos(apr_bucket_brigade *bb) + return APR_INCOMPLETE; + } + ++/* ++ * Append bbIn to bbOut and merge small buckets, to avoid DoS by high memory ++ * usage ++ */ ++static apr_status_t brigade_append(apr_bucket_brigade *bbOut, apr_bucket_brigade *bbIn) ++{ ++ while (!APR_BRIGADE_EMPTY(bbIn)) { ++ apr_bucket *e = APR_BRIGADE_FIRST(bbIn); ++ const char *str; ++ apr_size_t len; ++ apr_status_t rv; ++ ++ rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ); ++ if (rv != APR_SUCCESS) { ++ return rv; ++ } ++ ++ APR_BUCKET_REMOVE(e); ++ if (APR_BUCKET_IS_METADATA(e) || len > APR_BUCKET_BUFF_SIZE/4) { ++ APR_BRIGADE_INSERT_TAIL(bbOut, e); ++ } ++ else { ++ if (len > 0) { ++ rv = apr_brigade_write(bbOut, NULL, NULL, str, len); ++ if (rv != APR_SUCCESS) { ++ apr_bucket_destroy(e); ++ return rv; ++ } ++ } ++ apr_bucket_destroy(e); ++ } ++ } ++ return APR_SUCCESS; ++} ++ + + #define MIN(x,y) ((x) < (y) ? (x) : (y)) + static apr_status_t reqtimeout_filter(ap_filter_t *f, +@@ -217,7 +252,9 @@ static apr_status_t reqtimeout_filter(ap_filter_t *f, + if (!ccfg->tmpbb) { + ccfg->tmpbb = apr_brigade_create(f->c->pool, f->c->bucket_alloc); + } +- APR_BRIGADE_CONCAT(ccfg->tmpbb, bb); ++ rv = brigade_append(ccfg->tmpbb, bb); ++ if (rv != APR_SUCCESS) ++ break; + } + + /* ... and wait for more */ --- apache2-2.2.16.orig/debian/patches/099_config_guess_sub_update.dpatch +++ apache2-2.2.16/debian/patches/099_config_guess_sub_update.dpatch @@ -0,0 +1,3123 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 099_config_guess_sub_update.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad apache2-2.2.3~/config.guess apache2-2.2.3/config.guess +--- apache2-2.2.3~/config.guess 1970-01-01 01:00:00.000000000 +0100 ++++ apache2-2.2.3/config.guess 2006-09-27 21:50:35.000000000 +0200 +@@ -0,0 +1,1500 @@ ++#! /bin/sh ++# Attempt to guess a canonical system name. ++# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, ++# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, ++# Inc. ++ ++timestamp='2006-07-02' ++ ++# This file is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA ++# 02110-1301, USA. ++# ++# As a special exception to the GNU General Public License, if you ++# distribute this file as part of a program that contains a ++# configuration script generated by Autoconf, you may include it under ++# the same distribution terms that you use for the rest of that program. ++ ++ ++# Originally written by Per Bothner . ++# Please send patches to . Submit a context ++# diff and a properly formatted ChangeLog entry. ++# ++# This script attempts to guess a canonical system name similar to ++# config.sub. If it succeeds, it prints the system name on stdout, and ++# exits with 0. Otherwise, it exits with 1. ++# ++# The plan is that this can be called by configure scripts if you ++# don't specify an explicit build system type. ++ ++me=`echo "$0" | sed -e 's,.*/,,'` ++ ++usage="\ ++Usage: $0 [OPTION] ++ ++Output the configuration name of the system \`$me' is run on. ++ ++Operation modes: ++ -h, --help print this help, then exit ++ -t, --time-stamp print date of last modification, then exit ++ -v, --version print version number, then exit ++ ++Report bugs and patches to ." ++ ++version="\ ++GNU config.guess ($timestamp) ++ ++Originally written by Per Bothner. ++Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 ++Free Software Foundation, Inc. ++ ++This is free software; see the source for copying conditions. There is NO ++warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." ++ ++help=" ++Try \`$me --help' for more information." ++ ++# Parse command line ++while test $# -gt 0 ; do ++ case $1 in ++ --time-stamp | --time* | -t ) ++ echo "$timestamp" ; exit ;; ++ --version | -v ) ++ echo "$version" ; exit ;; ++ --help | --h* | -h ) ++ echo "$usage"; exit ;; ++ -- ) # Stop option processing ++ shift; break ;; ++ - ) # Use stdin as input. ++ break ;; ++ -* ) ++ echo "$me: invalid option $1$help" >&2 ++ exit 1 ;; ++ * ) ++ break ;; ++ esac ++done ++ ++if test $# != 0; then ++ echo "$me: too many arguments$help" >&2 ++ exit 1 ++fi ++ ++trap 'exit 1' 1 2 15 ++ ++# CC_FOR_BUILD -- compiler used by this script. Note that the use of a ++# compiler to aid in system detection is discouraged as it requires ++# temporary files to be created and, as you can see below, it is a ++# headache to deal with in a portable fashion. ++ ++# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still ++# use `HOST_CC' if defined, but it is deprecated. ++ ++# Portable tmp directory creation inspired by the Autoconf team. ++ ++set_cc_for_build=' ++trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; ++trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; ++: ${TMPDIR=/tmp} ; ++ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || ++ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || ++ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || ++ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; ++dummy=$tmp/dummy ; ++tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; ++case $CC_FOR_BUILD,$HOST_CC,$CC in ++ ,,) echo "int x;" > $dummy.c ; ++ for c in cc gcc c89 c99 ; do ++ if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then ++ CC_FOR_BUILD="$c"; break ; ++ fi ; ++ done ; ++ if test x"$CC_FOR_BUILD" = x ; then ++ CC_FOR_BUILD=no_compiler_found ; ++ fi ++ ;; ++ ,,*) CC_FOR_BUILD=$CC ;; ++ ,*,*) CC_FOR_BUILD=$HOST_CC ;; ++esac ; set_cc_for_build= ;' ++ ++# This is needed to find uname on a Pyramid OSx when run in the BSD universe. ++# (ghazi@noc.rutgers.edu 1994-08-24) ++if (test -f /.attbin/uname) >/dev/null 2>&1 ; then ++ PATH=$PATH:/.attbin ; export PATH ++fi ++ ++UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown ++UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown ++UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown ++UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown ++ ++# Note: order is significant - the case branches are not exclusive. ++ ++case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in ++ *:NetBSD:*:*) ++ # NetBSD (nbsd) targets should (where applicable) match one or ++ # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, ++ # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently ++ # switched to ELF, *-*-netbsd* would select the old ++ # object file format. This provides both forward ++ # compatibility and a consistent mechanism for selecting the ++ # object file format. ++ # ++ # Note: NetBSD doesn't particularly care about the vendor ++ # portion of the name. We always set it to "unknown". ++ sysctl="sysctl -n hw.machine_arch" ++ UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ ++ /usr/sbin/$sysctl 2>/dev/null || echo unknown)` ++ case "${UNAME_MACHINE_ARCH}" in ++ armeb) machine=armeb-unknown ;; ++ arm*) machine=arm-unknown ;; ++ sh3el) machine=shl-unknown ;; ++ sh3eb) machine=sh-unknown ;; ++ *) machine=${UNAME_MACHINE_ARCH}-unknown ;; ++ esac ++ # The Operating System including object format, if it has switched ++ # to ELF recently, or will in the future. ++ case "${UNAME_MACHINE_ARCH}" in ++ arm*|i386|m68k|ns32k|sh3*|sparc|vax) ++ eval $set_cc_for_build ++ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ ++ | grep __ELF__ >/dev/null ++ then ++ # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). ++ # Return netbsd for either. FIX? ++ os=netbsd ++ else ++ os=netbsdelf ++ fi ++ ;; ++ *) ++ os=netbsd ++ ;; ++ esac ++ # The OS release ++ # Debian GNU/NetBSD machines have a different userland, and ++ # thus, need a distinct triplet. However, they do not need ++ # kernel version information, so it can be replaced with a ++ # suitable tag, in the style of linux-gnu. ++ case "${UNAME_VERSION}" in ++ Debian*) ++ release='-gnu' ++ ;; ++ *) ++ release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ++ ;; ++ esac ++ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: ++ # contains redundant information, the shorter form: ++ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. ++ echo "${machine}-${os}${release}" ++ exit ;; ++ *:OpenBSD:*:*) ++ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` ++ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} ++ exit ;; ++ *:ekkoBSD:*:*) ++ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} ++ exit ;; ++ *:SolidBSD:*:*) ++ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} ++ exit ;; ++ macppc:MirBSD:*:*) ++ echo powerpc-unknown-mirbsd${UNAME_RELEASE} ++ exit ;; ++ *:MirBSD:*:*) ++ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} ++ exit ;; ++ alpha:OSF1:*:*) ++ case $UNAME_RELEASE in ++ *4.0) ++ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ++ ;; ++ *5.*) ++ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ++ ;; ++ esac ++ # According to Compaq, /usr/sbin/psrinfo has been available on ++ # OSF/1 and Tru64 systems produced since 1995. I hope that ++ # covers most systems running today. This code pipes the CPU ++ # types through head -n 1, so we only detect the type of CPU 0. ++ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha $.*$ processor.*$/\1/p' | head -n 1` ++ case "$ALPHA_CPU_TYPE" in ++ "EV4 (21064)") ++ UNAME_MACHINE="alpha" ;; ++ "EV4.5 (21064)") ++ UNAME_MACHINE="alpha" ;; ++ "LCA4 (21066/21068)") ++ UNAME_MACHINE="alpha" ;; ++ "EV5 (21164)") ++ UNAME_MACHINE="alphaev5" ;; ++ "EV5.6 (21164A)") ++ UNAME_MACHINE="alphaev56" ;; ++ "EV5.6 (21164PC)") ++ UNAME_MACHINE="alphapca56" ;; ++ "EV5.7 (21164PC)") ++ UNAME_MACHINE="alphapca57" ;; ++ "EV6 (21264)") ++ UNAME_MACHINE="alphaev6" ;; ++ "EV6.7 (21264A)") ++ UNAME_MACHINE="alphaev67" ;; ++ "EV6.8CB (21264C)") ++ UNAME_MACHINE="alphaev68" ;; ++ "EV6.8AL (21264B)") ++ UNAME_MACHINE="alphaev68" ;; ++ "EV6.8CX (21264D)") ++ UNAME_MACHINE="alphaev68" ;; ++ "EV6.9A (21264/EV69A)") ++ UNAME_MACHINE="alphaev69" ;; ++ "EV7 (21364)") ++ UNAME_MACHINE="alphaev7" ;; ++ "EV7.9 (21364A)") ++ UNAME_MACHINE="alphaev79" ;; ++ esac ++ # A Pn.n version is a patched version. ++ # A Vn.n version is a released version. ++ # A Tn.n version is a released field test version. ++ # A Xn.n version is an unreleased experimental baselevel. ++ # 1.2 uses "1.2" for uname -r. ++ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` ++ exit ;; ++ Alpha\ *:Windows_NT*:*) ++ # How do we know it's Interix rather than the generic POSIX subsystem? ++ # Should we change UNAME_MACHINE based on the output of uname instead ++ # of the specific Alpha model? ++ echo alpha-pc-interix ++ exit ;; ++ 21064:Windows_NT:50:3) ++ echo alpha-dec-winnt3.5 ++ exit ;; ++ Amiga*:UNIX_System_V:4.0:*) ++ echo m68k-unknown-sysv4 ++ exit ;; ++ *:[Aa]miga[Oo][Ss]:*:*) ++ echo ${UNAME_MACHINE}-unknown-amigaos ++ exit ;; ++ *:[Mm]orph[Oo][Ss]:*:*) ++ echo ${UNAME_MACHINE}-unknown-morphos ++ exit ;; ++ *:OS/390:*:*) ++ echo i370-ibm-openedition ++ exit ;; ++ *:z/VM:*:*) ++ echo s390-ibm-zvmoe ++ exit ;; ++ *:OS400:*:*) ++ echo powerpc-ibm-os400 ++ exit ;; ++ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) ++ echo arm-acorn-riscix${UNAME_RELEASE} ++ exit ;; ++ arm:riscos:*:*|arm:RISCOS:*:*) ++ echo arm-unknown-riscos ++ exit ;; ++ SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) ++ echo hppa1.1-hitachi-hiuxmpp ++ exit ;; ++ Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) ++ # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. ++ if test "`(/bin/universe) 2>/dev/null`" = att ; then ++ echo pyramid-pyramid-sysv3 ++ else ++ echo pyramid-pyramid-bsd ++ fi ++ exit ;; ++ NILE*:*:*:dcosx) ++ echo pyramid-pyramid-svr4 ++ exit ;; ++ DRS?6000:unix:4.0:6*) ++ echo sparc-icl-nx6 ++ exit ;; ++ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) ++ case `/usr/bin/uname -p` in ++ sparc) echo sparc-icl-nx7; exit ;; ++ esac ;; ++ sun4H:SunOS:5.*:*) ++ echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` ++ exit ;; ++ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) ++ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` ++ exit ;; ++ i86pc:SunOS:5.*:*) ++ echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` ++ exit ;; ++ sun4*:SunOS:6*:*) ++ # According to config.sub, this is the proper way to canonicalize ++ # SunOS6. Hard to guess exactly what SunOS6 will be like, but ++ # it's likely to be more like Solaris than SunOS4. ++ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` ++ exit ;; ++ sun4*:SunOS:*:*) ++ case "`/usr/bin/arch -k`" in ++ Series*|S4*) ++ UNAME_RELEASE=`uname -v` ++ ;; ++ esac ++ # Japanese Language versions have a version number like `4.1.3-JL'. ++ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` ++ exit ;; ++ sun3*:SunOS:*:*) ++ echo m68k-sun-sunos${UNAME_RELEASE} ++ exit ;; ++ sun*:*:4.2BSD:*) ++ UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` ++ test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 ++ case "`/bin/arch`" in ++ sun3) ++ echo m68k-sun-sunos${UNAME_RELEASE} ++ ;; ++ sun4) ++ echo sparc-sun-sunos${UNAME_RELEASE} ++ ;; ++ esac ++ exit ;; ++ aushp:SunOS:*:*) ++ echo sparc-auspex-sunos${UNAME_RELEASE} ++ exit ;; ++ # The situation for MiNT is a little confusing. The machine name ++ # can be virtually everything (everything which is not ++ # "atarist" or "atariste" at least should have a processor ++ # > m68000). The system name ranges from "MiNT" over "FreeMiNT" ++ # to the lowercase version "mint" (or "freemint"). Finally ++ # the system name "TOS" denotes a system which is actually not ++ # MiNT. But MiNT is downward compatible to TOS, so this should ++ # be no problem. ++ atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) ++ echo m68k-atari-mint${UNAME_RELEASE} ++ exit ;; ++ atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) ++ echo m68k-atari-mint${UNAME_RELEASE} ++ exit ;; ++ *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) ++ echo m68k-atari-mint${UNAME_RELEASE} ++ exit ;; ++ milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) ++ echo m68k-milan-mint${UNAME_RELEASE} ++ exit ;; ++ hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) ++ echo m68k-hades-mint${UNAME_RELEASE} ++ exit ;; ++ *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) ++ echo m68k-unknown-mint${UNAME_RELEASE} ++ exit ;; ++ m68k:machten:*:*) ++ echo m68k-apple-machten${UNAME_RELEASE} ++ exit ;; ++ powerpc:machten:*:*) ++ echo powerpc-apple-machten${UNAME_RELEASE} ++ exit ;; ++ RISC*:Mach:*:*) ++ echo mips-dec-mach_bsd4.3 ++ exit ;; ++ RISC*:ULTRIX:*:*) ++ echo mips-dec-ultrix${UNAME_RELEASE} ++ exit ;; ++ VAX*:ULTRIX*:*:*) ++ echo vax-dec-ultrix${UNAME_RELEASE} ++ exit ;; ++ 2020:CLIX:*:* | 2430:CLIX:*:*) ++ echo clipper-intergraph-clix${UNAME_RELEASE} ++ exit ;; ++ mips:*:*:UMIPS | mips:*:*:RISCos) ++ eval $set_cc_for_build ++ sed 's/^ //' << EOF >$dummy.c ++#ifdef __cplusplus ++#include /* for printf() prototype */ ++ int main (int argc, char *argv[]) { ++#else ++ int main (argc, argv) int argc; char *argv[]; { ++#endif ++ #if defined (host_mips) && defined (MIPSEB) ++ #if defined (SYSTYPE_SYSV) ++ printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); ++ #endif ++ #if defined (SYSTYPE_SVR4) ++ printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); ++ #endif ++ #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) ++ printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); ++ #endif ++ #endif ++ exit (-1); ++ } ++EOF ++ $CC_FOR_BUILD -o $dummy $dummy.c && ++ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/$[0-9]*$.*/\1/p'` && ++ SYSTEM_NAME=`$dummy $dummyarg` && ++ { echo "$SYSTEM_NAME"; exit; } ++ echo mips-mips-riscos${UNAME_RELEASE} ++ exit ;; ++ Motorola:PowerMAX_OS:*:*) ++ echo powerpc-motorola-powermax ++ exit ;; ++ Motorola:*:4.3:PL8-*) ++ echo powerpc-harris-powermax ++ exit ;; ++ Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) ++ echo powerpc-harris-powermax ++ exit ;; ++ Night_Hawk:Power_UNIX:*:*) ++ echo powerpc-harris-powerunix ++ exit ;; ++ m88k:CX/UX:7*:*) ++ echo m88k-harris-cxux7 ++ exit ;; ++ m88k:*:4*:R4*) ++ echo m88k-motorola-sysv4 ++ exit ;; ++ m88k:*:3*:R3*) ++ echo m88k-motorola-sysv3 ++ exit ;; ++ AViiON:dgux:*:*) ++ # DG/UX returns AViiON for all architectures ++ UNAME_PROCESSOR=`/usr/bin/uname -p` ++ if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] ++ then ++ if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ ++ [ ${TARGET_BINARY_INTERFACE}x = x ] ++ then ++ echo m88k-dg-dgux${UNAME_RELEASE} ++ else ++ echo m88k-dg-dguxbcs${UNAME_RELEASE} ++ fi ++ else ++ echo i586-dg-dgux${UNAME_RELEASE} ++ fi ++ exit ;; ++ M88*:DolphinOS:*:*) # DolphinOS (SVR3) ++ echo m88k-dolphin-sysv3 ++ exit ;; ++ M88*:*:R3*:*) ++ # Delta 88k system running SVR3 ++ echo m88k-motorola-sysv3 ++ exit ;; ++ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) ++ echo m88k-tektronix-sysv3 ++ exit ;; ++ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) ++ echo m68k-tektronix-bsd ++ exit ;; ++ *:IRIX*:*:*) ++ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` ++ exit ;; ++ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. ++ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id ++ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' ++ i*86:AIX:*:*) ++ echo i386-ibm-aix ++ exit ;; ++ ia64:AIX:*:*) ++ if [ -x /usr/bin/oslevel ] ; then ++ IBM_REV=`/usr/bin/oslevel` ++ else ++ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} ++ fi ++ echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} ++ exit ;; ++ *:AIX:2:3) ++ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then ++ eval $set_cc_for_build ++ sed 's/^ //' << EOF >$dummy.c ++ #include ++ ++ main() ++ { ++ if (!__power_pc()) ++ exit(1); ++ puts("powerpc-ibm-aix3.2.5"); ++ exit(0); ++ } ++EOF ++ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` ++ then ++ echo "$SYSTEM_NAME" ++ else ++ echo rs6000-ibm-aix3.2.5 ++ fi ++ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then ++ echo rs6000-ibm-aix3.2.4 ++ else ++ echo rs6000-ibm-aix3.2 ++ fi ++ exit ;; ++ *:AIX:*:[45]) ++ IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` ++ if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then ++ IBM_ARCH=rs6000 ++ else ++ IBM_ARCH=powerpc ++ fi ++ if [ -x /usr/bin/oslevel ] ; then ++ IBM_REV=`/usr/bin/oslevel` ++ else ++ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} ++ fi ++ echo ${IBM_ARCH}-ibm-aix${IBM_REV} ++ exit ;; ++ *:AIX:*:*) ++ echo rs6000-ibm-aix ++ exit ;; ++ ibmrt:4.4BSD:*|romp-ibm:BSD:*) ++ echo romp-ibm-bsd4.4 ++ exit ;; ++ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and ++ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to ++ exit ;; # report: romp-ibm BSD 4.3 ++ *:BOSX:*:*) ++ echo rs6000-bull-bosx ++ exit ;; ++ DPX/2?00:B.O.S.:*:*) ++ echo m68k-bull-sysv3 ++ exit ;; ++ 9000/[34]??:4.3bsd:1.*:*) ++ echo m68k-hp-bsd ++ exit ;; ++ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) ++ echo m68k-hp-bsd4.4 ++ exit ;; ++ 9000/[34678]??:HP-UX:*:*) ++ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` ++ case "${UNAME_MACHINE}" in ++ 9000/31? ) HP_ARCH=m68000 ;; ++ 9000/[34]?? ) HP_ARCH=m68k ;; ++ 9000/[678][0-9][0-9]) ++ if [ -x /usr/bin/getconf ]; then ++ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` ++ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` ++ case "${sc_cpu_version}" in ++ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 ++ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 ++ 532) # CPU_PA_RISC2_0 ++ case "${sc_kernel_bits}" in ++ 32) HP_ARCH="hppa2.0n" ;; ++ 64) HP_ARCH="hppa2.0w" ;; ++ '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 ++ esac ;; ++ esac ++ fi ++ if [ "${HP_ARCH}" = "" ]; then ++ eval $set_cc_for_build ++ sed 's/^ //' << EOF >$dummy.c ++ ++ #define _HPUX_SOURCE ++ #include ++ #include ++ ++ int main () ++ { ++ #if defined(_SC_KERNEL_BITS) ++ long bits = sysconf(_SC_KERNEL_BITS); ++ #endif ++ long cpu = sysconf (_SC_CPU_VERSION); ++ ++ switch (cpu) ++ { ++ case CPU_PA_RISC1_0: puts ("hppa1.0"); break; ++ case CPU_PA_RISC1_1: puts ("hppa1.1"); break; ++ case CPU_PA_RISC2_0: ++ #if defined(_SC_KERNEL_BITS) ++ switch (bits) ++ { ++ case 64: puts ("hppa2.0w"); break; ++ case 32: puts ("hppa2.0n"); break; ++ default: puts ("hppa2.0"); break; ++ } break; ++ #else /* !defined(_SC_KERNEL_BITS) */ ++ puts ("hppa2.0"); break; ++ #endif ++ default: puts ("hppa1.0"); break; ++ } ++ exit (0); ++ } ++EOF ++ (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` ++ test -z "$HP_ARCH" && HP_ARCH=hppa ++ fi ;; ++ esac ++ if [ ${HP_ARCH} = "hppa2.0w" ] ++ then ++ eval $set_cc_for_build ++ ++ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating ++ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler ++ # generating 64-bit code. GNU and HP use different nomenclature: ++ # ++ # $ CC_FOR_BUILD=cc ./config.guess ++ # => hppa2.0w-hp-hpux11.23 ++ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess ++ # => hppa64-hp-hpux11.23 ++ ++ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | ++ grep __LP64__ >/dev/null ++ then ++ HP_ARCH="hppa2.0w" ++ else ++ HP_ARCH="hppa64" ++ fi ++ fi ++ echo ${HP_ARCH}-hp-hpux${HPUX_REV} ++ exit ;; ++ ia64:HP-UX:*:*) ++ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` ++ echo ia64-hp-hpux${HPUX_REV} ++ exit ;; ++ 3050*:HI-UX:*:*) ++ eval $set_cc_for_build ++ sed 's/^ //' << EOF >$dummy.c ++ #include ++ int ++ main () ++ { ++ long cpu = sysconf (_SC_CPU_VERSION); ++ /* The order matters, because CPU_IS_HP_MC68K erroneously returns ++ true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct ++ results, however. */ ++ if (CPU_IS_PA_RISC (cpu)) ++ { ++ switch (cpu) ++ { ++ case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; ++ case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; ++ case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; ++ default: puts ("hppa-hitachi-hiuxwe2"); break; ++ } ++ } ++ else if (CPU_IS_HP_MC68K (cpu)) ++ puts ("m68k-hitachi-hiuxwe2"); ++ else puts ("unknown-hitachi-hiuxwe2"); ++ exit (0); ++ } ++EOF ++ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && ++ { echo "$SYSTEM_NAME"; exit; } ++ echo unknown-hitachi-hiuxwe2 ++ exit ;; ++ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) ++ echo hppa1.1-hp-bsd ++ exit ;; ++ 9000/8??:4.3bsd:*:*) ++ echo hppa1.0-hp-bsd ++ exit ;; ++ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) ++ echo hppa1.0-hp-mpeix ++ exit ;; ++ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) ++ echo hppa1.1-hp-osf ++ exit ;; ++ hp8??:OSF1:*:*) ++ echo hppa1.0-hp-osf ++ exit ;; ++ i*86:OSF1:*:*) ++ if [ -x /usr/sbin/sysversion ] ; then ++ echo ${UNAME_MACHINE}-unknown-osf1mk ++ else ++ echo ${UNAME_MACHINE}-unknown-osf1 ++ fi ++ exit ;; ++ parisc*:Lites*:*:*) ++ echo hppa1.1-hp-lites ++ exit ;; ++ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) ++ echo c1-convex-bsd ++ exit ;; ++ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) ++ if getsysinfo -f scalar_acc ++ then echo c32-convex-bsd ++ else echo c2-convex-bsd ++ fi ++ exit ;; ++ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) ++ echo c34-convex-bsd ++ exit ;; ++ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) ++ echo c38-convex-bsd ++ exit ;; ++ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) ++ echo c4-convex-bsd ++ exit ;; ++ CRAY*Y-MP:*:*:*) ++ echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' ++ exit ;; ++ CRAY*[A-Z]90:*:*:*) ++ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ ++ | sed -e 's/CRAY.*$[A-Z]90$/\1/' \ ++ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ ++ -e 's/\.[^.]*$/.X/' ++ exit ;; ++ CRAY*TS:*:*:*) ++ echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' ++ exit ;; ++ CRAY*T3E:*:*:*) ++ echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' ++ exit ;; ++ CRAY*SV1:*:*:*) ++ echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' ++ exit ;; ++ *:UNICOS/mp:*:*) ++ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' ++ exit ;; ++ F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) ++ FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` ++ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` ++ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` ++ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" ++ exit ;; ++ 5000:UNIX_System_V:4.*:*) ++ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` ++ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` ++ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" ++ exit ;; ++ i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) ++ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} ++ exit ;; ++ sparc*:BSD/OS:*:*) ++ echo sparc-unknown-bsdi${UNAME_RELEASE} ++ exit ;; ++ *:BSD/OS:*:*) ++ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} ++ exit ;; ++ *:FreeBSD:*:*) ++ case ${UNAME_MACHINE} in ++ pc98) ++ echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; ++ amd64) ++ echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; ++ *) ++ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; ++ esac ++ exit ;; ++ i*:CYGWIN*:*) ++ echo ${UNAME_MACHINE}-pc-cygwin ++ exit ;; ++ i*:MINGW*:*) ++ echo ${UNAME_MACHINE}-pc-mingw32 ++ exit ;; ++ i*:windows32*:*) ++ # uname -m includes "-pc" on this system. ++ echo ${UNAME_MACHINE}-mingw32 ++ exit ;; ++ i*:PW*:*) ++ echo ${UNAME_MACHINE}-pc-pw32 ++ exit ;; ++ x86:Interix*:[3456]*) ++ echo i586-pc-interix${UNAME_RELEASE} ++ exit ;; ++ EM64T:Interix*:[3456]*) ++ echo x86_64-unknown-interix${UNAME_RELEASE} ++ exit ;; ++ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) ++ echo i${UNAME_MACHINE}-pc-mks ++ exit ;; ++ i*:Windows_NT*:* | Pentium*:Windows_NT*:*) ++ # How do we know it's Interix rather than the generic POSIX subsystem? ++ # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we ++ # UNAME_MACHINE based on the output of uname instead of i386? ++ echo i586-pc-interix ++ exit ;; ++ i*:UWIN*:*) ++ echo ${UNAME_MACHINE}-pc-uwin ++ exit ;; ++ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) ++ echo x86_64-unknown-cygwin ++ exit ;; ++ p*:CYGWIN*:*) ++ echo powerpcle-unknown-cygwin ++ exit ;; ++ prep*:SunOS:5.*:*) ++ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` ++ exit ;; ++ *:GNU:*:*) ++ # the GNU system ++ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` ++ exit ;; ++ *:GNU/*:*:*) ++ # other systems with GNU libc and userland ++ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu ++ exit ;; ++ i*86:Minix:*:*) ++ echo ${UNAME_MACHINE}-pc-minix ++ exit ;; ++ arm*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ avr32*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ cris:Linux:*:*) ++ echo cris-axis-linux-gnu ++ exit ;; ++ crisv32:Linux:*:*) ++ echo crisv32-axis-linux-gnu ++ exit ;; ++ frv:Linux:*:*) ++ echo frv-unknown-linux-gnu ++ exit ;; ++ ia64:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ m32r*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ m68*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ mips:Linux:*:*) ++ eval $set_cc_for_build ++ sed 's/^ //' << EOF >$dummy.c ++ #undef CPU ++ #undef mips ++ #undef mipsel ++ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) ++ CPU=mipsel ++ #else ++ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) ++ CPU=mips ++ #else ++ CPU= ++ #endif ++ #endif ++EOF ++ eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' ++ /^CPU/{ ++ s: ::g ++ p ++ }'`" ++ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ++ ;; ++ mips64:Linux:*:*) ++ eval $set_cc_for_build ++ sed 's/^ //' << EOF >$dummy.c ++ #undef CPU ++ #undef mips64 ++ #undef mips64el ++ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) ++ CPU=mips64el ++ #else ++ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) ++ CPU=mips64 ++ #else ++ CPU= ++ #endif ++ #endif ++EOF ++ eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' ++ /^CPU/{ ++ s: ::g ++ p ++ }'`" ++ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ++ ;; ++ or32:Linux:*:*) ++ echo or32-unknown-linux-gnu ++ exit ;; ++ ppc:Linux:*:*) ++ echo powerpc-unknown-linux-gnu ++ exit ;; ++ ppc64:Linux:*:*) ++ echo powerpc64-unknown-linux-gnu ++ exit ;; ++ alpha:Linux:*:*) ++ case `sed -n '/^cpu model/s/^.*: $.*$/\1/p' < /proc/cpuinfo` in ++ EV5) UNAME_MACHINE=alphaev5 ;; ++ EV56) UNAME_MACHINE=alphaev56 ;; ++ PCA56) UNAME_MACHINE=alphapca56 ;; ++ PCA57) UNAME_MACHINE=alphapca56 ;; ++ EV6) UNAME_MACHINE=alphaev6 ;; ++ EV67) UNAME_MACHINE=alphaev67 ;; ++ EV68*) UNAME_MACHINE=alphaev68 ;; ++ esac ++ objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null ++ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi ++ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} ++ exit ;; ++ parisc:Linux:*:* | hppa:Linux:*:*) ++ # Look for CPU level ++ case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in ++ PA7*) echo hppa1.1-unknown-linux-gnu ;; ++ PA8*) echo hppa2.0-unknown-linux-gnu ;; ++ *) echo hppa-unknown-linux-gnu ;; ++ esac ++ exit ;; ++ parisc64:Linux:*:* | hppa64:Linux:*:*) ++ echo hppa64-unknown-linux-gnu ++ exit ;; ++ s390:Linux:*:* | s390x:Linux:*:*) ++ echo ${UNAME_MACHINE}-ibm-linux ++ exit ;; ++ sh64*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ sh*:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ sparc:Linux:*:* | sparc64:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ vax:Linux:*:*) ++ echo ${UNAME_MACHINE}-dec-linux-gnu ++ exit ;; ++ x86_64:Linux:*:*) ++ echo x86_64-unknown-linux-gnu ++ exit ;; ++ i*86:Linux:*:*) ++ # The BFD linker knows what the default object file format is, so ++ # first see if it will tell us. cd to the root directory to prevent ++ # problems with other programs or directories called `ld' in the path. ++ # Set LC_ALL=C to ensure ld outputs messages in English. ++ ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ ++ | sed -ne '/supported targets:/!d ++ s/[ ][ ]*/ /g ++ s/.*supported targets: *// ++ s/ .*// ++ p'` ++ case "$ld_supported_targets" in ++ elf32-i386) ++ TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" ++ ;; ++ a.out-i386-linux) ++ echo "${UNAME_MACHINE}-pc-linux-gnuaout" ++ exit ;; ++ coff-i386) ++ echo "${UNAME_MACHINE}-pc-linux-gnucoff" ++ exit ;; ++ "") ++ # Either a pre-BFD a.out linker (linux-gnuoldld) or ++ # one that does not give us useful --help. ++ echo "${UNAME_MACHINE}-pc-linux-gnuoldld" ++ exit ;; ++ esac ++ # Determine whether the default compiler is a.out or elf ++ eval $set_cc_for_build ++ sed 's/^ //' << EOF >$dummy.c ++ #include ++ #ifdef __ELF__ ++ # ifdef __GLIBC__ ++ # if __GLIBC__ >= 2 ++ LIBC=gnu ++ # else ++ LIBC=gnulibc1 ++ # endif ++ # else ++ LIBC=gnulibc1 ++ # endif ++ #else ++ #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) ++ LIBC=gnu ++ #else ++ LIBC=gnuaout ++ #endif ++ #endif ++ #ifdef __dietlibc__ ++ LIBC=dietlibc ++ #endif ++EOF ++ eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' ++ /^LIBC/{ ++ s: ::g ++ p ++ }'`" ++ test x"${LIBC}" != x && { ++ echo "${UNAME_MACHINE}-pc-linux-${LIBC}" ++ exit ++ } ++ test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } ++ ;; ++ i*86:DYNIX/ptx:4*:*) ++ # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. ++ # earlier versions are messed up and put the nodename in both ++ # sysname and nodename. ++ echo i386-sequent-sysv4 ++ exit ;; ++ i*86:UNIX_SV:4.2MP:2.*) ++ # Unixware is an offshoot of SVR4, but it has its own version ++ # number series starting with 2... ++ # I am not positive that other SVR4 systems won't match this, ++ # I just have to hope. -- rms. ++ # Use sysv4.2uw... so that sysv4* matches it. ++ echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} ++ exit ;; ++ i*86:OS/2:*:*) ++ # If we were able to find `uname', then EMX Unix compatibility ++ # is probably installed. ++ echo ${UNAME_MACHINE}-pc-os2-emx ++ exit ;; ++ i*86:XTS-300:*:STOP) ++ echo ${UNAME_MACHINE}-unknown-stop ++ exit ;; ++ i*86:atheos:*:*) ++ echo ${UNAME_MACHINE}-unknown-atheos ++ exit ;; ++ i*86:syllable:*:*) ++ echo ${UNAME_MACHINE}-pc-syllable ++ exit ;; ++ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) ++ echo i386-unknown-lynxos${UNAME_RELEASE} ++ exit ;; ++ i*86:*DOS:*:*) ++ echo ${UNAME_MACHINE}-pc-msdosdjgpp ++ exit ;; ++ i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) ++ UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` ++ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then ++ echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} ++ else ++ echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} ++ fi ++ exit ;; ++ i*86:*:5:[678]*) ++ # UnixWare 7.x, OpenUNIX and OpenServer 6. ++ case `/bin/uname -X | grep "^Machine"` in ++ *486*) UNAME_MACHINE=i486 ;; ++ *Pentium) UNAME_MACHINE=i586 ;; ++ *Pent*|*Celeron) UNAME_MACHINE=i686 ;; ++ esac ++ echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} ++ exit ;; ++ i*86:*:3.2:*) ++ if test -f /usr/options/cb.name; then ++ UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then ++ UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` ++ (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 ++ (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ ++ && UNAME_MACHINE=i586 ++ (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ ++ && UNAME_MACHINE=i686 ++ (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ ++ && UNAME_MACHINE=i686 ++ echo ${UNAME_MACHINE}-pc-sco$UNAME_REL ++ else ++ echo ${UNAME_MACHINE}-pc-sysv32 ++ fi ++ exit ;; ++ pc:*:*:*) ++ # Left here for compatibility: ++ # uname -m prints for DJGPP always 'pc', but it prints nothing about ++ # the processor, so we play safe by assuming i386. ++ echo i386-pc-msdosdjgpp ++ exit ;; ++ Intel:Mach:3*:*) ++ echo i386-pc-mach3 ++ exit ;; ++ paragon:*:*:*) ++ echo i860-intel-osf1 ++ exit ;; ++ i860:*:4.*:*) # i860-SVR4 ++ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then ++ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 ++ else # Add other i860-SVR4 vendors below as they are discovered. ++ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 ++ fi ++ exit ;; ++ mini*:CTIX:SYS*5:*) ++ # "miniframe" ++ echo m68010-convergent-sysv ++ exit ;; ++ mc68k:UNIX:SYSTEM5:3.51m) ++ echo m68k-convergent-sysv ++ exit ;; ++ M680?0:D-NIX:5.3:*) ++ echo m68k-diab-dnix ++ exit ;; ++ M68*:*:R3V[5678]*:*) ++ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; ++ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) ++ OS_REL='' ++ test -r /etc/.relid \ ++ && OS_REL=.`sed -n 's/[^ ]* [^ ]* $[0-9][0-9]$.*/\1/p' < /etc/.relid` ++ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ ++ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } ++ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ ++ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; ++ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) ++ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ ++ && { echo i486-ncr-sysv4; exit; } ;; ++ m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) ++ echo m68k-unknown-lynxos${UNAME_RELEASE} ++ exit ;; ++ mc68030:UNIX_System_V:4.*:*) ++ echo m68k-atari-sysv4 ++ exit ;; ++ TSUNAMI:LynxOS:2.*:*) ++ echo sparc-unknown-lynxos${UNAME_RELEASE} ++ exit ;; ++ rs6000:LynxOS:2.*:*) ++ echo rs6000-unknown-lynxos${UNAME_RELEASE} ++ exit ;; ++ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) ++ echo powerpc-unknown-lynxos${UNAME_RELEASE} ++ exit ;; ++ SM[BE]S:UNIX_SV:*:*) ++ echo mips-dde-sysv${UNAME_RELEASE} ++ exit ;; ++ RM*:ReliantUNIX-*:*:*) ++ echo mips-sni-sysv4 ++ exit ;; ++ RM*:SINIX-*:*:*) ++ echo mips-sni-sysv4 ++ exit ;; ++ *:SINIX-*:*:*) ++ if uname -p 2>/dev/null >/dev/null ; then ++ UNAME_MACHINE=`(uname -p) 2>/dev/null` ++ echo ${UNAME_MACHINE}-sni-sysv4 ++ else ++ echo ns32k-sni-sysv ++ fi ++ exit ;; ++ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort ++ # says ++ echo i586-unisys-sysv4 ++ exit ;; ++ *:UNIX_System_V:4*:FTX*) ++ # From Gerald Hewes . ++ # How about differentiating between stratus architectures? -djm ++ echo hppa1.1-stratus-sysv4 ++ exit ;; ++ *:*:*:FTX*) ++ # From seanf@swdc.stratus.com. ++ echo i860-stratus-sysv4 ++ exit ;; ++ i*86:VOS:*:*) ++ # From Paul.Green@stratus.com. ++ echo ${UNAME_MACHINE}-stratus-vos ++ exit ;; ++ *:VOS:*:*) ++ # From Paul.Green@stratus.com. ++ echo hppa1.1-stratus-vos ++ exit ;; ++ mc68*:A/UX:*:*) ++ echo m68k-apple-aux${UNAME_RELEASE} ++ exit ;; ++ news*:NEWS-OS:6*:*) ++ echo mips-sony-newsos6 ++ exit ;; ++ R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) ++ if [ -d /usr/nec ]; then ++ echo mips-nec-sysv${UNAME_RELEASE} ++ else ++ echo mips-unknown-sysv${UNAME_RELEASE} ++ fi ++ exit ;; ++ BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. ++ echo powerpc-be-beos ++ exit ;; ++ BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. ++ echo powerpc-apple-beos ++ exit ;; ++ BePC:BeOS:*:*) # BeOS running on Intel PC compatible. ++ echo i586-pc-beos ++ exit ;; ++ SX-4:SUPER-UX:*:*) ++ echo sx4-nec-superux${UNAME_RELEASE} ++ exit ;; ++ SX-5:SUPER-UX:*:*) ++ echo sx5-nec-superux${UNAME_RELEASE} ++ exit ;; ++ SX-6:SUPER-UX:*:*) ++ echo sx6-nec-superux${UNAME_RELEASE} ++ exit ;; ++ Power*:Rhapsody:*:*) ++ echo powerpc-apple-rhapsody${UNAME_RELEASE} ++ exit ;; ++ *:Rhapsody:*:*) ++ echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} ++ exit ;; ++ *:Darwin:*:*) ++ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown ++ case $UNAME_PROCESSOR in ++ unknown) UNAME_PROCESSOR=powerpc ;; ++ esac ++ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} ++ exit ;; ++ *:procnto*:*:* | *:QNX:[0123456789]*:*) ++ UNAME_PROCESSOR=`uname -p` ++ if test "$UNAME_PROCESSOR" = "x86"; then ++ UNAME_PROCESSOR=i386 ++ UNAME_MACHINE=pc ++ fi ++ echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} ++ exit ;; ++ *:QNX:*:4*) ++ echo i386-pc-qnx ++ exit ;; ++ NSE-?:NONSTOP_KERNEL:*:*) ++ echo nse-tandem-nsk${UNAME_RELEASE} ++ exit ;; ++ NSR-?:NONSTOP_KERNEL:*:*) ++ echo nsr-tandem-nsk${UNAME_RELEASE} ++ exit ;; ++ *:NonStop-UX:*:*) ++ echo mips-compaq-nonstopux ++ exit ;; ++ BS2000:POSIX*:*:*) ++ echo bs2000-siemens-sysv ++ exit ;; ++ DS/*:UNIX_System_V:*:*) ++ echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} ++ exit ;; ++ *:Plan9:*:*) ++ # "uname -m" is not consistent, so use $cputype instead. 386 ++ # is converted to i386 for consistency with other x86 ++ # operating systems. ++ if test "$cputype" = "386"; then ++ UNAME_MACHINE=i386 ++ else ++ UNAME_MACHINE="$cputype" ++ fi ++ echo ${UNAME_MACHINE}-unknown-plan9 ++ exit ;; ++ *:TOPS-10:*:*) ++ echo pdp10-unknown-tops10 ++ exit ;; ++ *:TENEX:*:*) ++ echo pdp10-unknown-tenex ++ exit ;; ++ KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) ++ echo pdp10-dec-tops20 ++ exit ;; ++ XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) ++ echo pdp10-xkl-tops20 ++ exit ;; ++ *:TOPS-20:*:*) ++ echo pdp10-unknown-tops20 ++ exit ;; ++ *:ITS:*:*) ++ echo pdp10-unknown-its ++ exit ;; ++ SEI:*:*:SEIUX) ++ echo mips-sei-seiux${UNAME_RELEASE} ++ exit ;; ++ *:DragonFly:*:*) ++ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ++ exit ;; ++ *:*VMS:*:*) ++ UNAME_MACHINE=`(uname -p) 2>/dev/null` ++ case "${UNAME_MACHINE}" in ++ A*) echo alpha-dec-vms ; exit ;; ++ I*) echo ia64-dec-vms ; exit ;; ++ V*) echo vax-dec-vms ; exit ;; ++ esac ;; ++ *:XENIX:*:SysV) ++ echo i386-pc-xenix ++ exit ;; ++ i*86:skyos:*:*) ++ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' ++ exit ;; ++ i*86:rdos:*:*) ++ echo ${UNAME_MACHINE}-pc-rdos ++ exit ;; ++esac ++ ++#echo '(No uname command or uname output not recognized.)' 1>&2 ++#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 ++ ++eval $set_cc_for_build ++cat >$dummy.c < ++# include ++#endif ++main () ++{ ++#if defined (sony) ++#if defined (MIPSEB) ++ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, ++ I don't know.... */ ++ printf ("mips-sony-bsd\n"); exit (0); ++#else ++#include ++ printf ("m68k-sony-newsos%s\n", ++#ifdef NEWSOS4 ++ "4" ++#else ++ "" ++#endif ++ ); exit (0); ++#endif ++#endif ++ ++#if defined (__arm) && defined (__acorn) && defined (__unix) ++ printf ("arm-acorn-riscix\n"); exit (0); ++#endif ++ ++#if defined (hp300) && !defined (hpux) ++ printf ("m68k-hp-bsd\n"); exit (0); ++#endif ++ ++#if defined (NeXT) ++#if !defined (__ARCHITECTURE__) ++#define __ARCHITECTURE__ "m68k" ++#endif ++ int version; ++ version=`(hostinfo | sed -n 's/.*NeXT Mach $[0-9]*$.*/\1/p') 2>/dev/null`; ++ if (version < 4) ++ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); ++ else ++ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); ++ exit (0); ++#endif ++ ++#if defined (MULTIMAX) || defined (n16) ++#if defined (UMAXV) ++ printf ("ns32k-encore-sysv\n"); exit (0); ++#else ++#if defined (CMU) ++ printf ("ns32k-encore-mach\n"); exit (0); ++#else ++ printf ("ns32k-encore-bsd\n"); exit (0); ++#endif ++#endif ++#endif ++ ++#if defined (__386BSD__) ++ printf ("i386-pc-bsd\n"); exit (0); ++#endif ++ ++#if defined (sequent) ++#if defined (i386) ++ printf ("i386-sequent-dynix\n"); exit (0); ++#endif ++#if defined (ns32000) ++ printf ("ns32k-sequent-dynix\n"); exit (0); ++#endif ++#endif ++ ++#if defined (_SEQUENT_) ++ struct utsname un; ++ ++ uname(&un); ++ ++ if (strncmp(un.version, "V2", 2) == 0) { ++ printf ("i386-sequent-ptx2\n"); exit (0); ++ } ++ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ ++ printf ("i386-sequent-ptx1\n"); exit (0); ++ } ++ printf ("i386-sequent-ptx\n"); exit (0); ++ ++#endif ++ ++#if defined (vax) ++# if !defined (ultrix) ++# include ++# if defined (BSD) ++# if BSD == 43 ++ printf ("vax-dec-bsd4.3\n"); exit (0); ++# else ++# if BSD == 199006 ++ printf ("vax-dec-bsd4.3reno\n"); exit (0); ++# else ++ printf ("vax-dec-bsd\n"); exit (0); ++# endif ++# endif ++# else ++ printf ("vax-dec-bsd\n"); exit (0); ++# endif ++# else ++ printf ("vax-dec-ultrix\n"); exit (0); ++# endif ++#endif ++ ++#if defined (alliant) && defined (i860) ++ printf ("i860-alliant-bsd\n"); exit (0); ++#endif ++ ++ exit (1); ++} ++EOF ++ ++$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && ++ { echo "$SYSTEM_NAME"; exit; } ++ ++# Apollos put the system type in the environment. ++ ++test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } ++ ++# Convex versions that predate uname can use getsysinfo(1) ++ ++if [ -x /usr/convex/getsysinfo ] ++then ++ case `getsysinfo -f cpu_type` in ++ c1*) ++ echo c1-convex-bsd ++ exit ;; ++ c2*) ++ if getsysinfo -f scalar_acc ++ then echo c32-convex-bsd ++ else echo c2-convex-bsd ++ fi ++ exit ;; ++ c34*) ++ echo c34-convex-bsd ++ exit ;; ++ c38*) ++ echo c38-convex-bsd ++ exit ;; ++ c4*) ++ echo c4-convex-bsd ++ exit ;; ++ esac ++fi ++ ++cat >&2 < in order to provide the needed ++information to handle your system. ++ ++config.guess timestamp = $timestamp ++ ++uname -m = `(uname -m) 2>/dev/null || echo unknown` ++uname -r = `(uname -r) 2>/dev/null || echo unknown` ++uname -s = `(uname -s) 2>/dev/null || echo unknown` ++uname -v = `(uname -v) 2>/dev/null || echo unknown` ++ ++/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` ++/bin/uname -X = `(/bin/uname -X) 2>/dev/null` ++ ++hostinfo = `(hostinfo) 2>/dev/null` ++/bin/universe = `(/bin/universe) 2>/dev/null` ++/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` ++/bin/arch = `(/bin/arch) 2>/dev/null` ++/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` ++/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` ++ ++UNAME_MACHINE = ${UNAME_MACHINE} ++UNAME_RELEASE = ${UNAME_RELEASE} ++UNAME_SYSTEM = ${UNAME_SYSTEM} ++UNAME_VERSION = ${UNAME_VERSION} ++EOF ++ ++exit 1 ++ ++# Local variables: ++# eval: (add-hook 'write-file-hooks 'time-stamp) ++# time-stamp-start: "timestamp='" ++# time-stamp-format: "%:y-%02m-%02d" ++# time-stamp-end: "'" ++# End: +diff -urNad apache2-2.2.3~/config.sub apache2-2.2.3/config.sub +--- apache2-2.2.3~/config.sub 1970-01-01 01:00:00.000000000 +0100 ++++ apache2-2.2.3/config.sub 2006-09-27 21:50:35.000000000 +0200 +@@ -0,0 +1,1608 @@ ++#! /bin/sh ++# Configuration validation subroutine script. ++# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, ++# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, ++# Inc. ++ ++timestamp='2006-07-02' ++ ++# This file is (in principle) common to ALL GNU software. ++# The presence of a machine in this file suggests that SOME GNU software ++# can handle that machine. It does not imply ALL GNU software can. ++# ++# This file is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA ++# 02110-1301, USA. ++# ++# As a special exception to the GNU General Public License, if you ++# distribute this file as part of a program that contains a ++# configuration script generated by Autoconf, you may include it under ++# the same distribution terms that you use for the rest of that program. ++ ++ ++# Please send patches to . Submit a context ++# diff and a properly formatted ChangeLog entry. ++# ++# Configuration subroutine to validate and canonicalize a configuration type. ++# Supply the specified configuration type as an argument. ++# If it is invalid, we print an error message on stderr and exit with code 1. ++# Otherwise, we print the canonical config type on stdout and succeed. ++ ++# This file is supposed to be the same for all GNU packages ++# and recognize all the CPU types, system types and aliases ++# that are meaningful with *any* GNU software. ++# Each package is responsible for reporting which valid configurations ++# it does not support. The user should be able to distinguish ++# a failure to support a valid configuration from a meaningless ++# configuration. ++ ++# The goal of this file is to map all the various variations of a given ++# machine specification into a single specification in the form: ++# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM ++# or in some cases, the newer four-part form: ++# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM ++# It is wrong to echo any other type of specification. ++ ++me=`echo "$0" | sed -e 's,.*/,,'` ++ ++usage="\ ++Usage: $0 [OPTION] CPU-MFR-OPSYS ++ $0 [OPTION] ALIAS ++ ++Canonicalize a configuration name. ++ ++Operation modes: ++ -h, --help print this help, then exit ++ -t, --time-stamp print date of last modification, then exit ++ -v, --version print version number, then exit ++ ++Report bugs and patches to ." ++ ++version="\ ++GNU config.sub ($timestamp) ++ ++Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 ++Free Software Foundation, Inc. ++ ++This is free software; see the source for copying conditions. There is NO ++warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." ++ ++help=" ++Try \`$me --help' for more information." ++ ++# Parse command line ++while test $# -gt 0 ; do ++ case $1 in ++ --time-stamp | --time* | -t ) ++ echo "$timestamp" ; exit ;; ++ --version | -v ) ++ echo "$version" ; exit ;; ++ --help | --h* | -h ) ++ echo "$usage"; exit ;; ++ -- ) # Stop option processing ++ shift; break ;; ++ - ) # Use stdin as input. ++ break ;; ++ -* ) ++ echo "$me: invalid option $1$help" ++ exit 1 ;; ++ ++ *local*) ++ # First pass through any local machine types. ++ echo $1 ++ exit ;; ++ ++ * ) ++ break ;; ++ esac ++done ++ ++case $# in ++ 0) echo "$me: missing argument$help" >&2 ++ exit 1;; ++ 1) ;; ++ *) echo "$me: too many arguments$help" >&2 ++ exit 1;; ++esac ++ ++# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). ++# Here we must recognize all the valid KERNEL-OS combinations. ++maybe_os=`echo $1 | sed 's/^$.*$-$[^-]*-[^-]*$$/\2/'` ++case $maybe_os in ++ nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ ++ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ ++ storm-chaos* | os2-emx* | rtmk-nova*) ++ os=-$maybe_os ++ basic_machine=`echo $1 | sed 's/^$.*$-$[^-]*-[^-]*$$/\1/'` ++ ;; ++ *) ++ basic_machine=`echo $1 | sed 's/-[^-]*$//'` ++ if [ $basic_machine != $1 ] ++ then os=`echo $1 | sed 's/.*-/-/'` ++ else os=; fi ++ ;; ++esac ++ ++### Let's recognize common machines as not being operating systems so ++### that things like config.sub decstation-3100 work. We also ++### recognize some manufacturers as not being operating systems, so we ++### can provide default operating systems below. ++case $os in ++ -sun*os*) ++ # Prevent following clause from handling this invalid input. ++ ;; ++ -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ ++ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ ++ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ ++ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ ++ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ ++ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ ++ -apple | -axis | -knuth | -cray) ++ os= ++ basic_machine=$1 ++ ;; ++ -sim | -cisco | -oki | -wec | -winbond) ++ os= ++ basic_machine=$1 ++ ;; ++ -scout) ++ ;; ++ -wrs) ++ os=-vxworks ++ basic_machine=$1 ++ ;; ++ -chorusos*) ++ os=-chorusos ++ basic_machine=$1 ++ ;; ++ -chorusrdb) ++ os=-chorusrdb ++ basic_machine=$1 ++ ;; ++ -hiux*) ++ os=-hiuxwe2 ++ ;; ++ -sco6) ++ os=-sco5v6 ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -sco5) ++ os=-sco3.2v5 ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -sco4) ++ os=-sco3.2v4 ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -sco3.2.[4-9]*) ++ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -sco3.2v[4-9]*) ++ # Don't forget version if it is 3.2v4 or newer. ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -sco5v6*) ++ # Don't forget version if it is 3.2v4 or newer. ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -sco*) ++ os=-sco3.2v2 ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -udk*) ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -isc) ++ os=-isc2.2 ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -clix*) ++ basic_machine=clipper-intergraph ++ ;; ++ -isc*) ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ++ ;; ++ -lynx*) ++ os=-lynxos ++ ;; ++ -ptx*) ++ basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ++ ;; ++ -windowsnt*) ++ os=`echo $os | sed -e 's/windowsnt/winnt/'` ++ ;; ++ -psos*) ++ os=-psos ++ ;; ++ -mint | -mint[0-9]*) ++ basic_machine=m68k-atari ++ os=-mint ++ ;; ++esac ++ ++# Decode aliases for certain CPU-COMPANY combinations. ++case $basic_machine in ++ # Recognize the basic CPU types without company name. ++ # Some are omitted here because they have special meanings below. ++ 1750a | 580 \ ++ | a29k \ ++ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ ++ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ ++ | am33_2.0 \ ++ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ ++ | bfin \ ++ | c4x | clipper \ ++ | d10v | d30v | dlx | dsp16xx \ ++ | fr30 | frv \ ++ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ ++ | i370 | i860 | i960 | ia64 \ ++ | ip2k | iq2000 \ ++ | m32c | m32r | m32rle | m68000 | m68k | m88k \ ++ | maxq | mb | microblaze | mcore \ ++ | mips | mipsbe | mipseb | mipsel | mipsle \ ++ | mips16 \ ++ | mips64 | mips64el \ ++ | mips64vr | mips64vrel \ ++ | mips64orion | mips64orionel \ ++ | mips64vr4100 | mips64vr4100el \ ++ | mips64vr4300 | mips64vr4300el \ ++ | mips64vr5000 | mips64vr5000el \ ++ | mips64vr5900 | mips64vr5900el \ ++ | mipsisa32 | mipsisa32el \ ++ | mipsisa32r2 | mipsisa32r2el \ ++ | mipsisa64 | mipsisa64el \ ++ | mipsisa64r2 | mipsisa64r2el \ ++ | mipsisa64sb1 | mipsisa64sb1el \ ++ | mipsisa64sr71k | mipsisa64sr71kel \ ++ | mipstx39 | mipstx39el \ ++ | mn10200 | mn10300 \ ++ | mt \ ++ | msp430 \ ++ | nios | nios2 \ ++ | ns16k | ns32k \ ++ | or32 \ ++ | pdp10 | pdp11 | pj | pjl \ ++ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ ++ | pyramid \ ++ | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ ++ | sh64 | sh64le \ ++ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ ++ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ ++ | spu | strongarm \ ++ | tahoe | thumb | tic4x | tic80 | tron \ ++ | v850 | v850e \ ++ | we32k \ ++ | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \ ++ | z8k) ++ basic_machine=$basic_machine-unknown ++ ;; ++ m6811 | m68hc11 | m6812 | m68hc12) ++ # Motorola 68HC11/12. ++ basic_machine=$basic_machine-unknown ++ os=-none ++ ;; ++ m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ++ ;; ++ ms1) ++ basic_machine=mt-unknown ++ ;; ++ ++ # We use `pc' rather than `unknown' ++ # because (1) that's what they normally are, and ++ # (2) the word "unknown" tends to confuse beginning users. ++ i*86 | x86_64) ++ basic_machine=$basic_machine-pc ++ ;; ++ # Object if more than one company name word. ++ *-*-*) ++ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 ++ exit 1 ++ ;; ++ # Recognize the basic CPU types with company name. ++ 580-* \ ++ | a29k-* \ ++ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ ++ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ ++ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ ++ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ ++ | avr-* | avr32-* \ ++ | bfin-* | bs2000-* \ ++ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ ++ | clipper-* | craynv-* | cydra-* \ ++ | d10v-* | d30v-* | dlx-* \ ++ | elxsi-* \ ++ | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ ++ | h8300-* | h8500-* \ ++ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ ++ | i*86-* | i860-* | i960-* | ia64-* \ ++ | ip2k-* | iq2000-* \ ++ | m32c-* | m32r-* | m32rle-* \ ++ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ ++ | m88110-* | m88k-* | maxq-* | mcore-* \ ++ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ ++ | mips16-* \ ++ | mips64-* | mips64el-* \ ++ | mips64vr-* | mips64vrel-* \ ++ | mips64orion-* | mips64orionel-* \ ++ | mips64vr4100-* | mips64vr4100el-* \ ++ | mips64vr4300-* | mips64vr4300el-* \ ++ | mips64vr5000-* | mips64vr5000el-* \ ++ | mips64vr5900-* | mips64vr5900el-* \ ++ | mipsisa32-* | mipsisa32el-* \ ++ | mipsisa32r2-* | mipsisa32r2el-* \ ++ | mipsisa64-* | mipsisa64el-* \ ++ | mipsisa64r2-* | mipsisa64r2el-* \ ++ | mipsisa64sb1-* | mipsisa64sb1el-* \ ++ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ ++ | mipstx39-* | mipstx39el-* \ ++ | mmix-* \ ++ | mt-* \ ++ | msp430-* \ ++ | nios-* | nios2-* \ ++ | none-* | np1-* | ns16k-* | ns32k-* \ ++ | orion-* \ ++ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ ++ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ ++ | pyramid-* \ ++ | romp-* | rs6000-* \ ++ | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ ++ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ ++ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ ++ | sparclite-* \ ++ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ ++ | tahoe-* | thumb-* \ ++ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ ++ | tron-* \ ++ | v850-* | v850e-* | vax-* \ ++ | we32k-* \ ++ | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \ ++ | xstormy16-* | xtensa-* \ ++ | ymp-* \ ++ | z8k-*) ++ ;; ++ # Recognize the various machine names and aliases which stand ++ # for a CPU type and a company and sometimes even an OS. ++ 386bsd) ++ basic_machine=i386-unknown ++ os=-bsd ++ ;; ++ 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) ++ basic_machine=m68000-att ++ ;; ++ 3b*) ++ basic_machine=we32k-att ++ ;; ++ a29khif) ++ basic_machine=a29k-amd ++ os=-udi ++ ;; ++ abacus) ++ basic_machine=abacus-unknown ++ ;; ++ adobe68k) ++ basic_machine=m68010-adobe ++ os=-scout ++ ;; ++ alliant | fx80) ++ basic_machine=fx80-alliant ++ ;; ++ altos | altos3068) ++ basic_machine=m68k-altos ++ ;; ++ am29k) ++ basic_machine=a29k-none ++ os=-bsd ++ ;; ++ amd64) ++ basic_machine=x86_64-pc ++ ;; ++ amd64-*) ++ basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ amdahl) ++ basic_machine=580-amdahl ++ os=-sysv ++ ;; ++ amiga | amiga-*) ++ basic_machine=m68k-unknown ++ ;; ++ amigaos | amigados) ++ basic_machine=m68k-unknown ++ os=-amigaos ++ ;; ++ amigaunix | amix) ++ basic_machine=m68k-unknown ++ os=-sysv4 ++ ;; ++ apollo68) ++ basic_machine=m68k-apollo ++ os=-sysv ++ ;; ++ apollo68bsd) ++ basic_machine=m68k-apollo ++ os=-bsd ++ ;; ++ aux) ++ basic_machine=m68k-apple ++ os=-aux ++ ;; ++ balance) ++ basic_machine=ns32k-sequent ++ os=-dynix ++ ;; ++ c90) ++ basic_machine=c90-cray ++ os=-unicos ++ ;; ++ convex-c1) ++ basic_machine=c1-convex ++ os=-bsd ++ ;; ++ convex-c2) ++ basic_machine=c2-convex ++ os=-bsd ++ ;; ++ convex-c32) ++ basic_machine=c32-convex ++ os=-bsd ++ ;; ++ convex-c34) ++ basic_machine=c34-convex ++ os=-bsd ++ ;; ++ convex-c38) ++ basic_machine=c38-convex ++ os=-bsd ++ ;; ++ cray | j90) ++ basic_machine=j90-cray ++ os=-unicos ++ ;; ++ craynv) ++ basic_machine=craynv-cray ++ os=-unicosmp ++ ;; ++ cr16c) ++ basic_machine=cr16c-unknown ++ os=-elf ++ ;; ++ crds | unos) ++ basic_machine=m68k-crds ++ ;; ++ crisv32 | crisv32-* | etraxfs*) ++ basic_machine=crisv32-axis ++ ;; ++ cris | cris-* | etrax*) ++ basic_machine=cris-axis ++ ;; ++ crx) ++ basic_machine=crx-unknown ++ os=-elf ++ ;; ++ da30 | da30-*) ++ basic_machine=m68k-da30 ++ ;; ++ decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) ++ basic_machine=mips-dec ++ ;; ++ decsystem10* | dec10*) ++ basic_machine=pdp10-dec ++ os=-tops10 ++ ;; ++ decsystem20* | dec20*) ++ basic_machine=pdp10-dec ++ os=-tops20 ++ ;; ++ delta | 3300 | motorola-3300 | motorola-delta \ ++ | 3300-motorola | delta-motorola) ++ basic_machine=m68k-motorola ++ ;; ++ delta88) ++ basic_machine=m88k-motorola ++ os=-sysv3 ++ ;; ++ djgpp) ++ basic_machine=i586-pc ++ os=-msdosdjgpp ++ ;; ++ dpx20 | dpx20-*) ++ basic_machine=rs6000-bull ++ os=-bosx ++ ;; ++ dpx2* | dpx2*-bull) ++ basic_machine=m68k-bull ++ os=-sysv3 ++ ;; ++ ebmon29k) ++ basic_machine=a29k-amd ++ os=-ebmon ++ ;; ++ elxsi) ++ basic_machine=elxsi-elxsi ++ os=-bsd ++ ;; ++ encore | umax | mmax) ++ basic_machine=ns32k-encore ++ ;; ++ es1800 | OSE68k | ose68k | ose | OSE) ++ basic_machine=m68k-ericsson ++ os=-ose ++ ;; ++ fx2800) ++ basic_machine=i860-alliant ++ ;; ++ genix) ++ basic_machine=ns32k-ns ++ ;; ++ gmicro) ++ basic_machine=tron-gmicro ++ os=-sysv ++ ;; ++ go32) ++ basic_machine=i386-pc ++ os=-go32 ++ ;; ++ h3050r* | hiux*) ++ basic_machine=hppa1.1-hitachi ++ os=-hiuxwe2 ++ ;; ++ h8300hms) ++ basic_machine=h8300-hitachi ++ os=-hms ++ ;; ++ h8300xray) ++ basic_machine=h8300-hitachi ++ os=-xray ++ ;; ++ h8500hms) ++ basic_machine=h8500-hitachi ++ os=-hms ++ ;; ++ harris) ++ basic_machine=m88k-harris ++ os=-sysv3 ++ ;; ++ hp300-*) ++ basic_machine=m68k-hp ++ ;; ++ hp300bsd) ++ basic_machine=m68k-hp ++ os=-bsd ++ ;; ++ hp300hpux) ++ basic_machine=m68k-hp ++ os=-hpux ++ ;; ++ hp3k9[0-9][0-9] | hp9[0-9][0-9]) ++ basic_machine=hppa1.0-hp ++ ;; ++ hp9k2[0-9][0-9] | hp9k31[0-9]) ++ basic_machine=m68000-hp ++ ;; ++ hp9k3[2-9][0-9]) ++ basic_machine=m68k-hp ++ ;; ++ hp9k6[0-9][0-9] | hp6[0-9][0-9]) ++ basic_machine=hppa1.0-hp ++ ;; ++ hp9k7[0-79][0-9] | hp7[0-79][0-9]) ++ basic_machine=hppa1.1-hp ++ ;; ++ hp9k78[0-9] | hp78[0-9]) ++ # FIXME: really hppa2.0-hp ++ basic_machine=hppa1.1-hp ++ ;; ++ hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) ++ # FIXME: really hppa2.0-hp ++ basic_machine=hppa1.1-hp ++ ;; ++ hp9k8[0-9][13679] | hp8[0-9][13679]) ++ basic_machine=hppa1.1-hp ++ ;; ++ hp9k8[0-9][0-9] | hp8[0-9][0-9]) ++ basic_machine=hppa1.0-hp ++ ;; ++ hppa-next) ++ os=-nextstep3 ++ ;; ++ hppaosf) ++ basic_machine=hppa1.1-hp ++ os=-osf ++ ;; ++ hppro) ++ basic_machine=hppa1.1-hp ++ os=-proelf ++ ;; ++ i370-ibm* | ibm*) ++ basic_machine=i370-ibm ++ ;; ++# I'm not sure what "Sysv32" means. Should this be sysv3.2? ++ i*86v32) ++ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` ++ os=-sysv32 ++ ;; ++ i*86v4*) ++ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` ++ os=-sysv4 ++ ;; ++ i*86v) ++ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` ++ os=-sysv ++ ;; ++ i*86sol2) ++ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` ++ os=-solaris2 ++ ;; ++ i386mach) ++ basic_machine=i386-mach ++ os=-mach ++ ;; ++ i386-vsta | vsta) ++ basic_machine=i386-unknown ++ os=-vsta ++ ;; ++ iris | iris4d) ++ basic_machine=mips-sgi ++ case $os in ++ -irix*) ++ ;; ++ *) ++ os=-irix4 ++ ;; ++ esac ++ ;; ++ isi68 | isi) ++ basic_machine=m68k-isi ++ os=-sysv ++ ;; ++ m88k-omron*) ++ basic_machine=m88k-omron ++ ;; ++ magnum | m3230) ++ basic_machine=mips-mips ++ os=-sysv ++ ;; ++ merlin) ++ basic_machine=ns32k-utek ++ os=-sysv ++ ;; ++ mingw32) ++ basic_machine=i386-pc ++ os=-mingw32 ++ ;; ++ miniframe) ++ basic_machine=m68000-convergent ++ ;; ++ *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) ++ basic_machine=m68k-atari ++ os=-mint ++ ;; ++ mips3*-*) ++ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ++ ;; ++ mips3*) ++ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ++ ;; ++ monitor) ++ basic_machine=m68k-rom68k ++ os=-coff ++ ;; ++ morphos) ++ basic_machine=powerpc-unknown ++ os=-morphos ++ ;; ++ msdos) ++ basic_machine=i386-pc ++ os=-msdos ++ ;; ++ ms1-*) ++ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ++ ;; ++ mvs) ++ basic_machine=i370-ibm ++ os=-mvs ++ ;; ++ ncr3000) ++ basic_machine=i486-ncr ++ os=-sysv4 ++ ;; ++ netbsd386) ++ basic_machine=i386-unknown ++ os=-netbsd ++ ;; ++ netwinder) ++ basic_machine=armv4l-rebel ++ os=-linux ++ ;; ++ news | news700 | news800 | news900) ++ basic_machine=m68k-sony ++ os=-newsos ++ ;; ++ news1000) ++ basic_machine=m68030-sony ++ os=-newsos ++ ;; ++ news-3600 | risc-news) ++ basic_machine=mips-sony ++ os=-newsos ++ ;; ++ necv70) ++ basic_machine=v70-nec ++ os=-sysv ++ ;; ++ next | m*-next ) ++ basic_machine=m68k-next ++ case $os in ++ -nextstep* ) ++ ;; ++ -ns2*) ++ os=-nextstep2 ++ ;; ++ *) ++ os=-nextstep3 ++ ;; ++ esac ++ ;; ++ nh3000) ++ basic_machine=m68k-harris ++ os=-cxux ++ ;; ++ nh[45]000) ++ basic_machine=m88k-harris ++ os=-cxux ++ ;; ++ nindy960) ++ basic_machine=i960-intel ++ os=-nindy ++ ;; ++ mon960) ++ basic_machine=i960-intel ++ os=-mon960 ++ ;; ++ nonstopux) ++ basic_machine=mips-compaq ++ os=-nonstopux ++ ;; ++ np1) ++ basic_machine=np1-gould ++ ;; ++ nsr-tandem) ++ basic_machine=nsr-tandem ++ ;; ++ op50n-* | op60c-*) ++ basic_machine=hppa1.1-oki ++ os=-proelf ++ ;; ++ openrisc | openrisc-*) ++ basic_machine=or32-unknown ++ ;; ++ os400) ++ basic_machine=powerpc-ibm ++ os=-os400 ++ ;; ++ OSE68000 | ose68000) ++ basic_machine=m68000-ericsson ++ os=-ose ++ ;; ++ os68k) ++ basic_machine=m68k-none ++ os=-os68k ++ ;; ++ pa-hitachi) ++ basic_machine=hppa1.1-hitachi ++ os=-hiuxwe2 ++ ;; ++ paragon) ++ basic_machine=i860-intel ++ os=-osf ++ ;; ++ pbd) ++ basic_machine=sparc-tti ++ ;; ++ pbb) ++ basic_machine=m68k-tti ++ ;; ++ pc532 | pc532-*) ++ basic_machine=ns32k-pc532 ++ ;; ++ pc98) ++ basic_machine=i386-pc ++ ;; ++ pc98-*) ++ basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ pentium | p5 | k5 | k6 | nexgen | viac3) ++ basic_machine=i586-pc ++ ;; ++ pentiumpro | p6 | 6x86 | athlon | athlon_*) ++ basic_machine=i686-pc ++ ;; ++ pentiumii | pentium2 | pentiumiii | pentium3) ++ basic_machine=i686-pc ++ ;; ++ pentium4) ++ basic_machine=i786-pc ++ ;; ++ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) ++ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ pentiumpro-* | p6-* | 6x86-* | athlon-*) ++ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) ++ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ pentium4-*) ++ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ pn) ++ basic_machine=pn-gould ++ ;; ++ power) basic_machine=power-ibm ++ ;; ++ ppc) basic_machine=powerpc-unknown ++ ;; ++ ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ ppcle | powerpclittle | ppc-le | powerpc-little) ++ basic_machine=powerpcle-unknown ++ ;; ++ ppcle-* | powerpclittle-*) ++ basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ ppc64) basic_machine=powerpc64-unknown ++ ;; ++ ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ ppc64le | powerpc64little | ppc64-le | powerpc64-little) ++ basic_machine=powerpc64le-unknown ++ ;; ++ ppc64le-* | powerpc64little-*) ++ basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ++ ;; ++ ps2) ++ basic_machine=i386-ibm ++ ;; ++ pw32) ++ basic_machine=i586-unknown ++ os=-pw32 ++ ;; ++ rdos) ++ basic_machine=i386-pc ++ os=-rdos ++ ;; ++ rom68k) ++ basic_machine=m68k-rom68k ++ os=-coff ++ ;; ++ rm[46]00) ++ basic_machine=mips-siemens ++ ;; ++ rtpc | rtpc-*) ++ basic_machine=romp-ibm ++ ;; ++ s390 | s390-*) ++ basic_machine=s390-ibm ++ ;; ++ s390x | s390x-*) ++ basic_machine=s390x-ibm ++ ;; ++ sa29200) ++ basic_machine=a29k-amd ++ os=-udi ++ ;; ++ sb1) ++ basic_machine=mipsisa64sb1-unknown ++ ;; ++ sb1el) ++ basic_machine=mipsisa64sb1el-unknown ++ ;; ++ sei) ++ basic_machine=mips-sei ++ os=-seiux ++ ;; ++ sequent) ++ basic_machine=i386-sequent ++ ;; ++ sh) ++ basic_machine=sh-hitachi ++ os=-hms ++ ;; ++ sh64) ++ basic_machine=sh64-unknown ++ ;; ++ sparclite-wrs | simso-wrs) ++ basic_machine=sparclite-wrs ++ os=-vxworks ++ ;; ++ sps7) ++ basic_machine=m68k-bull ++ os=-sysv2 ++ ;; ++ spur) ++ basic_machine=spur-unknown ++ ;; ++ st2000) ++ basic_machine=m68k-tandem ++ ;; ++ stratus) ++ basic_machine=i860-stratus ++ os=-sysv4 ++ ;; ++ sun2) ++ basic_machine=m68000-sun ++ ;; ++ sun2os3) ++ basic_machine=m68000-sun ++ os=-sunos3 ++ ;; ++ sun2os4) ++ basic_machine=m68000-sun ++ os=-sunos4 ++ ;; ++ sun3os3) ++ basic_machine=m68k-sun ++ os=-sunos3 ++ ;; ++ sun3os4) ++ basic_machine=m68k-sun ++ os=-sunos4 ++ ;; ++ sun4os3) ++ basic_machine=sparc-sun ++ os=-sunos3 ++ ;; ++ sun4os4) ++ basic_machine=sparc-sun ++ os=-sunos4 ++ ;; ++ sun4sol2) ++ basic_machine=sparc-sun ++ os=-solaris2 ++ ;; ++ sun3 | sun3-*) ++ basic_machine=m68k-sun ++ ;; ++ sun4) ++ basic_machine=sparc-sun ++ ;; ++ sun386 | sun386i | roadrunner) ++ basic_machine=i386-sun ++ ;; ++ sv1) ++ basic_machine=sv1-cray ++ os=-unicos ++ ;; ++ symmetry) ++ basic_machine=i386-sequent ++ os=-dynix ++ ;; ++ t3e) ++ basic_machine=alphaev5-cray ++ os=-unicos ++ ;; ++ t90) ++ basic_machine=t90-cray ++ os=-unicos ++ ;; ++ tic54x | c54x*) ++ basic_machine=tic54x-unknown ++ os=-coff ++ ;; ++ tic55x | c55x*) ++ basic_machine=tic55x-unknown ++ os=-coff ++ ;; ++ tic6x | c6x*) ++ basic_machine=tic6x-unknown ++ os=-coff ++ ;; ++ tx39) ++ basic_machine=mipstx39-unknown ++ ;; ++ tx39el) ++ basic_machine=mipstx39el-unknown ++ ;; ++ toad1) ++ basic_machine=pdp10-xkl ++ os=-tops20 ++ ;; ++ tower | tower-32) ++ basic_machine=m68k-ncr ++ ;; ++ tpf) ++ basic_machine=s390x-ibm ++ os=-tpf ++ ;; ++ udi29k) ++ basic_machine=a29k-amd ++ os=-udi ++ ;; ++ ultra3) ++ basic_machine=a29k-nyu ++ os=-sym1 ++ ;; ++ v810 | necv810) ++ basic_machine=v810-nec ++ os=-none ++ ;; ++ vaxv) ++ basic_machine=vax-dec ++ os=-sysv ++ ;; ++ vms) ++ basic_machine=vax-dec ++ os=-vms ++ ;; ++ vpp*|vx|vx-*) ++ basic_machine=f301-fujitsu ++ ;; ++ vxworks960) ++ basic_machine=i960-wrs ++ os=-vxworks ++ ;; ++ vxworks68) ++ basic_machine=m68k-wrs ++ os=-vxworks ++ ;; ++ vxworks29k) ++ basic_machine=a29k-wrs ++ os=-vxworks ++ ;; ++ w65*) ++ basic_machine=w65-wdc ++ os=-none ++ ;; ++ w89k-*) ++ basic_machine=hppa1.1-winbond ++ os=-proelf ++ ;; ++ xbox) ++ basic_machine=i686-pc ++ os=-mingw32 ++ ;; ++ xps | xps100) ++ basic_machine=xps100-honeywell ++ ;; ++ ymp) ++ basic_machine=ymp-cray ++ os=-unicos ++ ;; ++ z8k-*-coff) ++ basic_machine=z8k-unknown ++ os=-sim ++ ;; ++ none) ++ basic_machine=none-none ++ os=-none ++ ;; ++ ++# Here we handle the default manufacturer of certain CPU types. It is in ++# some cases the only manufacturer, in others, it is the most popular. ++ w89k) ++ basic_machine=hppa1.1-winbond ++ ;; ++ op50n) ++ basic_machine=hppa1.1-oki ++ ;; ++ op60c) ++ basic_machine=hppa1.1-oki ++ ;; ++ romp) ++ basic_machine=romp-ibm ++ ;; ++ mmix) ++ basic_machine=mmix-knuth ++ ;; ++ rs6000) ++ basic_machine=rs6000-ibm ++ ;; ++ vax) ++ basic_machine=vax-dec ++ ;; ++ pdp10) ++ # there are many clones, so DEC is not a safe bet ++ basic_machine=pdp10-unknown ++ ;; ++ pdp11) ++ basic_machine=pdp11-dec ++ ;; ++ we32k) ++ basic_machine=we32k-att ++ ;; ++ sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) ++ basic_machine=sh-unknown ++ ;; ++ sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) ++ basic_machine=sparc-sun ++ ;; ++ cydra) ++ basic_machine=cydra-cydrome ++ ;; ++ orion) ++ basic_machine=orion-highlevel ++ ;; ++ orion105) ++ basic_machine=clipper-highlevel ++ ;; ++ mac | mpw | mac-mpw) ++ basic_machine=m68k-apple ++ ;; ++ pmac | pmac-mpw) ++ basic_machine=powerpc-apple ++ ;; ++ *-unknown) ++ # Make sure to match an already-canonicalized machine name. ++ ;; ++ *) ++ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 ++ exit 1 ++ ;; ++esac ++ ++# Here we canonicalize certain aliases for manufacturers. ++case $basic_machine in ++ *-digital*) ++ basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ++ ;; ++ *-commodore*) ++ basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ++ ;; ++ *) ++ ;; ++esac ++ ++# Decode manufacturer-specific aliases for certain operating systems. ++ ++if [ x"$os" != x"" ] ++then ++case $os in ++ # First match some system type aliases ++ # that might get confused with valid system types. ++ # -solaris* is a basic system type, with this one exception. ++ -solaris1 | -solaris1.*) ++ os=`echo $os | sed -e 's|solaris1|sunos4|'` ++ ;; ++ -solaris) ++ os=-solaris2 ++ ;; ++ -svr4*) ++ os=-sysv4 ++ ;; ++ -unixware*) ++ os=-sysv4.2uw ++ ;; ++ -gnu/linux*) ++ os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ++ ;; ++ # First accept the basic system types. ++ # The portable systems comes first. ++ # Each alternative MUST END IN A *, to match a version number. ++ # -sysv* is not here because it comes later, after sysvr4. ++ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ ++ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ ++ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ ++ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ ++ | -aos* \ ++ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ ++ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ ++ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ ++ | -openbsd* | -solidbsd* \ ++ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ ++ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ ++ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ ++ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ ++ | -chorusos* | -chorusrdb* \ ++ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ ++ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ ++ | -uxpv* | -beos* | -mpeix* | -udk* \ ++ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ ++ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ ++ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ ++ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ ++ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ ++ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ ++ | -skyos* | -haiku* | -rdos* | -toppers*) ++ # Remember, each alternative MUST END IN *, to match a version number. ++ ;; ++ -qnx*) ++ case $basic_machine in ++ x86-* | i*86-*) ++ ;; ++ *) ++ os=-nto$os ++ ;; ++ esac ++ ;; ++ -nto-qnx*) ++ ;; ++ -nto*) ++ os=`echo $os | sed -e 's|nto|nto-qnx|'` ++ ;; ++ -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ ++ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ ++ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ++ ;; ++ -mac*) ++ os=`echo $os | sed -e 's|mac|macos|'` ++ ;; ++ -linux-dietlibc) ++ os=-linux-dietlibc ++ ;; ++ -linux*) ++ os=`echo $os | sed -e 's|linux|linux-gnu|'` ++ ;; ++ -sunos5*) ++ os=`echo $os | sed -e 's|sunos5|solaris2|'` ++ ;; ++ -sunos6*) ++ os=`echo $os | sed -e 's|sunos6|solaris3|'` ++ ;; ++ -opened*) ++ os=-openedition ++ ;; ++ -os400*) ++ os=-os400 ++ ;; ++ -wince*) ++ os=-wince ++ ;; ++ -osfrose*) ++ os=-osfrose ++ ;; ++ -osf*) ++ os=-osf ++ ;; ++ -utek*) ++ os=-bsd ++ ;; ++ -dynix*) ++ os=-bsd ++ ;; ++ -acis*) ++ os=-aos ++ ;; ++ -atheos*) ++ os=-atheos ++ ;; ++ -syllable*) ++ os=-syllable ++ ;; ++ -386bsd) ++ os=-bsd ++ ;; ++ -ctix* | -uts*) ++ os=-sysv ++ ;; ++ -nova*) ++ os=-rtmk-nova ++ ;; ++ -ns2 ) ++ os=-nextstep2 ++ ;; ++ -nsk*) ++ os=-nsk ++ ;; ++ # Preserve the version number of sinix5. ++ -sinix5.*) ++ os=`echo $os | sed -e 's|sinix|sysv|'` ++ ;; ++ -sinix*) ++ os=-sysv4 ++ ;; ++ -tpf*) ++ os=-tpf ++ ;; ++ -triton*) ++ os=-sysv3 ++ ;; ++ -oss*) ++ os=-sysv3 ++ ;; ++ -svr4) ++ os=-sysv4 ++ ;; ++ -svr3) ++ os=-sysv3 ++ ;; ++ -sysvr4) ++ os=-sysv4 ++ ;; ++ # This must come after -sysvr4. ++ -sysv*) ++ ;; ++ -ose*) ++ os=-ose ++ ;; ++ -es1800*) ++ os=-ose ++ ;; ++ -xenix) ++ os=-xenix ++ ;; ++ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) ++ os=-mint ++ ;; ++ -aros*) ++ os=-aros ++ ;; ++ -kaos*) ++ os=-kaos ++ ;; ++ -zvmoe) ++ os=-zvmoe ++ ;; ++ -none) ++ ;; ++ *) ++ # Get rid of the `-' at the beginning of $os. ++ os=`echo $os | sed 's/[^-]*-//'` ++ echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 ++ exit 1 ++ ;; ++esac ++else ++ ++# Here we handle the default operating systems that come with various machines. ++# The value should be what the vendor currently ships out the door with their ++# machine or put another way, the most popular os provided with the machine. ++ ++# Note that if you're going to try to match "-MANUFACTURER" here (say, ++# "-sun"), then you have to tell the case statement up towards the top ++# that MANUFACTURER isn't an operating system. Otherwise, code above ++# will signal an error saying that MANUFACTURER isn't an operating ++# system, and we'll never get to this point. ++ ++case $basic_machine in ++ spu-*) ++ os=-elf ++ ;; ++ *-acorn) ++ os=-riscix1.2 ++ ;; ++ arm*-rebel) ++ os=-linux ++ ;; ++ arm*-semi) ++ os=-aout ++ ;; ++ c4x-* | tic4x-*) ++ os=-coff ++ ;; ++ # This must come before the *-dec entry. ++ pdp10-*) ++ os=-tops20 ++ ;; ++ pdp11-*) ++ os=-none ++ ;; ++ *-dec | vax-*) ++ os=-ultrix4.2 ++ ;; ++ m68*-apollo) ++ os=-domain ++ ;; ++ i386-sun) ++ os=-sunos4.0.2 ++ ;; ++ m68000-sun) ++ os=-sunos3 ++ # This also exists in the configure program, but was not the ++ # default. ++ # os=-sunos4 ++ ;; ++ m68*-cisco) ++ os=-aout ++ ;; ++ mips*-cisco) ++ os=-elf ++ ;; ++ mips*-*) ++ os=-elf ++ ;; ++ or32-*) ++ os=-coff ++ ;; ++ *-tti) # must be before sparc entry or we get the wrong os. ++ os=-sysv3 ++ ;; ++ sparc-* | *-sun) ++ os=-sunos4.1.1 ++ ;; ++ *-be) ++ os=-beos ++ ;; ++ *-haiku) ++ os=-haiku ++ ;; ++ *-ibm) ++ os=-aix ++ ;; ++ *-knuth) ++ os=-mmixware ++ ;; ++ *-wec) ++ os=-proelf ++ ;; ++ *-winbond) ++ os=-proelf ++ ;; ++ *-oki) ++ os=-proelf ++ ;; ++ *-hp) ++ os=-hpux ++ ;; ++ *-hitachi) ++ os=-hiux ++ ;; ++ i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) ++ os=-sysv ++ ;; ++ *-cbm) ++ os=-amigaos ++ ;; ++ *-dg) ++ os=-dgux ++ ;; ++ *-dolphin) ++ os=-sysv3 ++ ;; ++ m68k-ccur) ++ os=-rtu ++ ;; ++ m88k-omron*) ++ os=-luna ++ ;; ++ *-next ) ++ os=-nextstep ++ ;; ++ *-sequent) ++ os=-ptx ++ ;; ++ *-crds) ++ os=-unos ++ ;; ++ *-ns) ++ os=-genix ++ ;; ++ i370-*) ++ os=-mvs ++ ;; ++ *-next) ++ os=-nextstep3 ++ ;; ++ *-gould) ++ os=-sysv ++ ;; ++ *-highlevel) ++ os=-bsd ++ ;; ++ *-encore) ++ os=-bsd ++ ;; ++ *-sgi) ++ os=-irix ++ ;; ++ *-siemens) ++ os=-sysv4 ++ ;; ++ *-masscomp) ++ os=-rtu ++ ;; ++ f30[01]-fujitsu | f700-fujitsu) ++ os=-uxpv ++ ;; ++ *-rom68k) ++ os=-coff ++ ;; ++ *-*bug) ++ os=-coff ++ ;; ++ *-apple) ++ os=-macos ++ ;; ++ *-atari*) ++ os=-mint ++ ;; ++ *) ++ os=-none ++ ;; ++esac ++fi ++ ++# Here we handle the case where we know the os, and the CPU type, but not the ++# manufacturer. We pick the logical manufacturer. ++vendor=unknown ++case $basic_machine in ++ *-unknown) ++ case $os in ++ -riscix*) ++ vendor=acorn ++ ;; ++ -sunos*) ++ vendor=sun ++ ;; ++ -aix*) ++ vendor=ibm ++ ;; ++ -beos*) ++ vendor=be ++ ;; ++ -hpux*) ++ vendor=hp ++ ;; ++ -mpeix*) ++ vendor=hp ++ ;; ++ -hiux*) ++ vendor=hitachi ++ ;; ++ -unos*) ++ vendor=crds ++ ;; ++ -dgux*) ++ vendor=dg ++ ;; ++ -luna*) ++ vendor=omron ++ ;; ++ -genix*) ++ vendor=ns ++ ;; ++ -mvs* | -opened*) ++ vendor=ibm ++ ;; ++ -os400*) ++ vendor=ibm ++ ;; ++ -ptx*) ++ vendor=sequent ++ ;; ++ -tpf*) ++ vendor=ibm ++ ;; ++ -vxsim* | -vxworks* | -windiss*) ++ vendor=wrs ++ ;; ++ -aux*) ++ vendor=apple ++ ;; ++ -hms*) ++ vendor=hitachi ++ ;; ++ -mpw* | -macos*) ++ vendor=apple ++ ;; ++ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) ++ vendor=atari ++ ;; ++ -vos*) ++ vendor=stratus ++ ;; ++ esac ++ basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ++ ;; ++esac ++ ++echo $basic_machine$os ++exit ++ ++# Local variables: ++# eval: (add-hook 'write-file-hooks 'time-stamp) ++# time-stamp-start: "timestamp='" ++# time-stamp-format: "%:y-%02m-%02d" ++# time-stamp-end: "'" ++# End: --- apache2-2.2.16.orig/debian/patches/047_fix_usage_message.dpatch +++ apache2-2.2.16/debian/patches/047_fix_usage_message.dpatch @@ -0,0 +1,28 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 047_fix_usage_message.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Add -X to the help message + +@DPATCH@ +diff -urNad apache2-2.2.4~/server/main.c apache2-2.2.4/server/main.c +--- apache2-2.2.4~/server/main.c 2006-09-15 15:19:25.000000000 +0200 ++++ apache2-2.2.4/server/main.c 2007-06-25 23:19:58.000000000 +0200 +@@ -336,7 +336,7 @@ + #endif /* AP_MPM_WANT_SET_GRACEFUL_SHUTDOWN */ + #endif + ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, +- " %s [-v] [-V] [-h] [-l] [-L] [-t] [-S]", pad); ++ " %s [-v] [-V] [-h] [-l] [-L] [-t] [-S] [-X]", pad); + ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, + "Options:"); + +@@ -415,6 +415,8 @@ + " -M : a synonym for -t -D DUMP_MODULES"); + ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, + " -t : run syntax check for config files"); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ " -X : debug mode (only one worker, do not detach)"); + + destroy_and_exit_process(process, 1); + } --- apache2-2.2.16.orig/debian/patches/201_build_suexec-custom.dpatch +++ apache2-2.2.16/debian/patches/201_build_suexec-custom.dpatch @@ -0,0 +1,42 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 201_make_suexec-custom.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: add suexec-custom to the build system + +@DPATCH@ +diff -urNad trunk~/Makefile.in trunk/Makefile.in +--- trunk~/Makefile.in 2007-04-24 13:08:01.000000000 +0200 ++++ trunk/Makefile.in 2008-04-02 23:03:53.928260185 +0200 +@@ -221,7 +221,7 @@ + fi + + suexec: +- cd support && $(MAKE) suexec ++ cd support && $(MAKE) suexec suexec-custom + + x-local-distclean: + @rm -rf autom4te.cache +diff -urNad trunk~/support/Makefile.in trunk/support/Makefile.in +--- trunk~/support/Makefile.in 2008-04-02 23:03:30.000000000 +0200 ++++ trunk/support/Makefile.in 2008-04-02 23:03:39.188260967 +0200 +@@ -1,7 +1,7 @@ + DISTCLEAN_TARGETS = apxs apachectl dbmmanage log_server_status \ + logresolve.pl phf_abuse_log.cgi split-logfile envvars-std + +-CLEAN_TARGETS = suexec ++CLEAN_TARGETS = suexec suexec-custom + + PROGRAMS = htpasswd htdigest rotatelogs logresolve ab checkgid htdbm htcacheclean httxt2dbm + TARGETS = $(PROGRAMS) +@@ -62,6 +62,10 @@ + suexec: $(suexec_OBJECTS) + $(LINK) $(suexec_OBJECTS) + ++suexec-custom_OBJECTS = suexec-custom.lo ++suexec-custom: $(suexec-custom_OBJECTS) ++ $(LINK) $(suexec-custom_OBJECTS) ++ + htcacheclean_OBJECTS = htcacheclean.lo + htcacheclean: $(htcacheclean_OBJECTS) + $(LINK) $(htcacheclean_LTFLAGS) $(htcacheclean_OBJECTS) $(PROGRAM_LDADD) --- apache2-2.2.16.orig/debian/patches/033_dbm_read_hash_or_btree +++ apache2-2.2.16/debian/patches/033_dbm_read_hash_or_btree @@ -0,0 +1,38 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 033_dbm_read_hash_or_btree by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Be more liberal in the sorts of DBM files we accept. + +@DPATCH@ +--- apache2/support/dbmmanage.in 2004-09-28 00:28:58.000000000 -0600 ++++ apache2/support/dbmmanage.in 2004-09-28 00:29:33.000000000 -0600 +@@ -24,7 +24,7 @@ + BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File SDBM_File) } + use strict; + use Fcntl; +-use AnyDBM_File (); ++use DB_File (); + + sub usage { + my $cmds = join "|", sort keys %dbmc::; +@@ -154,7 +154,9 @@ + my($mode, $flags) = $command =~ + /^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT); + +-tie (%DB, "AnyDBM_File", $file, $flags, $mode) || die "Can't tie $file: $!"; ++tie (%DB, "DB_File", $file, $flags, $mode, $DB_File::DB_HASH) || ++ tie (%DB, "DB_File", $file, $flags, $mode, $DB_File::DB_BTREE) || ++ die "Can't tie $file: $!"; + dbmc->$command(); + untie %DB; + +@@ -168,7 +168,7 @@ + srand (time ^ $$ or time ^ ($$ + ($$ << 15))); + } + else { +- for (qw(-xlwwa -le)) { ++ for (qw(xlwwa -le)) { + `ps $_ 2>/dev/null`; + $psf = $_, last unless $?; + } --- apache2-2.2.16.orig/debian/patches/089_CVE-2011-3368.dpatch +++ apache2-2.2.16/debian/patches/089_CVE-2011-3368.dpatch @@ -0,0 +1,54 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Upstream r1179525 + +@DPATCH@ +commit d239e98144d468928fbd2d3f519bd9265d162932 +Author: Joe Orton +Date: Thu Oct 6 07:39:13 2011 +0000 + + Merge r1179239 from trunk: + + SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some + reverse proxy configurations by strictly validating the request-URI: + + * server/protocol.c (read_request_line): Send a 400 response if the + request-URI does not match the grammar from RFC 2616. This ensures + the input string for RewriteRule et al really is an absolute path. + + Reviewed by: jim, covener, rjung + + + git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1179525 13f79535-47bb-0310-9956-ffa450edef68 + +diff --git a/server/protocol.c b/server/protocol.c +index 55468fc..b45851a 100644 +--- a/server/protocol.c ++++ b/server/protocol.c +@@ -640,6 +640,25 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) + + ap_parse_uri(r, uri); + ++ /* RFC 2616: ++ * Request-URI = "*" | absoluteURI | abs_path | authority ++ * ++ * authority is a special case for CONNECT. If the request is not ++ * using CONNECT, and the parsed URI does not have scheme, and ++ * it does not begin with '/', and it is not '*', then, fail ++ * and give a 400 response. */ ++ if (r->method_number != M_CONNECT ++ && !r->parsed_uri.scheme ++ && uri[0] != '/' ++ && !(uri[0] == '*' && uri[1] == '\0')) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ++ "invalid request-URI %s", uri); ++ r->args = NULL; ++ r->hostname = NULL; ++ r->status = HTTP_BAD_REQUEST; ++ r->uri = apr_pstrdup(r->pool, uri); ++ } ++ + if (ll[0]) { + r->assbackwards = 0; + pro = ll; --- apache2-2.2.16.orig/debian/patches/008_make_include_safe +++ apache2-2.2.16/debian/patches/008_make_include_safe @@ -0,0 +1,68 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 008_make_include_safe by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Avoid including dpkg droppings in globbed includes. + +@DPATCH@ +--- apache2-2.2.0/server/config.c 2005-11-17 13:39:15.000000000 +0000 ++++ apache2-2.2.0/server/config.c 2006-01-27 17:06:19.000000000 +0000 +@@ -34,6 +34,7 @@ + #include "apr_portable.h" + #include "apr_file_io.h" + #include "apr_fnmatch.h" ++#include "apr_lib.h" + + #define APR_WANT_STDIO + #define APR_WANT_STRFUNC +@@ -1521,6 +1522,30 @@ + return strcmp(f1->fname,f2->fname); + } + ++static int fname_valid(const char *fname) { ++ const unsigned char *c = fname; ++ unsigned char bad_dpkg[] = "*.dpkg*"; ++ ++ if (!apr_isalnum(*c)) { ++ return 0; ++ } ++ ++c; ++ ++ ++ while (*c) { ++ if (!apr_isalnum(*c) && *c!='_' && *c!='-' && *c!='.') { ++ return 0; ++ } ++ ++c; ++ } ++ ++ if (!apr_fnmatch(bad_dpkg, fname, 0)) { ++ return 0; ++ } ++ ++ return 1; ++} ++ + static const char *process_resource_config_nofnmatch(server_rec *s, + const char *fname, + ap_directive_t **conftree, +@@ -1564,7 +1589,8 @@ + while (apr_dir_read(&dirent, APR_FINFO_DIRENT, dirp) == APR_SUCCESS) { + /* strip out '.' and '..' */ + if (strcmp(dirent.name, ".") +- && strcmp(dirent.name, "..")) { ++ && strcmp(dirent.name, "..") ++ && fname_valid(dirent.name)) { + fnew = (fnames *) apr_array_push(candidates); + fnew->fname = ap_make_full_path(p, path, dirent.name); + } +@@ -1692,7 +1718,8 @@ + if (strcmp(dirent.name, ".") + && strcmp(dirent.name, "..") + && (apr_fnmatch(pattern, dirent.name, +- APR_FNM_PERIOD) == APR_SUCCESS)) { ++ APR_FNM_PERIOD) == APR_SUCCESS) ++ && fname_valid(dirent.name)) { + fnew = (fnames *) apr_array_push(candidates); + fnew->fname = ap_make_full_path(p, path, dirent.name); + } --- apache2-2.2.16.orig/debian/patches/001_branding +++ apache2-2.2.16/debian/patches/001_branding @@ -0,0 +1,36 @@ +#!/bin/sh -e +## 02_branding.dpatch by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Changes apache's PLATFORM based on lsb_release output + +BUILD_DIST="($(lsb_release -i -s))" + +if [ $# -ne 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi + +case "$1" in + -patch) + if grep -q "${BUILD_DIST}" server/core.c 2>/dev/null; then + echo >&2 "`basename $0`: patch already applied" + exit 1 + else + # This is where we get our distribution-specific server signature from: + sed -i -e "s/(\" PLATFORM \")/${BUILD_DIST}/" server/core.c + fi + ;; + -unpatch) + if grep -q "${BUILD_DIST}" server/core.c 2>/dev/null; then + sed -i -e "s/${BUILD_DIST}/(\" PLATFORM \")/" server/core.c + else + echo >&2 "`basename $0`: patch not yet applied, cannot unpatch" + exit 1 + fi + ;; + *) + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 + ;; +esac --- apache2-2.2.16.orig/debian/patches/077_CacheIgnoreURLSessionIdentifiers.dpatch +++ apache2-2.2.16/debian/patches/077_CacheIgnoreURLSessionIdentifiers.dpatch @@ -0,0 +1,86 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix CacheIgnoreURLSessionIdentifiers +## DP: r892289, r897705 from upstream svn. Debian bug #556383 + +@DPATCH@ +diff --git a/modules/cache/cache_storage.c b/modules/cache/cache_storage.c +index c122bdd..a44b9e4 100644 +--- a/modules/cache/cache_storage.c ++++ b/modules/cache/cache_storage.c +@@ -498,28 +498,60 @@ apr_status_t cache_generate_key_default(request_rec *r, apr_pool_t* p, + && (*(param + len + 1) == '=') + && !strchr(param + len + 2, '/')) { + path = apr_pstrndup(p, path, param - path); +- break; ++ continue; + } + /* + * Check if the identifier is in the querystring and cut it out. + */ +- if (querystring +- && (param = strstr(querystring, *identifier)) +- && (*(param + len) == '=') +- ) { +- char *amp; +- +- if (querystring != param) { +- querystring = apr_pstrndup(p, querystring, +- param - querystring); ++ if (querystring) { ++ /* ++ * First check if the identifier is at the beginning of the ++ * querystring and followed by a '=' ++ */ ++ if (!strncmp(querystring, *identifier, len) ++ && (*(querystring + len) == '=')) { ++ param = querystring; + } + else { +- querystring = ""; ++ char *complete; ++ ++ /* ++ * In order to avoid subkey matching (PR 48401) prepend ++ * identifier with a '&' and append a '=' ++ */ ++ complete = apr_pstrcat(p, "&", *identifier, "=", NULL); ++ param = strstr(querystring, complete); ++ /* If we found something we are sitting on the '&' */ ++ if (param) { ++ param++; ++ } + } +- if ((amp = strchr(param + len + 1, '&'))) { +- querystring = apr_pstrcat(p, querystring, amp + 1, NULL); ++ if (param) { ++ char *amp; ++ ++ if (querystring != param) { ++ querystring = apr_pstrndup(p, querystring, ++ param - querystring); ++ } ++ else { ++ querystring = ""; ++ } ++ ++ if ((amp = strchr(param + len + 1, '&'))) { ++ querystring = apr_pstrcat(p, querystring, amp + 1, NULL); ++ } ++ else { ++ /* ++ * If querystring is not "", then we have the case ++ * that the identifier parameter we removed was the ++ * last one in the original querystring. Hence we have ++ * a trailing '&' which needs to be removed. ++ */ ++ if (*querystring) { ++ querystring[strlen(querystring) - 1] = '\0'; ++ } ++ } + } +- break; + } + } + } --- apache2-2.2.16.orig/debian/patches/097_CVE-2012-2687.dpatch +++ apache2-2.2.16/debian/patches/097_CVE-2012-2687.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## All lines beginning with `## DP:' are a description of the patch. +## DP: low impact XSS in mod_negotiation +## DP: backport of upstream r1374421 +diff --git a/modules/mappers/mod_negotiation.c b/modules/mappers/mod_negotiation.c +index 25e6034..ef4a72a 100644 +--- a/modules/mappers/mod_negotiation.c ++++ b/modules/mappers/mod_negotiation.c +@@ -2658,9 +2658,9 @@ static char *make_variant_list(request_rec *r, negotiation_state *neg) + * need to change the calculation of max_vlist_array above. + */ + *((const char **) apr_array_push(arr)) = "
pool, filename); + *((const char **) apr_array_push(arr)) = "\">"; +- *((const char **) apr_array_push(arr)) = filename; ++ *((const char **) apr_array_push(arr)) = ap_escape_html(r->pool, filename); + *((const char **) apr_array_push(arr)) = " "; + *((const char **) apr_array_push(arr)) = description; + --- apache2-2.2.16.orig/debian/patches/074_link_support_progs_with_lcrypt.dpatch +++ apache2-2.2.16/debian/patches/074_link_support_progs_with_lcrypt.dpatch @@ -0,0 +1,39 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 074_support_link_lcrypt.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Link support programs with -lcrypt where necessary. Required by +## DP: binutils-gold (bug #553946) + +@DPATCH@ +diff -urNad trunk~/configure trunk/configure +--- trunk~/configure 2009-12-05 23:44:43.501042252 +0100 ++++ trunk/configure 2009-12-05 23:47:07.640043829 +0100 +@@ -14628,11 +14628,11 @@ + + fi + +-htpasswd_LTFLAGS="" ++htpasswd_LTFLAGS="-lcrypt" + htdigest_LTFLAGS="" + rotatelogs_LTFLAGS="" + logresolve_LTFLAGS="" +-htdbm_LTFLAGS="" ++htdbm_LTFLAGS="-lcrypt" + ab_LTFLAGS="" + checkgid_LTFLAGS="" + htcacheclean_LTFLAGS="" +diff -urNad trunk~/support/config.m4 trunk/support/config.m4 +--- trunk~/support/config.m4 2006-12-24 15:40:19.000000000 +0100 ++++ trunk/support/config.m4 2009-12-05 23:47:29.388150162 +0100 +@@ -1,8 +1,8 @@ +-htpasswd_LTFLAGS="" ++htpasswd_LTFLAGS="-lcrypt" + htdigest_LTFLAGS="" + rotatelogs_LTFLAGS="" + logresolve_LTFLAGS="" +-htdbm_LTFLAGS="" ++htdbm_LTFLAGS="-lcrypt" + ab_LTFLAGS="" + checkgid_LTFLAGS="" + htcacheclean_LTFLAGS="" --- apache2-2.2.16.orig/debian/patches/031_apxs2_sucks_more +++ apache2-2.2.16/debian/patches/031_apxs2_sucks_more @@ -0,0 +1,100 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 031_apxs2_sucks_more by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Make apxs2 use httpd.conf, instead of apache2.conf, plus other random fixes. + +@DPATCH@ +diff -urNad trunk~/support/apxs.in trunk/support/apxs.in +--- trunk~/support/apxs.in 2010-07-16 20:24:58.337788441 +0200 ++++ trunk/support/apxs.in 2010-07-16 20:25:13.333807240 +0200 +@@ -190,7 +190,7 @@ + my $httpd = get_vars("sbindir") . "/" . get_vars("progname"); + $httpd = eval qq("$httpd"); + $httpd = eval qq("$httpd"); +-my $envvars = get_vars("sbindir") . "/envvars"; ++my $envvars = "$CFG_SYSCONFDIR" . "/envvars"; + $envvars = eval qq("$envvars"); + $envvars = eval qq("$envvars"); + +@@ -293,6 +293,7 @@ + $data =~ s|%TARGET%|$CFG_TARGET|sg; + $data =~ s|%PREFIX%|$prefix|sg; + $data =~ s|%INSTALLBUILDDIR%|$installbuilddir|sg; ++ $data =~ s|%DATADIR%|$datadir|sg; + + my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s); + +@@ -481,7 +482,7 @@ + if ($opt_i) { + push(@cmds, "$installbuilddir/instdso.sh SH_LIBTOOL='" . + "$libtool' $f $CFG_LIBEXECDIR"); +- push(@cmds, "chmod 755 $CFG_LIBEXECDIR/$t"); ++ push(@cmds, "chmod 644 $CFG_LIBEXECDIR/$t"); + } + + # determine module symbolname and filename +@@ -517,7 +518,8 @@ + $filename = "mod_${name}.c"; + } + my $dir = $CFG_LIBEXECDIR; +- $dir =~ s|^$CFG_PREFIX/?||; ++ # Debian doesn't have a CFG_PREFIX, so this stuffs up: ++ # $dir =~ s|^$CFG_PREFIX/?||; + $dir =~ s|(.)$|$1/|; + $t =~ s|\.la$|.so|; + push(@lmd, sprintf("LoadModule %-18s %s", "${name}_module", "$dir$t")); +@@ -528,17 +530,17 @@ + + # activate module via LoadModule/AddModule directive + if ($opt_a or $opt_A) { +- if (not -f "$CFG_SYSCONFDIR/$CFG_TARGET.conf") { +- error("Config file $CFG_SYSCONFDIR/$CFG_TARGET.conf not found"); ++ if (not -f "$CFG_SYSCONFDIR/httpd.conf") { ++ error("Config file $CFG_SYSCONFDIR/httpd.conf not found"); + exit(1); + } + +- open(FP, "<$CFG_SYSCONFDIR/$CFG_TARGET.conf") || die; ++ open(FP, "<$CFG_SYSCONFDIR/httpd.conf") || die; + my $content = join('', ); + close(FP); + + if ($content !~ m|\n#?\s*LoadModule\s+|) { +- error("Activation failed for custom $CFG_SYSCONFDIR/$CFG_TARGET.conf file."); ++ error("Activation failed for custom $CFG_SYSCONFDIR/httpd.conf file."); + error("At least one `LoadModule' directive already has to exist."); + exit(1); + } +@@ -614,15 +616,15 @@ + $content =~ s|^(.*\n)#?\s*$lmd[^\n]*\n|$1$c$lmd\n|s; + } + $lmd =~ m|LoadModule\s+(.+?)_module.*|; +- notice("[$what module `$1' in $CFG_SYSCONFDIR/$CFG_TARGET.conf]"); ++ notice("[$what module `$1' in $CFG_SYSCONFDIR/httpd.conf]"); + } + if (@lmd) { +- if (open(FP, ">$CFG_SYSCONFDIR/$CFG_TARGET.conf.new")) { ++ if (open(FP, ">$CFG_SYSCONFDIR/httpd.conf.new")) { + print FP $content; + close(FP); +- system("cp $CFG_SYSCONFDIR/$CFG_TARGET.conf $CFG_SYSCONFDIR/$CFG_TARGET.conf.bak && " . +- "cp $CFG_SYSCONFDIR/$CFG_TARGET.conf.new $CFG_SYSCONFDIR/$CFG_TARGET.conf && " . +- "rm $CFG_SYSCONFDIR/$CFG_TARGET.conf.new"); ++ system("cp $CFG_SYSCONFDIR/httpd.conf $CFG_SYSCONFDIR/httpd.conf.bak && " . ++ "cp $CFG_SYSCONFDIR/httpd.conf.new $CFG_SYSCONFDIR/httpd.conf && " . ++ "rm $CFG_SYSCONFDIR/httpd.conf.new"); + } else { + notice("unable to open configuration file"); + } +@@ -646,8 +648,8 @@ + ## + + builddir=. +-top_srcdir=%PREFIX% +-top_builddir=%PREFIX% ++top_srcdir=%DATADIR% ++top_builddir=%DATADIR% + include %INSTALLBUILDDIR%/special.mk + + # the used tools --- apache2-2.2.16.orig/debian/patches/202_suexec-custom.dpatch +++ apache2-2.2.16/debian/patches/202_suexec-custom.dpatch @@ -0,0 +1,201 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 202_suexec-custom.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: the actual patch to make suexec-custom read a config file + +@DPATCH@ +diff -urNad trunk~/support/suexec-custom.c trunk/support/suexec-custom.c +--- trunk~/support/suexec-custom.c 2008-05-04 19:41:30.559379143 +0200 ++++ trunk/support/suexec-custom.c 2008-05-04 19:42:30.817574842 +0200 +@@ -29,6 +29,7 @@ + * + * + */ ++#define SUEXEC_CONFIG_DIR "/etc/apache2/suexec/" + + #include "apr.h" + #include "ap_config.h" +@@ -39,6 +40,7 @@ + #include + #include + #include ++#include + #if APR_HAVE_UNISTD_H + #include + #endif +@@ -203,6 +205,26 @@ + return; + } + ++static int read_line(char *buf, FILE *file) { ++ char *p; ++ p = fgets(buf, AP_MAXPATH+1, file); ++ if (!p) return 0; ++ if (*p == '\0') return 1; ++ ++ p = buf; ++ while (*p) ++ p++; ++ p--; ++ ++ /* remove trailing space and slash */ ++ while ( isspace(*p) && p >= buf ) ++ *p-- = '\0'; ++ while ( *p == '/' && p >= buf ) ++ *p-- = '\0'; ++ ++ return 1; ++} ++ + static void clean_env(void) + { + char pathbuf[512]; +@@ -266,6 +288,10 @@ + struct stat dir_info; /* directory info holder */ + struct stat prg_info; /* program info holder */ + int cwdh; /* handle to cwd */ ++ char *suexec_docroot = NULL; ++ char *suexec_userdir_suffix = NULL; ++ char *filename = NULL; ++ FILE *configfile; + + /* + * Start with a "clean" environment +@@ -296,15 +322,10 @@ + || (! strcmp(AP_HTTPD_USER, pw->pw_name))) + #endif /* _OSD_POSIX */ + ) { +-#ifdef AP_DOC_ROOT +- fprintf(stderr, " -D AP_DOC_ROOT=\"%s\"\n", AP_DOC_ROOT); +-#endif ++ fprintf(stderr, " -D SUEXEC_CONFIG_DIR=%s\n", SUEXEC_CONFIG_DIR); + #ifdef AP_GID_MIN + fprintf(stderr, " -D AP_GID_MIN=%d\n", AP_GID_MIN); + #endif +-#ifdef AP_HTTPD_USER +- fprintf(stderr, " -D AP_HTTPD_USER=\"%s\"\n", AP_HTTPD_USER); +-#endif + #ifdef AP_LOG_EXEC + fprintf(stderr, " -D AP_LOG_EXEC=\"%s\"\n", AP_LOG_EXEC); + #endif +@@ -317,9 +338,6 @@ + #ifdef AP_UID_MIN + fprintf(stderr, " -D AP_UID_MIN=%d\n", AP_UID_MIN); + #endif +-#ifdef AP_USERDIR_SUFFIX +- fprintf(stderr, " -D AP_USERDIR_SUFFIX=\"%s\"\n", AP_USERDIR_SUFFIX); +-#endif + exit(0); + } + /* +@@ -334,23 +352,6 @@ + target_gname = argv[2]; + cmd = argv[3]; + +- /* +- * Check to see if the user running this program +- * is the user allowed to do so as defined in +- * suexec.h. If not the allowed user, error out. +- */ +-#ifdef _OSD_POSIX +- /* User name comparisons are case insensitive on BS2000/OSD */ +- if (strcasecmp(AP_HTTPD_USER, pw->pw_name)) { +- log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER); +- exit(103); +- } +-#else /*_OSD_POSIX*/ +- if (strcmp(AP_HTTPD_USER, pw->pw_name)) { +- log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER); +- exit(103); +- } +-#endif /*_OSD_POSIX*/ + + /* + * Check for a leading '/' (absolute path) in the command to be executed, +@@ -375,6 +376,63 @@ + } + + /* ++ * Check to see if the user running this program ++ * is the user allowed to do so as defined in ++ * SUEXEC_CONFIG_DIR/username ++ * If not, error out. ++ */ ++ filename = malloc(AP_MAXPATH+1); ++ suexec_docroot = malloc(AP_MAXPATH+1); ++ suexec_userdir_suffix = malloc(AP_MAXPATH+1); ++ if (!filename || !suexec_docroot || !suexec_userdir_suffix) { ++ log_err("malloc failed\n"); ++ exit(120); ++ } ++ ++ strncpy(filename, SUEXEC_CONFIG_DIR, AP_MAXPATH); ++ strncat(filename, pw->pw_name, AP_MAXPATH); ++ filename[AP_MAXPATH] = '\0'; ++ ++ configfile = fopen(filename, "r"); ++ if (!configfile) { ++ log_err("User %s not allowed: Could not open config file %s\n", pw->pw_name, filename); ++ exit(123); ++ } ++ ++ if (!read_line(suexec_docroot, configfile)) { ++ log_err("Could not read docroot from %s\n", filename); ++ exit(124); ++ } ++ ++ if (!read_line(suexec_userdir_suffix, configfile)) { ++ log_err("Could not read userdir suffix from %s\n", filename); ++ exit(125); ++ } ++ ++ fclose(configfile); ++ ++ if (userdir) { ++ if ( !isalnum(*suexec_userdir_suffix) && suexec_userdir_suffix[0] != '.') { ++ log_err("userdir suffix disabled in %s\n", filename); ++ exit(126); ++ } ++ } ++ else { ++ if (suexec_docroot[0] != '/') { ++ log_err("docroot disabled in %s\n", filename); ++ exit(127); ++ } ++ ++ if (suexec_docroot[1] == '/' || ++ suexec_docroot[1] == '.' || ++ suexec_docroot[1] == '\0' ) ++ { ++ log_err("invalid docroot %s in %s\n", suexec_docroot, filename); ++ exit(128); ++ } ++ } ++ ++ /* + * Error out if the target username is invalid. + */ + if (strspn(target_uname, "1234567890") != strlen(target_uname)) { +@@ -506,7 +564,7 @@ + + if (userdir) { + if (((chdir(target_homedir)) != 0) || +- ((chdir(AP_USERDIR_SUFFIX)) != 0) || ++ ((chdir(suexec_userdir_suffix)) != 0) || + ((getcwd(dwd, AP_MAXPATH)) == NULL) || + ((fchdir(cwdh)) != 0)) { + log_err("cannot get docroot information (%s)\n", target_homedir); +@@ -514,10 +572,10 @@ + } + } + else { +- if (((chdir(AP_DOC_ROOT)) != 0) || ++ if (((chdir(suexec_docroot)) != 0) || + ((getcwd(dwd, AP_MAXPATH)) == NULL) || + ((fchdir(cwdh)) != 0)) { +- log_err("cannot get docroot information (%s)\n", AP_DOC_ROOT); ++ log_err("cannot get docroot information (%s)\n", suexec_docroot); + exit(113); + } + } --- apache2-2.2.16.orig/debian/patches/200_cp_suexec.dpatch +++ apache2-2.2.16/debian/patches/200_cp_suexec.dpatch @@ -0,0 +1,11 @@ +#!/bin/sh -e + +## DP: copy suexec to suexec-custom + +WORKDIR=${2:-.} + +if [ "$1" = -patch ]; then + cp $WORKDIR/support/suexec.c $WORKDIR/support/suexec-custom.c +elif [ "$1" = -unpatch ]; then + rm $WORKDIR/support/suexec-custom.c +fi --- apache2-2.2.16.orig/debian/patches/004_usr_bin_perl_0wnz_j00 +++ apache2-2.2.16/debian/patches/004_usr_bin_perl_0wnz_j00 @@ -0,0 +1,15 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 004_usr_bin_perl_0wnz_j00 by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Call /usr/bin/perl in printenv, not /usr/local/bin/perl + +@DPATCH@ +--- apache2/docs/cgi-examples/printenv.orig Fri Sep 21 17:31:24 2001 ++++ apache2/docs/cgi-examples/printenv Fri Sep 21 17:31:29 2001 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + ## + ## printenv -- demo CGI program which just prints its environment + ## --- apache2-2.2.16.orig/debian/patches/303_mod_rewrite-CVE-2013-1862.dpatch +++ apache2-2.2.16/debian/patches/303_mod_rewrite-CVE-2013-1862.dpatch @@ -0,0 +1,39 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: http://svn.apache.org/viewvc?view=revision&revision=r1482349 +## DP: SECURITY: CVE-2013-1862 (cve.mitre.org) +## DP: mod_rewrite: Ensure that client data written to the RewriteLog is +## DP: escaped to prevent terminal escape sequences from entering the +## DP: log file. [Joe Orton] +# +@DPATCH@ +Index: modules/mappers/mod_rewrite.c +=================================================================== +--- a/modules/mappers/mod_rewrite.c (revision 1469310) ++++ b/modules/mappers/mod_rewrite.c (working copy) +@@ -500,11 +500,11 @@ + + logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] " + "(%d) %s%s%s%s" APR_EOL_STR, +- rhost ? rhost : "UNKNOWN-HOST", +- rname ? rname : "-", +- r->user ? (*r->user ? r->user : "\"\"") : "-", ++ rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST", ++ rname ? ap_escape_logitem(r->pool, rname) : "-", ++ r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-", + current_logtime(r), +- ap_get_server_name(r), ++ ap_escape_logitem(r->pool, ap_get_server_name(r)), + (void *)(r->server), + (void *)r, + r->main ? "subreq" : "initial", +@@ -514,7 +514,7 @@ + perdir ? "[perdir " : "", + perdir ? perdir : "", + perdir ? "] ": "", +- text); ++ ap_escape_logitem(r->pool, text)); + + nbytes = strlen(logline); + apr_file_write(conf->rewritelogfp, logline, &nbytes); --- apache2-2.2.16.orig/debian/patches/038_no_LD_LIBRARY_PATH +++ apache2-2.2.16/debian/patches/038_no_LD_LIBRARY_PATH @@ -0,0 +1,17 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 038_no_LD_LIBRARY_PATH by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Remove LD_LIBRARY_PATH from envvars-std + +@DPATCH@ +--- apache2/support/envvars-std.in 2004-11-07 04:07:56.000000000 -0700 ++++ apache2/support/envvars-std.in 2004-11-07 04:08:08.000000000 -0700 +@@ -17,7 +17,4 @@ + # + # This file is generated from envvars-std.in + # +-@SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@" +-export @SHLIBPATH_VAR@ +-# + @OS_SPECIFIC_VARS@ --- apache2-2.2.16.orig/debian/patches/00list +++ apache2-2.2.16/debian/patches/00list @@ -0,0 +1,51 @@ +001_branding +004_usr_bin_perl_0wnz_j00 +008_make_include_safe +009_apache2_has_dso +010_fhs_compliance +031_apxs2_sucks_more +032_suexec_is_shared +033_dbm_read_hash_or_btree +034_apxs2_libtool_fixtastic +038_no_LD_LIBRARY_PATH +042_htdigest_CAN-2005-1344 +045_suexec_log_cloexec.dpatch +047_fix_usage_message.dpatch +052_logresolve_linelength.dpatch +057_disablemods.dpatch +058_suexec-CVE-2007-1742.dpatch +067_fix_segfault_in_ab.dpatch +069_no_deflate_for_HEAD.dpatch +071_fix_cacheenable.dpatch +073_mod_dav_trunk_fixes.dpatch +074_link_support_progs_with_lcrypt.dpatch +075_mod_rewrite_literal_ipv6_redirect.dpatch +076_apxs2_a2enmod.dpatch +077_CacheIgnoreURLSessionIdentifiers.dpatch +079_polish_translation.dpatch +080_mod_reqtimeout_fixes.dpatch +082_ab_num_requests +083_mod_ssl_memcpy.dpatch +084_mod_reqtimeout_CVE-2010-1623.dpatch +085_CVE-2011-3192.dpatch +086_range_regressions.dpatch +087_mod_proxy_ajp_CVE-2011-3348.dpatch +089_CVE-2011-3368.dpatch +090_CVE-2011-4317.dpatch +091_CVE-2011-3639.dpatch +092_CVE-2011-3607.dpatch +093_CVE-2012-0031.dpatch +094_CVE-2012-0053.dpatch +095_send_408_status.dpatch +096_mod_cache_partial_content-2.2.x.dpatch +097_CVE-2012-2687.dpatch +099_config_guess_sub_update +200_cp_suexec.dpatch +201_build_suexec-custom.dpatch +202_suexec-custom.dpatch +300_disable-ssl-compression.dpatch +301_CVE-2012-4557_proxy_ajp.dpatch +302_CVE-2012-3499_CVE-2012-4558_XSS.dpatch +303_mod_rewrite-CVE-2013-1862.dpatch +304_CVE-2013-1896.dpatch +305_mod_dav_crash_PR_52559.dpatch --- apache2-2.2.16.orig/debian/patches/052_logresolve_linelength.dpatch +++ apache2-2.2.16/debian/patches/052_logresolve_linelength.dpatch @@ -0,0 +1,78 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 052_logresolve_linelength.dpatch by Stefan Fritsch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: remove limit of 1024 bytes per line #331631 + +@DPATCH@ +diff -urNad trunk~/support/logresolve.c trunk/support/logresolve.c +--- trunk~/support/logresolve.c 2006-07-12 05:38:44.000000000 +0200 ++++ trunk/support/logresolve.c 2007-09-27 20:12:47.093217594 +0200 +@@ -82,7 +82,7 @@ + #endif + + static void cgethost(struct in_addr ipnum, char *string, int check); +-static int get_line(char *s, int n); ++static int get_line(); + static void stats(FILE *output); + + #ifdef BEOS +@@ -90,11 +90,6 @@ + #endif + + +-/* maximum line length */ +-#ifndef MAXLINE +-#define MAXLINE 1024 +-#endif +- + /* maximum length of a domain name */ + #ifndef MAXDNAME + #define MAXDNAME 256 +@@ -141,6 +136,8 @@ + static int resolves = 0; + static int withname = 0; + static int errors[MAX_ERR + 3]; ++static size_t maxline=0; ++static char *line = NULL; + + /* + * cgethost - gets hostname by IP address, caching, and adding unresolvable +@@ -287,14 +284,15 @@ + * gets a line from stdin + */ + +-static int get_line (char *s, int n) ++static int get_line () + { ++ ssize_t len; + char *cp; + +- if (!fgets(s, n, stdin)) ++ if ( (len = getline(&line, &maxline, stdin)) == -1 ) + return (0); +- cp = strchr(s, '\n'); +- if (cp) ++ cp = line + len -1; ++ if (*cp == '\n') + *cp = '\0'; + return (1); + } +@@ -302,7 +300,7 @@ + int main (int argc, char *argv[]) + { + struct in_addr ipnum; +- char *bar, hoststring[MAXDNAME + 1], line[MAXLINE], *statfile; ++ char *bar, hoststring[MAXDNAME + 1], *statfile; + int i, check; + + #if defined(WIN32) || (defined(NETWARE) && defined(USE_WINSOCK)) +@@ -337,7 +335,7 @@ + for (i = 0; i < MAX_ERR + 2; i++) + errors[i] = 0; + +- while (get_line(line, MAXLINE)) { ++ while (get_line()) { + if (line[0] == '\0') + continue; + entries++; --- apache2-2.2.16.orig/debian/patches/094_CVE-2012-0053.dpatch +++ apache2-2.2.16/debian/patches/094_CVE-2012-0053.dpatch @@ -0,0 +1,105 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## All lines beginning with `## DP:' are a description of the patch. +## DP: backport of upstream r1235454 +commit 2bb066730e059da7127804a2dd9c999b50934a67 +Author: Eric Covener +Date: Tue Jan 24 20:02:19 2012 +0000 + + backport r1234837 from trunk: + + CVE-2012-0053: Fix an issue in error responses that could expose + "httpOnly" cookies when no custom ErrorDocument is specified for + status code 400. + + Reviewed By: covener, trawick, gregames + + + + git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1235454 13f79535-47bb-0310-9956-ffa450edef68 + +diff --git a/server/protocol.c b/server/protocol.c +index 2e3ce93..796ae58 100644 +--- a/server/protocol.c ++++ b/server/protocol.c +@@ -670,6 +670,16 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) + return 1; + } + ++/* get the length of the field name for logging, but no more than 80 bytes */ ++#define LOG_NAME_MAX_LEN 80 ++static int field_name_len(const char *field) ++{ ++ const char *end = ap_strchr_c(field, ':'); ++ if (end == NULL || end - field > LOG_NAME_MAX_LEN) ++ return LOG_NAME_MAX_LEN; ++ return end - field; ++} ++ + AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb) + { + char *last_field = NULL; +@@ -709,12 +719,15 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb + /* insure ap_escape_html will terminate correctly */ + field[len - 1] = '\0'; + apr_table_setn(r->notes, "error-notes", +- apr_pstrcat(r->pool, ++ apr_psprintf(r->pool, + "Size of a request header field " + "exceeds server limit.
\n" +- "
\n", +- ap_escape_html(r->pool, field), +- "
\n", NULL)); ++ "
\n%.*s\n
/n", ++ field_name_len(field), ++ ap_escape_html(r->pool, field))); ++ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, ++ "Request header exceeds LimitRequestFieldSize: " ++ "%.*s", field_name_len(field), field); + } + return; + } +@@ -735,13 +748,17 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb + * overflow (last_field) as the field with the problem + */ + apr_table_setn(r->notes, "error-notes", +- apr_pstrcat(r->pool, ++ apr_psprintf(r->pool, + "Size of a request header field " + "after folding " + "exceeds server limit.
\n" +- "
\n", +- ap_escape_html(r->pool, last_field), +- "
\n", NULL)); ++ "
\n%.*s\n
\n", ++ field_name_len(last_field), ++ ap_escape_html(r->pool, last_field))); ++ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, ++ "Request header exceeds LimitRequestFieldSize " ++ "after folding: %.*s", ++ field_name_len(last_field), last_field); + return; + } + +@@ -773,13 +790,18 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb + if (!(value = strchr(last_field, ':'))) { /* Find ':' or */ + r->status = HTTP_BAD_REQUEST; /* abort bad request */ + apr_table_setn(r->notes, "error-notes", +- apr_pstrcat(r->pool, ++ apr_psprintf(r->pool, + "Request header field is " + "missing ':' separator.
\n" +- "
\n", ++ "
\n%.*s
\n", ++ (int)LOG_NAME_MAX_LEN, + ap_escape_html(r->pool, +- last_field), +- "
\n", NULL)); ++ last_field))); ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ++ "Request header field is missing ':' " ++ "separator: %.*s", (int)LOG_NAME_MAX_LEN, ++ last_field); ++ + return; + } + --- apache2-2.2.16.orig/debian/patches/300_disable-ssl-compression.dpatch +++ apache2-2.2.16/debian/patches/300_disable-ssl-compression.dpatch @@ -0,0 +1,122 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 300_disable-ssl-compression.dpatch by Arno Töll +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' apache2~/modules/ssl/mod_ssl.c apache2/modules/ssl/mod_ssl.c +--- apache2~/modules/ssl/mod_ssl.c 2012-11-30 09:23:46.000000000 +0100 ++++ apache2/modules/ssl/mod_ssl.c 2012-11-30 09:24:04.000000000 +0100 +@@ -146,6 +146,9 @@ + "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)") + SSL_CMD_SRV(HonorCipherOrder, FLAG, + "Use the server's cipher ordering preference") ++ SSL_CMD_SRV(Compression, FLAG, ++ "Enable SSL level compression" ++ "(`on', `off')") + SSL_CMD_SRV(InsecureRenegotiation, FLAG, + "Enable support for insecure renegotiation") + SSL_CMD_ALL(UserName, TAKE1, +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' apache2~/modules/ssl/ssl_engine_config.c apache2/modules/ssl/ssl_engine_config.c +--- apache2~/modules/ssl/ssl_engine_config.c 2012-11-30 09:23:46.000000000 +0100 ++++ apache2/modules/ssl/ssl_engine_config.c 2012-11-30 09:24:04.000000000 +0100 +@@ -178,6 +178,9 @@ + #ifdef HAVE_FIPS + sc->fips = UNSET; + #endif ++#ifndef OPENSSL_NO_COMP ++ sc->compression = UNSET; ++#endif + + modssl_ctx_init_proxy(sc, p); + +@@ -275,6 +278,9 @@ + #ifdef HAVE_FIPS + cfgMergeBool(fips); + #endif ++#ifndef OPENSSL_NO_COMP ++ cfgMergeBool(compression); ++#endif + + modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy); + +@@ -708,6 +714,23 @@ + + } + ++const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag) ++{ ++#if !defined(OPENSSL_NO_COMP) ++ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); ++#ifndef SSL_OP_NO_COMPRESSION ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err) ++ return "This version of openssl does not support configuring " ++ "compression within sections."; ++#endif ++ sc->compression = flag ? TRUE : FALSE; ++ return NULL; ++#else ++ return "Setting Compression mode unsupported; not implemented by the SSL library"; ++#endif ++} ++ + const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag) + { + #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' apache2~/modules/ssl/ssl_engine_init.c apache2/modules/ssl/ssl_engine_init.c +--- apache2~/modules/ssl/ssl_engine_init.c 2012-11-30 09:23:46.000000000 +0100 ++++ apache2/modules/ssl/ssl_engine_init.c 2012-11-30 09:24:04.000000000 +0100 +@@ -500,6 +500,18 @@ + } + #endif + ++ ++#ifndef OPENSSL_NO_COMP ++ if (sc->compression != TRUE) { ++#ifdef SSL_OP_NO_COMPRESSION ++ /* OpenSSL >= 1.0 only */ ++ SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); ++#elif OPENSSL_VERSION_NUMBER >= 0x00908000L ++ sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); ++#endif ++ } ++#endif ++ + #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + if (sc->insecure_reneg == TRUE) { + SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' apache2~/modules/ssl/ssl_private.h apache2/modules/ssl/ssl_private.h +--- apache2~/modules/ssl/ssl_private.h 2012-11-30 09:23:46.000000000 +0100 ++++ apache2/modules/ssl/ssl_private.h 2012-11-30 09:24:56.419725147 +0100 +@@ -71,6 +71,11 @@ + #include /** needed for STDIN_FILENO et.al., at least on FreeBSD */ + #endif + ++#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \ ++ && OPENSSL_VERSION_NUMBER < 0x00908000L ++#define OPENSSL_NO_COMP ++#endif ++ + /** + * Provide reasonable default for some defines + */ +@@ -482,6 +487,9 @@ + #ifdef HAVE_FIPS + BOOL fips; + #endif ++#ifndef OPENSSL_NO_COMP ++ BOOL compression; ++#endif + }; + + /** +@@ -538,6 +546,7 @@ + const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *); + const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *); + const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag); ++const char *ssl_cmd_SSLCompression(cmd_parms *, void *, int flag); + const char *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *); + const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *); + const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *); --- apache2-2.2.16.orig/debian/patches/042_htdigest_CAN-2005-1344 +++ apache2-2.2.16/debian/patches/042_htdigest_CAN-2005-1344 @@ -0,0 +1,23 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 042_htdigest_CAN-2005-1344 by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix buffer overflow in htdigest. + +@DPATCH@ +--- apache2/support/htdigest.c.orig 2005-05-05 02:54:31.000000000 -0600 ++++ apache2/support/htdigest.c 2005-05-05 02:59:05.000000000 -0600 +@@ -222,9 +222,11 @@ + apr_strerror(rv, errmsg, sizeof errmsg)); + exit(1); + } ++ apr_cpystrn(user, argv[4], sizeof(user)); ++ apr_cpystrn(realm, argv[3], sizeof(realm)); + apr_file_printf(errfile, "Adding password for %s in realm %s.\n", +- argv[4], argv[3]); +- add_password(argv[4], argv[3], f); ++ user, realm); ++ add_password(user, realm, f); + apr_file_close(f); + exit(0); + } --- apache2-2.2.16.orig/debian/patches/058_suexec-CVE-2007-1742.dpatch +++ apache2-2.2.16/debian/patches/058_suexec-CVE-2007-1742.dpatch @@ -0,0 +1,64 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix race condition with chdir +## DP: Fix /var/www* being accepted as docroot instead of /var/www/* +## DP: (the same for public_html* instead of public_html/* ) + +@DPATCH@ +--- a/support/suexec.c (revision 644465) ++++ b/support/suexec.c (working copy) +@@ -42,6 +42,7 @@ + #if APR_HAVE_UNISTD_H + #include + #endif ++#include + + #include + #include +@@ -263,6 +264,7 @@ + struct group *gr; /* group entry holder */ + struct stat dir_info; /* directory info holder */ + struct stat prg_info; /* program info holder */ ++ int cwdh; /* handle to cwd */ + + /* + * Start with a "clean" environment +@@ -496,11 +498,16 @@ + exit(111); + } + ++ if ( (cwdh = open(".", O_RDONLY)) == -1 ) { ++ log_err("cannot open current working directory\n"); ++ exit(111); ++ } ++ + if (userdir) { + if (((chdir(target_homedir)) != 0) || + ((chdir(AP_USERDIR_SUFFIX)) != 0) || + ((getcwd(dwd, AP_MAXPATH)) == NULL) || +- ((chdir(cwd)) != 0)) { ++ ((fchdir(cwdh)) != 0)) { + log_err("cannot get docroot information (%s)\n", target_homedir); + exit(112); + } +@@ -508,12 +515,18 @@ + else { + if (((chdir(AP_DOC_ROOT)) != 0) || + ((getcwd(dwd, AP_MAXPATH)) == NULL) || +- ((chdir(cwd)) != 0)) { ++ ((fchdir(cwdh)) != 0)) { + log_err("cannot get docroot information (%s)\n", AP_DOC_ROOT); + exit(113); + } + } + ++ close(cwdh); ++ ++ if (strlen(cwd) > strlen(dwd)) { ++ strncat(dwd, "/", AP_MAXPATH); ++ dwd[AP_MAXPATH-1] = '\0'; ++ } + if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { + log_err("command not in docroot (%s/%s)\n", cwd, cmd); + exit(114); --- apache2-2.2.16.orig/debian/patches/032_suexec_is_shared +++ apache2-2.2.16/debian/patches/032_suexec_is_shared @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 032_suexec_is_shared by Adam Conrad +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Patch to allow suEXEC as shared. + +@DPATCH@ +--- apache2/os/unix/unixd.c 2004-09-27 19:53:29.000000000 -0600 ++++ apache2/os/unix/unixd.c 2004-09-27 19:56:57.000000000 -0600 +@@ -209,6 +209,10 @@ + + /* Check for suexec */ + unixd_config.suexec_enabled = 0; ++ /* If mod_suexec isn't linked in, we shouldn't test for the binary */ ++ if (ap_find_linked_module("mod_suexec.c") == NULL) { ++ return; ++ } + if ((apr_stat(&wrapper, SUEXEC_BIN, + APR_FINFO_NORM, ptemp)) != APR_SUCCESS) { + return; --- apache2-2.2.16.orig/debian/source/format +++ apache2-2.2.16/debian/source/format @@ -0,0 +1 @@ +1.0 --- apache2-2.2.16.orig/debian/mpm-itk/CHANGES +++ apache2-2.2.16/debian/mpm-itk/CHANGES @@ -0,0 +1,44 @@ +apache2.2-mpm-itk 2.2.11-02, released 2009-04-14: + + * Really fix the waitpid() code; thanks to Dave Cundiff for spotting the typo. + * Add CAP_DAC_READ_SEARCH to the list of capabilities, so Apache can read + .htaccess files that are not world readable. This should fix some of the + "permission denied" problems that cropped up in 2.2.11-01, although you + will still see the problem if you use root-squashed NFS. + +apache2.2-mpm-itk 2.2.11-01, released 2009-03-21: + + * NOTE: This release contains major new functionality. As with mpm-itk in + general, you may want to consider closely whether you actually want to + put it in production. Also note that Apache 2.0 is no longer supported. + * Updated for Apache 2.2.11 (in particular, prefork had a few minor changes + that are now incorporated). + * Allow uid/gid and nice value to be set per-directory (actually per-location) + in addition to per-vhost. Adapted from patch by Knut Auvor Grythe. + * Some minor code cleanups. + * If waitpid() is interrupted by a signal (returning EINTR), try again. + This fixes a race condition where a graceful restart could fail and hang + the child forever. Adapted from patch by Jan Boysen, who also diagnosed and + reported the bug. + * As a side effect of the per-directory patches doing proper config merging, + you can now set default values for all options outside the vhost definitions + and have them get properly overridden by settings in more specific scopes. + * Fix a small memory leak on reload by using apr_pstrdup() instead of + strdup(). + +apache2.2-mpm-itk 2.2.6-02, released 2008-07-27: + + * Fix a typo in the autoconf snippet that would prevent building with + capability dropping support. Note that you'll need to run autoheader before + autoconf to get -lcap detected (the Debian/Ubuntu packages was missing + this, so others might as well). + +apache2.2-mpm-itk 2.2.6-01, released 2008-01-05: + + * Updated 01-copy-prefork.patch to let prefork.c come from Apache 2.2.6 + instead of 2.2.3. Updated all the patches so they apply cleanly + afterwards. In other words, there is no mpm-itk-specific functionality + in this release, it's only a maintenance release against the latest + Apache. + * Removed a few instances of trailing whitespace in the patches. + * Added this changelog. --- apache2-2.2.16.orig/debian/mpm-itk/README +++ apache2-2.2.16/debian/mpm-itk/README @@ -0,0 +1,121 @@ +This is a copy of the documentation available at http://mpm-itk.sesse.net/, +dumped with the Lynx web browser and edited briefly. + + The Apache 2 ITK MPM + + apache2-mpm-itk (just mpm-itk for short) is an MPM (Multi-Processing + Module) for the [1]Apache web server. mpm-itk allows you to run each of + your vhost under a separate uid and gid -- in short, the scripts and + configuration files for one vhost no longer have to be readable for all + the other vhosts. + + There are already MPMs available that do this; however, I am not aware + of any besides mpm-itk that are actively developed. (If you only run + CGI scripts, suexec will probably solve most of your problems with any + MPM.) + + mpm-itk is based on the traditional prefork MPM, which means it's + non-threaded; in short, this means you can run non-thread-aware code + (like many [2]PHP extensions) without problems. On the other hand, you + lose out to any performance benefit you'd get with threads, of course; + you'd have to decide for yourself if that's worth it or not. You will + also take an additional performance hit over prefork, since there's an + extra fork per request. + +Installation + + If you can't apply a patch, you probably should not be using this. :-) + However, several distributions now include mpm-itk as a choice + alongside the other MPMs; in alphabetical order: + * [3]Arch Linux + * [4]Debian GNU/Linux + * [5]FreeBSD ports + * [6]Gentoo Linux + * [7]Mandriva + * [8]Ubuntu + + If you know of any I missed, or if you have included mpm-itk in your + favourite distribution, please drop me a note (see below). I'd always + be happy to expand this list :-) + +Configuration + + The new configuration settings compared to the prefork MPM are: + * AssignUserID: Takes two parameters, uid and gid (or really, user + name and group name); specifies what uid and gid the vhost will run + as (after parsing the request etc., of course). Note that if you do + not assign a user ID, the default one from Apache will be used. + * MaxClientsVHost: A separate MaxClients for the vhost. This can be + useful if, say, half of your vhosts depend on some NFS server (like + on our setup); if the NFS server goes down, you do not want the + children waiting forever on NFS to take the non-NFS-dependent hosts + down. This can thus act as a safety measure, giving "server too + busy" on the NFS-dependent vhosts while keeping the other ones + happily running. (Of course, you could use it to simply keep one + site from eating way too much resources, but there are probably + better ways of doing that.) + * NiceValue: Lets you nice some requests down, to give them less CPU + time. + + AssignUserID and NiceValue can be set wherever you'd like in the Apache + configuration, except in .htaccess. MaxClientsVHost can only be set + inside a VirtualHost directive. + +Quirks and warnings + + Since mpm-itk has to be able to setuid(), it runs as root (although + restricted with POSIX capabilities where possible) until the request is + parsed and the vhost determined. This means that any security hole + before the request is parsed will be a root security hole. (The most + likely place is probably in mod_ssl.) This is not going to change in + the near future, as the most likely alternative solution (socket + passing and its variants) is very hard to get to work properly in a + number of common use cases, like SSL. + + The lack of socket passing also leads to another minor quirk: if you + connect to httpd, make a request and then make a request on the same + connection that gets handled by a different uid, mpm-itk simply shuts + down the connection. This is perfectly legal according to RFC2616, and + all major clients seem to handle it well; the web server simply + simulates a timeout, and the client just opens a new connection and + retries the request. However, there is a small performance hit, and + thus you should avoid including content from multiple uids in the same + page. + + Note that mpm-itk is experimental software; and we've done a fair + amount of stress testing, but it's nowhere as tested as, say, prefork. + That being said, it's being run in production at several sites in the + world, both hobbyist and commercial, some as large as ~10 million hits + a day. + + People have reported issues with mpm-itk and mod_python, mod_ruby and + FastCGI. I believe the mod_python and FastCGI problems have been + largely solved by updates to those packages, but as I use neither, I + can't really guarantee anything. YMMV, test before use. + +Licensing + + mpm-itk is licensed under the Apache License, version 2.0, like the + rest of Apache. + +Contact + + mpm-itk is developed by Steinar H. Gunderson; e-mail address is at my + [9]home page. + + There is a user mailing list at mpm-itk [at] lists.err.no. Visit the + [10]mailing list page to subscribe, or send a blank e-mail to + mpm-itk-subscribe [at] lists.err.no. + +References + + 1. http://www.apache.org/ + 2. http://www.php.net/ + 3. http://www.archlinux.org/ + 4. http://www.debian.org/ + 5. http://www.freebsd.org/ + 6. http://www.gentoo.org/ + 7. http://www.mandriva.com/ + 8. http://www.ubuntu.com/ + 9. http://www.sesse.net/ + 10. http://lists.err.no/mailman/listinfo/mpm-itk --- apache2-2.2.16.orig/debian/mpm-itk/COPYRIGHT +++ apache2-2.2.16/debian/mpm-itk/COPYRIGHT @@ -0,0 +1,686 @@ +apache2-mpm-itk is copyright Steinar H. Gunderson +and Knut Auvor Grythe , and is provided under the same license +as the Apache web server. + +Get the latest version at http://mpm-itk.sesse.net/ . + +The entire license text for Apache is: + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + + +APACHE HTTP SERVER SUBCOMPONENTS: + +The Apache HTTP Server includes a number of subcomponents with +separate copyright notices and license terms. Your use of the source +code for the these subcomponents is subject to the terms and +conditions of the following licenses. + +For the mod_mime_magic component: + +/* + * mod_mime_magic: MIME type lookup via file magic numbers + * Copyright (c) 1996-1997 Cisco Systems, Inc. + * + * This software was submitted by Cisco Systems to the Apache Group in July + * 1997. Future revisions and derivatives of this source code must + * acknowledge Cisco Systems as the original contributor of this module. + * All other licensing and usage conditions are those of the Apache Group. + * + * Some of this code is derived from the free version of the file command + * originally posted to comp.sources.unix. Copyright info for that program + * is included below as required. + * --------------------------------------------------------------------------- + * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin. + * + * This software is not subject to any license of the American Telephone and + * Telegraph Company or of the Regents of the University of California. + * + * Permission is granted to anyone to use this software for any purpose on any + * computer system, and to alter it and redistribute it freely, subject to + * the following restrictions: + * + * 1. The author is not responsible for the consequences of use of this + * software, no matter how awful, even if they arise from flaws in it. + * + * 2. The origin of this software must not be misrepresented, either by + * explicit claim or by omission. Since few users ever read sources, credits + * must appear in the documentation. + * + * 3. Altered versions must be plainly marked as such, and must not be + * misrepresented as being the original software. Since few users ever read + * sources, credits must appear in the documentation. + * + * 4. This notice may not be removed or altered. + * ------------------------------------------------------------------------- + * + */ + + +For the modules\mappers\mod_imap.c component: + + "macmartinized" polygon code copyright 1992 by Eric Haines, erich@eye.com + +For the server\util_md5.c component: + +/************************************************************************ + * NCSA HTTPd Server + * Software Development Group + * National Center for Supercomputing Applications + * University of Illinois at Urbana-Champaign + * 605 E. Springfield, Champaign, IL 61820 + * httpd@ncsa.uiuc.edu + * + * Copyright (C) 1995, Board of Trustees of the University of Illinois + * + ************************************************************************ + * + * md5.c: NCSA HTTPd code which uses the md5c.c RSA Code + * + * Original Code Copyright (C) 1994, Jeff Hostetler, Spyglass, Inc. + * Portions of Content-MD5 code Copyright (C) 1993, 1994 by Carnegie Mellon + * University (see Copyright below). + * Portions of Content-MD5 code Copyright (C) 1991 Bell Communications + * Research, Inc. (Bellcore) (see Copyright below). + * Portions extracted from mpack, John G. Myers - jgm+@cmu.edu + * Content-MD5 Code contributed by Martin Hamilton (martin@net.lut.ac.uk) + * + */ + + +/* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */ +/* (C) Copyright 1993,1994 by Carnegie Mellon University + * All Rights Reserved. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without + * fee, provided that the above copyright notice appear in all copies + * and that both that copyright notice and this permission notice + * appear in supporting documentation, and that the name of Carnegie + * Mellon University not be used in advertising or publicity + * pertaining to distribution of the software without specific, + * written prior permission. Carnegie Mellon University makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied + * warranty. + * + * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE + * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore) + * + * Permission to use, copy, modify, and distribute this material + * for any purpose and without fee is hereby granted, provided + * that the above copyright notice and this permission notice + * appear in all copies, and that the name of Bellcore not be + * used in advertising or publicity pertaining to this + * material without the specific, prior written permission + * of an authorized representative of Bellcore. BELLCORE + * MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY + * OF THIS MATERIAL FOR ANY PURPOSE. IT IS PROVIDED "AS IS", + * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. + */ + +For the srclib\apr\include\apr_md5.h component: +/* + * This is work is derived from material Copyright RSA Data Security, Inc. + * + * The RSA copyright statement and Licence for that original material is + * included below. This is followed by the Apache copyright statement and + * licence for the modifications made to that material. + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + rights reserved. + + License to copy and use this software is granted provided that it + is identified as the "RSA Data Security, Inc. MD5 Message-Digest + Algorithm" in all material mentioning or referencing this software + or this function. + + License is also granted to make and use derivative works provided + that such works are identified as "derived from the RSA Data + Security, Inc. MD5 Message-Digest Algorithm" in all material + mentioning or referencing the derived work. + + RSA Data Security, Inc. makes no representations concerning either + the merchantability of this software or the suitability of this + software for any particular purpose. It is provided "as is" + without express or implied warranty of any kind. + + These notices must be retained in any copies of any part of this + documentation and/or software. + */ + +For the srclib\apr\passwd\apr_md5.c component: + +/* + * This is work is derived from material Copyright RSA Data Security, Inc. + * + * The RSA copyright statement and Licence for that original material is + * included below. This is followed by the Apache copyright statement and + * licence for the modifications made to that material. + */ + +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + rights reserved. + + License to copy and use this software is granted provided that it + is identified as the "RSA Data Security, Inc. MD5 Message-Digest + Algorithm" in all material mentioning or referencing this software + or this function. + + License is also granted to make and use derivative works provided + that such works are identified as "derived from the RSA Data + Security, Inc. MD5 Message-Digest Algorithm" in all material + mentioning or referencing the derived work. + + RSA Data Security, Inc. makes no representations concerning either + the merchantability of this software or the suitability of this + software for any particular purpose. It is provided "as is" + without express or implied warranty of any kind. + + These notices must be retained in any copies of any part of this + documentation and/or software. + */ +/* + * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0 + * MD5 crypt() function, which is licenced as follows: + * ---------------------------------------------------------------------------- + * "THE BEER-WARE LICENSE" (Revision 42): + * wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you think + * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp + * ---------------------------------------------------------------------------- + */ + +For the srclib\apr-util\crypto\apr_md4.c component: + + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + * rights reserved. + * + * License to copy and use this software is granted provided that it + * is identified as the "RSA Data Security, Inc. MD4 Message-Digest + * Algorithm" in all material mentioning or referencing this software + * or this function. + * + * License is also granted to make and use derivative works provided + * that such works are identified as "derived from the RSA Data + * Security, Inc. MD4 Message-Digest Algorithm" in all material + * mentioning or referencing the derived work. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + +For the srclib\apr-util\include\apr_md4.h component: + + * + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + * rights reserved. + * + * License to copy and use this software is granted provided that it + * is identified as the "RSA Data Security, Inc. MD4 Message-Digest + * Algorithm" in all material mentioning or referencing this software + * or this function. + * + * License is also granted to make and use derivative works provided + * that such works are identified as "derived from the RSA Data + * Security, Inc. MD4 Message-Digest Algorithm" in all material + * mentioning or referencing the derived work. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + + +For the srclib\apr-util\test\testdbm.c component: + +/* ==================================================================== + * The Apache Software License, Version 1.1 + * + * Copyright (c) 2000-2002 The Apache Software Foundation. All rights + * reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, + * if any, must include the following acknowledgment: + * "This product includes software developed by the + * Apache Software Foundation (http://www.apache.org/)." + * Alternately, this acknowledgment may appear in the software itself, + * if and wherever such third-party acknowledgments normally appear. + * + * 4. The names "Apache" and "Apache Software Foundation" must + * not be used to endorse or promote products derived from this + * software without prior written permission. For written + * permission, please contact apache@apache.org. + * + * 5. Products derived from this software may not be called "Apache", + * nor may "Apache" appear in their name, without prior written + * permission of the Apache Software Foundation. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * . + * + * This file came from the SDBM package (written by oz@nexus.yorku.ca). + * That package was under public domain. This file has been ported to + * APR, updated to ANSI C and other, newer idioms, and added to the Apache + * codebase under the above copyright and license. + */ + + +For the srclib\apr-util\test\testmd4.c component: + + * + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All + * rights reserved. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + +For the srclib\apr-util\xml\expat\conftools\install-sh component: + +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# + +For the srclib\pcre\install-sh component: + +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. + +For the pcre component: + +PCRE LICENCE +------------ + +PCRE is a library of functions to support regular expressions whose syntax +and semantics are as close as possible to those of the Perl 5 language. + +Written by: Philip Hazel + +University of Cambridge Computing Service, +Cambridge, England. Phone: +44 1223 334714. + +Copyright (c) 1997-2001 University of Cambridge + +Permission is granted to anyone to use this software for any purpose on any +computer system, and to redistribute it freely, subject to the following +restrictions: + +1. This software is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +2. The origin of this software must not be misrepresented, either by + explicit claim or by omission. In practice, this means that if you use + PCRE in software which you distribute to others, commercially or + otherwise, you must put a sentence like this + + Regular expression support is provided by the PCRE library package, + which is open source software, written by Philip Hazel, and copyright + by the University of Cambridge, England. + + somewhere reasonably visible in your documentation and in any relevant + files or online help data or similar. A reference to the ftp site for + the source, that is, to + + ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ + + should also be given in the documentation. + +3. Altered versions must be plainly marked as such, and must not be + misrepresented as being the original software. + +4. If PCRE is embedded in any software that is released under the GNU + General Purpose Licence (GPL), or Lesser General Purpose Licence (LGPL), + then the terms of that licence shall supersede any condition above with + which it is incompatible. + +The documentation for PCRE, supplied in the "doc" directory, is distributed +under the same terms as the software itself. + +End PCRE LICENCE + + +For the test\zb.c component: + +/* ZeusBench V1.01 + =============== + +This program is Copyright (C) Zeus Technology Limited 1996. + +This program may be used and copied freely providing this copyright notice +is not removed. + +This software is provided "as is" and any express or implied waranties, +including but not limited to, the implied warranties of merchantability and +fitness for a particular purpose are disclaimed. In no event shall +Zeus Technology Ltd. be liable for any direct, indirect, incidental, special, +exemplary, or consequential damaged (including, but not limited to, +procurement of substitute good or services; loss of use, data, or profits; +or business interruption) however caused and on theory of liability. Whether +in contract, strict liability or tort (including negligence or otherwise) +arising in any way out of the use of this software, even if advised of the +possibility of such damage. + + Written by Adam Twiss (adam@zeus.co.uk). March 1996 + +Thanks to the following people for their input: + Mike Belshe (mbelshe@netscape.com) + Michael Campanella (campanella@stevms.enet.dec.com) + +*/ + +For the expat xml parser component: + +Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd + and Clark Cooper + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +==================================================================== --- apache2-2.2.16.orig/debian/mpm-itk/patches/09-capabilities.patch +++ apache2-2.2.16/debian/mpm-itk/patches/09-capabilities.patch @@ -0,0 +1,75 @@ +Use Linux' capability system to run as a sort of "lesser root"; we drop nearly +all root privilegies except the ability to setuid. An attacker capable of injecting +code will still be able to run as any (normal) user on the system, but at least +he/she cannot directly load kernel code etc. + +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c 2009-04-14 23:28:02.000000000 +0200 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-04-14 23:29:16.000000000 +0200 +@@ -71,6 +71,10 @@ + #include /* for bindprocessor() */ + #endif + ++#if HAVE_LIBCAP ++#include ++#endif ++ + #include + #include + +@@ -501,6 +505,15 @@ + apr_bucket_alloc_t *bucket_alloc; + int last_poll_idx = 0; + ++#if HAVE_LIBCAP ++ cap_t caps; ++ cap_value_t suidcaps[] = { ++ CAP_SETUID, ++ CAP_SETGID, ++ CAP_DAC_READ_SEARCH, ++ }; ++#endif ++ + mpm_state = AP_MPMQ_STARTING; /* for benefit of any hooks that run as this + * child initializes + */ +@@ -554,6 +567,22 @@ + (void) apr_pollset_add(pollset, &pfd); + } + ++#if HAVE_LIBCAP ++ /* Drop as many privileges as we can. We'll still ++ * access files with uid=0, and we can setuid() to anything, but ++ * at least there's tons of other evilness (like loading kernel ++ * modules) we can't do directly. (The setuid() capability will ++ * go away automatically when we setuid() or exec() -- the former ++ * is likely to come first.) ++ */ ++ caps = cap_init(); ++ cap_clear(caps); ++ cap_set_flag(caps, CAP_PERMITTED, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET); ++ cap_set_flag(caps, CAP_EFFECTIVE, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET); ++ cap_set_proc(caps); ++ cap_free(caps); ++#endif ++ + mpm_state = AP_MPMQ_RUNNING; + + bucket_alloc = apr_bucket_alloc_create(pchild); +Index: httpd-2.2.11/server/mpm/config.m4 +=================================================================== +--- httpd-2.2.11.orig/server/mpm/config.m4 2009-04-14 23:26:41.000000000 +0200 ++++ httpd-2.2.11/server/mpm/config.m4 2009-04-14 23:28:03.000000000 +0200 +@@ -66,6 +66,11 @@ + else + MPM_SUBDIR_NAME=$MPM_NAME + fi ++ ++if test "$apache_cv_mpm" = "itk" ; then ++ AC_CHECK_LIB(cap, cap_init) ++fi ++ + MPM_DIR=server/mpm/$MPM_SUBDIR_NAME + MPM_LIB=$MPM_DIR/lib${MPM_NAME}.la + --- apache2-2.2.16.orig/debian/mpm-itk/patches/01-copy-prefork.patch +++ apache2-2.2.16/debian/mpm-itk/patches/01-copy-prefork.patch @@ -0,0 +1,1662 @@ +Just copies server/mpm/prefork/* to server/mpm/experimental/itk/, with prefork.c +copied to itk.c. Basically the patch equivalent of + + mkdir server/mpm/experimental/itk/ + cp server/mpm/prefork/* server/mpm/experimental/itk/ + mv server/mpm/experimental/itk/prefork.c server/mpm/experimental/itk/itk.c + +Index: httpd-2.2.11/server/mpm/experimental/itk/Makefile.in +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ httpd-2.2.11/server/mpm/experimental/itk/Makefile.in 2009-03-17 21:38:54.000000000 +0100 +@@ -0,0 +1,5 @@ ++ ++LTLIBRARY_NAME = libprefork.la ++LTLIBRARY_SOURCES = prefork.c ++ ++include $(top_srcdir)/build/ltlib.mk +Index: httpd-2.2.11/server/mpm/experimental/itk/config.m4 +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ httpd-2.2.11/server/mpm/experimental/itk/config.m4 2009-03-17 21:38:53.000000000 +0100 +@@ -0,0 +1,3 @@ ++if test "$MPM_NAME" = "prefork" ; then ++ APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile) ++fi +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-03-17 21:38:54.000000000 +0100 +@@ -0,0 +1,1486 @@ ++/* Licensed to the Apache Software Foundation (ASF) under one or more ++ * contributor license agreements. See the NOTICE file distributed with ++ * this work for additional information regarding copyright ownership. ++ * The ASF licenses this file to You under the Apache License, Version 2.0 ++ * (the "License"); you may not use this file except in compliance with ++ * the License. You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++#include "apr.h" ++#include "apr_portable.h" ++#include "apr_strings.h" ++#include "apr_thread_proc.h" ++#include "apr_signal.h" ++ ++#define APR_WANT_STDIO ++#define APR_WANT_STRFUNC ++#include "apr_want.h" ++ ++#if APR_HAVE_UNISTD_H ++#include ++#endif ++#if APR_HAVE_SYS_TYPES_H ++#include ++#endif ++ ++#define CORE_PRIVATE ++ ++#include "ap_config.h" ++#include "httpd.h" ++#include "mpm_default.h" ++#include "http_main.h" ++#include "http_log.h" ++#include "http_config.h" ++#include "http_core.h" /* for get_remote_host */ ++#include "http_connection.h" ++#include "scoreboard.h" ++#include "ap_mpm.h" ++#include "unixd.h" ++#include "mpm_common.h" ++#include "ap_listen.h" ++#include "ap_mmn.h" ++#include "apr_poll.h" ++ ++#ifdef HAVE_BSTRING_H ++#include /* for IRIX, FD_SET calls bzero() */ ++#endif ++#ifdef HAVE_TIME_H ++#include ++#endif ++#ifdef HAVE_SYS_PROCESSOR_H ++#include /* for bindprocessor() */ ++#endif ++ ++#include ++#include ++ ++/* Limit on the total --- clients will be locked out if more servers than ++ * this are needed. It is intended solely to keep the server from crashing ++ * when things get out of hand. ++ * ++ * We keep a hard maximum number of servers, for two reasons --- first off, ++ * in case something goes seriously wrong, we want to stop the fork bomb ++ * short of actually crashing the machine we're running on by filling some ++ * kernel table. Secondly, it keeps the size of the scoreboard file small ++ * enough that we can read the whole thing without worrying too much about ++ * the overhead. ++ */ ++#ifndef DEFAULT_SERVER_LIMIT ++#define DEFAULT_SERVER_LIMIT 256 ++#endif ++ ++/* Admin can't tune ServerLimit beyond MAX_SERVER_LIMIT. We want ++ * some sort of compile-time limit to help catch typos. ++ */ ++#ifndef MAX_SERVER_LIMIT ++#define MAX_SERVER_LIMIT 200000 ++#endif ++ ++#ifndef HARD_THREAD_LIMIT ++#define HARD_THREAD_LIMIT 1 ++#endif ++ ++/* config globals */ ++ ++int ap_threads_per_child=0; /* Worker threads per child */ ++static apr_proc_mutex_t *accept_mutex; ++static int ap_daemons_to_start=0; ++static int ap_daemons_min_free=0; ++static int ap_daemons_max_free=0; ++static int ap_daemons_limit=0; /* MaxClients */ ++static int server_limit = DEFAULT_SERVER_LIMIT; ++static int first_server_limit = 0; ++static int changed_limit_at_restart; ++static int mpm_state = AP_MPMQ_STARTING; ++static ap_pod_t *pod; ++ ++/* ++ * The max child slot ever assigned, preserved across restarts. Necessary ++ * to deal with MaxClients changes across AP_SIG_GRACEFUL restarts. We ++ * use this value to optimize routines that have to scan the entire scoreboard. ++ */ ++int ap_max_daemons_limit = -1; ++server_rec *ap_server_conf; ++ ++/* one_process --- debugging mode variable; can be set from the command line ++ * with the -X flag. If set, this gets you the child_main loop running ++ * in the process which originally started up (no detach, no make_child), ++ * which is a pretty nice debugging environment. (You'll get a SIGHUP ++ * early in standalone_main; just continue through. This is the server ++ * trying to kill off any child processes which it might have lying ++ * around --- Apache doesn't keep track of their pids, it just sends ++ * SIGHUP to the process group, ignoring it in the root process. ++ * Continue through and you'll be fine.). ++ */ ++ ++static int one_process = 0; ++ ++static apr_pool_t *pconf; /* Pool for config stuff */ ++static apr_pool_t *pchild; /* Pool for httpd child stuff */ ++ ++static pid_t ap_my_pid; /* it seems silly to call getpid all the time */ ++static pid_t parent_pid; ++#ifndef MULTITHREAD ++static int my_child_num; ++#endif ++ap_generation_t volatile ap_my_generation=0; ++ ++#ifdef TPF ++int tpf_child = 0; ++char tpf_server_name[INETD_SERVNAME_LENGTH+1]; ++#endif /* TPF */ ++ ++static volatile int die_now = 0; ++ ++#ifdef GPROF ++/* ++ * change directory for gprof to plop the gmon.out file ++ * configure in httpd.conf: ++ * GprofDir $RuntimeDir/ -> $ServerRoot/$RuntimeDir/gmon.out ++ * GprofDir $RuntimeDir/% -> $ServerRoot/$RuntimeDir/gprof.$pid/gmon.out ++ */ ++static void chdir_for_gprof(void) ++{ ++ core_server_config *sconf = ++ ap_get_module_config(ap_server_conf->module_config, &core_module); ++ char *dir = sconf->gprof_dir; ++ const char *use_dir; ++ ++ if(dir) { ++ apr_status_t res; ++ char *buf = NULL ; ++ int len = strlen(sconf->gprof_dir) - 1; ++ if(*(dir + len) == '%') { ++ dir[len] = '\0'; ++ buf = ap_append_pid(pconf, dir, "gprof."); ++ } ++ use_dir = ap_server_root_relative(pconf, buf ? buf : dir); ++ res = apr_dir_make(use_dir, ++ APR_UREAD | APR_UWRITE | APR_UEXECUTE | ++ APR_GREAD | APR_GEXECUTE | ++ APR_WREAD | APR_WEXECUTE, pconf); ++ if(res != APR_SUCCESS && !APR_STATUS_IS_EEXIST(res)) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, res, ap_server_conf, ++ "gprof: error creating directory %s", dir); ++ } ++ } ++ else { ++ use_dir = ap_server_root_relative(pconf, DEFAULT_REL_RUNTIMEDIR); ++ } ++ ++ chdir(use_dir); ++} ++#else ++#define chdir_for_gprof() ++#endif ++ ++/* XXX - I don't know if TPF will ever use this module or not, so leave ++ * the ap_check_signals calls in but disable them - manoj */ ++#define ap_check_signals() ++ ++/* a clean exit from a child with proper cleanup */ ++static void clean_child_exit(int code) __attribute__ ((noreturn)); ++static void clean_child_exit(int code) ++{ ++ mpm_state = AP_MPMQ_STOPPING; ++ ++ if (pchild) { ++ apr_pool_destroy(pchild); ++ } ++ ap_mpm_pod_close(pod); ++ chdir_for_gprof(); ++ exit(code); ++} ++ ++static void accept_mutex_on(void) ++{ ++ apr_status_t rv = apr_proc_mutex_lock(accept_mutex); ++ if (rv != APR_SUCCESS) { ++ const char *msg = "couldn't grab the accept mutex"; ++ ++ if (ap_my_generation != ++ ap_scoreboard_image->global->running_generation) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, NULL, "%s", msg); ++ clean_child_exit(0); ++ } ++ else { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, NULL, "%s", msg); ++ exit(APEXIT_CHILDFATAL); ++ } ++ } ++} ++ ++static void accept_mutex_off(void) ++{ ++ apr_status_t rv = apr_proc_mutex_unlock(accept_mutex); ++ if (rv != APR_SUCCESS) { ++ const char *msg = "couldn't release the accept mutex"; ++ ++ if (ap_my_generation != ++ ap_scoreboard_image->global->running_generation) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, NULL, "%s", msg); ++ /* don't exit here... we have a connection to ++ * process, after which point we'll see that the ++ * generation changed and we'll exit cleanly ++ */ ++ } ++ else { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, NULL, "%s", msg); ++ exit(APEXIT_CHILDFATAL); ++ } ++ } ++} ++ ++/* On some architectures it's safe to do unserialized accept()s in the single ++ * Listen case. But it's never safe to do it in the case where there's ++ * multiple Listen statements. Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT ++ * when it's safe in the single Listen case. ++ */ ++#ifdef SINGLE_LISTEN_UNSERIALIZED_ACCEPT ++#define SAFE_ACCEPT(stmt) do {if (ap_listeners->next) {stmt;}} while(0) ++#else ++#define SAFE_ACCEPT(stmt) do {stmt;} while(0) ++#endif ++ ++AP_DECLARE(apr_status_t) ap_mpm_query(int query_code, int *result) ++{ ++ switch(query_code){ ++ case AP_MPMQ_MAX_DAEMON_USED: ++ *result = ap_daemons_limit; ++ return APR_SUCCESS; ++ case AP_MPMQ_IS_THREADED: ++ *result = AP_MPMQ_NOT_SUPPORTED; ++ return APR_SUCCESS; ++ case AP_MPMQ_IS_FORKED: ++ *result = AP_MPMQ_DYNAMIC; ++ return APR_SUCCESS; ++ case AP_MPMQ_HARD_LIMIT_DAEMONS: ++ *result = server_limit; ++ return APR_SUCCESS; ++ case AP_MPMQ_HARD_LIMIT_THREADS: ++ *result = HARD_THREAD_LIMIT; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_THREADS: ++ *result = 0; ++ return APR_SUCCESS; ++ case AP_MPMQ_MIN_SPARE_DAEMONS: ++ *result = ap_daemons_min_free; ++ return APR_SUCCESS; ++ case AP_MPMQ_MIN_SPARE_THREADS: ++ *result = 0; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_SPARE_DAEMONS: ++ *result = ap_daemons_max_free; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_SPARE_THREADS: ++ *result = 0; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_REQUESTS_DAEMON: ++ *result = ap_max_requests_per_child; ++ return APR_SUCCESS; ++ case AP_MPMQ_MAX_DAEMONS: ++ *result = server_limit; ++ return APR_SUCCESS; ++ case AP_MPMQ_MPM_STATE: ++ *result = mpm_state; ++ return APR_SUCCESS; ++ } ++ return APR_ENOTIMPL; ++} ++ ++#if defined(NEED_WAITPID) ++/* ++ Systems without a real waitpid sometimes lose a child's exit while waiting ++ for another. Search through the scoreboard for missing children. ++ */ ++int reap_children(int *exitcode, apr_exit_why_e *status) ++{ ++ int n, pid; ++ ++ for (n = 0; n < ap_max_daemons_limit; ++n) { ++ if (ap_scoreboard_image->servers[n][0].status != SERVER_DEAD && ++ kill((pid = ap_scoreboard_image->parent[n].pid), 0) == -1) { ++ ap_update_child_status_from_indexes(n, 0, SERVER_DEAD, NULL); ++ /* just mark it as having a successful exit status */ ++ *status = APR_PROC_EXIT; ++ *exitcode = 0; ++ return(pid); ++ } ++ } ++ return 0; ++} ++#endif ++ ++/***************************************************************** ++ * Connection structures and accounting... ++ */ ++ ++static void just_die(int sig) ++{ ++ clean_child_exit(0); ++} ++ ++static void stop_listening(int sig) ++{ ++ ap_close_listeners(); ++ ++ /* For a graceful stop, we want the child to exit when done */ ++ die_now = 1; ++} ++ ++/* volatile just in case */ ++static int volatile shutdown_pending; ++static int volatile restart_pending; ++static int volatile is_graceful; ++ ++static void sig_term(int sig) ++{ ++ if (shutdown_pending == 1) { ++ /* Um, is this _probably_ not an error, if the user has ++ * tried to do a shutdown twice quickly, so we won't ++ * worry about reporting it. ++ */ ++ return; ++ } ++ shutdown_pending = 1; ++ is_graceful = (sig == AP_SIG_GRACEFUL_STOP); ++} ++ ++/* restart() is the signal handler for SIGHUP and AP_SIG_GRACEFUL ++ * in the parent process, unless running in ONE_PROCESS mode ++ */ ++static void restart(int sig) ++{ ++ if (restart_pending == 1) { ++ /* Probably not an error - don't bother reporting it */ ++ return; ++ } ++ restart_pending = 1; ++ is_graceful = (sig == AP_SIG_GRACEFUL); ++} ++ ++static void set_signals(void) ++{ ++#ifndef NO_USE_SIGACTION ++ struct sigaction sa; ++#endif ++ ++ if (!one_process) { ++ ap_fatal_signal_setup(ap_server_conf, pconf); ++ } ++ ++#ifndef NO_USE_SIGACTION ++ sigemptyset(&sa.sa_mask); ++ sa.sa_flags = 0; ++ ++ sa.sa_handler = sig_term; ++ if (sigaction(SIGTERM, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGTERM)"); ++#ifdef AP_SIG_GRACEFUL_STOP ++ if (sigaction(AP_SIG_GRACEFUL_STOP, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, ++ "sigaction(" AP_SIG_GRACEFUL_STOP_STRING ")"); ++#endif ++#ifdef SIGINT ++ if (sigaction(SIGINT, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGINT)"); ++#endif ++#ifdef SIGXCPU ++ sa.sa_handler = SIG_DFL; ++ if (sigaction(SIGXCPU, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXCPU)"); ++#endif ++#ifdef SIGXFSZ ++ sa.sa_handler = SIG_DFL; ++ if (sigaction(SIGXFSZ, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXFSZ)"); ++#endif ++#ifdef SIGPIPE ++ sa.sa_handler = SIG_IGN; ++ if (sigaction(SIGPIPE, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGPIPE)"); ++#endif ++ ++ /* we want to ignore HUPs and AP_SIG_GRACEFUL while we're busy ++ * processing one ++ */ ++ sigaddset(&sa.sa_mask, SIGHUP); ++ sigaddset(&sa.sa_mask, AP_SIG_GRACEFUL); ++ sa.sa_handler = restart; ++ if (sigaction(SIGHUP, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGHUP)"); ++ if (sigaction(AP_SIG_GRACEFUL, &sa, NULL) < 0) ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(" AP_SIG_GRACEFUL_STRING ")"); ++#else ++ if (!one_process) { ++#ifdef SIGXCPU ++ apr_signal(SIGXCPU, SIG_DFL); ++#endif /* SIGXCPU */ ++#ifdef SIGXFSZ ++ apr_signal(SIGXFSZ, SIG_DFL); ++#endif /* SIGXFSZ */ ++ } ++ ++ apr_signal(SIGTERM, sig_term); ++#ifdef SIGHUP ++ apr_signal(SIGHUP, restart); ++#endif /* SIGHUP */ ++#ifdef AP_SIG_GRACEFUL ++ apr_signal(AP_SIG_GRACEFUL, restart); ++#endif /* AP_SIG_GRACEFUL */ ++#ifdef AP_SIG_GRACEFUL_STOP ++ apr_signal(AP_SIG_GRACEFUL_STOP, sig_term); ++#endif /* AP_SIG_GRACEFUL */ ++#ifdef SIGPIPE ++ apr_signal(SIGPIPE, SIG_IGN); ++#endif /* SIGPIPE */ ++ ++#endif ++} ++ ++/***************************************************************** ++ * Child process main loop. ++ * The following vars are static to avoid getting clobbered by longjmp(); ++ * they are really private to child_main. ++ */ ++ ++static int requests_this_child; ++static int num_listensocks = 0; ++ ++ ++int ap_graceful_stop_signalled(void) ++{ ++ /* not ever called anymore... */ ++ return 0; ++} ++ ++ ++static void child_main(int child_num_arg) ++{ ++ apr_pool_t *ptrans; ++ apr_allocator_t *allocator; ++ apr_status_t status; ++ int i; ++ ap_listen_rec *lr; ++ apr_pollset_t *pollset; ++ ap_sb_handle_t *sbh; ++ apr_bucket_alloc_t *bucket_alloc; ++ int last_poll_idx = 0; ++ ++ mpm_state = AP_MPMQ_STARTING; /* for benefit of any hooks that run as this ++ * child initializes ++ */ ++ ++ my_child_num = child_num_arg; ++ ap_my_pid = getpid(); ++ requests_this_child = 0; ++ ++ ap_fatal_signal_child_setup(ap_server_conf); ++ ++ /* Get a sub context for global allocations in this child, so that ++ * we can have cleanups occur when the child exits. ++ */ ++ apr_allocator_create(&allocator); ++ apr_allocator_max_free_set(allocator, ap_max_mem_free); ++ apr_pool_create_ex(&pchild, pconf, NULL, allocator); ++ apr_allocator_owner_set(allocator, pchild); ++ ++ apr_pool_create(&ptrans, pchild); ++ apr_pool_tag(ptrans, "transaction"); ++ ++ /* needs to be done before we switch UIDs so we have permissions */ ++ ap_reopen_scoreboard(pchild, NULL, 0); ++ status = apr_proc_mutex_child_init(&accept_mutex, ap_lock_fname, pchild); ++ if (status != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, status, ap_server_conf, ++ "Couldn't initialize cross-process lock in child " ++ "(%s) (%d)", ap_lock_fname, ap_accept_lock_mech); ++ clean_child_exit(APEXIT_CHILDFATAL); ++ } ++ ++ if (unixd_setup_child()) { ++ clean_child_exit(APEXIT_CHILDFATAL); ++ } ++ ++ ap_run_child_init(pchild, ap_server_conf); ++ ++ ap_create_sb_handle(&sbh, pchild, my_child_num, 0); ++ ++ (void) ap_update_child_status(sbh, SERVER_READY, (request_rec *) NULL); ++ ++ /* Set up the pollfd array */ ++ /* ### check the status */ ++ (void) apr_pollset_create(&pollset, num_listensocks, pchild, 0); ++ ++ for (lr = ap_listeners, i = num_listensocks; i--; lr = lr->next) { ++ apr_pollfd_t pfd = { 0 }; ++ ++ pfd.desc_type = APR_POLL_SOCKET; ++ pfd.desc.s = lr->sd; ++ pfd.reqevents = APR_POLLIN; ++ pfd.client_data = lr; ++ ++ /* ### check the status */ ++ (void) apr_pollset_add(pollset, &pfd); ++ } ++ ++ mpm_state = AP_MPMQ_RUNNING; ++ ++ bucket_alloc = apr_bucket_alloc_create(pchild); ++ ++ /* die_now is set when AP_SIG_GRACEFUL is received in the child; ++ * shutdown_pending is set when SIGTERM is received when running ++ * in single process mode. */ ++ while (!die_now && !shutdown_pending) { ++ conn_rec *current_conn; ++ void *csd; ++ ++ /* ++ * (Re)initialize this child to a pre-connection state. ++ */ ++ ++ apr_pool_clear(ptrans); ++ ++ if ((ap_max_requests_per_child > 0 ++ && requests_this_child++ >= ap_max_requests_per_child)) { ++ clean_child_exit(0); ++ } ++ ++ (void) ap_update_child_status(sbh, SERVER_READY, (request_rec *) NULL); ++ ++ /* ++ * Wait for an acceptable connection to arrive. ++ */ ++ ++ /* Lock around "accept", if necessary */ ++ SAFE_ACCEPT(accept_mutex_on()); ++ ++ if (num_listensocks == 1) { ++ /* There is only one listener record, so refer to that one. */ ++ lr = ap_listeners; ++ } ++ else { ++ /* multiple listening sockets - need to poll */ ++ for (;;) { ++ apr_int32_t numdesc; ++ const apr_pollfd_t *pdesc; ++ ++ /* timeout == -1 == wait forever */ ++ status = apr_pollset_poll(pollset, -1, &numdesc, &pdesc); ++ if (status != APR_SUCCESS) { ++ if (APR_STATUS_IS_EINTR(status)) { ++ if (one_process && shutdown_pending) { ++ return; ++ } ++ else if (die_now) { ++ /* In graceful stop/restart; drop the mutex ++ * and terminate the child. */ ++ SAFE_ACCEPT(accept_mutex_off()); ++ clean_child_exit(0); ++ } ++ continue; ++ } ++ /* Single Unix documents select as returning errnos ++ * EBADF, EINTR, and EINVAL... and in none of those ++ * cases does it make sense to continue. In fact ++ * on Linux 2.0.x we seem to end up with EFAULT ++ * occasionally, and we'd loop forever due to it. ++ */ ++ ap_log_error(APLOG_MARK, APLOG_ERR, status, ++ ap_server_conf, "apr_pollset_poll: (listen)"); ++ SAFE_ACCEPT(accept_mutex_off()); ++ clean_child_exit(1); ++ } ++ ++ /* We can always use pdesc[0], but sockets at position N ++ * could end up completely starved of attention in a very ++ * busy server. Therefore, we round-robin across the ++ * returned set of descriptors. While it is possible that ++ * the returned set of descriptors might flip around and ++ * continue to starve some sockets, we happen to know the ++ * internal pollset implementation retains ordering ++ * stability of the sockets. Thus, the round-robin should ++ * ensure that a socket will eventually be serviced. ++ */ ++ if (last_poll_idx >= numdesc) ++ last_poll_idx = 0; ++ ++ /* Grab a listener record from the client_data of the poll ++ * descriptor, and advance our saved index to round-robin ++ * the next fetch. ++ * ++ * ### hmm... this descriptor might have POLLERR rather ++ * ### than POLLIN ++ */ ++ lr = pdesc[last_poll_idx++].client_data; ++ goto got_fd; ++ } ++ } ++ got_fd: ++ /* if we accept() something we don't want to die, so we have to ++ * defer the exit ++ */ ++ status = lr->accept_func(&csd, lr, ptrans); ++ ++ SAFE_ACCEPT(accept_mutex_off()); /* unlock after "accept" */ ++ ++ if (status == APR_EGENERAL) { ++ /* resource shortage or should-not-occur occured */ ++ clean_child_exit(1); ++ } ++ else if (status != APR_SUCCESS) { ++ continue; ++ } ++ ++ /* ++ * We now have a connection, so set it up with the appropriate ++ * socket options, file descriptors, and read/write buffers. ++ */ ++ ++ current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc); ++ if (current_conn) { ++ ap_process_connection(current_conn, csd); ++ ap_lingering_close(current_conn); ++ } ++ ++ /* Check the pod and the generation number after processing a ++ * connection so that we'll go away if a graceful restart occurred ++ * while we were processing the connection or we are the lucky ++ * idle server process that gets to die. ++ */ ++ if (ap_mpm_pod_check(pod) == APR_SUCCESS) { /* selected as idle? */ ++ die_now = 1; ++ } ++ else if (ap_my_generation != ++ ap_scoreboard_image->global->running_generation) { /* restart? */ ++ /* yeah, this could be non-graceful restart, in which case the ++ * parent will kill us soon enough, but why bother checking? ++ */ ++ die_now = 1; ++ } ++ } ++ clean_child_exit(0); ++} ++ ++ ++static int make_child(server_rec *s, int slot) ++{ ++ int pid; ++ ++ if (slot + 1 > ap_max_daemons_limit) { ++ ap_max_daemons_limit = slot + 1; ++ } ++ ++ if (one_process) { ++ apr_signal(SIGHUP, sig_term); ++ /* Don't catch AP_SIG_GRACEFUL in ONE_PROCESS mode :) */ ++ apr_signal(SIGINT, sig_term); ++#ifdef SIGQUIT ++ apr_signal(SIGQUIT, SIG_DFL); ++#endif ++ apr_signal(SIGTERM, sig_term); ++ child_main(slot); ++ return 0; ++ } ++ ++ (void) ap_update_child_status_from_indexes(slot, 0, SERVER_STARTING, ++ (request_rec *) NULL); ++ ++ ++#ifdef _OSD_POSIX ++ /* BS2000 requires a "special" version of fork() before a setuid() call */ ++ if ((pid = os_fork(unixd_config.user_name)) == -1) { ++#elif defined(TPF) ++ if ((pid = os_fork(s, slot)) == -1) { ++#else ++ if ((pid = fork()) == -1) { ++#endif ++ ap_log_error(APLOG_MARK, APLOG_ERR, errno, s, "fork: Unable to fork new process"); ++ ++ /* fork didn't succeed. Fix the scoreboard or else ++ * it will say SERVER_STARTING forever and ever ++ */ ++ (void) ap_update_child_status_from_indexes(slot, 0, SERVER_DEAD, ++ (request_rec *) NULL); ++ ++ /* In case system resources are maxxed out, we don't want ++ * Apache running away with the CPU trying to fork over and ++ * over and over again. ++ */ ++ sleep(10); ++ ++ return -1; ++ } ++ ++ if (!pid) { ++#ifdef HAVE_BINDPROCESSOR ++ /* by default AIX binds to a single processor ++ * this bit unbinds children which will then bind to another cpu ++ */ ++ int status = bindprocessor(BINDPROCESS, (int)getpid(), ++ PROCESSOR_CLASS_ANY); ++ if (status != OK) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ++ ap_server_conf, "processor unbind failed %d", status); ++ } ++#endif ++ RAISE_SIGSTOP(MAKE_CHILD); ++ AP_MONCONTROL(1); ++ /* Disable the parent's signal handlers and set up proper handling in ++ * the child. ++ */ ++ apr_signal(SIGHUP, just_die); ++ apr_signal(SIGTERM, just_die); ++ /* The child process just closes listeners on AP_SIG_GRACEFUL. ++ * The pod is used for signalling the graceful restart. ++ */ ++ apr_signal(AP_SIG_GRACEFUL, stop_listening); ++ child_main(slot); ++ } ++ ++ ap_scoreboard_image->parent[slot].pid = pid; ++ ++ return 0; ++} ++ ++ ++/* start up a bunch of children */ ++static void startup_children(int number_to_start) ++{ ++ int i; ++ ++ for (i = 0; number_to_start && i < ap_daemons_limit; ++i) { ++ if (ap_scoreboard_image->servers[i][0].status != SERVER_DEAD) { ++ continue; ++ } ++ if (make_child(ap_server_conf, i) < 0) { ++ break; ++ } ++ --number_to_start; ++ } ++} ++ ++ ++/* ++ * idle_spawn_rate is the number of children that will be spawned on the ++ * next maintenance cycle if there aren't enough idle servers. It is ++ * doubled up to MAX_SPAWN_RATE, and reset only when a cycle goes by ++ * without the need to spawn. ++ */ ++static int idle_spawn_rate = 1; ++#ifndef MAX_SPAWN_RATE ++#define MAX_SPAWN_RATE (32) ++#endif ++static int hold_off_on_exponential_spawning; ++ ++static void perform_idle_server_maintenance(apr_pool_t *p) ++{ ++ int i; ++ int to_kill; ++ int idle_count; ++ worker_score *ws; ++ int free_length; ++ int free_slots[MAX_SPAWN_RATE]; ++ int last_non_dead; ++ int total_non_dead; ++ ++ /* initialize the free_list */ ++ free_length = 0; ++ ++ to_kill = -1; ++ idle_count = 0; ++ last_non_dead = -1; ++ total_non_dead = 0; ++ ++ for (i = 0; i < ap_daemons_limit; ++i) { ++ int status; ++ ++ if (i >= ap_max_daemons_limit && free_length == idle_spawn_rate) ++ break; ++ ws = &ap_scoreboard_image->servers[i][0]; ++ status = ws->status; ++ if (status == SERVER_DEAD) { ++ /* try to keep children numbers as low as possible */ ++ if (free_length < idle_spawn_rate) { ++ free_slots[free_length] = i; ++ ++free_length; ++ } ++ } ++ else { ++ /* We consider a starting server as idle because we started it ++ * at least a cycle ago, and if it still hasn't finished starting ++ * then we're just going to swamp things worse by forking more. ++ * So we hopefully won't need to fork more if we count it. ++ * This depends on the ordering of SERVER_READY and SERVER_STARTING. ++ */ ++ if (status <= SERVER_READY) { ++ ++ idle_count; ++ /* always kill the highest numbered child if we have to... ++ * no really well thought out reason ... other than observing ++ * the server behaviour under linux where lower numbered children ++ * tend to service more hits (and hence are more likely to have ++ * their data in cpu caches). ++ */ ++ to_kill = i; ++ } ++ ++ ++total_non_dead; ++ last_non_dead = i; ++ } ++ } ++ ap_max_daemons_limit = last_non_dead + 1; ++ if (idle_count > ap_daemons_max_free) { ++ /* kill off one child... we use the pod because that'll cause it to ++ * shut down gracefully, in case it happened to pick up a request ++ * while we were counting ++ */ ++ ap_mpm_pod_signal(pod); ++ idle_spawn_rate = 1; ++ } ++ else if (idle_count < ap_daemons_min_free) { ++ /* terminate the free list */ ++ if (free_length == 0) { ++ /* only report this condition once */ ++ static int reported = 0; ++ ++ if (!reported) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, ++ "server reached MaxClients setting, consider" ++ " raising the MaxClients setting"); ++ reported = 1; ++ } ++ idle_spawn_rate = 1; ++ } ++ else { ++ if (idle_spawn_rate >= 8) { ++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf, ++ "server seems busy, (you may need " ++ "to increase StartServers, or Min/MaxSpareServers), " ++ "spawning %d children, there are %d idle, and " ++ "%d total children", idle_spawn_rate, ++ idle_count, total_non_dead); ++ } ++ for (i = 0; i < free_length; ++i) { ++#ifdef TPF ++ if (make_child(ap_server_conf, free_slots[i]) == -1) { ++ if(free_length == 1) { ++ shutdown_pending = 1; ++ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, ap_server_conf, ++ "No active child processes: shutting down"); ++ } ++ } ++#else ++ make_child(ap_server_conf, free_slots[i]); ++#endif /* TPF */ ++ } ++ /* the next time around we want to spawn twice as many if this ++ * wasn't good enough, but not if we've just done a graceful ++ */ ++ if (hold_off_on_exponential_spawning) { ++ --hold_off_on_exponential_spawning; ++ } ++ else if (idle_spawn_rate < MAX_SPAWN_RATE) { ++ idle_spawn_rate *= 2; ++ } ++ } ++ } ++ else { ++ idle_spawn_rate = 1; ++ } ++} ++ ++/***************************************************************** ++ * Executive routines. ++ */ ++ ++int ap_mpm_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) ++{ ++ int index; ++ int remaining_children_to_start; ++ apr_status_t rv; ++ ++ ap_log_pid(pconf, ap_pid_fname); ++ ++ first_server_limit = server_limit; ++ if (changed_limit_at_restart) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, ++ "WARNING: Attempt to change ServerLimit " ++ "ignored during restart"); ++ changed_limit_at_restart = 0; ++ } ++ ++ /* Initialize cross-process accept lock */ ++ ap_lock_fname = apr_psprintf(_pconf, "%s.%" APR_PID_T_FMT, ++ ap_server_root_relative(_pconf, ap_lock_fname), ++ ap_my_pid); ++ ++ rv = apr_proc_mutex_create(&accept_mutex, ap_lock_fname, ++ ap_accept_lock_mech, _pconf); ++ if (rv != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, ++ "Couldn't create accept lock (%s) (%d)", ++ ap_lock_fname, ap_accept_lock_mech); ++ mpm_state = AP_MPMQ_STOPPING; ++ return 1; ++ } ++ ++#if APR_USE_SYSVSEM_SERIALIZE ++ if (ap_accept_lock_mech == APR_LOCK_DEFAULT || ++ ap_accept_lock_mech == APR_LOCK_SYSVSEM) { ++#else ++ if (ap_accept_lock_mech == APR_LOCK_SYSVSEM) { ++#endif ++ rv = unixd_set_proc_mutex_perms(accept_mutex); ++ if (rv != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, ++ "Couldn't set permissions on cross-process lock; " ++ "check User and Group directives"); ++ mpm_state = AP_MPMQ_STOPPING; ++ return 1; ++ } ++ } ++ ++ if (!is_graceful) { ++ if (ap_run_pre_mpm(s->process->pool, SB_SHARED) != OK) { ++ mpm_state = AP_MPMQ_STOPPING; ++ return 1; ++ } ++ /* fix the generation number in the global score; we just got a new, ++ * cleared scoreboard ++ */ ++ ap_scoreboard_image->global->running_generation = ap_my_generation; ++ } ++ ++ set_signals(); ++ ++ if (one_process) { ++ AP_MONCONTROL(1); ++ make_child(ap_server_conf, 0); ++ } ++ else { ++ if (ap_daemons_max_free < ap_daemons_min_free + 1) /* Don't thrash... */ ++ ap_daemons_max_free = ap_daemons_min_free + 1; ++ ++ /* If we're doing a graceful_restart then we're going to see a lot ++ * of children exiting immediately when we get into the main loop ++ * below (because we just sent them AP_SIG_GRACEFUL). This happens pretty ++ * rapidly... and for each one that exits we'll start a new one until ++ * we reach at least daemons_min_free. But we may be permitted to ++ * start more than that, so we'll just keep track of how many we're ++ * supposed to start up without the 1 second penalty between each fork. ++ */ ++ remaining_children_to_start = ap_daemons_to_start; ++ if (remaining_children_to_start > ap_daemons_limit) { ++ remaining_children_to_start = ap_daemons_limit; ++ } ++ if (!is_graceful) { ++ startup_children(remaining_children_to_start); ++ remaining_children_to_start = 0; ++ } ++ else { ++ /* give the system some time to recover before kicking into ++ * exponential mode ++ */ ++ hold_off_on_exponential_spawning = 10; ++ } ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "%s configured -- resuming normal operations", ++ ap_get_server_description()); ++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf, ++ "Server built: %s", ap_get_server_built()); ++#ifdef AP_MPM_WANT_SET_ACCEPT_LOCK_MECH ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, ++ "AcceptMutex: %s (default: %s)", ++ apr_proc_mutex_name(accept_mutex), ++ apr_proc_mutex_defname()); ++#endif ++ restart_pending = shutdown_pending = 0; ++ ++ mpm_state = AP_MPMQ_RUNNING; ++ ++ while (!restart_pending && !shutdown_pending) { ++ int child_slot; ++ apr_exit_why_e exitwhy; ++ int status, processed_status; ++ /* this is a memory leak, but I'll fix it later. */ ++ apr_proc_t pid; ++ ++ ap_wait_or_timeout(&exitwhy, &status, &pid, pconf); ++ ++ /* XXX: if it takes longer than 1 second for all our children ++ * to start up and get into IDLE state then we may spawn an ++ * extra child ++ */ ++ if (pid.pid != -1) { ++ processed_status = ap_process_child_status(&pid, exitwhy, status); ++ if (processed_status == APEXIT_CHILDFATAL) { ++ mpm_state = AP_MPMQ_STOPPING; ++ return 1; ++ } ++ ++ /* non-fatal death... note that it's gone in the scoreboard. */ ++ child_slot = find_child_by_pid(&pid); ++ if (child_slot >= 0) { ++ (void) ap_update_child_status_from_indexes(child_slot, 0, SERVER_DEAD, ++ (request_rec *) NULL); ++ if (processed_status == APEXIT_CHILDSICK) { ++ /* child detected a resource shortage (E[NM]FILE, ENOBUFS, etc) ++ * cut the fork rate to the minimum ++ */ ++ idle_spawn_rate = 1; ++ } ++ else if (remaining_children_to_start ++ && child_slot < ap_daemons_limit) { ++ /* we're still doing a 1-for-1 replacement of dead ++ * children with new children ++ */ ++ make_child(ap_server_conf, child_slot); ++ --remaining_children_to_start; ++ } ++#if APR_HAS_OTHER_CHILD ++ } ++ else if (apr_proc_other_child_alert(&pid, APR_OC_REASON_DEATH, status) == APR_SUCCESS) { ++ /* handled */ ++#endif ++ } ++ else if (is_graceful) { ++ /* Great, we've probably just lost a slot in the ++ * scoreboard. Somehow we don't know about this ++ * child. ++ */ ++ ap_log_error(APLOG_MARK, APLOG_WARNING, ++ 0, ap_server_conf, ++ "long lost child came home! (pid %ld)", (long)pid.pid); ++ } ++ /* Don't perform idle maintenance when a child dies, ++ * only do it when there's a timeout. Remember only a ++ * finite number of children can die, and it's pretty ++ * pathological for a lot to die suddenly. ++ */ ++ continue; ++ } ++ else if (remaining_children_to_start) { ++ /* we hit a 1 second timeout in which none of the previous ++ * generation of children needed to be reaped... so assume ++ * they're all done, and pick up the slack if any is left. ++ */ ++ startup_children(remaining_children_to_start); ++ remaining_children_to_start = 0; ++ /* In any event we really shouldn't do the code below because ++ * few of the servers we just started are in the IDLE state ++ * yet, so we'd mistakenly create an extra server. ++ */ ++ continue; ++ } ++ ++ perform_idle_server_maintenance(pconf); ++#ifdef TPF ++ shutdown_pending = os_check_server(tpf_server_name); ++ ap_check_signals(); ++ sleep(1); ++#endif /*TPF */ ++ } ++ } /* one_process */ ++ ++ mpm_state = AP_MPMQ_STOPPING; ++ ++ if (shutdown_pending && !is_graceful) { ++ /* Time to shut down: ++ * Kill child processes, tell them to call child_exit, etc... ++ */ ++ if (unixd_killpg(getpgrp(), SIGTERM) < 0) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "killpg SIGTERM"); ++ } ++ ap_reclaim_child_processes(1); /* Start with SIGTERM */ ++ ++ /* cleanup pid file on normal shutdown */ ++ { ++ const char *pidfile = NULL; ++ pidfile = ap_server_root_relative (pconf, ap_pid_fname); ++ if ( pidfile != NULL && unlink(pidfile) == 0) ++ ap_log_error(APLOG_MARK, APLOG_INFO, ++ 0, ap_server_conf, ++ "removed PID file %s (pid=%ld)", ++ pidfile, (long)getpid()); ++ } ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "caught SIGTERM, shutting down"); ++ ++ return 1; ++ } else if (shutdown_pending) { ++ /* Time to perform a graceful shut down: ++ * Reap the inactive children, and ask the active ones ++ * to close their listeners, then wait until they are ++ * all done to exit. ++ */ ++ int active_children; ++ apr_time_t cutoff = 0; ++ ++ /* Stop listening */ ++ ap_close_listeners(); ++ ++ /* kill off the idle ones */ ++ ap_mpm_pod_killpg(pod, ap_max_daemons_limit); ++ ++ /* Send SIGUSR1 to the active children */ ++ active_children = 0; ++ for (index = 0; index < ap_daemons_limit; ++index) { ++ if (ap_scoreboard_image->servers[index][0].status != SERVER_DEAD) { ++ /* Ask each child to close its listeners. */ ++ ap_mpm_safe_kill(MPM_CHILD_PID(index), AP_SIG_GRACEFUL); ++ active_children++; ++ } ++ } ++ ++ /* Allow each child which actually finished to exit */ ++ ap_relieve_child_processes(); ++ ++ /* cleanup pid file */ ++ { ++ const char *pidfile = NULL; ++ pidfile = ap_server_root_relative (pconf, ap_pid_fname); ++ if ( pidfile != NULL && unlink(pidfile) == 0) ++ ap_log_error(APLOG_MARK, APLOG_INFO, ++ 0, ap_server_conf, ++ "removed PID file %s (pid=%ld)", ++ pidfile, (long)getpid()); ++ } ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "caught " AP_SIG_GRACEFUL_STOP_STRING ", shutting down gracefully"); ++ ++ if (ap_graceful_shutdown_timeout) { ++ cutoff = apr_time_now() + ++ apr_time_from_sec(ap_graceful_shutdown_timeout); ++ } ++ ++ /* Don't really exit until each child has finished */ ++ shutdown_pending = 0; ++ do { ++ /* Pause for a second */ ++ sleep(1); ++ ++ /* Relieve any children which have now exited */ ++ ap_relieve_child_processes(); ++ ++ active_children = 0; ++ for (index = 0; index < ap_daemons_limit; ++index) { ++ if (ap_mpm_safe_kill(MPM_CHILD_PID(index), 0) == APR_SUCCESS) { ++ active_children = 1; ++ /* Having just one child is enough to stay around */ ++ break; ++ } ++ } ++ } while (!shutdown_pending && active_children && ++ (!ap_graceful_shutdown_timeout || apr_time_now() < cutoff)); ++ ++ /* We might be here because we received SIGTERM, either ++ * way, try and make sure that all of our processes are ++ * really dead. ++ */ ++ unixd_killpg(getpgrp(), SIGTERM); ++ ++ return 1; ++ } ++ ++ /* we've been told to restart */ ++ apr_signal(SIGHUP, SIG_IGN); ++ apr_signal(AP_SIG_GRACEFUL, SIG_IGN); ++ if (one_process) { ++ /* not worth thinking about */ ++ return 1; ++ } ++ ++ /* advance to the next generation */ ++ /* XXX: we really need to make sure this new generation number isn't in ++ * use by any of the children. ++ */ ++ ++ap_my_generation; ++ ap_scoreboard_image->global->running_generation = ap_my_generation; ++ ++ if (is_graceful) { ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "Graceful restart requested, doing restart"); ++ ++ /* kill off the idle ones */ ++ ap_mpm_pod_killpg(pod, ap_max_daemons_limit); ++ ++ /* This is mostly for debugging... so that we know what is still ++ * gracefully dealing with existing request. This will break ++ * in a very nasty way if we ever have the scoreboard totally ++ * file-based (no shared memory) ++ */ ++ for (index = 0; index < ap_daemons_limit; ++index) { ++ if (ap_scoreboard_image->servers[index][0].status != SERVER_DEAD) { ++ ap_scoreboard_image->servers[index][0].status = SERVER_GRACEFUL; ++ /* Ask each child to close its listeners. ++ * ++ * NOTE: we use the scoreboard, because if we send SIGUSR1 ++ * to every process in the group, this may include CGI's, ++ * piped loggers, etc. They almost certainly won't handle ++ * it gracefully. ++ */ ++ ap_mpm_safe_kill(ap_scoreboard_image->parent[index].pid, AP_SIG_GRACEFUL); ++ } ++ } ++ } ++ else { ++ /* Kill 'em off */ ++ if (unixd_killpg(getpgrp(), SIGHUP) < 0) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "killpg SIGHUP"); ++ } ++ ap_reclaim_child_processes(0); /* Not when just starting up */ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, ++ "SIGHUP received. Attempting to restart"); ++ } ++ ++ return 0; ++} ++ ++/* This really should be a post_config hook, but the error log is already ++ * redirected by that point, so we need to do this in the open_logs phase. ++ */ ++static int prefork_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) ++{ ++ apr_status_t rv; ++ ++ pconf = p; ++ ap_server_conf = s; ++ ++ if ((num_listensocks = ap_setup_listeners(ap_server_conf)) < 1) { ++ ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_STARTUP, 0, ++ NULL, "no listening sockets available, shutting down"); ++ return DONE; ++ } ++ ++ if ((rv = ap_mpm_pod_open(pconf, &pod))) { ++ ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_STARTUP, rv, NULL, ++ "Could not open pipe-of-death."); ++ return DONE; ++ } ++ return OK; ++} ++ ++static int prefork_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp) ++{ ++ static int restart_num = 0; ++ int no_detach, debug, foreground; ++ apr_status_t rv; ++ ++ mpm_state = AP_MPMQ_STARTING; ++ ++ debug = ap_exists_config_define("DEBUG"); ++ ++ if (debug) { ++ foreground = one_process = 1; ++ no_detach = 0; ++ } ++ else ++ { ++ no_detach = ap_exists_config_define("NO_DETACH"); ++ one_process = ap_exists_config_define("ONE_PROCESS"); ++ foreground = ap_exists_config_define("FOREGROUND"); ++ } ++ ++ /* sigh, want this only the second time around */ ++ if (restart_num++ == 1) { ++ is_graceful = 0; ++ ++ if (!one_process && !foreground) { ++ rv = apr_proc_detach(no_detach ? APR_PROC_DETACH_FOREGROUND ++ : APR_PROC_DETACH_DAEMONIZE); ++ if (rv != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL, ++ "apr_proc_detach failed"); ++ return HTTP_INTERNAL_SERVER_ERROR; ++ } ++ } ++ ++ parent_pid = ap_my_pid = getpid(); ++ } ++ ++ unixd_pre_config(ptemp); ++ ap_listen_pre_config(); ++ ap_daemons_to_start = DEFAULT_START_DAEMON; ++ ap_daemons_min_free = DEFAULT_MIN_FREE_DAEMON; ++ ap_daemons_max_free = DEFAULT_MAX_FREE_DAEMON; ++ ap_daemons_limit = server_limit; ++ ap_pid_fname = DEFAULT_PIDLOG; ++ ap_lock_fname = DEFAULT_LOCKFILE; ++ ap_max_requests_per_child = DEFAULT_MAX_REQUESTS_PER_CHILD; ++ ap_extended_status = 0; ++#ifdef AP_MPM_WANT_SET_MAX_MEM_FREE ++ ap_max_mem_free = APR_ALLOCATOR_MAX_FREE_UNLIMITED; ++#endif ++ ++ apr_cpystrn(ap_coredump_dir, ap_server_root, sizeof(ap_coredump_dir)); ++ ++ return OK; ++} ++ ++static void prefork_hooks(apr_pool_t *p) ++{ ++ /* The prefork open_logs phase must run before the core's, or stderr ++ * will be redirected to a file, and the messages won't print to the ++ * console. ++ */ ++ static const char *const aszSucc[] = {"core.c", NULL}; ++ ++#ifdef AUX3 ++ (void) set42sig(); ++#endif ++ ++ ap_hook_open_logs(prefork_open_logs, NULL, aszSucc, APR_HOOK_MIDDLE); ++ /* we need to set the MPM state before other pre-config hooks use MPM query ++ * to retrieve it, so register as REALLY_FIRST ++ */ ++ ap_hook_pre_config(prefork_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST); ++} ++ ++static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ ap_daemons_to_start = atoi(arg); ++ return NULL; ++} ++ ++static const char *set_min_free_servers(cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ ap_daemons_min_free = atoi(arg); ++ if (ap_daemons_min_free <= 0) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: detected MinSpareServers set to non-positive."); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "Resetting to 1 to avoid almost certain Apache failure."); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "Please read the documentation."); ++ ap_daemons_min_free = 1; ++ } ++ ++ return NULL; ++} ++ ++static const char *set_max_free_servers(cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ ap_daemons_max_free = atoi(arg); ++ return NULL; ++} ++ ++static const char *set_max_clients (cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ ap_daemons_limit = atoi(arg); ++ if (ap_daemons_limit > server_limit) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: MaxClients of %d exceeds ServerLimit value " ++ "of %d servers,", ap_daemons_limit, server_limit); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ " lowering MaxClients to %d. To increase, please " ++ "see the ServerLimit", server_limit); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ " directive."); ++ ap_daemons_limit = server_limit; ++ } ++ else if (ap_daemons_limit < 1) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: Require MaxClients > 0, setting to 1"); ++ ap_daemons_limit = 1; ++ } ++ return NULL; ++} ++ ++static const char *set_server_limit (cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ int tmp_server_limit; ++ ++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); ++ if (err != NULL) { ++ return err; ++ } ++ ++ tmp_server_limit = atoi(arg); ++ /* you cannot change ServerLimit across a restart; ignore ++ * any such attempts ++ */ ++ if (first_server_limit && ++ tmp_server_limit != server_limit) { ++ /* how do we log a message? the error log is a bit bucket at this ++ * point; we'll just have to set a flag so that ap_mpm_run() ++ * logs a warning later ++ */ ++ changed_limit_at_restart = 1; ++ return NULL; ++ } ++ server_limit = tmp_server_limit; ++ ++ if (server_limit > MAX_SERVER_LIMIT) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: ServerLimit of %d exceeds compile time limit " ++ "of %d servers,", server_limit, MAX_SERVER_LIMIT); ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ " lowering ServerLimit to %d.", MAX_SERVER_LIMIT); ++ server_limit = MAX_SERVER_LIMIT; ++ } ++ else if (server_limit < 1) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: Require ServerLimit > 0, setting to 1"); ++ server_limit = 1; ++ } ++ return NULL; ++} ++ ++static const command_rec prefork_cmds[] = { ++UNIX_DAEMON_COMMANDS, ++LISTEN_COMMANDS, ++AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF, ++ "Number of child processes launched at server startup"), ++AP_INIT_TAKE1("MinSpareServers", set_min_free_servers, NULL, RSRC_CONF, ++ "Minimum number of idle children, to handle request spikes"), ++AP_INIT_TAKE1("MaxSpareServers", set_max_free_servers, NULL, RSRC_CONF, ++ "Maximum number of idle children"), ++AP_INIT_TAKE1("MaxClients", set_max_clients, NULL, RSRC_CONF, ++ "Maximum number of children alive at the same time"), ++AP_INIT_TAKE1("ServerLimit", set_server_limit, NULL, RSRC_CONF, ++ "Maximum value of MaxClients for this run of Apache"), ++AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND, ++{ NULL } ++}; ++ ++module AP_MODULE_DECLARE_DATA mpm_prefork_module = { ++ MPM20_MODULE_STUFF, ++ ap_mpm_rewrite_args, /* hook to run before apache parses args */ ++ NULL, /* create per-directory config structure */ ++ NULL, /* merge per-directory config structures */ ++ NULL, /* create per-server config structure */ ++ NULL, /* merge per-server config structures */ ++ prefork_cmds, /* command apr_table_t */ ++ prefork_hooks, /* register hooks */ ++}; +Index: httpd-2.2.11/server/mpm/experimental/itk/mpm.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h 2009-03-17 21:38:54.000000000 +0100 +@@ -0,0 +1,62 @@ ++/* Licensed to the Apache Software Foundation (ASF) under one or more ++ * contributor license agreements. See the NOTICE file distributed with ++ * this work for additional information regarding copyright ownership. ++ * The ASF licenses this file to You under the Apache License, Version 2.0 ++ * (the "License"); you may not use this file except in compliance with ++ * the License. You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++/** ++ * @file prefork/mpm.h ++ * @brief Unix Prefork MPM (default for Uinx systems) ++ * ++ * @defgroup APACHE_MPM_PREFORK Unix Prefork ++ * @ingroup APACHE_MPM APACHE_OS_UNIX ++ * @{ ++ */ ++ ++#include "httpd.h" ++#include "mpm_default.h" ++#include "scoreboard.h" ++#include "unixd.h" ++ ++#ifndef APACHE_MPM_PREFORK_H ++#define APACHE_MPM_PREFORK_H ++ ++#define PREFORK_MPM ++ ++#define MPM_NAME "Prefork" ++ ++#define AP_MPM_WANT_RECLAIM_CHILD_PROCESSES ++#define AP_MPM_WANT_WAIT_OR_TIMEOUT ++#define AP_MPM_WANT_PROCESS_CHILD_STATUS ++#define AP_MPM_WANT_SET_PIDFILE ++#define AP_MPM_WANT_SET_SCOREBOARD ++#define AP_MPM_WANT_SET_LOCKFILE ++#define AP_MPM_WANT_SET_MAX_REQUESTS ++#define AP_MPM_WANT_SET_COREDUMPDIR ++#define AP_MPM_WANT_SET_ACCEPT_LOCK_MECH ++#define AP_MPM_WANT_SIGNAL_SERVER ++#define AP_MPM_WANT_SET_MAX_MEM_FREE ++#define AP_MPM_WANT_FATAL_SIGNAL_HANDLER ++#define AP_MPM_WANT_SET_GRACEFUL_SHUTDOWN ++#define AP_MPM_DISABLE_NAGLE_ACCEPTED_SOCK ++ ++#define AP_MPM_USES_POD 1 ++#define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid) ++#define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0) ++#define MPM_ACCEPT_FUNC unixd_accept ++ ++extern int ap_threads_per_child; ++extern int ap_max_daemons_limit; ++extern server_rec *ap_server_conf; ++#endif /* APACHE_MPM_PREFORK_H */ ++/** @} */ +Index: httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h 2009-03-17 21:38:54.000000000 +0100 +@@ -0,0 +1,74 @@ ++/* Licensed to the Apache Software Foundation (ASF) under one or more ++ * contributor license agreements. See the NOTICE file distributed with ++ * this work for additional information regarding copyright ownership. ++ * The ASF licenses this file to You under the Apache License, Version 2.0 ++ * (the "License"); you may not use this file except in compliance with ++ * the License. You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++/** ++ * @file prefork/mpm_default.h ++ * @brief Prefork MPM defaults ++ * ++ * @addtogroup APACHE_MPM_PREFORK ++ * @{ ++ */ ++ ++#ifndef APACHE_MPM_DEFAULT_H ++#define APACHE_MPM_DEFAULT_H ++ ++/* Number of servers to spawn off by default --- also, if fewer than ++ * this free when the caretaker checks, it will spawn more. ++ */ ++#ifndef DEFAULT_START_DAEMON ++#define DEFAULT_START_DAEMON 5 ++#endif ++ ++/* Maximum number of *free* server processes --- more than this, and ++ * they will die off. ++ */ ++ ++#ifndef DEFAULT_MAX_FREE_DAEMON ++#define DEFAULT_MAX_FREE_DAEMON 10 ++#endif ++ ++/* Minimum --- fewer than this, and more will be created */ ++ ++#ifndef DEFAULT_MIN_FREE_DAEMON ++#define DEFAULT_MIN_FREE_DAEMON 5 ++#endif ++ ++/* File used for accept locking, when we use a file */ ++#ifndef DEFAULT_LOCKFILE ++#define DEFAULT_LOCKFILE DEFAULT_REL_RUNTIMEDIR "/accept.lock" ++#endif ++ ++/* Where the main/parent process's pid is logged */ ++#ifndef DEFAULT_PIDLOG ++#define DEFAULT_PIDLOG DEFAULT_REL_RUNTIMEDIR "/httpd.pid" ++#endif ++ ++/* ++ * Interval, in microseconds, between scoreboard maintenance. ++ */ ++#ifndef SCOREBOARD_MAINTENANCE_INTERVAL ++#define SCOREBOARD_MAINTENANCE_INTERVAL 1000000 ++#endif ++ ++/* Number of requests to try to handle in a single process. If <= 0, ++ * the children don't die off. ++ */ ++#ifndef DEFAULT_MAX_REQUESTS_PER_CHILD ++#define DEFAULT_MAX_REQUESTS_PER_CHILD 10000 ++#endif ++ ++#endif /* AP_MPM_DEFAULT_H */ ++/** @} */ --- apache2-2.2.16.orig/debian/mpm-itk/patches/series +++ apache2-2.2.16/debian/mpm-itk/patches/series @@ -0,0 +1,11 @@ +01-copy-prefork.patch +02-rename-prefork-to-itk.patch +03-add-mpm-to-build-system.patch +04-correct-output-makefile-location.patch +05-add-copyright.patch +06-hook-just-after-merging-perdir-config.patch +07-base-functionality.patch +08-max-clients-per-vhost.patch +09-capabilities.patch +10-nice.patch +11-fix-htaccess-reads-for-persistent-connections.patch --- apache2-2.2.16.orig/debian/mpm-itk/patches/08-max-clients-per-vhost.patch +++ apache2-2.2.16/debian/mpm-itk/patches/08-max-clients-per-vhost.patch @@ -0,0 +1,94 @@ +Enforce the per-vhost server limit. Note that this is per-vhost, not +per-directory (since it works by reading the scoreboard), so we need to add +per-server configuration data. + +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c 2009-03-21 13:03:45.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-03-21 13:03:50.000000000 +0100 +@@ -159,6 +159,11 @@ + char *username; + } itk_per_dir_conf; + ++typedef struct ++{ ++ int max_clients_vhost; ++} itk_server_conf; ++ + module AP_MODULE_DECLARE_DATA mpm_itk_module; + + #ifdef GPROF +@@ -1383,6 +1388,26 @@ + gid_t wanted_gid; + const char *wanted_username; + int err = 0; ++ ++ itk_server_conf *sconf = ++ (itk_server_conf *) ap_get_module_config(r->server->module_config, &mpm_itk_module); ++ ++ /* Enforce MaxClientsVhost. */ ++ if (sconf->max_clients_vhost > 0) { ++ int i, num_other_servers = 0; ++ for (i = 0; i < ap_daemons_limit; ++i) { ++ worker_score *ws = &ap_scoreboard_image->servers[i][0]; ++ if (ws->status >= SERVER_BUSY_READ && strncmp(ws->vhost, r->server->server_hostname, 31) == 0) ++ ++num_other_servers; ++ } ++ ++ if (num_other_servers > sconf->max_clients_vhost) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ ++ "MaxClientsVhost reached for %s, refusing client.", ++ r->server->server_hostname); ++ return HTTP_SERVICE_UNAVAILABLE; ++ } ++ } + + itk_per_dir_conf *dconf = + (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module); +@@ -1568,6 +1593,14 @@ + return NULL; + } + ++static const char *set_max_clients_vhost (cmd_parms *cmd, void *dummy, const char *arg) ++{ ++ itk_server_conf *sconf = ++ (itk_server_conf *) ap_get_module_config(cmd->server->module_config, &mpm_itk_module); ++ sconf->max_clients_vhost = atoi(arg); ++ return NULL; ++} ++ + static const command_rec itk_cmds[] = { + UNIX_DAEMON_COMMANDS, + LISTEN_COMMANDS, +@@ -1583,6 +1616,8 @@ + "Maximum value of MaxClients for this run of Apache"), + AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF, + "Tie a virtual host to a specific child process."), ++AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF, ++ "Maximum number of children alive at the same time for this virtual host."), + AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND, + { NULL } + }; +@@ -1596,12 +1631,21 @@ + return c; + } + ++/* == allocate a private server config structure == */ ++static void *itk_create_server_config(apr_pool_t *p, server_rec *s) ++{ ++ itk_server_conf *c = (itk_server_conf *) ++ apr_pcalloc(p, sizeof(itk_server_conf)); ++ c->max_clients_vhost = -1; ++ return c; ++} ++ + module AP_MODULE_DECLARE_DATA mpm_itk_module = { + MPM20_MODULE_STUFF, + ap_mpm_rewrite_args, /* hook to run before apache parses args */ + itk_create_dir_config, /* create per-directory config structure */ + NULL, /* merge per-directory config structures */ +- NULL, /* create per-server config structure */ ++ itk_create_server_config, /* create per-server config structure */ + NULL, /* merge per-server config structures */ + itk_cmds, /* command apr_table_t */ + itk_hooks, /* register hooks */ --- apache2-2.2.16.orig/debian/mpm-itk/patches/03-add-mpm-to-build-system.patch +++ apache2-2.2.16/debian/mpm-itk/patches/03-add-mpm-to-build-system.patch @@ -0,0 +1,25 @@ +Add the new MPM to the build system as an alternative to the other MPMs, +and mark it as experimental. + +Index: apache2.2/server/mpm/config.m4 +=================================================================== +--- apache2.2.orig/server/mpm/config.m4 2007-01-29 21:30:26.000000000 +0100 ++++ apache2.2/server/mpm/config.m4 2007-01-29 21:30:35.000000000 +0100 +@@ -1,7 +1,7 @@ + AC_MSG_CHECKING(which MPM to use) + AC_ARG_WITH(mpm, + APACHE_HELP_STRING(--with-mpm=MPM,Choose the process model for Apache to use. +- MPM={beos|event|worker|prefork|mpmt_os2}),[ ++ MPM={beos|event|worker|prefork|mpmt_os2|itk}),[ + APACHE_MPM=$withval + ],[ + if test "x$APACHE_MPM" = "x"; then +@@ -23,7 +23,7 @@ + + ap_mpm_is_experimental () + { +- if test "$apache_cv_mpm" = "event" ; then ++ if test "$apache_cv_mpm" = "event" -o "$apache_cv_mpm" = "itk" ; then + return 0 + else + return 1 --- apache2-2.2.16.orig/debian/mpm-itk/patches/05-add-copyright.patch +++ apache2-2.2.16/debian/mpm-itk/patches/05-add-copyright.patch @@ -0,0 +1,87 @@ +Add copyright notices, as the next patches are going to add code. + +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c 2009-03-21 13:02:18.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-03-21 13:02:33.000000000 +0100 +@@ -12,6 +12,12 @@ + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. + */ + + #include "apr.h" +Index: httpd-2.2.11/server/mpm/experimental/itk/mpm.h +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/mpm.h 2009-03-21 13:02:18.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h 2009-03-21 13:02:33.000000000 +0100 +@@ -12,6 +12,12 @@ + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. + */ + + /** +Index: httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/mpm_default.h 2009-03-21 13:02:18.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h 2009-03-21 13:02:33.000000000 +0100 +@@ -12,6 +12,12 @@ + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. + */ + + /** +Index: httpd-2.2.11/include/http_request.h +=================================================================== +--- httpd-2.2.11.orig/include/http_request.h 2009-03-21 13:03:19.000000000 +0100 ++++ httpd-2.2.11/include/http_request.h 2009-03-21 13:03:31.000000000 +0100 +@@ -12,6 +12,12 @@ + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. + */ + + /** +Index: httpd-2.2.11/server/request.c +=================================================================== +--- httpd-2.2.11.orig/server/request.c 2009-03-21 13:03:04.000000000 +0100 ++++ httpd-2.2.11/server/request.c 2009-03-21 13:03:13.000000000 +0100 +@@ -12,6 +12,12 @@ + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. ++ * ++ * Portions copyright 2005-2009 Steinar H. Gunderson . ++ * Licensed under the same terms as the rest of Apache. ++ * ++ * Portions copyright 2008 Knut Auvor Grythe . ++ * Licensed under the same terms as the rest of Apache. + */ + + /* --- apache2-2.2.16.orig/debian/mpm-itk/patches/11-fix-htaccess-reads-for-persistent-connections.patch +++ apache2-2.2.16/debian/mpm-itk/patches/11-fix-htaccess-reads-for-persistent-connections.patch @@ -0,0 +1,45 @@ +Fix an issue where users can sometimes get spurious 403s on persistent +connections (the description in the comments explains the logic). +This would particularly hit people with reverse proxies, since these +have a higher tendency of accessing things from different vhosts in +the same connection. + +Index: httpd-2.2.17/server/config.c +=================================================================== +--- httpd-2.2.17.orig/server/config.c ++++ httpd-2.2.17/server/config.c +@@ -1840,6 +1840,34 @@ AP_CORE_DECLARE(int) ap_parse_htaccess(a + else { + if (!APR_STATUS_IS_ENOENT(status) + && !APR_STATUS_IS_ENOTDIR(status)) { ++#ifdef ITK_MPM ++ /* ++ * If we are in a persistent connection, we might end up in a state ++ * where we can no longer read .htaccess files because we have already ++ * setuid(). This can either be because the previous request was for ++ * another vhost (basically the same problem as when setuid() fails in ++ * itk.c), or it can be because a .htaccess file is readable only by ++ * root. ++ * ++ * In any case, we don't want to give out a 403, since the request has ++ * a very real chance of succeeding on a fresh connection (where ++ * presumably uid=0). Thus, we give up serving the request on this ++ * TCP connection, and do a hard close of the socket. As long as we're ++ * in a persistent connection (and there _should_ not be a way this ++ * would happen on the first request in a connection, save for subrequests, ++ * which we special-case), this is allowed, as it is what happens on ++ * a timeout. The browser will simply open a new connection and try ++ * again (there's of course a performance hit, though, both due to ++ * the new connection setup and the fork() of a new server child). ++ */ ++ if (r->main == NULL && getuid() != 0) { ++ ap_log_rerror(APLOG_MARK, APLOG_WARNING, status, r, ++ "Couldn't read %s, closing connection.", ++ filename); ++ ap_lingering_close(r->connection); ++ exit(0); ++ } ++#endif + ap_log_rerror(APLOG_MARK, APLOG_CRIT, status, r, + "%s pcfg_openfile: unable to check htaccess file, " + "ensure it is readable", --- apache2-2.2.16.orig/debian/mpm-itk/patches/04-correct-output-makefile-location.patch +++ apache2-2.2.16/debian/mpm-itk/patches/04-correct-output-makefile-location.patch @@ -0,0 +1,13 @@ +Fix the build system to use MPM_SUBDIR_NAME (which points to the directory +with the MPM in) instead of MPM_NAME (which returns the name of the MPM); +they differ since the MPM is in experimental/. + +Index: apache2.2/server/mpm/experimental/itk/config.m4 +=================================================================== +--- apache2.2.orig/server/mpm/experimental/itk/config.m4 2007-01-29 21:03:51.000000000 +0100 ++++ apache2.2/server/mpm/experimental/itk/config.m4 2007-01-29 21:03:57.000000000 +0100 +@@ -1,3 +1,3 @@ + if test "$MPM_NAME" = "itk" ; then +- APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile) ++ APACHE_FAST_OUTPUT(server/mpm/$MPM_SUBDIR_NAME/Makefile) + fi --- apache2-2.2.16.orig/debian/mpm-itk/patches/10-nice.patch +++ apache2-2.2.16/debian/mpm-itk/patches/10-nice.patch @@ -0,0 +1,140 @@ +Support a per-location nice value. Note that since we now have two different settings +in the per-dir configuration, we need to introduce a merge function. + +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c 2009-04-14 23:29:16.000000000 +0200 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-04-14 23:31:05.000000000 +0200 +@@ -156,11 +156,14 @@ + + static volatile int die_now = 0; + ++#define UNSET_NICE_VALUE 100 ++ + typedef struct + { + uid_t uid; + gid_t gid; + char *username; ++ int nice_value; + } itk_per_dir_conf; + + typedef struct +@@ -511,6 +514,7 @@ + CAP_SETUID, + CAP_SETGID, + CAP_DAC_READ_SEARCH, ++ CAP_SYS_NICE, + }; + #endif + +@@ -1444,6 +1448,12 @@ + strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31); + ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0; + ++ if (dconf->nice_value != UNSET_NICE_VALUE && ++ setpriority(PRIO_PROCESS, 0, dconf->nice_value)) { ++ _DBG("setpriority(): %s", strerror(errno)); ++ err = 1; ++ } ++ + wanted_uid = dconf->uid; + wanted_gid = dconf->gid; + wanted_username = dconf->username; +@@ -1454,7 +1464,7 @@ + wanted_username = unixd_config.user_name; + } + +- if (wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) { ++ if (!err && wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) { + if (setgid(wanted_gid)) { + _DBG("setgid(%d): %s", wanted_gid, strerror(errno)); + err = 1; +@@ -1474,7 +1484,7 @@ + */ + if (err) { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ +- "Couldn't set uid/gid, closing connection."); ++ "Couldn't set uid/gid/priority, closing connection."); + ap_lingering_close(r->connection); + exit(0); + } +@@ -1630,6 +1640,27 @@ + return NULL; + } + ++static const char *set_nice_value (cmd_parms *cmd, void *ptr, const char *arg) ++{ ++ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr; ++ int nice_value = atoi(arg); ++ ++ if (nice_value < -20) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: NiceValue of %d is below -20, increasing NiceValue to -20.", ++ nice_value); ++ nice_value = -20; ++ } ++ else if (nice_value > 19) { ++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, ++ "WARNING: NiceValue of %d is above 19, lowering NiceValue to 19.", ++ nice_value); ++ nice_value = 19; ++ } ++ dconf->nice_value = nice_value; ++ return NULL; ++} ++ + static const command_rec itk_cmds[] = { + UNIX_DAEMON_COMMANDS, + LISTEN_COMMANDS, +@@ -1647,6 +1678,8 @@ + "Tie a virtual host to a specific child process."), + AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF, + "Maximum number of children alive at the same time for this virtual host."), ++AP_INIT_TAKE1("NiceValue", set_nice_value, NULL, RSRC_CONF|ACCESS_CONF, ++ "Set nice value for the given vhost, from -20 (highest priority) to 19 (lowest priority)."), + AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND, + { NULL } + }; +@@ -1657,6 +1690,32 @@ + itk_per_dir_conf *c = (itk_per_dir_conf *) + apr_pcalloc(p, sizeof(itk_per_dir_conf)); + c->uid = c->gid = -1; ++ c->nice_value = UNSET_NICE_VALUE; ++ return c; ++} ++ ++/* == merge the parent per-dir config structure into ours == */ ++static void *itk_merge_dir_config(apr_pool_t *p, void *parent_ptr, void *child_ptr) ++{ ++ itk_per_dir_conf *c = (itk_per_dir_conf *) ++ itk_create_dir_config(p, NULL); ++ itk_per_dir_conf *parent = (itk_per_dir_conf *) parent_ptr; ++ itk_per_dir_conf *child = (itk_per_dir_conf *) child_ptr; ++ ++ if (child->username != NULL) { ++ c->username = apr_pstrdup(p, child->username); ++ c->uid = child->uid; ++ c->gid = child->gid; ++ } else if (parent->username != NULL) { ++ c->username = apr_pstrdup(p, parent->username); ++ c->uid = parent->uid; ++ c->gid = parent->gid; ++ } ++ if (child->nice_value != UNSET_NICE_VALUE) { ++ c->nice_value = child->nice_value; ++ } else { ++ c->nice_value = parent->nice_value; ++ } + return c; + } + +@@ -1673,7 +1732,7 @@ + MPM20_MODULE_STUFF, + ap_mpm_rewrite_args, /* hook to run before apache parses args */ + itk_create_dir_config, /* create per-directory config structure */ +- NULL, /* merge per-directory config structures */ ++ itk_merge_dir_config, /* merge per-directory config structures */ + itk_create_server_config, /* create per-server config structure */ + NULL, /* merge per-server config structures */ + itk_cmds, /* command apr_table_t */ --- apache2-2.2.16.orig/debian/mpm-itk/patches/06-hook-just-after-merging-perdir-config.patch +++ apache2-2.2.16/debian/mpm-itk/patches/06-hook-just-after-merging-perdir-config.patch @@ -0,0 +1,60 @@ +Add an extra hook right after merging per-directory configuration. +This makes sure we are able to setuid() as early as possible (that +is, as soon as know what uid/gid to use for this location), so we +won't run all sorts of subrequests and other stuff as root. + +Index: httpd-2.2.11/include/http_request.h +=================================================================== +--- httpd-2.2.11.orig/include/http_request.h 2009-03-21 13:03:31.000000000 +0100 ++++ httpd-2.2.11/include/http_request.h 2009-03-21 13:03:41.000000000 +0100 +@@ -356,6 +356,15 @@ + */ + AP_DECLARE_HOOK(void,insert_filter,(request_rec *r)) + ++/** ++ * This hook allows modules to affect the request immediately after the ++ * per-directory configuration for the request has been generated. This allows ++ * modules to make decisions based upon the current directory configuration ++ * @param r The current request ++ * @return OK or DECLINED ++ */ ++AP_DECLARE_HOOK(int,post_perdir_config,(request_rec *r)) ++ + AP_DECLARE(int) ap_location_walk(request_rec *r); + AP_DECLARE(int) ap_directory_walk(request_rec *r); + AP_DECLARE(int) ap_file_walk(request_rec *r); +Index: httpd-2.2.11/server/request.c +=================================================================== +--- httpd-2.2.11.orig/server/request.c 2009-03-21 13:03:13.000000000 +0100 ++++ httpd-2.2.11/server/request.c 2009-03-21 13:03:41.000000000 +0100 +@@ -67,6 +67,7 @@ + APR_HOOK_LINK(auth_checker) + APR_HOOK_LINK(insert_filter) + APR_HOOK_LINK(create_request) ++ APR_HOOK_LINK(post_perdir_config) + ) + + AP_IMPLEMENT_HOOK_RUN_FIRST(int,translate_name, +@@ -86,6 +87,8 @@ + AP_IMPLEMENT_HOOK_VOID(insert_filter, (request_rec *r), (r)) + AP_IMPLEMENT_HOOK_RUN_ALL(int, create_request, + (request_rec *r), (r), OK, DECLINED) ++AP_IMPLEMENT_HOOK_RUN_ALL(int,post_perdir_config, ++ (request_rec *r), (r), OK, DECLINED) + + + static int decl_die(int status, char *phase, request_rec *r) +@@ -164,6 +167,13 @@ + return access_status; + } + ++ /* First chance to handle the request after per-directory configuration is ++ * generated ++ */ ++ if ((access_status = ap_run_post_perdir_config(r))) { ++ return access_status; ++ } ++ + /* Only on the main request! */ + if (r->main == NULL) { + if ((access_status = ap_run_header_parser(r))) { --- apache2-2.2.16.orig/debian/mpm-itk/patches/07-base-functionality.patch +++ apache2-2.2.16/debian/mpm-itk/patches/07-base-functionality.patch @@ -0,0 +1,218 @@ +Add the base functionality of mpm_itk over prefork; parse the new configuration +options, fork on each new connection, and setuid() as required. + +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c 2009-03-21 23:52:01.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-04-14 23:27:51.000000000 +0200 +@@ -26,6 +26,11 @@ + #include "apr_thread_proc.h" + #include "apr_signal.h" + ++# define _DBG(text,par...) \ ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ ++ "(itkmpm: pid=%d uid=%d, gid=%d) %s(): " text, \ ++ getpid(), getuid(), getgid(), __FUNCTION__, par) ++ + #define APR_WANT_STDIO + #define APR_WANT_STRFUNC + #include "apr_want.h" +@@ -47,6 +52,7 @@ + #include "http_config.h" + #include "http_core.h" /* for get_remote_host */ + #include "http_connection.h" ++#include "http_request.h" /* for ap_hook_post_perdir_config */ + #include "scoreboard.h" + #include "ap_mpm.h" + #include "unixd.h" +@@ -146,6 +152,15 @@ + + static volatile int die_now = 0; + ++typedef struct ++{ ++ uid_t uid; ++ gid_t gid; ++ char *username; ++} itk_per_dir_conf; ++ ++module AP_MODULE_DECLARE_DATA mpm_itk_module; ++ + #ifdef GPROF + /* + * change directory for gprof to plop the gmon.out file +@@ -512,10 +527,6 @@ + clean_child_exit(APEXIT_CHILDFATAL); + } + +- if (unixd_setup_child()) { +- clean_child_exit(APEXIT_CHILDFATAL); +- } +- + ap_run_child_init(pchild, ap_server_conf); + + ap_create_sb_handle(&sbh, pchild, my_child_num, 0); +@@ -651,10 +662,38 @@ + * socket options, file descriptors, and read/write buffers. + */ + +- current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc); +- if (current_conn) { +- ap_process_connection(current_conn, csd); +- ap_lingering_close(current_conn); ++ { ++ pid_t pid = fork(), child_pid; ++ int status; ++ switch (pid) { ++ case -1: ++ ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "fork: Unable to fork new process"); ++ break; ++ case 0: /* child */ ++ apr_proc_mutex_child_init(&accept_mutex, ap_lock_fname, pchild); ++ current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc); ++ if (current_conn) { ++ ap_process_connection(current_conn, csd); ++ ap_lingering_close(current_conn); ++ } ++ exit(0); ++ default: /* parent; just wait for child to be done */ ++ do { ++ child_pid = waitpid(pid, &status, 0); ++ } while (child_pid == -1 && errno == EINTR); ++ ++ if (child_pid != pid || !WIFEXITED(status)) { ++ if (WIFSIGNALED(status)) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child died with signal %u", WTERMSIG(status)); ++ } else if (WEXITSTATUS(status) != 0) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child exited with non-zero exit status %u", WEXITSTATUS(status)); ++ } else { ++ ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "waitpid() failed"); ++ } ++ clean_child_exit(1); ++ } ++ break; ++ } + } + + /* Check the pod and the generation number after processing a +@@ -672,6 +711,10 @@ + */ + die_now = 1; + } ++ ++ /* if we have already setuid(), die (we can't be used anyhow) */ ++ if (getuid()) ++ die_now = 1; + } + clean_child_exit(0); + } +@@ -1334,6 +1377,56 @@ + return OK; + } + ++static int itk_post_perdir_config(request_rec *r) ++{ ++ uid_t wanted_uid; ++ gid_t wanted_gid; ++ const char *wanted_username; ++ int err = 0; ++ ++ itk_per_dir_conf *dconf = ++ (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module); ++ ++ strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31); ++ ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0; ++ ++ wanted_uid = dconf->uid; ++ wanted_gid = dconf->gid; ++ wanted_username = dconf->username; ++ ++ if (wanted_uid == -1 || wanted_gid == -1) { ++ wanted_uid = unixd_config.user_id; ++ wanted_gid = unixd_config.group_id; ++ wanted_username = unixd_config.user_name; ++ } ++ ++ if (wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) { ++ if (setgid(wanted_gid)) { ++ _DBG("setgid(%d): %s", wanted_gid, strerror(errno)); ++ err = 1; ++ } else if (initgroups(wanted_username, wanted_gid)) { ++ _DBG("initgroups(%s, %d): %s", wanted_username, wanted_gid, strerror(errno)); ++ err = 1; ++ } else if (setuid(wanted_uid)) { ++ _DBG("setuid(%d): %s", wanted_uid, strerror(errno)); ++ err = 1; ++ } ++ } ++ ++ /* ++ * Most likely a case of switching uid/gid within a persistent ++ * connection; the RFCs allow us to just close the connection ++ * at anytime, so we excercise our right. :-) ++ */ ++ if (err) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ ++ "Couldn't set uid/gid, closing connection."); ++ ap_lingering_close(r->connection); ++ exit(0); ++ } ++ return OK; ++} ++ + static void itk_hooks(apr_pool_t *p) + { + /* The itk open_logs phase must run before the core's, or stderr +@@ -1351,6 +1444,9 @@ + * to retrieve it, so register as REALLY_FIRST + */ + ap_hook_pre_config(itk_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST); ++ ++ /* set the uid as fast as possible, but not before merging per-dit config */ ++ ap_hook_header_parser(itk_post_perdir_config, NULL, NULL, APR_HOOK_REALLY_FIRST); + } + + static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg) +@@ -1463,6 +1559,15 @@ + return NULL; + } + ++static const char *assign_user_id (cmd_parms *cmd, void *ptr, const char *user_name, const char *group_name) ++{ ++ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr; ++ dconf->username = apr_pstrdup(cmd->pool, user_name); ++ dconf->uid = ap_uname2id(user_name); ++ dconf->gid = ap_gname2id(group_name); ++ return NULL; ++} ++ + static const command_rec itk_cmds[] = { + UNIX_DAEMON_COMMANDS, + LISTEN_COMMANDS, +@@ -1476,14 +1581,25 @@ + "Maximum number of children alive at the same time"), + AP_INIT_TAKE1("ServerLimit", set_server_limit, NULL, RSRC_CONF, + "Maximum value of MaxClients for this run of Apache"), ++AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF, ++ "Tie a virtual host to a specific child process."), + AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND, + { NULL } + }; + ++/* == allocate a private per-dir config structure == */ ++static void *itk_create_dir_config(apr_pool_t *p, char *dummy) ++{ ++ itk_per_dir_conf *c = (itk_per_dir_conf *) ++ apr_pcalloc(p, sizeof(itk_per_dir_conf)); ++ c->uid = c->gid = -1; ++ return c; ++} ++ + module AP_MODULE_DECLARE_DATA mpm_itk_module = { + MPM20_MODULE_STUFF, + ap_mpm_rewrite_args, /* hook to run before apache parses args */ +- NULL, /* create per-directory config structure */ ++ itk_create_dir_config, /* create per-directory config structure */ + NULL, /* merge per-directory config structures */ + NULL, /* create per-server config structure */ + NULL, /* merge per-server config structures */ --- apache2-2.2.16.orig/debian/mpm-itk/patches/02-rename-prefork-to-itk.patch +++ apache2-2.2.16/debian/mpm-itk/patches/02-rename-prefork-to-itk.patch @@ -0,0 +1,157 @@ +Rename prefork to itk in the copy that was created in 01-copy-prefork.patch. + +Index: httpd-2.2.11/server/mpm/experimental/itk/Makefile.in +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/Makefile.in 2009-03-17 21:38:54.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/Makefile.in 2009-03-17 21:39:03.000000000 +0100 +@@ -1,5 +1,5 @@ + +-LTLIBRARY_NAME = libprefork.la +-LTLIBRARY_SOURCES = prefork.c ++LTLIBRARY_NAME = libitk.la ++LTLIBRARY_SOURCES = itk.c + + include $(top_srcdir)/build/ltlib.mk +Index: httpd-2.2.11/server/mpm/experimental/itk/config.m4 +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/config.m4 2009-03-17 21:38:53.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/config.m4 2009-03-17 21:39:03.000000000 +0100 +@@ -1,3 +1,3 @@ +-if test "$MPM_NAME" = "prefork" ; then ++if test "$MPM_NAME" = "itk" ; then + APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile) + fi +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c 2009-03-17 21:38:54.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-03-17 21:39:03.000000000 +0100 +@@ -1250,7 +1250,7 @@ + /* This really should be a post_config hook, but the error log is already + * redirected by that point, so we need to do this in the open_logs phase. + */ +-static int prefork_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) ++static int itk_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) + { + apr_status_t rv; + +@@ -1271,7 +1271,7 @@ + return OK; + } + +-static int prefork_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp) ++static int itk_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp) + { + static int restart_num = 0; + int no_detach, debug, foreground; +@@ -1328,9 +1328,9 @@ + return OK; + } + +-static void prefork_hooks(apr_pool_t *p) ++static void itk_hooks(apr_pool_t *p) + { +- /* The prefork open_logs phase must run before the core's, or stderr ++ /* The itk open_logs phase must run before the core's, or stderr + * will be redirected to a file, and the messages won't print to the + * console. + */ +@@ -1340,11 +1340,11 @@ + (void) set42sig(); + #endif + +- ap_hook_open_logs(prefork_open_logs, NULL, aszSucc, APR_HOOK_MIDDLE); ++ ap_hook_open_logs(itk_open_logs, NULL, aszSucc, APR_HOOK_MIDDLE); + /* we need to set the MPM state before other pre-config hooks use MPM query + * to retrieve it, so register as REALLY_FIRST + */ +- ap_hook_pre_config(prefork_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST); ++ ap_hook_pre_config(itk_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST); + } + + static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg) +@@ -1457,7 +1457,7 @@ + return NULL; + } + +-static const command_rec prefork_cmds[] = { ++static const command_rec itk_cmds[] = { + UNIX_DAEMON_COMMANDS, + LISTEN_COMMANDS, + AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF, +@@ -1474,13 +1474,13 @@ + { NULL } + }; + +-module AP_MODULE_DECLARE_DATA mpm_prefork_module = { ++module AP_MODULE_DECLARE_DATA mpm_itk_module = { + MPM20_MODULE_STUFF, + ap_mpm_rewrite_args, /* hook to run before apache parses args */ + NULL, /* create per-directory config structure */ + NULL, /* merge per-directory config structures */ + NULL, /* create per-server config structure */ + NULL, /* merge per-server config structures */ +- prefork_cmds, /* command apr_table_t */ +- prefork_hooks, /* register hooks */ ++ itk_cmds, /* command apr_table_t */ ++ itk_hooks, /* register hooks */ + }; +Index: httpd-2.2.11/server/mpm/experimental/itk/mpm.h +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/mpm.h 2009-03-17 21:38:54.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h 2009-03-17 21:39:03.000000000 +0100 +@@ -15,10 +15,10 @@ + */ + + /** +- * @file prefork/mpm.h +- * @brief Unix Prefork MPM (default for Uinx systems) ++ * @file itk/mpm.h ++ * @brief ITK MPM (setuid per-vhost, no threads) + * +- * @defgroup APACHE_MPM_PREFORK Unix Prefork ++ * @defgroup APACHE_MPM_ITK Apache ITK + * @ingroup APACHE_MPM APACHE_OS_UNIX + * @{ + */ +@@ -28,12 +28,12 @@ + #include "scoreboard.h" + #include "unixd.h" + +-#ifndef APACHE_MPM_PREFORK_H +-#define APACHE_MPM_PREFORK_H ++#ifndef APACHE_MPM_ITK_H ++#define APACHE_MPM_ITK_H + +-#define PREFORK_MPM ++#define ITK_MPM + +-#define MPM_NAME "Prefork" ++#define MPM_NAME "ITK" + + #define AP_MPM_WANT_RECLAIM_CHILD_PROCESSES + #define AP_MPM_WANT_WAIT_OR_TIMEOUT +@@ -58,5 +58,5 @@ + extern int ap_threads_per_child; + extern int ap_max_daemons_limit; + extern server_rec *ap_server_conf; +-#endif /* APACHE_MPM_PREFORK_H */ ++#endif /* APACHE_MPM_ITK_H */ + /** @} */ +Index: httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h +=================================================================== +--- httpd-2.2.11.orig/server/mpm/experimental/itk/mpm_default.h 2009-03-17 21:38:54.000000000 +0100 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h 2009-03-17 21:39:03.000000000 +0100 +@@ -15,10 +15,10 @@ + */ + + /** +- * @file prefork/mpm_default.h +- * @brief Prefork MPM defaults ++ * @file itk/mpm_default.h ++ * @brief ITK MPM defaults + * +- * @addtogroup APACHE_MPM_PREFORK ++ * @addtogroup APACHE_MPM_ITK + * @{ + */ + --- apache2-2.2.16.orig/debian/mpm-itk/debian/changelog +++ apache2-2.2.16/debian/mpm-itk/debian/changelog @@ -0,0 +1,117 @@ +apache2-mpm-itk has been merged into the apache2 source package. For newer +changes, see the apache2 changelog. + +apache2-mpm-itk (2.2.11-02-1) unstable; urgency=low + + * New upstream release. + + -- Steinar H. Gunderson Tue, 14 Apr 2009 23:47:36 +0200 + +apache2-mpm-itk (2.2.11-01-1) unstable; urgency=low + + * New upstream release. + * Updated debian/copyright file with COPYRIGHT from the tarball. + * Updated apache2-src build-dependency to make sure we build against Apache + 2.2.11. (The patch set itself will work just fine for 2.2.9, although + not without some fuzz.) + * Updated Standards-Version to 3.8.1 (no changes needed). + + -- Steinar H. Gunderson Sun, 22 Mar 2009 15:39:39 +0100 + +apache2-mpm-itk (2.2.6-02-1) unstable; urgency=medium + + * New upstream release. + * Fixes a configure test for libcap. + * Update Debian package to fix fine-grained capability dropping support. + Together with the upstream fixes, this enables capability dropping, + which was previously broken. (Closes: #492614) + * Run autoheader before autoconf, so HAVE_LIBCAP gets into the right .h + file. + * Change build-dependency from libcap-dev to libcap2-dev, as libcap-dev is + deprecated. + + -- Steinar H. Gunderson Sun, 27 Jul 2008 22:18:26 +0200 + +apache2-mpm-itk (2.2.6-01-3.1) unstable; urgency=low + + * Non-maintainer upload. + * Correctly determine the dependency on apache2.2-common. (Closes: #477772) + + -- Stefan Fritsch Wed, 18 Jun 2008 23:09:34 +0200 + +apache2-mpm-itk (2.2.6-01-3) unstable; urgency=low + + * Use config.nice from apache2-src. This allows us to drop the + build-dependency on apache2-prefork-dev. + * Bump versioned build-dependency on apache2-src to 2.2.9. + * Build-depend on libaprutil1-dev, since we no lenger get it in + transitively from apache2-prefork-dev. + + -- Steinar H. Gunderson Sun, 15 Jun 2008 10:11:49 -0700 + +apache2-mpm-itk (2.2.6-01-2) unstable; urgency=low + + * Update the long description to better reflect the status of the package + (it can hardly be called “highly experimental” anymore). + * Lintian fixes: + * Build-depend on apache2-src (>= 2.2.6) instead of apache2-src + (>= 2.2.6-1). + * Update to Standards-Version 3.7.3 (no changes needed). + + -- Steinar H. Gunderson Tue, 29 Apr 2008 00:55:41 +0200 + +apache2-mpm-itk (2.2.6-01-1) unstable; urgency=high + + * New upstream release, with patches updated for Apache 2.2.6. Should fix + FTBFS (but that FTBFS was silently ignored, see next item). + * Update the apache2-src build dependency to at least 2.2.6-1, as I'm + unsure of the effects of building with this patch set against older + versions. + * Use "set -e" in the patch target so failing hunks are not ignored during + building. + * Updated the homepage URL in debian/copyright, and added + licensing/copyright/tarball information. + + -- Steinar H. Gunderson Sat, 05 Jan 2008 12:27:08 +0100 + +apache2-mpm-itk (2.2.3-04-3) unstable; urgency=medium + + * Provide and conflict with apache2-mpm, in line with new practice from + the main Apache package. This replaces the old conflict lines, as well as + the Provides: apache2-modules. + * apache2-src now contains a top-level directory; adjust debian/rules + accordingly so we just unpack the tarball instead of making an apache2.2 + directory and untarring within that. Fixes FTBFS with newer apache2-src. + (Closes: #428919) + * Build-depend on apache2-src (>= 2.2.3-5), as this will now FTBFS with + older apache2-src versions. + * Remove an obsolete comment from the debian/rules source target. + + -- Steinar H. Gunderson Fri, 15 Jun 2007 13:19:51 +0200 + +apache2-mpm-itk (2.2.3-04-2) unstable; urgency=low + + * Don't build-depend on libcap-dev for non-Linux architectures, which + prevents building on those; patch from Cyril Brulebois. + (Closes: #416460) + + -- Steinar H. Gunderson Sat, 19 May 2007 01:48:11 +0200 + +apache2-mpm-itk (2.2.3-04-1) unstable; urgency=low + + * New upstream release; now with split patches in a tarball (with license + and all) instead of one monolithic patch. + * Adjust debian/rules accordingly. + * Make a "source" target that uses quilt instead of manual patching. + * Remove workaround for old apache2-src. + * Drop dh_testroot from the clean target, as we do not really need root for + it, and it's convenient to be able to just do "debian/rules source" without + using fakeroot. + + -- Steinar H. Gunderson Wed, 25 Apr 2007 14:13:33 +0200 + +apache2-mpm-itk (2.2.3-01-1) unstable; urgency=low + + * Initial port to Apache 2.2, and upload to Debian. + + -- Steinar H. Gunderson Sun, 29 Oct 2006 23:05:36 +0100 --- apache2-2.2.16.orig/debian/icons/odf6ots-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6ots-20x22.png.uue @@ -0,0 +1,25 @@ +begin-base64 644 odf6ots-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACRlBMVEXZ2dkh +ISEzMzM0NDQ1NTUzM5lcXKxdXK1dXa1eXq6ZmZmlpKSlpaWmpqamp6amp6en +p6eoqKioqKmpqaqqqarOztzOz9zR0N7R0d3R0d/S0eDS0uDT0+DT1ODV1eIA +AADX2OTY2OTa2trb2tvb29vc29zb3Nvc3Nvc3Nzc3dzd3dzd3d3d3t7e3t3e +3t7e397e39/f39/e3ujg39/f4N/g4ODf3+ng4OHh4ODh4OHh4eDh4eHh4eLi +4eHh4uLi4uHi4uLj4uLj4uPi4+Lj4+Pj4+Tk4+Pk4+Tj5OTk5OTk5OXl5OTk +5eTk5eXl5eXl5ebm5eXm5ebl5uXl5ubm5ubm5ufn5ufm5+bm5+fn5+fn5+jm +5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp6Ono6enp6ejp6enp6erq6enq6erp6unp +6urq6unq6urq6uvr6uvq6+vr6+vr6+zs6+vs6+zr7Ovr7Ozs7Ozs7O3t7Ozs +7e3t7e3u7e3t7u3t7u7u7u3u7u7u7u/v7u/v7+7v7+/v7/Dw7/Dv8O/v8PDw +8PDx8PDw8fDw8fHx8fDx8fHx8vHy8vHy8vLz8vLz8vPy8/Ly8/Pz8/Lz8/Pz +8/T08/Tz9PP09PP09PT19PT19PX09fT09fX19fX19fb29fX29fb29vb29vf3 +9vf39/f49/j3+Pf3+Pj4+Pj4+Pn5+fn5+fr6+fn6+fr6+vr7+vr7+vv6+/v7 ++/v8+/v8/Pz9/Pz8/fz9/fz9/f3+/f3+/f7+/v7+/v///v/////O2tP2AAAA +AXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAACxMAAAsTAQCanBgA +AAE4SURBVBjTY2BCBvIgwMDAwHTw4L7diVs3rlu9fOmieTOFGMGCB/YpcrJy +yK1evnjB7GmCzFxgwb0KrCAgs4BFZIogswBEcDsnq9ya5dLsc4RZBJn5GyCC +0SB1Sxawmk0QZOarr4EIrudgXbZ4vgRbb087LzNPMURwtSyr1BxxVtHe5qYq +bqY8iODyJZJsrGxiHS0NVeUFudkQwQXzp08z6u1orqsqy89IToAIzp01cUJP +W0NdZWFuWlJcJERw2oTejtb6qrKCnKyEmBA/iGCfPDLwhAj2yjfWVhbmyCfE +Rvr7ybtABJtRVNpABOvliwtyUhPkQ/w83RzkLSCClSgqDSGCRfKpCVGhgfIe +DnZWxvK6EMEcFJWaEMGU2IhAP1cXB2tTQz1tdRWIIBMXCmACCTIwyKMBBgYA +UJpdvW69xycAAAAASUVORK5CYII= +==== --- apache2-2.2.16.orig/debian/icons/odf6odm-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6odm-20x22.png.uue @@ -0,0 +1,26 @@ +begin-base64 644 odf6odm-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACW1BMVEXZ2dkt +LS0uLi4uLy8vLy8zMzMzM5lcXKxdXK1dXa1eXq6ZmZmdnZ2fnp6gn6CgoKCh +oaGioqGioqOjoqOkpKSkpaWmpqbOztzOz9zR0N7R0d3R0d/S0eDS0uDT0+DT +1ODV1eIAAADX2OTY2OTa2trb2tvb29vc29zb3Nvc3Nvc3Nzc3dzd3dzd3d3d +3t7e3t3e3t7e397e39/f39/e3ujg39/f4N/g4ODf3+ng4OHh4ODh4OHh4eDh +4eHh4eLi4eHh4uLi4uHi4uLj4uLj4uPi4+Lj4+Pj4+Tk4+Pk4+Tj5OTk5OTk +5OXl5OTk5eTk5eXl5eXl5ebm5eXm5ebl5uXl5ubm5ubm5ufn5ufm5+bm5+fn +5+fn5+jm5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp6Ono6enp6ejp6enp6erq6enq +6erp6unp6urq6unq6urq6uvr6uvq6+vr6+vr6+zs6+vs6+zr7Ovr7Ozs7Ozs +7O3t7Ozt7O3s7e3t7e3u7e3t7u3t7u7u7u3u7u7u7u/v7u/v7+7v7+/v7/Dw +7/Dv8O/v8PDw8PDx8PDx8PHw8fDw8fHx8fDx8fHx8fLx8vHy8vHy8vLy8vPz +8vLz8vPy8/Ly8/Pz8/Lz8/Pz8/T08/Tz9PP09PP09PT19PT19PX09fT09fX1 +9fX19fb29fX29fb19vb29vb29vf39vf39/f49/j3+Pf3+Pj4+Pj4+Pn5+fn5 ++fr6+fn6+fr6+vr7+vr7+vv6+/v7+/v8+/v8/Pz9/Pz8/fz9/fz9/f3+/f3+ +/f7+/v7+/v///v/////7IDMLAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgA +AAAJcEhZcwAACxMAAAsTAQCanBgAAAFVSURBVBjTY2BFBgxQwHrixNFDyXt2 +bN20jnUFTJT1+FFlLjZOhU3rVrIunAMVZT2ixAYCcssWsc6a0gcRZd3Hxaaw +eZ0sx6K5rJN7uprBoqyxIHWrl7FZTFVkBUOQ4DZOtrUrl0qxT5ygCAEgwU3y +bDKLJNnEJ7a11nIDAVhw3WppdjZ2ie725trKIpjgsqVz55hM7BZjqa1gFk5N +ggguXjB96oROMRbR4nwhJoFoiOCcqRO7O5pYRIrycpIEmAIggpP7u9uaahWL +ctMTosMUvSGCEztbGmqKFTOT4qMDAxTdIIJtrXUVRflMgnFhQT68jHYQwaba +0qK8dAEm/gBvXkYeK4hgTXlRZmpCBB+jpxsjj7kxRLAkLz0pJjzYR9HJQdHU +UB8iCBSLDgvxd1O0tVI00NWGCKbFRwUHuLs52ZobG+hqqkEEWblRADjoGBgU +0QADAwCDDmJcDd4k9QAAAABJRU5ErkJggg== +==== --- apache2-2.2.16.orig/debian/icons/odf6oti-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6oti-20x22.png.uue @@ -0,0 +1,27 @@ +begin-base64 644 odf6oti-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAAChVBMVEXZ2dkh +ISErKyssLCwsLC0tLS0zMzM0NDQ1NTUzM5lcXKxdXK1dXa1eXq6ZmZmlpKSl +paWmpqamp6amp6enp6eoqKioqKmpqaqqqaq4uLi5uLi7u7u7u7y8u7u8vLy9 +vb2+vb2+vb69vr6+vr6/vr6+v77AwMDAwMHBwMHAwcHOztzOz9zR0N7R0d3R +0d/S0eDS0uDT0+DT1ODV1eIAAADX2OTY2OTa2trb2tvb29vc29zb3Nvc3Nvc +3Nzc3dzd3dzd3d3d3t7e3t3e3t7e397e39/f39/e3ujg39/f4N/g4ODf3+ng +4OHh4ODh4OHh4eDh4eHh4eLi4eHh4uLi4uHi4uLj4uLj4uPi4+Lj4+Pj4+Tk +4+Pk4+Tj5OTk5OTk5OXl5OTk5eTk5eXl5eXl5ebm5eXm5ebl5uXl5ubm5ubm +5ufn5ufm5+bm5+fn5+fn5+jm5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp6Ono6enp +6ejp6enp6erq6enq6erp6unp6urq6unq6urq6uvr6uvq6+vr6+vr6+zs6+vs +6+zr7Ovr7Ozs7Ozs7O3t7Ozs7e3t7e3u7e3t7u3t7u7u7u3u7u7u7u/v7u/v +7+7v7+/v7/Dw7/Dv8O/v8PDw8PDx8PDw8fDw8fHx8fDx8fHx8vHy8vHy8vLz +8vLz8vPy8/Ly8/Pz8/Lz8/Pz8/T08/Tz9PP09PP09PT19PT19PX09fT09fX1 +9fX19fb29fX29fb29vb29vf39vf39/f49/j3+Pf3+Pj4+Pj4+Pn5+fn5+fr6 ++fn6+fr6+vr7+vr7+vv6+/v7+/v8+/v8/Pz9/Pz8/fz9/fz9/f3+/f3+/f7+ +/v7+/v///v////9GKjb7AAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJ +cEhZcwAACxMAAAsTAQCanBgAAAFaSURBVBjTY2BDBiYgwMDAwHbt2uULZaeO +HT6wZ9f2zevEGMGCVy+b8XLyGB/Ys2PrhtWi7HxgwUumnCBguJVDYqUouwhE +8Awvp/HBPQbcG8U5RNmFp0IEC0Dqdm7l9F4qyi40ZSJE8AgP5+4dW3S5Fi2c +I8gu0AERPGDEqb9Rh1Nr0Yzp/fxszRDBPTv1uDi5tOfOnNrf09rUABHcumXN +avdFc2dM7u9uqa0ohQhuWr9s6cLZUyf3tTVVlxfnQQRXL100d9aU/u7WxvrS +wsxkiODiBXNngMQaqpSY5ZLjIIKLZk+b1KfOrFKqyCzDHBMJEZwxfUK3Gosq +swKzbLxJeCBEcEq/Biuzcqk8s3RcNJOUL0SwT5NVpaI4Oy0xJjJEkskNItgO +VJaflRYfGxrs72HiBBFsNEEGdhDByqLctOSoyNAALzdnBxtLiCAbHwpgAwky +MJigAQYGAOZzdl7FtGVFAAAAAElFTkSuQmCC +==== --- apache2-2.2.16.orig/debian/icons/odf6ods-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6ods-20x22.png.uue @@ -0,0 +1,24 @@ +begin-base64 644 odf6ods-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACLlBMVEXZ2dkz +MzMzM5lcXKxdXK1dXa1eXq6ZmZnOztzOz9zR0N7R0d3R0d/S0eDS0uDT0+DT +1ODV1eIAAADX2OTY2OTa2trb2tvb29vc29zb3Nvc3Nvc3Nzc3dzd3dzd3d3d +3t7e3t3e3t7e397e39/f39/e3ujg39/f4N/g4ODf3+ng4OHh4ODh4OHh4eDh +4eHh4eLi4eHh4uLi4uHi4uLj4uLj4uPi4+Lj4+Pj4+Tk4+Pk4+Tj5OTk5OTk +5OXl5OTk5eTk5eXl5eXl5ebm5eXm5ebl5uXl5ubm5ubm5ufn5ufm5+bm5+fn +5+fn5+jm5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp6Ono6enp6ejp6enp6erq6enq +6erp6unp6urq6unq6urq6uvr6uvq6+vr6+vr6+zs6+vs6+zr7Ovr7Ozs7Ozs +7O3t7Ozt7O3s7e3t7e3u7e3t7u3t7u7u7u3u7u7u7u/v7u/v7+7v7+/v7/Dw +7/Dv8O/v8PDw8PDx8PDx8PHw8fDw8fHx8fDx8fHx8fLx8vHy8vHy8vLy8vPz +8vLz8vPy8/Ly8/Pz8/Lz8/Pz8/T08/Tz9PP09PP09PT19PT19PX09fT09fX1 +9fX19fb29fX29fb19vb29vb29vf39vf39/f49/j3+Pf3+Pj4+Pj4+Pn5+fn5 ++fr6+fn6+fr6+vr7+vr7+vv6+/v7+/v8+/v8/Pz9/Pz8/fz9/fz9/f3+/f3+ +/f7+/v7+/v///v////9yFadVAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgA +AAAJcEhZcwAACxMAAAsTAQCanBgAAAEpSURBVBjTY2BEBgxQwLhz57bNIWtX +Lls8n3EmTJRxxzYRNiZWwcXzZzFO6oWKMm4VZgIB/umTGbtb6yGijOvZmASX +zOdjmdzH2FJbXQIWZfQDqZsznUmzTYgRDEGCy1mZ5s2axs3c1CgEASDBxQJM +vJO5mDiaysvy2IEALDh/Dg8zEzNnTUVJXlYyTHD6tL5e1aaa8qK8zKTosGCI +4JSJHW2NVSVFuSkJkaGBPhDB3rammsrivMzk+Nhgf3dHiGCLEDKwgQg2CZUW +5qbECwUH+Dg5CplDBMtRVOpDBIuF0pLjI4KF3B1tLI2FtCGCuSgqVSCCqUIR +wb4eLkLWxoa6akIKEMF4FJUyEMHwAG8XRwtzYz0NFUU5KXGIICM7CgAHHQOD +EBpgYAAAbP5NPEH1cBAAAAAASUVORK5CYII= +==== --- apache2-2.2.16.orig/debian/icons/odf6odc-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6odc-20x22.png.uue @@ -0,0 +1,25 @@ +begin-base64 644 odf6odc-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACLlBMVEXZ2dkz +MzMzM5lcXKxdXK1dXa1eXq6ZmZnOztzOz9zR0N7R0d3R0d/S0eDS0uDT0+DT +1ODV1eIAAADX2OTY2OTa2trb2tvb29vc29zb3Nvc3Nvc3Nzc3dzd3dzd3d3d +3t7e3t3e3t7e397e39/f39/e3ujg39/f4N/g4ODf3+ng4OHh4ODh4OHh4eDh +4eHh4eLi4eHh4uLi4uHi4uLj4uLj4uPi4+Lj4+Pj4+Tk4+Pk4+Tj5OTk5OTk +5OXl5OTk5eTk5eXl5eXl5ebm5eXm5ebl5uXl5ubm5ubm5ufn5ufm5+bm5+fn +5+fn5+jm5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp6Ono6enp6ejp6enp6erq6enq +6erp6unp6urq6unq6urq6uvr6uvq6+vr6+vr6+zs6+vs6+zr7Ovr7Ozs7Ozs +7O3t7Ozt7O3s7e3t7e3u7e3t7u3t7u7u7u3u7u7u7u/v7u/v7+7v7+/v7/Dw +7/Dv8O/v8PDw8PDx8PDx8PHw8fDw8fHx8fDx8fHx8fLx8vHy8vHy8vLy8vPz +8vLz8vPy8/Ly8/Pz8/Lz8/Pz8/T08/Tz9PP09PP09PT19PT19PX09fT09fX1 +9fX19fb29fX29fb19vb29vb29vf39vf39/f49/j3+Pf3+Pj4+Pj4+Pn5+fn5 ++fr6+fn6+fr6+vr7+vr7+vv6+/v7+/v8+/v8/Pz9/Pz8/fz9/fz9/f3+/f3+ +/f7+/v7+/v///v////9yFadVAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgA +AAAJcEhZcwAACxMAAAsTAQCanBgAAAFGSURBVBjTY2BEBgxQwLhz57bNIWtX +Lls8n3EmTJRxxzYRNiZWwcXzZzFO6oWKMm4VZgIB/umTGbtb6yGijOvZmASX +zOdjmdzH2FJbXQIWZfQDqZsznUmzTYgRDEGCy1mZ5s2axs3c1CgEASDBxQJM +vJO5mDiaysvy2IEALDh/Dg8zEzNnTUVJXlYyTHD6tL5e1aaa8qK8zKTosGCI +4JSJHW2NVSVFuSkJkaGBPhDBXqGmmsrivMxkodhgf3dHiGCLUE05SCxOKNDH +XcgGItgkVFqYmxIfFSzk4+QoZA4RLBfKz0xOiBHyF3IWshTShwgWC6UlxwsF +CwG1ChkLaUMEc4WShcKEPIXshcyF9IRUIIKpQhHBvh4uttbGhrpqSgoQwXgh +ZCADEQwP8HZxtDA31tNQUZSTEocIMrKjAHDQMTAIoQEGBgAAx1K+64izZQAA +AABJRU5ErkJggg== +==== --- apache2-2.2.16.orig/debian/icons/odf6otg-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6otg-20x22.png.uue @@ -0,0 +1,27 @@ +begin-base64 644 odf6otg-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACf1BMVEXZ2dkh +ISEqKiorKiorKysrKywsLCwsLC0tLS0zMzM0NDQ1NTUzM5lcXKxdXK1dXa1e +Xq6ZmZmam5qdnZ2fn6Cgn5+hoaGioqKio6Kio6Ojo6OkpKSlpKSkpaWlpaWm +pqampqemp6amp6enp6eoqKioqKmpqaqqqarOztzOz9zR0N7R0d3R0d/S0eDS +0uDT0+DT1ODV1eIAAADX2OTY2OTa2trb2tvb29vc29zb3Nvc3Nvc3Nzc3dzd +3dzd3d3d3t7e3t3e3t7e397e39/f39/e3ujg39/f4N/g4ODf3+ng4OHh4ODh +4OHh4eDh4eHh4eLi4eHh4uLi4uHi4uLj4uLj4uPi4+Lj4+Pj4+Tk4+Pk4+Tj +5OTk5OTk5OXl5OTk5eTk5eXl5eXl5ebm5eXm5ebl5uXl5ubm5ubm5ufn5ufm +5+bm5+fn5+fn5+jm5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp6Ono6enp6ejp6enp +6erq6enq6erp6unp6urq6unq6urq6uvr6uvq6+vr6+vr6+zs6+vs6+zr7Ovr +7Ozs7Ozs7O3t7Ozs7e3t7e3u7e3t7u3t7u7u7u3u7u7u7u/v7u/v7+7v7+/v +7/Dw7/Dv8O/v8PDw8PDx8PDw8fDw8fHx8fDx8fHx8vHy8vHy8vLz8vLz8vPy +8/Ly8/Pz8/Lz8/Pz8/T08/Tz9PP09PP09PT19PT19PX09fT09fX19fX19fb2 +9fX29fb29vb29vf39vf39/f49/j3+Pf3+Pj4+Pj4+Pn5+fn5+fr6+fn6+fr6 ++vr7+vr7+vv6+/v7+/v8+/v8/Pz9/Pz8/fz9/fz9/f3+/f3+/f7+/v7+/v// +/v/////QWXrUAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAA +CxMAAAsTAQCanBgAAAFfSURBVBjTY+BEBkYgwMDAwHnlysVzJSeOHNy3a8fW +jWtUGcGCly+aCPDwG+7btW3zupUqXIJgwQvGPCCgv5lbfbkKlzJE8JQAj+H+ +XXp869W4VbiUJkME80Dqtm/m8VyswqU4qR8ieIifZ+e2Tdq8C+bPkueSa4MI +7jPg0V2vxaOxYNrUXhnORojgru06vDy8mrMVJvd2NTfUQQQ3b1q10nXBbHkO +uc6m6rJiiOCGtUsWz585mUOWo6GytDAHIrhy8YLZMybJcTSzSRbnpydCBBfO +mz1tUi+HdJ04W056YgxEcMHMKRN6pNmqigvYRBKjwiGC06b2dTazS5Tnp4uy +Rob6QwQn9bY1S7EVg7SyCAd4QwR7Opqr2MQyU+KjwoVZPFwggq31FWJsGSmx +0cGBvsxCDhDB+opiNiMYYLKBCJYXZKckRoQH+3m4ONpZmUMEOQVRACdIkIHB +CA0wMAAAjGF0n7ZMFJ4AAAAASUVORK5CYII= +==== --- apache2-2.2.16.orig/debian/icons/odf6otp-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6otp-20x22.png.uue @@ -0,0 +1,25 @@ +begin-base64 644 odf6otp-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACRlBMVEXZ2dkh +ISEzMzM0NDQ1NTUzM5lcXKxdXK1dXa1eXq6ZmZmlpKSlpaWmpqamp6amp6en +p6eoqKioqKmpqaqqqarOztzOz9zR0N7R0d3R0d/S0eDS0uDT0+DT1ODV1eIA +AADX2OTY2OTa2trb2tvb29vc29zb3Nvc3Nvc3Nzc3dzd3dzd3d3d3t7e3t3e +3t7e397e39/f39/e3ujg39/f4N/g4ODf3+ng4OHh4ODh4OHh4eDh4eHh4eLi +4eHh4uLi4uHi4uLj4uLj4uPi4+Lj4+Pj4+Tk4+Pk4+Tj5OTk5OTk5OXl5OTk +5eTk5eXl5eXl5ebm5eXm5ebl5uXl5ubm5ubm5ufn5ufm5+bm5+fn5+fn5+jm +5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp6Ono6enp6ejp6enp6erq6enq6erp6unp +6urq6unq6urq6uvr6uvq6+vr6+vr6+zs6+vs6+zr7Ovr7Ozs7Ozs7O3t7Ozs +7e3t7e3u7e3t7u3t7u7u7u3u7u7u7u/v7u/v7+7v7+/v7/Dw7/Dv8O/v8PDw +8PDx8PDw8fDw8fHx8fDx8fHx8vHy8vHy8vLz8vLz8vPy8/Ly8/Pz8/Lz8/Pz +8/T08/Tz9PP09PP09PT19PT19PX09fT09fX19fX19fb29fX29fb29vb29vf3 +9vf39/f49/j3+Pf3+Pj4+Pj4+Pn5+fn5+fr6+fn6+fr6+vr7+vr7+vv6+/v7 ++/v8+/v8/Pz9/Pz8/fz9/fz9/f3+/f3+/f7+/v7+/v///v/////O2tP2AAAA +AXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAACxMAAAsTAQCanBgA +AAE/SURBVBjTY2BCBvIgwMDAwHTw4L7diVs3rlu9fOmieTOFGMGCB/YpcrJy +yK1evnjB7GmCzFxgwb0KrCAgs4BFZIogswBEcDsnq9ya5dLsc4RZBJn5GyCC +0SB1Sxawmk0QZOarr4EIrudgXbZ4vgRbb087LzNPMURwtSyr1BxxVtHe5qYq +bqY8iODyJZJsrGxiHS0NVeUFudkQwQXzp08z6u1orqsqy89IToAIzp01cUJP +W0NdZWFuWlJcJERw2oTejtb6qrKCnKyEmBA/iGCffIc8AnhCBHvbGmsrC3PS +E2Ij/f3cXSCCzfLVSCptIIL1VcUFOakJkSF+nm4OthYQwUr5AiSVhhDBIqCy +qNBALw8HOytjfV2IYI58ApJKTYhgSmxEoJ+ri4O1qaGetroKRJCJCwUwgQQZ +GOTRAAMDAEoQYSbvnJwhAAAAAElFTkSuQmCC +==== --- apache2-2.2.16.orig/debian/icons/odf6odf-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6odf-20x22.png.uue @@ -0,0 +1,26 @@ +begin-base64 644 odf6odf-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACWFBMVEXZ2dkm +JiYnJycoKCgzMzMzM5lcXKxdXK1dXa1eXq6ZmZmen5+goKGgoaChoaGioaGj +oqOjo6OlpKSkpaWlpaSmpqbOztzOz9zR0N7R0d3R0d/S0eDS0uDT0+DT1ODV +1eIAAADX2OTY2OTa2trb2tvb29vc29zb3Nvc3Nvc3Nzc3dzd3dzd3d3d3t7e +3t3e3t7e397e39/f39/e3ujg39/f4N/g4ODf3+ng4OHh4ODh4OHh4eDh4eHh +4eLi4eHh4uLi4uHi4uLj4uLj4uPi4+Lj4+Pj4+Tk4+Pk4+Tj5OTk5OTk5OXl +5OTk5eTk5eXl5eXl5ebm5eXm5ebl5uXl5ubm5ubm5ufn5ufm5+bm5+fn5+fn +5+jm5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp6Ono6enp6ejp6enp6erq6enq6erp +6unp6urq6unq6urq6uvr6uvq6+vr6+vr6+zs6+vs6+zr7Ovr7Ozs7Ozs7O3t +7Ozt7O3s7e3t7e3u7e3t7u3t7u7u7u3u7u7u7u/v7u/v7+7v7+/v7/Dw7/Dv +8O/v8PDw8PDx8PDx8PHw8fDw8fHx8fDx8fHx8fLx8vHy8vHy8vLy8vPz8vLz +8vPy8/Ly8/Pz8/Lz8/Pz8/T08/Tz9PP09PP09PT19PT19PX09fT09fX19fX1 +9fb29fX29fb19vb29vb29vf39vf39/f49/j3+Pf3+Pj4+Pj4+Pn5+fn5+fr6 ++fn6+fr6+vr7+vr7+vv6+/v7+/v8+/v8/Pz9/Pz8/fz9/fz9/f3+/f3+/f7+ +/v7+/v///v/////zGJjLAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJ +cEhZcwAACxMAAAsTAQCanBgAAAFLSURBVBjTY2BBBgxQwHL8+JGDSbu3b9m4 +lmU5TJTl2BElTlYO+Y1rV7AsmA0VZTmsyAoCsksXssyc3AsRZdnLySq/aa0M ++8I5LJO6O5vAoiwxIHWrlrKaT1FgAUOQ4FYO1jUrlkiyTehXgACQ4EY5VumF +EqxiE1pbariAACy4dpUUGyubeFdbU01FIUxw6ZI5s40ndLU21JQXZKYkQgQX +zZ82pb8DYlxyfBREcPaUCV3tjcyihbnCzLGh/hDBSX1drY01oswiafFRof5e +EMEJHc311UW5QsyCUQH+Hq4QwdaW2vLCvKxUQSZ+b3dnW4hgY01JYW5aoiAT +n5e7o50lRLC6rDAjJV6AidfD1cHGzAgiWAxUFh3GxOPpyM1oYqAHEQSKRYUG +Q9ypr6MFEUyNiwzyd3N1BGrV19FQhQiycKEAcNAxMCigAQYGAJCUYbIIDCae +AAAAAElFTkSuQmCC +==== --- apache2-2.2.16.orig/debian/icons/odf6odg-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6odg-20x22.png.uue @@ -0,0 +1,26 @@ +begin-base64 644 odf6odg-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACbVBMVEXZ2dkq +KiorKiorKysrKywsLCwsLC0tLS0zMzMzM5lcXKxdXK1dXa1eXq6ZmZmam5qd +nZ2fn6Cgn5+hoaGioqKio6Kio6Ojo6OkpKSkpaWlpaWmpqampqfOztzOz9zR +0N7R0d3R0d/S0eDS0uDT0+DT1ODV1eIAAADX2OTY2OTa2trb2tvb29vc29zb +3Nvc3Nvc3Nzc3dzd3dzd3d3d3t7e3t3e3t7e397e39/f39/e3ujg39/f4N/g +4ODf3+ng4OHh4ODh4OHh4eDh4eHh4eLi4eHh4uLi4uHi4uLj4uLj4uPi4+Lj +4+Pj4+Tk4+Pk4+Tj5OTk5OTk5OXl5OTk5eTk5eXl5eXl5ebm5eXm5ebl5uXl +5ubm5ubm5ufn5ufm5+bm5+fn5+fn5+jm5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp +6Ono6enp6ejp6enp6erq6enq6erp6unp6urq6unq6urq6uvr6uvq6+vr6+vr +6+zs6+vs6+zr7Ovr7Ozs7Ozs7O3t7Ozt7O3s7e3t7e3u7e3t7u3t7u7u7u3u +7u7u7u/v7u/v7+7v7+/v7/Dw7/Dv8O/v8PDw8PDx8PDx8PHw8fDw8fHx8fDx +8fHx8fLx8vHy8vHy8vLy8vPz8vLz8vPy8/Ly8/Pz8/Lz8/Pz8/T08/Tz9PP0 +9PP09PT19PT19PX09fT09fX19fX19fb29fX29fb19vb29vb29vf39vf39/f4 +9/j3+Pf3+Pj4+Pj4+Pn5+fn5+fr6+fn6+fr6+vr7+vr7+vv6+/v7+/v8+/v8 +/Pz9/Pz8/fz9/fz9/f3+/f3+/f7+/v7+/v///v////9hYXL5AAAAAXRSTlMA +QObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAACxMAAAsTAQCanBgAAAFPSURB +VBjTY+BABgxQwHHu3OkTmYf27d6xhWMdTJTj7GlNXk4etR1b1nMsXwQV5Til +wQkCKmtWcCyYNQUiynGEl1Nt5xZl7hWLOWZOmtAJFuVIBqnbuIbTbrY6BxiC +BPfwcG5ev1qBa/o0dQgACe5Q5VRaIc8pO72nu5kPCMCCWzYqcnFyyU2U6Wyu +r4AJrlm9eJHV9InS7FJ15QXZGRDBlcvmzp7W38kuyV6al5WWCBFcNHv6xL4O +KfYKVrGMlJgwiODMqRN7OprZJYpFWBNjwgIhgtP7u9qaJFjzM1JZBcP8fSCC +Pd0tdRVsojkpMUIsfl4uEMGO5uoKcdYMkFZmAVcHiGBTbUU+q3BcZIi/jwCz +rSVEsKokV5g1NjIowMPNiYnfFCJYkpvBqg4DjIYQwZzUhMgwXx8PZ1tLM2N9 +HYggBx8KAAcdA4M6GmBgAABuC2ZqLPWjjgAAAABJRU5ErkJggg== +==== --- apache2-2.2.16.orig/debian/icons/odf6odb-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6odb-20x22.png.uue @@ -0,0 +1,26 @@ +begin-base64 644 odf6odb-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACVVBMVEXZ2dkm +JiYnJycoJycnKCgoKCgpKSkzMzMzM5lcXKxdXK1dXa1eXq6ZmZmampqcm5uf +n5+ioaKhoqKmpqWnp6fOztzOz9zR0N7R0d3R0d/S0eDS0uDT0+DT1ODV1eIA +AADX2OTY2OTa2trb2tvb29vc29zb3Nvc3Nvc3Nzc3dzd3dzd3d3d3t7e3t3e +3t7e397e39/f39/e3ujg39/f4N/g4ODf3+ng4OHh4ODh4OHh4eDh4eHh4eLi +4eHh4uLi4uHi4uLj4uLj4uPi4+Lj4+Pj4+Tk4+Pk4+Tj5OTk5OTk5OXl5OTk +5eTk5eXl5eXl5ebm5eXm5ebl5uXl5ubm5ubm5ufn5ufm5+bm5+fn5+fn5+jm +5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp6Ono6enp6ejp6enp6erq6enq6erp6unp +6urq6unq6urq6uvr6uvq6+vr6+vr6+zs6+vs6+zr7Ovr7Ozs7Ozs7O3t7Ozt +7O3s7e3t7e3u7e3t7u3t7u7u7u3u7u7u7u/v7u/v7+7v7+/v7/Dw7/Dv8O/v +8PDw8PDx8PDx8PHw8fDw8fHx8fDx8fHx8fLx8vHy8vHy8vLy8vPz8vLz8vPy +8/Ly8/Pz8/Lz8/Pz8/T08/Tz9PP09PP09PT19PT19PX09fT09fX19fX19fb2 +9fX29fb19vb29vb29vf39vf39/f49/j3+Pf3+Pj4+Pj4+Pn5+fn5+fr6+fn6 ++fr6+vr7+vr7+vv6+/v7+/v8+/v8/Pz9/Pz8/fz9/fz9/f3+/f3+/f7+/v7+ +/v///v/////2MLzaAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZ +cwAACxMAAAsTAQCanBgAAAFOSURBVBjTY2BHBgxQwH7s2OEDibu2bd6whn0Z +TJT96GFFHg5uuQ1rlrPPnwUVZT+kwAECMksWsM+Y1AMRZd/DwyG3cY0014LZ +7BO7OhrBouzRIHUrl3CYTZZnB0OQ4BZujtXLF0tw9vfJQwBIcIMsh9QCcQ7R +/pbmal4gAAuuWSnJycEp1tnaWF1eABNcsnj2LKN+ETaQTlahBIjgwnlTJ/e1 +swlXFeamCbJEQgRnTe7vbGuQZwWpZJb3gwhO7O1saaiWL8hOjYsMkfeECPa3 +N9VVFcqnJ8RG+vvJu0AEW5prygpy5VNiQgK83ORtIIIN1cUFOanykSF+nm4O +8hYQwarSgvTkOPlAH3cXe2t5Q4hgUU5qQlQok4CHg50VP6MuRBAoFhkSJMAE +chIjnyZEMCU2ItDP1cXB2tRQT1tdBSLIzosCwEHHwCCPBhgYAAu7YJl7iNbr +AAAAAElFTkSuQmCC +==== --- apache2-2.2.16.orig/debian/icons/odf6odp-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6odp-20x22.png.uue @@ -0,0 +1,24 @@ +begin-base64 644 odf6odp-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACLlBMVEXZ2dkz +MzMzM5lcXKxdXK1dXa1eXq6ZmZnOztzOz9zR0N7R0d3R0d/S0eDS0uDT0+DT +1ODV1eIAAADX2OTY2OTa2trb2tvb29vc29zb3Nvc3Nvc3Nzc3dzd3dzd3d3d +3t7e3t3e3t7e397e39/f39/e3ujg39/f4N/g4ODf3+ng4OHh4ODh4OHh4eDh +4eHh4eLi4eHh4uLi4uHi4uLj4uLj4uPi4+Lj4+Pj4+Tk4+Pk4+Tj5OTk5OTk +5OXl5OTk5eTk5eXl5eXl5ebm5eXm5ebl5uXl5ubm5ubm5ufn5ufm5+bm5+fn +5+fn5+jm5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp6Ono6enp6ejp6enp6erq6enq +6erp6unp6urq6unq6urq6uvr6uvq6+vr6+vr6+zs6+vs6+zr7Ovr7Ozs7Ozs +7O3t7Ozt7O3s7e3t7e3u7e3t7u3t7u7u7u3u7u7u7u/v7u/v7+7v7+/v7/Dw +7/Dv8O/v8PDw8PDx8PDx8PHw8fDw8fHx8fDx8fHx8fLx8vHy8vHy8vLy8vPz +8vLz8vPy8/Ly8/Pz8/Lz8/Pz8/T08/Tz9PP09PP09PT19PT19PX09fT09fX1 +9fX19fb29fX29fb19vb29vb29vf39vf39/f49/j3+Pf3+Pj4+Pj4+Pn5+fn5 ++fr6+fn6+fr6+vr7+vr7+vv6+/v7+/v8+/v8/Pz9/Pz8/fz9/fz9/f3+/f3+ +/f7+/v7+/v///v////9yFadVAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgA +AAAJcEhZcwAACxMAAAsTAQCanBgAAAEwSURBVBjTY2BEBgxQwLhz57bNIWtX +Lls8n3EmTJRxxzYRNiZWwcXzZzFO6oWKMm4VZgIB/umTGbtb6yGijOvZmASX +zOdjmdzH2FJbXQIWZfQDqZsznUmzTYgRDEGCy1mZ5s2axs3c1CgEASDBxQJM +vJO5mDiaysvy2IEALDh/Dg8zEzNnTUVJXlYyTHD6tL5e1aaa8qK8zKTosGCI +4JSJHW2NVSVFuSkJkaGBPhDB3rammsrivMzk+Nhgf3dHiGCLUI0QAthABJuq +SgtzU+KjggN8nBytzCGC5UL5SCr1IYLFeWnJ8RHBPu6ONpbGBtoQwVyhZCSV +KhDBVKAyXw8XW2tjQ101JQWIYLxQMJJKGYhgeIC3i6OFubGehoqinJQ4RJCR +HQWAg46BQQgNMDAAAGkwUKkiN6jBAAAAAElFTkSuQmCC +==== --- apache2-2.2.16.orig/debian/icons/odf6oth-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6oth-20x22.png.uue @@ -0,0 +1,26 @@ +begin-base64 644 odf6oth-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACWFBMVEXZ2dkh +ISEzMzM0NDQ1NTUzM5lcXKxdXK1dXa1eXq53d7V4eLZ5eLd5ebd6erh7e7mZ +mZmlpKSlpaWmpqamp6amp6enp6eoqKioqKmpqaqqqarOztzOz9zR0N7R0d3R +0d/S0eDS0uDT0+DT1ODV1eIAAADX2OTY2OTa2trb2tvb29vc29zb3Nvc3Nvc +3Nzc3dzd3dzd3d3d3t7e3t3e3t7e397e39/f39/e3ujg39/f4N/g4ODf3+ng +4OHh4ODh4OHh4eDh4eHh4eLi4eHh4uLi4uHi4uLj4uLj4uPi4+Lj4+Pj4+Tk +4+Pk4+Tj5OTk5OTk5OXl5OTk5eTk5eXl5eXl5ebm5eXm5ebl5uXl5ubm5ubm +5ufn5ufm5+bm5+fn5+fn5+jm5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp6Ono6enp +6ejp6enp6erq6enq6erp6unp6urq6unq6urq6uvr6uvq6+vr6+vr6+zs6+vs +6+zr7Ovr7Ozs7Ozs7O3t7Ozs7e3t7e3u7e3t7u3t7u7u7u3u7u7u7u/v7u/v +7+7v7+/v7/Dw7/Dv8O/v8PDw8PDx8PDw8fDw8fHx8fDx8fHx8vHy8vHy8vLz +8vLz8vPy8/Ly8/Pz8/Lz8/Pz8/T08/Tz9PP09PP09PT19PT19PX09fT09fX1 +9fX19fb29fX29fb29vb29vf39vf39/f49/j3+Pf3+Pj4+Pj4+Pn5+fn5+fr6 ++fn6+fr6+vr7+vr7+vv6+/v7+/v8+/v8/Pz9/Pz8/fz9/fz9/f3+/f3+/f7+ +/v7+/v///v////9sLkI5AAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJ +cEhZcwAACxMAAAsTAQCanBgAAAFaSURBVBjTY2BCBqogwMDAwHT8+JGD6bu3 +b9m4dvWKJfMlGMGCx46oc7JyqGxcu3LZwjnizAJgwcNqrCCgtIxFapY4sxhE +cC8nq8qmtYrsiyRZxJlF2yCCiSB1q5ax2kwTZxZpbYIIbuVgXbNyqRzb5Em9 +wsxClRDBjcqsCotkWaUnd3Y0CDKVQATXrpJnY2WT6etqa6gtKy6ECC5bOneO +xeS+zpaGmtK8zDSI4OIF06dN6mlrqS8vzslIiYcIzpk2ua+7taGGn48vLSkq +BCI4ZWJfJ0gM6DDeqBB/iODknvbm+nI+VtbkeFZuXy+IYGdHY01ZMVAwKoyV +28MJItjaUFlWlM3LGgXUz+VsBxGsry7LzUyJ4QH51tHaHCJYUZSdlhAdHsDN +xeVgaWoMEQSKxUdFBHu5OdqZmxjqQwSzkuPCQ7yBYtZAMV0tiCCTAApgAgky +MKiiAQYGAFMTaQfquhWYAAAAAElFTkSuQmCC +==== --- apache2-2.2.16.orig/debian/icons/odf6odt-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6odt-20x22.png.uue @@ -0,0 +1,24 @@ +begin-base64 644 odf6odt-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACLlBMVEXZ2dkz +MzMzM5lcXKxdXK1dXa1eXq6ZmZnOztzOz9zR0N7R0d3R0d/S0eDS0uDT0+DT +1ODV1eIAAADX2OTY2OTa2trb2tvb29vc29zb3Nvc3Nvc3Nzc3dzd3dzd3d3d +3t7e3t3e3t7e397e39/f39/e3ujg39/f4N/g4ODf3+ng4OHh4ODh4OHh4eDh +4eHh4eLi4eHh4uLi4uHi4uLj4uLj4uPi4+Lj4+Pj4+Tk4+Pk4+Tj5OTk5OTk +5OXl5OTk5eTk5eXl5eXl5ebm5eXm5ebl5uXl5ubm5ubm5ufn5ufm5+bm5+fn +5+fn5+jm5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp6Ono6enp6ejp6enp6erq6enq +6erp6unp6urq6unq6urq6uvr6uvq6+vr6+vr6+zs6+vs6+zr7Ovr7Ozs7Ozs +7O3t7Ozt7O3s7e3t7e3u7e3t7u3t7u7u7u3u7u7u7u/v7u/v7+7v7+/v7/Dw +7/Dv8O/v8PDw8PDx8PDx8PHw8fDw8fHx8fDx8fHx8fLx8vHy8vHy8vLy8vPz +8vLz8vPy8/Ly8/Pz8/Lz8/Pz8/T08/Tz9PP09PP09PT19PT19PX09fT09fX1 +9fX19fb29fX29fb19vb29vb29vf39vf39/f49/j3+Pf3+Pj4+Pj4+Pn5+fn5 ++fr6+fn6+fr6+vr7+vr7+vv6+/v7+/v8+/v8/Pz9/Pz8/fz9/fz9/f3+/f3+ +/f7+/v7+/v///v////9yFadVAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgA +AAAJcEhZcwAACxMAAAsTAQCanBgAAAE1SURBVBjTY2BEBgxQwLhz57bNIWtX +Lls8n3EmTJRxxzYRNiZWwcXzZzFO6oWKMm4VZgIB/umTGbtb6yGijOvZmASX +zOdjmdzH2FJbXQIWZfQDqZsznUmzTYgRDEGCy1mZ5s2axs3c1CgEASDBxQJM +vJO5mDiaysvy2IEALDh/Dg8zEzNnTUVJXlYyTHD6tL5e1aaa8qK8zKTosGCI +4JSJHW2NVSVFuSkJkaGBPhDB3rammsrivMzk+Nhgf3dHiGCLEDKwgQg2oQia +QwTLy/IzkxNiwv3dnW0tTfUhgsVA+XihYJAySyEhbYhgbkZyVFigp4u9lbmR +noYKRDBVKELIF2yeIRArQATjI4J93F0dzI31tFUU5WQgguEB3i6OFkAxDaCY +lDhEkJEdBYCDjoFBCA0wMAAAEE1PsJ/Jn2YAAAAASUVORK5CYII= +==== --- apache2-2.2.16.orig/debian/icons/odf6otf-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6otf-20x22.png.uue @@ -0,0 +1,27 @@ +begin-base64 644 odf6otf-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACalBMVEXZ2dkh +ISEmJiYnJycoKCgzMzM0NDQ1NTUzM5lcXKxdXK1dXa1eXq6ZmZmen5+goKGg +oaChoaGioaGjoqOjo6OlpKSkpaWlpaSlpaWmpqamp6amp6enp6eoqKioqKmp +qaqqqarOztzOz9zR0N7R0d3R0d/S0eDS0uDT0+DT1ODV1eIAAADX2OTY2OTa +2trb2tvb29vc29zb3Nvc3Nvc3Nzc3dzd3dzd3d3d3t7e3t3e3t7e397e39/f +39/e3ujg39/f4N/g4ODf3+ng4OHh4ODh4OHh4eDh4eHh4eLi4eHh4uLi4uHi +4uLj4uLj4uPi4+Lj4+Pj4+Tk4+Pk4+Tj5OTk5OTk5OXl5OTk5eTk5eXl5eXl +5ebm5eXm5ebl5uXl5ubm5ubm5ufn5ufm5+bm5+fn5+fn5+jm5vHo5+fo5+jn +6Ojo6Ofo6Ojo5/Hp6Ono6enp6ejp6enp6erq6enq6erp6unp6urq6unq6urq +6uvr6uvq6+vr6+vr6+zs6+vs6+zr7Ovr7Ozs7Ozs7O3t7Ozs7e3t7e3u7e3t +7u3t7u7u7u3u7u7u7u/v7u/v7+7v7+/v7/Dw7/Dv8O/v8PDw8PDx8PDw8fDw +8fHx8fDx8fHx8vHy8vHy8vLz8vLz8vPy8/Ly8/Pz8/Lz8/Pz8/T08/Tz9PP0 +9PP09PT19PT19PX09fT09fX19fX19fb29fX29fb29vb29vf39vf39/f49/j3 ++Pf3+Pj4+Pj4+Pn5+fn5+fr6+fn6+fr6+vr7+vr7+vv6+/v7+/v8+/v8/Pz9 +/Pz8/fz9/fz9/f3+/f3+/f7+/v7+/v///v////9bQbSjAAAAAXRSTlMAQObY +ZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAACxMAAAsTAQCanBgAAAFcSURBVBjT +Y2BFBtogwMDAwHr27KnjuQf37tq+eeO6VUvlGMGCZ07p8nBwa23fvH7N8kWy +bLxgwZM6HCCgsYZdYYEsmwxE8DAPh9aOzepcK+TZZdmkeyCC6SB1G9ZwOM2R +ZZPq7oAI7ubm2LR+tQrnzBmTJdkk6iGC2zU51FYocyjO7O9rE2Wtgghu3qDK +ycGpNGVCT1tzTWU5RHDN6sWL7GZO6e9qa6ouyc+BCK5cNnfOjElgv2jnZaVC +BBfNmTllYjeLZE2FGEtGQhREcNb0Kf3dbZIs4oVZqQlRoRDBmZN6O1trK0RZ +RFKjo4IDIIL9fe1NNZWlBSLMQmFBfh4Qwe62+pqKwhwRZsHQIB9PF4hga2NN +cX6WMLNAcIC3u6MtRLAOqCwtkZk/xIePyd7aEiIIFEtNiIO408rcFCJYkJkS +GxUY4APUamVubAARZOVFAawgQQYGbTTAwAAAYqJv/HjEEzcAAAAASUVORK5C +YII= +==== --- apache2-2.2.16.orig/debian/icons/odf6ott-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6ott-20x22.png.uue @@ -0,0 +1,25 @@ +begin-base64 644 odf6ott-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACRlBMVEXZ2dkh +ISEzMzM0NDQ1NTUzM5lcXKxdXK1dXa1eXq6ZmZmlpKSlpaWmpqamp6amp6en +p6eoqKioqKmpqaqqqarOztzOz9zR0N7R0d3R0d/S0eDS0uDT0+DT1ODV1eIA +AADX2OTY2OTa2trb2tvb29vc29zb3Nvc3Nvc3Nzc3dzd3dzd3d3d3t7e3t3e +3t7e397e39/f39/e3ujg39/f4N/g4ODf3+ng4OHh4ODh4OHh4eDh4eHh4eLi +4eHh4uLi4uHi4uLj4uLj4uPi4+Lj4+Pj4+Tk4+Pk4+Tj5OTk5OTk5OXl5OTk +5eTk5eXl5eXl5ebm5eXm5ebl5uXl5ubm5ubm5ufn5ufm5+bm5+fn5+fn5+jm +5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp6Ono6enp6ejp6enp6erq6enq6erp6unp +6urq6unq6urq6uvr6uvq6+vr6+vr6+zs6+vs6+zr7Ovr7Ozs7Ozs7O3t7Ozs +7e3t7e3u7e3t7u3t7u7u7u3u7u7u7u/v7u/v7+7v7+/v7/Dw7/Dv8O/v8PDw +8PDx8PDw8fDw8fHx8fDx8fHx8vHy8vHy8vLz8vLz8vPy8/Ly8/Pz8/Lz8/Pz +8/T08/Tz9PP09PP09PT19PT19PX09fT09fX19fX19fb29fX29fb29vb29vf3 +9vf39/f49/j3+Pf3+Pj4+Pj4+Pn5+fn5+fr6+fn6+fr6+vr7+vr7+vv6+/v7 ++/v8+/v8/Pz9/Pz8/fz9/fz9/f3+/f3+/f7+/v7+/v///v/////O2tP2AAAA +AXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAACxMAAAsTAQCanBgA +AAFESURBVBjTY2BCBvIgwMDAwHTw4L7diVs3rlu9fOmieTOFGMGCB/YpcrJy +yK1evnjB7GmCzFxgwb0KrCAgs4BFZIogswBEcDsnq9ya5dLsc4RZBJn5GyCC +0SB1Sxawmk0QZOarr4EIrudgXbZ4vgRbb087LzNPMURwtSyr1BxxVtHe5qYq +bqY8iODyJZJsrGxiHS0NVeUFudkQwQXzp08z6u1orqsqy89IToAIzp01cUJP +W0NdZWFuWlJcJERw2oTejtb6qrKCnKyEmBA/iGCfPDLwhAj2ogi6QASbm6rL +CnIzU2JCArzcnGwggvVA+Rz5BJAyN3l5C4hgZWlBenJcWKCPu4u9takhRLBI +PlU+CmyeHRDrQgRzUhMiQ4J8XRysLQz1tDUhgimxEYF+rkAxU6CYugpEkIkL +BTCBBBkY5NEAAwMA9LlgMjOLUzMAAAAASUVORK5CYII= +==== --- apache2-2.2.16.orig/debian/icons/odf6otc-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6otc-20x22.png.uue @@ -0,0 +1,26 @@ +begin-base64 644 odf6otc-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACRlBMVEXZ2dkh +ISEzMzM0NDQ1NTUzM5lcXKxdXK1dXa1eXq6ZmZmlpKSlpaWmpqamp6amp6en +p6eoqKioqKmpqaqqqarOztzOz9zR0N7R0d3R0d/S0eDS0uDT0+DT1ODV1eIA +AADX2OTY2OTa2trb2tvb29vc29zb3Nvc3Nvc3Nzc3dzd3dzd3d3d3t7e3t3e +3t7e397e39/f39/e3ujg39/f4N/g4ODf3+ng4OHh4ODh4OHh4eDh4eHh4eLi +4eHh4uLi4uHi4uLj4uLj4uPi4+Lj4+Pj4+Tk4+Pk4+Tj5OTk5OTk5OXl5OTk +5eTk5eXl5eXl5ebm5eXm5ebl5uXl5ubm5ubm5ufn5ufm5+bm5+fn5+fn5+jm +5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp6Ono6enp6ejp6enp6erq6enq6erp6unp +6urq6unq6urq6uvr6uvq6+vr6+vr6+zs6+vs6+zr7Ovr7Ozs7Ozs7O3t7Ozs +7e3t7e3u7e3t7u3t7u7u7u3u7u7u7u/v7u/v7+7v7+/v7/Dw7/Dv8O/v8PDw +8PDx8PDw8fDw8fHx8fDx8fHx8vHy8vHy8vLz8vLz8vPy8/Ly8/Pz8/Lz8/Pz +8/T08/Tz9PP09PP09PT19PT19PX09fT09fX19fX19fb29fX29fb29vb29vf3 +9vf39/f49/j3+Pf3+Pj4+Pj4+Pn5+fn5+fr6+fn6+fr6+vr7+vr7+vv6+/v7 ++/v8+/v8/Pz9/Pz8/fz9/fz9/f3+/f3+/f7+/v7+/v///v/////O2tP2AAAA +AXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAACxMAAAsTAQCanBgA +AAFWSURBVBjTY2BCBvIgwMDAwHTw4L7diVs3rlu9fOmieTOFGMGCB/YpcrJy +yK1evnjB7GmCzFxgwb0KrCAgs4BFZIogswBEcDsnq9ya5dLsc4RZBJn5GyCC +0SB1Sxawmk0QZOarr4EIrudgXbZ4vgRbb087LzNPMURwtSyr1BxxVtHe5qYq +bqY8iODyJZJsrGxiHS0NVeUFudkQwQXzp08z6u1orqsqy89IToAIzp01cUJP +W0NdZWFuWlJcJERwmnxvR2t9VVmBfFZCTIgfRLBPvqMZJJYtHxcZIu8JEeyV +b6ytLMxJT5CP9PeTd4EINstXlxXkZsrHyAfIu8nbQATr5YsLcuQT5IFa5R3k +LSCClfIF8snyYfI+8i7y1vKGEMEi+dSEqNBALw8HOytjfV2IYI48MtCECKbE +RgT6ubo4WJsa6mmrq0AEmbhQABNIkIFBHg0wMAAA4ypjPVdnlsEAAAAASUVO +RK5CYII= +==== --- apache2-2.2.16.orig/debian/icons/odf6odi-20x22.png.uue +++ apache2-2.2.16/debian/icons/odf6odi-20x22.png.uue @@ -0,0 +1,26 @@ +begin-base64 644 odf6odi-20x22.png.uue +iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAMAAAD3n0w0AAACbVBMVEXZ2dkr +KyssLCwsLC0tLS0zMzMzM5lcXKxdXK1dXa1eXq6ZmZm4uLi5uLi7u7u7u7y8 +u7u8vLy9vb2+vb2+vb69vr6+vr6/vr6+v77AwMDAwMHBwMHAwcHOztzOz9zR +0N7R0d3R0d/S0eDS0uDT0+DT1ODV1eIAAADX2OTY2OTa2trb2tvb29vc29zb +3Nvc3Nvc3Nzc3dzd3dzd3d3d3t7e3t3e3t7e397e39/f39/e3ujg39/f4N/g +4ODf3+ng4OHh4ODh4OHh4eDh4eHh4eLi4eHh4uLi4uHi4uLj4uLj4uPi4+Lj +4+Pj4+Tk4+Pk4+Tj5OTk5OTk5OXl5OTk5eTk5eXl5eXl5ebm5eXm5ebl5uXl +5ubm5ubm5ufn5ufm5+bm5+fn5+fn5+jm5vHo5+fo5+jn6Ojo6Ofo6Ojo5/Hp +6Ono6enp6ejp6enp6erq6enq6erp6unp6urq6unq6urq6uvr6uvq6+vr6+vr +6+zs6+vs6+zr7Ovr7Ozs7Ozs7O3t7Ozt7O3s7e3t7e3u7e3t7u3t7u7u7u3u +7u7u7u/v7u/v7+7v7+/v7/Dw7/Dv8O/v8PDw8PDx8PDx8PHw8fDw8fHx8fDx +8fHx8fLx8vHy8vHy8vLy8vPz8vLz8vPy8/Ly8/Pz8/Lz8/Pz8/T08/Tz9PP0 +9PP09PT19PT19PX09fT09fX19fX19fb29fX29fb19vb29vb29vf39vf39/f4 +9/j3+Pf3+Pj4+Pj4+Pn5+fn5+fr6+fn6+fr6+vr7+vr7+vv6+/v7+/v8+/v8 +/Pz9/Pz8/fz9/fz9/f3+/f3+/f7+/v7+/v///v////8eeoEKAAAAAXRSTlMA +QObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAACxMAAAsTAQCanBgAAAFKSURB +VBjTY2BFBgxQwHru3OkTmYf27d6xhXUdTJT17GlNLjZOtR1b1rMuXwQVZT2l +wQYCKmtWsC6YNQUiynqEi01t5xZljhWLWWdOmtAJFmVNBqnbuIbNbrY6KxiC +BPdwsm1ev1qBffo0dQgACe5QZVNaIc8mO72nu5kbCMCCWzYqsrOxy03s7Wyu +r4AJrlm9eJHV9Ik97c115QXZGRDBlcvmzp7W39neVFmal5WWCBFcNHv6xL6O +5rqKkqKMlJgwiODMqRN7QGLFuaJMgmGBEMHp/V1tTVJM4hkiTPxM/j4QwZ7u +ljpJZgkmYSaBIHUvF4hgR7M0C5NYhhATX6AfI68DRLBJhkU8Oy0uMsTfx52H +0RIiWAVUlhQbGRTg4eZkrW4KESxRRwaGEMGc1ITIMF8fD2dbSzNjfR2IICs3 +CgAHHQODOhpgYAAAhh9mExNPmYgAAAAASUVORK5CYII= +==== --- apache2-2.2.16.orig/debian/config-dir/envvars +++ apache2-2.2.16/debian/config-dir/envvars @@ -0,0 +1,33 @@ +# envvars - default environment variables for apache2ctl + +# this won't be correct after changing uid +unset HOME + +# for supporting multiple apache2 instances +if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then + SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}" +else + SUFFIX= +fi + +# Since there is no sane way to get the parsed apache2 config in scripts, some +# settings are defined via environment variables and then used in apache2ctl, +# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc. +export APACHE_RUN_USER=www-data +export APACHE_RUN_GROUP=www-data +export APACHE_PID_FILE=/var/run/apache2$SUFFIX.pid +export APACHE_RUN_DIR=/var/run/apache2$SUFFIX +export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX +# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2. +export APACHE_LOG_DIR=/var/log/apache2$SUFFIX + +## The locale used by some modules like mod_dav +export LANG=C +## Uncomment the following line to use the system default locale instead: +#. /etc/default/locale + +export LANG + +## The command to get the status for 'apache2ctl status'. +## Some packages providing 'www-browser' need '--dump' instead of '-dump'. +#export APACHE_LYNX='www-browser -dump' --- apache2-2.2.16.orig/debian/config-dir/magic +++ apache2-2.2.16/debian/config-dir/magic @@ -0,0 +1,935 @@ +# Magic data for mod_mime_magic (originally for file(1) command) +# +# The format is 4-5 columns: +# Column #1: byte number to begin checking from, ">" indicates continuation +# Column #2: type of data to match +# Column #3: contents of data to match +# Column #4: MIME type of result +# Column #5: MIME encoding of result (optional) + +#------------------------------------------------------------------------------ +# Localstuff: file(1) magic for locally observed files +# Add any locally observed files here. + +# Real Audio (Magic .ra\0375) +0 belong 0x2e7261fd audio/x-pn-realaudio +0 string .RMF application/vnd.rn-realmedia + +#video/x-pn-realvideo +#video/vnd.rn-realvideo +#application/vnd.rn-realmedia +# sigh, there are many mimes for that but the above are the most common. + +# Taken from magic, converted to magic.mime +# mime types according to http://www.geocities.com/nevilo/mod.htm: +# audio/it .it +# audio/x-zipped-it .itz +# audio/xm fasttracker modules +# audio/x-s3m screamtracker modules +# audio/s3m screamtracker modules +# audio/x-zipped-mod mdz +# audio/mod mod +# audio/x-mod All modules (mod, s3m, 669, mtm, med, xm, it, mdz, stm, itz, xmz, s3z) + +# Taken from loader code from mikmod version 2.14 +# by Steve McIntyre (stevem@chiark.greenend.org.uk) +# added title printing on 2003-06-24 +0 string MAS_UTrack_V00 +>14 string >/0 audio/x-mod +#audio/x-tracker-module + +#0 string UN05 MikMod UNI format module sound data + +0 string Extended\ Module: audio/x-mod +#audio/x-tracker-module +##>17 string >\0 Title: "%s" + +21 string/c \!SCREAM! audio/x-mod +#audio/x-screamtracker-module +21 string BMOD2STM audio/x-mod +#audio/x-screamtracker-module +1080 string M.K. audio/x-mod +#audio/x-protracker-module +#>0 string >\0 Title: "%s" +1080 string M!K! audio/x-mod +#audio/x-protracker-module +#>0 string >\0 Title: "%s" +1080 string FLT4 audio/x-mod +#audio/x-startracker-module +#>0 string >\0 Title: "%s" +1080 string FLT8 audio/x-mod +#audio/x-startracker-module +#>0 string >\0 Title: "%s" +1080 string 4CHN audio/x-mod +#audio/x-fasttracker-module +#>0 string >\0 Title: "%s" +1080 string 6CHN audio/x-mod +#audio/x-fasttracker-module +#>0 string >\0 Title: "%s" +1080 string 8CHN audio/x-mod +#audio/x-fasttracker-module +#>0 string >\0 Title: "%s" +1080 string CD81 audio/x-mod +#audio/x-oktalyzer-tracker-module +#>0 string >\0 Title: "%s" +1080 string OKTA audio/x-mod +#audio/x-oktalyzer-tracker-module +#>0 string >\0 Title: "%s" +# Not good enough. +#1082 string CH +#>1080 string >/0 %.2s-channel Fasttracker "oktalyzer" module sound data +1080 string 16CN audio/x-mod +#audio/x-taketracker-module +#>0 string >\0 Title: "%s" +1080 string 32CN audio/x-mod +#audio/x-taketracker-module +#>0 string >\0 Title: "%s" + +# Impuse tracker module (it) +0 string IMPM audio/x-mod +#>4 string >\0 "%s" +#>40 leshort !0 compatible w/ITv%x +#>42 leshort !0 created w/ITv%x + +#------------------------------------------------------------------------------ +# end local stuff +#------------------------------------------------------------------------------ + +# xml based formats! + +# svg + +0 string \38 string \<\!DOCTYPE\040svg image/svg+xml + + +# xml +0 string \2 short 0xbabe application/java + +#------------------------------------------------------------------------------ +# audio: file(1) magic for sound formats +# +# from Jan Nicolai Langfeldt , +# + +# Sun/NeXT audio data +0 string .snd +>12 belong 1 audio/basic +>12 belong 2 audio/basic +>12 belong 3 audio/basic +>12 belong 4 audio/basic +>12 belong 5 audio/basic +>12 belong 6 audio/basic +>12 belong 7 audio/basic + +>12 belong 23 audio/x-adpcm + +# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format +# that uses little-endian encoding and has a different magic number +# (0x0064732E in little-endian encoding). +0 lelong 0x0064732E +>12 lelong 1 audio/x-dec-basic +>12 lelong 2 audio/x-dec-basic +>12 lelong 3 audio/x-dec-basic +>12 lelong 4 audio/x-dec-basic +>12 lelong 5 audio/x-dec-basic +>12 lelong 6 audio/x-dec-basic +>12 lelong 7 audio/x-dec-basic +# compressed (G.721 ADPCM) +>12 lelong 23 audio/x-dec-adpcm + +# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" +# AIFF audio data +8 string AIFF audio/x-aiff +# AIFF-C audio data +8 string AIFC audio/x-aiff +# IFF/8SVX audio data +8 string 8SVX audio/x-aiff + + + +# Creative Labs AUDIO stuff +# Standard MIDI data +0 string MThd audio/unknown +#>9 byte >0 (format %d) +#>11 byte >1 using %d channels +# Creative Music (CMF) data +0 string CTMF audio/unknown +# SoundBlaster instrument data +0 string SBI audio/unknown +# Creative Labs voice data +0 string Creative\ Voice\ File audio/unknown +## is this next line right? it came this way... +#>19 byte 0x1A +#>23 byte >0 - version %d +#>22 byte >0 \b.%d + +# [GRR 950115: is this also Creative Labs? Guessing that first line +# should be string instead of unknown-endian long...] +#0 long 0x4e54524b MultiTrack sound data +#0 string NTRK MultiTrack sound data +#>4 long x - version %ld + +# Microsoft WAVE format (*.wav) +# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] +# Microsoft RIFF +0 string RIFF +# - WAVE format +>8 string WAVE audio/x-wav +>8 string/B AVI video/x-msvideo +# +>8 string CDRA image/x-coreldraw + +# AAC (aka MPEG-2 NBC) +0 beshort&0xfff6 0xfff0 audio/X-HX-AAC-ADTS +0 string ADIF audio/X-HX-AAC-ADIF +0 beshort&0xffe0 0x56e0 audio/MP4A-LATM +0 beshort 0x4De1 audio/MP4A-LATM + +# MPEG Layer 3 sound files +0 beshort&0xfffe =0xfffa audio/mpeg +#MP3 with ID3 tag +0 string ID3 audio/mpeg +# Ogg/Vorbis +0 string OggS application/ogg + +#------------------------------------------------------------------------------ +# c-lang: file(1) magic for C programs or various scripts +# + +# XPM icons (Greg Roelofs, newt@uchicago.edu) +# ideally should go into "images", but entries below would tag XPM as C source +0 string /*\ XPM image/x-xpmi 7bit + +# 3DS (3d Studio files) +#16 beshort 0x3d3d image/x-3ds + +# this first will upset you if you're a PL/1 shop... (are there any left?) +# in which case rm it; ascmagic will catch real C programs +# C or REXX program text +#0 string /* text/x-c +# C++ program text +#0 string // text/x-c++ + +#------------------------------------------------------------------------------ +# commands: file(1) magic for various shells and interpreters +# +#0 string :\ shell archive or commands for antique kernel text +0 string #!/bin/sh application/x-shellscript +0 string #!\ /bin/sh application/x-shellscript +0 string #!/bin/csh application/x-shellscript +0 string #!\ /bin/csh application/x-shellscript +# korn shell magic, sent by George Wu, gwu@clyde.att.com +0 string #!/bin/ksh application/x-shellscript +0 string #!\ /bin/ksh application/x-shellscript +0 string #!/bin/tcsh application/x-shellscript +0 string #!\ /bin/tcsh application/x-shellscript +0 string #!/usr/local/tcsh application/x-shellscript +0 string #!\ /usr/local/tcsh application/x-shellscript +0 string #!/usr/local/bin/tcsh application/x-shellscript +0 string #!\ /usr/local/bin/tcsh application/x-shellscript +# bash shell magic, from Peter Tobias (tobias@server.et-inf.fho-emden.de) +0 string #!/bin/bash application/x-shellscript +0 string #!\ /bin/bash application/x-shellscript +0 string #!/usr/local/bin/bash application/x-shellscript +0 string #!\ /usr/local/bin/bash application/x-shellscript + +# +# zsh/ash/ae/nawk/gawk magic from cameron@cs.unsw.oz.au (Cameron Simpson) +0 string #!/bin/zsh application/x-shellscript +0 string #!/usr/bin/zsh application/x-shellscript +0 string #!/usr/local/bin/zsh application/x-shellscript +0 string #!\ /usr/local/bin/zsh application/x-shellscript +0 string #!/usr/local/bin/ash application/x-shellscript +0 string #!\ /usr/local/bin/ash application/x-shellscript +#0 string #!/usr/local/bin/ae Neil Brown's ae +#0 string #!\ /usr/local/bin/ae Neil Brown's ae +0 string #!/bin/nawk application/x-nawk +0 string #!\ /bin/nawk application/x-nawk +0 string #!/usr/bin/nawk application/x-nawk +0 string #!\ /usr/bin/nawk application/x-nawk +0 string #!/usr/local/bin/nawk application/x-nawk +0 string #!\ /usr/local/bin/nawk application/x-nawk +0 string #!/bin/gawk application/x-gawk +0 string #!\ /bin/gawk application/x-gawk +0 string #!/usr/bin/gawk application/x-gawk +0 string #!\ /usr/bin/gawk application/x-gawk +0 string #!/usr/local/bin/gawk application/x-gawk +0 string #!\ /usr/local/bin/gawk application/x-gawk +# +0 string #!/bin/awk application/x-awk +0 string #!\ /bin/awk application/x-awk +0 string #!/usr/bin/awk application/x-awk +0 string #!\ /usr/bin/awk application/x-awk +# update to distinguish from *.vcf files by Joerg Jenderek: joerg dot jenderek at web dot de +#0 regex BEGIN[[:space:]]*[{] application/x-awk + +# For Larry Wall's perl language. The ``eval'' line recognizes an +# outrageously clever hack for USG systems. +# Keith Waclena +0 string #!/bin/perl application/x-perl +0 string #!\ /bin/perl application/x-perl +0 string eval\ "exec\ /bin/perl application/x-perl +0 string #!/usr/bin/perl application/x-perl +0 string #!\ /usr/bin/perl application/x-perl +0 string eval\ "exec\ /usr/bin/perl application/x-perl +0 string #!/usr/local/bin/perl application/x-perl +0 string #!\ /usr/local/bin/perl application/x-perl +0 string eval\ "exec\ /usr/local/bin/perl application/x-perl + +#------------------------------------------------------------------------------ +# compress: file(1) magic for pure-compression formats (no archives) +# +# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. +# +# Formats for various forms of compressed data +# Formats for "compress" proper have been moved into "compress.c", +# because it tries to uncompress it to figure out what's inside. + +# standard unix compress +#0 string \037\235 application/x-compress + +# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) +#0 string \037\213 application/x-gzip + +0 string PK\003\004 application/x-zip + +# RAR archiver (Greg Roelofs, newt@uchicago.edu) +0 string Rar! application/x-rar + +# According to gzip.h, this is the correct byte order for packed data. +0 string \037\036 application/octet-stream +# +# This magic number is byte-order-independent. +# +0 short 017437 application/octet-stream + +# XXX - why *two* entries for "compacted data", one of which is +# byte-order independent, and one of which is byte-order dependent? +# +# compacted data +0 short 0x1fff application/octet-stream +0 string \377\037 application/octet-stream +# huf output +0 short 0145405 application/octet-stream + +# Squeeze and Crunch... +# These numbers were gleaned from the Unix versions of the programs to +# handle these formats. Note that I can only uncrunch, not crunch, and +# I didn't have a crunched file handy, so the crunch number is untested. +# Keith Waclena +#0 leshort 0x76FF squeezed data (CP/M, DOS) +#0 leshort 0x76FE crunched data (CP/M, DOS) + +# Freeze +#0 string \037\237 Frozen file 2.1 +#0 string \037\236 Frozen file 1.0 (or gzip 0.5) + +# lzh? +#0 string \037\240 LZH compressed data + +257 string ustar\0 application/x-tar posix +257 string ustar\040\040\0 application/x-tar gnu + +0 short 070707 application/x-cpio +0 short 0143561 application/x-cpio swapped + +0 string = application/x-archive +0 string \! application/x-archive +>8 string debian application/x-debian-package + +#------------------------------------------------------------------------------ +# +# RPM: file(1) magic for Red Hat Packages Erik Troan (ewt@redhat.com) +# +0 beshort 0xedab +>2 beshort 0xeedb application/x-rpm + +0 lelong&0x8080ffff 0x0000081a application/x-arc lzw +0 lelong&0x8080ffff 0x0000091a application/x-arc squashed +0 lelong&0x8080ffff 0x0000021a application/x-arc uncompressed +0 lelong&0x8080ffff 0x0000031a application/x-arc packed +0 lelong&0x8080ffff 0x0000041a application/x-arc squeezed +0 lelong&0x8080ffff 0x0000061a application/x-arc crunched + +0 leshort 0xea60 application/x-arj + +# LHARC/LHA archiver (Greg Roelofs, newt@uchicago.edu) +2 string -lh0- application/x-lharc lh0 +2 string -lh1- application/x-lharc lh1 +2 string -lz4- application/x-lharc lz4 +2 string -lz5- application/x-lharc lz5 +# [never seen any but the last; -lh4- reported in comp.compression:] +2 string -lzs- application/x-lha lzs +2 string -lh\ - application/x-lha lh +2 string -lhd- application/x-lha lhd +2 string -lh2- application/x-lha lh2 +2 string -lh3- application/x-lha lh3 +2 string -lh4- application/x-lha lh4 +2 string -lh5- application/x-lha lh5 +2 string -lh6- application/x-lha lh6 +2 string -lh7- application/x-lha lh7 +# Shell archives +10 string #\ This\ is\ a\ shell\ archive application/octet-stream x-shell + +#------------------------------------------------------------------------------ +# frame: file(1) magic for FrameMaker files +# +# This stuff came on a FrameMaker demo tape, most of which is +# copyright, but this file is "published" as witness the following: +# +0 string \ +# +0 string/cB \14 byte 12 (OS/2 1.x format) +#>14 byte 64 (OS/2 2.x format) +#>14 byte 40 (Windows 3.x format) +#0 string IC icon +#0 string PI pointer +#0 string CI color icon +#0 string CP color pointer +#0 string BA bitmap array + +# CDROM Filesystems +32769 string CD001 application/x-iso9660 + +# Newer StuffIt archives (grant@netbsd.org) +0 string StuffIt application/x-stuffit +#>162 string >0 : %s + +# BinHex is the Macintosh ASCII-encoded file format (see also "apple") +# Daniel Quinlan, quinlan@yggdrasil.com +11 string must\ be\ converted\ with\ BinHex\ 4 application/mac-binhex40 +##>41 string x \b, version %.3s + + +#------------------------------------------------------------------------------ +# lisp: file(1) magic for lisp programs +# +# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) +0 string ;; text/plain 8bit +# Emacs 18 - this is always correct, but not very magical. +0 string \012( application/x-elc +# Emacs 19 +0 string ;ELC\023\000\000\000 application/x-elc + +#------------------------------------------------------------------------------ +# mail.news: file(1) magic for mail and news +# +# There are tests to ascmagic.c to cope with mail and news. +0 string Relay-Version: message/rfc822 7bit +0 string #!\ rnews message/rfc822 7bit +0 string N#!\ rnews message/rfc822 7bit +0 string Forward\ to message/rfc822 7bit +0 string Pipe\ to message/rfc822 7bit +0 string Return-Path: message/rfc822 7bit +0 string Received: message/rfc822 +0 string Path: message/news 8bit +0 string Xref: message/news 8bit +0 string From: message/rfc822 7bit +0 string Article message/news 8bit +#------------------------------------------------------------------------------ +# msword: file(1) magic for MS Word files +# +# Contributor claims: +# Reversed-engineered MS Word magic numbers +# + +0 string \376\067\0\043 application/msword +0 string \320\317\021\340\241\261 application/msword +0 string \333\245-\0\0\0 application/msword + + + +#------------------------------------------------------------------------------ +# printer: file(1) magic for printer-formatted files +# + +# PostScript +0 string %! application/postscript +0 string \004%! application/postscript + +# Acrobat +# (due to clamen@cs.cmu.edu) +0 string %PDF- application/pdf + +#------------------------------------------------------------------------------ +# sc: file(1) magic for "sc" spreadsheet +# +38 string Spreadsheet application/x-sc + +#------------------------------------------------------------------------------ +# tex: file(1) magic for TeX files +# +# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) +# +# From + +# Although we may know the offset of certain text fields in TeX DVI +# and font files, we can't use them reliably because they are not +# zero terminated. [but we do anyway, christos] +0 string \367\002 application/x-dvi +#0 string \367\203 TeX generic font data +#0 string \367\131 TeX packed font data +#0 string \367\312 TeX virtual font data +#0 string This\ is\ TeX, TeX transcript text +#0 string This\ is\ METAFONT, METAFONT transcript text + +# There is no way to detect TeX Font Metric (*.tfm) files without +# breaking them apart and reading the data. The following patterns +# match most *.tfm files generated by METAFONT or afm2tfm. +2 string \000\021 application/x-tex-tfm +2 string \000\022 application/x-tex-tfm +#>34 string >\0 (%s) + +# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) +0 string \\input\ texinfo text/x-texinfo +0 string This\ is\ Info\ file text/x-info + +# correct TeX magic for Linux (and maybe more) +# from Peter Tobias (tobias@server.et-inf.fho-emden.de) +# +0 leshort 0x02f7 application/x-dvi + +# RTF - Rich Text Format +0 string {\\rtf text/rtf + +#------------------------------------------------------------------------------ +# animation: file(1) magic for animation/movie formats +# +# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) +# MPEG file +# MPEG sequences +0 belong 0x000001BA +>4 byte &0x40 video/mp2p +>4 byte ^0x40 video/mpeg +0 belong 0x000001BB video/mpeg +0 belong 0x000001B0 video/mp4v-es +0 belong 0x000001B5 video/mp4v-es +0 belong 0x000001B3 video/mpv +0 belong&0xFF5FFF1F 0x47400010 video/mp2t +0 belong 0x00000001 +>4 byte&0x1F 0x07 video/h264 + +# FLI animation format +0 leshort 0xAF11 video/fli +# FLC animation format +0 leshort 0xAF12 video/flc +# +# SGI and Apple formats +# Added ISO mimes +0 string MOVI video/sgi +4 string moov video/quicktime +4 string mdat video/quicktime +4 string wide video/quicktime +4 string skip video/quicktime +4 string free video/quicktime +4 string idsc image/x-quicktime +4 string idat image/x-quicktime +4 string pckg application/x-quicktime +4 string/B jP image/jp2 +4 string ftyp +>8 string isom video/mp4 +>8 string mp41 video/mp4 +>8 string mp42 video/mp4 +>8 string/B jp2 image/jp2 +>8 string 3gp video/3gpp +>8 string avc1 video/3gpp +>8 string mmp4 video/mp4 +>8 string/B M4A audio/mp4 +>8 string/B qt video/quicktime +# The contributor claims: +# I couldn't find a real magic number for these, however, this +# -appears- to work. Note that it might catch other files, too, +# so BE CAREFUL! +# +# Note that title and author appear in the two 20-byte chunks +# at decimal offsets 2 and 22, respectively, but they are XOR'ed with +# 255 (hex FF)! DL format SUCKS BIG ROCKS. +# +# DL file version 1 , medium format (160x100, 4 images/screen) +0 byte 1 video/unknown +0 byte 2 video/unknown +# +# Databases +# +# GDBM magic numbers +# Will be maintained as part of the GDBM distribution in the future. +# +0 belong 0x13579ace application/x-gdbm +0 lelong 0x13579ace application/x-gdbm +0 string GDBM application/x-gdbm +# +0 belong 0x061561 application/x-dbm +# +# Executables +# +0 string \177ELF +>16 leshort 0 application/octet-stream +>16 leshort 1 application/x-object +>16 leshort 2 application/x-executable +>16 leshort 3 application/x-sharedlib +>16 leshort 4 application/x-coredump +>16 beshort 0 application/octet-stream +>16 beshort 1 application/x-object +>16 beshort 2 application/x-executable +>16 beshort 3 application/x-sharedlib +>16 beshort 4 application/x-coredump +# +# DOS +0 string MZ application/x-dosexec +# +# KDE +0 string [KDE\ Desktop\ Entry] application/x-kdelnk +0 string \#\ KDE\ Config\ File application/x-kdelnk +# xmcd database file for kscd +0 string \#\ xmcd text/xmcd + +#------------------------------------------------------------------------------ +# pkgadd: file(1) magic for SysV R4 PKG Datastreams +# +0 string #\ PaCkAgE\ DaTaStReAm application/x-svr4-package + +#PNG Image Format +0 string \x89PNG image/png + +# MNG Video Format, +0 string \x8aMNG video/x-mng +0 string \x8aJNG video/x-jng + +#------------------------------------------------------------------------------ +# Hierarchical Data Format, used to facilitate scientific data exchange +# specifications at http://hdf.ncsa.uiuc.edu/ +#Hierarchical Data Format (version 4) data +0 belong 0x0e031301 application/x-hdf +#Hierarchical Data Format (version 5) data +0 string \211HDF\r\n\032 application/x-hdf + +# Adobe Photoshop +0 string 8BPS image/x-photoshop + +# Felix von Leitner +0 string d8:announce application/x-bittorrent + + +# lotus 1-2-3 document +0 belong 0x00001a00 application/x-123 +0 belong 0x00000200 application/x-123 + +# MS Access database +4 string Standard\ Jet\ DB application/msaccess + +## magic for XBase files +#0 byte 0x02 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x03 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x04 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x05 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x30 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x43 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x7b +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x83 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x8b +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0x8e +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0xb3 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 byte 0xf5 +#>8 leshort >0 +#>>12 leshort 0 application/x-dbf +# +#0 leshort 0x0006 application/x-dbt + +# Debian has entries for the old PGP formats: +# pgp: file(1) magic for Pretty Good Privacy +# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html +#text/PGP key public ring +0 beshort 0x9900 application/pgp +#text/PGP key security ring +0 beshort 0x9501 application/pgp +#text/PGP key security ring +0 beshort 0x9500 application/pgp +#text/PGP encrypted data +0 beshort 0xa600 application/pgp-encrypted +#text/PGP armored data +##public key block +2 string ---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK- application/pgp-keys +0 string -----BEGIN\040PGP\40MESSAGE- application/pgp +0 string -----BEGIN\040PGP\40SIGNATURE- application/pgp-signature +# +# GnuPG Magic: +# +# +#text/GnuPG key public ring +0 beshort 0x9901 application/pgp +#text/OpenPGP data +0 beshort 0x8501 application/pgp-encrypted + +# flash: file(1) magic for Macromedia Flash file format +# +# See +# +# http://www.macromedia.com/software/flash/open/ +# +0 string FWS +>3 byte x application/x-shockwave-flash + +# The following paramaters are created for Namazu. +# +# +# 1999/08/13 +#0 string \

It works!

Load Balancer Manager for ", r); +- ap_rvputs(r, ap_get_server_name(r), "

Edit worker settings for ", r); + ap_rvputs(r, wsel->name, "

Apache Server Status for ", r); +- ap_rvputs(r, ap_get_server_name(r), "