keks-overlay.git

@@ -1,17 +0,0 @@

-AUX apache-noip.diff 417 RMD160 8e16f7ff130cea52449a25aafbbdeb78919d9eae SHA1 7c19a0236e4eff23bee6e69ee6708a24529a974c SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc

-MD5 a3ccaa61507918e64dc5fd378e14a5e7 files/apache-noip.diff 417

-RMD160 8e16f7ff130cea52449a25aafbbdeb78919d9eae files/apache-noip.diff 417

-SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc files/apache-noip.diff 417

-AUX httpd-2.2.x-sni.patch 6814 RMD160 6b0d89967041e1e8440559e35d369bd5e6be7d78 SHA1 c9ae8da2b43b2c9101bb2dda5f49f7f322b5f264 SHA256 b7db9f582891e138cec18b5a79c91b9e108fa34f92d63f2c6f31b64282d219d6

-MD5 2c3073c4fd1543a40064dcbd192ef8ce files/httpd-2.2.x-sni.patch 6814

-RMD160 6b0d89967041e1e8440559e35d369bd5e6be7d78 files/httpd-2.2.x-sni.patch 6814

-SHA256 b7db9f582891e138cec18b5a79c91b9e108fa34f92d63f2c6f31b64282d219d6 files/httpd-2.2.x-sni.patch 6814

-DIST gentoo-apache-2.2.6-20070907.tar.bz2 58121 RMD160 d0e5f55a8985f97fcdf646e04d92f6519f968104 SHA1 f9fd830bfb8e6c6e3cbac9d8342cc981032d20c5 SHA256 56f809f93fdcba204e6be271f195095d8ad033aa61447dab607af91d95cde8e6

-DIST httpd-2.2.6.tar.bz2 4717066 RMD160 5ae895c6898213e1e3b7e7b02cdfcbe5b36a108f SHA1 e6ef926ecd1f9a412af8c266239f0a6f58c63854 SHA256 f27cd9df50a2acd9df8f37520f62f6ce51758689d425ead5883e75ff5ed6548c

-EBUILD apache-2.2.6.ebuild 15453 RMD160 e91b37aa8c558d3ae0c3ca46a6e0523576ecdfed SHA1 6cff894f8e0279cd0be5085c19cf5d86ea581325 SHA256 c6b19e9f316371469c892cd6b29f09d510429337fabff6101487ebbadc6633a8

-MD5 27eb2562520dc87271850accd3afe649 apache-2.2.6.ebuild 15453

-RMD160 e91b37aa8c558d3ae0c3ca46a6e0523576ecdfed apache-2.2.6.ebuild 15453

-SHA256 c6b19e9f316371469c892cd6b29f09d510429337fabff6101487ebbadc6633a8 apache-2.2.6.ebuild 15453

-MD5 bf89379d611a34d10b6e0a55eee69f9b files/digest-apache-2.2.6 527

-RMD160 77f2fce54301244724ec61c4a3e0b96dc7106b33 files/digest-apache-2.2.6 527

-SHA256 69de15f758686c7f7977e0b75dd988e247162fb97fb394be4efe40997a53e308 files/digest-apache-2.2.6 527

@@ -1,483 +0,0 @@

-# Copyright 1999-2007 Gentoo Foundation

-# Distributed under the terms of the GNU General Public License v2

-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.6.ebuild,v 1.11 2007/09/25 14:31:47 armin76 Exp $

-

-inherit eutils flag-o-matic multilib autotools

-

-# latest gentoo apache files

-GENTOO_PATCHNAME="gentoo-${PF}"

-GENTOO_PATCHSTAMP="20070907"

-GENTOO_DEVSPACE="hollow"

-GENTOO_PATCHDIR="${WORKDIR}/${GENTOO_PATCHNAME}"

-

-DESCRIPTION="The Apache Web Server."

-HOMEPAGE="http://httpd.apache.org/"

-SRC_URI="mirror://apache/httpd/httpd-${PV}.tar.bz2

-		http://dev.gentoo.org/~${GENTOO_DEVSPACE}/dist/apache/${GENTOO_PATCHNAME}-${GENTOO_PATCHSTAMP}.tar.bz2"

-

-# some helper scripts are apache-1.1, thus both are here

-LICENSE="Apache-2.0 Apache-1.1"

-SLOT="2"

-KEYWORDS="alpha amd64 ~arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd"

-IUSE="debug doc ldap mpm-event mpm-itk mpm-peruser mpm-prefork mpm-worker no-suexec selinux ssl static-modules threads"

-

-DEPEND="dev-lang/perl

-	=dev-libs/apr-1*

-	=dev-libs/apr-util-1*

-	dev-libs/expat

-	dev-libs/libpcre

-	sys-libs/zlib

-	ldap? ( =net-nds/openldap-2* )

-	selinux? ( sec-policy/selinux-apache )

-	ssl? ( dev-libs/openssl )

-	!=www-servers/apache-1*

-	!=app-admin/apache-tools-2.2.4-r2"

-

-RDEPEND="${DEPEND}

-	app-misc/mime-types"

-

-PDEPEND="~app-admin/apache-tools-${PV}"

-

-S="${WORKDIR}/httpd-${PV}"

-

-pkg_setup() {

-	if use ldap && ! built_with_use 'dev-libs/apr-util' ldap ; then

-		eerror "dev-libs/apr-util is missing LDAP support. For apache to have"

-		eerror "ldap support, apr-util must be built with the ldap USE-flag"

-		eerror "enabled."

-		die "ldap USE-flag enabled while not supported in apr-util"

-	fi

-

-	# Select the default MPM module

-	MPM_LIST="event itk peruser prefork worker"

-	for x in ${MPM_LIST} ; do

-		if use mpm-${x} ; then

-			if [[ "x${mpm}" == "x" ]] ; then

-				mpm=${x}

-				elog

-				elog "Selected MPM: ${mpm}"

-				elog

-			else

-				eerror "You have selected more then one mpm USE-flag."

-				eerror "Only one MPM is supported."

-				die "more then one mpm was specified"

-			fi

-		fi

-	done

-

-	if [[ "x${mpm}" == "x" ]] ; then

-		if use threads ; then

-			mpm=worker

-			elog

-			elog "Selected default threaded MPM: ${mpm}";

-			elog

-		else

-			mpm=prefork

-			elog

-			elog "Selected default MPM: ${mpm}";

-			elog

-		fi

-	fi

-

-	# setup apache user and group

-	enewgroup apache 81

-	enewuser apache 81 -1 /var/www apache

-

-	if ! use no-suexec ; then

-		elog

-		elog "You can manipulate several configure options of suexec"

-		elog "through the following environment variables:"

-		elog

-		elog " SUEXEC_SAFEPATH: Default PATH for suexec (default: /usr/local/bin:/usr/bin:/bin)"

-		elog "  SUEXEC_LOGFILE: Path to the suexec logfile (default: /var/log/apache2/suexec_log)"

-		elog "   SUEXEC_CALLER: Name of the user Apache is running as (default: apache)"

-		elog "  SUEXEC_DOCROOT: Directory in which suexec will run scripts (default: /var/www)"

-		elog "   SUEXEC_MINUID: Minimum UID, which is allowed to run scripts via suexec (default: 1000)"

-		elog "   SUEXEC_MINGID: Minimum GID, which is allowed to run scripts via suexec (default: 100)"

-		elog "  SUEXEC_USERDIR: User subdirectories (like /home/user/html) (default: public_html)"

-		elog "    SUEXEC_UMASK: Umask for the suexec process (default: 077)"

-		elog

-	fi

-}

-

-src_unpack() {

-	unpack ${A}

-	cd "${S}"

-	epatch "${FILESDIR}/apache-noip.diff"

-	epatch "${FILESDIR}/httpd-2.2.x-sni.patch"

-

-	# Use correct multilib libdir in gentoo patches

-	sed -i -e "s:/usr/lib:/usr/$(get_libdir):g" \

-		"${GENTOO_PATCHDIR}"/{conf/httpd.conf,init/*,patches/config.layout} \

-		|| die "libdir sed failed"

-

-	#### Patch Organization

-	# 00-19 Gentoo specific  (00_all_some-title.patch)

-	# 20-39 Additional MPMs  (20_all_${MPM}_some-title.patch)

-	# 40-59 USE-flag based   (40_all_${USE}_some-title.patch)

-	# 60-79 Version specific (60_all_${PV}_some-title.patch)

-	# 80-99 Security patches (80_all_${PV}_cve-####-####.patch)

-

-	epatch "${GENTOO_PATCHDIR}"/patches/*.patch

-

-	# setup the filesystem layout config

-	cat "${GENTOO_PATCHDIR}"/patches/config.layout >> "${S}"/config.layout || \

-		die "Failed preparing config.layout!"

-	sed -i -e "s:version:${PF}:g" "${S}"/config.layout

-

-	# patched-in MPMs need the build environment rebuilt

-	sed -i -e '/sinclude/d' configure.in

-	AT_GNUCONF_UPDATE=yes AT_M4DIR=build eautoreconf

-}

-

-src_compile() {

-	local modtype="shared" myconf=""

-	cd "${S}"

-

-	# Instead of filtering --as-needed (bug #128505), append --no-as-needed

-	# Thanks to Harald van Dijk

-	append-ldflags -Wl,--no-as-needed

-

-	# peruser MPM debugging with -X is nearly impossible

-	use mpm-peruser && use debug && append-flags -DMPM_PERUSER_DEBUG

-

-	use static-modules && modtype="static"

-	select_modules_config || die "determining modules failed"

-

-	if use ldap ; then

-		mods="${mods} ldap authnz_ldap"

-		myconf="${myconf} --enable-authnz-ldap=${modtype} --enable-ldap=${modtype}"

-	fi

-

-	if use threads || use mpm-worker || use mpm-event; then

-		mods="${mods} cgid"

-		myconf="${myconf} --enable-cgid=${modtype}"

-	else

-		mods="${mods} cgi"

-		myconf="${myconf} --enable-cgi=${modtype}"

-	fi

-

-	if use ssl; then

-		mods="${mods} ssl"

-		myconf="${myconf} --with-ssl=/usr --enable-ssl=${modtype}"

-	fi

-

-	# Only build suexec with USE=-no-suexec

-	if use no-suexec ; then

-		myconf="${myconf} --disable-suexec"

-	else

-		myconf="${myconf} --with-suexec-safepath=${SUEXEC_SAFEPATH:-/usr/local/bin:/usr/bin:/bin}"

-		myconf="${myconf} --with-suexec-logfile=${SUEXEC_LOGFILE:-/var/log/apache2/suexec_log}"

-		myconf="${myconf} --with-suexec-bin=/usr/sbin/suexec"

-		myconf="${myconf} --with-suexec-userdir=${SUEXEC_USERDIR:-public_html}"

-		myconf="${myconf} --with-suexec-caller=${SUEXEC_CALLER:-apache}"

-		myconf="${myconf} --with-suexec-docroot=${SUEXEC_DOCROOT:-/var/www}"

-		myconf="${myconf} --with-suexec-uidmin=${SUEXEC_MINUID:-1000}"

-		myconf="${myconf} --with-suexec-gidmin=${SUEXEC_MINGID:-100}"

-		myconf="${myconf} --with-suexec-umask=${SUEXEC_UMASK:-077}"

-		myconf="${myconf} --enable-suexec=${modtype}"

-		mods="${mods} suexec"

-	fi

-

-	# econf overwrites the stuff from config.layout, so we have to put them into

-	# our myconf line too

-

-	econf \

-		--includedir=/usr/include/apache2 \

-		--libexecdir=/usr/$(get_libdir)/apache2/modules \

-		--datadir=/var/www/localhost \

-		--sysconfdir=/etc/apache2 \

-		--localstatedir=/var \

-		--with-mpm=${mpm} \

-		--with-perl=/usr/bin/perl \

-		--with-expat=/usr \

-		--with-z=/usr \

-		--with-apr=/usr \

-		--with-apr-util=/usr \

-		--with-pcre=/usr \

-		--with-port=80 \

-		--with-program-name=apache2 \

-		--enable-layout=Gentoo \

-		$(use_enable debug maintainer-mode) \

-		$(use_enable debug exception-hook) \

-		${myconf} ${MY_BUILTINS} || die "econf failed!"

-

-	sed -i -e 's:apache2\.conf:httpd.conf:' include/ap_config_auto.h

-

-	emake || die "emake failed"

-}

-

-src_install () {

-	emake DESTDIR="${D}" install || die "emake install failed"

-

-	# This is a mapping of module names to the -D options in APACHE2_OPTS

-	# Used for creating optional LoadModule lines

-	mod_defines="

-		authnz_ldap:AUTH_LDAP

-		cache:CACHE

-		dav:DAV

-		dav_fs:DAV

-		dav_lock:DAV

-		disk_cache:CACHE

-		file_cache:CACHE

-		info:INFO

-		ldap:LDAP

-		mem_cache:CACHE

-		proxy:PROXY

-		proxy_ajp:PROXY

-		proxy_balancer:PROXY

-		proxy_connect:PROXY

-		proxy_http:PROXY

-		ssl:SSL

-		status:INFO

-		suexec:SUEXEC

-		userdir:USERDIR

-	"

-

-	# create our LoadModule lines

-	if ! use static-modules ; then

-		load_module=""

-		moddir="${D}/usr/$(get_libdir)/apache2/modules"

-		for m in $(echo ${mods}|tr ' ' '\n'|sort -u) ; do

-			endid="no"

-

-			if [[ -e "${moddir}/mod_${m}.so" ]] ; then

-				for def in ${mod_defines} ; do

-					if [[ "${m}" == "${def%:*}" ]] ; then

-						load_module="${load_module}\n<IfDefine ${def#*:}>"

-						endid="yes"

-					fi

-				done

-				load_module="${load_module}\nLoadModule ${m}_module modules/mod_${m}.so"

-				if [[ "${endid}" == "yes" ]] ; then

-					load_module="${load_module}\n</IfDefine>"

-				fi

-			fi

-		done

-	fi

-	sed -i -e "s:%%LOAD_MODULE%%:${load_module}:" \

-		"${GENTOO_PATCHDIR}"/conf/httpd.conf || die "sed failed"

-

-	# Install our configuration files

-	insinto /etc/apache2

-	doins docs/conf/magic

-	doins -r "${GENTOO_PATCHDIR}"/conf/*

-	insinto /etc/logrotate.d

-	newins "${GENTOO_PATCHDIR}"/scripts/apache2-logrotate apache2

-

-	# generate a sane default APACHE2_OPTS

-	APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE"

-	use doc && APACHE2_OPTS="${APACHE2_OPTS} -D MANUAL"

-	use ssl && APACHE2_OPTS="${APACHE2_OPTS} -D SSL -D SSL_DEFAULT_VHOST"

-	use no-suexec || APACHE2_OPTS="${APACHE2_OPTS} -D SUEXEC"

-

-	sed -i -e "s:APACHE2_OPTS=\".*\":APACHE2_OPTS=\"${APACHE2_OPTS}\":" \

-		"${GENTOO_PATCHDIR}"/init/apache2.confd || die "sed failed"

-

-	newconfd "${GENTOO_PATCHDIR}"/init/apache2.confd apache2

-	newinitd "${GENTOO_PATCHDIR}"/init/apache2.initd apache2

-

-	# Link apache2ctl to the init script

-	dosym /etc/init.d/apache2 /usr/sbin/apache2ctl

-

-	# provide symlinks for all the stuff we no longer rename, bug 177697

-	for i in suexec apxs; do

-		dosym /usr/sbin/${i} /usr/sbin/${i}2

-	done

-

-	# Install some thirdparty scripts

-	exeinto /usr/sbin

-	for i in apache2logserverstatus apache2splitlogfile ; do

-		doexe "${GENTOO_PATCHDIR}"/scripts/${i}

-	done

-	use ssl && doexe "${GENTOO_PATCHDIR}"/scripts/gentestcrt.sh

-

-	# Install some documentation

-	dodoc ABOUT_APACHE CHANGES LAYOUT README README.platforms VERSIONING

-	dodoc "${GENTOO_PATCHDIR}"/docs/*

-

-	# drop in a convenient link to the manual

-	if use doc ; then

-		sed -i -e "s:VERSION:${PVR}:" "${D}/etc/apache2/modules.d/00_apache_manual.conf"

-	else

-		rm -f "${D}/etc/apache2/modules.d/00_apache_manual.conf"

-		rm -Rf "${D}/usr/share/doc/${PF}/manual"

-	fi

-

-	# the default webroot gets stored in /usr/share/doc

-	ebegin "Installing default webroot to /usr/share/doc/${PF}"

-	mv -f "${D}/var/www/localhost" "${D}/usr/share/doc/${PF}/webroot"

-	eend $?

-	keepdir /var/www/localhost/htdocs

-

-	if ! use no-suexec ; then

-		# Set some sane permissions for suexec

-		fowners 0:apache /usr/sbin/suexec

-		fperms 4710 /usr/sbin/suexec

-	fi

-

-	keepdir /etc/apache2/vhosts.d

-	keepdir /etc/apache2/modules.d

-

-	# empty dirs

-	for i in /var/lib/dav /var/log/apache2 /var/cache/apache2 ; do

-		keepdir ${i}

-		fowners apache:apache ${i}

-		fperms 0755 ${i}

-	done

-

-	# We'll be needing /etc/apache2/ssl if USE=ssl

-	use ssl && keepdir /etc/apache2/ssl

-}

-

-pkg_postinst() {

-	# Automatically generate test certificates if ssl USE flag is being set

-	if use ssl && [[ ! -e "${ROOT}/etc/apache2/ssl/server.crt" ]] ; then

-		cd "${ROOT}"/etc/apache2/ssl

-		einfo

-		einfo "Generating self-signed test certificate in ${ROOT}/etc/apache2/ssl ..."

-		yes "" 2>/dev/null | \

-			"${ROOT}"/usr/sbin/gentestcrt.sh >/dev/null 2>&1 || \

-			die "gentestcrt.sh failed"

-		einfo

-	fi

-

-	# we do this here because the default webroot is a copy of the files

-	# that exist elsewhere and we don't want them managed/removed by portage

-	# when apache is upgraded.

-

-	if [[ -e "${ROOT}/var/www/localhost" ]] ; then

-		elog "The default webroot has not been installed into"

-		elog "${ROOT}/var/www/localhost because the directory already exists"

-		elog "and we do not want to overwrite any files you have put there."

-		elog

-		elog "If you would like to install the latest webroot, please run"

-		elog "emerge --config =${PF}"

-	else

-		einfo "Installing default webroot to ${ROOT}/var/www/localhost"

-		mkdir -p "${ROOT}"/var/www/localhost

-		cp -R "${ROOT}"/usr/share/doc/${PF}/webroot/* "${ROOT}"/var/www/localhost

-		chown -R apache:0 "${ROOT}"/var/www/localhost

-	fi

-

-	# Previous installations of apache-2.2 installed the upstream configuration

-	# files, which shouldn't even have been installed!

-	if has_version '>=www-servers/apache-2.2.4' ; then

-		[ -f "${ROOT}"/etc/apache2/apache2.conf ] && \

-			rm -f "${ROOT}"/etc/apache2/apache2.conf >/dev/null 2>&1

-

-		for i in extra original ; do

-			[ -d "${ROOT}"/etc/apache2/$i ] && \

-				rm -rf "${ROOT}"/etc/apache2/$i >/dev/null 2>&1

-		done

-	fi

-

-	# Note the changes regarding DEFAULT_VHOST and SSL_DEFAULT_VHOST

-	if has_version '<www-servers/apache-2.2.4-r7' ; then

-		elog

-		elog "Listen directives have been moved into the default virtual host"

-		elog "configuation. At least DEFAULT_VHOST has been enabled for you"

-		elog "(depending on your USE-flags."

-		elog

-		elog "If you disable DEFAULT_VHOST or SSL_DEFAULT_VHOST, there would"

-		elog "be no listening sockets available."

-		elog

-	fi

-

-	# Note the user of the config changes

-	if has_version '<www-servers/apache-2.2.4-r5' ; then

-		elog

-		elog "Please make sure that you update your /etc directory."

-		elog "Between the versions, we had to changes some config files"

-		elog "and move some stuff out of the main httpd.conf file to a seperate"

-		elog "modules.d entry."

-		elog

-		elog "Thus please update your /etc directory either via etc-update,"

-		elog "dispatch-conf or conf-update !"

-		elog

-	fi

-

-	# Check for dual/upgrade install

-	if has_version '<www-servers/apache-2.2.0' ; then

-		elog

-		elog "When upgrading from versions below 2.2.0 to this version, you"

-		elog "need to rebuild all your modules. Please do so for your modules"

-		elog "to continue working correctly."

-		elog

-		elog "Also note that some configuration directives have been"

-		elog "split into their own files under ${ROOT}/etc/apache2/modules.d/"

-		elog "and that some modules, foremost the authentication related ones,"

-		elog "have been renamed."

-		elog

-		elog "Some examples:"

-		elog "  - USERDIR is now configureable in ${ROOT}etc/apache2/modules.d/00_mod_userdir.conf."

-		elog

-		elog "For more information on what you may need to change, please"

-		elog "see the overview of changes at:"

-		elog "http://httpd.apache.org/docs/2.2/new_features_2_2.html"

-		elog "and the upgrading guide at:"

-		elog "http://httpd.apache.org/docs/2.2/upgrading.html"

-		elog

-	fi

-

-	# Cleanup the vim backup files, placed in /etc/apache2 by the last

-	# patchtarball (gentoo-apache-2.2.4-r7-20070615)

-	rm -f "${ROOT}/etc/apache2/modules.d/*.conf~"

-}

-

-pkg_config() {

-	einfo "Installing default webroot to ${ROOT}/var/www/localhost"

-	cp -R "${ROOT}"/usr/share/doc/${PF}/webroot/* "${ROOT}"/var/www/localhost

-}

-

-parse_modules_config() {

-	local name=""

-	local disable=""

-	local version="undef"

-	MY_BUILTINS=""

-	mods=""

-	[[ -f "${1}" ]] || return 1

-

-	for i in $(sed 's/#.*//' < $1) ; do

-		if [[ "$i" == "VERSION:" ]] ; then

-			version="select"

-		elif [[ "${version}" == "select" ]] ; then

-			version="$i"

-		# start with - option for backwards compatibility only

-		elif [[ "$i" == "-" ]] ; then

-			disable="true"

-		elif [[ -z "${name}" ]] && [[ "$i" != "${i/mod_/}" ]] ; then

-			name="${i/mod_/}"

-		elif [[ -n "${disable}" ]] || [[ "$i" == "disabled" ]] ; then

-			MY_BUILTINS="${MY_BUILTINS} --disable-${name}"

-			name="" ; disable=""

-		elif [[ "$i" == "static" ]] || use static-modules ; then

-			MY_BUILTINS="${MY_BUILTINS} --enable-${name}=static"

-			name="" ; disable=""

-		elif [[ "$i" == "shared" ]] ; then

-			MY_BUILTINS="${MY_BUILTINS} --enable-${name}=shared"

-			mods="${mods} ${name}"

-			name="" ; disable=""

-		else

-			ewarn "Parse error in ${1} - unknown option: $i"

-		fi

-	done

-

-	# reject the file if it's unversioned or doesn't match our

-	# package major.minor. This is to make upgrading work smoothly.

-	if [[ "${version}" != "${PV%.*}" ]] ; then

-		mods=""

-		MY_BUILTINS=""

-		return 1

-	fi

-

-	einfo "Using ${1}"

-	einfo "options: ${MY_BUILTINS}"

-	einfo "LoadModules: ${mods}"

-}

-

-select_modules_config() {

-	parse_modules_config "${ROOT}"/etc/apache2/apache2-builtin-mods || \

-	parse_modules_config "${GENTOO_PATCHDIR}"/conf/apache2-builtin-mods || \

-	return 1

-}

@@ -1,11 +0,0 @@

---- server/log.c.1	2007-10-04 16:34:00.000000000 +0200

-+++ server/log.c	2007-10-04 16:35:46.000000000 +0200

-@@ -595,7 +595,7 @@

-          * first. -djg

-          */

-         len += apr_snprintf(errstr + len, MAX_STRING_LEN - len,

--                            "[client %s] ", c->remote_ip);

-+                            "[client 0.0.0.0] ");

-     }

-     if (status != 0) {

-         if (status < APR_OS_START_EAIERR) {

@@ -1,6 +0,0 @@

-MD5 e7ebbbfdb900ab1550abd5ae5753910b gentoo-apache-2.2.6-20070907.tar.bz2 58121

-RMD160 d0e5f55a8985f97fcdf646e04d92f6519f968104 gentoo-apache-2.2.6-20070907.tar.bz2 58121

-SHA256 56f809f93fdcba204e6be271f195095d8ad033aa61447dab607af91d95cde8e6 gentoo-apache-2.2.6-20070907.tar.bz2 58121

-MD5 203bea91715064f0c787f6499d33a377 httpd-2.2.6.tar.bz2 4717066

-RMD160 5ae895c6898213e1e3b7e7b02cdfcbe5b36a108f httpd-2.2.6.tar.bz2 4717066

-SHA256 f27cd9df50a2acd9df8f37520f62f6ce51758689d425ead5883e75ff5ed6548c httpd-2.2.6.tar.bz2 4717066

@@ -1,217 +0,0 @@

-httpd-2.2.x-sni.patch - server name indication support for Apache 2.2 or later

-(cf. RFC 4366, "Transport Layer Security (TLS) Extensions")

-

-Based on a patch from the EdelKey project (http://www.edelweb.fr/EdelKey/),

-which is used with permission from its author.

-

-Index: httpd-2.2.x/modules/ssl/ssl_engine_init.c

-===================================================================

---- httpd-2.2.x/modules/ssl/ssl_engine_init.c	(revision 515465)

-+++ httpd-2.2.x/modules/ssl/ssl_engine_init.c	(working copy)

-@@ -156,6 +156,87 @@ static int ssl_tmp_keys_init(server_rec 

-     return OK;

- }

- 

-+#ifndef OPENSSL_NO_TLSEXT

-+static int set_ssl_vhost(void *servername, conn_rec *c, server_rec *s) 

-+{

-+    SSLSrvConfigRec *sc;

-+    SSL *ssl;

-+    BOOL found = FALSE;

-+    apr_array_header_t *names;

-+    int i;

-+

-+    /* check ServerName */

-+    if (!strcasecmp(servername, s->server_hostname))

-+        found = TRUE;

-+

-+    /* if not matched yet, check ServerAlias entries */

-+    if (!found) {

-+        names = s->names;

-+        if (names) {

-+            char **name = (char **) names->elts;

-+            for (i = 0; i < names->nelts; ++i) {

-+                if(!name[i]) continue;

-+                if (!strcasecmp(servername, name[i])) {

-+                    found = TRUE;

-+                    break;

-+                }

-+            }

-+        }

-+    }

-+

-+    /* if still no match, check ServerAlias entries with wildcards */

-+    if (!found) {

-+        names = s->wild_names;

-+        if (names) {

-+            char **name = (char **) names->elts;

-+            for (i = 0; i < names->nelts; ++i) {

-+                if(!name[i]) continue;

-+                if (!ap_strcasecmp_match(servername, name[i])) {

-+                    found = TRUE;

-+                    break;

-+                }

-+            }

-+        }

-+    }

-+

-+    /* set SSL_CTX (if matched) */

-+    if (found) {

-+        if ((ssl = ((SSLConnRec *)myConnConfig(c))->ssl) == NULL) 

-+            return 0;

-+        if (!(sc = mySrvConfig(s)))

-+            return 0;	

-+        SSL_set_SSL_CTX(ssl,sc->server->ssl_ctx);

-+        return 1;

-+    }

-+    return 0;

-+}

-+

-+int ssl_set_vhost_ctx(SSL *ssl, const char *servername) 

-+{

-+    conn_rec *c;

-+

-+    if (servername == NULL)   /* should not occur. */

-+        return 0;

-+

-+    SSL_set_SSL_CTX(ssl,NULL);

-+

-+    if (!(c = (conn_rec *)SSL_get_app_data(ssl))) 

-+        return 0;

-+

-+    return ap_vhost_iterate_given_conn(c,set_ssl_vhost,servername);

-+}

-+

-+int ssl_servername_cb(SSL *s, int *al, modssl_ctx_t *mctx)

-+{

-+    const char *servername = SSL_get_servername(s,TLSEXT_NAMETYPE_host_name);

-+

-+    if (servername) {

-+        return ssl_set_vhost_ctx(s,servername)?SSL_TLSEXT_ERR_OK:SSL_TLSEXT_ERR_ALERT_FATAL;

-+    }

-+    return SSL_TLSEXT_ERR_NOACK;

-+}

-+#endif

-+

- /*

-  *  Per-module initialization

-  */

-@@ -376,6 +457,29 @@ static void ssl_init_server_check(server

-     }

- }

- 

-+static void ssl_init_server_extensions(server_rec *s,

-+                             apr_pool_t *p,

-+                             apr_pool_t *ptemp,

-+                             modssl_ctx_t *mctx)

-+{

-+    /*

-+     * Configure TLS extensions support

-+     */

-+

-+#ifndef OPENSSL_NO_TLSEXT

-+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,

-+                 "Configuring TLS extensions facility");

-+

-+    if (!SSL_CTX_set_tlsext_servername_callback(mctx->ssl_ctx, ssl_servername_cb) ||

-+        !SSL_CTX_set_tlsext_servername_arg(mctx->ssl_ctx, mctx)) {

-+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,

-+                "Unable to initialize servername callback, bad openssl version.");

-+        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);

-+        ssl_die();

-+    }

-+#endif

-+}

-+

- static void ssl_init_ctx_protocol(server_rec *s,

-                                   apr_pool_t *p,

-                                   apr_pool_t *ptemp,

-@@ -709,6 +813,8 @@ static void ssl_init_ctx(server_rec *s,

-         /* XXX: proxy support? */

-         ssl_init_ctx_cert_chain(s, p, ptemp, mctx);

-     }

-+

-+    ssl_init_server_extensions(s, p, ptemp, mctx);

- }

- 

- static int ssl_server_import_cert(server_rec *s,

-@@ -1035,6 +1141,7 @@ void ssl_init_CheckServers(server_rec *b

-         }

-     }

- 

-+#ifdef OPENSSL_NO_TLSEXT

-     /*

-      * Give out warnings when more than one SSL-aware virtual server uses the

-      * same IP:port. This doesn't work because mod_ssl then will always use

-@@ -1079,6 +1186,7 @@ void ssl_init_CheckServers(server_rec *b

-                      "Init: You should not use name-based "

-                      "virtual hosts in conjunction with SSL!!");

-     }

-+#endif

- }

- 

- #ifdef SSLC_VERSION_NUMBER

-Index: httpd-2.2.x/modules/ssl/ssl_engine_kernel.c

-===================================================================

---- httpd-2.2.x/modules/ssl/ssl_engine_kernel.c	(revision 515465)

-+++ httpd-2.2.x/modules/ssl/ssl_engine_kernel.c	(working copy)

-@@ -231,6 +231,19 @@ int ssl_hook_Access(request_rec *r)

-      * the currently active one.

-      */

- 

-+#ifndef OPENSSL_NO_TLSEXT

-+    /*

-+     * We will switch to another virtualhost and to its ssl_ctx

-+     * if changed, we will force a renegotiation.

-+     */

-+    if (r->hostname && !SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) {

-+        SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);

-+        if (ssl_set_vhost_ctx(ssl,(char *)r->hostname) &&

-+            ctx != SSL_get_SSL_CTX(ssl))

-+            renegotiate = TRUE;

-+    }

-+#endif

-+

-     /*

-      * Override of SSLCipherSuite

-      *

-@@ -997,6 +1010,9 @@ int ssl_hook_Fixup(request_rec *r)

-     SSLDirConfigRec *dc = myDirConfig(r);

-     apr_table_t *env = r->subprocess_env;

-     char *var, *val = "";

-+#ifndef OPENSSL_NO_TLSEXT

-+    const char* servername;

-+#endif

-     STACK_OF(X509) *peer_certs;

-     SSL *ssl;

-     int i;

-@@ -1018,6 +1034,12 @@ int ssl_hook_Fixup(request_rec *r)

-     /* the always present HTTPS (=HTTP over SSL) flag! */

-     apr_table_setn(env, "HTTPS", "on");

- 

-+#ifndef OPENSSL_NO_TLSEXT

-+    /* add content of SNI TLS extension (if supplied with ClientHello) */

-+    if (servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))

-+	apr_table_set(env, "TLS_SNI", servername);

-+#endif

-+

-     /* standard SSL environment variables */

-     if (dc->nOptions & SSL_OPT_STDENVVARS) {

-         for (i = 0; ssl_hook_Fixup_vars[i]; i++) {

-Index: httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h

-===================================================================

---- httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h	(revision 515465)

-+++ httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h	(working copy)

-@@ -258,6 +258,12 @@ typedef void (*modssl_popfree_fn)(char *

- #define SSL_SESS_CACHE_NO_INTERNAL  SSL_SESS_CACHE_NO_INTERNAL_LOOKUP

- #endif

- 

-+#ifndef OPENSSL_NO_TLSEXT

-+#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME

-+#define OPENSSL_NO_TLSEXT

-+#endif

-+#endif

-+

- #endif /* SSL_TOOLKIT_COMPAT_H */

- 

- /** @} */