diff options
25 files changed, 1688 insertions, 0 deletions
diff --git a/meta-webserver/COPYING.MIT b/meta-webserver/COPYING.MIT new file mode 100644 index 0000000000..fb950dc69f --- /dev/null +++ b/meta-webserver/COPYING.MIT @@ -0,0 +1,17 @@ +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/meta-webserver/README b/meta-webserver/README new file mode 100644 index 0000000000..47136fbf3a --- /dev/null +++ b/meta-webserver/README @@ -0,0 +1,37 @@ +meta-webserver +============== + +This layer provides support for building web servers, web-based +applications and related software. + + + +Dependencies +------------ + +This layer depends on: + +URI: git://git.openembedded.org/openembedded-core +branch: master +revision: HEAD + + + +Maintenance +----------- + +Send patches / pull requests to openembedded-devel@lists.openembedded.org +with '[meta-webserver]' in the subject. + +Layer maintainer: Paul Eggleton <paul.eggleton@linux.intel.com> + + +License +------- + +All metadata is MIT licensed unless otherwise stated. Source code included +in tree for individual recipes is under the LICENSE stated in each recipe +(.bb file) unless otherwise stated. + +This README document is Copyright (C) 2012 Intel Corporation. + diff --git a/meta-webserver/conf/layer.conf b/meta-webserver/conf/layer.conf new file mode 100644 index 0000000000..6f1855b8b9 --- /dev/null +++ b/meta-webserver/conf/layer.conf @@ -0,0 +1,13 @@ +# Layer configuration for meta-webserver layer +# Copyright 2012 Intel Corporation + +# We have a conf and classes directory, add to BBPATH +BBPATH .= ":${LAYERDIR}" + +# We have various recipe-* directories, add to BBFILES +BBFILES += "${LAYERDIR}/recipes-*/*/*.bb ${LAYERDIR}/recipes-*/*/*.bbappend" + +BBFILE_COLLECTIONS += "webserver" +BBFILE_PATTERN_webserver := "^${LAYERDIR}/" +BBFILE_PRIORITY_webserver = "6" + diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-configure_perlbin.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-configure_perlbin.patch new file mode 100644 index 0000000000..baa739fd44 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-configure_perlbin.patch @@ -0,0 +1,37 @@ +# Author: echo <fei.geng@windriver.com> +# Date: April 28 2009 +# Summary:Fix perl install directory to /usr/bin +# +# Upstream-Status: Inappropriate [configuration] + +--- a/configure ++++ b/configure +@@ -22365,13 +22365,7 @@ + #define APACHE_MPM_DIR "$MPM_DIR" + _ACEOF + +- +-perlbin=`$ac_aux_dir/PrintPath perl` +-if test "x$perlbin" = "x"; then +- perlbin="/replace/with/path/to/perl/interpreter" +-fi +- +- ++perlbin='/usr/bin/perl' + + BSD_MAKEFILE=no + ap_make_include=include +--- a/configure.in ++++ b/configure.in +@@ -638,10 +638,7 @@ + AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR", + [Location of the source for the current MPM]) + +-perlbin=`$ac_aux_dir/PrintPath perl` +-if test "x$perlbin" = "x"; then +- perlbin="/replace/with/path/to/perl/interpreter" +-fi ++perlbin='/usr/bin/perl' + AC_SUBST(perlbin) + + dnl If we are running on BSD/OS, we need to use the BSD .include syntax. diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-ssl-ltmain-rpath.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-ssl-ltmain-rpath.patch new file mode 100644 index 0000000000..3a59fb0799 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-ssl-ltmain-rpath.patch @@ -0,0 +1,76 @@ +--- httpd-2.2.8.orig/build/ltmain.sh ++++ httpd-2.2.8/build/ltmain.sh +@@ -1515,7 +1515,7 @@ EOF + dir=`$echo "X$arg" | $Xsed -e 's/^-L//'` + # We need an absolute path. + case $dir in +- [\\/]* | [A-Za-z]:[\\/]*) ;; ++ =* | [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + absdir=`cd "$dir" && pwd` + if test -z "$absdir"; then +@@ -2558,7 +2558,7 @@ EOF + $echo "*** $linklib is not portable!" + fi + if test "$linkmode" = lib && +- test "$hardcode_into_libs" = yes; then ++ test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. +@@ -2832,7 +2832,7 @@ EOF + + if test "$linkmode" = lib; then + if test -n "$dependency_libs" && +- { test "$hardcode_into_libs" != yes || ++ { test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || + test "$build_old_libs" = yes || + test "$link_static" = yes; }; then + # Extract -R from dependency_libs +@@ -3426,7 +3426,8 @@ EOF + *) finalize_rpath="$finalize_rpath $libdir" ;; + esac + done +- if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then ++ if test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || ++ test "$build_old_libs" = yes; then + dependency_libs="$temp_xrpath $dependency_libs" + fi + fi +@@ -3843,7 +3844,7 @@ EOF + case $archive_cmds in + *\$LD\ *) wl= ;; + esac +- if test "$hardcode_into_libs" = yes; then ++ if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then + # Hardcode the library paths + hardcode_libdirs= + dep_rpath= +@@ -4397,6 +4398,27 @@ EOF + # Now hardcode the library paths + rpath= + hardcode_libdirs= ++ ++ # short circuit putting rpaths in executables ++ # ++ if test "x$wrs_use_rpaths" != "xyes" ; then ++ flag= ++ for libdir in $compile_rpath; do ++ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in ++ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; ++ esac ++ done ++ compile_rpath="$flag" ++ ++ flag= ++ for libdir in $finalize_rpath; do ++ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in ++ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; ++ esac ++ done ++ finalize_rpath="$flag" ++ fi ++ + for libdir in $compile_rpath $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/fix-libtool-name.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/fix-libtool-name.patch new file mode 100644 index 0000000000..027af04c3b --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/fix-libtool-name.patch @@ -0,0 +1,55 @@ +Fix build scripts to use correct libtool filename + +Upstream-Status: Inappropriate [configuration] + +--- + httpd-2.4.2/build/config_vars.sh.in | 2 +- + httpd-2.4.2/configure | 2 +- + httpd-2.4.2/configure.in | 2 +- + httpd-2.4.2/support/apxs.in | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +--- a/build/config_vars.sh.in ++++ b/build/config_vars.sh.in +@@ -35,7 +35,7 @@ else + APU_CONFIG=@APU_CONFIG@ + fi + +-APR_LIBTOOL="`${APR_CONFIG} --apr-libtool`" ++APR_LIBTOOL="`${APR_CONFIG} --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`" + APR_INCLUDEDIR="`${APR_CONFIG} --includedir`" + test -n "@APU_CONFIG@" && APU_INCLUDEDIR="`${APU_CONFIG} --includedir`" + +--- a/configure ++++ b/configure +@@ -6205,7 +6205,7 @@ case $host in + if test "x$LTFLAGS" = "x"; then + LTFLAGS='--silent' + fi +- my_libtool=`$apr_config --apr-libtool` ++ my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` + LIBTOOL="$my_libtool \$(LTFLAGS)" + libtoolversion=`$my_libtool --version` + case $libtoolversion in +--- a/configure.in ++++ b/configure.in +@@ -264,7 +264,7 @@ case $host in + if test "x$LTFLAGS" = "x"; then + LTFLAGS='--silent' + fi +- my_libtool=`$apr_config --apr-libtool` ++ my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` + LIBTOOL="$my_libtool \$(LTFLAGS)" + libtoolversion=`$my_libtool --version` + case $libtoolversion in +--- a/support/apxs.in ++++ b/support/apxs.in +@@ -352,7 +352,7 @@ if ($apr_major_version < 2) { + } + } + +-my $libtool = `$apr_config --apr-libtool`; ++my $libtool = `$apr_config --apr-libtool| sed -e s,libtool,${host_alias}-libtool,`; + chomp($libtool); + + my $apr_includedir = `$apr_config --includes`; diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-corelimit.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-corelimit.patch new file mode 100644 index 0000000000..18e4107ec7 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-corelimit.patch @@ -0,0 +1,37 @@ + +Bump up the core size limit if CoreDumpDirectory is +configured. + +Upstream-Status: Pending + +Note: upstreaming was discussed but there are competing desires; + there are portability oddities here too. + +--- httpd-2.4.1/server/core.c.corelimit ++++ httpd-2.4.1/server/core.c +@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t * + } + apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper, + apr_pool_cleanup_null); ++ ++#ifdef RLIMIT_CORE ++ if (ap_coredumpdir_configured) { ++ struct rlimit lim; ++ ++ if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) { ++ lim.rlim_cur = lim.rlim_max; ++ if (setrlimit(RLIMIT_CORE, &lim) == 0) { ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "core dump file size limit raised to %lu bytes", ++ lim.rlim_cur); ++ } else { ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL, ++ "core dump file size is zero, setrlimit failed"); ++ } ++ } ++ } ++#endif ++ + return OK; + } + diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-export.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-export.patch new file mode 100644 index 0000000000..ed629bfc81 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-export.patch @@ -0,0 +1,22 @@ + +There is no need to "suck in" the apr/apr-util symbols when using +a shared libapr{,util}, it just bloats the symbol table; so don't. + +Upstream-HEAD: needed +Upstream-2.0: omit +Upstream-Status: Pending + +Note: EXPORT_DIRS change is conditional on using shared apr + +--- httpd-2.4.1/server/Makefile.in.export ++++ httpd-2.4.1/server/Makefile.in +@@ -57,9 +57,6 @@ export_files: + ( for dir in $(EXPORT_DIRS); do \ + ls $$dir/*.h ; \ + done; \ +- for dir in $(EXPORT_DIRS_APR); do \ +- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ +- done; \ + ) | sort -u > $@ + + exports.c: export_files diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-selinux.patch new file mode 100644 index 0000000000..873328d9b5 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-selinux.patch @@ -0,0 +1,63 @@ + +Log the SELinux context at startup. + +Upstream-Status: Inappropriate [other] + +Note: unlikely to be any interest in this upstream + +--- httpd-2.4.1/configure.in.selinux ++++ httpd-2.4.1/configure.in +@@ -458,6 +458,11 @@ fopen64 + dnl confirm that a void pointer is large enough to store a long integer + APACHE_CHECK_VOID_PTR_LEN + ++AC_CHECK_LIB(selinux, is_selinux_enabled, [ ++ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) ++ APR_ADDTO(AP_LIBS, [-lselinux]) ++]) ++ + AC_CACHE_CHECK([for gettid()], ac_cv_gettid, + [AC_TRY_RUN(#define _GNU_SOURCE + #include <unistd.h> +--- httpd-2.4.1/server/core.c.selinux ++++ httpd-2.4.1/server/core.c +@@ -58,6 +58,10 @@ + #include <unistd.h> + #endif + ++#ifdef HAVE_SELINUX ++#include <selinux/selinux.h> ++#endif ++ + /* LimitRequestBody handling */ + #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) + #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) +@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * + } + #endif + ++#ifdef HAVE_SELINUX ++ { ++ static int already_warned = 0; ++ int is_enabled = is_selinux_enabled() > 0; ++ ++ if (is_enabled && !already_warned) { ++ security_context_t con; ++ ++ if (getcon(&con) == 0) { ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "SELinux policy enabled; " ++ "httpd running as context %s", con); ++ ++ already_warned = 1; ++ ++ freecon(con); ++ } ++ } ++ } ++#endif ++ + return OK; + } + diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1326980+.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1326980+.patch new file mode 100644 index 0000000000..98b226bf90 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1326980+.patch @@ -0,0 +1,74 @@ + +* modules/loggers/mod_log_debug.c: Mark private globals as static. +http://svn.apache.org/viewvc?view=revision&revision=1326980 + +* modules/filters/sed1.c: Mark private globals as static const. + (command): Change p3 pointer to const. +http://svn.apache.org/viewvc?view=revision&revision=1326984 + +* modules/filters/config.m4: Prevent libsed internals from polluting + the global symbol namespace. +http://svn.apache.org/viewvc?view=revision&revision=1326991 + +Upstream-Status: Backport + +--- httpd-2.4.2/modules/loggers/mod_log_debug.c ++++ httpd-2.4.2/modules/loggers/mod_log_debug.c +@@ -35,8 +35,8 @@ + apr_array_header_t *entries; + } log_debug_dirconf; + +-const char *allhooks = "all"; +-const char * const hooks[] = { ++static const char *allhooks = "all"; ++static const char * const hooks[] = { + "log_transaction", /* 0 */ + "quick_handler", /* 1 */ + "handler", /* 2 */ +--- httpd-2.4.2/modules/filters/sed1.c ++++ httpd-2.4.2/modules/filters/sed1.c +@@ -25,7 +25,7 @@ + #include "apr_strings.h" + #include "regexp.h" + +-char *trans[040] = { ++static const char *const trans[040] = { + "\\01", + "\\02", + "\\03", +@@ -58,7 +58,7 @@ + "\\36", + "\\37" + }; +-char rub[] = {"\\177"}; ++static const char rub[] = {"\\177"}; + + extern int sed_step(char *p1, char *p2, int circf, step_vars_storage *vars); + static int substitute(sed_eval_t *eval, sed_reptr_t *ipc, +@@ -692,7 +692,8 @@ + step_vars_storage *step_vars) + { + int i; +- char *p1, *p2, *p3; ++ char *p1, *p2; ++ const char *p3; + int length; + char sz[32]; /* 32 bytes enough to store 64 bit integer in decimal */ + apr_status_t rv = APR_SUCCESS; +--- httpd-2.4.2/modules/filters/config.m4 ++++ httpd-2.4.2/modules/filters/config.m4 +@@ -16,7 +16,13 @@ + APACHE_MODULE(substitute, response content rewrite-like filtering, , , most) + + sed_obj="mod_sed.lo sed0.lo sed1.lo regexp.lo" +-APACHE_MODULE(sed, filter request and/or response bodies through sed, $sed_obj, , most) ++APACHE_MODULE(sed, filter request and/or response bodies through sed, $sed_obj, , most, [ ++ if test "x$enable_sed" = "xshared"; then ++ # The only symbol which needs to be exported is the module ++ # structure, so ask libtool to hide libsed internals: ++ APR_ADDTO(MOD_SED_LDADD, [-export-symbols-regex sed_module]) ++ fi ++]) + + if test "$ac_cv_ebcdic" = "yes"; then + # mod_charset_lite can be very useful on an ebcdic system, diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch new file mode 100644 index 0000000000..57b5155c35 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch @@ -0,0 +1,87 @@ + +* server/mpm_unix.c (dummy_connection): Use a TLS 1.0 close_notify + alert if the chosen listener is configured for https; not perfect + but better than sending an HTTP request. Adjust comments. +http://svn.apache.org/viewvc?view=revision&revision=1327036 + +* server/mpm_unix.c (dummy_connection): Fix spello. +http://svn.apache.org/viewvc?view=revision&revision=1327080 + +Upstream-Status: Backport + +--- httpd-2.4.2/server/mpm_unix.c ++++ httpd-2.4.2/server/mpm_unix.c +@@ -501,14 +501,14 @@ + return rv; + } + +-/* This function connects to the server, then immediately closes the connection. +- * This permits the MPM to skip the poll when there is only one listening +- * socket, because it provides a alternate way to unblock an accept() when +- * the pod is used. +- */ ++/* This function connects to the server and sends enough data to ++ * ensure the child wakes up and processes a new connection. This ++ * permits the MPM to skip the poll when there is only one listening ++ * socket, because it provides a alternate way to unblock an accept() ++ * when the pod is used. */ + static apr_status_t dummy_connection(ap_pod_t *pod) + { +- char *srequest; ++ const char *data; + apr_status_t rv; + apr_socket_t *sock; + apr_pool_t *p; +@@ -574,24 +574,37 @@ + return rv; + } + +- /* Create the request string. We include a User-Agent so that +- * adminstrators can track down the cause of the odd-looking +- * requests in their logs. +- */ +- srequest = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ", ++ if (lp->protocol && strcasecmp(lp->protocol, "https") == 0) { ++ /* Send a TLS 1.0 close_notify alert. This is perhaps the ++ * "least wrong" way to open and cleanly terminate an SSL ++ * connection. It should "work" without noisy error logs if ++ * the server actually expects SSLv3/TLSv1. With ++ * SSLv23_server_method() OpenSSL's SSL_accept() fails ++ * ungracefully on receipt of this message, since it requires ++ * an 11-byte ClientHello message and this is too short. */ ++ static const unsigned char tls10_close_notify[7] = { ++ '\x15', /* TLSPlainText.type = Alert (21) */ ++ '\x03', '\x01', /* TLSPlainText.version = {3, 1} */ ++ '\x00', '\x02', /* TLSPlainText.length = 2 */ ++ '\x01', /* Alert.level = warning (1) */ ++ '\x00' /* Alert.description = close_notify (0) */ ++ }; ++ data = (const char *)tls10_close_notify; ++ len = sizeof(tls10_close_notify); ++ } ++ else /* ... XXX other request types here? */ { ++ /* Create an HTTP request string. We include a User-Agent so ++ * that adminstrators can track down the cause of the ++ * odd-looking requests in their logs. A complete request is ++ * used since kernel-level filtering may require that much ++ * data before returning from accept(). */ ++ data = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ", + ap_get_server_description(), + " (internal dummy connection)\r\n\r\n", NULL); ++ len = strlen(data); ++ } + +- /* Since some operating systems support buffering of data or entire +- * requests in the kernel, we send a simple request, to make sure +- * the server pops out of a blocking accept(). +- */ +- /* XXX: This is HTTP specific. We should look at the Protocol for each +- * listener, and send the correct type of request to trigger any Accept +- * Filters. +- */ +- len = strlen(srequest); +- apr_socket_send(sock, srequest, &len); ++ apr_socket_send(sock, data, &len); + apr_socket_close(sock); + apr_pool_destroy(p); + diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1332643.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1332643.patch new file mode 100644 index 0000000000..16fd7d75b6 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1332643.patch @@ -0,0 +1,260 @@ +Add support for TLS Next Protocol Negotiation: + +* modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new + hooks for next protocol advertisement/discovery. + +* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable + NPN advertisement callback in handshake. + +* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke + next-protocol discovery hook. + +* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos): + New callback. + +* modules/ssl/ssl_private.h: Add prototype. + +Submitted by: Matthew Steele <mdsteele google.com> + with slight tweaks by jorton + +https://bugzilla.redhat.com//show_bug.cgi?id=809599 + +http://svn.apache.org/viewvc?view=revision&revision=1332643 + +Upstream-Status: Backport + +--- httpd-2.4.2/modules/ssl/ssl_private.h ++++ httpd-2.4.2/modules/ssl/ssl_private.h +@@ -139,6 +139,11 @@ + #define HAVE_FIPS + #endif + ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ ++ && !defined(OPENSSL_NO_TLSEXT) ++#define HAVE_TLS_NPN ++#endif ++ + #if (OPENSSL_VERSION_NUMBER >= 0x10000000) + #define MODSSL_SSL_CIPHER_CONST const + #define MODSSL_SSL_METHOD_CONST const +@@ -811,6 +816,7 @@ + int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, + EVP_CIPHER_CTX *, HMAC_CTX *, int); + #endif ++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); + + /** Session Cache Support */ + void ssl_scache_init(server_rec *, apr_pool_t *); +--- httpd-2.4.2/modules/ssl/mod_ssl.c ++++ httpd-2.4.2/modules/ssl/mod_ssl.c +@@ -260,6 +260,18 @@ + AP_END_CMD + }; + ++/* Implement 'modssl_run_npn_advertise_protos_hook'. */ ++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( ++ modssl, AP, int, npn_advertise_protos_hook, ++ (conn_rec *connection, apr_array_header_t *protos), ++ (connection, protos), OK, DECLINED); ++ ++/* Implement 'modssl_run_npn_proto_negotiated_hook'. */ ++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( ++ modssl, AP, int, npn_proto_negotiated_hook, ++ (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len), ++ (connection, proto_name, proto_name_len), OK, DECLINED); ++ + /* + * the various processing hooks + */ +--- httpd-2.4.2/modules/ssl/mod_ssl.h ++++ httpd-2.4.2/modules/ssl/mod_ssl.h +@@ -63,5 +63,26 @@ + + APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); + ++/** The npn_advertise_protos optional hook allows other modules to add entries ++ * to the list of protocol names advertised by the server during the Next ++ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is ++ * given the connection and an APR array; it should push one or more char*'s ++ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto ++ * the array and return OK, or do nothing and return DECLINED. */ ++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook, ++ (conn_rec *connection, apr_array_header_t *protos)); ++ ++/** The npn_proto_negotiated optional hook allows other modules to discover the ++ * name of the protocol that was chosen during the Next Protocol Negotiation ++ * (NPN) portion of the SSL handshake. Note that this may be the empty string ++ * (in which case modules should probably assume HTTP), or it may be a protocol ++ * that was never even advertised by the server. The hook callee is given the ++ * connection, a non-null-terminated string containing the protocol name, and ++ * the length of the string; it should do something appropriate (i.e. insert or ++ * remove filters) and return OK, or do nothing and return DECLINED. */ ++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook, ++ (conn_rec *connection, const char *proto_name, ++ apr_size_t proto_name_len)); ++ + #endif /* __MOD_SSL_H__ */ + /** @} */ +--- httpd-2.4.2/modules/ssl/ssl_engine_init.c ++++ httpd-2.4.2/modules/ssl/ssl_engine_init.c +@@ -681,6 +681,11 @@ + #endif + + SSL_CTX_set_info_callback(ctx, ssl_callback_Info); ++ ++#ifdef HAVE_TLS_NPN ++ SSL_CTX_set_next_protos_advertised_cb( ++ ctx, ssl_callback_AdvertiseNextProtos, NULL); ++#endif + } + + static void ssl_init_ctx_verify(server_rec *s, +--- httpd-2.4.2/modules/ssl/ssl_engine_io.c ++++ httpd-2.4.2/modules/ssl/ssl_engine_io.c +@@ -28,6 +28,7 @@ + core keeps dumping.'' + -- Unknown */ + #include "ssl_private.h" ++#include "mod_ssl.h" + #include "apr_date.h" + + /* _________________________________________________________________ +@@ -297,6 +298,7 @@ + apr_pool_t *pool; + char buffer[AP_IOBUFSIZE]; + ssl_filter_ctx_t *filter_ctx; ++ int npn_finished; /* 1 if NPN has finished, 0 otherwise */ + } bio_filter_in_ctx_t; + + /* +@@ -1374,6 +1376,27 @@ + APR_BRIGADE_INSERT_TAIL(bb, bucket); + } + ++#ifdef HAVE_TLS_NPN ++ /* By this point, Next Protocol Negotiation (NPN) should be completed (if ++ * our version of OpenSSL supports it). If we haven't already, find out ++ * which protocol was decided upon and inform other modules by calling ++ * npn_proto_negotiated_hook. */ ++ if (!inctx->npn_finished) { ++ const unsigned char *next_proto = NULL; ++ unsigned next_proto_len = 0; ++ ++ SSL_get0_next_proto_negotiated( ++ inctx->ssl, &next_proto, &next_proto_len); ++ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, ++ "SSL NPN negotiated protocol: '%s'", ++ apr_pstrmemdup(f->c->pool, (const char*)next_proto, ++ next_proto_len)); ++ modssl_run_npn_proto_negotiated_hook( ++ f->c, (const char*)next_proto, next_proto_len); ++ inctx->npn_finished = 1; ++ } ++#endif ++ + return APR_SUCCESS; + } + +@@ -1855,6 +1878,7 @@ + inctx->block = APR_BLOCK_READ; + inctx->pool = c->pool; + inctx->filter_ctx = filter_ctx; ++ inctx->npn_finished = 0; + } + + /* The request_rec pointer is passed in here only to ensure that the +--- httpd-2.4.2/modules/ssl/ssl_engine_kernel.c ++++ httpd-2.4.2/modules/ssl/ssl_engine_kernel.c +@@ -29,6 +29,7 @@ + time I was too famous.'' + -- Unknown */ + #include "ssl_private.h" ++#include "mod_ssl.h" + #include "util_md5.h" + + static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); +@@ -2143,3 +2144,84 @@ + return -1; + } + #endif ++ ++#ifdef HAVE_TLS_NPN ++/* ++ * This callback function is executed when SSL needs to decide what protocols ++ * to advertise during Next Protocol Negotiation (NPN). It must produce a ++ * string in wire format -- a sequence of length-prefixed strings -- indicating ++ * the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb ++ * in OpenSSL for reference. ++ */ ++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out, ++ unsigned int *size_out, void *arg) ++{ ++ conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); ++ apr_array_header_t *protos; ++ int num_protos; ++ unsigned int size; ++ int i; ++ unsigned char *data; ++ unsigned char *start; ++ ++ *data_out = NULL; ++ *size_out = 0; ++ ++ /* If the connection object is not available, then there's nothing for us ++ * to do. */ ++ if (c == NULL) { ++ return SSL_TLSEXT_ERR_OK; ++ } ++ ++ /* Invoke our npn_advertise_protos hook, giving other modules a chance to ++ * add alternate protocol names to advertise. */ ++ protos = apr_array_make(c->pool, 0, sizeof(char*)); ++ modssl_run_npn_advertise_protos_hook(c, protos); ++ num_protos = protos->nelts; ++ ++ /* We now have a list of null-terminated strings; we need to concatenate ++ * them together into a single string, where each protocol name is prefixed ++ * by its length. First, calculate how long that string will be. */ ++ size = 0; ++ for (i = 0; i < num_protos; ++i) { ++ const char *string = APR_ARRAY_IDX(protos, i, const char*); ++ unsigned int length = strlen(string); ++ /* If the protocol name is too long (the length must fit in one byte), ++ * then log an error and skip it. */ ++ if (length > 255) { ++ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, ++ "SSL NPN protocol name too long (length=%u): %s", ++ length, string); ++ continue; ++ } ++ /* Leave room for the length prefix (one byte) plus the protocol name ++ * itself. */ ++ size += 1 + length; ++ } ++ ++ /* If there is nothing to advertise (either because no modules added ++ * anything to the protos array, or because all strings added to the array ++ * were skipped), then we're done. */ ++ if (size == 0) { ++ return SSL_TLSEXT_ERR_OK; ++ } ++ ++ /* Now we can build the string. Copy each protocol name string into the ++ * larger string, prefixed by its length. */ ++ data = apr_palloc(c->pool, size * sizeof(unsigned char)); ++ start = data; ++ for (i = 0; i < num_protos; ++i) { ++ const char *string = APR_ARRAY_IDX(protos, i, const char*); ++ apr_size_t length = strlen(string); ++ *start = (unsigned char)length; ++ ++start; ++ memcpy(start, string, length * sizeof(unsigned char)); ++ start += length; ++ } ++ ++ /* Success. */ ++ *data_out = data; ++ *size_out = size; ++ return SSL_TLSEXT_ERR_OK; ++} ++#endif diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1337344+.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1337344+.patch new file mode 100644 index 0000000000..646976a0fd --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1337344+.patch @@ -0,0 +1,350 @@ + +* support/suexec.c: Add gcc format-string attributes to logging + functions. + (main): Always print uid/gid as unsigned long, and cast to avoid + warnings (which somewhat defeats the point of the format string + attrs, but is necessary since the size of gid/uid varies). +http://svn.apache.org/viewvc?view=revision&revision=1337344 + + + +suexec: Add support for logging to syslog as an alternative to a +logfile. + +* support/suexec.c (err_output) [AP_LOG_SYSLOG]: Log to syslog. + (main): Close syslog fd if open, before execv. Add -V output + for AP_LOG_SYSLOG. + +* configure.in: Add --with-suexec-syslog argument; allow + --without-suexec-logfile to omit definition of AP_LOG_EXEC. + +http://svn.apache.org/viewvc?view=revision&revision=1341905 + + + +suexec: Support use of setgid/setuid capability bits on Linux, a +weaker set of privileges than the full setuid/setgid root binary. + +* configure.in: Add --enable-suexec-capabilites flag. + +* Makefile.in: If configured, use setcap instead of chmod 7555 on + installed suexec binary. + +* modules/arch/unix/mod_unixd.c (unixd_pre_config): Drop test for + setuid bit if capability bits are used. + +* docs/manual/: Add docs. + +http://svn.apache.org/viewvc?view=revision&revision=1342065 + + + +* docs/manual/suexec.html.en: Update for syslog logging. + +http://svn.apache.org/viewvc?view=revision&revision=1341930 + + + +Upstream-Status: Backport + +--- httpd-2.4.2/configure.in.r1337344+ ++++ httpd-2.4.2/configure.in +@@ -700,7 +700,24 @@ APACHE_HELP_STRING(--with-suexec-gidmin, + + AC_ARG_WITH(suexec-logfile, + APACHE_HELP_STRING(--with-suexec-logfile,Set the logfile),[ +- AC_DEFINE_UNQUOTED(AP_LOG_EXEC, "$withval", [SuExec log file] ) ] ) ++ if test "x$withval" = "xyes"; then ++ AC_DEFINE_UNQUOTED(AP_LOG_EXEC, "$withval", [SuExec log file]) ++ fi ++]) ++ ++AC_ARG_WITH(suexec-syslog, ++APACHE_HELP_STRING(--with-suexec-syslog,Set the logfile),[ ++ if test $withval = "yes"; then ++ if test "x${with_suexec_logfile}" != "xno"; then ++ AC_MSG_NOTICE([hint: use "--without-suexec-logfile --with-suexec-syslog"]) ++ AC_MSG_ERROR([suexec does not support both logging to file and syslog]) ++ fi ++ AC_CHECK_FUNCS([vsyslog], [], [ ++ AC_MSG_ERROR([cannot support syslog from suexec without vsyslog()])]) ++ AC_DEFINE(AP_LOG_SYSLOG, 1, [SuExec log to syslog]) ++ fi ++]) ++ + + AC_ARG_WITH(suexec-safepath, + APACHE_HELP_STRING(--with-suexec-safepath,Set the safepath),[ +@@ -710,6 +727,15 @@ AC_ARG_WITH(suexec-umask, + APACHE_HELP_STRING(--with-suexec-umask,umask for suexec'd process),[ + AC_DEFINE_UNQUOTED(AP_SUEXEC_UMASK, 0$withval, [umask for suexec'd process] ) ] ) + ++INSTALL_SUEXEC=setuid ++AC_ARG_ENABLE([suexec-capabilities], ++APACHE_HELP_STRING(--enable-suexec-capabilities,Use Linux capability bits not setuid root suexec), [ ++INSTALL_SUEXEC=caps ++AC_DEFINE(AP_SUEXEC_CAPABILITIES, 1, ++ [Enable if suexec is installed with Linux capabilities, not setuid]) ++]) ++APACHE_SUBST(INSTALL_SUEXEC) ++ + dnl APR should go after the other libs, so the right symbols can be picked up + if test x${apu_found} != xobsolete; then + AP_LIBS="$AP_LIBS `$apu_config --avoid-ldap --link-libtool`" +--- httpd-2.4.2/docs/manual/suexec.html.en.r1337344+ ++++ httpd-2.4.2/docs/manual/suexec.html.en +@@ -369,6 +369,21 @@ + together with the <code>--enable-suexec</code> option to let + APACI accept your request for using the suEXEC feature.</dd> + ++ <dt><code>--enable-suexec-capabilities</code></dt> ++ ++ <dd><strong>Linux specific:</strong> Normally, ++ the <code>suexec</code> binary is installed "setuid/setgid ++ root", which allows it to run with the full privileges of the ++ root user. If this option is used, the <code>suexec</code> ++ binary will instead be installed with only the setuid/setgid ++ "capability" bits set, which is the subset of full root ++ priviliges required for suexec operation. Note that ++ the <code>suexec</code> binary may not be able to write to a log ++ file in this mode; it is recommended that the ++ <code>--with-suexec-syslog --without-suexec-logfile</code> ++ options are used in conjunction with this mode, so that syslog ++ logging is used instead.</dd> ++ + <dt><code>--with-suexec-bin=<em>PATH</em></code></dt> + + <dd>The path to the <code>suexec</code> binary must be hard-coded +@@ -430,6 +445,12 @@ + "<code>suexec_log</code>" and located in your standard logfile + directory (<code>--logfiledir</code>).</dd> + ++ <dt><code>--with-suexec-syslog</code></dt> ++ ++ <dd>If defined, suexec will log notices and errors to syslog ++ instead of a logfile. This option must be combined ++ with <code>--without-suexec-logfile</code>.</dd> ++ + <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt> + + <dd>Define a safe PATH environment to pass to CGI +@@ -546,9 +567,12 @@ + + <p>The suEXEC wrapper will write log information + to the file defined with the <code>--with-suexec-logfile</code> +- option as indicated above. If you feel you have configured and +- installed the wrapper properly, have a look at this log and the +- error_log for the server to see where you may have gone astray.</p> ++ option as indicated above, or to syslog if <code>--with-suexec-syslog</code> ++ is used. If you feel you have configured and ++ installed the wrapper properly, have a look at the log and the ++ error_log for the server to see where you may have gone astray. ++ The output of <code>"suexec -V"</code> will show the options ++ used to compile suexec, if using a binary distribution.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> + <div class="section"> +@@ -615,4 +639,4 @@ + </div><div id="footer"> + <p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> + <p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="./faq/">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p></div> +-</body></html> +\ No newline at end of file ++</body></html> +--- httpd-2.4.2/Makefile.in.r1337344+ ++++ httpd-2.4.2/Makefile.in +@@ -236,11 +236,22 @@ install-man: + cd $(DESTDIR)$(manualdir) && find . -name ".svn" -type d -print | xargs rm -rf 2>/dev/null || true; \ + fi + +-install-suexec: ++install-suexec: install-suexec-binary install-suexec-$(INSTALL_SUEXEC) ++ ++install-suexec-binary: + @if test -f $(builddir)/support/suexec; then \ + test -d $(DESTDIR)$(sbindir) || $(MKINSTALLDIRS) $(DESTDIR)$(sbindir); \ + $(INSTALL_PROGRAM) $(top_builddir)/support/suexec $(DESTDIR)$(sbindir); \ +- chmod 4755 $(DESTDIR)$(sbindir)/suexec; \ ++ fi ++ ++install-suexec-setuid: ++ @if test -f $(builddir)/support/suexec; then \ ++ chmod 4755 $(DESTDIR)$(sbindir)/suexec; \ ++ fi ++ ++install-suexec-caps: ++ @if test -f $(builddir)/support/suexec; then \ ++ setcap 'cap_setuid,cap_setgid+pe' $(DESTDIR)$(sbindir)/suexec; \ + fi + + suexec: +--- httpd-2.4.2/modules/arch/unix/mod_unixd.c.r1337344+ ++++ httpd-2.4.2/modules/arch/unix/mod_unixd.c +@@ -284,6 +284,13 @@ unixd_set_suexec(cmd_parms *cmd, void *d + return NULL; + } + ++#ifdef AP_SUEXEC_CAPABILITIES ++/* If suexec is using capabilities, don't test for the setuid bit. */ ++#define SETUID_TEST(finfo) (1) ++#else ++#define SETUID_TEST(finfo) (finfo.protection & APR_USETID) ++#endif ++ + static int + unixd_pre_config(apr_pool_t *pconf, apr_pool_t *plog, + apr_pool_t *ptemp) +@@ -300,7 +307,7 @@ unixd_pre_config(apr_pool_t *pconf, apr_ + ap_unixd_config.suexec_enabled = 0; + if ((apr_stat(&wrapper, SUEXEC_BIN, APR_FINFO_NORM, ptemp)) + == APR_SUCCESS) { +- if ((wrapper.protection & APR_USETID) && wrapper.user == 0 ++ if (SETUID_TEST(wrapper) && wrapper.user == 0 + && (access(SUEXEC_BIN, R_OK|X_OK) == 0)) { + ap_unixd_config.suexec_enabled = 1; + ap_unixd_config.suexec_disabled_reason = ""; +--- httpd-2.4.2/support/suexec.c.r1337344+ ++++ httpd-2.4.2/support/suexec.c +@@ -58,6 +58,10 @@ + #include <grp.h> + #endif + ++#ifdef AP_LOG_SYSLOG ++#include <syslog.h> ++#endif ++ + #if defined(PATH_MAX) + #define AP_MAXPATH PATH_MAX + #elif defined(MAXPATHLEN) +@@ -69,7 +73,12 @@ + #define AP_ENVBUF 256 + + extern char **environ; ++ ++#ifdef AP_LOG_SYSLOG ++static int log_open; ++#else + static FILE *log = NULL; ++#endif + + static const char *const safe_env_lst[] = + { +@@ -128,10 +137,23 @@ static const char *const safe_env_lst[] + NULL + }; + ++static void log_err(const char *fmt,...) ++ __attribute__((format(printf,1,2))); ++static void log_no_err(const char *fmt,...) ++ __attribute__((format(printf,1,2))); ++static void err_output(int is_error, const char *fmt, va_list ap) ++ __attribute__((format(printf,2,0))); + + static void err_output(int is_error, const char *fmt, va_list ap) + { +-#ifdef AP_LOG_EXEC ++#if defined(AP_LOG_SYSLOG) ++ if (!log_open) { ++ openlog("suexec", LOG_PID, LOG_DAEMON); ++ log_open = 1; ++ } ++ ++ vsyslog(is_error ? LOG_ERR : LOG_INFO, fmt, ap); ++#elif defined(AP_LOG_EXEC) + time_t timevar; + struct tm *lt; + +@@ -263,7 +285,7 @@ int main(int argc, char *argv[]) + */ + uid = getuid(); + if ((pw = getpwuid(uid)) == NULL) { +- log_err("crit: invalid uid: (%ld)\n", uid); ++ log_err("crit: invalid uid: (%lu)\n", (unsigned long)uid); + exit(102); + } + /* +@@ -289,7 +311,9 @@ int main(int argc, char *argv[]) + #ifdef AP_HTTPD_USER + fprintf(stderr, " -D AP_HTTPD_USER=\"%s\"\n", AP_HTTPD_USER); + #endif +-#ifdef AP_LOG_EXEC ++#if defined(AP_LOG_SYSLOG) ++ fprintf(stderr, " -D AP_LOG_SYSLOG\n"); ++#elif defined(AP_LOG_EXEC) + fprintf(stderr, " -D AP_LOG_EXEC=\"%s\"\n", AP_LOG_EXEC); + #endif + #ifdef AP_SAFE_PATH +@@ -440,7 +464,7 @@ int main(int argc, char *argv[]) + * a UID less than AP_UID_MIN. Tsk tsk. + */ + if ((uid == 0) || (uid < AP_UID_MIN)) { +- log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd); ++ log_err("cannot run as forbidden uid (%lu/%s)\n", (unsigned long)uid, cmd); + exit(107); + } + +@@ -449,7 +473,7 @@ int main(int argc, char *argv[]) + * or as a GID less than AP_GID_MIN. Tsk tsk. + */ + if ((gid == 0) || (gid < AP_GID_MIN)) { +- log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd); ++ log_err("cannot run as forbidden gid (%lu/%s)\n", (unsigned long)gid, cmd); + exit(108); + } + +@@ -460,7 +484,7 @@ int main(int argc, char *argv[]) + * and setgid() to the target group. If unsuccessful, error out. + */ + if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) { +- log_err("failed to setgid (%ld: %s)\n", gid, cmd); ++ log_err("failed to setgid (%lu: %s)\n", (unsigned long)gid, cmd); + exit(109); + } + +@@ -468,7 +492,7 @@ int main(int argc, char *argv[]) + * setuid() to the target user. Error out on fail. + */ + if ((setuid(uid)) != 0) { +- log_err("failed to setuid (%ld: %s)\n", uid, cmd); ++ log_err("failed to setuid (%lu: %s)\n", (unsigned long)uid, cmd); + exit(110); + } + +@@ -556,11 +580,11 @@ int main(int argc, char *argv[]) + (gid != dir_info.st_gid) || + (uid != prg_info.st_uid) || + (gid != prg_info.st_gid)) { +- log_err("target uid/gid (%ld/%ld) mismatch " +- "with directory (%ld/%ld) or program (%ld/%ld)\n", +- uid, gid, +- dir_info.st_uid, dir_info.st_gid, +- prg_info.st_uid, prg_info.st_gid); ++ log_err("target uid/gid (%lu/%lu) mismatch " ++ "with directory (%lu/%lu) or program (%lu/%lu)\n", ++ (unsigned long)uid, (unsigned long)gid, ++ (unsigned long)dir_info.st_uid, (unsigned long)dir_info.st_gid, ++ (unsigned long)prg_info.st_uid, (unsigned long)prg_info.st_gid); + exit(120); + } + /* +@@ -585,6 +609,12 @@ int main(int argc, char *argv[]) + #endif /* AP_SUEXEC_UMASK */ + + /* Be sure to close the log file so the CGI can't mess with it. */ ++#ifdef AP_LOG_SYSLOG ++ if (log_open) { ++ closelog(); ++ log_open = 0; ++ } ++#else + if (log != NULL) { + #if APR_HAVE_FCNTL_H + /* +@@ -606,6 +636,7 @@ int main(int argc, char *argv[]) + log = NULL; + #endif + } ++#endif + + /* + * Execute the command, replacing our image with its own. diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-restart.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-restart.patch new file mode 100644 index 0000000000..42254d2f8c --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-restart.patch @@ -0,0 +1,35 @@ + +* server/main.c (main): Bail out *before* signalling the server + if the config is bad. (as per the claim in the docs!) + +https://bugzilla.redhat.com/show_bug.cgi?id=814645 +http://svn.apache.org/viewvc?view=revision&revision=1328345 + +Upstream-Status: Backport + +--- httpd-2.4.2/server/main.c.restart ++++ httpd-2.4.2/server/main.c +@@ -671,6 +671,11 @@ int main(int argc, const char * const ar + } + } + ++ /* If our config failed, deal with that here. */ ++ if (rv != OK) { ++ destroy_and_exit_process(process, 1); ++ } ++ + signal_server = APR_RETRIEVE_OPTIONAL_FN(ap_signal_server); + if (signal_server) { + int exit_status; +@@ -680,11 +685,6 @@ int main(int argc, const char * const ar + } + } + +- /* If our config failed, deal with that here. */ +- if (rv != OK) { +- destroy_and_exit_process(process, 1); +- } +- + apr_pool_clear(plog); + + if ( ap_run_open_logs(pconf, plog, ptemp, ap_server_conf) != OK) { diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/replace-lynx-to-curl-in-apachectl-script.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/replace-lynx-to-curl-in-apachectl-script.patch new file mode 100644 index 0000000000..584ddc8d94 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/replace-lynx-to-curl-in-apachectl-script.patch @@ -0,0 +1,52 @@ +From 760ccbb2fb046621a2aeaecabb2b1ef9aa280cf1 Mon Sep 17 00:00:00 2001 +From: Yulong Pei <Yulong.pei@windriver.com> +Date: Thu, 1 Sep 2011 01:03:14 +0800 +Subject: [PATCH] replace lynx to curl in apachectl script + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Yulong Pei <Yulong.pei@windriver.com> +--- + support/apachectl.in | 14 ++++++++++---- + 1 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/support/apachectl.in b/support/apachectl.in +index d4dff38..109ea13 100644 +--- a/support/apachectl.in ++++ b/support/apachectl.in +@@ -51,11 +51,11 @@ fi + # a command that outputs a formatted text version of the HTML at the + # url given on the command line. Designed for lynx, however other + # programs may work. +-LYNX="@LYNX_PATH@ -dump" ++CURL="/usr/bin/curl" + # + # the URL to your server's mod_status status page. If you do not + # have one, then status and fullstatus will not work. +-STATUSURL="http://localhost:@PORT@/server-status" ++STATUSURL="http://localhost:@PORT@/" + # + # Set this variable to a command that increases the maximum + # number of file descriptors allowed per child process. This is +@@ -91,10 +91,16 @@ configtest) + ERROR=$? + ;; + status) +- $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' ++ $CURL -s $STATUSURL | grep -o "It works!" ++ if [ $? != 0 ] ; then ++ echo The httpd server does not work! ++ fi + ;; + fullstatus) +- $LYNX $STATUSURL ++ $CURL -s $STATUSURL | grep -o "It works!" ++ if [ $? != 0 ] ; then ++ echo The httpd server does not work! ++ fi + ;; + *) + $HTTPD $ARGV +-- +1.6.4 + diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/server-makefile.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/server-makefile.patch new file mode 100644 index 0000000000..f1349cb6a4 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/server-makefile.patch @@ -0,0 +1,11 @@ +--- http-2.0.54/server/Makefile.in-old 2005-12-20 13:26:56.000000000 -0500 ++++ http-2.0.54/server/Makefile.in 2005-12-20 13:27:22.000000000 -0500 +@@ -27,7 +27,7 @@ + $(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS) + + test_char.h: gen_test_char +- ./gen_test_char > test_char.h ++ gen_test_char > test_char.h + + util.lo: test_char.h + diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.2.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.2.bb new file mode 100644 index 0000000000..17482ae0e1 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.2.bb @@ -0,0 +1,43 @@ +DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ +extensible web server." +SUMMARY = "Apache HTTP Server" +HOMEPAGE = "http://httpd.apache.org/" +DEPENDS = "expat-native pcre-native apr-native apr-util-native" +SECTION = "net" +LICENSE = "Apache-2.0" +PR = "r0" + +inherit native + +SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2" + +S = "${WORKDIR}/httpd-${PV}" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=eff226ae95d0516d6210ed77dfdf2dcc" +SRC_URI[md5sum] = "6bb12f726e22656f0ad2baf91f1f8329" +SRC_URI[sha256sum] = "5382f9c507d3d02706e33d6308ea041f39e8511b5948aef0ca188df8f90159b8" + +do_configure () { + ./configure --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ + --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ + --prefix=${prefix} --datadir=${datadir}/apache2 +} + +do_install () { + install -d ${D}${bindir} ${D}${libdir} + cp server/gen_test_char ${D}${bindir} + install -m 755 support/apxs ${D}${bindir}/ + install -m 755 httpd ${D}${bindir}/ + install -d ${D}${datadir}/apache2/build + cp build/*.mk ${D}${datadir}/apache2/build + cp build/instdso.sh ${D}${datadir}/apache2/build + + install -d ${D}${includedir}/apache2 + cp include/* ${D}${includedir}/apache2 + cp os/unix/os.h ${D}${includedir}/apache2 + cp os/unix/unixd.h ${D}${includedir}/apache2 + + cp support/envvars-std ${D}${bindir}/envvars + chmod 755 ${D}${bindir}/envvars +} + diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.2.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.2.bb new file mode 100644 index 0000000000..15c4d024fe --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.2.bb @@ -0,0 +1,130 @@ +DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ +extensible web server." +SUMMARY = "Apache HTTP Server" +HOMEPAGE = "http://httpd.apache.org/" +DEPENDS = "libtool-native apache2-native openssl expat pcre apr apr-util" +RDEPENDS_${PN} += "openssl libgcc" +SECTION = "net" +LICENSE = "Apache-2.0" +PR = "r0" + +SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \ + file://server-makefile.patch \ + file://fix-libtool-name.patch \ + file://httpd-2.4.1-corelimit.patch \ + file://httpd-2.4.1-export.patch \ + file://httpd-2.4.1-selinux.patch \ + file://httpd-2.4.2-r1326980+.patch \ + file://httpd-2.4.2-r1327036+.patch \ + file://httpd-2.4.2-r1332643.patch \ + file://httpd-2.4.2-r1337344+.patch \ + file://httpd-2.4.2-restart.patch \ + file://apache-configure_perlbin.patch \ + file://replace-lynx-to-curl-in-apachectl-script.patch \ + file://apache-ssl-ltmain-rpath.patch \ + file://init" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=eff226ae95d0516d6210ed77dfdf2dcc" +SRC_URI[md5sum] = "6bb12f726e22656f0ad2baf91f1f8329" +SRC_URI[sha256sum] = "5382f9c507d3d02706e33d6308ea041f39e8511b5948aef0ca188df8f90159b8" + +S = "${WORKDIR}/httpd-${PV}" + +inherit autotools update-rc.d + +CFLAGS_append = " -DPATH_MAX=4096" +CFLAGS_prepend = "-I${STAGING_INCDIR}/openssl " +EXTRA_OECONF = "--enable-ssl \ + --with-ssl=${STAGING_LIBDIR}/.. \ + --with-expat=${STAGING_LIBDIR}/.. \ + --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ + --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ + --enable-info \ + --enable-rewrite \ + --with-dbm=sdbm \ + --with-berkeley-db=no \ + --localstatedir=/var/${PN} \ + --with-gdbm=no \ + --with-ndbm=no \ + --includedir=${includedir}/${PN} \ + --datadir=${datadir}/${PN} \ + --sysconfdir=${sysconfdir}/${PN} \ + --libexecdir=${libdir}/${PN}/modules \ + ap_cv_void_ptr_lt_long=no \ + --enable-mpms-shared \ + ac_cv_have_threadsafe_pollset=no" + +do_install_append() { + install -d ${D}/${sysconfdir}/init.d + cat ${WORKDIR}/init | \ + sed -e 's,/usr/sbin/,${sbindir}/,g' \ + -e 's,/usr/bin/,${bindir}/,g' \ + -e 's,/usr/lib,${libdir}/,g' \ + -e 's,/etc/,${sysconfdir}/,g' \ + -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${PN} + chmod 755 ${D}/${sysconfdir}/init.d/${PN} + # remove the goofy original files... + rm -rf ${D}/${sysconfdir}/${PN}/original + # Expat should be found in the staging area via DEPENDS... + rm -f ${D}/${libdir}/libexpat.* + + # Ensure configuration file pulls in modules.d + printf "\nInclude ${sysconfdir}/${PN}/modules.d/*\n\n" >> ${D}/${sysconfdir}/${PN}/httpd.conf +} + +SYSROOT_PREPROCESS_FUNCS += "apache_sysroot_preprocess" + +apache_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${PN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs + sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${TARGET_PREFIX}libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs + + sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${PN}/build/config_vars.mk + sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${PN}/build/config_vars.mk +} + +# +# implications - used by update-rc.d scripts +# +INITSCRIPT_NAME = "apache2" +INITSCRIPT_PARAMS = "defaults 91 20" +LEAD_SONAME = "libapr-1.so.0" + +CONFFILES_${PN} = "${sysconfdir}/${PN}/httpd.conf \ + ${sysconfdir}/${PN}/magic \ + ${sysconfdir}/${PN}/mime.types \ + ${sysconfdir}/init.d/${PN} " + +PACKAGES = "${PN}-doc ${PN}-dev ${PN}-dbg ${PN}" + +# we override here rather than append so that .so links are +# included in the runtime package rather than here (-dev) +# and to get build, icons, error into the -dev package +FILES_${PN}-dev = "${datadir}/${PN}/build \ + ${datadir}/${PN}/icons \ + ${datadir}/${PN}/error \ + ${bindir}/apr-config ${bindir}/apu-config \ + ${libdir}/apr*.exp \ + ${includedir}/${PN} \ + ${libdir}/*.la \ + ${libdir}/*.a" + +# manual to manual +FILES_${PN}-doc += " ${datadir}/${PN}/manual" + +# +# override this too - here is the default, less datadir +# +FILES_${PN} = "${bindir} ${sbindir} ${libexecdir} ${libdir}/lib*.so.* ${sysconfdir} \ + ${sharedstatedir} ${localstatedir} /bin /sbin /lib/*.so* \ + ${libdir}/${PN}" + +# we want htdocs and cgi-bin to go with the binary +FILES_${PN} += "${datadir}/${PN}/htdocs ${datadir}/${PN}/cgi-bin" + +#make sure the lone .so links also get wrapped in the base package +FILES_${PN} += "${libdir}/lib*.so ${libdir}/pkgconfig/*" + +FILES_${PN}-dbg += "${libdir}/${PN}/modules/.debug" + diff --git a/meta-webserver/recipes-httpd/apache2/files/init b/meta-webserver/recipes-httpd/apache2/files/init new file mode 100755 index 0000000000..85af742836 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/files/init @@ -0,0 +1,73 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: httpd +# Required-Start: $local_fs $remote_fs $network $named +# Required-Stop: $local_fs $remote_fs $network +# Should-Start: distcache +# Short-Description: start and stop Apache HTTP Server +# Description: The Apache HTTP Server is an extensible server +# implementing the current HTTP standards. +### END INIT INFO + +ARGS="-D SSL -k start" +NAME=apache2 +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/httpd +SUEXEC=/usr/lib/apache/suexec +PIDFILE=/var/run/$NAME.pid +CONF=/etc/apache2/httpd.conf +APACHECTL=/usr/sbin/apachectl + +trap "" 1 +export LANG=C +export PATH + +test -f $DAEMON || exit 0 +test -f $APACHECTL || exit 0 + +# ensure we don't leak environment vars into apachectl +APACHECTL="env -i LANG=${LANG} PATH=${PATH} $APACHECTL" + +case "$1" in + start) + echo -n "Starting web server: $NAME" + $APACHECTL $ARGS + ;; + + stop) + $APACHECTL stop + ;; + + reload) + echo -n "Reloading $NAME configuration" + $APACHECTL reload + ;; + + reload-modules) + echo -n "Reloading $NAME modules" + $APACHECTL restart + ;; + + restart) + $APACHECTL restart + exit $? + ;; + + force-reload) + $0 reload-modules + exit $? + ;; + + *) + echo "Usage: /etc/init.d/$NAME {start|stop|reload|reload-modules|force-reload|restart}" + exit 1 + ;; +esac + +if [ $? = 0 ]; then + echo . + exit 0 +else + echo failed + exit 1 +fi diff --git a/meta-webserver/recipes-php/modphp/files/70_mod_php5.conf b/meta-webserver/recipes-php/modphp/files/70_mod_php5.conf new file mode 100644 index 0000000000..1de6fb11ac --- /dev/null +++ b/meta-webserver/recipes-php/modphp/files/70_mod_php5.conf @@ -0,0 +1,12 @@ +# vim: ft=apache sw=4 ts=4 +<IfDefine PHP5> + # Load the module first + <IfModule !sapi_apache2.c> + LoadModule php5_module lib/apache2/modules/libphp5.so + </IfModule> + + # Set it to handle the files + AddHandler php5-script .php .phtml .php3 .php4 .php5 + AddType application/x-httpd-php-source .phps + DirectoryIndex index.html index.html.var index.php index.phtml +</IfDefine> diff --git a/meta-webserver/recipes-php/modphp/files/configure.patch b/meta-webserver/recipes-php/modphp/files/configure.patch new file mode 100644 index 0000000000..c5334c706e --- /dev/null +++ b/meta-webserver/recipes-php/modphp/files/configure.patch @@ -0,0 +1,11 @@ +--- php-5.1.6/configure.old 2006-09-12 07:54:14.000000000 -0700 ++++ php-5.1.6/configure 2006-09-12 07:54:37.000000000 -0700 +@@ -14715,8 +14715,6 @@ + + + +- unset ac_cv_func_dlopen +- unset ac_cv_func___dlopen + unset found + + echo $ac_n "checking for dlopen""... $ac_c" 1>&6 diff --git a/meta-webserver/recipes-php/modphp/files/pthread-check.patch b/meta-webserver/recipes-php/modphp/files/pthread-check.patch new file mode 100644 index 0000000000..1388b2b0bb --- /dev/null +++ b/meta-webserver/recipes-php/modphp/files/pthread-check.patch @@ -0,0 +1,64 @@ +Hack configure script so it does not disable pthread support when cross-compiling + +Upstream-Status: Inapproprate [config] + +Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> + +diff --git a/configure b/configure +index 03d8f95..6794d45 100755 +--- a/configure ++++ b/configure +@@ -3506,7 +3506,7 @@ fi + + if test "$cross_compiling" = yes; then + +- pthreads_working=no ++ pthreads_working=yes + case $host_alias in + *netware*) + pthreads_working=yes +@@ -3566,7 +3566,7 @@ else + + if test "$cross_compiling" = yes; then + +- pthreads_working=no ++ pthreads_working=yes + case $host_alias in + *netware*) + pthreads_working=yes +@@ -3636,7 +3636,7 @@ if test "$pthreads_working" != "yes"; then + + if test "$cross_compiling" = yes; then + +- pthreads_working=no ++ pthreads_working=yes + case $host_alias in + *netware*) + pthreads_working=yes +@@ -106833,7 +106833,7 @@ fi + + if test "$cross_compiling" = yes; then + +- pthreads_working=no ++ pthreads_working=yes + case $host_alias in + *netware*) + pthreads_working=yes +@@ -106893,7 +106893,7 @@ else + + if test "$cross_compiling" = yes; then + +- pthreads_working=no ++ pthreads_working=yes + case $host_alias in + *netware*) + pthreads_working=yes +@@ -106963,7 +106963,7 @@ if test "$pthreads_working" != "yes"; then + + if test "$cross_compiling" = yes; then + +- pthreads_working=no ++ pthreads_working=yes + case $host_alias in + *netware*) + pthreads_working=yes diff --git a/meta-webserver/recipes-php/modphp/modphp5.inc b/meta-webserver/recipes-php/modphp/modphp5.inc new file mode 100644 index 0000000000..82b5ce1a64 --- /dev/null +++ b/meta-webserver/recipes-php/modphp/modphp5.inc @@ -0,0 +1,90 @@ +SECTION = "console/network" +DESCRIPTION = "A server-side, HTML-embedded scripting language. This package provides the apache php module." +LICENSE = "PHP" +DEPENDS = "apache2-native apache2 zlib" + +SRC_URI = "http://www.php.net/distributions/php-${PV}.tar.bz2 \ + file://configure.patch \ + file://pthread-check.patch \ + file://70_mod_php5.conf \ + " + +S = "${WORKDIR}/php-${PV}" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=cb564efdf78cce8ea6e4b5a4f7c05d97" + +inherit autotools + +CFLAGS += " -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I${STAGING_INCDIR}/apache2" + +EXTRA_OECONF = "--with-apxs2=${STAGING_BINDIR_CROSS}/apxs \ + --enable-maintainer-zts \ + --without-mysql \ + --enable-force-cgi-redirect \ + --disable-cgi \ + --disable-cli \ + --disable-pdo \ + --without-pear \ + --without-iconv \ + --disable-ipv6 \ + --disable-xml \ + --disable-xmlreader \ + --disable-xmlwriter \ + --disable-simplexml \ + --disable-libxml \ + --disable-dom \ + --disable-rpath \ + --libdir=${libdir}/php5 \ + --with-zlib --with-zlib-dir=${STAGING_DIR_TARGET}${exec_prefix} \ + --with-config-file-path=${sysconfdir}/php/apache2-php5" + +# to get postgres support, add it to the DEPENDS above +# and uncomment this line. similar for mysql +#EXTRA_OECONF += " --with-pgsql=${STAGING_DIR_HOST}${layout_exec_prefix}" + +acpaths = "" + +# +# override the autotools do_configure, which runs autoconf, +# which breaks everything... +# +do_configure() { + find . -name config.m4 -o -name configure | xargs -n1 sed -i 's!APXS_HTTPD=.*!APXS_HTTPD=${STAGING_BINDIR_NATIVE}/httpd!' + export PHP_LIBXML_DIR=${STAGING_DIR_NATIVE}${layout_exec_prefix} + oe_runconf +} + +do_install () { + install -d ${D}${libdir}/apache2/modules + install -d ${D}${sysconfdir}/apache2/modules.d + install -d ${D}${sysconfdir}/php/apache2-php5 + install -m 755 libs/libphp5.so ${D}${libdir}/apache2/modules + install -m 644 ${WORKDIR}/70_mod_php5.conf ${D}${sysconfdir}/apache2/modules.d + cat ${S}/php.ini-dist | \ + sed -e 's,extension_dir = \"\./\",extension_dir = \"/usr/lib/extensions\",' \ + > ${D}${sysconfdir}/php/apache2-php5/php.ini + + install -d ${D}${bindir} + install -m 755 scripts/phpize ${D}${bindir} + install -m 755 scripts/php-config ${D}${bindir} + + oe_runmake install-build install-headers INSTALL_ROOT=${D} +} + +SYSROOT_PREPROCESS_FUNCS += "php_sysroot_preprocess" + +php_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/phpize ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/php-config ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + + sed -i 's!eval echo /!eval echo ${STAGING_DIR_HOST}/!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/phpize + sed -i 's!^include_dir=.*!include_dir=${STAGING_INCDIR}/php!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/php-config +} + +RDEPENDS_${PN} = "apache2" + +FILES_${PN} = "${libdir}/apache2 ${sysconfdir}" +FILES_${PN}-dev += "${bindir}/phpize ${bindir}/php-config ${libdir}/php5" +FILES_${PN}-dbg += "${libdir}/apache2/modules/.debug" + diff --git a/meta-webserver/recipes-php/modphp/modphp_5.3.14.bb b/meta-webserver/recipes-php/modphp/modphp_5.3.14.bb new file mode 100644 index 0000000000..b6a51267b7 --- /dev/null +++ b/meta-webserver/recipes-php/modphp/modphp_5.3.14.bb @@ -0,0 +1,5 @@ +include modphp5.inc +PR = "r0" + +SRC_URI[md5sum] = "7caac4f71e2f21426c11ac153e538392" +SRC_URI[sha256sum] = "c8075b6e83c5db0d26cc8426a7456856421089a76c963813b1fcac3ced041cb3" diff --git a/meta-webserver/recipes-php/xdebug/xdebug_2.2.1.bb b/meta-webserver/recipes-php/xdebug/xdebug_2.2.1.bb new file mode 100644 index 0000000000..48e1f8e585 --- /dev/null +++ b/meta-webserver/recipes-php/xdebug/xdebug_2.2.1.bb @@ -0,0 +1,34 @@ +SUMMARY = "Debugging and profiling extension for PHP" +LICENSE = "Xdebug" +LIC_FILES_CHKSUM = "file://LICENSE;md5=34df3a274aa12b795417c65634c07f16" + +DEPENDS = "modphp" + +PR = "r0" + +SRC_URI = "http://xdebug.org/files/xdebug-${PV}.tgz" + +SRC_URI[md5sum] = "5e5c467e920240c20f165687d7ac3709" +SRC_URI[sha256sum] = "11d340eb7f87909a596bac054cc927df757dc2fc7c90b50a832c30e9bf84c9ad" + +inherit autotools + +EXTRA_OECONF += "--enable-xdebug -with-php-config=${STAGING_BINDIR_CROSS}/php-config" + +do_configure() { + ${STAGING_BINDIR_CROSS}/phpize + + # Running autoreconf as autotools_do_configure would do here + # breaks the libtool configuration resulting in a failure later + # in do_compile. It's possible this may be fixable, however the + # easiest course of action for the moment is to avoid doing that. + oe_runconf +} + +do_install() { + oe_runmake install INSTALL_ROOT=${D} +} + +FILES_${PN} += "${libdir}/php5/extensions/*/*.so" +FILES_${PN}-dbg += "${libdir}/php5/extensions/*/.debug" + |