Commit Graph

81 Commits

Author SHA1 Message Date
Armin Kuster
c59ce3299e Apache: Several CVE fixes
Source: Apache.org
MR: 113457, 113453
Type: Security Fix
Disposition: Backport from apache.org 2.4.51
ChangeID: 9d7b58f49487baff99bf8f101e53217425a2b81f
Description:

Bug fix only update. LTS version
https://httpd.apache.org/security/vulnerabilities_24.html

Fixes CVEs:
CVE-2021-42013
CVE-2021-41524
CVE-2021-41773

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-10-22 16:28:24 -07:00
wangmy
54a96fa4fe apache2: upgrade 2.4.48 -> 2.4.49
Changes with Apache 2.4.49

  *) SECURITY: CVE-2021-40438 (cve.mitre.org)
     mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]

  *) SECURITY: CVE-2021-39275 (cve.mitre.org)
     core: ap_escape_quotes buffer overflow

  *) SECURITY: CVE-2021-36160 (cve.mitre.org)
     mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]

  *) SECURITY: CVE-2021-34798 (cve.mitre.org)
     core: null pointer dereference on malformed request

  *) SECURITY: CVE-2021-33193 (cve.mitre.org)
     mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]

  *) core/mod_proxy/mod_ssl:
     Adding `outgoing` flag to conn_rec, indicating a connection is
     initiated by the server to somewhere, in contrast to incoming
     connections from clients.
     Adding 'ap_ssl_bind_outgoing()` function that marks a connection
     as outgoing and is used by mod_proxy instead of the previous
     optional function `ssl_engine_set`. This enables other SSL
     module to secure proxy connections.
     The optional functions `ssl_engine_set`, `ssl_engine_disable` and
     `ssl_proxy_enable` are now provided by the core to have backward
     compatibility with non-httpd modules that might use them. mod_ssl
     itself no longer registers these functions, but keeps them in its
     header for backward compatibility.
     The core provided optional function wrap any registered function
     like it was done for `ssl_is_ssl`.
     [Stefan Eissing]

  *) mod_ssl: Support logging private key material for use with
     wireshark via log file given by SSLKEYLOGFILE environment
     variable.  Requires OpenSSL 1.1.1.  PR 63391.  [Joe Orton]

  *) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and
     "ProxyPassInterpolateEnv On" are configured.  PR 65549.
     [Joel Self <joelself gmail.com>]

  *) mpm_event: Fix children processes possibly not stopped on graceful
     restart.  PR 63169.  [Joel Self <joelself gmail.com>]

  *) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d)
     protocols from mod_proxy_http, and a timeout triggering falsely when
     using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with
     upgrade= setting.  PRs 65521 and 65519.  [Yann Ylavic]

  *) mod_unique_id: Reduce the time window where duplicates may be generated
     PR 65159
     [Christophe Jaillet]

  *) mpm_prefork: Block signals for child_init hooks to prevent potential
     threads created from there to catch MPM's signals.
     [Ruediger Pluem, Yann Ylavic]

  *) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load.
     PR 65159" added in 2.4.47.
     This causes issue on Windows.
     [Christophe Jaillet]

  *) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker.  [Yann Ylavic]

  *) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted
     as successful or a staged renewal is replacing the existing certificates.
     This avoid potential mess ups in the md store file system to render the active
     certificates non-working. [@mkauf]

  *) mod_proxy: Faster unix socket path parsing in the "proxy:" URL.
     [Yann Ylavic]

  *) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
     connections. If ALPN protocols are provided and sent to the
     remote server, the received protocol selected is inspected
     and checked for a match. Without match, the peer handshake
     fails.
     An exception is the proposal of "http/1.1" where it is
     accepted if the remote server did not answer ALPN with
     a selected protocol. This accomodates for hosts that do
     not observe/support ALPN and speak http/1.x be default.

  *) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances
     with others when their URLs contain a '$' substitution.  PR 65419 + 65429.
     [Yann Ylavic]

  *) mod_dav: Add method_precondition hook. WebDAV extensions define
     conditions that must exist before a WebDAV method can be executed.
     This hook allows a WebDAV extension to verify these preconditions.
     [Graham Leggett]

  *) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other
     modules apart from versioning implementations to handle the REPORT method.
     [Graham Leggett]

  *) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and
     dav_get_resource() to mod_dav.h. [Graham Leggett]

  *) core: fix ap_escape_quotes substitution logic. [Eric Covener]

  *) Easy patches: synch 2.4.x and trunk
     - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp.
     - mod_ldap: log and abort locking errors.
     - mod_ldap: style fix for r1831165
     - mod_ldap: build break fix for r1831165
     - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements
     - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590)
     - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case.
     - mod_rewrite: Save a few cycles.
     - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues
     - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED
    [Christophe Jaillet]

  *) core/mpm: add hook 'child_stopping` that gets called when the MPM is
     stopping a child process. The additional `graceful` parameter allows
     registered hooks to free resources early during a graceful shutdown.
     [Yann Ylavic, Stefan Eissing]

  *) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the
     balancer-manager, which can lead to a crash.  [Yann Ylavic]

  *) mpm_event: Fix graceful stop/restart of children processes if connections
     are in lingering close for too long.  [Yann Ylavic]

  *) mod_md: fixed a potential null pointer dereference if ACME/OCSP
     server returned 2xx responses without content type. Reported by chuangwen.
     [chuangwen, Stefan Eissing]

  *) mod_md:
     - Domain names in `<MDomain ...>` can now appear in quoted form.
     - Fixed a failure in ACME challenge selection that aborted further searches
       when the tls-alpn-01 method did not seem to be suitable.
     - Changed the tls-alpn-01 setup to only become unsuitable when none of the
       dns names showed support for a configured 'Protocols ... acme-tls/1'. This
       allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost.
     [Stefan Eissing]

  *) Add CPING to health check logic. [Jean-Frederic Clere]

  *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett]

  *) core, h2: common ap_parse_request_line() and ap_check_request_header()
     code. [Yann Ylavic]

  *) core: Add StrictHostCheck to allow unconfigured hostnames to be
     rejected. [Eric Covener]

  *) htcacheclean: Improve help messages.  [Christophe Jaillet]

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-09-24 08:12:35 -07:00
Martin Jansa
c61dc077bb Convert to new override syntax
This is the result of automated script (0.9.1) conversion:

oe-core/scripts/contrib/convert-overrides.py .

converting the metadata to use ":" as the override character instead of "_".

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2021-08-03 10:21:25 -07:00
Changqing Li
ba016d73b5 apache2: upgrade 2.4.46 -> 2.4.48
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-08-03 08:53:04 -07:00
Khem Raj
a31bb84e32 apache2: Deal with -ffile-prefix-map
Filter out -ffile-prefix-map as well along with other -f*-prefix-map
options

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-04-29 15:40:20 -07:00
Sakib Sajal
fc995b3cfe apache2: upgrade v2.4.43 -> v2.4.46
Minor upgrade inluding bug and CVE fixes, namely:
  - CVE-2020-9490
  - CVE-2020-11984
  - CVE-2020-11993

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-08-26 14:27:09 -07:00
Yi Zhao
6f4d0dbfbc apache2: create log/run directory via pkg_postinst
The commit e789c3837c tries to create
log/run directory in initscript/systemd unit file. This is not a correct
method. We should create them in pkg_postinst.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-05-21 20:16:40 -07:00
Changqing Li
e789c3837c apache2: fix service start fail
reproduce steps:
1. boot up target
2. scp apache2-2.4.41-r0.1.aarch64.rpm on target
3. rpm -i apache2-2.4.41-r0.1.aarch64.rpm
4. systemctl status apache2

Error:
httpd[7767]: (2)No such file or directory: AH02291: Cannot access directory '/var/log/apache2/' for main error log

with the old way, /var/log/apache2/ is created by service
systemd-tmpfiles-setup during boot, so only works when apache2
already installed before boot, in above scenario,
/var/log/apache2/ will not created. fix by creating it in the
service file. similar fix for sysV system

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-05-14 10:43:48 -07:00
Trevor Gamblin
b1aa5f7850 apache2: add patch ensuring destdir is empty string
apache2 added cross-compilation support after 2.4.41, but
this conflicts with our own cross-compilation setup and causes
related recipes like apache-websocket to fail to find config
files (due to incorrect file paths) during build:

| cannot open
/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot//usr/share/apache2/build/config_vars.mk:
No such file or directory at
/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/usr/bin/crossscripts/apxs
line 213.

Add this patch to ensure that the $destdir
variable used in apache2's cross-compilation scheme is always
the empty string so that apache-websocket can find the right
files.

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-04-17 19:05:58 -07:00
Trevor Gamblin
e9252506c3 apache2: upgrade 2.4.41 -> 2.4.43
LICENSE file was updated due to a typo fix.

Note that this upgrade fixes two CVES affecting versions
2.4.41 and earlier:

CVE: CVE-2020-1927
CVE: CVE-2020-1934

See:
https://nvd.nist.gov/vuln/detail/CVE-2020-1927
https://nvd.nist.gov/vuln/detail/CVE-2020-1934

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-04-17 19:05:58 -07:00
Kai Kang
8d4d608b4e apache2: fix multilib file conflicts
There are errors of apache2 about files conflicts when multilib enabled:

| Error: Transaction check error:
|   file /etc/apache2/extra/httpd-ssl.conf conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
|   file /etc/apache2/httpd.conf conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
|   file /usr/sbin/envvars conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64
|   file /usr/sbin/envvars-std conflicts between attempted installs of lib32-apache2-2.4.41-r0.core2_32 and apache2-2.4.41-r0.core2_64

It makes libexecdir point to ${libdir}. Reset to ${libexecdir} which could
eliminate file conflicts of the conf files. And remove /usr/sbin/envvars and
/usr/sbin/envvars-std which only used by apachectl. They only add standard
library path ${libdir} to LD_LIBRARY_PATH, so remove them to avoid multilib
file conflicts.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-05 18:13:44 -07:00
Yi Zhao
992f4bd570 apache2: upgrade 2.4.39 -> 2.4.41
Security fixes:
  CVE-2019-10081
  CVE-2019-9517
  CVE-2019-10098
  CVE-2019-10092
  CVE-2019-10097
  CVE-2019-10082

See: http://www.apache.org/dist/httpd/CHANGES_2.4.41

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-08-20 09:31:16 -07:00
Alejandro del Castillo
2e59ec2d28 apache2: add all extra/*.conf to conffiles
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-05-23 08:26:15 -07:00
Changqing Li
a687e01760 apache2: add back patch for set perlbin
Add back this patch. Without this patch, apxs's shebang will use
perl under hosttools, which can be too long for shebang, and cause
error:
bad interpreter: No such file or directory

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-29 10:13:56 -07:00
Peter Kjellerstedt
e7f13b68fe apache2: Correct packaging of build and doc related files
The build related files (${datadir}/${BPN}/build and ${bindir}/apxs)
belong in the -dev package, and the manual belong in the -doc package.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-27 10:13:07 -07:00
Peter Kjellerstedt
90558c5316 apache2: Correct appending to SYSROOT_PREPROCESS_FUNCS
A missing space lead to problems if something else was already added to
SYSROOT_PREPROCESS_FUNCS.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-27 10:13:07 -07:00
Yi Zhao
fd526d60d4 apache2: upgrade 2.4.34 -> 2.4.39
* Drop apache2-native recipe.
  Add native to BBCLASSEXTEND in apache2 recipe.

* Refresh patches.
  Drop CVE-2018-11763.patch and apache-configure_perlbin.patch

* Cleanup recipe file. Remove obsolete code.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-16 21:07:25 -07:00
Qi.Chen@windriver.com
bd4759ee16 apache2: set CVE_PRODUCT
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-03-29 10:35:27 -07:00
Mingli Yu
e9e214875f apache2: Fix CVE-2018-11763
mod_http2: connection IO event handling reworked.
Instead of reacting on incoming bytes, the state
machine now acts on incoming frames that are affecting
it. This reduces state transitions.

Reference: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11763.html

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-11-02 10:05:06 -07:00
Yi Zhao
8b021f35e3 apache2: set files layout to debian style
The default layout installs log files to /var/apache2/logs. But we
assume the log directory is /var/log/apache2 in volatile.conf. Specify
the layout to debian style to set the correct the log directory.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-08-24 08:58:13 -07:00
Yi Zhao
3dc82fc2eb apache2: upgrade 2.4.33 -> 2.4.34
Security fixes:

CVE-2018-8011
mod_md: DoS via Coredumps on specially crafted requests

CVE-2018-1333
mod_http2: DoS for HTTP/2 connections by specially crafted requests

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-07-27 13:49:48 -07:00
Yi Zhao
a04f595adb apache2: upgrade 2.4.29 -> 2.4.33
* License-Update: Correctly identify origin of util_pcre.c/ap_regex.h as
  pcreposix[.ch] and correct LICENSE/NOTICE to match.

* Refresh patches with devtool

* Drop useless patch apache-ssl-ltmain-rpath.patch

* Move all patches to one directory

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-07-05 17:51:15 -07:00
Haiqing Bai
09eb0ca5d2 apache2: Add PACKAGECONFIG zlib option for mod_deflate
The configure options '--enable-deflate' or '--with-z' make
the package depends on zlib. PACKAGECONFIG should be defined
to clear the dependency.

Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-06-29 07:00:52 -07:00
Hongxu Jia
3c31d1480e apache2/sthttpd: add alternatives for doc
There is a failure to install both of sthttpd-doc and
apache2-doc to rootfs.
...
|Error: Transaction check error:
|  file /usr/share/man/man1/htpasswd.1 conflicts
between attempted installs of sthttpd-doc-2.27.1
-r0.0.armv7ahf_neon and apache2-doc-2.4.27
-r0.0.armv7ahf_neon
...

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2018-05-17 08:31:12 -07:00
Armin Kuster
1eb1f55881 apache2: refresh patches
WARNING: apache2-2.4.29-r0 do_patch:
Some of the context lines in patches were ignored. This can lead to incorrectly applied patches.
The context lines in the patches can be updated with devtool:

    devtool modify <recipe>
    devtool finish --force-patch-refresh <recipe> <layer_path>

Then the updated patches and the source tree (in devtool's workspace)
should be reviewed to make sure the patches apply in the correct place
and don't introduce duplicate lines (which can, and does happen
when some of the context is ignored). Further information:
http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
Details:
Applying patch apache-configure_perlbin.patch
patching file configure.in
Hunk #1 succeeded at 855 with fuzz 2 (offset 217 lines).

Signed-off-by: Armin Kuster <akuster808@gmail.com>
2018-04-13 12:43:41 -07:00
Derek Straka
8cf5521ec5 apache2: update to version 2.4.29
Updated license checksum due to whitespace modifications

Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-11-15 16:34:06 -08:00
dengke.du@windriver.com
4bd83dd9df apache2: change files layout to debian style
The default layout installs log files and pid files into /var/apache2/logs.
This is odd and also will cause security issues because selinux does not know
how to label the security contexts for the files.

Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-09-18 10:18:12 +02:00
dengke.du@windriver.com
2630b26862 apache2: use volatiles for sysvinit
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-09-18 10:18:12 +02:00
Derek Straka
16d01c4a0c apache2: update to version 2.4.27
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-08-13 13:20:58 +02:00
Oleksandr Kravchuk
4b4a62ec07 recipes: delete obsolete patches
Deleted bunch of patches which are not used anymore by any recipe.

Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-03-16 23:34:32 +01:00
Peter Kjellerstedt
0c31f55bcf Make use of the new bb.utils.filter() function
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-03-07 13:30:26 +01:00
Peter Kjellerstedt
99d89597b6 apache2: Correct the SRC_URI
The change to use ${APACHE_MIRROR} in the SRC_URI in dfbe6cf214 did
not take into account that ${APACHE_MIRROR} already contains "/dist".

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-02-22 13:16:46 +01:00
Derek Straka
dfbe6cf214 apache: use the APACHE_MIRROR variable in the SRC_URI
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-02-13 18:43:34 +01:00
Derek Straka
7ef4ff6803 apache2: always use the archive.apache.org to ensure older releases are always available
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-12-26 08:24:59 +01:00
Derek Straka
9148d8b824 apache2: update to version 2.4.25
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-12-26 08:24:54 +01:00
Junxian.Xiao
b2409021dd apache2: include .load files in modules.d
According to other Linux distributes like Ubuntu, the modules
are usually included by 'LoadModule' command in *.load files
in mods-enable directory, as *.conf files in this directory
are usually used for special configurations for each module.

Include *.load in apache2 top conf file to be compatible with
customer's normal usage habits.

Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-11-23 15:24:44 +01:00
Joe Slater
6d4ca6868b apache2: cve-2016-5387
Handle HTTP_PROXY envirnoment variable.

Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-11-23 15:23:57 +01:00
Martin Jansa
dc48e768f5 meta-oe: remove trailing spaces
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-08-22 15:56:29 +02:00
Derek Straka
7707dd5bc8 apache2: update to version 2.4.23
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-07-29 11:00:55 +02:00
Kirill Esipov
33f5a5b43d apache2: fix libtool's path in apxs
libtool-cross recipe install it as ${HOST_SYS}-libtool

Signed-off-by: Kirill Esipov <yesipov@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-05-19 12:02:41 +02:00
Ross Burton
e5c807b77f meta-webserver: use bb.utils.contains() instead of base_contains()
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-04-28 10:38:38 +02:00
Derek Straka
6475f141de apache2: update to 2.4.20
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-04-21 21:33:52 +02:00
Ioan-Adrian Ratiu
b6afa6acd0 apache2: stage apachectl
Some apache module recipes like the newly introduced apache-websocket
also need apachectl at build in the sysroot besides apxs.

Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-03-25 11:26:58 +01:00
Ioan-Adrian Ratiu
d9c2efd779 apache2: add openldap support to PACKAGECONFIG
This config option is disabled by default

Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-02-15 10:15:28 +01:00
fan.xin
c54361fc1e apache2: Upgrade 2.4.16 -> 2.4.18
1. Upgrade apache2 from 2.4.16 to 2.4.18

The changes in 2.4.18 is shown in following URL.
http://ftp.meisei-u.ac.jp/mirror/apache/dist//httpd/CHANGES_2.4.18

2. Delete patch file npn-patch-2.4.7.patch due to this patch file can not be applied to the apache2 2.4.18's source code.

The NPN support was removed with r1676004. NPN is now quite unlikely to find its way into a stable release.
https://bz.apache.org/bugzilla/show_bug.cgi?id=52210

Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-01-04 14:54:00 +01:00
Kai Kang
00264bf4b3 apache2: fix host-user-contaminated warnings
It shows warnings when build apache2 such as:

| WARNING: QA Issue: apache2: /apache2-dev/usr/share/apache2/icons/small/movie.gif
| is owned by uid 1785, which is the same as the user running bitbake.
| This may be due to host contamination [host-user-contaminated]

Set the owner and group to root to fix it.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2015-12-18 12:39:50 +01:00
George McCollister
7e31db5a66 apache2: fix config_vars.mk path contamination
Replace contaminated paths with staging paths so apxs can be successfully used
in other recipes to build modules when host and target arch differ.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2015-11-02 15:00:51 +01:00
Wenzong Fan
ac27acf362 apache2: cleanup buildpaths for target stuffs
Those buildpaths were generated from configure substitutions, they are
required for cross-compiling, but obviously they should be cleaned up
from target stuffs.

Cleanup buildpaths from config_vars.mk and config.nice:

* remove ${STAGING_DIR_HOST} from CC, CFLAGS ...
* set APU_INCLUDEDIR, APU_CONFIG as empty
* remove buildpath from configure line

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2015-10-13 12:28:14 +02:00
Adam Chappell
faf070c45a apache2: wait for server to start/stop/restart
Change start, stop, and restart functions in apache2 init script to return only
after completion (i.e. the server has started/stopped, not just received a kill
signal). Starting and stopping the server in quick sucession results in an error
because the server will attempt to stop before it has had time to start and vice
versa.

Signed-off-by: Adam Chappell <adam.chappell@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2015-08-31 20:09:30 +02:00
Roy Li
fe0833e87e apache: upgrade to 2.4.16
2.4.16 includes fixes for CVE-2015-3185, CVE-2015-0253 and CVE-2015-3183
remove a backport patch 0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2015-08-24 13:54:02 +02:00