[httpd/f18] fix service file to not send SIGTERM after ExecStop (#906321, #912288)
Jan Kaluža
jkaluza at fedoraproject.org
Fri May 17 12:14:05 UTC 2013
commit 6b3dea84a14f20e5f07153158e526227df668b7a
Author: Jan Kaluza <hanzz.k at gmail.com>
Date: Fri May 17 12:58:23 2013 +0200
fix service file to not send SIGTERM after ExecStop (#906321, #912288)
- execute systemctl reload as result of apachectl graceful
- htpasswd/htdbm: fix hash generation bug (#956344)
- do not dump vhosts twice in httpd -S output (#928761)
- mod_cache: fix potential crash caused by uninitialized variable (#954109)
httpd-2.4.3-apctl-systemd.patch | 2 +-
httpd-2.4.4-dump-vhost-twice.patch | 45 ++++++++++++++
httpd-2.4.4-mod_cache-tmppath.patch | 11 ++++
httpd-2.4.4-r1476674.patch | 110 +++++++++++++++++++++++++++++++++++
httpd.service | 6 ++
httpd.spec | 15 +++++-
6 files changed, 187 insertions(+), 2 deletions(-)
---
diff --git a/httpd-2.4.3-apctl-systemd.patch b/httpd-2.4.3-apctl-systemd.patch
index bcb57fe..5823aee 100644
--- a/httpd-2.4.3-apctl-systemd.patch
+++ b/httpd-2.4.3-apctl-systemd.patch
@@ -24,7 +24,7 @@ index c6ac3ea..2599386 100644
+ ERROR=$?
+ ;;
+graceful)
-+ /usr/bin/systemctl restart httpd.service
++ /usr/bin/systemctl reload httpd.service
+ ERROR=$?
+ ;;
+graceful-stop)
diff --git a/httpd-2.4.4-dump-vhost-twice.patch b/httpd-2.4.4-dump-vhost-twice.patch
new file mode 100644
index 0000000..945fd5e
--- /dev/null
+++ b/httpd-2.4.4-dump-vhost-twice.patch
@@ -0,0 +1,45 @@
+--- trunk/server/vhost.c 2013/05/11 11:51:28 1481305
++++ trunk/server/vhost.c 2013/05/11 12:05:24 1481306
+@@ -577,14 +577,21 @@
+ */
+
+ for (s = main_s->next; s; s = s->next) {
++ server_addr_rec *sar_prev = NULL;
+ has_default_vhost_addr = 0;
+ for (sar = s->addrs; sar; sar = sar->next) {
+ ipaddr_chain *ic;
+ char inaddr_any[16] = {0}; /* big enough to handle IPv4 or IPv6 */
+-
++ /* XXX: this treats 0.0.0.0 as a "default" server which matches no-exact-match for IPv6 */
+ if (!memcmp(sar->host_addr->ipaddr_ptr, inaddr_any, sar->host_addr->ipaddr_len)) {
+ ic = find_default_server(sar->host_port);
+- if (!ic || sar->host_port != ic->sar->host_port) {
++
++ if (ic && sar->host_port == ic->sar->host_port) { /* we're a match for an existing "default server" */
++ if (!sar_prev || memcmp(sar_prev->host_addr->ipaddr_ptr, inaddr_any, sar_prev->host_addr->ipaddr_len)) {
++ add_name_vhost_config(p, main_s, s, sar, ic);
++ }
++ }
++ else {
+ /* No default server, or we found a default server but
+ ** exactly one of us is a wildcard port, which means we want
+ ** two ip-based vhosts not an NVH with two names
+@@ -592,6 +599,7 @@
+ ic = new_ipaddr_chain(p, s, sar);
+ ic->next = default_list;
+ default_list = ic;
++ add_name_vhost_config(p, main_s, s, sar, ic);
+ }
+ has_default_vhost_addr = 1;
+ }
+@@ -609,8 +617,9 @@
+ ic->next = *iphash_table_tail[bucket];
+ *iphash_table_tail[bucket] = ic;
+ }
++ add_name_vhost_config(p, main_s, s, sar, ic);
+ }
+- add_name_vhost_config(p, main_s, s, sar, ic);
++ sar_prev = sar;
+ }
+
+ /* Ok now we want to set up a server_hostname if the user was
diff --git a/httpd-2.4.4-mod_cache-tmppath.patch b/httpd-2.4.4-mod_cache-tmppath.patch
new file mode 100644
index 0000000..7f70098
--- /dev/null
+++ b/httpd-2.4.4-mod_cache-tmppath.patch
@@ -0,0 +1,11 @@
+--- a/modules/cache/mod_cache.c
++++ a/modules/cache/mod_cache.c
+@@ -1773,7 +1773,7 @@ static void *merge_dir_config(apr_pool_t *p, void *basev, void *addv) {
+
+ static void * create_cache_config(apr_pool_t *p, server_rec *s)
+ {
+- const char *tmppath;
++ const char *tmppath = NULL;
+ cache_server_conf *ps = apr_pcalloc(p, sizeof(cache_server_conf));
+
+ /* array of URL prefixes for which caching is enabled */
diff --git a/httpd-2.4.4-r1476674.patch b/httpd-2.4.4-r1476674.patch
new file mode 100644
index 0000000..d93945f
--- /dev/null
+++ b/httpd-2.4.4-r1476674.patch
@@ -0,0 +1,110 @@
+Index: support/passwd_common.c
+===================================================================
+--- a/support/passwd_common.c (revision 1476673)
++++ b/support/passwd_common.c (working copy)
+@@ -113,17 +113,17 @@
+
+ int get_password(struct passwd_ctx *ctx)
+ {
++ char buf[MAX_STRING_LEN + 1];
+ if (ctx->passwd_src == PW_STDIN) {
+- char *buf = ctx->out;
+ apr_file_t *file_stdin;
+ apr_size_t nread;
+ if (apr_file_open_stdin(&file_stdin, ctx->pool) != APR_SUCCESS) {
+ ctx->errstr = "Unable to read from stdin.";
+ return ERR_GENERAL;
+ }
+- if (apr_file_read_full(file_stdin, buf, ctx->out_len - 1,
++ if (apr_file_read_full(file_stdin, buf, sizeof(buf) - 1,
+ &nread) != APR_EOF
+- || nread == ctx->out_len - 1) {
++ || nread == sizeof(buf) - 1) {
+ goto err_too_long;
+ }
+ buf[nread] = '\0';
+@@ -133,21 +133,24 @@
+ buf[nread-2] = '\0';
+ }
+ apr_file_close(file_stdin);
++ ctx->passwd = apr_pstrdup(ctx->pool, buf);
+ }
+ else {
+- char buf[MAX_STRING_LEN + 1];
+ apr_size_t bufsize = sizeof(buf);
+- if (apr_password_get("New password: ", ctx->out, &ctx->out_len) != 0)
++ if (apr_password_get("New password: ", buf, &bufsize) != 0)
+ goto err_too_long;
++ ctx->passwd = apr_pstrdup(ctx->pool, buf);
++ bufsize = sizeof(buf);
++ buf[0] = '\0';
+ apr_password_get("Re-type new password: ", buf, &bufsize);
+- if (strcmp(ctx->out, buf) != 0) {
++ if (strcmp(ctx->passwd, buf) != 0) {
+ ctx->errstr = "password verification error";
+- memset(ctx->out, '\0', ctx->out_len);
++ memset(ctx->passwd, '\0', strlen(ctx->passwd));
+ memset(buf, '\0', sizeof(buf));
+ return ERR_PWMISMATCH;
+ }
+- memset(buf, '\0', sizeof(buf));
+ }
++ memset(buf, '\0', sizeof(buf));
+ return 0;
+
+ err_too_long:
+@@ -164,7 +167,6 @@
+ int mkhash(struct passwd_ctx *ctx)
+ {
+ char *pw;
+- char pwin[MAX_STRING_LEN];
+ char salt[16];
+ apr_status_t rv;
+ int ret = 0;
+@@ -177,14 +179,11 @@
+ "Warning: Ignoring -C argument for this algorithm." NL);
+ }
+
+- if (ctx->passwd != NULL) {
+- pw = ctx->passwd;
+- }
+- else {
++ if (ctx->passwd == NULL) {
+ if ((ret = get_password(ctx)) != 0)
+ return ret;
+- pw = pwin;
+ }
++ pw = ctx->passwd;
+
+ switch (ctx->alg) {
+ case ALG_APSHA:
+@@ -224,7 +223,7 @@
+
+ apr_cpystrn(ctx->out, cbuf, ctx->out_len - 1);
+ if (strlen(pw) > 8) {
+- char *truncpw = strdup(pw);
++ char *truncpw = apr_pstrdup(ctx->pool, pw);
+ truncpw[8] = '\0';
+ if (!strcmp(ctx->out, crypt(truncpw, salt))) {
+ apr_file_printf(errfile, "Warning: Password truncated to 8 "
+Index: support/htpasswd.c
+===================================================================
+--- a/support/htpasswd.c (revision 1476673)
++++ b/support/htpasswd.c (working copy)
+@@ -253,7 +253,6 @@
+ int main(int argc, const char * const argv[])
+ {
+ apr_file_t *fpw = NULL;
+- const char *errstr = NULL;
+ char line[MAX_STRING_LEN];
+ char *pwfilename = NULL;
+ char *user = NULL;
+@@ -345,7 +344,7 @@
+ if (!(mask & APHTP_DELUSER)) {
+ i = mkrecord(&ctx, user);
+ if (i != 0) {
+- apr_file_printf(errfile, "%s: %s" NL, argv[0], errstr);
++ apr_file_printf(errfile, "%s: %s" NL, argv[0], ctx.errstr);
+ exit(i);
+ }
+ if (mask & APHTP_NOFILE) {
diff --git a/httpd.service b/httpd.service
index b176a92..307666c 100644
--- a/httpd.service
+++ b/httpd.service
@@ -8,6 +8,12 @@ EnvironmentFile=/etc/sysconfig/httpd
ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
ExecStop=/usr/sbin/httpd $OPTIONS -k graceful-stop
+# We want systemd to give httpd some time to finish gracefully, but still want
+# it to kill httpd after TimeoutStopSec if something went wrong during the
+# graceful stop. Normally, Systemd sends SIGTERM signal right after the
+# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
+# httpd time to finish.
+KillSignal=SIGCONT
PrivateTmp=true
[Install]
diff --git a/httpd.spec b/httpd.spec
index 461f54f..5fe5fcf 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -14,7 +14,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.4
-Release: 2%{?dist}
+Release: 3%{?dist}
URL: http://httpd.apache.org/
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html
@@ -61,6 +61,9 @@ Patch28: httpd-2.4.4-r1332643+.patch
Patch29: httpd-2.4.3-mod_systemd.patch
# Bug fixes
Patch50: httpd-2.4.2-r1374214+.patch
+Patch51: httpd-2.4.4-r1476674.patch
+Patch52: httpd-2.4.4-mod_cache-tmppath.patch
+Patch53: httpd-2.4.4-dump-vhost-twice.patch
License: ASL 2.0
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -182,6 +185,9 @@ interface for storing and accessing per-user session data.
%patch29 -p1 -b .systemd
%patch50 -p1 -b .r1374214+
+%patch51 -p1 -b .r1476674
+%patch52 -p1 -b .tmppath
+%patch53 -p1 -b .dumpvhost
# Patch in the vendor string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@@ -604,6 +610,13 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/rpm/macros.httpd
%changelog
+* Fri May 17 2013 Jan Kaluza <jkaluza at redhat.com> - 2.4.4-3
+- fix service file to not send SIGTERM after ExecStop (#906321, #912288)
+- execute systemctl reload as result of apachectl graceful
+- htpasswd/htdbm: fix hash generation bug (#956344)
+- do not dump vhosts twice in httpd -S output (#928761)
+- mod_cache: fix potential crash caused by uninitialized variable (#954109)
+
* Tue Feb 26 2013 Joe Orton <jorton at redhat.com> - 2.4.4-2
- really package mod_auth_form in mod_session (#915438)
More information about the scm-commits
mailing list