keks-overlay.git

@@ -0,0 +1,17 @@

+AUX apache-noip.diff 417 RMD160 8e16f7ff130cea52449a25aafbbdeb78919d9eae SHA1 7c19a0236e4eff23bee6e69ee6708a24529a974c SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc

+MD5 a3ccaa61507918e64dc5fd378e14a5e7 files/apache-noip.diff 417

+RMD160 8e16f7ff130cea52449a25aafbbdeb78919d9eae files/apache-noip.diff 417

+SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc files/apache-noip.diff 417

+AUX httpd-2.2.x-sni.patch 6814 RMD160 6b0d89967041e1e8440559e35d369bd5e6be7d78 SHA1 c9ae8da2b43b2c9101bb2dda5f49f7f322b5f264 SHA256 b7db9f582891e138cec18b5a79c91b9e108fa34f92d63f2c6f31b64282d219d6

+MD5 2c3073c4fd1543a40064dcbd192ef8ce files/httpd-2.2.x-sni.patch 6814

+RMD160 6b0d89967041e1e8440559e35d369bd5e6be7d78 files/httpd-2.2.x-sni.patch 6814

+SHA256 b7db9f582891e138cec18b5a79c91b9e108fa34f92d63f2c6f31b64282d219d6 files/httpd-2.2.x-sni.patch 6814

+DIST gentoo-apache-2.2.6-20070907.tar.bz2 58121 RMD160 d0e5f55a8985f97fcdf646e04d92f6519f968104 SHA1 f9fd830bfb8e6c6e3cbac9d8342cc981032d20c5 SHA256 56f809f93fdcba204e6be271f195095d8ad033aa61447dab607af91d95cde8e6

+DIST httpd-2.2.6.tar.bz2 4717066 RMD160 5ae895c6898213e1e3b7e7b02cdfcbe5b36a108f SHA1 e6ef926ecd1f9a412af8c266239f0a6f58c63854 SHA256 f27cd9df50a2acd9df8f37520f62f6ce51758689d425ead5883e75ff5ed6548c

+EBUILD apache-2.2.6.ebuild 15453 RMD160 e91b37aa8c558d3ae0c3ca46a6e0523576ecdfed SHA1 6cff894f8e0279cd0be5085c19cf5d86ea581325 SHA256 c6b19e9f316371469c892cd6b29f09d510429337fabff6101487ebbadc6633a8

+MD5 27eb2562520dc87271850accd3afe649 apache-2.2.6.ebuild 15453

+RMD160 e91b37aa8c558d3ae0c3ca46a6e0523576ecdfed apache-2.2.6.ebuild 15453

+SHA256 c6b19e9f316371469c892cd6b29f09d510429337fabff6101487ebbadc6633a8 apache-2.2.6.ebuild 15453

+MD5 bf89379d611a34d10b6e0a55eee69f9b files/digest-apache-2.2.6 527

+RMD160 77f2fce54301244724ec61c4a3e0b96dc7106b33 files/digest-apache-2.2.6 527

+SHA256 69de15f758686c7f7977e0b75dd988e247162fb97fb394be4efe40997a53e308 files/digest-apache-2.2.6 527

@@ -0,0 +1,483 @@

+# Copyright 1999-2007 Gentoo Foundation

+# Distributed under the terms of the GNU General Public License v2

+# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.6.ebuild,v 1.11 2007/09/25 14:31:47 armin76 Exp $

+

+inherit eutils flag-o-matic multilib autotools

+

+# latest gentoo apache files

+GENTOO_PATCHNAME="gentoo-${PF}"

+GENTOO_PATCHSTAMP="20070907"

+GENTOO_DEVSPACE="hollow"

+GENTOO_PATCHDIR="${WORKDIR}/${GENTOO_PATCHNAME}"

+

+DESCRIPTION="The Apache Web Server."

+HOMEPAGE="http://httpd.apache.org/"

+SRC_URI="mirror://apache/httpd/httpd-${PV}.tar.bz2

+		http://dev.gentoo.org/~${GENTOO_DEVSPACE}/dist/apache/${GENTOO_PATCHNAME}-${GENTOO_PATCHSTAMP}.tar.bz2"

+

+# some helper scripts are apache-1.1, thus both are here

+LICENSE="Apache-2.0 Apache-1.1"

+SLOT="2"

+KEYWORDS="alpha amd64 ~arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd"

+IUSE="debug doc ldap mpm-event mpm-itk mpm-peruser mpm-prefork mpm-worker no-suexec selinux ssl static-modules threads"

+

+DEPEND="dev-lang/perl

+	=dev-libs/apr-1*

+	=dev-libs/apr-util-1*

+	dev-libs/expat

+	dev-libs/libpcre

+	sys-libs/zlib

+	ldap? ( =net-nds/openldap-2* )

+	selinux? ( sec-policy/selinux-apache )

+	ssl? ( dev-libs/openssl )

+	!=www-servers/apache-1*

+	!=app-admin/apache-tools-2.2.4-r2"

+

+RDEPEND="${DEPEND}

+	app-misc/mime-types"

+

+PDEPEND="~app-admin/apache-tools-${PV}"

+

+S="${WORKDIR}/httpd-${PV}"

+

+pkg_setup() {

+	if use ldap && ! built_with_use 'dev-libs/apr-util' ldap ; then

+		eerror "dev-libs/apr-util is missing LDAP support. For apache to have"

+		eerror "ldap support, apr-util must be built with the ldap USE-flag"

+		eerror "enabled."

+		die "ldap USE-flag enabled while not supported in apr-util"

+	fi

+

+	# Select the default MPM module

+	MPM_LIST="event itk peruser prefork worker"

+	for x in ${MPM_LIST} ; do

+		if use mpm-${x} ; then

+			if [[ "x${mpm}" == "x" ]] ; then

+				mpm=${x}

+				elog

+				elog "Selected MPM: ${mpm}"

+				elog

+			else

+				eerror "You have selected more then one mpm USE-flag."

+				eerror "Only one MPM is supported."

+				die "more then one mpm was specified"

+			fi

+		fi

+	done

+

+	if [[ "x${mpm}" == "x" ]] ; then

+		if use threads ; then

+			mpm=worker

+			elog

+			elog "Selected default threaded MPM: ${mpm}";

+			elog

+		else

+			mpm=prefork

+			elog

+			elog "Selected default MPM: ${mpm}";

+			elog

+		fi

+	fi

+

+	# setup apache user and group

+	enewgroup apache 81

+	enewuser apache 81 -1 /var/www apache

+

+	if ! use no-suexec ; then

+		elog

+		elog "You can manipulate several configure options of suexec"

+		elog "through the following environment variables:"

+		elog

+		elog " SUEXEC_SAFEPATH: Default PATH for suexec (default: /usr/local/bin:/usr/bin:/bin)"

+		elog "  SUEXEC_LOGFILE: Path to the suexec logfile (default: /var/log/apache2/suexec_log)"

+		elog "   SUEXEC_CALLER: Name of the user Apache is running as (default: apache)"

+		elog "  SUEXEC_DOCROOT: Directory in which suexec will run scripts (default: /var/www)"

+		elog "   SUEXEC_MINUID: Minimum UID, which is allowed to run scripts via suexec (default: 1000)"

+		elog "   SUEXEC_MINGID: Minimum GID, which is allowed to run scripts via suexec (default: 100)"

+		elog "  SUEXEC_USERDIR: User subdirectories (like /home/user/html) (default: public_html)"

+		elog "    SUEXEC_UMASK: Umask for the suexec process (default: 077)"

+		elog

+	fi

+}

+

+src_unpack() {

+	unpack ${A}

+	cd "${S}"

+	epatch "${FILESDIR}/apache-noip.diff"

+	epatch "${FILESDIR}/httpd-2.2.x-sni.patch"

+

+	# Use correct multilib libdir in gentoo patches

+	sed -i -e "s:/usr/lib:/usr/$(get_libdir):g" \

+		"${GENTOO_PATCHDIR}"/{conf/httpd.conf,init/*,patches/config.layout} \

+		|| die "libdir sed failed"

+

+	#### Patch Organization

+	# 00-19 Gentoo specific  (00_all_some-title.patch)

+	# 20-39 Additional MPMs  (20_all_${MPM}_some-title.patch)

+	# 40-59 USE-flag based   (40_all_${USE}_some-title.patch)

+	# 60-79 Version specific (60_all_${PV}_some-title.patch)

+	# 80-99 Security patches (80_all_${PV}_cve-####-####.patch)

+

+	epatch "${GENTOO_PATCHDIR}"/patches/*.patch

+

+	# setup the filesystem layout config

+	cat "${GENTOO_PATCHDIR}"/patches/config.layout >> "${S}"/config.layout || \

+		die "Failed preparing config.layout!"

+	sed -i -e "s:version:${PF}:g" "${S}"/config.layout

+

+	# patched-in MPMs need the build environment rebuilt

+	sed -i -e '/sinclude/d' configure.in

+	AT_GNUCONF_UPDATE=yes AT_M4DIR=build eautoreconf

+}

+

+src_compile() {

+	local modtype="shared" myconf=""

+	cd "${S}"

+

+	# Instead of filtering --as-needed (bug #128505), append --no-as-needed

+	# Thanks to Harald van Dijk

+	append-ldflags -Wl,--no-as-needed

+

+	# peruser MPM debugging with -X is nearly impossible

+	use mpm-peruser && use debug && append-flags -DMPM_PERUSER_DEBUG

+

+	use static-modules && modtype="static"

+	select_modules_config || die "determining modules failed"

+

+	if use ldap ; then

+		mods="${mods} ldap authnz_ldap"

+		myconf="${myconf} --enable-authnz-ldap=${modtype} --enable-ldap=${modtype}"

+	fi

+

+	if use threads || use mpm-worker || use mpm-event; then

+		mods="${mods} cgid"

+		myconf="${myconf} --enable-cgid=${modtype}"

+	else

+		mods="${mods} cgi"

+		myconf="${myconf} --enable-cgi=${modtype}"

+	fi

+

+	if use ssl; then

+		mods="${mods} ssl"

+		myconf="${myconf} --with-ssl=/usr --enable-ssl=${modtype}"

+	fi

+

+	# Only build suexec with USE=-no-suexec

+	if use no-suexec ; then

+		myconf="${myconf} --disable-suexec"

+	else

+		myconf="${myconf} --with-suexec-safepath=${SUEXEC_SAFEPATH:-/usr/local/bin:/usr/bin:/bin}"

+		myconf="${myconf} --with-suexec-logfile=${SUEXEC_LOGFILE:-/var/log/apache2/suexec_log}"

+		myconf="${myconf} --with-suexec-bin=/usr/sbin/suexec"

+		myconf="${myconf} --with-suexec-userdir=${SUEXEC_USERDIR:-public_html}"

+		myconf="${myconf} --with-suexec-caller=${SUEXEC_CALLER:-apache}"

+		myconf="${myconf} --with-suexec-docroot=${SUEXEC_DOCROOT:-/var/www}"

+		myconf="${myconf} --with-suexec-uidmin=${SUEXEC_MINUID:-1000}"

+		myconf="${myconf} --with-suexec-gidmin=${SUEXEC_MINGID:-100}"

+		myconf="${myconf} --with-suexec-umask=${SUEXEC_UMASK:-077}"

+		myconf="${myconf} --enable-suexec=${modtype}"

+		mods="${mods} suexec"

+	fi

+

+	# econf overwrites the stuff from config.layout, so we have to put them into

+	# our myconf line too

+

+	econf \

+		--includedir=/usr/include/apache2 \

+		--libexecdir=/usr/$(get_libdir)/apache2/modules \

+		--datadir=/var/www/localhost \

+		--sysconfdir=/etc/apache2 \

+		--localstatedir=/var \

+		--with-mpm=${mpm} \

+		--with-perl=/usr/bin/perl \

+		--with-expat=/usr \

+		--with-z=/usr \

+		--with-apr=/usr \

+		--with-apr-util=/usr \

+		--with-pcre=/usr \

+		--with-port=80 \

+		--with-program-name=apache2 \

+		--enable-layout=Gentoo \

+		$(use_enable debug maintainer-mode) \

+		$(use_enable debug exception-hook) \

+		${myconf} ${MY_BUILTINS} || die "econf failed!"

+

+	sed -i -e 's:apache2\.conf:httpd.conf:' include/ap_config_auto.h

+

+	emake || die "emake failed"

+}

+

+src_install () {

+	emake DESTDIR="${D}" install || die "emake install failed"

+

+	# This is a mapping of module names to the -D options in APACHE2_OPTS

+	# Used for creating optional LoadModule lines

+	mod_defines="

+		authnz_ldap:AUTH_LDAP

+		cache:CACHE

+		dav:DAV

+		dav_fs:DAV

+		dav_lock:DAV

+		disk_cache:CACHE

+		file_cache:CACHE

+		info:INFO

+		ldap:LDAP

+		mem_cache:CACHE

+		proxy:PROXY

+		proxy_ajp:PROXY

+		proxy_balancer:PROXY

+		proxy_connect:PROXY

+		proxy_http:PROXY

+		ssl:SSL

+		status:INFO

+		suexec:SUEXEC

+		userdir:USERDIR

+	"

+

+	# create our LoadModule lines

+	if ! use static-modules ; then

+		load_module=""

+		moddir="${D}/usr/$(get_libdir)/apache2/modules"

+		for m in $(echo ${mods}|tr ' ' '\n'|sort -u) ; do

+			endid="no"

+

+			if [[ -e "${moddir}/mod_${m}.so" ]] ; then

+				for def in ${mod_defines} ; do

+					if [[ "${m}" == "${def%:*}" ]] ; then

+						load_module="${load_module}\n<IfDefine ${def#*:}>"

+						endid="yes"

+					fi

+				done

+				load_module="${load_module}\nLoadModule ${m}_module modules/mod_${m}.so"

+				if [[ "${endid}" == "yes" ]] ; then

+					load_module="${load_module}\n</IfDefine>"

+				fi

+			fi

+		done

+	fi

+	sed -i -e "s:%%LOAD_MODULE%%:${load_module}:" \

+		"${GENTOO_PATCHDIR}"/conf/httpd.conf || die "sed failed"

+

+	# Install our configuration files

+	insinto /etc/apache2

+	doins docs/conf/magic

+	doins -r "${GENTOO_PATCHDIR}"/conf/*

+	insinto /etc/logrotate.d

+	newins "${GENTOO_PATCHDIR}"/scripts/apache2-logrotate apache2

+

+	# generate a sane default APACHE2_OPTS

+	APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE"

+	use doc && APACHE2_OPTS="${APACHE2_OPTS} -D MANUAL"

+	use ssl && APACHE2_OPTS="${APACHE2_OPTS} -D SSL -D SSL_DEFAULT_VHOST"

+	use no-suexec || APACHE2_OPTS="${APACHE2_OPTS} -D SUEXEC"

+

+	sed -i -e "s:APACHE2_OPTS=\".*\":APACHE2_OPTS=\"${APACHE2_OPTS}\":" \

+		"${GENTOO_PATCHDIR}"/init/apache2.confd || die "sed failed"

+

+	newconfd "${GENTOO_PATCHDIR}"/init/apache2.confd apache2

+	newinitd "${GENTOO_PATCHDIR}"/init/apache2.initd apache2

+

+	# Link apache2ctl to the init script

+	dosym /etc/init.d/apache2 /usr/sbin/apache2ctl

+

+	# provide symlinks for all the stuff we no longer rename, bug 177697

+	for i in suexec apxs; do

+		dosym /usr/sbin/${i} /usr/sbin/${i}2

+	done

+

+	# Install some thirdparty scripts

+	exeinto /usr/sbin

+	for i in apache2logserverstatus apache2splitlogfile ; do

+		doexe "${GENTOO_PATCHDIR}"/scripts/${i}

+	done

+	use ssl && doexe "${GENTOO_PATCHDIR}"/scripts/gentestcrt.sh

+

+	# Install some documentation

+	dodoc ABOUT_APACHE CHANGES LAYOUT README README.platforms VERSIONING

+	dodoc "${GENTOO_PATCHDIR}"/docs/*

+

+	# drop in a convenient link to the manual

+	if use doc ; then

+		sed -i -e "s:VERSION:${PVR}:" "${D}/etc/apache2/modules.d/00_apache_manual.conf"

+	else

+		rm -f "${D}/etc/apache2/modules.d/00_apache_manual.conf"

+		rm -Rf "${D}/usr/share/doc/${PF}/manual"

+	fi

+

+	# the default webroot gets stored in /usr/share/doc

+	ebegin "Installing default webroot to /usr/share/doc/${PF}"

+	mv -f "${D}/var/www/localhost" "${D}/usr/share/doc/${PF}/webroot"

+	eend $?

+	keepdir /var/www/localhost/htdocs

+

+	if ! use no-suexec ; then

+		# Set some sane permissions for suexec

+		fowners 0:apache /usr/sbin/suexec

+		fperms 4710 /usr/sbin/suexec

+	fi

+

+	keepdir /etc/apache2/vhosts.d

+	keepdir /etc/apache2/modules.d

+

+	# empty dirs

+	for i in /var/lib/dav /var/log/apache2 /var/cache/apache2 ; do

+		keepdir ${i}

+		fowners apache:apache ${i}

+		fperms 0755 ${i}

+	done

+

+	# We'll be needing /etc/apache2/ssl if USE=ssl

+	use ssl && keepdir /etc/apache2/ssl

+}

+

+pkg_postinst() {

+	# Automatically generate test certificates if ssl USE flag is being set

+	if use ssl && [[ ! -e "${ROOT}/etc/apache2/ssl/server.crt" ]] ; then

+		cd "${ROOT}"/etc/apache2/ssl

+		einfo

+		einfo "Generating self-signed test certificate in ${ROOT}/etc/apache2/ssl ..."

+		yes "" 2>/dev/null | \

+			"${ROOT}"/usr/sbin/gentestcrt.sh >/dev/null 2>&1 || \

+			die "gentestcrt.sh failed"

+		einfo

+	fi

+

+	# we do this here because the default webroot is a copy of the files

+	# that exist elsewhere and we don't want them managed/removed by portage

+	# when apache is upgraded.

+

+	if [[ -e "${ROOT}/var/www/localhost" ]] ; then

+		elog "The default webroot has not been installed into"

+		elog "${ROOT}/var/www/localhost because the directory already exists"

+		elog "and we do not want to overwrite any files you have put there."

+		elog

+		elog "If you would like to install the latest webroot, please run"

+		elog "emerge --config =${PF}"

+	else

+		einfo "Installing default webroot to ${ROOT}/var/www/localhost"

+		mkdir -p "${ROOT}"/var/www/localhost

+		cp -R "${ROOT}"/usr/share/doc/${PF}/webroot/* "${ROOT}"/var/www/localhost

+		chown -R apache:0 "${ROOT}"/var/www/localhost

+	fi

+

+	# Previous installations of apache-2.2 installed the upstream configuration

+	# files, which shouldn't even have been installed!

+	if has_version '>=www-servers/apache-2.2.4' ; then

+		[ -f "${ROOT}"/etc/apache2/apache2.conf ] && \

+			rm -f "${ROOT}"/etc/apache2/apache2.conf >/dev/null 2>&1

+

+		for i in extra original ; do

+			[ -d "${ROOT}"/etc/apache2/$i ] && \

+				rm -rf "${ROOT}"/etc/apache2/$i >/dev/null 2>&1

+		done

+	fi

+

+	# Note the changes regarding DEFAULT_VHOST and SSL_DEFAULT_VHOST

+	if has_version '<www-servers/apache-2.2.4-r7' ; then

+		elog

+		elog "Listen directives have been moved into the default virtual host"

+		elog "configuation. At least DEFAULT_VHOST has been enabled for you"

+		elog "(depending on your USE-flags."

+		elog

+		elog "If you disable DEFAULT_VHOST or SSL_DEFAULT_VHOST, there would"

+		elog "be no listening sockets available."

+		elog

+	fi

+

+	# Note the user of the config changes

+	if has_version '<www-servers/apache-2.2.4-r5' ; then

+		elog

+		elog "Please make sure that you update your /etc directory."

+		elog "Between the versions, we had to changes some config files"

+		elog "and move some stuff out of the main httpd.conf file to a seperate"

+		elog "modules.d entry."

+		elog

+		elog "Thus please update your /etc directory either via etc-update,"

+		elog "dispatch-conf or conf-update !"

+		elog

+	fi

+

+	# Check for dual/upgrade install

+	if has_version '<www-servers/apache-2.2.0' ; then

+		elog

+		elog "When upgrading from versions below 2.2.0 to this version, you"

+		elog "need to rebuild all your modules. Please do so for your modules"

+		elog "to continue working correctly."

+		elog

+		elog "Also note that some configuration directives have been"

+		elog "split into their own files under ${ROOT}/etc/apache2/modules.d/"

+		elog "and that some modules, foremost the authentication related ones,"

+		elog "have been renamed."

+		elog

+		elog "Some examples:"

+		elog "  - USERDIR is now configureable in ${ROOT}etc/apache2/modules.d/00_mod_userdir.conf."

+		elog

+		elog "For more information on what you may need to change, please"

+		elog "see the overview of changes at:"

+		elog "http://httpd.apache.org/docs/2.2/new_features_2_2.html"

+		elog "and the upgrading guide at:"

+		elog "http://httpd.apache.org/docs/2.2/upgrading.html"

+		elog

+	fi

+

+	# Cleanup the vim backup files, placed in /etc/apache2 by the last

+	# patchtarball (gentoo-apache-2.2.4-r7-20070615)

+	rm -f "${ROOT}/etc/apache2/modules.d/*.conf~"

+}

+

+pkg_config() {

+	einfo "Installing default webroot to ${ROOT}/var/www/localhost"

+	cp -R "${ROOT}"/usr/share/doc/${PF}/webroot/* "${ROOT}"/var/www/localhost

+}

+

+parse_modules_config() {

+	local name=""

+	local disable=""

+	local version="undef"

+	MY_BUILTINS=""

+	mods=""

+	[[ -f "${1}" ]] || return 1

+

+	for i in $(sed 's/#.*//' < $1) ; do

+		if [[ "$i" == "VERSION:" ]] ; then

+			version="select"

+		elif [[ "${version}" == "select" ]] ; then

+			version="$i"

+		# start with - option for backwards compatibility only

+		elif [[ "$i" == "-" ]] ; then

+			disable="true"

+		elif [[ -z "${name}" ]] && [[ "$i" != "${i/mod_/}" ]] ; then

+			name="${i/mod_/}"

+		elif [[ -n "${disable}" ]] || [[ "$i" == "disabled" ]] ; then

+			MY_BUILTINS="${MY_BUILTINS} --disable-${name}"

+			name="" ; disable=""

+		elif [[ "$i" == "static" ]] || use static-modules ; then

+			MY_BUILTINS="${MY_BUILTINS} --enable-${name}=static"

+			name="" ; disable=""

+		elif [[ "$i" == "shared" ]] ; then

+			MY_BUILTINS="${MY_BUILTINS} --enable-${name}=shared"

+			mods="${mods} ${name}"

+			name="" ; disable=""

+		else

+			ewarn "Parse error in ${1} - unknown option: $i"

+		fi

+	done

+

+	# reject the file if it's unversioned or doesn't match our

+	# package major.minor. This is to make upgrading work smoothly.

+	if [[ "${version}" != "${PV%.*}" ]] ; then

+		mods=""

+		MY_BUILTINS=""

+		return 1

+	fi

+

+	einfo "Using ${1}"

+	einfo "options: ${MY_BUILTINS}"

+	einfo "LoadModules: ${mods}"

+}

+

+select_modules_config() {

+	parse_modules_config "${ROOT}"/etc/apache2/apache2-builtin-mods || \

+	parse_modules_config "${GENTOO_PATCHDIR}"/conf/apache2-builtin-mods || \

+	return 1

+}

@@ -0,0 +1,11 @@

+--- server/log.c.1	2007-10-04 16:34:00.000000000 +0200

++++ server/log.c	2007-10-04 16:35:46.000000000 +0200

+@@ -595,7 +595,7 @@

+          * first. -djg

+          */

+         len += apr_snprintf(errstr + len, MAX_STRING_LEN - len,

+-                            "[client %s] ", c->remote_ip);

++                            "[client 0.0.0.0] ");

+     }

+     if (status != 0) {

+         if (status < APR_OS_START_EAIERR) {

@@ -0,0 +1,6 @@

+MD5 e7ebbbfdb900ab1550abd5ae5753910b gentoo-apache-2.2.6-20070907.tar.bz2 58121

+RMD160 d0e5f55a8985f97fcdf646e04d92f6519f968104 gentoo-apache-2.2.6-20070907.tar.bz2 58121

+SHA256 56f809f93fdcba204e6be271f195095d8ad033aa61447dab607af91d95cde8e6 gentoo-apache-2.2.6-20070907.tar.bz2 58121

+MD5 203bea91715064f0c787f6499d33a377 httpd-2.2.6.tar.bz2 4717066

+RMD160 5ae895c6898213e1e3b7e7b02cdfcbe5b36a108f httpd-2.2.6.tar.bz2 4717066

+SHA256 f27cd9df50a2acd9df8f37520f62f6ce51758689d425ead5883e75ff5ed6548c httpd-2.2.6.tar.bz2 4717066

@@ -0,0 +1,217 @@

+httpd-2.2.x-sni.patch - server name indication support for Apache 2.2 or later

+(cf. RFC 4366, "Transport Layer Security (TLS) Extensions")

+

+Based on a patch from the EdelKey project (http://www.edelweb.fr/EdelKey/),

+which is used with permission from its author.

+

+Index: httpd-2.2.x/modules/ssl/ssl_engine_init.c

+===================================================================

+--- httpd-2.2.x/modules/ssl/ssl_engine_init.c	(revision 515465)

++++ httpd-2.2.x/modules/ssl/ssl_engine_init.c	(working copy)

+@@ -156,6 +156,87 @@ static int ssl_tmp_keys_init(server_rec 

+     return OK;

+ }

+ 

++#ifndef OPENSSL_NO_TLSEXT

++static int set_ssl_vhost(void *servername, conn_rec *c, server_rec *s) 

++{

++    SSLSrvConfigRec *sc;

++    SSL *ssl;

++    BOOL found = FALSE;

++    apr_array_header_t *names;

++    int i;

++

++    /* check ServerName */

++    if (!strcasecmp(servername, s->server_hostname))

++        found = TRUE;

++

++    /* if not matched yet, check ServerAlias entries */

++    if (!found) {

++        names = s->names;

++        if (names) {

++            char **name = (char **) names->elts;

++            for (i = 0; i < names->nelts; ++i) {

++                if(!name[i]) continue;

++                if (!strcasecmp(servername, name[i])) {

++                    found = TRUE;

++                    break;

++                }

++            }

++        }

++    }

++

++    /* if still no match, check ServerAlias entries with wildcards */

++    if (!found) {

++        names = s->wild_names;

++        if (names) {

++            char **name = (char **) names->elts;

++            for (i = 0; i < names->nelts; ++i) {

++                if(!name[i]) continue;

++                if (!ap_strcasecmp_match(servername, name[i])) {

++                    found = TRUE;

++                    break;

++                }

++            }

++        }

++    }

++

++    /* set SSL_CTX (if matched) */

++    if (found) {

++        if ((ssl = ((SSLConnRec *)myConnConfig(c))->ssl) == NULL) 

++            return 0;

++        if (!(sc = mySrvConfig(s)))

++            return 0;	

++        SSL_set_SSL_CTX(ssl,sc->server->ssl_ctx);

++        return 1;

++    }

++    return 0;

++}

++

++int ssl_set_vhost_ctx(SSL *ssl, const char *servername) 

++{

++    conn_rec *c;

++

++    if (servername == NULL)   /* should not occur. */

++        return 0;

++

++    SSL_set_SSL_CTX(ssl,NULL);

++

++    if (!(c = (conn_rec *)SSL_get_app_data(ssl))) 

++        return 0;

++

++    return ap_vhost_iterate_given_conn(c,set_ssl_vhost,servername);

++}

++

++int ssl_servername_cb(SSL *s, int *al, modssl_ctx_t *mctx)

++{

++    const char *servername = SSL_get_servername(s,TLSEXT_NAMETYPE_host_name);

++

++    if (servername) {

++        return ssl_set_vhost_ctx(s,servername)?SSL_TLSEXT_ERR_OK:SSL_TLSEXT_ERR_ALERT_FATAL;

++    }

++    return SSL_TLSEXT_ERR_NOACK;

++}

++#endif

++

+ /*

+  *  Per-module initialization

+  */

+@@ -376,6 +457,29 @@ static void ssl_init_server_check(server

+     }

+ }

+ 

++static void ssl_init_server_extensions(server_rec *s,

++                             apr_pool_t *p,

++                             apr_pool_t *ptemp,

++                             modssl_ctx_t *mctx)

++{

++    /*

++     * Configure TLS extensions support

++     */

++

++#ifndef OPENSSL_NO_TLSEXT

++    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,

++                 "Configuring TLS extensions facility");

++

++    if (!SSL_CTX_set_tlsext_servername_callback(mctx->ssl_ctx, ssl_servername_cb) ||

++        !SSL_CTX_set_tlsext_servername_arg(mctx->ssl_ctx, mctx)) {

++        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,

++                "Unable to initialize servername callback, bad openssl version.");

++        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);

++        ssl_die();

++    }

++#endif

++}

++

+ static void ssl_init_ctx_protocol(server_rec *s,

+                                   apr_pool_t *p,

+                                   apr_pool_t *ptemp,

+@@ -709,6 +813,8 @@ static void ssl_init_ctx(server_rec *s,

+         /* XXX: proxy support? */

+         ssl_init_ctx_cert_chain(s, p, ptemp, mctx);

+     }

++

++    ssl_init_server_extensions(s, p, ptemp, mctx);

+ }

+ 

+ static int ssl_server_import_cert(server_rec *s,

+@@ -1035,6 +1141,7 @@ void ssl_init_CheckServers(server_rec *b

+         }

+     }

+ 

++#ifdef OPENSSL_NO_TLSEXT

+     /*

+      * Give out warnings when more than one SSL-aware virtual server uses the

+      * same IP:port. This doesn't work because mod_ssl then will always use

+@@ -1079,6 +1186,7 @@ void ssl_init_CheckServers(server_rec *b

+                      "Init: You should not use name-based "

+                      "virtual hosts in conjunction with SSL!!");

+     }

++#endif

+ }

+ 

+ #ifdef SSLC_VERSION_NUMBER

+Index: httpd-2.2.x/modules/ssl/ssl_engine_kernel.c

+===================================================================

+--- httpd-2.2.x/modules/ssl/ssl_engine_kernel.c	(revision 515465)

++++ httpd-2.2.x/modules/ssl/ssl_engine_kernel.c	(working copy)

+@@ -231,6 +231,19 @@ int ssl_hook_Access(request_rec *r)

+      * the currently active one.

+      */

+ 

++#ifndef OPENSSL_NO_TLSEXT

++    /*

++     * We will switch to another virtualhost and to its ssl_ctx

++     * if changed, we will force a renegotiation.

++     */

++    if (r->hostname && !SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) {

++        SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);

++        if (ssl_set_vhost_ctx(ssl,(char *)r->hostname) &&

++            ctx != SSL_get_SSL_CTX(ssl))

++            renegotiate = TRUE;

++    }

++#endif

++

+     /*

+      * Override of SSLCipherSuite

+      *

+@@ -997,6 +1010,9 @@ int ssl_hook_Fixup(request_rec *r)

+     SSLDirConfigRec *dc = myDirConfig(r);

+     apr_table_t *env = r->subprocess_env;

+     char *var, *val = "";

++#ifndef OPENSSL_NO_TLSEXT

++    const char* servername;

++#endif

+     STACK_OF(X509) *peer_certs;

+     SSL *ssl;

+     int i;

+@@ -1018,6 +1034,12 @@ int ssl_hook_Fixup(request_rec *r)

+     /* the always present HTTPS (=HTTP over SSL) flag! */

+     apr_table_setn(env, "HTTPS", "on");

+ 

++#ifndef OPENSSL_NO_TLSEXT

++    /* add content of SNI TLS extension (if supplied with ClientHello) */

++    if (servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))

++	apr_table_set(env, "TLS_SNI", servername);

++#endif

++

+     /* standard SSL environment variables */

+     if (dc->nOptions & SSL_OPT_STDENVVARS) {

+         for (i = 0; ssl_hook_Fixup_vars[i]; i++) {

+Index: httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h

+===================================================================

+--- httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h	(revision 515465)

++++ httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h	(working copy)

+@@ -258,6 +258,12 @@ typedef void (*modssl_popfree_fn)(char *

+ #define SSL_SESS_CACHE_NO_INTERNAL  SSL_SESS_CACHE_NO_INTERNAL_LOOKUP

+ #endif

+ 

++#ifndef OPENSSL_NO_TLSEXT

++#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME

++#define OPENSSL_NO_TLSEXT

++#endif

++#endif

++

+ #endif /* SSL_TOOLKIT_COMPAT_H */

+ 

+ /** @} */