pool/apache2
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=17

Browse Source
This commit is contained in:
OBS User unknown 2008-03-14 16:21:15 +00:00 committed by Git OBS Bridge
parent 87a967cbca
commit 3359cfe336
8 changed files with 170 additions and 722 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
apache2-mod_cache-CVE-2007-1863.patch
View File

@ -1,89 +0,0 @@
Index: modules/cache/cache_util.c
================================================================================
--- CHANGES
+++ CHANGES
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.3
+ *) SECURITY: CVE-2007-1863 (cve.mitre.org)
+ mod_cache: Prevent segmentation fault if a Cache-Control header has
+ no value [Niklas Edmundsson]
+
*) SECURITY: CVE-2006-3747 (cve.mitre.org)
mod_rewrite: Fix an off-by-one security problem in the ldap scheme
handling. For some RewriteRules this could lead to a pointer being
--- modules/cache/cache_util.c
+++ modules/cache/cache_util.c
@@ -231,7 +231,8 @@
age = ap_cache_current_age(info, age_c, r->request_time);
/* extract s-maxage */
- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) {
+ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)
+ && val != NULL) {
smaxage = apr_atoi64(val);
}
else {
@@ -240,7 +241,8 @@
/* extract max-age from request */
if (!conf->ignorecachecontrol
- && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) {
+ && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)
+ && val != NULL) {
maxage_req = apr_atoi64(val);
}
else {
@@ -248,7 +250,8 @@
}
/* extract max-age from response */
- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) {
+ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)
+ && val != NULL) {
maxage_cresp = apr_atoi64(val);
}
else {
@@ -270,7 +273,20 @@
/* extract max-stale */
if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) {
- maxstale = apr_atoi64(val);
+ if(val != NULL) {
+ maxstale = apr_atoi64(val);
+ }
+ else {
+ /*
+ * If no value is assigned to max-stale, then the client is willing
+ * to accept a stale response of any age (RFC2616 14.9.3). We will
+ * set it to one year in this case as this situation is somewhat
+ * similar to a "never expires" Expires header (RFC2616 14.21)
+ * which is set to a date one year from the time the response is
+ * sent in this case.
+ */
+ maxstale = APR_INT64_C(86400*365);
+ }
}
else {
maxstale = 0;
@@ -278,7 +294,8 @@
/* extract min-fresh */
if (!conf->ignorecachecontrol
- && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) {
+ && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)
+ && val != NULL) {
minfresh = apr_atoi64(val);
}
else {
@@ -407,6 +424,9 @@
next - val_start);
}
}
+ else {
+ *val = NULL;
+ }
}
return 1;
}

40
apache2-mod_status-CVE-2006-5752.patch
View File

@ -1,40 +0,0 @@
--- modules/generators/mod_status.c 2007/06/20 17:22:08 549158
+++ modules/generators/mod_status.c 2007/06/20 17:29:24 549159
@@ -270,7 +270,7 @@
if (r->method_number != M_GET)
return DECLINED;
- ap_set_content_type(r, "text/html");
+ ap_set_content_type(r, "text/html; charset=ISO-8859-1");
/*
* Simple table-driven form data set parser that lets you alter the header
@@ -299,7 +299,7 @@
no_table_report = 1;
break;
case STAT_OPT_AUTO:
- ap_set_content_type(r, "text/plain");
+ ap_set_content_type(r, "text/plain; charset=ISO-8859-1");
short_report = 1;
break;
}
@@ -673,7 +673,8 @@
ap_escape_html(r->pool,
ws_record->client),
ap_escape_html(r->pool,
- ws_record->request),
+ ap_escape_logitem(r->pool,
+ ws_record->request)),
ap_escape_html(r->pool,
ws_record->vhost));
}
@@ -763,7 +764,8 @@
ap_escape_html(r->pool,
ws_record->vhost),
ap_escape_html(r->pool,
- ws_record->request));
+ ap_escape_logitem(r->pool,
+ ws_record->request)));
} /* no_table_report */
} /* for (j...) */
} /* for (i...) */

10
apache2.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Fri Mar 14 15:28:13 CET 2008 - skh@suse.de
- update to upstream 2.2.8 --> see CHANGES in package for details
- removed obsolete patches:
- apache2-mod_cache-CVE-2007-1863.patch
- apache2-mod_status-CVE-2006-5752.patch
- httpd-2.2.4-mod_autoindex-charset-r570962.patch
- httpd-2.2.x.doublefree.patch
-------------------------------------------------------------------
Thu Dec 13 16:58:03 CET 2007 - ro@suse.de

314
apache2.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package apache2 (Version 2.2.4)
# spec file for package apache2 (Version 2.2.8)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@ -10,6 +10,7 @@
# norootforbuild
Name: apache2
BuildRequires: db-devel ed libapr-util1-devel libapr1-devel openldap2 openldap2-devel
BuildRequires: openssl-devel pcre-devel zlib-devel
@ -53,9 +54,9 @@ BuildRequires: expat-devel
%define platform_string Linux/%VENDOR
License: The Apache Software License
Group: Productivity/Networking/Web/Servers
%define realver 2.2.4
Version: 2.2.4
Release: 88
%define realver 2.2.8
Version: 2.2.8
Release: 1
#Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2
Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2
Source10: SUSE-NOTICE
@ -106,11 +107,7 @@ Patch23: httpd-2.1.9-apachectl.dif
Patch65: httpd-2.0.49-log_server_status.dif
Patch66: httpd-2.0.54-envvars.dif
Patch67: httpd-2.2.0-apxs-a2enmod.dif
Patch68: httpd-2.2.4-mod_autoindex-charset-r570962.patch
Patch69: httpd-2.2.x.doublefree.patch
Patch150: mod_dbd.c-issue18989-autoconnect.dif
Patch151: apache2-mod_status-CVE-2006-5752.patch
Patch152: apache2-mod_cache-CVE-2007-1863.patch
Url: http://httpd.apache.org/
Icon: Apache.xpm
Summary: The Apache Web Server Version 2.0
@ -325,10 +322,6 @@ Authors:
%patch65 -p1
%patch66 -p1
%patch67 -p1
%patch68 -p0
%patch69 -p0
%patch151 -p0
%patch152 -p0
cp -p %{S:150} modules/database/mod_dbd.c
#%patch150 -p0
#
@ -1033,13 +1026,20 @@ if ! test -f /.buildenv; then
fi
%changelog
* Thu Dec 13 2007 - ro@suse.de
* Fri Mar 14 2008 skh@suse.de
- update to upstream 2.2.8 --> see CHANGES in package for details
- removed obsolete patches:
- apache2-mod_cache-CVE-2007-1863.patch
- apache2-mod_status-CVE-2006-5752.patch
- httpd-2.2.4-mod_autoindex-charset-r570962.patch
- httpd-2.2.x.doublefree.patch
* Thu Dec 13 2007 ro@suse.de
- remove sysconf_addword, now in aaa_base (#328599)
* Mon Oct 22 2007 - sbrabec@suse.cz
* Mon Oct 22 2007 sbrabec@suse.cz
- Use correct SuSEfirewall2 rule directory.
* Mon Sep 03 2007 - skh@suse.de
* Mon Sep 03 2007 skh@suse.de
- get_module_list: replace loadmodule.conf atomically [bnc #214863]
* Fri Aug 31 2007 - poeml@suse.de
* Fri Aug 31 2007 poeml@suse.de
- replace httpd-2.2.3-AddDirectoryIndexCharset.patch with the upstream
solution, httpd-2.2.4-mod_autoindex-charset-r570962.patch [#153557]
(backport from 2.2.6)
@ -1049,51 +1049,51 @@ fi
http://issues.apache.org/bugzilla/show_bug.cgi?id=42105
This means that the AddDirectoryIndexCharset is no longer
available. Instead, IndexOptions Charset=xyz can be used.
* Fri Aug 31 2007 - poeml@suse.de
* Fri Aug 31 2007 poeml@suse.de
- remove libexpat-devel in the build service version of the package
- apply apache2-mod_cache-CVE-2007-1863.patch (patch 152) in the
buildservice package
- don't apply mod_dbd.c-issue18989-autoconnect.dif, since it
patches only modules/database/mod_dbd.c which is replaced with
trunk version anyway
* Thu Aug 23 2007 - mskibbe@suse.de
* Thu Aug 23 2007 mskibbe@suse.de
- Bug 289996 - VUL-0: mod_status XSS in public server status page
- Bug 289997 - VUL-0: apache2: mod_cache remote denial of service
* Wed Jul 18 2007 - skh@suse.de
* Wed Jul 18 2007 skh@suse.de
- split off apache2-utils subpackage, containing all helper tools that
are useful for system administrators in general (b.n.c. #272292 and
FATE #302059)
* Thu Mar 29 2007 - dmueller@suse.de
* Thu Mar 29 2007 dmueller@suse.de
- add zlib-devel to BuildRequires
* Fri Mar 23 2007 - poeml@suse.de
* Fri Mar 23 2007 poeml@suse.de
- add mod_dbd.c from trunk (r512038), the version we run ourselves
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/database/mod_dbd.c?view=log
- add mod_dbd.c-issue18989-autoconnect.dif, but disabled. It
applies to 2.2.4 mod_dbd.c but not to the trunk version
- build mod_version
- fix documentation link in apache2-httpd.conf
* Tue Mar 20 2007 - mskibbe@suse.de
* Tue Mar 20 2007 mskibbe@suse.de
- add firewall file for ssl (#246929)
* Mon Mar 19 2007 - mskibbe@suse.de
* Mon Mar 19 2007 mskibbe@suse.de
- Apache - Support for FATE #300687: Ports for SuSEfirewall added
via packages (#246929)
* Fri Jan 26 2007 - poeml@suse.de
* Fri Jan 26 2007 poeml@suse.de
- the QUICKSTART Readmes have been moved to
http://www.opensuse.org/Apache
* Mon Jan 22 2007 - poeml@suse.de
* Mon Jan 22 2007 poeml@suse.de
- point out better in README.QUICKSTART.SSL that a vhost needs to
be created
- fixes to README.QUICKSTART.WebDAV
- updated email addresses (now there is apache@suse.de)
* Sat Jan 20 2007 - poeml@suse.de
* Sat Jan 20 2007 poeml@suse.de
- add httpd-2.2.x.doublefree.patch, backport of
http://svn.apache.org/viewvc?diff_format=h&view=rev&revision=496831
See http://issues.apache.org/bugzilla/show_bug.cgi?id=39985
* Thu Jan 18 2007 - poeml@suse.de
* Thu Jan 18 2007 poeml@suse.de
- create debuginfo package in the buildservice
* Fri Jan 12 2007 - mskibbe@suse.de
* Fri Jan 12 2007 mskibbe@suse.de
- change path to service cml document (fate #301708)
* Tue Jan 09 2007 - poeml@suse.de
* Tue Jan 09 2007 poeml@suse.de
- upstream 2.2.4
mod_authnz_ldap:
- Add an AuthLDAPRemoteUserAttribute directive. If set,
@ -1208,29 +1208,29 @@ fi
terminated by the ldap server. PR 40878.
- rotatelogs: Improve error message for open failures. PR
39487.
* Mon Jan 08 2007 - mskibbe@suse.de
* Mon Jan 08 2007 mskibbe@suse.de
- Apache XML Service Description Document (fate #301708)
* Thu Dec 21 2006 - poeml@suse.de
* Thu Dec 21 2006 poeml@suse.de
- add patch to add charset=utf-8 to directory listings generated by
mod_autoindex, and add a directive to allow overriding the
charset (testing, needs to be discussed with upstream) [#153557]
httpd-2.2.3-AddDirectoryIndexCharset.patch
* Wed Dec 20 2006 - poeml@suse.de
* Wed Dec 20 2006 poeml@suse.de
- set a proper HOME (/var/lib/apache2), otherwise the server might
end up HOME=/root and some script might try to use that [#132769]
- add two notes to the QUICKSTART readmes
- don't install /etc/apache2/extra configuration since this is only
serving as an example and installed with the documentation anyway
* Tue Sep 26 2006 - poeml@suse.de
* Tue Sep 26 2006 poeml@suse.de
- add rpm macro for suexec_safepath
- use _bindir/_sbindir in a few places [#202355]
- remove unused /sbin/conf.d directory from build root
* Thu Aug 31 2006 - poeml@suse.de
* Thu Aug 31 2006 poeml@suse.de
- Enable fatal exception hook for use by diagnostic modules.
* Tue Aug 29 2006 - poeml@suse.de
* Tue Aug 29 2006 poeml@suse.de
- move some binaries, where calling by users makes sense (dbmmanage
htdbm htdigest htpasswd), from /usr/sbin to /usr/bin [#140133]
* Wed Aug 09 2006 - poeml@suse.de
* Wed Aug 09 2006 poeml@suse.de
- upstream 2.2.3
|SECURITY: CVE-2006-3747 (cve.mitre.org)
| mod_rewrite: Fix an off-by-one security problem in the ldap scheme
@ -1270,16 +1270,16 @@ fi
| - Respect GracefulShutdownTimeout in the worker and event MPMs.
| - configure: Add "--with-included-apr" flag to force use of
| the bundled version of APR at build time.
* Tue Jul 04 2006 - poeml@suse.de
* Tue Jul 04 2006 poeml@suse.de
- a2enmod, a2enflag: add /usr/sbin to PATH so sysconf_addword is
found
* Fri Jun 23 2006 - poeml@suse.de
* Fri Jun 23 2006 poeml@suse.de
- fix typo in apache-20-22-upgrade script: mod_image_map ->
mod_imagemap
* Mon Jun 12 2006 - poeml@suse.de
* Mon Jun 12 2006 poeml@suse.de
- enable logresolve processing of lines longer than 1024 characters
by compiling with MAXLINE=4096 [#162806]
* Fri Jun 09 2006 - poeml@suse.de
* Sat Jun 10 2006 poeml@suse.de
- upstream 2.2.2
| SECURITY: CVE-2005-3357 (cve.mitre.org)
| mod_ssl: Fix a possible crash during access control checks
@ -1378,28 +1378,28 @@ fi
* add openssl-devel and expat-devel to Buildrequires for non-SUSE builds
* make sure that the rpm macro sles_version is defined
* remove obsolete VENDOR UnitedLinux macro
* Tue Apr 25 2006 - poeml@suse.de
* Tue Apr 25 2006 poeml@suse.de
- obsolete 'apache' package on SLES10 (obsolete it on all platforms
except SLES9 and old SL releases)
* Wed Mar 29 2006 - poeml@suse.de
* Wed Mar 29 2006 poeml@suse.de
- remove php4 from default modules [#155333]
- fix comment in /etc/init.d/apache2 [#148559]
* Mon Feb 20 2006 - poeml@suse.de
* Mon Feb 20 2006 poeml@suse.de
- fixed comment in init script which indicated wrong version [#148559]
* Mon Jan 30 2006 - poeml@suse.de
* Mon Jan 30 2006 poeml@suse.de
- added Requires: libapr-util1-devel to apache2-devel package [#146496]
* Fri Jan 27 2006 - poeml@suse.de
* Fri Jan 27 2006 poeml@suse.de
- add a note about NameVirtualHost statements to the vhost template
files [#145000]
* Wed Jan 25 2006 - mls@suse.de
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Fri Jan 20 2006 - poeml@suse.de
* Fri Jan 20 2006 poeml@suse.de
- cleanup: remove obsolete metuxmpm patch
- improve informational text in apache-20-22-upgrade
* Wed Jan 18 2006 - poeml@suse.de
* Wed Jan 18 2006 poeml@suse.de
- the new DYNAMIC_MODULE_LIMIT default in 2.2 is 128, so no need to
increase it anymore (fixes [#143536])
* Mon Dec 19 2005 - poeml@suse.de
* Mon Dec 19 2005 poeml@suse.de
- update to 2.2.0
- enable all new modules
- replaced modules "auth auth_dbm access" in default configuration
@ -1420,7 +1420,7 @@ fi
- adjust IndexIgnore setting to upstream default. Previously, the
parent directory (..) was being ignored
- package the symlinks in ssl.crt
* Wed Dec 07 2005 - poeml@suse.de
* Wed Dec 07 2005 poeml@suse.de
- patch apxs to use the new a2enmod tool, when called with -a
- add -l option to a2enmod, which gives a list of active modules
- adjust feedback address in the readmes
@ -1430,9 +1430,9 @@ fi
should not be used
- don't install the tool checkgid -- it is only usable during
installation
* Fri Nov 18 2005 - poeml@suse.de
* Fri Nov 18 2005 poeml@suse.de
- fix duplicated Source45 tag
* Mon Oct 24 2005 - poeml@suse.de
* Mon Oct 24 2005 poeml@suse.de
- update to 2.0.55. Relevant changes:
| SECURITY: CAN-2005-2700 (cve.mitre.org)
| mod_ssl: Fix a security issue where "SSLVerifyClient" was
@ -1522,19 +1522,19 @@ fi
httpd-2.0.54-SSLVerifyClient-CAN-2005-2700.diff
httpd-2.0.54-ap_byterange-CAN-2005-2728.diff
- add httpd-2.0.55-37145_2.0.x.diff (broken mod_proxy in 2.0.55)
* Thu Oct 20 2005 - poeml@suse.de
* Thu Oct 20 2005 poeml@suse.de
- rc.apache2: when stopping the server, wait for the actual binary
of the parent process to disappear. Waiting for the pid file to
disappear is not sufficient, because not all cleanup might be
finished at the time of its removal. [#96492], [#85539]
* Wed Oct 12 2005 - poeml@suse.de
* Wed Oct 12 2005 poeml@suse.de
- fix security hole by wrongly initializing LD_LIBRARY_PATH in
/usr/sbin/envvars (used by apache2ctl only) [#118188]
* Fri Sep 30 2005 - poeml@suse.de
* Fri Sep 30 2005 poeml@suse.de
- accomodate API changes to OpenSSL 0.9.8 (r209468 from 2.0.x branch)
* Mon Sep 26 2005 - ro@suse.de
* Mon Sep 26 2005 ro@suse.de
- define LDAP_DEPRECATED in CFLAGS
* Fri Sep 02 2005 - poeml@suse.de
* Fri Sep 02 2005 poeml@suse.de
- security fix [CAN-2005-2728 (cve.mitre.org)]:
fix memory consumption bug in byterange handling
- security fix [CAN-2005-2700 (cve.mitre.org)]: [#114701]
@ -1542,20 +1542,20 @@ fi
context then "SSLVerifyClient require" is not enforced in a
location context within that vhost; effectively allowing clients
to bypass client-cert authentication checks. [#114701]
* Wed Aug 31 2005 - poeml@suse.de
* Wed Aug 31 2005 poeml@suse.de
- Security fix: fix integer overflows in PCRE in quantifier parsing which
could be triggered by a local user through use of a carefully-crafted
regex in an .htaccess file. CAN-2005-2491 [#112651] [#106209]
* Tue Aug 30 2005 - lmuelle@suse.de
* Tue Aug 30 2005 lmuelle@suse.de
- Escape also any forward slash while removing a word with sysconf_addword.
* Fri Aug 26 2005 - lmuelle@suse.de
* Fri Aug 26 2005 lmuelle@suse.de
- Escape any forward slash in the word argument of sysconf_addword.
* Sun Aug 14 2005 - ro@suse.de
* Sun Aug 14 2005 ro@suse.de
- alingn suexec2 permissions with permissions.secure
* Thu Aug 11 2005 - poeml@suse.de
* Thu Aug 11 2005 poeml@suse.de
- the permissions files are now maintained centrally and packaged
in the permissions package. Package suexec2 with mode 0750. [#66304]
* Fri Aug 05 2005 - poeml@suse.de
* Fri Aug 05 2005 poeml@suse.de
- change SSLMutex "default" so APR always picks the best on the
platform
- fix Source42 tag which was present twice
@ -1563,7 +1563,7 @@ fi
- add charset.conv table for mod_auth_ldap
- make sure that suse_version is defined (it might be unset by e.g.
ISPs preinstallations)
* Tue Jul 12 2005 - poeml@suse.de
* Wed Jul 13 2005 poeml@suse.de
- security fix [CAN-2005-2088 (cve.mitre.org)]: core: If a request
contains both Transfer-Encoding and a Content-Length, remove the
Content-Length, stopping some HTTP Request smuggling attacks.
@ -1572,10 +1572,10 @@ fi
off-by-one overflow whilst printing CRL information at "LogLevel
debug" which could be triggered if configured to use a
"malicious" CRL. PR 35081. [#95709]
* Mon Jun 20 2005 - poeml@suse.de
* Mon Jun 20 2005 poeml@suse.de
- add httpd-2.0.47-pie.patch from from 2.1.3-dev to compile with
-fpie and link with -pie
* Wed May 18 2005 - poeml@suse.de
* Wed May 18 2005 poeml@suse.de
- update to 2.0.54. Relevant changes:
| mod_cache:
| - Add CacheIgnoreHeaders directive. PR 30399.
@ -1597,9 +1597,9 @@ fi
| instead of creating a new brigade. This stop a memory leak
| when proxying a Streaming Media Server. PR 33382.
| - htdigest: Fix permissions of created files. PR 33765.
* Mon Mar 14 2005 - poeml@suse.de
* Mon Mar 14 2005 poeml@suse.de
- revise README
* Mon Mar 07 2005 - poeml@suse.de
* Mon Mar 07 2005 poeml@suse.de
- when building the suexec binary, set the "docroot" compile time
option to the datadir (/srv/www) instead of the htdocsdir
(/srv/www/htdocs), so it can be used with virtual hosts placed
@ -1619,21 +1619,21 @@ fi
use it
- drop patch httpd-2.0.40-openssl-version.dif (we don't even have
openssl-0.9.6e anywhere, any longer)
* Wed Mar 02 2005 - poeml@suse.de
* Wed Mar 02 2005 poeml@suse.de
- fix TLS upgrade patch: with SSLEngine set to Optional, an
additional token in an Upgrade: header before "TLS/1.0" could
result into an infinite loop [#67126]
* Tue Feb 22 2005 - poeml@suse.de
* Tue Feb 22 2005 poeml@suse.de
- run /usr/share/apache2/get_module_list post install, which will
also create the symlink to the httpd2 binary, which might be
necessary during package building when apache has been installed
but never been run.
* Mon Feb 21 2005 - poeml@suse.de
* Mon Feb 21 2005 poeml@suse.de
- remove SuSEconfig.apache2
* Fri Feb 11 2005 - poeml@suse.de
* Fri Feb 11 2005 poeml@suse.de
- raise DYNAMIC_MODULE_LIMIT to 80. The test suite loading all
available modules plus 9 perl modules was beginning to fail
* Wed Feb 09 2005 - poeml@suse.de
* Wed Feb 09 2005 poeml@suse.de
- update to 2.0.53. Relevant changes:
| SECURITY: CAN-2004-0942 (cve.mitre.org)
| Fix for memory consumption DoS in handling of MIME folded request
@ -1731,13 +1731,13 @@ fi
- sync configuration with upstream changes
* Remove AddDefaultCharset (see upstream changelog above)
* LanguagePriority for error documents updated
* Sat Jan 15 2005 - schwab@suse.de
* Sat Jan 15 2005 schwab@suse.de
- Use <owner>:<group> in permissions file.
* Tue Jan 11 2005 - schwab@suse.de
* Tue Jan 11 2005 schwab@suse.de
- Fix /etc/init.d/apache2 to use readlink instead of linkto or file.
* Mon Nov 29 2004 - hvogel@suse.de
* Mon Nov 29 2004 hvogel@suse.de
- fix permission handling
* Thu Nov 11 2004 - poeml@suse.de
* Thu Nov 11 2004 poeml@suse.de
- fix /etc/init.d/apache2 to correctly handle the start of multiple
instances of the same binary (using startproc -f plus prior check
for running instance) [#48153]
@ -1747,12 +1747,12 @@ fi
- removed backward compatibility code for pre-8.0
- add documentation to the vhost template files and
README.QUICKSTART
* Mon Nov 08 2004 - poeml@suse.de
* Mon Nov 08 2004 poeml@suse.de
- security fix [CAN-2004-0942 (cve.mitre.org)]: Fix for memory
consumption DoS [#47967]
* Thu Nov 04 2004 - poeml@suse.de
* Thu Nov 04 2004 poeml@suse.de
- remove heimdal-devel from #neededforbuild, it is not needed
* Fri Oct 15 2004 - poeml@suse.de
* Fri Oct 15 2004 poeml@suse.de
- fix SSLCipherSuite bypass CAN-2004-0885 (cve.mitre.org) [#47117]
- update the TLS upgrade patch [#47207]
- mod_ssl returned invalid method on TLS upgraded connections
@ -1769,15 +1769,15 @@ fi
configured with incomplete client cert keypair, rather than
segfaulting at runtime. PR 24030
http://cvs.apache.org/viewcvs/httpd-2.0/modules/ssl/ssl_engine_init.c.diff?r1=1.118&r2=1.119
* Mon Oct 11 2004 - poeml@suse.de
* Mon Oct 11 2004 poeml@suse.de
- add patch fixing re-linking issue when purging elements from the
LDAP cache. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24801
http://www.apache.org/dist/httpd/patches/apply_to_2.0.52/util_ldap_cache_mgr.c.patch
* Mon Oct 11 2004 - poeml@suse.de
* Mon Oct 11 2004 poeml@suse.de
- sync update configuration with upstream changes (2.0.52)
(mostly comments; configuration for spanish manual added)
- add mime type for shortcut icons (favicon.ico)
* Fri Oct 08 2004 - poeml@suse.de
* Fri Oct 08 2004 poeml@suse.de
- update to 2.0.52. Relevant changes:
| SECURITY: CAN-2004-0811 (cve.mitre.org)
| Fix merging of the Satisfy directive, which was applied to
@ -1912,26 +1912,26 @@ fi
httpd-2.0.50-CAN-2004-0786-apr_uri_parse-IPv6-address-validation.dif
httpd-2.0.50-CAN-2004-0809-mod_dav-crash.dif
- httpd-2.0.45-anon-mmap.dif included upstream
* Tue Sep 14 2004 - poeml@suse.de
* Tue Sep 14 2004 poeml@suse.de
- security fix [CAN-2004-0809 (cve.mitre.org)]: fix possible DoS in
mod_dav by remotely triggerable null-pointer dereference
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=31183 [#45231]
- fix hint about vhost checking in the SSL readme
* Wed Sep 08 2004 - poeml@suse.de
* Wed Sep 08 2004 poeml@suse.de
- security fix [CAN-2004-0786 (cve.mitre.org)]: fix a vulnerability
in the apr-util library (lacking input validation on IPv6 literal
addresses in the apr_uri_parse function [#44736]
- security fix [CAN-2004-0747 (cve.mitre.org)]: fix a buffer
overflow that can occur when expanding ${ENVVAR} constructs in
.htaccess or httpd.conf files. [#44736]
* Mon Sep 06 2004 - poeml@suse.de
* Mon Sep 06 2004 poeml@suse.de
- rename check_forensic script to avoid clash with apache 1.3.x
package
* Fri Aug 27 2004 - poeml@suse.de
* Fri Aug 27 2004 poeml@suse.de
- implement action "startssl" in the init script. [#42365]
- add /usr/bin/check_forensic script to evaluate mod_log_forensic logs.
- disable building of leader and metuxmpm MPMs.
* Wed Aug 25 2004 - poeml@suse.de
* Wed Aug 25 2004 poeml@suse.de
- security fix [CAN-2004-0748 (cve.mitre.org)]: fix a potential
infinite loop in the SSL input filter which can be triggered by
an aborted connection
@ -1941,7 +1941,7 @@ fi
response to request which is proxied to a remote SSL server
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134 [#44103]
- remove the obsolete notify message on package update
* Thu Jul 08 2004 - poeml@suse.de
* Thu Jul 08 2004 poeml@suse.de
- update to 2.0.50. Relevant changes:
| SECURITY: CAN-2004-0493 (cve.mitre.org)
| Close a denial of service vulnerability identified by Georgi
@ -2052,44 +2052,44 @@ fi
| different requests.
- drop obsolete patches
- change vendor string SuSE -> SUSE
* Tue Jun 29 2004 - poeml@suse.de
* Tue Jun 29 2004 poeml@suse.de
- security fix [CAN-2004-0493 (cve.mitre.org)]: fix Denial of
Service vulnaribility which could lead to memory exhaustion with
certain input data. [#42566]
* Fri Jun 18 2004 - poeml@suse.de
* Fri Jun 18 2004 poeml@suse.de
- package forgotten CHANGES file
- package apr and apr-util documentation files
- fix log_server_status2 to use perl's Socket module
* Wed May 19 2004 - poeml@suse.de
* Wed May 19 2004 poeml@suse.de
- security fix for mod_ssl: fix buffer overflow in
ssl_util_uuencode() [#40791]
* Wed Apr 28 2004 - poeml@suse.de
* Wed Apr 28 2004 poeml@suse.de
- add TLS upgrade patch [#39449]
- add patch to allow writing log files larger than 2>GB [#39453]
- obsolete apache and mod_ssl versions only when older than what is
shipped with 9.1
- don't provide mod_ssl
* Fri Apr 02 2004 - cschum@suse.de
* Fri Apr 02 2004 cschum@suse.de
- Add "suse_help_viewer" provides [#37932]
* Mon Mar 29 2004 - poeml@suse.de
* Mon Mar 29 2004 poeml@suse.de
- provide and obsolete packages apache, mod_ssl, apache-doc and
apache-example-pages [#37084]
* Mon Mar 22 2004 - poeml@suse.de
* Mon Mar 22 2004 poeml@suse.de
- disable large file support by not building with _FILE_OFFSET_BITS=64,
in favour of retaining a binary compatible module API.
Therefore, do not change the module magic number. LFS can be
enabled by building via rpmbuild --define 'build_with_LFS 1'
* Thu Mar 18 2004 - poeml@suse.de
* Thu Mar 18 2004 poeml@suse.de
- update to proposed 2.0.49 tarball
- mod_cgid: Fix storage corruption caused by use of incorrect pool.
- docs update
- remove APACHE_DOCUMENT_ROOT from sysconfig.apache2 [#32635]
- fix a comment in default-server.conf
- remove obsolete ssl_scache_cleanup support script and ftok helper
* Tue Mar 16 2004 - poeml@suse.de
* Tue Mar 16 2004 poeml@suse.de
- change mmn in header file as well, for modules that include it
from there
* Mon Mar 15 2004 - poeml@suse.de
* Mon Mar 15 2004 poeml@suse.de
- update to 2.0.49-rc2. Relevant changes:
| The whole codebase was relicensed and is now available under the
| Apache License, Version 2.0 (http://www.apache.org/licenses).
@ -2278,7 +2278,7 @@ fi
[#34178]
- add modifications to the code to the NOTICE file as required by
the new license
* Fri Feb 27 2004 - poeml@suse.de
* Fri Feb 27 2004 poeml@suse.de
- compile with -DSSL_EXPERIMENTAL_ENGINE to allow usage of hardware
crypto accelerators
- compile with -DMAX_SERVER_LIMIT=200000
@ -2296,21 +2296,21 @@ fi
VirtualHost container
- update metuxmpm patch to r7
- fix test run as non-root
* Tue Jan 13 2004 - schwab@suse.de
* Tue Jan 13 2004 schwab@suse.de
- Fix quoting in autoconf macros.
* Sat Dec 13 2003 - poeml@suse.de
* Sat Dec 13 2003 poeml@suse.de
- add changes to gensslcert from Volker Kuhlmann [#31803]
- revert default character set from UTF-8 to ISO-8859-1, and revert
the misleading comment that talked about filenames while it is
all about content of the files
* Tue Nov 18 2003 - poeml@suse.de
* Tue Nov 18 2003 poeml@suse.de
- add a ServerLimit directive to server-tuning.conf, so it's
already in the right place if someone needs to tweak it [#32852]
* Fri Nov 07 2003 - poeml@suse.de
* Fri Nov 07 2003 poeml@suse.de
- mark apache2-manual.conf in %%files doc as %%config
- wrap directives specific to the mod_negotiation module into an
<IfModule> block [#32848]
* Thu Oct 30 2003 - poeml@suse.de
* Thu Oct 30 2003 poeml@suse.de
- update to 2.0.48. Relevant / user visible changes are:
Security [CAN-2003-0789]: Resolve some mishandling of the AF_UNIX
socket used to communicate with the cgid daemon and the CGI
@ -2403,9 +2403,9 @@ fi
extensions.)
- use a better example domain name in apache2-vhost-ssl.template
- the "define version_perl" was nowhere needed
* Mon Sep 22 2003 - mls@suse.de
* Mon Sep 22 2003 mls@suse.de
- don't provide httpddoc in apache2-doc
* Thu Sep 18 2003 - poeml@suse.de
* Thu Sep 18 2003 poeml@suse.de
- add mod_php4 to the default list of APACHE_MODULES, and change
get_module_list to ignore non-existant modules (warnings will
be issued when it is run from SuSEconfig, but not from the init
@ -2421,16 +2421,16 @@ fi
- remove the FIXME at the end of httpd.conf (obsoleted by the above
change), and place a strategical comment there about .local files
- add <IfDefine SSL> container around configuration in ssl template
* Tue Sep 09 2003 - poeml@suse.de
* Tue Sep 09 2003 poeml@suse.de
- change comment in sysconfig template to work around a fillup bug
[#30279]
* Mon Sep 08 2003 - poeml@suse.de
* Mon Sep 08 2003 poeml@suse.de
- fix wrong variable name in a comment of the sysconfig template
- update README.QUICKSTART
- add README.QUICKSTART.SSL
* Mon Sep 08 2003 - poeml@suse.de
* Mon Sep 08 2003 poeml@suse.de
- remove unused ENABLE_SUSECONFIG_APACHE from sysconfig template
* Fri Sep 05 2003 - poeml@suse.de
* Fri Sep 05 2003 poeml@suse.de
- disallow UserDir for user root
- cope with "no" or "yes" as values for APACHE_SERVERSIGNATURE, as
they were set on SuSE Linux 8.1
@ -2438,21 +2438,21 @@ fi
might be too obvious: the document root [#29674]
- in %%post, diff to httpd.conf.default only when .rpmnew is present
- improve message sent on update
* Fri Aug 29 2003 - poeml@suse.de
* Sat Aug 30 2003 poeml@suse.de
- improve documentation on configuration
- compile with -Wall
- do not obsolete httpddoc, which is provided by apache-doc package
from apache1
- add conflict apache2-example-pages <-> apache-example-pages
- fix building on older distros
* Tue Aug 19 2003 - poeml@suse.de
* Tue Aug 19 2003 poeml@suse.de
- use httpd-2.0.47-metuxmpm-r6.diff, previous one was broken by me
- don't force setting of a DocumentRoot, because the configuration
of the default vhost already contains it
- when testing on SL 8.0, the www group has to be created as well
- when testing on even older systems, don't add buildroot to
DocumentRoot in default-server.conf
* Fri Aug 15 2003 - poeml@suse.de
* Fri Aug 15 2003 poeml@suse.de
- revamped configuration
- add some CustomLog formats
- AddDefaultCharset UTF-8 [#22427]
@ -2486,11 +2486,11 @@ fi
- add a dependency of the MPM subpackages on the version of the
main package
- build a new MPM: metuxmpm (httpd-2.0.47-metuxmpm.diff)
* Mon Jul 28 2003 - poeml@suse.de
* Mon Jul 28 2003 poeml@suse.de
- add new sysconfig variables: APACHE_LOGLEVEL, APACHE_ACCESS_LOG,
and remove the respective directives from httpd.conf.dist
- merge the ssl.conf.dif and httpd.conf.dif into one patch
* Sun Jul 27 2003 - poeml@suse.de
* Sun Jul 27 2003 poeml@suse.de
- build with -D_FILE_OFFSET_BITS=64 when presumably the kernel
supports sendfile64 [#22191, #22018]. Define APR_HAS_LARGE_FILES
(which is unconditionally off, otherwise). Keep
@ -2503,7 +2503,7 @@ fi
- reformat the header of the spec file
- allow to pass a number-of-jobs parameter into spec file via rpm
--define 'jobs N'
* Thu Jul 10 2003 - poeml@suse.de
* Thu Jul 10 2003 poeml@suse.de
- update to 2.0.47. relevant / user visible changes:
Security [CAN-2003-0192]: Fixed a bug whereby certain sequences
of per-directory renegotiations and the SSLCipherSuite
@ -2539,7 +2539,7 @@ fi
dynamically-generated documents.
- apr bugfixes
- more fixes of deprecated head/tail -1 calls
* Wed May 28 2003 - poeml@suse.de
* Wed May 28 2003 poeml@suse.de
- update to 2.0.46. relevant / user visible changes:
Security [CAN-2003-0245]: Fixed a bug that could be triggered
remotely through mod_dav
@ -2581,14 +2581,14 @@ fi
magic number, not on the minor
- fix some paths in config_vars.mk, which facilitates building of
certain modules
* Wed May 14 2003 - poeml@suse.de
* Wed May 14 2003 poeml@suse.de
- use mmap() via MAP_ANON as shared memory allocation method, to
prevent restart problems with stale (or in use) files that are
associated with shared memory
- package forgotten files, and remove hack in %%clean
- remove files from the build root that are not packaged
- remove suse_include.conf from filelist
* Fri May 09 2003 - poeml@suse.de
* Fri May 09 2003 poeml@suse.de
- update to 2.0.45. relevant / user visible changes:
Security: Eliminated leaks of several file descriptors to
child processes, such as CGI scripts. This fix depends on the
@ -2678,37 +2678,37 @@ fi
- remove the unused /etc/apache2/modules directory from the package
- remove the now unused --enable-experimental-libtool
- fix to build with libtool-1.5
* Wed Apr 09 2003 - ro@suse.de
* Wed Apr 09 2003 ro@suse.de
- fix deprecated head/tail call syntax "-1"
* Mon Mar 17 2003 - kukuk@suse.de
* Mon Mar 17 2003 kukuk@suse.de
- Remove suse_help_viewer from provides [Bug #25436]
* Thu Mar 13 2003 - poeml@suse.de
* Thu Mar 13 2003 poeml@suse.de
- security fix: do not write the startup log file to a world
writable directory, reversing the change of Jan 23 (wasn't in any
released package) [#25239]
* Mon Mar 10 2003 - poeml@suse.de
* Mon Mar 10 2003 poeml@suse.de
- change permissions of /var/log/apache2 from wwwrun:root mode 770
to root:root mode 750 [#24951]
- fix wrong list() in sysconfig.apache2 [#24719], and add a missing
default value
* Mon Mar 03 2003 - kukuk@suse.de
* Mon Mar 03 2003 kukuk@suse.de
- Remove ghost entry for pid file [Bug #24566]
* Thu Feb 27 2003 - poeml@suse.de
* Thu Feb 27 2003 poeml@suse.de
- use the official MIME types, which are more complete [#23988]
* Mon Feb 24 2003 - poeml@suse.de
* Mon Feb 24 2003 poeml@suse.de
- don't include log files into the package, and don't touch them in
%%post; it's not needed
- fix comment in httpd.conf talking about SuSEconfig
- adjust some variable types in the sysconfig template
* Tue Feb 18 2003 - poeml@suse.de
* Tue Feb 18 2003 poeml@suse.de
- apache2 Makefiles do support DESTDIR now, so let's use that
instead of the explicit paths (fixes a wrong path in
config_vars.mk [#23699]). Some files (*.exp, libapr*) are
automatically installed in the right location now.
* Fri Feb 14 2003 - poeml@suse.de
* Fri Feb 14 2003 poeml@suse.de
- fix configuration script to find apache modules on 64 bit archs
- mark ssl.conf (noreplace)
* Mon Feb 10 2003 - poeml@suse.de
* Mon Feb 10 2003 poeml@suse.de
- add mod_ldap, mod_auth_ldap, but link only them against the LDAP
libs. Likewise, do not link everything against ssl libs. This way
we can avoid RPM package (and build) requirements on a lot of
@ -2722,7 +2722,7 @@ fi
- rename LOADMODULES -> APACHE_MODULES
- add APACHE_BUFFERED_LOGS
- update README.SuSE
* Tue Jan 28 2003 - poeml@suse.de
* Tue Jan 28 2003 poeml@suse.de
- rc.apache2
- add extreme-configtest (trying to run server as nobody, which
detects _all_ config errors)
@ -2730,7 +2730,7 @@ fi
rcapache2 instead of SuSEconfig
- when restarting, do something useful instead of 'sleep 3': wait
just as long until the server has terminated all children
* Sun Jan 26 2003 - poeml@suse.de
* Sun Jan 26 2003 poeml@suse.de
- build mod_logio, mod_case_filter, mod_case_filter_in
- rename apr subpackage to libapr0 (the library is called libapr-0
meanwhile). add compatibility links named (libapr{,util}.so.0)
@ -2744,7 +2744,7 @@ fi
- show a list all available modules in /etc/sysconfig/apache2
- nicer output of apache2ctl
- reorder Requires
* Thu Jan 23 2003 - poeml@suse.de
* Thu Jan 23 2003 poeml@suse.de
- update to 2.0.44
- obsoletes patch httpd-2.0.43-mod_ssl-memory-leak.dif
- the apachectl and httpd man pages have been dropped upstreams
@ -2753,14 +2753,14 @@ fi
- disable httpd-2.0.36-64bit.dif
- rename apachectl2 to apache2ctl
- write the startup log to /var/tmp instead of /var/log/apache2
* Sun Jan 12 2003 - poeml@suse.de
* Sun Jan 12 2003 poeml@suse.de
- fix last fix (rpm macro before hash wasn't expanded)
* Fri Jan 10 2003 - poeml@suse.de
* Fri Jan 10 2003 poeml@suse.de
- fix lib64 path in SuSEconfig
* Fri Jan 03 2003 - poeml@suse.de
* Sat Jan 04 2003 poeml@suse.de
- fix typo in spec file, preventing replacement of @userdir@ in
httpd.conf-std.in
* Wed Dec 18 2002 - poeml@suse.de
* Wed Dec 18 2002 poeml@suse.de
- sysconfig.apache2:
- add APACHE_SERVER_FLAGS variable
- change default: APACHE_SERVERSIGNATURE=on to match apache deflt
@ -2793,28 +2793,28 @@ fi
- add /etc/apache2/conf.d as drop-in directory for packages
- hard code some more default paths into the executable
- finally, run a test!
* Thu Dec 05 2002 - poeml@suse.de
* Thu Dec 05 2002 poeml@suse.de
- move ap{r,u}-config* into the apr package, as well
- add generic ap{r,u}-config
- add %%includedir to filelist
* Thu Dec 05 2002 - poeml@suse.de
* Thu Dec 05 2002 poeml@suse.de
- more checks and warnings to SuSEconfig.apache2
- shift APR files into the the apr package
- try 1.136 revision of perchild.c
* Tue Dec 03 2002 - poeml@suse.de
* Tue Dec 03 2002 poeml@suse.de
- add forgotten ssl.conf to the filelist (thanks, Robert)
- add httpd-2.0.43-mod_ssl-memory-leak.dif
* Mon Oct 14 2002 - poeml@suse.de
* Mon Oct 14 2002 poeml@suse.de
- update to 2.0.43, that fixes a Cross-Site Scripting bug (CVE:
CAN-2002-0840)
* Mon Oct 07 2002 - poeml@suse.de
* Mon Oct 07 2002 poeml@suse.de
- do not append a '2' suffix to the scripts included with the
documentation
- move error, icons and manual dir to /usr/share/apache2
- fix nested array in SuSEconfig.apache2
- let SuSEconfig pick one MPM that is installed. Do not default to
"worker". [#20724]
* Thu Oct 03 2002 - poeml@suse.de
* Thu Oct 03 2002 poeml@suse.de
- update to 2.0.42 (primarily a bug-fix release, including updates
to the experimental caching module, the removal of several memory
leaks, and fixes for several segfaults, one of which could have
@ -2833,13 +2833,13 @@ fi
suggested in Apache Bugzilla #7921
- remove mod_rewrite and mod_proxy from the default modules
- build the mod_auth_digest module
* Mon Sep 09 2002 - poeml@suse.de
* Mon Sep 09 2002 poeml@suse.de
- add patch that changes PLATFORM (as seen in the HTTP Server
header) from "Unix" to "SuSE/Linux" [#18543]
- add README.SuSE, explaining how to build modules with apxs2
- fixed some paths in README.modules, put it into docdir and mark
it as %%doc
* Wed Aug 28 2002 - poeml@suse.de
* Wed Aug 28 2002 poeml@suse.de
- new package, now building all three MPMs and putting all specific
modules in specific directories. Branch a subpackage for each
MPM, containing the server and MPM-specific modules.
@ -2855,7 +2855,7 @@ fi
- add httpd-2.0.40-cache_util.c.diff that prevents a segfault in
mod_proxy when given an invalid URL
- branch apache2-example-pages off (docroot contents)
* Mon Aug 19 2002 - poeml@suse.de
* Mon Aug 19 2002 poeml@suse.de
- actually use the new SuSE81 layout, and add SuSE81_64 layout
- cleaned up httpd-2.0.36-conf.dif
- fixed comment in SuSEconfig.apache
@ -2864,7 +2864,7 @@ fi
each MPM...
apache2 -> apache2-{worker,perchild,prefork}
apache2-devel -> apache2-{worker,perchild,prefork}-devel
* Mon Aug 12 2002 - poeml@suse.de
* Mon Aug 12 2002 poeml@suse.de
- bugfix update to 2.0.40
- fix Requires of -devel subpackage
- add variable to sysconfig.apache to switch off SuSEconfig.apache
@ -2873,21 +2873,21 @@ fi
distributions)
- one of the lib64 path fixes could be removed, now included
upstream
* Wed Aug 07 2002 - poeml@suse.de
* Wed Aug 07 2002 poeml@suse.de
- put PreReq in an if-statement to allow building on older distris
- relax the Requires
- the apache_mmn macro had to be moved down in the spec file to be
evaluated
- libmm is not needed for building (and it is not threadsafe)
- fix config.layout for the moved server root
* Fri Aug 02 2002 - poeml@suse.de
* Sat Aug 03 2002 poeml@suse.de
- fix libdir in config.layout for lib64
* Fri Aug 02 2002 - poeml@suse.de
* Fri Aug 02 2002 poeml@suse.de
- fix RPM Requires
* Thu Aug 01 2002 - poeml@suse.de
* Thu Aug 01 2002 poeml@suse.de
- move datadir (i.e., ServerRoot) from /usr/local/httpd to /srv/www
- drop obsolete README.SuSE
* Thu Aug 01 2002 - poeml@suse.de
* Thu Aug 01 2002 poeml@suse.de
- spec file: use PreReq
- don't delete SuSEconfig's md5 files in %%post, that's no good
- add apache.logrotate
@ -2895,17 +2895,17 @@ fi
(/usr/lib/apache/MMN) and as RPM Provides, indicating API changes
- mark httpd.conf noreplace
- fix installbuilddir in config.layout, needed for apxs
* Sun Jul 14 2002 - poeml@suse.de
* Sun Jul 14 2002 poeml@suse.de
- update to 2.0.39
- drop obsolete moduledir and apxs patches
- rc.apache INIT section: use X-UnitedLinux-Should-Start
* Wed Jul 03 2002 - ro@suse.de
* Wed Jul 03 2002 ro@suse.de
- rename to "apache2" again
* Tue Jun 11 2002 - ro@suse.de
* Tue Jun 11 2002 ro@suse.de
- get apxs to work:
include needed files in devel package
adapt some pathes in apxs
* Wed May 29 2002 - poeml@suse.de
* Wed May 29 2002 poeml@suse.de
- update to 2.0.36
- drop mod_ssl subpackage; mod_ssl is part of the apache bsae
distribution now

75
httpd-2.2.4-mod_autoindex-charset-r570962.patch
View File

@ -1,75 +0,0 @@
Index: modules/generators/mod_autoindex.c
===================================================================
--- modules/generators/mod_autoindex.c (revision 570961)
+++ modules/generators/mod_autoindex.c (revision 570962)
@@ -138,6 +138,8 @@
apr_array_header_t *hdr_list;
apr_array_header_t *rdme_list;
+ char *ctype;
+ char *charset;
} autoindex_config_rec;
static char c_by_encoding, c_by_type, c_by_path;
@@ -476,6 +478,12 @@
d_cfg->desc_adjust = K_NOADJUST;
}
}
+ else if (!strncasecmp(w, "Type=", 5)) {
+ d_cfg->ctype = apr_pstrdup(cmd->pool, &w[5]);
+ }
+ else if (!strncasecmp(w, "Charset=", 8)) {
+ d_cfg->charset = apr_pstrdup(cmd->pool, &w[8]);
+ }
else {
return "Invalid directory indexing option";
}
@@ -620,6 +628,9 @@
new->icon_height = add->icon_height ? add->icon_height : base->icon_height;
new->icon_width = add->icon_width ? add->icon_width : base->icon_width;
+ new->ctype = add->ctype ? add->ctype : base->ctype;
+ new->charset = add->charset ? add->charset : base->charset;
+
new->alt_list = apr_array_append(p, add->alt_list, base->alt_list);
new->ign_list = apr_array_append(p, add->ign_list, base->ign_list);
new->hdr_list = apr_array_append(p, add->hdr_list, base->hdr_list);
@@ -1971,6 +1982,8 @@
char *colargs;
char *fullpath;
apr_size_t dirpathlen;
+ char *ctype = "text/html";
+ char *charset;
if ((status = apr_dir_open(&thedir, name, r->pool)) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
@@ -1978,11 +1991,27 @@
return HTTP_FORBIDDEN;
}
+ if (autoindex_conf->ctype) {
+ ctype = autoindex_conf->ctype;
+ }
+ if (autoindex_conf->charset) {
+ charset = autoindex_conf->charset;
+ }
+ else {
#if APR_HAS_UNICODE_FS
- ap_set_content_type(r, "text/html;charset=utf-8");
+ charset = "UTF-8";
#else
- ap_set_content_type(r, "text/html");
+ charset = "ISO-8859-1";
#endif
+ }
+ if (*charset) {
+ ap_set_content_type(r, apr_pstrcat(r->pool, ctype, ";charset=",
+ charset, NULL));
+ }
+ else {
+ ap_set_content_type(r, ctype);
+ }
+
if (autoindex_opts & TRACK_MODIFIED) {
ap_update_mtime(r, r->finfo.mtime);
ap_set_last_modified(r);

3
httpd-2.2.4.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:08ab82eae6418e265d361730e7eadc7d6966dffdb66ee07bd4d9af3f2b28dfc8
size 4930375

3
httpd-2.2.8.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2ad8d0db1e478838ba88a0ddaf538c7150027d937b017739fdcb3fabb96ebd39
size 4799055

358
httpd-2.2.x.doublefree.patch
View File

@ -1,358 +0,0 @@
Attempt of a backport of
http://svn.apache.org/viewvc?diff_format=h&view=rev&revision=496831
See
http://issues.apache.org/bugzilla/show_bug.cgi?id=39985
poeml@suse.de
Index: modules/database/mod_dbd.c
===================================================================
--- modules/database/mod_dbd.c (revision 497960)
+++ modules/database/mod_dbd.c (working copy)
@@ -50,10 +50,11 @@
const char *params;
int persist;
dbd_prepared *prepared;
+ apr_pool_t *pool;
#if APR_HAS_THREADS
apr_thread_mutex_t *mutex;
- apr_pool_t *pool;
apr_reslist_t *dbpool;
+ int destroyed;
int nmin;
int nkeep;
int nmax;
@@ -241,6 +242,12 @@
}
return ret;
}
+static apr_status_t dbd_close(void *data)
+{
+ ap_dbd_t *rec = data;
+ return apr_dbd_close(rec->driver, rec->handle);
+}
+
/************ svr cfg: manage db connection pool ****************/
/* an apr_reslist_constructor for SQL connections
* Also use this for opening in non-reslist modes, since it gives
@@ -249,16 +256,20 @@
static apr_status_t dbd_construct(void **db, void *params, apr_pool_t *pool)
{
svr_cfg *svr = (svr_cfg*) params;
- ap_dbd_t *rec = apr_pcalloc(pool, sizeof(ap_dbd_t));
+ apr_pool_t *rec_pool, *prepared_pool;
+ ap_dbd_t *rec;
apr_status_t rv;
- /* this pool is mostly so dbd_close can destroy the prepared stmts */
- rv = apr_pool_create(&rec->pool, pool);
+ rv = apr_pool_create(&rec_pool, pool);
if (rv != APR_SUCCESS) {
ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, pool,
"DBD: Failed to create memory pool");
}
+ rec = apr_pcalloc(rec_pool, sizeof(ap_dbd_t));
+
+ rec->pool = rec_pool;
+
/* The driver is loaded at config time now, so this just checks a hash.
* If that changes, the driver DSO could be registered to unload against
* our pool, which is probably not what we want. Error checking isn't
@@ -299,63 +310,94 @@
case APR_SUCCESS:
break;
}
- *db = rec;
- rv = dbd_prepared_init(rec->pool, svr, rec);
+
+ apr_pool_cleanup_register(rec->pool, rec, dbd_close,
+ apr_pool_cleanup_null);
+
+ /* we use a sub-pool for the prepared statements for each connection so
+ * that they will be cleaned up first, before the connection is closed
+ */
+ rv = apr_pool_create(&prepared_pool, rec->pool);
if (rv != APR_SUCCESS) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, rec->pool,
+ "DBD: Failed to create memory pool");
+
+ apr_pool_destroy(rec->pool);
+ return rv;
+ }
+
+ rv = dbd_prepared_init(prepared_pool, svr, rec);
+ if (rv != APR_SUCCESS) {
const char *errmsg = apr_dbd_error(rec->driver, rec->handle, rv);
ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, rec->pool,
"DBD: failed to initialise prepared SQL statements: %s",
(errmsg ? errmsg : "[???]"));
}
+
+ *db = rec;
+
return rv;
}
-static apr_status_t dbd_close(void *CONN)
-{
- ap_dbd_t *conn = CONN;
- apr_status_t rv = apr_dbd_close(conn->driver, conn->handle);
- apr_pool_destroy(conn->pool);
- return rv;
-}
#if APR_HAS_THREADS
static apr_status_t dbd_destruct(void *sql, void *params, apr_pool_t *pool)
{
- return dbd_close(sql);
+ svr_cfg *svr = params;
+
+ if (!svr->destroyed) {
+ ap_dbd_t *rec = sql;
+
+ apr_pool_destroy(rec->pool);
+ }
+
+ return APR_SUCCESS;
}
-static apr_status_t dbd_setup(apr_pool_t *pool, svr_cfg *svr)
+static apr_status_t dbd_destroy(void *data)
{
+ svr_cfg *svr = data;
+
+ svr->destroyed = 1;
+
+ return APR_SUCCESS;
+}
+
+static apr_status_t dbd_setup(server_rec *s, svr_cfg *svr)
+{
apr_status_t rv;
- /* create a pool just for the reslist from a process-lifetime pool;
- * that pool (s->process->pool in the dbd_setup_lock case,
- * whatever was passed to ap_run_child_init in the dbd_setup_init case)
- * will be shared with other threads doing other non-mod_dbd things
- * so we can't use it for the reslist directly
+ /* We create the reslist using a sub-pool of the pool passed to our
+ * child_init hook. No other threads can be here because we're
+ * either in the child_init phase or dbd_setup_lock() acquired our mutex.
+ * No other threads will use this sub-pool after this, except via
+ * reslist calls, which have an internal mutex.
+ *
+ * We need to short-circuit the cleanup registered internally by
+ * apr_reslist_create(). We do this by registering dbd_destroy()
+ * as a cleanup afterwards, so that it will run before the reslist's
+ * internal cleanup.
+ *
+ * If we didn't do this, then we could free memory twice when the pool
+ * was destroyed. When apr_pool_destroy() runs, it first destroys all
+ * all the per-connection sub-pools created in dbd_construct(), and
+ * then it runs the reslist's cleanup. The cleanup calls dbd_destruct()
+ * on each resource, which would then attempt to destroy the sub-pools
+ * a second time.
*/
- rv = apr_pool_create(&svr->pool, pool);
- if (rv != APR_SUCCESS) {
- ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, pool,
- "DBD: Failed to create reslist memory pool");
- return rv;
- }
-
rv = apr_reslist_create(&svr->dbpool, svr->nmin, svr->nkeep, svr->nmax,
apr_time_from_sec(svr->exptime),
dbd_construct, dbd_destruct, svr, svr->pool);
- if (rv == APR_SUCCESS) {
- apr_pool_cleanup_register(svr->pool, svr->dbpool,
- (void*)apr_reslist_destroy,
- apr_pool_cleanup_null);
- }
- else {
- ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, svr->pool,
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
"DBD: failed to initialise");
- apr_pool_destroy(svr->pool);
- svr->pool = NULL;
+ return rv;
}
- return rv;
+ apr_pool_cleanup_register(svr->pool, svr, dbd_destroy,
+ apr_pool_cleanup_null);
+ return APR_SUCCESS;
}
+#endif
+
static apr_status_t dbd_setup_init(apr_pool_t *pool, server_rec *s)
{
svr_cfg *svr = ap_get_module_config(s->module_config, &dbd_module);
@@ -374,7 +416,15 @@
return APR_SUCCESS;
}
- rv = dbd_setup(pool, svr);
+ rv = apr_pool_create(&svr->pool, pool);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
+ "DBD: Failed to create reslist cleanup memory pool");
+ return rv;
+ }
+
+#if APR_HAS_THREADS
+ rv = dbd_setup(s, svr);
if (rv == APR_SUCCESS) {
return rv;
}
@@ -387,9 +437,12 @@
ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, pool,
"DBD: Failed to create thread mutex");
}
+#endif
+
return rv;
}
-static apr_status_t dbd_setup_lock(apr_pool_t *pool, server_rec *s)
+#if APR_HAS_THREADS
+static apr_status_t dbd_setup_lock(server_rec *s)
{
svr_cfg *svr = ap_get_module_config(s->module_config, &dbd_module);
apr_status_t rv, rv2 = APR_SUCCESS;
@@ -404,18 +457,18 @@
rv = apr_thread_mutex_lock(svr->mutex);
if (rv != APR_SUCCESS) {
- ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, pool,
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
"DBD: Failed to acquire thread mutex");
return rv;
}
if (!svr->dbpool) {
- rv2 = dbd_setup(s->process->pool, svr);
+ rv2 = dbd_setup(s, svr);
}
rv = apr_thread_mutex_unlock(svr->mutex);
if (rv != APR_SUCCESS) {
- ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, pool,
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
"DBD: Failed to release thread mutex");
if (rv2 == APR_SUCCESS) {
rv2 = rv;
@@ -434,7 +487,7 @@
{
svr_cfg *svr = ap_get_module_config(s->module_config, &dbd_module);
if (!svr->persist) {
- dbd_close((void*) sql);
+ apr_pool_destroy(sql->pool);
}
#if APR_HAS_THREADS
else {
@@ -459,12 +512,12 @@
if (!svr->persist) {
/* Return a once-only connection */
- rv = dbd_construct(&rec, svr, s->process->pool);
+ dbd_construct((void*) &rec, svr, pool);
return (rv == APR_SUCCESS) ? arec : NULL;
}
if (!svr->dbpool) {
- if (dbd_setup_lock(pool, s) != APR_SUCCESS) {
+ if (dbd_setup_lock(s) != APR_SUCCESS) {
return NULL;
}
}
@@ -503,7 +556,7 @@
if (!svr->persist) {
/* Return a once-only connection */
- rv = dbd_construct(&rec, svr, s->process->pool);
+ dbd_construct((void*) &rec, svr, pool);
return (rv == APR_SUCCESS) ? arec : NULL;
}
@@ -519,14 +572,14 @@
ap_log_perror(APLOG_MARK, APLOG_ERR, rv, pool,
"DBD[%s] Error: %s", svr->name, errmsg);
svr->conn = NULL;
+ apr_pool_destroy(rec->pool);
}
}
+
/* We don't have a connection right now, so we'll open one */
if (!svr->conn) {
- if (dbd_construct(&rec, svr, s->process->pool) == APR_SUCCESS) {
+ if (dbd_construct(&rec, svr, svr->pool) == APR_SUCCESS) {
svr->conn = arec ;
- apr_pool_cleanup_register(s->process->pool, svr->conn,
- dbd_close, apr_pool_cleanup_null);
}
}
return svr->conn;
@@ -569,10 +622,6 @@
apr_pool_cleanup_register(r->pool, req, dbd_release,
apr_pool_cleanup_null);
}
- else {
- apr_pool_cleanup_register(r->pool, req->conn, dbd_close,
- apr_pool_cleanup_null);
- }
}
}
return req->conn;
@@ -592,10 +641,6 @@
apr_pool_cleanup_register(c->pool, req, dbd_release,
apr_pool_cleanup_null);
}
- else {
- apr_pool_cleanup_register(c->pool, req->conn, dbd_close,
- apr_pool_cleanup_null);
- }
}
}
return req->conn;
@@ -617,15 +662,9 @@
ret = ap_get_module_config(r->request_config, &dbd_module);
if (!ret) {
- svr = ap_get_module_config(r->server->module_config, &dbd_module);
ret = ap_dbd_open(r->pool, r->server);
if (ret) {
ap_set_module_config(r->request_config, &dbd_module, ret);
- if (!svr->persist) {
- apr_pool_cleanup_register(r->pool, svr->conn, dbd_close,
- apr_pool_cleanup_null);
- }
- /* if persist then dbd_open registered cleanup on proc pool */
}
}
return ret;
@@ -635,15 +674,9 @@
svr_cfg *svr;
ap_dbd_t *ret = ap_get_module_config(c->conn_config, &dbd_module);
if (!ret) {
- svr = ap_get_module_config(c->base_server->module_config, &dbd_module);
ret = ap_dbd_open(c->pool, c->base_server);
if (ret) {
ap_set_module_config(c->conn_config, &dbd_module, ret);
- if (!svr->persist) {
- apr_pool_cleanup_register(c->pool, svr->conn, dbd_close,
- apr_pool_cleanup_null);
- }
- /* if persist then dbd_open registered cleanup on proc pool */
}
}
return ret;
@@ -670,9 +703,7 @@
}
static void dbd_hooks(apr_pool_t *pool)
{
-#if APR_HAS_THREADS
ap_hook_child_init((void*)dbd_setup_init, NULL, NULL, APR_HOOK_MIDDLE);
-#endif
APR_REGISTER_OPTIONAL_FN(ap_dbd_open);
APR_REGISTER_OPTIONAL_FN(ap_dbd_close);
APR_REGISTER_OPTIONAL_FN(ap_dbd_acquire);