[apache2] 03/04: Remove obsolete patches
Stefan Fritsch
sf at moszumanska.debian.org
Fri Mar 30 15:31:40 UTC 2018
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch master
in repository apache2.
commit a21041228972fb293f6225c05be6e9940b6589ad
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Fri Mar 30 17:16:06 2018 +0200
Remove obsolete patches
---
...-hooks-cleanup-on-exit-v3-2.4.x-for-bug-6.patch | 228 -----------------
debian/patches/fix_logresolve_segfault.patch | 12 -
debian/patches/mod_ssl_md-2.4.x-v5.diff | 269 ---------------------
debian/patches/series | 4 -
4 files changed, 513 deletions(-)
diff --git a/debian/patches/0011-Signals-and-hooks-cleanup-on-exit-v3-2.4.x-for-bug-6.patch b/debian/patches/0011-Signals-and-hooks-cleanup-on-exit-v3-2.4.x-for-bug-6.patch
deleted file mode 100644
index 99d0a31..0000000
--- a/debian/patches/0011-Signals-and-hooks-cleanup-on-exit-v3-2.4.x-for-bug-6.patch
+++ /dev/null
@@ -1,228 +0,0 @@
-From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ondrej at sury.org>
-Date: Thu, 28 Sep 2017 17:51:59 +0200
-Subject: Signals and hooks cleanup on exit (v3, 2.4.x) for bug #61558
-
----
- os/unix/unixd.c | 24 ++++++++++++++++++++++++
- server/main.c | 33 ++++++++++++++++++++++++++++-----
- server/mpm/event/event.c | 3 ---
- server/mpm/prefork/prefork.c | 3 ---
- server/mpm/worker/worker.c | 3 ---
- server/mpm_unix.c | 29 +++++++++++++++++++++++++++++
- 6 files changed, 81 insertions(+), 14 deletions(-)
-
-diff --git a/os/unix/unixd.c b/os/unix/unixd.c
-index 07a9bef..7f71d1a 100644
---- a/os/unix/unixd.c
-+++ b/os/unix/unixd.c
-@@ -437,11 +437,19 @@ AP_DECLARE(apr_status_t) ap_unixd_accept(void **accepted, ap_listen_rec *lr,
- /* Unixes MPMs' */
-
- static ap_unixd_mpm_retained_data *retained_data = NULL;
-+static apr_status_t retained_data_cleanup(void *unused)
-+{
-+ (void)unused;
-+ retained_data = NULL;
-+ return APR_SUCCESS;
-+}
-+
- AP_DECLARE(ap_unixd_mpm_retained_data *) ap_unixd_mpm_get_retained_data()
- {
- if (!retained_data) {
- retained_data = ap_retained_data_create("ap_unixd_mpm_retained_data",
- sizeof(*retained_data));
-+ apr_pool_pre_cleanup_register(ap_pglobal, NULL, retained_data_cleanup);
- retained_data->mpm_state = AP_MPMQ_STARTING;
- }
- return retained_data;
-@@ -449,6 +457,10 @@ AP_DECLARE(ap_unixd_mpm_retained_data *) ap_unixd_mpm_get_retained_data()
-
- static void sig_term(int sig)
- {
-+ if (!retained_data) {
-+ /* Main process (ap_pglobal) is dying */
-+ return;
-+ }
- retained_data->mpm_state = AP_MPMQ_STOPPING;
- if (retained_data->shutdown_pending
- && (retained_data->is_ungraceful
-@@ -465,6 +477,10 @@ static void sig_term(int sig)
-
- static void sig_restart(int sig)
- {
-+ if (!retained_data) {
-+ /* Main process (ap_pglobal) is dying */
-+ return;
-+ }
- retained_data->mpm_state = AP_MPMQ_STOPPING;
- if (retained_data->restart_pending
- && (retained_data->is_ungraceful
-@@ -481,6 +497,10 @@ static void sig_restart(int sig)
-
- static apr_status_t unset_signals(void *unused)
- {
-+ if (!retained_data) {
-+ /* Main process (ap_pglobal) is dying */
-+ return APR_SUCCESS;
-+ }
- retained_data->shutdown_pending = retained_data->restart_pending = 0;
- retained_data->was_graceful = !retained_data->is_ungraceful;
- retained_data->is_ungraceful = 0;
-@@ -494,6 +514,10 @@ AP_DECLARE(void) ap_unixd_mpm_set_signals(apr_pool_t *pconf, int one_process)
- struct sigaction sa;
- #endif
-
-+ if (!one_process) {
-+ ap_fatal_signal_setup(ap_server_conf, pconf);
-+ }
-+
- /* Signals' handlers depend on retained data */
- (void)ap_unixd_mpm_get_retained_data();
-
-diff --git a/server/main.c b/server/main.c
-index ba9d91c..edfbb0c 100644
---- a/server/main.c
-+++ b/server/main.c
-@@ -273,6 +273,30 @@ static int abort_on_oom(int retcode)
- return retcode; /* unreachable, hopefully. */
- }
-
-+/* Deregister all hooks when clearing pconf (pre_cleanup).
-+ * TODO: have a hook to deregister and run them from here?
-+ * ap_clear_auth_internal() is already a candidate.
-+ */
-+static apr_status_t deregister_all_hooks(void *unused)
-+{
-+ (void)unused;
-+ ap_clear_auth_internal();
-+ apr_hook_deregister_all();
-+ return APR_SUCCESS;
-+}
-+
-+static void reset_process_pconf(process_rec *process)
-+{
-+ if (process->pconf) {
-+ apr_pool_clear(process->pconf);
-+ }
-+ else {
-+ apr_pool_create(&process->pconf, process->pool);
-+ apr_pool_tag(process->pconf, "pconf");
-+ }
-+ apr_pool_pre_cleanup_register(process->pconf, NULL, deregister_all_hooks);
-+}
-+
- static process_rec *init_process(int *argc, const char * const * *argv)
- {
- process_rec *process;
-@@ -317,8 +341,9 @@ static process_rec *init_process(int *argc, const char * const * *argv)
- process = apr_palloc(cntx, sizeof(process_rec));
- process->pool = cntx;
-
-- apr_pool_create(&process->pconf, process->pool);
-- apr_pool_tag(process->pconf, "pconf");
-+ process->pconf = NULL;
-+ reset_process_pconf(process);
-+
- process->argc = *argc;
- process->argv = *argv;
- process->short_name = apr_filepath_name_get((*argv)[0]);
-@@ -718,9 +743,7 @@ int main(int argc, const char * const argv[])
-
- do {
- ap_main_state = AP_SQ_MS_DESTROY_CONFIG;
-- apr_hook_deregister_all();
-- apr_pool_clear(pconf);
-- ap_clear_auth_internal();
-+ reset_process_pconf(process);
-
- ap_main_state = AP_SQ_MS_CREATE_CONFIG;
- ap_config_generation++;
-diff --git a/server/mpm/event/event.c b/server/mpm/event/event.c
-index 6bbc8e5..312991e 100644
---- a/server/mpm/event/event.c
-+++ b/server/mpm/event/event.c
-@@ -2685,9 +2685,6 @@ static int event_run(apr_pool_t * _pconf, apr_pool_t * plog, server_rec * s)
- ap_scoreboard_image->global->running_generation = retained->mpm->my_generation;
- }
-
-- if (!one_process) {
-- ap_fatal_signal_setup(ap_server_conf, pconf);
-- }
- ap_unixd_mpm_set_signals(pconf, one_process);
-
- /* Don't thrash since num_buckets depends on the
-diff --git a/server/mpm/prefork/prefork.c b/server/mpm/prefork/prefork.c
-index 559f90a..619eace 100644
---- a/server/mpm/prefork/prefork.c
-+++ b/server/mpm/prefork/prefork.c
-@@ -853,9 +853,6 @@ static int prefork_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s)
- ap_scoreboard_image->global->running_generation = retained->mpm->my_generation;
- }
-
-- if (!one_process) {
-- ap_fatal_signal_setup(ap_server_conf, pconf);
-- }
- ap_unixd_mpm_set_signals(pconf, one_process);
-
- if (one_process) {
-diff --git a/server/mpm/worker/worker.c b/server/mpm/worker/worker.c
-index d2147bf..776ae7f 100644
---- a/server/mpm/worker/worker.c
-+++ b/server/mpm/worker/worker.c
-@@ -1671,9 +1671,6 @@ static int worker_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s)
- ap_scoreboard_image->global->running_generation = retained->mpm->my_generation;
- }
-
-- if (!one_process) {
-- ap_fatal_signal_setup(ap_server_conf, pconf);
-- }
- ap_unixd_mpm_set_signals(pconf, one_process);
-
- /* Don't thrash since num_buckets depends on the
-diff --git a/server/mpm_unix.c b/server/mpm_unix.c
-index 2f3d20e..1800f5d 100644
---- a/server/mpm_unix.c
-+++ b/server/mpm_unix.c
-@@ -1009,6 +1009,33 @@ AP_DECLARE(apr_status_t) ap_fatal_signal_child_setup(server_rec *s)
- return APR_SUCCESS;
- }
-
-+/* We can't call sig_coredump (ap_log_error) once pconf is destroyed, so
-+ * avoid double faults by restoring each default signal handler on cleanup.
-+ */
-+static apr_status_t fatal_signal_cleanup(void *unused)
-+{
-+ (void)unused;
-+
-+ apr_signal(SIGSEGV, SIG_DFL);
-+#ifdef SIGBUS
-+ apr_signal(SIGBUS, SIG_DFL);
-+#endif /* SIGBUS */
-+#ifdef SIGABORT
-+ apr_signal(SIGABORT, SIG_DFL);
-+#endif /* SIGABORT */
-+#ifdef SIGABRT
-+ apr_signal(SIGABRT, SIG_DFL);
-+#endif /* SIGABRT */
-+#ifdef SIGILL
-+ apr_signal(SIGILL, SIG_DFL);
-+#endif /* SIGILL */
-+#ifdef SIGFPE
-+ apr_signal(SIGFPE, SIG_DFL);
-+#endif /* SIGFPE */
-+
-+ return APR_SUCCESS;
-+}
-+
- AP_DECLARE(apr_status_t) ap_fatal_signal_setup(server_rec *s,
- apr_pool_t *in_pconf)
- {
-@@ -1071,6 +1098,8 @@ AP_DECLARE(apr_status_t) ap_fatal_signal_setup(server_rec *s,
-
- pconf = in_pconf;
- parent_pid = my_pid = getpid();
-+ apr_pool_cleanup_register(pconf, NULL, fatal_signal_cleanup,
-+ fatal_signal_cleanup);
-
- return APR_SUCCESS;
- }
diff --git a/debian/patches/fix_logresolve_segfault.patch b/debian/patches/fix_logresolve_segfault.patch
deleted file mode 100644
index 8f9aaef..0000000
--- a/debian/patches/fix_logresolve_segfault.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-# http://svn.apache.org/viewvc?view=revision&revision=1745863
---- apache2.orig/support/logresolve.c
-+++ apache2/support/logresolve.c
-@@ -284,7 +284,7 @@ int main(int argc, const char * const ar
- */
- status = apr_sockaddr_info_get(&ipdouble, hostname, ip->family, 0,
- 0, pline);
-- if (status == APR_SUCCESS ||
-+ if (status != APR_SUCCESS ||
- memcmp(ipdouble->ipaddr_ptr, ip->ipaddr_ptr, ip->ipaddr_len)) {
- /* Double-lookup failed */
- *space = ' ';
diff --git a/debian/patches/mod_ssl_md-2.4.x-v5.diff b/debian/patches/mod_ssl_md-2.4.x-v5.diff
deleted file mode 100644
index 1fc4f34..0000000
--- a/debian/patches/mod_ssl_md-2.4.x-v5.diff
+++ /dev/null
@@ -1,269 +0,0 @@
---- apache2.orig/modules/ssl/ssl_engine_init.c
-+++ apache2/modules/ssl/ssl_engine_init.c
-@@ -164,6 +164,41 @@ static void ssl_add_version_components(a
- modver, AP_SERVER_BASEVERSION, incver);
- }
-
-+/**************************************************************************************************/
-+/* Managed Domains Interface (temporary here) */
-+
-+APR_DECLARE_OPTIONAL_FN(int,
-+ md_is_managed, (struct server_rec *));
-+
-+APR_DECLARE_OPTIONAL_FN(apr_status_t,
-+ md_get_credentials, (struct server_rec *, apr_pool_t *,
-+ const char **pkeyfile,
-+ const char **pcertfile,
-+ const char **pchainfile));
-+APR_DECLARE_OPTIONAL_FN(apr_status_t,
-+ md_get_certificate, (struct server_rec *, apr_pool_t *,
-+ const char **pkeyfile,
-+ const char **pcertfile));
-+APR_DECLARE_OPTIONAL_FN(int,
-+ md_is_challenge, (struct conn_rec *, const char *,
-+ X509 **, EVP_PKEY **));
-+
-+static APR_OPTIONAL_FN_TYPE(md_is_managed) *md_is_managed;
-+static APR_OPTIONAL_FN_TYPE(md_get_credentials) *md_get_credentials;
-+static APR_OPTIONAL_FN_TYPE(md_get_certificate) *md_get_certificate;
-+static APR_OPTIONAL_FN_TYPE(md_is_challenge) *md_is_challenge;
-+
-+int ssl_is_challenge(conn_rec *c, const char *servername,
-+ X509 **pcert, EVP_PKEY **pkey)
-+{
-+ if (md_is_challenge) {
-+ return md_is_challenge(c, servername, pcert, pkey);
-+ }
-+ *pcert = NULL;
-+ *pkey = NULL;
-+ return 0;
-+}
-+
- /*
- * Per-module initialization
- */
-@@ -204,6 +239,18 @@ apr_status_t ssl_init_Module(apr_pool_t
- ssl_config_global_create(base_server); /* just to avoid problems */
- ssl_config_global_fix(mc);
-
-+ /* Initialize our interface to mod_md, if it is loaded
-+ */
-+ md_is_managed = APR_RETRIEVE_OPTIONAL_FN(md_is_managed);
-+ md_get_credentials = APR_RETRIEVE_OPTIONAL_FN(md_get_credentials);
-+ md_get_certificate = APR_RETRIEVE_OPTIONAL_FN(md_get_certificate);
-+ md_is_challenge = APR_RETRIEVE_OPTIONAL_FN(md_is_challenge);
-+ if (!md_is_managed || (!md_get_credentials && !md_get_certificate)) {
-+ md_is_managed = NULL;
-+ md_get_credentials = NULL;
-+ md_get_certificate = NULL;
-+ }
-+
- /*
- * try to fix the configuration and open the dedicated SSL
- * logfile as early as possible
-@@ -1606,6 +1653,57 @@ static apr_status_t ssl_init_server_ctx(
- return APR_EGENERAL;
- }
-
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO()
-+ "Init: (%s) mod_md support is %s.", ssl_util_vhostid(p, s),
-+ md_is_managed? "available" : "unavailable");
-+ if (md_is_managed && md_is_managed(s)) {
-+ modssl_pk_server_t *const pks = sc->server->pks;
-+ if (pks->cert_files->nelts > 0 || pks->key_files->nelts > 0) {
-+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO()
-+ "Init: (%s) You configured certificate/key files on this host, but "
-+ "is is covered by a Managed Domain. You need to remove these directives "
-+ "for the Managed Domain to take over.", ssl_util_vhostid(p, s));
-+ }
-+ else {
-+ const char *key_file, *cert_file, *chain_file;
-+
-+ key_file = cert_file = chain_file = NULL;
-+
-+ if (md_get_certificate) {
-+ /* mod_md >= v0.9.0 */
-+ rv = md_get_certificate(s, p, &key_file, &cert_file);
-+ }
-+ else if (md_get_credentials) {
-+ /* mod_md < v0.9.0, remove this after a while */
-+ rv = md_get_credentials(s, p, &key_file, &cert_file, &chain_file);
-+ }
-+ else {
-+ rv = APR_ENOTIMPL;
-+ }
-+
-+ if (key_file && cert_file) {
-+ ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
-+ "%s: installing key=%s, cert=%s, chain=%s",
-+ ssl_util_vhostid(p, s), key_file, cert_file, chain_file);
-+ APR_ARRAY_PUSH(pks->key_files, const char *) = key_file;
-+ APR_ARRAY_PUSH(pks->cert_files, const char *) = cert_file;
-+ sc->server->cert_chain = chain_file;
-+ }
-+
-+ if (APR_STATUS_IS_EAGAIN(rv)) {
-+ /* Managed Domain not ready yet. This is not a reason to fail the config */
-+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO()
-+ "Init: %s will respond with '503 Service Unavailable' for now. This "
-+ "host is part of a Managed Domain, but no SSL certificate is "
-+ "available (yet).", ssl_util_vhostid(p, s));
-+ pks->service_unavailable = 1;
-+ }
-+ else if (rv != APR_SUCCESS) {
-+ return rv;
-+ }
-+ }
-+ }
-+
- if ((rv = ssl_init_ctx(s, p, ptemp, sc->server)) != APR_SUCCESS) {
- return rv;
- }
---- apache2.orig/modules/ssl/ssl_engine_kernel.c
-+++ apache2/modules/ssl/ssl_engine_kernel.c
-@@ -264,6 +264,15 @@ int ssl_hook_ReadReq(request_rec *r)
- return DECLINED;
- }
-
-+ if (sslconn->service_unavailable) {
-+ /* This is set when the SSL properties of this connection are
-+ * incomplete or if this connection was made to challenge a
-+ * particular hostname (ACME). We never serve any request on
-+ * such a connection. */
-+ /* TODO: a retry-after indicator would be nice here */
-+ return HTTP_SERVICE_UNAVAILABLE;
-+ }
-+
- if (sslconn->non_ssl_request == NON_SSL_SET_ERROR_MSG) {
- apr_table_setn(r->notes, "error-notes",
- "Reason: You're speaking plain HTTP to an SSL-enabled "
-@@ -2110,6 +2119,8 @@ void ssl_callback_Info(const SSL *ssl, i
- static apr_status_t init_vhost(conn_rec *c, SSL *ssl)
- {
- const char *servername;
-+ X509 *cert;
-+ EVP_PKEY *key;
-
- if (c) {
- SSLConnRec *sslcon = myConnConfig(c);
-@@ -2126,8 +2137,35 @@ static apr_status_t init_vhost(conn_rec
- ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02043)
- "SSL virtual host for servername %s found",
- servername);
-+
- return APR_SUCCESS;
- }
-+ else if (ssl_is_challenge(c, servername, &cert, &key)) {
-+
-+ sslcon->service_unavailable = 1;
-+ if ((SSL_use_certificate(ssl, cert) < 1)) {
-+ ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c, APLOGNO()
-+ "Failed to configure challenge certificate %s",
-+ servername);
-+ return APR_EGENERAL;
-+ }
-+
-+ if (!SSL_use_PrivateKey(ssl, key)) {
-+ ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c, APLOGNO()
-+ "error '%s' using Challenge key: %s",
-+ ERR_error_string(ERR_peek_last_error(), NULL),
-+ servername);
-+ return APR_EGENERAL;
-+ }
-+
-+ if (SSL_check_private_key(ssl) < 1) {
-+ ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c, APLOGNO()
-+ "Challenbge certificate and private key %s "
-+ "do not match", servername);
-+ return APR_EGENERAL;
-+ }
-+
-+ }
- else {
- ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02044)
- "No matching SSL virtual host for servername "
-@@ -2233,6 +2271,8 @@ static int ssl_find_vhost(void *serverna
- */
- sslcon->server = s;
- sslcon->cipher_suite = sc->server->auth.cipher_suite;
-+ sslcon->service_unavailable = sc->server->pks?
-+ sc->server->pks->service_unavailable : 0;
-
- ap_update_child_status_from_server(c->sbh, SERVER_BUSY_READ, c, s);
- /*
---- apache2.orig/modules/ssl/ssl_private.h
-+++ apache2/modules/ssl/ssl_private.h
-@@ -524,6 +524,7 @@ typedef struct {
- server_rec *server;
-
- const char *cipher_suite; /* cipher suite used in last reneg */
-+ int service_unavailable; /* thouugh we negotiate SSL, no requests will be served */
- } SSLConnRec;
-
- /* BIG FAT WARNING: SSLModConfigRec has unusual memory lifetime: it is
-@@ -600,6 +601,9 @@ typedef struct {
- * sent in the CertificateRequest message: */
- const char *ca_name_path;
- const char *ca_name_file;
-+
-+ /* TLS service for this server is suspended */
-+ int service_unavailable;
- } modssl_pk_server_t;
-
- typedef struct {
-@@ -1063,6 +1067,9 @@ void ssl_init_ocsp_certificates(server_r
- * memory. */
- DH *modssl_get_dh_params(unsigned keylen);
-
-+int ssl_is_challenge(conn_rec *c, const char *servername,
-+ X509 **pcert, EVP_PKEY **pkey);
-+
- #endif /* SSL_PRIVATE_H */
- /** @} */
-
---- apache2.orig/modules/ssl/ssl_util_ssl.c
-+++ apache2/modules/ssl/ssl_util_ssl.c
-@@ -115,6 +115,33 @@ EVP_PKEY *modssl_read_privatekey(const c
- return rc;
- }
-
-+typedef struct {
-+ const char *pass;
-+ int pass_len;
-+} pass_ctx;
-+
-+static int provide_pass(char *buf, int size, int rwflag, void *baton)
-+{
-+ pass_ctx *ctx = baton;
-+ if (ctx->pass_len > 0) {
-+ if (ctx->pass_len < size) {
-+ size = (int)ctx->pass_len;
-+ }
-+ memcpy(buf, ctx->pass, size);
-+ }
-+ return ctx->pass_len;
-+}
-+
-+EVP_PKEY *modssl_read_encrypted_pkey(const char *filename, EVP_PKEY **key,
-+ const char *pass, apr_size_t pass_len)
-+{
-+ pass_ctx ctx;
-+
-+ ctx.pass = pass;
-+ ctx.pass_len = pass_len;
-+ return modssl_read_privatekey(filename, key, provide_pass, &ctx);
-+}
-+
- /* _________________________________________________________________
- **
- ** Smart shutdown
---- apache2.orig/modules/ssl/ssl_util_ssl.h
-+++ apache2/modules/ssl/ssl_util_ssl.h
-@@ -65,6 +65,7 @@ void modssl_init_app_data2_idx(vo
- void *modssl_get_app_data2(SSL *);
- void modssl_set_app_data2(SSL *, void *);
- EVP_PKEY *modssl_read_privatekey(const char *, EVP_PKEY **, pem_password_cb *, void *);
-+EVP_PKEY *modssl_read_encrypted_pkey(const char *, EVP_PKEY **, const char *, apr_size_t);
- int modssl_smart_shutdown(SSL *ssl);
- BOOL modssl_X509_getBC(X509 *, int *, int *);
- char *modssl_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne);
diff --git a/debian/patches/series b/debian/patches/series
index 53273b5..aa0aae4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,7 +7,3 @@ reproducible_builds.diff
# This patch is applied manually
#suexec-custom.patch
-
-fix_logresolve_segfault.patch
-mod_ssl_md-2.4.x-v5.diff
-0011-Signals-and-hooks-cleanup-on-exit-v3-2.4.x-for-bug-6.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list