Here's a new bunch of patch: 0001-Add-apxs2.1-manual-link-to-apxs.1 quiets lintian a bit 0002-Added-Close-657492-in-changelog just a missing Closes: 0003-Drop-patch-004.patch obsolete patch 0004-Drop-patch-009.patch obsolete patch 0005-Refresh-patches-to-use-DEP-3.-Reactivated-patches.patch
From d0d9f8d903a07c352345aa545c8e38a914c7c6b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Michel=20Vourg=C3=A8re?= <jmv_deb@nirgal.com> Date: Sat, 25 Feb 2012 11:19:18 +0100 Subject: [PATCH 1/5] Add apxs2.1 manual: link to apxs.1 Thanks lintian --- debian/apache2-dev.manpages | 1 + debian/manpages/apxs2.1 | 1 + 2 files changed, 2 insertions(+), 0 deletions(-) create mode 100644 debian/manpages/apxs2.1 diff --git a/debian/apache2-dev.manpages b/debian/apache2-dev.manpages index 6293760..a626a72 100644 --- a/debian/apache2-dev.manpages +++ b/debian/apache2-dev.manpages @@ -1 +1,2 @@ debian/tmp/usr/share/man/man1/apxs.1 +debian/manpages/apxs2.1 diff --git a/debian/manpages/apxs2.1 b/debian/manpages/apxs2.1 new file mode 100644 index 0000000..e41678b --- /dev/null +++ b/debian/manpages/apxs2.1 @@ -0,0 +1 @@ +.so man1/apxs.1 -- 1.7.9
From b437062584eef87f0026df43a4b24b006c3755bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Michel=20Vourg=C3=A8re?= <jmv_deb@nirgal.com> Date: Sat, 25 Feb 2012 13:03:03 +0100 Subject: [PATCH 2/5] Added Close #657492 in changelog --- debian/changelog | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/debian/changelog b/debian/changelog index fd72530..5a0aef2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -109,7 +109,8 @@ apache2 (2.4.1-1) experimental; urgency=low [ Jean-Michel Vourgère ] - * Update bash completion functions to reflect the new site setup. + * Update bash completion functions to reflect the new site setup. (Closes: + #657492) -- Arno Töll <debian@toell.net> Sat, 25 Feb 2012 03:07:24 +0100 -- 1.7.9
From fabf7590137d1b81e1953816c5f429c946723b7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Michel=20Vourg=C3=A8re?= <jmv_deb@nirgal.com> Date: Sat, 25 Feb 2012 13:29:14 +0100 Subject: [PATCH 3/5] Drop patch 004 Source file no longer calls /usr/local/bin/perl --- debian/patches/004_usr_bin_perl_0wnz_j00 | 15 --------------- debian/patches/series | 1 - 2 files changed, 0 insertions(+), 16 deletions(-) delete mode 100755 debian/patches/004_usr_bin_perl_0wnz_j00 diff --git a/debian/patches/004_usr_bin_perl_0wnz_j00 b/debian/patches/004_usr_bin_perl_0wnz_j00 deleted file mode 100755 index ffabf4c..0000000 --- a/debian/patches/004_usr_bin_perl_0wnz_j00 +++ /dev/null @@ -1,15 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 004_usr_bin_perl_0wnz_j00 by Adam Conrad <adconrad@0c3.net> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Call /usr/bin/perl in printenv, not /usr/local/bin/perl - -@DPATCH@ ---- a/docs/cgi-examples/printenv -+++ b/docs/cgi-examples/printenv -@@ -1,4 +1,4 @@ --#!/usr/local/bin/perl -+#!/usr/bin/perl - ## - ## printenv -- demo CGI program which just prints its environment - ## diff --git a/debian/patches/series b/debian/patches/series index e21cd2c..c4ba807 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,4 +1,3 @@ -#004_usr_bin_perl_0wnz_j00 #008_make_include_safe #009_apache2_has_dso 010_fhs_compliance -- 1.7.9
From c83f48cfd3396bc43fa703fb8a2f7875921f0751 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Michel=20Vourg=C3=A8re?= <jmv_deb@nirgal.com> Date: Sat, 25 Feb 2012 14:17:08 +0100 Subject: [PATCH 4/5] Drop patch 009 Upstream is no longer testing DSO is available. So we don't need to remove that test anymore. --- debian/patches/009_apache2_has_dso | 40 ------------------------------------ debian/patches/series | 1 - 2 files changed, 0 insertions(+), 41 deletions(-) delete mode 100755 debian/patches/009_apache2_has_dso diff --git a/debian/patches/009_apache2_has_dso b/debian/patches/009_apache2_has_dso deleted file mode 100755 index 24b2cd3..0000000 --- a/debian/patches/009_apache2_has_dso +++ /dev/null @@ -1,40 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 009_apache2_has_dso by Adam Conrad <adconrad@0c3.net> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Make apxs usable without having apache2 installed. - -@DPATCH@ ---- a/support/apxs.in -+++ b/support/apxs.in -@@ -198,18 +198,19 @@ - ($httpd = $0) =~ s:support/apxs$::; - } - --unless (-x "$httpd") { -- error("$httpd not found or not executable"); -- exit 1; --} -+#commented out for Debian GNU/Linux. We know that apache2 has dso support -+#unless (-x "$httpd") { -+# error("$httpd not found or not executable"); -+# exit 1; -+#} - --unless (grep /mod_so/, `. $envvars && $httpd -l`) { -- error("Sorry, no shared object support for Apache"); -- error("available under your platform. Make sure"); -- error("the Apache module mod_so is compiled into"); -- error("your server binary `$httpd'."); -- exit 1; --} -+#unless (grep /mod_so/, `. $envvars && $httpd -l`) { -+# error("Sorry, no shared object support for Apache"); -+# error("available under your platform. Make sure"); -+# error("the Apache module mod_so is compiled into"); -+# error("your server binary `$httpd'."); -+# exit 1; -+#} - - sub get_config_vars{ - my ($file, $rh_config) = @_; diff --git a/debian/patches/series b/debian/patches/series index c4ba807..5f7b7a3 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,5 +1,4 @@ #008_make_include_safe -#009_apache2_has_dso 010_fhs_compliance #031_apxs2_sucks_more #032_suexec_is_shared -- 1.7.9
From 0f4bc0b38011aaeebf12c2487a8fdd7b6fa018ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Michel=20Vourg=C3=A8re?= <jmv_deb@nirgal.com> Date: Sat, 25 Feb 2012 17:04:32 +0100 Subject: [PATCH 5/5] Refresh patches to use DEP-3. Reactivated patches --- debian/changelog | 8 +++ debian/patches/008_make_include_safe | 49 +++++++-------- debian/patches/010_fhs_compliance | 33 ++++++----- debian/patches/031_apxs2_sucks_more | 39 +++++------- debian/patches/033_dbm_read_hash_or_btree | 17 +++--- debian/patches/034_apxs2_libtool_fixtastic | 20 +++--- debian/patches/038_no_LD_LIBRARY_PATH | 17 +++--- debian/patches/058_suexec-CVE-2007-1742 | 28 ++++---- debian/patches/076_apxs2_a2enmod | 56 ++++++++--------- debian/patches/201_build_suexec-custom | 23 ++++--- debian/patches/202_suexec-custom | 92 +++++++++++++-------------- debian/patches/series | 17 +++--- 12 files changed, 196 insertions(+), 203 deletions(-) mode change 100755 => 100644 debian/patches/008_make_include_safe mode change 100755 => 100644 debian/patches/031_apxs2_sucks_more mode change 100755 => 100644 debian/patches/033_dbm_read_hash_or_btree mode change 100755 => 100644 debian/patches/038_no_LD_LIBRARY_PATH mode change 100755 => 100644 debian/patches/058_suexec-CVE-2007-1742 mode change 100755 => 100644 debian/patches/076_apxs2_a2enmod diff --git a/debian/changelog b/debian/changelog index 5a0aef2..c03af21 100644 --- a/debian/changelog +++ b/debian/changelog @@ -111,6 +111,14 @@ apache2 (2.4.1-1) experimental; urgency=low * Update bash completion functions to reflect the new site setup. (Closes: #657492) + * Migrate patches to DEP-3 format. + * Drop patches: + + 004_usr_bin_perl_0wnz_j00: printenv exemple doesn't refer to + /usr/local/bin/perl anymore + + 008_make_include_safe: Include doesn't support directory anymore. + Include dir/*.conf must be used. + + 009_apache2_has_dso: Upstream is no longer testing DSO is available. So + we don't need to remove that test anymore. -- Arno Töll <debian@toell.net> Sat, 25 Feb 2012 03:07:24 +0100 diff --git a/debian/patches/008_make_include_safe b/debian/patches/008_make_include_safe old mode 100755 new mode 100644 index 7bb040e..736943a --- a/debian/patches/008_make_include_safe +++ b/debian/patches/008_make_include_safe @@ -1,12 +1,12 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 008_make_include_safe by Adam Conrad <adconrad@0c3.net> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Avoid including dpkg droppings in globbed includes. - -@DPATCH@ ---- a/server/config.c -+++ b/server/config.c +Description: Avoid including dpkg droppings in globbed includes. + Include /dir/* will ignore /dir/*.dpkg* files +Forwarded: not-needed +Author: Adam Conrad <adconrad@0c3.net> +Last-Update: 2012-02-25 +Index: apache2/server/config.c +=================================================================== +--- apache2.orig/server/config.c ++++ apache2/server/config.c @@ -34,6 +34,7 @@ #include "apr_portable.h" #include "apr_file_io.h" @@ -15,8 +15,8 @@ #define APR_WANT_STDIO #define APR_WANT_STRFUNC -@@ -1543,6 +1544,30 @@ - return strcmp(f1->fname,f2->fname); +@@ -1787,6 +1788,29 @@ + return NULL; } +static int fname_valid(const char *fname) { @@ -27,8 +27,7 @@ + return 0; + } + ++c; -+ -+ ++ + while (*c) { + if (!apr_isalnum(*c) && *c!='_' && *c!='-' && *c!='.') { + return 0; @@ -46,7 +45,7 @@ static const char *process_resource_config_nofnmatch(server_rec *s, const char *fname, ap_directive_t **conftree, -@@ -1586,7 +1611,8 @@ +@@ -1829,7 +1853,8 @@ while (apr_dir_read(&dirent, APR_FINFO_DIRENT, dirp) == APR_SUCCESS) { /* strip out '.' and '..' */ if (strcmp(dirent.name, ".") @@ -54,15 +53,15 @@ + && strcmp(dirent.name, "..") + && fname_valid(dirent.name)) { fnew = (fnames *) apr_array_push(candidates); - fnew->fname = ap_make_full_path(p, path, dirent.name); - } -@@ -1714,7 +1740,8 @@ - if (strcmp(dirent.name, ".") - && strcmp(dirent.name, "..") - && (apr_fnmatch(pattern, dirent.name, -- APR_FNM_PERIOD) == APR_SUCCESS)) { -+ APR_FNM_PERIOD) == APR_SUCCESS) -+ && fname_valid(dirent.name)) { - fnew = (fnames *) apr_array_push(candidates); - fnew->fname = ap_make_full_path(p, path, dirent.name); + fnew->fname = ap_make_full_path(ptemp, path, dirent.name); } +@@ -1918,7 +1943,8 @@ + if (strcmp(dirent.name, ".") + && strcmp(dirent.name, "..") + && (apr_fnmatch(fname, dirent.name, +- APR_FNM_PERIOD) == APR_SUCCESS)) { ++ APR_FNM_PERIOD) == APR_SUCCESS) ++ && fname_valid(dirent.name)) { + const char *full_path = ap_make_full_path(ptemp, path, dirent.name); + /* If matching internal to path, and we happen to match something + * other than a directory, skip it diff --git a/debian/patches/010_fhs_compliance b/debian/patches/010_fhs_compliance index 361e8f7..46f0934 100644 --- a/debian/patches/010_fhs_compliance +++ b/debian/patches/010_fhs_compliance @@ -1,13 +1,12 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 010_more_fhs_compliance by Adam Conrad <adconrad@0c3.net> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Fix up FHS file locations for apache2 droppings. - -@DPATCH@ ---- a/configure -+++ b/configure -@@ -31402,17 +31402,17 @@ +Description: Fix up FHS file locations for apache2 droppings. +Forwarded: not-needed +Author: Adam Conrad <adconrad@0c3.net> +Last-Update: 2012-02-25 +Index: apache2/configure +=================================================================== +--- apache2.orig/configure ++++ apache2/configure +@@ -31752,17 +31752,17 @@ cat >>confdefs.h <<_ACEOF @@ -28,9 +27,11 @@ _ACEOF ---- a/configure.in -+++ b/configure.in -@@ -770,11 +770,11 @@ +Index: apache2/configure.in +=================================================================== +--- apache2.orig/configure.in ++++ apache2/configure.in +@@ -780,11 +780,11 @@ echo $MODLIST | $AWK -f $srcdir/build/build-modules-c.awk > modules.c APR_EXPAND_VAR(ap_prefix, $prefix) @@ -45,8 +46,10 @@ [Location of the MIME types config file, relative to the Apache root directory]) perlbin=`$ac_aux_dir/PrintPath perl` ---- a/include/ap_config_layout.h.in -+++ b/include/ap_config_layout.h.in +Index: apache2/include/ap_config_layout.h.in +=================================================================== +--- apache2.orig/include/ap_config_layout.h.in ++++ apache2/include/ap_config_layout.h.in @@ -60,5 +60,6 @@ #define DEFAULT_REL_LOGFILEDIR "@rel_logfiledir@" #define DEFAULT_EXP_PROXYCACHEDIR "@exp_proxycachedir@" diff --git a/debian/patches/031_apxs2_sucks_more b/debian/patches/031_apxs2_sucks_more old mode 100755 new mode 100644 index 7d6f68e..1d334c6 --- a/debian/patches/031_apxs2_sucks_more +++ b/debian/patches/031_apxs2_sucks_more @@ -1,22 +1,13 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 031_apxs2_sucks_more by Adam Conrad <adconrad@0c3.net> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Make apxs2 use httpd.conf, instead of apache2.conf, plus other random fixes. - -@DPATCH@ ---- a/support/apxs.in -+++ b/support/apxs.in -@@ -189,7 +189,7 @@ - my $httpd = get_vars("sbindir") . "/" . get_vars("progname"); - $httpd = eval qq("$httpd"); - $httpd = eval qq("$httpd"); --my $envvars = get_vars("sbindir") . "/envvars"; -+my $envvars = "$CFG_SYSCONFDIR" . "/envvars"; - $envvars = eval qq("$envvars"); - $envvars = eval qq("$envvars"); - -@@ -292,6 +292,7 @@ +Description: Make apxs2 use httpd.conf, instead of apache2.conf, plus other + random fixes. +Forwarded: no +Author: Adam Conrad <adconrad@0c3.net> +Last-Update: 2012-02-25 +Index: apache2/support/apxs.in +=================================================================== +--- apache2.orig/support/apxs.in ++++ apache2/support/apxs.in +@@ -274,6 +274,7 @@ $data =~ s|%TARGET%|$CFG_TARGET|sg; $data =~ s|%PREFIX%|$prefix|sg; $data =~ s|%INSTALLBUILDDIR%|$installbuilddir|sg; @@ -24,7 +15,7 @@ my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s); -@@ -480,7 +481,7 @@ +@@ -500,7 +501,7 @@ if ($opt_i) { push(@cmds, "$installbuilddir/instdso.sh SH_LIBTOOL='" . "$libtool' $f $CFG_LIBEXECDIR"); @@ -33,7 +24,7 @@ } # determine module symbolname and filename -@@ -516,7 +517,8 @@ +@@ -536,7 +537,8 @@ $filename = "mod_${name}.c"; } my $dir = $CFG_LIBEXECDIR; @@ -43,7 +34,7 @@ $dir =~ s|(.)$|$1/|; $t =~ s|\.la$|.so|; push(@lmd, sprintf("LoadModule %-18s %s", "${name}_module", "$dir$t")); -@@ -527,17 +529,17 @@ +@@ -547,17 +549,17 @@ # activate module via LoadModule/AddModule directive if ($opt_a or $opt_A) { @@ -65,7 +56,7 @@ error("At least one `LoadModule' directive already has to exist."); exit(1); } -@@ -616,15 +618,15 @@ +@@ -636,15 +638,15 @@ $content =~ s|^(.*\n)#?\s*$lmd_re[^\n]*\n|$1$c$lmd\n|s; } $lmd =~ m|LoadModule\s+(.+?)_module.*|; @@ -86,7 +77,7 @@ } else { notice("unable to open configuration file"); } -@@ -648,8 +650,8 @@ +@@ -668,8 +670,8 @@ ## builddir=. diff --git a/debian/patches/033_dbm_read_hash_or_btree b/debian/patches/033_dbm_read_hash_or_btree old mode 100755 new mode 100644 index 4638322..6fbb54a --- a/debian/patches/033_dbm_read_hash_or_btree +++ b/debian/patches/033_dbm_read_hash_or_btree @@ -1,12 +1,11 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 033_dbm_read_hash_or_btree by Adam Conrad <adconrad@0c3.net> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Be more liberal in the sorts of DBM files we accept. - -@DPATCH@ ---- a/support/dbmmanage.in -+++ b/support/dbmmanage.in +Description: Be more liberal in the sorts of DBM files we accept. +Forwarded: no +Author: Adam Conrad <adconrad@0c3.net> +Last-Update: 2012-02-25 +Index: apache2/support/dbmmanage.in +=================================================================== +--- apache2.orig/support/dbmmanage.in ++++ apache2/support/dbmmanage.in @@ -25,7 +25,7 @@ BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File SDBM_File) } use strict; diff --git a/debian/patches/034_apxs2_libtool_fixtastic b/debian/patches/034_apxs2_libtool_fixtastic index 605b015..e103d97 100644 --- a/debian/patches/034_apxs2_libtool_fixtastic +++ b/debian/patches/034_apxs2_libtool_fixtastic @@ -1,12 +1,12 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 034_apxs2_libtool_fixtastic by Peter Samuelson <peter@p12n.org> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Make libtool happier - ---- a/support/apxs.in -+++ b/support/apxs.in -@@ -410,7 +410,7 @@ +Description: Make libtool happier +Forwarded: no +Author: Peter Samuelson <peter@p12n.org> +Last-Update: 2012-02-25 +Index: apache2/support/apxs.in +=================================================================== +--- apache2.orig/support/apxs.in ++++ apache2/support/apxs.in +@@ -427,7 +427,7 @@ $la =~ s|\.c$|.la|; my $o = $s; $o =~ s|\.c$|.o|; @@ -15,7 +15,7 @@ unshift(@objs, $lo); } -@@ -447,7 +447,7 @@ +@@ -467,7 +467,7 @@ $opt .= " -rpath $CFG_LIBEXECDIR -module -avoid-version $apr_ldflags"; } diff --git a/debian/patches/038_no_LD_LIBRARY_PATH b/debian/patches/038_no_LD_LIBRARY_PATH old mode 100755 new mode 100644 index c43c133..9a0f95f --- a/debian/patches/038_no_LD_LIBRARY_PATH +++ b/debian/patches/038_no_LD_LIBRARY_PATH @@ -1,12 +1,11 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 038_no_LD_LIBRARY_PATH by Adam Conrad <adconrad@0c3.net> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Remove LD_LIBRARY_PATH from envvars-std - -@DPATCH@ ---- a/support/envvars-std.in -+++ b/support/envvars-std.in +Description: Remove LD_LIBRARY_PATH from envvars-std +Forwarded: no +Author: Adam Conrad <adconrad@0c3.net> +Last-Update: 2012-02-25 +Index: apache2/support/envvars-std.in +=================================================================== +--- apache2.orig/support/envvars-std.in ++++ apache2/support/envvars-std.in @@ -18,7 +18,4 @@ # # This file is generated from envvars-std.in diff --git a/debian/patches/058_suexec-CVE-2007-1742 b/debian/patches/058_suexec-CVE-2007-1742 old mode 100755 new mode 100644 index ef660c6..c17d3c7 --- a/debian/patches/058_suexec-CVE-2007-1742 +++ b/debian/patches/058_suexec-CVE-2007-1742 @@ -1,13 +1,13 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Fix race condition with chdir -## DP: Fix /var/www* being accepted as docroot instead of /var/www/* -## DP: (the same for public_html* instead of public_html/* ) - -@DPATCH@ ---- a/support/suexec.c -+++ b/support/suexec.c +Description: Fix race condition with chdir + Fix /var/www* being accepted as docroot instead of /var/www/* + (the same for public_html* instead of public_html/* ) +Author: Stefan Fritsch <sf@debian.org> +Last-Update: 2012-02-25 +Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=44752 +Index: apache2/support/suexec.c +=================================================================== +--- apache2.orig/support/suexec.c ++++ apache2/support/suexec.c @@ -42,6 +42,7 @@ #if APR_HAVE_UNISTD_H #include <unistd.h> @@ -16,7 +16,7 @@ #include <stdio.h> #include <stdarg.h> -@@ -264,6 +265,7 @@ +@@ -251,6 +252,7 @@ struct group *gr; /* group entry holder */ struct stat dir_info; /* directory info holder */ struct stat prg_info; /* program info holder */ @@ -24,13 +24,13 @@ /* * Start with a "clean" environment -@@ -499,11 +501,16 @@ +@@ -485,11 +487,16 @@ exit(111); } + if ( (cwdh = open(".", O_RDONLY)) == -1 ) { + log_err("cannot open current working directory\n"); -+ exit(111); ++ exit(111); + } + if (userdir) { @@ -42,7 +42,7 @@ log_err("cannot get docroot information (%s)\n", target_homedir); exit(112); } -@@ -511,12 +518,18 @@ +@@ -497,12 +504,18 @@ else { if (((chdir(AP_DOC_ROOT)) != 0) || ((getcwd(dwd, AP_MAXPATH)) == NULL) || diff --git a/debian/patches/076_apxs2_a2enmod b/debian/patches/076_apxs2_a2enmod old mode 100755 new mode 100644 index 2268f28..0ecddd4 --- a/debian/patches/076_apxs2_a2enmod +++ b/debian/patches/076_apxs2_a2enmod @@ -1,13 +1,12 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 076_apxs2_a2enmo.dpatch by Stefan Fritsch <sf@debian.org> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Make apxs2 use a2enmod and /etc/apache2/mods-available - -@DPATCH@ ---- a/support/apxs.in -+++ b/support/apxs.in -@@ -521,7 +521,7 @@ +Description: Make apxs2 use a2enmod and /etc/apache2/mods-available +Forwarded: not-needed +Author: Stefan Fritsch <sf@debian.org> +Last-Update: 2012-02-25 +Index: apache2/support/apxs.in +=================================================================== +--- apache2.orig/support/apxs.in ++++ apache2/support/apxs.in +@@ -541,7 +541,7 @@ # $dir =~ s|^$CFG_PREFIX/?||; $dir =~ s|(.)$|$1/|; $t =~ s|\.la$|.so|; @@ -16,7 +15,7 @@ } # execute the commands -@@ -529,108 +529,35 @@ +@@ -549,108 +549,35 @@ # activate module via LoadModule/AddModule directive if ($opt_a or $opt_A) { @@ -65,7 +64,15 @@ - error('Configuration file is not valid. There are sections' - . ' closed before opened.'); - exit(1); -- } ++ my $entry; ++ foreach $entry (@lmd) { ++ my ($name, $lmd) = @{$entry}; ++ my $filename = "$CFG_SYSCONFDIR/mods-available/$name.load"; ++ if (-f $filename) { ++ my $cmd = "mv $filename $filename.bak~"; ++ if (system($cmd) != 0) { ++ die "'$cmd' failed\n"; + } - else { - # put our cmd after the section containing the last - # LoadModule. @@ -105,21 +112,7 @@ - . 'sections opened and not closed.'); - exit(1); - } -+ my $entry; -+ foreach $entry (@lmd) { -+ my ($name, $lmd) = @{$entry}; -+ my $filename = "$CFG_SYSCONFDIR/mods-available/$name.load"; -+ if (-f $filename) { -+ my $cmd = "mv $filename $filename.bak~"; -+ if (system($cmd) != 0) { -+ die "'$cmd' failed\n"; - } -- } else { -- # replace already existing LoadModule line -- $content =~ s|^(.*\n)#?\s*$lmd_re[^\n]*\n|$1$c$lmd\n|s; - } -- $lmd =~ m|LoadModule\s+(.+?)_module.*|; -- notice("[$what module `$1' in $CFG_SYSCONFDIR/httpd.conf]"); ++ } + + notice("[preparing module `$name' in $filename]"); + open(FP, ">$filename") || die; @@ -130,8 +123,13 @@ + my $cmd = "a2enmod $name"; + if (system($cmd) != 0) { + die "'$cmd' failed\n"; -+ } -+ } + } +- } else { +- # replace already existing LoadModule line +- $content =~ s|^(.*\n)#?\s*$lmd_re[^\n]*\n|$1$c$lmd\n|s; + } +- $lmd =~ m|LoadModule\s+(.+?)_module.*|; +- notice("[$what module `$1' in $CFG_SYSCONFDIR/httpd.conf]"); + } - if (@lmd) { diff --git a/debian/patches/201_build_suexec-custom b/debian/patches/201_build_suexec-custom index 1c94adb..351fe23 100644 --- a/debian/patches/201_build_suexec-custom +++ b/debian/patches/201_build_suexec-custom @@ -1,12 +1,11 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 201_make_suexec-custom.dpatch by Stefan Fritsch <sf@debian.org> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: add suexec-custom to the build system - -@DPATCH@ ---- a/Makefile.in -+++ b/Makefile.in +Description: add suexec-custom to the build system +Forwarded: not-needed +Author: Stefan Fritsch <sf@debian.org> +Last-Update: 2012-02-25 +Index: apache2/Makefile.in +=================================================================== +--- apache2.orig/Makefile.in ++++ apache2/Makefile.in @@ -237,14 +237,16 @@ fi @@ -28,8 +27,10 @@ x-local-distclean: @rm -rf autom4te.cache ---- a/support/Makefile.in -+++ b/support/Makefile.in +Index: apache2/support/Makefile.in +=================================================================== +--- apache2.orig/support/Makefile.in ++++ apache2/support/Makefile.in @@ -1,7 +1,7 @@ DISTCLEAN_TARGETS = apxs apachectl dbmmanage log_server_status \ logresolve.pl phf_abuse_log.cgi split-logfile envvars-std diff --git a/debian/patches/202_suexec-custom b/debian/patches/202_suexec-custom index 98916b8..154b0a7 100644 --- a/debian/patches/202_suexec-custom +++ b/debian/patches/202_suexec-custom @@ -1,12 +1,11 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 202_suexec-custom.dpatch by Stefan Fritsch <sf@debian.org> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: the actual patch to make suexec-custom read a config file - -@DPATCH@ ---- a/support/suexec-custom.c -+++ b/support/suexec-custom.c +Description: the actual patch to make suexec-custom read a config file +Forwarded: not-needed +Author: Stefan Fritsch <sf@debian.org> +Last-Update: 2012-02-25 +Index: apache2/support/suexec-custom.c +=================================================================== +--- apache2.orig/support/suexec-custom.c ++++ apache2/support/suexec-custom.c @@ -29,6 +29,7 @@ * * @@ -23,7 +22,7 @@ #if APR_HAVE_UNISTD_H #include <unistd.h> #endif -@@ -190,6 +192,26 @@ +@@ -191,6 +193,26 @@ return; } @@ -50,25 +49,26 @@ static void clean_env(void) { char pathbuf[512]; -@@ -251,6 +273,10 @@ - struct group *gr; /* group entry holder */ +@@ -253,6 +275,11 @@ struct stat dir_info; /* directory info holder */ struct stat prg_info; /* program info holder */ + int cwdh; /* handle to cwd */ + char *suexec_docroot = NULL; + char *suexec_userdir_suffix = NULL; + char *filename = NULL; + FILE *configfile; ++ /* * Start with a "clean" environment -@@ -280,15 +306,10 @@ +@@ -282,15 +309,10 @@ || (! strcmp(AP_HTTPD_USER, pw->pw_name))) #endif /* _OSD_POSIX */ ) { -#ifdef AP_DOC_ROOT - fprintf(stderr, " -D AP_DOC_ROOT=\"%s\"\n", AP_DOC_ROOT); -#endif -+ fprintf(stderr, " -D SUEXEC_CONFIG_DIR=%s\n", SUEXEC_CONFIG_DIR); ++ fprintf(stderr, " -D SUEXEC_CONFIG_DIR=%s\n", SUEXEC_CONFIG_DIR); #ifdef AP_GID_MIN fprintf(stderr, " -D AP_GID_MIN=%d\n", AP_GID_MIN); #endif @@ -78,7 +78,7 @@ #ifdef AP_LOG_EXEC fprintf(stderr, " -D AP_LOG_EXEC=\"%s\"\n", AP_LOG_EXEC); #endif -@@ -301,9 +322,6 @@ +@@ -303,9 +325,6 @@ #ifdef AP_UID_MIN fprintf(stderr, " -D AP_UID_MIN=%d\n", AP_UID_MIN); #endif @@ -88,7 +88,7 @@ exit(0); } /* -@@ -318,23 +336,6 @@ +@@ -320,23 +339,6 @@ target_gname = argv[2]; cmd = argv[3]; @@ -112,7 +112,7 @@ /* * Check for a leading '/' (absolute path) in the command to be executed, -@@ -359,6 +360,63 @@ +@@ -361,6 +363,63 @@ } /* @@ -126,7 +126,7 @@ + suexec_userdir_suffix = malloc(AP_MAXPATH+1); + if (!filename || !suexec_docroot || !suexec_userdir_suffix) { + log_err("malloc failed\n"); -+ exit(120); ++ exit(120); + } + + strncpy(filename, SUEXEC_CONFIG_DIR, AP_MAXPATH); @@ -135,66 +135,62 @@ + + configfile = fopen(filename, "r"); + if (!configfile) { -+ log_err("User %s not allowed: Could not open config file %s\n", pw->pw_name, filename); -+ exit(123); ++ log_err("User %s not allowed: Could not open config file %s\n", pw->pw_name, filename); ++ exit(123); + } + + if (!read_line(suexec_docroot, configfile)) { -+ log_err("Could not read docroot from %s\n", filename); -+ exit(124); ++ log_err("Could not read docroot from %s\n", filename); ++ exit(124); + } + + if (!read_line(suexec_userdir_suffix, configfile)) { -+ log_err("Could not read userdir suffix from %s\n", filename); -+ exit(125); ++ log_err("Could not read userdir suffix from %s\n", filename); ++ exit(125); + } + + fclose(configfile); + + if (userdir) { + if ( !isalnum(*suexec_userdir_suffix) && suexec_userdir_suffix[0] != '.') { -+ log_err("userdir suffix disabled in %s\n", filename); -+ exit(126); -+ } ++ log_err("userdir suffix disabled in %s\n", filename); ++ exit(126); ++ } + } + else { -+ if (suexec_docroot[0] != '/') { -+ log_err("docroot disabled in %s\n", filename); -+ exit(127); -+ } ++ if (suexec_docroot[0] != '/') { ++ log_err("docroot disabled in %s\n", filename); ++ exit(127); ++ } + -+ if (suexec_docroot[1] == '/' || -+ suexec_docroot[1] == '.' || -+ suexec_docroot[1] == '\0' ) -+ { -+ log_err("invalid docroot %s in %s\n", suexec_docroot, filename); -+ exit(128); -+ } ++ if (suexec_docroot[1] == '/' || ++ suexec_docroot[1] == '.' || ++ suexec_docroot[1] == '\0' ) ++ { ++ log_err("invalid docroot %s in %s\n", suexec_docroot, filename); ++ exit(128); ++ } + } -+ ++ + /* * Error out if the target username is invalid. */ if (strspn(target_uname, "1234567890") != strlen(target_uname)) { -@@ -487,7 +545,7 @@ +@@ -494,7 +553,7 @@ if (userdir) { if (((chdir(target_homedir)) != 0) || - ((chdir(AP_USERDIR_SUFFIX)) != 0) || + ((chdir(suexec_userdir_suffix)) != 0) || ((getcwd(dwd, AP_MAXPATH)) == NULL) || - ((chdir(cwd)) != 0)) { + ((fchdir(cwdh)) != 0)) { log_err("cannot get docroot information (%s)\n", target_homedir); -@@ -495,10 +553,10 @@ +@@ -502,7 +561,7 @@ } } else { - if (((chdir(AP_DOC_ROOT)) != 0) || + if (((chdir(suexec_docroot)) != 0) || ((getcwd(dwd, AP_MAXPATH)) == NULL) || - ((chdir(cwd)) != 0)) { -- log_err("cannot get docroot information (%s)\n", AP_DOC_ROOT); -+ log_err("cannot get docroot information (%s)\n", suexec_docroot); - exit(113); - } - } + ((fchdir(cwdh)) != 0)) { + log_err("cannot get docroot information (%s)\n", AP_DOC_ROOT); diff --git a/debian/patches/series b/debian/patches/series index 5f7b7a3..e76ac37 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,13 +1,12 @@ -#008_make_include_safe +#008_make_include_safe # Probably to be droped in 2.4 010_fhs_compliance -#031_apxs2_sucks_more -#032_suexec_is_shared -#033_dbm_read_hash_or_btree -#034_apxs2_libtool_fixtastic -#038_no_LD_LIBRARY_PATH -#058_suexec-CVE-2007-1742 -#076_apxs2_a2enmod -#099_config_guess_sub_update +031_apxs2_sucks_more +#032_suexec_is_shared # Probably not needed in 2.4 +033_dbm_read_hash_or_btree +034_apxs2_libtool_fixtastic +038_no_LD_LIBRARY_PATH +058_suexec-CVE-2007-1742 +076_apxs2_a2enmod 201_build_suexec-custom # The patch below must not be applied by quilt at extraction time. It depends # on some script-fu to be executed before. Have a look -- 1.7.9
Attachment:
signature.asc
Description: This is a digitally signed message part.