21479636 Upgrade Apache Web Server to version 2.2.31
21479095 problem in UTILITY/APACHE
--- a/components/apache2/Makefile Wed Jul 08 14:00:24 2015 -0700
+++ b/components/apache2/Makefile Tue Jul 21 08:35:55 2015 -0700
@@ -23,17 +23,17 @@
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= apache2
-COMPONENT_VERSION= 2.2.29
+COMPONENT_VERSION= 2.2.31
COMPONENT_PROJECT_URL= http://httpd.apache.org/
COMPONENT_SRC_NAME= httpd
COMPONENT_SRC= $(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:cec2878884b758b0d159a1385b2667a2ae0ca21b0bc7bcc8a9a41b5cfa5452ff
+ sha256:77afdd50ca2624f7d78832b1e92f34e4df293328ec59fd0e3f6cdedf67ac0c7f
COMPONENT_ARCHIVE_URL= http://archive.apache.org/dist/httpd/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= utility/apache
-TPNO_APACHE= 20284
+TPNO_APACHE= 23672
TPNO_MOD_SED= 8897
CONFIGURE_DEFAULT_DIRS=no
--- a/components/apache2/apache.license Wed Jul 08 14:00:24 2015 -0700
+++ b/components/apache2/apache.license Tue Jul 21 08:35:55 2015 -0700
@@ -1,5 +1,5 @@
Apache HTTP Server
-Copyright 2014 The Apache Software Foundation.
+Copyright 2015 The Apache Software Foundation.
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
--- a/components/apache2/documentation.p5m Wed Jul 08 14:00:24 2015 -0700
+++ b/components/apache2/documentation.p5m Tue Jul 21 08:35:55 2015 -0700
@@ -185,11 +185,13 @@
file path=usr/apache2/2.2/manual/images/mod_filter_new.png
file path=usr/apache2/2.2/manual/images/mod_filter_new.tr.png
file path=usr/apache2/2.2/manual/images/mod_filter_old.gif
+file path=usr/apache2/2.2/manual/images/mod_filter_old.png
file path=usr/apache2/2.2/manual/images/mod_rewrite_fig1.gif
file path=usr/apache2/2.2/manual/images/mod_rewrite_fig1.png
file path=usr/apache2/2.2/manual/images/mod_rewrite_fig2.gif
file path=usr/apache2/2.2/manual/images/mod_rewrite_fig2.png
file path=usr/apache2/2.2/manual/images/pixel.gif
+file path=usr/apache2/2.2/manual/images/rewrite_backreferences.png
file path=usr/apache2/2.2/manual/images/rewrite_rule_flow.png
file path=usr/apache2/2.2/manual/images/right.gif
file path=usr/apache2/2.2/manual/images/ssl_intro_fig1.gif
@@ -699,6 +701,7 @@
file path=usr/apache2/2.2/manual/programs/index.html.ko.euc-kr
file path=usr/apache2/2.2/manual/programs/index.html.ru.koi8-r
file path=usr/apache2/2.2/manual/programs/index.html.tr.utf8
+file path=usr/apache2/2.2/manual/programs/index.html.zh-cn.utf8
file path=usr/apache2/2.2/manual/programs/logresolve.html
file path=usr/apache2/2.2/manual/programs/logresolve.html.en
file path=usr/apache2/2.2/manual/programs/logresolve.html.ko.euc-kr
@@ -724,6 +727,8 @@
file path=usr/apache2/2.2/manual/rewrite/flags.html
file path=usr/apache2/2.2/manual/rewrite/flags.html.en
file path=usr/apache2/2.2/manual/rewrite/flags.html.fr
+file path=usr/apache2/2.2/manual/rewrite/htaccess.html
+file path=usr/apache2/2.2/manual/rewrite/htaccess.html.en
file path=usr/apache2/2.2/manual/rewrite/index.html
file path=usr/apache2/2.2/manual/rewrite/index.html.en
file path=usr/apache2/2.2/manual/rewrite/index.html.fr
@@ -732,9 +737,17 @@
file path=usr/apache2/2.2/manual/rewrite/intro.html
file path=usr/apache2/2.2/manual/rewrite/intro.html.en
file path=usr/apache2/2.2/manual/rewrite/intro.html.fr
+file path=usr/apache2/2.2/manual/rewrite/proxy.html
+file path=usr/apache2/2.2/manual/rewrite/proxy.html.en
+file path=usr/apache2/2.2/manual/rewrite/remapping.html
+file path=usr/apache2/2.2/manual/rewrite/remapping.html.en
+file path=usr/apache2/2.2/manual/rewrite/rewritemap.html
+file path=usr/apache2/2.2/manual/rewrite/rewritemap.html.en
file path=usr/apache2/2.2/manual/rewrite/tech.html
file path=usr/apache2/2.2/manual/rewrite/tech.html.en
file path=usr/apache2/2.2/manual/rewrite/tech.html.fr
+file path=usr/apache2/2.2/manual/rewrite/vhosts.html
+file path=usr/apache2/2.2/manual/rewrite/vhosts.html.en
file path=usr/apache2/2.2/manual/sections.html
file path=usr/apache2/2.2/manual/sections.html.en
file path=usr/apache2/2.2/manual/sections.html.fr
@@ -784,12 +797,16 @@
file path=usr/apache2/2.2/manual/style/css/manual-zip-100pc.css
file path=usr/apache2/2.2/manual/style/css/manual-zip.css
file path=usr/apache2/2.2/manual/style/css/manual.css
+file path=usr/apache2/2.2/manual/style/css/prettify.css
file path=usr/apache2/2.2/manual/style/faq.dtd
dir path=usr/apache2/2.2/manual/style/lang
file path=usr/apache2/2.2/manual/style/lang.dtd
file path=usr/apache2/2.2/manual/style/latex/atbeginend.sty
file path=usr/apache2/2.2/manual/style/manualpage.dtd
file path=usr/apache2/2.2/manual/style/modulesynopsis.dtd
+file path=usr/apache2/2.2/manual/style/scripts/MINIFY
+file path=usr/apache2/2.2/manual/style/scripts/prettify.js
+file path=usr/apache2/2.2/manual/style/scripts/prettify.min.js
file path=usr/apache2/2.2/manual/style/sitemap.dtd
file path=usr/apache2/2.2/manual/style/version.ent
dir path=usr/apache2/2.2/manual/style/xsl/util
--- a/components/apache2/patches/apr_common.m4.patch Wed Jul 08 14:00:24 2015 -0700
+++ b/components/apache2/patches/apr_common.m4.patch Tue Jul 21 08:35:55 2015 -0700
@@ -1,7 +1,7 @@
=== This is added to fix the MKDEP value for Sun Studio compiler
--- build/apr_common.m4.orig Sat Dec 6 07:17:56 2008
+++ build/apr_common.m4 Mon Jan 5 02:28:50 2009
[email protected]@ -948,7 +948,7 @@
[email protected]@ -959,7 +959,7 @@
int main() { return 0; }
EOF
MKDEP="true"--- a/components/apache2/patches/bug48357.patch Wed Jul 08 14:00:24 2015 -0700
+++ b/components/apache2/patches/bug48357.patch Tue Jul 21 08:35:55 2015 -0700
@@ -2,7 +2,7 @@
--- server/protocol.c Tue Jan 24 12:02:19 2012
+++ server/protocol.c Mon Oct 1 04:53:41 2012
[email protected]@ -869,7 +869,7 @@
[email protected]@ -871,7 +871,7 @@
request_rec *r;
apr_pool_t *p;
const char *expect;
@@ -11,7 +11,7 @@
apr_bucket_brigade *tmp_bb;
apr_socket_t *csd;
apr_interval_time_t cur_timeout;
[email protected]@ -1021,7 +1021,7 @@
[email protected]@ -1049,7 +1049,7 @@
* HTTP/1.1 mentions twice (S9, S14.23) that a request MUST contain
* a Host: header, and the server MUST respond with 400 if it doesn't.
*/
@@ -20,7 +20,7 @@
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"client sent HTTP/1.1 request without hostname "
"(see RFC2616 section 14.23): %s", r->uri);
[email protected]@ -1037,14 +1037,8 @@
[email protected]@ -1065,14 +1065,8 @@
ap_add_input_filter_handle(ap_http_input_filter_handle,
NULL, r, r->connection);
--- a/components/apache2/patches/bug52774.patch Wed Jul 08 14:00:24 2015 -0700
+++ b/components/apache2/patches/bug52774.patch Tue Jul 21 08:35:55 2015 -0700
@@ -2,7 +2,7 @@
--- modules/mappers/mod_rewrite.c Mon Aug 20 10:22:53 2012
+++ modules/mappers/mod_rewrite.c Tue Sep 18 04:02:33 2012
[email protected]@ -4302,14 +4302,29 @@
[email protected]@ -4319,14 +4319,29 @@
/* Unless the anyuri option is set, ensure that the input to the
* first rule really is a URL-path, avoiding security issues with
* poorly configured rules. See CVE-2011-3368, CVE-2011-4317. */--- a/components/apache2/patches/httpd.conf.patch Wed Jul 08 14:00:24 2015 -0700
+++ b/components/apache2/patches/httpd.conf.patch Tue Jul 21 08:35:55 2015 -0700
@@ -13,7 +13,7 @@
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
[email protected]@ -43,14 +49,17 @@
[email protected]@ -44,14 +50,17 @@
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
@@ -38,7 +38,7 @@
@@[email protected]@
<IfModule !mpm_netware_module>
[email protected]@ -63,8 +72,8 @@
[email protected]@ -64,8 +73,8 @@
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
@@ -49,7 +49,7 @@
</IfModule>
</IfModule>
[email protected]@ -86,7 +95,7 @@
[email protected]@ -87,7 +96,7 @@
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. [email protected]
#
@@ -58,7 +58,7 @@
#
# ServerName gives the name and port that the server uses to identify itself.
[email protected]@ -95,7 +104,7 @@
[email protected]@ -96,7 +105,7 @@
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
@@ -67,7 +67,7 @@
#
# DocumentRoot: The directory out of which you will serve your
[email protected]@ -329,6 +338,10 @@
[email protected]@ -330,6 +339,10 @@
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
@@ -78,7 +78,7 @@
</IfModule>
#
[email protected]@ -362,43 +375,22 @@
[email protected]@ -370,43 +383,22 @@
# Supplemental configuration
#--- a/components/apache2/patches/no_ssl2_and_3.patch Wed Jul 08 14:00:24 2015 -0700
+++ b/components/apache2/patches/no_ssl2_and_3.patch Tue Jul 21 08:35:55 2015 -0700
@@ -1,9 +1,11 @@
Patch origin: in-house
-Patch status: will be submitted to upstream
+Patch status: unclear; so far they disable it just in configuration file
+
+https://bz.apache.org/bugzilla/show_bug.cgi?id=57120
--- modules/ssl/ssl_private.h
+++ modules/ssl/ssl_private.h
[email protected]@ -246,9 +246,9 @@
[email protected]@ -244,9 +244,9 @@
#define SSL_PROTOCOL_SSLV3 (1<<1)
#define SSL_PROTOCOL_TLSV1 (1<<2)
#ifdef OPENSSL_NO_SSL2
@@ -17,7 +19,7 @@
#define SSL_PROTOCOL_TLSV1_1 (1<<3)
--- docs/manual/mod/mod_ssl.html.en
+++ docs/manual/mod/mod_ssl.html.en
[email protected]@ -1029,8 +1029,8 @@
[email protected]@ -1082,8 +1082,8 @@
<p>
This is the Secure Sockets Layer (SSL) protocol, version 3.0, from
the Netscape Corporation.
@@ -28,7 +30,7 @@
<li><code>TLSv1</code>
<p>
[email protected]@ -1050,13 +1050,11 @@
[email protected]@ -1103,13 +1103,11 @@
<li><code>All</code>
<p>--- a/components/apache2/patches/ssl.conf.patch Wed Jul 08 14:00:24 2015 -0700
+++ b/components/apache2/patches/ssl.conf.patch Tue Jul 21 08:35:55 2015 -0700
@@ -1,10 +1,12 @@
Patch origin: in-house
Patch status: Solaris-specific; not suitable for upstream
-Patch status: SSLProtocol part will be submitted to upstream
+Patch status: SSLProtocol part submitted to upstream
+
+https://bz.apache.org/bugzilla/show_bug.cgi?id=57120
--- docs/conf/extra/httpd-ssl.conf.in
+++ docs/conf/extra/httpd-ssl.conf.in
[email protected]@ -22,11 +22,16 @@
[email protected]@ -22,9 +22,14 @@
# Manual for more details.
#
#SSLRandomSeed startup file:/dev/random 512
@@ -13,17 +15,30 @@
#SSLRandomSeed connect file:/dev/random 512
-#SSLRandomSeed connect file:/dev/urandom 512
+SSLRandomSeed connect file:/dev/urandom 512
-
++
+#
+# Enable Solaris crypto framework (recommended for T1/T2/T3 based systems)
+#
+#SSLCryptoDevice pkcs11
-+
+
#
- # When we also provide SSL we have to listen to the
- # standard HTTP port (see above) and to the HTTPS port
[email protected]@ -75,7 +80,7 @@
[email protected]@ -80,11 +85,11 @@
+
+ # SSL Protocol support:
+ # List the protocol versions which clients are allowed to connect with.
+-# Disable SSLv2 and SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0)
++# SSLv2 and SSLv3 are disabled by default (cf. RFC 7525 3.1.1). TLSv1 (1.0)
+ # should be disabled as quickly as practical. By the end of 2016, only
+ # the TLSv1.2 protocol or later should remain in use.
+-SSLProtocol all -SSLv2 -SSLv3
+-SSLProxyProtocol all -SSLv2 -SSLv3
++SSLProtocol all
++SSLProxyProtocol all
+
+ # Pass Phrase Dialog:
+ # Configure the pass phrase gathering process.
[email protected]@ -112,7 +117,7 @@
# General setup for the virtual host
DocumentRoot "@[email protected]"
@@ -32,15 +47,3 @@
ServerAdmin [email protected]
ErrorLog "@[email protected]/error_log"
TransferLog "@[email protected]/access_log"
[email protected]@ -86,8 +91,9 @@
-
- # SSL Protocol support:
- # List the protocol versions which clients are allowed to
--# connect with. Disable SSLv2 by default (cf. RFC 6176).
--SSLProtocol all -SSLv2
-+# connect with. SSLv2 and SSLv3 are disabled by default and
-+# and must be enabled below if really needed.
-+SSLProtocol all
-
- # SSL Cipher Suite:
- # List the ciphers that the client is permitted to negotiate.