2006-12-20 18:01:15 +01:00
|
|
|
#
|
2008-03-14 17:21:15 +01:00
|
|
|
# spec file for package apache2 (Version 2.2.8)
|
2006-12-20 18:01:15 +01:00
|
|
|
#
|
2008-03-14 17:21:15 +01:00
|
|
|
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
2006-12-20 18:01:15 +01:00
|
|
|
# This file and all modifications and additions to the pristine
|
|
|
|
# package are under the same license as the package itself.
|
|
|
|
#
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
|
|
#
|
|
|
|
|
|
|
|
# norootforbuild
|
|
|
|
|
2008-03-14 17:21:15 +01:00
|
|
|
|
2006-12-20 18:01:15 +01:00
|
|
|
Name: apache2
|
2007-03-29 22:15:59 +02:00
|
|
|
BuildRequires: db-devel ed libapr-util1-devel libapr1-devel openldap2 openldap2-devel
|
|
|
|
BuildRequires: openssl-devel pcre-devel zlib-devel
|
2006-12-20 18:01:15 +01:00
|
|
|
%if %{?suse_version:1}0
|
|
|
|
%define httpduser wwwrun
|
|
|
|
%define httpdgroup www
|
|
|
|
%else
|
|
|
|
%define httpduser apache
|
|
|
|
%define httpdgroup apache
|
|
|
|
BuildRequires: expat-devel
|
|
|
|
%endif
|
|
|
|
#
|
|
|
|
%define pname apache2
|
|
|
|
%define vers 2
|
|
|
|
%define httpd httpd2
|
|
|
|
%define apache_mmn %(test -s %{S:0} && { echo -n apache_mmn_; bzcat %{S:0} | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; })
|
|
|
|
%define default_mpm prefork
|
|
|
|
%{!?prefork:%define prefork 1}
|
|
|
|
%{!?worker:%define worker 1}
|
|
|
|
%{!?event:%define event 1}
|
|
|
|
%define mpms_to_build %(test %prefork = 1 && printf prefork) %(test %worker = 1 && printf worker) %(test %event = 1 && printf event)
|
|
|
|
# dir names
|
|
|
|
%define datadir /srv/www
|
|
|
|
%define htdocsdir %{datadir}/htdocs
|
|
|
|
%define manualdir %{_prefix}/share/%{pname}/manual
|
|
|
|
%define errordir %{_prefix}/share/%{pname}/error
|
|
|
|
%define iconsdir %{_prefix}/share/%{pname}/icons
|
|
|
|
%define cgidir %{datadir}/cgi-bin
|
|
|
|
%define localstatedir /var/lib/%{pname}
|
|
|
|
%define proxycachedir /var/cache/%{pname}
|
|
|
|
%define logfiledir /var/log/%{pname}
|
|
|
|
%define runtimedir /var/run
|
|
|
|
%define sysconfdir /etc/%{pname}
|
|
|
|
%define includedir %{_includedir}/%{pname}
|
|
|
|
%define libexecdir %_libdir/%{pname}
|
|
|
|
%define installbuilddir %{_prefix}/share/%{pname}/build
|
|
|
|
%define userdir public_html
|
|
|
|
%define suexec_safepath /usr/local/bin:/usr/bin:/bin
|
|
|
|
# "Server:" header
|
|
|
|
%define VENDOR SUSE
|
|
|
|
%define platform_string Linux/%VENDOR
|
|
|
|
License: The Apache Software License
|
|
|
|
Group: Productivity/Networking/Web/Servers
|
2008-03-14 17:21:15 +01:00
|
|
|
%define realver 2.2.8
|
|
|
|
Version: 2.2.8
|
2008-05-26 19:05:45 +02:00
|
|
|
Release: 24
|
2006-12-20 18:01:15 +01:00
|
|
|
#Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2
|
|
|
|
Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2
|
|
|
|
Source10: SUSE-NOTICE
|
|
|
|
Source11: rc.%{pname}
|
|
|
|
Source13: sysconfig.%{pname}
|
|
|
|
Source16: certificate.sh
|
|
|
|
Source17: mkcert.sh.gz
|
|
|
|
Source18: robots.txt
|
|
|
|
Source20: favicon.ico
|
|
|
|
Source22: apache2-README.QUICKSTART
|
|
|
|
Source24: apache2-README
|
|
|
|
Source25: gensslcert
|
|
|
|
Source27: %{pname}.logrotate
|
|
|
|
Source28: permissions.%{pname}
|
|
|
|
Source29: apache-ssl-stuff.tar.bz2
|
|
|
|
Source40: load_configuration
|
|
|
|
Source41: find_mpm
|
|
|
|
Source42: get_module_list
|
|
|
|
Source43: get_includes
|
|
|
|
Source44: find_httpd2_includes
|
2008-04-20 21:03:37 +02:00
|
|
|
# sysconf_addword is part of aaa_base.rpm starting with openSUSE 11.0
|
|
|
|
# we bring our own copy for the cases where it is not available
|
|
|
|
Source45: sysconf_addword
|
2006-12-20 18:01:15 +01:00
|
|
|
Source46: a2enflag
|
|
|
|
Source47: a2enmod
|
2007-01-08 12:26:19 +01:00
|
|
|
Source48: apache2.xml
|
2007-03-20 01:13:36 +01:00
|
|
|
Source49: apache2.firewall
|
2007-03-20 11:30:41 +01:00
|
|
|
Source50: apache2.ssl-firewall
|
2006-12-20 18:01:15 +01:00
|
|
|
Source100: apache2-httpd.conf
|
|
|
|
Source101: apache2-errors.conf
|
|
|
|
Source102: apache2-default-server.conf
|
|
|
|
Source103: apache2-listen.conf
|
|
|
|
Source104: apache2-manual.conf
|
|
|
|
Source105: apache2-mod_autoindex-defaults.conf
|
|
|
|
Source106: apache2-mod_info.conf
|
|
|
|
Source107: apache2-mod_log_config.conf
|
|
|
|
Source108: apache2-mod_mime-defaults.conf
|
|
|
|
Source109: apache2-mod_status.conf
|
|
|
|
Source110: apache2-mod_userdir.conf
|
|
|
|
Source111: apache2-server-tuning.conf
|
|
|
|
Source113: apache2-ssl-global.conf
|
|
|
|
Source114: apache2-mod_usertrack.conf
|
|
|
|
Source130: apache2-vhost.template
|
|
|
|
Source131: apache2-vhost-ssl.template
|
|
|
|
Source140: apache2-check_forensic
|
|
|
|
Source141: apache-20-22-upgrade
|
|
|
|
Patch2: httpd-2.1.3alpha-layout.dif
|
|
|
|
Patch10: httpd-2.1.3alpha-autoconf-2.59.dif
|
|
|
|
Patch23: httpd-2.1.9-apachectl.dif
|
|
|
|
Patch65: httpd-2.0.49-log_server_status.dif
|
|
|
|
Patch66: httpd-2.0.54-envvars.dif
|
|
|
|
Patch67: httpd-2.2.0-apxs-a2enmod.dif
|
2008-05-26 19:05:45 +02:00
|
|
|
Patch68: httpd-2.2.x-CVE-2008-1678.patch
|
2007-10-22 18:25:27 +02:00
|
|
|
Url: http://httpd.apache.org/
|
2008-04-20 21:03:37 +02:00
|
|
|
Icon: Apache.xpm
|
2006-12-20 18:01:15 +01:00
|
|
|
Summary: The Apache Web Server Version 2.0
|
2007-10-22 18:25:27 +02:00
|
|
|
AutoReqProv: on
|
2006-12-20 18:01:15 +01:00
|
|
|
Provides: httpd http_daemon %{apache_mmn} suse_help_viewer
|
|
|
|
Requires: %{pname}-MPM /etc/mime.types
|
2007-07-23 21:27:20 +02:00
|
|
|
PreReq: %{name}-utils
|
2006-12-20 18:01:15 +01:00
|
|
|
Requires: logrotate
|
|
|
|
Requires: libapr1 >= 1.0
|
|
|
|
Requires: libapr1 < 2.0
|
|
|
|
PreReq: fileutils textutils grep sed
|
|
|
|
%if %{?suse_version:1}0
|
|
|
|
PreReq: %insserv_prereq %fillup_prereq permissions shadow
|
|
|
|
%endif
|
|
|
|
%if 0%{?suse_version} >= 901 && 0%{?sles_version} != 9
|
|
|
|
Provides: apache
|
|
|
|
Obsoletes: apache < 1.3.29
|
|
|
|
Obsoletes: mod_ssl < 2.8.16
|
|
|
|
%endif
|
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
|
|
|
|
|
|
%description
|
|
|
|
Apache 2, the successor to Apache 1.
|
|
|
|
|
|
|
|
Apache is the most used Web server software worldwide.
|
|
|
|
|
|
|
|
Some new features in Apache 2: - hybrid multiprocess, multithreaded
|
|
|
|
mode for improved scalability
|
|
|
|
|
|
|
|
- multiprotocol support
|
|
|
|
|
|
|
|
- stream filtering
|
|
|
|
|
|
|
|
- IPv6 support
|
|
|
|
|
|
|
|
- new module API
|
|
|
|
|
|
|
|
New modules include: - mod_auth_db
|
|
|
|
|
|
|
|
- mod_auth_digest
|
|
|
|
|
|
|
|
- mod_charset_lite
|
|
|
|
|
|
|
|
- mod_dav
|
|
|
|
|
|
|
|
- mod_file_cache
|
|
|
|
|
|
|
|
Mod_ssl is no longer a separate package, but is now included in the
|
|
|
|
Apache distribution.
|
|
|
|
|
|
|
|
See /usr/share/doc/packages/apache2/, http://httpd.apache.org/, and
|
|
|
|
http://httpd.apache.org/docs-2.0/upgrading.html.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Authors:
|
|
|
|
--------
|
|
|
|
Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE
|
|
|
|
|
|
|
|
%if %worker
|
2007-12-13 20:32:12 +01:00
|
|
|
|
2006-12-20 18:01:15 +01:00
|
|
|
%package worker
|
2008-04-01 23:02:11 +02:00
|
|
|
License: The Apache Software License
|
2006-12-20 18:01:15 +01:00
|
|
|
Summary: Apache 2 worker MPM (Multi-Processing Module)
|
|
|
|
Group: Productivity/Networking/Web/Servers
|
|
|
|
Provides: %{pname}-MPM
|
|
|
|
Requires: %{name} = %{version}
|
|
|
|
%endif
|
|
|
|
%if %prefork
|
2007-10-22 18:25:27 +02:00
|
|
|
|
2006-12-20 18:01:15 +01:00
|
|
|
%package prefork
|
2008-04-01 23:02:11 +02:00
|
|
|
License: The Apache Software License
|
2006-12-20 18:01:15 +01:00
|
|
|
Summary: Apache 2 "prefork" MPM (Multi-Processing Module)
|
|
|
|
Group: Productivity/Networking/Web/Servers
|
|
|
|
Provides: %{pname}-MPM
|
|
|
|
%if 0%{?suse_version} >= 901 && 0%{?sles_version} != 9
|
|
|
|
Provides: apache:/usr/sbin/httpd
|
|
|
|
%endif
|
|
|
|
Requires: %{name} = %{version}
|
|
|
|
%endif
|
|
|
|
%if %event
|
2007-10-22 18:25:27 +02:00
|
|
|
|
2006-12-20 18:01:15 +01:00
|
|
|
%package event
|
2008-04-01 23:02:11 +02:00
|
|
|
License: The Apache Software License
|
2006-12-20 18:01:15 +01:00
|
|
|
Summary: Apache 2 event MPM (Multi-Processing Module)
|
|
|
|
Group: Productivity/Networking/Web/Servers
|
|
|
|
Provides: %{pname}-MPM
|
|
|
|
Requires: %{name} = %{version}
|
|
|
|
%endif
|
|
|
|
%if %worker
|
|
|
|
|
|
|
|
%description worker
|
|
|
|
The worker MPM (multi-Processing Module) implementing a hybrid
|
|
|
|
multi-threaded multi-process web server.
|
|
|
|
|
|
|
|
This combination offers a performance boost and retains some of the
|
|
|
|
stability of the multi-process model.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Authors:
|
|
|
|
--------
|
|
|
|
Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE
|
|
|
|
|
|
|
|
%endif
|
|
|
|
%if %prefork
|
2007-12-13 20:32:12 +01:00
|
|
|
|
2006-12-20 18:01:15 +01:00
|
|
|
%description prefork
|
|
|
|
"prefork" MPM (Multi-Processing Module)
|
|
|
|
|
|
|
|
This MPM is basically the one that Apache 1.3.x used. It warrants the
|
|
|
|
maximum stability because each server runs in its own process. If a
|
|
|
|
process dies it will not affect other servers.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Authors:
|
|
|
|
--------
|
|
|
|
Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE
|
|
|
|
|
|
|
|
%endif
|
|
|
|
%if %event
|
2007-12-13 20:32:12 +01:00
|
|
|
|
2006-12-20 18:01:15 +01:00
|
|
|
%description event
|
|
|
|
The event MPM (multi-Processing Module) is experimental, so it may or
|
|
|
|
may not work as expected.
|
|
|
|
|
|
|
|
It uses a seperate thread to handle Keep Alive requests and accepting
|
|
|
|
connections. Keep Alive requests have traditionally required httpd to
|
|
|
|
dedicate a worker to handle it. This dedicated worker could not be used
|
|
|
|
again until the Keep Alive timeout was reached.
|
|
|
|
|
|
|
|
This MPM depends on APR's atomic compare-and-swap operations for thread
|
|
|
|
synchronization.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Authors:
|
|
|
|
--------
|
|
|
|
Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE
|
|
|
|
|
|
|
|
%endif
|
2007-12-13 20:32:12 +01:00
|
|
|
|
2006-12-20 18:01:15 +01:00
|
|
|
%package devel
|
2008-04-01 23:02:11 +02:00
|
|
|
License: The Apache Software License
|
2006-12-20 18:01:15 +01:00
|
|
|
Summary: Apache 2.0 Header and Include Files
|
|
|
|
Group: Development/Libraries/C and C++
|
|
|
|
Requires: %{name} = %{version} %{pname}-MPM
|
|
|
|
Requires: libapr1-devel libapr-util1-devel
|
|
|
|
|
|
|
|
%description devel
|
|
|
|
This package contains header files and include files that are needed
|
|
|
|
for development using the Apache API.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%package doc
|
2008-04-01 23:02:11 +02:00
|
|
|
License: The Apache Software License
|
2006-12-20 18:01:15 +01:00
|
|
|
Summary: Additional Package Documentation.
|
|
|
|
Group: Documentation/Other
|
|
|
|
%if 0%{?suse_version} >= 901 && 0%{?sles_version} != 9
|
|
|
|
Provides: apache-doc
|
|
|
|
Obsoletes: apache-doc
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%description doc
|
|
|
|
This package contains optional documentation provided in addition to
|
|
|
|
this package's base documentation.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%package example-pages
|
2008-04-01 23:02:11 +02:00
|
|
|
License: The Apache Software License
|
2006-12-20 18:01:15 +01:00
|
|
|
Summary: Example Pages for the Apache 2 Web Server
|
|
|
|
Group: Productivity/Networking/Web/Servers
|
|
|
|
%if 0%{?suse_version} >= 901 && 0%{?sles_version} != 9
|
|
|
|
Provides: apache-example-pages
|
|
|
|
Obsoletes: apache-example-pages
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%description example-pages
|
|
|
|
Some Example pages for Apache that show information about the installed
|
|
|
|
server.
|
|
|
|
|
|
|
|
|
|
|
|
|
2007-07-23 21:27:20 +02:00
|
|
|
Authors:
|
|
|
|
--------
|
|
|
|
Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE
|
|
|
|
|
|
|
|
%package utils
|
2008-04-01 23:02:11 +02:00
|
|
|
License: The Apache Software License
|
2007-07-23 21:27:20 +02:00
|
|
|
Summary: Apache 2 utilities
|
|
|
|
Group: Productivity/Networking/Web/Servers
|
|
|
|
|
|
|
|
%description utils
|
|
|
|
Utilities provided by the Apache 2 Web Server project which are useful
|
|
|
|
to administrators of web servers in general.
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-12-20 18:01:15 +01:00
|
|
|
Authors:
|
|
|
|
--------
|
|
|
|
Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE
|
|
|
|
|
2007-03-20 01:13:36 +01:00
|
|
|
%if 0%{?opensuse_bs}
|
|
|
|
%endif
|
2007-12-13 20:32:12 +01:00
|
|
|
|
2006-12-20 18:01:15 +01:00
|
|
|
%prep
|
|
|
|
#
|
|
|
|
# O/ ._ .__ ._
|
|
|
|
# /O |_)|(/_|_)
|
|
|
|
# | |
|
|
|
|
#
|
|
|
|
%setup -q -n httpd-%{realver}
|
|
|
|
%patch2 -p1
|
|
|
|
%patch10 -p1
|
|
|
|
%patch23 -p1
|
|
|
|
%patch65 -p1
|
|
|
|
%patch66 -p1
|
|
|
|
%patch67 -p1
|
2008-05-26 19:05:45 +02:00
|
|
|
%patch68 -p3
|
2006-12-20 18:01:15 +01:00
|
|
|
#
|
|
|
|
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
|
|
|
|
#
|
|
|
|
cp -p %{S:16} %{S:17} .; gunzip mkcert.sh.gz
|
|
|
|
#
|
|
|
|
# replace PLATFORM string that's seen in the "Server:" header
|
|
|
|
#
|
|
|
|
sed 's,(" PLATFORM "),(%platform_string),' server/core.c > tmp_file && mv tmp_file server/core.c
|
|
|
|
sed 's/public_html/%{userdir}/g' docs/conf/extra/httpd-userdir.conf.in > tmp_file && mv tmp_file docs/conf/extra/httpd-userdir.conf.in
|
|
|
|
#
|
|
|
|
# now configure Apache
|
|
|
|
#
|
|
|
|
aclocal
|
|
|
|
autoreconf --force --install
|
|
|
|
|
|
|
|
%build
|
|
|
|
#
|
|
|
|
# O/ |_ o| _|
|
|
|
|
# /O |_)|_|||(_|
|
|
|
|
#
|
|
|
|
function configure {
|
|
|
|
CFLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing -DLDAP_DEPRECATED" \
|
2007-03-20 01:13:36 +01:00
|
|
|
%if 0%{?opensuse_bs}
|
|
|
|
CFLAGS="$CFLAGS -g"
|
|
|
|
%endif
|
2006-12-20 18:01:15 +01:00
|
|
|
CPPFLAGS="-DSSL_EXPERIMENTAL_ENGINE -DMAX_SERVER_LIMIT=200000 -DLDAP_DEPRECATED -DMAXLINE=4096" \
|
|
|
|
./configure \
|
|
|
|
--enable-layout=SuSE81%(test "%_lib" = lib64 && echo -n _64) \
|
|
|
|
--with-program-name=httpd%{vers}$mpm_suffix \
|
|
|
|
--with-apr=%{_bindir}/apr-1-config \
|
|
|
|
--with-apr-util=%{_bindir}/apu-1-config \
|
|
|
|
--with-mpm=$mpm \
|
|
|
|
%if "$mpm" == "worker" || "$mpm" == "event"
|
|
|
|
%ifarch %ix86
|
|
|
|
%ifnarch i386
|
|
|
|
--enable-nonportable-atomics=yes \
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
\
|
|
|
|
--enable-exception-hook \
|
|
|
|
\
|
|
|
|
%if %{?suse_version:%suse_version}%{?!suse_version:9999} > 930
|
|
|
|
--with-pcre \
|
|
|
|
--enable-pie \
|
|
|
|
%endif
|
|
|
|
--enable-mods-shared=all \
|
|
|
|
--enable-ssl=shared \
|
|
|
|
\
|
|
|
|
--disable-isapi \
|
|
|
|
--enable-deflate \
|
|
|
|
--enable-echo \
|
|
|
|
--enable-filter \
|
|
|
|
--enable-ext-filter \
|
|
|
|
--enable-charset-lite \
|
|
|
|
--enable-file-cache \
|
|
|
|
--enable-logio \
|
|
|
|
--enable-dumpio \
|
|
|
|
--enable-bucketeer \
|
|
|
|
--enable-case_filter \
|
|
|
|
--enable-case_filter_in \
|
|
|
|
\
|
|
|
|
--with-ldap \
|
|
|
|
--enable-ldap \
|
|
|
|
--enable-authnz_ldap \
|
|
|
|
\
|
|
|
|
--enable-proxy \
|
|
|
|
--enable-proxy-connect \
|
|
|
|
--enable-proxy-ftp \
|
|
|
|
--enable-proxy-http \
|
|
|
|
--enable-cache \
|
|
|
|
--enable-disk-cache \
|
|
|
|
--enable-mem-cache \
|
2007-03-23 21:40:52 +01:00
|
|
|
--enable-version \
|
2006-12-20 18:01:15 +01:00
|
|
|
\
|
|
|
|
--enable-dav-lock \
|
|
|
|
--enable-authn-alias \
|
|
|
|
--enable-optional-hook-export \
|
|
|
|
--enable-optional-hook-import \
|
|
|
|
--enable-optional-fn-import \
|
|
|
|
--enable-optional-fn-export \
|
|
|
|
\
|
|
|
|
--enable-suexec \
|
|
|
|
--with-suexec-bin=%{_sbindir}/suexec%{vers} \
|
|
|
|
--with-suexec-caller=%httpduser \
|
|
|
|
--with-suexec-docroot=%{datadir} \
|
|
|
|
--with-suexec-logfile=%{logfiledir}/suexec.log \
|
|
|
|
--with-suexec-userdir=%{userdir} \
|
|
|
|
--with-suexec-uidmin=96 \
|
|
|
|
--with-suexec-gidmin=96 \
|
|
|
|
--with-suexec-safepath=%{suexec_safepath}
|
|
|
|
}
|
|
|
|
#
|
|
|
|
# |_ o| _| | _ _ ._
|
|
|
|
# |_)|_|||(_| |(_)(_)|_)
|
|
|
|
# |
|
|
|
|
#
|
|
|
|
# build the 3 multi-processing modules (MPM) in a loop
|
|
|
|
#
|
|
|
|
[ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && rm -rf $RPM_BUILD_ROOT;
|
|
|
|
for mpm in %{mpms_to_build}; do
|
|
|
|
echo $mpm >> .status
|
|
|
|
test -s Makefile && make clean >/dev/null
|
|
|
|
echo -e "\n\n\n \e[01m***** Building $mpm MPM *****\e[00m\n\n\n"
|
|
|
|
export mpm_suffix=-$mpm
|
|
|
|
configure
|
|
|
|
sed "s/%{vers}-$mpm//" include/ap_config_auto.h > include/ap_config_auto.h.new
|
|
|
|
mv include/ap_config_auto.h.new include/ap_config_auto.h
|
|
|
|
make CFLAGS="$RPM_OPT_FLAGS -fPIC \
|
|
|
|
-fno-strict-aliasing \
|
|
|
|
-Wall \
|
2007-03-20 01:13:36 +01:00
|
|
|
%if 0%{?opensuse_bs}
|
|
|
|
-g \
|
|
|
|
%endif
|
2006-12-20 18:01:15 +01:00
|
|
|
-DDEFAULT_PIDLOG='\"%{runtimedir}/%{httpd}.pid\"' \
|
|
|
|
-DDEFAULT_ERRORLOG='\"%{logfiledir}/error_log\"' " \
|
|
|
|
%{?jobs:-j%jobs}
|
|
|
|
make DESTDIR=$RPM_BUILD_ROOT install
|
|
|
|
#rm -rf $RPM_BUILD_ROOT.$mpm.pre
|
|
|
|
#cp -a $RPM_BUILD_ROOT/ $RPM_BUILD_ROOT.$mpm.pre
|
|
|
|
# show pathnames in config files
|
|
|
|
echo;echo;echo; diff -U1 docs/conf/httpd-std.conf.in docs/conf/httpd-std.conf ||:
|
|
|
|
echo;echo;echo; diff -U1 docs/conf/ssl-std.conf.in docs/conf/ssl-std.conf ||:
|
|
|
|
# show compile settings
|
|
|
|
pwd
|
|
|
|
printf "\n\n\n"; ./%{httpd}$mpm_suffix -V
|
|
|
|
printf "\n\n\n"; ./%{httpd}$mpm_suffix -l
|
|
|
|
#mv $RPM_BUILD_ROOT/%{sysconfdir}/httpd-std.conf $RPM_BUILD_ROOT/%{sysconfdir}/httpd-std.conf$mpm_suffix
|
|
|
|
#mv $RPM_BUILD_ROOT/%{sysconfdir}/httpd2-prefork.conf $RPM_BUILD_ROOT/%{sysconfdir}/httpd-std.conf$mpm_suffix
|
|
|
|
# fix up and rename config_vars file: remove references to the RPM build dir;
|
|
|
|
# remove references to RPM build root; fix apr/apu includedir
|
|
|
|
sed -e "/^EXTRA_INCLUDES/s|-I$RPM_BUILD_DIR[^ ]* ||g" \
|
|
|
|
-e "/^AP._INCLUDEDIR/s|$RPM_BUILD_DIR.*$|%{includedir}$mpm_suffix|" \
|
|
|
|
-e "/abs_srcdir/d" \
|
|
|
|
-e "/AP_LIBS/d" \
|
|
|
|
< $RPM_BUILD_ROOT/%{installbuilddir}/config_vars.mk \
|
|
|
|
> $RPM_BUILD_ROOT/%{installbuilddir}/config_vars.mk$mpm_suffix
|
|
|
|
rm $RPM_BUILD_ROOT/%{installbuilddir}/config_vars.mk
|
|
|
|
#rm -rf $RPM_BUILD_ROOT.$mpm.post
|
|
|
|
#cp -a $RPM_BUILD_ROOT/ $RPM_BUILD_ROOT.$mpm.post
|
|
|
|
done
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{libexecdir}
|
|
|
|
# remove references to mpm type in config_vars
|
|
|
|
sed -e "s^/usr/%_lib/%{pname}-%{default_mpm}^/usr/%_lib/%{pname}^" \
|
|
|
|
-e "s/httpd$/%{httpd}-%{default_mpm}/" \
|
|
|
|
-e "s/%{pname}-%{default_mpm}/%{pname}/" \
|
|
|
|
< $RPM_BUILD_ROOT/%{installbuilddir}/config_vars.mk-%{default_mpm} \
|
|
|
|
> $RPM_BUILD_ROOT/%{installbuilddir}/config_vars.mk
|
|
|
|
# get rid of modules that do not differ between the MPMs (since most of them are the same)
|
|
|
|
# by putting them in /usr/lib/apache%{vers}
|
|
|
|
ldir=$RPM_BUILD_ROOT/%{libexecdir}
|
|
|
|
for i in $(cd $ldir-%{default_mpm}; ls -1); do
|
|
|
|
identical=true
|
|
|
|
for mpm in %{mpms_to_build}; do
|
|
|
|
cmp -s $ldir-{%{default_mpm},$mpm}/$i || identical=false
|
|
|
|
done
|
|
|
|
if $identical; then
|
|
|
|
cp -dp $ldir-%{default_mpm}/$i $ldir
|
|
|
|
for mpm in %{mpms_to_build}; do
|
|
|
|
rm $ldir-$mpm/$i
|
|
|
|
ln -s ../%{pname}/$i $ldir-$mpm/$i
|
|
|
|
done
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
# merge the three /usr/include/apache2-* directories
|
|
|
|
# by putting them in /usr/lib/apache%{vers}
|
|
|
|
idir=$RPM_BUILD_ROOT/%{includedir}
|
|
|
|
mkdir -p $idir
|
|
|
|
for i in $(cd $idir-%{default_mpm}; ls -1); do
|
|
|
|
identical=true
|
|
|
|
for mpm in %{mpms_to_build}; do
|
|
|
|
cmp -s $idir-{%{default_mpm},$mpm}/$i || identical=false
|
|
|
|
done
|
|
|
|
if $identical; then
|
|
|
|
cp -dp $idir-%{default_mpm}/$i $idir
|
|
|
|
for mpm in %{mpms_to_build}; do
|
|
|
|
rm $idir-$mpm/$i
|
|
|
|
ln -s ../%{pname}/$i $idir-$mpm/$i
|
|
|
|
done
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
for i in ap_config_auto.h ap_config_layout.h; do
|
|
|
|
if [ ! -f $idir/$i ]; then
|
|
|
|
sed 's/-%{default_mpm}//' $idir-%{default_mpm}/$i > $idir/$i
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
%install
|
|
|
|
#
|
|
|
|
# O/ o._ __|_ _.||
|
|
|
|
# /O || |_> |_(_|||
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# (most installation (to build root) has already been done in %build)
|
|
|
|
#
|
|
|
|
# save MODULE_MAGIC_NUMBER
|
|
|
|
cat > $RPM_BUILD_ROOT/%{_libdir}/%{pname}_MMN <<-EOF
|
|
|
|
#!/bin/sh
|
|
|
|
echo %{apache_mmn}
|
|
|
|
EOF
|
|
|
|
cp -p $RPM_BUILD_ROOT/%{sysconfdir}/%{httpd}-%{default_mpm}.conf $RPM_BUILD_ROOT/%{sysconfdir}/httpd.conf
|
|
|
|
cp -p $RPM_BUILD_ROOT/%{sysconfdir}/httpd.conf ./httpd.conf.default
|
|
|
|
rm $RPM_BUILD_ROOT/%{sysconfdir}/%{httpd}-*.conf
|
|
|
|
#
|
|
|
|
# create directories
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates \
|
|
|
|
$RPM_BUILD_ROOT/%{proxycachedir} \
|
|
|
|
$RPM_BUILD_ROOT/%{localstatedir}
|
|
|
|
#
|
|
|
|
# support files
|
|
|
|
install -m 755 support/log_server_status $RPM_BUILD_ROOT/%{_bindir}/log_server_status%{vers}
|
|
|
|
install -m 755 support/split-logfile $RPM_BUILD_ROOT/%{_bindir}/split-logfile%{vers}
|
|
|
|
install -m 755 support/logresolve.pl $RPM_BUILD_ROOT/%{_sbindir}/logresolve.pl%{vers}
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
|
|
|
|
install -m 644 $RPM_SOURCE_DIR/%{pname}.logrotate $RPM_BUILD_ROOT/etc/logrotate.d/%{pname}
|
|
|
|
# since 10.0, the permission files are maintained centrally
|
|
|
|
%if %{?suse_version:%suse_version}%{?!suse_version:9999} < 1000
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/etc/permissions.d
|
|
|
|
install -m 644 $RPM_SOURCE_DIR/permissions.%{pname} $RPM_BUILD_ROOT/etc/permissions.d/%{pname}
|
|
|
|
%endif
|
|
|
|
install -m 755 $RPM_SOURCE_DIR/apache2-check_forensic $RPM_BUILD_ROOT/%{_bindir}/check_forensic%{vers}
|
|
|
|
#
|
2007-01-08 12:26:19 +01:00
|
|
|
# xml stuff
|
2007-01-12 01:16:59 +01:00
|
|
|
install -d $RPM_BUILD_ROOT%{_datadir}/omc/svcinfo.d/
|
|
|
|
install -m 644 %{S:48} $RPM_BUILD_ROOT%{_datadir}/omc/svcinfo.d/
|
2007-01-08 12:26:19 +01:00
|
|
|
#
|
2006-12-20 18:01:15 +01:00
|
|
|
# ssl stuff
|
|
|
|
install -m 755 %{S:25} $RPM_BUILD_ROOT/%{_bindir}/
|
|
|
|
chmod 755 certificate.sh mkcert.sh
|
|
|
|
tar xjf $RPM_SOURCE_DIR/apache-ssl-stuff.tar.bz2 -C $RPM_BUILD_ROOT/%{sysconfdir}
|
|
|
|
#
|
|
|
|
# init script and friends
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/etc/init.d
|
|
|
|
install -m 744 $RPM_SOURCE_DIR/rc.%{pname} $RPM_BUILD_ROOT/etc/init.d/%{pname}
|
|
|
|
ln -sf ../../etc/init.d/%{pname} $RPM_BUILD_ROOT/%{_sbindir}/rc%{pname}
|
|
|
|
install -m 755 $RPM_SOURCE_DIR/load_configuration $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/
|
|
|
|
install -m 755 $RPM_SOURCE_DIR/find_mpm $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/
|
|
|
|
install -m 755 $RPM_SOURCE_DIR/get_includes $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/
|
|
|
|
install -m 755 $RPM_SOURCE_DIR/find_httpd2_includes $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/
|
|
|
|
install -m 755 $RPM_SOURCE_DIR/apache-20-22-upgrade $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/
|
|
|
|
sed 's+/usr/lib+/usr/%_lib+' $RPM_SOURCE_DIR/get_module_list \
|
|
|
|
> $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/get_module_list
|
|
|
|
chmod 755 $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/get_module_list
|
2008-04-20 21:03:37 +02:00
|
|
|
install -m 755 $RPM_SOURCE_DIR/sysconf_addword $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/
|
2006-12-20 18:01:15 +01:00
|
|
|
install -m 755 $RPM_SOURCE_DIR/a2enflag $RPM_BUILD_ROOT/%{_sbindir}
|
|
|
|
ln -s a2enflag $RPM_BUILD_ROOT/%{_sbindir}/a2disflag
|
|
|
|
install -m 755 $RPM_SOURCE_DIR/a2enmod $RPM_BUILD_ROOT/%{_sbindir}
|
|
|
|
ln -s a2enmod $RPM_BUILD_ROOT/%{_sbindir}/a2dismod
|
|
|
|
#
|
|
|
|
# directories for files from other packages and other configuration
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/vhosts.d
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/sysconfig.d
|
|
|
|
#
|
|
|
|
# make list of all modules, and install sysconfig template
|
|
|
|
for i in $(find $RPM_BUILD_ROOT/%{libexecdir}-%{default_mpm} -name "*.so" | sort); do
|
|
|
|
modname=${i#*mod_}; modname=${modname%.so}
|
|
|
|
modname=${modname##*lib}
|
|
|
|
all_modules="$all_modules $modname"
|
|
|
|
done
|
|
|
|
all_modules=$(echo $all_modules | fmt | sed 's/\(.*\)/# \1\\/')
|
|
|
|
sed "s+@@all_modules@@+$all_modules +" $RPM_SOURCE_DIR/sysconfig.%{pname} \
|
|
|
|
> $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates/sysconfig.%{pname}
|
|
|
|
#
|
|
|
|
# install READMEs
|
|
|
|
cp -p $RPM_SOURCE_DIR/%{pname}-README README.%VENDOR
|
|
|
|
cp -p $RPM_SOURCE_DIR/%{pname}-README.QUICKSTART README.QUICKSTART
|
|
|
|
#
|
|
|
|
# install configuration files:
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{runtimedir}
|
|
|
|
touch $RPM_BUILD_ROOT/%{sysconfdir}/sysconfig.d/include.conf
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/conf.d
|
|
|
|
for i in default-server.conf \
|
|
|
|
errors.conf \
|
|
|
|
httpd.conf \
|
|
|
|
listen.conf \
|
|
|
|
mod_autoindex-defaults.conf \
|
|
|
|
mod_info.conf \
|
|
|
|
mod_log_config.conf \
|
|
|
|
mod_mime-defaults.conf \
|
|
|
|
mod_status.conf \
|
|
|
|
mod_userdir.conf \
|
|
|
|
mod_usertrack.conf \
|
|
|
|
server-tuning.conf \
|
|
|
|
ssl-global.conf
|
|
|
|
do
|
|
|
|
install -m 644 $RPM_SOURCE_DIR/apache2-$i $RPM_BUILD_ROOT/%{sysconfdir}/$i
|
|
|
|
done
|
|
|
|
cat > $RPM_BUILD_ROOT/%{sysconfdir}/uid.conf <<-EOF
|
|
|
|
User %httpduser
|
|
|
|
Group %httpdgroup
|
|
|
|
EOF
|
|
|
|
# remove configuration for mpms which have not been built
|
|
|
|
mpm_confs="$(awk '/IfModule .*\.c/ {print $2}' $RPM_BUILD_ROOT/%{sysconfdir}/server-tuning.conf | cut -d. -f1 | tr '\n' ' ')"
|
|
|
|
for mpm_conf in $mpm_confs; do
|
|
|
|
case "%{mpms_to_build}" in
|
|
|
|
*$mpm_conf*) ;;
|
|
|
|
*) sed "/^# $mpm_conf/, /^$/ d" $RPM_BUILD_ROOT/%{sysconfdir}/server-tuning.conf > t
|
|
|
|
#diff -u $RPM_BUILD_ROOT/%{sysconfdir}/server-tuning.conf t ||:
|
|
|
|
mv t $RPM_BUILD_ROOT/%{sysconfdir}/server-tuning.conf
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
install -m 644 $RPM_SOURCE_DIR/apache2-vhost.template $RPM_BUILD_ROOT/%{sysconfdir}/vhosts.d/vhost.template
|
|
|
|
install -m 644 $RPM_SOURCE_DIR/apache2-vhost-ssl.template $RPM_BUILD_ROOT/%{sysconfdir}/vhosts.d/vhost-ssl.template
|
|
|
|
install -m 644 $RPM_SOURCE_DIR/apache2-manual.conf $RPM_BUILD_ROOT/%{sysconfdir}/conf.d/
|
|
|
|
# for mod_auth_ldap
|
|
|
|
install -m 644 docs/conf/charset.conv $RPM_BUILD_ROOT/%{sysconfdir}/
|
|
|
|
cp -p $RPM_SOURCE_DIR/robots.txt .
|
|
|
|
cp -p $RPM_SOURCE_DIR/favicon.ico $RPM_BUILD_ROOT/%{htdocsdir}/
|
|
|
|
cat > $RPM_BUILD_ROOT/%{htdocsdir}/robots.txt <<-EOF
|
|
|
|
User-Agent: *
|
|
|
|
Disallow: /
|
|
|
|
EOF
|
|
|
|
#
|
|
|
|
# use official mime.types (more complete)
|
|
|
|
#
|
|
|
|
ln -sf ../mime.types $RPM_BUILD_ROOT/%{sysconfdir}/mime.types
|
|
|
|
mv $RPM_BUILD_ROOT/%{cgidir}/printenv .
|
|
|
|
mv $RPM_BUILD_ROOT/%{cgidir}/test-cgi .
|
|
|
|
pushd $RPM_BUILD_ROOT/%{_mandir}
|
|
|
|
for i in $(find . -type f); do
|
|
|
|
mv $i ${i%.*}%{vers}.${i#*.*.} || true
|
|
|
|
done
|
|
|
|
popd
|
|
|
|
pushd $RPM_BUILD_ROOT/%{_sbindir}
|
|
|
|
for i in ab dbmmanage htdbm htdigest htpasswd logresolve rotatelogs suexec; do
|
|
|
|
mv $i ${i}%{vers} || true
|
|
|
|
done
|
|
|
|
mv apachectl apachectl.tmp; mv apachectl.tmp apache%{vers}ctl
|
|
|
|
for i in dbmmanage htdbm htdigest htpasswd; do
|
|
|
|
mv ${i}%{vers} ../bin/
|
|
|
|
done
|
|
|
|
popd
|
|
|
|
# fix up apxs
|
|
|
|
pushd $RPM_BUILD_ROOT/%{_sbindir}
|
|
|
|
for mpm in %{mpms_to_build}; do
|
|
|
|
cat <<-EOT_ED | ed -s apxs
|
|
|
|
H
|
|
|
|
,s/^\(.*\)config_vars.mk\(.*\)$/\1config_vars.mk\$mpm_suffix\2/
|
|
|
|
/config_vars.mk
|
|
|
|
^
|
|
|
|
i
|
|
|
|
my \$mpm_suffix = "-$mpm";
|
|
|
|
.
|
|
|
|
wq apxs%{vers}-$mpm
|
|
|
|
EOT_ED
|
|
|
|
chmod 755 apxs%{vers}-$mpm
|
|
|
|
done
|
|
|
|
cat <<-EOT_ED | ed -s apxs
|
|
|
|
H
|
|
|
|
/config_vars
|
|
|
|
a
|
|
|
|
my \$mpm_suffix = "";
|
|
|
|
.
|
|
|
|
wq
|
|
|
|
EOT_ED
|
|
|
|
mv apxs apxs%{vers}
|
|
|
|
popd
|
2007-03-20 01:13:36 +01:00
|
|
|
# install firewall information file
|
2007-10-22 18:25:27 +02:00
|
|
|
install -d $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
|
|
|
|
install -m 644 %{S:49} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
|
|
|
|
install -m 644 %{S:50} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}-ssl
|
2006-12-20 18:01:15 +01:00
|
|
|
#
|
|
|
|
# filelists
|
|
|
|
#
|
|
|
|
>filelist; >filelist-devel
|
|
|
|
for mpm in %{mpms_to_build}; do
|
|
|
|
echo %dir %{_libdir}/%{pname}-$mpm >> filelist
|
|
|
|
(
|
|
|
|
echo %dir %{includedir}-$mpm
|
|
|
|
echo %{_sbindir}/apxs%{vers}-$mpm
|
|
|
|
) >> filelist-devel
|
|
|
|
done
|
|
|
|
find $RPM_BUILD_ROOT/%{includedir}/.. -type f -o -type l \
|
|
|
|
| sed "s#$RPM_BUILD_ROOT##" \
|
|
|
|
>> filelist-devel
|
|
|
|
find $RPM_BUILD_ROOT/%{installbuilddir} -type f \
|
|
|
|
| sed "s#$RPM_BUILD_ROOT##" \
|
|
|
|
>> filelist-devel
|
|
|
|
# remove files from the build root that we won't package
|
|
|
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{pname}-*/*.exp # needed only on AIX
|
|
|
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{pname}/*.exp # needed only on AIX
|
|
|
|
rm -f $RPM_BUILD_ROOT/%{_sbindir}/checkgid # needed only for user installations from tarball
|
|
|
|
rm -r $RPM_BUILD_ROOT/%{sysconfdir}/extra # it is already in the documentation directory
|
|
|
|
#
|
|
|
|
# O/ _|_ _ __|_
|
|
|
|
# /O |_(/__> |_
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# now check wether httpd binary runs properly
|
|
|
|
# and validate httpd.conf file
|
|
|
|
#
|
|
|
|
pushd $RPM_BUILD_ROOT/%{sysconfdir}
|
|
|
|
for i in *.conf; do cp $i $i.test; done
|
|
|
|
%if %{?suse_version:%suse_version}%{?!suse_version:9999} < 810
|
|
|
|
echo -e "User %httpduser \nGroup nogroup" > uid.conf.test
|
|
|
|
sed 's+/srv/www+/usr/local/httpd+' default-server.conf > t
|
|
|
|
mv t default-server.conf
|
|
|
|
mkdir -p /usr/local/httpd/htdocs
|
|
|
|
%endif
|
|
|
|
# for Fedora
|
|
|
|
%if %{?suse_version:0}%{!?suse_version:1}
|
|
|
|
echo -e "User nobody \nGroup nobody" > uid.conf.test
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{htdocsdir}
|
|
|
|
%endif
|
|
|
|
sed -e 's+/usr/%_lib+'$RPM_BUILD_ROOT'/usr/%_lib+' \
|
|
|
|
-e 's+/var/run+'$RPM_BUILD_ROOT'/var/run+' \
|
|
|
|
-e 's+%{sysconfdir}+'$RPM_BUILD_ROOT'%{sysconfdir}+' \
|
|
|
|
-e 's+%{datadir}+'$RPM_BUILD_ROOT'%{datadir}+' \
|
|
|
|
-e 's+\.conf$+&.test+' \
|
|
|
|
httpd.conf > httpd.conf.test
|
|
|
|
sed -e 's+%{sysconfdir}+'$RPM_BUILD_ROOT'%{sysconfdir}+' \
|
|
|
|
default-server.conf > default-server.conf.test
|
|
|
|
touch sysconfig.d/global.conf.test
|
|
|
|
touch sysconfig.d/include.conf.test
|
|
|
|
popd
|
|
|
|
pushd $RPM_BUILD_ROOT
|
|
|
|
for i in $(export LC_ALL=C; find .%{libexecdir}-%{default_mpm} -name "*.so" | sort); do
|
|
|
|
mod_id=${i#*mod_}; mod_id=${mod_id%.so}_module
|
|
|
|
mod_path=
|
|
|
|
echo LoadModule $mod_id $RPM_BUILD_ROOT/${i#.} >> .%{sysconfdir}/sysconfig.d/loadmodule.conf.test
|
|
|
|
done
|
|
|
|
# auth_ldap_module needs to be loaded after ldap_module
|
|
|
|
echo -e "/authnz_ldap\n+\n-m/ldap\nwq" | ed -s ./%{sysconfdir}/sysconfig.d/loadmodule.conf.test
|
|
|
|
popd
|
|
|
|
%if %{?suse_version:1}%{!?suse_version:0}
|
|
|
|
LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} \
|
|
|
|
$RPM_BUILD_ROOT/%{_sbindir}/httpd%{vers}-%{default_mpm} \
|
|
|
|
-e debug -t -f $RPM_BUILD_ROOT/%{sysconfdir}/httpd.conf.test || exit 1
|
|
|
|
%else
|
|
|
|
LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} \
|
|
|
|
$RPM_BUILD_ROOT/%{_sbindir}/httpd%{vers}-%{default_mpm} \
|
|
|
|
-e debug -t -f $RPM_BUILD_ROOT/%{sysconfdir}/httpd.conf.test || :
|
|
|
|
%endif
|
|
|
|
rm $RPM_BUILD_ROOT/%{sysconfdir}/*.test
|
|
|
|
rm $RPM_BUILD_ROOT/%{sysconfdir}/sysconfig.d/*
|
|
|
|
mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
|
|
|
|
|
|
|
|
%files -f filelist
|
|
|
|
# _
|
|
|
|
# O/ _|_o| _ _
|
|
|
|
# /O | ||(/__>
|
|
|
|
#
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%doc INSTALL READM* LICENSE ABOUT_APACHE CHANGES
|
|
|
|
%doc support/SHA1
|
|
|
|
%doc %attr(755,root,root) certificate.sh
|
|
|
|
%doc %attr(755,root,root) mkcert.sh
|
|
|
|
%doc %{_mandir}/man8/apachectl%{vers}.8.gz
|
|
|
|
%doc %{_mandir}/man8/htcacheclean%{vers}.8.gz
|
|
|
|
%doc %{_mandir}/man8/%{httpd}.8.gz
|
|
|
|
%doc %{_mandir}/man8/apxs%{vers}.8.gz
|
|
|
|
%doc robots.txt
|
|
|
|
%doc printenv
|
|
|
|
%doc test-cgi
|
|
|
|
#%doc httpd-std.conf-*
|
|
|
|
#%doc ssl-std.conf
|
|
|
|
%doc httpd.conf.default
|
|
|
|
%doc original
|
|
|
|
%attr(750,root,root) %dir %{logfiledir}
|
|
|
|
%attr(750,%httpduser,root) %dir %{proxycachedir}
|
|
|
|
%attr(750,%httpduser,root) %dir %{localstatedir}
|
|
|
|
%dir %{sysconfdir}
|
|
|
|
%config %{sysconfdir}/magic
|
|
|
|
%config %{sysconfdir}/mime.types
|
|
|
|
%config (noreplace) %{sysconfdir}/*.conf
|
|
|
|
%config (noreplace) %{sysconfdir}/charset.conv
|
|
|
|
%{sysconfdir}/vhosts.d/*.template
|
|
|
|
%dir %{sysconfdir}/ssl.crl
|
|
|
|
%dir %{sysconfdir}/ssl.crt
|
|
|
|
%dir %{sysconfdir}/ssl.csr
|
|
|
|
%dir %attr(700,root,root) %{sysconfdir}/ssl.key
|
|
|
|
%dir %{sysconfdir}/ssl.prm
|
|
|
|
%{sysconfdir}/ssl.*/README*
|
|
|
|
%config %{sysconfdir}/ssl.*/Makefile
|
|
|
|
%{sysconfdir}/ssl.*/snakeoil*
|
|
|
|
%{sysconfdir}/ssl.*/*.0
|
|
|
|
%config %{sysconfdir}/ssl.crt/ca-bundle.crt
|
|
|
|
%config(noreplace) %{sysconfdir}/ssl.crt/server.crt
|
|
|
|
%config(noreplace) %{sysconfdir}/ssl.csr/server.csr
|
|
|
|
%config(noreplace) %{sysconfdir}/ssl.key/server.key
|
|
|
|
%dir %{sysconfdir}/conf.d
|
|
|
|
%dir %{sysconfdir}/vhosts.d
|
|
|
|
%dir %{sysconfdir}/sysconfig.d
|
|
|
|
%config(noreplace) /etc/logrotate.d/%{pname}
|
2007-01-12 01:16:59 +01:00
|
|
|
%{_datadir}/omc/svcinfo.d/apache2.xml
|
2006-12-20 18:01:15 +01:00
|
|
|
%if %{?suse_version:%suse_version}%{?!suse_version:9999} < 1000
|
|
|
|
%config(noreplace) /etc/permissions.d/%{pname}
|
|
|
|
%endif
|
|
|
|
%config /etc/init.d/%{pname}
|
|
|
|
#
|
|
|
|
%{_sbindir}/rc%{pname}
|
|
|
|
%{_sbindir}/apache%{vers}ctl
|
|
|
|
%{_sbindir}/envvars
|
|
|
|
%{_sbindir}/envvars-std
|
|
|
|
%{_sbindir}/htcacheclean
|
|
|
|
%{_sbindir}/a2enflag
|
|
|
|
%{_sbindir}/a2enmod
|
|
|
|
%{_sbindir}/a2disflag
|
|
|
|
%{_sbindir}/a2dismod
|
|
|
|
%{_bindir}/log_server_status%{vers}
|
|
|
|
%{iconsdir}
|
|
|
|
%{errordir}
|
|
|
|
%{_var}/adm/fillup-templates/sysconfig.%{pname}
|
|
|
|
%attr(755,root,root) %{_libdir}/%{pname}_MMN
|
|
|
|
%dir %{_libdir}/%{pname}
|
|
|
|
%{_libdir}/%{pname}/mod_*.so
|
|
|
|
%dir %{installbuilddir}
|
|
|
|
%dir %{_prefix}/share/%{pname}
|
|
|
|
%{_prefix}/share/%{pname}/apache-20-22-upgrade
|
|
|
|
%{_prefix}/share/%{pname}/get_module_list
|
|
|
|
%{_prefix}/share/%{pname}/get_includes
|
|
|
|
%{_prefix}/share/%{pname}/find_httpd2_includes
|
|
|
|
%{_prefix}/share/%{pname}/find_mpm
|
|
|
|
%{_prefix}/share/%{pname}/load_configuration
|
2008-04-20 21:03:37 +02:00
|
|
|
%{_prefix}/share/%{pname}/sysconf_addword
|
2007-10-22 18:25:27 +02:00
|
|
|
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
|
|
|
|
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}-ssl
|
2006-12-20 18:01:15 +01:00
|
|
|
%if %prefork
|
|
|
|
|
|
|
|
%files prefork
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%{_sbindir}/%{httpd}-prefork
|
|
|
|
%dir %{_libdir}/%{pname}-prefork
|
|
|
|
%{_libdir}/%{pname}-prefork/mod_*.so
|
|
|
|
%endif
|
|
|
|
%if %worker
|
|
|
|
|
|
|
|
%files worker
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%{_sbindir}/%{httpd}-worker
|
|
|
|
%dir %{_libdir}/%{pname}-worker
|
|
|
|
%{_libdir}/%{pname}-worker/mod_*.so
|
|
|
|
%endif
|
|
|
|
%if %event
|
|
|
|
|
|
|
|
%files event
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%{_sbindir}/%{httpd}-event
|
|
|
|
%dir %{_libdir}/%{pname}-event
|
|
|
|
%{_libdir}/%{pname}-event/mod_*.so
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%files devel -f filelist-devel
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%dir %{_prefix}/share/%{pname}
|
|
|
|
%dir %{installbuilddir}
|
|
|
|
%dir %{includedir}
|
|
|
|
%{_sbindir}/apxs%{vers}
|
|
|
|
|
|
|
|
%files doc
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%doc %{manualdir}
|
|
|
|
%dir %{sysconfdir}
|
|
|
|
%dir %{sysconfdir}/conf.d
|
|
|
|
%config %{sysconfdir}/conf.d/apache2-manual.conf
|
|
|
|
|
|
|
|
%files example-pages
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%config(noreplace) %{htdocsdir}/index.htm*
|
|
|
|
%config(noreplace) %{htdocsdir}/apache_*.png
|
|
|
|
%config(noreplace) %{htdocsdir}/apache_*.gif
|
|
|
|
%config(noreplace) %{htdocsdir}/favicon.ico
|
|
|
|
%config(noreplace) %{htdocsdir}/robots.txt
|
2007-07-23 21:27:20 +02:00
|
|
|
|
|
|
|
%files utils
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%doc %{_mandir}/man8/ab%{vers}.8.gz
|
|
|
|
%doc %{_mandir}/man1/dbmmanage%{vers}.1.gz
|
|
|
|
%doc %{_mandir}/man1/htdbm%{vers}.1.gz
|
|
|
|
%doc %{_mandir}/man1/htdigest%{vers}.1.gz
|
|
|
|
%doc %{_mandir}/man1/htpasswd%{vers}.1.gz
|
|
|
|
%doc %{_mandir}/man8/logresolve%{vers}.8.gz
|
|
|
|
%doc %{_mandir}/man8/rotatelogs%{vers}.8.gz
|
|
|
|
%doc %{_mandir}/man8/suexec%{vers}.8.gz
|
|
|
|
%{_bindir}/check_forensic%{vers}
|
|
|
|
%{_bindir}/dbmmanage%{vers}
|
|
|
|
%{_bindir}/gensslcert
|
|
|
|
%{_bindir}/htdbm%{vers}
|
|
|
|
%{_bindir}/htdigest%{vers}
|
|
|
|
%{_bindir}/htpasswd%{vers}
|
|
|
|
%{_bindir}/split-logfile%{vers}
|
|
|
|
%{_sbindir}/ab%{vers}
|
|
|
|
%{_sbindir}/httxt2dbm
|
|
|
|
%{_sbindir}/logresolve.pl%{vers}
|
|
|
|
%{_sbindir}/logresolve%{vers}
|
|
|
|
%{_sbindir}/rotatelogs%{vers}
|
|
|
|
%verify(not mode) %attr(0755,root,root) %_sbindir/suexec2
|
2006-12-20 18:01:15 +01:00
|
|
|
%if %prefork
|
|
|
|
|
|
|
|
%post prefork
|
|
|
|
/usr/share/%{pname}/get_module_list &>/dev/null
|
|
|
|
exit 0
|
|
|
|
%endif
|
|
|
|
%if %worker
|
|
|
|
|
|
|
|
%post worker
|
|
|
|
/usr/share/%{pname}/get_module_list &>/dev/null
|
|
|
|
exit 0
|
|
|
|
%endif
|
|
|
|
%if %event
|
|
|
|
|
|
|
|
%post event
|
|
|
|
/usr/share/%{pname}/get_module_list &>/dev/null
|
|
|
|
exit 0
|
|
|
|
%endif
|
|
|
|
%if %{?suse_version:0}%{!?suse_version:1}
|
|
|
|
|
|
|
|
%pre
|
|
|
|
# on Fedora, add the "apache" user
|
|
|
|
/usr/sbin/useradd -c "Apache" -u 48 \
|
|
|
|
-s /sbin/nologin -r -d %{localstatedir} apache 2> /dev/null || :
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%preun
|
|
|
|
#
|
|
|
|
# O/ ._ .__ / ._ _ __|_
|
|
|
|
# /O |_)|(/_ / |_)(_)_> |_
|
|
|
|
# | |
|
|
|
|
#
|
|
|
|
#if %suse_version > 810
|
|
|
|
#stop_on_removal %{pname}
|
|
|
|
#endif
|
|
|
|
for i in %{_sbindir}/%{httpd} \
|
|
|
|
%{installbuilddir}/config_vars.mk
|
|
|
|
do
|
|
|
|
test -L $i && rm $i
|
|
|
|
done
|
|
|
|
exit 0
|
|
|
|
|
|
|
|
%postun
|
|
|
|
#if %suse_version > 810
|
|
|
|
#restart_on_update %{pname}
|
|
|
|
#endif
|
|
|
|
%insserv_cleanup
|
|
|
|
|
|
|
|
%post
|
|
|
|
%run_permissions
|
|
|
|
%if 0%{?suse_version}
|
|
|
|
# a group wwwadmin has existed in the distant past, and it was renamed to www
|
|
|
|
if grep -q "^wwwadmin:" /etc/group; then
|
|
|
|
groupmod -n www wwwadmin 2>/dev/null ||:
|
|
|
|
fi
|
|
|
|
%endif
|
|
|
|
usermod -g %httpdgroup %httpduser 2>/dev/null ||:
|
|
|
|
usermod -s /bin/false %httpduser 2>/dev/null ||:
|
|
|
|
tmpdir=$(mktemp -d etc/%{pname}/%{pname}-post.XXXXXX); test $? = 0 || { echo >&2 Could not create tmpdir. Exiting; exit 1; }
|
|
|
|
tmpfile=$tmpdir/tmpfile
|
|
|
|
RC_CONFIG=etc/rc.config
|
|
|
|
if [ -e $RC_CONFIG ]; then
|
|
|
|
. $RC_CONFIG
|
|
|
|
if [ "$START_HTTPD" = no -a "$START_HTTPSD" = yes ]; then
|
|
|
|
echo -n "removing obsolete START_HTTPSD from etc/rc.config ..."
|
|
|
|
sed -e 's+START_HTTPD=.*+START_HTTPD=yes+' \
|
|
|
|
-e 's+START_HTTPSD=.*++' $RC_CONFIG > $tmpfile \
|
|
|
|
&& cp $tmpfile $RC_CONFIG
|
|
|
|
echo "done"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
if test -s etc/sysconfig/%{pname} && grep -q "^LOADMODULES" etc/sysconfig/%{pname}; then
|
|
|
|
sed "s/LOADMODULES/APACHE_MODULES/" etc/sysconfig/%{pname} >| $tmpfile \
|
|
|
|
&& cp $tmpfile etc/sysconfig/%{pname}
|
|
|
|
fi
|
|
|
|
%{fillup_and_insserv -ns apache2 apache2 START_HTTPD}
|
|
|
|
%{fillup_only -ans apache2 apache2}
|
|
|
|
# Update ?
|
|
|
|
if [ ${FIRST_ARG:-0} -gt 1 ]; then
|
|
|
|
# update from package with the old near-monolithic conf file?
|
|
|
|
if [ -s ./%{sysconfdir}/httpd.conf.default -a -s ./%{sysconfdir}/httpd.conf.rpmnew ]; then
|
|
|
|
diff -u .%{sysconfdir}/httpd.conf.default .%{sysconfdir}/httpd.conf \
|
|
|
|
> $tmpdir/httpd.conf.dif ||:
|
|
|
|
cp -p $tmpdir/httpd.conf.dif ./%{sysconfdir}/httpd.conf var/adm/backup/
|
|
|
|
archive_conf=$(old var/adm/backup/httpd.conf 2>/dev/null); archive_conf=${archive_conf##*/}
|
|
|
|
archive_dif=$(old var/adm/backup/httpd.conf.dif 2>/dev/null); archive_dif=${archive_dif##*/}
|
|
|
|
fi
|
|
|
|
#
|
|
|
|
sed "
|
|
|
|
# generated files were renamed from suse_* to sysconfig.d/*
|
|
|
|
s|\(^Include /etc/apache2\)/suse_\(\(include\|loadmodule\|global\).conf\)|\1/sysconfig.d/\2|
|
|
|
|
# the access_log configuration is now configurable
|
|
|
|
s|^CustomLog /var/log/apache2/access_log.*|# &|
|
|
|
|
# group of wwwrun has changed
|
|
|
|
s|^Group nogroup|Group www|
|
|
|
|
" < ./%{sysconfdir}/httpd.conf > $tmpfile
|
|
|
|
chmod --reference=./%{sysconfdir}/httpd.conf $tmpfile
|
|
|
|
chown --reference=./%{sysconfdir}/httpd.conf $tmpfile
|
|
|
|
cmp -s $tmpfile ./%{sysconfdir}/httpd.conf || cp -p $tmpfile ./%{sysconfdir}/httpd.conf
|
|
|
|
fi
|
|
|
|
rm -rf $tmpdir
|
|
|
|
/usr/share/%{pname}/apache-20-22-upgrade
|
|
|
|
/usr/share/%{pname}/get_module_list &>/dev/null
|
|
|
|
exit 0
|
|
|
|
%verifyscript
|
|
|
|
%verify_permissions -e %{_sbindir}/suexec2
|
|
|
|
|
|
|
|
%clean
|
|
|
|
if ! test -f /.buildenv; then
|
|
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
fi
|
2007-12-13 20:32:12 +01:00
|
|
|
|
2007-03-20 01:13:36 +01:00
|
|
|
%changelog
|
2008-05-26 19:05:45 +02:00
|
|
|
* Mon May 26 2008 skh@suse.de
|
|
|
|
- CVE-2008-1678: modules/ssl/mod_ssl.c (ssl_cleanup_pre_config):
|
|
|
|
Remove the call to CRYPTO_cleanup_all_ex_data here, fixing a
|
|
|
|
per-connection memory leak which occurs if the client indicates
|
|
|
|
support for a compression algorithm in the initial handshake, and
|
|
|
|
mod_ssl is linked against OpenSSL >= 0.9.8f. [bnc#392096]
|
|
|
|
httpd-2.2.x-CVE-2008-1678.patch
|
2008-04-20 21:03:37 +02:00
|
|
|
* Fri Apr 18 2008 poeml@suse.de
|
|
|
|
- sync up with changes from Build Service:
|
|
|
|
- new implementation of sysconf_addword, using sed instead of ed.
|
|
|
|
Moving it from the -utils subpackage into the parent package,
|
|
|
|
where it's actually needed. If sysconf_addword is already present
|
|
|
|
in the system, it is preferred (by PATH). That's because the tool
|
|
|
|
has been integrated into aaa_base.rpm with openSUSE 11.0.
|
|
|
|
Removing the requires on the ed package. [bnc#377131]
|
|
|
|
- better documentation how to enable SSL in /etc/sysconfig/apache2
|
|
|
|
- quickstart readme: the link to the openSUSE wiki is about to move
|
|
|
|
- add "127.0.0.1" to the local access list in mod_status.conf,
|
|
|
|
because on some systems "localhost" seems to resolve only to IPv6
|
|
|
|
localhost
|
|
|
|
- /etc/init.d/apache2: implement restart-graceful, stop-graceful
|
|
|
|
- fix graceful-restart. Wait until the pidfile is gone, but don't
|
|
|
|
wait for the parent to disappear. It stays there, after closing
|
|
|
|
the listen ports.
|
|
|
|
- don't configure in maintainer-mode. It not only enables compile
|
|
|
|
time warnings, but also adds AP_DEBUG into the mix which causes
|
|
|
|
enablement of debug code which is not wanted in production
|
|
|
|
builds.
|
|
|
|
- drop obsolete patches mod_dbd.c-issue18989-autoconnect.dif and
|
|
|
|
mod_dbd.c-r571441, as the 2.2.8 mod_dbd is just fine.
|
2008-04-01 23:02:11 +02:00
|
|
|
* Tue Apr 01 2008 mkoenig@suse.de
|
|
|
|
- remove dir /usr/share/omc/svcinfo.d as it is provided now
|
|
|
|
by filesystem
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Mar 14 2008 skh@suse.de
|
|
|
|
- update to upstream 2.2.8 --> see CHANGES in package for details
|
|
|
|
- removed obsolete patches:
|
|
|
|
- apache2-mod_cache-CVE-2007-1863.patch
|
|
|
|
- apache2-mod_status-CVE-2006-5752.patch
|
|
|
|
- httpd-2.2.4-mod_autoindex-charset-r570962.patch
|
|
|
|
- httpd-2.2.x.doublefree.patch
|
|
|
|
* Thu Dec 13 2007 ro@suse.de
|
2007-12-13 20:32:12 +01:00
|
|
|
- remove sysconf_addword, now in aaa_base (#328599)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Oct 22 2007 sbrabec@suse.cz
|
2007-10-22 18:25:27 +02:00
|
|
|
- Use correct SuSEfirewall2 rule directory.
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Sep 03 2007 skh@suse.de
|
2007-09-03 18:22:43 +02:00
|
|
|
- get_module_list: replace loadmodule.conf atomically [bnc #214863]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Aug 31 2007 poeml@suse.de
|
2007-08-31 15:36:19 +02:00
|
|
|
- replace httpd-2.2.3-AddDirectoryIndexCharset.patch with the upstream
|
|
|
|
solution, httpd-2.2.4-mod_autoindex-charset-r570962.patch [#153557]
|
|
|
|
(backport from 2.2.6)
|
|
|
|
* Merge r570532, r570535, r570558 from trunk:
|
|
|
|
IndexOptions ContentType=text/html Charset=UTF-8 magic.
|
|
|
|
http://svn.apache.org/viewvc?rev=570962&view=rev
|
|
|
|
http://issues.apache.org/bugzilla/show_bug.cgi?id=42105
|
|
|
|
This means that the AddDirectoryIndexCharset is no longer
|
|
|
|
available. Instead, IndexOptions Charset=xyz can be used.
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Aug 31 2007 poeml@suse.de
|
2007-08-31 15:36:19 +02:00
|
|
|
- remove libexpat-devel in the build service version of the package
|
|
|
|
- apply apache2-mod_cache-CVE-2007-1863.patch (patch 152) in the
|
|
|
|
buildservice package
|
|
|
|
- don't apply mod_dbd.c-issue18989-autoconnect.dif, since it
|
|
|
|
patches only modules/database/mod_dbd.c which is replaced with
|
|
|
|
trunk version anyway
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Aug 23 2007 mskibbe@suse.de
|
2007-08-27 17:26:38 +02:00
|
|
|
- Bug 289996 - VUL-0: mod_status XSS in public server status page
|
|
|
|
- Bug 289997 - VUL-0: apache2: mod_cache remote denial of service
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Jul 18 2007 skh@suse.de
|
2007-07-23 21:27:20 +02:00
|
|
|
- split off apache2-utils subpackage, containing all helper tools that
|
|
|
|
are useful for system administrators in general (b.n.c. #272292 and
|
|
|
|
FATE #302059)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Mar 29 2007 dmueller@suse.de
|
2007-03-29 22:15:59 +02:00
|
|
|
- add zlib-devel to BuildRequires
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Mar 23 2007 poeml@suse.de
|
2007-03-23 21:40:52 +01:00
|
|
|
- add mod_dbd.c from trunk (r512038), the version we run ourselves
|
|
|
|
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/database/mod_dbd.c?view=log
|
|
|
|
- add mod_dbd.c-issue18989-autoconnect.dif, but disabled. It
|
|
|
|
applies to 2.2.4 mod_dbd.c but not to the trunk version
|
|
|
|
- build mod_version
|
|
|
|
- fix documentation link in apache2-httpd.conf
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Mar 20 2007 mskibbe@suse.de
|
2007-03-20 11:30:41 +01:00
|
|
|
- add firewall file for ssl (#246929)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Mar 19 2007 mskibbe@suse.de
|
2007-03-20 01:13:36 +01:00
|
|
|
- Apache - Support for FATE #300687: Ports for SuSEfirewall added
|
|
|
|
via packages (#246929)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Jan 26 2007 poeml@suse.de
|
2007-03-20 01:13:36 +01:00
|
|
|
- the QUICKSTART Readmes have been moved to
|
|
|
|
http://www.opensuse.org/Apache
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Jan 22 2007 poeml@suse.de
|
2007-03-20 01:13:36 +01:00
|
|
|
- point out better in README.QUICKSTART.SSL that a vhost needs to
|
|
|
|
be created
|
|
|
|
- fixes to README.QUICKSTART.WebDAV
|
|
|
|
- updated email addresses (now there is apache@suse.de)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Sat Jan 20 2007 poeml@suse.de
|
2007-03-20 01:13:36 +01:00
|
|
|
- add httpd-2.2.x.doublefree.patch, backport of
|
|
|
|
http://svn.apache.org/viewvc?diff_format=h&view=rev&revision=496831
|
|
|
|
See http://issues.apache.org/bugzilla/show_bug.cgi?id=39985
|
2008-04-01 23:02:11 +02:00
|
|
|
* Fri Jan 19 2007 poeml@suse.de
|
2007-03-20 01:13:36 +01:00
|
|
|
- create debuginfo package in the buildservice
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Jan 12 2007 mskibbe@suse.de
|
2007-01-12 01:16:59 +01:00
|
|
|
- change path to service cml document (fate #301708)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Jan 09 2007 poeml@suse.de
|
2007-01-10 18:06:36 +01:00
|
|
|
- upstream 2.2.4
|
|
|
|
mod_authnz_ldap:
|
|
|
|
- Add an AuthLDAPRemoteUserAttribute directive. If set,
|
|
|
|
REMOTE_USER will be set to this attribute, rather than the
|
|
|
|
username supplied by the user. Useful for example when you
|
|
|
|
want users to log in using an email address, but need to
|
|
|
|
supply a userid instead to the backend.
|
|
|
|
mod_cache:
|
|
|
|
- From RFC3986 (section 6.2.3.) if a URI contains an authority
|
|
|
|
component and an empty path, the empty path is to be
|
|
|
|
equivalent to "/". It explicitly cites the following four URIs
|
|
|
|
as equivalents:
|
|
|
|
http://example.com
|
|
|
|
http://example.com/
|
|
|
|
http://example.com:/
|
|
|
|
http://example.com:80/
|
|
|
|
- Eliminate a bogus error in the log when a filter returns
|
|
|
|
AP_FILTER_ERROR.
|
|
|
|
- Don't cache requests with a expires date in the past;
|
|
|
|
otherwise mod_cache will always try to cache the URL. This bug
|
|
|
|
might lead to numerous rename() errors on win32 if the URL was
|
|
|
|
previously cached.
|
|
|
|
mod_cgi and mod_cgid:
|
|
|
|
- Don't use apr_status_t error return from input filters as HTTP
|
|
|
|
return value from the handler. PR 31579.
|
|
|
|
mod_dbd:
|
|
|
|
- share per-request database handles across subrequests and
|
|
|
|
internal redirects
|
|
|
|
- key connection pools to virtual hosts correctly even when
|
|
|
|
ServerName is unset/unavailable
|
|
|
|
mod_deflate:
|
|
|
|
- Rework inflate output and deflate output filter to fix several
|
|
|
|
issues: Incorrect handling of flush buckets, potential memory
|
|
|
|
leaks, excessive memory usage in inflate output filter for
|
|
|
|
large compressed content. PR 39854.
|
|
|
|
mod_disk_cache:
|
|
|
|
- Make sure that only positive integers are accepted for the
|
|
|
|
CacheMaxFileSize and CacheMinFileSize parameters in the config
|
|
|
|
file. PR39380.
|
|
|
|
mod_dumpio:
|
|
|
|
- Allow mod_dumpio to log at other than DEBUG levels via the new
|
|
|
|
DumpIOLogLevel directive.
|
|
|
|
mod_echo:
|
|
|
|
- Fix precedence problem in if statement. PR 40658.
|
|
|
|
mod_ext_filter:
|
|
|
|
- Handle filter names which include capital letters. PR 40323.
|
|
|
|
mod_headers:
|
|
|
|
- Support regexp-based editing of HTTP headers.
|
|
|
|
mod_mime_magic:
|
|
|
|
- Fix precedence problem in if statement. PR 40656.
|
|
|
|
mod_mem_cache:
|
|
|
|
- Memory leak fix: Unconditionally free the buffer.
|
|
|
|
- Convert mod_mem_cache to use APR memory pool functions by
|
|
|
|
creating a root pool for object persistence across requests.
|
|
|
|
This also eliminates the need for custom serialization code.
|
|
|
|
mod_proxy:
|
|
|
|
- Don't try to use dead backend connection. PR 37770.
|
|
|
|
- Add explicit flushing feature. When Servlet container sends
|
|
|
|
AJP body message with size 0, this means that Servlet
|
|
|
|
container has asked for an explicit flush. Create flush bucket
|
|
|
|
in that case. This feature has been added to the recent Tomcat
|
|
|
|
versions without breaking the AJP protocol.
|
|
|
|
mod_proxy_ajp:
|
|
|
|
- Close connection to backend if reading of request body fails.
|
|
|
|
PR 40310.
|
|
|
|
- Added cping/cpong support for the AJP protocol. A new worker
|
|
|
|
directive ping=timeout will cause CPING packet to be send
|
|
|
|
expecting CPONG packet within defined timeout. In case the
|
|
|
|
backend is too busy this will fail instead sending the full
|
|
|
|
header.
|
|
|
|
mod_proxy_balancer:
|
|
|
|
- Workers can now be defined as part of a balancer cluster "set"
|
|
|
|
in which members of a lower-numbered set are preferred over
|
|
|
|
higher numbered ones.
|
|
|
|
- Workers can now be defined as "hot standby" which will only be
|
|
|
|
used if all other workers are unusable (eg: in error or
|
|
|
|
disabled). Also, the balancer-manager displays the election
|
|
|
|
count and I/O counts of all workers.
|
|
|
|
- Retry worker chosen by route / redirect worker if it is in
|
|
|
|
error state before sending "Service Temporarily Unavailable".
|
|
|
|
PR 38962.
|
|
|
|
- Extract stickysession routing information contained as
|
|
|
|
parameter in the URL correctly. PR 40400.
|
|
|
|
- Set the new environment variable BALANCER_ROUTE_CHANGED if a
|
|
|
|
worker with a route different from the one supplied by the
|
|
|
|
client had been chosen or if the client supplied no routing
|
|
|
|
information for a balancer with sticky sessions.
|
|
|
|
- Add information about the route, the sticky session and the
|
|
|
|
worker used during a request as environment variables. PR
|
|
|
|
39806.
|
|
|
|
core:
|
|
|
|
- Fix issue which could cause piped loggers to be orphaned and
|
|
|
|
never terminate after a graceful restart. PR 40651.
|
|
|
|
- Fix address-in-use startup failure caused by corruption of the
|
|
|
|
list of listen sockets in some configurations with multiple
|
|
|
|
generic Listen directives.
|
|
|
|
- Fix NONBLOCK status of listening sockets on restart/graceful
|
|
|
|
PR 37680.
|
|
|
|
- Deal with the widespread use of apr_status_t return values as
|
|
|
|
HTTP status codes, as documented in PR#31759 (a bug shared by
|
|
|
|
the default handler, mod_cgi, mod_cgid, mod_proxy, and
|
|
|
|
probably others). PR31759.
|
|
|
|
- The full server version information is now included in the
|
|
|
|
error log at startup as well as server status reports,
|
|
|
|
irrespective of the setting of the ServerTokens directive.
|
|
|
|
ap_get_server_version() is now deprecated, and is replaced by
|
|
|
|
ap_get_server_banner() and ap_get_server_description().
|
|
|
|
misc:
|
|
|
|
- Allow htcacheclean, httxt2dbm, and fcgistarter to link
|
|
|
|
apr/apr-util statically like the older support programs.
|
|
|
|
- Better detection and clean up of ldap connection that has been
|
|
|
|
terminated by the ldap server. PR 40878.
|
|
|
|
- rotatelogs: Improve error message for open failures. PR
|
|
|
|
39487.
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Jan 08 2007 mskibbe@suse.de
|
2007-01-08 12:26:19 +01:00
|
|
|
- Apache XML Service Description Document (fate #301708)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Dec 21 2006 poeml@suse.de
|
2007-01-10 18:06:36 +01:00
|
|
|
- add patch to add charset=utf-8 to directory listings generated by
|
|
|
|
mod_autoindex, and add a directive to allow overriding the
|
|
|
|
charset (testing, needs to be discussed with upstream) [#153557]
|
|
|
|
httpd-2.2.3-AddDirectoryIndexCharset.patch
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Dec 20 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- set a proper HOME (/var/lib/apache2), otherwise the server might
|
|
|
|
end up HOME=/root and some script might try to use that [#132769]
|
|
|
|
- add two notes to the QUICKSTART readmes
|
|
|
|
- don't install /etc/apache2/extra configuration since this is only
|
|
|
|
serving as an example and installed with the documentation anyway
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Sep 26 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- add rpm macro for suexec_safepath
|
|
|
|
- use _bindir/_sbindir in a few places [#202355]
|
|
|
|
- remove unused /sbin/conf.d directory from build root
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Aug 31 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- Enable fatal exception hook for use by diagnostic modules.
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Aug 29 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- move some binaries, where calling by users makes sense (dbmmanage
|
|
|
|
htdbm htdigest htpasswd), from /usr/sbin to /usr/bin [#140133]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Aug 09 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- upstream 2.2.3
|
|
|
|
|SECURITY: CVE-2006-3747 (cve.mitre.org)
|
|
|
|
| mod_rewrite: Fix an off-by-one security problem in the ldap scheme
|
|
|
|
| handling. For some RewriteRules this could lead to a pointer being
|
|
|
|
| written out of bounds. Reported by Mark Dowd of McAfee.
|
|
|
|
| mod_authn_alias: Add a check to make sure that the base provider and the
|
|
|
|
| alias names are different and also that the alias has not been registered
|
|
|
|
| before. PR 40051.
|
|
|
|
| mod_authnz_ldap: Fix a problem with invalid auth error detection for LDAP
|
|
|
|
| client SDKs that don't support the LDAP_SECURITY_ERROR macro. PR 39529.
|
|
|
|
| mod_autoindex: Fix filename escaping with FancyIndexing disabled.
|
|
|
|
| PR 38910.
|
|
|
|
| mod_cache:
|
|
|
|
| - Make caching of reverse SSL proxies possible again. PR 39593.
|
|
|
|
| - Do not overwrite the Content-Type in the cache, for
|
|
|
|
| successfully revalidated cached objects. PR 39647.
|
|
|
|
| mod_charset_lite: Bypass translation when the source and dest charsets
|
|
|
|
| are the same.
|
|
|
|
| mod_dbd: Fix dependence on virtualhost configuration in
|
|
|
|
| defining prepared statements (possible segfault at startup
|
|
|
|
| in user modules such as mod_authn_dbd).
|
|
|
|
| mod_mem_cache: Set content type correctly when delivering data from
|
|
|
|
| cache. PR 39266.
|
|
|
|
| mod_speling: Add directive to deal with case corrections only
|
|
|
|
| and ignore other misspellings
|
|
|
|
| miscellaneous:
|
|
|
|
| - Add optional 'scheme://' prefix to ServerName directive,
|
|
|
|
| allowing correct determination of the canonical server URL
|
|
|
|
| for use behind a proxy or offload device handling SSL;
|
|
|
|
| fixing redirect generation in those cases. PR 33398.
|
|
|
|
| - Added server_scheme field to server_rec for above. Minor MMN bump.
|
|
|
|
| - Worker MPM: On graceless shutdown or restart, send signals
|
|
|
|
| to each worker thread to wake them up if they're polling on
|
|
|
|
| a Keep-Alive connection. PR 38737.
|
|
|
|
| - worker and event MPMs: fix excessive forking if fork() or
|
|
|
|
| child_init take a long time. PR 39275.
|
|
|
|
| - Respect GracefulShutdownTimeout in the worker and event MPMs.
|
|
|
|
| - configure: Add "--with-included-apr" flag to force use of
|
|
|
|
| the bundled version of APR at build time.
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Jul 04 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- a2enmod, a2enflag: add /usr/sbin to PATH so sysconf_addword is
|
|
|
|
found
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Jun 23 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix typo in apache-20-22-upgrade script: mod_image_map ->
|
|
|
|
mod_imagemap
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Jun 12 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- enable logresolve processing of lines longer than 1024 characters
|
|
|
|
by compiling with MAXLINE=4096 [#162806]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Sat Jun 10 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- upstream 2.2.2
|
|
|
|
| SECURITY: CVE-2005-3357 (cve.mitre.org)
|
|
|
|
| mod_ssl: Fix a possible crash during access control checks
|
|
|
|
| if a non-SSL request is processed for an SSL vhost (such as
|
|
|
|
| the "HTTP request received on SSL port" error message when
|
|
|
|
| an 400 ErrorDocument is configured, or if using "SSLEngine
|
|
|
|
| optional"). PR 37791.
|
|
|
|
| SECURITY: CVE-2005-3352 (cve.mitre.org)
|
|
|
|
| mod_imagemap: Escape untrusted referer header before
|
|
|
|
| outputting in HTML to avoid potential cross-site scripting.
|
|
|
|
| Change also made to ap_escape_html so we escape quotes.
|
|
|
|
| Reported by JPCERT.
|
|
|
|
| mod_cache:
|
|
|
|
| - Make caching of reverse proxies possible again. PR 38017.
|
|
|
|
| mod_disk_cache:
|
|
|
|
| - Return the correct error codes from bucket read failures,
|
|
|
|
| instead of APR_EGENERAL.
|
|
|
|
| mod_dbd:
|
|
|
|
| - Update defaults, improve error reporting.
|
|
|
|
| - Create own pool and mutex to avoid problem use of process
|
|
|
|
| pool in request processing.
|
|
|
|
| mod_deflate:
|
|
|
|
| - work correctly in an internal redirect
|
|
|
|
| mod_proxy:
|
|
|
|
| - don't reuse a connection that may be to the wrong backend PR 39253
|
|
|
|
| - Do not release connections from connection pool twice. PR 38793.
|
|
|
|
| - Fix KeepAlives not being allowed and set to backend servers. PR 38602.
|
|
|
|
| - Fix incorrect usage of local and shared worker init. PR 38403.
|
|
|
|
| - If we get an error reading the upstream response, close the
|
|
|
|
| connection.
|
|
|
|
| mod_proxy_balancer:
|
|
|
|
| - Initialize members of a balancer correctly. PR 38227.
|
|
|
|
| mod_proxy_ajp:
|
|
|
|
| - Flushing of the output after each AJP chunk is now
|
|
|
|
| configurable at runtime via the 'flushpackets' and 'flushwait'
|
|
|
|
| worker params. Minor MMN bump.
|
|
|
|
| - Crosscheck the length of the body chunk with the length of the
|
|
|
|
| ajp message to prevent mod_proxy_ajp from reading beyond the
|
|
|
|
| buffer boundaries and thus revealing possibly sensitive memory
|
|
|
|
| contents to the client.
|
|
|
|
| - Support common headers of the AJP protocol in responses. PR 38340.
|
|
|
|
| mod_proxy_http:
|
|
|
|
| - Do send keep-alive header if the client sent connection:
|
|
|
|
| keep-alive and do not close backend connection if the client
|
|
|
|
| sent connection: close. PR 38524.
|
|
|
|
| mod_proxy_balancer:
|
|
|
|
| - Do not overwrite the status of initialized workers and respect
|
|
|
|
| the configured status of uninitilized workers when creating a
|
|
|
|
| new child process.
|
|
|
|
| - Fix off-by-one error in proxy_balancer. PR 37753.
|
|
|
|
| mod_speling:
|
|
|
|
| - Stop crashing with certain non-file requests.
|
|
|
|
| mod_ssl:
|
|
|
|
| - Fix possible crashes in shmcb with gcc 4 on platforms
|
|
|
|
| requiring word-aligned pointers. PR 38838.
|
|
|
|
| miscellaneous:
|
|
|
|
| - core: Prevent reading uninitialized memory while reading a line of
|
|
|
|
| protocol input. PR 39282.
|
|
|
|
| - core: Reject invalid Expect header immediately. PR 38123.
|
|
|
|
| - Default handler: Don't return output filter apr_status_t values.
|
|
|
|
| PR 31759.
|
|
|
|
| - Add APR/APR-Util Compiled and Runtime Version numbers to the
|
|
|
|
| output of 'httpd -V'.
|
|
|
|
| - http: If a connection is aborted while waiting for a chunked line,
|
|
|
|
| flag the connection as errored out.
|
|
|
|
| - Don't hang on error return from post_read_request. PR 37790.
|
|
|
|
| - Fix mis-shifted 32 bit scope, masked to 64 bits as a method.
|
|
|
|
| - Fix recursive ErrorDocument handling. PR 36090.
|
|
|
|
| - Ensure that the proper status line is written to the client, fixing
|
|
|
|
| incorrect status lines caused by filters which modify r->status without
|
|
|
|
| resetting r->status_line, such as the built-in byterange filter.
|
|
|
|
| - HTML-escape the Expect error message. Not classed as security as
|
|
|
|
| an attacker has no way to influence the Expect header a victim will
|
|
|
|
| send to a target site.
|
|
|
|
| - Chunk filter: Fix chunk filter to create correct chunks in the case that
|
|
|
|
| a flush bucket is surrounded by data buckets.
|
|
|
|
| - Avoid Server-driven negotiation when a script has emitted an
|
|
|
|
| explicit Status: header. PR 38070.
|
|
|
|
| - htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
|
|
|
|
| - htdbm: Warn the user when adding a plaintext password on a platform
|
|
|
|
| where it wouldn't work with the server (i.e., anywhere that has
|
|
|
|
| crypt()).
|
|
|
|
- adapted httpd-2.1.3alpha-autoconf-2.59.dif
|
|
|
|
- other user visible changes:
|
|
|
|
* use a2enmod, a2enflag in apache2-README.QUICKSTART.*
|
|
|
|
* add README.QUICKSTART link to httpd.conf
|
|
|
|
- when installing/updating, avoid irritating message in
|
|
|
|
/var/log/messages ("group is unknown - group=wwwadmin") [#183071]
|
|
|
|
- build system changes:
|
|
|
|
* clean up old cruft tight to suse_version macros
|
|
|
|
* don't run buildconf, and thus don't need python.
|
|
|
|
* don't ship uid.conf as source file, but create it dynamically
|
|
|
|
instead, according to user/group defined via rpm macro
|
|
|
|
* create wwwrun:www user on non-SUSE builds
|
|
|
|
* work around missimg macros insserv_prereq and fillup_prereq on non-SUSE builds
|
|
|
|
* add openssl-devel and expat-devel to Buildrequires for non-SUSE builds
|
|
|
|
* make sure that the rpm macro sles_version is defined
|
|
|
|
* remove obsolete VENDOR UnitedLinux macro
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Apr 25 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- obsolete 'apache' package on SLES10 (obsolete it on all platforms
|
|
|
|
except SLES9 and old SL releases)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Mar 29 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- remove php4 from default modules [#155333]
|
|
|
|
- fix comment in /etc/init.d/apache2 [#148559]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Feb 20 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fixed comment in init script which indicated wrong version [#148559]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Jan 30 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- added Requires: libapr-util1-devel to apache2-devel package [#146496]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Jan 27 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- add a note about NameVirtualHost statements to the vhost template
|
|
|
|
files [#145000]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Jan 25 2006 mls@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- converted neededforbuild to BuildRequires
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Jan 20 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- cleanup: remove obsolete metuxmpm patch
|
|
|
|
- improve informational text in apache-20-22-upgrade
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Jan 18 2006 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- the new DYNAMIC_MODULE_LIMIT default in 2.2 is 128, so no need to
|
|
|
|
increase it anymore (fixes [#143536])
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Dec 19 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.2.0
|
|
|
|
- enable all new modules
|
|
|
|
- replaced modules "auth auth_dbm access" in default configuration
|
|
|
|
by "auth_basic authn_file authn_dbm authz_host authz_default
|
|
|
|
authz_user""
|
|
|
|
- /usr/share/apache2/apache-20-22-upgrade will fix the module list
|
|
|
|
on upgrade
|
|
|
|
- fix bug in sysconf_addword (used by a2enmod) to respect word
|
|
|
|
boundaries when removing a word (but don't count slashes as word
|
|
|
|
boundary)
|
|
|
|
- remove perchild mpm subpackage, add experimemtal event mpm
|
|
|
|
- remove obsolete tool apache2-reconfigure-mpm
|
|
|
|
- remove obsolete perchild config from apache2-server-tuning.conf
|
|
|
|
- remove libapr0 subpackage; add libapr1 and libapr-util1 to #neededforbuild
|
|
|
|
- build against system pcre
|
|
|
|
- build with --enable-pie
|
|
|
|
- don't modify which libraries are linked in
|
|
|
|
- adjust IndexIgnore setting to upstream default. Previously, the
|
|
|
|
parent directory (..) was being ignored
|
|
|
|
- package the symlinks in ssl.crt
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Dec 07 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- patch apxs to use the new a2enmod tool, when called with -a
|
|
|
|
- add -l option to a2enmod, which gives a list of active modules
|
|
|
|
- adjust feedback address in the readmes
|
|
|
|
- update README.QUICKSTART.SSL (mention TinyCA)
|
|
|
|
- add more documentation in server-tuning.conf, and adjust defaults
|
|
|
|
- do not document the restart-hup action of the init script. It
|
|
|
|
should not be used
|
|
|
|
- don't install the tool checkgid -- it is only usable during
|
|
|
|
installation
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Nov 18 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix duplicated Source45 tag
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Oct 24 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.55. Relevant changes:
|
|
|
|
| SECURITY: CAN-2005-2700 (cve.mitre.org)
|
|
|
|
| mod_ssl: Fix a security issue where "SSLVerifyClient" was
|
|
|
|
| not enforced in per-location context if "SSLVerifyClient
|
|
|
|
| optional" was configured in the vhost configuration.
|
|
|
|
| SECURITY: CAN-2005-2491 (cve.mitre.org):
|
|
|
|
| Fix integer overflows in PCRE in quantifier parsing which
|
|
|
|
| could be triggered by a local user through use of a
|
|
|
|
| carefully-crafted regex in an .htaccess file.
|
|
|
|
| SECURITY: CAN-2005-2088 (cve.mitre.org)
|
|
|
|
| proxy: Correctly handle the Transfer-Encoding and
|
|
|
|
| Content-Length headers. Discard the request Content-Length
|
|
|
|
| whenever T-E: chunked is used, always passing one of either
|
|
|
|
| C-L or T-E: chunked whenever the request includes a request
|
|
|
|
| body. Resolves an entire class of proxy HTTP Request
|
|
|
|
| Splitting/Spoofing attacks.
|
|
|
|
| SECURITY: CAN-2005-2728 (cve.mitre.org)
|
|
|
|
| Fix cases where the byterange filter would buffer responses
|
|
|
|
| into memory. PR 29962.
|
|
|
|
| SECURITY: CAN-2005-2088 (cve.mitre.org)
|
|
|
|
| core: If a request contains both Transfer-Encoding and
|
|
|
|
| Content-Length headers, remove the Content-Length,
|
|
|
|
| mitigating some HTTP Request Splitting/Spoofing attacks.
|
|
|
|
| SECURITY: CAN-2005-1268 (cve.mitre.org)
|
|
|
|
| mod_ssl: Fix off-by-one overflow whilst printing CRL
|
|
|
|
| information at "LogLevel debug" which could be triggered if
|
|
|
|
| configured to use a "malicious" CRL. PR 35081.
|
|
|
|
| miscellaneous:
|
|
|
|
| - worker MPM: Fix a memory leak which can occur after an
|
|
|
|
| aborted connection in some limited circumstances.
|
|
|
|
| - worker mpm: don't take down the whole server for a transient
|
|
|
|
| thread creation failure. PR 34514
|
|
|
|
| - Added TraceEnable [on|off|extended] per-server directive to
|
|
|
|
| alter the behavior of the TRACE method. This addresses a
|
|
|
|
| flaw in proxy conformance to RFC 2616 - previously the proxy
|
|
|
|
| server would accept a TRACE request body although the RFC
|
|
|
|
| prohibited it. The default remains 'TraceEnable on'.
|
|
|
|
| - Add ap_log_cerror() for logging messages associated with
|
|
|
|
| particular client connections.
|
|
|
|
| - Support the suppress-error-charset setting, as with Apache
|
|
|
|
| 1.3.x. PR 31274.
|
|
|
|
| - Fix bad globbing comparison which could result in getting a
|
|
|
|
| directory listing when a file was requested. PR 34512.
|
|
|
|
| - Fix a file descriptor leak when starting piped loggers. PR
|
|
|
|
| 33748.
|
|
|
|
| - Prevent hangs of child processes when writing to piped
|
|
|
|
| loggers at the time of graceful restart. PR 26467.
|
|
|
|
| mod_cgid:
|
|
|
|
| - Correct mod_cgid's argv[0] so that the full path can be
|
|
|
|
| delved by the invoked cgi application, to conform to the
|
|
|
|
| behavior of mod_cgi.
|
|
|
|
| mod_include:
|
|
|
|
| - Fix possible environment variable corruption when using
|
|
|
|
| nested includes. PR 12655.
|
|
|
|
| mod_ldap:
|
|
|
|
| - Fix PR 36563. Keep track of the number of attributes
|
|
|
|
| retrieved from LDAP so that all of the values can be
|
|
|
|
| properly cached even if the value is NULL.
|
|
|
|
| - Fix core dump if mod_auth_ldap's
|
|
|
|
| mod_auth_ldap_auth_checker() was called even if
|
|
|
|
| mod_auth_ldap_check_user_id() was not (or if it didn't
|
|
|
|
| succeed) for non-authoritative cases.
|
|
|
|
| - Avoid segfaults when opening connections if using a version
|
|
|
|
| of OpenLDAP older than 2.2.21. PR 34618.
|
|
|
|
| - Fix various shared memory cache handling bugs. PR 34209.
|
|
|
|
| mod_proxy:
|
|
|
|
| - Fix over-eager handling of '%%' for reverse proxies. PR
|
|
|
|
| 15207.
|
|
|
|
| - proxy HTTP: If a response contains both Transfer-Encoding
|
|
|
|
| and a Content-Length, remove the Content-Length and don't
|
|
|
|
| reuse the connection, mitigating some HTTP Response
|
|
|
|
| Splitting attacks.
|
|
|
|
| - proxy HTTP: Rework the handling of request bodies to handle
|
|
|
|
| chunked input and input filters which modify content length,
|
|
|
|
| and avoid spooling arbitrary-sized request bodies in memory.
|
|
|
|
| PR 15859.
|
|
|
|
| mod_ssl:
|
|
|
|
| - Fix build with OpenSSL 0.9.8. PR 35757.
|
|
|
|
| mod_rewrite:
|
|
|
|
| - use buffered I/O to improve performance with large
|
|
|
|
| RewriteMap txt: files.
|
|
|
|
| mod_userdir:
|
|
|
|
| - Fix possible memory corruption issue. PR 34588.
|
|
|
|
- drop obsolete patches httpd-2.0.54-openssl-0.9.8.dif
|
|
|
|
httpd-2.0.54-CAN-2005-1268-mod_ssl-crl.dif
|
|
|
|
apache2-bundled-pcre-5.0-CAN-2005-2491.dif
|
|
|
|
httpd-2.0.54-SSLVerifyClient-CAN-2005-2700.diff
|
|
|
|
httpd-2.0.54-ap_byterange-CAN-2005-2728.diff
|
|
|
|
- add httpd-2.0.55-37145_2.0.x.diff (broken mod_proxy in 2.0.55)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Oct 20 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- rc.apache2: when stopping the server, wait for the actual binary
|
|
|
|
of the parent process to disappear. Waiting for the pid file to
|
|
|
|
disappear is not sufficient, because not all cleanup might be
|
|
|
|
finished at the time of its removal. [#96492], [#85539]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Oct 12 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix security hole by wrongly initializing LD_LIBRARY_PATH in
|
|
|
|
/usr/sbin/envvars (used by apache2ctl only) [#118188]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Sep 30 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- accomodate API changes to OpenSSL 0.9.8 (r209468 from 2.0.x branch)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Sep 26 2005 ro@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- define LDAP_DEPRECATED in CFLAGS
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Sep 02 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- security fix [CAN-2005-2728 (cve.mitre.org)]:
|
|
|
|
fix memory consumption bug in byterange handling
|
|
|
|
- security fix [CAN-2005-2700 (cve.mitre.org)]: [#114701]
|
|
|
|
if "SSLVerifyClient optional" has been configured at the vhost
|
|
|
|
context then "SSLVerifyClient require" is not enforced in a
|
|
|
|
location context within that vhost; effectively allowing clients
|
|
|
|
to bypass client-cert authentication checks. [#114701]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Aug 31 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- Security fix: fix integer overflows in PCRE in quantifier parsing which
|
|
|
|
could be triggered by a local user through use of a carefully-crafted
|
|
|
|
regex in an .htaccess file. CAN-2005-2491 [#112651] [#106209]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Aug 30 2005 lmuelle@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- Escape also any forward slash while removing a word with sysconf_addword.
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Aug 26 2005 lmuelle@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- Escape any forward slash in the word argument of sysconf_addword.
|
2008-03-14 17:21:15 +01:00
|
|
|
* Sun Aug 14 2005 ro@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- alingn suexec2 permissions with permissions.secure
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Aug 11 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- the permissions files are now maintained centrally and packaged
|
|
|
|
in the permissions package. Package suexec2 with mode 0750. [#66304]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Aug 05 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- change SSLMutex "default" so APR always picks the best on the
|
|
|
|
platform
|
|
|
|
- fix Source42 tag which was present twice
|
|
|
|
- add a2enmod/a2enflag to add/remove modules/flags conveniently
|
|
|
|
- add charset.conv table for mod_auth_ldap
|
|
|
|
- make sure that suse_version is defined (it might be unset by e.g.
|
|
|
|
ISPs preinstallations)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Jul 13 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- security fix [CAN-2005-2088 (cve.mitre.org)]: core: If a request
|
|
|
|
contains both Transfer-Encoding and a Content-Length, remove the
|
|
|
|
Content-Length, stopping some HTTP Request smuggling attacks.
|
|
|
|
mod_proxy: Reject chunked requests. [#95709]
|
|
|
|
- security fix [CAN-2005-1268 (cve.mitre.org)]: mod_ssl: fix
|
|
|
|
off-by-one overflow whilst printing CRL information at "LogLevel
|
|
|
|
debug" which could be triggered if configured to use a
|
|
|
|
"malicious" CRL. PR 35081. [#95709]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Jun 20 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- add httpd-2.0.47-pie.patch from from 2.1.3-dev to compile with
|
|
|
|
-fpie and link with -pie
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed May 18 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.54. Relevant changes:
|
|
|
|
| mod_cache:
|
|
|
|
| - Add CacheIgnoreHeaders directive. PR 30399.
|
|
|
|
| mod_dav:
|
|
|
|
| - Correctly export all public functions.
|
|
|
|
| mod_ldap:
|
|
|
|
| - Added the directive LDAPConnectionTimeout to configure the
|
|
|
|
| ldap socket connection timeout value.
|
|
|
|
| mod_ssl:
|
|
|
|
| - If SSLUsername is used, set r->user earlier. PR 31418.
|
|
|
|
| miscellaneous:
|
|
|
|
| - Unix MPMs: Shut down the server more quickly when child
|
|
|
|
| processes are slow to exit.
|
|
|
|
| - worker MPM: Fix a problem which could cause httpd processes
|
|
|
|
| to remain active after shutdown.
|
|
|
|
| - Remove formatting characters from ap_log_error() calls.
|
|
|
|
| These were escaped as fallout from CAN-2003-0020.
|
|
|
|
| - core_input_filter: Move buckets to a persistent brigade
|
|
|
|
| instead of creating a new brigade. This stop a memory leak
|
|
|
|
| when proxying a Streaming Media Server. PR 33382.
|
|
|
|
| - htdigest: Fix permissions of created files. PR 33765.
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Mar 14 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- revise README
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Mar 07 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- when building the suexec binary, set the "docroot" compile time
|
|
|
|
option to the datadir (/srv/www) instead of the htdocsdir
|
|
|
|
(/srv/www/htdocs), so it can be used with virtual hosts placed
|
|
|
|
e.g. in /srv/www/vhosts [#63845] Suggested by Winfried Kuiper.
|
|
|
|
- add php5 to APACHE_MODULES by default, so it can be used simply
|
|
|
|
by installing the package. Suppress warning about not-found
|
|
|
|
module in the php4/php5 case. [#66729]
|
|
|
|
- remove a redundant get_module_list call from the init script
|
|
|
|
- add hints about vhost setup to README.QUICKSTART
|
|
|
|
- after a change of APACHE_MPM, apache2-reconfigure-mpm is no
|
|
|
|
longer needed since SuSEconfig.apache2 is gone. Leave it for
|
|
|
|
compatibility, because /etc/sysconfig/apache2 is probably not
|
|
|
|
updated and yast may still use it.
|
|
|
|
- move the 4 most important variables in sysconfig.apache2 to the
|
|
|
|
top of the file
|
|
|
|
- add note about the old monolithic configuration file and how to
|
|
|
|
use it
|
|
|
|
- drop patch httpd-2.0.40-openssl-version.dif (we don't even have
|
|
|
|
openssl-0.9.6e anywhere, any longer)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Mar 02 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix TLS upgrade patch: with SSLEngine set to Optional, an
|
|
|
|
additional token in an Upgrade: header before "TLS/1.0" could
|
|
|
|
result into an infinite loop [#67126]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Feb 22 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- run /usr/share/apache2/get_module_list post install, which will
|
|
|
|
also create the symlink to the httpd2 binary, which might be
|
|
|
|
necessary during package building when apache has been installed
|
|
|
|
but never been run.
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Feb 21 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- remove SuSEconfig.apache2
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Feb 11 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- raise DYNAMIC_MODULE_LIMIT to 80. The test suite loading all
|
|
|
|
available modules plus 9 perl modules was beginning to fail
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Feb 09 2005 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.53. Relevant changes:
|
|
|
|
| SECURITY: CAN-2004-0942 (cve.mitre.org)
|
|
|
|
| Fix for memory consumption DoS in handling of MIME folded request
|
|
|
|
| headers.
|
|
|
|
| SECURITY: CAN-2004-0885 (cve.mitre.org)
|
|
|
|
| mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
|
|
|
|
| bypassed during an SSL renegotiation. PR 31505.
|
|
|
|
| mod_dumpio:
|
|
|
|
| - new I/O logging/dumping module, added to the
|
|
|
|
| modules/expermimental subdirectory.
|
|
|
|
| mod_ssl:
|
|
|
|
| - fail quickly if SSL connection is aborted rather than making
|
|
|
|
| many doomed ap_pass_brigade calls. PR 32699.
|
|
|
|
| - Fail at startup rather than segfault at runtime if a client cert
|
|
|
|
| is configured with an encrypted private key. PR 24030.
|
|
|
|
| mod_include:
|
|
|
|
| - Fix bug which could truncate variable expansions of N*64
|
|
|
|
| characters by one byte. PR 32985.
|
|
|
|
| mod_status:
|
|
|
|
| - Start keeping track of time-taken-to-process-request again if
|
|
|
|
| ExtendedStatus is enabled.
|
|
|
|
| util_ldap:
|
|
|
|
| - Util_ldap: Implemented the util_ldap_cache_getuserdn() API so
|
|
|
|
| that ldap authorization only modules have access to the
|
|
|
|
| util_ldap user cache without having to require ldap
|
|
|
|
| authentication as well. PR 31898.
|
|
|
|
| mod_ldap:
|
|
|
|
| - Fix format strings to use %%APR_PID_T_FMT instead of %%d.
|
|
|
|
| - prevent the possiblity of an infinite loop in the LDAP
|
|
|
|
| statistics display. PR 29216.
|
|
|
|
| - fix a bogus error message to tell the user which file is causing
|
|
|
|
| a potential problem with the LDAP shared memory cache. PR 31431
|
|
|
|
| - Fix the re-linking issue when purging elements from the LDAP
|
|
|
|
| cache PR 24801.
|
|
|
|
| mod_auth_ldap:
|
|
|
|
| - Added the directive "Requires ldap-attribute" that allows the
|
|
|
|
| module to only authorize a user if the attribute value specified
|
|
|
|
| matches the value of the user object. PR 31913
|
|
|
|
| - Handle the inconsistent way in which the MS LDAP library handles
|
|
|
|
| special characters. PR 24437.
|
|
|
|
| mod_proxy:
|
|
|
|
| - Fix ProxyRemoteMatch directive. PR 33170.
|
|
|
|
| - Respect errors reported by pre_connection hooks.
|
|
|
|
| - Handle client-aborted connections correctly. PR 32443.
|
|
|
|
| mod_cache:
|
|
|
|
| - CacheDisable will only disable the URLs it was meant to disable,
|
|
|
|
| not all caching. PR 31128.
|
|
|
|
| - Try to correctly follow RFC 2616 13.3 on validating stale cache
|
|
|
|
| responses.
|
|
|
|
| - Fix Expires handling.
|
|
|
|
| mod_disk_cache:
|
|
|
|
| - Do not store aborted content. PR 21492.
|
|
|
|
| - Correctly store cached content type. PR 30278.
|
|
|
|
| - Do not store hop-by-hop headers.
|
|
|
|
| - Fix races in saving responses.
|
|
|
|
| mod_expires:
|
|
|
|
| - Alter mod_expires to run at a different filter priority to allow
|
|
|
|
| proper Expires storage by mod_cache.
|
|
|
|
| mod_rewrite:
|
|
|
|
| - Handle per-location rules when r->filename is unset. Previously
|
|
|
|
| this would segfault or simply not match as expected, depending
|
|
|
|
| on the platform.
|
|
|
|
| - Fix 0 bytes write into random memory position. PR 31036.
|
|
|
|
| miscellaneous:
|
|
|
|
| - Fix --with-apr=/usr and/or --with-apr-util=/usr. PR 29740.
|
|
|
|
| - apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
|
|
|
|
| - Allow for the use of --with-module=foo:bar where the ./modules/foo
|
|
|
|
| directory is local only. Assumes, of course, that the required
|
|
|
|
| files are in ./modules/foo, but makes it easier to statically
|
|
|
|
| build/log "external" modules.
|
|
|
|
| - --with-module can now take more than one module to be statically
|
|
|
|
| linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
|
|
|
|
| If the <modtype>-subdirectory doesn't exist it will be created and
|
|
|
|
| populated with a standard Makefile.in.
|
|
|
|
| - Fix handling of files >2Gb on all platforms (or builds) where
|
|
|
|
| apr_off_t is larger than apr_size_t. PR 28898.
|
|
|
|
| - Remove compiled-in upper limit on LimitRequestFieldSize.
|
|
|
|
| - Correct handling of certain bucket types in ap_save_brigade, fixing
|
|
|
|
| possible segfaults in mod_cgi with #include virtual. PR 31247.
|
|
|
|
| - conf: Remove AddDefaultCharset from the default configuration
|
|
|
|
| because setting a site-wide default does more harm than good. PR
|
|
|
|
| 23421.
|
|
|
|
| - Add charset to example CGI scripts.
|
|
|
|
- merge tls-upgrade.patch
|
|
|
|
- remove obsolete httpd-2.0.47-headtail.dif
|
|
|
|
httpd-2.0.52-util_ldap_cache_mgr.c.dif
|
|
|
|
httpd-2.0.52-SSLCipherSuite-bypass-CAN-2004-0885.dif
|
|
|
|
httpd-2.0.52-ssl-incomplete-keypair.dif
|
|
|
|
httpd-2.0.52-memory-consumption-DoS-CAN-2004-0942.dif
|
|
|
|
httpd-2.0.52.21492.diff
|
|
|
|
httpd-2.0.52.30278.diff
|
|
|
|
httpd-2.0.52.30399.diff
|
|
|
|
httpd-2.0.52.30419.diff
|
|
|
|
httpd-2.0.52.31385.diff
|
|
|
|
- sync configuration with upstream changes
|
|
|
|
* Remove AddDefaultCharset (see upstream changelog above)
|
|
|
|
* LanguagePriority for error documents updated
|
2008-03-14 17:21:15 +01:00
|
|
|
* Sat Jan 15 2005 schwab@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- Use <owner>:<group> in permissions file.
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Jan 11 2005 schwab@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- Fix /etc/init.d/apache2 to use readlink instead of linkto or file.
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Nov 29 2004 hvogel@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix permission handling
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Nov 11 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix /etc/init.d/apache2 to correctly handle the start of multiple
|
|
|
|
instances of the same binary (using startproc -f plus prior check
|
|
|
|
for running instance) [#48153]
|
|
|
|
- fix helper scripts to allow overriding of $sysconfig_file and
|
|
|
|
other useful values
|
|
|
|
- remove unused 'rundir' variable from /etc/init.d/apache2
|
|
|
|
- removed backward compatibility code for pre-8.0
|
|
|
|
- add documentation to the vhost template files and
|
|
|
|
README.QUICKSTART
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Nov 08 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- security fix [CAN-2004-0942 (cve.mitre.org)]: Fix for memory
|
|
|
|
consumption DoS [#47967]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Nov 04 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- remove heimdal-devel from #neededforbuild, it is not needed
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Oct 15 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix SSLCipherSuite bypass CAN-2004-0885 (cve.mitre.org) [#47117]
|
|
|
|
- update the TLS upgrade patch [#47207]
|
|
|
|
- mod_ssl returned invalid method on TLS upgraded connections
|
|
|
|
- additional checks for httpd_method and default_port hooks
|
|
|
|
- fixed typo in upgrade header
|
|
|
|
- add patches from Ruediger Pluem for the experimental modules
|
|
|
|
mod_disk_cache, mod_cache
|
|
|
|
PR 21492: mod_disk_cache: Do not store aborted content.
|
|
|
|
PR 30278: mod_disk_cache: Correctly store cached content type.
|
|
|
|
PR 30399: make storing of Set-Cookie headers optional
|
|
|
|
PR 30419: weird caching behaviour of mod_cache and old Cookies
|
|
|
|
PR 31385: skipping start of file if recaching already cached file
|
|
|
|
- patch from 2.0.53: Fail to configure when an SSL proxy is
|
|
|
|
configured with incomplete client cert keypair, rather than
|
|
|
|
segfaulting at runtime. PR 24030
|
|
|
|
http://cvs.apache.org/viewcvs/httpd-2.0/modules/ssl/ssl_engine_init.c.diff?r1=1.118&r2=1.119
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Oct 11 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- add patch fixing re-linking issue when purging elements from the
|
|
|
|
LDAP cache. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24801
|
|
|
|
http://www.apache.org/dist/httpd/patches/apply_to_2.0.52/util_ldap_cache_mgr.c.patch
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Oct 11 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- sync update configuration with upstream changes (2.0.52)
|
|
|
|
(mostly comments; configuration for spanish manual added)
|
|
|
|
- add mime type for shortcut icons (favicon.ico)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Oct 08 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.52. Relevant changes:
|
|
|
|
| SECURITY: CAN-2004-0811 (cve.mitre.org)
|
|
|
|
| Fix merging of the Satisfy directive, which was applied to
|
|
|
|
| the surrounding context and could allow access despite configured
|
|
|
|
| authentication. PR 31315.
|
|
|
|
| util_ldap:
|
|
|
|
| Fix a segfault in the LDAP cache when it is configured switched off.
|
|
|
|
| mod_mem_cache:
|
|
|
|
| Fixed race condition causing segfault because of memory being
|
|
|
|
| freed twice, or reused after being freed.
|
|
|
|
| mod_log_config:
|
|
|
|
| Fix a bug which prevented request completion time from being
|
|
|
|
| logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
|
|
|
|
| processing. PR 29696.
|
|
|
|
| miscellaneous:
|
|
|
|
| - Use HTML 2.0 <hr> for error pages. PR 30732
|
|
|
|
| - Fix the handling of URIs containing %%2F when
|
|
|
|
| AllowEncodedSlashes is enabled. Previously, such urls would
|
|
|
|
| still be rejected.
|
|
|
|
| - Fix the global mutex crash when the global mutex is never
|
|
|
|
| allocated due to disabled/empty caches.
|
|
|
|
| - Add -l option to rotatelogs to let it use local time rather
|
|
|
|
| than UTC. PR 24417.
|
|
|
|
- changes from 2.0.51:
|
|
|
|
| SECURITY: CAN-2004-0786 (cve.mitre.org)
|
|
|
|
| Fix an input validation issue in apr-util which could be
|
|
|
|
| triggered by malformed IPv6 literal addresses.
|
|
|
|
| SECURITY: CAN-2004-0747 (cve.mitre.org)
|
|
|
|
| Fix buffer overflow in expansion of environment variables in
|
|
|
|
| configuration file parsing.
|
|
|
|
| SECURITY: CAN-2004-0809 (cve.mitre.org)
|
|
|
|
| mod_dav_fs: Fix a segfault in the handling of an indirect lock
|
|
|
|
| refresh. PR 31183.
|
|
|
|
| SECURITY: CAN-2004-0751 (cve.mitre.org)
|
|
|
|
| mod_ssl: Fix a segfault in the SSL input filter which could be
|
|
|
|
| triggered if using "speculative" mode, for instance by a proxy
|
|
|
|
| request to an SSL server. PR 30134.
|
|
|
|
| SECURITY: CAN-2004-0748 (cve.mitre.org)
|
|
|
|
| mod_ssl: Fix a potential infinite loop. PR 29964.
|
|
|
|
| mod_include:
|
|
|
|
| no longer checks for recursion, because that's done in the core.
|
|
|
|
| This allows for careful usage of recursive SSI.
|
|
|
|
| mod_rewrite:
|
|
|
|
| - Fix memory leak in the cache handlingof mod_rewrite. PR 27862.
|
|
|
|
| - Add %%{SSL:...} and %%{HTTPS} variable lookups. PR 30464.
|
|
|
|
| - mod_rewrite now officially supports RewriteRules in <Proxy>
|
|
|
|
| sections. PR 27985.
|
|
|
|
| - no longer confuse the RewriteMap caches if different maps
|
|
|
|
| defined in different virtual hosts use the same map name. PR 26462.
|
|
|
|
| mod_ssl:
|
|
|
|
| - Add new 'ssl_is_https' optional function.
|
|
|
|
| - Add "SSLUserName" directive to set r->user based on a chosen SSL
|
|
|
|
| environment variable. PR 20957.
|
|
|
|
| - Avoid startup failure after unclean shutdown if using shmcb. PR 18989.
|
|
|
|
| mod_autoindex:
|
|
|
|
| - Don't truncate the directory listing if a stat() call fails (for
|
|
|
|
| instance on a >2Gb file). PR 17357.
|
|
|
|
| mod_cache, mod_disk_cache, mod_mem_cache:
|
|
|
|
| - Refactor cache modules, and switch to the provider API instead
|
|
|
|
| of hooks.
|
|
|
|
| mod_disk_cache:
|
|
|
|
| - Implement binary format for on-disk header files.
|
|
|
|
| - Optimize network performance of disk cache subsystem by allowing
|
|
|
|
| zero-copy (sendfile) writes and other miscellaneous fixes.
|
|
|
|
| mod_userdir:
|
|
|
|
| - Ensure that the userdir identity is used for suexec userdir
|
|
|
|
| access in a virtual host which has suexec configured. PR 18156.
|
|
|
|
| mod_setenvif:
|
|
|
|
| - Remove "support" for Remote_User variable which never worked at
|
|
|
|
| all. PR 25725.
|
|
|
|
| - Extend the SetEnvIf directive to capture subexpressions of the
|
|
|
|
| matched value.
|
|
|
|
| mod_headers:
|
|
|
|
| - Backport from 2.1 / Regression from 1.3: mod_headers now knows
|
|
|
|
| again the functionality of the ErrorHeader directive. But
|
|
|
|
| instead using this misnomer additional flags to the Header
|
|
|
|
| directive were introduced ("always" and "onsuccess", defaulting
|
|
|
|
| to the latter). PR 28657.
|
|
|
|
| mod_usertrack:
|
|
|
|
| - Escape the cookie name before pasting into the regexp.
|
|
|
|
| mod_dir:
|
|
|
|
| - the trailing-slash behaviour is now configurable using the
|
|
|
|
| DirectorySlash directive.
|
|
|
|
| util_ldap:
|
|
|
|
| - Switched the lock types on the shared memory cache from thread
|
|
|
|
| reader/writer locks to global mutexes in order to provide cross
|
|
|
|
| process cache protection.
|
|
|
|
| - Reworked the cache locking scheme to eliminate duplicate cache
|
|
|
|
| entries in the credentials cache due to race conditions.
|
|
|
|
| - Enhanced the util_ldap cache-info display to show more detail
|
|
|
|
| about the contents and current state of the cache.
|
|
|
|
| mod_ldap:
|
|
|
|
| - Enable the option to support anonymous shared memory in
|
|
|
|
| mod_ldap. This makes the cache work on Linux again.
|
|
|
|
| miscellaneous:
|
|
|
|
| - Include directives no longer refuse to process symlinks on
|
|
|
|
| directories. Instead there's now a maximum nesting level of
|
|
|
|
| included directories (128 as distributed). This is configurable
|
|
|
|
| at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch. PR
|
|
|
|
| 28492, PR 28370.
|
|
|
|
| - Prevent CGI script output which includes a Content-Range header
|
|
|
|
| from being passed through the byterange filter.
|
|
|
|
| - Satisfy directives now can be influenced by a surrounding
|
|
|
|
| <Limit> container. PR 14726.
|
|
|
|
| - Makefile fix: httpd is linked against LIBS given to the 'make'
|
|
|
|
| invocation. PR 7882.
|
|
|
|
| - suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
|
|
|
|
| - apachectl: Fix a problem finding envvars if sbindir != bindir.
|
|
|
|
| PR 30723.
|
|
|
|
| - Use the higher performing 'httpready' Accept Filter on all
|
|
|
|
| platforms except FreeBSD < 4.1.1.
|
|
|
|
| - Allow proxying of resources that are invoked via DirectoryIndex.
|
|
|
|
| PR 14648, 15112, 29961.
|
|
|
|
| - Small fix to allow reverse proxying to an ftp server. Previously
|
|
|
|
| an attempt to do this would try and connect to 0.0.0.0,
|
|
|
|
| regardless of the server specified. PR 24922
|
|
|
|
| - Enable special ErrorDocument value 'default' which restores the
|
|
|
|
| canned server response for the scope of the directive.
|
|
|
|
| - work around MSIE Digest auth bug - if
|
|
|
|
| AuthDigestEnableQueryStringHack is set in r->subprocess_env
|
|
|
|
| allow mismatched query strings to pass. PR 27758.
|
|
|
|
| - Accept URLs for the ServerAdmin directive. If the supplied
|
|
|
|
| argument is not recognized as an URL, assume it's a mail
|
|
|
|
| address. PR 28174.
|
|
|
|
| - initialize server arrays prior to calling
|
|
|
|
| ap_setup_prelinked_modules so that static modules can push
|
|
|
|
| Defines values when registering hooks just like DSO modules can
|
|
|
|
- drop obsolete security fixes
|
|
|
|
httpd-2.0.50-CAN-2004-0751-mod_ssl-proxied-request-segfault.dif
|
|
|
|
httpd-2.0.50-CAN-2004-0748-mod_ssl-input-filter-infinite-loop.dif
|
|
|
|
httpd-2.0.50-CAN-2004-0747-ENVVAR.dif
|
|
|
|
httpd-2.0.50-CAN-2004-0786-apr_uri_parse-IPv6-address-validation.dif
|
|
|
|
httpd-2.0.50-CAN-2004-0809-mod_dav-crash.dif
|
|
|
|
- httpd-2.0.45-anon-mmap.dif included upstream
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Sep 14 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- security fix [CAN-2004-0809 (cve.mitre.org)]: fix possible DoS in
|
|
|
|
mod_dav by remotely triggerable null-pointer dereference
|
|
|
|
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=31183 [#45231]
|
|
|
|
- fix hint about vhost checking in the SSL readme
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Sep 08 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- security fix [CAN-2004-0786 (cve.mitre.org)]: fix a vulnerability
|
|
|
|
in the apr-util library (lacking input validation on IPv6 literal
|
|
|
|
addresses in the apr_uri_parse function [#44736]
|
|
|
|
- security fix [CAN-2004-0747 (cve.mitre.org)]: fix a buffer
|
|
|
|
overflow that can occur when expanding ${ENVVAR} constructs in
|
|
|
|
.htaccess or httpd.conf files. [#44736]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Sep 06 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- rename check_forensic script to avoid clash with apache 1.3.x
|
|
|
|
package
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Aug 27 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- implement action "startssl" in the init script. [#42365]
|
|
|
|
- add /usr/bin/check_forensic script to evaluate mod_log_forensic logs.
|
|
|
|
- disable building of leader and metuxmpm MPMs.
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Aug 25 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- security fix [CAN-2004-0748 (cve.mitre.org)]: fix a potential
|
|
|
|
infinite loop in the SSL input filter which can be triggered by
|
|
|
|
an aborted connection
|
|
|
|
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964 [#44103]
|
|
|
|
- security fix [CAN-2004-0751 (cve.mitre.org)]: fix a potential
|
|
|
|
segfault in the SSL input filter which can be triggered by the
|
|
|
|
response to request which is proxied to a remote SSL server
|
|
|
|
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134 [#44103]
|
|
|
|
- remove the obsolete notify message on package update
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Jul 08 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.50. Relevant changes:
|
|
|
|
| SECURITY: CAN-2004-0493 (cve.mitre.org)
|
|
|
|
| Close a denial of service vulnerability identified by Georgi
|
|
|
|
| Guninski which could lead to memory exhaustion with certain
|
|
|
|
| input data.
|
|
|
|
| SECURITY: CAN-2004-0488 (cve.mitre.org)
|
|
|
|
| mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for
|
|
|
|
| a (trusted) client certificate subject DN which exceeds 6K in
|
|
|
|
| length.
|
|
|
|
| mod_alias:
|
|
|
|
| now emits a warning if it detects overlapping *Alias* directives.
|
|
|
|
| mod_cgi: Handle output on stderr during script execution on Unix
|
|
|
|
| platforms; preventing deadlock when stderr output fills pipe
|
|
|
|
| buffer. Also fixes case where stderr from nph- scripts could be
|
|
|
|
| lost. PR 22030, 18348.
|
|
|
|
| mod_dav:
|
|
|
|
| - Fix a problem that could cause crashes when manipulating locks
|
|
|
|
| on some platforms.
|
|
|
|
| mod_dav_fs:
|
|
|
|
| - Fix MKCOL response for missing parent collections, which caused
|
|
|
|
| issues for the Eclipse WebDAV extension. PR 29034.
|
|
|
|
| mod_deflate:
|
|
|
|
| - Fix memory consumption (which was proportional to the response
|
|
|
|
| size). PR 29318.
|
|
|
|
| mod_expires:
|
|
|
|
| - Fix segfault which occured under certain circumstances. PR 28047.
|
|
|
|
| mod_headers:
|
|
|
|
| - no longer crashes if an empty header value should be added.
|
|
|
|
| mod_log_forensic:
|
|
|
|
| - new module.
|
|
|
|
| mod_logio:
|
|
|
|
| - no longer removes the EOS bucket. PR 27928.
|
|
|
|
| mod_proxy:
|
|
|
|
| - Fix handling of IPv6 numeric strings.
|
|
|
|
| mod_rewrite:
|
|
|
|
| no longer turns forward proxy requests into reverse proxy
|
|
|
|
| requests. PR 28125
|
|
|
|
| mod_ssl:
|
|
|
|
| - Log the errors returned on failure to load or initialize a
|
|
|
|
| crypto accelerator engine.
|
|
|
|
| - Fix a potential segfault in the 'shmcb' session cache for small
|
|
|
|
| cache sizes. PR 27751.
|
|
|
|
| - Fix memory leak in session cache handling. PR 26562
|
|
|
|
| - Fix potential segfaults when performing SSL shutdown from a pool
|
|
|
|
| cleanup. PR 27945.
|
|
|
|
| mod_auth_ldap/util_ldap:
|
|
|
|
| - allow relative paths for LDAPTrustedCA to be resolved against
|
|
|
|
| ServerRoot PR#26602
|
|
|
|
| - Throw an error message if an attempt is made to use the
|
|
|
|
| LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost.
|
|
|
|
| PR 26390
|
|
|
|
| - Fix a potential segfault if the bind password in the LDAP cache
|
|
|
|
| is NULL. PR 28250.
|
|
|
|
| - Overhaul handling of LDAP error conditions, so that the
|
|
|
|
| util_ldap_* functions leave the connections in a sane state
|
|
|
|
| after errors have occurred. PR 27748, 17274, 17599, 18661,
|
|
|
|
| 21787, 24595, 24683, 27134, 27271
|
|
|
|
| - mod_ldap calls ldap_simple_bind_s() to validate the user
|
|
|
|
| credentials. If the bind fails, the connection is left in an
|
|
|
|
| unbound state. Make sure that the ldap connection record is
|
|
|
|
| updated to show that the connection is no longer bound.
|
|
|
|
| - Update the bind credentials for the cached LDAP connection to
|
|
|
|
| reflect the last bind. This prevents util_ldap from creating
|
|
|
|
| unnecessary connections rather than reusing cached connections.
|
|
|
|
| - Quotes cannot be used around require group and require dn
|
|
|
|
| directives, update the documentation to reflect this. Also add
|
|
|
|
| quotes around the dn and group within debug messages, to make it
|
|
|
|
| more obvious why authentication is failing if quotes are used in
|
|
|
|
| error. PR 19304.
|
|
|
|
| miscellaneous:
|
|
|
|
| - Allow RequestHeader directives to be conditional. PR 27951.
|
|
|
|
| - Allow LimitRequestBody to be reset to unlimited. PR 29106
|
|
|
|
| - <VirtualHost myhost> now applies to all IP addresses for myhost
|
|
|
|
| instead of just the first one reported by the resolver. This
|
|
|
|
| corrects a regression since 1.3.
|
|
|
|
| - Fix a bunch of cases where the return code of the regex compiler
|
|
|
|
| was not checked properly. This affects: mod_setenvif,
|
|
|
|
| mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218.
|
|
|
|
| - Remove 2Gb log file size restriction on some 32-bit platforms.
|
|
|
|
| PR 13511.
|
|
|
|
| - htpasswd no longer refuses to process files that contain empty
|
|
|
|
| lines.
|
|
|
|
| - Regression from 1.3: At startup, suexec now will be checked for
|
|
|
|
| availability, the setuid bit and user root. The works only if
|
|
|
|
| httpd is compiled with the shipped APR version (0.9.5). PR
|
|
|
|
| 28287.
|
|
|
|
| - Unix MPMs: Stop dropping connections when the file descriptor is
|
|
|
|
| at least FD_SETSIZE.
|
|
|
|
| - Fix a segfault when requests for shared memory fails and returns
|
|
|
|
| NULL. Fix a segfault caused by a lack of bounds checking on the
|
|
|
|
| cache. PR 24801.
|
|
|
|
| - Ensure that lines in the request which are too long are properly
|
|
|
|
| terminated before logging.
|
|
|
|
| - htpasswd: use apr_temp_dir_get() and general cleanup
|
|
|
|
| - logresolve: Allow size of log line buffer to be overridden at
|
|
|
|
| build time (MAXLINE). PR 27793.
|
|
|
|
| - Fix the comment delimiter in htdbm so that it correctly parses
|
|
|
|
| the username comment. Also add a terminate function to allow
|
|
|
|
| NetWare to pause the output before the screen is destroyed.
|
|
|
|
| - Fix crash when Apache was started with no Listen directives.
|
|
|
|
| - core_output_filter: Fix bug that could result in sending garbage
|
|
|
|
| over the network when module handlers construct bucket brigades
|
|
|
|
| containing multiple file buckets all referencing the same open
|
|
|
|
| file descriptor.
|
|
|
|
| - Fix memory corruption problem with ap_custom_response()
|
|
|
|
| function. The core per-dir config would later point to request
|
|
|
|
| pool data that would be reused for different purposes on
|
|
|
|
| different requests.
|
|
|
|
- drop obsolete patches
|
|
|
|
- change vendor string SuSE -> SUSE
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Jun 29 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- security fix [CAN-2004-0493 (cve.mitre.org)]: fix Denial of
|
|
|
|
Service vulnaribility which could lead to memory exhaustion with
|
|
|
|
certain input data. [#42566]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Jun 18 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- package forgotten CHANGES file
|
|
|
|
- package apr and apr-util documentation files
|
|
|
|
- fix log_server_status2 to use perl's Socket module
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed May 19 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- security fix for mod_ssl: fix buffer overflow in
|
|
|
|
ssl_util_uuencode() [#40791]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Apr 28 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- add TLS upgrade patch [#39449]
|
|
|
|
- add patch to allow writing log files larger than 2>GB [#39453]
|
|
|
|
- obsolete apache and mod_ssl versions only when older than what is
|
|
|
|
shipped with 9.1
|
|
|
|
- don't provide mod_ssl
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Apr 02 2004 cschum@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- Add "suse_help_viewer" provides [#37932]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Mar 29 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- provide and obsolete packages apache, mod_ssl, apache-doc and
|
|
|
|
apache-example-pages [#37084]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Mar 22 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- disable large file support by not building with _FILE_OFFSET_BITS=64,
|
|
|
|
in favour of retaining a binary compatible module API.
|
|
|
|
Therefore, do not change the module magic number. LFS can be
|
|
|
|
enabled by building via rpmbuild --define 'build_with_LFS 1'
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Mar 18 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to proposed 2.0.49 tarball
|
|
|
|
- mod_cgid: Fix storage corruption caused by use of incorrect pool.
|
|
|
|
- docs update
|
|
|
|
- remove APACHE_DOCUMENT_ROOT from sysconfig.apache2 [#32635]
|
|
|
|
- fix a comment in default-server.conf
|
|
|
|
- remove obsolete ssl_scache_cleanup support script and ftok helper
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Mar 16 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- change mmn in header file as well, for modules that include it
|
|
|
|
from there
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Mar 15 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.49-rc2. Relevant changes:
|
|
|
|
| The whole codebase was relicensed and is now available under the
|
|
|
|
| Apache License, Version 2.0 (http://www.apache.org/licenses).
|
|
|
|
| [Apache Software Foundation]
|
|
|
|
| Security [CAN-2004-0113 (cve.mitre.org)]: mod_ssl: Fix a memory
|
|
|
|
| leak in plain-HTTP-on-SSL-port handling. PR 27106.
|
|
|
|
| Security [CAN-2003-0020 (cve.mitre.org)]: Escape arbitrary data
|
|
|
|
| before writing into the errorlog. Unescaped errorlogs are still
|
|
|
|
| possible using the compile time switch
|
|
|
|
| "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".
|
|
|
|
| mod_ssl:
|
|
|
|
| - Send the Close Alert message to the peer before closing the
|
|
|
|
| SSL session. PR 27428.
|
|
|
|
| - Fix bug in passphrase handling which could cause spurious
|
|
|
|
| failures in SSL functions later. PR 21160.
|
|
|
|
| - Fix potential segfault on lookup of SSL_SESSION_ID. PR 15057.
|
|
|
|
| - Fix streaming output from an nph- CGI script. PR 21944
|
|
|
|
| - Advertise SSL library version as determined at run-time rather
|
|
|
|
| than at compile-time. PR 23956.
|
|
|
|
| - Fix segfault on a non-SSL request if the 'c' log format code
|
|
|
|
| is used. PR 22741.
|
|
|
|
| - Fix segfaults at startup if other modules which use OpenSSL
|
|
|
|
| are also loaded.
|
|
|
|
| - Use human-readable OpenSSL error strings in logs; use
|
|
|
|
| thread-safe interface for retrieving error strings.
|
|
|
|
| mod_cache:
|
|
|
|
| - Fixed cache-removal order in mod_mem_cache.
|
|
|
|
| - Fix segfault in mod_mem_cache cache_insert() due to cache size
|
|
|
|
| becoming negative. PR: 21285, 21287
|
|
|
|
| - Modified the cache code to be header-location agnostic. Also
|
|
|
|
| fixed a number of other cache code bugs related to PR 15852.
|
|
|
|
| Includes a patch submitted by Sushma Rai <rsushma novell.com>.
|
|
|
|
| This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
|
|
|
|
| closing the PR since that is what they are using.
|
|
|
|
| mod_dav:
|
|
|
|
| - Reject requests which include an unescaped fragment in the
|
|
|
|
| Request-URI. PR 21779.
|
|
|
|
| - Use bucket brigades when reading PUT data. This avoids
|
|
|
|
| problems if the data stream is modified by an input filter. PR
|
|
|
|
| 22104.
|
|
|
|
| - Return a WWW-auth header for MOVE/COPY requests where the
|
|
|
|
| destination resource gives a 401. PR 15571.
|
|
|
|
| - Fix a problem with namespace mappings being dropped in
|
|
|
|
| mod_dav_fs; if any property values were set which defined
|
|
|
|
| namespaces these came out mangled in the PROPFIND response.
|
|
|
|
| PR 11637.
|
|
|
|
| mod_expires:
|
|
|
|
| - Initialize ExpiresDefault to NULL instead of "" to avoid
|
|
|
|
| reporting an Internal Server error if it is used without
|
|
|
|
| having been set in the httpd.conf file. PR: 23748, 24459
|
|
|
|
| - Add support for IMT minor-type wildcards (e.g., text/*) to
|
|
|
|
| ExpiresByType. PR#7991
|
|
|
|
| mod_log_config / logging:
|
|
|
|
| - Fix some piped log problems: bogus "piped log program '(null)'
|
|
|
|
| failed" messages during restart and problem with the logger
|
|
|
|
| respawning again after Apache is stopped. PR 21648, PR 24805.
|
|
|
|
| - mod_log_config: Fix corruption of buffered logs with threaded
|
|
|
|
| MPMs. PR 25520.
|
|
|
|
| - mod_log_config: Log the minutes component of the timezone correctly.
|
|
|
|
| PR 23642.
|
|
|
|
| mod_proxy*:
|
|
|
|
| - proxy_http fix: mod_proxy hangs when both KeepAlive and
|
|
|
|
| ProxyErrorOverride are enabled, and a non-200 response without a
|
|
|
|
| body is generated by the backend server. (e.g.: a client makes a
|
|
|
|
| request containing the "If-Modified-Since" and "If-None-Match"
|
|
|
|
| headers, to which the backend server respond with status 304.)
|
|
|
|
| - Fix memory leak in handling of request bodies during reverse
|
|
|
|
| proxy operations. PR 24991.
|
|
|
|
| - mod_proxy: Fix cases where an invalid status-line could be sent
|
|
|
|
| to the client. PR 23998.
|
|
|
|
| mod_rewrite:
|
|
|
|
| - Catch an edge case, where strange subsequent RewriteRules
|
|
|
|
| could lead to a 400 (Bad Request) response.
|
|
|
|
| - Make REMOTE_PORT variable available in mod_rewrite. PR 25772.
|
|
|
|
| - In external rewrite maps lookup keys containing
|
|
|
|
| a newline now cause a lookup failure. PR 14453.
|
|
|
|
| - Fix RewriteBase directive to not add double slashes.
|
|
|
|
| mod_usertrack:
|
|
|
|
| - Fix bug in mod_usertrack when no CookieName is set.
|
|
|
|
| - mod_usertrack no longer inspects the Cookie2 header for
|
|
|
|
| the cookie name. PR 11475.
|
|
|
|
| - mod_usertrack no longer overwrites other cookies.
|
|
|
|
| PR 26002.
|
|
|
|
| mod_include, filters:
|
|
|
|
| - Backport major overhaul of mod_include's filter parser from 2.1.
|
|
|
|
| The new parser code is expected to be more robust and should
|
|
|
|
| catch all of the edge cases that were not handled by the previous one.
|
|
|
|
| The 2.1 external API changes were hidden by a wrapper which is
|
|
|
|
| expected to keep the API backwards compatible.
|
|
|
|
| - Add a hook (insert_error_filter) to allow filters to re-insert
|
|
|
|
| themselves during processing of error responses. Enable mod_expires
|
|
|
|
| to use the new hook to include Expires headers in valid error
|
|
|
|
| responses. This addresses an RFC violation. It fixes PRs 19794,
|
|
|
|
| 24884, and 25123.
|
|
|
|
| - complain via error_log when mod_include's INCLUDES filter is
|
|
|
|
| enabled, but the relevant Options flag allowing the filter to run
|
|
|
|
| for the specific resource wasn't set, so that the filter won't
|
|
|
|
| silently get skipped. next remove itself, so the warning will be
|
|
|
|
| logged only once
|
|
|
|
| - Fix mod_include's expression parser to recognize strings correctly
|
|
|
|
| even if they start with an escaped token.
|
|
|
|
| - Fix a problem with the display of empty variables ("SetEnv foo") in
|
|
|
|
| mod_include. PR 24734
|
|
|
|
| - mod_include no longer allows an ETag header on 304 responses.
|
|
|
|
| PR 19355.
|
|
|
|
| mod_autoindex:
|
|
|
|
| - Don't omit the <tr> start tag if the SuppressIcon option is
|
|
|
|
| set. PR 21668.
|
|
|
|
| - Restore the ability to add a description for directories that
|
|
|
|
| don't contain an index file. (Broken in 2.0.48)
|
|
|
|
| - mod_autoindex / core: Don't fail to show filenames containing
|
|
|
|
| special characters like '%%'. PR 13598.
|
|
|
|
| - Add 'XHTML' option in order to allow switching between HTML
|
|
|
|
| 3.2 and XHTML 1.0 output. PR 23747.
|
|
|
|
| mod_status:
|
|
|
|
| - Add mod_status hook to allow modules to add to the mod_status
|
|
|
|
| report.
|
|
|
|
| - Report total CPU time accurately when using a threaded MPM.
|
|
|
|
| PR 23795.
|
|
|
|
| mod_info:
|
|
|
|
| - Fix mod_info to use the real config file name, not the default
|
|
|
|
| config file name.
|
|
|
|
| - HTML escape configuration information so it displays
|
|
|
|
| correctly. PR 24232.
|
|
|
|
| mod_auth_digest:
|
|
|
|
| - Allow mod_auth_digest to work with sub-requests with different
|
|
|
|
| methods than the original request. PR 25040.
|
|
|
|
| mod_auth_ldap:
|
|
|
|
| - Fix some segfaults in the cache logic. PR 18756.
|
|
|
|
| mod_cgid:
|
|
|
|
| - Restart the cgid daemon if it crashes. PR 19849
|
|
|
|
| mod_setenvif:
|
|
|
|
| - Fix the regex optimizer, which under circumstances
|
|
|
|
| treated the supplied regex as literal string. PR 24219.
|
|
|
|
| miscellaneous:
|
|
|
|
| - core.c: If large file support is enabled, allow any file that is
|
|
|
|
| greater than AP_MAX_SENDFILE to be split into multiple buckets.
|
|
|
|
| This allows Apache to send files that are greater than 2gig.
|
|
|
|
| Otherwise we run into 32/64 bit type mismatches in the file size.
|
|
|
|
| - Fixed file extensions for real media files and removed rpm extension
|
|
|
|
| from mime.types. PR 26079.
|
|
|
|
| - Remove compile-time length limit on request strings. Length is
|
|
|
|
| now enforced solely with the LimitRequestLine config directive.
|
|
|
|
| - Set the scoreboard state to indicate logging prior to running
|
|
|
|
| logging hooks so that server-status will show 'L' for hung loggers
|
|
|
|
| instead of 'W'.
|
|
|
|
| - Fix the inability to log errors like exec failure in
|
|
|
|
| mod_ext_filter/mod_cgi script children. This was broken after
|
|
|
|
| such children stopped inheriting the error log handle.
|
|
|
|
| - fix "Expected </Foo>> but saw </Foo>" errors in nested,
|
|
|
|
| argumentless containers.
|
|
|
|
| - ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
|
|
|
|
| instead of mmn.
|
|
|
|
| - Add Polish translation of error messages. PR 25101.
|
|
|
|
| - Add AP_MPMQ_MPM_STATE function code for ap_mpm_query.
|
|
|
|
| - Fix htdbm to generate comment fields in DBM files correctly.
|
|
|
|
| - Correct UseCanonicalName Off to properly check incoming port number.
|
|
|
|
| - Fix slow graceful restarts with prefork MPM.
|
|
|
|
| - Keep focus of ITERATE and ITERATE2 on the current module when
|
|
|
|
| the module chooses to return DECLINE_CMD for the directive.
|
|
|
|
| PR 22299.
|
|
|
|
| - Build array of allowed methods with proper dimensions, fixing
|
|
|
|
| possible memory corruption.
|
|
|
|
| - worker MPM: fix stack overlay bug that could cause the parent
|
|
|
|
| process to crash.
|
|
|
|
| - Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
|
|
|
|
| - Fix build with parallel make. PR 24643.
|
|
|
|
| - Add fatal exception hook for use by diagnostic modules. The hook
|
|
|
|
| is only available if the --enable-exception-hook configure parm
|
|
|
|
| is used and the EnableExceptionHook directive has been set to
|
|
|
|
| "on".
|
|
|
|
| - Improve 'configure --help' output for some modules.
|
|
|
|
- drop two hunks from httpd-2.0.47-headtail.dif (buildcheck.sh is
|
|
|
|
fixed)
|
|
|
|
- disable automatic restarts, because they do not work properly
|
|
|
|
[#35408]
|
|
|
|
- change MMN to prevent loading of incompatible modules (modules
|
|
|
|
that are not built with `apxs -q CFLAGS` and therefore miss
|
|
|
|
_FILE_OFFSET_BITS=64). Provide our old apache_mmn_20020903 in
|
|
|
|
addition.
|
|
|
|
- use CPPFLAGS for passing preprocessor flags because they are
|
|
|
|
removed from CFLAGS
|
|
|
|
- Stop dropping connections when the file descriptor
|
|
|
|
is at least FD_SETSIZE. This isn't a problem on Linux because
|
|
|
|
poll() is used instead of select() by APR. Assert HAVE_POLL.
|
|
|
|
[#34178]
|
|
|
|
- add modifications to the code to the NOTICE file as required by
|
|
|
|
the new license
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Feb 27 2004 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- compile with -DSSL_EXPERIMENTAL_ENGINE to allow usage of hardware
|
|
|
|
crypto accelerators
|
|
|
|
- compile with -DMAX_SERVER_LIMIT=200000
|
|
|
|
- if an SSL passphrase is not entered within the timeout, fall back
|
|
|
|
to start apache without SSL (with -D NOSSL). This could/should be
|
|
|
|
made configurable.
|
|
|
|
- clean up output of SuSEconfig.apache2
|
|
|
|
- add pre-defined LogFormat "vhost_combined"
|
|
|
|
- configure /var/lib/apache2 for WebDAV locks
|
|
|
|
- add a readme about configuring WebDAV with digest authentication
|
|
|
|
- add default configuration for mod_usertrack (this is the current
|
|
|
|
workaround for the problem in the 1.3.29/2.0.48 release that
|
|
|
|
occurs if no CookieName is configured)
|
|
|
|
- in vhost.template, enclose all virtual host configuration in the
|
|
|
|
VirtualHost container
|
|
|
|
- update metuxmpm patch to r7
|
|
|
|
- fix test run as non-root
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Jan 13 2004 schwab@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- Fix quoting in autoconf macros.
|
2008-03-14 17:21:15 +01:00
|
|
|
* Sat Dec 13 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- add changes to gensslcert from Volker Kuhlmann [#31803]
|
|
|
|
- revert default character set from UTF-8 to ISO-8859-1, and revert
|
|
|
|
the misleading comment that talked about filenames while it is
|
|
|
|
all about content of the files
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Nov 18 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- add a ServerLimit directive to server-tuning.conf, so it's
|
|
|
|
already in the right place if someone needs to tweak it [#32852]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Nov 07 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- mark apache2-manual.conf in %%files doc as %%config
|
|
|
|
- wrap directives specific to the mod_negotiation module into an
|
|
|
|
<IfModule> block [#32848]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Oct 30 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.48. Relevant / user visible changes are:
|
|
|
|
Security [CAN-2003-0789]: Resolve some mishandling of the AF_UNIX
|
|
|
|
socket used to communicate with the cgid daemon and the CGI
|
|
|
|
script.
|
|
|
|
Security [CAN-2003-0542]: Fix buffer overflows in mod_alias and
|
|
|
|
mod_rewrite which occurred if one configured a regular
|
|
|
|
expression with more than 9 captures.
|
|
|
|
mod_rewrite:
|
|
|
|
- Don't die silently when failing to open RewriteLogs. PR 23416
|
|
|
|
- Fix support of the [P] option to send rewritten request using
|
|
|
|
"proxy:". The code was adding multiple "proxy:" fields in the
|
|
|
|
rewritten URI. PR: 13946.
|
|
|
|
- Ignore RewriteRules in .htaccess files if the directory
|
|
|
|
containing the .htaccess file is requested without a trailing
|
|
|
|
slash. PR 20195.
|
|
|
|
mod_include:
|
|
|
|
- Fix a trio of bugs that would cause various unusual sequences
|
|
|
|
of parsed bytes to omit portions of the output stream. PR 21095
|
|
|
|
- fix segfault which occured if the filename was not set, for
|
|
|
|
example, when processing some error conditions.
|
|
|
|
mod_cgid: fix a hash table corruption problem which could
|
|
|
|
result in the wrong script being cleaned up at the end of a
|
|
|
|
request.
|
|
|
|
mod_ssl: Fix segfaults after renegotiation failure. PR 21370
|
|
|
|
- Fix a problem setting variables that represent the client
|
|
|
|
certificate chain. PR 21371
|
|
|
|
- Fix FakeBasicAuth for subrequest. Log an error when an
|
|
|
|
identity spoof is encountered.
|
|
|
|
- Assure that we block properly when reading input bodies with
|
|
|
|
SSL. PR 19242.
|
|
|
|
mod_autoindex: If a directory contains a file listed in the
|
|
|
|
DirectoryIndex directive, the folder icon is no longer replaced
|
|
|
|
by the icon of that file. PR 9587.
|
|
|
|
mod_usertrack: do not get false positive matches on the
|
|
|
|
user-tracking cookie's name. PR 16661.
|
|
|
|
mod_cache:
|
|
|
|
- Fix the cache code so that responses can be cached if they
|
|
|
|
have an Expires header but no Etag or Last-Modified headers.
|
|
|
|
PR 23130. cache_util: Fix ap_check_cache_freshness to check
|
|
|
|
max_age, smax_age, and expires as directed in RFC 2616.
|
|
|
|
mod_deflate:
|
|
|
|
- fix to not call deflate() without checking first whether it
|
|
|
|
has something to deflate. (Currently this causes deflate to
|
|
|
|
generate a fatal error according to the zlib spec.) PR 22259.
|
|
|
|
- Don't attempt to hold all of the response until we're done.
|
|
|
|
- Fix a bug, where mod_deflate sometimes unconditionally
|
|
|
|
compressed the content if the Accept-Encoding header
|
|
|
|
contained only other tokens than "gzip" (such as "deflate").
|
|
|
|
PR 21523.
|
|
|
|
mod_proxy: Don't respect the Server header field as set by
|
|
|
|
modules and CGIs. As with 1.3, for proxy requests any such
|
|
|
|
field is from the origin server; otherwise it will have our
|
|
|
|
server info as controlled by the ServerTokens directive.
|
|
|
|
mod_log_config: Fix %%b log format to write really "-" when 0
|
|
|
|
bytes were sent (e.g. with 304 or 204 response codes).
|
|
|
|
mod_ext_filter: Set additional environment variables for use by
|
|
|
|
the external filter. PR 20944.
|
|
|
|
core:
|
|
|
|
- allow <Foo>..</Foo> containers (no arguments in the opening
|
|
|
|
tag), as in 1.3. Needed by mod_perl <Perl> sections
|
|
|
|
- Fix a misleading message from the some of the threaded MPMs
|
|
|
|
when MaxClients has to be lowered due to the setting of
|
|
|
|
ServerLimit.
|
|
|
|
- Avoid an infinite recursion, which occured if the name of an
|
|
|
|
included config file or directory contained a wildcard
|
|
|
|
character. PR 22194.
|
|
|
|
- MPMs: The bucket brigades subsystem now honors the MaxMemFree
|
|
|
|
setting.
|
|
|
|
- Lower the severity of the "listener thread didn't exit"
|
|
|
|
message to debug, as it is of interest only to developers.
|
|
|
|
miscellaneous:
|
|
|
|
- Update the header token parsing code to allow LWS between the
|
|
|
|
token word and the ':' seperator. [PR 16520]
|
|
|
|
- Remember an authenticated user during internal redirects if
|
|
|
|
the redirection target is not access protected and pass it to
|
|
|
|
scripts using the REDIRECT_REMOTE_USER environment variable.
|
|
|
|
PR 10678, 11602.
|
|
|
|
- Update mime.types to include latest IANA and W3C types.
|
|
|
|
- Modify ap_get_client_block() to note if it has seen EOS.
|
|
|
|
ab:
|
|
|
|
- Overlong credentials given via command line no longer clobber
|
|
|
|
the buffer.
|
|
|
|
- Work over non-loopback on Unix again. PR 21495.
|
|
|
|
- Fix NULL-pointer issue in ab when parsing an incomplete or
|
|
|
|
non-HTTP response. PR 21085.
|
|
|
|
- add another example to apache2-listen.conf
|
|
|
|
- update apache2-mod_mime-defaults.conf according to 2.0.48 changes
|
|
|
|
(be clearer in describing the connection between AddType and
|
|
|
|
AddEncoding for defining the meaning of compressed file
|
|
|
|
extensions.)
|
|
|
|
- use a better example domain name in apache2-vhost-ssl.template
|
|
|
|
- the "define version_perl" was nowhere needed
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Sep 22 2003 mls@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- don't provide httpddoc in apache2-doc
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Sep 18 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- add mod_php4 to the default list of APACHE_MODULES, and change
|
|
|
|
get_module_list to ignore non-existant modules (warnings will
|
|
|
|
be issued when it is run from SuSEconfig, but not from the init
|
|
|
|
script). How to enable the PHP4 module has been the most
|
|
|
|
frequently asked questions in user feedback [cf to #29735].
|
|
|
|
This bug is tracked in [#31306]
|
|
|
|
- include conf.d/*.conf by default, as it was the case until
|
|
|
|
recently. User feedback showed that for many people the
|
|
|
|
separation of configuration includes into individual virtual
|
|
|
|
hosts is overkill, and it complicates the setup too much. More
|
|
|
|
finegrained control can be achieved by commenting out the
|
|
|
|
respective line in the default server config. [#30866], [#29735]
|
|
|
|
- remove the FIXME at the end of httpd.conf (obsoleted by the above
|
|
|
|
change), and place a strategical comment there about .local files
|
|
|
|
- add <IfDefine SSL> container around configuration in ssl template
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Sep 09 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- change comment in sysconfig template to work around a fillup bug
|
|
|
|
[#30279]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Sep 08 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix wrong variable name in a comment of the sysconfig template
|
|
|
|
- update README.QUICKSTART
|
|
|
|
- add README.QUICKSTART.SSL
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Sep 08 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- remove unused ENABLE_SUSECONFIG_APACHE from sysconfig template
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Sep 05 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- disallow UserDir for user root
|
|
|
|
- cope with "no" or "yes" as values for APACHE_SERVERSIGNATURE, as
|
|
|
|
they were set on SuSE Linux 8.1
|
|
|
|
- add more documentation to README.QUICKSTART, also mentioning what
|
|
|
|
might be too obvious: the document root [#29674]
|
|
|
|
- in %%post, diff to httpd.conf.default only when .rpmnew is present
|
|
|
|
- improve message sent on update
|
2008-03-14 17:21:15 +01:00
|
|
|
* Sat Aug 30 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- improve documentation on configuration
|
|
|
|
- compile with -Wall
|
|
|
|
- do not obsolete httpddoc, which is provided by apache-doc package
|
|
|
|
from apache1
|
|
|
|
- add conflict apache2-example-pages <-> apache-example-pages
|
|
|
|
- fix building on older distros
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Aug 19 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- use httpd-2.0.47-metuxmpm-r6.diff, previous one was broken by me
|
|
|
|
- don't force setting of a DocumentRoot, because the configuration
|
|
|
|
of the default vhost already contains it
|
|
|
|
- when testing on SL 8.0, the www group has to be created as well
|
|
|
|
- when testing on even older systems, don't add buildroot to
|
|
|
|
DocumentRoot in default-server.conf
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Aug 15 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- revamped configuration
|
|
|
|
- add some CustomLog formats
|
|
|
|
- AddDefaultCharset UTF-8 [#22427]
|
|
|
|
- add activation metadata to sysconfig template [#28834]
|
|
|
|
- default APACHE_MODULES: add mod_ssl, remove mod_status
|
|
|
|
- new sysconfig variables: APACHE_USE_CANONICAL_NAME,
|
|
|
|
APACHE_DOCUMENT_ROOT
|
|
|
|
- get rid of the "suse_" prefix in generated config snippets, and
|
|
|
|
place them below /etc/apache2/sysconfig.d/. On update, convert
|
|
|
|
the Include statements in httpd.conf for the new locations
|
|
|
|
- add /etc/apache2/vhosts.d and virtual host templates
|
|
|
|
- the configuration for the manual is now seperate and installed
|
|
|
|
together with apache2-doc (conf.d/apache2-manual.conf)
|
|
|
|
- add distilled wisdom in form of README.QUICKSTART
|
|
|
|
- change group of wwwrun user: nogroup -> www [#21782]
|
|
|
|
- proxycachedir and localstatedir should not be world readable
|
|
|
|
- set DEFAULT_PIDLOG to /var/run/httpd2.pid, so we don't need to
|
|
|
|
configure the PidFile directive
|
|
|
|
- add -fno-strict-aliasing, due to warnings about code where
|
|
|
|
dereferencing type-punned pointers will break strict aliasing
|
|
|
|
- clean the RPM_BUILD_ROOT, but not in the build system
|
|
|
|
- new macros for stop/restart of services on rpm update/removal,
|
|
|
|
and improved try-restart section in rc.apache2
|
|
|
|
- get rid of "modules" subdir, and remove dead code from
|
|
|
|
SuSEconfig.apache2
|
|
|
|
- add some tools: get_includes, find_httpd2_includes,
|
|
|
|
apache2-reconfigure-mpm
|
|
|
|
- rename README.SuSE to README.{SuSE,UnitedLinux}
|
|
|
|
- include directories in filelists of MPM subpackages
|
|
|
|
- enclose package descriptions of MPMs in %%ifdef
|
|
|
|
- add a dependency of the MPM subpackages on the version of the
|
|
|
|
main package
|
|
|
|
- build a new MPM: metuxmpm (httpd-2.0.47-metuxmpm.diff)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Jul 28 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- add new sysconfig variables: APACHE_LOGLEVEL, APACHE_ACCESS_LOG,
|
|
|
|
and remove the respective directives from httpd.conf.dist
|
|
|
|
- merge the ssl.conf.dif and httpd.conf.dif into one patch
|
2008-03-14 17:21:15 +01:00
|
|
|
* Sun Jul 27 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- build with -D_FILE_OFFSET_BITS=64 when presumably the kernel
|
|
|
|
supports sendfile64 [#22191, #22018]. Define APR_HAS_LARGE_FILES
|
|
|
|
(which is unconditionally off, otherwise). Keep
|
|
|
|
-D_LARGEFILE_SOURCE since some modules might need it.
|
|
|
|
- make sure the package can be built as ordinary user
|
|
|
|
- special case mod_auth_mysql since its module_id is reversed
|
|
|
|
- don't increase DYNAMIC_MODULE_LIMIT (64 should be copious)
|
|
|
|
- don't explicitely strip binaries since RPM handles it, and may
|
|
|
|
keep the stripped information somewhere
|
|
|
|
- reformat the header of the spec file
|
|
|
|
- allow to pass a number-of-jobs parameter into spec file via rpm
|
|
|
|
--define 'jobs N'
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Jul 10 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.47. relevant / user visible changes:
|
|
|
|
Security [CAN-2003-0192]: Fixed a bug whereby certain sequences
|
|
|
|
of per-directory renegotiations and the SSLCipherSuite
|
|
|
|
directive being used to upgrade from a weak ciphersuite to a
|
|
|
|
strong one could result in the weak ciphersuite being used in
|
|
|
|
place of the strong one.
|
|
|
|
Security [CAN-2003-0253]: Fixed a bug in prefork MPM causing
|
|
|
|
temporary denial of service when accept() on a rarely accessed
|
|
|
|
port returns certain errors.
|
|
|
|
Security [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial
|
|
|
|
of service when target host is IPv6 but proxy server can't
|
|
|
|
create IPv6 socket. Fixed by the reporter.
|
|
|
|
Security [VU#379828]: Prevent the server from crashing when entering
|
|
|
|
infinite loops. The new LimitInternalRecursion directive
|
|
|
|
configures limits of subsequent internal redirects and nested
|
|
|
|
subrequests, after which the request will be aborted. PR 19753+
|
|
|
|
core:
|
|
|
|
core_output_filter: don't split the brigade after a FLUSH
|
|
|
|
bucket if it's the last bucket. This prevents creating
|
|
|
|
unneccessary empty brigades which may not be destroyed until
|
|
|
|
the end of a keepalive connection.
|
|
|
|
mod_cgid:
|
|
|
|
Eliminate a double-close of a socket. This resolves various
|
|
|
|
operational problems in a threaded MPM, since on the second
|
|
|
|
attempt to close the socket, the same descriptor was often
|
|
|
|
already in use by another thread for another purpose.
|
|
|
|
mod_negotiation:
|
|
|
|
Introduce "prefer-language" environment variable, which allows
|
|
|
|
to influence the negotiation process on request basis to prefer
|
|
|
|
a certain language.
|
|
|
|
mod_expire:
|
|
|
|
Make ExpiresByType directive work properly, including for
|
|
|
|
dynamically-generated documents.
|
|
|
|
- apr bugfixes
|
|
|
|
- more fixes of deprecated head/tail -1 calls
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed May 28 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.46. relevant / user visible changes:
|
|
|
|
Security [CAN-2003-0245]: Fixed a bug that could be triggered
|
|
|
|
remotely through mod_dav
|
|
|
|
Security [CAN-2003-0189]: Fixed a denial-of-service
|
|
|
|
vulnerability affecting basic authentication
|
|
|
|
Security: forward port of buffer overflow fixes for htdigest.
|
|
|
|
mod_ssl:
|
|
|
|
- SSL session caching(shmht) : Fix a SEGV problem with SHMHT
|
|
|
|
session caching.
|
|
|
|
mod_deflate:
|
|
|
|
- Add another check for already compressed content
|
|
|
|
- Check also err_headers_out for an already set
|
|
|
|
Content-Encoding: gzip header. This prevents gzip compressed
|
|
|
|
content from a CGI script from being compressed once more.
|
|
|
|
mod_mime_magic:
|
|
|
|
- If mod_mime_magic does not know the content-type, do not
|
|
|
|
attempt to guess.
|
|
|
|
mod_rewrite:
|
|
|
|
- Fix handling of absolute URIs.
|
|
|
|
mod_log_config:
|
|
|
|
- Add the ability to log the id of the thread processing the
|
|
|
|
request via new %%P formats.
|
|
|
|
mod_auth_ldap:
|
|
|
|
- Use generic whitespace character class when parsing "require"
|
|
|
|
directives, instead of literal spaces only.
|
|
|
|
mod_proxy:
|
|
|
|
- Fixed a segfault when multiple ProxyBlock directives were used.
|
|
|
|
- Added AllowEncodedSlashes directive to permit control of
|
|
|
|
whether the server will accept encoded slashes ('%%2f') in the
|
|
|
|
URI path. Default condition is off (the historical behaviour).
|
|
|
|
- If Apache is started as root and you code CoreDumpDirectory,
|
|
|
|
coredumps are enabled via the prctl() syscall.
|
|
|
|
- htpasswd: Check the processed file on validity; add a delete flag.
|
|
|
|
- httpd-2.0.45-libtool-1.5.dif is obsolete
|
|
|
|
- mark suse_include.conf as %%ghost
|
|
|
|
- note the rebirth of the httpd and apachectl man pages (thanks to
|
|
|
|
RPMv4 :)
|
|
|
|
- let the module RPM packages only depend on the _major_ module
|
|
|
|
magic number, not on the minor
|
|
|
|
- fix some paths in config_vars.mk, which facilitates building of
|
|
|
|
certain modules
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed May 14 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- use mmap() via MAP_ANON as shared memory allocation method, to
|
|
|
|
prevent restart problems with stale (or in use) files that are
|
|
|
|
associated with shared memory
|
|
|
|
- package forgotten files, and remove hack in %%clean
|
|
|
|
- remove files from the build root that are not packaged
|
|
|
|
- remove suse_include.conf from filelist
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri May 09 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.45. relevant / user visible changes:
|
|
|
|
Security: Eliminated leaks of several file descriptors to
|
|
|
|
child processes, such as CGI scripts. This fix depends on the
|
|
|
|
latest APR library release 0.9.2, which is distributed with the
|
|
|
|
httpd source tarball for Apache 2.0.45. PR 17206
|
|
|
|
Security [CAN-2003-0132]: Close a Denial of Service
|
|
|
|
vulnerability identified by David Endler <DEndler@iDefense.com>
|
|
|
|
on all platforms.
|
|
|
|
General:
|
|
|
|
- Fix segfault which occurred when a section in an included
|
|
|
|
configuration file was not closed. PR 17093.
|
|
|
|
- Fix a nasty segfault in mmap_bucket_setaside() caused by
|
|
|
|
passing an incompatible pointer type to mmap_bucket_destroy(void*).
|
|
|
|
- prevent filters (such as mod_deflate) from adding garbage to
|
|
|
|
the response. PR 14451.
|
|
|
|
- Simpler, faster code path for request header scanning
|
|
|
|
- Try to log an error if a piped log program fails. Try to
|
|
|
|
restart a piped log program in more failure situations.
|
|
|
|
- Fix bug where 'Satisfy Any' without an AuthType lost all MIME
|
|
|
|
information (and more). Related to PR 9076.
|
|
|
|
- Fix If header parsing when a non-mod_dav lock token is passed to it.
|
|
|
|
- Fix apxs to insert LoadModule directives only outside of
|
|
|
|
sections.
|
|
|
|
- apxs: Include any special APR ld flags when linking the DSO.
|
|
|
|
suexec: Be more pedantic when cleaning environment. Clean it
|
|
|
|
immediately after startup. PR 2790, 10449. Use saner default
|
|
|
|
config values for suexec. PR 15713.
|
|
|
|
mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
|
|
|
|
be started on Unix because of such problems as bad permissions,
|
|
|
|
bad shebang line, etc. Fix possible segfaults under obscure
|
|
|
|
error conditions within the cgid daemon.
|
|
|
|
mod_deflate:
|
|
|
|
- you can now specify the compression level.
|
|
|
|
- Extend the DeflateFilterNote directive to allow accurate
|
|
|
|
logging of the filter's in- and outstream.
|
|
|
|
- Fix potential memory leaks in mod_deflate on malformed data. PR 16046.
|
|
|
|
mod_ssl:
|
|
|
|
Allow SSLMutex to select/use the full range of APR locking
|
|
|
|
mechanisms available to it. Also, fix the bug that SSLMutex
|
|
|
|
uses APR_LOCK_DEFAULT no matter what. PR 8122
|
|
|
|
mod_autoindex no longer forgets output format and enabled version
|
|
|
|
sort in linked column headers.
|
|
|
|
mod_rewrite:
|
|
|
|
- Prevent endless loops of internal redirects in mod_rewrite by
|
|
|
|
aborting after exceeding a limit of internal redirects. The
|
|
|
|
limit defaults to 10 and can be changed using the
|
|
|
|
RewriteOptions directive. PR 17462.
|
|
|
|
- Allow "RewriteEngine Off" even if no "Options FollowSymlinks"
|
|
|
|
(or SymlinksIfOwnermatch) is set. PR 12395.
|
|
|
|
mod_ldap:
|
|
|
|
- Updated mod_ldap and mod_auth_ldap to support the Novell LDAP
|
|
|
|
SDK SSL and standardized the LDAP SSL support across the
|
|
|
|
various LDAP SDKs. Isolated the SSL functionality to
|
|
|
|
mod_ldap rather than speading it across mod_auth_ldap and
|
|
|
|
mod_ldap. Also added LDAPTrustedCA and LDAPTrustedCAType
|
|
|
|
directives to mod_ldap to allow for a more common method of
|
|
|
|
specifying the SSL certificate.
|
|
|
|
- fix fault when caching was disabled, and some memory leaks
|
|
|
|
- Fix mod_ldap to open an existing shared memory file should
|
|
|
|
one already exist. PR 12757.
|
|
|
|
- Added character set support to mod_auth_LDAP to allow it to
|
|
|
|
convert extended characters used in the user ID to UTF-8
|
|
|
|
before authenticating against the LDAP directory. The new
|
|
|
|
directive AuthLDAPCharsetConfig is used to specify the config
|
|
|
|
file that contains the character set conversion table.
|
|
|
|
mod_ssl:
|
|
|
|
- Fixed mod_ssl's SSLCertificateChain initialization to no
|
|
|
|
longer skip the first cert of the chain by default. This
|
|
|
|
misbehavior was introduced in 2.0.34. PR 14560
|
|
|
|
- Fix 64-bit problem in mod_ssl input logic.
|
|
|
|
mod_proxy:
|
|
|
|
- Hook mod_proxy's fixup before mod_rewrite's fixup, so that by
|
|
|
|
mod_rewrite proxied URLs will not be escaped accidentally by
|
|
|
|
mod_proxy's fixup. PR 16368
|
|
|
|
- Don't remove the Content-Length from responses in mod_proxy PR: 8677
|
|
|
|
mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
|
|
|
|
not specified. Now it assumes "/" as already documented. PR 16937.
|
|
|
|
mod_file_cache: fix segfaults
|
|
|
|
- improve the start/restart section of the init script, and add a
|
|
|
|
ssl_scache_cleanup script
|
|
|
|
- understand a syntax like -DSTATUS, as described in the sysconfig
|
|
|
|
file help text (bug noted in #25404]
|
|
|
|
- don't package the *.exp files, as they are needed only on AIX
|
|
|
|
- fix filelist for usage of %%dir for files
|
|
|
|
- fix the cosmetical but irritating "Inappropriate ioctl for
|
|
|
|
device" error message, when rcapache2 is called from within YaST
|
|
|
|
- remove the unused /etc/apache2/modules directory from the package
|
|
|
|
- remove the now unused --enable-experimental-libtool
|
|
|
|
- fix to build with libtool-1.5
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Apr 09 2003 ro@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix deprecated head/tail call syntax "-1"
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Mar 17 2003 kukuk@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- Remove suse_help_viewer from provides [Bug #25436]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Mar 13 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- security fix: do not write the startup log file to a world
|
|
|
|
writable directory, reversing the change of Jan 23 (wasn't in any
|
|
|
|
released package) [#25239]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Mar 10 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- change permissions of /var/log/apache2 from wwwrun:root mode 770
|
|
|
|
to root:root mode 750 [#24951]
|
|
|
|
- fix wrong list() in sysconfig.apache2 [#24719], and add a missing
|
|
|
|
default value
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Mar 03 2003 kukuk@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- Remove ghost entry for pid file [Bug #24566]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Feb 27 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- use the official MIME types, which are more complete [#23988]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Feb 24 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- don't include log files into the package, and don't touch them in
|
|
|
|
%%post; it's not needed
|
|
|
|
- fix comment in httpd.conf talking about SuSEconfig
|
|
|
|
- adjust some variable types in the sysconfig template
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Feb 18 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- apache2 Makefiles do support DESTDIR now, so let's use that
|
|
|
|
instead of the explicit paths (fixes a wrong path in
|
|
|
|
config_vars.mk [#23699]). Some files (*.exp, libapr*) are
|
|
|
|
automatically installed in the right location now.
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Feb 14 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix configuration script to find apache modules on 64 bit archs
|
|
|
|
- mark ssl.conf (noreplace)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Feb 10 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- add mod_ldap, mod_auth_ldap, but link only them against the LDAP
|
|
|
|
libs. Likewise, do not link everything against ssl libs. This way
|
|
|
|
we can avoid RPM package (and build) requirements on a lot of
|
|
|
|
libs for subversion and other packages that build on apache.
|
|
|
|
- move more code from SuSEconfig into rcapache2 (actually into
|
|
|
|
support scripts below /usr/share/apache2/, so apache2 can be
|
|
|
|
configured without starting it)
|
|
|
|
- improve full-server-status once again
|
|
|
|
- remove suse_loadmodule.conf from filelist
|
|
|
|
- remove obsolete README.modules
|
|
|
|
- rename LOADMODULES -> APACHE_MODULES
|
|
|
|
- add APACHE_BUFFERED_LOGS
|
|
|
|
- update README.SuSE
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Jan 28 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- rc.apache2
|
|
|
|
- add extreme-configtest (trying to run server as nobody, which
|
|
|
|
detects _all_ config errors)
|
|
|
|
- evaluate LOADMODULES from sysconfig.apache2 on-the-fly from
|
|
|
|
rcapache2 instead of SuSEconfig
|
|
|
|
- when restarting, do something useful instead of 'sleep 3': wait
|
|
|
|
just as long until the server has terminated all children
|
2008-03-14 17:21:15 +01:00
|
|
|
* Sun Jan 26 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- build mod_logio, mod_case_filter, mod_case_filter_in
|
|
|
|
- rename apr subpackage to libapr0 (the library is called libapr-0
|
|
|
|
meanwhile). add compatibility links named (libapr{,util}.so.0)
|
|
|
|
- configure SSL session caching with shm circular buffer
|
|
|
|
SSLSessionCache shm:/var/lib/httpd/ssl_scache
|
|
|
|
SSLSessionCacheTimeout 600
|
|
|
|
SSLMutex sem
|
|
|
|
- SuSEconfig.apache2: prefer prefork MPM over worker, if guessing
|
|
|
|
- strip objects
|
|
|
|
- rename gensslcert2 to gensslcert
|
|
|
|
- show a list all available modules in /etc/sysconfig/apache2
|
|
|
|
- nicer output of apache2ctl
|
|
|
|
- reorder Requires
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Jan 23 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.44
|
|
|
|
- obsoletes patch httpd-2.0.43-mod_ssl-memory-leak.dif
|
|
|
|
- the apachectl and httpd man pages have been dropped upstreams
|
|
|
|
- add robots.txt to the example-pages subpackage that blocks spiders
|
|
|
|
- disable the perchild MPM
|
|
|
|
- disable httpd-2.0.36-64bit.dif
|
|
|
|
- rename apachectl2 to apache2ctl
|
|
|
|
- write the startup log to /var/tmp instead of /var/log/apache2
|
2008-04-01 23:02:11 +02:00
|
|
|
* Mon Jan 13 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix last fix (rpm macro before hash wasn't expanded)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Jan 10 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix lib64 path in SuSEconfig
|
2008-03-14 17:21:15 +01:00
|
|
|
* Sat Jan 04 2003 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix typo in spec file, preventing replacement of @userdir@ in
|
|
|
|
httpd.conf-std.in
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Dec 18 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- sysconfig.apache2:
|
|
|
|
- add APACHE_SERVER_FLAGS variable
|
|
|
|
- change default: APACHE_SERVERSIGNATURE=on to match apache deflt
|
|
|
|
- add APACHE_CONF_INCLUDE_DIRS
|
|
|
|
- drop bogus APACHE_ACCESS_SERVERINFO variable
|
|
|
|
- adapt to our new sysconfig template
|
|
|
|
- SuSEconfig.apache2:
|
|
|
|
- understand LOADMODULES also if it is not an array [#21816]
|
|
|
|
- be very flexible with regard to LOADMODULE input (e.g., say
|
|
|
|
mod_php4 and it will find libphp4.so with ID php4_module)
|
|
|
|
- also ignore *,v files
|
|
|
|
- include APACHE_CONF_INCLUDE_DIRS
|
|
|
|
- dump some files: suse_define.conf (not needed) & suse_text.conf
|
|
|
|
(too much overhead)
|
|
|
|
- rc.apache2:
|
|
|
|
- implement most of apachectl's commands (graceful, configtest)
|
|
|
|
- use server_flags from sysconfig.apache2
|
|
|
|
- pass server flags like -DSTATUS from the command line through
|
|
|
|
to httpd2
|
|
|
|
- add commmands to show the server status
|
|
|
|
- don't quit silently when no apache MPM is installed
|
|
|
|
- handle ServerSignature and other stuff on the command line
|
|
|
|
(save modifications to httpd.conf)
|
|
|
|
- fix the /manual Alias that points to the documentation
|
|
|
|
- configure /cgi-bin for cgi execution
|
|
|
|
- configure /home/*/public_html for mod_userdir -- if it is loaded
|
|
|
|
- configure internationalized error responses
|
|
|
|
- fix apachectl2
|
|
|
|
- add /etc/apache2/{,modules} to the filelist
|
|
|
|
- add /etc/apache2/conf.d as drop-in directory for packages
|
|
|
|
- hard code some more default paths into the executable
|
|
|
|
- finally, run a test!
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Dec 05 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- move ap{r,u}-config* into the apr package, as well
|
|
|
|
- add generic ap{r,u}-config
|
|
|
|
- add %%includedir to filelist
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Dec 05 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- more checks and warnings to SuSEconfig.apache2
|
|
|
|
- shift APR files into the the apr package
|
|
|
|
- try 1.136 revision of perchild.c
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Dec 03 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- add forgotten ssl.conf to the filelist (thanks, Robert)
|
|
|
|
- add httpd-2.0.43-mod_ssl-memory-leak.dif
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Oct 14 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.43, that fixes a Cross-Site Scripting bug (CVE:
|
|
|
|
CAN-2002-0840)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Oct 07 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- do not append a '2' suffix to the scripts included with the
|
|
|
|
documentation
|
|
|
|
- move error, icons and manual dir to /usr/share/apache2
|
|
|
|
- fix nested array in SuSEconfig.apache2
|
|
|
|
- let SuSEconfig pick one MPM that is installed. Do not default to
|
|
|
|
"worker". [#20724]
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Oct 03 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.42 (primarily a bug-fix release, including updates
|
|
|
|
to the experimental caching module, the removal of several memory
|
|
|
|
leaks, and fixes for several segfaults, one of which could have
|
|
|
|
been used as a denial-of-service against mod_dav (VU#406121).)
|
|
|
|
- increase flexibility of the spec file: build any set of MPMs,
|
|
|
|
depending on RPM %%defines. Improve the mechanism that merges the
|
|
|
|
modules so it works with any number of MPMs.
|
|
|
|
- use a "Server:" header that fits the product apache is built for
|
|
|
|
- add an RPM dependency on the module magic number to the MPM
|
|
|
|
subpackages
|
|
|
|
- build the "leader/follower" MPM. On i686, enable nonportable but
|
|
|
|
faster atomics for it.
|
|
|
|
- use filelists for more flexibility. APRVARS ceased to exist.
|
|
|
|
Don't add README* twice.
|
|
|
|
- perchild: use AcceptMutex fcntl to prevent permission conflict as
|
|
|
|
suggested in Apache Bugzilla #7921
|
|
|
|
- remove mod_rewrite and mod_proxy from the default modules
|
|
|
|
- build the mod_auth_digest module
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Sep 09 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- add patch that changes PLATFORM (as seen in the HTTP Server
|
|
|
|
header) from "Unix" to "SuSE/Linux" [#18543]
|
|
|
|
- add README.SuSE, explaining how to build modules with apxs2
|
|
|
|
- fixed some paths in README.modules, put it into docdir and mark
|
|
|
|
it as %%doc
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Aug 28 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- new package, now building all three MPMs and putting all specific
|
|
|
|
modules in specific directories. Branch a subpackage for each
|
|
|
|
MPM, containing the server and MPM-specific modules.
|
|
|
|
- branch apr package off, so apache2 doesn't need to be installed
|
|
|
|
to have the libs. (apr is not released yet, that's why we build
|
|
|
|
it here)
|
|
|
|
- allow coexistence of apache1 by using directories named apache2
|
|
|
|
or suffixed with "2"
|
|
|
|
- allow building modules via apxs2 (for all server MPMs) --- or via
|
|
|
|
apxs2-{worker,perchild,prefork} for a specific server MPM
|
|
|
|
- add permissions.apache2 setting /usr/sbin/suexec2 to 4755
|
|
|
|
- rewrite SuSEconfig.apache2 for apache 2.
|
|
|
|
- add httpd-2.0.40-cache_util.c.diff that prevents a segfault in
|
|
|
|
mod_proxy when given an invalid URL
|
|
|
|
- branch apache2-example-pages off (docroot contents)
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Aug 19 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- actually use the new SuSE81 layout, and add SuSE81_64 layout
|
|
|
|
- cleaned up httpd-2.0.36-conf.dif
|
|
|
|
- fixed comment in SuSEconfig.apache
|
|
|
|
- drop SuSEconfig subpackage
|
|
|
|
- split main package and -devel package in three packages, one for
|
|
|
|
each MPM...
|
|
|
|
apache2 -> apache2-{worker,perchild,prefork}
|
|
|
|
apache2-devel -> apache2-{worker,perchild,prefork}-devel
|
2008-03-14 17:21:15 +01:00
|
|
|
* Mon Aug 12 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- bugfix update to 2.0.40
|
|
|
|
- fix Requires of -devel subpackage
|
|
|
|
- add variable to sysconfig.apache to switch off SuSEconfig.apache
|
|
|
|
- add new layout SUSE81 to config.layout due to the moved server
|
|
|
|
root (so the old SuSE6.1 can be kept for building on older
|
|
|
|
distributions)
|
|
|
|
- one of the lib64 path fixes could be removed, now included
|
|
|
|
upstream
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Aug 07 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- put PreReq in an if-statement to allow building on older distris
|
|
|
|
- relax the Requires
|
|
|
|
- the apache_mmn macro had to be moved down in the spec file to be
|
|
|
|
evaluated
|
|
|
|
- libmm is not needed for building (and it is not threadsafe)
|
|
|
|
- fix config.layout for the moved server root
|
2008-03-14 17:21:15 +01:00
|
|
|
* Sat Aug 03 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix libdir in config.layout for lib64
|
2008-03-14 17:21:15 +01:00
|
|
|
* Fri Aug 02 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- fix RPM Requires
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Aug 01 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- move datadir (i.e., ServerRoot) from /usr/local/httpd to /srv/www
|
|
|
|
- drop obsolete README.SuSE
|
2008-03-14 17:21:15 +01:00
|
|
|
* Thu Aug 01 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- spec file: use PreReq
|
|
|
|
- don't delete SuSEconfig's md5 files in %%post, that's no good
|
|
|
|
- add apache.logrotate
|
|
|
|
- provide the magic module number as executable script
|
|
|
|
(/usr/lib/apache/MMN) and as RPM Provides, indicating API changes
|
|
|
|
- mark httpd.conf noreplace
|
|
|
|
- fix installbuilddir in config.layout, needed for apxs
|
2008-03-14 17:21:15 +01:00
|
|
|
* Sun Jul 14 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.39
|
|
|
|
- drop obsolete moduledir and apxs patches
|
|
|
|
- rc.apache INIT section: use X-UnitedLinux-Should-Start
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed Jul 03 2002 ro@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- rename to "apache2" again
|
2008-03-14 17:21:15 +01:00
|
|
|
* Tue Jun 11 2002 ro@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- get apxs to work:
|
|
|
|
include needed files in devel package
|
|
|
|
adapt some pathes in apxs
|
2008-03-14 17:21:15 +01:00
|
|
|
* Wed May 29 2002 poeml@suse.de
|
2006-12-20 18:01:15 +01:00
|
|
|
- update to 2.0.36
|
|
|
|
- drop mod_ssl subpackage; mod_ssl is part of the apache bsae
|
|
|
|
distribution now
|
|
|
|
- RPM can be built as user now
|
|
|
|
- SuSEconfig.apache: understand relative and absolute pathnames
|
|
|
|
- disable experimental auth_digest_module
|