PR#41: update to 2.4.59 - rpms/httpd

rpms / httpd

#41 update to 2.4.59

Merged 2 months ago by jorton. Opened 2 months ago by jorton.

rpms/ jorton/httpd rebase-2.4.59 into rawhide

Joe Orton • 2 months ago

9ee4b1c

.gitignore

file modified

		`@@ -49,3 +49,4 @@`
		`/httpd-2.4.56.tar.bz2.asc`
		`/httpd-2.4.57.tar.bz2.asc`
		`/httpd-2.4.58.tar.bz2.asc`
		`+ /httpd-2.4.59.tar.bz2.asc`

httpd-2.4.43-r1861793+.patch

file removed

-272

		`@@ -1,272 +0,0 @@`
		`-`
		`- Upstream-Status: proposed for 2.4.59`
		`-`
		`- --- httpd-2.4.43/configure.in.r1861793+`
		`- +++ httpd-2.4.43/configure.in`
		`- @@ -465,6 +465,28 @@`
		`- AC_SEARCH_LIBS(crypt, crypt)`
		`- CRYPT_LIBS="$LIBS"`
		`- APACHE_SUBST(CRYPT_LIBS)`
		`- +`
		`- +if test "$ac_cv_search_crypt" != "no"; then`
		`- + # Test crypt() with the SHA-512 test vector from https://akkadia.org/drepper/SHA-crypt.txt`
		`- + AC_CACHE_CHECK([whether crypt() supports SHA-2], [ap_cv_crypt_sha2], [`
		`- + AC_RUN_IFELSE([AC_LANG_PROGRAM([[`
		`- +#include <crypt.h>`
		`- +#include <stdlib.h>`
		`- +#include <string.h>`
		`- +`
		`- +#define PASSWD_0 "Hello world!"`
		`- +#define SALT_0 "\$6\$saltstring"`
		`- +#define EXPECT_0 "\$6\$saltstring\$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJu" \`
		`- + "esI68u4OTLiBFdcbYEdFCoEOfaS35inz1"`
		`- +]], [char *result = crypt(PASSWD_0, SALT_0);`
		`- + if (!result) return 1;`
		`- + if (strcmp(result, EXPECT_0)) return 2;`
		`- +])], [ap_cv_crypt_sha2=yes], [ap_cv_crypt_sha2=no])])`
		`- + if test "$ap_cv_crypt_sha2" = yes; then`
		`- + AC_DEFINE([HAVE_CRYPT_SHA2], 1, [Define if crypt() supports SHA-2 hashes])`
		`- + fi`
		`- +fi`
		`- +`
		`- LIBS="$saved_LIBS"`
		`-`
		`- dnl See Comment #Spoon`
		`- --- httpd-2.4.43/docs/man/htpasswd.1.r1861793+`
		`- +++ httpd-2.4.43/docs/man/htpasswd.1`
		`- @@ -27,16 +27,16 @@`
		`- .SH "SYNOPSIS"`
		`-`
		`- .PP`
		`- -\fB\fBhtpasswd\fR [ -\fBc\fR ] [ -\fBi\fR ] [ -\fBm\fR \| -\fBB\fR \| -\fBd\fR \| -\fBs\fR \| -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR \fIusername\fR\fR`
		`- +\fB\fBhtpasswd\fR [ -\fBc\fR ] [ -\fBi\fR ] [ -\fBm\fR \| -\fBB\fR \| -\fB2\fR \| -\fB5\fR \| -\fBd\fR \| -\fBs\fR \| -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR \fIusername\fR\fR`
		`-`
		`- .PP`
		`- -\fB\fBhtpasswd\fR -\fBb\fR [ -\fBc\fR ] [ -\fBm\fR \| -\fBB\fR \| -\fBd\fR \| -\fBs\fR \| -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR \fIusername\fR \fIpassword\fR\fR`
		`- +\fB\fBhtpasswd\fR -\fBb\fR [ -\fBc\fR ] [ -\fBm\fR \| -\fBB\fR \| -\fB2\fR \| -\fB5\fR \| -\fBd\fR \| -\fBs\fR \| -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR \fIusername\fR \fIpassword\fR\fR`
		`-`
		`- .PP`
		`- -\fB\fBhtpasswd\fR -\fBn\fR [ -\fBi\fR ] [ -\fBm\fR \| -\fBB\fR \| -\fBd\fR \| -\fBs\fR \| -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR\fR`
		`- +\fB\fBhtpasswd\fR -\fBn\fR [ -\fBi\fR ] [ -\fBm\fR \| -\fBB\fR \| -\fB2\fR \| -\fB5\fR \| -\fBd\fR \| -\fBs\fR \| -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR\fR`
		`-`
		`- .PP`
		`- -\fB\fBhtpasswd\fR -\fBnb\fR [ -\fBm\fR \| -\fBB\fR \| -\fBd\fR \| -\fBs\fR \| -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR \fIpassword\fR\fR`
		`- +\fB\fBhtpasswd\fR -\fBnb\fR [ -\fBm\fR \| -\fBB\fR \| -\fB2\fR \| -\fB5\fR \| -\fBd\fR \| -\fBs\fR \| -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR \fIpassword\fR\fR`
		`-`
		`-`
		`- .SH "SUMMARY"`
		`- @@ -48,7 +48,7 @@`
		`- Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by \fBhtpasswd\fR\&. This program can only manage usernames and passwords stored in a flat-file\&. It can encrypt and display password information for use in other types of data stores, though\&. To use a DBM database see dbmmanage or htdbm\&.`
		`-`
		`- .PP`
		`- -\fBhtpasswd\fR encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system's \fBcrypt()\fR routine\&. Files managed by \fBhtpasswd\fR may contain a mixture of different encoding types of passwords; some user records may have bcrypt or MD5-encrypted passwords while others in the same file may have passwords encrypted with \fBcrypt()\fR\&.`
		`- +\fBhtpasswd\fR encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA-1, or the system's \fBcrypt()\fR routine\&. SHA-2-based hashes (SHA-256 and SHA-512) are supported for \fBcrypt()\fR\&. Files managed by \fBhtpasswd\fR may contain a mixture of different encoding types of passwords; some user records may have bcrypt or MD5-encrypted passwords while others in the same file may have passwords encrypted with \fBcrypt()\fR\&.`
		`-`
		`- .PP`
		`- This manual page only lists the command line arguments\&. For details of the directives necessary to configure user authentication in httpd see the Apache manual, which is part of the Apache distribution or can be found at http://httpd\&.apache\&.org/\&.`
		`- @@ -73,17 +73,26 @@`
		`- \fB-m\fR`
		`- Use MD5 encryption for passwords\&. This is the default (since version 2\&.2\&.18)\&.`
		`- .TP`
		`- +\fB-2\fR`
		`- +Use SHA-256 \fBcrypt()\fR based hashes for passwords\&. This is supported on most Unix platforms\&.`
		`- +.TP`
		`- +\fB-5\fR`
		`- +Use SHA-512 \fBcrypt()\fR based hashes for passwords\&. This is supported on most Unix platforms\&.`
		`- +.TP`
		`- \fB-B\fR`
		`- Use bcrypt encryption for passwords\&. This is currently considered to be very secure\&.`
		`- .TP`
		`- \fB-C\fR`
		`- This flag is only allowed in combination with \fB-B\fR (bcrypt encryption)\&. It sets the computing time used for the bcrypt algorithm (higher is more secure but slower, default: 5, valid: 4 to 17)\&.`
		`- .TP`
		`- +\fB-r\fR`
		`- +This flag is only allowed in combination with \fB-2\fR or \fB-5\fR\&. It sets the number of hash rounds used for the SHA-2 algorithms (higher is more secure but slower; the default is 5,000)\&.`
		`- +.TP`
		`- \fB-d\fR`
		`- Use \fBcrypt()\fR encryption for passwords\&. This is not supported by the httpd server on Windows and Netware\&. This algorithm limits the password length to 8 characters\&. This algorithm is \fBinsecure\fR by today's standards\&. It used to be the default algorithm until version 2\&.2\&.17\&.`
		`- .TP`
		`- \fB-s\fR`
		`- -Use SHA encryption for passwords\&. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif)\&. This algorithm is \fBinsecure\fR by today's standards\&.`
		`- +Use SHA-1 (160-bit) encryption for passwords\&. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif)\&. This algorithm is \fBinsecure\fR by today's standards\&.`
		`- .TP`
		`- \fB-p\fR`
		`- Use plaintext passwords\&. Though \fBhtpasswd\fR will support creation on all platforms, the httpd daemon will only accept plain text passwords on Windows and Netware\&.`
		`- @@ -152,10 +161,13 @@`
		`- When using the \fBcrypt()\fR algorithm, note that only the first 8 characters of the password are used to form the password\&. If the supplied password is longer, the extra characters will be silently discarded\&.`
		`-`
		`- .PP`
		`- -The SHA encryption format does not use salting: for a given password, there is only one encrypted representation\&. The \fBcrypt()\fR and MD5 formats permute the representation by prepending a random salt string, to make dictionary attacks against the passwords more difficult\&.`
		`- +The SHA-1 encryption format does not use salting: for a given password, there is only one encrypted representation\&. The \fBcrypt()\fR and MD5 formats permute the representation by prepending a random salt string, to make dictionary attacks against the passwords more difficult\&.`
		`- +`
		`- +.PP`
		`- +The SHA-1 and \fBcrypt()\fR formats are insecure by today's standards\&.`
		`-`
		`- .PP`
		`- -The SHA and \fBcrypt()\fR formats are insecure by today's standards\&.`
		`- +The SHA-2-based \fBcrypt()\fR formats (SHA-256 and SHA-512) are supported on most modern Unix systems, and follow the specification at https://www\&.akkadia\&.org/drepper/SHA-crypt\&.txt\&.`
		`-`
		`- .SH "RESTRICTIONS"`
		`-`
		`- --- httpd-2.4.43/support/htpasswd.c.r1861793+`
		`- +++ httpd-2.4.43/support/htpasswd.c`
		`- @@ -109,17 +109,21 @@`
		`- "for it." NL`
		`- " -i Read password from stdin without verification (for script usage)." NL`
		`- " -m Force MD5 encryption of the password (default)." NL`
		`- - " -B Force bcrypt encryption of the password (very secure)." NL`
		`- + " -2 Force SHA-256 crypt() hash of the password (very secure)." NL`
		`- + " -5 Force SHA-512 crypt() hash of the password (very secure)." NL`
		`- + " -B Force bcrypt encryption of the password (very secure)." NL`
		`- " -C Set the computing time used for the bcrypt algorithm" NL`
		`- " (higher is more secure but slower, default: %d, valid: 4 to 17)." NL`
		`- + " -r Set the number of rounds used for the SHA-256, SHA-512 algorithms" NL`
		`- + " (higher is more secure but slower, default: 5000)." NL`
		`- " -d Force CRYPT encryption of the password (8 chars max, insecure)." NL`
		`- - " -s Force SHA encryption of the password (insecure)." NL`
		`- + " -s Force SHA-1 encryption of the password (insecure)." NL`
		`- " -p Do not encrypt the password (plaintext, insecure)." NL`
		`- " -D Delete the specified user." NL`
		`- " -v Verify password for the specified user." NL`
		`- "On other systems than Windows and NetWare the '-p' flag will "`
		`- "probably not work." NL`
		`- - "The SHA algorithm does not use a salt and is less secure than the "`
		`- + "The SHA-1 algorithm does not use a salt and is less secure than the "`
		`- "MD5 algorithm." NL,`
		`- BCRYPT_DEFAULT_COST`
		`- );`
		`- @@ -178,7 +182,7 @@`
		`- if (rv != APR_SUCCESS)`
		`- exit(ERR_SYNTAX);`
		`-`
		`- - while ((rv = apr_getopt(state, "cnmspdBbDiC:v", &opt, &opt_arg)) == APR_SUCCESS) {`
		`- + while ((rv = apr_getopt(state, "cnmspdBbDi25C:r:v", &opt, &opt_arg)) == APR_SUCCESS) {`
		`- switch (opt) {`
		`- case 'c':`
		`- *mask \|= APHTP_NEWFILE;`
		`- --- httpd-2.4.43/support/passwd_common.c.r1861793+`
		`- +++ httpd-2.4.43/support/passwd_common.c`
		`- @@ -179,16 +179,21 @@`
		`- int mkhash(struct passwd_ctx *ctx)`
		`- {`
		`- char *pw;`
		`- - char salt[16];`
		`- + char salt[17];`
		`- apr_status_t rv;`
		`- int ret = 0;`
		`- #if CRYPT_ALGO_SUPPORTED`
		`- char *cbuf;`
		`- #endif`
		`- +#ifdef HAVE_CRYPT_SHA2`
		`- + const char *setting;`
		`- + char method;`
		`- +#endif`
		`-`
		`- - if (ctx->cost != 0 && ctx->alg != ALG_BCRYPT) {`
		`- + if (ctx->cost != 0 && ctx->alg != ALG_BCRYPT`
		`- + && ctx->alg != ALG_CRYPT_SHA256 && ctx->alg != ALG_CRYPT_SHA512 ) {`
		`- apr_file_printf(errfile,`
		`- - "Warning: Ignoring -C argument for this algorithm." NL);`
		`- + "Warning: Ignoring -C/-r argument for this algorithm." NL);`
		`- }`
		`-`
		`- if (ctx->passwd == NULL) {`
		`- @@ -246,6 +251,34 @@`
		`- break;`
		`- #endif /* CRYPT_ALGO_SUPPORTED */`
		`-`
		`- +#ifdef HAVE_CRYPT_SHA2`
		`- + case ALG_CRYPT_SHA256:`
		`- + case ALG_CRYPT_SHA512:`
		`- + ret = generate_salt(salt, 16, &ctx->errstr, ctx->pool);`
		`- + if (ret != 0)`
		`- + break;`
		`- +`
		`- + method = ctx->alg == ALG_CRYPT_SHA256 ? '5': '6';`
		`- +`
		`- + if (ctx->cost)`
		`- + setting = apr_psprintf(ctx->pool, "$%c$rounds=%d$%s",`
		`- + method, ctx->cost, salt);`
		`- + else`
		`- + setting = apr_psprintf(ctx->pool, "$%c$%s",`
		`- + method, salt);`
		`- +`
		`- + cbuf = crypt(pw, setting);`
		`- + if (cbuf == NULL) {`
		`- + rv = APR_FROM_OS_ERROR(errno);`
		`- + ctx->errstr = apr_psprintf(ctx->pool, "crypt() failed: %pm", &rv);`
		`- + ret = ERR_PWMISMATCH;`
		`- + break;`
		`- + }`
		`- +`
		`- + apr_cpystrn(ctx->out, cbuf, ctx->out_len - 1);`
		`- + break;`
		`- +#endif /* HAVE_CRYPT_SHA2 */`
		`- +`
		`- #if BCRYPT_ALGO_SUPPORTED`
		`- case ALG_BCRYPT:`
		`- rv = apr_generate_random_bytes((unsigned char*)salt, 16);`
		`- @@ -294,6 +327,19 @@`
		`- case 's':`
		`- ctx->alg = ALG_APSHA;`
		`- break;`
		`- +#ifdef HAVE_CRYPT_SHA2`
		`- + case '2':`
		`- + ctx->alg = ALG_CRYPT_SHA256;`
		`- + break;`
		`- + case '5':`
		`- + ctx->alg = ALG_CRYPT_SHA512;`
		`- + break;`
		`- +#else`
		`- + case '2':`
		`- + case '5':`
		`- + ctx->errstr = "SHA-2 crypt() algorithms are not supported on this platform.";`
		`- + return ERR_ALG_NOT_SUPP;`
		`- +#endif`
		`- case 'p':`
		`- ctx->alg = ALG_PLAIN;`
		`- #if !PLAIN_ALGO_SUPPORTED`
		`- @@ -324,11 +370,12 @@`
		`- return ERR_ALG_NOT_SUPP;`
		`- #endif`
		`- break;`
		`- - case 'C': {`
		`- + case 'C':`
		`- + case 'r': {`
		`- char *endptr;`
		`- long num = strtol(opt_arg, &endptr, 10);`
		`- if (*endptr != '\0' \|\| num <= 0) {`
		`- - ctx->errstr = "argument to -C must be a positive integer";`
		`- + ctx->errstr = "argument to -C/-r must be a positive integer";`
		`- return ERR_SYNTAX;`
		`- }`
		`- ctx->cost = num;`
		`- --- httpd-2.4.43/support/passwd_common.h.r1861793+`
		`- +++ httpd-2.4.43/support/passwd_common.h`
		`- @@ -28,6 +28,8 @@`
		`- #include "apu_version.h"`
		`- #endif`
		`-`
		`- +#include "ap_config_auto.h"`
		`- +`
		`- #define MAX_STRING_LEN 256`
		`-`
		`- #define ALG_PLAIN 0`
		`- @@ -35,6 +37,8 @@`
		`- #define ALG_APMD5 2`
		`- #define ALG_APSHA 3`
		`- #define ALG_BCRYPT 4`
		`- +#define ALG_CRYPT_SHA256 5`
		`- +#define ALG_CRYPT_SHA512 6`
		`-`
		`- #define BCRYPT_DEFAULT_COST 5`
		`-`
		`- @@ -84,7 +88,7 @@`
		`- apr_size_t out_len;`
		`- char *passwd;`
		`- int alg;`
		`- - int cost;`
		`- + int cost; /* cost for bcrypt, rounds for SHA-2 */`
		`- enum {`
		`- PW_PROMPT = 0,`
		`- PW_ARG,`

httpd-2.4.46-htcacheclean-dont-break.patch

file removed

-16

		`@@ -1,16 +0,0 @@`
		`-`
		`- Upstream-Status: r1915508, proposed for 2.4.59`
		`-`
		`- diff --git a/support/htcacheclean.c b/support/htcacheclean.c`
		`- index 958ba6d..0a7fe3c 100644`
		`- --- a/support/htcacheclean.c`
		`- +++ b/support/htcacheclean.c`
		`- @@ -557,8 +557,6 @@ static int list_urls(char path, apr_pool_t pool, apr_off_t round)`
		`- }`
		`- }`
		`- }`
		`- -`
		`- - break;`
		`- }`
		`- }`
		`- }`

httpd-2.4.51-r1894152.patch

file removed

-38

		`@@ -1,38 +0,0 @@`
		`- # ./pullrev.sh 1894152`
		`- http://svn.apache.org/viewvc?view=revision&revision=1894152`
		`-`
		`- Upstream-Status: merged for 2.4.59`
		`-`
		`- --- httpd-2.4.51/modules/filters/mod_deflate.c.r1894152`
		`- +++ httpd-2.4.51/modules/filters/mod_deflate.c`
		`- @@ -835,6 +835,7 @@`
		`- while (!APR_BRIGADE_EMPTY(bb))`
		`- {`
		`- apr_bucket *b;`
		`- + apr_status_t rv;`
		`-`
		`- /*`
		`- * Optimization: If we are a HEAD request and bytes_sent is not zero`
		`- @@ -914,8 +915,6 @@`
		`- }`
		`-`
		`- if (APR_BUCKET_IS_FLUSH(e)) {`
		`- - apr_status_t rv;`
		`- -`
		`- /* flush the remaining data from the zlib buffers */`
		`- zRC = flush_libz_buffer(ctx, c, f->c->bucket_alloc, deflate,`
		`- Z_SYNC_FLUSH, NO_UPDATE_CRC);`
		`- @@ -947,7 +946,12 @@`
		`- }`
		`-`
		`- /* read */`
		`- - apr_bucket_read(e, &data, &len, APR_BLOCK_READ);`
		`- + rv = apr_bucket_read(e, &data, &len, APR_BLOCK_READ);`
		`- + if (rv) {`
		`- + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(10298)`
		`- + "failed reading from %s bucket", e->type->name);`
		`- + return rv;`
		`- + }`
		`- if (!len) {`
		`- apr_bucket_delete(e);`
		`- continue;`

httpd-2.4.54-gettid.patch

file removed

-94

		`@@ -1,94 +0,0 @@`
		`-`
		`- Upstream-Status: everything but last hunk merged for 2.4.59`
		`-`
		`- From d4e5b6e1e5585d341d1e51f1ddc637c099111076 Mon Sep 17 00:00:00 2001`
		`- From: Joe Orton <jorton@redhat.com>`
		`- Date: Tue, 7 Jul 2020 09:48:01 +0100`
		`- Subject: [PATCH] Check and use gettid() directly with glibc 2.30+.`
		`-`
		`- * configure.in: Check for gettid() and define HAVE_SYS_GETTID if`
		`- gettid() is only usable via syscall().`
		`-`
		`- * server/log.c (log_tid): Use gettid() directly if available.`
		`- ---`
		`- configure.in \| 14 +++++++++-----`
		`- server/log.c \| 8 ++++++--`
		`- 2 files changed, 15 insertions(+), 7 deletions(-)`
		`-`
		`- diff --git a/configure.in b/configure.in`
		`- index 423d58d4b9a..60cbf7b7f81 100644`
		`- --- httpd-2.4.54/configure.in.gettid`
		`- +++ httpd-2.4.54/configure.in`
		`- @@ -502,22 +502,26 @@`
		`- timegm \`
		`- getpgid \`
		`- fopen64 \`
		`- -getloadavg`
		`- +getloadavg \`
		`- +gettid`
		`- )`
		`-`
		`- dnl confirm that a void pointer is large enough to store a long integer`
		`- APACHE_CHECK_VOID_PTR_LEN`
		`-`
		`- -AC_CACHE_CHECK([for gettid()], ac_cv_gettid,`
		`- +if test $ac_cv_func_gettid = no; then`
		`- + # On Linux before glibc 2.30, gettid() is only usable via syscall()`
		`- + AC_CACHE_CHECK([for gettid() via syscall], ap_cv_gettid,`
		`- [AC_TRY_RUN(#define _GNU_SOURCE`
		`- #include <unistd.h>`
		`- #include <sys/syscall.h>`
		`- #include <sys/types.h>`
		`- int main(int argc, char **argv) {`
		`- pid_t t = syscall(SYS_gettid); return t == -1 ? 1 : 0; },`
		`- -[ac_cv_gettid=yes], [ac_cv_gettid=no], [ac_cv_gettid=no])])`
		`- -if test "$ac_cv_gettid" = "yes"; then`
		`- - AC_DEFINE(HAVE_GETTID, 1, [Define if you have gettid()])`
		`- + [ap_cv_gettid=yes], [ap_cv_gettid=no], [ap_cv_gettid=no])])`
		`- + if test "$ap_cv_gettid" = "yes"; then`
		`- + AC_DEFINE(HAVE_SYS_GETTID, 1, [Define if you have gettid() via syscall()])`
		`- + fi`
		`- fi`
		`-`
		`- dnl ## Check for the tm_gmtoff field in struct tm to get the timezone diffs`
		`- --- httpd-2.4.54/server/log.c.gettid`
		`- +++ httpd-2.4.54/server/log.c`
		`- @@ -55,7 +55,7 @@`
		`- #include "ap_mpm.h"`
		`- #include "ap_listen.h"`
		`-`
		`- -#if HAVE_GETTID`
		`- +#if HAVE_SYS_GETTID`
		`- #include <sys/syscall.h>`
		`- #include <sys/types.h>`
		`- #endif`
		`- @@ -627,14 +627,18 @@`
		`- #if APR_HAS_THREADS`
		`- int result;`
		`- #endif`
		`- -#if HAVE_GETTID`
		`- +#if defined(HAVE_GETTID) \|\| defined(HAVE_SYS_GETTID)`
		`- if (arg && *arg == 'g') {`
		`- +#ifdef HAVE_GETTID`
		`- + pid_t tid = gettid();`
		`- +#else`
		`- pid_t tid = syscall(SYS_gettid);`
		`- +#endif`
		`- if (tid == -1)`
		`- return 0;`
		`- return apr_snprintf(buf, buflen, "%"APR_PID_T_FMT, tid);`
		`- }`
		`- -#endif`
		`- +#endif /* HAVE_GETTID \|\| HAVE_SYS_GETTID */`
		`- #if APR_HAS_THREADS`
		`- if (ap_mpm_query(AP_MPMQ_IS_THREADED, &result) == APR_SUCCESS`
		`- && result != AP_MPMQ_NOT_SUPPORTED)`
		`- @@ -968,7 +972,7 @@`
		`- #if APR_HAS_THREADS`
		`- field_start = len;`
		`- len += cpystrn(buf + len, ":tid ", buflen - len);`
		`- - item_len = log_tid(info, NULL, buf + len, buflen - len);`
		`- + item_len = log_tid(info, "g", buf + len, buflen - len);`
		`- if (!item_len)`
		`- len = field_start;`
		`- else`

httpd-2.4.58-r1913912+.patch

file removed

-849

		`@@ -1,849 +0,0 @@`
		`- # ./pullrev.sh 1913912 1915067`
		`-`
		`- http://svn.apache.org/viewvc?view=revision&revision=1913912`
		`- http://svn.apache.org/viewvc?view=revision&revision=1915067`
		`-`
		`- Upstream-Status: merged for 2.4.59`
		`-`
		`- --- httpd-2.4.58/modules/ssl/mod_ssl.c.r1913912`
		`- +++ httpd-2.4.58/modules/ssl/mod_ssl.c`
		`- @@ -25,8 +25,7 @@`
		`- */`
		`-`
		`- #include "ssl_private.h"`
		`- -#include "mod_ssl.h"`
		`- -#include "mod_ssl_openssl.h"`
		`- +`
		`- #include "util_md5.h"`
		`- #include "util_mutex.h"`
		`- #include "ap_provider.h"`
		`- @@ -75,11 +74,9 @@`
		`- SSL_CMD_SRV(SessionCache, TAKE1,`
		`- "SSL Session Cache storage "`
		`- "('none', 'nonenotnull', 'dbm:/path/to/file')")`
		`- -#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)`
		`- SSL_CMD_SRV(CryptoDevice, TAKE1,`
		`- "SSL external Crypto Device usage "`
		`- "('builtin', '...')")`
		`- -#endif`
		`- SSL_CMD_SRV(RandomSeed, TAKE23,`
		`- "SSL Pseudo Random Number Generator (PRNG) seeding source "`
		`- "('startup\|connect builtin\|file:/path\|exec:/path [bytes]')")`
		`- --- httpd-2.4.58/modules/ssl/mod_ssl_openssl.h.r1913912`
		`- +++ httpd-2.4.58/modules/ssl/mod_ssl_openssl.h`
		`- @@ -30,14 +30,17 @@`
		`-`
		`- /* OpenSSL headers */`
		`-`
		`- -#ifndef SSL_PRIVATE_H`
		`- #include <openssl/opensslv.h>`
		`- -#if (OPENSSL_VERSION_NUMBER >= 0x10001000)`
		`- +#if OPENSSL_VERSION_NUMBER >= 0x30000000`
		`- +#include <openssl/macros.h> /* for OPENSSL_API_LEVEL */`
		`- +#endif`
		`- +#if OPENSSL_VERSION_NUMBER >= 0x10001000`
		`- /* must be defined before including ssl.h */`
		`- #define OPENSSL_NO_SSL_INTERN`
		`- #endif`
		`- #include <openssl/ssl.h>`
		`- -#endif`
		`- +#include <openssl/evp.h>`
		`- +#include <openssl/x509.h>`
		`-`
		`- /**`
		`- * init_server hook -- allow SSL_CTX-specific initialization to be performed by`
		`- --- httpd-2.4.58/modules/ssl/ssl_engine_config.c.r1913912`
		`- +++ httpd-2.4.58/modules/ssl/ssl_engine_config.c`
		`- @@ -27,6 +27,7 @@`
		`- damned if you don't.''`
		`- -- Unknown */`
		`- #include "ssl_private.h"`
		`- +`
		`- #include "util_mutex.h"`
		`- #include "ap_provider.h"`
		`-`
		`- @@ -593,14 +594,15 @@`
		`- return NULL;`
		`- }`
		`-`
		`- -#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)`
		`- const char ssl_cmd_SSLCryptoDevice(cmd_parms cmd,`
		`- void *dcfg,`
		`- const char *arg)`
		`- {`
		`- SSLModConfigRec *mc = myModConfig(cmd->server);`
		`- const char *err;`
		`- +#if MODSSL_HAVE_ENGINE_API`
		`- ENGINE *e;`
		`- +#endif`
		`-`
		`- if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {`
		`- return err;`
		`- @@ -609,13 +611,16 @@`
		`- if (strcEQ(arg, "builtin")) {`
		`- mc->szCryptoDevice = NULL;`
		`- }`
		`- +#if MODSSL_HAVE_ENGINE_API`
		`- else if ((e = ENGINE_by_id(arg))) {`
		`- mc->szCryptoDevice = arg;`
		`- ENGINE_free(e);`
		`- }`
		`- +#endif`
		`- else {`
		`- err = "SSLCryptoDevice: Invalid argument; must be one of: "`
		`- "'builtin' (none)";`
		`- +#if MODSSL_HAVE_ENGINE_API`
		`- e = ENGINE_get_first();`
		`- while (e) {`
		`- err = apr_pstrcat(cmd->pool, err, ", '", ENGINE_get_id(e),`
		`- @@ -624,12 +629,12 @@`
		`- * on the 'old' e, per the docs in engine.h. */`
		`- e = ENGINE_get_next(e);`
		`- }`
		`- +#endif`
		`- return err;`
		`- }`
		`-`
		`- return NULL;`
		`- }`
		`- -#endif`
		`-`
		`- const char ssl_cmd_SSLRandomSeed(cmd_parms cmd,`
		`- void *dcfg,`
		`- --- httpd-2.4.58/modules/ssl/ssl_engine_init.c.r1913912`
		`- +++ httpd-2.4.58/modules/ssl/ssl_engine_init.c`
		`- @@ -27,8 +27,7 @@`
		`- see Recursive.''`
		`- -- Unknown */`
		`- #include "ssl_private.h"`
		`- -#include "mod_ssl.h"`
		`- -#include "mod_ssl_openssl.h"`
		`- +`
		`- #include "mpm_common.h"`
		`- #include "mod_md.h"`
		`-`
		`- @@ -218,6 +217,16 @@`
		`- }`
		`- #endif`
		`-`
		`- +static APR_INLINE unsigned long modssl_runtime_lib_version(void)`
		`- +{`
		`- +#if MODSSL_USE_OPENSSL_PRE_1_1_API`
		`- + return SSLeay();`
		`- +#else`
		`- + return OpenSSL_version_num();`
		`- +#endif`
		`- +}`
		`- +`
		`- +`
		`- /*`
		`- * Per-module initialization`
		`- */`
		`- @@ -225,18 +234,22 @@`
		`- apr_pool_t *ptemp,`
		`- server_rec *base_server)`
		`- {`
		`- + unsigned long runtime_lib_version = modssl_runtime_lib_version();`
		`- SSLModConfigRec *mc = myModConfig(base_server);`
		`- SSLSrvConfigRec *sc;`
		`- server_rec *s;`
		`- apr_status_t rv;`
		`- apr_array_header_t *pphrases;`
		`-`
		`- - if (SSLeay() < MODSSL_LIBRARY_VERSION) {`
		`- + AP_DEBUG_ASSERT(mc);`
		`- +`
		`- + if (runtime_lib_version < MODSSL_LIBRARY_VERSION) {`
		`- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01882)`
		`- "Init: this version of mod_ssl was compiled against "`
		`- - "a newer library (%s, version currently loaded is %s)"`
		`- + "a newer library (%s (%s), version currently loaded is 0x%lX)"`
		`- " - may result in undefined or erroneous behavior",`
		`- - MODSSL_LIBRARY_TEXT, MODSSL_LIBRARY_DYNTEXT);`
		`- + MODSSL_LIBRARY_TEXT, MODSSL_LIBRARY_DYNTEXT,`
		`- + runtime_lib_version);`
		`- }`
		`-`
		`- /* We initialize mc->pid per-process in the child init,`
		`- @@ -313,11 +326,9 @@`
		`- /*`
		`- * SSL external crypto device ("engine") support`
		`- */`
		`- -#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)`
		`- if ((rv = ssl_init_Engine(base_server, p)) != APR_SUCCESS) {`
		`- return rv;`
		`- }`
		`- -#endif`
		`-`
		`- ap_log_error(APLOG_MARK, APLOG_INFO, 0, base_server, APLOGNO(01883)`
		`- "Init: Initialized %s library", MODSSL_LIBRARY_NAME);`
		`- @@ -473,9 +484,9 @@`
		`- * Support for external a Crypto Device ("engine"), usually`
		`- * a hardware accelerator card for crypto operations.`
		`- */`
		`- -#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)`
		`- apr_status_t ssl_init_Engine(server_rec s, apr_pool_t p)`
		`- {`
		`- +#if MODSSL_HAVE_ENGINE_API`
		`- SSLModConfigRec *mc = myModConfig(s);`
		`- ENGINE *e;`
		`-`
		`- @@ -507,10 +518,9 @@`
		`-`
		`- ENGINE_free(e);`
		`- }`
		`- -`
		`- +#endif`
		`- return APR_SUCCESS;`
		`- }`
		`- -#endif`
		`-`
		`- #ifdef HAVE_TLSEXT`
		`- static apr_status_t ssl_init_ctx_tls_extensions(server_rec *s,`
		`- @@ -1320,15 +1330,6 @@`
		`- return 0;`
		`- }`
		`-`
		`- -static APR_INLINE int modssl_DH_bits(DH *dh)`
		`- -{`
		`- -#if OPENSSL_VERSION_NUMBER < 0x30000000L`
		`- - return DH_bits(dh);`
		`- -#else`
		`- - return BN_num_bits(DH_get0_p(dh));`
		`- -#endif`
		`- -}`
		`- -`
		`- /* SSL_CTX_use_PrivateKey_file() can fail either because the private`
		`- * key was encrypted, or due to a mismatch between an already-loaded`
		`- * cert and the key - a common misconfiguration - from calling`
		`- @@ -1354,15 +1355,10 @@`
		`- SSLModConfigRec *mc = myModConfig(s);`
		`- const char vhost_id = mctx->sc->vhost_id, key_id, certfile, keyfile;`
		`- int i;`
		`- - X509 *cert;`
		`- - DH *dh;`
		`- + EVP_PKEY *pkey;`
		`- #ifdef HAVE_ECC`
		`- - EC_GROUP *ecparams = NULL;`
		`- - int nid;`
		`- - EC_KEY *eckey = NULL;`
		`- -#endif`
		`- -#ifndef HAVE_SSL_CONF_CMD`
		`- - SSL *ssl;`
		`- + EC_GROUP *ecgroup = NULL;`
		`- + int curve_nid = 0;`
		`- #endif`
		`-`
		`- /* no OpenSSL default prompts for any of the SSL_CTX_use_* calls, please */`
		`- @@ -1373,7 +1369,7 @@`
		`- (certfile = APR_ARRAY_IDX(mctx->pks->cert_files, i,`
		`- const char *));`
		`- i++) {`
		`- - EVP_PKEY *pkey;`
		`- + X509 *cert = NULL;`
		`- const char *engine_certfile = NULL;`
		`-`
		`- key_id = apr_psprintf(ptemp, "%s:%d", vhost_id, i);`
		`- @@ -1416,8 +1412,6 @@`
		`- if (modssl_is_engine_id(keyfile)) {`
		`- apr_status_t rv;`
		`-`
		`- - cert = NULL;`
		`- -`
		`- if ((rv = modssl_load_engine_keypair(s, ptemp, vhost_id,`
		`- engine_certfile, keyfile,`
		`- &cert, &pkey))) {`
		`- @@ -1488,22 +1482,21 @@`
		`- * assume that if SSL_CONF is available, it's OpenSSL 1.0.2 or later,`
		`- * and SSL_CTX_get0_certificate is implemented.)`
		`- */`
		`- - if (!(cert = SSL_CTX_get0_certificate(mctx->ssl_ctx))) {`
		`- + cert = SSL_CTX_get0_certificate(mctx->ssl_ctx);`
		`- #else`
		`- - ssl = SSL_new(mctx->ssl_ctx);`
		`- + {`
		`- + SSL *ssl = SSL_new(mctx->ssl_ctx);`
		`- if (ssl) {`
		`- /* Workaround bug in SSL_get_certificate in OpenSSL 0.9.8y */`
		`- SSL_set_connect_state(ssl);`
		`- cert = SSL_get_certificate(ssl);`
		`- + SSL_free(ssl);`
		`- + }`
		`- }`
		`- - if (!ssl \|\| !cert) {`
		`- #endif`
		`- + if (!cert) {`
		`- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02566)`
		`- "Unable to retrieve certificate %s", key_id);`
		`- -#ifndef HAVE_SSL_CONF_CMD`
		`- - if (ssl)`
		`- - SSL_free(ssl);`
		`- -#endif`
		`- return APR_EGENERAL;`
		`- }`
		`-`
		`- @@ -1525,10 +1518,6 @@`
		`- }`
		`- #endif`
		`-`
		`- -#ifndef HAVE_SSL_CONF_CMD`
		`- - SSL_free(ssl);`
		`- -#endif`
		`- -`
		`- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(02568)`
		`- "Certificate and private key %s configured from %s and %s",`
		`- key_id, certfile, keyfile);`
		`- @@ -1538,15 +1527,33 @@`
		`- * Try to read DH parameters from the (first) SSLCertificateFile`
		`- */`
		`- certfile = APR_ARRAY_IDX(mctx->pks->cert_files, 0, const char *);`
		`- - if (certfile && !modssl_is_engine_id(certfile)`
		`- - && (dh = ssl_dh_GetParamFromFile(certfile))) {`
		`- - /* ### This should be replaced with SSL_CTX_set0_tmp_dh_pkey()`
		`- - * for OpenSSL 3.0+. */`
		`- + if (certfile && !modssl_is_engine_id(certfile)) {`
		`- + int done = 0, num_bits = 0;`
		`- +#if OPENSSL_VERSION_NUMBER < 0x30000000L`
		`- + DH *dh = modssl_dh_from_file(certfile);`
		`- + if (dh) {`
		`- + num_bits = DH_bits(dh);`
		`- SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dh);`
		`- + DH_free(dh);`
		`- + done = 1;`
		`- + }`
		`- +#else`
		`- + pkey = modssl_dh_pkey_from_file(certfile);`
		`- + if (pkey) {`
		`- + num_bits = EVP_PKEY_get_bits(pkey);`
		`- + if (!SSL_CTX_set0_tmp_dh_pkey(mctx->ssl_ctx, pkey)) {`
		`- + EVP_PKEY_free(pkey);`
		`- + }`
		`- + else {`
		`- + done = 1;`
		`- + }`
		`- + }`
		`- +#endif`
		`- + if (done) {`
		`- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540)`
		`- "Custom DH parameters (%d bits) for %s loaded from %s",`
		`- - modssl_DH_bits(dh), vhost_id, certfile);`
		`- - DH_free(dh);`
		`- + num_bits, vhost_id, certfile);`
		`- + }`
		`- }`
		`- #if !MODSSL_USE_OPENSSL_PRE_1_1_API`
		`- else {`
		`- @@ -1561,13 +1568,27 @@`
		`- * Similarly, try to read the ECDH curve name from SSLCertificateFile...`
		`- */`
		`- if (certfile && !modssl_is_engine_id(certfile)`
		`- - && (ecparams = ssl_ec_GetParamFromFile(certfile))`
		`- - && (nid = EC_GROUP_get_curve_name(ecparams))`
		`- - && (eckey = EC_KEY_new_by_curve_name(nid))) {`
		`- + && (ecgroup = modssl_ec_group_from_file(certfile))`
		`- + && (curve_nid = EC_GROUP_get_curve_name(ecgroup))) {`
		`- +#if OPENSSL_VERSION_NUMBER < 0x30000000L`
		`- + EC_KEY *eckey = EC_KEY_new_by_curve_name(curve_nid);`
		`- + if (eckey) {`
		`- SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);`
		`- + EC_KEY_free(eckey);`
		`- + }`
		`- + else {`
		`- + curve_nid = 0;`
		`- + }`
		`- +#else`
		`- + if (!SSL_CTX_set1_curves(mctx->ssl_ctx, &curve_nid, 1)) {`
		`- + curve_nid = 0;`
		`- + }`
		`- +#endif`
		`- + if (curve_nid) {`
		`- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541)`
		`- "ECDH curve %s for %s specified in %s",`
		`- - OBJ_nid2sn(nid), vhost_id, certfile);`
		`- + OBJ_nid2sn(curve_nid), vhost_id, certfile);`
		`- + }`
		`- }`
		`- /*`
		`- * ...otherwise, enable auto curve selection (OpenSSL 1.0.2)`
		`- @@ -1575,18 +1596,20 @@`
		`- * ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList`
		`- */`
		`- #if MODSSL_USE_OPENSSL_PRE_1_1_API`
		`- - else {`
		`- + if (!curve_nid) {`
		`- #if defined(SSL_CTX_set_ecdh_auto)`
		`- SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);`
		`- #else`
		`- - eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);`
		`- + EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);`
		`- + if (eckey) {`
		`- SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);`
		`- + EC_KEY_free(eckey);`
		`- + }`
		`- #endif`
		`- }`
		`- #endif`
		`- /* OpenSSL assures us that _free() is NULL-safe */`
		`- - EC_KEY_free(eckey);`
		`- - EC_GROUP_free(ecparams);`
		`- + EC_GROUP_free(ecgroup);`
		`- #endif`
		`-`
		`- return APR_SUCCESS;`
		`- --- httpd-2.4.58/modules/ssl/ssl_engine_io.c.r1913912`
		`- +++ httpd-2.4.58/modules/ssl/ssl_engine_io.c`
		`- @@ -28,8 +28,7 @@`
		`- core keeps dumping.''`
		`- -- Unknown */`
		`- #include "ssl_private.h"`
		`- -#include "mod_ssl.h"`
		`- -#include "mod_ssl_openssl.h"`
		`- +`
		`- #include "apr_date.h"`
		`-`
		`- APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, proxy_post_handshake,`
		`- @@ -2283,14 +2282,7 @@`
		`- ssl_io_filter_cleanup, apr_pool_cleanup_null);`
		`-`
		`- if (APLOG_CS_IS_LEVEL(c, mySrvFromConn(c), APLOG_TRACE4)) {`
		`- - BIO *rbio = SSL_get_rbio(ssl),`
		`- - *wbio = SSL_get_wbio(ssl);`
		`- - BIO_set_callback(rbio, ssl_io_data_cb);`
		`- - BIO_set_callback_arg(rbio, (void *)ssl);`
		`- - if (wbio && wbio != rbio) {`
		`- - BIO_set_callback(wbio, ssl_io_data_cb);`
		`- - BIO_set_callback_arg(wbio, (void *)ssl);`
		`- - }`
		`- + modssl_set_io_callbacks(ssl);`
		`- }`
		`-`
		`- return;`
		`- @@ -2374,13 +2366,22 @@`
		`- "+-------------------------------------------------------------------------+");`
		`- }`
		`-`
		`- -long ssl_io_data_cb(BIO *bio, int cmd,`
		`- - const char *argp,`
		`- +#if OPENSSL_VERSION_NUMBER >= 0x30000000L`
		`- +static long modssl_io_cb(BIO bio, int cmd, const char argp,`
		`- + size_t len, int argi, long argl, int rc,`
		`- + size_t *processed)`
		`- +#else`
		`- +static long modssl_io_cb(BIO bio, int cmd, const char argp,`
		`- int argi, long argl, long rc)`
		`- +#endif`
		`- {`
		`- SSL *ssl;`
		`- conn_rec *c;`
		`- server_rec *s;`
		`- +#if OPENSSL_VERSION_NUMBER >= 0x30000000L`
		`- + (void)len;`
		`- + (void)processed;`
		`- +#endif`
		`-`
		`- if ((ssl = (SSL *)BIO_get_callback_arg(bio)) == NULL)`
		`- return rc;`
		`- @@ -2402,7 +2403,7 @@`
		`- "%s: %s %ld/%d bytes %s BIO#%pp [mem: %pp] %s",`
		`- MODSSL_LIBRARY_NAME,`
		`- (cmd == (BIO_CB_WRITE\|BIO_CB_RETURN) ? "write" : "read"),`
		`- - rc, argi, (cmd == (BIO_CB_WRITE\|BIO_CB_RETURN) ? "to" : "from"),`
		`- + (long)rc, argi, (cmd == (BIO_CB_WRITE\|BIO_CB_RETURN) ? "to" : "from"),`
		`- bio, argp, dump);`
		`- if (*dump != '\0' && argp != NULL)`
		`- ssl_io_data_dump(c, s, argp, rc);`
		`- @@ -2417,3 +2418,25 @@`
		`- }`
		`- return rc;`
		`- }`
		`- +`
		`- +static APR_INLINE void set_bio_callback(BIO bio, void arg)`
		`- +{`
		`- +#if OPENSSL_VERSION_NUMBER >= 0x30000000L`
		`- + BIO_set_callback_ex(bio, modssl_io_cb);`
		`- +#else`
		`- + BIO_set_callback(bio, modssl_io_cb);`
		`- +#endif`
		`- + BIO_set_callback_arg(bio, arg);`
		`- +}`
		`- +`
		`- +void modssl_set_io_callbacks(SSL *ssl)`
		`- +{`
		`- + BIO *rbio = SSL_get_rbio(ssl),`
		`- + *wbio = SSL_get_wbio(ssl);`
		`- + if (rbio) {`
		`- + set_bio_callback(rbio, ssl);`
		`- + }`
		`- + if (wbio && wbio != rbio) {`
		`- + set_bio_callback(wbio, ssl);`
		`- + }`
		`- +}`
		`- --- httpd-2.4.58/modules/ssl/ssl_engine_kernel.c.r1913912`
		`- +++ httpd-2.4.58/modules/ssl/ssl_engine_kernel.c`
		`- @@ -2581,6 +2581,7 @@`
		`- sc->server->pks->service_unavailable : 0;`
		`-`
		`- ap_update_child_status_from_server(c->sbh, SERVER_BUSY_READ, c, s);`
		`- +`
		`- /*`
		`- * There is one special filter callback, which is set`
		`- * very early depending on the base_server's log level.`
		`- @@ -2589,14 +2590,7 @@`
		`- * we need to set that callback here.`
		`- */`
		`- if (APLOGtrace4(s)) {`
		`- - BIO *rbio = SSL_get_rbio(ssl),`
		`- - *wbio = SSL_get_wbio(ssl);`
		`- - BIO_set_callback(rbio, ssl_io_data_cb);`
		`- - BIO_set_callback_arg(rbio, (void *)ssl);`
		`- - if (wbio && wbio != rbio) {`
		`- - BIO_set_callback(wbio, ssl_io_data_cb);`
		`- - BIO_set_callback_arg(wbio, (void *)ssl);`
		`- - }`
		`- + modssl_set_io_callbacks(ssl);`
		`- }`
		`-`
		`- return 1;`
		`- --- httpd-2.4.58/modules/ssl/ssl_engine_pphrase.c.r1913912`
		`- +++ httpd-2.4.58/modules/ssl/ssl_engine_pphrase.c`
		`- @@ -30,6 +30,8 @@`
		`- -- Clifford Stoll */`
		`- #include "ssl_private.h"`
		`-`
		`- +#include <openssl/ui.h>`
		`- +`
		`- typedef struct {`
		`- server_rec *s;`
		`- apr_pool_t *p;`
		`- @@ -606,8 +608,7 @@`
		`- return (len);`
		`- }`
		`-`
		`- -`
		`- -#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)`
		`- +#if MODSSL_HAVE_ENGINE_API`
		`-`
		`- /* OpenSSL UI implementation for passphrase entry; largely duplicated`
		`- * from ssl_pphrase_Handle_CB but adjusted for UI API. TODO: Might be`
		`- @@ -831,7 +832,7 @@`
		`- const char certid, const char keyid,`
		`- X509 pubkey, EVP_PKEY privkey)`
		`- {`
		`- -#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)`
		`- +#if MODSSL_HAVE_ENGINE_API`
		`- const char c, scheme;`
		`- ENGINE *e;`
		`- UI_METHOD *ui_method = get_passphrase_ui(p);`
		`- --- httpd-2.4.58/modules/ssl/ssl_private.h.r1913912`
		`- +++ httpd-2.4.58/modules/ssl/ssl_private.h`
		`- @@ -83,16 +83,13 @@`
		`-`
		`- #include "ap_expr.h"`
		`-`
		`- -/* OpenSSL headers */`
		`- -#include <openssl/opensslv.h>`
		`- -#if (OPENSSL_VERSION_NUMBER >= 0x10001000)`
		`- -/* must be defined before including ssl.h */`
		`- -#define OPENSSL_NO_SSL_INTERN`
		`- -#endif`
		`- -#if OPENSSL_VERSION_NUMBER >= 0x30000000`
		`- -#include <openssl/core_names.h>`
		`- +/* keep first for compat API */`
		`- +#ifndef OPENSSL_API_COMPAT`
		`- +#define OPENSSL_API_COMPAT 0x10101000 /* for ENGINE_ API */`
		`- #endif`
		`- -#include <openssl/ssl.h>`
		`- +#include "mod_ssl_openssl.h"`
		`- +`
		`- +/* OpenSSL headers */`
		`- #include <openssl/err.h>`
		`- #include <openssl/x509.h>`
		`- #include <openssl/pem.h>`
		`- @@ -102,12 +99,23 @@`
		`- #include <openssl/x509v3.h>`
		`- #include <openssl/x509_vfy.h>`
		`- #include <openssl/ocsp.h>`
		`- +#include <openssl/dh.h>`
		`- +#if OPENSSL_VERSION_NUMBER >= 0x30000000`
		`- +#include <openssl/core_names.h>`
		`- +#endif`
		`-`
		`- /* Avoid tripping over an engine build installed globally and detected`
		`- * when the user points at an explicit non-engine flavor of OpenSSL`
		`- */`
		`- -#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)`
		`- +#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) \`
		`- + && (OPENSSL_VERSION_NUMBER < 0x30000000 \`
		`- + \|\| (defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL < 30000)) \`
		`- + && !defined(OPENSSL_NO_ENGINE)`
		`- #include <openssl/engine.h>`
		`- +#define MODSSL_HAVE_ENGINE_API 1`
		`- +#endif`
		`- +#ifndef MODSSL_HAVE_ENGINE_API`
		`- +#define MODSSL_HAVE_ENGINE_API 0`
		`- #endif`
		`-`
		`- #if (OPENSSL_VERSION_NUMBER < 0x0090801f)`
		`- @@ -142,10 +150,18 @@`
		`- * include most changes from OpenSSL >= 1.1 (new functions, macros,`
		`- * deprecations, ...), so we have to work around this...`
		`- */`
		`- -#define MODSSL_USE_OPENSSL_PRE_1_1_API (LIBRESSL_VERSION_NUMBER < 0x2070000f)`
		`- +#if LIBRESSL_VERSION_NUMBER < 0x2070000f`
		`- +#define MODSSL_USE_OPENSSL_PRE_1_1_API 1`
		`- +#else`
		`- +#define MODSSL_USE_OPENSSL_PRE_1_1_API 0`
		`- +#endif`
		`- #else /* defined(LIBRESSL_VERSION_NUMBER) */`
		`- -#define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)`
		`- +#if OPENSSL_VERSION_NUMBER < 0x10100000L`
		`- +#define MODSSL_USE_OPENSSL_PRE_1_1_API 1`
		`- +#else`
		`- +#define MODSSL_USE_OPENSSL_PRE_1_1_API 0`
		`- #endif`
		`- +#endif /* defined(LIBRESSL_VERSION_NUMBER) */`
		`-`
		`- #if defined(OPENSSL_FIPS) \|\| OPENSSL_VERSION_NUMBER >= 0x30000000L`
		`- #define HAVE_FIPS`
		`- @@ -211,7 +227,10 @@`
		`- #endif`
		`-`
		`- /* Secure Remote Password */`
		`- -#if !defined(OPENSSL_NO_SRP) && defined(SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB)`
		`- +#if !defined(OPENSSL_NO_SRP) \`
		`- + && (OPENSSL_VERSION_NUMBER < 0x30000000L \`
		`- + \|\| (defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL < 30000)) \`
		`- + && defined(SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB)`
		`- #define HAVE_SRP`
		`- #include <openssl/srp.h>`
		`- #endif`
		`- @@ -254,6 +273,14 @@`
		`- #endif`
		`- #endif`
		`-`
		`- +/* those may be deprecated */`
		`- +#ifndef X509_get_notBefore`
		`- +#define X509_get_notBefore X509_getm_notBefore`
		`- +#endif`
		`- +#ifndef X509_get_notAfter`
		`- +#define X509_get_notAfter X509_getm_notAfter`
		`- +#endif`
		`- +`
		`- #if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)`
		`- #define HAVE_OPENSSL_KEYLOG`
		`- #endif`
		`- @@ -1019,7 +1046,7 @@`
		`- /** I/O */`
		`- void ssl_io_filter_init(conn_rec , request_rec r, SSL *);`
		`- void ssl_io_filter_register(apr_pool_t *);`
		`- -long ssl_io_data_cb(BIO , int, const char , int, long, long);`
		`- +void modssl_set_io_callbacks(SSL *ssl);`
		`-`
		`- /* ssl_io_buffer_fill fills the setaside buffering of the HTTP request`
		`- * to allow an SSL renegotiation to take place. */`
		`- @@ -1057,9 +1084,13 @@`
		`- X509 pubkey, EVP_PKEY privkey);`
		`-`
		`- /** Diffie-Hellman Parameter Support */`
		`- -DH ssl_dh_GetParamFromFile(const char );`
		`- +#if OPENSSL_VERSION_NUMBER < 0x30000000L`
		`- +DH modssl_dh_from_file(const char );`
		`- +#else`
		`- +EVP_PKEY modssl_dh_pkey_from_file(const char );`
		`- +#endif`
		`- #ifdef HAVE_ECC`
		`- -EC_GROUP ssl_ec_GetParamFromFile(const char );`
		`- +EC_GROUP modssl_ec_group_from_file(const char );`
		`- #endif`
		`-`
		`- /* Store the EVP_PKEY key (serialized into DER) in the hash table with`
		`- --- httpd-2.4.58/modules/ssl/ssl_util.c.r1913912`
		`- +++ httpd-2.4.58/modules/ssl/ssl_util.c`
		`- @@ -476,7 +476,7 @@`
		`-`
		`- int modssl_is_engine_id(const char *name)`
		`- {`
		`- -#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)`
		`- +#if MODSSL_HAVE_ENGINE_API`
		`- /* ### Can handle any other special ENGINE key names here? */`
		`- return strncmp(name, "pkcs11:", 7) == 0;`
		`- #else`
		`- --- httpd-2.4.58/modules/ssl/ssl_util_ssl.c.r1913912`
		`- +++ httpd-2.4.58/modules/ssl/ssl_util_ssl.c`
		`- @@ -464,29 +464,52 @@`
		`- ** _________________________________________________________________`
		`- */`
		`-`
		`- -DH ssl_dh_GetParamFromFile(const char file)`
		`- +#if OPENSSL_VERSION_NUMBER < 0x30000000L`
		`- +DH modssl_dh_from_file(const char file)`
		`- {`
		`- - DH *dh = NULL;`
		`- + DH *dh;`
		`- BIO *bio;`
		`-`
		`- if ((bio = BIO_new_file(file, "r")) == NULL)`
		`- return NULL;`
		`- dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);`
		`- BIO_free(bio);`
		`- - return (dh);`
		`- +`
		`- + return dh;`
		`- +}`
		`- +#else`
		`- +EVP_PKEY modssl_dh_pkey_from_file(const char file)`
		`- +{`
		`- + EVP_PKEY *pkey;`
		`- + BIO *bio;`
		`- +`
		`- + if ((bio = BIO_new_file(file, "r")) == NULL)`
		`- + return NULL;`
		`- + pkey = PEM_read_bio_Parameters(bio, NULL);`
		`- + BIO_free(bio);`
		`- +`
		`- + return pkey;`
		`- }`
		`- +#endif`
		`-`
		`- #ifdef HAVE_ECC`
		`- -EC_GROUP ssl_ec_GetParamFromFile(const char file)`
		`- +EC_GROUP modssl_ec_group_from_file(const char file)`
		`- {`
		`- - EC_GROUP *group = NULL;`
		`- + EC_GROUP *group;`
		`- BIO *bio;`
		`-`
		`- if ((bio = BIO_new_file(file, "r")) == NULL)`
		`- return NULL;`
		`- +#if OPENSSL_VERSION_NUMBER < 0x30000000L`
		`- group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL);`
		`- +#else`
		`- + group = PEM_ASN1_read_bio((void *)d2i_ECPKParameters,`
		`- + PEM_STRING_ECPARAMETERS, bio,`
		`- + NULL, NULL, NULL);`
		`- +#endif`
		`- BIO_free(bio);`
		`- - return (group);`
		`- +`
		`- + return group;`
		`- }`
		`- #endif`
		`-`
		`- --- httpd-2.4.58/modules/ssl/ssl_util_stapling.c.r1913912`
		`- +++ httpd-2.4.58/modules/ssl/ssl_util_stapling.c`
		`- @@ -29,9 +29,9 @@`
		`- -- Alexei Sayle */`
		`-`
		`- #include "ssl_private.h"`
		`- +`
		`- #include "ap_mpm.h"`
		`- #include "apr_thread_mutex.h"`
		`- -#include "mod_ssl_openssl.h"`
		`-`
		`- APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, init_stapling_status,`
		`- (server_rec s, apr_pool_t p,`
		`- --- httpd-2.4.58/support/ab.c.r1913912`
		`- +++ httpd-2.4.58/support/ab.c`
		`- @@ -166,13 +166,18 @@`
		`-`
		`- #if defined(HAVE_OPENSSL)`
		`-`
		`- -#include <openssl/rsa.h>`
		`- +#include <openssl/evp.h>`
		`- #include <openssl/crypto.h>`
		`- #include <openssl/x509.h>`
		`- #include <openssl/pem.h>`
		`- #include <openssl/err.h>`
		`- #include <openssl/ssl.h>`
		`- #include <openssl/rand.h>`
		`- +#include <openssl/opensslv.h>`
		`- +#if OPENSSL_VERSION_NUMBER >= 0x30000000L`
		`- +#include <openssl/core_names.h>`
		`- +#endif`
		`- +`
		`- #define USE_SSL`
		`-`
		`- #define SK_NUM(x) sk_X509_num(x)`
		`- @@ -555,22 +560,33 @@`
		`- *`
		`- */`
		`- #ifdef USE_SSL`
		`- -static long ssl_print_cb(BIO bio,int cmd,const char argp,int argi,long argl,long ret)`
		`- +#if OPENSSL_VERSION_NUMBER >= 0x30000000L`
		`- +static long ssl_print_cb(BIO bio, int cmd, const char argp,`
		`- + size_t len, int argi, long argl, int ret,`
		`- + size_t *processed)`
		`- +#else`
		`- +static long ssl_print_cb(BIO bio, int cmd, const char argp,`
		`- + int argi, long argl, long ret)`
		`- +#endif`
		`- {`
		`- BIO *out;`
		`- +#if OPENSSL_VERSION_NUMBER >= 0x30000000L`
		`- + (void)len;`
		`- + (void)processed;`
		`- +#endif`
		`-`
		`- out=(BIO *)BIO_get_callback_arg(bio);`
		`- if (out == NULL) return(ret);`
		`-`
		`- if (cmd == (BIO_CB_READ\|BIO_CB_RETURN)) {`
		`- BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n",`
		`- - bio, argp, argi, ret, ret);`
		`- + bio, argp, argi, (long)ret, (long)ret);`
		`- BIO_dump(out,(char *)argp,(int)ret);`
		`- return(ret);`
		`- }`
		`- else if (cmd == (BIO_CB_WRITE\|BIO_CB_RETURN)) {`
		`- BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n",`
		`- - bio, argp, argi, ret, ret);`
		`- + bio, argp, argi, (long)ret, (long)ret);`
		`- BIO_dump(out,(char *)argp,(int)ret);`
		`- }`
		`- return ret;`
		`- @@ -765,17 +781,29 @@`
		`- break;`
		`- #ifndef OPENSSL_NO_EC`
		`- case EVP_PKEY_EC: {`
		`- +#if OPENSSL_VERSION_NUMBER >= 0x30000000L`
		`- + size_t len;`
		`- + char cname[80];`
		`- + if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME,`
		`- + cname, sizeof(cname), &len)) {`
		`- + cname[0] = '?';`
		`- + len = 1;`
		`- + }`
		`- + cname[len] = '\0';`
		`- +#else`
		`- const char *cname = NULL;`
		`- EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);`
		`- int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));`
		`- EC_KEY_free(ec);`
		`- cname = EC_curve_nid2nist(nid);`
		`- - if (!cname)`
		`- + if (!cname) {`
		`- cname = OBJ_nid2sn(nid);`
		`- -`
		`- + if (!cname)`
		`- + cname = "?";`
		`- + }`
		`- +#endif`
		`- apr_snprintf(ssl_tmp_key, 128, "ECDH %s %d bits",`
		`- - cname,`
		`- - EVP_PKEY_bits(key));`
		`- + cname, EVP_PKEY_bits(key));`
		`- break;`
		`- }`
		`- #endif`
		`- @@ -1428,7 +1456,11 @@`
		`- SSL_set_bio(c->ssl, bio, bio);`
		`- SSL_set_connect_state(c->ssl);`
		`- if (verbosity >= 4) {`
		`- +#if OPENSSL_VERSION_NUMBER >= 0x30000000L`
		`- + BIO_set_callback_ex(bio, ssl_print_cb);`
		`- +#else`
		`- BIO_set_callback(bio, ssl_print_cb);`
		`- +#endif`
		`- BIO_set_callback_arg(bio, (void *)bio_err);`
		`- }`
		`- #ifdef HAVE_TLSEXT`

httpd-2.4.58-r1914013.patch

file removed

-16

		`@@ -1,16 +0,0 @@`
		`- # ./pullrev.sh 1914013`
		`- http://svn.apache.org/viewvc?view=revision&revision=1914013`
		`-`
		`- Upstream-Status: merged for 2.4.59`
		`-`
		`- --- httpd-2.4.58/modules/filters/mod_xml2enc.c`
		`- +++ httpd-2.4.58/modules/filters/mod_xml2enc.c`
		`- @@ -209,7 +209,7 @@`
		`-`
		`- /* to sniff, first we look for BOM */`
		`- if (ctx->xml2enc == XML_CHAR_ENCODING_NONE) {`
		`- - ctx->xml2enc = xmlDetectCharEncoding((const xmlChar*)ctx->buf,`
		`- + ctx->xml2enc = xmlDetectCharEncoding((const unsigned char*)ctx->buf,`
		`- ctx->bytes);`
		`- if (HAVE_ENCODING(ctx->xml2enc)) {`
		`- ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01432)`

httpd-2.4.59-gettid.patch

file added

+14

		`@@ -0,0 +1,14 @@`
		`+`
		`+ Upstream-Status: not pushed upstream`
		`+`
		`+ --- httpd-2.4.54/server/log.c.gettid`
		`+ +++ httpd-2.4.54/server/log.c`
		`+ @@ -968,7 +972,7 @@`
		`+ #if APR_HAS_THREADS`
		`+ field_start = len;`
		`+ len += cpystrn(buf + len, ":tid ", buflen - len);`
		`+ - item_len = log_tid(info, NULL, buf + len, buflen - len);`
		`+ + item_len = log_tid(info, "g", buf + len, buflen - len);`
		`+ if (!item_len)`
		`+ len = field_start;`
		`+ else`

httpd-2.4.59-unifycgid.patch ~~httpd-2.4.48-r1828172+.patch~~

file renamed

+144 -148

		`@@ -1,14 +1,41 @@`

		`https://github.com/apache/httpd/pull/209`

		`- Upstream-Status: in trunk, not proposed for 2.4.x`
		`-`
		`+ diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml`
		`+ index ddacd4af19..6d4379d165 100644`
		`+ --- a/.github/workflows/linux.yml`
		`+ +++ b/.github/workflows/linux.yml`
		`+ @@ -48,11 +48,11 @@ jobs:`
		`+ - name: Shared MPMs, all-modules`
		`+ config: --enable-mods-shared=reallyall --enable-mpms-shared=all`
		`+ # -------------------------------------------------------------------------`
		`+ - - name: Event MPM, all-modules, mod_cgid only`
		`+ - config: --enable-mods-shared=reallyall --with-mpm=event --disable-cgi`
		`+ + - name: Event MPM, all-modules, mod_cgid fdpassing`
		`+ + config: --enable-mods-shared=reallyall --with-mpm=event --disable-cgi --enable-cgid-fdpassing`
		`+ # -------------------------------------------------------------------------`
		`+ - - name: Event MPM, all-modules, no CMSG_DATA`
		`+ - config: --enable-mods-shared=reallyall --with-mpm=event ac_cv_have_decl_CMSG_DATA=no`
		`+ + - name: Event MPM, all-modules, mod_cgid w/o fdpassing`
		`+ + config: --enable-mods-shared=reallyall --with-mpm=event --disable-cgi`
		`+ # -------------------------------------------------------------------------`
		`+ - name: Default, all-modules + install`
		`+ config: --enable-mods-shared=reallyall`
		`+ diff --git a/changes-entries/pr54221.txt b/changes-entries/pr54221.txt`
		`+ new file mode 100644`
		`+ index 0000000000..62b75ea4dd`
		`+ --- /dev/null`
		`+ +++ b/changes-entries/pr54221.txt`
		`+ @@ -0,0 +1,3 @@`
		`+ + *) mod_cgid: Optional support for file descriptor passing, fixing`
		`+ + error log handling (configure --enable-cgid-fdpassing) on Unix`
		`+ + platforms. PR 54221. [Joe Orton]`
		`diff --git a/modules/generators/cgi_common.h b/modules/generators/cgi_common.h`
		`new file mode 100644`
		`- index 0000000000..69df73ce68`
		`+ index 0000000000..66f9418f21`
		`--- /dev/null`
		`+++ b/modules/generators/cgi_common.h`
		`- @@ -0,0 +1,629 @@`
		`+ @@ -0,0 +1,639 @@`
		`+/* Licensed to the Apache Software Foundation (ASF) under one or more`
		`+ * contributor license agreements. See the NOTICE file distributed with`
		`+ * this work for additional information regarding copyright ownership.`
		`@@ -37,6 +64,7 @@`
		`+`
		`+#include "httpd.h"`
		`+#include "util_filter.h"`
		`+ +#include "util_script.h"`
		`+`
		`+static APR_OPTIONAL_FN_TYPE(ap_ssi_get_tag_and_value) *cgi_pfn_gtv;`
		`+static APR_OPTIONAL_FN_TYPE(ap_ssi_parse_string) *cgi_pfn_ps;`
		`@@ -439,9 +467,18 @@`
		`+ char sbuf[MAX_STRING_LEN];`
		`+ int ret;`
		`+`
		`- + if ((ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf,`
		`- + APLOG_MODULE_INDEX)))`
		`- + {`
		`+ + ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf,`
		`+ + APLOG_MODULE_INDEX);`
		`+ +`
		`+ + /* xCGI has its own body framing mechanism which we don't`
		`+ + * match against any provided Content-Length, so let the`
		`+ + * core determine C-L vs T-E based on what's actually sent.`
		`+ + */`
		`+ + if (!apr_table_get(r->subprocess_env, AP_TRUST_CGILIKE_CL_ENVVAR))`
		`+ + apr_table_unset(r->headers_out, "Content-Length");`
		`+ + apr_table_unset(r->headers_out, "Transfer-Encoding");`
		`+ +`
		`+ + if (ret != OK) {`
		`+ /* In the case of a timeout reading script output, clear`
		`+ * the brigade to avoid a second attempt to read the`
		`+ * output. */`
		`@@ -659,10 +696,18 @@`
		`+`
		`APACHE_MODPATH_FINISH`
		`diff --git a/modules/generators/mod_cgi.c b/modules/generators/mod_cgi.c`
		`- index 7e4b126c10..421124a0cb 100644`
		`+ index 1f7778617e..3799b06ce3 100644`
		`--- a/modules/generators/mod_cgi.c`
		`+++ b/modules/generators/mod_cgi.c`
		`- @@ -61,9 +61,6 @@`
		`+ @@ -48,7 +48,6 @@`
		`+ #include "http_protocol.h"`
		`+ #include "http_main.h"`
		`+ #include "http_log.h"`
		`+ -#include "util_script.h"`
		`+ #include "ap_mpm.h"`
		`+ #include "mod_core.h"`
		`+ #include "mod_cgi.h"`
		`+ @@ -61,9 +60,6 @@`

		`module AP_MODULE_DECLARE_DATA cgi_module;`

		`@@ -672,14 +717,10 @@`
		`static APR_OPTIONAL_FN_TYPE(ap_cgi_build_command) *cgi_build_command;`

		`/* Read and discard the data in the brigade produced by a CGI script */`
		`- @@ -92,6 +89,15 @@ typedef struct {`
		`- apr_size_t bufbytes;`
		`- } cgi_server_conf;`
		`+ @@ -96,6 +92,11 @@ typedef struct {`
		`+ apr_interval_time_t timeout;`
		`+ } cgi_dirconf;`

		`- +typedef struct {`
		`- + apr_interval_time_t timeout;`
		`- +} cgi_dirconf;`
		`- +`
		`+#if APR_FILES_AS_SOCKETS`
		`+#define WANT_CGI_BUCKET`
		`+#endif`
		`@@ -688,44 +729,7 @@`
		`static void create_cgi_config(apr_pool_t p, server_rec *s)`
		`{`
		`cgi_server_conf *c =`
		`- @@ -112,6 +118,12 @@ static void merge_cgi_config(apr_pool_t p, void basev, void overridesv)`
		`- return overrides->logname ? overrides : base;`
		`- }`
		`-`
		`- +static void create_cgi_dirconf(apr_pool_t p, char *dummy)`
		`- +{`
		`- + cgi_dirconf c = (cgi_dirconf ) apr_pcalloc(p, sizeof(cgi_dirconf));`
		`- + return c;`
		`- +}`
		`- +`
		`- static const char set_scriptlog(cmd_parms cmd, void dummy, const char arg)`
		`- {`
		`- server_rec *s = cmd->server;`
		`- @@ -150,6 +162,17 @@ static const char set_scriptlog_buffer(cmd_parms cmd, void *dummy,`
		`- return NULL;`
		`- }`
		`-`
		`- +static const char set_script_timeout(cmd_parms cmd, void dummy, const char arg)`
		`- +{`
		`- + cgi_dirconf *dc = dummy;`
		`- +`
		`- + if (ap_timeout_parameter_parse(arg, &dc->timeout, "s") != APR_SUCCESS) {`
		`- + return "CGIScriptTimeout has wrong format";`
		`- + }`
		`- +`
		`- + return NULL;`
		`- +}`
		`- +`
		`- static const command_rec cgi_cmds[] =`
		`- {`
		`- AP_INIT_TAKE1("ScriptLog", set_scriptlog, NULL, RSRC_CONF,`
		`- @@ -158,67 +181,12 @@ AP_INIT_TAKE1("ScriptLogLength", set_scriptlog_length, NULL, RSRC_CONF,`
		`- "the maximum length (in bytes) of the script debug log"),`
		`- AP_INIT_TAKE1("ScriptLogBuffer", set_scriptlog_buffer, NULL, RSRC_CONF,`
		`- "the maximum size (in bytes) to record of a POST request"),`
		`- +AP_INIT_TAKE1("CGIScriptTimeout", set_script_timeout, NULL, RSRC_CONF \| ACCESS_CONF,`
		`- + "The amount of time to wait between successful reads from "`
		`- + "the CGI script, in seconds."),`
		`+ @@ -185,64 +186,6 @@ AP_INIT_TAKE1("CGIScriptTimeout", set_script_timeout, NULL, RSRC_CONF \| ACCESS_C`
		`{NULL}`
		`};`

		`@@ -790,37 +794,7 @@`
		`static int log_script(request_rec r, cgi_server_conf conf, int ret,`
		`char dbuf, const char sbuf, apr_bucket_brigade *bb,`
		`apr_file_t *script_err)`
		`- @@ -466,23 +434,26 @@ static apr_status_t run_cgi_child(apr_file_t **script_out,`
		`- apr_filepath_name_get(r->filename));`
		`- }`
		`- else {`
		`- + cgi_dirconf *dc = ap_get_module_config(r->per_dir_config, &cgi_module);`
		`- + apr_interval_time_t timeout = dc->timeout > 0 ? dc->timeout : r->server->timeout;`
		`- +`
		`- apr_pool_note_subprocess(p, procnew, APR_KILL_AFTER_TIMEOUT);`
		`-`
		`- *script_in = procnew->out;`
		`- if (!*script_in)`
		`- return APR_EBADF;`
		`- - apr_file_pipe_timeout_set(*script_in, r->server->timeout);`
		`- + apr_file_pipe_timeout_set(*script_in, timeout);`
		`-`
		`- if (e_info->prog_type == RUN_AS_CGI) {`
		`- *script_out = procnew->in;`
		`- if (!*script_out)`
		`- return APR_EBADF;`
		`- - apr_file_pipe_timeout_set(*script_out, r->server->timeout);`
		`- + apr_file_pipe_timeout_set(*script_out, timeout);`
		`-`
		`- *script_err = procnew->err;`
		`- if (!*script_err)`
		`- return APR_EBADF;`
		`- - apr_file_pipe_timeout_set(*script_err, r->server->timeout);`
		`- + apr_file_pipe_timeout_set(*script_err, timeout);`
		`- }`
		`- }`
		`- }`
		`- @@ -536,234 +507,30 @@ static apr_status_t default_build_command(const char cmd, const char *argv,`
		`+ @@ -563,230 +506,23 @@ static apr_status_t default_build_command(const char cmd, const char *argv,`
		`return APR_SUCCESS;`
		`}`

		`@@ -963,11 +937,14 @@`
		`- apr_size_t *len, apr_read_type_e block)`
		`-{`
		`- struct cgi_bucket_data *data = b->data;`
		`- - apr_interval_time_t timeout;`
		`+ - apr_interval_time_t timeout = 0;`
		`- apr_status_t rv;`
		`- int gotdata = 0;`
		`+ - cgi_dirconf *dc = ap_get_module_config(data->r->per_dir_config, &cgi_module);`
		`-`
		`- - timeout = block == APR_NONBLOCK_READ ? 0 : data->r->server->timeout;`
		`+ - if (block != APR_NONBLOCK_READ) {`
		`+ - timeout = dc->timeout > 0 ? dc->timeout : data->r->server->timeout;`
		`+ - }`
		`-`
		`- do {`
		`- const apr_pollfd_t *results;`
		`@@ -1048,10 +1025,10 @@`
		`apr_status_t rv;`
		`cgi_exec_info_t e_info;`
		`- conn_rec *c;`
		`- + cgi_dirconf *dc = ap_get_module_config(r->per_dir_config, &cgi_module);`
		`- + apr_interval_time_t timeout = dc->timeout > 0 ? dc->timeout : r->server->timeout;`
		`+ cgi_dirconf *dc = ap_get_module_config(r->per_dir_config, &cgi_module);`
		`+ apr_interval_time_t timeout = dc->timeout > 0 ? dc->timeout : r->server->timeout;`

		`- if (strcmp(r->handler, CGI_MAGIC_TYPE) && strcmp(r->handler, "cgi-script")) {`
		`+ @@ -794,8 +530,6 @@ static int cgi_handler(request_rec *r)`
		`return DECLINED;`
		`}`

		`@@ -1060,7 +1037,7 @@`
		`is_included = !strcmp(r->protocol, "INCLUDED");`

		`p = r->main ? r->main->pool : r->pool;`
		`- @@ -832,83 +599,24 @@ static int cgi_handler(request_rec *r)`
		`+ @@ -864,83 +598,24 @@ static int cgi_handler(request_rec *r)`
		`return HTTP_INTERNAL_SERVER_ERROR;`
		`}`

		`@@ -1157,7 +1134,7 @@`
		`/* Is this flush really needed? */`
		`apr_file_flush(script_out);`
		`apr_file_close(script_out);`
		`- @@ -916,10 +624,7 @@ static int cgi_handler(request_rec *r)`
		`+ @@ -948,10 +623,7 @@ static int cgi_handler(request_rec *r)`
		`AP_DEBUG_ASSERT(script_in != NULL);`

		`#if APR_FILES_AS_SOCKETS`
		`@@ -1169,7 +1146,7 @@`
		`if (b == NULL)`
		`return HTTP_INTERNAL_SERVER_ERROR;`
		`#else`
		`- @@ -929,111 +634,7 @@ static int cgi_handler(request_rec *r)`
		`+ @@ -961,120 +633,7 @@ static int cgi_handler(request_rec *r)`
		`b = apr_bucket_eos_create(c->bucket_alloc);`
		`APR_BRIGADE_INSERT_TAIL(bb, b);`

		`@@ -1179,9 +1156,18 @@`
		`- char sbuf[MAX_STRING_LEN];`
		`- int ret;`
		`-`
		`- - if ((ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf,`
		`- - APLOG_MODULE_INDEX)))`
		`- - {`
		`+ - ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf,`
		`+ - APLOG_MODULE_INDEX);`
		`+ -`
		`+ - /* xCGI has its own body framing mechanism which we don't`
		`+ - * match against any provided Content-Length, so let the`
		`+ - * core determine C-L vs T-E based on what's actually sent.`
		`+ - */`
		`+ - if (!apr_table_get(r->subprocess_env, AP_TRUST_CGILIKE_CL_ENVVAR))`
		`+ - apr_table_unset(r->headers_out, "Content-Length");`
		`+ - apr_table_unset(r->headers_out, "Transfer-Encoding");`
		`+ -`
		`+ - if (ret != OK) {`
		`- ret = log_script(r, conf, ret, dbuf, sbuf, bb, script_err);`
		`-`
		`- /*`
		`@@ -1220,7 +1206,7 @@`
		`- * stderr output, as normal. */`
		`- discard_script_output(bb);`
		`- apr_brigade_destroy(bb);`
		`- - apr_file_pipe_timeout_set(script_err, r->server->timeout);`
		`+ - apr_file_pipe_timeout_set(script_err, timeout);`
		`- log_script_err(r, script_err);`
		`- }`
		`-`
		`@@ -1271,7 +1257,7 @@`
		`- * connection drops or we stopped sending output for some other`
		`- * reason */`
		`- if (rv == APR_SUCCESS && !r->connection->aborted) {`
		`- - apr_file_pipe_timeout_set(script_err, r->server->timeout);`
		`+ - apr_file_pipe_timeout_set(script_err, timeout);`
		`- log_script_err(r, script_err);`
		`- }`
		`-`
		`@@ -1282,7 +1268,7 @@`
		`}`

		`/*============================================================================`
		`- @@ -1147,107 +748,9 @@ static apr_status_t include_cmd(include_ctx_t ctx, ap_filter_t f,`
		`+ @@ -1188,107 +747,9 @@ static apr_status_t include_cmd(include_ctx_t ctx, ap_filter_t f,`
		`return APR_SUCCESS;`
		`}`

		`@@ -1390,7 +1376,7 @@`
		`/* This is the means by which unusual (non-unix) os's may find alternate`
		`* means to run a given command (e.g. shebang/registry parsing on Win32)`
		`*/`
		`- @@ -1263,12 +766,13 @@ static void register_hooks(apr_pool_t *p)`
		`+ @@ -1304,6 +765,7 @@ static void register_hooks(apr_pool_t *p)`
		`static const char * const aszPre[] = { "mod_include.c", NULL };`
		`ap_hook_handler(cgi_handler, NULL, NULL, APR_HOOK_MIDDLE);`
		`ap_hook_post_config(cgi_post_config, aszPre, NULL, APR_HOOK_REALLY_FIRST);`
		`@@ -1398,18 +1384,19 @@`
		`}`

		`AP_DECLARE_MODULE(cgi) =`
		`- {`
		`- STANDARD20_MODULE_STUFF,`
		`- - NULL, /* dir config creater */`
		`- + create_cgi_dirconf, /* dir config creater */`
		`- NULL, /* dir merger --- default is to override */`
		`- create_cgi_config, /* server config */`
		`- merge_cgi_config, /* merge server config */`
		`diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c`
		`- index 2258a683b7..dddfb25254 100644`
		`+ index 4bab59f932..1d55b8dc48 100644`
		`--- a/modules/generators/mod_cgid.c`
		`+++ b/modules/generators/mod_cgid.c`
		`- @@ -80,11 +80,6 @@ module AP_MODULE_DECLARE_DATA cgid_module;`
		`+ @@ -57,7 +57,6 @@`
		`+ #include "http_protocol.h"`
		`+ #include "http_main.h"`
		`+ #include "http_log.h"`
		`+ -#include "util_script.h"`
		`+ #include "ap_mpm.h"`
		`+ #include "mpm_common.h"`
		`+ #include "mod_suexec.h"`
		`+ @@ -80,11 +79,6 @@ module AP_MODULE_DECLARE_DATA cgid_module;`

		`static int cgid_start(apr_pool_t p, server_rec main_server, apr_proc_t *procnew);`
		`static int cgid_init(apr_pool_t p, apr_pool_t plog, apr_pool_t ptemp, server_rec main_server);`
		`@@ -1421,7 +1408,7 @@`

		`static apr_pool_t *pcgi = NULL;`
		`static pid_t daemon_pid;`
		`- @@ -220,6 +215,15 @@ typedef struct {`
		`+ @@ -220,6 +214,15 @@ typedef struct {`
		`#endif`
		`} cgid_req_t;`

		`@@ -1437,7 +1424,7 @@`
		`/* This routine is called to create the argument list to be passed`
		`* to the CGI script. When suexec is enabled, the suexec path, user, and`
		`* group are the first three arguments to be passed; if not, all three`
		`- @@ -342,15 +346,19 @@ static apr_status_t close_unix_socket(void *thefd)`
		`+ @@ -342,15 +345,19 @@ static apr_status_t close_unix_socket(void *thefd)`
		`return close(fd);`
		`}`

		`@@ -1462,7 +1449,7 @@`
		`do {`
		`do {`
		`rc = read(fd, buf + bytes_read, buf_size - bytes_read);`
		`- @@ -365,9 +373,60 @@ static apr_status_t sock_read(int fd, void *vbuf, size_t buf_size)`
		`+ @@ -365,9 +372,60 @@ static apr_status_t sock_read(int fd, void *vbuf, size_t buf_size)`
		`}`
		`} while (bytes_read < buf_size);`

		`@@ -1523,7 +1510,7 @@`
		`/* deal with signals`
		`*/`
		`static apr_status_t sock_write(int fd, const void *buf, size_t buf_size)`
		`- @@ -384,7 +443,7 @@ static apr_status_t sock_write(int fd, const void *buf, size_t buf_size)`
		`+ @@ -384,7 +442,7 @@ static apr_status_t sock_write(int fd, const void *buf, size_t buf_size)`
		`return APR_SUCCESS;`
		`}`

		`@@ -1532,7 +1519,7 @@`
		`{`
		`va_list ap;`
		`int rc;`
		`- @@ -399,9 +458,39 @@ static apr_status_t sock_writev(int fd, request_rec *r, int count, ...)`
		`+ @@ -399,9 +457,39 @@ static apr_status_t sock_writev(int fd, request_rec *r, int count, ...)`
		`}`
		`va_end(ap);`

		`@@ -1572,7 +1559,7 @@`
		`if (rc < 0) {`
		`return errno;`
		`}`
		`- @@ -410,7 +499,7 @@ static apr_status_t sock_writev(int fd, request_rec *r, int count, ...)`
		`+ @@ -410,7 +498,7 @@ static apr_status_t sock_writev(int fd, request_rec *r, int count, ...)`
		`}`

		`static apr_status_t get_req(int fd, request_rec r, char argv0, char **env,`
		`@@ -1581,7 +1568,7 @@`
		`{`
		`int i;`
		`char **environ;`
		`- @@ -421,7 +510,7 @@ static apr_status_t get_req(int fd, request_rec r, char argv0, char **env,`
		`+ @@ -421,7 +509,7 @@ static apr_status_t get_req(int fd, request_rec r, char argv0, char **env,`
		`r->server = apr_pcalloc(r->pool, sizeof(server_rec));`

		`/* read the request header */`
		`@@ -1590,7 +1577,7 @@`
		`if (stat != APR_SUCCESS) {`
		`return stat;`
		`}`
		`- @@ -431,6 +520,14 @@ static apr_status_t get_req(int fd, request_rec r, char argv0, char **env,`
		`+ @@ -431,6 +519,14 @@ static apr_status_t get_req(int fd, request_rec r, char argv0, char **env,`
		`return APR_SUCCESS;`
		`}`

		`@@ -1605,7 +1592,7 @@`
		`/* handle module indexes and such */`
		`rconf = (void **)ap_create_request_config(r->pool);`

		`- @@ -479,14 +576,15 @@ static apr_status_t get_req(int fd, request_rec r, char argv0, char **env,`
		`+ @@ -479,14 +575,15 @@ static apr_status_t get_req(int fd, request_rec r, char argv0, char **env,`
		`return APR_SUCCESS;`
		`}`

		`@@ -1623,7 +1610,7 @@`


		`if (ugid == NULL) {`
		`- @@ -507,16 +605,21 @@ static apr_status_t send_req(int fd, request_rec r, char argv0, char **env,`
		`+ @@ -507,16 +604,21 @@ static apr_status_t send_req(int fd, request_rec r, char argv0, char **env,`
		`req.args_len = r->args ? strlen(r->args) : 0;`
		`req.loglevel = r->server->log.level;`

		`@@ -1647,7 +1634,7 @@`
		`&req, sizeof(req),`
		`r->filename, req.filename_len,`
		`argv0, req.argv0_len,`
		`- @@ -531,7 +634,7 @@ static apr_status_t send_req(int fd, request_rec r, char argv0, char **env,`
		`+ @@ -531,7 +633,7 @@ static apr_status_t send_req(int fd, request_rec r, char argv0, char **env,`
		`for (i = 0; i < req.env_count; i++) {`
		`apr_size_t curlen = strlen(env[i]);`

		`@@ -1656,7 +1643,7 @@`
		`env[i], curlen)) != APR_SUCCESS) {`
		`return stat;`
		`}`
		`- @@ -582,20 +685,34 @@ static void daemon_signal_handler(int sig)`
		`+ @@ -582,20 +684,34 @@ static void daemon_signal_handler(int sig)`
		`}`
		`}`

		`@@ -1699,7 +1686,7 @@`
		`}`

		`static int cgid_server(void *data)`
		`- @@ -670,7 +787,7 @@ static int cgid_server(void *data)`
		`+ @@ -670,7 +786,7 @@ static int cgid_server(void *data)`
		`}`

		`while (!daemon_should_exit) {`
		`@@ -1708,7 +1695,7 @@`
		`char *argv0 = NULL;`
		`char **env = NULL;`
		`const char * const *argv;`
		`- @@ -710,7 +827,7 @@ static int cgid_server(void *data)`
		`+ @@ -710,7 +826,7 @@ static int cgid_server(void *data)`
		`r = apr_pcalloc(ptrans, sizeof(request_rec));`
		`procnew = apr_pcalloc(ptrans, sizeof(*procnew));`
		`r->pool = ptrans;`
		`@@ -1717,7 +1704,7 @@`
		`if (stat != APR_SUCCESS) {`
		`ap_log_error(APLOG_MARK, APLOG_ERR, stat,`
		`main_server, APLOGNO(01248)`
		`- @@ -742,6 +859,16 @@ static int cgid_server(void *data)`
		`+ @@ -742,6 +858,16 @@ static int cgid_server(void *data)`
		`continue;`
		`}`

		`@@ -1734,7 +1721,7 @@`
		`apr_os_file_put(&r->server->error_log, &errfileno, 0, r->pool);`
		`apr_os_file_put(&inout, &sd2, 0, r->pool);`

		`- @@ -801,7 +928,10 @@ static int cgid_server(void *data)`
		`+ @@ -801,7 +927,10 @@ static int cgid_server(void *data)`
		`close(sd2);`
		`}`
		`else {`
		`@@ -1746,7 +1733,7 @@`

		`argv = (const char * const *)create_argv(r->pool, NULL, NULL, NULL, argv0, r->args);`

		`- @@ -946,16 +1076,6 @@ static int cgid_init(apr_pool_t p, apr_pool_t plog, apr_pool_t *ptemp,`
		`+ @@ -946,16 +1075,6 @@ static int cgid_init(apr_pool_t p, apr_pool_t plog, apr_pool_t *ptemp,`
		`if (ret != OK ) {`
		`return ret;`
		`}`
		`@@ -1763,7 +1750,7 @@`
		`}`
		`return ret;`
		`}`
		`- @@ -1066,41 +1186,6 @@ static const command_rec cgid_cmds[] =`
		`+ @@ -1066,41 +1185,6 @@ static const command_rec cgid_cmds[] =`
		`{NULL}`
		`};`

		`@@ -1805,7 +1792,7 @@`
		`static int log_script(request_rec r, cgid_server_conf conf, int ret,`
		`char dbuf, const char sbuf, apr_bucket_brigade *bb,`
		`apr_file_t *script_err)`
		`- @@ -1221,7 +1306,7 @@ static int connect_to_daemon(int sdptr, request_rec r,`
		`+ @@ -1221,7 +1305,7 @@ static int connect_to_daemon(int sdptr, request_rec r,`
		`++connect_tries;`
		`if ((sd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {`
		`return log_scripterror(r, conf, HTTP_INTERNAL_SERVER_ERROR, errno,`
		`@@ -1814,7 +1801,7 @@`
		`}`
		`if (connect(sd, (struct sockaddr *)server_addr, server_addr_len) < 0) {`
		`/* Save errno for later */`
		`- @@ -1242,7 +1327,7 @@ static int connect_to_daemon(int sdptr, request_rec r,`
		`+ @@ -1242,7 +1326,7 @@ static int connect_to_daemon(int sdptr, request_rec r,`
		`}`
		`else {`
		`close(sd);`
		`@@ -1823,7 +1810,7 @@`
		`"unable to connect to cgi daemon after multiple tries");`
		`}`
		`}`
		`- @@ -1258,13 +1343,15 @@ static int connect_to_daemon(int sdptr, request_rec r,`
		`+ @@ -1258,13 +1342,15 @@ static int connect_to_daemon(int sdptr, request_rec r,`
		`if (connect_errno == ENOENT &&`
		`apr_time_sec(apr_time_now() - ap_scoreboard_image->global->restart_time) >`
		`DEFAULT_CONNECT_STARTUP_DELAY) {`
		`@@ -1842,7 +1829,7 @@`
		`"cgid daemon is gone; is Apache terminating?");`
		`}`
		`}`
		`- @@ -1272,23 +1359,6 @@ static int connect_to_daemon(int sdptr, request_rec r,`
		`+ @@ -1272,23 +1358,6 @@ static int connect_to_daemon(int sdptr, request_rec r,`
		`return OK;`
		`}`

		`@@ -1866,7 +1853,7 @@`
		`/****************************************************************`
		`*`
		`* Actual cgid handling...`
		`- @@ -1374,7 +1444,9 @@ static apr_status_t get_cgi_pid(request_rec r, cgid_server_conf conf, pid_t *`
		`+ @@ -1374,7 +1443,9 @@ static apr_status_t get_cgi_pid(request_rec r, cgid_server_conf conf, pid_t *`
		`return stat;`
		`}`

		`@@ -1877,7 +1864,7 @@`
		`ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01261)`
		`"daemon couldn't find CGI process for connection %lu",`
		`r->connection->id);`
		`- @@ -1393,19 +1465,21 @@ static apr_status_t cleanup_script(void *vptr)`
		`+ @@ -1393,19 +1464,21 @@ static apr_status_t cleanup_script(void *vptr)`

		`static int cgid_handler(request_rec *r)`
		`{`
		`@@ -1903,7 +1890,7 @@`

		`if (strcmp(r->handler, CGI_MAGIC_TYPE) && strcmp(r->handler, "cgi-script")) {`
		`return DECLINED;`
		`- @@ -1414,7 +1488,7 @@ static int cgid_handler(request_rec *r)`
		`+ @@ -1414,7 +1487,7 @@ static int cgid_handler(request_rec *r)`
		`conf = ap_get_module_config(r->server->module_config, &cgid_module);`
		`dc = ap_get_module_config(r->per_dir_config, &cgid_module);`

		`@@ -1912,7 +1899,7 @@`
		`is_included = !strcmp(r->protocol, "INCLUDED");`

		`if ((argv0 = strrchr(r->filename, '/')) != NULL) {`
		`- @@ -1429,12 +1503,12 @@ static int cgid_handler(request_rec *r)`
		`+ @@ -1429,12 +1502,12 @@ static int cgid_handler(request_rec *r)`
		`argv0 = r->filename;`

		`if (!(ap_allow_options(r) & OPT_EXECCGI) && !is_scriptaliased(r)) {`
		`@@ -1927,7 +1914,7 @@`
		`"attempt to include NPH CGI script");`
		`}`

		`- @@ -1443,12 +1517,12 @@ static int cgid_handler(request_rec *r)`
		`+ @@ -1443,12 +1516,12 @@ static int cgid_handler(request_rec *r)`
		`#error at mod_cgi.c for required code in this path.`
		`#else`
		`if (r->finfo.filetype == APR_NOFILE) {`
		`@@ -1942,7 +1929,7 @@`
		`"attempt to invoke directory as script");`
		`}`

		`- @@ -1456,7 +1530,7 @@ static int cgid_handler(request_rec *r)`
		`+ @@ -1456,7 +1529,7 @@ static int cgid_handler(request_rec *r)`
		`r->path_info && *r->path_info)`
		`{`
		`/* default to accept */`
		`@@ -1951,7 +1938,7 @@`
		`"AcceptPathInfo off disallows user's path");`
		`}`
		`/*`
		`- @@ -1467,6 +1541,17 @@ static int cgid_handler(request_rec *r)`
		`+ @@ -1467,6 +1540,17 @@ static int cgid_handler(request_rec *r)`
		`}`
		`*/`

		`@@ -1969,7 +1956,7 @@`
		`/*`
		`* httpd core function used to add common environment variables like`
		`* DOCUMENT_ROOT.`
		`- @@ -1479,24 +1564,28 @@ static int cgid_handler(request_rec *r)`
		`+ @@ -1479,24 +1563,28 @@ static int cgid_handler(request_rec *r)`
		`return retval;`
		`}`

		`@@ -2005,7 +1992,7 @@`
		`}`

		`/* We are putting the socket discriptor into an apr_file_t so that we can`
		`- @@ -1506,95 +1595,25 @@ static int cgid_handler(request_rec *r)`
		`+ @@ -1506,95 +1594,25 @@ static int cgid_handler(request_rec *r)`
		`*/`

		`apr_os_pipe_put_ex(&tempsock, &sd, 1, r->pool);`
		`@@ -2114,7 +2101,7 @@`
		`}`

		`/* we're done writing, or maybe we didn't write at all;`
		`- @@ -1603,125 +1622,22 @@ static int cgid_handler(request_rec *r)`
		`+ @@ -1603,134 +1621,22 @@ static int cgid_handler(request_rec *r)`
		`*/`
		`shutdown(sd, 1);`

		`@@ -2131,9 +2118,18 @@`
		`- b = apr_bucket_eos_create(c->bucket_alloc);`
		`- APR_BRIGADE_INSERT_TAIL(bb, b);`
		`-`
		`- - if ((ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf,`
		`- - APLOG_MODULE_INDEX)))`
		`- - {`
		`+ - ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf,`
		`+ - APLOG_MODULE_INDEX);`
		`+ -`
		`+ - /* xCGI has its own body framing mechanism which we don't`
		`+ - * match against any provided Content-Length, so let the`
		`+ - * core determine C-L vs T-E based on what's actually sent.`
		`+ - */`
		`+ - if (!apr_table_get(r->subprocess_env, AP_TRUST_CGILIKE_CL_ENVVAR))`
		`+ - apr_table_unset(r->headers_out, "Content-Length");`
		`+ - apr_table_unset(r->headers_out, "Transfer-Encoding");`
		`+ -`
		`+ - if (ret != OK) {`
		`- ret = log_script(r, conf, ret, dbuf, sbuf, bb, NULL);`
		`-`
		`- /*`
		`@@ -2253,7 +2249,7 @@`
		`static apr_status_t include_cgi(include_ctx_t ctx, ap_filter_t f,`
		`apr_bucket_brigade bb, char s)`
		`{`
		`- @@ -1806,7 +1722,7 @@ static void add_ssi_vars(request_rec *r)`
		`+ @@ -1815,7 +1721,7 @@ static void add_ssi_vars(request_rec *r)`
		`}`

		`static int include_cmd(include_ctx_t ctx, ap_filter_t f,`
		`@@ -2262,7 +2258,7 @@`
		`{`
		`char **env;`
		`int sd;`
		`- @@ -1827,7 +1743,7 @@ static int include_cmd(include_ctx_t ctx, ap_filter_t f,`
		`+ @@ -1836,7 +1742,7 @@ static int include_cmd(include_ctx_t ctx, ap_filter_t f,`
		`return retval;`
		`}`

		`@@ -2271,7 +2267,7 @@`

		`info = apr_palloc(r->pool, sizeof(struct cleanup_script_info));`
		`info->conf = conf;`
		`- @@ -1872,91 +1788,6 @@ static int include_cmd(include_ctx_t ctx, ap_filter_t f,`
		`+ @@ -1881,91 +1787,6 @@ static int include_cmd(include_ctx_t ctx, ap_filter_t f,`
		`return APR_SUCCESS;`
		`}`

		`@@ -2363,7 +2359,7 @@`
		`static void register_hook(apr_pool_t *p)`
		`{`
		`static const char * const aszPre[] = { "mod_include.c", NULL };`
		`- @@ -1964,6 +1795,7 @@ static void register_hook(apr_pool_t *p)`
		`+ @@ -1973,6 +1794,7 @@ static void register_hook(apr_pool_t *p)`
		`ap_hook_pre_config(cgid_pre_config, NULL, NULL, APR_HOOK_MIDDLE);`
		`ap_hook_post_config(cgid_init, aszPre, NULL, APR_HOOK_MIDDLE);`
		`ap_hook_handler(cgid_handler, NULL, NULL, APR_HOOK_MIDDLE);`

httpd.spec

file modified

+7 -9

		`@@ -23,8 +23,8 @@`

		`Summary: Apache HTTP Server`
		`Name: httpd`
		`- Version: 2.4.58`
		`- Release: 8%{?dist}`
		`+ Version: 2.4.59`
		`+ Release: 1%{?dist}`
		`URL: https://httpd.apache.org/`
		`Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2`
		`Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc`
		`@@ -85,27 +85,22 @@`
		`Patch21: httpd-2.4.43-mod_systemd.patch`
		`Patch22: httpd-2.4.53-export.patch`
		`Patch23: httpd-2.4.43-corelimit.patch`
		`- Patch24: httpd-2.4.54-gettid.patch`
		`+ Patch24: httpd-2.4.59-gettid.patch`
		`Patch25: httpd-2.4.54-icons.patch`
		`Patch26: httpd-2.4.43-cachehardmax.patch`
		`Patch27: httpd-2.4.43-socket-activation.patch`
		`Patch28: httpd-2.4.43-sslciphdefault.patch`
		`Patch29: httpd-2.4.43-sslprotdefault.patch`
		`- Patch30: httpd-2.4.43-r1861793+.patch`
		`- Patch31: httpd-2.4.48-r1828172+.patch`
		`+ Patch31: httpd-2.4.59-unifycgid.patch`
		`Patch32: httpd-2.4.43-logjournal.patch`
		`Patch33: httpd-2.4.53-separate-systemd-fns.patch`
		`Patch34: httpd-2.4.58-r1912477+.patch`
		`- Patch35: httpd-2.4.58-r1913912+.patch`
		`Patch36: httpd-2.4.58-r1914365.patch`
		`Patch37: httpd-2.4.54-selinux.patch`

		`# Bug fixes`
		`# https://bugzilla.redhat.com/show_bug.cgi?id=1397243`
		`Patch60: httpd-2.4.43-enable-sslv3.patch`
		`- Patch61: httpd-2.4.58-r1914013.patch`
		`- Patch62: httpd-2.4.46-htcacheclean-dont-break.patch`
		`- Patch63: httpd-2.4.51-r1894152.patch`

		`# Security fixes`
		`# Patch200: ...`
		`@@ -829,6 +824,9 @@`
		`%{_rpmconfigdir}/macros.d/macros.httpd`

		`%changelog`
		`+ * Fri Apr 5 2024 Joe Orton <jorton@redhat.com> - 2.4.59-1`
		`+ - update to 2.4.59`
		`+`
		`* Thu Mar 28 2024 Joe Orton <jorton@redhat.com> - 2.4.58-8`
		`- rebuild to fix changelog ordering`

sources

file modified

+2 -2

		`@@ -1,3 +1,3 @@`
		`- SHA512 (httpd-2.4.58.tar.bz2) = d6e73bf413a507ec16b621ff635e178206207a9e9810ce3944b3dc98d39cde8f225307110167fc9da5822175796c8cb66f98be5b9f0d8b76dcd83a401d39b2c1`
		`- SHA512 (httpd-2.4.58.tar.bz2.asc) = aa021b067fc84ae6a09d5ce321207622c6c08f22632ac7362318ca0505b84357d77d4ebc1f17fa2c3030ed9d9fd177e8fb989932caeef695e76936e010b63aa0`
		`SHA512 (KEYS) = 88c848b7ab9e4915d6625dcad3e8328673b0448f2ce76f2c44eecc612cf6afbce3287a4ee7219a44c6fcc61d5ecb2a1a8545456a4a16b90400263d7249cbf192`
		`+ SHA512 (httpd-2.4.59.tar.bz2) = 209da0bbac5e2564d4590302515b35495be6402273ff4024aa93e85e44554c95e053201d606383936425a41e1b5b97e6b40055dcbb385eb691a5029a6f3158c2`
		`+ SHA512 (httpd-2.4.59.tar.bz2.asc) = 85237e204e57d930e2b7a85a21f8d593e81895f96350c3a345978538a536f3c0614ba89256905c0aa558880fc6fb10608b8dd7cbd026af326b1d83601c267f2d`