- enable the checks that the suexec wrapper is a setuid root binary; so if people turn off setuid on the binary, suexec won't be enabled. - fix hardcoded path to suexec2 - remove checks requiring /usr/sbin/httpd to be present: this is unnecessary, we know that httpd contains mod_so, and only the httpd-devel package should be required to build modules. - Allow startup after unclean shutdown: remove mutex before creating it, use anonymous shm in shmcb. - allow server/exports.c to be generated in a parallel build successfully - ensure that when mod_ssl is unloaded, libcrypto doesn't still have the thread_id callback pointing at a mod_ssl function. - make apache2ctl source /etc/conf.d/apache2 for startup options diff -ur httpd-2.0.49.orig/include/httpd.h httpd-2.0.49/include/httpd.h --- httpd-2.0.49.orig/include/httpd.h 2004-02-09 12:54:34.000000000 -0800 +++ httpd-2.0.49/include/httpd.h 2004-03-22 10:38:40.000000000 -0800 @@ -137,7 +137,7 @@ /* The path to the suExec wrapper, can be overridden in Configuration */ #ifndef SUEXEC_BIN -#define SUEXEC_BIN HTTPD_ROOT "/bin/suexec" +#define SUEXEC_BIN "/usr/sbin/suexec2" #endif /* The timeout for waiting for messages */ Only in httpd-2.0.49/include: httpd.h.orig diff -ur httpd-2.0.49.orig/modules/ssl/ssl_engine_mutex.c httpd-2.0.49/modules/ssl/ssl_engine_mutex.c --- httpd-2.0.49.orig/modules/ssl/ssl_engine_mutex.c 2004-02-09 12:53:20.000000000 -0800 +++ httpd-2.0.49/modules/ssl/ssl_engine_mutex.c 2004-03-22 10:38:40.000000000 -0800 @@ -41,6 +41,8 @@ if (mc->nMutexMode == SSL_MUTEXMODE_NONE) return TRUE; + apr_file_remove(mc->szMutexFile, p); + if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile, mc->nMutexMech, p)) != APR_SUCCESS) { if (mc->szMutexFile) Only in httpd-2.0.49/modules/ssl: ssl_engine_mutex.c.orig diff -ur httpd-2.0.49.orig/modules/ssl/ssl_scache_shmcb.c httpd-2.0.49/modules/ssl/ssl_scache_shmcb.c --- httpd-2.0.49.orig/modules/ssl/ssl_scache_shmcb.c 2004-02-09 12:53:20.000000000 -0800 +++ httpd-2.0.49/modules/ssl/ssl_scache_shmcb.c 2004-03-22 10:38:40.000000000 -0800 @@ -341,7 +341,7 @@ if ((rv = apr_shm_create(&(mc->pSessionCacheDataMM), mc->nSessionCacheDataSize, - mc->szSessionCacheDataFile, + NULL, mc->pPool)) != APR_SUCCESS) { char buf[100]; ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, Only in httpd-2.0.49/modules/ssl: ssl_scache_shmcb.c.orig diff -ur httpd-2.0.49.orig/modules/ssl/ssl_util.c httpd-2.0.49/modules/ssl/ssl_util.c --- httpd-2.0.49.orig/modules/ssl/ssl_util.c 2004-02-09 12:53:20.000000000 -0800 +++ httpd-2.0.49/modules/ssl/ssl_util.c 2004-03-22 10:38:40.000000000 -0800 @@ -422,6 +422,8 @@ CRYPTO_set_locking_callback(NULL); CRYPTO_set_id_callback(NULL); + CRYPTO_set_id_callback(NULL); + /* Let the registered mutex cleanups do their own thing */ return APR_SUCCESS; Only in httpd-2.0.49/modules/ssl: ssl_util.c.orig diff -ur httpd-2.0.49.orig/os/unix/unixd.c httpd-2.0.49/os/unix/unixd.c --- httpd-2.0.49.orig/os/unix/unixd.c 2004-03-17 23:36:53.000000000 -0800 +++ httpd-2.0.49/os/unix/unixd.c 2004-03-22 10:38:40.000000000 -0800 @@ -200,23 +200,20 @@ AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp) { - apr_finfo_t wrapper; + struct stat wrapper; unixd_config.user_name = DEFAULT_USER; unixd_config.user_id = ap_uname2id(DEFAULT_USER); unixd_config.group_id = ap_gname2id(DEFAULT_GROUP); /* Check for suexec */ - unixd_config.suexec_enabled = 0; - if ((apr_stat(&wrapper, SUEXEC_BIN, - APR_FINFO_NORM, ptemp)) != APR_SUCCESS) { - return; - } - - /* XXX - apr_stat is incapable of checking suid bits (grumble) */ - /* if ((wrapper.filetype & S_ISUID) && wrapper.user == 0) { */ + if (stat(SUEXEC_BIN, &wrapper) == 0 && + (wrapper.st_mode & S_ISUID) && wrapper.st_uid == 0) { unixd_config.suexec_enabled = 1; - /* } */ + } else { + unixd_config.suexec_enabled = 0; + } + } Only in httpd-2.0.49/os/unix: unixd.c.orig diff -ur httpd-2.0.49.orig/server/Makefile.in httpd-2.0.49/server/Makefile.in --- httpd-2.0.49.orig/server/Makefile.in 2004-03-08 09:40:37.000000000 -0800 +++ httpd-2.0.49/server/Makefile.in 2004-03-22 10:38:40.000000000 -0800 @@ -67,6 +67,9 @@ export_vars.h: export_files $(AWK) -f $(top_srcdir)/build/make_var_export.awk `cat $?` > $@ +# Needed to allow exports.c to be generated in a parallel build successfully +.NOTPARALLEL: $(top_builddir)/server/exports.c + # Rule to make def file for OS/2 core dll ApacheCoreOS2.def: exports.c export_vars.h $(top_srcdir)/os/$(OS_DIR)/core_header.def cat $(top_srcdir)/os/$(OS_DIR)/core_header.def > $@ Only in httpd-2.0.49/server: Makefile.in.orig diff -ur httpd-2.0.49.orig/support/apachectl.in httpd-2.0.49/support/apachectl.in --- httpd-2.0.49.orig/support/apachectl.in 2004-02-09 12:59:49.000000000 -0800 +++ httpd-2.0.49/support/apachectl.in 2004-03-22 10:38:40.000000000 -0800 @@ -40,7 +40,8 @@ # -------------------- -------------------- # # the path to your httpd binary, including options if necessary -HTTPD='@exp_sbindir@/@progname@' +. /etc/conf.d/apache2 +HTTPD="@exp_sbindir@/@progname@ ${APACHE2_OPTS}" # # pick up any necessary environment variables if test -f @exp_bindir@/envvars; then Only in httpd-2.0.49/support: apachectl.in.orig diff -ur httpd-2.0.49.orig/support/apxs.in httpd-2.0.49/support/apxs.in --- httpd-2.0.49.orig/support/apxs.in 2004-02-09 12:59:49.000000000 -0800 +++ httpd-2.0.49/support/apxs.in 2004-03-22 10:38:40.000000000 -0800 @@ -198,19 +198,6 @@ ($httpd = $0) =~ s:support/apxs$::; } -unless (-x "$httpd") { - error("$httpd not found or not executable"); - exit 1; -} - -unless (grep /mod_so/, `. $envvars && $httpd -l`) { - error("Sorry, no shared object support for Apache"); - error("available under your platform. Make sure"); - error("the Apache module mod_so is compiled into"); - error("your server binary `$httpd'."); - exit 1; -} - sub get_config_vars{ my ($file, $rh_config) = @_; Only in httpd-2.0.49/support: apxs.in.orig