Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-27 09:59:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackware-current/source/n/httpd/httpd.SlackBuild
Patrick J Volkerding 3e486d66d2 Mon Jun 7 18:53:49 UTC 2021 
Hey folks! Sorry about the delay in getting this batch out but I had other
distractions going on here last week that prevented getting this one wrapped
up. Anyway, probably the highlight of this update set is that we've decided
to abandon the 5.10 LTS kernel in favor of following the latest one. We've
never really had a policy that required LTS in a stable release although that
is how it has been done for years, but based on comments from the Slackware
community it seems like 5.10 LTS isn't getting a lot of love and lacks
hardware support that people need now. Conversely, the reports on 5.12 have
been almost entirely positive, so we're going to provide what we think is the
best available kernel. It's unlikely that we'll see another LTS prior to
release, so the plan for maintenance is to keep following the latest kernels
as needed for security purposes. If that means we have to jump to a new branch
while supporting the stable release, we'll start the kernel out in testing
first until we've had some feedback that it's safe to move it to the patches
directory. Sooner or later we will end up on an LTS kernel again, and at that
point we'll just roll with that one. Feel free to comment (or complain) about
this plan on LQ... I'll be curious to see what people think. Anyway, enjoy!
a/hwdata-0.348-noarch-1.txz:  Upgraded.
a/kernel-generic-5.12.9-x86_64-1.txz:  Upgraded.
a/kernel-huge-5.12.9-x86_64-1.txz:  Upgraded.
a/kernel-modules-5.12.9-x86_64-1.txz:  Upgraded.
ap/ispell-3.4.04-x86_64-1.txz:  Upgraded.
ap/mpg123-1.28.0-x86_64-1.txz:  Upgraded.
ap/slackpkg-15.0.5-noarch-1.txz:  Upgraded.
  Add "--" option to "command cd" in bash completion file. (akinomyoga)
  shell-completions/slackpkg.bash: add "show-changelog".
  Import bash-completion file from upstream project.
  Added the new-config actions for specific files. (Piter PUNK)
  Harden slackpkg with respect to obtaining GPG key. (CRTS)
d/clisp-2.50_20191103_c26de7873-x86_64-5.txz:  Rebuilt.
  Upgraded to libffcall-2.3.
d/git-2.32.0-x86_64-1.txz:  Upgraded.
d/kernel-headers-5.12.9-x86-1.txz:  Upgraded.
d/poke-1.3-x86_64-1.txz:  Upgraded.
d/vala-0.52.4-x86_64-1.txz:  Upgraded.
k/kernel-source-5.12.9-noarch-1.txz:  Upgraded.
kde/calligra-3.2.1-x86_64-9.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
kde/cantor-21.04.1-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
kde/digikam-7.2.0-x86_64-3.txz:  Rebuilt.
  Recompiled against imagemagick-7.0.11_14.
kde/kfilemetadata-5.82.0-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
kde/kile-2.9.93-x86_64-9.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
kde/kitinerary-21.04.1-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
kde/krita-4.4.3-x86_64-5.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
kde/okular-21.04.1-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
l/alsa-lib-1.2.5-x86_64-2.txz:  Rebuilt.
  Account for unexpected packing of the conf file tarballs. We'll see if this
  is enough to make things work well again.
l/at-spi2-core-2.40.2-x86_64-1.txz:  Upgraded.
l/dvdauthor-0.7.2-x86_64-5.txz:  Rebuilt.
  Recompiled against imagemagick-7.0.11_14.
l/libogg-1.3.5-x86_64-1.txz:  Upgraded.
l/librsvg-2.50.7-x86_64-1.txz:  Upgraded.
l/pipewire-0.3.29-x86_64-1.txz:  Upgraded.
l/polkit-0.119-x86_64-1.txz:  Upgraded.
  This update includes a mitigation for local privilege escalation using
  polkit_system_bus_name_get_creds_sync().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3560
  (* Security fix *)
l/poppler-21.06.1-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/pycairo-1.20.1-x86_64-1.txz:  Upgraded.
l/qca-2.3.3-x86_64-1.txz:  Upgraded.
l/vte-0.64.2-x86_64-1.txz:  Upgraded.
n/epic5-2.1.5-x86_64-1.txz:  Upgraded.
n/httpd-2.4.48-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  mod_http2: Fix a potential NULL pointer dereference.
  Unexpected <Location> section matching with 'MergeSlashes OFF'.
  mod_auth_digest: possible stack overflow by one nul byte while validating
  the Digest nonce.
  mod_session: Fix possible crash due to NULL pointer dereference, which
  could be used to cause a Denial of Service with a malicious backend
  server and SessionHeader.
  mod_session: Fix possible crash due to NULL pointer dereference, which
  could be used to cause a Denial of Service.
  mod_proxy_http: Fix possible crash due to NULL pointer dereference, which
  could be used to cause a Denial of Service.
  mod_proxy_wstunnel, mod_proxy_http: Handle Upgradable protocols end-to-end
  negotiation.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
  (* Security fix *)
n/libmbim-1.24.8-x86_64-1.txz:  Upgraded.
n/libqmi-1.28.6-x86_64-1.txz:  Upgraded.
n/nettle-3.7.3-x86_64-1.txz:  Upgraded.
n/openldap-2.4.59-x86_64-1.txz:  Upgraded.
n/p11-kit-0.24.0-x86_64-1.txz:  Upgraded.
n/php-7.4.20-x86_64-1.txz:  Upgraded.
n/vsftpd-3.0.4-x86_64-1.txz:  Upgraded.
n/whois-5.5.10-x86_64-1.txz:  Upgraded.
x/libX11-1.7.2-x86_64-1.txz:  Upgraded.
  This is a bug fix release, correcting a regression introduced by and
  improving the checks from the fix for CVE-2021-31535.
x/libinput-1.18.0-x86_64-1.txz:  Upgraded.
x/mesa-21.1.2-x86_64-1.txz:  Upgraded.
xap/blueman-2.2.1-x86_64-1.txz:  Upgraded.
xap/gnuplot-5.4.2-x86_64-1.txz:  Upgraded.
xap/mozilla-thunderbird-78.11.0-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/78.11.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29964
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967
  (* Security fix *)
xap/pidgin-2.14.5-x86_64-1.txz:  Upgraded.
xap/xine-lib-1.2.11-x86_64-6.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
extra/bash-completion/bash-completion-2.11-noarch-2.txz:  Rebuilt.
  Removed the slackpkg completion file.
extra/php8/php8-8.0.7-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
2021-06-07 23:59:59 +02:00

269 lines
8.9 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
# Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2017, 2018 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# This script was written using the one from slackbuilds.org as a reference,
# so thanks to Adis Nezirovic ( adis _at_ linux.org.ba ) for the original work.
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=httpd
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.bz2 | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) export ARCH=i586 ;;
arm*) export ARCH=arm ;;
# Unless $ARCH is already set, use uname -m for all other archs:
*) export ARCH=$( uname -m ) ;;
esac
fi
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
exit 0
fi
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
TMP=${TMP:-/tmp}
PKG=$TMP/package-${PKGNAM}
rm -rf $PKG
mkdir -p $TMP $PKG
if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "s390" ]; then
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
else
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
fi
cd $TMP
rm -rf ${PKGNAM}-${VERSION}
tar xvf $CWD/${PKGNAM}-$VERSION.tar.bz2 || exit 1
cd ${PKGNAM}-$VERSION || exit 1
# Make sure ownerships and permissions are sane:
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \+ -o \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
# A brief note about mpms:
#
# "prefork" is the legacy forked mpm, used with mod_php. Starting with httpd
# 2.4.0, new threaded mpms are available, and previously experimental mpms are
# now stable
#
# Non-threaded mpms are no longer required, since php applications can now be
# deployed with the help of mod_fcgid, essentially a set of fixed dedicated cgi
# processes spawned for the whole purpose of executing dynamic applications
#
# Threaded mpms, by their very nature, are far more scalable than the
# traditional preforking solution. They consume less memory for the same
# workload, when serving the same amount of clients. httpd 2.4 ships with two
# options, "event" and "worker", where the former is the default mpm used if
# none is specified at the ./configure line
#
# Lastly, the "prefork" mpm can be used with mod_php as of version 5.4.0,
# which yields a much improved stability, even with most mod_php extensions
# loaded.
#
# The running mpm can be changed by simply loading the module. Here is a sample:
# LoadModule mpm_event_module lib(64)/httpd/modules/mod_mpm_event.so
#
# When upgrading from 2.2, please make sure to stop the deamon first, or your
# new instance may segfault.
# Fix config.layout to use lib${LIBDIRSUFFIX}:
sed -i -e "s#lib/httpd#lib${LIBDIRSUFFIX}/httpd#" config.layout
# If /var/run becomes a tmpfs or a link to /run, subdirectories could be a problem.
# Just use /var/run rather than /var/run/httpd.
sed -i -e "s#/run/httpd#/run#" config.layout
# Configure:
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \
--enable-layout=Slackware-FHS \
--with-apr=/usr \
--with-apr-util=/usr \
--enable-mods-shared=all \
--enable-so \
--enable-mpms-shared=all \
--enable-pie \
--enable-cgi \
--with-pcre \
--enable-ssl \
--enable-http2 \
--enable-rewrite \
--enable-vhost-alias \
--enable-proxy \
--enable-proxy-http \
--enable-proxy-http2 \
--enable-proxy-ftp \
--enable-cache \
--enable-mem-cache \
--enable-file-cache \
--enable-disk-cache \
--enable-dav \
--enable-ldap \
--enable-authnz-ldap \
--enable-authn-anon \
--enable-authn-alias \
--build=$ARCH-slackware-linux || exit 1
# Build and install:
make $NUMJOBS || make || exit 1
make install DESTDIR=$PKG || exit 1
rmdir $PKG/usr/bin
# Tweak default apache configuration
( cd $PKG
zcat $CWD/httpd.runasapache.diff.gz | patch -p1 --verbose || exit 1
# mod_proxy_balancer should be commented out, as otherwise httpd
# will not start without additional configuration:
sed -i "s/^LoadModule proxy_balancer_module/#LoadModule proxy_balancer_module/g" $PKG/etc/httpd/httpd.conf
# This module issues a warning unless some non-default modules are loaded:
sed -i "s/^LoadModule lbmethod_heartbeat_module/#LoadModule lbmethod_heartbeat_module/g" $PKG/etc/httpd/httpd.conf
rm -f $PKG/etc/httpd/httpd.conf~ $PKG/etc/httpd/httpd.conf.orig
) || exit 1
# Change config files to .new:
( cd $PKG/etc/httpd
mv httpd.conf httpd.conf.new
for file in extra/*; do
mv $file "${file}.new"
done
)
cat << EOF >> $PKG/etc/httpd/httpd.conf.new
# Uncomment the following line to enable PHP:
#
#Include /etc/httpd/mod_php.conf
# Uncomment the following lines (and mod_dav above) to enable svn support:
#
#LoadModule dav_svn_module lib${LIBDIRSUFFIX}/httpd/modules/mod_dav_svn.so
#LoadModule authz_svn_module lib${LIBDIRSUFFIX}/httpd/modules/mod_authz_svn.so
EOF
rmdir $PKG/var/log/httpd
mkdir -p $PKG/etc/rc.d
cat $CWD/rc.httpd > $PKG/etc/rc.d/rc.httpd.new
mkdir -p $PKG/etc/logrotate.d
cat $CWD/logrotate.httpd > $PKG/etc/logrotate.d/httpd.new
# Add symlink that letsencrypt wants:
( cd $PKG/usr/sbin
ln -sf apachectl apache2ctl
)
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION/
cp -a \
ABOUT_APACHE CHANGES INSTALL LICENSE NOTICE README* ROADMAP VERSIONING \
$PKG/usr/doc/$PKGNAM-$VERSION
# If there's a CHANGES file, installing at least part of the recent history
# is useful, but don't let it get totally out of control:
if [ -r CHANGES ]; then
DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
cat CHANGES | head -n 1000 > $DOCSDIR/CHANGES
touch -r CHANGES $DOCSDIR/CHANGES
fi
# Other distributions also strip the manual down to just English.
# If this isn't your language of choice, mea culpa.
( cd $PKG/srv/httpd/htdocs/manual
for file in $(find . -type f -name "*.html") ; do
if [ -f ${file}.en ]; then
cp ${file}.en ${file}
rm -f ${file}.*
fi
done
)
# On Slackware, the traditional location for the Apache document root has always
# been "/var/www/htdocs/". We can avoid an unpleasant surprise for people by
# leaving things where they've always been, and comply with the FHS by providing
# symlinks allowing access through the FHS-approved pathnames. KDE, for example,
# will look for htdig's htsearch here: /var/www/cgi-bin/htsearch
mv $PKG/srv/httpd $PKG/var/www
## DISABLED. Don't make these symlinks prior to packaging any more, as it is
## possibly dangerous to an existing document root created in the place where
## these symlinks are normally found. Instead, we make them in the install
## script (only if nothing exists there already)
#( cd $PKG/srv
# ln -sf /var/www .
# ln -sf /var/www httpd
#)
# OK, it's just not generally good form to put your web site in /var/www/htdocs,
# but people do it every day. Like all new .new files, this won't save them this
# time, but if they don't learn their lesson now then it will the next time:
mv $PKG/var/www/htdocs/index.html $PKG/var/www/htdocs/index.html.new
# Strip binaries:
find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
# Compress and link manpages, if any:
if [ -d $PKG/usr/man ]; then
( cd $PKG/usr/man
for manpagedir in $(find . -type d -name "man*") ; do
( cd $manpagedir
for eachpage in $( find . -type l -maxdepth 1) ; do
ln -s $( readlink $eachpage ).gz $eachpage.gz
rm $eachpage
done
gzip -9 *.*
)
done
)
fi
cd $PKG
/sbin/makepkg -l y -c n $TMP/${PKGNAM}-$VERSION-$ARCH-$BUILD.txz
Reference in a new issue View git blame Copy permalink