This commit is contained in:
parent
7558d961d9
commit
0ce478ec5d
598
apache2.changes
598
apache2.changes
@ -1,12 +1,167 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 28 01:16:28 CEST 2008 - ro@suse.de
|
||||
Tue Aug 26 22:59:55 CEST 2008 - poeml@suse.de
|
||||
|
||||
- remove deprecated options from fillup and insserv call
|
||||
- drop rc.config handling (was removed in or after SuSE Linux 8.0)
|
||||
- don't use fillup_insserv options which have been removed lately
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 25 01:20:45 CEST 2008 - ro@suse.de
|
||||
Fri Aug 15 11:25:47 CEST 2008 - poeml@suse.de
|
||||
|
||||
- initscript: copy Should-Start to Should-Stop to fix build
|
||||
- fix init script LSB headers
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 25 14:36:06 CEST 2008 - poeml@suse.de
|
||||
|
||||
- add note to /etc/sysconfig/apache2 and /etc/init.d/apache2 about
|
||||
how to set ulimits when starting the server
|
||||
- undocument APACHE_BUFFERED_LOGS and APACHE_TIMEOUT in the
|
||||
sysconfig template. They still work but I think it is good to
|
||||
keep this stuff out of the beginner's config, first because both
|
||||
features are sophisticated enough to not being tweaked in most
|
||||
cases, second because it only confuses people I guess, and makes
|
||||
the sysconfig file larger than necessary.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Jun 15 19:39:46 CEST 2008 - poeml@suse.de
|
||||
|
||||
- update to 2.2.9:
|
||||
SECURITY: CVE-2008-2364 (cve.mitre.org)
|
||||
mod_proxy_http: Better handling of excessive interim responses
|
||||
from origin server to prevent potential denial of service and
|
||||
high memory usage. Reported by Ryujiro Shibuya.
|
||||
SECURITY: CVE-2007-6420 (cve.mitre.org)
|
||||
mod_proxy_balancer: Prevent CSRF attacks against the
|
||||
balancer-manager interface.
|
||||
- htpasswd: Fix salt generation weakness. PR 31440
|
||||
worker/event MPM:
|
||||
- Fix race condition in pool recycling that leads to
|
||||
segmentation faults under load. PR 44402
|
||||
core:
|
||||
- Fix address-in-use startup failure on some platforms caused by
|
||||
creating an IPv4 listener which overlaps with an existing IPv6
|
||||
listener.
|
||||
- Add the filename of the configuration file to the warning
|
||||
message about the useless use of AllowOverride. PR 39992.
|
||||
- Do not allow Options ALL if not all options are allowed to be
|
||||
overwritten. PR 44262
|
||||
- reinstate location walk to fix config for subrequests PR 41960
|
||||
- Fix garbled TRACE response on EBCDIC platforms.
|
||||
- gen_test_char: add double-quote to the list of
|
||||
T_HTTP_TOKEN_STOP. PR 9727
|
||||
http_filters:
|
||||
- Don't return 100-continue on redirects. PR 43711
|
||||
- Don't return 100-continue on client error PR 43711
|
||||
- Don't spin if get an error when reading the next chunk. PR 44381
|
||||
- Don't add bogus duplicate Content-Language entries
|
||||
suexec:
|
||||
- When group is given as a numeric gid, validate it by looking up
|
||||
the actual group name such that the name can be used in log entries.
|
||||
PR 7862
|
||||
mod_authn_dbd:
|
||||
- Disambiguate and tidy database authentication error messages. PR 43210.
|
||||
mod_cache:
|
||||
- Handle If-Range correctly if the cached resource was stale. PR 44579
|
||||
- Revalidate cache entities which have Cache-Control: no-cache
|
||||
set in their response headers. PR 44511
|
||||
mod_cgid:
|
||||
- Explicitly set permissions of the socket (ScriptSock) shared
|
||||
by mod_cgid and request processing threads, for OS'es such as
|
||||
HPUX and AIX that do not use umask for AF_UNIX socket permissions.
|
||||
- Don't try to restart the daemon if it fails to initialize the socket.
|
||||
mod_charset_lite:
|
||||
- Add TranslateAllMimeTypes sub-option to CharsetOptions,
|
||||
allowing the administrator to skip the mimetype checking that
|
||||
precedes translation.
|
||||
mod_dav:
|
||||
- Return "method not allowed" if the destination URI of a WebDAV
|
||||
copy / move operation is no DAV resource. PR 44734
|
||||
mod_headers:
|
||||
- Add 'merge' option to avoid duplicate values within the same header.
|
||||
mod_include:
|
||||
- Correctly handle SSI directives split over multiple filter
|
||||
mod_log_config:
|
||||
- Add format options for %p so that the actual local or remote
|
||||
port can be logged. PR 43415.
|
||||
mod_logio:
|
||||
- Provide optional function to allow modules to adjust the
|
||||
bytes_in count
|
||||
mod_proxy:
|
||||
- Make all proxy modules nocanon aware and do not add the
|
||||
query string again in this case. PR 44803.
|
||||
- scoreboard: Remove unused proxy load balancer elements from scoreboard
|
||||
image (not scoreboard memory itself).
|
||||
- Support environment variable interpolation in reverse
|
||||
proxying directives.
|
||||
- Do not try a direct connection if the connection via a
|
||||
remote proxy failed before and the request has a request body.
|
||||
- ProxyPassReverse is now balancer aware.
|
||||
- Lower memory consumption for short lived connections.
|
||||
PR 44026.
|
||||
- Keep connections to the backend persistent in the HTTPS case.
|
||||
mod_proxy_ajp:
|
||||
- Do not retry request in the case that we either failed to
|
||||
sent a part of the request body or if the request is not idempotent.
|
||||
PR 44334
|
||||
mod_proxy_ftp:
|
||||
- Fix base for directory listings. PR 27834
|
||||
mod_proxy_http:
|
||||
- Fix processing of chunked responses if Connection:
|
||||
Transfer-Encoding is set in the response of the proxied
|
||||
system. PR 44311
|
||||
- Return HTTP status codes instead of apr_status_t values for
|
||||
errors encountered while forwarding the request body PR 44165
|
||||
mod_rewrite:
|
||||
- Initialize hash needed by ap_register_rewrite_mapfunc early
|
||||
enough. PR 44641
|
||||
- Check all files used by DBM maps for freshness, mod_rewrite
|
||||
didn't pick up on updated sdbm maps due to this. PR41190
|
||||
- Don't canonicalise URLs with [P,NE] PR 43319
|
||||
mod_speling:
|
||||
- remove regression from 1.3/2.0 behavior and drop dependency
|
||||
between mod_speling and AcceptPathInfo.
|
||||
mod_ssl:
|
||||
- Fix a memory leak with connections that have zlib compression
|
||||
turned on. PR 44975
|
||||
mod_substitute:
|
||||
- The default is now flattening the buckets after each
|
||||
substitution. The newly added 'q' flag allows for the quicker,
|
||||
more efficient bucket-splitting if the user so
|
||||
mod_unique_id:
|
||||
- Fix timestamp value in UNIQUE_ID. PR 37064
|
||||
ab (apache benchmark):
|
||||
- Include <limits.h> earlier if available since we may need
|
||||
INT_MAX (defined there on Windows) for the definition of MAX_REQUESTS.
|
||||
- Improve client performance by clearing connection pool instead
|
||||
- Don't stop sending a request if EAGAIN is returned, which
|
||||
will only happen if both the write and subsequent wait are
|
||||
returning EAGAIN, and count posted bytes correctly when the initial
|
||||
write of a request is not complete. PR 10038, 38861, 39679
|
||||
- Overhaul stats collection and reporting to avoid integer
|
||||
truncation and time divisions within the test loop, retain
|
||||
native time resolution until output, remove unused data,
|
||||
consistently round milliseconds, and generally avoid losing
|
||||
accuracy of calculation due to type casts. PR 44878, 44931.
|
||||
- Add -r option to continue after socket receive errors.
|
||||
- Do not try to read non existing response bodies of HEAD requests.
|
||||
- Use a 64 bit unsigned int instead of a signed long to count the
|
||||
rotatelogs:
|
||||
- Log the current file size and error code/description when
|
||||
failing to write to the log file.
|
||||
- Added '-f' option to force rotatelogs to create the logfile as
|
||||
soon as started, and not wait until it reads the first entry.
|
||||
- Don't leak memory when reopening the logfile. PR 40183
|
||||
- Improve atomicity when using -l and cleaup code. PR 44004
|
||||
- drop obsolete patches httpd-2.1.3alpha-autoconf-2.59.dif
|
||||
httpd-2.2.x-CVE-2008-1678.patch
|
||||
- don't run autoreconf on SLES9
|
||||
- remove the addition of -g to the CFLAGS, since the build service
|
||||
handles debuginfo packages now
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 9 17:18:03 CEST 2008 - poeml@suse.de
|
||||
|
||||
- build service supports the debuginfo flag in metadata now; remove
|
||||
debug_package macro from the specfile therefore.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 26 16:55:37 CEST 2008 - skh@suse.de
|
||||
@ -19,62 +174,429 @@ Mon May 26 16:55:37 CEST 2008 - skh@suse.de
|
||||
httpd-2.2.x-CVE-2008-1678.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 18 14:17:31 CEST 2008 - poeml@suse.de
|
||||
Thu May 15 01:58:08 CEST 2008 - poeml@suse.de
|
||||
|
||||
- sync up with changes from Build Service:
|
||||
- new implementation of sysconf_addword, using sed instead of ed.
|
||||
- fix build on Mandriva 2007, by escaping commented %build macro
|
||||
- make filelist of man pages independant of the compression method
|
||||
(gz, bz2, lzma)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 18 11:55:14 CEST 2008 - poeml@suse.de
|
||||
|
||||
- fix from Factory:
|
||||
- remove dir /usr/share/omc/svcinfo.d as it is provided now
|
||||
by filesystem
|
||||
- remove obsolete httpd-2.2.x.doublefree.patch file, which isn't
|
||||
used since quite some time since the issue is resolved.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 17 17:58:02 CEST 2008 - poeml@suse.de
|
||||
|
||||
- new implementation of sysconf_addword, using sed instead of ed.
|
||||
Moving it from the -utils subpackage into the parent package,
|
||||
where it's actually needed. If sysconf_addword is already present
|
||||
in the system, it is preferred (by PATH). That's because the tool
|
||||
has been integrated into aaa_base.rpm with openSUSE 11.0.
|
||||
Removing the requires on the ed package. [bnc#377131]
|
||||
- better documentation how to enable SSL in /etc/sysconfig/apache2
|
||||
- quickstart readme: the link to the openSUSE wiki is about to move
|
||||
- add "127.0.0.1" to the local access list in mod_status.conf,
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 12 14:29:04 CET 2008 - poeml@suse.de
|
||||
|
||||
- require ed package, since ed is needed by sysconf_addword, which
|
||||
in turn is used by a2enmod/a2enflag
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 29 14:06:52 CET 2008 - poeml@suse.de
|
||||
|
||||
- better documentation how to enable SSL in /etc/sysconfig/apache2
|
||||
- quickstart readme: the link to the openSUSE wiki is about to move
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 19 13:14:45 CET 2008 - poeml@suse.de
|
||||
|
||||
- add "127.0.0.1" to the local access list in mod_status.conf,
|
||||
because on some systems "localhost" seems to resolve only to IPv6
|
||||
localhost
|
||||
- /etc/init.d/apache2: implement restart-graceful, stop-graceful
|
||||
- fix graceful-restart. Wait until the pidfile is gone, but don't
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Feb 2 05:37:34 CET 2008 - crrodriguez@suse.de
|
||||
|
||||
- upstream 2.2.8
|
||||
SECURITY: CVE-2007-6421 (cve.mitre.org)
|
||||
mod_proxy_balancer: Correctly escape the worker route and the worker
|
||||
redirect string in the HTML output of the balancer manager.
|
||||
Reported by SecurityReason.
|
||||
SECURITY: CVE-2007-6422 (cve.mitre.org)
|
||||
Prevent crash in balancer manager if invalid balancer name is passed
|
||||
as parameter. Reported by SecurityReason.
|
||||
SECURITY: CVE-2007-6388 (cve.mitre.org)
|
||||
mod_status: Ensure refresh parameter is numeric to prevent
|
||||
a possible XSS attack caused by redirecting to other URLs.
|
||||
Reported by SecurityReason.
|
||||
SECURITY: CVE-2007-5000 (cve.mitre.org)
|
||||
mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.
|
||||
SECURITY: CVE-2008-0005 (cve.mitre.org)
|
||||
Introduce the ProxyFtpDirCharset directive, allowing the administrator
|
||||
to identify a default, or specific servers or paths which list their
|
||||
contents in other-than ISO-8859-1 charset (e.g. utf-8).
|
||||
mod_autoindex:
|
||||
- Generate valid XHTML output by adding the xhtml namespace. PR 43649
|
||||
mod_charset_lite:
|
||||
- Don't crash when the request has no associated filename.
|
||||
mod_dav:
|
||||
- Fix evaluation of If-Match * and If-None-Match * conditionals. PR 38034
|
||||
- Adjust etag generation to produce identical results on 32-bit
|
||||
and 64-bit platforms and avoid a regression with conditional PUT's on lock
|
||||
and etag. PR 44152.
|
||||
mod_deflate:
|
||||
- initialise inflate-out filter correctly when the first brigade
|
||||
contains no data buckets. PR 43512
|
||||
mod_disk_cache:
|
||||
- Delete temporary files if they cannot be renamed to their final
|
||||
name.
|
||||
mod_filter:
|
||||
- Don't segfault on (unsupported) chained FilterProvider usage. PR 43956
|
||||
mod_include:
|
||||
- Add an "if" directive syntax to test whether an URL is
|
||||
accessible, and if so, conditionally display content. This
|
||||
allows a webmaster to hide a link to a private page when the
|
||||
user has no access to that page.
|
||||
mod_ldap:
|
||||
- Try to establish a new backend LDAP connection when the
|
||||
Microsoft LDAP client library returns LDAP_UNAVAILABLE, e.g.
|
||||
after the LDAP server has closed the connection due to a
|
||||
timeout. PR 39095
|
||||
- Give callers a reference to data copied into the request pool
|
||||
instead of references directly into the cache PR 43786
|
||||
- Stop passing a reference to pconf around for (limited) use
|
||||
during request processing, avoiding possible memory corruption
|
||||
and crashes.
|
||||
mod_proxy:
|
||||
- Canonicalisation improvements. Add "nocanon" keyword to
|
||||
ProxyPass, to suppress URI-canonicalisation in a reverse proxy. Also,
|
||||
don't escape/unescape forward-proxied URLs. PR 41798, 42592
|
||||
- Don't by default violate RFC2616 by setting Max-Forwards when
|
||||
the client didn't send it to us. Leave that as a
|
||||
configuration option. PR 16137
|
||||
- Fix persistent backend connections. PR 43472
|
||||
- escape error-notes correctly PR 40952
|
||||
- check ProxyBlock for all blocked addresses PR 36987
|
||||
- Don't lose bytes when a response line arrives in small chunks.
|
||||
PR 40894
|
||||
mod_proxy_ajp:
|
||||
- Use 64K as maximum AJP packet size. This is the maximum length
|
||||
we can squeeze inside the AJP message packet.
|
||||
- Ignore any ajp13 flush packets received before we send the
|
||||
response headers. See Tomcat PR 43478.
|
||||
- Differentiate within AJP between GET and HEAD requests. PR 43060
|
||||
mod_proxy_balancer:
|
||||
- Do not reset lbstatus, lbfactor and lbset when starting a new
|
||||
child. PR 39907
|
||||
mod_proxy_http:
|
||||
- Remove Warning headers with wrong date PR 16138
|
||||
- Correctly parse all Connection headers in proxy. PR 43509
|
||||
- add Via header correctly (if enabled) to response, even where
|
||||
other Via headers exist. PR 19439
|
||||
- Correctly forward unexpected interim (HTTP 1xx) responses from
|
||||
the backend according to RFC2616. But make it configurable in
|
||||
case something breaks on it. PR 16518
|
||||
- strip hop-by-hop response headers PR 43455
|
||||
- Propagate Proxy-Authorization header correctly. PR 25947
|
||||
- Don't segfault on bad line in FTP listing PR 40733
|
||||
mod_rewrite:
|
||||
- Add option to suppress URL unescaping PR 34602
|
||||
- Add the novary flag to RewriteCond.
|
||||
mod_substitute:
|
||||
- Added a new output filter, which performs inline response
|
||||
content pattern matching (including regex) and substitution.
|
||||
mod_ssl:
|
||||
- Fix handling of the buffered request body during a per-location
|
||||
renegotiation, when an internal redirect occurs. PR 43738.
|
||||
- Fix SSL client certificate extensions parsing bug. PR 44073.
|
||||
- Prevent memory corruption of version string. PR 43865, 43334
|
||||
mod_status:
|
||||
- Add SeeRequestTail directive, which determines if
|
||||
ExtendedStatus displays the 1st 63 characters of the request
|
||||
or the last 63. Useful for those requests with large string
|
||||
lengths and which only vary with the last several characters.
|
||||
event MPM:
|
||||
- Add support for running under mod_ssl, by reverting to the
|
||||
Worker MPM behaviors, when run under an input filter that buffers
|
||||
its own data.
|
||||
core:
|
||||
- Fix regression in 2.2.7 in chunk filtering with massively
|
||||
chunked requests.
|
||||
- Lower memory consumption of ap_r* functions by reusing the
|
||||
brigade instead of recreating it during each filter pass.
|
||||
- Lower memory consumption in case that flush buckets are passed
|
||||
thru the chunk filter as last bucket of a brigade. PR 23567.
|
||||
- Fix broken chunk filtering that causes all non blocking reads
|
||||
to be converted into blocking reads. PR 19954, 41056.
|
||||
- Change etag generation to produce identical results on 32-bit
|
||||
and 64-bit platforms. PR 40064.
|
||||
- Handle unrecognised transfer-encodings. PR 43882
|
||||
- Avoid some unexpected connection closes by telling the client
|
||||
that the connection is not persistent if the MPM process
|
||||
handling the request is already exiting when the response
|
||||
header is built.
|
||||
- fix possible crash at startup in case of nonexistent
|
||||
DocumentRoot. PR 39722
|
||||
- http_core: OPTIONS * no longer maps to local storage or URI
|
||||
space. Note that unlike previous versions, OPTIONS * no longer
|
||||
returns an Allow: header. PR 43519
|
||||
- scoreboard: improve error message on apr_shm_create failure PR
|
||||
40037
|
||||
- Don't send spurious "100 Continue" response lines. PR 38014
|
||||
- http_protocol:
|
||||
- Escape request method in 413 error reporting. Determined to
|
||||
be not generally exploitable, but a flaw in any case. PR
|
||||
44014
|
||||
- Add "DefaultType none" option. PR 13986 and PR 16139
|
||||
- Escape request method in 405 error reporting. This has no
|
||||
security impact since the browser cannot be tricked into
|
||||
sending arbitrary method strings.
|
||||
- Various code cleanups. PR 38699, 39518, 42005, 42006, 42007, 42008, 42009
|
||||
- Add explicit charset to the output of various modules to work
|
||||
around possible cross-site scripting flaws affecting web
|
||||
browsers that do not derive the response character set as
|
||||
required by RFC2616. One of these reported by SecurityReason
|
||||
- rotatelogs: Change command-line parsing to report more types
|
||||
of errors. Allow local timestamps to be used when rotating based
|
||||
on file size.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 12 20:11:37 CEST 2007 - poeml@suse.de
|
||||
|
||||
- fix graceful-restart. Wait until the pidfile is gone, but don't
|
||||
wait for the parent to disappear. It stays there, after closing
|
||||
the listen ports.
|
||||
- don't configure in maintainer-mode. It not only enables compile
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 12 15:49:15 CEST 2007 - poeml@suse.de
|
||||
|
||||
- use debug_package macro only on suse, because it breaks the build
|
||||
on Mandriva
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 12 13:41:16 CEST 2007 - poeml@suse.de
|
||||
|
||||
- don't configure in maintainer-mode. It not only enables compile
|
||||
time warnings, but also adds AP_DEBUG into the mix which causes
|
||||
enablement of debug code which is not wanted in production
|
||||
builds.
|
||||
- drop obsolete patches mod_dbd.c-issue18989-autoconnect.dif and
|
||||
mod_dbd.c-r571441, as the 2.2.8 mod_dbd is just fine.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 1 16:05:07 CEST 2008 - mkoenig@suse.de
|
||||
Mon Sep 10 17:32:56 CEST 2007 - poeml@suse.de
|
||||
|
||||
- remove dir /usr/share/omc/svcinfo.d as it is provided now
|
||||
by filesystem
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 14 15:28:13 CET 2008 - skh@suse.de
|
||||
|
||||
- update to upstream 2.2.8 --> see CHANGES in package for details
|
||||
- removed obsolete patches:
|
||||
- apache2-mod_cache-CVE-2007-1863.patch
|
||||
- apache2-mod_status-CVE-2006-5752.patch
|
||||
- httpd-2.2.4-mod_autoindex-charset-r570962.patch
|
||||
- httpd-2.2.x.doublefree.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 13 16:58:03 CET 2007 - ro@suse.de
|
||||
|
||||
- remove sysconf_addword, now in aaa_base (#328599)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 22 17:38:19 CEST 2007 - sbrabec@suse.cz
|
||||
|
||||
- Use correct SuSEfirewall2 rule directory.
|
||||
- upstream 2.2.6
|
||||
SECURITY: CVE-2007-3847 (cve.mitre.org)
|
||||
mod_proxy: Prevent reading past the end of a buffer when parsing
|
||||
date-related headers. PR 41144.
|
||||
SECURITY: CVE-2007-1863 (cve.mitre.org)
|
||||
mod_cache: Prevent a segmentation fault if attributes are listed in a
|
||||
Cache-Control header without any value.
|
||||
SECURITY: CVE-2007-3304 (cve.mitre.org)
|
||||
prefork, worker, event MPMs: Ensure that the parent process cannot
|
||||
be forced to kill processes outside its process group.
|
||||
SECURITY: CVE-2006-5752 (cve.mitre.org)
|
||||
mod_status: Fix a possible XSS attack against a site with a public
|
||||
server-status page and ExtendedStatus enabled, for browsers which
|
||||
perform charset "detection". Reported by Stefan Esser.
|
||||
SECURITY: CVE-2007-1862 (cve.mitre.org)
|
||||
mod_mem_cache: Copy headers into longer lived storage; header names and
|
||||
values could previously point to cleaned up storage. PR 41551.
|
||||
mod_alias:
|
||||
- Accept path components (URL part) in Redirects. PR 35314.
|
||||
mod_authnz_ldap:
|
||||
- Don't return HTTP_UNAUTHORIZED during authorization when
|
||||
LDAP authentication is configured but we haven't seen any
|
||||
'Require ldap-*' directives, allowing authorization to be passed to lower
|
||||
level modules (e.g. Require valid-user) PR 43281
|
||||
mod_autoindex:
|
||||
- Add in Type and Charset options to IndexOptions
|
||||
directive. This allows the admin to explicitly set the
|
||||
content-type and charset of the generated page and is therefore
|
||||
a viable workaround for buggy browsers affected by CVE-2007-4465
|
||||
mod_cache:
|
||||
- Remove expired content from cache that cannot be revalidated.
|
||||
PR 30370.
|
||||
- Do not set Date or Expires when they are missing from the
|
||||
original response or are invalid.
|
||||
- Correctly handle HEAD requests on expired cache content. PR
|
||||
41230.
|
||||
- Let Cache-Control max-age set the expiration of the cached
|
||||
representation if Expires is not set.
|
||||
- Allow caching of requests with query arguments when
|
||||
Cache-Control max-age is explicitly specified.
|
||||
- Use the same cache key throughout the whole request processing
|
||||
to handle escaped URLs correctly. PR 41475.
|
||||
- Add CacheIgnoreQueryString directive. PR 41484.
|
||||
- While serving a cached entity ensure that filters that have
|
||||
been applied to this cached entity before saving it to the
|
||||
cache are not applied again. PR 40090.
|
||||
- Correctly cache objects whose URL query string has been
|
||||
modified by mod_rewrite. PR 40805.
|
||||
mod_cgi, mod_cgid:
|
||||
- Fix use of CGI scripts as ErrorDocuments. PR 39710.
|
||||
mod_dbd:
|
||||
- Introduce configuration groups to allow inheritance by virtual
|
||||
hosts of database configurations from the main server.
|
||||
Determine the minimal set of distinct configurations and share
|
||||
connection pools whenever possible. Allow virtual hosts to
|
||||
override inherited SQL statements. PR 41302.
|
||||
- Create memory sub-pools for each DB connection and close DB
|
||||
connections in a pool cleanup function. Ensure prepared
|
||||
statements are destroyed before DB connection is closed. When
|
||||
using reslists, prevent segfaults when child processes exit,
|
||||
and stop memory leakage of ap_dbd_t structures. Avoid use of
|
||||
global s->process->pool, which isn't destroyed by exiting
|
||||
child processes in most multi-process MPMs. PR 39985.
|
||||
- Handle error conditions in dbd_construct() properly. Simplify
|
||||
ap_dbd_open() and use correct arguments to apr_dbd_error()
|
||||
when non-threaded. Register correct cleanup data in
|
||||
non-threaded ap_dbd_acquire() and ap_dbd_cacquire(). Clean up
|
||||
configuration data and merge function. Use ap_log_error()
|
||||
wherever possible.
|
||||
- Stash DBD connections in request_config of initial request
|
||||
only, or else sub-requests and internal redirections may cause
|
||||
entire DBD pool to be stashed in a single HTTP request.
|
||||
mod_deflate:
|
||||
- don't try to process metadata buckets as data. what should
|
||||
have been a 413 error was logged as a 500 and a blank screen
|
||||
appeared at the browser.
|
||||
- fix protocol handling in deflate input filter PR 23287
|
||||
mod_disk_cache:
|
||||
- Allow Vary'd responses to be refreshed properly.
|
||||
mod_dumpio:
|
||||
- Fix for correct dumping of traffic on EBCDIC hosts Data had
|
||||
been incorrectly converted twice, resulting in garbled log
|
||||
output.
|
||||
mod_expires:
|
||||
- don't crash on bad configuration data PR 43213
|
||||
mod_filter:
|
||||
- fix integer comparisons in dispatch rules PR 41835
|
||||
- fix merging of ! and = in FilterChain PR 42186
|
||||
mod_headers:
|
||||
- Allow % at the end of a Header value. PR 36609.
|
||||
mod_info:
|
||||
- mod_info outputs invalid XHTML 1.0 transitional. PR 42847
|
||||
mod_ldap:
|
||||
- Avoid possible crashes, hangs, and busy loops due to improper
|
||||
merging of the cache lock in vhost config PR 43164
|
||||
mod_ldap:
|
||||
- Remove the hardcoded size limit parameter for
|
||||
ldap_search_ext_s and replace it with an APR_ defined value
|
||||
that is set according to the LDAP SDK being used.
|
||||
mod_mem_cache:
|
||||
- Increase the minimum and default value for MCacheMinObjectSize
|
||||
from 0 to 1, as a MCacheMinObjectSize of 0 does not make sense
|
||||
and leads to a division by zero. PR 40576.
|
||||
mod_negotiation:
|
||||
- preserve Query String in resolving a type map PR 33112
|
||||
mod_proxy:
|
||||
- mod_proxy_http: accept proxy-sendchunked/proxy-sendchunks as
|
||||
synonymous. PR 43183
|
||||
- Ensure that at least scheme://hostname[:port] matches between
|
||||
worker and URL when searching for the best fitting worker for
|
||||
a given URL. PR 40910
|
||||
- Improve network performance by setting APR_TCP_NODELAY
|
||||
(disable Nagle algorithm) on sockets if implemented. PR 42871
|
||||
- Add a missing assignment in an error checking code path. PR 40865
|
||||
- don't URLencode tilde in path component PR 38448
|
||||
- enable Ignore Errors option on ProxyPass Status. PR 43167
|
||||
- Allow to use different values for sessionid in url encoded id
|
||||
and cookies. PR 41897.
|
||||
- Fix the 503 returned when session route does not match any of
|
||||
the balancer members.
|
||||
- Added ProxyPassMatch directive, which is similar to ProxyPass
|
||||
but takes a regex local path prefix.
|
||||
- Print the correct error message for erroneous configured
|
||||
ProxyPass directives. PR 40439.
|
||||
- Fix some proxy setting inheritance problems (eg:
|
||||
ProxyTimeout). PR 11540.
|
||||
- proxy/ajp_header.c: Fixed header token string comparisons
|
||||
Matching of header tokens failed to include the trailing NIL
|
||||
byte and could misinterpret a longer header token for a
|
||||
shorter. Additionally, a "Content-Type" comparison was made
|
||||
case insensitive.
|
||||
- proxy/ajp_header.c: Backport of an AJP protocol fix for EBCDIC
|
||||
On EBCDIC machines, the status_line string was incorrectly
|
||||
converted twice.
|
||||
mod_proxy_connect:
|
||||
- avoid segfault on DNS lookup failure. PR 40756
|
||||
mod_proxy_http:
|
||||
- HTTP proxy ProxyErrorOverride: Leave 1xx and 3xx responses
|
||||
alone. Only processing of error responses (4xx, 5xx) will be
|
||||
altered. PR 39245.
|
||||
- Don't try to read body of a HEAD request before responding. PR 41644
|
||||
- Handle request bodies larger than 2 GB by converting the
|
||||
Content-Length header of the request correctly. PR 40883.
|
||||
mod_ssl:
|
||||
- Fix spurious hostname mismatch warning for valid wildcard
|
||||
certificates. PR 37911.
|
||||
- Version reporting update; displays 'compiled against' Apache
|
||||
and build-time SSL Library versions at loglevel [info], while
|
||||
reporting the run-time SSL Library version in the server info
|
||||
tags. Helps to identify a mod_ssl built against one flavor of
|
||||
OpenSSL but running against another (also adds SSL-C version
|
||||
number reporting.)
|
||||
- initialize thread locks before initializing the hardware
|
||||
acceleration library, so the latter can make use of the
|
||||
former. PR 20951.
|
||||
core:
|
||||
- Do not replace a Date header set by a proxied backend server. PR 40232
|
||||
- log core: ensure we use a special pool for stderr logging, so that
|
||||
the stderr channel remains valid from the time plog is destroyed,
|
||||
until the time the open_logs hook is called again.
|
||||
- main core: Emit errors during the initial apr_app_initialize()
|
||||
or apr_pool_create() (when apr-based error reporting is not ready).
|
||||
- log core: fix the new piped logger case where we couldn't connect
|
||||
the replacement stderr logger's stderr to the NULL stdout stream.
|
||||
Continue in this case, since the previous alternative of no error
|
||||
logging at all (/dev/null) is far worse.
|
||||
- Correct a regression since 2.0.x in the handling of AllowOverride
|
||||
Options. PR 41829.
|
||||
- Unix MPMs: Catch SIGFPE so that exception hooks and CoreDumpDirectory
|
||||
can work after that terminating signal.
|
||||
- mod_so: Provide more helpful LoadModule feedback when an error occurs.
|
||||
misc:
|
||||
- mime.types: Many updates to sync with IANA registry and common
|
||||
unregistered types that the owners refuse to register. Admins
|
||||
are encouraged to update their installed mime.types file. PR:
|
||||
35550, 37798, 39317, 31483
|
||||
- mime.types: add Registered Javascript/ECMAScript MIME types
|
||||
(RFC4329) PR 40299
|
||||
- htdbm: Enable crypt support on platforms with crypt() but not
|
||||
<crypt.h>, such as z/OS.
|
||||
- ab.c: Correct behavior of HTTP request headers sent by ab in
|
||||
presence of -H command-line overrides. PR 31268, 26554.
|
||||
- ab.c: The apr_port_t type is unsigned, but ab was using a
|
||||
signed format code in its reports. PR 42070.
|
||||
- drop obsolete patches apache2-mod_cache-CVE-2007-1863.patch
|
||||
apache2-mod_status-CVE-2006-5752.patch
|
||||
httpd-2.2.4-mod_autoindex-charset-r570962.patch
|
||||
mod_dbd.c-issue18989-autoconnect.dif
|
||||
mod_dbd.c-r571441
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 3 13:43:22 CEST 2007 - skh@suse.de
|
||||
|
||||
- get_module_list: replace loadmodule.conf atomically [bnc #214863]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Sep 1 01:49:37 CEST 2007 - poeml@suse.de
|
||||
|
||||
- /etc/init.d/apache2: implement restart-graceful, stop-graceful
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 31 14:21:27 CEST 2007 - poeml@suse.de
|
||||
|
||||
- update mod_dbd to trunk version (r571441)
|
||||
* apr_dbd_check_conn() just returns APR_SUCCESS or
|
||||
APR_EGENERAL, so we don't actually have a driver-specific value
|
||||
to pass to apr_dbd_error(), but that's OK because most/all
|
||||
drivers just ignore this value anyway
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 31 12:37:27 CEST 2007 - poeml@suse.de
|
||||
|
||||
|
612
apache2.spec
612
apache2.spec
@ -1,5 +1,5 @@
|
||||
#
|
||||
# spec file for package apache2 (Version 2.2.8)
|
||||
# spec file for package apache2 (Version 2.2.9)
|
||||
#
|
||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
@ -61,9 +61,9 @@ BuildRequires: expat-devel
|
||||
%define platform_string Linux/%VENDOR
|
||||
License: The Apache Software License
|
||||
Group: Productivity/Networking/Web/Servers
|
||||
%define realver 2.2.8
|
||||
Version: 2.2.8
|
||||
Release: 50
|
||||
%define realver 2.2.9
|
||||
Version: 2.2.9
|
||||
Release: 1
|
||||
#Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2
|
||||
Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2
|
||||
Source10: SUSE-NOTICE
|
||||
@ -111,12 +111,10 @@ Source131: apache2-vhost-ssl.template
|
||||
Source140: apache2-check_forensic
|
||||
Source141: apache-20-22-upgrade
|
||||
Patch2: httpd-2.1.3alpha-layout.dif
|
||||
Patch10: httpd-2.1.3alpha-autoconf-2.59.dif
|
||||
Patch23: httpd-2.1.9-apachectl.dif
|
||||
Patch65: httpd-2.0.49-log_server_status.dif
|
||||
Patch66: httpd-2.0.54-envvars.dif
|
||||
Patch67: httpd-2.2.0-apxs-a2enmod.dif
|
||||
Patch68: httpd-2.2.x-CVE-2008-1678.patch
|
||||
Url: http://httpd.apache.org/
|
||||
Icon: Apache.xpm
|
||||
Summary: The Apache Web Server Version 2.0
|
||||
@ -322,9 +320,6 @@ Authors:
|
||||
--------
|
||||
Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE
|
||||
|
||||
%if 0%{?opensuse_bs}
|
||||
%endif
|
||||
|
||||
%prep
|
||||
#
|
||||
# O/ ._ .__ ._
|
||||
@ -333,12 +328,10 @@ Authors:
|
||||
#
|
||||
%setup -q -n httpd-%{realver}
|
||||
%patch2 -p1
|
||||
%patch10 -p1
|
||||
%patch23 -p1
|
||||
%patch65 -p1
|
||||
%patch66 -p1
|
||||
%patch67 -p1
|
||||
%patch68 -p3
|
||||
#
|
||||
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
|
||||
#
|
||||
@ -351,8 +344,14 @@ sed 's/public_html/%{userdir}/g' docs/conf/extra/httpd-userdir.conf.in > tmp_fil
|
||||
#
|
||||
# now configure Apache
|
||||
#
|
||||
%if 0%{?suse_version} > 910
|
||||
aclocal
|
||||
autoreconf --force --install
|
||||
%else
|
||||
rm -rf aclocal.m4 autom4te*.cache
|
||||
autoheader
|
||||
autoconf
|
||||
%endif
|
||||
|
||||
%build
|
||||
#
|
||||
@ -361,9 +360,6 @@ autoreconf --force --install
|
||||
#
|
||||
function configure {
|
||||
CFLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing -DLDAP_DEPRECATED" \
|
||||
%if 0%{?opensuse_bs}
|
||||
CFLAGS="$CFLAGS -g"
|
||||
%endif
|
||||
CPPFLAGS="-DSSL_EXPERIMENTAL_ENGINE -DMAX_SERVER_LIMIT=200000 -DLDAP_DEPRECATED -DMAXLINE=4096" \
|
||||
./configure \
|
||||
--enable-layout=SuSE81%(test "%_lib" = lib64 && echo -n _64) \
|
||||
@ -450,9 +446,6 @@ for mpm in %{mpms_to_build}; do
|
||||
make CFLAGS="$RPM_OPT_FLAGS -fPIC \
|
||||
-fno-strict-aliasing \
|
||||
-Wall \
|
||||
%if 0%{?opensuse_bs}
|
||||
-g \
|
||||
%endif
|
||||
-DDEFAULT_PIDLOG='\"%{runtimedir}/%{httpd}.pid\"' \
|
||||
-DDEFAULT_ERRORLOG='\"%{logfiledir}/error_log\"' " \
|
||||
%{?jobs:-j%jobs}
|
||||
@ -532,7 +525,7 @@ done
|
||||
# /O || |_> |_(_|||
|
||||
#
|
||||
#
|
||||
# (most installation (to build root) has already been done in %build)
|
||||
# (most installation (to build root) has already been done in %%build)
|
||||
#
|
||||
# save MODULE_MAGIC_NUMBER
|
||||
cat > $RPM_BUILD_ROOT/%{_libdir}/%{pname}_MMN <<-EOF
|
||||
@ -787,10 +780,10 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
|
||||
%doc support/SHA1
|
||||
%doc %attr(755,root,root) certificate.sh
|
||||
%doc %attr(755,root,root) mkcert.sh
|
||||
%doc %{_mandir}/man8/apachectl%{vers}.8.gz
|
||||
%doc %{_mandir}/man8/htcacheclean%{vers}.8.gz
|
||||
%doc %{_mandir}/man8/%{httpd}.8.gz
|
||||
%doc %{_mandir}/man8/apxs%{vers}.8.gz
|
||||
%doc %{_mandir}/man8/apachectl%{vers}.8.*
|
||||
%doc %{_mandir}/man8/htcacheclean%{vers}.8.*
|
||||
%doc %{_mandir}/man8/%{httpd}.8.*
|
||||
%doc %{_mandir}/man8/apxs%{vers}.8.*
|
||||
%doc robots.txt
|
||||
%doc printenv
|
||||
%doc test-cgi
|
||||
@ -906,14 +899,14 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
|
||||
|
||||
%files utils
|
||||
%defattr(-,root,root)
|
||||
%doc %{_mandir}/man8/ab%{vers}.8.gz
|
||||
%doc %{_mandir}/man1/dbmmanage%{vers}.1.gz
|
||||
%doc %{_mandir}/man1/htdbm%{vers}.1.gz
|
||||
%doc %{_mandir}/man1/htdigest%{vers}.1.gz
|
||||
%doc %{_mandir}/man1/htpasswd%{vers}.1.gz
|
||||
%doc %{_mandir}/man8/logresolve%{vers}.8.gz
|
||||
%doc %{_mandir}/man8/rotatelogs%{vers}.8.gz
|
||||
%doc %{_mandir}/man8/suexec%{vers}.8.gz
|
||||
%doc %{_mandir}/man8/ab%{vers}.8.*
|
||||
%doc %{_mandir}/man1/dbmmanage%{vers}.1.*
|
||||
%doc %{_mandir}/man1/htdbm%{vers}.1.*
|
||||
%doc %{_mandir}/man1/htdigest%{vers}.1.*
|
||||
%doc %{_mandir}/man1/htpasswd%{vers}.1.*
|
||||
%doc %{_mandir}/man8/logresolve%{vers}.8.*
|
||||
%doc %{_mandir}/man8/rotatelogs%{vers}.8.*
|
||||
%doc %{_mandir}/man8/suexec%{vers}.8.*
|
||||
%{_bindir}/check_forensic%{vers}
|
||||
%{_bindir}/dbmmanage%{vers}
|
||||
%{_bindir}/gensslcert
|
||||
@ -987,23 +980,11 @@ usermod -g %httpdgroup %httpduser 2>/dev/null ||:
|
||||
usermod -s /bin/false %httpduser 2>/dev/null ||:
|
||||
tmpdir=$(mktemp -d etc/%{pname}/%{pname}-post.XXXXXX); test $? = 0 || { echo >&2 Could not create tmpdir. Exiting; exit 1; }
|
||||
tmpfile=$tmpdir/tmpfile
|
||||
RC_CONFIG=etc/rc.config
|
||||
if [ -e $RC_CONFIG ]; then
|
||||
. $RC_CONFIG
|
||||
if [ "$START_HTTPD" = no -a "$START_HTTPSD" = yes ]; then
|
||||
echo -n "removing obsolete START_HTTPSD from etc/rc.config ..."
|
||||
sed -e 's+START_HTTPD=.*+START_HTTPD=yes+' \
|
||||
-e 's+START_HTTPSD=.*++' $RC_CONFIG > $tmpfile \
|
||||
&& cp $tmpfile $RC_CONFIG
|
||||
echo "done"
|
||||
fi
|
||||
fi
|
||||
if test -s etc/sysconfig/%{pname} && grep -q "^LOADMODULES" etc/sysconfig/%{pname}; then
|
||||
sed "s/LOADMODULES/APACHE_MODULES/" etc/sysconfig/%{pname} >| $tmpfile \
|
||||
&& cp $tmpfile etc/sysconfig/%{pname}
|
||||
fi
|
||||
%{fillup_and_insserv -n apache2 apache2}
|
||||
%{fillup_only -ans apache2 apache2}
|
||||
%{fillup_and_insserv apache2}
|
||||
# Update ?
|
||||
if [ ${FIRST_ARG:-0} -gt 1 ]; then
|
||||
# update from package with the old near-monolithic conf file?
|
||||
@ -1040,10 +1021,156 @@ if ! test -f /.buildenv; then
|
||||
fi
|
||||
|
||||
%changelog
|
||||
* Thu Aug 28 2008 ro@suse.de
|
||||
- remove deprecated options from fillup and insserv call
|
||||
* Mon Aug 25 2008 ro@suse.de
|
||||
- initscript: copy Should-Start to Should-Stop to fix build
|
||||
* Wed Aug 27 2008 poeml@suse.de
|
||||
- drop rc.config handling (was removed in or after SuSE Linux 8.0)
|
||||
- don't use fillup_insserv options which have been removed lately
|
||||
* Fri Aug 15 2008 poeml@suse.de
|
||||
- fix init script LSB headers
|
||||
* Wed Jun 25 2008 poeml@suse.de
|
||||
- add note to /etc/sysconfig/apache2 and /etc/init.d/apache2 about
|
||||
how to set ulimits when starting the server
|
||||
- undocument APACHE_BUFFERED_LOGS and APACHE_TIMEOUT in the
|
||||
sysconfig template. They still work but I think it is good to
|
||||
keep this stuff out of the beginner's config, first because both
|
||||
features are sophisticated enough to not being tweaked in most
|
||||
cases, second because it only confuses people I guess, and makes
|
||||
the sysconfig file larger than necessary.
|
||||
* Sun Jun 15 2008 poeml@suse.de
|
||||
- update to 2.2.9:
|
||||
SECURITY: CVE-2008-2364 (cve.mitre.org)
|
||||
mod_proxy_http: Better handling of excessive interim responses
|
||||
from origin server to prevent potential denial of service and
|
||||
high memory usage. Reported by Ryujiro Shibuya.
|
||||
SECURITY: CVE-2007-6420 (cve.mitre.org)
|
||||
mod_proxy_balancer: Prevent CSRF attacks against the
|
||||
balancer-manager interface.
|
||||
- htpasswd: Fix salt generation weakness. PR 31440
|
||||
worker/event MPM:
|
||||
- Fix race condition in pool recycling that leads to
|
||||
segmentation faults under load. PR 44402
|
||||
core:
|
||||
- Fix address-in-use startup failure on some platforms caused by
|
||||
creating an IPv4 listener which overlaps with an existing IPv6
|
||||
listener.
|
||||
- Add the filename of the configuration file to the warning
|
||||
message about the useless use of AllowOverride. PR 39992.
|
||||
- Do not allow Options ALL if not all options are allowed to be
|
||||
overwritten. PR 44262
|
||||
- reinstate location walk to fix config for subrequests PR 41960
|
||||
- Fix garbled TRACE response on EBCDIC platforms.
|
||||
- gen_test_char: add double-quote to the list of
|
||||
T_HTTP_TOKEN_STOP. PR 9727
|
||||
http_filters:
|
||||
- Don't return 100-continue on redirects. PR 43711
|
||||
- Don't return 100-continue on client error PR 43711
|
||||
- Don't spin if get an error when reading the next chunk. PR 44381
|
||||
- Don't add bogus duplicate Content-Language entries
|
||||
suexec:
|
||||
- When group is given as a numeric gid, validate it by looking up
|
||||
the actual group name such that the name can be used in log entries.
|
||||
PR 7862
|
||||
mod_authn_dbd:
|
||||
- Disambiguate and tidy database authentication error messages. PR 43210.
|
||||
mod_cache:
|
||||
- Handle If-Range correctly if the cached resource was stale. PR 44579
|
||||
- Revalidate cache entities which have Cache-Control: no-cache
|
||||
set in their response headers. PR 44511
|
||||
mod_cgid:
|
||||
- Explicitly set permissions of the socket (ScriptSock) shared
|
||||
by mod_cgid and request processing threads, for OS'es such as
|
||||
HPUX and AIX that do not use umask for AF_UNIX socket permissions.
|
||||
- Don't try to restart the daemon if it fails to initialize the socket.
|
||||
mod_charset_lite:
|
||||
- Add TranslateAllMimeTypes sub-option to CharsetOptions,
|
||||
allowing the administrator to skip the mimetype checking that
|
||||
precedes translation.
|
||||
mod_dav:
|
||||
- Return "method not allowed" if the destination URI of a WebDAV
|
||||
copy / move operation is no DAV resource. PR 44734
|
||||
mod_headers:
|
||||
- Add 'merge' option to avoid duplicate values within the same header.
|
||||
mod_include:
|
||||
- Correctly handle SSI directives split over multiple filter
|
||||
mod_log_config:
|
||||
- Add format options for %%p so that the actual local or remote
|
||||
port can be logged. PR 43415.
|
||||
mod_logio:
|
||||
- Provide optional function to allow modules to adjust the
|
||||
bytes_in count
|
||||
mod_proxy:
|
||||
- Make all proxy modules nocanon aware and do not add the
|
||||
query string again in this case. PR 44803.
|
||||
- scoreboard: Remove unused proxy load balancer elements from scoreboard
|
||||
image (not scoreboard memory itself).
|
||||
- Support environment variable interpolation in reverse
|
||||
proxying directives.
|
||||
- Do not try a direct connection if the connection via a
|
||||
remote proxy failed before and the request has a request body.
|
||||
- ProxyPassReverse is now balancer aware.
|
||||
- Lower memory consumption for short lived connections.
|
||||
PR 44026.
|
||||
- Keep connections to the backend persistent in the HTTPS case.
|
||||
mod_proxy_ajp:
|
||||
- Do not retry request in the case that we either failed to
|
||||
sent a part of the request body or if the request is not idempotent.
|
||||
PR 44334
|
||||
mod_proxy_ftp:
|
||||
- Fix base for directory listings. PR 27834
|
||||
mod_proxy_http:
|
||||
- Fix processing of chunked responses if Connection:
|
||||
Transfer-Encoding is set in the response of the proxied
|
||||
system. PR 44311
|
||||
- Return HTTP status codes instead of apr_status_t values for
|
||||
errors encountered while forwarding the request body PR 44165
|
||||
mod_rewrite:
|
||||
- Initialize hash needed by ap_register_rewrite_mapfunc early
|
||||
enough. PR 44641
|
||||
- Check all files used by DBM maps for freshness, mod_rewrite
|
||||
didn't pick up on updated sdbm maps due to this. PR41190
|
||||
- Don't canonicalise URLs with [P,NE] PR 43319
|
||||
mod_speling:
|
||||
- remove regression from 1.3/2.0 behavior and drop dependency
|
||||
between mod_speling and AcceptPathInfo.
|
||||
mod_ssl:
|
||||
- Fix a memory leak with connections that have zlib compression
|
||||
turned on. PR 44975
|
||||
mod_substitute:
|
||||
- The default is now flattening the buckets after each
|
||||
substitution. The newly added 'q' flag allows for the quicker,
|
||||
more efficient bucket-splitting if the user so
|
||||
mod_unique_id:
|
||||
- Fix timestamp value in UNIQUE_ID. PR 37064
|
||||
ab (apache benchmark):
|
||||
- Include <limits.h> earlier if available since we may need
|
||||
INT_MAX (defined there on Windows) for the definition of MAX_REQUESTS.
|
||||
- Improve client performance by clearing connection pool instead
|
||||
- Don't stop sending a request if EAGAIN is returned, which
|
||||
will only happen if both the write and subsequent wait are
|
||||
returning EAGAIN, and count posted bytes correctly when the initial
|
||||
write of a request is not complete. PR 10038, 38861, 39679
|
||||
- Overhaul stats collection and reporting to avoid integer
|
||||
truncation and time divisions within the test loop, retain
|
||||
native time resolution until output, remove unused data,
|
||||
consistently round milliseconds, and generally avoid losing
|
||||
accuracy of calculation due to type casts. PR 44878, 44931.
|
||||
- Add -r option to continue after socket receive errors.
|
||||
- Do not try to read non existing response bodies of HEAD requests.
|
||||
- Use a 64 bit unsigned int instead of a signed long to count the
|
||||
rotatelogs:
|
||||
- Log the current file size and error code/description when
|
||||
failing to write to the log file.
|
||||
- Added '-f' option to force rotatelogs to create the logfile as
|
||||
soon as started, and not wait until it reads the first entry.
|
||||
- Don't leak memory when reopening the logfile. PR 40183
|
||||
- Improve atomicity when using -l and cleaup code. PR 44004
|
||||
- drop obsolete patches httpd-2.1.3alpha-autoconf-2.59.dif
|
||||
httpd-2.2.x-CVE-2008-1678.patch
|
||||
- don't run autoreconf on SLES9
|
||||
- remove the addition of -g to the CFLAGS, since the build service
|
||||
handles debuginfo packages now
|
||||
* Mon Jun 09 2008 poeml@suse.de
|
||||
- build service supports the debuginfo flag in metadata now; remove
|
||||
debug_package macro from the specfile therefore.
|
||||
* Mon May 26 2008 skh@suse.de
|
||||
- CVE-2008-1678: modules/ssl/mod_ssl.c (ssl_cleanup_pre_config):
|
||||
Remove the call to CRYPTO_cleanup_all_ex_data here, fixing a
|
||||
@ -1051,45 +1178,388 @@ fi
|
||||
support for a compression algorithm in the initial handshake, and
|
||||
mod_ssl is linked against OpenSSL >= 0.9.8f. [bnc#392096]
|
||||
httpd-2.2.x-CVE-2008-1678.patch
|
||||
* Thu May 15 2008 poeml@suse.de
|
||||
- fix build on Mandriva 2007, by escaping commented %%build macro
|
||||
- make filelist of man pages independant of the compression method
|
||||
(gz, bz2, lzma)
|
||||
* Fri Apr 18 2008 poeml@suse.de
|
||||
- sync up with changes from Build Service:
|
||||
- new implementation of sysconf_addword, using sed instead of ed.
|
||||
- fix from Factory:
|
||||
- remove dir /usr/share/omc/svcinfo.d as it is provided now
|
||||
by filesystem
|
||||
- remove obsolete httpd-2.2.x.doublefree.patch file, which isn't
|
||||
used since quite some time since the issue is resolved.
|
||||
* Thu Apr 17 2008 poeml@suse.de
|
||||
- new implementation of sysconf_addword, using sed instead of ed.
|
||||
Moving it from the -utils subpackage into the parent package,
|
||||
where it's actually needed. If sysconf_addword is already present
|
||||
in the system, it is preferred (by PATH). That's because the tool
|
||||
has been integrated into aaa_base.rpm with openSUSE 11.0.
|
||||
Removing the requires on the ed package. [bnc#377131]
|
||||
- better documentation how to enable SSL in /etc/sysconfig/apache2
|
||||
- quickstart readme: the link to the openSUSE wiki is about to move
|
||||
- add "127.0.0.1" to the local access list in mod_status.conf,
|
||||
* Wed Mar 12 2008 poeml@suse.de
|
||||
- require ed package, since ed is needed by sysconf_addword, which
|
||||
in turn is used by a2enmod/a2enflag
|
||||
* Fri Feb 29 2008 poeml@suse.de
|
||||
- better documentation how to enable SSL in /etc/sysconfig/apache2
|
||||
- quickstart readme: the link to the openSUSE wiki is about to move
|
||||
* Tue Feb 19 2008 poeml@suse.de
|
||||
- add "127.0.0.1" to the local access list in mod_status.conf,
|
||||
because on some systems "localhost" seems to resolve only to IPv6
|
||||
localhost
|
||||
- /etc/init.d/apache2: implement restart-graceful, stop-graceful
|
||||
- fix graceful-restart. Wait until the pidfile is gone, but don't
|
||||
* Sat Feb 02 2008 crrodriguez@suse.de
|
||||
- upstream 2.2.8
|
||||
SECURITY: CVE-2007-6421 (cve.mitre.org)
|
||||
mod_proxy_balancer: Correctly escape the worker route and the worker
|
||||
redirect string in the HTML output of the balancer manager.
|
||||
Reported by SecurityReason.
|
||||
SECURITY: CVE-2007-6422 (cve.mitre.org)
|
||||
Prevent crash in balancer manager if invalid balancer name is passed
|
||||
as parameter. Reported by SecurityReason.
|
||||
SECURITY: CVE-2007-6388 (cve.mitre.org)
|
||||
mod_status: Ensure refresh parameter is numeric to prevent
|
||||
a possible XSS attack caused by redirecting to other URLs.
|
||||
Reported by SecurityReason.
|
||||
SECURITY: CVE-2007-5000 (cve.mitre.org)
|
||||
mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.
|
||||
SECURITY: CVE-2008-0005 (cve.mitre.org)
|
||||
Introduce the ProxyFtpDirCharset directive, allowing the administrator
|
||||
to identify a default, or specific servers or paths which list their
|
||||
contents in other-than ISO-8859-1 charset (e.g. utf-8).
|
||||
mod_autoindex:
|
||||
- Generate valid XHTML output by adding the xhtml namespace. PR 43649
|
||||
mod_charset_lite:
|
||||
- Don't crash when the request has no associated filename.
|
||||
mod_dav:
|
||||
- Fix evaluation of If-Match * and If-None-Match * conditionals. PR 38034
|
||||
- Adjust etag generation to produce identical results on 32-bit
|
||||
and 64-bit platforms and avoid a regression with conditional PUT's on lock
|
||||
and etag. PR 44152.
|
||||
mod_deflate:
|
||||
- initialise inflate-out filter correctly when the first brigade
|
||||
contains no data buckets. PR 43512
|
||||
mod_disk_cache:
|
||||
- Delete temporary files if they cannot be renamed to their final
|
||||
name.
|
||||
mod_filter:
|
||||
- Don't segfault on (unsupported) chained FilterProvider usage. PR 43956
|
||||
mod_include:
|
||||
- Add an "if" directive syntax to test whether an URL is
|
||||
accessible, and if so, conditionally display content. This
|
||||
allows a webmaster to hide a link to a private page when the
|
||||
user has no access to that page.
|
||||
mod_ldap:
|
||||
- Try to establish a new backend LDAP connection when the
|
||||
Microsoft LDAP client library returns LDAP_UNAVAILABLE, e.g.
|
||||
after the LDAP server has closed the connection due to a
|
||||
timeout. PR 39095
|
||||
- Give callers a reference to data copied into the request pool
|
||||
instead of references directly into the cache PR 43786
|
||||
- Stop passing a reference to pconf around for (limited) use
|
||||
during request processing, avoiding possible memory corruption
|
||||
and crashes.
|
||||
mod_proxy:
|
||||
- Canonicalisation improvements. Add "nocanon" keyword to
|
||||
ProxyPass, to suppress URI-canonicalisation in a reverse proxy. Also,
|
||||
don't escape/unescape forward-proxied URLs. PR 41798, 42592
|
||||
- Don't by default violate RFC2616 by setting Max-Forwards when
|
||||
the client didn't send it to us. Leave that as a
|
||||
configuration option. PR 16137
|
||||
- Fix persistent backend connections. PR 43472
|
||||
- escape error-notes correctly PR 40952
|
||||
- check ProxyBlock for all blocked addresses PR 36987
|
||||
- Don't lose bytes when a response line arrives in small chunks.
|
||||
PR 40894
|
||||
mod_proxy_ajp:
|
||||
- Use 64K as maximum AJP packet size. This is the maximum length
|
||||
we can squeeze inside the AJP message packet.
|
||||
- Ignore any ajp13 flush packets received before we send the
|
||||
response headers. See Tomcat PR 43478.
|
||||
- Differentiate within AJP between GET and HEAD requests. PR 43060
|
||||
mod_proxy_balancer:
|
||||
- Do not reset lbstatus, lbfactor and lbset when starting a new
|
||||
child. PR 39907
|
||||
mod_proxy_http:
|
||||
- Remove Warning headers with wrong date PR 16138
|
||||
- Correctly parse all Connection headers in proxy. PR 43509
|
||||
- add Via header correctly (if enabled) to response, even where
|
||||
other Via headers exist. PR 19439
|
||||
- Correctly forward unexpected interim (HTTP 1xx) responses from
|
||||
the backend according to RFC2616. But make it configurable in
|
||||
case something breaks on it. PR 16518
|
||||
- strip hop-by-hop response headers PR 43455
|
||||
- Propagate Proxy-Authorization header correctly. PR 25947
|
||||
- Don't segfault on bad line in FTP listing PR 40733
|
||||
mod_rewrite:
|
||||
- Add option to suppress URL unescaping PR 34602
|
||||
- Add the novary flag to RewriteCond.
|
||||
mod_substitute:
|
||||
- Added a new output filter, which performs inline response
|
||||
content pattern matching (including regex) and substitution.
|
||||
mod_ssl:
|
||||
- Fix handling of the buffered request body during a per-location
|
||||
renegotiation, when an internal redirect occurs. PR 43738.
|
||||
- Fix SSL client certificate extensions parsing bug. PR 44073.
|
||||
- Prevent memory corruption of version string. PR 43865, 43334
|
||||
mod_status:
|
||||
- Add SeeRequestTail directive, which determines if
|
||||
ExtendedStatus displays the 1st 63 characters of the request
|
||||
or the last 63. Useful for those requests with large string
|
||||
lengths and which only vary with the last several characters.
|
||||
event MPM:
|
||||
- Add support for running under mod_ssl, by reverting to the
|
||||
Worker MPM behaviors, when run under an input filter that buffers
|
||||
its own data.
|
||||
core:
|
||||
- Fix regression in 2.2.7 in chunk filtering with massively
|
||||
chunked requests.
|
||||
- Lower memory consumption of ap_r* functions by reusing the
|
||||
brigade instead of recreating it during each filter pass.
|
||||
- Lower memory consumption in case that flush buckets are passed
|
||||
thru the chunk filter as last bucket of a brigade. PR 23567.
|
||||
- Fix broken chunk filtering that causes all non blocking reads
|
||||
to be converted into blocking reads. PR 19954, 41056.
|
||||
- Change etag generation to produce identical results on 32-bit
|
||||
and 64-bit platforms. PR 40064.
|
||||
- Handle unrecognised transfer-encodings. PR 43882
|
||||
- Avoid some unexpected connection closes by telling the client
|
||||
that the connection is not persistent if the MPM process
|
||||
handling the request is already exiting when the response
|
||||
header is built.
|
||||
- fix possible crash at startup in case of nonexistent
|
||||
DocumentRoot. PR 39722
|
||||
- http_core: OPTIONS * no longer maps to local storage or URI
|
||||
space. Note that unlike previous versions, OPTIONS * no longer
|
||||
returns an Allow: header. PR 43519
|
||||
- scoreboard: improve error message on apr_shm_create failure PR
|
||||
40037
|
||||
- Don't send spurious "100 Continue" response lines. PR 38014
|
||||
- http_protocol:
|
||||
- Escape request method in 413 error reporting. Determined to
|
||||
be not generally exploitable, but a flaw in any case. PR
|
||||
44014
|
||||
- Add "DefaultType none" option. PR 13986 and PR 16139
|
||||
- Escape request method in 405 error reporting. This has no
|
||||
security impact since the browser cannot be tricked into
|
||||
sending arbitrary method strings.
|
||||
- Various code cleanups. PR 38699, 39518, 42005, 42006, 42007, 42008, 42009
|
||||
- Add explicit charset to the output of various modules to work
|
||||
around possible cross-site scripting flaws affecting web
|
||||
browsers that do not derive the response character set as
|
||||
required by RFC2616. One of these reported by SecurityReason
|
||||
- rotatelogs: Change command-line parsing to report more types
|
||||
of errors. Allow local timestamps to be used when rotating based
|
||||
on file size.
|
||||
* Wed Sep 12 2007 poeml@suse.de
|
||||
- fix graceful-restart. Wait until the pidfile is gone, but don't
|
||||
wait for the parent to disappear. It stays there, after closing
|
||||
the listen ports.
|
||||
- don't configure in maintainer-mode. It not only enables compile
|
||||
* Wed Sep 12 2007 poeml@suse.de
|
||||
- use debug_package macro only on suse, because it breaks the build
|
||||
on Mandriva
|
||||
* Wed Sep 12 2007 poeml@suse.de
|
||||
- don't configure in maintainer-mode. It not only enables compile
|
||||
time warnings, but also adds AP_DEBUG into the mix which causes
|
||||
enablement of debug code which is not wanted in production
|
||||
builds.
|
||||
- drop obsolete patches mod_dbd.c-issue18989-autoconnect.dif and
|
||||
mod_dbd.c-r571441, as the 2.2.8 mod_dbd is just fine.
|
||||
* Tue Apr 01 2008 mkoenig@suse.de
|
||||
- remove dir /usr/share/omc/svcinfo.d as it is provided now
|
||||
by filesystem
|
||||
* Fri Mar 14 2008 skh@suse.de
|
||||
- update to upstream 2.2.8 --> see CHANGES in package for details
|
||||
- removed obsolete patches:
|
||||
- apache2-mod_cache-CVE-2007-1863.patch
|
||||
- apache2-mod_status-CVE-2006-5752.patch
|
||||
- httpd-2.2.4-mod_autoindex-charset-r570962.patch
|
||||
- httpd-2.2.x.doublefree.patch
|
||||
* Thu Dec 13 2007 ro@suse.de
|
||||
- remove sysconf_addword, now in aaa_base (#328599)
|
||||
* Mon Oct 22 2007 sbrabec@suse.cz
|
||||
- Use correct SuSEfirewall2 rule directory.
|
||||
* Mon Sep 10 2007 poeml@suse.de
|
||||
- upstream 2.2.6
|
||||
SECURITY: CVE-2007-3847 (cve.mitre.org)
|
||||
mod_proxy: Prevent reading past the end of a buffer when parsing
|
||||
date-related headers. PR 41144.
|
||||
SECURITY: CVE-2007-1863 (cve.mitre.org)
|
||||
mod_cache: Prevent a segmentation fault if attributes are listed in a
|
||||
Cache-Control header without any value.
|
||||
SECURITY: CVE-2007-3304 (cve.mitre.org)
|
||||
prefork, worker, event MPMs: Ensure that the parent process cannot
|
||||
be forced to kill processes outside its process group.
|
||||
SECURITY: CVE-2006-5752 (cve.mitre.org)
|
||||
mod_status: Fix a possible XSS attack against a site with a public
|
||||
server-status page and ExtendedStatus enabled, for browsers which
|
||||
perform charset "detection". Reported by Stefan Esser.
|
||||
SECURITY: CVE-2007-1862 (cve.mitre.org)
|
||||
mod_mem_cache: Copy headers into longer lived storage; header names and
|
||||
values could previously point to cleaned up storage. PR 41551.
|
||||
mod_alias:
|
||||
- Accept path components (URL part) in Redirects. PR 35314.
|
||||
mod_authnz_ldap:
|
||||
- Don't return HTTP_UNAUTHORIZED during authorization when
|
||||
LDAP authentication is configured but we haven't seen any
|
||||
'Require ldap-*' directives, allowing authorization to be passed to lower
|
||||
level modules (e.g. Require valid-user) PR 43281
|
||||
mod_autoindex:
|
||||
- Add in Type and Charset options to IndexOptions
|
||||
directive. This allows the admin to explicitly set the
|
||||
content-type and charset of the generated page and is therefore
|
||||
a viable workaround for buggy browsers affected by CVE-2007-4465
|
||||
mod_cache:
|
||||
- Remove expired content from cache that cannot be revalidated.
|
||||
PR 30370.
|
||||
- Do not set Date or Expires when they are missing from the
|
||||
original response or are invalid.
|
||||
- Correctly handle HEAD requests on expired cache content. PR
|
||||
41230.
|
||||
- Let Cache-Control max-age set the expiration of the cached
|
||||
representation if Expires is not set.
|
||||
- Allow caching of requests with query arguments when
|
||||
Cache-Control max-age is explicitly specified.
|
||||
- Use the same cache key throughout the whole request processing
|
||||
to handle escaped URLs correctly. PR 41475.
|
||||
- Add CacheIgnoreQueryString directive. PR 41484.
|
||||
- While serving a cached entity ensure that filters that have
|
||||
been applied to this cached entity before saving it to the
|
||||
cache are not applied again. PR 40090.
|
||||
- Correctly cache objects whose URL query string has been
|
||||
modified by mod_rewrite. PR 40805.
|
||||
mod_cgi, mod_cgid:
|
||||
- Fix use of CGI scripts as ErrorDocuments. PR 39710.
|
||||
mod_dbd:
|
||||
- Introduce configuration groups to allow inheritance by virtual
|
||||
hosts of database configurations from the main server.
|
||||
Determine the minimal set of distinct configurations and share
|
||||
connection pools whenever possible. Allow virtual hosts to
|
||||
override inherited SQL statements. PR 41302.
|
||||
- Create memory sub-pools for each DB connection and close DB
|
||||
connections in a pool cleanup function. Ensure prepared
|
||||
statements are destroyed before DB connection is closed. When
|
||||
using reslists, prevent segfaults when child processes exit,
|
||||
and stop memory leakage of ap_dbd_t structures. Avoid use of
|
||||
global s->process->pool, which isn't destroyed by exiting
|
||||
child processes in most multi-process MPMs. PR 39985.
|
||||
- Handle error conditions in dbd_construct() properly. Simplify
|
||||
ap_dbd_open() and use correct arguments to apr_dbd_error()
|
||||
when non-threaded. Register correct cleanup data in
|
||||
non-threaded ap_dbd_acquire() and ap_dbd_cacquire(). Clean up
|
||||
configuration data and merge function. Use ap_log_error()
|
||||
wherever possible.
|
||||
- Stash DBD connections in request_config of initial request
|
||||
only, or else sub-requests and internal redirections may cause
|
||||
entire DBD pool to be stashed in a single HTTP request.
|
||||
mod_deflate:
|
||||
- don't try to process metadata buckets as data. what should
|
||||
have been a 413 error was logged as a 500 and a blank screen
|
||||
appeared at the browser.
|
||||
- fix protocol handling in deflate input filter PR 23287
|
||||
mod_disk_cache:
|
||||
- Allow Vary'd responses to be refreshed properly.
|
||||
mod_dumpio:
|
||||
- Fix for correct dumping of traffic on EBCDIC hosts Data had
|
||||
been incorrectly converted twice, resulting in garbled log
|
||||
output.
|
||||
mod_expires:
|
||||
- don't crash on bad configuration data PR 43213
|
||||
mod_filter:
|
||||
- fix integer comparisons in dispatch rules PR 41835
|
||||
- fix merging of ! and = in FilterChain PR 42186
|
||||
mod_headers:
|
||||
- Allow %% at the end of a Header value. PR 36609.
|
||||
mod_info:
|
||||
- mod_info outputs invalid XHTML 1.0 transitional. PR 42847
|
||||
mod_ldap:
|
||||
- Avoid possible crashes, hangs, and busy loops due to improper
|
||||
merging of the cache lock in vhost config PR 43164
|
||||
mod_ldap:
|
||||
- Remove the hardcoded size limit parameter for
|
||||
ldap_search_ext_s and replace it with an APR_ defined value
|
||||
that is set according to the LDAP SDK being used.
|
||||
mod_mem_cache:
|
||||
- Increase the minimum and default value for MCacheMinObjectSize
|
||||
from 0 to 1, as a MCacheMinObjectSize of 0 does not make sense
|
||||
and leads to a division by zero. PR 40576.
|
||||
mod_negotiation:
|
||||
- preserve Query String in resolving a type map PR 33112
|
||||
mod_proxy:
|
||||
- mod_proxy_http: accept proxy-sendchunked/proxy-sendchunks as
|
||||
synonymous. PR 43183
|
||||
- Ensure that at least scheme://hostname[:port] matches between
|
||||
worker and URL when searching for the best fitting worker for
|
||||
a given URL. PR 40910
|
||||
- Improve network performance by setting APR_TCP_NODELAY
|
||||
(disable Nagle algorithm) on sockets if implemented. PR 42871
|
||||
- Add a missing assignment in an error checking code path. PR 40865
|
||||
- don't URLencode tilde in path component PR 38448
|
||||
- enable Ignore Errors option on ProxyPass Status. PR 43167
|
||||
- Allow to use different values for sessionid in url encoded id
|
||||
and cookies. PR 41897.
|
||||
- Fix the 503 returned when session route does not match any of
|
||||
the balancer members.
|
||||
- Added ProxyPassMatch directive, which is similar to ProxyPass
|
||||
but takes a regex local path prefix.
|
||||
- Print the correct error message for erroneous configured
|
||||
ProxyPass directives. PR 40439.
|
||||
- Fix some proxy setting inheritance problems (eg:
|
||||
ProxyTimeout). PR 11540.
|
||||
- proxy/ajp_header.c: Fixed header token string comparisons
|
||||
Matching of header tokens failed to include the trailing NIL
|
||||
byte and could misinterpret a longer header token for a
|
||||
shorter. Additionally, a "Content-Type" comparison was made
|
||||
case insensitive.
|
||||
- proxy/ajp_header.c: Backport of an AJP protocol fix for EBCDIC
|
||||
On EBCDIC machines, the status_line string was incorrectly
|
||||
converted twice.
|
||||
mod_proxy_connect:
|
||||
- avoid segfault on DNS lookup failure. PR 40756
|
||||
mod_proxy_http:
|
||||
- HTTP proxy ProxyErrorOverride: Leave 1xx and 3xx responses
|
||||
alone. Only processing of error responses (4xx, 5xx) will be
|
||||
altered. PR 39245.
|
||||
- Don't try to read body of a HEAD request before responding. PR 41644
|
||||
- Handle request bodies larger than 2 GB by converting the
|
||||
Content-Length header of the request correctly. PR 40883.
|
||||
mod_ssl:
|
||||
- Fix spurious hostname mismatch warning for valid wildcard
|
||||
certificates. PR 37911.
|
||||
- Version reporting update; displays 'compiled against' Apache
|
||||
and build-time SSL Library versions at loglevel [info], while
|
||||
reporting the run-time SSL Library version in the server info
|
||||
tags. Helps to identify a mod_ssl built against one flavor of
|
||||
OpenSSL but running against another (also adds SSL-C version
|
||||
number reporting.)
|
||||
- initialize thread locks before initializing the hardware
|
||||
acceleration library, so the latter can make use of the
|
||||
former. PR 20951.
|
||||
core:
|
||||
- Do not replace a Date header set by a proxied backend server. PR 40232
|
||||
- log core: ensure we use a special pool for stderr logging, so that
|
||||
the stderr channel remains valid from the time plog is destroyed,
|
||||
until the time the open_logs hook is called again.
|
||||
- main core: Emit errors during the initial apr_app_initialize()
|
||||
or apr_pool_create() (when apr-based error reporting is not ready).
|
||||
- log core: fix the new piped logger case where we couldn't connect
|
||||
the replacement stderr logger's stderr to the NULL stdout stream.
|
||||
Continue in this case, since the previous alternative of no error
|
||||
logging at all (/dev/null) is far worse.
|
||||
- Correct a regression since 2.0.x in the handling of AllowOverride
|
||||
Options. PR 41829.
|
||||
- Unix MPMs: Catch SIGFPE so that exception hooks and CoreDumpDirectory
|
||||
can work after that terminating signal.
|
||||
- mod_so: Provide more helpful LoadModule feedback when an error occurs.
|
||||
misc:
|
||||
- mime.types: Many updates to sync with IANA registry and common
|
||||
unregistered types that the owners refuse to register. Admins
|
||||
are encouraged to update their installed mime.types file. PR:
|
||||
35550, 37798, 39317, 31483
|
||||
- mime.types: add Registered Javascript/ECMAScript MIME types
|
||||
(RFC4329) PR 40299
|
||||
- htdbm: Enable crypt support on platforms with crypt() but not
|
||||
<crypt.h>, such as z/OS.
|
||||
- ab.c: Correct behavior of HTTP request headers sent by ab in
|
||||
presence of -H command-line overrides. PR 31268, 26554.
|
||||
- ab.c: The apr_port_t type is unsigned, but ab was using a
|
||||
signed format code in its reports. PR 42070.
|
||||
- drop obsolete patches apache2-mod_cache-CVE-2007-1863.patch
|
||||
apache2-mod_status-CVE-2006-5752.patch
|
||||
httpd-2.2.4-mod_autoindex-charset-r570962.patch
|
||||
mod_dbd.c-issue18989-autoconnect.dif
|
||||
mod_dbd.c-r571441
|
||||
* Mon Sep 03 2007 skh@suse.de
|
||||
- get_module_list: replace loadmodule.conf atomically [bnc #214863]
|
||||
* Sat Sep 01 2007 poeml@suse.de
|
||||
- /etc/init.d/apache2: implement restart-graceful, stop-graceful
|
||||
* Fri Aug 31 2007 poeml@suse.de
|
||||
- update mod_dbd to trunk version (r571441)
|
||||
* apr_dbd_check_conn() just returns APR_SUCCESS or
|
||||
APR_EGENERAL, so we don't actually have a driver-specific value
|
||||
to pass to apr_dbd_error(), but that's OK because most/all
|
||||
drivers just ignore this value anyway
|
||||
* Fri Aug 31 2007 poeml@suse.de
|
||||
- replace httpd-2.2.3-AddDirectoryIndexCharset.patch with the upstream
|
||||
solution, httpd-2.2.4-mod_autoindex-charset-r570962.patch [#153557]
|
||||
|
@ -1,396 +0,0 @@
|
||||
--- httpd-2.1.3-alpha/acinclude.m4
|
||||
+++ httpd-2.1.3-alpha/acinclude.m4
|
||||
@@ -4,25 +4,25 @@
|
||||
dnl AC_HELP_STRING, so let's try to call it if we can.
|
||||
dnl Note: this define must be on one line so that it can be properly returned
|
||||
dnl as the help string.
|
||||
-AC_DEFUN(APACHE_HELP_STRING,[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING($1,$2),[ ]$1 substr([ ],len($1))$2)])dnl
|
||||
+AC_DEFUN([APACHE_HELP_STRING],[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING($1,$2),[ ]$1 substr([ ],len($1))$2)])dnl
|
||||
|
||||
dnl APACHE_SUBST(VARIABLE)
|
||||
dnl Makes VARIABLE available in generated files
|
||||
dnl (do not use @variable@ in Makefiles, but $(variable))
|
||||
-AC_DEFUN(APACHE_SUBST,[
|
||||
+AC_DEFUN([APACHE_SUBST],[
|
||||
APACHE_VAR_SUBST="$APACHE_VAR_SUBST $1"
|
||||
AC_SUBST($1)
|
||||
])
|
||||
|
||||
dnl APACHE_FAST_OUTPUT(FILENAME)
|
||||
dnl Perform substitutions on FILENAME (Makefiles only)
|
||||
-AC_DEFUN(APACHE_FAST_OUTPUT,[
|
||||
+AC_DEFUN([APACHE_FAST_OUTPUT],[
|
||||
APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $1"
|
||||
])
|
||||
|
||||
dnl APACHE_GEN_CONFIG_VARS
|
||||
dnl Creates config_vars.mk
|
||||
-AC_DEFUN(APACHE_GEN_CONFIG_VARS,[
|
||||
+AC_DEFUN([APACHE_GEN_CONFIG_VARS],[
|
||||
APACHE_SUBST(abs_srcdir)
|
||||
APACHE_SUBST(bindir)
|
||||
APACHE_SUBST(sbindir)
|
||||
@@ -109,14 +109,14 @@
|
||||
|
||||
dnl APACHE_GEN_MAKEFILES
|
||||
dnl Creates Makefiles
|
||||
-AC_DEFUN(APACHE_GEN_MAKEFILES,[
|
||||
+AC_DEFUN([APACHE_GEN_MAKEFILES],[
|
||||
$SHELL $srcdir/build/fastgen.sh $srcdir $ac_cv_mkdir_p $BSD_MAKEFILE $APACHE_FAST_OUTPUT_FILES
|
||||
])
|
||||
|
||||
dnl ## APACHE_OUTPUT(file)
|
||||
dnl ## adds "file" to the list of files generated by AC_OUTPUT
|
||||
dnl ## This macro can be used several times.
|
||||
-AC_DEFUN(APACHE_OUTPUT, [
|
||||
+AC_DEFUN([APACHE_OUTPUT], [
|
||||
APACHE_OUTPUT_FILES="$APACHE_OUTPUT_FILES $1"
|
||||
])
|
||||
|
||||
@@ -125,7 +125,7 @@
|
||||
dnl
|
||||
dnl If rlim_t is not defined, define it to int
|
||||
dnl
|
||||
-AC_DEFUN(APACHE_TYPE_RLIM_T, [
|
||||
+AC_DEFUN([APACHE_TYPE_RLIM_T], [
|
||||
AC_CACHE_CHECK([for rlim_t], ac_cv_type_rlim_t, [
|
||||
AC_TRY_COMPILE([
|
||||
#include <sys/types.h>
|
||||
@@ -143,7 +143,7 @@
|
||||
])
|
||||
|
||||
dnl APACHE_MODPATH_INIT(modpath)
|
||||
-AC_DEFUN(APACHE_MODPATH_INIT,[
|
||||
+AC_DEFUN([APACHE_MODPATH_INIT],[
|
||||
current_dir=$1
|
||||
modpath_current=modules/$1
|
||||
modpath_static=
|
||||
@@ -152,7 +152,7 @@
|
||||
> $modpath_current/modules.mk
|
||||
])dnl
|
||||
dnl
|
||||
-AC_DEFUN(APACHE_MODPATH_FINISH,[
|
||||
+AC_DEFUN([APACHE_MODPATH_FINISH],[
|
||||
echo "DISTCLEAN_TARGETS = modules.mk" >> $modpath_current/modules.mk
|
||||
echo "static = $modpath_static" >> $modpath_current/modules.mk
|
||||
echo "shared = $modpath_shared" >> $modpath_current/modules.mk
|
||||
@@ -165,7 +165,7 @@
|
||||
])dnl
|
||||
dnl
|
||||
dnl APACHE_MODPATH_ADD(name[, shared[, objects [, ldflags[, libs]]]])
|
||||
-AC_DEFUN(APACHE_MODPATH_ADD,[
|
||||
+AC_DEFUN([APACHE_MODPATH_ADD],[
|
||||
if test -z "$3"; then
|
||||
objects="mod_$1.lo"
|
||||
else
|
||||
@@ -209,7 +209,7 @@
|
||||
dnl setting. otherwise, fall under the "all" setting.
|
||||
dnl explicit yes/no always overrides.
|
||||
dnl
|
||||
-AC_DEFUN(APACHE_MODULE,[
|
||||
+AC_DEFUN([APACHE_MODULE],[
|
||||
AC_MSG_CHECKING(whether to enable mod_$1)
|
||||
define([optname],[--]ifelse($5,yes,disable,enable)[-]translit($1,_,-))dnl
|
||||
AC_ARG_ENABLE(translit($1,_,-),APACHE_HELP_STRING(optname(),$2),,enable_$1=ifelse($5,,maybe-all,$5))
|
||||
@@ -282,7 +282,7 @@
|
||||
dnl
|
||||
dnl APACHE_ENABLE_MODULES
|
||||
dnl
|
||||
-AC_DEFUN(APACHE_ENABLE_MODULES,[
|
||||
+AC_DEFUN([APACHE_ENABLE_MODULES],[
|
||||
module_selection=default
|
||||
module_default=yes
|
||||
|
||||
@@ -312,7 +312,7 @@
|
||||
])
|
||||
])
|
||||
|
||||
-AC_DEFUN(APACHE_REQUIRE_CXX,[
|
||||
+AC_DEFUN([APACHE_REQUIRE_CXX],[
|
||||
if test -z "$apache_cxx_done"; then
|
||||
AC_PROG_CXX
|
||||
AC_PROG_CXXCPP
|
||||
@@ -326,7 +326,7 @@
|
||||
dnl Configure for the detected openssl/ssl-c toolkit installation, giving
|
||||
dnl preference to "--with-ssl=<path>" if it was specified.
|
||||
dnl
|
||||
-AC_DEFUN(APACHE_CHECK_SSL_TOOLKIT,[
|
||||
+AC_DEFUN([APACHE_CHECK_SSL_TOOLKIT],[
|
||||
if test "x$ap_ssltk_configured" = "x"; then
|
||||
dnl initialise the variables we use
|
||||
ap_ssltk_base=""
|
||||
@@ -499,14 +499,14 @@
|
||||
dnl apache will use while generating scripts like autoconf and apxs and
|
||||
dnl the default config file.
|
||||
|
||||
-AC_DEFUN(APACHE_SUBST_EXPANDED_ARG,[
|
||||
+AC_DEFUN([APACHE_SUBST_EXPANDED_ARG],[
|
||||
APR_EXPAND_VAR(exp_$1, [$]$1)
|
||||
APACHE_SUBST(exp_$1)
|
||||
APR_PATH_RELATIVE(rel_$1, [$]exp_$1, ${prefix})
|
||||
APACHE_SUBST(rel_$1)
|
||||
])
|
||||
|
||||
-AC_DEFUN(APACHE_EXPORT_ARGUMENTS,[
|
||||
+AC_DEFUN([APACHE_EXPORT_ARGUMENTS],[
|
||||
APACHE_SUBST_EXPANDED_ARG(exec_prefix)
|
||||
APACHE_SUBST_EXPANDED_ARG(bindir)
|
||||
APACHE_SUBST_EXPANDED_ARG(sbindir)
|
||||
--- httpd-2.1.3-alpha/build/apr_common.m4
|
||||
+++ httpd-2.1.3-alpha/build/apr_common.m4
|
||||
@@ -22,7 +22,7 @@
|
||||
dnl
|
||||
dnl Saves a snapshot of the configure command-line for later reuse
|
||||
dnl
|
||||
-AC_DEFUN(APR_CONFIG_NICE,[
|
||||
+AC_DEFUN([APR_CONFIG_NICE],[
|
||||
rm -f $1
|
||||
cat >$1<<EOF
|
||||
#! /bin/sh
|
||||
@@ -74,7 +74,7 @@
|
||||
|
||||
dnl APR_MKDIR_P_CHECK(fallback-mkdir-p)
|
||||
dnl checks whether mkdir -p works
|
||||
-AC_DEFUN(APR_MKDIR_P_CHECK,[
|
||||
+AC_DEFUN([APR_MKDIR_P_CHECK],[
|
||||
AC_CACHE_CHECK(for working mkdir -p, ac_cv_mkdir_p,[
|
||||
test -d conftestdir && rm -rf conftestdir
|
||||
mkdir -p conftestdir/somedir >/dev/null 2>&1
|
||||
@@ -112,7 +112,7 @@
|
||||
dnl Trying to optimize this is left as an exercise to the reader who wants
|
||||
dnl to put up with more autoconf craziness. I give up.
|
||||
dnl
|
||||
-AC_DEFUN(APR_SUBDIR_CONFIG, [
|
||||
+AC_DEFUN([APR_SUBDIR_CONFIG], [
|
||||
# save our work to this point; this allows the sub-package to use it
|
||||
AC_CACHE_SAVE
|
||||
|
||||
@@ -180,7 +180,7 @@
|
||||
dnl
|
||||
dnl Stores the variable (usually a Makefile macro) for later restoration
|
||||
dnl
|
||||
-AC_DEFUN(APR_SAVE_THE_ENVIRONMENT,[
|
||||
+AC_DEFUN([APR_SAVE_THE_ENVIRONMENT],[
|
||||
apr_ste_save_$1="$$1"
|
||||
])dnl
|
||||
|
||||
@@ -192,7 +192,7 @@
|
||||
dnl and restoring the original variable contents. This makes it possible
|
||||
dnl for a user to override configure when it does something stupid.
|
||||
dnl
|
||||
-AC_DEFUN(APR_RESTORE_THE_ENVIRONMENT,[
|
||||
+AC_DEFUN([APR_RESTORE_THE_ENVIRONMENT],[
|
||||
if test "x$apr_ste_save_$1" = "x"; then
|
||||
$2$1="$$1"
|
||||
$1=
|
||||
@@ -216,7 +216,7 @@
|
||||
dnl
|
||||
dnl Set variable iff it's currently null
|
||||
dnl
|
||||
-AC_DEFUN(APR_SETIFNULL,[
|
||||
+AC_DEFUN([APR_SETIFNULL],[
|
||||
if test -z "$$1"; then
|
||||
test "x$silent" != "xyes" && echo " setting $1 to \"$2\""
|
||||
$1="$2"
|
||||
@@ -228,7 +228,7 @@
|
||||
dnl
|
||||
dnl Set variable no matter what
|
||||
dnl
|
||||
-AC_DEFUN(APR_SETVAR,[
|
||||
+AC_DEFUN([APR_SETVAR],[
|
||||
test "x$silent" != "xyes" && echo " forcing $1 to \"$2\""
|
||||
$1="$2"
|
||||
])dnl
|
||||
@@ -238,7 +238,7 @@
|
||||
dnl
|
||||
dnl Add value to variable
|
||||
dnl
|
||||
-AC_DEFUN(APR_ADDTO,[
|
||||
+AC_DEFUN([APR_ADDTO],[
|
||||
if test "x$$1" = "x"; then
|
||||
test "x$silent" != "xyes" && echo " setting $1 to \"$2\""
|
||||
$1="$2"
|
||||
@@ -265,7 +265,7 @@
|
||||
dnl
|
||||
dnl Remove a value from a variable
|
||||
dnl
|
||||
-AC_DEFUN(APR_REMOVEFROM,[
|
||||
+AC_DEFUN([APR_REMOVEFROM],[
|
||||
if test "x$$1" = "x$2"; then
|
||||
test "x$silent" != "xyes" && echo " nulling $1"
|
||||
$1=""
|
||||
@@ -289,7 +289,7 @@
|
||||
dnl
|
||||
dnl APR_CHECK_DEFINE_FILES( symbol, header_file [header_file ...] )
|
||||
dnl
|
||||
-AC_DEFUN(APR_CHECK_DEFINE_FILES,[
|
||||
+AC_DEFUN([APR_CHECK_DEFINE_FILES],[
|
||||
AC_CACHE_CHECK([for $1 in $2],ac_cv_define_$1,[
|
||||
ac_cv_define_$1=no
|
||||
for curhdr in $2
|
||||
@@ -311,7 +311,7 @@
|
||||
dnl
|
||||
dnl APR_CHECK_DEFINE(symbol, header_file)
|
||||
dnl
|
||||
-AC_DEFUN(APR_CHECK_DEFINE,[
|
||||
+AC_DEFUN([APR_CHECK_DEFINE],[
|
||||
AC_CACHE_CHECK([for $1 in $2],ac_cv_define_$1,[
|
||||
AC_EGREP_CPP(YES_IS_DEFINED, [
|
||||
#include <$2>
|
||||
@@ -328,7 +328,7 @@
|
||||
dnl
|
||||
dnl APR_CHECK_APR_DEFINE( symbol )
|
||||
dnl
|
||||
-AC_DEFUN(APR_CHECK_APR_DEFINE,[
|
||||
+AC_DEFUN([APR_CHECK_APR_DEFINE],[
|
||||
apr_old_cppflags=$CPPFLAGS
|
||||
CPPFLAGS="$CPPFLAGS $INCLUDES"
|
||||
AC_EGREP_CPP(YES_IS_DEFINED, [
|
||||
@@ -353,7 +353,7 @@
|
||||
fi])
|
||||
])
|
||||
|
||||
-define(APR_IFALLYES,[dnl
|
||||
+define([APR_IFALLYES],[dnl
|
||||
ac_rc=yes
|
||||
for ac_spec in $1; do
|
||||
ac_type=`echo "$ac_spec" | sed -e 's/:.*$//'`
|
||||
@@ -405,7 +405,7 @@
|
||||
])
|
||||
|
||||
|
||||
-define(APR_DECISION_OVERRIDE,[dnl
|
||||
+define([APR_DECISION_OVERRIDE],[dnl
|
||||
ac_decision=''
|
||||
for ac_item in $1; do
|
||||
eval "ac_decision_this=\$ac_decision_${ac_item}"
|
||||
@@ -417,13 +417,13 @@
|
||||
])
|
||||
|
||||
|
||||
-define(APR_DECISION_FORCE,[dnl
|
||||
+define([APR_DECISION_FORCE],[dnl
|
||||
ac_decision="$1"
|
||||
eval "ac_decision_msg=\"\$ac_decision_${ac_decision}_msg\""
|
||||
])
|
||||
|
||||
|
||||
-define(APR_END_DECISION,[dnl
|
||||
+define([APR_END_DECISION],[dnl
|
||||
if test ".$ac_decision" = .; then
|
||||
echo "[$]0:Error: decision on $ac_decision_item failed" 1>&2
|
||||
exit 1
|
||||
@@ -443,7 +443,7 @@
|
||||
dnl A variant of AC_CHECK_SIZEOF which allows the checking of
|
||||
dnl sizes of non-builtin types
|
||||
dnl
|
||||
-AC_DEFUN(APR_CHECK_SIZEOF_EXTENDED,
|
||||
+AC_DEFUN([APR_CHECK_SIZEOF_EXTENDED],
|
||||
[changequote(<<,>>)dnl
|
||||
dnl The name to #define
|
||||
define(<<AC_TYPE_NAME>>, translit(sizeof_$2, [a-z *], [A-Z_P]))dnl
|
||||
@@ -515,7 +515,7 @@
|
||||
dnl string.
|
||||
dnl
|
||||
dnl
|
||||
-AC_DEFUN(APR_CHECK_STRERROR_R_RC,[
|
||||
+AC_DEFUN([APR_CHECK_STRERROR_R_RC],[
|
||||
AC_MSG_CHECKING(for type of return code from strerror_r)
|
||||
AC_TRY_RUN([
|
||||
#include <errno.h>
|
||||
@@ -550,7 +550,7 @@
|
||||
dnl structure on this platform. Single UNIX Spec says d_ino,
|
||||
dnl BSD uses d_fileno. Undef to find the real beast.
|
||||
dnl
|
||||
-AC_DEFUN(APR_CHECK_DIRENT_INODE, [
|
||||
+AC_DEFUN([APR_CHECK_DIRENT_INODE], [
|
||||
AC_CACHE_CHECK([for inode member of struct dirent], apr_cv_dirent_inode, [
|
||||
apr_cv_dirent_inode=no
|
||||
AC_TRY_COMPILE([
|
||||
@@ -588,7 +588,7 @@
|
||||
dnl Note that this is worthless without DT_xxx macros, so
|
||||
dnl look for one while we are at it.
|
||||
dnl
|
||||
-AC_DEFUN(APR_CHECK_DIRENT_TYPE,[
|
||||
+AC_DEFUN([APR_CHECK_DIRENT_TYPE],[
|
||||
AC_CACHE_CHECK([for file type member of struct dirent], apr_cv_dirent_type,[
|
||||
apr_cv_dirent_type=no
|
||||
AC_TRY_COMPILE([
|
||||
@@ -637,7 +637,7 @@
|
||||
dnl all "." and "-" chars. If the 3rd parameter is "yes" then instead of
|
||||
dnl setting to 1 or 0, we set FLAG-TO-SET to yes or no.
|
||||
dnl
|
||||
-AC_DEFUN(APR_FLAG_HEADERS,[
|
||||
+AC_DEFUN([APR_FLAG_HEADERS],[
|
||||
AC_CHECK_HEADERS($1)
|
||||
for aprt_i in $1
|
||||
do
|
||||
@@ -658,7 +658,7 @@
|
||||
dnl is "yes" then instead of setting to 1 or 0, we set FLAG-TO-SET
|
||||
dnl to yes or no.
|
||||
dnl
|
||||
-AC_DEFUN(APR_FLAG_FUNCS,[
|
||||
+AC_DEFUN([APR_FLAG_FUNCS],[
|
||||
AC_CHECK_FUNCS($1)
|
||||
for aprt_j in $1
|
||||
do
|
||||
@@ -683,7 +683,7 @@
|
||||
dnl APR_EXPAND_VAR(fraz, $baz)
|
||||
dnl $fraz is now "1/2/3"
|
||||
dnl
|
||||
-AC_DEFUN(APR_EXPAND_VAR,[
|
||||
+AC_DEFUN([APR_EXPAND_VAR],[
|
||||
ap_last=
|
||||
ap_cur="$2"
|
||||
while test "x${ap_cur}" != "x${ap_last}";
|
||||
@@ -702,7 +702,7 @@
|
||||
dnl orig_path="${prefix}/bar"
|
||||
dnl APR_PATH_RELATIVE(final_path, $orig_path, $prefix)
|
||||
dnl $final_path now contains "bar"
|
||||
-AC_DEFUN(APR_PATH_RELATIVE,[
|
||||
+AC_DEFUN([APR_PATH_RELATIVE],[
|
||||
ap_stripped=`echo $2 | sed -e "s#^$3##"`
|
||||
# check if the stripping was successful
|
||||
if test "x$2" != "x${ap_stripped}"; then
|
||||
@@ -720,12 +720,12 @@
|
||||
dnl Note: this define must be on one line so that it can be properly returned
|
||||
dnl as the help string. When using this macro with a multi-line RHS, ensure
|
||||
dnl that you surround the macro invocation with []s
|
||||
-AC_DEFUN(APR_HELP_STRING,[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING([$1],[$2]),[ ][$1] substr([ ],len($1))[$2])])
|
||||
+AC_DEFUN([APR_HELP_STRING],[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING([$1],[$2]),[ ][$1] substr([ ],len($1))[$2])])
|
||||
|
||||
dnl
|
||||
dnl APR_LAYOUT(configlayout, layoutname [, extravars])
|
||||
dnl
|
||||
-AC_DEFUN(APR_LAYOUT,[
|
||||
+AC_DEFUN([APR_LAYOUT],[
|
||||
if test ! -f $srcdir/config.layout; then
|
||||
echo "** Error: Layout file $srcdir/config.layout not found"
|
||||
echo "** Error: Cannot use undefined layout '$LAYOUT'"
|
||||
@@ -781,7 +781,7 @@
|
||||
dnl
|
||||
dnl APR_ENABLE_LAYOUT(default layout name [, extra vars])
|
||||
dnl
|
||||
-AC_DEFUN(APR_ENABLE_LAYOUT,[
|
||||
+AC_DEFUN([APR_ENABLE_LAYOUT],[
|
||||
AC_ARG_ENABLE(layout,
|
||||
[ --enable-layout=LAYOUT],[
|
||||
LAYOUT=$enableval
|
||||
@@ -802,7 +802,7 @@
|
||||
dnl a reimplementation of autoconf's argument parser,
|
||||
dnl used here to allow us to co-exist layouts and argument based
|
||||
dnl set ups.
|
||||
-AC_DEFUN(APR_PARSE_ARGUMENTS,[
|
||||
+AC_DEFUN([APR_PARSE_ARGUMENTS],[
|
||||
ac_prev=
|
||||
for ac_option
|
||||
do
|
||||
@@ -924,7 +924,7 @@
|
||||
dnl
|
||||
dnl Determine what program we can use to generate .deps-style dependencies
|
||||
dnl
|
||||
-AC_DEFUN(APR_CHECK_DEPEND,[
|
||||
+AC_DEFUN([APR_CHECK_DEPEND],[
|
||||
dnl Try to determine what depend program we can use
|
||||
dnl All GCC-variants should have -MM.
|
||||
dnl If not, then we can check on those, too.
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2ad8d0db1e478838ba88a0ddaf538c7150027d937b017739fdcb3fabb96ebd39
|
||||
size 4799055
|
3
httpd-2.2.9.tar.bz2
Normal file
3
httpd-2.2.9.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d76599fbcf8b3bcff2779f880fb10e4a2bc4af60f64232083c06863e40850b61
|
||||
size 4943462
|
@ -1,27 +0,0 @@
|
||||
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c 2008/05/07 14:16:38 654118
|
||||
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c 2008/05/07 14:17:31 654119
|
||||
@@ -218,17 +218,18 @@
|
||||
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
|
||||
ENGINE_cleanup();
|
||||
#endif
|
||||
-#ifdef HAVE_OPENSSL
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x00907001
|
||||
- CRYPTO_cleanup_all_ex_data();
|
||||
-#endif
|
||||
-#endif
|
||||
ERR_remove_state(0);
|
||||
|
||||
/* Don't call ERR_free_strings here; ERR_load_*_strings only
|
||||
* actually load the error strings once per process due to static
|
||||
* variable abuse in OpenSSL. */
|
||||
|
||||
+ /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
|
||||
+ * ex_data indices may have been cached in static variables in
|
||||
+ * OpenSSL; removing them may cause havoc. Notably, with OpenSSL
|
||||
+ * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which
|
||||
+ * could result in a per-connection memory leak (!). */
|
||||
+
|
||||
/*
|
||||
* TODO: determine somewhere we can safely shove out diagnostics
|
||||
* (when enabled) at this late stage in the game:
|
||||
|
20
rc.apache2
20
rc.apache2
@ -12,15 +12,15 @@
|
||||
# /etc/init.d/apache2
|
||||
#
|
||||
### BEGIN INIT INFO
|
||||
# Provides: apache2 httpd2
|
||||
# Provides: apache apache2 httpd
|
||||
# Required-Start: $local_fs $remote_fs $network
|
||||
# Should-Start: $named $time postgresql sendmail mysql ypclient dhcp radiusd
|
||||
# Required-Stop: $local_fs $remote_fs $network
|
||||
# Should-Stop: $named $time postgresql sendmail mysql ypclient dhcp radiusd
|
||||
# Required-Stop: $local_fs $remote_fs $network
|
||||
# Default-Start: 3 5
|
||||
# Default-Stop: 0 1 2 6
|
||||
# Short-Description: Apache 2.2 httpd
|
||||
# Description: Start the httpd daemon Apache
|
||||
# Short-Description: Apache 2.2 HTTP Server
|
||||
# Description: Start the Apache HTTP daemon
|
||||
### END INIT INFO
|
||||
|
||||
pname=apache2
|
||||
@ -34,6 +34,18 @@ pname=apache2
|
||||
#
|
||||
# load the configuration
|
||||
#
|
||||
|
||||
#
|
||||
# Note about ulimits:
|
||||
# if you want to set ulimits, e.g. to increase the max number of open file handle,
|
||||
# or to allow core files, you can do so by editing /etc/sysconfig/apache2 and
|
||||
# simply write the ulimit commands into that file.
|
||||
# Example:
|
||||
# ulimit -n 16384
|
||||
# ulimit -H -n 16384
|
||||
# ulimit -c unlimited
|
||||
# See the output of "help ulimit" in the bash, or "man 1 ulimit".
|
||||
#
|
||||
test -s /etc/rc.status && . /etc/rc.status && rc_reset
|
||||
|
||||
. /usr/share/$pname/load_configuration
|
||||
|
@ -112,6 +112,16 @@ APACHE_SERVER_FLAGS=""
|
||||
# (if not set, /etc/apache2/httpd.conf is used.)
|
||||
# It is unusual to need to use this setting.
|
||||
#
|
||||
# Note about ulimits:
|
||||
# if you want to set ulimits, e.g. to increase the max number of open file handle,
|
||||
# or to allow core files, you can do so by editing /etc/sysconfig/apache2 and
|
||||
# simply write the ulimit commands into that file.
|
||||
# Example:
|
||||
# ulimit -n 16384
|
||||
# ulimit -H -n 16384
|
||||
# ulimit -c unlimited
|
||||
# See the output of "help ulimit" in the bash, or "man 1 ulimit".
|
||||
#
|
||||
APACHE_HTTPD_CONF=""
|
||||
|
||||
## Type: list(prefork,worker)
|
||||
@ -252,20 +262,4 @@ APACHE_SERVERTOKENS="OS"
|
||||
#
|
||||
APACHE_EXTENDED_STATUS="off"
|
||||
|
||||
## Type: list(on,off)
|
||||
## Default: "off"
|
||||
## ServiceRestart: apache2
|
||||
#
|
||||
# Enable buffered logging
|
||||
#
|
||||
APACHE_BUFFERED_LOGS="off"
|
||||
|
||||
## Type: integer
|
||||
## Default: 300
|
||||
## ServiceReload: apache2
|
||||
#
|
||||
# Timeout: The number of seconds before receives and sends time out.
|
||||
# It is a server wide setting.
|
||||
#
|
||||
APACHE_TIMEOUT="300"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user