Accepting request 626658 from Apache

- updated to 2.4.34:
  *) Introduce zh-cn and zh-tw (simplified and traditional Chinese) error
     document translations. [CodeingBoy, popcorner]
  *) event: avoid possible race conditions with modules on the child pool.
     [Stefan Fritsch]
  *) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or
     ProxyPassReverseCookiePath directive could fail to update correctly
     'domain=' or 'path=' in the 'Set-Cookie' header.  PR 61560.
     [Christophe Jaillet]
  *) mod_ratelimit: fix behavior when proxing content. PR 62362.
     [Luca Toscano, Yann Ylavic]
  *) core: Re-allow '_' (underscore) in hostnames.
     [Eric Covener]
  *) mod_authz_core: If several parameters are used in a AuthzProviderAlias
     directive, if these parameters are not enclosed in quotation mark, only
     the first one is handled. The other ones are silently ignored.
     Add a message to warn about such a spurious configuration.
     PR 62469 [Hank Ibell <hwibell gmail.com>, Christophe Jaillet]
  *) mod_md: improvements and bugfixes
     - MDNotifyCmd now takes additional parameter that are passed on to the called command.
     - ACME challenges have better checks for interference with other modules
     - ACME challenges are only handled for domains managed by the module, allowing
       other ACME clients to operate for other domains in the server.
     - better libressl integration
  *) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'.
     PR 62480. [Lubos Uhliarik <luhliari redhat.com>}
  *) logging: Some early logging-related startup messages could be lost
     when using syslog for the global ErrorLog. [Eric Covener]
  *) mod_cache: Handle case of an invalid Expires header value RFC compliant
     like the case of an Expires time in the past: allow to overwrite the

OBS-URL: https://build.opensuse.org/request/show/626658
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=147

apache2.changes

@@ -1,11 +1,123 @@
+-------------------------------------------------------------------
+Mon Jul 16 12:03:39 UTC 2018 - pgajdos@suse.com
+
+- updated to 2.4.34:
+  *) Introduce zh-cn and zh-tw (simplified and traditional Chinese) error
+     document translations. [CodeingBoy, popcorner]
+  *) event: avoid possible race conditions with modules on the child pool.
+     [Stefan Fritsch]
+  *) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or
+     ProxyPassReverseCookiePath directive could fail to update correctly
+     'domain=' or 'path=' in the 'Set-Cookie' header.  PR 61560.
+     [Christophe Jaillet]
+  *) mod_ratelimit: fix behavior when proxing content. PR 62362.
+     [Luca Toscano, Yann Ylavic]
+  *) core: Re-allow '_' (underscore) in hostnames.
+     [Eric Covener]
+  *) mod_authz_core: If several parameters are used in a AuthzProviderAlias
+     directive, if these parameters are not enclosed in quotation mark, only
+     the first one is handled. The other ones are silently ignored.
+     Add a message to warn about such a spurious configuration.
+     PR 62469 [Hank Ibell <hwibell gmail.com>, Christophe Jaillet]
+  *) mod_md: improvements and bugfixes
+     - MDNotifyCmd now takes additional parameter that are passed on to the called command.
+     - ACME challenges have better checks for interference with other modules
+     - ACME challenges are only handled for domains managed by the module, allowing
+       other ACME clients to operate for other domains in the server.
+     - better libressl integration
+  *) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'.
+     PR 62480. [Lubos Uhliarik <luhliari redhat.com>}
+  *) logging: Some early logging-related startup messages could be lost
+     when using syslog for the global ErrorLog. [Eric Covener]
+  *) mod_cache: Handle case of an invalid Expires header value RFC compliant
+     like the case of an Expires time in the past: allow to overwrite the
+     non-caching decision using CacheStoreExpired and respect Cache-Control
+     "max-age" and "s-maxage".  [Rainer Jung]
+  *) mod_xml2enc: Fix forwarding of error metadata/responses. PR 62180.
+     [Micha Lenk <micha lenk.info>, Yann Ylavic]
+  *) mod_proxy_http: Fix response header thrown away after the previous one
+     was considered too large and truncated. PR 62196. [Yann Ylavic]
+  *) core: Add and handle AP_GETLINE_NOSPC_EOL flag for ap_getline() family
+     of functions to consume the end of line when the buffer is exhausted.
+     PR 62198. [Yann Ylavic]
+  *) mod_proxy_http: Add new worker parameter 'responsefieldsize' to
+     allow maximum HTTP response header size to be increased past 8192
+     bytes.  PR 62199.  [Hank Ibell <hwibell gmail.com>]
+  *) mod_ssl: Extend SSLOCSPEnable with mode 'leaf' that only checks the leaf
+     of a certificate chain.  PR62112.
+     [Ricardo Martin Camarero <rickyepoderi yahoo.es>]
+  *) http: Fix small memory leak per request when handling persistent
+     connections.  [Ruediger Pluem, Joe Orton]
+  *) mod_proxy_html: Fix variable interpolation and memory allocation failure
+     in ProxyHTMLURLMap.  [Ewald Dieterich <ewald mailbox.org>]
+  *) mod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30.
+     PR 62220.  [Chritophe Jaillet, Yann Ylavic]
+  *) mod_remoteip: When overriding the useragent address from X-Forwarded-For,
+     zero out what had been initialized as the connection-level port.  PR59931.
+     [Hank Ibell <hwibell gmail.com>]
+  *) core: In ONE_PROCESS/debug mode, cleanup everything when exiting.
+     [Yann Ylavic]
+  *) mod_proxy_balancer: Add hot spare member type and corresponding flag (R).
+     Hot spare members are used as drop-in replacements for unusable workers
+     in the same load balancer set. This differs from hot standbys which are
+     only used when all workers in a set are unusable. PR 61140. [Jim Riggs]
+  *) suexec: Add --enable-suexec-capabilites support on Linux, to use
+     setuid/setgid capability bits rather than a setuid root binary.
+     [Joe Orton]
+  *) suexec: Add support for logging to syslog as an alternative to
+     logging to a file; use --without-suexec-logfile --with-suexec-syslog.
+     [Joe Orton]
+  *) mod_ssl: Restore 2.4.29 behaviour in SSL vhost merging/enabling
+     which broke some rare but previously-working configs.  [Joe Orton]
+  *) core, log: improve sanity checks for the ErrorLog's syslog config, and
+     explicitly allow only lowercase 'syslog' settings. PR 62102
+     [Luca Toscano, Jim Riggs, Christophe Jaillet]
+  *) mod_http2: accurate reporting of h2 data input/output per request via
+     mod_logio. Fixes an issue where output sizes where counted n-times on
+     reused slave connections.  [Stefan Eissing]
+     See github issue: https://github.com/icing/mod_h2/issues/158
+  *) mod_http2: Fix unnecessary timeout waits in case streams are aborted.
+     [Stefan Eissing]
+  *) mod_http2: restoring the v1.10.16 keepalive timeout behaviour of mod_http2.
+     [Stefan Eissing]
+  *) mod_proxy: Do not restrict the maximum pool size for backend connections
+     any longer by the maximum number of threads per process and use a better
+     default if mod_http2 is loaded.
+     [Yann Ylavic, Ruediger Pluem, Stefan Eissing, Gregg Smith]
+  *) mod_slotmem_shm: Add generation number to shm filename to fix races
+     with graceful restarts. PRs 62044 and 62308.  [Jim Jagielski, Yann Ylavic]
+  *) core: Preserve the original HTTP request method in the '%<m' LogFormat
+     when an path-based ErrorDocument is used.  PR 62186.
+     [Micha Lenk <micha lenk.info>]
+  *) mod_remoteip: make proxy-protocol work on slave connections, e.g. in
+     HTTP/2 requests.  [Stefan Eissing]
+     See also https://github.com/roadrunner2/mod-proxy-protocol/issues/6
+  *) mod_ssl: Fix merging of proxy SSL context outside <Proxy> sections,
+     regression introduced in 2.4.30. PR 62232. [Rainer Jung, Yann Ylavic]
+  *) mod_md: Fix compilation with OpenSSL before version 1.0.2.  [Rainer Jung]
+  *) mod_dumpio: do nothing below log level TRACE7.  [Yann Ylavic]
+  *) mod_remoteip: Restore compatibility with APR 1.4 (apr_sockaddr_is_wildcard).
+     [Eric Covener]
+  *) core: On ECBDIC platforms, some errors related to oversized headers
+     may be misreported or be logged as ASCII escapes.  PR 62200
+     [Hank Ibell <hwibell gmail.com>]
+  *) mod_ssl: Fix cmake-based build.  PR 62266.  [Rainer Jung]
+  *) core: Add <IfFile>, <IfDirective> and <IfSection> conditional
+     section containers.  [Eric Covener, Joe Orton]
+* %check: do not load all modules, just use default loadmodule.conf; some 
+  modules require to load another ones in advance
+* %install: parallel install is broken
+
 -------------------------------------------------------------------
 Tue Mar 27 15:22:00 UTC 2018 - mikhail.kasimov@gmail.com
 
 - Updated description for SSLProtocol option. [bsc#1086854]
+
 -------------------------------------------------------------------
 Tue Mar 27 14:19:00 UTC 2018 - mikhail.kasimov@gmail.com
 
 - Updated description (PCI DSS) for SSLProtocol option. [bsc#1086854]
+
 -------------------------------------------------------------------
 Mon Mar 26 14:16:14 UTC 2018 - pgajdos@suse.com
 

apache2.spec

@@ -21,7 +21,8 @@
   %define _fillupdir /var/adm/fillup-templates
 %endif
 
-%define apache_mmn	%(test -s %{SOURCE0} && { echo -n apache_mmn_; bzcat %{SOURCE0} | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; })
+%define src_name        httpd-%{version}
+%define apache_mmn	%(test -s %{SOURCE0} && { echo -n apache_mmn_; bzcat %{SOURCE0} | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; } || echo apache_mmn_notfound)
 %define suse_maintenance_mmn  0
 %define	default_mpm	prefork
 %define prefork 1
@@ -68,14 +69,14 @@
 %define build_http2 0
 %endif
 Name:           apache2
-Version:        2.4.33
+Version:        2.4.34
 Release:        0
 Summary:        The Apache Web Server Version 2.4
 License:        Apache-2.0
 Group:          Productivity/Networking/Web/Servers
 Url:            http://httpd.apache.org/
-Source0:        http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-Source1:        http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
+Source0:        http://www.apache.org/dist/httpd/%{src_name}.tar.bz2
+Source1:        http://www.apache.org/dist/httpd/%{src_name}.tar.bz2.asc
 Source2:        apache2.keyring
 # Add file to take mtime from it in prep section
 Source3:        apache2.changes
@@ -333,7 +334,7 @@ Utilities provided by the Apache 2 Web Server project which are useful
 to administrators of web servers in general.
 
 %prep
-%setup -q -n httpd-%{version} -a30
+%setup -q -n %{src_name} -a30
 %patch2 -p1
 %patch23
 %patch66 -p1
@@ -457,7 +458,7 @@ for mpm in %{mpms_to_build}; do
 	sed -i -e "s@%{_localstatedir}/run@%{runtimedir}@g" include/ap_config_layout.h
 
 	make CFLAGS="%{optflags} -fvisibility=hidden -fPIC -Wall -DDEFAULT_ERRORLOG='\"%{logfiledir}/error_log\"'" %{?_smp_mflags}
-	make DESTDIR=%{buildroot} install %{?_smp_mflags}
+	make DESTDIR=%{buildroot} install -j1
 
 	# show pathnames in config files
 	echo;echo;echo; diff -U1 docs/conf/httpd-std.conf.in docs/conf/httpd-std.conf ||:
@@ -773,6 +774,11 @@ rm -f %{buildroot}/%{_libdir}/%{name}-*/*.exp	# needed only on AIX
 rm -f %{buildroot}/%{_libdir}/%{name}/*.exp		# needed only on AIX
 rm -f %{buildroot}/%{_sbindir}/checkgid		# needed only for user installations from tarball
 rm -r %{buildroot}/%{sysconfdir}/extra 		# it is already in the documentation directory
+#
+# do not ship example configuration files in
+# /etc/apache2, but %doc them later
+#
+mv %{buildroot}/%{sysconfdir}/original .
 
 %check
 # now check wether httpd binary runs properly
@@ -780,8 +786,6 @@ rm -r %{buildroot}/%{sysconfdir}/extra 		# it is already in the documentation di
 #
 pushd %{buildroot}/%{sysconfdir}
 for i in *.conf; do
-  # loadmodule.conf.test will be created later
-  [ "$i" == loadmodule.conf ] && continue
   cp $i $i.test;
 done
 sed -e 's+%{_libdir}+'%{buildroot}'%{_libdir}+' \
@@ -795,23 +799,13 @@ sed -e 's+%{sysconfdir}+'%{buildroot}'%{sysconfdir}+' \
 		default-server.conf > default-server.conf.test
 sed -i 's+%{_localstatedir}/log+'%{buildroot}'%{_localstatedir}/log+' \
 		global.conf.test
-
-popd
-pushd %{buildroot}
-for i in $(export LC_ALL=C; find .%{libexecdir}-%{default_mpm} -name "*.so" | sort); do
-	mod_id=${i#*mod_}; mod_id=${mod_id%.so}_module
-	mod_path=
-	echo LoadModule $mod_id %{buildroot}/${i#.} >> .%{sysconfdir}/loadmodule.conf.test
-done
-# auth_ldap_module needs to be loaded after ldap_module
-echo -e "/authnz_ldap\n+\n-m/ldap\nwq" | ed -s ./%{sysconfdir}/loadmodule.conf.test
+sed -i 's+%{_libdir}+%{buildroot}/%{_libdir}+' loadmodule.conf.test
 popd
 
 LD_LIBRARY_PATH=%{buildroot}%{_libdir} \
 %{buildroot}/%{_sbindir}/httpd-%{default_mpm} \
 	-e debug -t -f %{buildroot}/%{sysconfdir}/httpd.conf.test || exit 1
 rm %{buildroot}/%{sysconfdir}/*.test
-mv %{buildroot}/%{sysconfdir}/original .
 
 %files -f filelist
 %defattr(-,root,root)

httpd-2.4.33.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05
-size 6934765

httpd-2.4.33.tar.bz2.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
-
-iQEcBAABCAAGBQJarafeAAoJEJleNSIa2E3/aj8IAKOyV2UbjIQiugBS7CAV1PUh
-WSAHWDjWM4LnmZj9rfQUTdbWxlz8oMDlnE1C2eIstH3aG5BCf9VRx4phlD+tYtTz
-Iykh3gKKB/x3+HFN/8aQ+tSGLtaeqfvx9cyUdRbzKWy6vU/6UxISHzQS6VhISxjn
-5+xW+GpJMS78rsP9sO7xC9V5pjsjIbz8gBhwxrX0e1fIOaEKBo2sWzwStzRnEzfz
-BzP6qQTHe0cIQexTzdppBHIU+Sh2Ef//FCv33jOW2drXcLJFaYVGfK+aZwS789Hl
-AFWAw5ShVAR+u+8rivvAjY25z73I/iBpzxrXfSt9J9UvGcl9bjFxKBx/KiR61zs=
-=FtXJ
------END PGP SIGNATURE-----

httpd-2.4.34.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fa53c95631febb08a9de41fd2864cfff815cf62d9306723ab0d4b8d7aa1638f0
+size 6942969

httpd-2.4.34.tar.bz2.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEqT1i7MPI6hLbIg7JNOp25nkUhagFAltEutIACgkQNOp25nkU
+haij3g/+LUZNmeOdnP1qG1jHII2gZO+47TtHYzAXflBJ7tG1bbmbsRfJrvnuTSKb
+/6buFczrK5++s+Q2IfQY8FW0Nudg51a+2w1jXJd53rmt+VSS8YP1dtu7dYDJTYXn
+fiau4Q1Q7M5rKE2HRar34ElpGhpdyGZY7hm8vkKi+mjmWAer1YitIlnmYOqgvvqu
+11SKmlZBGaayE+nFTjpmrrFP8o9bo2qvU/j9CKrbhxPhtFxmuX9/6sRgI59e51O5
+TPx/VsRfKaWoA/9Dxjm7c5EjRXPsB7X/OSLG0CYXMVNCVFoUxCtWbYulhELrSzb4
+0dbhv70zi/uS6hgEAgRCN0TeqL2zjocihEDmlc67ERtn3/ByB7N0WfF2wqO2KuWC
+tKr3LSUUobRFJZ/uB1n7wsT6/8J7m6UbaQQaEe2VtQTbIdsK8xjsfZxRSCMIGXco
+q2CwtsNREFf3t9fFPKJYet2M3AGtoq75mCljD1DKyAO3Pc8zmd0BtGg8ZtzjnaBl
+YvFKChTYlZCZe5HK2xY6RSfT6q62Gu75ze7CAhCJ9vu5Z2PrDK7k1v1rsFbOI4bd
+a7asCmOuoytjbENx/ArvnmNusG1JCASuBvqOYk3tB6mBEVVnJgGIO8Eyy1EEaYnL
+HmVNx/WipEQgJtuTvTLTCuMZTuZ1pAm4J72QjDx82ilP11+j0eY=
+=yJjl
+-----END PGP SIGNATURE-----