summaryrefslogtreecommitdiffstats
path: root/meta-webserver/recipes-httpd/apache2
Commit message (Collapse)AuthorAgeFilesLines
* Apache: Several CVE fixesArmin Kuster2021-10-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | Source: Apache.org MR: 113457, 113453 Type: Security Fix Disposition: Backport from apache.org 2.4.51 ChangeID: 9d7b58f49487baff99bf8f101e53217425a2b81f Description: Bug fix only update. LTS version https://httpd.apache.org/security/vulnerabilities_24.html Fixes CVEs: CVE-2021-42013 CVE-2021-41524 CVE-2021-41773 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c59ce3299e8ed52a520a95f0bc0d0996b1cc37df) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: upgrade 2.4.48 -> 2.4.49wangmy2021-10-011-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: git://git.openembedded.org/meta-openembedded MR: 112702, 113258, 113284, 113290, 113296 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/apache2?h=honister&id=54a96fa4feb1a7712f9f3d1190c0d95d89eb6c7c ChangeID: 1576d86baac5a72ea4d2909a8a05c0c87fdce2f1 Description: Changes with Apache 2.4.49 *) SECURITY: CVE-2021-40438 (cve.mitre.org) mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic] *) SECURITY: CVE-2021-39275 (cve.mitre.org) core: ap_escape_quotes buffer overflow *) SECURITY: CVE-2021-36160 (cve.mitre.org) mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic] *) SECURITY: CVE-2021-34798 (cve.mitre.org) core: null pointer dereference on malformed request *) SECURITY: CVE-2021-33193 (cve.mitre.org) mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing] *) core/mod_proxy/mod_ssl: Adding `outgoing` flag to conn_rec, indicating a connection is initiated by the server to somewhere, in contrast to incoming connections from clients. Adding 'ap_ssl_bind_outgoing()` function that marks a connection as outgoing and is used by mod_proxy instead of the previous optional function `ssl_engine_set`. This enables other SSL module to secure proxy connections. The optional functions `ssl_engine_set`, `ssl_engine_disable` and `ssl_proxy_enable` are now provided by the core to have backward compatibility with non-httpd modules that might use them. mod_ssl itself no longer registers these functions, but keeps them in its header for backward compatibility. The core provided optional function wrap any registered function like it was done for `ssl_is_ssl`. [Stefan Eissing] *) mod_ssl: Support logging private key material for use with wireshark via log file given by SSLKEYLOGFILE environment variable. Requires OpenSSL 1.1.1. PR 63391. [Joe Orton] *) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and "ProxyPassInterpolateEnv On" are configured. PR 65549. [Joel Self <joelself gmail.com>] *) mpm_event: Fix children processes possibly not stopped on graceful restart. PR 63169. [Joel Self <joelself gmail.com>] *) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d) protocols from mod_proxy_http, and a timeout triggering falsely when using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with upgrade= setting. PRs 65521 and 65519. [Yann Ylavic] *) mod_unique_id: Reduce the time window where duplicates may be generated PR 65159 [Christophe Jaillet] *) mpm_prefork: Block signals for child_init hooks to prevent potential threads created from there to catch MPM's signals. [Ruediger Pluem, Yann Ylavic] *) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load. PR 65159" added in 2.4.47. This causes issue on Windows. [Christophe Jaillet] *) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker. [Yann Ylavic] *) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted as successful or a staged renewal is replacing the existing certificates. This avoid potential mess ups in the md store file system to render the active certificates non-working. [@mkauf] *) mod_proxy: Faster unix socket path parsing in the "proxy:" URL. [Yann Ylavic] *) mod_ssl: tighten the handling of ALPN for outgoing (proxy) connections. If ALPN protocols are provided and sent to the remote server, the received protocol selected is inspected and checked for a match. Without match, the peer handshake fails. An exception is the proposal of "http/1.1" where it is accepted if the remote server did not answer ALPN with a selected protocol. This accomodates for hosts that do not observe/support ALPN and speak http/1.x be default. *) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances with others when their URLs contain a '$' substitution. PR 65419 + 65429. [Yann Ylavic] *) mod_dav: Add method_precondition hook. WebDAV extensions define conditions that must exist before a WebDAV method can be executed. This hook allows a WebDAV extension to verify these preconditions. [Graham Leggett] *) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other modules apart from versioning implementations to handle the REPORT method. [Graham Leggett] *) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and dav_get_resource() to mod_dav.h. [Graham Leggett] *) core: fix ap_escape_quotes substitution logic. [Eric Covener] *) Easy patches: synch 2.4.x and trunk - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp. - mod_ldap: log and abort locking errors. - mod_ldap: style fix for r1831165 - mod_ldap: build break fix for r1831165 - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590) - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case. - mod_rewrite: Save a few cycles. - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED [Christophe Jaillet] *) core/mpm: add hook 'child_stopping` that gets called when the MPM is stopping a child process. The additional `graceful` parameter allows registered hooks to free resources early during a graceful shutdown. [Yann Ylavic, Stefan Eissing] *) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the balancer-manager, which can lead to a crash. [Yann Ylavic] *) mpm_event: Fix graceful stop/restart of children processes if connections are in lingering close for too long. [Yann Ylavic] *) mod_md: fixed a potential null pointer dereference if ACME/OCSP server returned 2xx responses without content type. Reported by chuangwen. [chuangwen, Stefan Eissing] *) mod_md: - Domain names in `<MDomain ...>` can now appear in quoted form. - Fixed a failure in ACME challenge selection that aborted further searches when the tls-alpn-01 method did not seem to be suitable. - Changed the tls-alpn-01 setup to only become unsuitable when none of the dns names showed support for a configured 'Protocols ... acme-tls/1'. This allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost. [Stefan Eissing] *) Add CPING to health check logic. [Jean-Frederic Clere] *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett] *) core, h2: common ap_parse_request_line() and ap_check_request_header() code. [Yann Ylavic] *) core: Add StrictHostCheck to allow unconfigured hostnames to be rejected. [Eric Covener] *) htcacheclean: Improve help messages. [Christophe Jaillet] Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 54a96fa4feb1a7712f9f3d1190c0d95d89eb6c7c) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit f44e1a2b575826e88b8cb2725e54a7c5d29cf94a) Signed-off-by: Armin Kuster <akuster@mvista.com>
* apache2: upgrade 2.4.46 -> 2.4.48Changqing Li2021-09-026-241/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: https://git.openembedded.org/meta-openembedded https://git.openembedded.org/meta-openembedded MR: 112869, 112835, 105131, 112702, 112829 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/apache2?id=ba016d73b5233a43ec6e398b45445d13ddaad745 ChangeID: f3ac0bc1005c94a694573b823c8f3f7d4a15360c Description: Apache2 2.4.x is an LTS version with bug and CVE fixes. https://downloads.apache.org/httpd/CHANGES_2.4.48 Includes these CVE fixes: 2.4.48 CVE-2021-31618 2.4.47 CVE-2020-13938 CVE-2020-11985 CVE-2021-33193 CVE-2019-17567 Drop these patches included in update: CVE-2020-13950.patch CVE-2020-35452.patch CVE-2021-26690.patch CVE-2021-26691.patch CVE-2021-30641.patch Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit ba016d73b5233a43ec6e398b45445d13ddaad745) Signed-off-by: Armin Kuster <akuster@mvista.com>
* apache2: fix CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 ↵Li Wang2021-07-106-0/+239
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2021-30641 CVE-2020-13950: Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service References: https://nvd.nist.gov/vuln/detail/CVE-2020-13950 Upstream patches: https://bugzilla.redhat.com/show_bug.cgi?id=1966738 https://github.com/apache/httpd/commit/8c162db8b65b2193e622b780e8c6516d4265f68b CVE-2020-35452: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow References: https://nvd.nist.gov/vuln/detail/CVE-2020-35452 Upstream patches: https://security-tracker.debian.org/tracker/CVE-2020-35452 https://github.com/apache/httpd/commit/3b6431eb9c9dba603385f70a2131ab4a01bf0d3b CVE-2021-26690: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service References: https://nvd.nist.gov/vuln/detail/CVE-2021-26690 Upstream patches: https://security-tracker.debian.org/tracker/CVE-2021-26690 https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8 CVE-2021-26691: In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow References: https://nvd.nist.gov/vuln/detail/CVE-2021-26691 Upstream patches: https://bugzilla.redhat.com/show_bug.cgi?id=1966732 https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b CVE-2021-30641: Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' References: https://nvd.nist.gov/vuln/detail/CVE-2021-30641 Upstream patches: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641 https://github.com/apache/httpd/commit/6141d5aa3f5cf8f1b89472e7fdb66578810d0ae3 Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 70b1aa0a4cd4bfd08b6c8d36a76f9b7cf20d61a6) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: upgrade v2.4.43 -> v2.4.46Sakib Sajal2021-01-121-2/+2
| | | | | | | | | | | | | | | | | | | | Source: meta-openembedded.org MR: 105034, 105034, 105124 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/apache2?h=gatesgarth&id=fc995b3cfed86850ce5ab1b70da1e31560ac350f ChangeID: 37b9f376c5e4b9a9355f867bac56454e2630d86c Description: Minor upgrade inluding bug and CVE fixes, namely: - CVE-2020-9490 - CVE-2020-11984 - CVE-2020-11993 Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fc995b3cfed86850ce5ab1b70da1e31560ac350f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: create log/run directory via pkg_postinstYi Zhao2020-05-285-9/+23
| | | | | | | | | | | The commit e789c3837ca8d65abb4bac29dc2e5c595c8ce05b tries to create log/run directory in initscript/systemd unit file. This is not a correct method. We should create them in pkg_postinst. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6f4d0dbfbc7d5ab8c5781379884f41d30cb6db25) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: fix service start failChangqing Li2020-05-205-13/+9
| | | | | | | | | | | | | | | | | | | | | | reproduce steps: 1. boot up target 2. scp apache2-2.4.41-r0.1.aarch64.rpm on target 3. rpm -i apache2-2.4.41-r0.1.aarch64.rpm 4. systemctl status apache2 Error: httpd[7767]: (2)No such file or directory: AH02291: Cannot access directory '/var/log/apache2/' for main error log with the old way, /var/log/apache2/ is created by service systemd-tmpfiles-setup during boot, so only works when apache2 already installed before boot, in above scenario, /var/log/apache2/ will not created. fix by creating it in the service file. similar fix for sysV system Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e789c3837ca8d65abb4bac29dc2e5c595c8ce05b) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: add patch ensuring destdir is empty stringTrevor Gamblin2020-04-172-0/+50
| | | | | | | | | | | | | | | | | | | | | apache2 added cross-compilation support after 2.4.41, but this conflicts with our own cross-compilation setup and causes related recipes like apache-websocket to fail to find config files (due to incorrect file paths) during build: | cannot open /ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot//usr/share/apache2/build/config_vars.mk: No such file or directory at /ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/usr/bin/crossscripts/apxs line 213. Add this patch to ensure that the $destdir variable used in apache2's cross-compilation scheme is always the empty string so that apache-websocket can find the right files. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.41 -> 2.4.43Trevor Gamblin2020-04-171-3/+3
| | | | | | | | | | | | | | | | | LICENSE file was updated due to a typo fix. Note that this upgrade fixes two CVES affecting versions 2.4.41 and earlier: CVE: CVE-2020-1927 CVE: CVE-2020-1934 See: https://nvd.nist.gov/vuln/detail/CVE-2020-1927 https://nvd.nist.gov/vuln/detail/CVE-2020-1934 Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: fix multilib file conflictsKai Kang2019-09-051-3/+3
| | | | | | | | | | | | | | | | | | | There are errors of apache2 about files conflicts when multilib enabled: | Error: Transaction check error: | file /etc/apache2/extra/httpd-ssl.conf conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64 | file /etc/apache2/httpd.conf conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64 | file /usr/sbin/envvars conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64 | file /usr/sbin/envvars-std conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64 It makes libexecdir point to ${libdir}. Reset to ${libexecdir} which could eliminate file conflicts of the conf files. And remove /usr/sbin/envvars and /usr/sbin/envvars-std which only used by apachectl. They only add standard library path ${libdir} to LD_LIBRARY_PATH, so remove them to avoid multilib file conflicts. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.39 -> 2.4.41Yi Zhao2019-08-201-2/+2
| | | | | | | | | | | | | | | Security fixes: CVE-2019-10081 CVE-2019-9517 CVE-2019-10098 CVE-2019-10092 CVE-2019-10097 CVE-2019-10082 See: http://www.apache.org/dist/httpd/CHANGES_2.4.41 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: add all extra/*.conf to conffilesAlejandro del Castillo2019-05-231-1/+2
| | | | | Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: add back patch for set perlbinChangqing Li2019-04-292-0/+35
| | | | | | | | | | Add back this patch. Without this patch, apxs's shebang will use perl under hosttools, which can be too long for shebang, and cause error: bad interpreter: No such file or directory Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: Correct packaging of build and doc related filesPeter Kjellerstedt2019-04-271-2/+7
| | | | | | | | The build related files (${datadir}/${BPN}/build and ${bindir}/apxs) belong in the -dev package, and the manual belong in the -doc package. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: Correct appending to SYSROOT_PREPROCESS_FUNCSPeter Kjellerstedt2019-04-271-1/+1
| | | | | | | | A missing space lead to problems if something else was already added to SYSROOT_PREPROCESS_FUNCS. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.34 -> 2.4.39Yi Zhao2019-04-1613-713/+157
| | | | | | | | | | | | | * Drop apache2-native recipe. Add native to BBCLASSEXTEND in apache2 recipe. * Refresh patches. Drop CVE-2018-11763.patch and apache-configure_perlbin.patch * Cleanup recipe file. Remove obsolete code. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: set CVE_PRODUCTQi.Chen@windriver.com2019-03-291-0/+2
| | | | | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: Fix CVE-2018-11763Mingli Yu2018-11-023-0/+514
| | | | | | | | | | | | mod_http2: connection IO event handling reworked. Instead of reacting on incoming bytes, the state machine now acts on incoming frames that are affecting it. This reduces state transitions. Reference: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11763.html Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: set files layout to debian styleYi Zhao2018-08-241-2/+4
| | | | | | | | | The default layout installs log files to /var/apache2/logs. But we assume the log directory is /var/log/apache2 in volatile.conf. Specify the layout to debian style to set the correct the log directory. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.33 -> 2.4.34Yi Zhao2018-07-272-4/+4
| | | | | | | | | | | | | Security fixes: CVE-2018-8011 mod_md: DoS via Coredumps on specially crafted requests CVE-2018-1333 mod_http2: DoS for HTTP/2 connections by specially crafted requests Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.29 -> 2.4.33Yi Zhao2018-07-0512-141/+117
| | | | | | | | | | | | | | * License-Update: Correctly identify origin of util_pcre.c/ap_regex.h as pcreposix[.ch] and correct LICENSE/NOTICE to match. * Refresh patches with devtool * Drop useless patch apache-ssl-ltmain-rpath.patch * Move all patches to one directory Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: Add PACKAGECONFIG zlib option for mod_deflateHaiqing Bai2018-06-291-0/+1
| | | | | | | | | The configure options '--enable-deflate' or '--with-z' make the package depends on zlib. PACKAGECONFIG should be defined to clear the dependency. Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2/sthttpd: add alternatives for docHongxu Jia2018-05-171-1/+4
| | | | | | | | | | | | | | | There is a failure to install both of sthttpd-doc and apache2-doc to rootfs. ... |Error: Transaction check error: | file /usr/share/man/man1/htpasswd.1 conflicts between attempted installs of sthttpd-doc-2.27.1 -r0.0.armv7ahf_neon and apache2-doc-2.4.27 -r0.0.armv7ahf_neon ... Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: refresh patchesArmin Kuster2018-04-133-28/+24
| | | | | | | | | | | | | | | | | | | | | | WARNING: apache2-2.4.29-r0 do_patch: Some of the context lines in patches were ignored. This can lead to incorrectly applied patches. The context lines in the patches can be updated with devtool: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Then the updated patches and the source tree (in devtool's workspace) should be reviewed to make sure the patches apply in the correct place and don't introduce duplicate lines (which can, and does happen when some of the context is ignored). Further information: http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 Details: Applying patch apache-configure_perlbin.patch patching file configure.in Hunk #1 succeeded at 855 with fuzz 2 (offset 217 lines). Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: update to version 2.4.29Derek Straka2017-11-152-6/+6
| | | | | | | Updated license checksum due to whitespace modifications Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: change files layout to debian styledengke.du@windriver.com2017-09-181-1/+9
| | | | | | | | | | The default layout installs log files and pid files into /var/apache2/logs. This is odd and also will cause security issues because selinux does not know how to label the security contexts for the files. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: use volatiles for sysvinitdengke.du@windriver.com2017-09-182-0/+7
| | | | | Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: update to version 2.4.27Derek Straka2017-08-132-4/+4
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* recipes: delete obsolete patchesOleksandr Kravchuk2017-03-161-55/+0
| | | | | | | Deleted bunch of patches which are not used anymore by any recipe. Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-071-1/+1
| | | | | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: Correct the SRC_URIPeter Kjellerstedt2017-02-222-2/+2
| | | | | | | | The change to use ${APACHE_MIRROR} in the SRC_URI in dfbe6cf214 did not take into account that ${APACHE_MIRROR} already contains "/dist". Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache: use the APACHE_MIRROR variable in the SRC_URIDerek Straka2017-02-132-2/+2
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: always use the archive.apache.org to ensure older releases are ↵Derek Straka2016-12-262-2/+2
| | | | | | | always available Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: update to version 2.4.25Derek Straka2016-12-263-30/+4
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: include .load files in modules.dJunxian.Xiao2016-11-231-0/+1
| | | | | | | | | | | | | According to other Linux distributes like Ubuntu, the modules are usually included by 'LoadModule' command in *.load files in mods-enable directory, as *.conf files in this directory are usually used for special configurations for each module. Include *.load in apache2 top conf file to be compatible with customer's normal usage habits. Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: cve-2016-5387Joe Slater2016-11-232-0/+26
| | | | | | | Handle HTTP_PROXY envirnoment variable. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* meta-oe: remove trailing spacesMartin Jansa2016-08-221-1/+1
| | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: update to version 2.4.23Derek Straka2016-07-292-4/+4
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: fix libtool's path in apxsKirill Esipov2016-05-191-1/+1
| | | | | | | libtool-cross recipe install it as ${HOST_SYS}-libtool Signed-off-by: Kirill Esipov <yesipov@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* meta-webserver: use bb.utils.contains() instead of base_contains()Ross Burton2016-04-281-2/+2
| | | | | | | | base_contains() is a compatibility wrapper and may warn in the future, so replace all instances with bb.utils.contains(). Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: update to 2.4.20Derek Straka2016-04-212-4/+4
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: stage apachectlIoan-Adrian Ratiu2016-03-251-0/+2
| | | | | | | | Some apache module recipes like the newly introduced apache-websocket also need apachectl at build in the sysroot besides apxs. Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: add openldap support to PACKAGECONFIGIoan-Adrian Ratiu2016-02-151-0/+1
| | | | | | | This config option is disabled by default Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: Upgrade 2.4.16 -> 2.4.18fan.xin2016-01-043-294/+4
| | | | | | | | | | | | | | | 1. Upgrade apache2 from 2.4.16 to 2.4.18 The changes in 2.4.18 is shown in following URL. http://ftp.meisei-u.ac.jp/mirror/apache/dist//httpd/CHANGES_2.4.18 2. Delete patch file npn-patch-2.4.7.patch due to this patch file can not be applied to the apache2 2.4.18's source code. The NPN support was removed with r1676004. NPN is now quite unlikely to find its way into a stable release. https://bz.apache.org/bugzilla/show_bug.cgi?id=52210 Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: fix host-user-contaminated warningsKai Kang2015-12-181-0/+2
| | | | | | | | | | | | | It shows warnings when build apache2 such as: | WARNING: QA Issue: apache2: /apache2-dev/usr/share/apache2/icons/small/movie.gif | is owned by uid 1785, which is the same as the user running bitbake. | This may be due to host contamination [host-user-contaminated] Set the owner and group to root to fix it. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: fix config_vars.mk path contaminationGeorge McCollister2015-11-021-0/+4
| | | | | | | | Replace contaminated paths with staging paths so apxs can be successfully used in other recipes to build modules when host and target arch differ. Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: cleanup buildpaths for target stuffsWenzong Fan2015-10-131-0/+9
| | | | | | | | | | | | | | | Those buildpaths were generated from configure substitutions, they are required for cross-compiling, but obviously they should be cleaned up from target stuffs. Cleanup buildpaths from config_vars.mk and config.nice: * remove ${STAGING_DIR_HOST} from CC, CFLAGS ... * set APU_INCLUDEDIR, APU_CONFIG as empty * remove buildpath from configure line Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: wait for server to start/stop/restartAdam Chappell2015-08-311-4/+161
| | | | | | | | | | | Change start, stop, and restart functions in apache2 init script to return only after completion (i.e. the server has started/stopped, not just received a kill signal). Starting and stopping the server in quick sucession results in an error because the server will attempt to stop before it has had time to start and vice versa. Signed-off-by: Adam Chappell <adam.chappell@ni.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache: upgrade to 2.4.16Roy Li2015-08-243-63/+4
| | | | | | | | 2.4.16 includes fixes for CVE-2015-3185, CVE-2015-0253 and CVE-2015-3183 remove a backport patch 0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: fix build warning.Armin Kuster2015-07-161-0/+1
| | | | | | | WARNING: QA Issue: /usr/bin/apxs_apache2-dev contained in package apache2-dev requires /usr/bin/perl, but no providers found in its RDEPENDS [file-rdeps] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>