OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=23

2008-09-12 20:47:19 +00:00 · 2008-09-12 20:47:19 +00:00 · 0ce478ec5d
commit 0ce478ec5d
parent 7558d961d9
8 changed files with 1133 additions and 558 deletions
--- a/apache2.changes
+++ b/apache2.changes
@ -1,12 +1,167 @@
 -------------------------------------------------------------------
-Thu Aug 28 01:16:28 CEST 2008 - ro@suse.de
+Tue Aug 26 22:59:55 CEST 2008 - poeml@suse.de
- remove deprecated options from fillup and insserv call 
+- drop rc.config handling (was removed in or after SuSE Linux 8.0)
 - don't use fillup_insserv options which have been removed lately
 -------------------------------------------------------------------
-Mon Aug 25 01:20:45 CEST 2008 - ro@suse.de
+Fri Aug 15 11:25:47 CEST 2008 - poeml@suse.de
- initscript: copy Should-Start to Should-Stop to fix build 
+- fix init script LSB headers
 -------------------------------------------------------------------
 Wed Jun 25 14:36:06 CEST 2008 - poeml@suse.de
 - add note to /etc/sysconfig/apache2 and /etc/init.d/apache2 about
  how to set ulimits when starting the server
 - undocument APACHE_BUFFERED_LOGS and APACHE_TIMEOUT in the
  sysconfig template. They still work but I think it is good to
  keep this stuff out of the beginner's config, first because both
  features are sophisticated enough to not being tweaked in most
  cases, second because it only confuses people I guess, and makes
  the sysconfig file larger than necessary.
 -------------------------------------------------------------------
 Sun Jun 15 19:39:46 CEST 2008 - poeml@suse.de
 - update to 2.2.9:
  SECURITY: CVE-2008-2364 (cve.mitre.org)
     mod_proxy_http: Better handling of excessive interim responses
     from origin server to prevent potential denial of service and
     high memory usage. Reported by Ryujiro Shibuya. 
  SECURITY: CVE-2007-6420 (cve.mitre.org)
     mod_proxy_balancer: Prevent CSRF attacks against the
     balancer-manager interface.  
   - htpasswd: Fix salt generation weakness. PR 31440
  worker/event MPM:
   - Fix race condition in pool recycling that leads to
     segmentation faults under load.  PR 44402
  core:
   - Fix address-in-use startup failure on some platforms caused by
     creating an IPv4 listener which overlaps with an existing IPv6
     listener.  
   - Add the filename of the configuration file to the warning
     message about the useless use of AllowOverride. PR 39992.
   - Do not allow Options ALL if not all options are allowed to be
     overwritten. PR 44262 
   - reinstate location walk to fix config for subrequests PR 41960 
   - Fix garbled TRACE response on EBCDIC platforms.
   - gen_test_char: add double-quote to the list of
     T_HTTP_TOKEN_STOP.  PR 9727 
  http_filters:
   - Don't return 100-continue on redirects. PR 43711
   - Don't return 100-continue on client error PR 43711 
   - Don't spin if get an error when reading the next chunk. PR 44381 
   - Don't add bogus duplicate Content-Language entries
  suexec:
   - When group is given as a numeric gid, validate it by looking up
     the actual group name such that the name can be used in log entries.
     PR 7862 
  mod_authn_dbd:
   - Disambiguate and tidy database authentication error messages.  PR 43210.  
  mod_cache:
   - Handle If-Range correctly if the cached resource was stale.  PR 44579 
   - Revalidate cache entities which have Cache-Control: no-cache
     set in their response headers. PR 44511 
  mod_cgid:
   - Explicitly set permissions of the socket (ScriptSock) shared
     by mod_cgid and request processing threads, for OS'es such as
     HPUX and AIX that do not use umask for AF_UNIX socket permissions.
   - Don't try to restart the daemon if it fails to initialize the socket.  
  mod_charset_lite:
   - Add TranslateAllMimeTypes sub-option to CharsetOptions,
     allowing the administrator to skip the mimetype checking that
     precedes translation.
  mod_dav:
   - Return "method not allowed" if the destination URI of a WebDAV
     copy / move operation is no DAV resource. PR 44734 
  mod_headers:
   - Add 'merge' option to avoid duplicate values within the same header. 
  mod_include:
   - Correctly handle SSI directives split over multiple filter
  mod_log_config:
   - Add format options for %p so that the actual local or remote
     port can be logged.  PR 43415.  
  mod_logio:
   - Provide optional function to allow modules to adjust the 
     bytes_in count
  mod_proxy:
   - Make all proxy modules nocanon aware and do not add the
     query string again in this case. PR 44803.
   - scoreboard: Remove unused proxy load balancer elements from scoreboard
     image (not scoreboard memory itself).  
   - Support environment variable interpolation in reverse
     proxying directives. 
   - Do not try a direct connection if the connection via a
     remote proxy failed before and the request has a request body.
   - ProxyPassReverse is now balancer aware. 
   - Lower memory consumption for short lived connections.
     PR 44026. 
   - Keep connections to the backend persistent in the HTTPS case.
  mod_proxy_ajp:
   - Do not retry request in the case that we either failed to
     sent a part of the request body or if the request is not idempotent.
     PR 44334 
  mod_proxy_ftp:
   - Fix base for directory listings.  PR 27834 
  mod_proxy_http:
   - Fix processing of chunked responses if Connection:
     Transfer-Encoding is set in the response of the proxied
     system. PR 44311 
   - Return HTTP status codes instead of apr_status_t values for
     errors encountered while forwarding the request body PR 44165 
  mod_rewrite: 
   - Initialize hash needed by ap_register_rewrite_mapfunc early
     enough. PR 44641 
   - Check all files used by DBM maps for freshness, mod_rewrite
     didn't pick up on updated sdbm maps due to this.  PR41190 
   - Don't canonicalise URLs with [P,NE] PR 43319 
  mod_speling:
   - remove regression from 1.3/2.0 behavior and drop dependency
     between mod_speling and AcceptPathInfo.
  mod_ssl:
   - Fix a memory leak with connections that have zlib compression
     turned on. PR 44975 
  mod_substitute:
   - The default is now flattening the buckets after each
     substitution. The newly added 'q' flag allows for the quicker,
     more efficient bucket-splitting if the user so
  mod_unique_id:
   - Fix timestamp value in UNIQUE_ID.  PR 37064 
  ab (apache benchmark):
   - Include <limits.h> earlier if available since we may need
     INT_MAX (defined there on Windows) for the definition of MAX_REQUESTS.
   - Improve client performance by clearing connection pool instead
   - Don't stop sending a request if EAGAIN is returned, which
     will only happen if both the write and subsequent wait are
     returning EAGAIN, and count posted bytes correctly when the initial
     write of a request is not complete. PR 10038, 38861, 39679
   - Overhaul stats collection and reporting to avoid integer
     truncation and time divisions within the test loop, retain
     native time resolution until output, remove unused data,
     consistently round milliseconds, and generally avoid losing
     accuracy of calculation due to type casts. PR 44878, 44931.
   - Add -r option to continue after socket receive errors.
   - Do not try to read non existing response bodies of HEAD requests.
   - Use a 64 bit unsigned int instead of a signed long to count the
  rotatelogs:
   - Log the current file size and error code/description when
     failing to write to the log file.  
   - Added '-f' option to force rotatelogs to create the logfile as
     soon as started, and not wait until it reads the first entry. 
   - Don't leak memory when reopening the logfile.  PR 40183 
   - Improve atomicity when using -l and cleaup code.  PR 44004 
 - drop obsolete patches httpd-2.1.3alpha-autoconf-2.59.dif
                        httpd-2.2.x-CVE-2008-1678.patch
 - don't run autoreconf on SLES9
 - remove the addition of -g to the CFLAGS, since the build service
  handles debuginfo packages now
 -------------------------------------------------------------------
 Mon Jun  9 17:18:03 CEST 2008 - poeml@suse.de
 - build service supports the debuginfo flag in metadata now; remove
  debug_package macro from the specfile therefore.
 -------------------------------------------------------------------
 Mon May 26 16:55:37 CEST 2008 - skh@suse.de
@ -19,62 +174,429 @@ Mon May 26 16:55:37 CEST 2008 - skh@suse.de
  httpd-2.2.x-CVE-2008-1678.patch
 -------------------------------------------------------------------
-Fri Apr 18 14:17:31 CEST 2008 - poeml@suse.de
+Thu May 15 01:58:08 CEST 2008 - poeml@suse.de
- sync up with changes from Build Service:
+- fix build on Mandriva 2007, by escaping commented %build macro
-  - new implementation of sysconf_addword, using sed instead of ed.
+- make filelist of man pages independant of the compression method
-    Moving it from the -utils subpackage into the parent package,
+  (gz, bz2, lzma)
    where it's actually needed. If sysconf_addword is already present
    in the system, it is preferred (by PATH). That's because the tool
    has been integrated into aaa_base.rpm with openSUSE 11.0.
    Removing the requires on the ed package. [bnc#377131]
  - better documentation how to enable SSL in /etc/sysconfig/apache2
  - quickstart readme: the link to the openSUSE wiki is about to move
  - add "127.0.0.1" to the local access list in mod_status.conf,
    because on some systems "localhost" seems to resolve only to IPv6
    localhost
  - /etc/init.d/apache2: implement restart-graceful, stop-graceful
  - fix graceful-restart. Wait until the pidfile is gone, but don't
    wait for the parent to disappear. It stays there, after closing
    the listen ports.
  - don't configure in maintainer-mode. It not only enables compile
    time warnings, but also adds AP_DEBUG into the mix which causes
    enablement of debug code which is not wanted in production
    builds.
  - drop obsolete patches mod_dbd.c-issue18989-autoconnect.dif and
    mod_dbd.c-r571441, as the 2.2.8 mod_dbd is just fine.
 -------------------------------------------------------------------
-Tue Apr  1 16:05:07 CEST 2008 - mkoenig@suse.de
+Fri Apr 18 11:55:14 CEST 2008 - poeml@suse.de
- remove dir /usr/share/omc/svcinfo.d as it is provided now
+- fix from Factory:
-  by filesystem 
+  - remove dir /usr/share/omc/svcinfo.d as it is provided now
    by filesystem 
 - remove obsolete httpd-2.2.x.doublefree.patch file, which isn't
  used since quite some time since the issue is resolved.
 -------------------------------------------------------------------
-Fri Mar 14 15:28:13 CET 2008 - skh@suse.de
+Thu Apr 17 17:58:02 CEST 2008 - poeml@suse.de
- update to upstream 2.2.8 --> see CHANGES in package for details
+- new implementation of sysconf_addword, using sed instead of ed.
- removed obsolete patches:
+  Moving it from the -utils subpackage into the parent package,
-  - apache2-mod_cache-CVE-2007-1863.patch
+  where it's actually needed. If sysconf_addword is already present
-  - apache2-mod_status-CVE-2006-5752.patch
+  in the system, it is preferred (by PATH). That's because the tool
-  - httpd-2.2.4-mod_autoindex-charset-r570962.patch
+  has been integrated into aaa_base.rpm with openSUSE 11.0.
-  - httpd-2.2.x.doublefree.patch
+  Removing the requires on the ed package. [bnc#377131]
 -------------------------------------------------------------------
-Thu Dec 13 16:58:03 CET 2007 - ro@suse.de
+Wed Mar 12 14:29:04 CET 2008 - poeml@suse.de
- remove sysconf_addword, now in aaa_base (#328599)
+- require ed package, since ed is needed by sysconf_addword, which
  in turn is used by a2enmod/a2enflag
 -------------------------------------------------------------------
-Mon Oct 22 17:38:19 CEST 2007 - sbrabec@suse.cz
+Fri Feb 29 14:06:52 CET 2008 - poeml@suse.de
- Use correct SuSEfirewall2 rule directory.
+- better documentation how to enable SSL in /etc/sysconfig/apache2
 - quickstart readme: the link to the openSUSE wiki is about to move
 -------------------------------------------------------------------
 Tue Feb 19 13:14:45 CET 2008 - poeml@suse.de
 - add "127.0.0.1" to the local access list in mod_status.conf,
  because on some systems "localhost" seems to resolve only to IPv6
  localhost
 -------------------------------------------------------------------
 Sat Feb  2 05:37:34 CET 2008 - crrodriguez@suse.de
 - upstream 2.2.8
  SECURITY: CVE-2007-6421 (cve.mitre.org)
     mod_proxy_balancer: Correctly escape the worker route and the worker
     redirect string in the HTML output of the balancer manager.
     Reported by SecurityReason.
  SECURITY: CVE-2007-6422 (cve.mitre.org)
     Prevent crash in balancer manager if invalid balancer name is passed
     as parameter. Reported by SecurityReason.
  SECURITY: CVE-2007-6388 (cve.mitre.org)
     mod_status: Ensure refresh parameter is numeric to prevent
     a possible XSS attack caused by redirecting to other URLs.
     Reported by SecurityReason.
  SECURITY: CVE-2007-5000 (cve.mitre.org)
     mod_imagemap: Fix a cross-site scripting issue.  Reported by JPCERT.
  SECURITY: CVE-2008-0005 (cve.mitre.org)
     Introduce the ProxyFtpDirCharset directive, allowing the administrator
     to identify a default, or specific servers or paths which list their
     contents in other-than ISO-8859-1 charset (e.g. utf-8).
  mod_autoindex: 
   - Generate valid XHTML output by adding the xhtml namespace. PR 43649
  mod_charset_lite: 
   - Don't crash when the request has no associated filename.
  mod_dav: 
   - Fix evaluation of If-Match * and If-None-Match * conditionals.  PR 38034
   - Adjust etag generation to produce identical results on 32-bit
     and 64-bit platforms and avoid a regression with conditional PUT's on lock
     and etag. PR 44152.
  mod_deflate: 
   - initialise inflate-out filter correctly when the first brigade
     contains no data buckets.  PR 43512
  mod_disk_cache: 
  - Delete temporary files if they cannot be renamed to their final
    name.
  mod_filter: 
   - Don't segfault on (unsupported) chained FilterProvider usage.  PR 43956
  mod_include: 
   - Add an "if" directive syntax to test whether an URL is
     accessible, and if so, conditionally display content. This
     allows a webmaster to hide a link to a private page when the
     user has no access to that page.
  mod_ldap: 
   - Try to establish a new backend LDAP connection when the
     Microsoft LDAP client library returns LDAP_UNAVAILABLE, e.g.
     after the LDAP server has closed the connection due to a
     timeout.  PR 39095
   - Give callers a reference to data copied into the request pool
     instead of references directly into the cache PR 43786
   - Stop passing a reference to pconf around for (limited) use
     during request processing, avoiding possible memory corruption
     and crashes.
  mod_proxy: 
   - Canonicalisation improvements. Add "nocanon" keyword to
     ProxyPass, to suppress URI-canonicalisation in a reverse proxy. Also,
     don't escape/unescape forward-proxied URLs.  PR 41798, 42592
   - Don't by default violate RFC2616 by setting Max-Forwards when
     the client didn't send it to us.  Leave that as a
     configuration option.  PR 16137
   - Fix persistent backend connections.  PR 43472
   - escape error-notes correctly PR 40952
   - check ProxyBlock for all blocked addresses PR 36987
   - Don't lose bytes when a response line arrives in small chunks.
     PR 40894
  mod_proxy_ajp: 
   - Use 64K as maximum AJP packet size. This is the maximum length
     we can squeeze inside the AJP message packet.
   - Ignore any ajp13 flush packets received before we send the
     response headers. See Tomcat PR 43478.
   - Differentiate within AJP between GET and HEAD requests. PR 43060
  mod_proxy_balancer: 
   - Do not reset lbstatus, lbfactor and lbset when starting a new
     child.  PR 39907
  mod_proxy_http: 
   - Remove Warning headers with wrong date PR 16138
   - Correctly parse all Connection headers in proxy.  PR 43509
   - add Via header correctly (if enabled) to response, even where
     other Via headers exist.  PR 19439
   - Correctly forward unexpected interim (HTTP 1xx) responses from
     the backend according to RFC2616.  But make it configurable in
     case something breaks on it.  PR 16518
   - strip hop-by-hop response headers PR 43455
   - Propagate Proxy-Authorization header correctly.  PR 25947
   - Don't segfault on bad line in FTP listing PR 40733
  mod_rewrite: 
   - Add option to suppress URL unescaping PR 34602
   - Add the novary flag to RewriteCond.
  mod_substitute: 
   - Added a new output filter, which performs inline response
     content pattern matching (including regex) and substitution.
  mod_ssl: 
   - Fix handling of the buffered request body during a per-location
     renegotiation, when an internal redirect occurs.  PR 43738.
   - Fix SSL client certificate extensions parsing bug. PR 44073.
   - Prevent memory corruption of version string.  PR 43865, 43334
  mod_status: 
   - Add SeeRequestTail directive, which determines if
     ExtendedStatus displays the 1st 63 characters of the request
     or the last 63. Useful for those requests with large string
     lengths and which only vary with the last several characters.
  event MPM: 
   - Add support for running under mod_ssl, by reverting to the
     Worker MPM behaviors, when run under an input filter that buffers
     its own data.
  core: 
   - Fix regression in 2.2.7 in chunk filtering with massively
     chunked requests.
   - Lower memory consumption of ap_r* functions by reusing the
     brigade instead of recreating it during each filter pass.
   - Lower memory consumption in case that flush buckets are passed
     thru the chunk filter as last bucket of a brigade. PR 23567.
   - Fix broken chunk filtering that causes all non blocking reads
     to be converted into blocking reads.  PR 19954, 41056.
   - Change etag generation to produce identical results on 32-bit
     and 64-bit platforms.  PR 40064.
   - Handle unrecognised transfer-encodings.  PR 43882
   - Avoid some unexpected connection closes by telling the client
     that the connection is not persistent if the MPM process
     handling the request is already exiting when the response
     header is built.
   - fix possible crash at startup in case of nonexistent
     DocumentRoot.  PR 39722
   - http_core: OPTIONS * no longer maps to local storage or URI
     space. Note that unlike previous versions, OPTIONS * no longer
     returns an Allow: header. PR 43519
   - scoreboard: improve error message on apr_shm_create failure PR
     40037
   - Don't send spurious "100 Continue" response lines.  PR 38014
   - http_protocol: 
     - Escape request method in 413 error reporting.  Determined to
       be not generally exploitable, but a flaw in any case.  PR
       44014
     - Add "DefaultType none" option.  PR 13986 and PR 16139
     - Escape request method in 405 error reporting.  This has no
       security impact since the browser cannot be tricked into
       sending arbitrary method strings.
  - Various code cleanups. PR 38699, 39518, 42005, 42006, 42007, 42008, 42009
  - Add explicit charset to the output of various modules to work
    around possible cross-site scripting flaws affecting web
    browsers that do not derive the response character set as
    required by  RFC2616.  One of these reported by SecurityReason
  - rotatelogs: Change command-line parsing to report more types
     of errors.  Allow local timestamps to be used when rotating based
     on file size.
 -------------------------------------------------------------------
 Wed Sep 12 20:11:37 CEST 2007 - poeml@suse.de
 - fix graceful-restart. Wait until the pidfile is gone, but don't
  wait for the parent to disappear. It stays there, after closing
  the listen ports.
 -------------------------------------------------------------------
 Wed Sep 12 15:49:15 CEST 2007 - poeml@suse.de
 - use debug_package macro only on suse, because it breaks the build
  on Mandriva
 -------------------------------------------------------------------
 Wed Sep 12 13:41:16 CEST 2007 - poeml@suse.de
 - don't configure in maintainer-mode. It not only enables compile
  time warnings, but also adds AP_DEBUG into the mix which causes
  enablement of debug code which is not wanted in production
  builds.
 -------------------------------------------------------------------
 Mon Sep 10 17:32:56 CEST 2007 - poeml@suse.de
 - upstream 2.2.6
  SECURITY: CVE-2007-3847 (cve.mitre.org)
     mod_proxy: Prevent reading past the end of a buffer when parsing
     date-related headers.  PR 41144.
  SECURITY: CVE-2007-1863 (cve.mitre.org)
     mod_cache: Prevent a segmentation fault if attributes are listed in a 
     Cache-Control header without any value. 
  SECURITY: CVE-2007-3304 (cve.mitre.org)
     prefork, worker, event MPMs: Ensure that the parent process cannot
     be forced to kill processes outside its process group. 
  SECURITY: CVE-2006-5752 (cve.mitre.org)
     mod_status: Fix a possible XSS attack against a site with a public
     server-status page and ExtendedStatus enabled, for browsers which
     perform charset "detection".  Reported by Stefan Esser.
  SECURITY: CVE-2007-1862 (cve.mitre.org)
     mod_mem_cache: Copy headers into longer lived storage; header names and
     values could previously point to cleaned up storage.  PR 41551.
  mod_alias: 
   - Accept path components (URL part) in Redirects. PR 35314.
  mod_authnz_ldap: 
   - Don't return HTTP_UNAUTHORIZED during authorization when
     LDAP authentication is configured but we haven't seen any 
     'Require ldap-*' directives, allowing authorization to be passed to lower 
     level modules (e.g. Require valid-user) PR 43281 
  mod_autoindex: 
   - Add in Type and Charset options to IndexOptions
     directive. This allows the admin to explicitly set the 
     content-type and charset of the generated page and is therefore
     a viable workaround for buggy browsers affected by CVE-2007-4465
  mod_cache:
   - Remove expired content from cache that cannot be revalidated.
     PR 30370. 
   - Do not set Date or Expires when they are missing from the
     original response or are invalid.  
   - Correctly handle HEAD requests on expired cache content.  PR
     41230.  
   - Let Cache-Control max-age set the expiration of the cached
     representation if Expires is not set.  
   - Allow caching of requests with query arguments when
     Cache-Control max-age is explicitly specified.  
   - Use the same cache key throughout the whole request processing
     to handle escaped URLs correctly.  PR 41475.  
   - Add CacheIgnoreQueryString directive. PR 41484.
   - While serving a cached entity ensure that filters that have
     been applied to this cached entity before saving it to the
     cache are not applied again. PR 40090.  
   - Correctly cache objects whose URL query string has been
     modified by mod_rewrite. PR 40805.  
  mod_cgi, mod_cgid: 
   - Fix use of CGI scripts as ErrorDocuments.  PR 39710.  
  mod_dbd: 
   - Introduce configuration groups to allow inheritance by virtual
     hosts of database configurations from the main server.
     Determine the minimal set of distinct configurations and share
     connection pools whenever possible.  Allow virtual hosts to
     override inherited SQL statements.  PR 41302.  
   - Create memory sub-pools for each DB connection and close DB
     connections in a pool cleanup function.  Ensure prepared
     statements are destroyed before DB connection is closed.  When
     using reslists, prevent segfaults when child processes exit,
     and stop memory leakage of ap_dbd_t structures.  Avoid use of
     global s->process->pool, which isn't destroyed by exiting
     child processes in most multi-process MPMs.  PR 39985.  
   - Handle error conditions in dbd_construct() properly.  Simplify
     ap_dbd_open() and use correct arguments to apr_dbd_error()
     when non-threaded.  Register correct cleanup data in
     non-threaded ap_dbd_acquire() and ap_dbd_cacquire().  Clean up
     configuration data and merge function.  Use ap_log_error()
     wherever possible.
   - Stash DBD connections in request_config of initial request
     only, or else sub-requests and internal redirections may cause
     entire DBD pool to be stashed in a single HTTP request.  
  mod_deflate: 
   - don't try to process metadata buckets as data.  what should
     have been a 413 error was logged as a 500 and a blank screen
     appeared at the browser.
   - fix protocol handling in deflate input filter PR 23287 
  mod_disk_cache: 
   - Allow Vary'd responses to be refreshed properly.
  mod_dumpio: 
   - Fix for correct dumping of traffic on EBCDIC hosts Data had
     been incorrectly converted twice, resulting in garbled log
     output. 
  mod_expires: 
   - don't crash on bad configuration data PR 43213 
  mod_filter: 
   - fix integer comparisons in dispatch rules PR 41835 
   - fix merging of ! and = in FilterChain PR 42186 
  mod_headers: 
   - Allow % at the end of a Header value. PR 36609.
  mod_info: 
   - mod_info outputs invalid XHTML 1.0 transitional.  PR 42847 
  mod_ldap: 
   - Avoid possible crashes, hangs, and busy loops due to improper
     merging of the cache lock in vhost config PR 43164 
  mod_ldap: 
   - Remove the hardcoded size limit parameter for
     ldap_search_ext_s and replace it with an APR_ defined value
     that is set according to the LDAP SDK being used.
  mod_mem_cache: 
   - Increase the minimum and default value for MCacheMinObjectSize
     from 0 to 1, as a MCacheMinObjectSize of 0 does not make sense
     and leads to a division by zero.  PR 40576.
  mod_negotiation: 
   - preserve Query String in resolving a type map PR 33112 
  mod_proxy:
   -  mod_proxy_http: accept proxy-sendchunked/proxy-sendchunks as
      synonymous.  PR 43183 
   -  Ensure that at least scheme://hostname[:port] matches between
      worker and URL when searching for the best fitting worker for
      a given URL.  PR 40910 
   -  Improve network performance by setting APR_TCP_NODELAY
      (disable Nagle algorithm) on sockets if implemented.  PR 42871 
   -  Add a missing assignment in an error checking code path.  PR 40865 
   -  don't URLencode tilde in path component PR 38448 
   -  enable Ignore Errors option on ProxyPass Status.  PR 43167 
   - Allow to use different values for sessionid in url encoded id
     and cookies. PR 41897. 
   - Fix the 503 returned when session route does not match any of
     the balancer members. 
   - Added ProxyPassMatch directive, which is similar to ProxyPass
     but takes a regex local path prefix. 
   - Print the correct error message for erroneous configured
     ProxyPass directives. PR 40439.  
   - Fix some proxy setting inheritance problems (eg:
     ProxyTimeout). PR 11540.  
   - proxy/ajp_header.c: Fixed header token string comparisons
     Matching of header tokens failed to include the trailing NIL
     byte and could misinterpret a longer header token for a
     shorter.  Additionally, a "Content-Type" comparison was made
     case insensitive.
   - proxy/ajp_header.c: Backport of an AJP protocol fix for EBCDIC
     On EBCDIC machines, the status_line string was incorrectly
     converted twice. 
  mod_proxy_connect: 
   - avoid segfault on DNS lookup failure.  PR 40756 
  mod_proxy_http:
   - HTTP proxy ProxyErrorOverride: Leave 1xx and 3xx responses
     alone.  Only processing of error responses (4xx, 5xx) will be
     altered. PR 39245.
   - Don't try to read body of a HEAD request before responding. PR 41644 
   - Handle request bodies larger than 2 GB by converting the
     Content-Length header of the request correctly. PR 40883.
  mod_ssl: 
   - Fix spurious hostname mismatch warning for valid wildcard
     certificates.  PR 37911.  
   - Version reporting update; displays 'compiled against' Apache
     and build-time SSL Library versions at loglevel [info], while
     reporting the run-time SSL Library version in the server info
     tags.  Helps to identify a mod_ssl built against one flavor of
     OpenSSL but running against another (also adds SSL-C version
     number reporting.)  
   - initialize thread locks before initializing the hardware
     acceleration library, so the latter can make use of the
     former.  PR 20951.  
  core:
   - Do not replace a Date header set by a proxied backend server. PR 40232 
   - log core: ensure we use a special pool for stderr logging, so that
     the stderr channel remains valid from the time plog is destroyed,
     until the time the open_logs hook is called again.
   - main core: Emit errors during the initial apr_app_initialize()
     or apr_pool_create() (when apr-based error reporting is not ready).
   - log core: fix the new piped logger case where we couldn't connect 
     the replacement stderr logger's stderr to the NULL stdout stream.  
     Continue in this case, since the previous alternative of no error 
     logging at all (/dev/null) is far worse. 
   - Correct a regression since 2.0.x in the handling of AllowOverride 
     Options. PR 41829.  
   - Unix MPMs: Catch SIGFPE so that exception hooks and CoreDumpDirectory
     can work after that terminating signal.
   -  mod_so: Provide more helpful LoadModule feedback when an error occurs.
  misc:
   - mime.types: Many updates to sync with IANA registry and common
     unregistered types that the owners refuse to register.  Admins
     are encouraged to update their installed mime.types file.  PR:
     35550, 37798, 39317, 31483 
   - mime.types: add Registered Javascript/ECMAScript MIME types
     (RFC4329) PR 40299 
   - htdbm: Enable crypt support on platforms with crypt() but not
     <crypt.h>, such as z/OS.  
   - ab.c: Correct behavior of HTTP request headers sent by ab in
     presence of -H command-line overrides. PR 31268, 26554.
   - ab.c: The apr_port_t type is unsigned, but ab was using a
     signed format code in its reports. PR 42070.
 - drop obsolete patches apache2-mod_cache-CVE-2007-1863.patch
                        apache2-mod_status-CVE-2006-5752.patch
                        httpd-2.2.4-mod_autoindex-charset-r570962.patch
                        mod_dbd.c-issue18989-autoconnect.dif
                        mod_dbd.c-r571441
 -------------------------------------------------------------------
 Mon Sep  3 13:43:22 CEST 2007 - skh@suse.de
 - get_module_list: replace loadmodule.conf atomically [bnc #214863]
 -------------------------------------------------------------------
 Sat Sep  1 01:49:37 CEST 2007 - poeml@suse.de
 - /etc/init.d/apache2: implement restart-graceful, stop-graceful
 -------------------------------------------------------------------
 Fri Aug 31 14:21:27 CEST 2007 - poeml@suse.de
 - update mod_dbd to trunk version (r571441)
  * apr_dbd_check_conn() just returns APR_SUCCESS or
    APR_EGENERAL, so we don't actually have a driver-specific value
    to pass to apr_dbd_error(), but that's OK because most/all
    drivers just ignore this value anyway
 -------------------------------------------------------------------
 Fri Aug 31 12:37:27 CEST 2007 - poeml@suse.de
--- a/apache2.spec
+++ b/apache2.spec
@ -1,5 +1,5 @@
 #
-# spec file for package apache2 (Version 2.2.8)
+# spec file for package apache2 (Version 2.2.9)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@ -61,9 +61,9 @@ BuildRequires:  expat-devel
 %define platform_string	Linux/%VENDOR
 License:        The Apache Software License
 Group:          Productivity/Networking/Web/Servers
-%define realver 2.2.8
+%define realver 2.2.9
-Version:        2.2.8
+Version:        2.2.9
-Release:        50
+Release:        1
 #Source0:      http://www.apache.org/dist/httpd-%{version}.tar.bz2
 Source0:        http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2
 Source10:       SUSE-NOTICE
@ -111,12 +111,10 @@ Source131:      apache2-vhost-ssl.template
 Source140:      apache2-check_forensic
 Source141:      apache-20-22-upgrade
 Patch2:         httpd-2.1.3alpha-layout.dif
 Patch10:        httpd-2.1.3alpha-autoconf-2.59.dif
 Patch23:        httpd-2.1.9-apachectl.dif
 Patch65:        httpd-2.0.49-log_server_status.dif
 Patch66:        httpd-2.0.54-envvars.dif
 Patch67:        httpd-2.2.0-apxs-a2enmod.dif
 Patch68:        httpd-2.2.x-CVE-2008-1678.patch
 Url:            http://httpd.apache.org/
 Icon:           Apache.xpm
 Summary:        The Apache Web Server Version 2.0
@ -322,9 +320,6 @@ Authors:
 --------
    Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE
 %if 0%{?opensuse_bs}
 %endif
 %prep
 #  
 #  O/ ._ .__ ._
@ -333,12 +328,10 @@ Authors:
 #  
 %setup -q -n httpd-%{realver}
 %patch2 -p1
 %patch10 -p1
 %patch23 -p1
 %patch65 -p1
 %patch66 -p1
 %patch67 -p1
 %patch68 -p3
 #
 cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
 #
@ -351,8 +344,14 @@ sed 's/public_html/%{userdir}/g' docs/conf/extra/httpd-userdir.conf.in > tmp_fil
 #
 # now configure Apache 
 #
 %if 0%{?suse_version} > 910
 aclocal
 autoreconf --force --install
 %else
 rm -rf aclocal.m4 autom4te*.cache
 autoheader
 autoconf
 %endif
 %build
 #
@ -361,9 +360,6 @@ autoreconf --force --install
 #
 function configure {
 	CFLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing -DLDAP_DEPRECATED" \
 %if 0%{?opensuse_bs}
 	CFLAGS="$CFLAGS -g"
 %endif
 	CPPFLAGS="-DSSL_EXPERIMENTAL_ENGINE -DMAX_SERVER_LIMIT=200000 -DLDAP_DEPRECATED -DMAXLINE=4096" \
 	./configure \
 		--enable-layout=SuSE81%(test "%_lib" = lib64 && echo -n _64) \
@ -450,9 +446,6 @@ for mpm in %{mpms_to_build}; do
 	make CFLAGS="$RPM_OPT_FLAGS -fPIC \
 		-fno-strict-aliasing \
 		-Wall \
 %if 0%{?opensuse_bs}
 		-g \
 %endif
 		-DDEFAULT_PIDLOG='\"%{runtimedir}/%{httpd}.pid\"' \
 		-DDEFAULT_ERRORLOG='\"%{logfiledir}/error_log\"' " \
 		%{?jobs:-j%jobs} 
@ -532,7 +525,7 @@ done
 #  /O || |_> |_(_|||
 #  
 #
-# (most installation (to build root) has already been done in %build)
+# (most installation (to build root) has already been done in %%build)
 #
 # save MODULE_MAGIC_NUMBER
 cat > $RPM_BUILD_ROOT/%{_libdir}/%{pname}_MMN <<-EOF
@ -787,10 +780,10 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
 %doc support/SHA1
 %doc %attr(755,root,root) certificate.sh
 %doc %attr(755,root,root) mkcert.sh
-%doc %{_mandir}/man8/apachectl%{vers}.8.gz
+%doc %{_mandir}/man8/apachectl%{vers}.8.*
-%doc %{_mandir}/man8/htcacheclean%{vers}.8.gz
+%doc %{_mandir}/man8/htcacheclean%{vers}.8.*
-%doc %{_mandir}/man8/%{httpd}.8.gz
+%doc %{_mandir}/man8/%{httpd}.8.*
-%doc %{_mandir}/man8/apxs%{vers}.8.gz
+%doc %{_mandir}/man8/apxs%{vers}.8.*
 %doc robots.txt
 %doc printenv
 %doc test-cgi
@ -906,14 +899,14 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
 %files utils
 %defattr(-,root,root)
-%doc %{_mandir}/man8/ab%{vers}.8.gz
+%doc %{_mandir}/man8/ab%{vers}.8.*
-%doc %{_mandir}/man1/dbmmanage%{vers}.1.gz
+%doc %{_mandir}/man1/dbmmanage%{vers}.1.*
-%doc %{_mandir}/man1/htdbm%{vers}.1.gz
+%doc %{_mandir}/man1/htdbm%{vers}.1.*
-%doc %{_mandir}/man1/htdigest%{vers}.1.gz
+%doc %{_mandir}/man1/htdigest%{vers}.1.*
-%doc %{_mandir}/man1/htpasswd%{vers}.1.gz
+%doc %{_mandir}/man1/htpasswd%{vers}.1.*
-%doc %{_mandir}/man8/logresolve%{vers}.8.gz
+%doc %{_mandir}/man8/logresolve%{vers}.8.*
-%doc %{_mandir}/man8/rotatelogs%{vers}.8.gz
+%doc %{_mandir}/man8/rotatelogs%{vers}.8.*
-%doc %{_mandir}/man8/suexec%{vers}.8.gz
+%doc %{_mandir}/man8/suexec%{vers}.8.*
 %{_bindir}/check_forensic%{vers}
 %{_bindir}/dbmmanage%{vers}
 %{_bindir}/gensslcert
@ -987,23 +980,11 @@ usermod -g %httpdgroup %httpduser 2>/dev/null ||:
 usermod -s /bin/false %httpduser 2>/dev/null ||:
 tmpdir=$(mktemp -d etc/%{pname}/%{pname}-post.XXXXXX); test $? = 0 || { echo >&2 Could not create tmpdir. Exiting; exit 1; }
 tmpfile=$tmpdir/tmpfile
 RC_CONFIG=etc/rc.config
 if [ -e $RC_CONFIG ]; then 
 	. $RC_CONFIG
 	if [ "$START_HTTPD" = no -a "$START_HTTPSD" = yes ]; then
 		echo -n "removing obsolete START_HTTPSD from etc/rc.config ..."
 		sed -e 's+START_HTTPD=.*+START_HTTPD=yes+' \
 		    -e 's+START_HTTPSD=.*++' $RC_CONFIG > $tmpfile \
 			&& cp $tmpfile $RC_CONFIG
 		echo "done"
 	fi
 fi
 if test -s etc/sysconfig/%{pname} && grep -q "^LOADMODULES" etc/sysconfig/%{pname}; then 
 	sed "s/LOADMODULES/APACHE_MODULES/" etc/sysconfig/%{pname} >| $tmpfile \
 		&& cp $tmpfile etc/sysconfig/%{pname}
 fi
-%{fillup_and_insserv -n apache2 apache2}
+%{fillup_and_insserv apache2}
 %{fillup_only -ans apache2 apache2}
 # Update ?
 if [ ${FIRST_ARG:-0} -gt 1 ]; then
 	# update from package with the old near-monolithic conf file?
@ -1040,10 +1021,156 @@ if ! test -f /.buildenv; then
 fi
 %changelog
-* Thu Aug 28 2008 ro@suse.de
+* Wed Aug 27 2008 poeml@suse.de
- remove deprecated options from fillup and insserv call
+- drop rc.config handling (was removed in or after SuSE Linux 8.0)
-* Mon Aug 25 2008 ro@suse.de
+- don't use fillup_insserv options which have been removed lately
- initscript: copy Should-Start to Should-Stop to fix build
+* Fri Aug 15 2008 poeml@suse.de
 - fix init script LSB headers
 * Wed Jun 25 2008 poeml@suse.de
 - add note to /etc/sysconfig/apache2 and /etc/init.d/apache2 about
  how to set ulimits when starting the server
 - undocument APACHE_BUFFERED_LOGS and APACHE_TIMEOUT in the
  sysconfig template. They still work but I think it is good to
  keep this stuff out of the beginner's config, first because both
  features are sophisticated enough to not being tweaked in most
  cases, second because it only confuses people I guess, and makes
  the sysconfig file larger than necessary.
 * Sun Jun 15 2008 poeml@suse.de
 - update to 2.2.9:
  SECURITY: CVE-2008-2364 (cve.mitre.org)
  mod_proxy_http: Better handling of excessive interim responses
  from origin server to prevent potential denial of service and
  high memory usage. Reported by Ryujiro Shibuya.
  SECURITY: CVE-2007-6420 (cve.mitre.org)
  mod_proxy_balancer: Prevent CSRF attacks against the
  balancer-manager interface.
   - htpasswd: Fix salt generation weakness. PR 31440
  worker/event MPM:
   - Fix race condition in pool recycling that leads to
  segmentation faults under load.  PR 44402
  core:
   - Fix address-in-use startup failure on some platforms caused by
  creating an IPv4 listener which overlaps with an existing IPv6
  listener.
   - Add the filename of the configuration file to the warning
  message about the useless use of AllowOverride. PR 39992.
   - Do not allow Options ALL if not all options are allowed to be
  overwritten. PR 44262
   - reinstate location walk to fix config for subrequests PR 41960
   - Fix garbled TRACE response on EBCDIC platforms.
   - gen_test_char: add double-quote to the list of
  T_HTTP_TOKEN_STOP.  PR 9727
  http_filters:
   - Don't return 100-continue on redirects. PR 43711
   - Don't return 100-continue on client error PR 43711
   - Don't spin if get an error when reading the next chunk. PR 44381
   - Don't add bogus duplicate Content-Language entries
  suexec:
   - When group is given as a numeric gid, validate it by looking up
  the actual group name such that the name can be used in log entries.
  PR 7862
  mod_authn_dbd:
   - Disambiguate and tidy database authentication error messages.  PR 43210.
  mod_cache:
   - Handle If-Range correctly if the cached resource was stale.  PR 44579
   - Revalidate cache entities which have Cache-Control: no-cache
  set in their response headers. PR 44511
  mod_cgid:
   - Explicitly set permissions of the socket (ScriptSock) shared
  by mod_cgid and request processing threads, for OS'es such as
  HPUX and AIX that do not use umask for AF_UNIX socket permissions.
   - Don't try to restart the daemon if it fails to initialize the socket.
  mod_charset_lite:
   - Add TranslateAllMimeTypes sub-option to CharsetOptions,
  allowing the administrator to skip the mimetype checking that
  precedes translation.
  mod_dav:
   - Return "method not allowed" if the destination URI of a WebDAV
  copy / move operation is no DAV resource. PR 44734
  mod_headers:
   - Add 'merge' option to avoid duplicate values within the same header.
  mod_include:
   - Correctly handle SSI directives split over multiple filter
  mod_log_config:
   - Add format options for %%p so that the actual local or remote
  port can be logged.  PR 43415.
  mod_logio:
   - Provide optional function to allow modules to adjust the
  bytes_in count
  mod_proxy:
   - Make all proxy modules nocanon aware and do not add the
  query string again in this case. PR 44803.
   - scoreboard: Remove unused proxy load balancer elements from scoreboard
  image (not scoreboard memory itself).
   - Support environment variable interpolation in reverse
  proxying directives.
   - Do not try a direct connection if the connection via a
  remote proxy failed before and the request has a request body.
   - ProxyPassReverse is now balancer aware.
   - Lower memory consumption for short lived connections.
  PR 44026.
   - Keep connections to the backend persistent in the HTTPS case.
  mod_proxy_ajp:
   - Do not retry request in the case that we either failed to
  sent a part of the request body or if the request is not idempotent.
  PR 44334
  mod_proxy_ftp:
   - Fix base for directory listings.  PR 27834
  mod_proxy_http:
   - Fix processing of chunked responses if Connection:
  Transfer-Encoding is set in the response of the proxied
  system. PR 44311
   - Return HTTP status codes instead of apr_status_t values for
  errors encountered while forwarding the request body PR 44165
  mod_rewrite:
   - Initialize hash needed by ap_register_rewrite_mapfunc early
  enough. PR 44641
   - Check all files used by DBM maps for freshness, mod_rewrite
  didn't pick up on updated sdbm maps due to this.  PR41190
   - Don't canonicalise URLs with [P,NE] PR 43319
  mod_speling:
   - remove regression from 1.3/2.0 behavior and drop dependency
  between mod_speling and AcceptPathInfo.
  mod_ssl:
   - Fix a memory leak with connections that have zlib compression
  turned on. PR 44975
  mod_substitute:
   - The default is now flattening the buckets after each
  substitution. The newly added 'q' flag allows for the quicker,
  more efficient bucket-splitting if the user so
  mod_unique_id:
   - Fix timestamp value in UNIQUE_ID.  PR 37064
  ab (apache benchmark):
   - Include <limits.h> earlier if available since we may need
  INT_MAX (defined there on Windows) for the definition of MAX_REQUESTS.
   - Improve client performance by clearing connection pool instead
   - Don't stop sending a request if EAGAIN is returned, which
  will only happen if both the write and subsequent wait are
  returning EAGAIN, and count posted bytes correctly when the initial
  write of a request is not complete. PR 10038, 38861, 39679
   - Overhaul stats collection and reporting to avoid integer
  truncation and time divisions within the test loop, retain
  native time resolution until output, remove unused data,
  consistently round milliseconds, and generally avoid losing
  accuracy of calculation due to type casts. PR 44878, 44931.
   - Add -r option to continue after socket receive errors.
   - Do not try to read non existing response bodies of HEAD requests.
   - Use a 64 bit unsigned int instead of a signed long to count the
  rotatelogs:
   - Log the current file size and error code/description when
  failing to write to the log file.
   - Added '-f' option to force rotatelogs to create the logfile as
  soon as started, and not wait until it reads the first entry.
   - Don't leak memory when reopening the logfile.  PR 40183
   - Improve atomicity when using -l and cleaup code.  PR 44004
 - drop obsolete patches httpd-2.1.3alpha-autoconf-2.59.dif
  httpd-2.2.x-CVE-2008-1678.patch
 - don't run autoreconf on SLES9
 - remove the addition of -g to the CFLAGS, since the build service
  handles debuginfo packages now
 * Mon Jun 09 2008 poeml@suse.de
 - build service supports the debuginfo flag in metadata now; remove
  debug_package macro from the specfile therefore.
 * Mon May 26 2008 skh@suse.de
 - CVE-2008-1678: modules/ssl/mod_ssl.c (ssl_cleanup_pre_config):
  Remove the call to CRYPTO_cleanup_all_ex_data here, fixing a
@ -1051,45 +1178,388 @@ fi
  support for a compression algorithm in the initial handshake, and
  mod_ssl is linked against OpenSSL >= 0.9.8f.  [bnc#392096]
  httpd-2.2.x-CVE-2008-1678.patch
 * Thu May 15 2008 poeml@suse.de
 - fix build on Mandriva 2007, by escaping commented %%build macro
 - make filelist of man pages independant of the compression method
  (gz, bz2, lzma)
 * Fri Apr 18 2008 poeml@suse.de
- sync up with changes from Build Service:
+- fix from Factory:
-  - new implementation of sysconf_addword, using sed instead of ed.
+  - remove dir /usr/share/omc/svcinfo.d as it is provided now
  by filesystem
 - remove obsolete httpd-2.2.x.doublefree.patch file, which isn't
  used since quite some time since the issue is resolved.
 * Thu Apr 17 2008 poeml@suse.de
 - new implementation of sysconf_addword, using sed instead of ed.
  Moving it from the -utils subpackage into the parent package,
  where it's actually needed. If sysconf_addword is already present
  in the system, it is preferred (by PATH). That's because the tool
  has been integrated into aaa_base.rpm with openSUSE 11.0.
  Removing the requires on the ed package. [bnc#377131]
-  - better documentation how to enable SSL in /etc/sysconfig/apache2
+* Wed Mar 12 2008 poeml@suse.de
-  - quickstart readme: the link to the openSUSE wiki is about to move
+- require ed package, since ed is needed by sysconf_addword, which
-  - add "127.0.0.1" to the local access list in mod_status.conf,
+  in turn is used by a2enmod/a2enflag
 * Fri Feb 29 2008 poeml@suse.de
 - better documentation how to enable SSL in /etc/sysconfig/apache2
 - quickstart readme: the link to the openSUSE wiki is about to move
 * Tue Feb 19 2008 poeml@suse.de
 - add "127.0.0.1" to the local access list in mod_status.conf,
  because on some systems "localhost" seems to resolve only to IPv6
  localhost
-  - /etc/init.d/apache2: implement restart-graceful, stop-graceful
+* Sat Feb 02 2008 crrodriguez@suse.de
-  - fix graceful-restart. Wait until the pidfile is gone, but don't
+- upstream 2.2.8
  SECURITY: CVE-2007-6421 (cve.mitre.org)
  mod_proxy_balancer: Correctly escape the worker route and the worker
  redirect string in the HTML output of the balancer manager.
  Reported by SecurityReason.
  SECURITY: CVE-2007-6422 (cve.mitre.org)
  Prevent crash in balancer manager if invalid balancer name is passed
  as parameter. Reported by SecurityReason.
  SECURITY: CVE-2007-6388 (cve.mitre.org)
  mod_status: Ensure refresh parameter is numeric to prevent
  a possible XSS attack caused by redirecting to other URLs.
  Reported by SecurityReason.
  SECURITY: CVE-2007-5000 (cve.mitre.org)
  mod_imagemap: Fix a cross-site scripting issue.  Reported by JPCERT.
  SECURITY: CVE-2008-0005 (cve.mitre.org)
  Introduce the ProxyFtpDirCharset directive, allowing the administrator
  to identify a default, or specific servers or paths which list their
  contents in other-than ISO-8859-1 charset (e.g. utf-8).
  mod_autoindex:
   - Generate valid XHTML output by adding the xhtml namespace. PR 43649
  mod_charset_lite:
   - Don't crash when the request has no associated filename.
  mod_dav:
   - Fix evaluation of If-Match * and If-None-Match * conditionals.  PR 38034
   - Adjust etag generation to produce identical results on 32-bit
  and 64-bit platforms and avoid a regression with conditional PUT's on lock
  and etag. PR 44152.
  mod_deflate:
   - initialise inflate-out filter correctly when the first brigade
  contains no data buckets.  PR 43512
  mod_disk_cache:
  - Delete temporary files if they cannot be renamed to their final
  name.
  mod_filter:
   - Don't segfault on (unsupported) chained FilterProvider usage.  PR 43956
  mod_include:
   - Add an "if" directive syntax to test whether an URL is
  accessible, and if so, conditionally display content. This
  allows a webmaster to hide a link to a private page when the
  user has no access to that page.
  mod_ldap:
   - Try to establish a new backend LDAP connection when the
  Microsoft LDAP client library returns LDAP_UNAVAILABLE, e.g.
  after the LDAP server has closed the connection due to a
  timeout.  PR 39095
   - Give callers a reference to data copied into the request pool
  instead of references directly into the cache PR 43786
   - Stop passing a reference to pconf around for (limited) use
  during request processing, avoiding possible memory corruption
  and crashes.
  mod_proxy:
   - Canonicalisation improvements. Add "nocanon" keyword to
  ProxyPass, to suppress URI-canonicalisation in a reverse proxy. Also,
  don't escape/unescape forward-proxied URLs.  PR 41798, 42592
   - Don't by default violate RFC2616 by setting Max-Forwards when
  the client didn't send it to us.  Leave that as a
  configuration option.  PR 16137
   - Fix persistent backend connections.  PR 43472
   - escape error-notes correctly PR 40952
   - check ProxyBlock for all blocked addresses PR 36987
   - Don't lose bytes when a response line arrives in small chunks.
  PR 40894
  mod_proxy_ajp:
   - Use 64K as maximum AJP packet size. This is the maximum length
  we can squeeze inside the AJP message packet.
   - Ignore any ajp13 flush packets received before we send the
  response headers. See Tomcat PR 43478.
   - Differentiate within AJP between GET and HEAD requests. PR 43060
  mod_proxy_balancer:
   - Do not reset lbstatus, lbfactor and lbset when starting a new
  child.  PR 39907
  mod_proxy_http:
   - Remove Warning headers with wrong date PR 16138
   - Correctly parse all Connection headers in proxy.  PR 43509
   - add Via header correctly (if enabled) to response, even where
  other Via headers exist.  PR 19439
   - Correctly forward unexpected interim (HTTP 1xx) responses from
  the backend according to RFC2616.  But make it configurable in
  case something breaks on it.  PR 16518
   - strip hop-by-hop response headers PR 43455
   - Propagate Proxy-Authorization header correctly.  PR 25947
   - Don't segfault on bad line in FTP listing PR 40733
  mod_rewrite:
   - Add option to suppress URL unescaping PR 34602
   - Add the novary flag to RewriteCond.
  mod_substitute:
   - Added a new output filter, which performs inline response
  content pattern matching (including regex) and substitution.
  mod_ssl:
   - Fix handling of the buffered request body during a per-location
  renegotiation, when an internal redirect occurs.  PR 43738.
   - Fix SSL client certificate extensions parsing bug. PR 44073.
   - Prevent memory corruption of version string.  PR 43865, 43334
  mod_status:
   - Add SeeRequestTail directive, which determines if
  ExtendedStatus displays the 1st 63 characters of the request
  or the last 63. Useful for those requests with large string
  lengths and which only vary with the last several characters.
  event MPM:
   - Add support for running under mod_ssl, by reverting to the
  Worker MPM behaviors, when run under an input filter that buffers
  its own data.
  core:
   - Fix regression in 2.2.7 in chunk filtering with massively
  chunked requests.
   - Lower memory consumption of ap_r* functions by reusing the
  brigade instead of recreating it during each filter pass.
   - Lower memory consumption in case that flush buckets are passed
  thru the chunk filter as last bucket of a brigade. PR 23567.
   - Fix broken chunk filtering that causes all non blocking reads
  to be converted into blocking reads.  PR 19954, 41056.
   - Change etag generation to produce identical results on 32-bit
  and 64-bit platforms.  PR 40064.
   - Handle unrecognised transfer-encodings.  PR 43882
   - Avoid some unexpected connection closes by telling the client
  that the connection is not persistent if the MPM process
  handling the request is already exiting when the response
  header is built.
   - fix possible crash at startup in case of nonexistent
  DocumentRoot.  PR 39722
   - http_core: OPTIONS * no longer maps to local storage or URI
  space. Note that unlike previous versions, OPTIONS * no longer
  returns an Allow: header. PR 43519
   - scoreboard: improve error message on apr_shm_create failure PR
  40037
   - Don't send spurious "100 Continue" response lines.  PR 38014
   - http_protocol:
     - Escape request method in 413 error reporting.  Determined to
  be not generally exploitable, but a flaw in any case.  PR
  44014
     - Add "DefaultType none" option.  PR 13986 and PR 16139
     - Escape request method in 405 error reporting.  This has no
  security impact since the browser cannot be tricked into
  sending arbitrary method strings.
  - Various code cleanups. PR 38699, 39518, 42005, 42006, 42007, 42008, 42009
  - Add explicit charset to the output of various modules to work
  around possible cross-site scripting flaws affecting web
  browsers that do not derive the response character set as
  required by  RFC2616.  One of these reported by SecurityReason
  - rotatelogs: Change command-line parsing to report more types
  of errors.  Allow local timestamps to be used when rotating based
  on file size.
 * Wed Sep 12 2007 poeml@suse.de
 - fix graceful-restart. Wait until the pidfile is gone, but don't
  wait for the parent to disappear. It stays there, after closing
  the listen ports.
-  - don't configure in maintainer-mode. It not only enables compile
+* Wed Sep 12 2007 poeml@suse.de
 - use debug_package macro only on suse, because it breaks the build
  on Mandriva
 * Wed Sep 12 2007 poeml@suse.de
 - don't configure in maintainer-mode. It not only enables compile
  time warnings, but also adds AP_DEBUG into the mix which causes
  enablement of debug code which is not wanted in production
  builds.
-  - drop obsolete patches mod_dbd.c-issue18989-autoconnect.dif and
+* Mon Sep 10 2007 poeml@suse.de
-  mod_dbd.c-r571441, as the 2.2.8 mod_dbd is just fine.
+- upstream 2.2.6
-* Tue Apr 01 2008 mkoenig@suse.de
+  SECURITY: CVE-2007-3847 (cve.mitre.org)
- remove dir /usr/share/omc/svcinfo.d as it is provided now
+  mod_proxy: Prevent reading past the end of a buffer when parsing
-  by filesystem
+  date-related headers.  PR 41144.
-* Fri Mar 14 2008 skh@suse.de
+  SECURITY: CVE-2007-1863 (cve.mitre.org)
- update to upstream 2.2.8 --> see CHANGES in package for details
+  mod_cache: Prevent a segmentation fault if attributes are listed in a
- removed obsolete patches:
+  Cache-Control header without any value.
-  - apache2-mod_cache-CVE-2007-1863.patch
+  SECURITY: CVE-2007-3304 (cve.mitre.org)
-  - apache2-mod_status-CVE-2006-5752.patch
+  prefork, worker, event MPMs: Ensure that the parent process cannot
-  - httpd-2.2.4-mod_autoindex-charset-r570962.patch
+  be forced to kill processes outside its process group.
-  - httpd-2.2.x.doublefree.patch
+  SECURITY: CVE-2006-5752 (cve.mitre.org)
-* Thu Dec 13 2007 ro@suse.de
+  mod_status: Fix a possible XSS attack against a site with a public
- remove sysconf_addword, now in aaa_base (#328599)
+  server-status page and ExtendedStatus enabled, for browsers which
-* Mon Oct 22 2007 sbrabec@suse.cz
+  perform charset "detection".  Reported by Stefan Esser.
- Use correct SuSEfirewall2 rule directory.
+  SECURITY: CVE-2007-1862 (cve.mitre.org)
  mod_mem_cache: Copy headers into longer lived storage; header names and
  values could previously point to cleaned up storage.  PR 41551.
  mod_alias:
   - Accept path components (URL part) in Redirects. PR 35314.
  mod_authnz_ldap:
   - Don't return HTTP_UNAUTHORIZED during authorization when
  LDAP authentication is configured but we haven't seen any
  'Require ldap-*' directives, allowing authorization to be passed to lower
  level modules (e.g. Require valid-user) PR 43281
  mod_autoindex:
   - Add in Type and Charset options to IndexOptions
  directive. This allows the admin to explicitly set the
  content-type and charset of the generated page and is therefore
  a viable workaround for buggy browsers affected by CVE-2007-4465
  mod_cache:
   - Remove expired content from cache that cannot be revalidated.
  PR 30370.
   - Do not set Date or Expires when they are missing from the
  original response or are invalid.
   - Correctly handle HEAD requests on expired cache content.  PR
  41230.
   - Let Cache-Control max-age set the expiration of the cached
  representation if Expires is not set.
   - Allow caching of requests with query arguments when
  Cache-Control max-age is explicitly specified.
   - Use the same cache key throughout the whole request processing
  to handle escaped URLs correctly.  PR 41475.
   - Add CacheIgnoreQueryString directive. PR 41484.
   - While serving a cached entity ensure that filters that have
  been applied to this cached entity before saving it to the
  cache are not applied again. PR 40090.
   - Correctly cache objects whose URL query string has been
  modified by mod_rewrite. PR 40805.
  mod_cgi, mod_cgid:
   - Fix use of CGI scripts as ErrorDocuments.  PR 39710.
  mod_dbd:
   - Introduce configuration groups to allow inheritance by virtual
  hosts of database configurations from the main server.
  Determine the minimal set of distinct configurations and share
  connection pools whenever possible.  Allow virtual hosts to
  override inherited SQL statements.  PR 41302.
   - Create memory sub-pools for each DB connection and close DB
  connections in a pool cleanup function.  Ensure prepared
  statements are destroyed before DB connection is closed.  When
  using reslists, prevent segfaults when child processes exit,
  and stop memory leakage of ap_dbd_t structures.  Avoid use of
  global s->process->pool, which isn't destroyed by exiting
  child processes in most multi-process MPMs.  PR 39985.
   - Handle error conditions in dbd_construct() properly.  Simplify
  ap_dbd_open() and use correct arguments to apr_dbd_error()
  when non-threaded.  Register correct cleanup data in
  non-threaded ap_dbd_acquire() and ap_dbd_cacquire().  Clean up
  configuration data and merge function.  Use ap_log_error()
  wherever possible.
   - Stash DBD connections in request_config of initial request
  only, or else sub-requests and internal redirections may cause
  entire DBD pool to be stashed in a single HTTP request.
  mod_deflate:
   - don't try to process metadata buckets as data.  what should
  have been a 413 error was logged as a 500 and a blank screen
  appeared at the browser.
   - fix protocol handling in deflate input filter PR 23287
  mod_disk_cache:
   - Allow Vary'd responses to be refreshed properly.
  mod_dumpio:
   - Fix for correct dumping of traffic on EBCDIC hosts Data had
  been incorrectly converted twice, resulting in garbled log
  output.
  mod_expires:
   - don't crash on bad configuration data PR 43213
  mod_filter:
   - fix integer comparisons in dispatch rules PR 41835
   - fix merging of ! and = in FilterChain PR 42186
  mod_headers:
   - Allow %% at the end of a Header value. PR 36609.
  mod_info:
   - mod_info outputs invalid XHTML 1.0 transitional.  PR 42847
  mod_ldap:
   - Avoid possible crashes, hangs, and busy loops due to improper
  merging of the cache lock in vhost config PR 43164
  mod_ldap:
   - Remove the hardcoded size limit parameter for
  ldap_search_ext_s and replace it with an APR_ defined value
  that is set according to the LDAP SDK being used.
  mod_mem_cache:
   - Increase the minimum and default value for MCacheMinObjectSize
  from 0 to 1, as a MCacheMinObjectSize of 0 does not make sense
  and leads to a division by zero.  PR 40576.
  mod_negotiation:
   - preserve Query String in resolving a type map PR 33112
  mod_proxy:
   -  mod_proxy_http: accept proxy-sendchunked/proxy-sendchunks as
  synonymous.  PR 43183
   -  Ensure that at least scheme://hostname[:port] matches between
  worker and URL when searching for the best fitting worker for
  a given URL.  PR 40910
   -  Improve network performance by setting APR_TCP_NODELAY
  (disable Nagle algorithm) on sockets if implemented.  PR 42871
   -  Add a missing assignment in an error checking code path.  PR 40865
   -  don't URLencode tilde in path component PR 38448
   -  enable Ignore Errors option on ProxyPass Status.  PR 43167
   - Allow to use different values for sessionid in url encoded id
  and cookies. PR 41897.
   - Fix the 503 returned when session route does not match any of
  the balancer members.
   - Added ProxyPassMatch directive, which is similar to ProxyPass
  but takes a regex local path prefix.
   - Print the correct error message for erroneous configured
  ProxyPass directives. PR 40439.
   - Fix some proxy setting inheritance problems (eg:
  ProxyTimeout). PR 11540.
   - proxy/ajp_header.c: Fixed header token string comparisons
  Matching of header tokens failed to include the trailing NIL
  byte and could misinterpret a longer header token for a
  shorter.  Additionally, a "Content-Type" comparison was made
  case insensitive.
   - proxy/ajp_header.c: Backport of an AJP protocol fix for EBCDIC
  On EBCDIC machines, the status_line string was incorrectly
  converted twice.
  mod_proxy_connect:
   - avoid segfault on DNS lookup failure.  PR 40756
  mod_proxy_http:
   - HTTP proxy ProxyErrorOverride: Leave 1xx and 3xx responses
  alone.  Only processing of error responses (4xx, 5xx) will be
  altered. PR 39245.
   - Don't try to read body of a HEAD request before responding. PR 41644
   - Handle request bodies larger than 2 GB by converting the
  Content-Length header of the request correctly. PR 40883.
  mod_ssl:
   - Fix spurious hostname mismatch warning for valid wildcard
  certificates.  PR 37911.
   - Version reporting update; displays 'compiled against' Apache
  and build-time SSL Library versions at loglevel [info], while
  reporting the run-time SSL Library version in the server info
  tags.  Helps to identify a mod_ssl built against one flavor of
  OpenSSL but running against another (also adds SSL-C version
  number reporting.)
   - initialize thread locks before initializing the hardware
  acceleration library, so the latter can make use of the
  former.  PR 20951.
  core:
   - Do not replace a Date header set by a proxied backend server. PR 40232
   - log core: ensure we use a special pool for stderr logging, so that
  the stderr channel remains valid from the time plog is destroyed,
  until the time the open_logs hook is called again.
   - main core: Emit errors during the initial apr_app_initialize()
  or apr_pool_create() (when apr-based error reporting is not ready).
   - log core: fix the new piped logger case where we couldn't connect
  the replacement stderr logger's stderr to the NULL stdout stream.
  Continue in this case, since the previous alternative of no error
  logging at all (/dev/null) is far worse.
   - Correct a regression since 2.0.x in the handling of AllowOverride
  Options. PR 41829.
   - Unix MPMs: Catch SIGFPE so that exception hooks and CoreDumpDirectory
  can work after that terminating signal.
   -  mod_so: Provide more helpful LoadModule feedback when an error occurs.
  misc:
   - mime.types: Many updates to sync with IANA registry and common
  unregistered types that the owners refuse to register.  Admins
  are encouraged to update their installed mime.types file.  PR:
  35550, 37798, 39317, 31483
   - mime.types: add Registered Javascript/ECMAScript MIME types
  (RFC4329) PR 40299
   - htdbm: Enable crypt support on platforms with crypt() but not
  <crypt.h>, such as z/OS.
   - ab.c: Correct behavior of HTTP request headers sent by ab in
  presence of -H command-line overrides. PR 31268, 26554.
   - ab.c: The apr_port_t type is unsigned, but ab was using a
  signed format code in its reports. PR 42070.
 - drop obsolete patches apache2-mod_cache-CVE-2007-1863.patch
  apache2-mod_status-CVE-2006-5752.patch
  httpd-2.2.4-mod_autoindex-charset-r570962.patch
  mod_dbd.c-issue18989-autoconnect.dif
  mod_dbd.c-r571441
 * Mon Sep 03 2007 skh@suse.de
 - get_module_list: replace loadmodule.conf atomically [bnc #214863]
 * Sat Sep 01 2007 poeml@suse.de
 - /etc/init.d/apache2: implement restart-graceful, stop-graceful
 * Fri Aug 31 2007 poeml@suse.de
 - update mod_dbd to trunk version (r571441)
  * apr_dbd_check_conn() just returns APR_SUCCESS or
  APR_EGENERAL, so we don't actually have a driver-specific value
  to pass to apr_dbd_error(), but that's OK because most/all
  drivers just ignore this value anyway
 * Fri Aug 31 2007 poeml@suse.de
 - replace httpd-2.2.3-AddDirectoryIndexCharset.patch with the upstream
  solution, httpd-2.2.4-mod_autoindex-charset-r570962.patch [#153557]
--- a/httpd-2.1.3alpha-autoconf-2.59.dif
+++ b/httpd-2.1.3alpha-autoconf-2.59.dif
@ -1,396 +0,0 @@
 --- httpd-2.1.3-alpha/acinclude.m4
 +++ httpd-2.1.3-alpha/acinclude.m4
@@ -4,25 +4,25 @@
 dnl AC_HELP_STRING, so let's try to call it if we can.
 dnl Note: this define must be on one line so that it can be properly returned
 dnl as the help string.
 -AC_DEFUN(APACHE_HELP_STRING,[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING($1,$2),[  ]$1 substr([                       ],len($1))$2)])dnl
 +AC_DEFUN([APACHE_HELP_STRING],[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING($1,$2),[  ]$1 substr([                       ],len($1))$2)])dnl
 dnl APACHE_SUBST(VARIABLE)
 dnl Makes VARIABLE available in generated files
 dnl (do not use @variable@ in Makefiles, but $(variable))
 -AC_DEFUN(APACHE_SUBST,[
 +AC_DEFUN([APACHE_SUBST],[
   APACHE_VAR_SUBST="$APACHE_VAR_SUBST $1"
   AC_SUBST($1)
 ])
 dnl APACHE_FAST_OUTPUT(FILENAME)
 dnl Perform substitutions on FILENAME (Makefiles only)
 -AC_DEFUN(APACHE_FAST_OUTPUT,[
 +AC_DEFUN([APACHE_FAST_OUTPUT],[
   APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $1"
 ])
 dnl APACHE_GEN_CONFIG_VARS
 dnl Creates config_vars.mk
 -AC_DEFUN(APACHE_GEN_CONFIG_VARS,[
 +AC_DEFUN([APACHE_GEN_CONFIG_VARS],[
   APACHE_SUBST(abs_srcdir)
   APACHE_SUBST(bindir)
   APACHE_SUBST(sbindir)
@@ -109,14 +109,14 @@
 dnl APACHE_GEN_MAKEFILES
 dnl Creates Makefiles
 -AC_DEFUN(APACHE_GEN_MAKEFILES,[
 +AC_DEFUN([APACHE_GEN_MAKEFILES],[
   $SHELL $srcdir/build/fastgen.sh $srcdir $ac_cv_mkdir_p $BSD_MAKEFILE $APACHE_FAST_OUTPUT_FILES
 ])
 dnl ## APACHE_OUTPUT(file)
 dnl ## adds "file" to the list of files generated by AC_OUTPUT
 dnl ## This macro can be used several times.
 -AC_DEFUN(APACHE_OUTPUT, [
 +AC_DEFUN([APACHE_OUTPUT], [
   APACHE_OUTPUT_FILES="$APACHE_OUTPUT_FILES $1"
 ])
@@ -125,7 +125,7 @@
 dnl
 dnl If rlim_t is not defined, define it to int
 dnl
 -AC_DEFUN(APACHE_TYPE_RLIM_T, [
 +AC_DEFUN([APACHE_TYPE_RLIM_T], [
   AC_CACHE_CHECK([for rlim_t], ac_cv_type_rlim_t, [
     AC_TRY_COMPILE([
 #include <sys/types.h>
@@ -143,7 +143,7 @@
 ])
 dnl APACHE_MODPATH_INIT(modpath)
 -AC_DEFUN(APACHE_MODPATH_INIT,[
 +AC_DEFUN([APACHE_MODPATH_INIT],[
   current_dir=$1
   modpath_current=modules/$1
   modpath_static=
@@ -152,7 +152,7 @@
   > $modpath_current/modules.mk
 ])dnl
 dnl
 -AC_DEFUN(APACHE_MODPATH_FINISH,[
 +AC_DEFUN([APACHE_MODPATH_FINISH],[
   echo "DISTCLEAN_TARGETS = modules.mk" >> $modpath_current/modules.mk
   echo "static = $modpath_static" >> $modpath_current/modules.mk
   echo "shared = $modpath_shared" >> $modpath_current/modules.mk
@@ -165,7 +165,7 @@
 ])dnl
 dnl
 dnl APACHE_MODPATH_ADD(name[, shared[, objects [, ldflags[, libs]]]])
 -AC_DEFUN(APACHE_MODPATH_ADD,[
 +AC_DEFUN([APACHE_MODPATH_ADD],[
   if test -z "$3"; then
     objects="mod_$1.lo"
   else
@@ -209,7 +209,7 @@
 dnl            setting. otherwise, fall under the "all" setting.
 dnl            explicit yes/no always overrides.
 dnl
 -AC_DEFUN(APACHE_MODULE,[
 +AC_DEFUN([APACHE_MODULE],[
   AC_MSG_CHECKING(whether to enable mod_$1)
   define([optname],[--]ifelse($5,yes,disable,enable)[-]translit($1,_,-))dnl
   AC_ARG_ENABLE(translit($1,_,-),APACHE_HELP_STRING(optname(),$2),,enable_$1=ifelse($5,,maybe-all,$5))
@@ -282,7 +282,7 @@
 dnl
 dnl APACHE_ENABLE_MODULES
 dnl
 -AC_DEFUN(APACHE_ENABLE_MODULES,[
 +AC_DEFUN([APACHE_ENABLE_MODULES],[
   module_selection=default
   module_default=yes
@@ -312,7 +312,7 @@
   ])
 ])
 -AC_DEFUN(APACHE_REQUIRE_CXX,[
 +AC_DEFUN([APACHE_REQUIRE_CXX],[
   if test -z "$apache_cxx_done"; then
     AC_PROG_CXX
     AC_PROG_CXXCPP
@@ -326,7 +326,7 @@
 dnl Configure for the detected openssl/ssl-c toolkit installation, giving
 dnl preference to "--with-ssl=<path>" if it was specified.
 dnl
 -AC_DEFUN(APACHE_CHECK_SSL_TOOLKIT,[
 +AC_DEFUN([APACHE_CHECK_SSL_TOOLKIT],[
 if test "x$ap_ssltk_configured" = "x"; then
   dnl initialise the variables we use
   ap_ssltk_base=""
@@ -499,14 +499,14 @@
 dnl apache will use while generating scripts like autoconf and apxs and
 dnl the default config file.
 -AC_DEFUN(APACHE_SUBST_EXPANDED_ARG,[
 +AC_DEFUN([APACHE_SUBST_EXPANDED_ARG],[
   APR_EXPAND_VAR(exp_$1, [$]$1)
   APACHE_SUBST(exp_$1)
   APR_PATH_RELATIVE(rel_$1, [$]exp_$1, ${prefix})
   APACHE_SUBST(rel_$1)
 ])
 -AC_DEFUN(APACHE_EXPORT_ARGUMENTS,[
 +AC_DEFUN([APACHE_EXPORT_ARGUMENTS],[
   APACHE_SUBST_EXPANDED_ARG(exec_prefix)
   APACHE_SUBST_EXPANDED_ARG(bindir)
   APACHE_SUBST_EXPANDED_ARG(sbindir)
 --- httpd-2.1.3-alpha/build/apr_common.m4
 +++ httpd-2.1.3-alpha/build/apr_common.m4
@@ -22,7 +22,7 @@
 dnl
 dnl Saves a snapshot of the configure command-line for later reuse
 dnl
 -AC_DEFUN(APR_CONFIG_NICE,[
 +AC_DEFUN([APR_CONFIG_NICE],[
   rm -f $1
   cat >$1<<EOF
 #! /bin/sh
@@ -74,7 +74,7 @@
 dnl APR_MKDIR_P_CHECK(fallback-mkdir-p)
 dnl checks whether mkdir -p works
 -AC_DEFUN(APR_MKDIR_P_CHECK,[
 +AC_DEFUN([APR_MKDIR_P_CHECK],[
   AC_CACHE_CHECK(for working mkdir -p, ac_cv_mkdir_p,[
     test -d conftestdir && rm -rf conftestdir
     mkdir -p conftestdir/somedir >/dev/null 2>&1
@@ -112,7 +112,7 @@
 dnl Trying to optimize this is left as an exercise to the reader who wants
 dnl to put up with more autoconf craziness.  I give up.
 dnl
 -AC_DEFUN(APR_SUBDIR_CONFIG, [
 +AC_DEFUN([APR_SUBDIR_CONFIG], [
   # save our work to this point; this allows the sub-package to use it
   AC_CACHE_SAVE
@@ -180,7 +180,7 @@
 dnl
 dnl Stores the variable (usually a Makefile macro) for later restoration
 dnl
 -AC_DEFUN(APR_SAVE_THE_ENVIRONMENT,[
 +AC_DEFUN([APR_SAVE_THE_ENVIRONMENT],[
   apr_ste_save_$1="$$1"
 ])dnl
@@ -192,7 +192,7 @@
 dnl and restoring the original variable contents.  This makes it possible
 dnl for a user to override configure when it does something stupid.
 dnl
 -AC_DEFUN(APR_RESTORE_THE_ENVIRONMENT,[
 +AC_DEFUN([APR_RESTORE_THE_ENVIRONMENT],[
 if test "x$apr_ste_save_$1" = "x"; then
   $2$1="$$1"
   $1=
@@ -216,7 +216,7 @@
 dnl
 dnl  Set variable iff it's currently null
 dnl
 -AC_DEFUN(APR_SETIFNULL,[
 +AC_DEFUN([APR_SETIFNULL],[
   if test -z "$$1"; then
     test "x$silent" != "xyes" && echo "  setting $1 to \"$2\""
     $1="$2"
@@ -228,7 +228,7 @@
 dnl
 dnl  Set variable no matter what
 dnl
 -AC_DEFUN(APR_SETVAR,[
 +AC_DEFUN([APR_SETVAR],[
   test "x$silent" != "xyes" && echo "  forcing $1 to \"$2\""
   $1="$2"
 ])dnl
@@ -238,7 +238,7 @@
 dnl
 dnl  Add value to variable
 dnl
 -AC_DEFUN(APR_ADDTO,[
 +AC_DEFUN([APR_ADDTO],[
   if test "x$$1" = "x"; then
     test "x$silent" != "xyes" && echo "  setting $1 to \"$2\""
     $1="$2"
@@ -265,7 +265,7 @@
 dnl
 dnl Remove a value from a variable
 dnl
 -AC_DEFUN(APR_REMOVEFROM,[
 +AC_DEFUN([APR_REMOVEFROM],[
   if test "x$$1" = "x$2"; then
     test "x$silent" != "xyes" && echo "  nulling $1"
     $1=""
@@ -289,7 +289,7 @@
 dnl
 dnl APR_CHECK_DEFINE_FILES( symbol, header_file [header_file ...] )
 dnl
 -AC_DEFUN(APR_CHECK_DEFINE_FILES,[
 +AC_DEFUN([APR_CHECK_DEFINE_FILES],[
   AC_CACHE_CHECK([for $1 in $2],ac_cv_define_$1,[
     ac_cv_define_$1=no
     for curhdr in $2
@@ -311,7 +311,7 @@
 dnl
 dnl APR_CHECK_DEFINE(symbol, header_file)
 dnl
 -AC_DEFUN(APR_CHECK_DEFINE,[
 +AC_DEFUN([APR_CHECK_DEFINE],[
   AC_CACHE_CHECK([for $1 in $2],ac_cv_define_$1,[
     AC_EGREP_CPP(YES_IS_DEFINED, [
 #include <$2>
@@ -328,7 +328,7 @@
 dnl
 dnl APR_CHECK_APR_DEFINE( symbol )
 dnl
 -AC_DEFUN(APR_CHECK_APR_DEFINE,[
 +AC_DEFUN([APR_CHECK_APR_DEFINE],[
 apr_old_cppflags=$CPPFLAGS
 CPPFLAGS="$CPPFLAGS $INCLUDES"
 AC_EGREP_CPP(YES_IS_DEFINED, [
@@ -353,7 +353,7 @@
  fi])
 ])
 -define(APR_IFALLYES,[dnl
 +define([APR_IFALLYES],[dnl
 ac_rc=yes
 for ac_spec in $1; do
     ac_type=`echo "$ac_spec" | sed -e 's/:.*$//'`
@@ -405,7 +405,7 @@
 ])
 -define(APR_DECISION_OVERRIDE,[dnl
 +define([APR_DECISION_OVERRIDE],[dnl
     ac_decision=''
     for ac_item in $1; do
          eval "ac_decision_this=\$ac_decision_${ac_item}"
@@ -417,13 +417,13 @@
 ])
 -define(APR_DECISION_FORCE,[dnl
 +define([APR_DECISION_FORCE],[dnl
 ac_decision="$1"
 eval "ac_decision_msg=\"\$ac_decision_${ac_decision}_msg\""
 ])
 -define(APR_END_DECISION,[dnl
 +define([APR_END_DECISION],[dnl
 if test ".$ac_decision" = .; then
     echo "[$]0:Error: decision on $ac_decision_item failed" 1>&2
     exit 1
@@ -443,7 +443,7 @@
 dnl A variant of AC_CHECK_SIZEOF which allows the checking of
 dnl sizes of non-builtin types
 dnl
 -AC_DEFUN(APR_CHECK_SIZEOF_EXTENDED,
 +AC_DEFUN([APR_CHECK_SIZEOF_EXTENDED],
 [changequote(<<,>>)dnl
 dnl The name to #define
 define(<<AC_TYPE_NAME>>, translit(sizeof_$2, [a-z *], [A-Z_P]))dnl
@@ -515,7 +515,7 @@
 dnl  string.
 dnl
 dnl
 -AC_DEFUN(APR_CHECK_STRERROR_R_RC,[
 +AC_DEFUN([APR_CHECK_STRERROR_R_RC],[
 AC_MSG_CHECKING(for type of return code from strerror_r)
 AC_TRY_RUN([
 #include <errno.h>
@@ -550,7 +550,7 @@
 dnl  structure on this platform.  Single UNIX Spec says d_ino,
 dnl  BSD uses d_fileno.  Undef to find the real beast.
 dnl
 -AC_DEFUN(APR_CHECK_DIRENT_INODE, [
 +AC_DEFUN([APR_CHECK_DIRENT_INODE], [
 AC_CACHE_CHECK([for inode member of struct dirent], apr_cv_dirent_inode, [
 apr_cv_dirent_inode=no
 AC_TRY_COMPILE([
@@ -588,7 +588,7 @@
 dnl  Note that this is worthless without DT_xxx macros, so
 dnl  look for one while we are at it.
 dnl
 -AC_DEFUN(APR_CHECK_DIRENT_TYPE,[
 +AC_DEFUN([APR_CHECK_DIRENT_TYPE],[
 AC_CACHE_CHECK([for file type member of struct dirent], apr_cv_dirent_type,[
 apr_cv_dirent_type=no
 AC_TRY_COMPILE([
@@ -637,7 +637,7 @@
 dnl  all "." and "-" chars. If the 3rd parameter is "yes" then instead of
 dnl  setting to 1 or 0, we set FLAG-TO-SET to yes or no.
 dnl  
 -AC_DEFUN(APR_FLAG_HEADERS,[
 +AC_DEFUN([APR_FLAG_HEADERS],[
 AC_CHECK_HEADERS($1)
 for aprt_i in $1
 do
@@ -658,7 +658,7 @@
 dnl  is "yes" then instead of setting to 1 or 0, we set FLAG-TO-SET
 dnl  to yes or no.
 dnl
 -AC_DEFUN(APR_FLAG_FUNCS,[
 +AC_DEFUN([APR_FLAG_FUNCS],[
 AC_CHECK_FUNCS($1)
 for aprt_j in $1
 do
@@ -683,7 +683,7 @@
 dnl APR_EXPAND_VAR(fraz, $baz)
 dnl   $fraz is now "1/2/3"
 dnl 
 -AC_DEFUN(APR_EXPAND_VAR,[
 +AC_DEFUN([APR_EXPAND_VAR],[
 ap_last=
 ap_cur="$2"
 while test "x${ap_cur}" != "x${ap_last}";
@@ -702,7 +702,7 @@
 dnl orig_path="${prefix}/bar"
 dnl APR_PATH_RELATIVE(final_path, $orig_path, $prefix)
 dnl    $final_path now contains "bar"
 -AC_DEFUN(APR_PATH_RELATIVE,[
 +AC_DEFUN([APR_PATH_RELATIVE],[
 ap_stripped=`echo $2 | sed -e "s#^$3##"`
 # check if the stripping was successful
 if test "x$2" != "x${ap_stripped}"; then
@@ -720,12 +720,12 @@
 dnl Note: this define must be on one line so that it can be properly returned
 dnl as the help string.  When using this macro with a multi-line RHS, ensure
 dnl that you surround the macro invocation with []s
 -AC_DEFUN(APR_HELP_STRING,[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING([$1],[$2]),[  ][$1] substr([                       ],len($1))[$2])])
 +AC_DEFUN([APR_HELP_STRING],[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING([$1],[$2]),[  ][$1] substr([                       ],len($1))[$2])])
 dnl
 dnl APR_LAYOUT(configlayout, layoutname [, extravars])
 dnl
 -AC_DEFUN(APR_LAYOUT,[
 +AC_DEFUN([APR_LAYOUT],[
   if test ! -f $srcdir/config.layout; then
     echo "** Error: Layout file $srcdir/config.layout not found"
     echo "** Error: Cannot use undefined layout '$LAYOUT'"
@@ -781,7 +781,7 @@
 dnl
 dnl APR_ENABLE_LAYOUT(default layout name [, extra vars])
 dnl
 -AC_DEFUN(APR_ENABLE_LAYOUT,[
 +AC_DEFUN([APR_ENABLE_LAYOUT],[
 AC_ARG_ENABLE(layout,
 [  --enable-layout=LAYOUT],[
   LAYOUT=$enableval
@@ -802,7 +802,7 @@
 dnl a reimplementation of autoconf's argument parser,
 dnl used here to allow us to co-exist layouts and argument based
 dnl set ups.
 -AC_DEFUN(APR_PARSE_ARGUMENTS,[
 +AC_DEFUN([APR_PARSE_ARGUMENTS],[
 ac_prev=
 for ac_option
 do
@@ -924,7 +924,7 @@
 dnl
 dnl Determine what program we can use to generate .deps-style dependencies
 dnl
 -AC_DEFUN(APR_CHECK_DEPEND,[
 +AC_DEFUN([APR_CHECK_DEPEND],[
 dnl Try to determine what depend program we can use
 dnl All GCC-variants should have -MM.
 dnl If not, then we can check on those, too.
--- a/httpd-2.2.8.tar.bz2
+++ b/httpd-2.2.8.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:2ad8d0db1e478838ba88a0ddaf538c7150027d937b017739fdcb3fabb96ebd39
 size 4799055
--- a/httpd-2.2.9.tar.bz2
+++ b/httpd-2.2.9.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:d76599fbcf8b3bcff2779f880fb10e4a2bc4af60f64232083c06863e40850b61
 size 4943462
--- a/httpd-2.2.x-CVE-2008-1678.patch
+++ b/httpd-2.2.x-CVE-2008-1678.patch
@ -1,27 +0,0 @@
 --- httpd/httpd/trunk/modules/ssl/mod_ssl.c	2008/05/07 14:16:38	654118
 +++ httpd/httpd/trunk/modules/ssl/mod_ssl.c	2008/05/07 14:17:31	654119
@@ -218,17 +218,18 @@
 #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
     ENGINE_cleanup();
 #endif
 -#ifdef HAVE_OPENSSL
 -#if OPENSSL_VERSION_NUMBER >= 0x00907001
 -    CRYPTO_cleanup_all_ex_data();
 -#endif
 -#endif
     ERR_remove_state(0);
     /* Don't call ERR_free_strings here; ERR_load_*_strings only
      * actually load the error strings once per process due to static
      * variable abuse in OpenSSL. */
 +    /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
 +     * ex_data indices may have been cached in static variables in
 +     * OpenSSL; removing them may cause havoc.  Notably, with OpenSSL
 +     * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which
 +     * could result in a per-connection memory leak (!). */
 +
     /*
      * TODO: determine somewhere we can safely shove out diagnostics
      *       (when enabled) at this late stage in the game:
--- a/rc.apache2
+++ b/rc.apache2
@ -12,15 +12,15 @@
 # /etc/init.d/apache2
 #
 ### BEGIN INIT INFO
-# Provides:			apache2 httpd2
+# Provides:			apache apache2 httpd
 # Required-Start:		$local_fs $remote_fs $network 
 # Should-Start:			$named $time postgresql sendmail mysql ypclient dhcp radiusd
 # Required-Stop:		$local_fs $remote_fs $network
 # Should-Stop:			$named $time postgresql sendmail mysql ypclient dhcp radiusd
 # Required-Stop:		$local_fs $remote_fs $network
 # Default-Start:		3 5
 # Default-Stop:			0 1 2 6
-# Short-Description:		Apache 2.2 httpd
+# Short-Description:		Apache 2.2 HTTP Server
-# Description:			Start the httpd daemon Apache
+# Description:			Start the Apache HTTP daemon
 ### END INIT INFO
 pname=apache2
@ -34,6 +34,18 @@ pname=apache2
 #
 # load the configuration
 #
 #
 # Note about ulimits:
 # if you want to set ulimits, e.g. to increase the max number of open file handle, 
 # or to allow core files, you can do so by editing /etc/sysconfig/apache2 and
 # simply write the ulimit commands into that file.
 # Example:
 # ulimit -n 16384
 # ulimit -H -n 16384
 # ulimit -c unlimited
 # See the output of "help ulimit" in the bash, or "man 1 ulimit".
 #
 test -s /etc/rc.status && . /etc/rc.status && rc_reset
 . /usr/share/$pname/load_configuration
--- a/sysconfig.apache2
+++ b/sysconfig.apache2
@ -112,6 +112,16 @@ APACHE_SERVER_FLAGS=""
 # (if not set, /etc/apache2/httpd.conf is used.)
 # It is unusual to need to use this setting.
 #
 # Note about ulimits:
 #   if you want to set ulimits, e.g. to increase the max number of open file handle, 
 #   or to allow core files, you can do so by editing /etc/sysconfig/apache2 and
 #   simply write the ulimit commands into that file.
 #   Example:
 #     ulimit -n 16384
 #     ulimit -H -n 16384
 #     ulimit -c unlimited
 #   See the output of "help ulimit" in the bash, or "man 1 ulimit".
 #
 APACHE_HTTPD_CONF=""
 ## Type:	list(prefork,worker)
@ -252,20 +262,4 @@ APACHE_SERVERTOKENS="OS"
 #
 APACHE_EXTENDED_STATUS="off"
 ## Type:	list(on,off)
 ## Default:	"off"
 ## ServiceRestart: apache2
 #
 # Enable buffered logging
 #
 APACHE_BUFFERED_LOGS="off"
 ## Type:	integer
 ## Default:	300
 ## ServiceReload: apache2
 #
 # Timeout: The number of seconds before receives and sends time out.
 # It is a server wide setting.
 #
 APACHE_TIMEOUT="300"