diff --git a/apache2.changes b/apache2.changes index c34f38f..115faa9 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,11 +1,123 @@ +------------------------------------------------------------------- +Mon Jul 16 12:03:39 UTC 2018 - pgajdos@suse.com + +- updated to 2.4.34: + *) Introduce zh-cn and zh-tw (simplified and traditional Chinese) error + document translations. [CodeingBoy, popcorner] + *) event: avoid possible race conditions with modules on the child pool. + [Stefan Fritsch] + *) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or + ProxyPassReverseCookiePath directive could fail to update correctly + 'domain=' or 'path=' in the 'Set-Cookie' header. PR 61560. + [Christophe Jaillet] + *) mod_ratelimit: fix behavior when proxing content. PR 62362. + [Luca Toscano, Yann Ylavic] + *) core: Re-allow '_' (underscore) in hostnames. + [Eric Covener] + *) mod_authz_core: If several parameters are used in a AuthzProviderAlias + directive, if these parameters are not enclosed in quotation mark, only + the first one is handled. The other ones are silently ignored. + Add a message to warn about such a spurious configuration. + PR 62469 [Hank Ibell , Christophe Jaillet] + *) mod_md: improvements and bugfixes + - MDNotifyCmd now takes additional parameter that are passed on to the called command. + - ACME challenges have better checks for interference with other modules + - ACME challenges are only handled for domains managed by the module, allowing + other ACME clients to operate for other domains in the server. + - better libressl integration + *) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'. + PR 62480. [Lubos Uhliarik } + *) logging: Some early logging-related startup messages could be lost + when using syslog for the global ErrorLog. [Eric Covener] + *) mod_cache: Handle case of an invalid Expires header value RFC compliant + like the case of an Expires time in the past: allow to overwrite the + non-caching decision using CacheStoreExpired and respect Cache-Control + "max-age" and "s-maxage". [Rainer Jung] + *) mod_xml2enc: Fix forwarding of error metadata/responses. PR 62180. + [Micha Lenk , Yann Ylavic] + *) mod_proxy_http: Fix response header thrown away after the previous one + was considered too large and truncated. PR 62196. [Yann Ylavic] + *) core: Add and handle AP_GETLINE_NOSPC_EOL flag for ap_getline() family + of functions to consume the end of line when the buffer is exhausted. + PR 62198. [Yann Ylavic] + *) mod_proxy_http: Add new worker parameter 'responsefieldsize' to + allow maximum HTTP response header size to be increased past 8192 + bytes. PR 62199. [Hank Ibell ] + *) mod_ssl: Extend SSLOCSPEnable with mode 'leaf' that only checks the leaf + of a certificate chain. PR62112. + [Ricardo Martin Camarero ] + *) http: Fix small memory leak per request when handling persistent + connections. [Ruediger Pluem, Joe Orton] + *) mod_proxy_html: Fix variable interpolation and memory allocation failure + in ProxyHTMLURLMap. [Ewald Dieterich ] + *) mod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30. + PR 62220. [Chritophe Jaillet, Yann Ylavic] + *) mod_remoteip: When overriding the useragent address from X-Forwarded-For, + zero out what had been initialized as the connection-level port. PR59931. + [Hank Ibell ] + *) core: In ONE_PROCESS/debug mode, cleanup everything when exiting. + [Yann Ylavic] + *) mod_proxy_balancer: Add hot spare member type and corresponding flag (R). + Hot spare members are used as drop-in replacements for unusable workers + in the same load balancer set. This differs from hot standbys which are + only used when all workers in a set are unusable. PR 61140. [Jim Riggs] + *) suexec: Add --enable-suexec-capabilites support on Linux, to use + setuid/setgid capability bits rather than a setuid root binary. + [Joe Orton] + *) suexec: Add support for logging to syslog as an alternative to + logging to a file; use --without-suexec-logfile --with-suexec-syslog. + [Joe Orton] + *) mod_ssl: Restore 2.4.29 behaviour in SSL vhost merging/enabling + which broke some rare but previously-working configs. [Joe Orton] + *) core, log: improve sanity checks for the ErrorLog's syslog config, and + explicitly allow only lowercase 'syslog' settings. PR 62102 + [Luca Toscano, Jim Riggs, Christophe Jaillet] + *) mod_http2: accurate reporting of h2 data input/output per request via + mod_logio. Fixes an issue where output sizes where counted n-times on + reused slave connections. [Stefan Eissing] + See github issue: https://github.com/icing/mod_h2/issues/158 + *) mod_http2: Fix unnecessary timeout waits in case streams are aborted. + [Stefan Eissing] + *) mod_http2: restoring the v1.10.16 keepalive timeout behaviour of mod_http2. + [Stefan Eissing] + *) mod_proxy: Do not restrict the maximum pool size for backend connections + any longer by the maximum number of threads per process and use a better + default if mod_http2 is loaded. + [Yann Ylavic, Ruediger Pluem, Stefan Eissing, Gregg Smith] + *) mod_slotmem_shm: Add generation number to shm filename to fix races + with graceful restarts. PRs 62044 and 62308. [Jim Jagielski, Yann Ylavic] + *) core: Preserve the original HTTP request method in the '%] + *) mod_remoteip: make proxy-protocol work on slave connections, e.g. in + HTTP/2 requests. [Stefan Eissing] + See also https://github.com/roadrunner2/mod-proxy-protocol/issues/6 + *) mod_ssl: Fix merging of proxy SSL context outside sections, + regression introduced in 2.4.30. PR 62232. [Rainer Jung, Yann Ylavic] + *) mod_md: Fix compilation with OpenSSL before version 1.0.2. [Rainer Jung] + *) mod_dumpio: do nothing below log level TRACE7. [Yann Ylavic] + *) mod_remoteip: Restore compatibility with APR 1.4 (apr_sockaddr_is_wildcard). + [Eric Covener] + *) core: On ECBDIC platforms, some errors related to oversized headers + may be misreported or be logged as ASCII escapes. PR 62200 + [Hank Ibell ] + *) mod_ssl: Fix cmake-based build. PR 62266. [Rainer Jung] + *) core: Add , and conditional + section containers. [Eric Covener, Joe Orton] +* %check: do not load all modules, just use default loadmodule.conf; some + modules require to load another ones in advance +* %install: parallel install is broken + ------------------------------------------------------------------- Tue Mar 27 15:22:00 UTC 2018 - mikhail.kasimov@gmail.com - Updated description for SSLProtocol option. [bsc#1086854] + ------------------------------------------------------------------- Tue Mar 27 14:19:00 UTC 2018 - mikhail.kasimov@gmail.com - Updated description (PCI DSS) for SSLProtocol option. [bsc#1086854] + ------------------------------------------------------------------- Mon Mar 26 14:16:14 UTC 2018 - pgajdos@suse.com diff --git a/apache2.spec b/apache2.spec index d68770c..a1059f8 100644 --- a/apache2.spec +++ b/apache2.spec @@ -21,7 +21,8 @@ %define _fillupdir /var/adm/fillup-templates %endif -%define apache_mmn %(test -s %{SOURCE0} && { echo -n apache_mmn_; bzcat %{SOURCE0} | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; }) +%define src_name httpd-%{version} +%define apache_mmn %(test -s %{SOURCE0} && { echo -n apache_mmn_; bzcat %{SOURCE0} | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; } || echo apache_mmn_notfound) %define suse_maintenance_mmn 0 %define default_mpm prefork %define prefork 1 @@ -68,14 +69,14 @@ %define build_http2 0 %endif Name: apache2 -Version: 2.4.33 +Version: 2.4.34 Release: 0 Summary: The Apache Web Server Version 2.4 License: Apache-2.0 Group: Productivity/Networking/Web/Servers Url: http://httpd.apache.org/ -Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 -Source1: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc +Source0: http://www.apache.org/dist/httpd/%{src_name}.tar.bz2 +Source1: http://www.apache.org/dist/httpd/%{src_name}.tar.bz2.asc Source2: apache2.keyring # Add file to take mtime from it in prep section Source3: apache2.changes @@ -333,7 +334,7 @@ Utilities provided by the Apache 2 Web Server project which are useful to administrators of web servers in general. %prep -%setup -q -n httpd-%{version} -a30 +%setup -q -n %{src_name} -a30 %patch2 -p1 %patch23 %patch66 -p1 @@ -457,7 +458,7 @@ for mpm in %{mpms_to_build}; do sed -i -e "s@%{_localstatedir}/run@%{runtimedir}@g" include/ap_config_layout.h make CFLAGS="%{optflags} -fvisibility=hidden -fPIC -Wall -DDEFAULT_ERRORLOG='\"%{logfiledir}/error_log\"'" %{?_smp_mflags} - make DESTDIR=%{buildroot} install %{?_smp_mflags} + make DESTDIR=%{buildroot} install -j1 # show pathnames in config files echo;echo;echo; diff -U1 docs/conf/httpd-std.conf.in docs/conf/httpd-std.conf ||: @@ -773,6 +774,11 @@ rm -f %{buildroot}/%{_libdir}/%{name}-*/*.exp # needed only on AIX rm -f %{buildroot}/%{_libdir}/%{name}/*.exp # needed only on AIX rm -f %{buildroot}/%{_sbindir}/checkgid # needed only for user installations from tarball rm -r %{buildroot}/%{sysconfdir}/extra # it is already in the documentation directory +# +# do not ship example configuration files in +# /etc/apache2, but %doc them later +# +mv %{buildroot}/%{sysconfdir}/original . %check # now check wether httpd binary runs properly @@ -780,8 +786,6 @@ rm -r %{buildroot}/%{sysconfdir}/extra # it is already in the documentation di # pushd %{buildroot}/%{sysconfdir} for i in *.conf; do - # loadmodule.conf.test will be created later - [ "$i" == loadmodule.conf ] && continue cp $i $i.test; done sed -e 's+%{_libdir}+'%{buildroot}'%{_libdir}+' \ @@ -795,23 +799,13 @@ sed -e 's+%{sysconfdir}+'%{buildroot}'%{sysconfdir}+' \ default-server.conf > default-server.conf.test sed -i 's+%{_localstatedir}/log+'%{buildroot}'%{_localstatedir}/log+' \ global.conf.test - -popd -pushd %{buildroot} -for i in $(export LC_ALL=C; find .%{libexecdir}-%{default_mpm} -name "*.so" | sort); do - mod_id=${i#*mod_}; mod_id=${mod_id%.so}_module - mod_path= - echo LoadModule $mod_id %{buildroot}/${i#.} >> .%{sysconfdir}/loadmodule.conf.test -done -# auth_ldap_module needs to be loaded after ldap_module -echo -e "/authnz_ldap\n+\n-m/ldap\nwq" | ed -s ./%{sysconfdir}/loadmodule.conf.test +sed -i 's+%{_libdir}+%{buildroot}/%{_libdir}+' loadmodule.conf.test popd LD_LIBRARY_PATH=%{buildroot}%{_libdir} \ %{buildroot}/%{_sbindir}/httpd-%{default_mpm} \ -e debug -t -f %{buildroot}/%{sysconfdir}/httpd.conf.test || exit 1 rm %{buildroot}/%{sysconfdir}/*.test -mv %{buildroot}/%{sysconfdir}/original . %files -f filelist %defattr(-,root,root) diff --git a/httpd-2.4.33.tar.bz2 b/httpd-2.4.33.tar.bz2 deleted file mode 100644 index 144129e..0000000 --- a/httpd-2.4.33.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05 -size 6934765 diff --git a/httpd-2.4.33.tar.bz2.asc b/httpd-2.4.33.tar.bz2.asc deleted file mode 100644 index eeadb09..0000000 --- a/httpd-2.4.33.tar.bz2.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQEcBAABCAAGBQJarafeAAoJEJleNSIa2E3/aj8IAKOyV2UbjIQiugBS7CAV1PUh -WSAHWDjWM4LnmZj9rfQUTdbWxlz8oMDlnE1C2eIstH3aG5BCf9VRx4phlD+tYtTz -Iykh3gKKB/x3+HFN/8aQ+tSGLtaeqfvx9cyUdRbzKWy6vU/6UxISHzQS6VhISxjn -5+xW+GpJMS78rsP9sO7xC9V5pjsjIbz8gBhwxrX0e1fIOaEKBo2sWzwStzRnEzfz -BzP6qQTHe0cIQexTzdppBHIU+Sh2Ef//FCv33jOW2drXcLJFaYVGfK+aZwS789Hl -AFWAw5ShVAR+u+8rivvAjY25z73I/iBpzxrXfSt9J9UvGcl9bjFxKBx/KiR61zs= -=FtXJ ------END PGP SIGNATURE----- diff --git a/httpd-2.4.34.tar.bz2 b/httpd-2.4.34.tar.bz2 new file mode 100644 index 0000000..82dbc26 --- /dev/null +++ b/httpd-2.4.34.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fa53c95631febb08a9de41fd2864cfff815cf62d9306723ab0d4b8d7aa1638f0 +size 6942969 diff --git a/httpd-2.4.34.tar.bz2.asc b/httpd-2.4.34.tar.bz2.asc new file mode 100644 index 0000000..72d27bc --- /dev/null +++ b/httpd-2.4.34.tar.bz2.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEqT1i7MPI6hLbIg7JNOp25nkUhagFAltEutIACgkQNOp25nkU +haij3g/+LUZNmeOdnP1qG1jHII2gZO+47TtHYzAXflBJ7tG1bbmbsRfJrvnuTSKb +/6buFczrK5++s+Q2IfQY8FW0Nudg51a+2w1jXJd53rmt+VSS8YP1dtu7dYDJTYXn +fiau4Q1Q7M5rKE2HRar34ElpGhpdyGZY7hm8vkKi+mjmWAer1YitIlnmYOqgvvqu +11SKmlZBGaayE+nFTjpmrrFP8o9bo2qvU/j9CKrbhxPhtFxmuX9/6sRgI59e51O5 +TPx/VsRfKaWoA/9Dxjm7c5EjRXPsB7X/OSLG0CYXMVNCVFoUxCtWbYulhELrSzb4 +0dbhv70zi/uS6hgEAgRCN0TeqL2zjocihEDmlc67ERtn3/ByB7N0WfF2wqO2KuWC +tKr3LSUUobRFJZ/uB1n7wsT6/8J7m6UbaQQaEe2VtQTbIdsK8xjsfZxRSCMIGXco +q2CwtsNREFf3t9fFPKJYet2M3AGtoq75mCljD1DKyAO3Pc8zmd0BtGg8ZtzjnaBl +YvFKChTYlZCZe5HK2xY6RSfT6q62Gu75ze7CAhCJ9vu5Z2PrDK7k1v1rsFbOI4bd +a7asCmOuoytjbENx/ArvnmNusG1JCASuBvqOYk3tB6mBEVVnJgGIO8Eyy1EEaYnL +HmVNx/WipEQgJtuTvTLTCuMZTuZ1pAm4J72QjDx82ilP11+j0eY= +=yJjl +-----END PGP SIGNATURE-----