From 955adce8b63b1f972f483438926ca1a0d34222a63cfed3c46a0ae9acd8bb292d Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Tue, 29 Aug 2017 12:03:48 +0000 Subject: [PATCH 1/7] Accepting request 514237 from home:cschneemann:branches:Apache Changes needed to get apache2.4 started on sles11 or other not systemd systems OBS-URL: https://build.opensuse.org/request/show/514237 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=521 --- apache2-init.logrotate | 84 ++++++++++++++++++++++++++++++++++ apache2.changes | 5 +++ apache2.spec | 28 +++++++++++- deprecated-scripts-arch.patch | 85 +++++++++++++++++++++++++++++++++++ rc.apache2 | 1 + 5 files changed, 202 insertions(+), 1 deletion(-) create mode 100644 apache2-init.logrotate create mode 100644 deprecated-scripts-arch.patch diff --git a/apache2-init.logrotate b/apache2-init.logrotate new file mode 100644 index 0000000..4d99eff --- /dev/null +++ b/apache2-init.logrotate @@ -0,0 +1,84 @@ +/var/log/apache2/access_log { + compress + dateext + maxage 365 + rotate 99 + size=+4096k + notifempty + missingok + create 644 root root + prerotate + /etc/init.d/apache2 check-reload + endscript + postrotate + /etc/init.d/apache2 reload + endscript +} + +/var/log/apache2/error_log { + compress + dateext + maxage 365 + rotate 99 + size=+1024k + notifempty + missingok + create 644 root root + prerotate + /etc/init.d/apache2 check-reload + endscript + postrotate + /etc/init.d/apache2 reload + endscript +} + +/var/log/apache2/suexec.log { + compress + dateext + maxage 365 + rotate 99 + size=+1024k + notifempty + missingok + create 644 root root + prerotate + /etc/init.d/apache2 check-reload + endscript + postrotate + /etc/init.d/apache2 reload + endscript +} + +/var/log/apache2/ssl_request_log { + compress + dateext + maxage 365 + rotate 99 + size=+4096k + notifempty + missingok + create 644 root root + prerotate + /etc/init.d/apache2 check-reload + endscript + postrotate + /etc/init.d/apache2 reload + endscript +} + +/var/log/apache2/ssl_engine_log { + compress + dateext + maxage 365 + rotate 99 + size=+1024k + notifempty + missingok + create 644 root root + prerotate + /etc/init.d/apache2 check-reload + endscript + postrotate + /etc/init.d/apache2 reload + endscript +} diff --git a/apache2.changes b/apache2.changes index 00b203b..e31e354 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Jul 24 15:25:09 UTC 2017 - schneemann@b1-systems.de + +- make the package runable on non systemd systems + ------------------------------------------------------------------- Mon Jul 17 09:30:36 UTC 2017 - pgajdos@suse.com diff --git a/apache2.spec b/apache2.spec index dc0a3dc..1351dba 100644 --- a/apache2.spec +++ b/apache2.spec @@ -115,6 +115,7 @@ Source145: apache2-find-directives Source146: apache2@.service Source147: apache2-script-helpers Source148: apache2.target +Source149: %{name}-init.logrotate Patch2: httpd-2.1.3alpha-layout.dif Patch23: httpd-apachectl.patch Patch66: httpd-2.0.54-envvars.dif @@ -127,6 +128,7 @@ Patch109: httpd-2.4.3-mod_systemd.patch Patch111: httpd-visibility.patch # PATCH-FEATURE-UPSTREAM kstreitova@suse.com -- backport of HttpContentLengthHeadZero and HttpExpectStrict Patch115: httpd-2.4.x-fate317766-config-control-two-protocol-options.diff +Patch116: deprecated-scripts-arch.patch BuildRequires: apache-rpm-macros-control BuildRequires: apr-util-devel BuildRequires: automake @@ -315,6 +317,9 @@ to administrators of web servers in general. %endif %patch111 -p1 %patch115 -p1 +%if 0%{?suse_version} == 1110 +%patch116 -p1 +%endif cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE # install READMEs a=$(basename %{SOURCE22}) @@ -523,6 +528,9 @@ install -m 755 support/split-logfile %{buildroot}/%{_bindir}/ install -m 755 support/logresolve.pl %{buildroot}/%{_sbindir}/ mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 $RPM_SOURCE_DIR/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +%if 0%{?suse_version} == 1110 +install -m 644 $RPM_SOURCE_DIR/%{name}-init.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +%endif install -m 755 $RPM_SOURCE_DIR/apache2-check_forensic %{buildroot}/%{_bindir}/check_forensic install -m 755 $RPM_SOURCE_DIR/apache2-find-directives %{buildroot}/%{_bindir}/ # @@ -533,6 +541,7 @@ tar xjf %{SOURCE29} -C %{buildroot}/%{sysconfdir} # init script and friends install -m 644 $RPM_SOURCE_DIR/apache2-script-helpers %{buildroot}/%{_datadir}/%{name}/script-helpers install -m 744 $RPM_SOURCE_DIR/start_apache2 %{buildroot}%{_sbindir}/ +cp -r deprecated-scripts %{buildroot}/%{_datadir}/%{name}/ %if 0%{?suse_version} >= 1210 mkdir -p %{buildroot}%{_unitdir}/ install -m 700 $RPM_SOURCE_DIR/apache2-systemd-ask-pass %{buildroot}%{_sbindir}/ @@ -542,10 +551,19 @@ install -m 644 $RPM_SOURCE_DIR/apache2.target %{buildroot}%{_unitdir}/ ln -sf service %{buildroot}/%{_sbindir}/rcapache2 %else mkdir -p %{buildroot}%{_sysconfdir}/init.d +mkdir -p %{buildroot}%{_sysconfdir}/%{name}/sysconfig.d + install -m 744 $RPM_SOURCE_DIR/rc.%{name} %{buildroot}%{_initddir}/%{name} ln -sf ../..%{_initddir}/%{name} %{buildroot}/%{_sbindir}/rcapache2 +for file in find_mpm \ + get_includes \ + get_module_list \ + load_configuration +do + ln -sf deprecated-scripts/$file %{buildroot}/%{_datadir}/%{name}/$file + chmod +x %{buildroot}/%{_datadir}/%{name}/$file +done %endif -cp -r deprecated-scripts %{buildroot}/%{_datadir}/%{name}/ install -m 755 $RPM_SOURCE_DIR/apache-22-24-upgrade %{buildroot}/%{_datadir}/%{name}/ install -m 755 $RPM_SOURCE_DIR/sysconf_addword %{buildroot}/%{_datadir}/%{name}/ install -m 755 $RPM_SOURCE_DIR/a2enflag %{buildroot}/%{_sbindir} @@ -589,6 +607,7 @@ cat > %{buildroot}/%{sysconfdir}/uid.conf <<-EOF Group %{httpdgroup} EOF + # fixup libdir %if "%{_lib}" != "lib64" sed -e 's/lib64/%{_lib}/' -i \ @@ -799,6 +818,7 @@ mv %{buildroot}/%{sysconfdir}/original . %{_sbindir}/apache2-systemd-ask-pass %else %{_initddir}/%{name} +%dir %{_sysconfdir}/%{name}/sysconfig.d %endif %{_sbindir}/rcapache2 %{_sbindir}/apachectl @@ -827,6 +847,12 @@ mv %{buildroot}/%{sysconfdir}/original . %{_datadir}/%{name}/sysconf_addword %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}-ssl +%if 0%{?suse_version} == 1110 +/usr/share/apache2/find_mpm +/usr/share/apache2/get_includes +/usr/share/apache2/get_module_list +/usr/share/apache2/load_configuration +%endif %if %{prefork} %files prefork diff --git a/deprecated-scripts-arch.patch b/deprecated-scripts-arch.patch new file mode 100644 index 0000000..685bcb9 --- /dev/null +++ b/deprecated-scripts-arch.patch @@ -0,0 +1,85 @@ +--- + deprecated-scripts/get_module_list | 56 +++++++++++++++++++------------------ + 1 file changed, 30 insertions(+), 26 deletions(-) + +Index: httpd-2.4.27/deprecated-scripts/get_module_list +=================================================================== +--- httpd-2.4.27.orig/deprecated-scripts/get_module_list ++++ httpd-2.4.27/deprecated-scripts/get_module_list +@@ -4,6 +4,10 @@ pname=apache2 + : ${sysconfdir:=/etc/$pname} + : ${sysconfig_apache:=/etc/sysconfig/$pname} + default_APACHE_DOCUMENT_ROOT=/srv/www/htdocs ++modpath=/usr/lib ++if [ `/bin/arch` == "x86_64" ]; then ++ modpath=/usr/lib64 ++fi + + test -z "$APACHE_MODULES" && . /usr/share/$pname/load_configuration + apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null) +@@ -61,26 +65,26 @@ for i in ${APACHE_MODULES[*]}; do + module_path=$i + ;; + *) +- for j in /usr/lib/$pname-$APACHE_MPM/mod_$i.so \ +- /usr/lib/$pname-$APACHE_MPM/$i.so \ +- /usr/lib/$pname-$APACHE_MPM/mod_$i \ +- /usr/lib/$pname-$APACHE_MPM/$i \ +- /usr/lib/$pname-$APACHE_MPM/${i/mod_}.so \ +- /usr/lib/$pname-$APACHE_MPM/${i/mod_} \ +- /usr/lib/$pname-$APACHE_MPM/lib${i/mod_}.so \ +- /usr/lib/$pname-$APACHE_MPM/lib${i/mod_} \ +- /usr/lib/$pname-$APACHE_MPM/lib$i.so \ +- /usr/lib/$pname-$APACHE_MPM/lib$i \ +- /usr/lib/$pname/mod_$i.so \ +- /usr/lib/$pname/$i.so \ +- /usr/lib/$pname/mod_$i \ +- /usr/lib/$pname/$i \ +- /usr/lib/$pname/${i/mod_}.so \ +- /usr/lib/$pname/${i/mod_} \ +- /usr/lib/$pname/lib${i/mod_}.so \ +- /usr/lib/$pname/lib${i/mod_} \ +- /usr/lib/$pname/lib$i.so \ +- /usr/lib/$pname/lib$i ++ for j in $modpath/$pname-$APACHE_MPM/mod_$i.so \ ++ $modpath/$pname-$APACHE_MPM/$i.so \ ++ $modpath/$pname-$APACHE_MPM/mod_$i \ ++ $modpath/$pname-$APACHE_MPM/$i \ ++ $modpath/$pname-$APACHE_MPM/${i/mod_}.so \ ++ $modpath/$pname-$APACHE_MPM/${i/mod_} \ ++ $modpath/$pname-$APACHE_MPM/lib${i/mod_}.so \ ++ $modpath/$pname-$APACHE_MPM/lib${i/mod_} \ ++ $modpath/$pname-$APACHE_MPM/lib$i.so \ ++ $modpath/$pname-$APACHE_MPM/lib$i \ ++ $modpath/$pname/mod_$i.so \ ++ $modpath/$pname/$i.so \ ++ $modpath/$pname/mod_$i \ ++ $modpath/$pname/$i \ ++ $modpath/$pname/${i/mod_}.so \ ++ $modpath/$pname/${i/mod_} \ ++ $modpath/$pname/lib${i/mod_}.so \ ++ $modpath/$pname/lib${i/mod_} \ ++ $modpath/$pname/lib$i.so \ ++ $modpath/$pname/lib$i + do + if [ -f $j ]; then + module_path=$j +@@ -105,12 +109,12 @@ done + echo >&3 -e "#\n" + exec 3<&- + chmod 644 $TMPFILE +-if ! mv -Z $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf 2>/dev/null; then +- mv $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf +- if selinuxenabled; then +- restorecon $sysconfdir/sysconfig.d/loadmodule.conf +- fi +-fi ++if ! mv -Z $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf 2>/dev/null; then ++ mv $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf ++# if selinuxenabled; then ++# restorecon $sysconfdir/sysconfig.d/loadmodule.conf ++# fi ++fi + #echo -n ". " + + diff --git a/rc.apache2 b/rc.apache2 index 5a59c4d..ab8f884 100644 --- a/rc.apache2 +++ b/rc.apache2 @@ -86,6 +86,7 @@ get_server_flags() *) server_flags="$server_flags -D$i";; esac done + server_flags="$server_flags -DSYSCONFIG -C 'Include /etc/apache2/sysconfig.d/'" } action="$1" From 5dced272cc3e16a163860eeaf83e4ed849a46c9f42be73fa15a7fd68b9f12b6d Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Tue, 3 Oct 2017 16:18:03 +0000 Subject: [PATCH 2/7] - do not call and do not ship apache-22-24-upgrade [bsc#1042037] OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=522 --- apache-22-24-upgrade | 22 ---------------------- apache2.changes | 5 +++++ apache2.spec | 10 ++-------- 3 files changed, 7 insertions(+), 30 deletions(-) delete mode 100644 apache-22-24-upgrade diff --git a/apache-22-24-upgrade b/apache-22-24-upgrade deleted file mode 100644 index fe90c32..0000000 --- a/apache-22-24-upgrade +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -# obsolete 2.2 modules -> 2.4 modules - -for module in mod_authn_default mod_authz_default mod_mem_cache authz_default authn_default mem_cache; do - if a2enmod -q "$module"; then - echo "!!ATTENTION! $module was removed from apache version 2.4 or later, CHECK YOUR CONFIGURATION!!!" - a2dismod "$module" - fi -done - -if ! a2enmod -q authn_core; then - a2enmod authn_core -fi - -if ! a2enmod -q authz_core; then - a2enmod authz_core -fi - -if ! a2enmod -q log_config; then - a2enmod log_config -fi diff --git a/apache2.changes b/apache2.changes index e31e354..89af31d 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Oct 3 16:13:13 UTC 2017 - pgajdos@suse.com + +- do not call and do not ship apache-22-24-upgrade [bsc#1042037] + ------------------------------------------------------------------- Mon Jul 24 15:25:09 UTC 2017 - schneemann@b1-systems.de diff --git a/apache2.spec b/apache2.spec index 1351dba..edbaaff 100644 --- a/apache2.spec +++ b/apache2.spec @@ -107,7 +107,6 @@ Source119: apache2-protocols.conf Source130: apache2-vhost.template Source131: apache2-vhost-ssl.template Source140: apache2-check_forensic -Source141: apache-22-24-upgrade Source142: start_apache2 Source143: apache2-systemd-ask-pass Source144: apache2.service @@ -115,7 +114,7 @@ Source145: apache2-find-directives Source146: apache2@.service Source147: apache2-script-helpers Source148: apache2.target -Source149: %{name}-init.logrotate +Source149: %{name}-init.logrotate Patch2: httpd-2.1.3alpha-layout.dif Patch23: httpd-apachectl.patch Patch66: httpd-2.0.54-envvars.dif @@ -128,7 +127,7 @@ Patch109: httpd-2.4.3-mod_systemd.patch Patch111: httpd-visibility.patch # PATCH-FEATURE-UPSTREAM kstreitova@suse.com -- backport of HttpContentLengthHeadZero and HttpExpectStrict Patch115: httpd-2.4.x-fate317766-config-control-two-protocol-options.diff -Patch116: deprecated-scripts-arch.patch +Patch116: deprecated-scripts-arch.patch BuildRequires: apache-rpm-macros-control BuildRequires: apr-util-devel BuildRequires: automake @@ -564,7 +563,6 @@ do chmod +x %{buildroot}/%{_datadir}/%{name}/$file done %endif -install -m 755 $RPM_SOURCE_DIR/apache-22-24-upgrade %{buildroot}/%{_datadir}/%{name}/ install -m 755 $RPM_SOURCE_DIR/sysconf_addword %{buildroot}/%{_datadir}/%{name}/ install -m 755 $RPM_SOURCE_DIR/a2enflag %{buildroot}/%{_sbindir} ln -s a2enflag %{buildroot}/%{_sbindir}/a2disflag @@ -607,7 +605,6 @@ cat > %{buildroot}/%{sysconfdir}/uid.conf <<-EOF Group %{httpdgroup} EOF - # fixup libdir %if "%{_lib}" != "lib64" sed -e 's/lib64/%{_lib}/' -i \ @@ -841,7 +838,6 @@ mv %{buildroot}/%{sysconfdir}/original . %{_libdir}/%{name}/mod_*.so %dir %{installbuilddir} %dir %{_datadir}/%{name} -%{_datadir}/%{name}/apache-22-24-upgrade %{_datadir}/%{name}/deprecated-scripts %{_datadir}/%{name}/script-helpers %{_datadir}/%{name}/sysconf_addword @@ -1447,8 +1443,6 @@ fi exit 0 %posttrans -%{_datadir}/%{name}/apache-22-24-upgrade - %verifyscript %verify_permissions -e %{_sbindir}/suexec %apache_restart_if_needed From c5edf8fbcc51b0936f55762d050114072af0045dfe81f3e63408da7befd5a370 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Tue, 3 Oct 2017 16:35:01 +0000 Subject: [PATCH 3/7] OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=523 --- apache2.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/apache2.spec b/apache2.spec index edbaaff..af8e9ab 100644 --- a/apache2.spec +++ b/apache2.spec @@ -1442,7 +1442,6 @@ fi # exit 0 -%posttrans %verifyscript %verify_permissions -e %{_sbindir}/suexec %apache_restart_if_needed From 5ad7a03cebf18f972334772cb153843281d3fca780a896c9b7e9776aa879b728 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Tue, 3 Oct 2017 16:36:44 +0000 Subject: [PATCH 4/7] OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=524 --- apache2.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apache2.spec b/apache2.spec index af8e9ab..e123b80 100644 --- a/apache2.spec +++ b/apache2.spec @@ -1442,8 +1442,10 @@ fi # exit 0 -%verifyscript -%verify_permissions -e %{_sbindir}/suexec +%posttrans %apache_restart_if_needed +%verifyscript +%verify_permissions -e %{_sbindir}/suexec + %changelog From 91db59dc7a7b4b9126b5b68229da7105db741905a86d052ffaf5aad9b47e3c6b Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Tue, 3 Oct 2017 17:35:07 +0000 Subject: [PATCH 5/7] + deprecated-scripts-arch.patch OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=525 --- apache2.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/apache2.changes b/apache2.changes index 89af31d..83cfd99 100644 --- a/apache2.changes +++ b/apache2.changes @@ -7,6 +7,7 @@ Tue Oct 3 16:13:13 UTC 2017 - pgajdos@suse.com Mon Jul 24 15:25:09 UTC 2017 - schneemann@b1-systems.de - make the package runable on non systemd systems + + deprecated-scripts-arch.patch ------------------------------------------------------------------- Mon Jul 17 09:30:36 UTC 2017 - pgajdos@suse.com From 1a67fa8fff4e63dd628fed981cb74b35d4210bf295bcaf87d23001105cc2816d Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Thu, 5 Oct 2017 13:04:58 +0000 Subject: [PATCH 6/7] - suexec binary moved to main package [bsc#1054741] OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=526 --- apache2.changes | 5 +++++ apache2.spec | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/apache2.changes b/apache2.changes index 83cfd99..67446e6 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Oct 5 12:57:56 UTC 2017 - pgajdos@suse.com + +- suexec binary moved to main package [bsc#1054741] + ------------------------------------------------------------------- Tue Oct 3 16:13:13 UTC 2017 - pgajdos@suse.com diff --git a/apache2.spec b/apache2.spec index e123b80..cb00fb0 100644 --- a/apache2.spec +++ b/apache2.spec @@ -785,6 +785,8 @@ mv %{buildroot}/%{sysconfdir}/original . %{_mandir}/man?/httpd2.?.* %{_mandir}/man?/apxs.?.* %{_mandir}/man?/apxs2.?.* +%{_mandir}/man?/suexec.?.* +%{_mandir}/man?/suexec2.?.* %doc robots.txt %doc printenv %doc test-cgi @@ -830,6 +832,8 @@ mv %{buildroot}/%{sysconfdir}/original . %{_sbindir}/start_apache2 %{_bindir}/log_server_status %{_bindir}/log_server_status2 +%verify(not mode) %attr(0755,root,root) %{_sbindir}/suexec +%{_sbindir}/suexec2 %{iconsdir} %{errordir} %{_var}/adm/fillup-templates/sysconfig.%{name} @@ -1265,8 +1269,6 @@ mv %{buildroot}/%{sysconfdir}/original . %{_mandir}/man?/logresolve2.?.* %{_mandir}/man?/rotatelogs.?.* %{_mandir}/man?/rotatelogs2.?.* -%{_mandir}/man?/suexec.?.* -%{_mandir}/man?/suexec2.?.* %{_sbindir}/fcgistarter %{_mandir}/man8/fcgistarter.8.* %{_bindir}/check_forensic @@ -1292,8 +1294,6 @@ mv %{buildroot}/%{sysconfdir}/original . %{_bindir}/logresolve2 %{_sbindir}/rotatelogs %{_sbindir}/rotatelogs2 -%verify(not mode) %attr(0755,root,root) %{_sbindir}/suexec -%{_sbindir}/suexec2 %if %{prefork} # From 52dd150f04dff57fd28c9cb1cca3c752f75b4807ec7adbab39767fa1c53a26fe Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Fri, 6 Oct 2017 07:51:06 +0000 Subject: [PATCH 7/7] =?UTF-8?q?-=20updated=20to=202.4.28:=20=20=20*)=20SEC?= =?UTF-8?q?URITY:=20CVE-2017-9798=20(cve.mitre.org)=20=20=20=20=20=20Corru?= =?UTF-8?q?pted=20or=20freed=20memory=20access.=20=20must?= =?UTF-8?q?=20now=20be=20used=20in=20the=20=20=20=20=20=20main=20configura?= =?UTF-8?q?tion=20file=20(httpd.conf)=20to=20register=20HTTP=20methods=20b?= =?UTF-8?q?efore=20the=20=20=20=20=20=20.htaccess=20files.=20=20[Yann=20Yl?= =?UTF-8?q?avic]=20=20=20*)=20event:=20Avoid=20possible=20blocking=20in=20?= =?UTF-8?q?the=20listener=20thread=20when=20shutting=20down=20=20=20=20=20?= =?UTF-8?q?=20connections.=20PR=2060956.=20=20[Yann=20Ylavic]=20=20=20*)?= =?UTF-8?q?=20mod=5Fspeling:=20Don't=20embed=20referer=20data=20in=20a=20l?= =?UTF-8?q?ink=20in=20error=20page.=20=20=20=20=20=20PR=2038923=20[Nick=20?= =?UTF-8?q?Kew]=20=20=20*)=20htdigest:=20prevent=20a=20buffer=20overflow?= =?UTF-8?q?=20when=20a=20string=20exceeds=20the=20allowed=20max=20=20=20?= =?UTF-8?q?=20=20=20length=20in=20a=20password=20file.=20=20=20=20=20=20[L?= =?UTF-8?q?uca=20Toscano,=20Hanno=20B=C3=B6ck=20]=20?= =?UTF-8?q?=20=20*)=20mod=5Fproxy:=20loadfactor=20parameter=20can=20now=20?= =?UTF-8?q?be=20a=20decimal=20number=20(eg:=201.25).=20=20=20=20=20=20[Jim?= =?UTF-8?q?=20Jagielski]=20=20=20*)=20mod=5Fproxy=5Fwstunnel:=20Allow=20up?= =?UTF-8?q?grade=20to=20any=20protocol=20dynamically.=20=20=20=20=20=20PR?= =?UTF-8?q?=2061142.=20=20=20*)=20mod=5Fwatchdog/mod=5Fproxy=5Fhcheck:=20T?= =?UTF-8?q?ime=20intervals=20can=20now=20be=20spefified=20=20=20=20=20=20d?= =?UTF-8?q?own=20to=20the=20millisecond.=20Supports=20'mi'=20(minute),=20'?= =?UTF-8?q?ms'=20(millisecond),=20=20=20=20=20=20's'=20(second)=20and=20'h?= =?UTF-8?q?r'=20(hour!)=20time=20suffixes.=20[Jim=20Jagielski]=20=20=20*)?= =?UTF-8?q?=20mod=5Fhttp2:=20Fix=20for=20stalling=20when=20more=20than=203?= =?UTF-8?q?2KB=20are=20written=20to=20a=20=20=20=20=20=20suspended=20strea?= =?UTF-8?q?m.=20=20[Stefan=20Eissing]=20=20=20*)=20build:=20allow=20config?= =?UTF-8?q?uration=20without=20APR=20sources.=20=20[Jacob=20Champion]=20?= =?UTF-8?q?=20=20*)=20mod=5Fssl,=20ab:=20Fix=20compatibility=20with=20Libr?= =?UTF-8?q?eSSL.=20=20PR=2061184.=20=20=20=20=20=20[Bernard=20Spil=20,=20Michael=20Schlenker=20,?= =?UTF-8?q?=20=20=20=20=20=20=20Yann=20Ylavic]=20=20=20*)=20core/log:=20Su?= =?UTF-8?q?pport=20use=20of=20optional=20"tag"=20in=20syslog=20entries.=20?= =?UTF-8?q?=20=20=20=20=20PR=2060525.=20[Ben=20Rubson=20,=20Jim=20Jagielski]=20=20=20*)=20mod=5Fproxy:=20Fix=20Pr?= =?UTF-8?q?oxyAddHeaders=20merging.=20=20[Joe=20Orton]=20=20=20*)=20core:?= =?UTF-8?q?=20Disallow=20multiple=20Listen=20on=20the=20same=20IP:port=20w?= =?UTF-8?q?hen=20listener=20buckets=20=20=20=20=20=20are=20configured=20(L?= =?UTF-8?q?istenCoresBucketsRatio=20>=200),=20consistently=20with=20the=20?= =?UTF-8?q?single?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=527 --- apache2.changes | 41 ++++++++++++++++++++++++++++++++++++++++ apache2.spec | 2 +- httpd-2.4.27.tar.bz2 | 3 --- httpd-2.4.27.tar.bz2.asc | 16 ---------------- httpd-2.4.28.tar.bz2 | 3 +++ httpd-2.4.28.tar.bz2.asc | 16 ++++++++++++++++ 6 files changed, 61 insertions(+), 20 deletions(-) delete mode 100644 httpd-2.4.27.tar.bz2 delete mode 100644 httpd-2.4.27.tar.bz2.asc create mode 100644 httpd-2.4.28.tar.bz2 create mode 100644 httpd-2.4.28.tar.bz2.asc diff --git a/apache2.changes b/apache2.changes index 67446e6..3796f28 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Fri Oct 6 07:45:55 UTC 2017 - pgajdos@suse.com + +- updated to 2.4.28: + *) SECURITY: CVE-2017-9798 (cve.mitre.org) + Corrupted or freed memory access. must now be used in the + main configuration file (httpd.conf) to register HTTP methods before the + .htaccess files. [Yann Ylavic] + *) event: Avoid possible blocking in the listener thread when shutting down + connections. PR 60956. [Yann Ylavic] + *) mod_speling: Don't embed referer data in a link in error page. + PR 38923 [Nick Kew] + *) htdigest: prevent a buffer overflow when a string exceeds the allowed max + length in a password file. + [Luca Toscano, Hanno Böck ] + *) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25). + [Jim Jagielski] + *) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically. + PR 61142. + *) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified + down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond), + 's' (second) and 'hr' (hour!) time suffixes. [Jim Jagielski] + *) mod_http2: Fix for stalling when more than 32KB are written to a + suspended stream. [Stefan Eissing] + *) build: allow configuration without APR sources. [Jacob Champion] + *) mod_ssl, ab: Fix compatibility with LibreSSL. PR 61184. + [Bernard Spil , Michael Schlenker , + Yann Ylavic] + *) core/log: Support use of optional "tag" in syslog entries. + PR 60525. [Ben Rubson , Jim Jagielski] + *) mod_proxy: Fix ProxyAddHeaders merging. [Joe Orton] + *) core: Disallow multiple Listen on the same IP:port when listener buckets + are configured (ListenCoresBucketsRatio > 0), consistently with the single + bucket case (default), thus avoiding the leak of the corresponding socket + descriptors on graceful restart. [Yann Ylavic] + *) event: Avoid listener periodic wake ups by using the pollset wake-ability + when available. PR 57399. [Yann Ylavic, Luca Toscano] + *) mod_proxy_wstunnel: Fix detection of unresponded request which could have + led to spurious HTTP 502 error messages sent on upgrade connections. + PR 61283. [Yann Ylavic] + ------------------------------------------------------------------- Thu Oct 5 12:57:56 UTC 2017 - pgajdos@suse.com diff --git a/apache2.spec b/apache2.spec index cb00fb0..ba79b48 100644 --- a/apache2.spec +++ b/apache2.spec @@ -53,7 +53,7 @@ %define mods_static unixd %endif Name: apache2 -Version: 2.4.27 +Version: 2.4.28 Release: 0 Summary: The Apache Web Server Version 2.4 License: Apache-2.0 diff --git a/httpd-2.4.27.tar.bz2 b/httpd-2.4.27.tar.bz2 deleted file mode 100644 index ddcce70..0000000 --- a/httpd-2.4.27.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a -size 6527394 diff --git a/httpd-2.4.27.tar.bz2.asc b/httpd-2.4.27.tar.bz2.asc deleted file mode 100644 index c3539e3..0000000 --- a/httpd-2.4.27.tar.bz2.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIVAwUAWV51rTTqduZ5FIWoAQpSYQ//dq6ZWySYFWcTvHW3dgvgrKHZYyrX+Sd1 -tk4lprsTEBIcx3DnCGp6DUJ5vpTW20biPjMfOqRgjX3YEJvzyPasebiSPlsb3Kfm -AMSkRhd73rjzrJ34qsN9JBeenupUxcDWPjJxaXB1miys4S1GXgb9gH9lkVpq9w5I -hXsyP9xh5y7ZWguaNmKpezmLK+D90pglhD+/6D7nR9r1MVCyVL/30ARAsryaevjA -cGbDm0ZJ2SjWD9oCY7vVIYFTyTx6tTg0+vHsOsAyKyq82wEVr8NvNwzdWv2KygOB -vx+vpJC6o1Lz5WaU7vVDndZJzJAZq9S1yH/D0mkQ35qTUDEB/4qGvChWnEvqCoeq -sLQA2111fot/PpgiWFFpx47gZrytkG6vqE6YnDr5zYT2IYCsq4saCAxj5uIahios -D70kE4RHyUN7ohAYMbCLqyCN/2IIIrFPzXDUOS3j7HkTM3j9ZtltlMtaQeFOo+u3 -uYsDxbKhlTFparj2wDFf8wl+M2/0sfeVzFNkUkVzYhnHQQ4ydaCVIk+CEhvCD/FZ -oXRNALOnCkmMOK9pptaIe/Y/kmlAPGK2OLAjEuQsYI16SGv81FYmr3Cd/5lK80IJ -IrLK7CP5jgoBhFzmbC2VfoCsEiewOD9bOggFMDiAewlVxF5007aK1acQdoMueN/s -rB0+dG7ENno= -=9qyb ------END PGP SIGNATURE----- diff --git a/httpd-2.4.28.tar.bz2 b/httpd-2.4.28.tar.bz2 new file mode 100644 index 0000000..5a36f5a --- /dev/null +++ b/httpd-2.4.28.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c1197a3a62a4ab5c584ab89b249af38cf28b4adee9c0106b62999fd29f920666 +size 6553163 diff --git a/httpd-2.4.28.tar.bz2.asc b/httpd-2.4.28.tar.bz2.asc new file mode 100644 index 0000000..e95ffa3 --- /dev/null +++ b/httpd-2.4.28.tar.bz2.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIVAwUAWcjw5zTqduZ5FIWoAQr5EQ/7BXT4HjCD3eUJK9OymmpchCYZL1l4uZNy +4oywYvn5THhWy4i9+sOxgju4LFQJCUlu/Cmqeh5bZgZIfdCAnxNANiNmtIaL0gum +in0ZmLYeiJHLT1qkUYUhmUgRXoUTG5GBeHEhKaQUG36aywYlJK/OVRxEA/tqaLPX +SyaUCHao98E0UjarDvSLwpH1/7KAA8GyknEaZnTXhnyFboEFGRiI2xpkeRM8NhNh +ASIq0YfndBlneG4uHlsPoWLcFp5HttQ9YdpBo39sbSVLKFlUg9XYK/3n0mh3Xx5Z +xowVOs2/5gP2sPjmC92ycx3LRlwK7ygw1/Dx/dImuhTtTAL7OG6i1/qFNY1utNCh +LAddU/on5YQz5beV1LjZip9ef4yBikqBsRUtyu/fQG+EqiszzpxxHf+JfaWXl+hu +NoFIALVtSEBf8LHT0cvIRWY3Id05nYDpknGiuNxuDIpYc4qdY7yDOa6lPeS3kGzC +iPFh63B6nhzNudNWCT0YH2mLKGs6szDM4Hwh13Kotva3vus7UWv4O8jFAiSPvO8h +aNpfy2IMcvjuXBu4oWbuu/X6l0FLZo/LKGzvUDZiG62Z1RCH/zg9f5OiBVIlEIWM +INe6IsivQOM3DMNJX6U3VZUyx2hN4J5O31bkP4qMoNnHOzA7PD9JX4owirpxy4eZ +Y2Ywbc9jeBk= +=kUfO +-----END PGP SIGNATURE-----