pool/apache2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=23

Browse Source
This commit is contained in:
OBS User unknown 2008-09-12 20:47:19 +00:00 committed by Git OBS Bridge
parent 7558d961d9
commit 0ce478ec5d
8 changed files with 1133 additions and 558 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

604
apache2.changes
View File

@ -1,12 +1,167 @@
-------------------------------------------------------------------
Thu Aug 28 01:16:28 CEST 2008 - ro@suse.de
Tue Aug 26 22:59:55 CEST 2008 - poeml@suse.de
- remove deprecated options from fillup and insserv call
- drop rc.config handling (was removed in or after SuSE Linux 8.0)
- don't use fillup_insserv options which have been removed lately
-------------------------------------------------------------------
Mon Aug 25 01:20:45 CEST 2008 - ro@suse.de
Fri Aug 15 11:25:47 CEST 2008 - poeml@suse.de
- initscript: copy Should-Start to Should-Stop to fix build
- fix init script LSB headers
-------------------------------------------------------------------
Wed Jun 25 14:36:06 CEST 2008 - poeml@suse.de
- add note to /etc/sysconfig/apache2 and /etc/init.d/apache2 about
how to set ulimits when starting the server
- undocument APACHE_BUFFERED_LOGS and APACHE_TIMEOUT in the
sysconfig template. They still work but I think it is good to
keep this stuff out of the beginner's config, first because both
features are sophisticated enough to not being tweaked in most
cases, second because it only confuses people I guess, and makes
the sysconfig file larger than necessary.
-------------------------------------------------------------------
Sun Jun 15 19:39:46 CEST 2008 - poeml@suse.de
- update to 2.2.9:
SECURITY: CVE-2008-2364 (cve.mitre.org)
mod_proxy_http: Better handling of excessive interim responses
from origin server to prevent potential denial of service and
high memory usage. Reported by Ryujiro Shibuya.
SECURITY: CVE-2007-6420 (cve.mitre.org)
mod_proxy_balancer: Prevent CSRF attacks against the
balancer-manager interface.
- htpasswd: Fix salt generation weakness. PR 31440
worker/event MPM:
- Fix race condition in pool recycling that leads to
segmentation faults under load. PR 44402
core:
- Fix address-in-use startup failure on some platforms caused by
creating an IPv4 listener which overlaps with an existing IPv6
listener.
- Add the filename of the configuration file to the warning
message about the useless use of AllowOverride. PR 39992.
- Do not allow Options ALL if not all options are allowed to be
overwritten. PR 44262
- reinstate location walk to fix config for subrequests PR 41960
- Fix garbled TRACE response on EBCDIC platforms.
- gen_test_char: add double-quote to the list of
T_HTTP_TOKEN_STOP. PR 9727
http_filters:
- Don't return 100-continue on redirects. PR 43711
- Don't return 100-continue on client error PR 43711
- Don't spin if get an error when reading the next chunk. PR 44381
- Don't add bogus duplicate Content-Language entries
suexec:
- When group is given as a numeric gid, validate it by looking up
the actual group name such that the name can be used in log entries.
PR 7862
mod_authn_dbd:
- Disambiguate and tidy database authentication error messages. PR 43210.
mod_cache:
- Handle If-Range correctly if the cached resource was stale. PR 44579
- Revalidate cache entities which have Cache-Control: no-cache
set in their response headers. PR 44511
mod_cgid:
- Explicitly set permissions of the socket (ScriptSock) shared
by mod_cgid and request processing threads, for OS'es such as
HPUX and AIX that do not use umask for AF_UNIX socket permissions.
- Don't try to restart the daemon if it fails to initialize the socket.
mod_charset_lite:
- Add TranslateAllMimeTypes sub-option to CharsetOptions,
allowing the administrator to skip the mimetype checking that
precedes translation.
mod_dav:
- Return "method not allowed" if the destination URI of a WebDAV
copy / move operation is no DAV resource. PR 44734
mod_headers:
- Add 'merge' option to avoid duplicate values within the same header.
mod_include:
- Correctly handle SSI directives split over multiple filter
mod_log_config:
- Add format options for %p so that the actual local or remote
port can be logged. PR 43415.
mod_logio:
- Provide optional function to allow modules to adjust the
bytes_in count
mod_proxy:
- Make all proxy modules nocanon aware and do not add the
query string again in this case. PR 44803.
- scoreboard: Remove unused proxy load balancer elements from scoreboard
image (not scoreboard memory itself).
- Support environment variable interpolation in reverse
proxying directives.
- Do not try a direct connection if the connection via a
remote proxy failed before and the request has a request body.
- ProxyPassReverse is now balancer aware.
- Lower memory consumption for short lived connections.
PR 44026.
- Keep connections to the backend persistent in the HTTPS case.
mod_proxy_ajp:
- Do not retry request in the case that we either failed to
sent a part of the request body or if the request is not idempotent.
PR 44334
mod_proxy_ftp:
- Fix base for directory listings. PR 27834
mod_proxy_http:
- Fix processing of chunked responses if Connection:
Transfer-Encoding is set in the response of the proxied
system. PR 44311
- Return HTTP status codes instead of apr_status_t values for
errors encountered while forwarding the request body PR 44165
mod_rewrite:
- Initialize hash needed by ap_register_rewrite_mapfunc early
enough. PR 44641
- Check all files used by DBM maps for freshness, mod_rewrite
didn't pick up on updated sdbm maps due to this. PR41190
- Don't canonicalise URLs with [P,NE] PR 43319
mod_speling:
- remove regression from 1.3/2.0 behavior and drop dependency
between mod_speling and AcceptPathInfo.
mod_ssl:
- Fix a memory leak with connections that have zlib compression
turned on. PR 44975
mod_substitute:
- The default is now flattening the buckets after each
substitution. The newly added 'q' flag allows for the quicker,
more efficient bucket-splitting if the user so
mod_unique_id:
- Fix timestamp value in UNIQUE_ID. PR 37064
ab (apache benchmark):
- Include <limits.h> earlier if available since we may need
INT_MAX (defined there on Windows) for the definition of MAX_REQUESTS.
- Improve client performance by clearing connection pool instead
- Don't stop sending a request if EAGAIN is returned, which
will only happen if both the write and subsequent wait are
returning EAGAIN, and count posted bytes correctly when the initial
write of a request is not complete. PR 10038, 38861, 39679
- Overhaul stats collection and reporting to avoid integer
truncation and time divisions within the test loop, retain
native time resolution until output, remove unused data,
consistently round milliseconds, and generally avoid losing
accuracy of calculation due to type casts. PR 44878, 44931.
- Add -r option to continue after socket receive errors.
- Do not try to read non existing response bodies of HEAD requests.
- Use a 64 bit unsigned int instead of a signed long to count the
rotatelogs:
- Log the current file size and error code/description when
failing to write to the log file.
- Added '-f' option to force rotatelogs to create the logfile as
soon as started, and not wait until it reads the first entry.
- Don't leak memory when reopening the logfile. PR 40183
- Improve atomicity when using -l and cleaup code. PR 44004
- drop obsolete patches httpd-2.1.3alpha-autoconf-2.59.dif
httpd-2.2.x-CVE-2008-1678.patch
- don't run autoreconf on SLES9
- remove the addition of -g to the CFLAGS, since the build service
handles debuginfo packages now
-------------------------------------------------------------------
Mon Jun 9 17:18:03 CEST 2008 - poeml@suse.de
- build service supports the debuginfo flag in metadata now; remove
debug_package macro from the specfile therefore.
-------------------------------------------------------------------
Mon May 26 16:55:37 CEST 2008 - skh@suse.de
@ -19,62 +174,429 @@ Mon May 26 16:55:37 CEST 2008 - skh@suse.de
httpd-2.2.x-CVE-2008-1678.patch
-------------------------------------------------------------------
Fri Apr 18 14:17:31 CEST 2008 - poeml@suse.de
Thu May 15 01:58:08 CEST 2008 - poeml@suse.de
- sync up with changes from Build Service:
- new implementation of sysconf_addword, using sed instead of ed.
Moving it from the -utils subpackage into the parent package,
where it's actually needed. If sysconf_addword is already present
in the system, it is preferred (by PATH). That's because the tool
has been integrated into aaa_base.rpm with openSUSE 11.0.
Removing the requires on the ed package. [bnc#377131]
- better documentation how to enable SSL in /etc/sysconfig/apache2
- quickstart readme: the link to the openSUSE wiki is about to move
- add "127.0.0.1" to the local access list in mod_status.conf,
because on some systems "localhost" seems to resolve only to IPv6
localhost
- /etc/init.d/apache2: implement restart-graceful, stop-graceful
- fix graceful-restart. Wait until the pidfile is gone, but don't
wait for the parent to disappear. It stays there, after closing
the listen ports.
- don't configure in maintainer-mode. It not only enables compile
time warnings, but also adds AP_DEBUG into the mix which causes
enablement of debug code which is not wanted in production
builds.
- drop obsolete patches mod_dbd.c-issue18989-autoconnect.dif and
mod_dbd.c-r571441, as the 2.2.8 mod_dbd is just fine.
- fix build on Mandriva 2007, by escaping commented %build macro
- make filelist of man pages independant of the compression method
(gz, bz2, lzma)
-------------------------------------------------------------------
Tue Apr 1 16:05:07 CEST 2008 - mkoenig@suse.de
Fri Apr 18 11:55:14 CEST 2008 - poeml@suse.de
- remove dir /usr/share/omc/svcinfo.d as it is provided now
by filesystem
- fix from Factory:
- remove dir /usr/share/omc/svcinfo.d as it is provided now
by filesystem
- remove obsolete httpd-2.2.x.doublefree.patch file, which isn't
used since quite some time since the issue is resolved.
-------------------------------------------------------------------
Fri Mar 14 15:28:13 CET 2008 - skh@suse.de
Thu Apr 17 17:58:02 CEST 2008 - poeml@suse.de
- update to upstream 2.2.8 --> see CHANGES in package for details
- removed obsolete patches:
- apache2-mod_cache-CVE-2007-1863.patch
- apache2-mod_status-CVE-2006-5752.patch
- httpd-2.2.4-mod_autoindex-charset-r570962.patch
- httpd-2.2.x.doublefree.patch
- new implementation of sysconf_addword, using sed instead of ed.
Moving it from the -utils subpackage into the parent package,
where it's actually needed. If sysconf_addword is already present
in the system, it is preferred (by PATH). That's because the tool
has been integrated into aaa_base.rpm with openSUSE 11.0.
Removing the requires on the ed package. [bnc#377131]
-------------------------------------------------------------------
Thu Dec 13 16:58:03 CET 2007 - ro@suse.de
Wed Mar 12 14:29:04 CET 2008 - poeml@suse.de
- remove sysconf_addword, now in aaa_base (#328599)
- require ed package, since ed is needed by sysconf_addword, which
in turn is used by a2enmod/a2enflag
-------------------------------------------------------------------
Mon Oct 22 17:38:19 CEST 2007 - sbrabec@suse.cz
Fri Feb 29 14:06:52 CET 2008 - poeml@suse.de
- Use correct SuSEfirewall2 rule directory.
- better documentation how to enable SSL in /etc/sysconfig/apache2
- quickstart readme: the link to the openSUSE wiki is about to move
-------------------------------------------------------------------
Tue Feb 19 13:14:45 CET 2008 - poeml@suse.de
- add "127.0.0.1" to the local access list in mod_status.conf,
because on some systems "localhost" seems to resolve only to IPv6
localhost
-------------------------------------------------------------------
Sat Feb 2 05:37:34 CET 2008 - crrodriguez@suse.de
- upstream 2.2.8
SECURITY: CVE-2007-6421 (cve.mitre.org)
mod_proxy_balancer: Correctly escape the worker route and the worker
redirect string in the HTML output of the balancer manager.
Reported by SecurityReason.
SECURITY: CVE-2007-6422 (cve.mitre.org)
Prevent crash in balancer manager if invalid balancer name is passed
as parameter. Reported by SecurityReason.
SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason.
SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.
SECURITY: CVE-2008-0005 (cve.mitre.org)
Introduce the ProxyFtpDirCharset directive, allowing the administrator
to identify a default, or specific servers or paths which list their
contents in other-than ISO-8859-1 charset (e.g. utf-8).
mod_autoindex:
- Generate valid XHTML output by adding the xhtml namespace. PR 43649
mod_charset_lite:
- Don't crash when the request has no associated filename.
mod_dav:
- Fix evaluation of If-Match * and If-None-Match * conditionals. PR 38034
- Adjust etag generation to produce identical results on 32-bit
and 64-bit platforms and avoid a regression with conditional PUT's on lock
and etag. PR 44152.
mod_deflate:
- initialise inflate-out filter correctly when the first brigade
contains no data buckets. PR 43512
mod_disk_cache:
- Delete temporary files if they cannot be renamed to their final
name.
mod_filter:
- Don't segfault on (unsupported) chained FilterProvider usage. PR 43956
mod_include:
- Add an "if" directive syntax to test whether an URL is
accessible, and if so, conditionally display content. This
allows a webmaster to hide a link to a private page when the
user has no access to that page.
mod_ldap:
- Try to establish a new backend LDAP connection when the
Microsoft LDAP client library returns LDAP_UNAVAILABLE, e.g.
after the LDAP server has closed the connection due to a
timeout. PR 39095
- Give callers a reference to data copied into the request pool
instead of references directly into the cache PR 43786
- Stop passing a reference to pconf around for (limited) use
during request processing, avoiding possible memory corruption
and crashes.
mod_proxy:
- Canonicalisation improvements. Add "nocanon" keyword to
ProxyPass, to suppress URI-canonicalisation in a reverse proxy. Also,
don't escape/unescape forward-proxied URLs. PR 41798, 42592
- Don't by default violate RFC2616 by setting Max-Forwards when
the client didn't send it to us. Leave that as a
configuration option. PR 16137
- Fix persistent backend connections. PR 43472
- escape error-notes correctly PR 40952
- check ProxyBlock for all blocked addresses PR 36987
- Don't lose bytes when a response line arrives in small chunks.
PR 40894
mod_proxy_ajp:
- Use 64K as maximum AJP packet size. This is the maximum length
we can squeeze inside the AJP message packet.
- Ignore any ajp13 flush packets received before we send the
response headers. See Tomcat PR 43478.
- Differentiate within AJP between GET and HEAD requests. PR 43060
mod_proxy_balancer:
- Do not reset lbstatus, lbfactor and lbset when starting a new
child. PR 39907
mod_proxy_http:
- Remove Warning headers with wrong date PR 16138
- Correctly parse all Connection headers in proxy. PR 43509
- add Via header correctly (if enabled) to response, even where
other Via headers exist. PR 19439
- Correctly forward unexpected interim (HTTP 1xx) responses from
the backend according to RFC2616. But make it configurable in
case something breaks on it. PR 16518
- strip hop-by-hop response headers PR 43455
- Propagate Proxy-Authorization header correctly. PR 25947
- Don't segfault on bad line in FTP listing PR 40733
mod_rewrite:
- Add option to suppress URL unescaping PR 34602
- Add the novary flag to RewriteCond.
mod_substitute:
- Added a new output filter, which performs inline response
content pattern matching (including regex) and substitution.
mod_ssl:
- Fix handling of the buffered request body during a per-location
renegotiation, when an internal redirect occurs. PR 43738.
- Fix SSL client certificate extensions parsing bug. PR 44073.
- Prevent memory corruption of version string. PR 43865, 43334
mod_status:
- Add SeeRequestTail directive, which determines if
ExtendedStatus displays the 1st 63 characters of the request
or the last 63. Useful for those requests with large string
lengths and which only vary with the last several characters.
event MPM:
- Add support for running under mod_ssl, by reverting to the
Worker MPM behaviors, when run under an input filter that buffers
its own data.
core:
- Fix regression in 2.2.7 in chunk filtering with massively
chunked requests.
- Lower memory consumption of ap_r* functions by reusing the
brigade instead of recreating it during each filter pass.
- Lower memory consumption in case that flush buckets are passed
thru the chunk filter as last bucket of a brigade. PR 23567.
- Fix broken chunk filtering that causes all non blocking reads
to be converted into blocking reads. PR 19954, 41056.
- Change etag generation to produce identical results on 32-bit
and 64-bit platforms. PR 40064.
- Handle unrecognised transfer-encodings. PR 43882
- Avoid some unexpected connection closes by telling the client
that the connection is not persistent if the MPM process
handling the request is already exiting when the response
header is built.
- fix possible crash at startup in case of nonexistent
DocumentRoot. PR 39722
- http_core: OPTIONS * no longer maps to local storage or URI
space. Note that unlike previous versions, OPTIONS * no longer
returns an Allow: header. PR 43519
- scoreboard: improve error message on apr_shm_create failure PR
40037
- Don't send spurious "100 Continue" response lines. PR 38014
- http_protocol:
- Escape request method in 413 error reporting. Determined to
be not generally exploitable, but a flaw in any case. PR
44014
- Add "DefaultType none" option. PR 13986 and PR 16139
- Escape request method in 405 error reporting. This has no
security impact since the browser cannot be tricked into
sending arbitrary method strings.
- Various code cleanups. PR 38699, 39518, 42005, 42006, 42007, 42008, 42009
- Add explicit charset to the output of various modules to work
around possible cross-site scripting flaws affecting web
browsers that do not derive the response character set as
required by RFC2616. One of these reported by SecurityReason
- rotatelogs: Change command-line parsing to report more types
of errors. Allow local timestamps to be used when rotating based
on file size.
-------------------------------------------------------------------
Wed Sep 12 20:11:37 CEST 2007 - poeml@suse.de
- fix graceful-restart. Wait until the pidfile is gone, but don't
wait for the parent to disappear. It stays there, after closing
the listen ports.
-------------------------------------------------------------------
Wed Sep 12 15:49:15 CEST 2007 - poeml@suse.de
- use debug_package macro only on suse, because it breaks the build
on Mandriva
-------------------------------------------------------------------
Wed Sep 12 13:41:16 CEST 2007 - poeml@suse.de
- don't configure in maintainer-mode. It not only enables compile
time warnings, but also adds AP_DEBUG into the mix which causes
enablement of debug code which is not wanted in production
builds.
-------------------------------------------------------------------
Mon Sep 10 17:32:56 CEST 2007 - poeml@suse.de
- upstream 2.2.6
SECURITY: CVE-2007-3847 (cve.mitre.org)
mod_proxy: Prevent reading past the end of a buffer when parsing
date-related headers. PR 41144.
SECURITY: CVE-2007-1863 (cve.mitre.org)
mod_cache: Prevent a segmentation fault if attributes are listed in a
Cache-Control header without any value.
SECURITY: CVE-2007-3304 (cve.mitre.org)
prefork, worker, event MPMs: Ensure that the parent process cannot
be forced to kill processes outside its process group.
SECURITY: CVE-2006-5752 (cve.mitre.org)
mod_status: Fix a possible XSS attack against a site with a public
server-status page and ExtendedStatus enabled, for browsers which
perform charset "detection". Reported by Stefan Esser.
SECURITY: CVE-2007-1862 (cve.mitre.org)
mod_mem_cache: Copy headers into longer lived storage; header names and
values could previously point to cleaned up storage. PR 41551.
mod_alias:
- Accept path components (URL part) in Redirects. PR 35314.
mod_authnz_ldap:
- Don't return HTTP_UNAUTHORIZED during authorization when
LDAP authentication is configured but we haven't seen any
'Require ldap-*' directives, allowing authorization to be passed to lower
level modules (e.g. Require valid-user) PR 43281
mod_autoindex:
- Add in Type and Charset options to IndexOptions
directive. This allows the admin to explicitly set the
content-type and charset of the generated page and is therefore
a viable workaround for buggy browsers affected by CVE-2007-4465
mod_cache:
- Remove expired content from cache that cannot be revalidated.
PR 30370.
- Do not set Date or Expires when they are missing from the
original response or are invalid.
- Correctly handle HEAD requests on expired cache content. PR
41230.
- Let Cache-Control max-age set the expiration of the cached
representation if Expires is not set.
- Allow caching of requests with query arguments when
Cache-Control max-age is explicitly specified.
- Use the same cache key throughout the whole request processing
to handle escaped URLs correctly. PR 41475.
- Add CacheIgnoreQueryString directive. PR 41484.
- While serving a cached entity ensure that filters that have
been applied to this cached entity before saving it to the
cache are not applied again. PR 40090.
- Correctly cache objects whose URL query string has been
modified by mod_rewrite. PR 40805.
mod_cgi, mod_cgid:
- Fix use of CGI scripts as ErrorDocuments. PR 39710.
mod_dbd:
- Introduce configuration groups to allow inheritance by virtual
hosts of database configurations from the main server.
Determine the minimal set of distinct configurations and share
connection pools whenever possible. Allow virtual hosts to
override inherited SQL statements. PR 41302.
- Create memory sub-pools for each DB connection and close DB
connections in a pool cleanup function. Ensure prepared
statements are destroyed before DB connection is closed. When
using reslists, prevent segfaults when child processes exit,
and stop memory leakage of ap_dbd_t structures. Avoid use of
global s->process->pool, which isn't destroyed by exiting
child processes in most multi-process MPMs. PR 39985.
- Handle error conditions in dbd_construct() properly. Simplify
ap_dbd_open() and use correct arguments to apr_dbd_error()
when non-threaded. Register correct cleanup data in
non-threaded ap_dbd_acquire() and ap_dbd_cacquire(). Clean up
configuration data and merge function. Use ap_log_error()
wherever possible.
- Stash DBD connections in request_config of initial request
only, or else sub-requests and internal redirections may cause
entire DBD pool to be stashed in a single HTTP request.
mod_deflate:
- don't try to process metadata buckets as data. what should
have been a 413 error was logged as a 500 and a blank screen
appeared at the browser.
- fix protocol handling in deflate input filter PR 23287
mod_disk_cache:
- Allow Vary'd responses to be refreshed properly.
mod_dumpio:
- Fix for correct dumping of traffic on EBCDIC hosts Data had
been incorrectly converted twice, resulting in garbled log
output.
mod_expires:
- don't crash on bad configuration data PR 43213
mod_filter:
- fix integer comparisons in dispatch rules PR 41835
- fix merging of ! and = in FilterChain PR 42186
mod_headers:
- Allow % at the end of a Header value. PR 36609.
mod_info:
- mod_info outputs invalid XHTML 1.0 transitional. PR 42847
mod_ldap:
- Avoid possible crashes, hangs, and busy loops due to improper
merging of the cache lock in vhost config PR 43164
mod_ldap:
- Remove the hardcoded size limit parameter for
ldap_search_ext_s and replace it with an APR_ defined value
that is set according to the LDAP SDK being used.
mod_mem_cache:
- Increase the minimum and default value for MCacheMinObjectSize
from 0 to 1, as a MCacheMinObjectSize of 0 does not make sense
and leads to a division by zero. PR 40576.
mod_negotiation:
- preserve Query String in resolving a type map PR 33112
mod_proxy:
- mod_proxy_http: accept proxy-sendchunked/proxy-sendchunks as
synonymous. PR 43183
- Ensure that at least scheme://hostname[:port] matches between
worker and URL when searching for the best fitting worker for
a given URL. PR 40910
- Improve network performance by setting APR_TCP_NODELAY
(disable Nagle algorithm) on sockets if implemented. PR 42871
- Add a missing assignment in an error checking code path. PR 40865
- don't URLencode tilde in path component PR 38448
- enable Ignore Errors option on ProxyPass Status. PR 43167
- Allow to use different values for sessionid in url encoded id
and cookies. PR 41897.
- Fix the 503 returned when session route does not match any of
the balancer members.
- Added ProxyPassMatch directive, which is similar to ProxyPass
but takes a regex local path prefix.
- Print the correct error message for erroneous configured
ProxyPass directives. PR 40439.
- Fix some proxy setting inheritance problems (eg:
ProxyTimeout). PR 11540.
- proxy/ajp_header.c: Fixed header token string comparisons
Matching of header tokens failed to include the trailing NIL
byte and could misinterpret a longer header token for a
shorter. Additionally, a "Content-Type" comparison was made
case insensitive.
- proxy/ajp_header.c: Backport of an AJP protocol fix for EBCDIC
On EBCDIC machines, the status_line string was incorrectly
converted twice.
mod_proxy_connect:
- avoid segfault on DNS lookup failure. PR 40756
mod_proxy_http:
- HTTP proxy ProxyErrorOverride: Leave 1xx and 3xx responses
alone. Only processing of error responses (4xx, 5xx) will be
altered. PR 39245.
- Don't try to read body of a HEAD request before responding. PR 41644
- Handle request bodies larger than 2 GB by converting the
Content-Length header of the request correctly. PR 40883.
mod_ssl:
- Fix spurious hostname mismatch warning for valid wildcard
certificates. PR 37911.
- Version reporting update; displays 'compiled against' Apache
and build-time SSL Library versions at loglevel [info], while
reporting the run-time SSL Library version in the server info
tags. Helps to identify a mod_ssl built against one flavor of
OpenSSL but running against another (also adds SSL-C version
number reporting.)
- initialize thread locks before initializing the hardware
acceleration library, so the latter can make use of the
former. PR 20951.
core:
- Do not replace a Date header set by a proxied backend server. PR 40232
- log core: ensure we use a special pool for stderr logging, so that
the stderr channel remains valid from the time plog is destroyed,
until the time the open_logs hook is called again.
- main core: Emit errors during the initial apr_app_initialize()
or apr_pool_create() (when apr-based error reporting is not ready).
- log core: fix the new piped logger case where we couldn't connect
the replacement stderr logger's stderr to the NULL stdout stream.
Continue in this case, since the previous alternative of no error
logging at all (/dev/null) is far worse.
- Correct a regression since 2.0.x in the handling of AllowOverride
Options. PR 41829.
- Unix MPMs: Catch SIGFPE so that exception hooks and CoreDumpDirectory
can work after that terminating signal.
- mod_so: Provide more helpful LoadModule feedback when an error occurs.
misc:
- mime.types: Many updates to sync with IANA registry and common
unregistered types that the owners refuse to register. Admins
are encouraged to update their installed mime.types file. PR:
35550, 37798, 39317, 31483
- mime.types: add Registered Javascript/ECMAScript MIME types
(RFC4329) PR 40299
- htdbm: Enable crypt support on platforms with crypt() but not
<crypt.h>, such as z/OS.
- ab.c: Correct behavior of HTTP request headers sent by ab in
presence of -H command-line overrides. PR 31268, 26554.
- ab.c: The apr_port_t type is unsigned, but ab was using a
signed format code in its reports. PR 42070.
- drop obsolete patches apache2-mod_cache-CVE-2007-1863.patch
apache2-mod_status-CVE-2006-5752.patch
httpd-2.2.4-mod_autoindex-charset-r570962.patch
mod_dbd.c-issue18989-autoconnect.dif
mod_dbd.c-r571441
-------------------------------------------------------------------
Mon Sep 3 13:43:22 CEST 2007 - skh@suse.de
- get_module_list: replace loadmodule.conf atomically [bnc #214863]
-------------------------------------------------------------------
Sat Sep 1 01:49:37 CEST 2007 - poeml@suse.de
- /etc/init.d/apache2: implement restart-graceful, stop-graceful
-------------------------------------------------------------------
Fri Aug 31 14:21:27 CEST 2007 - poeml@suse.de
- update mod_dbd to trunk version (r571441)
* apr_dbd_check_conn() just returns APR_SUCCESS or
APR_EGENERAL, so we don't actually have a driver-specific value
to pass to apr_dbd_error(), but that's OK because most/all
drivers just ignore this value anyway
-------------------------------------------------------------------
Fri Aug 31 12:37:27 CEST 2007 - poeml@suse.de

612
apache2.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package apache2 (Version 2.2.8)
# spec file for package apache2 (Version 2.2.9)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -61,9 +61,9 @@ BuildRequires: expat-devel
%define platform_string Linux/%VENDOR
License: The Apache Software License
Group: Productivity/Networking/Web/Servers
%define realver 2.2.8
Version: 2.2.8
Release: 50
%define realver 2.2.9
Version: 2.2.9
Release: 1
#Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2
Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2
Source10: SUSE-NOTICE
@ -111,12 +111,10 @@ Source131: apache2-vhost-ssl.template
Source140: apache2-check_forensic
Source141: apache-20-22-upgrade
Patch2: httpd-2.1.3alpha-layout.dif
Patch10: httpd-2.1.3alpha-autoconf-2.59.dif
Patch23: httpd-2.1.9-apachectl.dif
Patch65: httpd-2.0.49-log_server_status.dif
Patch66: httpd-2.0.54-envvars.dif
Patch67: httpd-2.2.0-apxs-a2enmod.dif
Patch68: httpd-2.2.x-CVE-2008-1678.patch
Url: http://httpd.apache.org/
Icon: Apache.xpm
Summary: The Apache Web Server Version 2.0
@ -322,9 +320,6 @@ Authors:
--------
Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE
%if 0%{?opensuse_bs}
%endif
%prep
#
# O/ ._ .__ ._
@ -333,12 +328,10 @@ Authors:
#
%setup -q -n httpd-%{realver}
%patch2 -p1
%patch10 -p1
%patch23 -p1
%patch65 -p1
%patch66 -p1
%patch67 -p1
%patch68 -p3
#
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
#
@ -351,8 +344,14 @@ sed 's/public_html/%{userdir}/g' docs/conf/extra/httpd-userdir.conf.in > tmp_fil
#
# now configure Apache
#
%if 0%{?suse_version} > 910
aclocal
autoreconf --force --install
%else
rm -rf aclocal.m4 autom4te*.cache
autoheader
autoconf
%endif
%build
#
@ -361,9 +360,6 @@ autoreconf --force --install
#
function configure {
CFLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing -DLDAP_DEPRECATED" \
%if 0%{?opensuse_bs}
CFLAGS="$CFLAGS -g"
%endif
CPPFLAGS="-DSSL_EXPERIMENTAL_ENGINE -DMAX_SERVER_LIMIT=200000 -DLDAP_DEPRECATED -DMAXLINE=4096" \
./configure \
--enable-layout=SuSE81%(test "%_lib" = lib64 && echo -n _64) \
@ -450,9 +446,6 @@ for mpm in %{mpms_to_build}; do
make CFLAGS="$RPM_OPT_FLAGS -fPIC \
-fno-strict-aliasing \
-Wall \
%if 0%{?opensuse_bs}
-g \
%endif
-DDEFAULT_PIDLOG='\"%{runtimedir}/%{httpd}.pid\"' \
-DDEFAULT_ERRORLOG='\"%{logfiledir}/error_log\"' " \
%{?jobs:-j%jobs}
@ -532,7 +525,7 @@ done
# /O || |_> |_(_|||
#
#
# (most installation (to build root) has already been done in %build)
# (most installation (to build root) has already been done in %%build)
#
# save MODULE_MAGIC_NUMBER
cat > $RPM_BUILD_ROOT/%{_libdir}/%{pname}_MMN <<-EOF
@ -787,10 +780,10 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
%doc support/SHA1
%doc %attr(755,root,root) certificate.sh
%doc %attr(755,root,root) mkcert.sh
%doc %{_mandir}/man8/apachectl%{vers}.8.gz
%doc %{_mandir}/man8/htcacheclean%{vers}.8.gz
%doc %{_mandir}/man8/%{httpd}.8.gz
%doc %{_mandir}/man8/apxs%{vers}.8.gz
%doc %{_mandir}/man8/apachectl%{vers}.8.*
%doc %{_mandir}/man8/htcacheclean%{vers}.8.*
%doc %{_mandir}/man8/%{httpd}.8.*
%doc %{_mandir}/man8/apxs%{vers}.8.*
%doc robots.txt
%doc printenv
%doc test-cgi
@ -906,14 +899,14 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
%files utils
%defattr(-,root,root)
%doc %{_mandir}/man8/ab%{vers}.8.gz
%doc %{_mandir}/man1/dbmmanage%{vers}.1.gz
%doc %{_mandir}/man1/htdbm%{vers}.1.gz
%doc %{_mandir}/man1/htdigest%{vers}.1.gz
%doc %{_mandir}/man1/htpasswd%{vers}.1.gz
%doc %{_mandir}/man8/logresolve%{vers}.8.gz
%doc %{_mandir}/man8/rotatelogs%{vers}.8.gz
%doc %{_mandir}/man8/suexec%{vers}.8.gz
%doc %{_mandir}/man8/ab%{vers}.8.*
%doc %{_mandir}/man1/dbmmanage%{vers}.1.*
%doc %{_mandir}/man1/htdbm%{vers}.1.*
%doc %{_mandir}/man1/htdigest%{vers}.1.*
%doc %{_mandir}/man1/htpasswd%{vers}.1.*
%doc %{_mandir}/man8/logresolve%{vers}.8.*
%doc %{_mandir}/man8/rotatelogs%{vers}.8.*
%doc %{_mandir}/man8/suexec%{vers}.8.*
%{_bindir}/check_forensic%{vers}
%{_bindir}/dbmmanage%{vers}
%{_bindir}/gensslcert
@ -987,23 +980,11 @@ usermod -g %httpdgroup %httpduser 2>/dev/null ||:
usermod -s /bin/false %httpduser 2>/dev/null ||:
tmpdir=$(mktemp -d etc/%{pname}/%{pname}-post.XXXXXX); test $? = 0 || { echo >&2 Could not create tmpdir. Exiting; exit 1; }
tmpfile=$tmpdir/tmpfile
RC_CONFIG=etc/rc.config
if [ -e $RC_CONFIG ]; then
. $RC_CONFIG
if [ "$START_HTTPD" = no -a "$START_HTTPSD" = yes ]; then
echo -n "removing obsolete START_HTTPSD from etc/rc.config ..."
sed -e 's+START_HTTPD=.*+START_HTTPD=yes+' \
-e 's+START_HTTPSD=.*++' $RC_CONFIG > $tmpfile \
&& cp $tmpfile $RC_CONFIG
echo "done"
fi
fi
if test -s etc/sysconfig/%{pname} && grep -q "^LOADMODULES" etc/sysconfig/%{pname}; then
sed "s/LOADMODULES/APACHE_MODULES/" etc/sysconfig/%{pname} >| $tmpfile \
&& cp $tmpfile etc/sysconfig/%{pname}
fi
%{fillup_and_insserv -n apache2 apache2}
%{fillup_only -ans apache2 apache2}
%{fillup_and_insserv apache2}
# Update ?
if [ ${FIRST_ARG:-0} -gt 1 ]; then
# update from package with the old near-monolithic conf file?
@ -1040,10 +1021,156 @@ if ! test -f /.buildenv; then
fi
%changelog
* Thu Aug 28 2008 ro@suse.de
- remove deprecated options from fillup and insserv call
* Mon Aug 25 2008 ro@suse.de
- initscript: copy Should-Start to Should-Stop to fix build
* Wed Aug 27 2008 poeml@suse.de
- drop rc.config handling (was removed in or after SuSE Linux 8.0)
- don't use fillup_insserv options which have been removed lately
* Fri Aug 15 2008 poeml@suse.de
- fix init script LSB headers
* Wed Jun 25 2008 poeml@suse.de
- add note to /etc/sysconfig/apache2 and /etc/init.d/apache2 about
how to set ulimits when starting the server
- undocument APACHE_BUFFERED_LOGS and APACHE_TIMEOUT in the
sysconfig template. They still work but I think it is good to
keep this stuff out of the beginner's config, first because both
features are sophisticated enough to not being tweaked in most
cases, second because it only confuses people I guess, and makes
the sysconfig file larger than necessary.
* Sun Jun 15 2008 poeml@suse.de
- update to 2.2.9:
SECURITY: CVE-2008-2364 (cve.mitre.org)
mod_proxy_http: Better handling of excessive interim responses
from origin server to prevent potential denial of service and
high memory usage. Reported by Ryujiro Shibuya.
SECURITY: CVE-2007-6420 (cve.mitre.org)
mod_proxy_balancer: Prevent CSRF attacks against the
balancer-manager interface.
- htpasswd: Fix salt generation weakness. PR 31440
worker/event MPM:
- Fix race condition in pool recycling that leads to
segmentation faults under load. PR 44402
core:
- Fix address-in-use startup failure on some platforms caused by
creating an IPv4 listener which overlaps with an existing IPv6
listener.
- Add the filename of the configuration file to the warning
message about the useless use of AllowOverride. PR 39992.
- Do not allow Options ALL if not all options are allowed to be
overwritten. PR 44262
- reinstate location walk to fix config for subrequests PR 41960
- Fix garbled TRACE response on EBCDIC platforms.
- gen_test_char: add double-quote to the list of
T_HTTP_TOKEN_STOP. PR 9727
http_filters:
- Don't return 100-continue on redirects. PR 43711
- Don't return 100-continue on client error PR 43711
- Don't spin if get an error when reading the next chunk. PR 44381
- Don't add bogus duplicate Content-Language entries
suexec:
- When group is given as a numeric gid, validate it by looking up
the actual group name such that the name can be used in log entries.
PR 7862
mod_authn_dbd:
- Disambiguate and tidy database authentication error messages. PR 43210.
mod_cache:
- Handle If-Range correctly if the cached resource was stale. PR 44579
- Revalidate cache entities which have Cache-Control: no-cache
set in their response headers. PR 44511
mod_cgid:
- Explicitly set permissions of the socket (ScriptSock) shared
by mod_cgid and request processing threads, for OS'es such as
HPUX and AIX that do not use umask for AF_UNIX socket permissions.
- Don't try to restart the daemon if it fails to initialize the socket.
mod_charset_lite:
- Add TranslateAllMimeTypes sub-option to CharsetOptions,
allowing the administrator to skip the mimetype checking that
precedes translation.
mod_dav:
- Return "method not allowed" if the destination URI of a WebDAV
copy / move operation is no DAV resource. PR 44734
mod_headers:
- Add 'merge' option to avoid duplicate values within the same header.
mod_include:
- Correctly handle SSI directives split over multiple filter
mod_log_config:
- Add format options for %%p so that the actual local or remote
port can be logged. PR 43415.
mod_logio:
- Provide optional function to allow modules to adjust the
bytes_in count
mod_proxy:
- Make all proxy modules nocanon aware and do not add the
query string again in this case. PR 44803.
- scoreboard: Remove unused proxy load balancer elements from scoreboard
image (not scoreboard memory itself).
- Support environment variable interpolation in reverse
proxying directives.
- Do not try a direct connection if the connection via a
remote proxy failed before and the request has a request body.
- ProxyPassReverse is now balancer aware.
- Lower memory consumption for short lived connections.
PR 44026.
- Keep connections to the backend persistent in the HTTPS case.
mod_proxy_ajp:
- Do not retry request in the case that we either failed to
sent a part of the request body or if the request is not idempotent.
PR 44334
mod_proxy_ftp:
- Fix base for directory listings. PR 27834
mod_proxy_http:
- Fix processing of chunked responses if Connection:
Transfer-Encoding is set in the response of the proxied
system. PR 44311
- Return HTTP status codes instead of apr_status_t values for
errors encountered while forwarding the request body PR 44165
mod_rewrite:
- Initialize hash needed by ap_register_rewrite_mapfunc early
enough. PR 44641
- Check all files used by DBM maps for freshness, mod_rewrite
didn't pick up on updated sdbm maps due to this. PR41190
- Don't canonicalise URLs with [P,NE] PR 43319
mod_speling:
- remove regression from 1.3/2.0 behavior and drop dependency
between mod_speling and AcceptPathInfo.
mod_ssl:
- Fix a memory leak with connections that have zlib compression
turned on. PR 44975
mod_substitute:
- The default is now flattening the buckets after each
substitution. The newly added 'q' flag allows for the quicker,
more efficient bucket-splitting if the user so
mod_unique_id:
- Fix timestamp value in UNIQUE_ID. PR 37064
ab (apache benchmark):
- Include <limits.h> earlier if available since we may need
INT_MAX (defined there on Windows) for the definition of MAX_REQUESTS.
- Improve client performance by clearing connection pool instead
- Don't stop sending a request if EAGAIN is returned, which
will only happen if both the write and subsequent wait are
returning EAGAIN, and count posted bytes correctly when the initial
write of a request is not complete. PR 10038, 38861, 39679
- Overhaul stats collection and reporting to avoid integer
truncation and time divisions within the test loop, retain
native time resolution until output, remove unused data,
consistently round milliseconds, and generally avoid losing
accuracy of calculation due to type casts. PR 44878, 44931.
- Add -r option to continue after socket receive errors.
- Do not try to read non existing response bodies of HEAD requests.
- Use a 64 bit unsigned int instead of a signed long to count the
rotatelogs:
- Log the current file size and error code/description when
failing to write to the log file.
- Added '-f' option to force rotatelogs to create the logfile as
soon as started, and not wait until it reads the first entry.
- Don't leak memory when reopening the logfile. PR 40183
- Improve atomicity when using -l and cleaup code. PR 44004
- drop obsolete patches httpd-2.1.3alpha-autoconf-2.59.dif
httpd-2.2.x-CVE-2008-1678.patch
- don't run autoreconf on SLES9
- remove the addition of -g to the CFLAGS, since the build service
handles debuginfo packages now
* Mon Jun 09 2008 poeml@suse.de
- build service supports the debuginfo flag in metadata now; remove
debug_package macro from the specfile therefore.
* Mon May 26 2008 skh@suse.de
- CVE-2008-1678: modules/ssl/mod_ssl.c (ssl_cleanup_pre_config):
Remove the call to CRYPTO_cleanup_all_ex_data here, fixing a
@ -1051,45 +1178,388 @@ fi
support for a compression algorithm in the initial handshake, and
mod_ssl is linked against OpenSSL >= 0.9.8f. [bnc#392096]
httpd-2.2.x-CVE-2008-1678.patch
* Thu May 15 2008 poeml@suse.de
- fix build on Mandriva 2007, by escaping commented %%build macro
- make filelist of man pages independant of the compression method
(gz, bz2, lzma)
* Fri Apr 18 2008 poeml@suse.de
- sync up with changes from Build Service:
- new implementation of sysconf_addword, using sed instead of ed.
- fix from Factory:
- remove dir /usr/share/omc/svcinfo.d as it is provided now
by filesystem
- remove obsolete httpd-2.2.x.doublefree.patch file, which isn't
used since quite some time since the issue is resolved.
* Thu Apr 17 2008 poeml@suse.de
- new implementation of sysconf_addword, using sed instead of ed.
Moving it from the -utils subpackage into the parent package,
where it's actually needed. If sysconf_addword is already present
in the system, it is preferred (by PATH). That's because the tool
has been integrated into aaa_base.rpm with openSUSE 11.0.
Removing the requires on the ed package. [bnc#377131]
- better documentation how to enable SSL in /etc/sysconfig/apache2
- quickstart readme: the link to the openSUSE wiki is about to move
- add "127.0.0.1" to the local access list in mod_status.conf,
* Wed Mar 12 2008 poeml@suse.de
- require ed package, since ed is needed by sysconf_addword, which
in turn is used by a2enmod/a2enflag
* Fri Feb 29 2008 poeml@suse.de
- better documentation how to enable SSL in /etc/sysconfig/apache2
- quickstart readme: the link to the openSUSE wiki is about to move
* Tue Feb 19 2008 poeml@suse.de
- add "127.0.0.1" to the local access list in mod_status.conf,
because on some systems "localhost" seems to resolve only to IPv6
localhost
- /etc/init.d/apache2: implement restart-graceful, stop-graceful
- fix graceful-restart. Wait until the pidfile is gone, but don't
* Sat Feb 02 2008 crrodriguez@suse.de
- upstream 2.2.8
SECURITY: CVE-2007-6421 (cve.mitre.org)
mod_proxy_balancer: Correctly escape the worker route and the worker
redirect string in the HTML output of the balancer manager.
Reported by SecurityReason.
SECURITY: CVE-2007-6422 (cve.mitre.org)
Prevent crash in balancer manager if invalid balancer name is passed
as parameter. Reported by SecurityReason.
SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason.
SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.
SECURITY: CVE-2008-0005 (cve.mitre.org)
Introduce the ProxyFtpDirCharset directive, allowing the administrator
to identify a default, or specific servers or paths which list their
contents in other-than ISO-8859-1 charset (e.g. utf-8).
mod_autoindex:
- Generate valid XHTML output by adding the xhtml namespace. PR 43649
mod_charset_lite:
- Don't crash when the request has no associated filename.
mod_dav:
- Fix evaluation of If-Match * and If-None-Match * conditionals. PR 38034
- Adjust etag generation to produce identical results on 32-bit
and 64-bit platforms and avoid a regression with conditional PUT's on lock
and etag. PR 44152.
mod_deflate:
- initialise inflate-out filter correctly when the first brigade
contains no data buckets. PR 43512
mod_disk_cache:
- Delete temporary files if they cannot be renamed to their final
name.
mod_filter:
- Don't segfault on (unsupported) chained FilterProvider usage. PR 43956
mod_include:
- Add an "if" directive syntax to test whether an URL is
accessible, and if so, conditionally display content. This
allows a webmaster to hide a link to a private page when the
user has no access to that page.
mod_ldap:
- Try to establish a new backend LDAP connection when the
Microsoft LDAP client library returns LDAP_UNAVAILABLE, e.g.
after the LDAP server has closed the connection due to a
timeout. PR 39095
- Give callers a reference to data copied into the request pool
instead of references directly into the cache PR 43786
- Stop passing a reference to pconf around for (limited) use
during request processing, avoiding possible memory corruption
and crashes.
mod_proxy:
- Canonicalisation improvements. Add "nocanon" keyword to
ProxyPass, to suppress URI-canonicalisation in a reverse proxy. Also,
don't escape/unescape forward-proxied URLs. PR 41798, 42592
- Don't by default violate RFC2616 by setting Max-Forwards when
the client didn't send it to us. Leave that as a
configuration option. PR 16137
- Fix persistent backend connections. PR 43472
- escape error-notes correctly PR 40952
- check ProxyBlock for all blocked addresses PR 36987
- Don't lose bytes when a response line arrives in small chunks.
PR 40894
mod_proxy_ajp:
- Use 64K as maximum AJP packet size. This is the maximum length
we can squeeze inside the AJP message packet.
- Ignore any ajp13 flush packets received before we send the
response headers. See Tomcat PR 43478.
- Differentiate within AJP between GET and HEAD requests. PR 43060
mod_proxy_balancer:
- Do not reset lbstatus, lbfactor and lbset when starting a new
child. PR 39907
mod_proxy_http:
- Remove Warning headers with wrong date PR 16138
- Correctly parse all Connection headers in proxy. PR 43509
- add Via header correctly (if enabled) to response, even where
other Via headers exist. PR 19439
- Correctly forward unexpected interim (HTTP 1xx) responses from
the backend according to RFC2616. But make it configurable in
case something breaks on it. PR 16518
- strip hop-by-hop response headers PR 43455
- Propagate Proxy-Authorization header correctly. PR 25947
- Don't segfault on bad line in FTP listing PR 40733
mod_rewrite:
- Add option to suppress URL unescaping PR 34602
- Add the novary flag to RewriteCond.
mod_substitute:
- Added a new output filter, which performs inline response
content pattern matching (including regex) and substitution.
mod_ssl:
- Fix handling of the buffered request body during a per-location
renegotiation, when an internal redirect occurs. PR 43738.
- Fix SSL client certificate extensions parsing bug. PR 44073.
- Prevent memory corruption of version string. PR 43865, 43334
mod_status:
- Add SeeRequestTail directive, which determines if
ExtendedStatus displays the 1st 63 characters of the request
or the last 63. Useful for those requests with large string
lengths and which only vary with the last several characters.
event MPM:
- Add support for running under mod_ssl, by reverting to the
Worker MPM behaviors, when run under an input filter that buffers
its own data.
core:
- Fix regression in 2.2.7 in chunk filtering with massively
chunked requests.
- Lower memory consumption of ap_r* functions by reusing the
brigade instead of recreating it during each filter pass.
- Lower memory consumption in case that flush buckets are passed
thru the chunk filter as last bucket of a brigade. PR 23567.
- Fix broken chunk filtering that causes all non blocking reads
to be converted into blocking reads. PR 19954, 41056.
- Change etag generation to produce identical results on 32-bit
and 64-bit platforms. PR 40064.
- Handle unrecognised transfer-encodings. PR 43882
- Avoid some unexpected connection closes by telling the client
that the connection is not persistent if the MPM process
handling the request is already exiting when the response
header is built.
- fix possible crash at startup in case of nonexistent
DocumentRoot. PR 39722
- http_core: OPTIONS * no longer maps to local storage or URI
space. Note that unlike previous versions, OPTIONS * no longer
returns an Allow: header. PR 43519
- scoreboard: improve error message on apr_shm_create failure PR
40037
- Don't send spurious "100 Continue" response lines. PR 38014
- http_protocol:
- Escape request method in 413 error reporting. Determined to
be not generally exploitable, but a flaw in any case. PR
44014
- Add "DefaultType none" option. PR 13986 and PR 16139
- Escape request method in 405 error reporting. This has no
security impact since the browser cannot be tricked into
sending arbitrary method strings.
- Various code cleanups. PR 38699, 39518, 42005, 42006, 42007, 42008, 42009
- Add explicit charset to the output of various modules to work
around possible cross-site scripting flaws affecting web
browsers that do not derive the response character set as
required by RFC2616. One of these reported by SecurityReason
- rotatelogs: Change command-line parsing to report more types
of errors. Allow local timestamps to be used when rotating based
on file size.
* Wed Sep 12 2007 poeml@suse.de
- fix graceful-restart. Wait until the pidfile is gone, but don't
wait for the parent to disappear. It stays there, after closing
the listen ports.
- don't configure in maintainer-mode. It not only enables compile
* Wed Sep 12 2007 poeml@suse.de
- use debug_package macro only on suse, because it breaks the build
on Mandriva
* Wed Sep 12 2007 poeml@suse.de
- don't configure in maintainer-mode. It not only enables compile
time warnings, but also adds AP_DEBUG into the mix which causes
enablement of debug code which is not wanted in production
builds.
- drop obsolete patches mod_dbd.c-issue18989-autoconnect.dif and
mod_dbd.c-r571441, as the 2.2.8 mod_dbd is just fine.
* Tue Apr 01 2008 mkoenig@suse.de
- remove dir /usr/share/omc/svcinfo.d as it is provided now
by filesystem
* Fri Mar 14 2008 skh@suse.de
- update to upstream 2.2.8 --> see CHANGES in package for details
- removed obsolete patches:
- apache2-mod_cache-CVE-2007-1863.patch
- apache2-mod_status-CVE-2006-5752.patch
- httpd-2.2.4-mod_autoindex-charset-r570962.patch
- httpd-2.2.x.doublefree.patch
* Thu Dec 13 2007 ro@suse.de
- remove sysconf_addword, now in aaa_base (#328599)
* Mon Oct 22 2007 sbrabec@suse.cz
- Use correct SuSEfirewall2 rule directory.
* Mon Sep 10 2007 poeml@suse.de
- upstream 2.2.6
SECURITY: CVE-2007-3847 (cve.mitre.org)
mod_proxy: Prevent reading past the end of a buffer when parsing
date-related headers. PR 41144.
SECURITY: CVE-2007-1863 (cve.mitre.org)
mod_cache: Prevent a segmentation fault if attributes are listed in a
Cache-Control header without any value.
SECURITY: CVE-2007-3304 (cve.mitre.org)
prefork, worker, event MPMs: Ensure that the parent process cannot
be forced to kill processes outside its process group.
SECURITY: CVE-2006-5752 (cve.mitre.org)
mod_status: Fix a possible XSS attack against a site with a public
server-status page and ExtendedStatus enabled, for browsers which
perform charset "detection". Reported by Stefan Esser.
SECURITY: CVE-2007-1862 (cve.mitre.org)
mod_mem_cache: Copy headers into longer lived storage; header names and
values could previously point to cleaned up storage. PR 41551.
mod_alias:
- Accept path components (URL part) in Redirects. PR 35314.
mod_authnz_ldap:
- Don't return HTTP_UNAUTHORIZED during authorization when
LDAP authentication is configured but we haven't seen any
'Require ldap-*' directives, allowing authorization to be passed to lower
level modules (e.g. Require valid-user) PR 43281
mod_autoindex:
- Add in Type and Charset options to IndexOptions
directive. This allows the admin to explicitly set the
content-type and charset of the generated page and is therefore
a viable workaround for buggy browsers affected by CVE-2007-4465
mod_cache:
- Remove expired content from cache that cannot be revalidated.
PR 30370.
- Do not set Date or Expires when they are missing from the
original response or are invalid.
- Correctly handle HEAD requests on expired cache content. PR
41230.
- Let Cache-Control max-age set the expiration of the cached
representation if Expires is not set.
- Allow caching of requests with query arguments when
Cache-Control max-age is explicitly specified.
- Use the same cache key throughout the whole request processing
to handle escaped URLs correctly. PR 41475.
- Add CacheIgnoreQueryString directive. PR 41484.
- While serving a cached entity ensure that filters that have
been applied to this cached entity before saving it to the
cache are not applied again. PR 40090.
- Correctly cache objects whose URL query string has been
modified by mod_rewrite. PR 40805.
mod_cgi, mod_cgid:
- Fix use of CGI scripts as ErrorDocuments. PR 39710.
mod_dbd:
- Introduce configuration groups to allow inheritance by virtual
hosts of database configurations from the main server.
Determine the minimal set of distinct configurations and share
connection pools whenever possible. Allow virtual hosts to
override inherited SQL statements. PR 41302.
- Create memory sub-pools for each DB connection and close DB
connections in a pool cleanup function. Ensure prepared
statements are destroyed before DB connection is closed. When
using reslists, prevent segfaults when child processes exit,
and stop memory leakage of ap_dbd_t structures. Avoid use of
global s->process->pool, which isn't destroyed by exiting
child processes in most multi-process MPMs. PR 39985.
- Handle error conditions in dbd_construct() properly. Simplify
ap_dbd_open() and use correct arguments to apr_dbd_error()
when non-threaded. Register correct cleanup data in
non-threaded ap_dbd_acquire() and ap_dbd_cacquire(). Clean up
configuration data and merge function. Use ap_log_error()
wherever possible.
- Stash DBD connections in request_config of initial request
only, or else sub-requests and internal redirections may cause
entire DBD pool to be stashed in a single HTTP request.
mod_deflate:
- don't try to process metadata buckets as data. what should
have been a 413 error was logged as a 500 and a blank screen
appeared at the browser.
- fix protocol handling in deflate input filter PR 23287
mod_disk_cache:
- Allow Vary'd responses to be refreshed properly.
mod_dumpio:
- Fix for correct dumping of traffic on EBCDIC hosts Data had
been incorrectly converted twice, resulting in garbled log
output.
mod_expires:
- don't crash on bad configuration data PR 43213
mod_filter:
- fix integer comparisons in dispatch rules PR 41835
- fix merging of ! and = in FilterChain PR 42186
mod_headers:
- Allow %% at the end of a Header value. PR 36609.
mod_info:
- mod_info outputs invalid XHTML 1.0 transitional. PR 42847
mod_ldap:
- Avoid possible crashes, hangs, and busy loops due to improper
merging of the cache lock in vhost config PR 43164
mod_ldap:
- Remove the hardcoded size limit parameter for
ldap_search_ext_s and replace it with an APR_ defined value
that is set according to the LDAP SDK being used.
mod_mem_cache:
- Increase the minimum and default value for MCacheMinObjectSize
from 0 to 1, as a MCacheMinObjectSize of 0 does not make sense
and leads to a division by zero. PR 40576.
mod_negotiation:
- preserve Query String in resolving a type map PR 33112
mod_proxy:
- mod_proxy_http: accept proxy-sendchunked/proxy-sendchunks as
synonymous. PR 43183
- Ensure that at least scheme://hostname[:port] matches between
worker and URL when searching for the best fitting worker for
a given URL. PR 40910
- Improve network performance by setting APR_TCP_NODELAY
(disable Nagle algorithm) on sockets if implemented. PR 42871
- Add a missing assignment in an error checking code path. PR 40865
- don't URLencode tilde in path component PR 38448
- enable Ignore Errors option on ProxyPass Status. PR 43167
- Allow to use different values for sessionid in url encoded id
and cookies. PR 41897.
- Fix the 503 returned when session route does not match any of
the balancer members.
- Added ProxyPassMatch directive, which is similar to ProxyPass
but takes a regex local path prefix.
- Print the correct error message for erroneous configured
ProxyPass directives. PR 40439.
- Fix some proxy setting inheritance problems (eg:
ProxyTimeout). PR 11540.
- proxy/ajp_header.c: Fixed header token string comparisons
Matching of header tokens failed to include the trailing NIL
byte and could misinterpret a longer header token for a
shorter. Additionally, a "Content-Type" comparison was made
case insensitive.
- proxy/ajp_header.c: Backport of an AJP protocol fix for EBCDIC
On EBCDIC machines, the status_line string was incorrectly
converted twice.
mod_proxy_connect:
- avoid segfault on DNS lookup failure. PR 40756
mod_proxy_http:
- HTTP proxy ProxyErrorOverride: Leave 1xx and 3xx responses
alone. Only processing of error responses (4xx, 5xx) will be
altered. PR 39245.
- Don't try to read body of a HEAD request before responding. PR 41644
- Handle request bodies larger than 2 GB by converting the
Content-Length header of the request correctly. PR 40883.
mod_ssl:
- Fix spurious hostname mismatch warning for valid wildcard
certificates. PR 37911.
- Version reporting update; displays 'compiled against' Apache
and build-time SSL Library versions at loglevel [info], while
reporting the run-time SSL Library version in the server info
tags. Helps to identify a mod_ssl built against one flavor of
OpenSSL but running against another (also adds SSL-C version
number reporting.)
- initialize thread locks before initializing the hardware
acceleration library, so the latter can make use of the
former. PR 20951.
core:
- Do not replace a Date header set by a proxied backend server. PR 40232
- log core: ensure we use a special pool for stderr logging, so that
the stderr channel remains valid from the time plog is destroyed,
until the time the open_logs hook is called again.
- main core: Emit errors during the initial apr_app_initialize()
or apr_pool_create() (when apr-based error reporting is not ready).
- log core: fix the new piped logger case where we couldn't connect
the replacement stderr logger's stderr to the NULL stdout stream.
Continue in this case, since the previous alternative of no error
logging at all (/dev/null) is far worse.
- Correct a regression since 2.0.x in the handling of AllowOverride
Options. PR 41829.
- Unix MPMs: Catch SIGFPE so that exception hooks and CoreDumpDirectory
can work after that terminating signal.
- mod_so: Provide more helpful LoadModule feedback when an error occurs.
misc:
- mime.types: Many updates to sync with IANA registry and common
unregistered types that the owners refuse to register. Admins
are encouraged to update their installed mime.types file. PR:
35550, 37798, 39317, 31483
- mime.types: add Registered Javascript/ECMAScript MIME types
(RFC4329) PR 40299
- htdbm: Enable crypt support on platforms with crypt() but not
<crypt.h>, such as z/OS.
- ab.c: Correct behavior of HTTP request headers sent by ab in
presence of -H command-line overrides. PR 31268, 26554.
- ab.c: The apr_port_t type is unsigned, but ab was using a
signed format code in its reports. PR 42070.
- drop obsolete patches apache2-mod_cache-CVE-2007-1863.patch
apache2-mod_status-CVE-2006-5752.patch
httpd-2.2.4-mod_autoindex-charset-r570962.patch
mod_dbd.c-issue18989-autoconnect.dif
mod_dbd.c-r571441
* Mon Sep 03 2007 skh@suse.de
- get_module_list: replace loadmodule.conf atomically [bnc #214863]
* Sat Sep 01 2007 poeml@suse.de
- /etc/init.d/apache2: implement restart-graceful, stop-graceful
* Fri Aug 31 2007 poeml@suse.de
- update mod_dbd to trunk version (r571441)
* apr_dbd_check_conn() just returns APR_SUCCESS or
APR_EGENERAL, so we don't actually have a driver-specific value
to pass to apr_dbd_error(), but that's OK because most/all
drivers just ignore this value anyway
* Fri Aug 31 2007 poeml@suse.de
- replace httpd-2.2.3-AddDirectoryIndexCharset.patch with the upstream
solution, httpd-2.2.4-mod_autoindex-charset-r570962.patch [#153557]

396
httpd-2.1.3alpha-autoconf-2.59.dif
View File

@ -1,396 +0,0 @@
--- httpd-2.1.3-alpha/acinclude.m4
+++ httpd-2.1.3-alpha/acinclude.m4
@@ -4,25 +4,25 @@
dnl AC_HELP_STRING, so let's try to call it if we can.
dnl Note: this define must be on one line so that it can be properly returned
dnl as the help string.
-AC_DEFUN(APACHE_HELP_STRING,[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING($1,$2),[ ]$1 substr([ ],len($1))$2)])dnl
+AC_DEFUN([APACHE_HELP_STRING],[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING($1,$2),[ ]$1 substr([ ],len($1))$2)])dnl
dnl APACHE_SUBST(VARIABLE)
dnl Makes VARIABLE available in generated files
dnl (do not use @variable@ in Makefiles, but $(variable))
-AC_DEFUN(APACHE_SUBST,[
+AC_DEFUN([APACHE_SUBST],[
APACHE_VAR_SUBST="$APACHE_VAR_SUBST $1"
AC_SUBST($1)
])
dnl APACHE_FAST_OUTPUT(FILENAME)
dnl Perform substitutions on FILENAME (Makefiles only)
-AC_DEFUN(APACHE_FAST_OUTPUT,[
+AC_DEFUN([APACHE_FAST_OUTPUT],[
APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $1"
])
dnl APACHE_GEN_CONFIG_VARS
dnl Creates config_vars.mk
-AC_DEFUN(APACHE_GEN_CONFIG_VARS,[
+AC_DEFUN([APACHE_GEN_CONFIG_VARS],[
APACHE_SUBST(abs_srcdir)
APACHE_SUBST(bindir)
APACHE_SUBST(sbindir)
@@ -109,14 +109,14 @@
dnl APACHE_GEN_MAKEFILES
dnl Creates Makefiles
-AC_DEFUN(APACHE_GEN_MAKEFILES,[
+AC_DEFUN([APACHE_GEN_MAKEFILES],[
$SHELL $srcdir/build/fastgen.sh $srcdir $ac_cv_mkdir_p $BSD_MAKEFILE $APACHE_FAST_OUTPUT_FILES
])
dnl ## APACHE_OUTPUT(file)
dnl ## adds "file" to the list of files generated by AC_OUTPUT
dnl ## This macro can be used several times.
-AC_DEFUN(APACHE_OUTPUT, [
+AC_DEFUN([APACHE_OUTPUT], [
APACHE_OUTPUT_FILES="$APACHE_OUTPUT_FILES $1"
])
@@ -125,7 +125,7 @@
dnl
dnl If rlim_t is not defined, define it to int
dnl
-AC_DEFUN(APACHE_TYPE_RLIM_T, [
+AC_DEFUN([APACHE_TYPE_RLIM_T], [
AC_CACHE_CHECK([for rlim_t], ac_cv_type_rlim_t, [
AC_TRY_COMPILE([
#include <sys/types.h>
@@ -143,7 +143,7 @@
])
dnl APACHE_MODPATH_INIT(modpath)
-AC_DEFUN(APACHE_MODPATH_INIT,[
+AC_DEFUN([APACHE_MODPATH_INIT],[
current_dir=$1
modpath_current=modules/$1
modpath_static=
@@ -152,7 +152,7 @@
> $modpath_current/modules.mk
])dnl
dnl
-AC_DEFUN(APACHE_MODPATH_FINISH,[
+AC_DEFUN([APACHE_MODPATH_FINISH],[
echo "DISTCLEAN_TARGETS = modules.mk" >> $modpath_current/modules.mk
echo "static = $modpath_static" >> $modpath_current/modules.mk
echo "shared = $modpath_shared" >> $modpath_current/modules.mk
@@ -165,7 +165,7 @@
])dnl
dnl
dnl APACHE_MODPATH_ADD(name[, shared[, objects [, ldflags[, libs]]]])
-AC_DEFUN(APACHE_MODPATH_ADD,[
+AC_DEFUN([APACHE_MODPATH_ADD],[
if test -z "$3"; then
objects="mod_$1.lo"
else
@@ -209,7 +209,7 @@
dnl setting. otherwise, fall under the "all" setting.
dnl explicit yes/no always overrides.
dnl
-AC_DEFUN(APACHE_MODULE,[
+AC_DEFUN([APACHE_MODULE],[
AC_MSG_CHECKING(whether to enable mod_$1)
define([optname],[--]ifelse($5,yes,disable,enable)[-]translit($1,_,-))dnl
AC_ARG_ENABLE(translit($1,_,-),APACHE_HELP_STRING(optname(),$2),,enable_$1=ifelse($5,,maybe-all,$5))
@@ -282,7 +282,7 @@
dnl
dnl APACHE_ENABLE_MODULES
dnl
-AC_DEFUN(APACHE_ENABLE_MODULES,[
+AC_DEFUN([APACHE_ENABLE_MODULES],[
module_selection=default
module_default=yes
@@ -312,7 +312,7 @@
])
])
-AC_DEFUN(APACHE_REQUIRE_CXX,[
+AC_DEFUN([APACHE_REQUIRE_CXX],[
if test -z "$apache_cxx_done"; then
AC_PROG_CXX
AC_PROG_CXXCPP
@@ -326,7 +326,7 @@
dnl Configure for the detected openssl/ssl-c toolkit installation, giving
dnl preference to "--with-ssl=<path>" if it was specified.
dnl
-AC_DEFUN(APACHE_CHECK_SSL_TOOLKIT,[
+AC_DEFUN([APACHE_CHECK_SSL_TOOLKIT],[
if test "x$ap_ssltk_configured" = "x"; then
dnl initialise the variables we use
ap_ssltk_base=""
@@ -499,14 +499,14 @@
dnl apache will use while generating scripts like autoconf and apxs and
dnl the default config file.
-AC_DEFUN(APACHE_SUBST_EXPANDED_ARG,[
+AC_DEFUN([APACHE_SUBST_EXPANDED_ARG],[
APR_EXPAND_VAR(exp_$1, [$]$1)
APACHE_SUBST(exp_$1)
APR_PATH_RELATIVE(rel_$1, [$]exp_$1, ${prefix})
APACHE_SUBST(rel_$1)
])
-AC_DEFUN(APACHE_EXPORT_ARGUMENTS,[
+AC_DEFUN([APACHE_EXPORT_ARGUMENTS],[
APACHE_SUBST_EXPANDED_ARG(exec_prefix)
APACHE_SUBST_EXPANDED_ARG(bindir)
APACHE_SUBST_EXPANDED_ARG(sbindir)
--- httpd-2.1.3-alpha/build/apr_common.m4
+++ httpd-2.1.3-alpha/build/apr_common.m4
@@ -22,7 +22,7 @@
dnl
dnl Saves a snapshot of the configure command-line for later reuse
dnl
-AC_DEFUN(APR_CONFIG_NICE,[
+AC_DEFUN([APR_CONFIG_NICE],[
rm -f $1
cat >$1<<EOF
#! /bin/sh
@@ -74,7 +74,7 @@
dnl APR_MKDIR_P_CHECK(fallback-mkdir-p)
dnl checks whether mkdir -p works
-AC_DEFUN(APR_MKDIR_P_CHECK,[
+AC_DEFUN([APR_MKDIR_P_CHECK],[
AC_CACHE_CHECK(for working mkdir -p, ac_cv_mkdir_p,[
test -d conftestdir && rm -rf conftestdir
mkdir -p conftestdir/somedir >/dev/null 2>&1
@@ -112,7 +112,7 @@
dnl Trying to optimize this is left as an exercise to the reader who wants
dnl to put up with more autoconf craziness. I give up.
dnl
-AC_DEFUN(APR_SUBDIR_CONFIG, [
+AC_DEFUN([APR_SUBDIR_CONFIG], [
# save our work to this point; this allows the sub-package to use it
AC_CACHE_SAVE
@@ -180,7 +180,7 @@
dnl
dnl Stores the variable (usually a Makefile macro) for later restoration
dnl
-AC_DEFUN(APR_SAVE_THE_ENVIRONMENT,[
+AC_DEFUN([APR_SAVE_THE_ENVIRONMENT],[
apr_ste_save_$1="$$1"
])dnl
@@ -192,7 +192,7 @@
dnl and restoring the original variable contents. This makes it possible
dnl for a user to override configure when it does something stupid.
dnl
-AC_DEFUN(APR_RESTORE_THE_ENVIRONMENT,[
+AC_DEFUN([APR_RESTORE_THE_ENVIRONMENT],[
if test "x$apr_ste_save_$1" = "x"; then
$2$1="$$1"
$1=
@@ -216,7 +216,7 @@
dnl
dnl Set variable iff it's currently null
dnl
-AC_DEFUN(APR_SETIFNULL,[
+AC_DEFUN([APR_SETIFNULL],[
if test -z "$$1"; then
test "x$silent" != "xyes" && echo " setting $1 to \"$2\""
$1="$2"
@@ -228,7 +228,7 @@
dnl
dnl Set variable no matter what
dnl
-AC_DEFUN(APR_SETVAR,[
+AC_DEFUN([APR_SETVAR],[
test "x$silent" != "xyes" && echo " forcing $1 to \"$2\""
$1="$2"
])dnl
@@ -238,7 +238,7 @@
dnl
dnl Add value to variable
dnl
-AC_DEFUN(APR_ADDTO,[
+AC_DEFUN([APR_ADDTO],[
if test "x$$1" = "x"; then
test "x$silent" != "xyes" && echo " setting $1 to \"$2\""
$1="$2"
@@ -265,7 +265,7 @@
dnl
dnl Remove a value from a variable
dnl
-AC_DEFUN(APR_REMOVEFROM,[
+AC_DEFUN([APR_REMOVEFROM],[
if test "x$$1" = "x$2"; then
test "x$silent" != "xyes" && echo " nulling $1"
$1=""
@@ -289,7 +289,7 @@
dnl
dnl APR_CHECK_DEFINE_FILES( symbol, header_file [header_file ...] )
dnl
-AC_DEFUN(APR_CHECK_DEFINE_FILES,[
+AC_DEFUN([APR_CHECK_DEFINE_FILES],[
AC_CACHE_CHECK([for $1 in $2],ac_cv_define_$1,[
ac_cv_define_$1=no
for curhdr in $2
@@ -311,7 +311,7 @@
dnl
dnl APR_CHECK_DEFINE(symbol, header_file)
dnl
-AC_DEFUN(APR_CHECK_DEFINE,[
+AC_DEFUN([APR_CHECK_DEFINE],[
AC_CACHE_CHECK([for $1 in $2],ac_cv_define_$1,[
AC_EGREP_CPP(YES_IS_DEFINED, [
#include <$2>
@@ -328,7 +328,7 @@
dnl
dnl APR_CHECK_APR_DEFINE( symbol )
dnl
-AC_DEFUN(APR_CHECK_APR_DEFINE,[
+AC_DEFUN([APR_CHECK_APR_DEFINE],[
apr_old_cppflags=$CPPFLAGS
CPPFLAGS="$CPPFLAGS $INCLUDES"
AC_EGREP_CPP(YES_IS_DEFINED, [
@@ -353,7 +353,7 @@
fi])
])
-define(APR_IFALLYES,[dnl
+define([APR_IFALLYES],[dnl
ac_rc=yes
for ac_spec in $1; do
ac_type=`echo "$ac_spec" | sed -e 's/:.*$//'`
@@ -405,7 +405,7 @@
])
-define(APR_DECISION_OVERRIDE,[dnl
+define([APR_DECISION_OVERRIDE],[dnl
ac_decision=''
for ac_item in $1; do
eval "ac_decision_this=\$ac_decision_${ac_item}"
@@ -417,13 +417,13 @@
])
-define(APR_DECISION_FORCE,[dnl
+define([APR_DECISION_FORCE],[dnl
ac_decision="$1"
eval "ac_decision_msg=\"\$ac_decision_${ac_decision}_msg\""
])
-define(APR_END_DECISION,[dnl
+define([APR_END_DECISION],[dnl
if test ".$ac_decision" = .; then
echo "[$]0:Error: decision on $ac_decision_item failed" 1>&2
exit 1
@@ -443,7 +443,7 @@
dnl A variant of AC_CHECK_SIZEOF which allows the checking of
dnl sizes of non-builtin types
dnl
-AC_DEFUN(APR_CHECK_SIZEOF_EXTENDED,
+AC_DEFUN([APR_CHECK_SIZEOF_EXTENDED],
[changequote(<<,>>)dnl
dnl The name to #define
define(<<AC_TYPE_NAME>>, translit(sizeof_$2, [a-z *], [A-Z_P]))dnl
@@ -515,7 +515,7 @@
dnl string.
dnl
dnl
-AC_DEFUN(APR_CHECK_STRERROR_R_RC,[
+AC_DEFUN([APR_CHECK_STRERROR_R_RC],[
AC_MSG_CHECKING(for type of return code from strerror_r)
AC_TRY_RUN([
#include <errno.h>
@@ -550,7 +550,7 @@
dnl structure on this platform. Single UNIX Spec says d_ino,
dnl BSD uses d_fileno. Undef to find the real beast.
dnl
-AC_DEFUN(APR_CHECK_DIRENT_INODE, [
+AC_DEFUN([APR_CHECK_DIRENT_INODE], [
AC_CACHE_CHECK([for inode member of struct dirent], apr_cv_dirent_inode, [
apr_cv_dirent_inode=no
AC_TRY_COMPILE([
@@ -588,7 +588,7 @@
dnl Note that this is worthless without DT_xxx macros, so
dnl look for one while we are at it.
dnl
-AC_DEFUN(APR_CHECK_DIRENT_TYPE,[
+AC_DEFUN([APR_CHECK_DIRENT_TYPE],[
AC_CACHE_CHECK([for file type member of struct dirent], apr_cv_dirent_type,[
apr_cv_dirent_type=no
AC_TRY_COMPILE([
@@ -637,7 +637,7 @@
dnl all "." and "-" chars. If the 3rd parameter is "yes" then instead of
dnl setting to 1 or 0, we set FLAG-TO-SET to yes or no.
dnl
-AC_DEFUN(APR_FLAG_HEADERS,[
+AC_DEFUN([APR_FLAG_HEADERS],[
AC_CHECK_HEADERS($1)
for aprt_i in $1
do
@@ -658,7 +658,7 @@
dnl is "yes" then instead of setting to 1 or 0, we set FLAG-TO-SET
dnl to yes or no.
dnl
-AC_DEFUN(APR_FLAG_FUNCS,[
+AC_DEFUN([APR_FLAG_FUNCS],[
AC_CHECK_FUNCS($1)
for aprt_j in $1
do
@@ -683,7 +683,7 @@
dnl APR_EXPAND_VAR(fraz, $baz)
dnl $fraz is now "1/2/3"
dnl
-AC_DEFUN(APR_EXPAND_VAR,[
+AC_DEFUN([APR_EXPAND_VAR],[
ap_last=
ap_cur="$2"
while test "x${ap_cur}" != "x${ap_last}";
@@ -702,7 +702,7 @@
dnl orig_path="${prefix}/bar"
dnl APR_PATH_RELATIVE(final_path, $orig_path, $prefix)
dnl $final_path now contains "bar"
-AC_DEFUN(APR_PATH_RELATIVE,[
+AC_DEFUN([APR_PATH_RELATIVE],[
ap_stripped=`echo $2 | sed -e "s#^$3##"`
# check if the stripping was successful
if test "x$2" != "x${ap_stripped}"; then
@@ -720,12 +720,12 @@
dnl Note: this define must be on one line so that it can be properly returned
dnl as the help string. When using this macro with a multi-line RHS, ensure
dnl that you surround the macro invocation with []s
-AC_DEFUN(APR_HELP_STRING,[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING([$1],[$2]),[ ][$1] substr([ ],len($1))[$2])])
+AC_DEFUN([APR_HELP_STRING],[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING([$1],[$2]),[ ][$1] substr([ ],len($1))[$2])])
dnl
dnl APR_LAYOUT(configlayout, layoutname [, extravars])
dnl
-AC_DEFUN(APR_LAYOUT,[
+AC_DEFUN([APR_LAYOUT],[
if test ! -f $srcdir/config.layout; then
echo "** Error: Layout file $srcdir/config.layout not found"
echo "** Error: Cannot use undefined layout '$LAYOUT'"
@@ -781,7 +781,7 @@
dnl
dnl APR_ENABLE_LAYOUT(default layout name [, extra vars])
dnl
-AC_DEFUN(APR_ENABLE_LAYOUT,[
+AC_DEFUN([APR_ENABLE_LAYOUT],[
AC_ARG_ENABLE(layout,
[ --enable-layout=LAYOUT],[
LAYOUT=$enableval
@@ -802,7 +802,7 @@
dnl a reimplementation of autoconf's argument parser,
dnl used here to allow us to co-exist layouts and argument based
dnl set ups.
-AC_DEFUN(APR_PARSE_ARGUMENTS,[
+AC_DEFUN([APR_PARSE_ARGUMENTS],[
ac_prev=
for ac_option
do
@@ -924,7 +924,7 @@
dnl
dnl Determine what program we can use to generate .deps-style dependencies
dnl
-AC_DEFUN(APR_CHECK_DEPEND,[
+AC_DEFUN([APR_CHECK_DEPEND],[
dnl Try to determine what depend program we can use
dnl All GCC-variants should have -MM.
dnl If not, then we can check on those, too.

3
httpd-2.2.8.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2ad8d0db1e478838ba88a0ddaf538c7150027d937b017739fdcb3fabb96ebd39
size 4799055

3
httpd-2.2.9.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d76599fbcf8b3bcff2779f880fb10e4a2bc4af60f64232083c06863e40850b61
size 4943462

27
httpd-2.2.x-CVE-2008-1678.patch
View File

@ -1,27 +0,0 @@
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c 2008/05/07 14:16:38 654118
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c 2008/05/07 14:17:31 654119
@@ -218,17 +218,18 @@
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
ENGINE_cleanup();
#endif
-#ifdef HAVE_OPENSSL
-#if OPENSSL_VERSION_NUMBER >= 0x00907001
- CRYPTO_cleanup_all_ex_data();
-#endif
-#endif
ERR_remove_state(0);
/* Don't call ERR_free_strings here; ERR_load_*_strings only
* actually load the error strings once per process due to static
* variable abuse in OpenSSL. */
+ /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
+ * ex_data indices may have been cached in static variables in
+ * OpenSSL; removing them may cause havoc. Notably, with OpenSSL
+ * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which
+ * could result in a per-connection memory leak (!). */
+
/*
* TODO: determine somewhere we can safely shove out diagnostics
* (when enabled) at this late stage in the game:

20
rc.apache2
View File

@ -12,15 +12,15 @@
# /etc/init.d/apache2
#
### BEGIN INIT INFO
# Provides: apache2 httpd2
# Provides: apache apache2 httpd
# Required-Start: $local_fs $remote_fs $network
# Should-Start: $named $time postgresql sendmail mysql ypclient dhcp radiusd
# Required-Stop: $local_fs $remote_fs $network
# Should-Stop: $named $time postgresql sendmail mysql ypclient dhcp radiusd
# Required-Stop: $local_fs $remote_fs $network
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Apache 2.2 httpd
# Description: Start the httpd daemon Apache
# Short-Description: Apache 2.2 HTTP Server
# Description: Start the Apache HTTP daemon
### END INIT INFO
pname=apache2
@ -34,6 +34,18 @@ pname=apache2
#
# load the configuration
#
#
# Note about ulimits:
# if you want to set ulimits, e.g. to increase the max number of open file handle,
# or to allow core files, you can do so by editing /etc/sysconfig/apache2 and
# simply write the ulimit commands into that file.
# Example:
# ulimit -n 16384
# ulimit -H -n 16384
# ulimit -c unlimited
# See the output of "help ulimit" in the bash, or "man 1 ulimit".
#
test -s /etc/rc.status && . /etc/rc.status && rc_reset
. /usr/share/$pname/load_configuration

26
sysconfig.apache2
View File

@ -112,6 +112,16 @@ APACHE_SERVER_FLAGS=""
# (if not set, /etc/apache2/httpd.conf is used.)
# It is unusual to need to use this setting.
#
# Note about ulimits:
# if you want to set ulimits, e.g. to increase the max number of open file handle,
# or to allow core files, you can do so by editing /etc/sysconfig/apache2 and
# simply write the ulimit commands into that file.
# Example:
# ulimit -n 16384
# ulimit -H -n 16384
# ulimit -c unlimited
# See the output of "help ulimit" in the bash, or "man 1 ulimit".
#
APACHE_HTTPD_CONF=""
## Type: list(prefork,worker)
@ -252,20 +262,4 @@ APACHE_SERVERTOKENS="OS"
#
APACHE_EXTENDED_STATUS="off"
## Type: list(on,off)
## Default: "off"
## ServiceRestart: apache2
#
# Enable buffered logging
#
APACHE_BUFFERED_LOGS="off"
## Type: integer
## Default: 300
## ServiceReload: apache2
#
# Timeout: The number of seconds before receives and sends time out.
# It is a server wide setting.
#
APACHE_TIMEOUT="300"