21479636 Upgrade Apache Web Server to version 2.2.31 s11u3-sru
authorPetr Sumbera <petr.sumbera@oracle.com>
Wed, 16 Sep 2015 01:25:52 -0700
branchs11u3-sru
changeset 4883 cd5ceed10e53
parent 4882 0d8b74910a3a
child 4884 6ad716bfae77
21479636 Upgrade Apache Web Server to version 2.2.31 21479095 problem in UTILITY/APACHE
components/apache2/Makefile
components/apache2/apache.license
components/apache2/documentation.p5m
components/apache2/patches/apr_common.m4.patch
components/apache2/patches/bug48357.patch
components/apache2/patches/bug52774.patch
components/apache2/patches/httpd.conf.patch
components/apache2/patches/no_ssl2_and_3.patch
components/apache2/patches/ssl.conf.patch
--- a/components/apache2/Makefile	Tue Sep 15 00:52:48 2015 -0700
+++ b/components/apache2/Makefile	Wed Sep 16 01:25:52 2015 -0700
@@ -23,16 +23,17 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		apache2
-COMPONENT_VERSION=	2.2.29
+COMPONENT_VERSION=	2.2.31
 COMPONENT_PROJECT_URL=	http://httpd.apache.org/
 COMPONENT_SRC_NAME=	httpd
 COMPONENT_SRC=		$(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:cec2878884b758b0d159a1385b2667a2ae0ca21b0bc7bcc8a9a41b5cfa5452ff
+     sha256:77afdd50ca2624f7d78832b1e92f34e4df293328ec59fd0e3f6cdedf67ac0c7f
 COMPONENT_ARCHIVE_URL=	http://archive.apache.org/dist/httpd/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	utility/apache
-TPNO_APACHE=		20284
+
+TPNO_APACHE=		23672
 TPNO_MOD_SED=		8897
 
 CONFIGURE_DEFAULT_DIRS=no
--- a/components/apache2/apache.license	Tue Sep 15 00:52:48 2015 -0700
+++ b/components/apache2/apache.license	Wed Sep 16 01:25:52 2015 -0700
@@ -1,5 +1,5 @@
 Apache HTTP Server
-Copyright 2014 The Apache Software Foundation.
+Copyright 2015 The Apache Software Foundation.
 
 This product includes software developed at
 The Apache Software Foundation (http://www.apache.org/).
--- a/components/apache2/documentation.p5m	Tue Sep 15 00:52:48 2015 -0700
+++ b/components/apache2/documentation.p5m	Wed Sep 16 01:25:52 2015 -0700
@@ -182,11 +182,13 @@
 file path=usr/apache2/2.2/manual/images/mod_filter_new.png
 file path=usr/apache2/2.2/manual/images/mod_filter_new.tr.png
 file path=usr/apache2/2.2/manual/images/mod_filter_old.gif
+file path=usr/apache2/2.2/manual/images/mod_filter_old.png
 file path=usr/apache2/2.2/manual/images/mod_rewrite_fig1.gif
 file path=usr/apache2/2.2/manual/images/mod_rewrite_fig1.png
 file path=usr/apache2/2.2/manual/images/mod_rewrite_fig2.gif
 file path=usr/apache2/2.2/manual/images/mod_rewrite_fig2.png
 file path=usr/apache2/2.2/manual/images/pixel.gif
+file path=usr/apache2/2.2/manual/images/rewrite_backreferences.png
 file path=usr/apache2/2.2/manual/images/rewrite_rule_flow.png
 file path=usr/apache2/2.2/manual/images/right.gif
 file path=usr/apache2/2.2/manual/images/ssl_intro_fig1.gif
@@ -696,6 +698,7 @@
 file path=usr/apache2/2.2/manual/programs/index.html.ko.euc-kr
 file path=usr/apache2/2.2/manual/programs/index.html.ru.koi8-r
 file path=usr/apache2/2.2/manual/programs/index.html.tr.utf8
+file path=usr/apache2/2.2/manual/programs/index.html.zh-cn.utf8
 file path=usr/apache2/2.2/manual/programs/logresolve.html
 file path=usr/apache2/2.2/manual/programs/logresolve.html.en
 file path=usr/apache2/2.2/manual/programs/logresolve.html.ko.euc-kr
@@ -721,6 +724,8 @@
 file path=usr/apache2/2.2/manual/rewrite/flags.html
 file path=usr/apache2/2.2/manual/rewrite/flags.html.en
 file path=usr/apache2/2.2/manual/rewrite/flags.html.fr
+file path=usr/apache2/2.2/manual/rewrite/htaccess.html
+file path=usr/apache2/2.2/manual/rewrite/htaccess.html.en
 file path=usr/apache2/2.2/manual/rewrite/index.html
 file path=usr/apache2/2.2/manual/rewrite/index.html.en
 file path=usr/apache2/2.2/manual/rewrite/index.html.fr
@@ -729,9 +734,17 @@
 file path=usr/apache2/2.2/manual/rewrite/intro.html
 file path=usr/apache2/2.2/manual/rewrite/intro.html.en
 file path=usr/apache2/2.2/manual/rewrite/intro.html.fr
+file path=usr/apache2/2.2/manual/rewrite/proxy.html
+file path=usr/apache2/2.2/manual/rewrite/proxy.html.en
+file path=usr/apache2/2.2/manual/rewrite/remapping.html
+file path=usr/apache2/2.2/manual/rewrite/remapping.html.en
+file path=usr/apache2/2.2/manual/rewrite/rewritemap.html
+file path=usr/apache2/2.2/manual/rewrite/rewritemap.html.en
 file path=usr/apache2/2.2/manual/rewrite/tech.html
 file path=usr/apache2/2.2/manual/rewrite/tech.html.en
 file path=usr/apache2/2.2/manual/rewrite/tech.html.fr
+file path=usr/apache2/2.2/manual/rewrite/vhosts.html
+file path=usr/apache2/2.2/manual/rewrite/vhosts.html.en
 file path=usr/apache2/2.2/manual/sections.html
 file path=usr/apache2/2.2/manual/sections.html.en
 file path=usr/apache2/2.2/manual/sections.html.fr
@@ -781,12 +794,16 @@
 file path=usr/apache2/2.2/manual/style/css/manual-zip-100pc.css
 file path=usr/apache2/2.2/manual/style/css/manual-zip.css
 file path=usr/apache2/2.2/manual/style/css/manual.css
+file path=usr/apache2/2.2/manual/style/css/prettify.css
 file path=usr/apache2/2.2/manual/style/faq.dtd
 dir  path=usr/apache2/2.2/manual/style/lang
 file path=usr/apache2/2.2/manual/style/lang.dtd
 file path=usr/apache2/2.2/manual/style/latex/atbeginend.sty
 file path=usr/apache2/2.2/manual/style/manualpage.dtd
 file path=usr/apache2/2.2/manual/style/modulesynopsis.dtd
+file path=usr/apache2/2.2/manual/style/scripts/MINIFY
+file path=usr/apache2/2.2/manual/style/scripts/prettify.js
+file path=usr/apache2/2.2/manual/style/scripts/prettify.min.js
 file path=usr/apache2/2.2/manual/style/sitemap.dtd
 file path=usr/apache2/2.2/manual/style/version.ent
 dir  path=usr/apache2/2.2/manual/style/xsl/util
--- a/components/apache2/patches/apr_common.m4.patch	Tue Sep 15 00:52:48 2015 -0700
+++ b/components/apache2/patches/apr_common.m4.patch	Wed Sep 16 01:25:52 2015 -0700
@@ -1,7 +1,7 @@
 === This is added to fix the MKDEP value for Sun Studio compiler
 --- build/apr_common.m4.orig	Sat Dec  6 07:17:56 2008
 +++ build/apr_common.m4	Mon Jan  5 02:28:50 2009
[email protected]@ -948,7 +948,7 @@
[email protected]@ -959,7 +959,7 @@
    int main() { return 0; }
  EOF
    MKDEP="true"
--- a/components/apache2/patches/bug48357.patch	Tue Sep 15 00:52:48 2015 -0700
+++ b/components/apache2/patches/bug48357.patch	Wed Sep 16 01:25:52 2015 -0700
@@ -2,7 +2,7 @@
 
 --- server/protocol.c	Tue Jan 24 12:02:19 2012
 +++ server/protocol.c	Mon Oct  1 04:53:41 2012
[email protected]@ -869,7 +869,7 @@
[email protected]@ -871,7 +871,7 @@
      request_rec *r;
      apr_pool_t *p;
      const char *expect;
@@ -11,7 +11,7 @@
      apr_bucket_brigade *tmp_bb;
      apr_socket_t *csd;
      apr_interval_time_t cur_timeout;
[email protected]@ -1021,7 +1021,7 @@
[email protected]@ -1049,7 +1049,7 @@
           * HTTP/1.1 mentions twice (S9, S14.23) that a request MUST contain
           * a Host: header, and the server MUST respond with 400 if it doesn't.
           */
@@ -20,7 +20,7 @@
          ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                        "client sent HTTP/1.1 request without hostname "
                        "(see RFC2616 section 14.23): %s", r->uri);
[email protected]@ -1037,14 +1037,8 @@
[email protected]@ -1065,14 +1065,8 @@
      ap_add_input_filter_handle(ap_http_input_filter_handle,
                                 NULL, r, r->connection);
  
--- a/components/apache2/patches/bug52774.patch	Tue Sep 15 00:52:48 2015 -0700
+++ b/components/apache2/patches/bug52774.patch	Wed Sep 16 01:25:52 2015 -0700
@@ -2,7 +2,7 @@
 
 --- modules/mappers/mod_rewrite.c	Mon Aug 20 10:22:53 2012
 +++ modules/mappers/mod_rewrite.c	Tue Sep 18 04:02:33 2012
[email protected]@ -4302,14 +4302,29 @@
[email protected]@ -4319,14 +4319,29 @@
      /* Unless the anyuri option is set, ensure that the input to the
       * first rule really is a URL-path, avoiding security issues with
       * poorly configured rules.  See CVE-2011-3368, CVE-2011-4317. */
--- a/components/apache2/patches/httpd.conf.patch	Tue Sep 15 00:52:48 2015 -0700
+++ b/components/apache2/patches/httpd.conf.patch	Wed Sep 16 01:25:52 2015 -0700
@@ -13,7 +13,7 @@
  # Do NOT simply read the instructions in here without understanding
  # what they do.  They're here only as hints or reminders.  If you are unsure
  # consult the online docs. You have been warned.  
[email protected]@ -43,14 +49,17 @@
[email protected]@ -44,14 +50,17 @@
  # Dynamic Shared Object (DSO) Support
  #
  # To be able to use the functionality of a module which was built as a DSO you
@@ -38,7 +38,7 @@
  @@[email protected]@
  
  <IfModule !mpm_netware_module>
[email protected]@ -63,8 +72,8 @@
[email protected]@ -64,8 +73,8 @@
  # It is usually good practice to create a dedicated user and group for
  # running httpd, as with most system services.
  #
@@ -49,7 +49,7 @@
  
  </IfModule>
  </IfModule>
[email protected]@ -86,7 +95,7 @@
[email protected]@ -87,7 +96,7 @@
  # e-mailed.  This address appears on some server-generated pages, such
  # as error documents.  e.g. [email protected]
  #
@@ -58,7 +58,7 @@
  
  #
  # ServerName gives the name and port that the server uses to identify itself.
[email protected]@ -95,7 +104,7 @@
[email protected]@ -96,7 +105,7 @@
  #
  # If your host doesn't have a registered DNS name, enter its IP address here.
  #
@@ -67,7 +67,7 @@
  
  #
  # DocumentRoot: The directory out of which you will serve your
[email protected]@ -329,6 +338,10 @@
[email protected]@ -330,6 +339,10 @@
      #
      #AddType text/html .shtml
      #AddOutputFilter INCLUDES .shtml
@@ -78,7 +78,7 @@
  </IfModule>
  
  #
[email protected]@ -362,43 +375,22 @@
[email protected]@ -370,43 +383,22 @@
  
  # Supplemental configuration
  #
--- a/components/apache2/patches/no_ssl2_and_3.patch	Tue Sep 15 00:52:48 2015 -0700
+++ b/components/apache2/patches/no_ssl2_and_3.patch	Wed Sep 16 01:25:52 2015 -0700
@@ -1,9 +1,11 @@
 Patch origin: in-house
-Patch status: will be submitted to upstream
+Patch status: unclear; so far they disable it just in configuration file
+
+https://bz.apache.org/bugzilla/show_bug.cgi?id=57120
 
 --- modules/ssl/ssl_private.h
 +++ modules/ssl/ssl_private.h
[email protected]@ -246,9 +246,9 @@
[email protected]@ -244,9 +244,9 @@
  #define SSL_PROTOCOL_SSLV3 (1<<1)
  #define SSL_PROTOCOL_TLSV1 (1<<2)
  #ifdef OPENSSL_NO_SSL2
@@ -17,7 +19,7 @@
  #define SSL_PROTOCOL_TLSV1_1 (1<<3)
 --- docs/manual/mod/mod_ssl.html.en
 +++ docs/manual/mod/mod_ssl.html.en
[email protected]@ -1029,8 +1029,8 @@
[email protected]@ -1082,8 +1082,8 @@
      <p>
      This is the Secure Sockets Layer (SSL) protocol, version 3.0, from
      the Netscape Corporation. 
@@ -28,7 +30,7 @@
  
  <li><code>TLSv1</code>
      <p>
[email protected]@ -1050,13 +1050,11 @@
[email protected]@ -1103,13 +1103,11 @@
  
  <li><code>All</code>
      <p>
--- a/components/apache2/patches/ssl.conf.patch	Tue Sep 15 00:52:48 2015 -0700
+++ b/components/apache2/patches/ssl.conf.patch	Wed Sep 16 01:25:52 2015 -0700
@@ -1,10 +1,12 @@
 Patch origin: in-house
 Patch status: Solaris-specific; not suitable for upstream
-Patch status: SSLProtocol part will be submitted to upstream
+Patch status: SSLProtocol part submitted to upstream
+
+https://bz.apache.org/bugzilla/show_bug.cgi?id=57120
 
 --- docs/conf/extra/httpd-ssl.conf.in
 +++ docs/conf/extra/httpd-ssl.conf.in
[email protected]@ -22,11 +22,16 @@
[email protected]@ -22,9 +22,14 @@
  # Manual for more details.
  #
  #SSLRandomSeed startup file:/dev/random  512
@@ -13,17 +15,30 @@
  #SSLRandomSeed connect file:/dev/random  512
 -#SSLRandomSeed connect file:/dev/urandom 512
 +SSLRandomSeed connect file:/dev/urandom 512
- 
++
 +#
 +# Enable Solaris crypto framework (recommended for T1/T2/T3 based systems)
 +#
 +#SSLCryptoDevice pkcs11
  
-+
+ 
  #
- # When we also provide SSL we have to listen to the 
- # standard HTTP port (see above) and to the HTTPS port
[email protected]@ -75,7 +80,7 @@
[email protected]@ -80,11 +85,11 @@
+ 
+ #   SSL Protocol support:
+ #   List the protocol versions which clients are allowed to connect with.
+-#   Disable SSLv2 and SSLv3 by default (cf. RFC 7525 3.1.1).  TLSv1 (1.0)
++#   SSLv2 and SSLv3 are disabled by default (cf. RFC 7525 3.1.1).  TLSv1 (1.0)
+ #   should be disabled as quickly as practical.  By the end of 2016, only
+ #   the TLSv1.2 protocol or later should remain in use.
+-SSLProtocol all -SSLv2 -SSLv3
+-SSLProxyProtocol all -SSLv2 -SSLv3
++SSLProtocol all
++SSLProxyProtocol all
+ 
+ #   Pass Phrase Dialog:
+ #   Configure the pass phrase gathering process.
[email protected]@ -112,7 +117,7 @@
  
  #   General setup for the virtual host
  DocumentRoot "@[email protected]"
@@ -32,15 +47,3 @@
  ServerAdmin [email protected]
  ErrorLog "@[email protected]/error_log"
  TransferLog "@[email protected]/access_log"
[email protected]@ -86,8 +91,9 @@
- 
- #   SSL Protocol support:
- #   List the protocol versions which clients are allowed to
--#   connect with. Disable SSLv2 by default (cf. RFC 6176).
--SSLProtocol all -SSLv2
-+#   connect with. SSLv2 and SSLv3 are disabled by default and
-+#   and must be enabled below if really needed.
-+SSLProtocol all
- 
- #   SSL Cipher Suite:
- #   List the ciphers that the client is permitted to negotiate.