diff --git a/httpd-2.4.43-gettid.patch b/httpd-2.4.43-gettid.patch deleted file mode 100644 index f80b3a7..0000000 --- a/httpd-2.4.43-gettid.patch +++ /dev/null @@ -1,93 +0,0 @@ -From d4e5b6e1e5585d341d1e51f1ddc637c099111076 Mon Sep 17 00:00:00 2001 -From: Joe Orton -Date: Tue, 7 Jul 2020 09:48:01 +0100 -Subject: [PATCH] Check and use gettid() directly with glibc 2.30+. - -* configure.in: Check for gettid() and define HAVE_SYS_GETTID if - gettid() is only usable via syscall(). - -* server/log.c (log_tid): Use gettid() directly if available. ---- - configure.in | 14 +++++++++----- - server/log.c | 8 ++++++-- - 2 files changed, 15 insertions(+), 7 deletions(-) - -diff --git a/configure.in b/configure.in -index 423d58d4b9a..60cbf7b7f81 100644 ---- httpd-2.4.43/configure.in.gettid -+++ httpd-2.4.43/configure.in -@@ -478,7 +500,8 @@ - timegm \ - getpgid \ - fopen64 \ --getloadavg -+getloadavg \ -+gettid - ) - - dnl confirm that a void pointer is large enough to store a long integer -@@ -489,16 +512,19 @@ - APR_ADDTO(HTTPD_LIBS, [-lselinux]) - ]) - --AC_CACHE_CHECK([for gettid()], ac_cv_gettid, -+if test $ac_cv_func_gettid = no; then -+ # On Linux before glibc 2.30, gettid() is only usable via syscall() -+ AC_CACHE_CHECK([for gettid() via syscall], ap_cv_gettid, - [AC_TRY_RUN(#define _GNU_SOURCE - #include - #include - #include - int main(int argc, char **argv) { - pid_t t = syscall(SYS_gettid); return t == -1 ? 1 : 0; }, --[ac_cv_gettid=yes], [ac_cv_gettid=no], [ac_cv_gettid=no])]) --if test "$ac_cv_gettid" = "yes"; then -- AC_DEFINE(HAVE_GETTID, 1, [Define if you have gettid()]) -+ [ap_cv_gettid=yes], [ap_cv_gettid=no], [ap_cv_gettid=no])]) -+ if test "$ap_cv_gettid" = "yes"; then -+ AC_DEFINE(HAVE_SYS_GETTID, 1, [Define if you have gettid() via syscall()]) -+ fi - fi - - dnl ## Check for the tm_gmtoff field in struct tm to get the timezone diffs ---- httpd-2.4.43/server/log.c.gettid -+++ httpd-2.4.43/server/log.c -@@ -55,7 +55,7 @@ - #include "ap_mpm.h" - #include "ap_listen.h" - --#if HAVE_GETTID -+#if HAVE_SYS_GETTID - #include - #include - #endif -@@ -625,14 +625,18 @@ - #if APR_HAS_THREADS - int result; - #endif --#if HAVE_GETTID -+#if defined(HAVE_GETTID) || defined(HAVE_SYS_GETTID) - if (arg && *arg == 'g') { -+#ifdef HAVE_GETTID -+ pid_t tid = gettid(); -+#else - pid_t tid = syscall(SYS_gettid); -+#endif - if (tid == -1) - return 0; - return apr_snprintf(buf, buflen, "%"APR_PID_T_FMT, tid); - } --#endif -+#endif /* HAVE_GETTID || HAVE_SYS_GETTID */ - #if APR_HAS_THREADS - if (ap_mpm_query(AP_MPMQ_IS_THREADED, &result) == APR_SUCCESS - && result != AP_MPMQ_NOT_SUPPORTED) -@@ -966,7 +970,7 @@ - #if APR_HAS_THREADS - field_start = len; - len += cpystrn(buf + len, ":tid ", buflen - len); -- item_len = log_tid(info, NULL, buf + len, buflen - len); -+ item_len = log_tid(info, "g", buf + len, buflen - len); - if (!item_len) - len = field_start; - else diff --git a/httpd-2.4.54-gettid.patch b/httpd-2.4.54-gettid.patch new file mode 100644 index 0000000..dfc447b --- /dev/null +++ b/httpd-2.4.54-gettid.patch @@ -0,0 +1,91 @@ +From d4e5b6e1e5585d341d1e51f1ddc637c099111076 Mon Sep 17 00:00:00 2001 +From: Joe Orton +Date: Tue, 7 Jul 2020 09:48:01 +0100 +Subject: [PATCH] Check and use gettid() directly with glibc 2.30+. + +* configure.in: Check for gettid() and define HAVE_SYS_GETTID if + gettid() is only usable via syscall(). + +* server/log.c (log_tid): Use gettid() directly if available. +--- + configure.in | 14 +++++++++----- + server/log.c | 8 ++++++-- + 2 files changed, 15 insertions(+), 7 deletions(-) + +diff --git a/configure.in b/configure.in +index 423d58d4b9a..60cbf7b7f81 100644 +--- httpd-2.4.54/configure.in.gettid ++++ httpd-2.4.54/configure.in +@@ -502,22 +502,26 @@ + timegm \ + getpgid \ + fopen64 \ +-getloadavg ++getloadavg \ ++gettid + ) + + dnl confirm that a void pointer is large enough to store a long integer + APACHE_CHECK_VOID_PTR_LEN + +-AC_CACHE_CHECK([for gettid()], ac_cv_gettid, ++if test $ac_cv_func_gettid = no; then ++ # On Linux before glibc 2.30, gettid() is only usable via syscall() ++ AC_CACHE_CHECK([for gettid() via syscall], ap_cv_gettid, + [AC_TRY_RUN(#define _GNU_SOURCE + #include + #include + #include + int main(int argc, char **argv) { + pid_t t = syscall(SYS_gettid); return t == -1 ? 1 : 0; }, +-[ac_cv_gettid=yes], [ac_cv_gettid=no], [ac_cv_gettid=no])]) +-if test "$ac_cv_gettid" = "yes"; then +- AC_DEFINE(HAVE_GETTID, 1, [Define if you have gettid()]) ++ [ap_cv_gettid=yes], [ap_cv_gettid=no], [ap_cv_gettid=no])]) ++ if test "$ap_cv_gettid" = "yes"; then ++ AC_DEFINE(HAVE_SYS_GETTID, 1, [Define if you have gettid() via syscall()]) ++ fi + fi + + dnl ## Check for the tm_gmtoff field in struct tm to get the timezone diffs +--- httpd-2.4.54/server/log.c.gettid ++++ httpd-2.4.54/server/log.c +@@ -55,7 +55,7 @@ + #include "ap_mpm.h" + #include "ap_listen.h" + +-#if HAVE_GETTID ++#if HAVE_SYS_GETTID + #include + #include + #endif +@@ -627,14 +627,18 @@ + #if APR_HAS_THREADS + int result; + #endif +-#if HAVE_GETTID ++#if defined(HAVE_GETTID) || defined(HAVE_SYS_GETTID) + if (arg && *arg == 'g') { ++#ifdef HAVE_GETTID ++ pid_t tid = gettid(); ++#else + pid_t tid = syscall(SYS_gettid); ++#endif + if (tid == -1) + return 0; + return apr_snprintf(buf, buflen, "%"APR_PID_T_FMT, tid); + } +-#endif ++#endif /* HAVE_GETTID || HAVE_SYS_GETTID */ + #if APR_HAS_THREADS + if (ap_mpm_query(AP_MPMQ_IS_THREADED, &result) == APR_SUCCESS + && result != AP_MPMQ_NOT_SUPPORTED) +@@ -968,7 +972,7 @@ + #if APR_HAS_THREADS + field_start = len; + len += cpystrn(buf + len, ":tid ", buflen - len); +- item_len = log_tid(info, NULL, buf + len, buflen - len); ++ item_len = log_tid(info, "g", buf + len, buflen - len); + if (!item_len) + len = field_start; + else diff --git a/httpd-2.4.54-selinux.patch b/httpd-2.4.54-selinux.patch index 3868b3b..4d66bd8 100644 --- a/httpd-2.4.54-selinux.patch +++ b/httpd-2.4.54-selinux.patch @@ -1,24 +1,22 @@ diff --git a/configure.in b/configure.in index 74015ca..8c0ee10 100644 ---- a/configure.in -+++ b/configure.in -@@ -508,6 +508,11 @@ getloadavg - dnl confirm that a void pointer is large enough to store a long integer - APACHE_CHECK_VOID_PTR_LEN - -+AC_CHECK_LIB(selinux, is_selinux_enabled, [ -+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) -+ APR_ADDTO(HTTPD_LIBS, [-lselinux]) -+]) -+ - AC_CACHE_CHECK([for gettid()], ac_cv_gettid, - [AC_TRY_RUN(#define _GNU_SOURCE - #include -diff --git a/server/core.c b/server/core.c -index a6fa2fb..cf4cba4 100644 ---- a/server/core.c -+++ b/server/core.c -@@ -65,6 +65,10 @@ +--- httpd-2.4.54/modules/arch/unix/config5.m4.selinux ++++ httpd-2.4.54/modules/arch/unix/config5.m4 +@@ -23,6 +23,11 @@ + AC_MSG_WARN([Your system does not support systemd.]) + enable_systemd="no" + else ++ AC_CHECK_LIB(selinux, is_selinux_enabled, [ ++ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) ++ APR_ADDTO(MOD_SYSTEMD_LDADD, [-lselinux]) ++ ]) ++ + APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS]) + fi + ]) +--- httpd-2.4.54/modules/arch/unix/mod_systemd.c.selinux ++++ httpd-2.4.54/modules/arch/unix/mod_systemd.c +@@ -35,6 +35,10 @@ #include #endif @@ -26,35 +24,38 @@ index a6fa2fb..cf4cba4 100644 +#include +#endif + - /* LimitRequestBody handling */ - #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) - #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */ -@@ -5150,6 +5154,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte - } - #endif + APR_DECLARE_OPTIONAL_FN(int, + ap_find_systemd_socket, (process_rec *, apr_port_t)); + +@@ -70,6 +74,20 @@ + return apr_psprintf(p, "%s port %u", addr, sa->port); + } +#ifdef HAVE_SELINUX -+ { -+ static int already_warned = 0; -+ int is_enabled = is_selinux_enabled() > 0; -+ -+ if (is_enabled && !already_warned) { -+ security_context_t con; -+ -+ if (getcon(&con) == 0) { -+ -+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, -+ "SELinux policy enabled; " -+ "httpd running as context %s", con); -+ -+ already_warned = 1; -+ -+ freecon(con); -+ } -+ } ++static void log_selinux_context(void) ++{ ++ char *con; ++ ++ if (is_selinux_enabled() && getcon(&con) == 0) { ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "SELinux policy enabled; " ++ "httpd running as context %s", con); ++ freecon(con); + } ++} +#endif + - return OK; - } + /* Report the service is ready in post_config, which could be during + * startup or after a reload. The server could still hit a fatal + * startup error after this point during ap_run_mpm(), so this is +@@ -87,6 +105,10 @@ + if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG) + return OK; + ++#ifdef HAVE_SELINUX ++ log_selinux_context(); ++#endif ++ + for (lr = ap_listeners; lr; lr = lr->next) { + char *s = dump_listener(lr, ptemp); diff --git a/httpd.spec b/httpd.spec index c2c75ee..6908087 100644 --- a/httpd.spec +++ b/httpd.spec @@ -24,7 +24,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.54 -Release: 8%{?dist} +Release: 9%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc @@ -86,7 +86,7 @@ Patch22: httpd-2.4.43-mod_systemd.patch Patch23: httpd-2.4.53-export.patch Patch24: httpd-2.4.43-corelimit.patch Patch25: httpd-2.4.54-selinux.patch -Patch26: httpd-2.4.43-gettid.patch +Patch26: httpd-2.4.54-gettid.patch Patch27: httpd-2.4.54-icons.patch Patch30: httpd-2.4.43-cachehardmax.patch Patch34: httpd-2.4.43-socket-activation.patch @@ -150,7 +150,7 @@ The httpd-core package contains essential httpd binaries. %package devel Summary: Development interfaces for the Apache HTTP Server Requires: apr-devel, apr-util-devel, pkgconfig, libtool -Requires: httpd-core = %{version}-%{release} +Requires: httpd-core = 0:%{version}-%{release} %description devel The httpd-devel package contains the APXS binary and other files @@ -254,7 +254,6 @@ written in the Lua programming language. %patch22 -p1 -b .mod_systemd %patch23 -p1 -b .export %patch24 -p1 -b .corelimit -%patch25 -p1 -b .selinux %patch26 -p1 -b .gettid %patch27 -p1 -b .icons %patch30 -p1 -b .cachehardmax @@ -266,6 +265,7 @@ written in the Lua programming language. %patch42 -p1 -b .r1828172+ %patch45 -p1 -b .logjournal %patch46 -p1 -b .separatesystemd +%patch25 -p1 -b .selinux %patch60 -p1 -b .enable-sslv3 %patch61 -p1 -b .r1878890 @@ -384,6 +384,13 @@ export LYNX_PATH=/usr/bin/links --disable-http2 \ --disable-md \ $* + +if grep -q ac_cv_have_threadsafe_pollset=no config.log; then + cat config.log + : Failed to find thread-safe APR. + exit 1 +fi + %make_build %install @@ -840,6 +847,9 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Mon Dec 19 2022 Joe Orton - 2.4.54-9 +- move SELinux context logging to mod_systemd + * Mon Dec 19 2022 Joe Orton - 2.4.54-8 - define _httpd_statedir macro