[meta-webserver][PATCH 0/3] Apache / PHP upgrades

[meta-webserver][PATCH 0/3] Apache / PHP upgrades

[Paul Eggleton]

The following changes since commit a1b6699ad26e1035f5c29918e059b8b57fde57ff:

  add libcrypt-openssl-rsa-perl (2014-01-13 09:59:45 +0000)

are available in the git repository at:

  git://git.openembedded.org/meta-openembedded-contrib paule/webserver-upgrades
  http://cgit.openembedded.org/cgit.cgi/meta-openembedded-contrib/log/?h=paule/webserver-upgrades

Paul Eggleton (3):
  apache2: update to 2.4.7
  modphp: upgrade to 5.5.8
  phpmyadmin: update to 4.1.4

 .../apache2-2.4.6/httpd-2.4.4-r1332643.patch       | 260 ---------------------
 ...he2-native_2.4.6.bb => apache2-native_2.4.7.bb} |   6 +-
 .../apache-configure_perlbin.patch                 |   0
 .../apache-ssl-ltmain-rpath.patch                  |   0
 .../fix-libtool-name.patch                         |   0
 .../httpd-2.4.1-corelimit.patch                    |   0
 .../httpd-2.4.1-selinux.patch                      |   0
 .../httpd-2.4.4-export.patch                       |   0
 .../replace-lynx-to-curl-in-apachectl-script.patch |   0
 .../server-makefile.patch                          |   0
 .../apache2/{apache2_2.4.6.bb => apache2_2.4.7.bb} |   7 +-
 meta-webserver/recipes-php/modphp/modphp_5.5.2.bb  |   7 -
 meta-webserver/recipes-php/modphp/modphp_5.5.8.bb  |   7 +
 .../{phpmyadmin_4.0.5.bb => phpmyadmin_4.1.4.bb}   |   4 +-
 14 files changed, 15 insertions(+), 276 deletions(-)
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-r1332643.patch
 rename meta-webserver/recipes-httpd/apache2/{apache2-native_2.4.6.bb => apache2-native_2.4.7.bb} (84%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/apache-configure_perlbin.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/apache-ssl-ltmain-rpath.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/fix-libtool-name.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/httpd-2.4.1-corelimit.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/httpd-2.4.1-selinux.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/httpd-2.4.4-export.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/replace-lynx-to-curl-in-apachectl-script.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/server-makefile.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.6.bb => apache2_2.4.7.bb} (95%)
 delete mode 100644 meta-webserver/recipes-php/modphp/modphp_5.5.2.bb
 create mode 100644 meta-webserver/recipes-php/modphp/modphp_5.5.8.bb
 rename meta-webserver/recipes-php/phpmyadmin/{phpmyadmin_4.0.5.bb => phpmyadmin_4.1.4.bb} (87%)

-- 
1.8.1.2

[meta-webserver][PATCH 1/3] apache2: update to 2.4.7

[Paul Eggleton]

* LIC_FILES_CHKSUM changed because of the introduction of an extra blank
  line in the LICENSE file (!)
* Drop httpd-2.4.4-r1332643.patch - it no longer applies and was dropped
  in Fedora on the 2.4.7 upgrade.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
 .../apache2-2.4.6/httpd-2.4.4-r1332643.patch       | 260 ---------------------
 ...he2-native_2.4.6.bb => apache2-native_2.4.7.bb} |   6 +-
 .../apache-configure_perlbin.patch                 |   0
 .../apache-ssl-ltmain-rpath.patch                  |   0
 .../fix-libtool-name.patch                         |   0
 .../httpd-2.4.1-corelimit.patch                    |   0
 .../httpd-2.4.1-selinux.patch                      |   0
 .../httpd-2.4.4-export.patch                       |   0
 .../replace-lynx-to-curl-in-apachectl-script.patch |   0
 .../server-makefile.patch                          |   0
 .../apache2/{apache2_2.4.6.bb => apache2_2.4.7.bb} |   7 +-
 11 files changed, 6 insertions(+), 267 deletions(-)
 delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-r1332643.patch
 rename meta-webserver/recipes-httpd/apache2/{apache2-native_2.4.6.bb => apache2-native_2.4.7.bb} (84%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/apache-configure_perlbin.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/apache-ssl-ltmain-rpath.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/fix-libtool-name.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/httpd-2.4.1-corelimit.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/httpd-2.4.1-selinux.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/httpd-2.4.4-export.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/replace-lynx-to-curl-in-apachectl-script.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/server-makefile.patch (100%)
 rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.6.bb => apache2_2.4.7.bb} (95%)

diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-r1332643.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-r1332643.patch
deleted file mode 100644
index ba28231..0000000
--- a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-r1332643.patch
+++ /dev/null
@@ -1,260 +0,0 @@
-Add support for TLS Next Protocol Negotiation:
-
-* modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new
-  hooks for next protocol advertisement/discovery.
-
-* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable
-  NPN advertisement callback in handshake.
-
-* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke
-  next-protocol discovery hook.
-
-* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos): 
-  New callback.
-
-* modules/ssl/ssl_private.h: Add prototype.
-
-Submitted by: Matthew Steele <mdsteele google.com>
-  with slight tweaks by jorton
-
-https://bugzilla.redhat.com//show_bug.cgi?id=809599
-
-http://svn.apache.org/viewvc?view=revision&revision=1332643
-
-Upstream-Status: Backport
-
---- httpd-2.4.4/modules/ssl/ssl_private.h
-+++ httpd-2.4.4/modules/ssl/ssl_private.h
-@@ -139,6 +139,11 @@
- #define HAVE_FIPS
- #endif
- 
-+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \
-+    && !defined(OPENSSL_NO_TLSEXT)
-+#define HAVE_TLS_NPN
-+#endif
-+
- #if (OPENSSL_VERSION_NUMBER >= 0x10000000)
- #define MODSSL_SSL_CIPHER_CONST const
- #define MODSSL_SSL_METHOD_CONST const
-@@ -840,6 +845,7 @@ int          ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
- int         ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *,
-                                        EVP_CIPHER_CTX *, HMAC_CTX *, int);
- #endif
-+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg);
- 
- /**  Session Cache Support  */
- void         ssl_scache_init(server_rec *, apr_pool_t *);
---- httpd-2.4.4/modules/ssl/mod_ssl.c
-+++ httpd-2.4.4/modules/ssl/mod_ssl.c
-@@ -272,6 +272,18 @@ static const command_rec ssl_config_cmds[] = {
-     AP_END_CMD
- };
- 
-+/* Implement 'modssl_run_npn_advertise_protos_hook'. */
-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
-+    modssl, AP, int, npn_advertise_protos_hook,
-+    (conn_rec *connection, apr_array_header_t *protos),
-+    (connection, protos), OK, DECLINED);
-+
-+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
-+    modssl, AP, int, npn_proto_negotiated_hook,
-+    (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len),
-+    (connection, proto_name, proto_name_len), OK, DECLINED);
-+
- /*
-  *  the various processing hooks
-  */
---- httpd-2.4.4/modules/ssl/mod_ssl.h
-+++ httpd-2.4.4/modules/ssl/mod_ssl.h
-@@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
- 
- APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
- 
-+/** The npn_advertise_protos optional hook allows other modules to add entries
-+ * to the list of protocol names advertised by the server during the Next
-+ * Protocol Negotiation (NPN) portion of the SSL handshake.  The hook callee is
-+ * given the connection and an APR array; it should push one or more char*'s
-+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
-+ * the array and return OK, or do nothing and return DECLINED. */
-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
-+                          (conn_rec *connection, apr_array_header_t *protos));
-+
-+/** The npn_proto_negotiated optional hook allows other modules to discover the
-+ * name of the protocol that was chosen during the Next Protocol Negotiation
-+ * (NPN) portion of the SSL handshake.  Note that this may be the empty string
-+ * (in which case modules should probably assume HTTP), or it may be a protocol
-+ * that was never even advertised by the server.  The hook callee is given the
-+ * connection, a non-null-terminated string containing the protocol name, and
-+ * the length of the string; it should do something appropriate (i.e. insert or
-+ * remove filters) and return OK, or do nothing and return DECLINED. */
-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
-+                          (conn_rec *connection, const char *proto_name,
-+                           apr_size_t proto_name_len));
-+
- #endif /* __MOD_SSL_H__ */
- /** @} */
---- httpd-2.4.4/modules/ssl/ssl_engine_init.c
-+++ httpd-2.4.4/modules/ssl/ssl_engine_init.c
-@@ -725,6 +725,11 @@ static void ssl_init_ctx_callbacks(server_rec *s,
- #endif
- 
-     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
-+
-+#ifdef HAVE_TLS_NPN
-+    SSL_CTX_set_next_protos_advertised_cb(
-+        ctx, ssl_callback_AdvertiseNextProtos, NULL);
-+#endif
- }
- 
- static void ssl_init_ctx_verify(server_rec *s,
---- httpd-2.4.4/modules/ssl/ssl_engine_io.c
-+++ httpd-2.4.4/modules/ssl/ssl_engine_io.c
-@@ -28,6 +28,7 @@
-                                   core keeps dumping.''
-                                             -- Unknown    */
- #include "ssl_private.h"
-+#include "mod_ssl.h"
- #include "apr_date.h"
- 
- /*  _________________________________________________________________
-@@ -297,6 +298,7 @@ typedef struct {
-     apr_pool_t *pool;
-     char buffer[AP_IOBUFSIZE];
-     ssl_filter_ctx_t *filter_ctx;
-+    int npn_finished;  /* 1 if NPN has finished, 0 otherwise */
- } bio_filter_in_ctx_t;
- 
- /*
-@@ -1385,6 +1387,27 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
-         APR_BRIGADE_INSERT_TAIL(bb, bucket);
-     }
- 
-+#ifdef HAVE_TLS_NPN
-+    /* By this point, Next Protocol Negotiation (NPN) should be completed (if
-+     * our version of OpenSSL supports it).  If we haven't already, find out
-+     * which protocol was decided upon and inform other modules by calling
-+     * npn_proto_negotiated_hook. */
-+    if (!inctx->npn_finished) {
-+        const unsigned char *next_proto = NULL;
-+        unsigned next_proto_len = 0;
-+
-+        SSL_get0_next_proto_negotiated(
-+            inctx->ssl, &next_proto, &next_proto_len);
-+        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c,
-+                      "SSL NPN negotiated protocol: '%s'",
-+                      apr_pstrmemdup(f->c->pool, (const char*)next_proto,
-+                                     next_proto_len));
-+        modssl_run_npn_proto_negotiated_hook(
-+            f->c, (const char*)next_proto, next_proto_len);
-+        inctx->npn_finished = 1;
-+    }
-+#endif
-+
-     return APR_SUCCESS;
- }
- 
-@@ -1866,6 +1889,7 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c,
-     inctx->block = APR_BLOCK_READ;
-     inctx->pool = c->pool;
-     inctx->filter_ctx = filter_ctx;
-+    inctx->npn_finished = 0;
- }
- 
- /* The request_rec pointer is passed in here only to ensure that the
---- httpd-2.4.4/modules/ssl/ssl_engine_kernel.c
-+++ httpd-2.4.4/modules/ssl/ssl_engine_kernel.c
-@@ -29,6 +29,7 @@
-                                   time I was too famous.''
-                                             -- Unknown                */
- #include "ssl_private.h"
-+#include "mod_ssl.h"
- #include "util_md5.h"
- 
- static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
-@@ -2186,3 +2187,84 @@ int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg)
- }
- 
- #endif /* OPENSSL_NO_SRP */
-+
-+#ifdef HAVE_TLS_NPN
-+/*
-+ * This callback function is executed when SSL needs to decide what protocols
-+ * to advertise during Next Protocol Negotiation (NPN).  It must produce a
-+ * string in wire format -- a sequence of length-prefixed strings -- indicating
-+ * the advertised protocols.  Refer to SSL_CTX_set_next_protos_advertised_cb
-+ * in OpenSSL for reference.
-+ */
-+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
-+                                     unsigned int *size_out, void *arg)
-+{
-+    conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
-+    apr_array_header_t *protos;
-+    int num_protos;
-+    unsigned int size;
-+    int i;
-+    unsigned char *data;
-+    unsigned char *start;
-+
-+    *data_out = NULL;
-+    *size_out = 0;
-+
-+    /* If the connection object is not available, then there's nothing for us
-+     * to do. */
-+    if (c == NULL) {
-+        return SSL_TLSEXT_ERR_OK;
-+    }
-+
-+    /* Invoke our npn_advertise_protos hook, giving other modules a chance to
-+     * add alternate protocol names to advertise. */
-+    protos = apr_array_make(c->pool, 0, sizeof(char*));
-+    modssl_run_npn_advertise_protos_hook(c, protos);
-+    num_protos = protos->nelts;
-+
-+    /* We now have a list of null-terminated strings; we need to concatenate
-+     * them together into a single string, where each protocol name is prefixed
-+     * by its length.  First, calculate how long that string will be. */
-+    size = 0;
-+    for (i = 0; i < num_protos; ++i) {
-+        const char *string = APR_ARRAY_IDX(protos, i, const char*);
-+        unsigned int length = strlen(string);
-+        /* If the protocol name is too long (the length must fit in one byte),
-+         * then log an error and skip it. */
-+        if (length > 255) {
-+            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
-+                          "SSL NPN protocol name too long (length=%u): %s",
-+                          length, string);
-+            continue;
-+        }
-+        /* Leave room for the length prefix (one byte) plus the protocol name
-+         * itself. */
-+        size += 1 + length;
-+    }
-+
-+    /* If there is nothing to advertise (either because no modules added
-+     * anything to the protos array, or because all strings added to the array
-+     * were skipped), then we're done. */
-+    if (size == 0) {
-+        return SSL_TLSEXT_ERR_OK;
-+    }
-+
-+    /* Now we can build the string.  Copy each protocol name string into the
-+     * larger string, prefixed by its length. */
-+    data = apr_palloc(c->pool, size * sizeof(unsigned char));
-+    start = data;
-+    for (i = 0; i < num_protos; ++i) {
-+        const char *string = APR_ARRAY_IDX(protos, i, const char*);
-+        apr_size_t length = strlen(string);
-+        *start = (unsigned char)length;
-+        ++start;
-+        memcpy(start, string, length * sizeof(unsigned char));
-+        start += length;
-+    }
-+
-+    /* Success. */
-+    *data_out = data;
-+    *size_out = size;
-+    return SSL_TLSEXT_ERR_OK;
-+}
-+#endif
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.6.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.7.bb
similarity index 84%
rename from meta-webserver/recipes-httpd/apache2/apache2-native_2.4.6.bb
rename to meta-webserver/recipes-httpd/apache2/apache2-native_2.4.7.bb
index 6efd469..bd935eb 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.6.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.7.bb
@@ -12,9 +12,9 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2"
 
 S = "${WORKDIR}/httpd-${PV}"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=eff226ae95d0516d6210ed77dfdf2dcc"
-SRC_URI[md5sum] = "ea5e361ca37b8d7853404419dd502efe"
-SRC_URI[sha256sum] = "dc9f3625ebc08bea55eeb0d16e71fba656f252e6cd0aa244ee7806dc3b022fea"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"
+SRC_URI[md5sum] = "170d7fb6fe5f28b87d1878020a9ab94e"
+SRC_URI[sha256sum] = "64368d8301836815ae237f2b62d909711c896c1bd34573771e0ee5ad808ce71b"
 
 do_configure () {
     ./configure --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/apache-configure_perlbin.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch
similarity index 100%
rename from meta-webserver/recipes-httpd/apache2/apache2-2.4.6/apache-configure_perlbin.patch
rename to meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/apache-ssl-ltmain-rpath.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch
similarity index 100%
rename from meta-webserver/recipes-httpd/apache2/apache2-2.4.6/apache-ssl-ltmain-rpath.patch
rename to meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/fix-libtool-name.patch b/meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch
similarity index 100%
rename from meta-webserver/recipes-httpd/apache2/apache2-2.4.6/fix-libtool-name.patch
rename to meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.1-corelimit.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch
similarity index 100%
rename from meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.1-corelimit.patch
rename to meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch
similarity index 100%
rename from meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.1-selinux.patch
rename to meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-export.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch
similarity index 100%
rename from meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-export.patch
rename to meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/replace-lynx-to-curl-in-apachectl-script.patch b/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch
similarity index 100%
rename from meta-webserver/recipes-httpd/apache2/apache2-2.4.6/replace-lynx-to-curl-in-apachectl-script.patch
rename to meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.6/server-makefile.patch b/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch
similarity index 100%
rename from meta-webserver/recipes-httpd/apache2/apache2-2.4.6/server-makefile.patch
rename to meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.6.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.7.bb
similarity index 95%
rename from meta-webserver/recipes-httpd/apache2/apache2_2.4.6.bb
rename to meta-webserver/recipes-httpd/apache2/apache2_2.4.7.bb
index cc88fac..f23776f 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.6.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.7.bb
@@ -11,7 +11,6 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
            file://httpd-2.4.1-corelimit.patch \
            file://httpd-2.4.4-export.patch \
            file://httpd-2.4.1-selinux.patch \
-           file://httpd-2.4.4-r1332643.patch \
            file://apache-configure_perlbin.patch \
            file://replace-lynx-to-curl-in-apachectl-script.patch \
            file://apache-ssl-ltmain-rpath.patch \
@@ -19,9 +18,9 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
            file://init \
            file://apache2-volatile.conf"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=eff226ae95d0516d6210ed77dfdf2dcc"
-SRC_URI[md5sum] = "ea5e361ca37b8d7853404419dd502efe"
-SRC_URI[sha256sum] = "dc9f3625ebc08bea55eeb0d16e71fba656f252e6cd0aa244ee7806dc3b022fea"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"
+SRC_URI[md5sum] = "170d7fb6fe5f28b87d1878020a9ab94e"
+SRC_URI[sha256sum] = "64368d8301836815ae237f2b62d909711c896c1bd34573771e0ee5ad808ce71b"
 
 S = "${WORKDIR}/httpd-${PV}"
 
-- 
1.8.1.2

[meta-webserver][PATCH 2/3] modphp: upgrade to 5.5.8

[Paul Eggleton]

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
 meta-webserver/recipes-php/modphp/modphp_5.5.2.bb | 7 -------
 meta-webserver/recipes-php/modphp/modphp_5.5.8.bb | 7 +++++++
 2 files changed, 7 insertions(+), 7 deletions(-)
 delete mode 100644 meta-webserver/recipes-php/modphp/modphp_5.5.2.bb
 create mode 100644 meta-webserver/recipes-php/modphp/modphp_5.5.8.bb

diff --git a/meta-webserver/recipes-php/modphp/modphp_5.5.2.bb b/meta-webserver/recipes-php/modphp/modphp_5.5.2.bb
deleted file mode 100644
index 3c23242..0000000
--- a/meta-webserver/recipes-php/modphp/modphp_5.5.2.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-include modphp5.inc
-
-EXTRA_OECONF += "--disable-opcache"
-
-SRC_URI[md5sum] = "caf7f4d86514a568fb3c8021b096a9f0"
-SRC_URI[sha256sum] = "e72aaf1fa96eac0bff127bfc74c174d1de50cd3f66d7e0e1ee919674ab463bb7"
-
diff --git a/meta-webserver/recipes-php/modphp/modphp_5.5.8.bb b/meta-webserver/recipes-php/modphp/modphp_5.5.8.bb
new file mode 100644
index 0000000..04925fb
--- /dev/null
+++ b/meta-webserver/recipes-php/modphp/modphp_5.5.8.bb
@@ -0,0 +1,7 @@
+include modphp5.inc
+
+EXTRA_OECONF += "--disable-opcache"
+
+SRC_URI[md5sum] = "42fe814a3cbbf34b21a2c39f66ee0001"
+SRC_URI[sha256sum] = "6d5f45659d13383fc8429f185cc9da0b30c7bb72dcae9baf568f0511eb7f8b68"
+
-- 
1.8.1.2

[meta-webserver][PATCH 3/3] phpmyadmin: update to 4.1.4

[Paul Eggleton]

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
 .../phpmyadmin/{phpmyadmin_4.0.5.bb => phpmyadmin_4.1.4.bb}           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-webserver/recipes-php/phpmyadmin/{phpmyadmin_4.0.5.bb => phpmyadmin_4.1.4.bb} (87%)

diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.0.5.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.1.4.bb
similarity index 87%
rename from meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.0.5.bb
rename to meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.1.4.bb
index f97dc91..c2bc8bb 100644
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.0.5.bb
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.1.4.bb
@@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a \
 SRC_URI = "${SOURCEFORGE_MIRROR}/phpmyadmin/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \
            file://apache.conf"
 
-SRC_URI[md5sum] = "5cc493908d09df1760c7cdcd1622ebf7"
-SRC_URI[sha256sum] = "f4df1190441ce5e094183cfadf8aec4af3a4f131339599e6380a1c6ac0a11fe4"
+SRC_URI[md5sum] = "9802ba0a7ee6afd8941dc8d0af589913"
+SRC_URI[sha256sum] = "4bd23cda85b3ac4e44a1e472a461638230020af78bd03d7178f60d55b8bb1331"
 
 S = "${WORKDIR}/phpMyAdmin-${PV}-all-languages"
 
-- 
1.8.1.2

Re: [meta-webserver][PATCH 0/3] Apache / PHP upgrades

[Randy MacLeod]

On 14-01-13 05:38 AM, Paul Eggleton wrote:
> The following changes since commit a1b6699ad26e1035f5c29918e059b8b57fde57ff:
>
>    add libcrypt-openssl-rsa-perl (2014-01-13 09:59:45 +0000)
>
> are available in the git repository at:
>
>    git://git.openembedded.org/meta-openembedded-contrib paule/webserver-upgrades
>    http://cgit.openembedded.org/cgit.cgi/meta-openembedded-contrib/log/?h=paule/webserver-upgrades
>
> Paul Eggleton (3):
>    apache2: update to 2.4.7
>    modphp: upgrade to 5.5.8
>    phpmyadmin: update to 4.1.4
>
>   .../apache2-2.4.6/httpd-2.4.4-r1332643.patch       | 260 ---------------------

Hi Paul,

You asked me about dropping this patch and I've done a bit of digging.

My conclusion is that the  patch is not integrated into 2.4.7 and
it would be "nice to have" since we've supported it so far.
It seems that apache2-2.6.x will include the patch.

The intended use is primarily to support SPDY as described here:
    https://technotes.googlecode.com/git/nextprotoneg.html
and I skimmed though this:
 
http://googledevelopers.blogspot.ca/2012/04/add-spdy-support-to-your-apache-server.html


As for generating a new patch, the STATUS file in 2.4.7 says:
...
    * mod_ssl: Add support for Next Protocol Negotiation.
      Trunk patch:
        http://svn.apache.org/viewvc?view=revision&revision=1332643
      2.4.x patch:
        Trunk patch works.
      +1: ben
      sf says: Needs r1345599, too.
           And wrowe's comment about the 2.2 patch is also valid for 2.4:
           http://svn.apache.org/viewvc?view=revision&revision=1354823


Does that help? Do you want someone @WR to work on the patch, the 
mod_spdy module and testing? A few more comments and links given
below.

../Randy

---

This patch has:
    Upstream-Status: Backport
and I do see the _reworked_ feature and our patch upstream
in the git-svn repo:
    https://github.com/apache/httpd.git
specifically, the re-worked commit here:
 
https://github.com/apache/httpd/commit/afa9bc99edf96a8ff3a81786cc4ef52a9f3cf310

and a commit with identical content to our patch here:
 
https://github.com/apache/httpd/commit/79d4d4d3ce586bf526178ed6d05e1b0dca7051c4

but they are both on the trunk branch (aka 2.5) so
they are not include in 2.4.7.

The original defect is:
    https://issues.apache.org/bugzilla/show_bug.cgi?id=52210

    OpenSSL 1.0.1 added support for TLS Next Protocol Negotiation (NPN)
    [1], a feature which allows client and server to negotiate what
    protocol should be used over the secure connection.  I propose
    adding hooks into mod_ssl to allow other modules to access
    this feature.

---

>   ...he2-native_2.4.6.bb => apache2-native_2.4.7.bb} |   6 +-
>   .../apache-configure_perlbin.patch                 |   0
>   .../apache-ssl-ltmain-rpath.patch                  |   0
>   .../fix-libtool-name.patch                         |   0
>   .../httpd-2.4.1-corelimit.patch                    |   0
>   .../httpd-2.4.1-selinux.patch                      |   0
>   .../httpd-2.4.4-export.patch                       |   0
>   .../replace-lynx-to-curl-in-apachectl-script.patch |   0
>   .../server-makefile.patch                          |   0
>   .../apache2/{apache2_2.4.6.bb => apache2_2.4.7.bb} |   7 +-
>   meta-webserver/recipes-php/modphp/modphp_5.5.2.bb  |   7 -
>   meta-webserver/recipes-php/modphp/modphp_5.5.8.bb  |   7 +
>   .../{phpmyadmin_4.0.5.bb => phpmyadmin_4.1.4.bb}   |   4 +-
>   14 files changed, 15 insertions(+), 276 deletions(-)
>   delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2-2.4.6/httpd-2.4.4-r1332643.patch
>   rename meta-webserver/recipes-httpd/apache2/{apache2-native_2.4.6.bb => apache2-native_2.4.7.bb} (84%)
>   rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/apache-configure_perlbin.patch (100%)
>   rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/apache-ssl-ltmain-rpath.patch (100%)
>   rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/fix-libtool-name.patch (100%)
>   rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/httpd-2.4.1-corelimit.patch (100%)
>   rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/httpd-2.4.1-selinux.patch (100%)
>   rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/httpd-2.4.4-export.patch (100%)
>   rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/replace-lynx-to-curl-in-apachectl-script.patch (100%)
>   rename meta-webserver/recipes-httpd/apache2/{apache2-2.4.6 => apache2}/server-makefile.patch (100%)
>   rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.6.bb => apache2_2.4.7.bb} (95%)
>   delete mode 100644 meta-webserver/recipes-php/modphp/modphp_5.5.2.bb
>   create mode 100644 meta-webserver/recipes-php/modphp/modphp_5.5.8.bb
>   rename meta-webserver/recipes-php/phpmyadmin/{phpmyadmin_4.0.5.bb => phpmyadmin_4.1.4.bb} (87%)
>


-- 
# Randy MacLeod. SMTS, Linux, Wind River
Direct: 613.963.1350

Re: [meta-webserver][PATCH 0/3] Apache / PHP upgrades

[Paul Eggleton]

Hi Randy,

On Thursday 16 January 2014 09:31:28 Randy MacLeod wrote:
> You asked me about dropping this patch and I've done a bit of digging.
> 
> My conclusion is that the  patch is not integrated into 2.4.7 and
> it would be "nice to have" since we've supported it so far.
> It seems that apache2-2.6.x will include the patch.
> 
> The intended use is primarily to support SPDY as described here:
>     https://technotes.googlecode.com/git/nextprotoneg.html
> and I skimmed though this:
> 
> http://googledevelopers.blogspot.ca/2012/04/add-spdy-support-to-your-apache-> server.html
> 
> 
> As for generating a new patch, the STATUS file in 2.4.7 says:
> ...
>     * mod_ssl: Add support for Next Protocol Negotiation.
>       Trunk patch:
>         http://svn.apache.org/viewvc?view=revision&revision=1332643
>       2.4.x patch:
>         Trunk patch works.
>       +1: ben
>       sf says: Needs r1345599, too.
>            And wrowe's comment about the 2.2 patch is also valid for 2.4:
>            http://svn.apache.org/viewvc?view=revision&revision=1354823
> 
> 
> Does that help? Do you want someone @WR to work on the patch, the
> mod_spdy module and testing? A few more comments and links given
> below.
> 
> ../Randy
> 
> ---
> 
> This patch has:
>     Upstream-Status: Backport
> and I do see the _reworked_ feature and our patch upstream
> in the git-svn repo:
>     https://github.com/apache/httpd.git
> specifically, the re-worked commit here:
> 
> https://github.com/apache/httpd/commit/afa9bc99edf96a8ff3a81786cc4ef52a9f3cf
> 310
> 
> and a commit with identical content to our patch here:
> 
> https://github.com/apache/httpd/commit/79d4d4d3ce586bf526178ed6d05e1b0dca705
> 1c4
> 
> but they are both on the trunk branch (aka 2.5) so
> they are not include in 2.4.7.
> 
> The original defect is:
>     https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
> 
>     OpenSSL 1.0.1 added support for TLS Next Protocol Negotiation (NPN)
>     [1], a feature which allows client and server to negotiate what
>     protocol should be used over the secure connection.  I propose
>     adding hooks into mod_ssl to allow other modules to access
>     this feature.


Thanks for looking deeper into this. I'm not quite sure what they mean by 
"Trunk patch works" but I just retrieved the trunk patch and tried to apply it 
but there are conflicts; I also tried a cherry-pick on that git repository but 
that didn't work either. 

I suspect that it would be good to have someone else who knows more about this 
feature create and test a new patch, so if you have someone who could do that 
that would be great.

Cheers,
Paul

-- 

Paul Eggleton
Intel Open Source Technology Centre

Re: [meta-webserver][PATCH 0/3] Apache / PHP upgrades

[Randy MacLeod]

On 14-01-16 10:15 AM, Paul Eggleton wrote:
> Hi Randy,
>
> On Thursday 16 January 2014 09:31:28 Randy MacLeod wrote:
>> You asked me about dropping this patch and I've done a bit of digging.
>>
>> My conclusion is that the  patch is not integrated into 2.4.7 and
>> it would be "nice to have" since we've supported it so far.
>> It seems that apache2-2.6.x will include the patch.
>>
>> The intended use is primarily to support SPDY as described here:
>>      https://technotes.googlecode.com/git/nextprotoneg.html
>> and I skimmed though this:
>>
>> http://googledevelopers.blogspot.ca/2012/04/add-spdy-support-to-your-apache-> server.html
>>
>>
>> As for generating a new patch, the STATUS file in 2.4.7 says:
>> ...
>>      * mod_ssl: Add support for Next Protocol Negotiation.
>>        Trunk patch:
>>          http://svn.apache.org/viewvc?view=revision&revision=1332643
>>        2.4.x patch:
>>          Trunk patch works.
>>        +1: ben
>>        sf says: Needs r1345599, too.
>>             And wrowe's comment about the 2.2 patch is also valid for 2.4:
>>             http://svn.apache.org/viewvc?view=revision&revision=1354823
>>
>>
>> Does that help? Do you want someone @WR to work on the patch, the
>> mod_spdy module and testing? A few more comments and links given
>> below.
>>
>> ../Randy
>>
>> ---
>>
>> This patch has:
>>      Upstream-Status: Backport
>> and I do see the _reworked_ feature and our patch upstream
>> in the git-svn repo:
>>      https://github.com/apache/httpd.git
>> specifically, the re-worked commit here:
>>
>> https://github.com/apache/httpd/commit/afa9bc99edf96a8ff3a81786cc4ef52a9f3cf
>> 310
>>
>> and a commit with identical content to our patch here:
>>
>> https://github.com/apache/httpd/commit/79d4d4d3ce586bf526178ed6d05e1b0dca705
>> 1c4
>>
>> but they are both on the trunk branch (aka 2.5) so
>> they are not include in 2.4.7.
>>
>> The original defect is:
>>      https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
>>
>>      OpenSSL 1.0.1 added support for TLS Next Protocol Negotiation (NPN)
>>      [1], a feature which allows client and server to negotiate what
>>      protocol should be used over the secure connection.  I propose
>>      adding hooks into mod_ssl to allow other modules to access
>>      this feature.
>
>
> Thanks for looking deeper into this. I'm not quite sure what they mean by
> "Trunk patch works" but I just retrieved the trunk patch and tried to apply it
> but there are conflicts; I also tried a cherry-pick on that git repository but
> that didn't work either.
>
> I suspect that it would be good to have someone else who knows more about this
> feature create and test a new patch, so if you have someone who could do that
> that would be great.

Will do. It may have to wait until after the Chinese Spring festival but
we'll get it on the "to do" list.

../Randy
>
> Cheers,
> Paul
>


-- 
# Randy MacLeod. SMTS, Linux, Wind River
Direct: 613.963.1350