Adding debian version 2.4.56-1~deb11u2.debian/2.4.56-1_deb11u2

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

8 files changed, 357 insertions, 0 deletions

diff --git a/debian/tests/check-http2 b/debian/tests/check-http2
new file mode 100644
index 0000000..6bc9125
--- /dev/null
+++ b/debian/tests/check-http2
@@ -0,0 +1,41 @@
+#!/bin/sh
+set -uxe
+
+# http2 is rather new, check that it at least generally works
+# Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+
+a2enmod http2
+a2enmod ssl
+a2ensite default-ssl
+# Enable globally
+echo "Protocols h2c h2 http/1.1" >> /etc/apache2/apache2.conf
+service apache2 restart
+
+# Use curl here. wget doesn't work on Debian, even with --no-check-certificate
+# wget on Debian gives me:
+#    GnuTLS: A TLS warning alert has been received.
+#    Unable to establish SSL connection.
+# Presumably this is due to the self-signed certificate, but I'm not sure how
+# to skip the warning with wget. curl will do for now.
+echo "Hello, world!" > /var/www/html/hello.txt
+
+testapache () {
+    cmd="${1}"
+    result=$(${cmd})
+
+    if [ "$result" != "Hello, world!" ]; then
+        echo "Unexpected result: ${result}" >&2
+        exit 1
+    else
+        echo OK
+    fi
+}
+
+# https shall not affect http
+testapache "curl -s -k http://localhost/hello.txt"
+# https shall not affect https
+testapache "curl -s -k https://localhost/hello.txt"
+#plain http2
+testapache "nghttp --no-verify-peer https://localhost/hello.txt"
+#http2 upgrade
+testapache "nghttp -u --no-verify-peer http://localhost/hello.txt"
diff --git a/debian/tests/chroot b/debian/tests/chroot
new file mode 100644
index 0000000..9961198
--- /dev/null
+++ b/debian/tests/chroot
@@ -0,0 +1,39 @@
+#!/bin/sh
+set -ex
+
+# Check that ChrootDir works correctly. Written in response to LP: #1251939.
+#
+# Author: Robie Basak <robie.basak@ubuntu.com>
+#
+# This test requires:
+#  * wget
+#  * The dpkg-dev package for the dpkg-architecture command
+#
+# This is a "breaks-testbed" dep8 test.
+#
+# This test sets up a minimal environment to exercise ChrootDir. Do not use
+# it as an example of how to set up Apache in a secure chroot environment.
+
+sed -i 's_DocumentRoot.*$_DocumentRoot /_' /etc/apache2/sites-available/000-default.conf
+
+LIBGCC_S_PATH=`gcc --print-file-name=libgcc_s.so.1`
+cat > /etc/apache2/conf-available/chroot.conf <<EOT
+LoadFile $LIBGCC_S_PATH
+ChrootDir /var/www
+<Directory />
+       Options Indexes FollowSymLinks
+       AllowOverride None
+       Require all granted
+</Directory>
+EOT
+a2enconf chroot
+
+echo "Hello, world!" > /var/www/hello.txt
+
+service apache2 restart
+
+result=`wget -qO- http://localhost/hello.txt`
+if [ "$result" != "Hello, world!" ]; then
+    echo "Unexpected result from wget" >&2
+    exit 1
+fi
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..37ae2ca
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,33 @@
+Tests: run-test-suite
+Features: no-build-needed
+Restrictions: allow-stderr isolation-container breaks-testbed needs-root
+Depends: build-essential, apache2, apache2-dev,
+         libwww-perl, libnet-ssleay-perl, libanyevent-perl, libdatetime-perl,
+         libhtml-parser-perl, libtime-hires-perl, libcrypt-ssleay-perl,
+         libhttp-dav-perl, libprotocol-http2-perl, libfcgi-perl,
+         perl-doc
+
+Tests: duplicate-module-load
+Restrictions: allow-stderr, needs-root
+Depends: apache2
+
+Tests: htcacheclean
+Restrictions: allow-stderr, needs-root, skippable
+Depends: apache2
+
+Tests: default-mods
+Restrictions: allow-stderr, needs-root
+Depends: apache2
+
+Tests: ssl-passphrase
+Restrictions: needs-root allow-stderr breaks-testbed
+Depends: apache2, curl, expect, ssl-cert
+
+Tests: check-http2
+Restrictions: needs-root allow-stderr breaks-testbed
+Depends: apache2, curl, ssl-cert, nghttp2-client
+
+Tests: chroot
+Features: no-build-needed
+Restrictions: needs-root allow-stderr breaks-testbed
+Depends: apache2, wget, dpkg-dev, gcc
diff --git a/debian/tests/default-mods b/debian/tests/default-mods
new file mode 100644
index 0000000..5d9df6a
--- /dev/null
+++ b/debian/tests/default-mods
@@ -0,0 +1,28 @@
+#!/bin/bash
+set -eu
+
+RC=0
+fail () {
+	echo "FAIL: $@" >&2
+	RC=1
+}
+
+declare -a REQUIRED_MODS
+REQUIRED_MODS=(
+	alias
+	auth_basic
+	authn_core
+	authz_core
+	log_config
+	mime
+	reqtimeout
+	version
+	watchdog
+)
+
+
+for m in "${REQUIRED_MODS[@]}" ; do
+	apachectl -M | grep -w "${m}_module" || fail "Module $m not activated"
+done
+
+exit $RC
diff --git a/debian/tests/duplicate-module-load b/debian/tests/duplicate-module-load
new file mode 100644
index 0000000..3f15cc8
--- /dev/null
+++ b/debian/tests/duplicate-module-load
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -exu
+
+# Check to make sure that module loads haven't been duplicated.
+# Since this is potential minefield that could cause chaos, and a fix is
+# currently in the Ubuntu delta, check specifically for it.
+
+# Why is this so bad? See:
+#   https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1251939
+#   https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
+
+cd $AUTOPKGTEST_TMP
+
+apache2ctl -l -M > unsorted
+sort unsorted > sorted
+if ! grep core.c sorted ; then
+	echo "core.c not found in apach2ctl output. apache2ctl broken?"
+	exit 1
+fi
+
+uniq < sorted > dedup
+
+if ! diff -u sorted dedup ; then
+	echo Duplicate module loads found
+	exit 1
+fi
diff --git a/debian/tests/htcacheclean b/debian/tests/htcacheclean
new file mode 100644
index 0000000..90c721f
--- /dev/null
+++ b/debian/tests/htcacheclean
@@ -0,0 +1,70 @@
+#!/bin/sh
+set -exu
+
+fatal () {
+	echo "ERROR: $@" >&2
+	exit 1
+}
+
+skip () {
+	echo "ERROR: $@" >&2
+	exit 77
+}
+
+htc_enabled () {
+	if ls /etc/rc[2345].d/S*apache-htcacheclean > /dev/null 2>&1 ; then
+		return 0
+	else
+		return 1
+	fi
+}
+
+if htc_enabled ; then
+	fatal "apache-htcacheclean should not be enabled"
+fi
+
+a2enmod cache_disk
+
+if ! htc_enabled ; then
+	fatal "apache-htcacheclean should be enabled"
+fi
+
+service apache-htcacheclean start
+
+# for debugging
+ps -ef|grep /usr/bin/htcacheclean || true
+
+PGREP="pgrep -P 1 -u www-data -G www-data htcacheclean"
+
+if ! $PGREP ; then
+	fatal "htcacheclean is not running or running as wrong user/group"
+fi
+
+if ! service apache-htcacheclean status ; then
+	fatal "status did not return 'running'"
+fi
+
+service apache-htcacheclean stop
+sleep 1
+
+if $PGREP ; then
+	skip "htcacheclean did not stop"
+fi
+
+if service apache-htcacheclean status ; then
+	fatal "status did not return 'stopped'"
+fi
+
+a2dismod cache_disk
+
+if htc_enabled ; then
+	fatal "apache-htcacheclean should not be enabled"
+fi
+
+a2enmod cache_socache
+
+if htc_enabled ; then
+	fatal "apache-htcacheclean has been enabled for cache_socache"
+fi
+
+exit 0
diff --git a/debian/tests/run-test-suite b/debian/tests/run-test-suite
new file mode 100644
index 0000000..2ee9e31
--- /dev/null
+++ b/debian/tests/run-test-suite
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+. /etc/apache2/envvars
+set -xeu
+set -o pipefail
+export LANG=C
+export PATH=/usr/lib/ccache:$PATH
+# set to "-v t/modules/ext_filter.t ..." to run only a few test, but verbose
+TESTS=""
+TESTUSER=tuser
+
+# The test framework assumes localhost resolves exclusively to 127.0.0.1
+# (and not to ::1). So remove 'localhost' from the ::1 entry.
+perl -p -i -e ' if (/^\s*::1\s+/) { s/\s+localhost\s+/ /g }' /etc/hosts
+
+useradd --user-group --system --create-home -s /bin/bash $TESTUSER
+cp -a debian/perl-framework $AUTOPKGTEST_TMP
+cd $AUTOPKGTEST_TMP/perl-framework
+
+export HARNESS_VERBOSE=1
+
+run_tests () {
+	local MPM=$1
+	shift
+	local LOG=testlog.$MPM
+
+	echo =============Running-with-${MPM}==========
+	rm -f apache2.conf.debian
+	cp /etc/apache2/apache2.conf apache2.conf.debian
+	cat /etc/apache2/mods-available/$MPM.load >> apache2.conf.debian
+	ls /etc/apache2/mods-available/*.load | grep -v mpm_ | xargs cat >> apache2.conf.debian
+	# these are only for tests and don't have a .load file
+	for m in bucketeer case_filter case_filter_in ; do
+		echo "LoadModule ${m}_module /usr/lib/apache2/modules/mod_${m}.so" >> apache2.conf.debian
+	done
+	# need TypesConfig from mime.conf for t/modules/filter.t
+	cat /etc/apache2/mods-available/mime.conf >> apache2.conf.debian
+	echo "Servername localhost" >> apache2.conf.debian
+	make clean || true
+	perl -p -i -e 's,^Include,#Include,' apache2.conf.debian
+	chown -R $TESTUSER: $AUTOPKGTEST_TMP
+	su $TESTUSER -c "perl Makefile.PL -apxs /usr/bin/apxs2 -httpd_conf $PWD/apache2.conf.debian" \
+	    || return 1
+	su $TESTUSER -c "t/TEST $TESTS" | tee $LOG
+	if ! grep -E "^Files=[0-9]+, Tests=[0-9]+" $LOG ; then
+		echo "Message about Files/Tests not found in $LOG" >&2
+		return 1
+	fi
+	if ! grep -E "^Result: PASS" $LOG ; then
+		echo "PASS message not found in $LOG" >&2
+		return 1
+	fi
+	if grep -E "^Result: FAIL" $LOG ; then >&2
+		echo "Test suite failed"
+		return 1
+	fi
+	if grep -E "server dumped core" $LOG ; then >&2
+		echo "segfault detected"
+		return 1
+	fi
+	return 0
+}
+
+run_tests mpm_prefork
+run_tests mpm_worker
+run_tests mpm_event
diff --git a/debian/tests/ssl-passphrase b/debian/tests/ssl-passphrase
new file mode 100644
index 0000000..a0a4fb6
--- /dev/null
+++ b/debian/tests/ssl-passphrase
@@ -0,0 +1,54 @@
+#!/bin/sh
+set -ex
+
+# Check that the init script correctly prompts for the passphrase on startup,
+# then starts and responds correctly to https queries.
+#
+# Author: Robie Basak <robie.basak@ubuntu.com>
+
+cd /etc/ssl/private
+[ -f ssl-cert-snakeoil.key.nopassphrase ] || mv ssl-cert-snakeoil.key ssl-cert-snakeoil.key.nopassphrase
+openssl rsa -des3 -in ssl-cert-snakeoil.key.nopassphrase -out ssl-cert-snakeoil.key -passout pass:test
+a2enmod ssl
+a2ensite default-ssl
+
+# respond to systemd-ask-passphrase
+password_responder() {
+    while [ ! -e /run/systemd/ask-password/sck.* ]; do sleep 1; done
+    echo "ssl-passphrase test password responder: found prompt, sending password"
+    echo test | /lib/systemd/systemd-reply-password 1 /run/systemd/ask-password/sck.*
+}
+password_responder &
+
+# run expect for running under sysvinit/upstart
+expect <<EOT
+spawn service apache2 restart
+set timeout 600
+expect {
+	"assphrase:" {send "test\r"}
+
+	# Failure cases
+	"failed" {exit 1}
+	eof {exit 0}
+}
+
+# wait for eof and return exit code from spawned process back to the caller
+expect eof
+catch wait result
+exit [lindex \$result 3]
+EOT
+
+echo "Hello, world!" > /var/www/html/hello.txt
+
+# Use curl here. wget doesn't work on Debian, even with --no-check-certificate
+# wget on Debian gives me:
+#    GnuTLS: A TLS warning alert has been received.
+#    Unable to establish SSL connection.
+# Presumably this is due to the self-signed certificate, but I'm not sure how
+# to skip the warning with wget. curl will do for now.
+result=`curl -k https://localhost/hello.txt`
+
+if [ "$result" != "Hello, world!" ]; then
+    echo "Unexpected result from wget" >&2
+    exit 1
+fi