diff options
| author | Arno Töll <arno@debian.org> | 2013-11-07 22:48:40 +0100 |
|---|---|---|
| committer | Arno Töll <arno@debian.org> | 2013-11-07 23:17:43 +0100 |
| commit | 8e85857c16e22e6ec11ab8f5503bc9c2f49ab0ea (patch) | |
| tree | 3a56ac7d3254067d809fcd89dbf89fd46fb05523 | |
| parent | b2eb373b0e35ef7ddb658ff7fd2e6927032a08a1 (diff) | |
| download | apache2-8e85857c16e22e6ec11ab8f5503bc9c2f49ab0ea.tar.gz | |
Drop the itk package, it is provided as from its own source package in future
| -rwxr-xr-x | debian/a2query.in | 2 | ||||
| -rw-r--r-- | debian/apache2.NEWS | 5 | ||||
| -rw-r--r-- | debian/apache2.postinst | 6 | ||||
| -rw-r--r-- | debian/changelog | 10 | ||||
| -rw-r--r-- | debian/config-dir/mods-available/mpm_itk.conf | 17 | ||||
| -rw-r--r-- | debian/config-dir/mods-available/mpm_itk.load | 2 | ||||
| -rw-r--r-- | debian/control | 4 | ||||
| -rw-r--r-- | debian/patches/itk-fix-htaccess-reads-for-persistent-connections.patch | 61 | ||||
| -rw-r--r-- | debian/patches/itk-rerun-configure.patch | 784 | ||||
| -rw-r--r-- | debian/patches/itk/02-rename-prefork-to-itk.patch | 294 | ||||
| -rw-r--r-- | debian/patches/itk/05-add-copyright.patch | 36 | ||||
| -rw-r--r-- | debian/patches/itk/07-base-functionality.patch | 229 | ||||
| -rw-r--r-- | debian/patches/itk/08-max-clients-per-vhost.patch | 99 | ||||
| -rw-r--r-- | debian/patches/itk/09-capabilities.patch | 59 | ||||
| -rw-r--r-- | debian/patches/itk/10-nice.patch | 140 | ||||
| -rw-r--r-- | debian/patches/itk/11-fix-htaccess-reads-for-persistent-connections.patch | 23 | ||||
| -rw-r--r-- | debian/patches/itk/README | 5 | ||||
| -rw-r--r-- | debian/patches/itk/series | 12 | ||||
| -rw-r--r-- | debian/patches/series | 10 | ||||
| -rwxr-xr-x | debian/rules | 20 |
20 files changed, 23 insertions, 1795 deletions
diff --git a/debian/a2query.in b/debian/a2query.in index 219b9ba4..47a60f2b 100755 --- a/debian/a2query.in +++ b/debian/a2query.in @@ -209,7 +209,7 @@ sub load_modules my $file = $_; next if $file !~ m/\.load$/; $file =~ s/\.load//; - if ($file =~ /mpm_(\w+)/) + if ($file =~ /mpm_(\w+)/ && $file ne 'mpm_itk') { $MPM = $1 if $MPM eq 'invalid'; if(grep { $_ =~ m/^mpm_/ } @MODULES) diff --git a/debian/apache2.NEWS b/debian/apache2.NEWS index 76a728d9..75be4ce3 100644 --- a/debian/apache2.NEWS +++ b/debian/apache2.NEWS @@ -20,6 +20,11 @@ apache2 (2.4.1-1) unstable; urgency=low a2dismod mpm_worker a2enmod mpm_prefork + MPM ITK users should be advised, that ITK is not a MPM anymore. Instead, it + is a simple Apache module, expanding functionality of the prefork MPM. Thus, + users should switch to the prefork MPM and enable ITK as a module. The + upgrade scripts ensure this for the upgrade from Debian Wheezy. + We did change the security model for Apache in our default configuration. We do not allow access to the file system outside /var/www and /usr/share. If you are running virtual hosts or scripts outside these directories, you diff --git a/debian/apache2.postinst b/debian/apache2.postinst index e7e1ac22..f32cc54e 100644 --- a/debian/apache2.postinst +++ b/debian/apache2.postinst @@ -173,7 +173,11 @@ enable_default_mpm() ;; apache2-mpm-itk) - mpm="mpm_itk" + # apache2-mpm-itk is installed, which is a + # transitional package depending on + # libapache2-mpm-itk which will enable itself + # in its maintainer scripts. + mpm="mpm_prefork" ;; *) diff --git a/debian/changelog b/debian/changelog index 3751673e..fbfa0ee4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -25,8 +25,16 @@ apache2 (2.4.6-4) UNRELEASED; urgency=low * Add a virtual provides line to the itk/worker/event/prefork transitional packages so that people with an unusual (unsupported) Apache setup can upgrade neatless in some corner cases (Closes: #728937) + * Drop the Apache ITK patches. The Apache ITK MPM is a standalone package + now and will be provided by libapache2-mpm-itk in future. The + apache2-mpm-itk package depends on this package from now on. Users of itk + are advised to consult the itk manual. + * Remove Steinar H. Gunderson from uploaders, he will continue to support + itk in his own package in future. The remaining Apache team thanks Steinar + for all the work in the past. - -- Arno Töll <arno@debian.org> Thu, 07 Nov 2013 14:21:10 +0100 + + -- Arno Töll <arno@debian.org> Thu, 07 Nov 2013 22:46:29 +0100 apache2 (2.4.6-3) unstable; urgency=low diff --git a/debian/config-dir/mods-available/mpm_itk.conf b/debian/config-dir/mods-available/mpm_itk.conf deleted file mode 100644 index c85b5ab2..00000000 --- a/debian/config-dir/mods-available/mpm_itk.conf +++ /dev/null @@ -1,17 +0,0 @@ -# itk MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# MaxRequestWorkers: maximum number of server processes allowed to start -# MaxConnectionsPerChild: maximum number of requests a server process serves -# XXX adjust! - -<IfModule mpm_itk_module> - StartServers 5 - MinSpareServers 5 - MaxSpareServers 10 - MaxRequestWorkers 150 - MaxConnectionsPerChild 0 -</IfModule> - -# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/debian/config-dir/mods-available/mpm_itk.load b/debian/config-dir/mods-available/mpm_itk.load deleted file mode 100644 index d9203f1e..00000000 --- a/debian/config-dir/mods-available/mpm_itk.load +++ /dev/null @@ -1,2 +0,0 @@ -# Conflicts: mpm_event mpm_worker mpm_prefork -LoadModule mpm_itk_module /usr/lib/apache2/modules/mod_mpm_itk.so diff --git a/debian/control b/debian/control index 3affc67e..1ebff442 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: apache2 Section: httpd Priority: optional Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> -Uploaders: Stefan Fritsch <sf@debian.org>, Steinar H. Gunderson <sesse@debian.org>, Arno Töll <arno@debian.org> +Uploaders: Stefan Fritsch <sf@debian.org>, Arno Töll <arno@debian.org> Build-Depends: debhelper (>= 8.9.7~), lsb-release, dpkg-dev (>= 1.16.1~), libaprutil1-dev (>= 1.5.0), libapr1-dev, libpcre3-dev, zlib1g-dev, libssl-dev (>= 0.9.8m), libcap-dev [linux-any], perl, @@ -101,7 +101,7 @@ Architecture: any Section: oldlibs Priority: extra Provides: httpd, httpd-cgi -Depends: ${misc:Depends}, apache2 (= ${binary:Version}) +Depends: ${misc:Depends}, apache2 (= ${binary:Version}), libapache2-mpm-itk Description: transitional itk MPM package for apache2 This is a transitional package to apache2 for users of apache2-mpm-itk and can be safely removed after the installation is complete. diff --git a/debian/patches/itk-fix-htaccess-reads-for-persistent-connections.patch b/debian/patches/itk-fix-htaccess-reads-for-persistent-connections.patch deleted file mode 100644 index 647a5d4a..00000000 --- a/debian/patches/itk-fix-htaccess-reads-for-persistent-connections.patch +++ /dev/null @@ -1,61 +0,0 @@ -Fix an itk issue where users can sometimes get spurious 403s on persistent -connections (the description in the comments explains the logic). -This would particularly hit people with reverse proxies, since these -have a higher tendency of accessing things from different vhosts in -the same connection. - ---- a/server/config.c -+++ b/server/config.c -@@ -52,6 +52,10 @@ - #include "util_varbuf.h" - #include "mpm_common.h" - -+#include "http_connection.h" -+#include <unistd.h> -+#include <sys/types.h> -+ - #define APLOG_UNSET (APLOG_NO_MODULE - 1) - /* we know core's module_index is 0 */ - #undef APLOG_MODULE_INDEX -@@ -69,6 +73,8 @@ - - AP_DECLARE_DATA ap_directive_t *ap_conftree = NULL; - -+AP_DECLARE_DATA int ap_running_under_mpm_itk = 0; -+ - APR_HOOK_STRUCT( - APR_HOOK_LINK(header_parser) - APR_HOOK_LINK(pre_config) -@@ -2138,6 +2144,32 @@ - else { - if (!APR_STATUS_IS_ENOENT(status) - && !APR_STATUS_IS_ENOTDIR(status)) { -+ /* -+ * If we are in a persistent connection, we might end up in a state -+ * where we can no longer read .htaccess files because we have already -+ * setuid(). This can either be because the previous request was for -+ * another vhost (basically the same problem as when setuid() fails in -+ * itk.c), or it can be because a .htaccess file is readable only by -+ * root. -+ * -+ * In any case, we don't want to give out a 403, since the request has -+ * a very real chance of succeeding on a fresh connection (where -+ * presumably uid=0). Thus, we give up serving the request on this -+ * TCP connection, and do a hard close of the socket. As long as we're -+ * in a persistent connection (and there _should_ not be a way this -+ * would happen on the first request in a connection, save for subrequests, -+ * which we special-case), this is allowed, as it is what happens on -+ * a timeout. The browser will simply open a new connection and try -+ * again (there's of course a performance hit, though, both due to -+ * the new connection setup and the fork() of a new server child). -+ */ -+ if (ap_running_under_mpm_itk && r->main == NULL && getuid() != 0) { -+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, status, r, -+ "Couldn't read %s, closing connection.", -+ filename); -+ ap_lingering_close(r->connection); -+ exit(0); -+ } - ap_log_rerror(APLOG_MARK, APLOG_CRIT, status, r, APLOGNO(00529) - "%s pcfg_openfile: unable to check htaccess file, " - "ensure it is readable and that '%s' " diff --git a/debian/patches/itk-rerun-configure.patch b/debian/patches/itk-rerun-configure.patch deleted file mode 100644 index d2cf19ac..00000000 --- a/debian/patches/itk-rerun-configure.patch +++ /dev/null @@ -1,784 +0,0 @@ -# the analogon of running autoheader; autoconf, which is a pain to clean up -# -# To refresh this, -# - unpack apr+apr-util in srclib/apr{,-util} -# - run 'fakeroot debian/rules server/mpm/itk/.stamp' -# - run 'buildconf' ---- a/configure -+++ b/configure -@@ -1983,6 +1983,10 @@ - default. MPM={event|worker|prefork|winnt} This will - be statically linked as the only available MPM - unless --enable-mpms-shared is also specified. -+ --with-mpm=MPM Choose the process model for Apache to use by -+ default. MPM={event|worker|prefork|winnt|itk} This -+ will be statically linked as the only available MPM -+ unless --enable-mpms-shared is also specified. - --with-module=module-type:module-file - Enable module-file in the modules/<module-type> - directory. -@@ -25865,6 +25869,27 @@ - - fi - -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if itk MPM supports this platform" >&5 -+$as_echo_n "checking if itk MPM supports this platform... " >&6; } -+if test $forking_mpms_supported != yes; then -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - This is not a forking platform" >&5 -+$as_echo "no - This is not a forking platform" >&6; } -+else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -+$as_echo "yes" >&6; } -+ -+ if test "yes" = "yes"; then -+ eval "ap_supported_mpm_itk=shared" -+ ap_supported_shared_mpms="$ap_supported_shared_mpms itk " -+ else -+ eval "ap_supported_mpm_itk=static" -+ fi -+ if test "no" = "yes"; then -+ eval "ap_threaded_mpm_itk=yes" -+ fi -+ -+fi -+ - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if mpmt_os2 MPM supports this platform" >&5 - $as_echo_n "checking if mpmt_os2 MPM supports this platform... " >&6; } - case $host in -@@ -27480,6 +27505,182 @@ - - - -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which MPM to use by default" >&5 -+$as_echo_n "checking which MPM to use by default... " >&6; } -+ -+# Check whether --with-mpm was given. -+if test "${with_mpm+set}" = set; then : -+ withval=$with_mpm; -+ default_mpm=$withval -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5 -+$as_echo "$withval" >&6; }; -+ -+else -+ -+ if ap_mpm_is_supported "winnt"; then -+ default_mpm=winnt -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: winnt" >&5 -+$as_echo "winnt" >&6; } -+ elif ap_mpm_is_supported "mpmt_os2"; then -+ default_mpm=mpmt_os2 -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: mpmt_os2" >&5 -+$as_echo "mpmt_os2" >&6; } -+ elif ap_mpm_is_supported "event"; then -+ default_mpm=event -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: event" >&5 -+$as_echo "event" >&6; } -+ elif ap_mpm_is_supported "worker"; then -+ default_mpm=worker -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: worker - event is not supported" >&5 -+$as_echo "worker - event is not supported" >&6; } -+ else -+ default_mpm=prefork -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: prefork - event and worker are not supported" >&5 -+$as_echo "prefork - event and worker are not supported" >&6; } -+ fi -+ -+fi -+ -+ -+ -+ if ap_mpm_is_enabled $default_mpm; then -+ : -+ else -+ eval "ap_enabled_mpm_$default_mpm=yes" -+ ap_enabled_mpms="$ap_enabled_mpms $default_mpm " -+ fi -+ -+ -+# Check whether --enable-mpms-shared was given. -+if test "${enable_mpms_shared+set}" = set; then : -+ enableval=$enable_mpms_shared; -+ if test "$enableval" = "no"; then -+ mpm_build=static -+ else -+ mpm_build=shared -+ if test "$enableval" = "yes"; then -+ enableval=$default_mpm -+ fi -+ for i in $enableval; do -+ if test "$i" = "all"; then -+ for j in $ap_supported_shared_mpms; do -+ eval "enable_mpm_$j=shared" -+ -+ if ap_mpm_is_enabled $j; then -+ : -+ else -+ eval "ap_enabled_mpm_$j=yes" -+ ap_enabled_mpms="$ap_enabled_mpms $j " -+ fi -+ -+ done -+ else -+ i=`echo $i | sed 's/-/_/g'` -+ if ap_mpm_supports_shared $i; then -+ eval "enable_mpm_$i=shared" -+ -+ if ap_mpm_is_enabled $i; then -+ : -+ else -+ eval "ap_enabled_mpm_$i=yes" -+ ap_enabled_mpms="$ap_enabled_mpms $i " -+ fi -+ -+ else -+ as_fn_error $? "MPM $i does not support dynamic loading." "$LINENO" 5 -+ fi -+ fi -+ done -+ fi -+ -+else -+ mpm_build=static -+fi -+ -+ -+for i in $ap_enabled_mpms; do -+ if ap_mpm_is_supported $i; then -+ : -+ else -+ as_fn_error $? "MPM $i is not supported on this platform." "$LINENO" 5 -+ fi -+ if test "$i" = "itk" ; then -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cap_init in -lcap" >&5 -+$as_echo_n "checking for cap_init in -lcap... " >&6; } -+if ${ac_cv_lib_cap_cap_init+:} false; then : -+ $as_echo_n "(cached) " >&6 -+else -+ ac_check_lib_save_LIBS=$LIBS -+LIBS="-lcap $LIBS" -+cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+ -+/* Override any GCC internal prototype to avoid an error. -+ Use char because int might match the return type of a GCC -+ builtin and then its argument prototype would still apply. */ -+#ifdef __cplusplus -+extern "C" -+#endif -+char cap_init (); -+int -+main () -+{ -+return cap_init (); -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_c_try_link "$LINENO"; then : -+ ac_cv_lib_cap_cap_init=yes -+else -+ ac_cv_lib_cap_cap_init=no -+fi -+rm -f core conftest.err conftest.$ac_objext \ -+ conftest$ac_exeext conftest.$ac_ext -+LIBS=$ac_check_lib_save_LIBS -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cap_cap_init" >&5 -+$as_echo "$ac_cv_lib_cap_cap_init" >&6; } -+if test "x$ac_cv_lib_cap_cap_init" = xyes; then : -+ cat >>confdefs.h <<_ACEOF -+#define HAVE_LIBCAP 1 -+_ACEOF -+ -+ LIBS="-lcap $LIBS" -+ -+fi -+ -+ fi -+done -+ -+if test $mpm_build = "shared"; then -+ eval "tmp=\$enable_mpm_$default_mpm" -+ if test "$tmp" != "shared"; then -+ as_fn_error $? "The default MPM ($default_mpm) must be included in --enable-mpms-shared. Use --with-mpm to change the default MPM." "$LINENO" 5 -+ fi -+fi -+ -+ -+ APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES server/mpm/Makefile" -+ -+ -+if test $mpm_build = "shared"; then -+ MPM_LIB="" -+else -+ MPM_LIB=server/mpm/$default_mpm/lib${default_mpm}.la -+ MODLIST="$MODLIST mpm_${default_mpm}" -+fi -+ -+MPM_SUBDIRS=$ap_enabled_mpms -+ -+ APACHE_VAR_SUBST="$APACHE_VAR_SUBST MPM_SUBDIRS" -+ -+ -+ -+ APACHE_VAR_SUBST="$APACHE_VAR_SUBST MPM_LIB" -+ -+ -+ - - - APACHE_VAR_SUBST="$APACHE_VAR_SUBST MOD_MPM_EVENT_LDADD" -@@ -27570,6 +27771,77 @@ - - - -+ if ap_mpm_is_enabled itk; then -+ if test -z ""; then -+ objects="itk.lo" -+ else -+ objects="" -+ fi -+ -+ if test -z ""; then -+ mpmpath="server/mpm/itk" -+ else -+ mpmpath= -+ fi -+ -+ test -d $mpmpath || $srcdir/build/mkdir.sh $mpmpath -+ -+ -+ APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $mpmpath/Makefile" -+ -+ -+ if test -z "$enable_mpm_itk"; then -+ -+ if test "x$AP_LIBS" = "x"; then -+ test "x$silent" != "xyes" && echo " setting AP_LIBS to \"\"" -+ AP_LIBS="" -+ else -+ apr_addto_bugger="" -+ for i in $apr_addto_bugger; do -+ apr_addto_duplicate="0" -+ for j in $AP_LIBS; do -+ if test "x$i" = "x$j"; then -+ apr_addto_duplicate="1" -+ break -+ fi -+ done -+ if test $apr_addto_duplicate = "0"; then -+ test "x$silent" != "xyes" && echo " adding \"$i\" to AP_LIBS" -+ AP_LIBS="$AP_LIBS $i" -+ fi -+ done -+ fi -+ -+ libname="libitk.la" -+ cat >$mpmpath/modules.mk<<EOF -+$libname: $objects -+ \$(MOD_LINK) $objects -+DISTCLEAN_TARGETS = modules.mk -+static = $libname -+shared = -+EOF -+ else -+ apache_need_shared=yes -+ libname="mod_mpm_itk.la" -+ shobjects=`echo $objects | sed 's/\.lo/.slo/g'` -+ cat >$mpmpath/modules.mk<<EOF -+$libname: $shobjects -+ \$(SH_LINK) -rpath \$(libexecdir) -module -avoid-version $objects -+DISTCLEAN_TARGETS = modules.mk -+static = -+shared = $libname -+EOF -+ # add default MPM to LoadModule list -+ if test itk = $default_mpm; then -+ DSO_MODULES="$DSO_MODULES mpm_itk" -+ ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mpm_itk" -+ fi -+ fi -+ -+ fi -+ -+ -+ - if ap_mpm_is_enabled prefork; then - if test -z ""; then - objects="prefork.lo" -@@ -27811,6 +28083,7 @@ - - if ap_mpm_is_enabled "worker" \ - || ap_mpm_is_enabled "event" \ -+ || ap_mpm_is_enabled "itk" \ - || ap_mpm_is_enabled "prefork"; then - unixd_mods_enable=yes - else -@@ -30038,6 +30311,371 @@ - - - -+ -+ -+ current_dir=arch/unix -+ modpath_current=modules/arch/unix -+ modpath_static= -+ modpath_shared= -+ for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do -+ eval MOD_$var= -+ done -+ test -d arch/unix || $srcdir/build/mkdir.sh $modpath_current -+ > $modpath_current/modules.mk -+ -+ -+if ap_mpm_is_enabled "worker" \ -+ || ap_mpm_is_enabled "event" \ -+ || ap_mpm_is_enabled "prefork"; then -+ unixd_mods_enable=yes -+else -+ unixd_mods_enable=no -+fi -+ -+ -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_unixd" >&5 -+$as_echo_n "checking whether to enable mod_unixd... " >&6; } -+ # Check whether --enable-unixd was given. -+if test "${enable_unixd+set}" = set; then : -+ enableval=$enable_unixd; force_unixd=$enableval -+else -+ enable_unixd=$unixd_mods_enable -+fi -+ -+ _apmod_extra_msg="" -+ case "$enable_unixd" in -+ yes|static|shared) -+ _apmod_required="yes" -+ ;; -+ *) -+ case "$module_selection" in -+ reallyall|all|most) -+ _apmod_required="no" -+ ;; -+ *) -+ _apmod_required="yes" -+ ;; -+ esac -+ esac -+ if test "$enable_unixd" = "static"; then -+ enable_unixd=static -+ elif test "$enable_unixd" = "yes"; then -+ enable_unixd=$module_default -+ elif test "$enable_unixd" = "most"; then -+ if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ -+ "$module_selection" = "reallyall" -+ then -+ enable_unixd=$module_default -+ elif test "$module_selection" = "few" -o "$module_selection" = "none"; then -+ enable_unixd=no -+ fi -+ _apmod_extra_msg=" ($module_selection)" -+ elif test "$enable_unixd" = "maybe-all"; then -+ if test "$module_selection" = "all" -o "$module_selection" = "reallyall" -+ then -+ enable_unixd=$module_default -+ _apmod_extra_msg=" ($module_selection)" -+ else -+ enable_unixd=no -+ fi -+ elif test "$enable_unixd" = "no" -a "$module_selection" = "reallyall" -a \ -+ "$force_unixd" != "no" ; then -+ enable_unixd=$module_default -+ _apmod_extra_msg=" ($module_selection)" -+ fi -+ if test "$enable_unixd" != "no"; then -+ : -+ fi -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_unixd$_apmod_extra_msg" >&5 -+$as_echo "$enable_unixd$_apmod_extra_msg" >&6; } -+ if test "$enable_unixd" != "no"; then -+ case "$enable_unixd" in -+ static*) -+ MODLIST="$MODLIST unixd" -+ if test "unixd" = "so"; then -+ sharedobjs=yes -+ fi -+ shared="";; -+ *) -+ enable_unixd=`echo $enable_unixd|sed 's/shared,*//'` -+ sharedobjs=yes -+ shared=yes -+ DSO_MODULES="$DSO_MODULES unixd" -+ if test "$unixd_mods_enable" = "yes" ; then -+ ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},unixd" -+ fi -+ ;; -+ esac -+ -+ -+ if test -z ""; then -+ objects="mod_unixd.lo" -+ else -+ objects="" -+ fi -+ -+ if test -z "$module_standalone"; then -+ if test -z "$shared"; then -+ # The filename of a convenience library must have a "lib" prefix: -+ libname="libmod_unixd.la" -+ BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" -+ modpath_static="$modpath_static $libname" -+ cat >>$modpath_current/modules.mk<<EOF -+$libname: $objects -+ \$(MOD_LINK) $objects \$(MOD_UNIXD_LDADD) -+EOF -+ if test ! -z "\$(MOD_UNIXD_LDADD)"; then -+ -+ if test "x$AP_LIBS" = "x"; then -+ test "x$silent" != "xyes" && echo " setting AP_LIBS to \"\$(MOD_UNIXD_LDADD)\"" -+ AP_LIBS="\$(MOD_UNIXD_LDADD)" -+ else -+ apr_addto_bugger="\$(MOD_UNIXD_LDADD)" -+ for i in $apr_addto_bugger; do -+ apr_addto_duplicate="0" -+ for j in $AP_LIBS; do -+ if test "x$i" = "x$j"; then -+ apr_addto_duplicate="1" -+ break -+ fi -+ done -+ if test $apr_addto_duplicate = "0"; then -+ test "x$silent" != "xyes" && echo " adding \"$i\" to AP_LIBS" -+ AP_LIBS="$AP_LIBS $i" -+ fi -+ done -+ fi -+ -+ fi -+ else -+ apache_need_shared=yes -+ libname="mod_unixd.la" -+ shobjects=`echo $objects | sed 's/\.lo/.slo/g'` -+ modpath_shared="$modpath_shared $libname" -+ cat >>$modpath_current/modules.mk<<EOF -+$libname: $shobjects -+ \$(SH_LINK) -rpath \$(libexecdir) -module -avoid-version $objects \$(MOD_UNIXD_LDADD) -+EOF -+ fi -+ fi -+ -+ -+ APACHE_VAR_SUBST="$APACHE_VAR_SUBST MOD_UNIXD_LDADD" -+ -+ -+ -+ fi -+ -+ -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_privileges" >&5 -+$as_echo_n "checking whether to enable mod_privileges... " >&6; } -+ # Check whether --enable-privileges was given. -+if test "${enable_privileges+set}" = set; then : -+ enableval=$enable_privileges; force_privileges=$enableval -+else -+ enable_privileges=no -+fi -+ -+ _apmod_extra_msg="" -+ case "$enable_privileges" in -+ yes|static|shared) -+ _apmod_required="yes" -+ ;; -+ *) -+ case "$module_selection" in -+ reallyall|all|most) -+ _apmod_required="no" -+ ;; -+ *) -+ _apmod_required="yes" -+ ;; -+ esac -+ esac -+ if test "$enable_privileges" = "static"; then -+ enable_privileges=static -+ elif test "$enable_privileges" = "yes"; then -+ enable_privileges=$module_default -+ elif test "$enable_privileges" = "most"; then -+ if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ -+ "$module_selection" = "reallyall" -+ then -+ enable_privileges=$module_default -+ elif test "$module_selection" = "few" -o "$module_selection" = "none"; then -+ enable_privileges=no -+ fi -+ _apmod_extra_msg=" ($module_selection)" -+ elif test "$enable_privileges" = "maybe-all"; then -+ if test "$module_selection" = "all" -o "$module_selection" = "reallyall" -+ then -+ enable_privileges=$module_default -+ _apmod_extra_msg=" ($module_selection)" -+ else -+ enable_privileges=no -+ fi -+ elif test "$enable_privileges" = "no" -a "$module_selection" = "reallyall" -a \ -+ "$force_privileges" != "no" ; then -+ enable_privileges=$module_default -+ _apmod_extra_msg=" ($module_selection)" -+ fi -+ if test "$enable_privileges" != "no"; then -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 -+$as_echo "checking dependencies" >&6; } -+ : -+ -+ for ac_header in priv.h -+do : -+ ac_fn_c_check_header_mongrel "$LINENO" "priv.h" "ac_cv_header_priv_h" "$ac_includes_default" -+if test "x$ac_cv_header_priv_h" = xyes; then : -+ cat >>confdefs.h <<_ACEOF -+#define HAVE_PRIV_H 1 -+_ACEOF -+ ap_HAVE_PRIV_H="yes" -+else -+ ap_HAVE_PRIV_H="no" -+fi -+ -+done -+ -+ if test $ap_HAVE_PRIV_H = "no"; then -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your system does not support privileges." >&5 -+$as_echo "$as_me: WARNING: Your system does not support privileges." >&2;} -+ enable_privileges="no" -+ fi -+ -+ : -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_privileges" >&5 -+$as_echo_n "checking whether to enable mod_privileges... " >&6; } -+ if test "$enable_privileges" = "no"; then -+ if test "$_apmod_required" = "no"; then -+ _apmod_extra_msg=" (disabled)" -+ else -+ as_fn_error $? "mod_privileges has been requested but can not be built due to prerequisite failures" "$LINENO" 5 -+ fi -+ fi -+ fi -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_privileges$_apmod_extra_msg" >&5 -+$as_echo "$enable_privileges$_apmod_extra_msg" >&6; } -+ if test "$enable_privileges" != "no"; then -+ case "$enable_privileges" in -+ static*) -+ MODLIST="$MODLIST privileges" -+ if test "privileges" = "so"; then -+ sharedobjs=yes -+ fi -+ shared="";; -+ *) -+ enable_privileges=`echo $enable_privileges|sed 's/shared,*//'` -+ sharedobjs=yes -+ shared=yes -+ DSO_MODULES="$DSO_MODULES privileges" -+ if test "no" = "yes" ; then -+ ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},privileges" -+ fi -+ ;; -+ esac -+ -+ -+ if test -z ""; then -+ objects="mod_privileges.lo" -+ else -+ objects="" -+ fi -+ -+ if test -z "$module_standalone"; then -+ if test -z "$shared"; then -+ # The filename of a convenience library must have a "lib" prefix: -+ libname="libmod_privileges.la" -+ BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" -+ modpath_static="$modpath_static $libname" -+ cat >>$modpath_current/modules.mk<<EOF -+$libname: $objects -+ \$(MOD_LINK) $objects \$(MOD_PRIVILEGES_LDADD) -+EOF -+ if test ! -z "\$(MOD_PRIVILEGES_LDADD)"; then -+ -+ if test "x$AP_LIBS" = "x"; then -+ test "x$silent" != "xyes" && echo " setting AP_LIBS to \"\$(MOD_PRIVILEGES_LDADD)\"" -+ AP_LIBS="\$(MOD_PRIVILEGES_LDADD)" -+ else -+ apr_addto_bugger="\$(MOD_PRIVILEGES_LDADD)" -+ for i in $apr_addto_bugger; do -+ apr_addto_duplicate="0" -+ for j in $AP_LIBS; do -+ if test "x$i" = "x$j"; then -+ apr_addto_duplicate="1" -+ break -+ fi -+ done -+ if test $apr_addto_duplicate = "0"; then -+ test "x$silent" != "xyes" && echo " adding \"$i\" to AP_LIBS" -+ AP_LIBS="$AP_LIBS $i" -+ fi -+ done -+ fi -+ -+ fi -+ else -+ apache_need_shared=yes -+ libname="mod_privileges.la" -+ shobjects=`echo $objects | sed 's/\.lo/.slo/g'` -+ modpath_shared="$modpath_shared $libname" -+ cat >>$modpath_current/modules.mk<<EOF -+$libname: $shobjects -+ \$(SH_LINK) -rpath \$(libexecdir) -module -avoid-version $objects \$(MOD_PRIVILEGES_LDADD) -+EOF -+ fi -+ fi -+ -+ -+ APACHE_VAR_SUBST="$APACHE_VAR_SUBST MOD_PRIVILEGES_LDADD" -+ -+ -+ -+ fi -+ -+ -+ -+ if test "x$INCLUDES" = "x"; then -+ test "x$silent" != "xyes" && echo " setting INCLUDES to \"-I\$(top_srcdir)/$modpath_current\"" -+ INCLUDES="-I\$(top_srcdir)/$modpath_current" -+ else -+ apr_addto_bugger="-I\$(top_srcdir)/$modpath_current" -+ for i in $apr_addto_bugger; do -+ apr_addto_duplicate="0" -+ for j in $INCLUDES; do -+ if test "x$i" = "x$j"; then -+ apr_addto_duplicate="1" -+ break -+ fi -+ done -+ if test $apr_addto_duplicate = "0"; then -+ test "x$silent" != "xyes" && echo " adding \"$i\" to INCLUDES" -+ INCLUDES="$INCLUDES $i" -+ fi -+ done -+ fi -+ -+ -+ -+ echo "DISTCLEAN_TARGETS = modules.mk" >> $modpath_current/modules.mk -+ echo "static = $modpath_static" >> $modpath_current/modules.mk -+ echo "shared = $modpath_shared" >> $modpath_current/modules.mk -+ for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do -+ if eval val=\"\$MOD_$var\"; test -n "$val"; then -+ echo "MOD_$var = $val" >> $modpath_current/modules.mk -+ fi -+ done -+ if test ! -z "$modpath_static" -o ! -z "$modpath_shared"; then -+ MODULE_DIRS="$MODULE_DIRS $current_dir" -+ else -+ MODULE_CLEANDIRS="$MODULE_CLEANDIRS $current_dir" -+ fi -+ -+ APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $modpath_current/Makefile" -+ -+ -+ -+ - - if ap_mpm_is_enabled mpmt_os2; then - if test -z "mpmt_os2.lo mpmt_os2_child.lo"; then ---- a/include/ap_config_auto.h.in -+++ b/include/ap_config_auto.h.in -@@ -103,6 +103,9 @@ - /* Define to 1 if you have the `kqueue' function. */ - #undef HAVE_KQUEUE - -+/* Define to 1 if you have the `cap' library (-lcap). */ -+#undef HAVE_LIBCAP -+ - /* Define to 1 if you have the <limits.h> header file. */ - #undef HAVE_LIMITS_H - ---- a/build/ltmain.sh -+++ b/build/ltmain.sh -@@ -70,7 +70,7 @@ - # compiler: $LTCC - # compiler flags: $LTCFLAGS - # linker: $LD (gnu? $with_gnu_ld) --# $progname: (GNU libtool) 2.4.2 -+# $progname: (GNU libtool) 2.4.2 Debian-2.4.2-1.3 - # automake: $automake_version - # autoconf: $autoconf_version - # -@@ -80,7 +80,7 @@ - - PROGRAM=libtool - PACKAGE=libtool --VERSION=2.4.2 -+VERSION="2.4.2 Debian-2.4.2-1.3" - TIMESTAMP="" - package_revision=1.3337 - -@@ -5851,10 +5851,9 @@ - # -tp=* Portland pgcc target processor selection - # --sysroot=* for sysroot support - # -O*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization -- # -stdlib=* select c++ std lib with clang - -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ - -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ -- -O*|-flto*|-fwhopr*|-fuse-linker-plugin|-stdlib=*) -+ -O*|-flto*|-fwhopr*|-fuse-linker-plugin) - func_quote_for_eval "$arg" - arg="$func_quote_for_eval_result" - func_append compile_command " $arg" -@@ -6125,7 +6124,10 @@ - case $pass in - dlopen) libs="$dlfiles" ;; - dlpreopen) libs="$dlprefiles" ;; -- link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; -+ link) -+ libs="$deplibs %DEPLIBS%" -+ test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs" -+ ;; - esac - fi - if test "$linkmode,$pass" = "lib,dlpreopen"; then -@@ -6445,19 +6447,19 @@ - # It is a libtool convenience library, so add in its objects. - func_append convenience " $ladir/$objdir/$old_library" - func_append old_convenience " $ladir/$objdir/$old_library" -+ tmp_libs= -+ for deplib in $dependency_libs; do -+ deplibs="$deplib $deplibs" -+ if $opt_preserve_dup_deps ; then -+ case "$tmp_libs " in -+ *" $deplib "*) func_append specialdeplibs " $deplib" ;; -+ esac -+ fi -+ func_append tmp_libs " $deplib" -+ done - elif test "$linkmode" != prog && test "$linkmode" != lib; then - func_fatal_error "\`$lib' is not a convenience library" - fi -- tmp_libs= -- for deplib in $dependency_libs; do -- deplibs="$deplib $deplibs" -- if $opt_preserve_dup_deps ; then -- case "$tmp_libs " in -- *" $deplib "*) func_append specialdeplibs " $deplib" ;; -- esac -- fi -- func_append tmp_libs " $deplib" -- done - continue - fi # $pass = conv - -@@ -7350,6 +7352,9 @@ - revision="$number_minor" - lt_irix_increment=no - ;; -+ *) -+ func_fatal_configuration "$modename: unknown library version type \`$version_type'" -+ ;; - esac - ;; - no) diff --git a/debian/patches/itk/02-rename-prefork-to-itk.patch b/debian/patches/itk/02-rename-prefork-to-itk.patch deleted file mode 100644 index 19c76de6..00000000 --- a/debian/patches/itk/02-rename-prefork-to-itk.patch +++ /dev/null @@ -1,294 +0,0 @@ -Rename prefork to itk in the copy that was created in 01-copy-prefork.patch. - -Index: httpd-2.4.1/server/mpm/itk/config.m4 -=================================================================== ---- httpd-2.4.1.orig/server/mpm/itk/config.m4 -+++ httpd-2.4.1/server/mpm/itk/config.m4 -@@ -1,7 +1,7 @@ --AC_MSG_CHECKING(if prefork MPM supports this platform) -+AC_MSG_CHECKING(if itk MPM supports this platform) - if test $forking_mpms_supported != yes; then - AC_MSG_RESULT(no - This is not a forking platform) - else - AC_MSG_RESULT(yes) -- APACHE_MPM_SUPPORTED(prefork, yes, no) -+ APACHE_MPM_SUPPORTED(itk, yes, no) - fi -Index: httpd-2.4.1/server/mpm/itk/config3.m4 -=================================================================== ---- httpd-2.4.1.orig/server/mpm/itk/config3.m4 -+++ httpd-2.4.1/server/mpm/itk/config3.m4 -@@ -1 +1 @@ --APACHE_MPM_MODULE(prefork, $enable_mpm_prefork) -+APACHE_MPM_MODULE(itk, $enable_mpm_itk) -Index: httpd-2.4.1/server/mpm/itk/itk.c -=================================================================== ---- httpd-2.4.1.orig/server/mpm/itk/itk.c -+++ httpd-2.4.1/server/mpm/itk/itk.c -@@ -95,11 +95,11 @@ static int server_limit = 0; - static int mpm_state = AP_MPMQ_STARTING; - static ap_pod_t *pod; - --/* data retained by prefork across load/unload of the module -+/* data retained by itk across load/unload of the module - * allocated on first call to pre-config hook; located on - * subsequent calls to pre-config hook - */ --typedef struct prefork_retained_data { -+typedef struct itk_retained_data { - int first_server_limit; - int module_loads; - ap_generation_t my_generation; -@@ -122,8 +122,8 @@ typedef struct prefork_retained_data { - #define MAX_SPAWN_RATE (32) - #endif - int hold_off_on_exponential_spawning; --} prefork_retained_data; --static prefork_retained_data *retained; -+} itk_retained_data; -+static itk_retained_data *retained; - - #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid) - -@@ -189,7 +189,7 @@ static void chdir_for_gprof(void) - #define chdir_for_gprof() - #endif - --static void prefork_note_child_killed(int childnum, pid_t pid, -+static void itk_note_child_killed(int childnum, pid_t pid, - ap_generation_t gen) - { - AP_DEBUG_ASSERT(childnum != -1); /* no scoreboard squatting with this MPM */ -@@ -200,7 +200,7 @@ static void prefork_note_child_killed(in - ap_scoreboard_image->parent[childnum].pid = 0; - } - --static void prefork_note_child_started(int slot, pid_t pid) -+static void itk_note_child_started(int slot, pid_t pid) - { - ap_scoreboard_image->parent[slot].pid = pid; - ap_run_child_status(ap_server_conf, -@@ -219,7 +219,7 @@ static void clean_child_exit(int code) - } - - if (one_process) { -- prefork_note_child_killed(/* slot */ 0, 0, 0); -+ itk_note_child_killed(/* slot */ 0, 0, 0); - } - - ap_mpm_pod_close(pod); -@@ -277,7 +277,7 @@ static void accept_mutex_off(void) - #define SAFE_ACCEPT(stmt) do {stmt;} while(0) - #endif - --static int prefork_query(int query_code, int *result, apr_status_t *rv) -+static int itk_query(int query_code, int *result, apr_status_t *rv) - { - *rv = APR_SUCCESS; - switch(query_code){ -@@ -330,9 +330,9 @@ static int prefork_query(int query_code, - return OK; - } - --static const char *prefork_get_name(void) -+static const char *itk_get_name(void) - { -- return "prefork"; -+ return "itk"; - } - - /***************************************************************** -@@ -735,7 +735,7 @@ static int make_child(server_rec *s, int - apr_signal(SIGQUIT, SIG_DFL); - #endif - apr_signal(SIGTERM, sig_term); -- prefork_note_child_started(slot, getpid()); -+ itk_note_child_started(slot, getpid()); - child_main(slot); - /* NOTREACHED */ - } -@@ -793,7 +793,7 @@ static int make_child(server_rec *s, int - child_main(slot); - } - -- prefork_note_child_started(slot, pid); -+ itk_note_child_started(slot, pid); - - return 0; - } -@@ -914,7 +914,7 @@ static void perform_idle_server_maintena - * Executive routines. - */ - --static int prefork_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) -+static int itk_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) - { - int index; - int remaining_children_to_start; -@@ -1029,7 +1029,7 @@ static int prefork_run(apr_pool_t *_pcon - if (child_slot >= 0) { - (void) ap_update_child_status_from_indexes(child_slot, 0, SERVER_DEAD, - (request_rec *) NULL); -- prefork_note_child_killed(child_slot, 0, 0); -+ itk_note_child_killed(child_slot, 0, 0); - if (processed_status == APEXIT_CHILDSICK) { - /* child detected a resource shortage (E[NM]FILE, ENOBUFS, etc) - * cut the fork rate to the minimum -@@ -1094,7 +1094,7 @@ static int prefork_run(apr_pool_t *_pcon - ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, APLOGNO(00168) "killpg SIGTERM"); - } - ap_reclaim_child_processes(1, /* Start with SIGTERM */ -- prefork_note_child_killed); -+ itk_note_child_killed); - - /* cleanup pid file on normal shutdown */ - ap_remove_pid(pconf, ap_pid_fname); -@@ -1128,7 +1128,7 @@ static int prefork_run(apr_pool_t *_pcon - } - - /* Allow each child which actually finished to exit */ -- ap_relieve_child_processes(prefork_note_child_killed); -+ ap_relieve_child_processes(itk_note_child_killed); - - /* cleanup pid file */ - ap_remove_pid(pconf, ap_pid_fname); -@@ -1147,7 +1147,7 @@ static int prefork_run(apr_pool_t *_pcon - sleep(1); - - /* Relieve any children which have now exited */ -- ap_relieve_child_processes(prefork_note_child_killed); -+ ap_relieve_child_processes(itk_note_child_killed); - - active_children = 0; - for (index = 0; index < ap_daemons_limit; ++index) { -@@ -1216,7 +1216,7 @@ static int prefork_run(apr_pool_t *_pcon - ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, APLOGNO(00172) "killpg SIGHUP"); - } - ap_reclaim_child_processes(0, /* Not when just starting up */ -- prefork_note_child_killed); -+ itk_note_child_killed); - ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, APLOGNO(00173) - "SIGHUP received. Attempting to restart"); - } -@@ -1227,7 +1227,7 @@ static int prefork_run(apr_pool_t *_pcon - /* This really should be a post_config hook, but the error log is already - * redirected by that point, so we need to do this in the open_logs phase. - */ --static int prefork_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) -+static int itk_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) - { - int startup = 0; - int level_flags = 0; -@@ -1257,11 +1257,11 @@ static int prefork_open_logs(apr_pool_t - return OK; - } - --static int prefork_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp) -+static int itk_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp) - { - int no_detach, debug, foreground; - apr_status_t rv; -- const char *userdata_key = "mpm_prefork_module"; -+ const char *userdata_key = "mpm_itk_module"; - - mpm_state = AP_MPMQ_STARTING; - -@@ -1315,7 +1315,7 @@ static int prefork_pre_config(apr_pool_t - return OK; - } - --static int prefork_check_config(apr_pool_t *p, apr_pool_t *plog, -+static int itk_check_config(apr_pool_t *p, apr_pool_t *plog, - apr_pool_t *ptemp, server_rec *s) - { - int startup = 0; -@@ -1401,7 +1401,7 @@ static int prefork_check_config(apr_pool - ap_daemons_limit = 1; - } - -- /* ap_daemons_to_start > ap_daemons_limit checked in prefork_run() */ -+ /* ap_daemons_to_start > ap_daemons_limit checked in itk_run() */ - if (ap_daemons_to_start < 0) { - if (startup) { - ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_STARTUP, 0, NULL, APLOGNO(00184) -@@ -1432,12 +1432,12 @@ static int prefork_check_config(apr_pool - ap_daemons_min_free = 1; - } - -- /* ap_daemons_max_free < ap_daemons_min_free + 1 checked in prefork_run() */ -+ /* ap_daemons_max_free < ap_daemons_min_free + 1 checked in itk_run() */ - - return OK; - } - --static void prefork_hooks(apr_pool_t *p) -+static void itk_hooks(apr_pool_t *p) - { - /* Our open_logs hook function must run before the core's, or stderr - * will be redirected to a file, and the messages won't print to the -@@ -1445,15 +1445,15 @@ static void prefork_hooks(apr_pool_t *p) - */ - static const char *const aszSucc[] = {"core.c", NULL}; - -- ap_hook_open_logs(prefork_open_logs, NULL, aszSucc, APR_HOOK_REALLY_FIRST); -+ ap_hook_open_logs(itk_open_logs, NULL, aszSucc, APR_HOOK_REALLY_FIRST); - /* we need to set the MPM state before other pre-config hooks use MPM query - * to retrieve it, so register as REALLY_FIRST - */ -- ap_hook_pre_config(prefork_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST); -- ap_hook_check_config(prefork_check_config, NULL, NULL, APR_HOOK_MIDDLE); -- ap_hook_mpm(prefork_run, NULL, NULL, APR_HOOK_MIDDLE); -- ap_hook_mpm_query(prefork_query, NULL, NULL, APR_HOOK_MIDDLE); -- ap_hook_mpm_get_name(prefork_get_name, NULL, NULL, APR_HOOK_MIDDLE); -+ ap_hook_pre_config(itk_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST); -+ ap_hook_check_config(itk_check_config, NULL, NULL, APR_HOOK_MIDDLE); -+ ap_hook_mpm(itk_run, NULL, NULL, APR_HOOK_MIDDLE); -+ ap_hook_mpm_query(itk_query, NULL, NULL, APR_HOOK_MIDDLE); -+ ap_hook_mpm_get_name(itk_get_name, NULL, NULL, APR_HOOK_MIDDLE); - } - - static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg) -@@ -1515,7 +1515,7 @@ static const char *set_server_limit (cmd - return NULL; - } - --static const command_rec prefork_cmds[] = { -+static const command_rec itk_cmds[] = { - LISTEN_COMMANDS, - AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF, - "Number of child processes launched at server startup"), -@@ -1533,13 +1533,13 @@ AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND, - { NULL } - }; - --AP_DECLARE_MODULE(mpm_prefork) = { -+AP_DECLARE_MODULE(mpm_itk) = { - MPM20_MODULE_STUFF, - NULL, /* hook to run before apache parses args */ - NULL, /* create per-directory config structure */ - NULL, /* merge per-directory config structures */ - NULL, /* create per-server config structure */ - NULL, /* merge per-server config structures */ -- prefork_cmds, /* command apr_table_t */ -- prefork_hooks, /* register hooks */ -+ itk_cmds, /* command apr_table_t */ -+ itk_hooks, /* register hooks */ - }; -Index: httpd-2.4.1/server/mpm/itk/mpm_default.h -=================================================================== ---- httpd-2.4.1.orig/server/mpm/itk/mpm_default.h -+++ httpd-2.4.1/server/mpm/itk/mpm_default.h -@@ -15,10 +15,10 @@ - */ - - /** -- * @file prefork/mpm_default.h -- * @brief Prefork MPM defaults -+ * @file itk/mpm_default.h -+ * @brief ITK MPM defaults - * -- * @defgroup APACHE_MPM_PREFORK Prefork MPM -+ * @defgroup APACHE_MPM_ITK Apache ITK - * @ingroup APACHE_INTERNAL - * @{ - */ diff --git a/debian/patches/itk/05-add-copyright.patch b/debian/patches/itk/05-add-copyright.patch deleted file mode 100644 index 0528ec95..00000000 --- a/debian/patches/itk/05-add-copyright.patch +++ /dev/null @@ -1,36 +0,0 @@ -Add copyright notices, as the next patches are going to add code. - -Index: httpd-2.4.1/server/mpm/itk/itk.c -=================================================================== ---- httpd-2.4.1.orig/server/mpm/itk/itk.c -+++ httpd-2.4.1/server/mpm/itk/itk.c -@@ -12,6 +12,12 @@ - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -+ * -+ * Portions copyright 2005-2012 Steinar H. Gunderson <sgunderson@bigfoot.com>. -+ * Licensed under the same terms as the rest of Apache. -+ * -+ * Portions copyright 2008 Knut Auvor Grythe <knut@auvor.no>. -+ * Licensed under the same terms as the rest of Apache. - */ - - #include "apr.h" -Index: httpd-2.4.1/server/mpm/itk/mpm_default.h -=================================================================== ---- httpd-2.4.1.orig/server/mpm/itk/mpm_default.h -+++ httpd-2.4.1/server/mpm/itk/mpm_default.h -@@ -12,6 +12,12 @@ - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -+ * -+ * Portions copyright 2005-2012 Steinar H. Gunderson <sgunderson@bigfoot.com>. -+ * Licensed under the same terms as the rest of Apache. -+ * -+ * Portions copyright 2008 Knut Auvor Grythe <knut@auvor.no>. -+ * Licensed under the same terms as the rest of Apache. - */ - - /** diff --git a/debian/patches/itk/07-base-functionality.patch b/debian/patches/itk/07-base-functionality.patch deleted file mode 100644 index d48edbb5..00000000 --- a/debian/patches/itk/07-base-functionality.patch +++ /dev/null @@ -1,229 +0,0 @@ -Add the base functionality of mpm_itk over prefork; parse the new configuration -options, fork on each new connection, and setuid() as required. - -Index: httpd-2.4.1/server/mpm/itk/itk.c -=================================================================== ---- httpd-2.4.1.orig/server/mpm/itk/itk.c -+++ httpd-2.4.1/server/mpm/itk/itk.c -@@ -26,6 +26,11 @@ - #include "apr_thread_proc.h" - #include "apr_signal.h" - -+# define _DBG(text,par...) \ -+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ -+ "(itkmpm: pid=%d uid=%d, gid=%d) %s(): " text, \ -+ getpid(), getuid(), getgid(), __FUNCTION__, par) -+ - #define APR_WANT_STDIO - #define APR_WANT_STRFUNC - #include "apr_want.h" -@@ -64,6 +69,9 @@ - #include <signal.h> - #include <sys/times.h> - -+/* Import our private hook. */ -+AP_DECLARE_HOOK(int,post_perdir_config,(request_rec *r)) -+ - /* Limit on the total --- clients will be locked out if more servers than - * this are needed. It is intended solely to keep the server from crashing - * when things get out of hand. -@@ -153,6 +161,15 @@ static pid_t ap_my_pid; /* it seems sill - static pid_t parent_pid; - static int my_child_num; - -+typedef struct -+{ -+ uid_t uid; -+ gid_t gid; -+ char *username; -+} itk_per_dir_conf; -+ -+module AP_MODULE_DECLARE_DATA mpm_itk_module; -+ - #ifdef GPROF - /* - * change directory for gprof to plop the gmon.out file -@@ -542,10 +559,6 @@ static void child_main(int child_num_arg - clean_child_exit(APEXIT_CHILDFATAL); - } - -- if (ap_run_drop_privileges(pchild, ap_server_conf)) { -- clean_child_exit(APEXIT_CHILDFATAL); -- } -- - ap_run_child_init(pchild, ap_server_conf); - - ap_create_sb_handle(&sbh, pchild, my_child_num, 0); -@@ -695,13 +708,40 @@ static void child_main(int child_num_arg - * socket options, file descriptors, and read/write buffers. - */ - -- current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc); -- if (current_conn) { -+ { -+ pid_t pid = fork(), child_pid; -+ int status; -+ switch (pid) { -+ case -1: -+ ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "fork: Unable to fork new process"); -+ break; -+ case 0: /* child */ -+ current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc); -+ if (current_conn) { - #if APR_HAS_THREADS -- current_conn->current_thread = thd; -+ current_conn->current_thread = thd; - #endif -- ap_process_connection(current_conn, csd); -- ap_lingering_close(current_conn); -+ ap_process_connection(current_conn, csd); -+ ap_lingering_close(current_conn); -+ } -+ exit(0); -+ default: /* parent; just wait for child to be done */ -+ do { -+ child_pid = waitpid(pid, &status, 0); -+ } while (child_pid == -1 && errno == EINTR); -+ -+ if (child_pid != pid || !WIFEXITED(status)) { -+ if (WIFSIGNALED(status)) { -+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child died with signal %u", WTERMSIG(status)); -+ } else if (WEXITSTATUS(status) != 0) { -+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child exited with non-zero exit status %u", WEXITSTATUS(status)); -+ } else { -+ ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "waitpid() failed"); -+ } -+ clean_child_exit(1); -+ } -+ break; -+ } - } - - /* Check the pod and the generation number after processing a -@@ -719,6 +759,10 @@ static void child_main(int child_num_arg - */ - die_now = 1; - } -+ -+ /* if we have already setuid(), die (we can't be used anyhow) */ -+ if (getuid()) -+ die_now = 1; - } - apr_pool_clear(ptrans); /* kludge to avoid crash in APR reslist cleanup code */ - clean_child_exit(0); -@@ -1443,6 +1487,56 @@ static int itk_check_config(apr_pool_t * - return OK; - } - -+static int itk_post_perdir_config(request_rec *r) -+{ -+ uid_t wanted_uid; -+ gid_t wanted_gid; -+ const char *wanted_username; -+ int err = 0; -+ -+ itk_per_dir_conf *dconf = -+ (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module); -+ -+ strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31); -+ ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0; -+ -+ wanted_uid = dconf->uid; -+ wanted_gid = dconf->gid; -+ wanted_username = dconf->username; -+ -+ if (wanted_uid == -1 || wanted_gid == -1) { -+ wanted_uid = ap_unixd_config.user_id; -+ wanted_gid = ap_unixd_config.group_id; -+ wanted_username = ap_unixd_config.user_name; -+ } -+ -+ if (wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) { -+ if (setgid(wanted_gid)) { -+ _DBG("setgid(%d): %s", wanted_gid, strerror(errno)); -+ err = 1; -+ } else if (initgroups(wanted_username, wanted_gid)) { -+ _DBG("initgroups(%s, %d): %s", wanted_username, wanted_gid, strerror(errno)); -+ err = 1; -+ } else if (setuid(wanted_uid)) { -+ _DBG("setuid(%d): %s", wanted_uid, strerror(errno)); -+ err = 1; -+ } -+ } -+ -+ /* -+ * Most likely a case of switching uid/gid within a persistent -+ * connection; the RFCs allow us to just close the connection -+ * at anytime, so we excercise our right. :-) -+ */ -+ if (err) { -+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ -+ "Couldn't set uid/gid, closing connection."); -+ ap_lingering_close(r->connection); -+ exit(0); -+ } -+ return OK; -+} -+ - static void itk_hooks(apr_pool_t *p) - { - /* Our open_logs hook function must run before the core's, or stderr -@@ -1460,6 +1554,9 @@ static void itk_hooks(apr_pool_t *p) - ap_hook_mpm(itk_run, NULL, NULL, APR_HOOK_MIDDLE); - ap_hook_mpm_query(itk_query, NULL, NULL, APR_HOOK_MIDDLE); - ap_hook_mpm_get_name(itk_get_name, NULL, NULL, APR_HOOK_MIDDLE); -+ -+ /* set the uid as fast as possible, but not before merging per-dit config */ -+ ap_hook_header_parser(itk_post_perdir_config, NULL, NULL, APR_HOOK_REALLY_FIRST); - } - - static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg) -@@ -1521,6 +1618,21 @@ static const char *set_server_limit (cmd - return NULL; - } - -+static const char *assign_user_id (cmd_parms *cmd, void *ptr, const char *user_name, const char *group_name) -+{ -+ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr; -+ -+ const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS); -+ if (err) { -+ return err; -+ } -+ -+ dconf->username = apr_pstrdup(cmd->pool, user_name); -+ dconf->uid = ap_uname2id(user_name); -+ dconf->gid = ap_gname2id(group_name); -+ return NULL; -+} -+ - static const command_rec itk_cmds[] = { - LISTEN_COMMANDS, - AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF, -@@ -1535,14 +1647,25 @@ AP_INIT_TAKE1("MaxRequestWorkers", set_m - "Maximum number of children alive at the same time"), - AP_INIT_TAKE1("ServerLimit", set_server_limit, NULL, RSRC_CONF, - "Maximum value of MaxRequestWorkers for this run of Apache"), -+AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF, -+ "Tie a virtual host to a specific child process."), - AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND, - { NULL } - }; - -+/* == allocate a private per-dir config structure == */ -+static void *itk_create_dir_config(apr_pool_t *p, char *dummy) -+{ -+ itk_per_dir_conf *c = (itk_per_dir_conf *) -+ apr_pcalloc(p, sizeof(itk_per_dir_conf)); -+ c->uid = c->gid = -1; -+ return c; -+} -+ - AP_DECLARE_MODULE(mpm_itk) = { - MPM20_MODULE_STUFF, - NULL, /* hook to run before apache parses args */ -- NULL, /* create per-directory config structure */ -+ itk_create_dir_config, /* create per-directory config structure */ - NULL, /* merge per-directory config structures */ - NULL, /* create per-server config structure */ - NULL, /* merge per-server config structures */ diff --git a/debian/patches/itk/08-max-clients-per-vhost.patch b/debian/patches/itk/08-max-clients-per-vhost.patch deleted file mode 100644 index 8953217a..00000000 --- a/debian/patches/itk/08-max-clients-per-vhost.patch +++ /dev/null @@ -1,99 +0,0 @@ -Enforce the per-vhost server limit. Note that this is per-vhost, not -per-directory (since it works by reading the scoreboard), so we need to add -per-server configuration data. - -Index: httpd-2.4.1/server/mpm/itk/itk.c -=================================================================== ---- httpd-2.4.1.orig/server/mpm/itk/itk.c -+++ httpd-2.4.1/server/mpm/itk/itk.c -@@ -168,6 +168,11 @@ typedef struct - char *username; - } itk_per_dir_conf; - -+typedef struct -+{ -+ int max_clients_vhost; -+} itk_server_conf; -+ - module AP_MODULE_DECLARE_DATA mpm_itk_module; - - #ifdef GPROF -@@ -1493,9 +1498,29 @@ static int itk_post_perdir_config(reques - gid_t wanted_gid; - const char *wanted_username; - int err = 0; -+ -+ itk_server_conf *sconf = -+ (itk_server_conf *) ap_get_module_config(r->server->module_config, &mpm_itk_module); -+ itk_per_dir_conf *dconf; -+ -+ /* Enforce MaxClientsVhost. */ -+ if (sconf->max_clients_vhost > 0) { -+ int i, num_other_servers = 0; -+ for (i = 0; i < ap_daemons_limit; ++i) { -+ worker_score *ws = &ap_scoreboard_image->servers[i][0]; -+ if (ws->status >= SERVER_BUSY_READ && strncmp(ws->vhost, r->server->server_hostname, 31) == 0) -+ ++num_other_servers; -+ } - -- itk_per_dir_conf *dconf = -- (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module); -+ if (num_other_servers > sconf->max_clients_vhost) { -+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ -+ "MaxClientsVhost reached for %s, refusing client.", -+ r->server->server_hostname); -+ return HTTP_SERVICE_UNAVAILABLE; -+ } -+ } -+ -+ dconf = (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module); - - strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31); - ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0; -@@ -1633,6 +1658,14 @@ static const char *assign_user_id (cmd_p - return NULL; - } - -+static const char *set_max_clients_vhost (cmd_parms *cmd, void *dummy, const char *arg) -+{ -+ itk_server_conf *sconf = -+ (itk_server_conf *) ap_get_module_config(cmd->server->module_config, &mpm_itk_module); -+ sconf->max_clients_vhost = atoi(arg); -+ return NULL; -+} -+ - static const command_rec itk_cmds[] = { - LISTEN_COMMANDS, - AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF, -@@ -1649,6 +1682,8 @@ AP_INIT_TAKE1("ServerLimit", set_server_ - "Maximum value of MaxRequestWorkers for this run of Apache"), - AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF, - "Tie a virtual host to a specific child process."), -+AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF, -+ "Maximum number of children alive at the same time for this virtual host."), - AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND, - { NULL } - }; -@@ -1662,12 +1697,21 @@ static void *itk_create_dir_config(apr_p - return c; - } - -+/* == allocate a private server config structure == */ -+static void *itk_create_server_config(apr_pool_t *p, server_rec *s) -+{ -+ itk_server_conf *c = (itk_server_conf *) -+ apr_pcalloc(p, sizeof(itk_server_conf)); -+ c->max_clients_vhost = -1; -+ return c; -+} -+ - AP_DECLARE_MODULE(mpm_itk) = { - MPM20_MODULE_STUFF, - NULL, /* hook to run before apache parses args */ - itk_create_dir_config, /* create per-directory config structure */ - NULL, /* merge per-directory config structures */ -- NULL, /* create per-server config structure */ -+ itk_create_server_config, /* create per-server config structure */ - NULL, /* merge per-server config structures */ - itk_cmds, /* command apr_table_t */ - itk_hooks, /* register hooks */ diff --git a/debian/patches/itk/09-capabilities.patch b/debian/patches/itk/09-capabilities.patch deleted file mode 100644 index 30935874..00000000 --- a/debian/patches/itk/09-capabilities.patch +++ /dev/null @@ -1,59 +0,0 @@ -Use Linux' capability system to run as a sort of "lesser root"; we drop nearly -all root privilegies except the ability to setuid. An attacker capable of injecting -code will still be able to run as any (normal) user on the system, but at least -he/she cannot directly load kernel code etc. - -Index: httpd-2.4.1/server/mpm/itk/itk.c -=================================================================== ---- httpd-2.4.1.orig/server/mpm/itk/itk.c -+++ httpd-2.4.1/server/mpm/itk/itk.c -@@ -66,6 +66,10 @@ - #include <sys/processor.h> /* for bindprocessor() */ - #endif - -+#if HAVE_LIBCAP -+#include <sys/capability.h> -+#endif -+ - #include <signal.h> - #include <sys/times.h> - -@@ -522,6 +526,15 @@ static void child_main(int child_num_arg - int last_poll_idx = 0; - const char *lockfile; - -+#if HAVE_LIBCAP -+ cap_t caps; -+ cap_value_t suidcaps[] = { -+ CAP_SETUID, -+ CAP_SETGID, -+ CAP_DAC_READ_SEARCH, -+ }; -+#endif -+ - mpm_state = AP_MPMQ_STARTING; /* for benefit of any hooks that run as this - * child initializes - */ -@@ -596,6 +609,22 @@ static void child_main(int child_num_arg - lr->accept_func = ap_unixd_accept; - } - -+#if HAVE_LIBCAP -+ /* Drop as many privileges as we can. We'll still -+ * access files with uid=0, and we can setuid() to anything, but -+ * at least there's tons of other evilness (like loading kernel -+ * modules) we can't do directly. (The setuid() capability will -+ * go away automatically when we setuid() or exec() -- the former -+ * is likely to come first.) -+ */ -+ caps = cap_init(); -+ cap_clear(caps); -+ cap_set_flag(caps, CAP_PERMITTED, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET); -+ cap_set_flag(caps, CAP_EFFECTIVE, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET); -+ cap_set_proc(caps); -+ cap_free(caps); -+#endif -+ - mpm_state = AP_MPMQ_RUNNING; - - bucket_alloc = apr_bucket_alloc_create(pchild); diff --git a/debian/patches/itk/10-nice.patch b/debian/patches/itk/10-nice.patch deleted file mode 100644 index c2f9c3d8..00000000 --- a/debian/patches/itk/10-nice.patch +++ /dev/null @@ -1,140 +0,0 @@ -Support a per-location nice value. Note that since we now have two different settings -in the per-dir configuration, we need to introduce a merge function. - -Index: httpd-2.4.1/server/mpm/itk/itk.c -=================================================================== ---- httpd-2.4.1.orig/server/mpm/itk/itk.c -+++ httpd-2.4.1/server/mpm/itk/itk.c -@@ -165,11 +165,14 @@ static pid_t ap_my_pid; /* it seems sill - static pid_t parent_pid; - static int my_child_num; - -+#define UNSET_NICE_VALUE 100 -+ - typedef struct - { - uid_t uid; - gid_t gid; - char *username; -+ int nice_value; - } itk_per_dir_conf; - - typedef struct -@@ -532,6 +535,7 @@ static void child_main(int child_num_arg - CAP_SETUID, - CAP_SETGID, - CAP_DAC_READ_SEARCH, -+ CAP_SYS_NICE, - }; - #endif - -@@ -1554,6 +1558,12 @@ static int itk_post_perdir_config(reques - strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31); - ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0; - -+ if (dconf->nice_value != UNSET_NICE_VALUE && -+ setpriority(PRIO_PROCESS, 0, dconf->nice_value)) { -+ _DBG("setpriority(): %s", strerror(errno)); -+ err = 1; -+ } -+ - wanted_uid = dconf->uid; - wanted_gid = dconf->gid; - wanted_username = dconf->username; -@@ -1564,7 +1574,7 @@ static int itk_post_perdir_config(reques - wanted_username = ap_unixd_config.user_name; - } - -- if (wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) { -+ if (!err && wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) { - if (setgid(wanted_gid)) { - _DBG("setgid(%d): %s", wanted_gid, strerror(errno)); - err = 1; -@@ -1584,7 +1594,7 @@ static int itk_post_perdir_config(reques - */ - if (err) { - ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ -- "Couldn't set uid/gid, closing connection."); -+ "Couldn't set uid/gid/priority, closing connection."); - ap_lingering_close(r->connection); - exit(0); - } -@@ -1695,6 +1705,27 @@ static const char *set_max_clients_vhost - return NULL; - } - -+static const char *set_nice_value (cmd_parms *cmd, void *ptr, const char *arg) -+{ -+ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr; -+ int nice_value = atoi(arg); -+ -+ if (nice_value < -20) { -+ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, -+ "WARNING: NiceValue of %d is below -20, increasing NiceValue to -20.", -+ nice_value); -+ nice_value = -20; -+ } -+ else if (nice_value > 19) { -+ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, -+ "WARNING: NiceValue of %d is above 19, lowering NiceValue to 19.", -+ nice_value); -+ nice_value = 19; -+ } -+ dconf->nice_value = nice_value; -+ return NULL; -+} -+ - static const command_rec itk_cmds[] = { - LISTEN_COMMANDS, - AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF, -@@ -1713,6 +1744,8 @@ AP_INIT_TAKE2("AssignUserID", assign_use - "Tie a virtual host to a specific child process."), - AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF, - "Maximum number of children alive at the same time for this virtual host."), -+AP_INIT_TAKE1("NiceValue", set_nice_value, NULL, RSRC_CONF|ACCESS_CONF, -+ "Set nice value for the given vhost, from -20 (highest priority) to 19 (lowest priority)."), - AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND, - { NULL } - }; -@@ -1723,6 +1756,32 @@ static void *itk_create_dir_config(apr_p - itk_per_dir_conf *c = (itk_per_dir_conf *) - apr_pcalloc(p, sizeof(itk_per_dir_conf)); - c->uid = c->gid = -1; -+ c->nice_value = UNSET_NICE_VALUE; -+ return c; -+} -+ -+/* == merge the parent per-dir config structure into ours == */ -+static void *itk_merge_dir_config(apr_pool_t *p, void *parent_ptr, void *child_ptr) -+{ -+ itk_per_dir_conf *c = (itk_per_dir_conf *) -+ itk_create_dir_config(p, NULL); -+ itk_per_dir_conf *parent = (itk_per_dir_conf *) parent_ptr; -+ itk_per_dir_conf *child = (itk_per_dir_conf *) child_ptr; -+ -+ if (child->username != NULL) { -+ c->username = child->username; -+ c->uid = child->uid; -+ c->gid = child->gid; -+ } else { -+ c->username = parent->username; -+ c->uid = parent->uid; -+ c->gid = parent->gid; -+ } -+ if (child->nice_value != UNSET_NICE_VALUE) { -+ c->nice_value = child->nice_value; -+ } else { -+ c->nice_value = parent->nice_value; -+ } - return c; - } - -@@ -1739,7 +1798,7 @@ AP_DECLARE_MODULE(mpm_itk) = { - MPM20_MODULE_STUFF, - NULL, /* hook to run before apache parses args */ - itk_create_dir_config, /* create per-directory config structure */ -- NULL, /* merge per-directory config structures */ -+ itk_merge_dir_config, /* merge per-directory config structures */ - itk_create_server_config, /* create per-server config structure */ - NULL, /* merge per-server config structures */ - itk_cmds, /* command apr_table_t */ diff --git a/debian/patches/itk/11-fix-htaccess-reads-for-persistent-connections.patch b/debian/patches/itk/11-fix-htaccess-reads-for-persistent-connections.patch deleted file mode 100644 index b8033a69..00000000 --- a/debian/patches/itk/11-fix-htaccess-reads-for-persistent-connections.patch +++ /dev/null @@ -1,23 +0,0 @@ -To work around an issue where users can sometimes get spurious 403s on -persistent connections the server needs to know it is running itk: - -Index: httpd-2.4.1/server/mpm/itk/itk.c -=================================================================== ---- httpd-2.4.1.orig/server/mpm/itk/itk.c -+++ httpd-2.4.1/server/mpm/itk/itk.c -@@ -181,6 +181,7 @@ typedef struct - } itk_server_conf; - - module AP_MODULE_DECLARE_DATA mpm_itk_module; -+extern AP_DECLARE_DATA int ap_running_under_mpm_itk; - - #ifdef GPROF - /* -@@ -543,6 +544,7 @@ static void child_main(int child_num_arg - * child initializes - */ - -+ ap_running_under_mpm_itk = 1; - my_child_num = child_num_arg; - ap_my_pid = getpid(); - requests_this_child = 0; diff --git a/debian/patches/itk/README b/debian/patches/itk/README deleted file mode 100644 index 7fbbeb1b..00000000 --- a/debian/patches/itk/README +++ /dev/null @@ -1,5 +0,0 @@ -This is a prerelease version of mpm-itk against Apache 2.4.1. -It is barely tested at all; use with caution. - -Follow the mpm-itk mailing list (http://lists.err.no/mailman/listinfo/mpm-itk) -for a production 2.4 release. diff --git a/debian/patches/itk/series b/debian/patches/itk/series deleted file mode 100644 index c2af971e..00000000 --- a/debian/patches/itk/series +++ /dev/null @@ -1,12 +0,0 @@ -#00-fix-bug-52904.patch -#01-copy-prefork.patch -02-rename-prefork-to-itk.patch -#03-add-mpm-to-build-system.patch -05-add-copyright.patch -#06-hook-just-after-merging-perdir-config.patch -07-base-functionality.patch -08-max-clients-per-vhost.patch -09-capabilities.patch -10-nice.patch -11-fix-htaccess-reads-for-persistent-connections.patch -#99-rerun-configure.patch diff --git a/debian/patches/series b/debian/patches/series index 019f931f..4d3cd0d1 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,14 +6,4 @@ suexec-CVE-2007-1742.patch customize_apxs.patch build_suexec-custom.patch open_htaccess_hook.patch -# The patch below must not be applied by quilt at extraction time. It depends -# on some script-fu to be executed before. Have a look -# to debian/rules' prepare-custom-suexec target. -# If you're aware of that you can uncomment it at any time later and work on it -# as you wish. However, it must be shipped commented out in the final package. -#suexec-custom.patch -# some changes to the core needed for itk: -add-itk-to-build-system.patch -itk-fix-htaccess-reads-for-persistent-connections.patch -itk-rerun-configure.patch fix_CHANGES diff --git a/debian/rules b/debian/rules index 9a3bf412..b15ef257 100755 --- a/debian/rules +++ b/debian/rules @@ -24,16 +24,6 @@ support/suexec-custom.c: support/suexec.c debian/patches/suexec-custom.patch cp support/suexec.c support/suexec-custom.c patch -p1 -i debian/patches/suexec-custom.patch -server/mpm/itk/.stamp: - mkdir server/mpm/itk/ - cp server/mpm/prefork/* server/mpm/itk/ - mv server/mpm/itk/prefork.c server/mpm/itk/itk.c - set -ex; for p in $$(grep -v '^#' debian/patches/itk/series) ; do \ - echo Applying $$p ... ;\ - patch -p1 -i debian/patches/itk/$$p ;\ - done - touch "$@" - prebuild-checks: ERRS="" ;\ for a in $$(find debian/config-dir/ -type f) ; do \ @@ -86,7 +76,7 @@ generate-maintainer-scripts: clean build build-arch build-indep binary binary-arch binary-indep: %: dh $@ --parallel --with autotools_dev -override_dh_auto_configure: generate-maintainer-scripts prebuild-checks server/mpm/itk/.stamp support/suexec-custom.c +override_dh_auto_configure: generate-maintainer-scripts prebuild-checks support/suexec-custom.c ./configure --enable-layout=Debian --enable-so --with-program-name=apache2 \ --enable-suexec --with-suexec-caller=www-data \ --with-suexec-bin=/usr/lib/apache2/suexec --with-suexec-docroot=/var/www \ @@ -102,13 +92,6 @@ override_dh_auto_configure: generate-maintainer-scripts prebuild-checks server/m LTFLAGS="$(AP2_LTFLAGS)" -ifeq ($(DEB_HOST_ARCH_OS),linux) - # XXX Hack to make mod_mpm_itk.so link against libcap until we - # XXX move itk to a separate package - echo "$(DEB_HOST_ARCH_OS): non weird arch: adding -lcap" - perl -p -i -e 's/(-avoid-version)/$$1 -lcap/' server/mpm/itk/modules.mk -endif - override_dh_install: clean-config-vars prepare-scripts dh_install --list-missing @@ -171,7 +154,6 @@ override_dh_builddeb: override_dh_auto_clean: dh_auto_clean - if test -d server/mpm/itk ; then rm -r server/mpm/itk ; fi override_dh_gencontrol: dh_gencontrol -p libapache2-mod-proxy-html -- -v1:$(DEBIAN_VERSION) |